From mhayes at infomatch.com Sun Dec 1 03:17:44 1996 From: mhayes at infomatch.com (Murray Hayes) Date: Sun, 1 Dec 1996 03:17:44 -0800 (PST) Subject: The Difference Between The Right And Left Message-ID: <199612011117.DAA25434@infomatch.com> On Wed, 27 Nov 1996 22:47:06 -0800, Troy Varange wrote: > The French Revolution perhaps provided the best > definition as the origional coiners of the terms. > > The Left is for radical change and the Right is for > evolutionary change. The Jacobin (sp) sat on the left side while the other guys (I forget their names) sat on the right. Of course both used to be on the left before they klled everyone on the right after which an expansion of sorts happened to fill the seats. I think the event was called the night of the long knives? > > That would put mainstream politics decidedly on the right > wing side of the political spectrum. I would have thought main stream would have been in the middle. > The left wing is a rather motly collection including many > anarchists, communists and nazis, yet many of the same > types are decidedly right wing. mhayes at infomatch.com It's better for us if you don't understand It's better for me if you don't understand -Tragically Hip From nobody at cypherpunks.ca Sun Dec 1 05:12:17 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Sun, 1 Dec 1996 05:12:17 -0800 (PST) Subject: Detweiller spotted? Message-ID: <199612011258.EAA08939@abraham.cs.berkeley.edu> Dale Thorn said: >Now that's what I call amazing. Maybe I could rewrite PGP >tomorrow (hee hee). Is anyone else hearing a familiar (and again, constant) voice from the past? Maybe I'm wrong, but has anyone met him in person? Just asking. From deviant at pooh-corner.com Sun Dec 1 06:17:46 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sun, 1 Dec 1996 06:17:46 -0800 (PST) Subject: denial of service and government rights In-Reply-To: <32A11CFB.421@gte.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 30 Nov 1996, Dale Thorn wrote: > Tired.Fighter at dhp.com wrote: > > On 30 Nov 96 at 13:10, Black Unicorn wrote: > > > On Fri, 29 Nov 1996, Greg Broiles wrote: > > > > I don't see any reason why this wouldn't be true for a > > > > computer. Fed.Rul.Crim.Pro. 41(b)(1) allows the seizure > > > > (but seizure is not forfeiture) of "property that > > > > constitutes evidence of the commission of a > > > > criminal offense". > > [snip] > > > Please forgive my naivete, but are there no legal > > weapons available to the 'victims' in such cases? > > I'm passingly familiar with the Operation Sundevil > > fiasco -- i.e., with the outcome re the principal > > 'charges'. I'm appalled, however, at the apparent > > lack of remedies for return of such seized property. > > Are individuals who find themselves in such a > > predicament simply at the government's mercy (there's > > an oxymoron for ya)?? > > Just in case someone replies saying "It's not all that bad", or "It can't > happen here", etc., you should know this: > > The United States government has not been responsive to the people for > a long time, but what's become evident in recent years is that they're > also no longer responsive to basic law and order. > > They do respond to extreme pressure, as was applied in the Weaver, Waco, > and other similar cases, but, as a general rule, they do whatever they > want all the way to the top of the Justice dept. with impunity. > > Example: George Bush's old pal at the Wash. DC P.R. firm hires the > niece(?) of a Kuwaiti official to testify in front of Congress in full > view of the American people on television, that the Iraquis were throwing > babies out of incubators in Kuwait, thereby securing the necessary votes > in Congress to prosecute the Gulf War. > > When it was discovered (after the "war") that the Incubator Baby Scandal > was a lie, nobody was prosecuted. Further, in blatant violation of the Unfortunatly, the law doesn't say that the government _must_ prosecute, only that it can. > was a lie, nobody was prosecuted. Further, in blatant violation of the > U.S. Constitution, Bush and Schwartzkopf were knighted by Queen Elizabeth > II of England. This is not a violation of the Constitution. The Constitution specifies that US civil servants (or whatever we intend to call them these days) cannot be knighted by a foreign country for services rendered to that country. So it would be [possibly] illegal for them to have been knighted by Saudi Arabia or Kuwait, but not illegal (in this instance) for them to be knighted by England. > There are also numerous examples of the Justice dept. being caught red- > handed forging documents to frame people for whom they had no evidence or > insufficient evidence to prosecute, and what happens in those cases? > Nothing. Good point. --Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 You know you've been spending too much time on the computer when your friend misdates a check, and you suggest adding a "++" to fix it. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMqGTTTCdEh3oIPAVAQElTgf+Mcq1JyTfXTCH+cTNZ7oix1plkL3fiFNG Zl1Is0L2es3RuXd8IybY3M2GKa+8smph9xejl4z5slCG2k0Geb1NfbluckpAVY6T xE+QwxNtF7UVLhqaOCuB1b7jtMRAlOyucwrjrVb0D0N1BiPQJb9zroVSmh0Pp2Ry uFog0kbn1Ox8HTmjzxu5KEOYNvHX2DK1tQG6FmhdhChoprWGutjvwULvW5I+WOKT TLDfzLbpRYsJNQDbB4F8W64fI+kNTJxqONMac8FryOEXMhfNFAg+xXrXZoKA7o1X VuoKy7ZyFaYXbBHbaUlxVFU/KKrU9XbRPvL6YU7W3zo1AJo2MBLoCQ== =mI5X -----END PGP SIGNATURE----- From All at Internet.Users Sun Dec 1 07:01:01 1996 From: All at Internet.Users (All at Internet.Users) Date: Sun, 1 Dec 1996 07:01:01 -0800 (PST) Subject: How long do you want to live? Message-ID: <199612011436.JAA05575@smtp2.interramp.com> HELLO IS ANYONE OUT THERE? HOW LONG DO YOU WANT TO LIVE? WHAT QUALITY OF LIFE? First, imagine this scene. Your daughter or son is on the phone with a 911 dispatcher. Why? You are lying on the floor in the kitchen, clutching your chest, panic stricken. You are 45 years old. In addition to fear, lots of things are racing through your mind. You want to see your children grow to adulthood. You want to travel. You want to enjoy life some more. Right now though, you don't know if tomorrow will come. FACT: According to the World Health Organization more than 12 million people die from heart attacks, strokes and other forms of cardiovascular disease. THESE DEATHS ARE LARGELY PREVENTABLE. FACT: In the U.S. there are 1500 heart attacks each day; 33% resulting in sudden and premature deaths. NO SECOND CHANCE!! FACT: Heart attacks and strokes are not diseases. They are caused by vitamin deficiencies. America's number one killer can be prevented by an optimum intake of essentials nutrients. FACT: A medical breakthrough has made an old dream of mankind come true. Heart attacks and other forms of cardiovascular disease can essentially become unknown during this generation and forthcoming generations. The division I am heading holds the rights to a patented, non prescription, non-surgical means to lower cholesterol, prevent and reverse heart disease. If you are interested in adding more life to your yearsnot just more years to your life, please call me at: 1-800-741-6240 and leave your name, address and phone number for more detailed information. I'd like to ensure you I am not looking for investors or salespeople. This may be one of the most important decisions of your life. Sincerely, Dr. George Tarryk, M.D. Internal Medicine Specialist 1-800-741-6240 Please Only Reply By Phone, Thank you. From nobody at replay.com Sun Dec 1 07:01:34 1996 From: nobody at replay.com (Anonymous) Date: Sun, 1 Dec 1996 07:01:34 -0800 (PST) Subject: Seditious Cable! In-Reply-To: Message-ID: <199612011501.QAA25179@basement.replay.com> dlv at bwalk.dm.com wrote to All: d> nobody at replay.com (Anonymous) writes: >> And these are the folks you want to maintain your key escrow? d> This is another example of lies being spread by John Gilmore and his d> cronies. I don't want the U.S. Government to maintain my or anyone d> else's key escrow. I was basing my reply on the content of your earlier post. It is certainly possible that I misunderstood your views. Please clarify your position on key escrow to prevent further misunderstanding. d> Comments: All power to the ZOG! Then please tell me that the above is an attempt at humor! From gary at systemics.com Sun Dec 1 07:01:43 1996 From: gary at systemics.com (Gary Howland) Date: Sun, 1 Dec 1996 07:01:43 -0800 (PST) Subject: Building a DC-NET Message-ID: <199612011503.QAA28128@internal-mail.systemics.com> Dimitri writes: > > Black Unicorn writes: > > > On Sat, 30 Nov 1996, Simon Spero wrote: > > > > > (what's the Alice/Bob name for someone trying a denial of service attack?) > > > > Louis? > > John the petty small-time bitch? How about William? (Can't use Bill, since 'B' is taken). Could refer to Clinton (since he denies services to Cuba etc.), or to Gates (the creator of 'denial of service', aka. DOS). Gary From gary at systemics.com Sun Dec 1 08:05:35 1996 From: gary at systemics.com (Gary Howland) Date: Sun, 1 Dec 1996 08:05:35 -0800 (PST) Subject: ubject Message-ID: <199612011607.RAA28422@internal-mail.systemics.com> Swastikas halt Corel sales By Reuters November 25, 1996, 12 p.m. PT MUNICH, Germany--Corel (COSFF) software company has temporarily halted sales of its top-selling Corel Draw graphics program in Germany because it includes four banned Nazi symbols, a company spokesman said today. The Canadian company will remove three drawings of Adolf Hitler and one swastika from future versions of its popular software, spokesman Thomas Layer said. It is also distributing warning labels to be placed on versions now being sold, Layer said. The label warns that the "improper use of digital images and symbols" found in the programs Corel Draw 4.0, 5.0, and 6.0 is prohibited in Germany, which bans public displays of Nazi symbols. Munich's state prosecutor launched an investigation into the software on October 2 after learning that someone had used the banned images to print business cards for a neo-Nazi group, Layer said. This is not the first time that the company has had complaints due to their clip art images. In 1992, pressure from US Black rights organisations forced drawings of the Ku Kux Klan to be removed from the collection. Consideration is also being given to the removal of other images from the collection, either due to legal restrictions in various countries, or due to complaints from organisations such as the Simon Wiesenthal Center. Images considered for removal include a burning US flag, Josef Stalin, the Star of David icon, a cannabis leaf, and a drawing of a woman in a bathing costume. Corel Draw provides more than 24,000 clip art drawings and symbols that computer users can copy. The company suspended the sales on November 19. From nobody at cypherpunks.ca Sun Dec 1 08:28:05 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Sun, 1 Dec 1996 08:28:05 -0800 (PST) Subject: COREL TO CENSOR ALL CLIP ART WORLDWIDE Message-ID: <199612011618.IAA11579@abraham.cs.berkeley.edu> Swastikas halt Corel sales By Reuters November 25, 1996, 12 p.m. PT MUNICH, Germany--Corel (COSFF) software company has temporarily halted sales of its top-selling Corel Draw graphics program in Germany because it includes four banned Nazi symbols, a company spokesman said today. The Canadian company will remove three drawings of Adolf Hitler and one swastika from future versions of its popular software, spokesman Thomas Layer said. It is also distributing warning labels to be placed on versions now being sold, Layer said. The label warns that the "improper use of digital images and symbols" found in the programs Corel Draw 4.0, 5.0, and 6.0 is prohibited in Germany, which bans public displays of Nazi symbols. Munich's state prosecutor launched an investigation into the software on October 2 after learning that someone had used the banned images to print business cards for a neo-Nazi group, Layer said. This is not the first time that the company has had complaints due to their clip art images. In 1992, pressure from US Black rights organisations forced drawings of the Ku Kux Klan to be removed from the collection. Consideration is also being given to the removal of other images from the collection, either due to legal restrictions in various countries, or due to complaints from organisations such as the Simon Wiesenthal Center. Images considered for removal include a burning US flag, Josef Stalin, the Star of David icon, a cannabis leaf, and a drawing of a woman in a bathing costume. Corel Draw provides more than 24,000 clip art drawings and symbols that computer users can copy. The company suspended the sales on November 19. From nobody at cypherpunks.ca Sun Dec 1 08:29:48 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Sun, 1 Dec 1996 08:29:48 -0800 (PST) Subject: COREL TO CENSOR ALL CLIP ART WORLDWIDE Message-ID: <199612011623.IAA11650@abraham.cs.berkeley.edu> Swastikas halt Corel sales By Reuters November 25, 1996, 12 p.m. PT MUNICH, Germany--Corel (COSFF) software company has temporarily halted sales of its top-selling Corel Draw graphics program in Germany because it includes four banned Nazi symbols, a company spokesman said today. The Canadian company will remove three drawings of Adolf Hitler and one swastika from future versions of its popular software, spokesman Thomas Layer said. It is also distributing warning labels to be placed on versions now being sold, Layer said. The label warns that the "improper use of digital images and symbols" found in the programs Corel Draw 4.0, 5.0, and 6.0 is prohibited in Germany, which bans public displays of Nazi symbols. Munich's state prosecutor launched an investigation into the software on October 2 after learning that someone had used the banned images to print business cards for a neo-Nazi group, Layer said. This is not the first time that the company has had complaints due to their clip art images. In 1992, pressure from US Black rights organisations forced drawings of the Ku Kux Klan to be removed from the collection. Consideration is also being given to the removal of other images from the collection, either due to legal restrictions in various countries, or due to complaints from organisations such as the Simon Wiesenthal Center. Images considered for removal include a burning US flag, Josef Stalin, the Star of David icon, a cannabis leaf, and a drawing of a woman in a bathing costume. Corel Draw provides more than 24,000 clip art drawings and symbols that computer users can copy. The company suspended the sales on November 19. From varange at crl.com Sun Dec 1 08:39:27 1996 From: varange at crl.com (Troy Varange) Date: Sun, 1 Dec 1996 08:39:27 -0800 (PST) Subject: The Difference Between The Right And Lefty In-Reply-To: Message-ID: <199612011625.AA27868@crl10.crl.com> > > This is, of course, confusing to y'all because your all a > > bunch of stupid college kids. > > At least we know where to use a contraction............^^^^ See what I mean? Only a stupid college kid would bother pointing that out. -- Cheers! From cypherpunks at count04.mry.scruznet.com Sun Dec 1 10:09:16 1996 From: cypherpunks at count04.mry.scruznet.com (cypherpunks at count04.mry.scruznet.com) Date: Sun, 1 Dec 1996 10:09:16 -0800 (PST) Subject: Ping! Message-ID: <199612011811.KAA16684@count04.mry.scruznet.com> -------- From cypherpunks at count04.mry.scruznet.com Sun Dec 1 10:17:59 1996 From: cypherpunks at count04.mry.scruznet.com (cypherpunks at count04.mry.scruznet.com) Date: Sun, 1 Dec 1996 10:17:59 -0800 (PST) Subject: Ping! ((chain=(anon);1;(replay))) Message-ID: <199612011820.KAA16715@count04.mry.scruznet.com> -------- ping 5 From cypherpunks at count04.mry.scruznet.com Sun Dec 1 10:18:38 1996 From: cypherpunks at count04.mry.scruznet.com (cypherpunks at count04.mry.scruznet.com) Date: Sun, 1 Dec 1996 10:18:38 -0800 (PST) Subject: Ping! ((chain=(anon);1;(replay))) Message-ID: <199612011821.KAA16720@count04.mry.scruznet.com> -------- ping 5 From dthorn at gte.net Sun Dec 1 10:19:14 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 1 Dec 1996 10:19:14 -0800 (PST) Subject: denial of service and government rights In-Reply-To: Message-ID: <32A1C811.244@gte.net> Black Unicorn wrote: > On Sat, 30 Nov 1996, Dale Thorn wrote: > > > Just in case someone replies saying "It's not all that bad", or "It can't > > > happen here", etc., you should know this: > > > The United States government has not been responsive to the people for > > > a long time, but what's become evident in recent years is that they're > > > also no longer responsive to basic law and order. > > > They do respond to extreme pressure, as was applied in the Weaver, Waco, > > > and other similar cases, but, as a general rule, they do whatever they > > > want all the way to the top of the Justice dept. with impunity. > > > Example: George Bush's old pal at the Wash. DC P.R. firm hires the > > > niece(?) of a Kuwaiti official to testify in front of Congress in full > > > view of the American people on television, that the Iraquis were throwing > > > babies out of incubators in Kuwait, thereby securing the necessary votes > > > in Congress to prosecute the Gulf War. > At that time the country was already at war and if you read the war powers > act and look at the dates, you'll find that he probably could have > prosecuted it without congress. Fraud is fraud. It's illegal under *some* statute, I'm sure. > 60 minutes did a nice piece on this, BTW, and even they admitted that the > wool might have been pulled over the eyes of the Bush Staff. > > > When it was discovered (after the "war") that the Incubator Baby Scandal > > > was a lie, nobody was prosecuted. > Prosecuted for what? Fraud. See above. > > > Further, in blatant violation of the > > > U.S. Constitution, Bush and Schwartzkopf were knighted by Queen Elizabeth > > > II of England. > Careful. The knighthoods in question (Knight's Cross of the Victorian > Order if I recall) do not infringe on foreign decorations restrictions > when they are granted in an honorary context, as both were - again if my > recall is correct. > Several American citizens have been inducted into foreign orders of merit > and some have been inducted into badge and even sash orders. > One noteable was even inducted into the Order of the Bath (extra points > for the name of said citizen). According to the Constitution, "No title of nobility shall be granted by the United States, and no person holding any office of profit or trust under them shall, without the consent of the Congress, accept of any present, emolument, office or title, of any kind whatsoever, from any king, prince, or foreign state." I would point out that the "any kind whatsoever" clause is clear enough, and as to whether Congress approved Bush et al for these honors, well, you tell me. > > > There are also numerous examples of the Justice dept. being caught red- > > > handed forging documents to frame people for whom they had no evidence or > > > insufficient evidence to prosecute, and what happens in those cases? > > > Nothing. > Examples...? Demjanjuk. Israel (a country where the Justice department seems to have some ethics) was so embarrassed about this that they released him, even though there was considerable pressure to keep him under various charges. One could also look at the Weaver and Waco cases for false charges. It's worthy of note that juries rejected the U.S. Justice dept's murder charges in these cases. The original charges in the Weaver case even included the baby, as I recall. From dthorn at gte.net Sun Dec 1 10:19:20 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 1 Dec 1996 10:19:20 -0800 (PST) Subject: Detweiller spotted? In-Reply-To: <199612011258.EAA08939@abraham.cs.berkeley.edu> Message-ID: <32A1C941.6CD2@gte.net> John Anonymous MacDonald wrote: > Dale Thorn said: > >Now that's what I call amazing. Maybe I could rewrite PGP > >tomorrow (hee hee). > Is anyone else hearing a familiar (and again, constant) voice from the past? > Maybe I'm wrong, but has anyone met him in person? Just asking. I came to S.Cal. in February 1981. Worked at Olympic Sales until March 1983, went to Blue Chip computer on Pico blvd. across from the Beverly Hillcrest hotel, 3/83 to 5/86. Logic Tree in Pasadena, 1/87 to 1/88. Tennessee 2/88 to 4/92. Seal Beach 4/93 to present. If that corresponds to anyone you know, I'd like to talk to them. From Scottauge at aol.com Sun Dec 1 11:10:51 1996 From: Scottauge at aol.com (Scottauge at aol.com) Date: Sun, 1 Dec 1996 11:10:51 -0800 (PST) Subject: A quick discussion of Mersenne Numbers Message-ID: <961201141011_806714836@emout09.mail.aol.com> I wake of the latest find announcement, some people maybe wondering what the heck is this?!! A mercenne number is of the type: M(p) = 2**p -1 results in a prime when p is a prime. Hopefully this will lead the way to see the pattern of prime numbers and being able to compute prime numbers in a far more efficient manner (after all a function that when given a prime number results in a prime number would be quite a kicker now wouldn't it!) The other Mersenne primes include: 2,3,5,7,13,17,19,31,127,61,89, and 107. The numbers 67 and 257 are not primes.... Have fun in them prime number databases.... From ichudov at algebra.com Sun Dec 1 11:11:02 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 1 Dec 1996 11:11:02 -0800 (PST) Subject: COREL TO CENSOR ALL CLIP ART WORLDWIDE In-Reply-To: <199612011618.IAA11579@abraham.cs.berkeley.edu> Message-ID: <199612011842.MAA03490@manifold.algebra.com> John Anonymous MacDonald wrote: > Consideration is also being given to the removal of other images > from the collection, either due to legal restrictions in > various countries, or due to complaints from organisations > such as the Simon Wiesenthal Center. Images considered for > removal include a burning US flag, Josef Stalin, the Star of > David icon, a cannabis leaf, and a drawing of a woman in a > bathing costume. How stupid. - Igor. From ichudov at algebra.com Sun Dec 1 11:11:13 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 1 Dec 1996 11:11:13 -0800 (PST) Subject: Another problem with IPG algorithm In-Reply-To: Message-ID: <199612011844.MAA03510@manifold.algebra.com> Don and others, At the heart of IPG algorithm there is a pseudo-random number generator which generates values of A(JV). (see http://www.netprivacy.com/algo.html) DO JV=JV+1 IF JV=53 THEN JV=0 A(JV)=(A(JV)+B(JV)) MOD C(JV) UNTIL A(JV)<16384 Note that if B(JV) and C(JV) in a triplet (A(JV), B(JV), C(JV)) are not mutually prime, they will generate very few numbers and not a whole set 0-16383. For example, if C(JV) is 20000, and B(JV) is 10000, and initial A is (for example) 57, the only two numbers that this triplet will generate will be 57 and 10057. This refutes Don Wood's claim that the distribution of results approaches even. Even if only ONE triplet is such as I described (and it is VERY likely to happen statistically), the distribution will be skewed. Don, what do you think about it? igor From jimbell at pacifier.com Sun Dec 1 11:48:18 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 1 Dec 1996 11:48:18 -0800 (PST) Subject: denial of service and government rights Message-ID: <199612011948.LAA08876@mail.pacifier.com> At 09:25 PM 11/30/96 -0500, Tired.Fighter at dhp.com wrote: >On 30 Nov 96 at 13:10, Black Unicorn wrote: > >> On Fri, 29 Nov 1996, Greg Broiles wrote: > >> [...] >> >> > I don't see any reason why this wouldn't be true for a >> > computer. Fed.Rul.Crim.Pro. 41(b)(1) allows the seizure >> > (but seizure is not forfeiture) of "property that >> > constitutes evidence of the commission of a >> > criminal offense". >> >> It is true of computers. >> Take the case of Ripco (the Chicago BBS raided in the >> SunDevil raids back when). >> >> I don't think "Dr. Ripco" has yet gotten his equipment >> back. I don't know for sure, but what I do know is >> that 5 years after the raid, he still had certainly >> not gotten anything back. Unicorn has a long history of reciting government abuses, but then failing to provide any sort of answer to them. My solution (AP: "Assassination Politics") would make such abuse fatal. Jim Bell jimbell at pacifier.com From deviant at pooh-corner.com Sun Dec 1 12:38:10 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sun, 1 Dec 1996 12:38:10 -0800 (PST) Subject: denial of service and government rights In-Reply-To: <32A1C811.244@gte.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 1 Dec 1996, Dale Thorn wrote: > > Careful. The knighthoods in question (Knight's Cross of the Victorian > > Order if I recall) do not infringe on foreign decorations restrictions > > when they are granted in an honorary context, as both were - again if my > > recall is correct. > > Several American citizens have been inducted into foreign orders of merit > > and some have been inducted into badge and even sash orders. > > One noteable was even inducted into the Order of the Bath (extra points > > for the name of said citizen). > > According to the Constitution, "No title of nobility shall be granted by > the United States, and no person holding any office of profit or trust > under them shall, without the consent of the Congress, accept of any ^^^^^^^^^^^^^^^^^^^^^^^ > present, emolument, office or title, of any kind whatsoever, from any > king, prince, or foreign state." > > I would point out that the "any kind whatsoever" clause is clear enough, > and as to whether Congress approved Bush et al for these honors, well, > you tell me. Yes, as a matter of fact, they did. --Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 It's difficult to see the picture when you are inside the frame. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMqHsfjCdEh3oIPAVAQG1Jgf+K+GKyJwi6CjEYrIkksgZF0D2p3wbuNMl NfI/T/mKBex11B6AC+XH0z7wGaSA7gAwEK7qZfJAWM/vfI/ryI8REKX7RpHpoeRf yEAKemy+afej6xcMzrXEra1OB7htpukji4+T5x32ewiibCZvpx4yS1H5KW3/qcfx 1/oinXv59TRj0jmUuQyMHb4B99dp4ytDPzeqcudwCVmTyItQw72SMJYNKO4uykcO wf2u09u47W23FIZOt5biD219KvczFu96cIcbnc7STQNGnG03ZUBxjx5PimtS7Uqd VWvk8ljdkGvalr6ruK5zKf7izbJe3ZVsPh2n3+FDnewTu2OF8paDsg== =IMyt -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Sun Dec 1 13:10:16 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 1 Dec 1996 13:10:16 -0800 (PST) Subject: Seditious Cable! In-Reply-To: <199612011501.QAA25179@basement.replay.com> Message-ID: nobody at replay.com (Anonymous) writes: >clarify your position on key escrow to prevent further misunderstanding. I'm sorry, I don't think I'm able to explain my views on any complex technical topic in terms so simple that they could be understood by the "cypher punks". --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sun Dec 1 13:10:18 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 1 Dec 1996 13:10:18 -0800 (PST) Subject: Building a DC-NET In-Reply-To: <199612011503.QAA28128@internal-mail.systemics.com> Message-ID: <89y0XD20w165w@bwalk.dm.com> Gary Howland writes: > Dimitri writes: > > > > Black Unicorn writes: > > > > > On Sat, 30 Nov 1996, Simon Spero wrote: > > > > > > > (what's the Alice/Bob name for someone trying a denial of service atta > > > > > > Louis? > > > > John the petty small-time bitch? > > How about William? (Can't use Bill, since 'B' is taken). > Could refer to Clinton (since he denies services to Cuba etc.), or > to Gates (the creator of 'denial of service', aka. DOS). Whatever's wrong with KKKLinton, he hasn't locked anybody out of his majordomo. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From markm at voicenet.com Sun Dec 1 13:16:40 1996 From: markm at voicenet.com (Mark M.) Date: Sun, 1 Dec 1996 13:16:40 -0800 (PST) Subject: A quick discussion of Mersenne Numbers In-Reply-To: <961201141011_806714836@emout09.mail.aol.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 1 Dec 1996 Scottauge at aol.com wrote: > I wake of the latest find announcement, some people maybe wondering what the > heck is this?!! > > A mercenne number is of the type: > > M(p) = 2**p -1 results in a prime when p is a prime. > > Hopefully this will lead the way to see the pattern of prime numbers and > being able to compute prime numbers in a far more efficient manner (after all > a function that when given a prime number results in a prime number would be > quite a kicker now wouldn't it!) It doesn't. If q is a Mercenne prime, then p is prime if q = 2^p-1. It doesn't work the other way around. If it did, then it would be very easy to find out if a number is a Mercenne prime: just add 1 and find the base 2 logarithm and if the result is prime, then the original number is prime. It's much more difficult than that. It would also be possible to find an infinite number of Mercenne primes using a deterministic algorithm. Mark - -- finger -l for PGP key PGP encrypted mail prefered. 0xf9b22ba5 now revoked -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMqH2TyzIPc7jvyFpAQELUgf/Sl7QblCiYj/TQZ5on73Zj2fI7XaswGME ihXEVkI0bkcQgcm8NeSQol7cyfJJWmP0KjzIf2fnInn5dvhHRJI50b6Qp0d60oY3 dEP/uY01hX9amy32s9r+ro9X3eC+0pCleNWk1VPkIHjSlRb+Iem/eyD32jhGv6EE PA1q1lVQCjm1m44MSEWOSerVpAYMAfoFmRcrNLT757Oo6SWpVMyIVBLJ6eOtvux0 Mz9pBVoeOdjSzqJ8ZeWeFd4HG0v8o7VQqrlC1onGntKJ9//ZJMRKeE5bJmSVQQdA YydqIU0eCNW4XTBZZcH8aIgi0KOwqVlb2klMvJoEQmKgboqJ8h+TXw== =F9bd -----END PGP SIGNATURE----- From nobody at cypherpunks.ca Sun Dec 1 14:13:29 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Sun, 1 Dec 1996 14:13:29 -0800 (PST) Subject: Phrack, where can i find it? Message-ID: <199612012159.NAA22165@abraham.cs.berkeley.edu> where can i find latest (and old) phrack issues? From steve at edmweb.com Sun Dec 1 14:19:26 1996 From: steve at edmweb.com (Steve Reid) Date: Sun, 1 Dec 1996 14:19:26 -0800 (PST) Subject: RSA key generation in 13 lines of Perl Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I've completed my Perl/dc RSA key generation program. The compacted 13-line version is below. A commented version can be found at http://www.edmweb.com/steve/rsagen.txt #!/usr/local/bin/perl $k=768;$e=sprintf'%X',65537;print"Please enter a LOT of random junk.\n" ;$a=;print"Working. This may take a while.\n";for(1..(length($a)- 1)){$b[$_&31]^=unpack('C',substr($a,$_,1));$b[$_&31]=(($b[$_&31]<<5)|($b [$_&31]>>3))&255;}for(0..255){$c[$_]=$_;}$a=$d=$f=0;for(0..255){$a=($a+ $c[$_]+$b[$a&31])&255;($c[$_],$c[$a])=($c[$a],$c[$_]);}open(F,'|dc'); select F;print"16dio[$e+]sa";for(1..50){for(1..$k/32){printf'%02X',&g;} print"Sr";}for(1,2){printf'%02X',&g|128;for(2..$k/16){printf'%02X',&g;} print"d$e%-2+d2%0=aSP";}print"[d2%SA2/d0C]sC[LsSrld1-dsd0QQ]sE_1selExsq_1seLPlExsp[p=]Plpp[q=]Plqp[n=]P*p[e=]P$e p1-lp 1-lq1-**1+$e/[d=]Pp\n";close(F);sub g{$d=($d+1)&255;$f=($f+$c[$d])&255;( $c[$d],$c[$f])=($c[$f],$c[$d]);return($c[($c[$d]+$c[$f])&255]);} I'm sure this can be compacted further. I haven't put a lot of work into compacting it; I really just want to get it out. Run the program, type in a LOT of random gibberish (several lines at least) and press enter. Then wait. Eventually it will output your p, q, n, e and d in hexadecimal. p and q: Prime numbers, congruent to 2 mod e. They can usually be discarded, but they should never be revealed. n: Your public modulus e: Your public encryption exponent (usually 10001 hex) d: Your private decryption exponent By default the program generates a 768-bit public modulus and a public exponent of 10001 hex (65537 decimal). These can be changed by adjusting the numbers in the first line. A 1024-bit modulus would be better, but for some reason generation takes a LOT longer than a 768-bit modulus. Fortunately key generation doesn't need to be done very often. Timings on a 100 MHz Pentium running FreeBSD: Size of n Time 512-bit: 4-5 minutes 768-bit: 8-9 minutes 1024-bit: 35-80 minutes (ack!) I've had some difficulty generating 1024-bit keys, but it seems to be working now. Let me know if you see any problems generating large keys other than the obvious problem with the time spent. Disclaimer: This program seems to work, but your milage may vary. -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQEVAwUBMqID5dtVWdufMXJpAQE14AgApqOI2MMPe0V74cKI0vc3bDw8hfDW723c QKqVleH0MTIv4F792bf7ItekM81RbQiaB+AhSigFFFb679ZgdCV7XpPOwhkE3SD4 vJy1xU4HdZ6TbSrfzzZn8Peqd5K5zZdY7CpXbxW30TZWFNX5lqdDAAbvM77h36QC h/jwK1nWMzrTDupbhBwemkpZKaFmk5uAms5Y94Ckezh66+sOcWmvf7smyn8RJg4q zad6OVrclso22NBp/Pa0nf2+IdgFnhEfHgHxsI0t+awSokfr6WlZ8WAScxv40kJO KfcdBX1DXg4spl8kXgoQOrrA3VIUJKWXFfpnTt2nAKr/P4XfbpyFQw== =CY5F -----END PGP SIGNATURE----- From tfs at adsl-122.cais.com Sun Dec 1 15:38:48 1996 From: tfs at adsl-122.cais.com (Tim Scanlon) Date: Sun, 1 Dec 1996 15:38:48 -0800 (PST) Subject: Phrack, where can i find it? In-Reply-To: <199612012159.NAA22165@abraham.cs.berkeley.edu> Message-ID: <9612012338.AA09683@adsl-122.cais.com> John Anonymous MacDonald wrote: > > where can i find latest (and old) phrack issues? > ftp.fc.net /pub/phrack has all the back issues, as well as the current ones. Tim From mrosen at peganet.com Sun Dec 1 15:50:56 1996 From: mrosen at peganet.com (Mark Rosen) Date: Sun, 1 Dec 1996 15:50:56 -0800 (PST) Subject: Secure Memory Deletion Message-ID: <199612012354.SAA13950@mercury.peganet.com> Does anyone know any papers on secure deletion of things from memory? That is one thing that most people are oblivious to, though, if a program leaves your unencrypted passkey laying in memory or a buffer of your plaintext, then all the encryption in the world won't help. Should I overwrite the 32 times specified for hard drives, or are RAM chips easier to clear? Thanks. From dlv at bwalk.dm.com Sun Dec 1 16:20:19 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 1 Dec 1996 16:20:19 -0800 (PST) Subject: Paul Bradley is a typical "cypher punk" (Was: IPG Algorith Broken!) In-Reply-To: <849391118.629483.0@fatmans.demon.co.uk> Message-ID: <9T80XD26w165w@bwalk.dm.com> paul at fatmans.demon.co.uk writes: > > > Some of these bullies, like Paul Bradley, realize that they don't know > > the meanings of the words they use. Paul Bradley not only posts nonsense > > about brute force attacks on OTP, but also harrasses anyone who exposes > > his utter ignorance, in en effort to intimidate them into shutting up. > > You don`t seem to realise that not only is my reputation unnafected > by your worthless drivel about "brute force attacks on one time > pads", which everyone else apart from you and Don immediately > accepted as a simple misunderstanding of the topic of the message (I > was talking about stream ciphers), but I am finding it rather amusing > to watch the level of your rants deteriorate to the point where you > now label anyone who actually posts about cryptography on this list > as a "k00l hAcKiNg D00d" who knows nothing of what he is talking > about. And as for harrasing people to shut up if you had been > watching the traffic on the list you would have noticed that I > disagreed with John over throwing you off the list. I simply wonder > if the reason you appear to be so calm offline but a foaming at the > mouth lunatic online is that you are scared someone is going to give > you the good kicking you so rightly deserve. > > > "Cypherpunks'" opinion of any proposed new cryptosystem is worthless and > > irrelevant. > > And I suppose the opinion of a man who cannot control his urges to > post rants about "sovok jews" and armenian refugees is of great value > to the learned and worthy??? Paul Bradley packs so many lies into 30 lines of text, it's almost remarkable. First, I don't post rants about "Sovok Jews" to cypherpunks. Paul lies. (I happen to be Jewish, which is one of the reasons why Tim May hates my guts.) Second, Paul Bradley's own words do more to expose his own ignorance and stupidity than anything anyone else could say about him. This is my article which immediately preceded John Gilmore's shameful act of censorship: ]Message-Id: <67c7VD32w165w at bwalk.dm.com> ]Subject: Re: OTP ]From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) ]Date: Mon, 21 Oct 96 20:43:28 EDT ]In-Reply-To: <845910392.8251.0 at fatmans.demon.co.uk> ] ]Where do these idiots come from and why do they end up on this mailing list? ] ]paul at fatmans.demon.co.uk writes: ] ]> ]> > Can you explain to me how your one time pad algorithm is any better than ]> > encryption something with, say, RC4 or any other cipher using a key that ]> > is the same length as the seed for your PRNG? ]> ]> Well for a start there is no possible cryptanalytic (rather than ]> brute force) attack on a one time pad, the system can be ]> mathematically proven to be secure with a very simple bit of ]> statistics. ] ]Please post your "mathematical proof" and explain what you mean by ]a "brute force attack on a one time pad". Paul Bradley spoke about OTP, not stream cyphers. He lies. Third, Paul lies about his "opposition" to John Gilmore's censorship. Here is an e-mail Paul sent to the non-existent address "dvl" in response to an anonymous article on cypherpunks: ]Comments: Authenticated sender is ]From: paul at fatmans.demon.co.uk ]To: dvl at bwalk.dm.com ]Date: Wed, 18 Sep 1996 15:18:16 +0000 ]Mime-Version: 1.0 ]Content-Type: text/plain; charset=US-ASCII ]Content-Transfer-Encoding: 7BIT ]Subject: Re: A daily warning regarding Timothy C. May ]Priority: normal ]X-Mailer: Pegasus Mail for Windows (v2.31) ]Message-Id: <843149202.18174.0 at fatmans.demon.co.uk> ] ] ]> Timothy C. May is a lying sack of shit. ] ]Look, that is enough, I`m going to move to have you removed from the ]list if you keep this up... get a life fuckhead, if you are going to ]flame at least do it from your real address so people can killfile ]you, or maybe you believe censorship is better? It's clear that Paul supported John's "removal" of me from the list. Paul Bradley sent me dozens of hate e-mails. When he started mailbombing me with multiples copies of my own cypherpunks postings with obscenities appended, I set up a filter to bounce his junk back to him. Paul appears to be obsessed with me. Behold the collected works of Paul Bradley before the bouncer was set up: ]From: paul at fatmans.demon.co.uk ]To: "Dr.Dimitri Vulis KOTM" ]Date: Thu, 12 Sep 1996 18:29:26 +0000 ]Subject: Re: Conjuring up the latest utopia for a minoritarian sect ]Message-Id: <842700997.12948.0 at fatmans.demon.co.uk> ] ]You really don`t rate a reply from me, my time is much too valuable ]to bother with this sort of thing usually, but on this occasion i`ll ]make an exception: ] ]If you are going to make claims like this *back them up* I do not ]suppose for one moment that anyone on this list believes what you ]said above, Tim has shown restraint and sense in dealing with your ]rantings, you are in the majority of peoples killfiles, you really ]ought to re-access what you are doing on the list if all you are here ]for is to cause hassle and waste bandwidth, there is enough material ]on the list without totally uninteresting posts like your own. ]From: paul at fatmans.demon.co.uk ]To: "Dr.Dimitri Vulis KOTM" ]Date: Tue, 17 Sep 1996 19:33:09 +0000 ]Subject: Re: Diffie Hellman - logs in Galois fields ]Message-Id: <842988785.23058.0 at fatmans.demon.co.uk> ] ]> I think polluting this mailing list with trivial questions such as this is ]> just as bad as polluting it with personal attacks. Read the FAQs. ] ]Get a fucking life, seeing as you haven`t yet posted anything ]relating remotely to the technical aspects of cryptography to this ]list I think you need to take a long hard look at what your saying ]loser.... ]From: paul at fatmans.demon.co.uk ]To: "Dr.Dimitri Vulis KOTM" ]Date: Wed, 18 Sep 1996 15:18:16 +0000 ]Subject: Re: Workers Paradise. /Political rant. ]Message-Id: <843149202.18173.0 at fatmans.demon.co.uk> ] ]> Yeah!!! And I'll bounce each mailbomb to everyone who tries it. Won't ]> that be fun. Too ba your netcom account won't last long. ] ]`Fraid not loser, I`ll just mailbomb your ass so bad you won`t know ]what hit you, and my account is on demon, who can handle my incoming ]mail (about 300 a day) without a problem, go ahead punk, make my ]day.. (I warned the mailbombers that their mailbombs will be returned to them.) ]From: paul at fatmans.demon.co.uk ]To: "Dr.Dimitri Vulis KOTM" ]Date: Sat, 21 Sep 1996 17:37:23 +0000 ]Subject: Re: CIA hacked ]Message-Id: <843401979.17072.0 at fatmans.demon.co.uk> ] ]> >Dr. John M. Grubor created the 'net. ]> ]> Who created you? You tub of shit? ] ] ]Fuck you and fuck your cheap ass fucked up life motherfucker (look ]for the fuck redundancy index here, should be an interesting figure, ]motherfucker) ] ]good day to you (Paul is writing to me in response to someone else's flame.) ]From: paul at fatmans.demon.co.uk ]To: "Dr.Dimitri Vulis KOTM" ]Date: Sat, 21 Sep 1996 18:13:06 +0000 ]Subject: Re: Re: CIA hacked ]Message-Id: <843401966.17051.0 at fatmans.demon.co.uk> ] ]This is a further post following an earlier flame: ] ]> You are being flamed because. ]> ]> [X] you continued a boring useless stupid thread ]> [ ] you repeatedly posted to the same thread that you just posted to ]> [x] you repeatedly initiated incoherent, flaky, and mindless threads ]> [ ] you posted a piece riddled with profanities ]> [ ] you advocated Net censorship ]> [ ] you SCREAMED! (used all caps) ]> [x] you posted some sort of crap that doesn't belong in this group ]> [ ] you posted the inanely stupid 'Make Money Fast' article ]> [ ] you threatened others with physical harm ]> [x] you made a bigoted statement(s) ]> [x] you repeatedly assumed unwarranted moral or intellectual superiority ]> [x] you are under the misapprehension that this list is your preserve ]> [ ] you repeatedly shown lack of humor ]> [ ] you are apparently under compulsion to post to every thread ]> [x] you are posting an anonymous attack ]> ]> >>> Thank you for the time you have taken to read this. Live n' Learn.<<< ] ]Furthermore, you qualify as the celebrity fuckhead of the week, have ]a nice day. (I got dozens of the above-quoted mailbombs.) ]From: paul at fatmans.demon.co.uk ]To: "Dr.Dimitri Vulis KOTM" ]Date: Sat, 21 Sep 1996 18:13:06 +0000 ]Subject: KOTM ]Message-Id: <843401961.17032.0 at fatmans.demon.co.uk> ] ]Keep this non crypto relevant shit off the mailing list you sad ass ]motherfucker.... ]From: paul at fatmans.demon.co.uk ]To: "Dr.Dimitri Vulis KOTM" ]Date: Sat, 21 Sep 1996 18:13:06 +0000 ]Message-Id: <843401965.17045.0 at fatmans.demon.co.uk> ] ]Killifiling you would be a pleasure, however, it is an even greater ]pleasure to be able to flame you because of your worthless posts, ]this is probably why he didn`t... ] ]Get a life. ]From: paul at fatmans.demon.co.uk ]To: "Dr.Dimitri Vulis KOTM" ]Date: Sat, 28 Sep 1996 09:21:37 +0000 ]Subject: Re: Possible subs attack???? ]Message-Id: <844008901.9441.0 at fatmans.demon.co.uk> ] ]-----BEGIN PGP SIGNED MESSAGE----- ] ] ]> The lying sack of shit Timmy May writes: ] ]> The lying sack of shit Timmy May lies again, as usual. ] ]Fuck you, ] ]I am not Tim May, Check out the return path if you don`t believe me, ]if you still don`t here`s my PGP public key signed by the EFF, they ]don`t sign keys here and there without checking ID`s... ] ]Type Bits/KeyID Date User ID ]pub 1024/5BBFAEB1 1996/07/30 Paul Bradley ] ]- -----BEGIN PGP PUBLIC KEY BLOCK----- ]Version: 2.6.3ia ] ]mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 ]6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 ]sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR ]tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az6JAJUDBRAy ]NwfvNkCBjDT0xHEBATQPA/9TORmN/UjNecj03q4anpvdyCLiez5sKuNbnYK50RiP ]Jj4QpWWvST3smyQ0A86DrZY/re056MXwQmARESx0rFZxdnD0oORICl5r8dJLIy3b ]j8rbA5olXwZwKz73/X5s13v/pvHYX4cIsbVK8NHXqh5llSKt6TBAuGgkIGF29z5k ]C4kAlQMFEDI3B9mdtf/umVkv7QEBcRYD/1FBteLqsUmr81euxqqnnrpLlyHb58B/ ]9sdATuua4uSjX46hXDZ264YozspNrzSB4NEdrmXOWVX3fiE0ga6XkSSkIeF23V90 ]En37Z0BdbFzgF00FRYTFyTq8eezQrdg/+rBPUsZUmG5wpq3e12FKHQsX01i+1mB2 ]YmqqwCV5e95eiQCVAgUQMh8uSb5OPIRbv66xAQEqJwP/fxQyiCasjFcbDpsFfsYp ]put5cCC/9pOx6X3DlbKShPMpUOS+A9HsTEmJQN8Iawv1nSwPdtc2cR/GhW6ilVjW ]LSloGdMVLabm9pGpZZMkRaZlXFUkOv7VhfgsUiL+vIDryBCAwUZCzQiWycjt/cPi ]mUqFH41Z7NkyO8ZFdi5GGX0= ]=CMZA ]- -----END PGP PUBLIC KEY BLOCK----- ]Date: Mon, 30 Sep 1996 17:40:49 +0000 ]Subject: [ADVICE] Dimitri Vilus`s personal attacks ]Message-Id: <844193560.12762.0 at fatmans.demon.co.uk> ] ]I shouldn`t take any notice, he`s a loon who posts rants, lies, off ]topic rubbish and personal attacks to the mailing list. just ignore ]him, hopefully he`ll soon realise he`s not wanted and leave... --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From vitamin at best.com Sun Dec 1 16:46:22 1996 From: vitamin at best.com (vitamin at best.com) Date: Sun, 1 Dec 1996 16:46:22 -0800 (PST) Subject: No Subject Message-ID: <2.2.16.19961202024920.3fb73e1e@best.com> I apologize if this is off topic. I received free one month trial in July from Netcom and in mid July I canceled my account with Netcom due to lousy customer service. When I called I was treated rudely because of canceling netcom. I called again the next day and the person who answered the phone apologized me for the behaviour of the previous employee and I was told my account will be canceled. Low and behold come July I got my credit card statement and netcom had billed me. I promtly called them and was assured that my account would be cancelled. Come September I was billed again for August and September. Once again I called and she assured me it would be cancelled. Again, it was not. Come October they still billed me. In my November statement they are still billing me. I prefer L.A. Better Business Bureau and District Attorney emails and physical addresses. Someone please help me!!!!! Thank You From pgut001 at cs.auckland.ac.nz Sun Dec 1 16:53:57 1996 From: pgut001 at cs.auckland.ac.nz (pgut001 at cs.auckland.ac.nz) Date: Sun, 1 Dec 1996 16:53:57 -0800 (PST) Subject: Strong-crypto smart cards in Singapore and Germany Message-ID: <84948800022098@cs26.cs.auckland.ac.nz> whgiii at amaranth.com ("William H. Geiger III") writes: > Big Brother comming to a bank near you. > >Does anyone understand the implications of a society moving to an >electroinc cash based system?? > >All trasactions will be recorded, moitored, tracked & analysed. This is >not just the government that one has to worry about but corporations also. Actually the German system contains some fairly elaborate safeguards to make it pretty challenging to automatically track transactions (Germans have historical reasons for being uneasy about government monitoring). However given other German laws like the Fernmeldeanlagenueberwachungsverordnung (yes, that's one word), which make the CALEA look like a picnic, I'm not sure how long these safeguards will remain in place. Given that the standard has been created by a collaboration of all German banks, who are big enough to tell the government to take a hike if they demand access to the data, it may be safe (certainly the people involved in the project that I've spoken to are confident that they can keep the data private, however I'm not so sure how it'll work out in the long run). As for the Singapore solution, the Singpore government knows whats best for you, so it isn't any of your business to question their judgement. Anyone thinking otherwise gets 25 strokes of the rattan. Peter. From unicorn at schloss.li Sun Dec 1 17:12:17 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sun, 1 Dec 1996 17:12:17 -0800 (PST) Subject: denial of service and government rights In-Reply-To: <32A1C811.244@gte.net> Message-ID: On Sun, 1 Dec 1996, Dale Thorn wrote: > Black Unicorn wrote: > > On Sat, 30 Nov 1996, Dale Thorn wrote: > > > > Example: George Bush's old pal at the Wash. DC P.R. firm hires the > > > > niece(?) of a Kuwaiti official to testify in front of Congress in full > > > > view of the American people on television, that the Iraquis were throwing > > > > babies out of incubators in Kuwait, thereby securing the necessary votes > > > > in Congress to prosecute the Gulf War. > > > At that time the country was already at war and if you read the war powers > > act and look at the dates, you'll find that he probably could have > > prosecuted it without congress. > > Fraud is fraud. It's illegal under *some* statute, I'm sure. Point to it. > > > 60 minutes did a nice piece on this, BTW, and even they admitted that the > > wool might have been pulled over the eyes of the Bush Staff. > > > > > When it was discovered (after the "war") that the Incubator Baby Scandal > > > > was a lie, nobody was prosecuted. > > > Prosecuted for what? > > Fraud. See above. Give me a cite. Fraud is an excellent answer because it is a meaningless answer. Fraud is traditionally used to prosecutue those not-quite-a-crime cases because the definition essentially comes down to : "That guy did something we don't like." > > > > > Further, in blatant violation of the > > > > U.S. Constitution, Bush and Schwartzkopf were knighted by Queen Elizabeth > > > > II of England. > > > Careful. The knighthoods in question (Knight's Cross of the Victorian > > Order if I recall) do not infringe on foreign decorations restrictions > > when they are granted in an honorary context, as both were - again if my > > recall is correct. > > Several American citizens have been inducted into foreign orders of merit > > and some have been inducted into badge and even sash orders. > > One noteable was even inducted into the Order of the Bath (extra points > > for the name of said citizen). > > According to the Constitution, "No title of nobility shall be granted by > the United States, and no person holding any office of profit or trust > under them shall, without the consent of the Congress, accept of any > present, emolument, office or title, of any kind whatsoever, from any > king, prince, or foreign state." Honorary Knighthoods simply do not fall into this catagory. There are three or four cases on this point which I will dig up if enough people complain. In addition, I believe congressional approval was granted regardless for Schwartzkopf. Note that unlike your previous assertion, there is no rule regulating these awards for the day to day citizen. Playing loosey goosey with the facts seems to be a habit with you. -- Forward complaints to : European Association of Envelope Manufactures Finger for Public Key Gutenbergstrasse 21;Postfach;CH-3001;Bern Vote Monarchist Switzerland From dthorn at gte.net Sun Dec 1 17:25:25 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 1 Dec 1996 17:25:25 -0800 (PST) Subject: denial of service and government rights In-Reply-To: Message-ID: <32A22FE8.2A1D@gte.net> Black Unicorn wrote: > On Sun, 1 Dec 1996, Dale Thorn wrote: > > Black Unicorn wrote: > > > On Sat, 30 Nov 1996, Dale Thorn wrote: > > > > > Example: George Bush's old pal at the Wash. DC P.R. firm hires the > > > > > niece(?) of a Kuwaiti official to testify in front of Congress in full > > > > > view of the American people on television, that the Iraquis were throwing > > > > > babies out of incubators in Kuwait, thereby securing the necessary votes > > > > > in Congress to prosecute the Gulf War. [snippo] > Fraud is an excellent answer because it is a meaningless answer. Fraud is > traditionally used to prosecutue those not-quite-a-crime cases because the > definition essentially comes down to : "That guy did something we don't > like." [much drivel snipped] So what you're saying is I (or we) can testify in front of Congress on essentially any topic, telling a blatant lie (that we know is false, and which they will subsequently prove is false), and totally get away with it. You and I can do that, is that what you're saying? If that is true, then my original contention that things are far worse than the person I originally responded to was imagining, stands as correct. Things are bad indeed. From snow at smoke.suba.com Sun Dec 1 17:31:57 1996 From: snow at smoke.suba.com (snow) Date: Sun, 1 Dec 1996 17:31:57 -0800 (PST) Subject: Seditious Cable! In-Reply-To: Message-ID: <199612020149.TAA00175@smoke.suba.com> > > nobody at replay.com (Anonymous) writes: > >clarify your position on key escrow to prevent further misunderstanding. > > I'm sorry, I don't think I'm able to explain my views on any complex technical > topic in terms so simple that they could be understood by the "cypher punks". Sounds like a personal failing to me. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From deviant at pooh-corner.com Sun Dec 1 18:10:26 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sun, 1 Dec 1996 18:10:26 -0800 (PST) Subject: Secure Memory Deletion In-Reply-To: <199612012354.SAA13950@mercury.peganet.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 1 Dec 1996, Mark Rosen wrote: > Does anyone know any papers on secure deletion of things from memory? That > is one thing that most people are oblivious to, though, if a program leaves > your unencrypted passkey laying in memory or a buffer of your plaintext, > then all the encryption in the world won't help. Should I overwrite the 32 > times specified for hard drives, or are RAM chips easier to clear? Thanks. 1 time _should_ work for RAM chips, AFAIK. --Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 Live long and prosper. -- Spock, "Amok Time", stardate 3372.7 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMqI5wzCdEh3oIPAVAQGE5wf7BbOXQv13u/JS/nByogiN7ukaoiejZdyl 1Mq+Dxpe6mJvUPR72n5ygeQ8kKMP9nV5s6A9dm32qXDIYE/uzrEt+RLZbxtt0eMV 1uwxjVcxJdBvMgeFhxvblT1AhDNdvBHO3ELgPnU3T+DnUJOTPCb/ychsQ98YdYPQ gp0/nyJK9kCQPRPjZNvR8qP3RV9xd03KMBjwMJIfNw+RDfTtlQEEjhD9P6zSt4ky spPL4ccKrM8mGS67g5mLW14V+mbn4qM3gmfS6f6VbkP0DovAIBxCzDbBACvkexOy SRPCvvxL/2XiZ6NkGy844LFhJqlMMQWEUF+YrQykgBS9ST5uePquew== =GGrT -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Sun Dec 1 18:30:14 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 1 Dec 1996 18:30:14 -0800 (PST) Subject: Phrack, where can i find it? In-Reply-To: <199612012159.NAA22165@abraham.cs.berkeley.edu> Message-ID: <9yeayD27w165w@bwalk.dm.com> > where can i find latest (and old) phrack issues? If you look at http://www.arachy-online.com, it's got a link to phrack at (I think) http://fc.net/phrack. Also check out http://www.2600.com. It's a shame that they've got links to EFF's Web site. EFF is a dishonorable gang of content-based censors and plug-pullers. They support business owners and oppose free speech on the net. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From lyghte at cyberhighway.net Sun Dec 1 18:32:17 1996 From: lyghte at cyberhighway.net (Lyghte) Date: Sun, 1 Dec 1996 18:32:17 -0800 (PST) Subject: Phrack, where can i find it? Message-ID: <199612020224.TAA29618@user1.cyberhighway.net> >where can i find latest (and old) phrack issues? > You can browse the old ones online at the phrack homepage (http://freeside.com/phrack.html) _\ /_ / \ __ ___ __ | \ / | _ |_| | |_ THE |__ | |__| | | | |__ "It may roundly be asserted that human ingenuity cannot concoct a cipher which human ingenuity cannot resolve." Edgar Allan Poe From haystack at cow.net Sun Dec 1 18:57:46 1996 From: haystack at cow.net (Bovine Remailer) Date: Sun, 1 Dec 1996 18:57:46 -0800 (PST) Subject: pseudonymous servers Message-ID: <9612020244.AA07946@cow.net> Which pseudonymous servers are currently active? From Scottauge at aol.com Sun Dec 1 19:31:59 1996 From: Scottauge at aol.com (Scottauge at aol.com) Date: Sun, 1 Dec 1996 19:31:59 -0800 (PST) Subject: A quick discussion of Mersenne Numbers Message-ID: <961201223116_1486872145@emout17.mail.aol.com> In a message dated 96-12-01 16:17:01 EST, you write: > On Sun, 1 Dec 1996 Scottauge at aol.com wrote: > > > I wake of the latest find announcement, some people maybe wondering what > the > > heck is this?!! > > > > A mercenne number is of the type: > > > > M(p) = 2**p -1 results in a prime when p is a prime. > > > > Hopefully this will lead the way to see the pattern of prime numbers and > > being able to compute prime numbers in a far more efficient manner (after > all > > a function that when given a prime number results in a prime number would > be > > quite a kicker now wouldn't it!) > > It doesn't. If q is a Mercenne prime, then p is prime if q = 2^p-1. It > doesn't work the other way around. If it did, then it would be very easy to > find out if a number is a Mercenne prime: just add 1 and find the base 2 > logarithm and if the result is prime, then the original number is prime. It' > s > much more difficult than that. It would also be possible to find an > infinite > number of Mercenne primes using a deterministic algorithm. > > > Mark I agree, my discussion was toooooo quick and the statement: > > M(p) = 2**p -1 results in a prime when p is a prime. is misleading. I was thinking the second paragraph when I was writing the statement statement above. A case of the mind working faster than the fingers? From shamrock at netcom.com Sun Dec 1 19:38:27 1996 From: shamrock at netcom.com (Lucky Green) Date: Sun, 1 Dec 1996 19:38:27 -0800 (PST) Subject: denial of service and government rights Message-ID: <3.0.32.19961201193842.00693604@netcom14.netcom.com> At 05:24 PM 12/1/96 -0800, Dale Thorn wrote: >So what you're saying is I (or we) can testify in front of Congress on >essentially any topic, telling a blatant lie (that we know is false, and >which they will subsequently prove is false), and totally get away with >it. You and I can do that, is that what you're saying? You and I can't. The government can. It is one thing to commit a crime (if a crime has even been committed in the case in question). It is another thing to find somebody willing to prosecute it. In today's day and age, the Constitution exists for historical purposes only. Much of it has long been abolished by the courts. The remainder is being mostly ignored. The "Kein Kl�ger, kein Richter" principle makes it irrelevant if doing so is illegal. A favorite saying of 2nd Amendment supporters is: "Which part of 'shall not be infringed' don't you understand?" If society doesn't care that the Constitution is being violated, the violations will continue. And society couldn't care less. -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://ourworld.compuserve.com/homepages/justforfun/prime.htm From unicorn at schloss.li Sun Dec 1 19:43:37 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sun, 1 Dec 1996 19:43:37 -0800 (PST) Subject: denial of service and government rights In-Reply-To: <32A22FE8.2A1D@gte.net> Message-ID: On Sun, 1 Dec 1996, Dale Thorn wrote: > Black Unicorn wrote: > > On Sun, 1 Dec 1996, Dale Thorn wrote: > > > Black Unicorn wrote: > > > > On Sat, 30 Nov 1996, Dale Thorn wrote: > > > > > > Example: George Bush's old pal at the Wash. DC P.R. firm hires the > > > > > > niece(?) of a Kuwaiti official to testify in front of Congress in full > > > > > > view of the American people on television, that the Iraquis were throwing > > > > > > babies out of incubators in Kuwait, thereby securing the necessary votes > > > > > > in Congress to prosecute the Gulf War. > > [snippo] > > > Fraud is an excellent answer because it is a meaningless answer. Fraud is > > traditionally used to prosecutue those not-quite-a-crime cases because the > > definition essentially comes down to : "That guy did something we don't > > like." > > [much drivel snipped] > > So what you're saying is I (or we) can testify in front of Congress on > essentially any topic, telling a blatant lie (that we know is false, and > which they will subsequently prove is false), and totally get away with > it. You and I can do that, is that what you're saying? What you're talking about is contempt of congress. This is not "fraud." The penality imposed would be purjury. I don't believe that during that discussion, the witness was sworn, but I could be mistaken. In any event, purjury is purjury, but it hardly rises to the level of conspiracy your post originally indicated. > If that is true, then my original contention that things are far worse > than the person I originally responded to was imagining, stands as > correct. Things are bad indeed. "I had no idea what I was talking about, but as luck would have it I was right anyhow." Here, have a bozo button. -- Forward complaints to : European Association of Envelope Manufactures Finger for Public Key Gutenbergstrasse 21;Postfach;CH-3001;Bern Vote Monarchist Switzerland From jfricker at vertexgroup.com Sun Dec 1 20:14:23 1996 From: jfricker at vertexgroup.com (John Fricker) Date: Sun, 1 Dec 1996 20:14:23 -0800 (PST) Subject: Secure Memory Deletion Message-ID: <19961202041344041.AAA120@dev.vertexgroup.com> Seems to me that the chip itself hardly a worry. memset() does the trick for the memory locations you are aware of. Any electrical or molecular level residues would be terribly difficult to sort out. The OS provides ample opportunities for unknowns though. ie, Is there some structure in memory that has the data from the user interface object used to collect the passphrase? Is there a keyboard buffer storing the last several (dozen? hundred?) keystrokes? Can 100% security be achieved at all with our current OS's? >Mark Rosen (mrosen at peganet.com) said something about Secure Memory Deletion on or about 12/1/96 4:49 PM > Does anyone know any papers on secure deletion of things from >memory? That >is one thing that most people are oblivious to, though, if a program leaves >your unencrypted passkey laying in memory or a buffer of your plaintext, >then all the encryption in the world won't help. Should I overwrite the 32 >times specified for hard drives, or are RAM chips easier to clear? Thanks. > >End of message --j ----------------------------------- | John Fricker (jfricker at vertexgroup.com) | -random notes- | My PGP public key is available by sending me mail with subject "send pgp key". | www.Program.com is a good programmer web site. ----------------------------------- From unde0275 at frank.mtsu.edu Sun Dec 1 20:24:36 1996 From: unde0275 at frank.mtsu.edu (Internaut) Date: Sun, 1 Dec 1996 20:24:36 -0800 (PST) Subject: IP address Message-ID: <01BBDFD6.61E65120@s10-pm04.tnstate.campus.mci.net> What is the risk of publishing your dynamic IP address to a web page while you are on line? How vulnerable is someone just connected to the internet, w/o any server running? What attacks are feasable? --Internaut From snow at smoke.suba.com Sun Dec 1 20:38:41 1996 From: snow at smoke.suba.com (snow) Date: Sun, 1 Dec 1996 20:38:41 -0800 (PST) Subject: denial of service and government rights In-Reply-To: <32A22FE8.2A1D@gte.net> Message-ID: <199612020456.WAA00652@smoke.suba.com> Mr Thorn wrote: > Black Unicorn wrote: > > Fraud is an excellent answer because it is a meaningless answer. Fraud is > > traditionally used to prosecutue those not-quite-a-crime cases because the > > definition essentially comes down to : "That guy did something we don't > > like." > [much drivel snipped] > So what you're saying is I (or we) can testify in front of Congress on > essentially any topic, telling a blatant lie (that we know is false, and > which they will subsequently prove is false), and totally get away with > it. You and I can do that, is that what you're saying? (I am going to spell this wrong) Perjury. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From mycroft at actrix.gen.nz Sun Dec 1 21:11:10 1996 From: mycroft at actrix.gen.nz (Paul Foley) Date: Sun, 1 Dec 1996 21:11:10 -0800 (PST) Subject: A quick discussion of Mersenne Numbers In-Reply-To: <961201141011_806714836@emout09.mail.aol.com> Message-ID: <199612020412.RAA00976@mycroft.actrix.gen.nz> On Sun, 1 Dec 1996 14:10:13 -0500, Scottauge at aol.com wrote: A mercenne number is of the type: M(p) = 2**p -1 results in a prime when p is a prime. *Occasionally* results in a prime when p is prime. (A Mersenne number is any number of that form, prime or composite. It so happens that if M(p) is prime, p is prime) Hopefully this will lead the way to see the pattern of prime numbers and being able to compute prime numbers in a far more efficient manner (after all a function that when given a prime number results in a prime number would be quite a kicker now wouldn't it!) That's easy: f(x) = x The other Mersenne primes include: 2,3,5,7,13,17,19,31,127,61,89, and 107. 2, 5, 13, 17, 19, 61, 89 and 107 are not Mersenne numbers :-| The first few Mersenne primes are: 3, 7, 31, 127, 8191, 131071, 524287, 2147483647 -- Paul Foley --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- If God had wanted you to go around nude, He would have given you bigger hands. From jfricker at vertexgroup.com Sun Dec 1 21:22:22 1996 From: jfricker at vertexgroup.com (John Fricker) Date: Sun, 1 Dec 1996 21:22:22 -0800 (PST) Subject: The Good Doctor (Dobb that is) on DSNT Message-ID: <19961202052143928.AAA189@dev.vertexgroup.com> The January 1997 Dr. Dobb's Journal has a somewhat interesting interview with Eva Bozoki, Chief Scientist for Digital Secured Networks which more about scientific research in the old USSR as it does about VPN's and encryption. Some notable quotes from Ms. Bozoki: "If people understand our competence, they will trust the product." "I don't like key escrow because I don't trust anybody." "We add a twist by encrypting the public key exchange." Seems like the interviewer had a nice chat with Ms. Bozoki but it is a shame that he did not press her on more technical details. It is after all a programmer's journal. I find the first two quotes interesting in that it would appear that Ms. Bozoki would not purchase the product she is creating! In order to establish trust in an encryption product more is required than simply agreeing that the company is competent. Competence does not imply trustworthiness. Trust can be established through review and examination of the innards, algo's and source code. A quick read of www.dsnt.com does not reveal any additional information on the crypto used (other than it being a 512 byte public key algo using Diffie-Hellman key exchange). Yet it would seem that DSNT has painted themselves into a corner as revealing their architecture would make encrypting the public keys ineffective. The interviewer also failed to press Ms. Bozoki for a position regarding key escrow. She states that she does not like key escrow but she does say (when discussing how security is being retrofitted into TCP/IP) "So you have to make sure that certain secrets don't go out and that you can legally wiretap certain conversations in a situation which wasn't designed for that." And also she mentions "the need for a government to defend its country". So does DSNT's products support wiretapping out of the box? --j ----------------------------------- | John Fricker (jfricker at vertexgroup.com) | -random notes- | My PGP public key is available by sending me mail with subject "send pgp key". | www.Program.com is a good programmer web site. ----------------------------------- From dsmith at prairienet.org Sun Dec 1 21:30:10 1996 From: dsmith at prairienet.org (David E. Smith) Date: Sun, 1 Dec 1996 21:30:10 -0800 (PST) Subject: A quick discussion of Mersenne Numbers Message-ID: <199612020529.XAA24879@cdale3.midwest.net> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: Scottauge at aol.com, cypherpunks at toad.com Date: Sun Dec 01 23:29:04 1996 > > I wake of the latest find announcement, some people maybe wondering what > the > heck is this?!! > > A mercenne number is of the type: > > M(p) = 2**p -1 results in a prime when p is a prime. > Oh, if only it were all that easy... For more information on Mersenne primes, and using those spare CPU cycles to search for new ones, check out: http://ourworld.compuserve.com/homepages/justforfun/range.htm(l?) - ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702 dsmith at prairienet.org http://www.prairienet.org/~dsmith send mail with subject of "send pgp-key" for my PGP public key "Remember: King Kong died for your sins" - Principia Discordia -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMqJpMXEZTZHwCEpFAQEq/wf+NFGMQtkqDgcJzrOvBMwqeHvJmy6Rx5S2 /goRQCyoxIVtwzYRuPwRByWvsylpinq2F1VH+Jsfpg4PFzDgYxjElROY0Ne/XnsV 2roop+zKkXDBpElC+2dRp+OrBHFer+EU3bOXfINRe8QyLJLu7+gmZWE1ghOBRC/1 5hdHTTSnWGFRFPU3suz+XRznmCkTuFl5y2ycV2TWQMmXqcBmaoPVikeygcnXCcax EJgwFg7+od2SZ97SIBqsDbSYKNFnUGgP0ZScZXf6op8UWSwq2x2KKYlbYptQKVjX UmBt40SFP+YcTllKqe9XGSyilY7Pe96O3PFbmR+Ni7LY8AQcH4w0Qw== =X0ML -----END PGP SIGNATURE----- From dsmith at prairienet.org Sun Dec 1 21:30:55 1996 From: dsmith at prairienet.org (David E. Smith) Date: Sun, 1 Dec 1996 21:30:55 -0800 (PST) Subject: Announcement: Very Good Privacy Message-ID: <199612020530.XAA24979@cdale3.midwest.net> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: cypherpunks at toad.com Date: Sun Dec 01 23:30:00 1996 > Dear Sir, > > > I'm not sure how an encryption product that uses encryption > > algorithms weaker than Pretty Good Privacy can be described > > as being better than PGP. > > > > Especially when all the algorithms listed have known problems > > of one kind, or another. << And yes, I know that the known > > problems -- in some instances --- are entirely theoretical in > > nature. >> > > What puzzles me is that he included two cyphers that are _extremely_ > easy to > break, the vignere cypher and the ascii cypher. Why include these? And > what > is his new permutation of RC4 and DES? > Concur. Also, let's see: only available for Win95/NT, no sources available, and cyphers that are known to be weak - and that can be used without any warnings whatsoever - anyone else watching their Snake-Oil-O-Meter get pegged? Give us some source code, port it to XWindows, and then maybe we'll talk. dave - ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702 dsmith at prairienet.org http://www.prairienet.org/~dsmith send mail with subject of "send pgp-key" for my PGP public key "Remember: King Kong died for your sins" - Principia Discordia -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMqJpYHEZTZHwCEpFAQFWPAf/Q2FoUPrgXAyjkWlLRQiRSV544TawvdL0 efdxOuRoGJ9jPSOBxm2KepfSw6Gl6yjwK7buuIB9LcMPMbp41Yn7Z4BTx1lY4fEQ XjdKMZMGoDYfiFCP4Xm9D1vG0cX+eWUL9jxih3ZSGR8OjcypVNrTBxoSbO3q5pHu 69+ASfTdcyG4VySD/YJ2NM17P2wzU7BTNXawOIisaN87Us5hTNLtHt55/D5r5pcs SPgLo1bBBP/z98+/r6flPtIk7LXwWPqWuJRMFp5FVUk+9/TfbdgsUT9tfl7VzABW nY4z+zVvSuFBomVR5ON9wdNonG8YAeBCQGHy69oXhsErKDv6EXgbDQ== =VeBI -----END PGP SIGNATURE----- From jfricker at vertexgroup.com Sun Dec 1 21:31:09 1996 From: jfricker at vertexgroup.com (John Fricker) Date: Sun, 1 Dec 1996 21:31:09 -0800 (PST) Subject: The Good Doctor again Message-ID: <19961202053027130.AAA190@dev.vertexgroup.com> Also in the January issue has an article on RIPEMD-160. Source code (and full article text) is available at www.program.com/source/crypto --j From Adamsc at io-online.com Sun Dec 1 21:56:49 1996 From: Adamsc at io-online.com (Adamsc) Date: Sun, 1 Dec 1996 21:56:49 -0800 (PST) Subject: IP address Message-ID: <19961202055418796.AAA68@rn240.io-online.com> On Sun, 1 Dec 1996 22:23:30 -0600, Internaut wrote: >What is the risk of publishing your dynamic IP address to a web page while you are on line? How vulnerable is someone just connected to the internet, w/o any server running? What attacks are feasable? --Internaut Well, if you are running Win95 (all) or 3.1 (w/certain TCP/IP stacks) your machine can be locked up or rebooted at *any* time using just PING! # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From jgrasty at gate.net Sun Dec 1 21:58:19 1996 From: jgrasty at gate.net (Joey Grasty) Date: Sun, 1 Dec 1996 21:58:19 -0800 (PST) Subject: WinSock Remailer Back Up Message-ID: <199612020558.AAA60470@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Y'all: Due to a misconfiguration on one of the two machines that operate the WinSock Remailer, messages were lost from about Wednesday, 27 November, to Sunday, 1 December. We apologize for the lost messages. Regards, Joey Grasty Jim Ray WinSock Remailer Operators -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMqJvkg6sYKeTQAOtAQGrNwMA2MYpRHLtkeksVcoyx6T9+V+36fey8FXM sdbxI3DjN8Xq8Se81R7+qXNWxgVx2/HxQtu4w9Ea1GQz4B8cjYdlMVLXNIgdGrHy 3We8saHtvVIzCTFnvFIEn6MStNAZb+gw =9Vso -----END PGP SIGNATURE----- From gbroiles at netbox.com Sun Dec 1 22:09:03 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Sun, 1 Dec 1996 22:09:03 -0800 (PST) Subject: denial of service and government rights Message-ID: <3.0.32.19961201220509.0068a234@mail.io.com> At 05:24 PM 12/1/96 -0800, Dale Thorn wrote: >So what you're saying is I (or we) can testify in front of Congress on >essentially any topic, telling a blatant lie (that we know is false, and >which they will subsequently prove is false), and totally get away with >it. You and I can do that, is that what you're saying? This is idiotic. I suspect it's deliberately idiotic, but I can't see what anyone gains by it. If you've got a point to make, would you please just say what you're thinking and move on? There's a big difference between something being punishable and someone being punished. The false testimony was given on behalf of a friendly government, and in favor of a cause which met with widespread national support and was the focus of much (literal) flag-waving and patriotic speechifying. In general, you face very few risks if you lie in a way which helps a very popular cause, and the people you're lying to want to do the thing that your lies are purportedly justifying. Your risks are much greater if you're saying something unpopular or if you are an unpopular person. I'm not talking about law, I'm talking about politics. And the fact that laws are sometimes enforced in a political matter shouldn't be news to anyone. (I'm not saying that's good, but I think it's attributable to and a result of to the general fallibility of human beings, myself included, so I'm skeptical about easy answers. Real-world solutions tend to fall short of theoretical perfection. Doh.) >If that is true, then my original contention that things are far worse >than the person I originally responded to was imagining, stands as >correct. Things are bad indeed. I'd sure appreciate it if you'd just say what you're thinking (if it's on-topic) instead of playing stupid "Is X true? Is Y true? Wow! I've just discovered something new!" games. Your comments suggest to me that what you're dancing around is, essentially, that the government is morally wrong because it (eliding distinctions between governments and branches of governments) enforces laws in an erratic or discriminatory or political fashion. That's what I'm extracting from your messages. If there's something more to what you're saying, I think I'd have a better chance of extracting it if you devoted less energy to tricky rhetorical strategies. -- Greg Broiles | US crypto export control policy in a nutshell: gbroiles at netbox.com | http://www.io.com/~gbroiles | Export jobs, not crypto. | From ichudov at algebra.com Sun Dec 1 22:53:40 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 1 Dec 1996 22:53:40 -0800 (PST) Subject: IP address In-Reply-To: <01BBDFD6.61E65120@s10-pm04.tnstate.campus.mci.net> Message-ID: <199612020649.AAA02184@manifold.algebra.com> Internaut wrote: > > What is the risk of publishing your dynamic IP address to a web page = > while you are on line? How vulnerable is someone just connected to the = > internet, w/o any server running? What attacks are feasable? --Internaut > ping flood - Igor. From attila at primenet.com Sun Dec 1 23:27:50 1996 From: attila at primenet.com (attila at primenet.com) Date: Sun, 1 Dec 1996 23:27:50 -0800 (PST) Subject: denial of service and government rights In-Reply-To: <199612011948.LAA08876@mail.pacifier.com> Message-ID: <199612020728.AAA16346@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- In <199612011948.LAA08876 at mail.pacifier.com>, on 12/01/96 at 11:40 AM, jim bell said: ::Unicorn has a long history of reciting government abuses, but then ::failing to provide any sort of answer to them. My solution (AP: ::"Assassination Politics") would make such abuse fatal. :: Jim, I knew we could count on you for a solution! - -- maybe there is an analogy: militias: "the only way they'll take my weapon is from my cooling, smoking hand...." prez: "the only way they'll take my executive privileges is to impeach me --IF I consent to leave." -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMqKExb04kQrCC2kFAQHFrgP7BEsIx7uTw6tOio2Sr5JdzaetlqrupyP3 hjrbI6CIOwldM7jPh3KcdpGi7f+9juKSP4qJeftP2PKduuYVSCqF5o22wW23qKRz VmuJRqrgGpbgcRVoKCcHfqme9X001inmShJMQ69B531kpOOdkDL+b9Zm3kyBjEtO VKQTqMpO0l4= =T+pv -----END PGP SIGNATURE----- From mrosen at peganet.com Sun Dec 1 23:55:31 1996 From: mrosen at peganet.com (Mark Rosen) Date: Sun, 1 Dec 1996 23:55:31 -0800 (PST) Subject: Announcement: Very Good Privacy Message-ID: <199612020758.CAA14517@mercury.peganet.com> > > What puzzles me is that he included two cyphers that are _extremely_ > > easy to > > break, the vignere cypher and the ascii cypher. Why include these? And > > what > > is his new permutation of RC4 and DES? > > > > Concur. Also, let's see: only available for Win95/NT, no sources > available, and cyphers that are known to be weak - and that can > be used without any warnings whatsoever - anyone else watching > their Snake-Oil-O-Meter get pegged? The plus side of the Vigenere and ASCII ciphers is that they are fast. For example, on a friend's machine, I can get 1.7mb/s using ASCII while NewDES, the fastest "secure" algorithm, runs at a only 600k/s. Documentation of each algorithm with an explanation of its security is provided in the help file. As for snake-oil, this is a genuine product. I am trying to compete with Puffer 2.0, which costs like $25-$30; $5 is certainly less than that. As soon as I get the money to buy the needed compiler, I'll make a port to the Mac, and a port to Windows 3.1 should surface in a few days. > Give us some source code, port it to XWindows, and then maybe > we'll talk. I'm working on installing Linux on my machine and will be working on an X port. I'll keep you posted. BTW, I personally really enjoy using VGP and have encrypted all of my source code and other archived things like that. Mark Rosen FireSoft - http://www.geocities.com/SiliconValley/Pines/2690 Mark Eats AOL - http://www.geocities.com/TimesSquare/6660/ From pjb at 23kgroup.com Mon Dec 2 00:04:41 1996 From: pjb at 23kgroup.com (Paul J. Bell) Date: Mon, 2 Dec 1996 00:04:41 -0800 (PST) Subject: Codebreakers on the telly. Message-ID: <9612020023.AA02372@23kgroup.com> on tuesday, 3 dec at 2000 hrs, channel 13 (PBS) in the new york area will air the Nova special, "The Codebreakers". this isn't anything new, but, as i remember, it's worth watching again. cheers, -paul From rcgraves at ix.netcom.com Mon Dec 2 00:51:40 1996 From: rcgraves at ix.netcom.com (Rich Graves) Date: Mon, 2 Dec 1996 00:51:40 -0800 (PST) Subject: Hurray! A good example of rational thinking ... In-Reply-To: <199611280144.RAA19906@server1.chromatic.com> Message-ID: <32A298F7.5D2D@ix.netcom.com> Dale Thorn wrote: A message that, as expected, is inappropriate for this subject line. But in general, cypherpunks seems to have improved remarkably over the last couple weeks. I'd guess that the V-flames had the unintended consequence of driving off the other ranters and ravers, because they tend to lack the technical and thinking skills necessary for building killfiles. You may take this as support for the Gaia Hypothesis, I suppose. -rich From tfs at adsl-122.cais.com Mon Dec 2 00:52:25 1996 From: tfs at adsl-122.cais.com (Tim Scanlon) Date: Mon, 2 Dec 1996 00:52:25 -0800 (PST) Subject: Dorthy Denning is a boot-licking fasicist!!! In-Reply-To: <199611262215.QAA21070@mailhub.amaranth.com> Message-ID: <9612020851.AA11325@adsl-122.cais.com> William H. Geiger III wrote: [snip] > I don't know if anyone watched the House Subcomitty on Computers & > Technology today on C-Span. > > Phil Zimmerman, Dorthy Denning, William Reinsch & others were disscussing > computer security. > > Dorthy Denning gave the most pro-government speech I have ever heard. Is > this clueless bitch on the government payroll?!! [snip] Well, you may find the following interesting... I'll stick this on the web scanned someplace soon just to allay any sillieness about it being fud. It may be a bit dated, but obviously is still relivant. Tim -------------------------------------------------------------------------------- NATIONAL SECURITY COUNCIL UNCLASSIFIED 13-Apr-1993 13:08 EDT (CONFIDENTIAL) MEMORANDUM FOR: George J. Tenet (TENET) David Kelly (KELLYD) Richard C. Barth (BARTH) FROM: Michael J. Waguespack (WAGUESPACK) SUBJECT: ENCRYPTION THE FBI JUST ADVISED THAT THEY HAVE RECEIVED A TELEPHONE INQUIRY FROM DOROTHY DENNING RE THE ENCRYPTION STORY. SHE APPARENTLY WAS CALLED BY MARKOV [sic] WHO SEEMS TO HAVE SOME KNOWLEDGE OF WHAT IS BREWING AND THAT SOMEING IS ABOUT TO BREAK. MARKOV ALLEGEDLY GOT HIS INFORMATION FROM A "RETIRED GOVERNMENT EXECUTIVE." MARKOV RELATED TO DENNING THAT HE IS -----------------[blacked out text] ----------------------- ----------------------------------------------------------- E.O. ----------------------------------------------------------- 12356 1.3 (a)(4) HERE WE GO! CC:Records (RECORDS) Partially declassified/Released on 10/3/94 under provisions of E.0. 12356 by J. Saunders, National Security Council Doc #39 [Obtained under the Freedom of Information Act by the Electronic Privacy Information Center, 1994] From orders at compugen.net Mon Dec 2 02:32:31 1996 From: orders at compugen.net (orders at compugen.net) Date: Mon, 2 Dec 1996 02:32:31 -0800 (PST) Subject: Just in time for Christmas!!! Message-ID: <199612021032.EAA14770@mailhost.onramp.net> Dear Computer User: The perfect gift for your family, a friend, or just for yourself. "Personal Computer Accessories" Mitsumi Keyboards, Microsoft Mouse, Computer Speakers and more... Select the URL below to place your order; just in time for Christmas. *************************************************************************** To place your order visit our website at: http://www.pcorders.com *************************************************************************** From bryce at digicash.com Mon Dec 2 03:22:46 1996 From: bryce at digicash.com (Bryce) Date: Mon, 2 Dec 1996 03:22:46 -0800 (PST) Subject: The House Rules At The Permanent Virtual Cypherpunks Party In-Reply-To: Message-ID: <199612021122.MAA02666@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- > > Rule 2: Don't forward articles from other forums to > > cypherpunks. We can find it ourselves the same place you did > > This is not universally true. Everyone doesn't have access to > a functional News server or even to the Web, and some interesting > stuff could come from closed commercial sites etc. Yeah, my "rules" are mainly to intimidate newbies into holding still long enough to be properly socialized. Only the Meta-Rule is inviolate. Regards, Bryce, who once receifved a Perry-gram for forwarding an article to cpunks which, unbeknownst to him, had already been so forwarded by others -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMqK7+kjbHy8sKZitAQEf5AL9EOuni5KdQ8Ug6SY+a0DmiRruoD0ruSam cs35j2So279AT07u0A3fqDeBqUehJfCupyXKU5GekV1IO5M/qpPrxL02/LvSROqS Y3XcVQjD3ZFDOGfLYZysWo2YTaUFMyGF =+E96 -----END PGP SIGNATURE----- From ben at gonzo.ben.algroup.co.uk Mon Dec 2 03:36:54 1996 From: ben at gonzo.ben.algroup.co.uk (Ben Laurie) Date: Mon, 2 Dec 1996 03:36:54 -0800 (PST) Subject: The Good Doctor againternaut In-Reply-To: <19961202053027130.AAA190@dev.vertexgroup.com> Message-ID: <9612021032.aa08173@gonzo.ben.algroup.co.uk> From bryce at digicash.com Mon Dec 2 03:48:08 1996 From: bryce at digicash.com (Bryce) Date: Mon, 2 Dec 1996 03:48:08 -0800 (PST) Subject: [NOISE]-- [PHILOSOPHYPUNKS] Re: The House Rules At The Permanent Virtual Cypherpunks Party In-Reply-To: <329E4432.4D93@gte.net> Message-ID: <199612021148.MAA04719@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- Hi Dale. I believe I've seen you around. Thanks for replying to my article. > Bryce wrote: > > I. Etiquette -- The House Rules At The Virtual Cypherpunks Party > > The Meta-Rule: It's John Gilmore's virtual house. He is the > > sole owner of the computer (toad.com) that hosts cypherpunks > > and the sole authority over what the users of that computer > > (you) can do with it. > > [mo' snip] > > Ordinarily, I'd leave this post alone, but I really hate it when people > twist ideas for their own philosophical purposes. To whit: "John is the > sole authority over what the users of his computer can do with his > computer" (quote approximate). Can you "to wit" one or two more times, here? I'm not sure what idea is being twisted into what other idea and which philosophical purpose this twisting serves. But I'm curious. > I don't *do* anything with *his* computer. I send email into the ether > with an address on it, and he picks it up at his discretion and does > what he wants with it. I am in no way involved in that process, and I > do not share *any* responsibility for how he handles the email. Hm. So if you send an email into the ether with "Cc: cypherpunks at toad.com" and "Subject: MAKE MONEY REALLY TRULY FAST!", then you share no responsibility for the fact that a copy of that email is going to arrive in the inboxes of thousands of subscribers? Okay, it could be an interesting discussion, but what's your point? My point was (and is) that neither you nor I have any kind of _right_ to access the services of toad.com against John's will. Seems like a very simple point (deceptively simple, one might say...), but I recall several people, including Dale Thorn, opining that Dmitri Vulis _did_ have the right to access those services with or without John's consent. What gives? Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMqLB80jbHy8sKZitAQHf9QL+LBEJ3Fc+l2KjfDFSNP9iYac0k07Bb20e mEzpNyvfJxJkH1sTc9D/jkr59JGSm888Akp24FchrQQNA2YcUkon0XlY3p/pyJYm oDhnQyg0cR+u9nAbeWrIbV5Krz1eeqqw =fa24 -----END PGP SIGNATURE----- From asgaard at Cor.sos.sll.se Mon Dec 2 03:50:13 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Mon, 2 Dec 1996 03:50:13 -0800 (PST) Subject: New payment scheme for Web access Message-ID: (See abstract from Edupage at the end) Who wants to use the MTV web site anyway, but I suppose this could spread. I guess a very popular site could allow access only to domains (....foo.bar) that have paid instead of blocking those who have not, otherwise 'new' sites could circumvent it easily. On the other hand, a proxy server inside of an allowed domain would circumvent the allowing kind of scheme, at least for a while (until they found out about it). Great opportunities for hacking wars. Another payment scheme in use is to recieve passwords for closed Web pages by voice phoning to an expensive number. Did the porno sites invent this (they have long been in related business)? Asgaard ************************************************************************** MTV TURNS THE TABLES IN WEB VIEWING Viacom's MTV Networks has come up with a new way to make its Web investment pay off -- it's putting the squeeze on online service providers, demanding that they pay multimillion dollar fees or risk having their subscribers blocked from viewing MTV's Web site. <...> From bryce at digicash.com Mon Dec 2 04:01:44 1996 From: bryce at digicash.com (Bryce) Date: Mon, 2 Dec 1996 04:01:44 -0800 (PST) Subject: The House Rules At The Permanent Virtual Cypherpunks Party In-Reply-To: <329F9BA0.541B@gte.net> Message-ID: <199612021201.NAA05961@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- A million monkeys operating under the pseudonym "Dale Thorn " typed: > > Bryce (I think) said words to the effect that "We (subscribers) are doing > something with John's computer, etc.", as though the list subscribers are > actually operating John's computer, with John's kind permission and over- > view Yes, this is fairly accurate. Of course we (most of us) do not have full Turing machine access to John's computer or to its peripherals, but we do have access to a few simple functions which we use with gusto, including broadcasting, subscribing and unsubscribing, and the other functions of majordomo. Perhaps you are objecting to the idea that our access to John's computer is equivalent to, say, our access to our own computers? I certainly agree with you that it is not the same kind of access. > What I said was: I don't *do* anything with John's computer, I merely > mail messages with an address on them, and John can remail or dispose of > those messages as he wishes, as long as he doesn't modify them or otherwise > use them for any purpose besides what they were intended for. Yeah, there are some (relatively) subtle issues here like "when is it merely extended causal relation and when is it usage", or "what are the details of this implicit agreement that we have with John" or whatnot, but I'm not sure that those are the issues that you are talking about. To wit: > Bryce's (I think) writing was clearly an example of the kind of double- > speak that 1984-ish censors use to justify their actions, and I for one > cannot let that kind of B.S. go unchallenged. What? What sly newspeak did I use and more importantly what great truth am I attempting to conceal? Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMqLFH0jbHy8sKZitAQGJuQL+O3nz30rJqJp2rGajj+yeZAFTlu4hISTU /GbSxJLXrBCHGA0SQhVnMpImre3RhJEx1IrwFV+ZeWiubVYtR24s1CEzxDUu5fMb 3XcQUHeUJmG4JpjyFsvpN1Mh6WKKy2Al =Lp9K -----END PGP SIGNATURE----- From ichudov at algebra.com Mon Dec 2 05:52:30 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 2 Dec 1996 05:52:30 -0800 (PST) Subject: IP address In-Reply-To: <19961202055418796.AAA68@rn240.io-online.com> Message-ID: <199612021038.EAA02902@manifold.algebra.com> Adamsc wrote: > > On Sun, 1 Dec 1996 22:23:30 -0600, Internaut wrote: > > >What is the risk of publishing your dynamic IP address to a web page while you are on line? How vulnerable is someone just connected to the internet, w/o any server running? What attacks are feasable? --Internaut > > Well, if you are running Win95 (all) or 3.1 (w/certain TCP/IP stacks) your > machine can be locked up or rebooted at *any* time using just PING! > Isn't is Unix that is actually vulnerable? - Igor. From Thomas.Repellin at gni.fr Mon Dec 2 06:09:37 1996 From: Thomas.Repellin at gni.fr (Thomas Repellin) Date: Mon, 2 Dec 1996 06:09:37 -0800 (PST) Subject: unsuscribe Message-ID: <32A2E313.41C6@gni.fr> unsuscribe cypherpunks From dlv at bwalk.dm.com Mon Dec 2 06:31:05 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 2 Dec 1996 06:31:05 -0800 (PST) Subject: Hurray! A good example of rational thinking ... In-Reply-To: <32A298F7.5D2D@ix.netcom.com> Message-ID: Rich Graves writes: > But in general, cypherpunks seems to have improved remarkably over the > last couple weeks. I'd guess that the V-flames had the unintended > consequence of driving off the other ranters and ravers, because they > tend to lack the technical and thinking skills necessary for building > killfiles. Timmy May (fart) appears to have shut up, and that's a Good Thing. Good riddance to Timmy. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From raph at CS.Berkeley.EDU Mon Dec 2 06:53:09 1996 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 2 Dec 1996 06:53:09 -0800 (PST) Subject: List of reliable remailers Message-ID: <199612021450.GAA23899@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail. For more information, see: http://www.c2.org/~raph/premail.html For the PGP public keys of the remailers, finger pgpkeys at kiwi.cs.berkeley.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"extropia"} = " cpunk pgp special"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord ?"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{'alpha'} = ' alpha pgp'; $remailer{'nymrod'} = ' alpha pgp'; $remailer{"lead"} = " cpunk mix pgp hash latent cut ek"; $remailer{"exon"} = " cpunk pgp hash latent cut ek"; $remailer{"haystack"} = " cpunk mix pgp hash latent cut ek"; $remailer{"lucifer"} = " cpunk mix pgp hash latent cut ek"; $remailer{"jam"} = " cpunk mix pgp hash latent cut ek"; $remailer{"winsock"} = " cpunk pgp pgponly hash cut ksub reord"; $remailer{'nym'} = ' newnym pgp'; $remailer{"balls"} = " cpunk pgp hash latent cut ek"; $remailer{"squirrel"} = " cpunk mix pgp pgponly hash latent cut ek"; $remailer{"middle"} = " cpunk mix pgp hash middle latent cut ek reord ?"; $remailer{'cyber'} = ' alpha pgp'; $remailer{"dustbin"} = " cpunk pgp hash latent cut ek mix reord middle ?"; $remailer{'weasel'} = ' newnym pgp'; $remailer{"death"} = " cpunk pgp hash latent post"; $remailer{"reno"} = " cpunk mix pgp hash middle latent cut ek reord ?"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. remailer at crynwr.com is _not_ a remailer. There is no remailer at relay.com. Groups of remailers sharing a machine or operator: (cyber mix) (weasel squirrel) The alpha and nymrod nymservers are down due to abuse. However, you can use the nym or weasel (newnym style) nymservers. The cyber nymserver is quite reliable for outgoing mail (which is what's measured here), but is exhibiting serious reliability problems for incoming mail. The squirrel and winsock remailers accept PGP encrypted mail only. 403 Permission denied errors have been caused by a flaky disk on the Berkeley WWW server. This seems to be fixed now. The penet remailer is closed. Last update: Mon 2 Dec 96 6:49:59 PST remailer email address history latency uptime ----------------------------------------------------------------------- weasel config at weasel.owl.de ++++++---++ 2:15:58 99.98% lucifer lucifer at dhp.com ++++++-++++* 39:05 99.92% cyber alias at alias.cyberpass.net ******-+***+ 36:36 99.91% lead mix at zifi.genetics.utah.edu *+++++-+++** 37:21 99.91% nym config at nym.alias.net #*+#*#-##### 2:02 99.91% jam remailer at cypherpunks.ca ***** ****** 14:42 99.86% squirrel mix at squirrel.owl.de ++++++---++ 2:12:47 99.74% middle middleman at jpunix.com - ------.-- 3:35:44 99.66% replay remailer at replay.com *** - -+**** 21:25 99.28% mix mixmaster at remail.obscura.com ++-+++-._.- 11:59:53 99.24% dustbin dustman at athensnet.com + ++-___.-+ 23:00:40 98.77% reno middleman at cyberpass.net ----- --.-- 3:00:22 98.71% haystack haystack at holy.cow.net *#**# #** # 13:51 97.64% extropia remail at miron.vip.best.com --------- - 7:34:35 97.19% exon remailer at remailer.nl.com #####*-#*#*# 25:16 96.88% winsock winsock at rigel.cyberpass.net - -+ 7:01:07 62.06% balls remailer at huge.cajones.com ******- 4:04:02 58.23% History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From dthorn at gte.net Mon Dec 2 07:09:41 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 2 Dec 1996 07:09:41 -0800 (PST) Subject: denial of service and government rights In-Reply-To: Message-ID: <32A2F0D1.7A5A@gte.net> Black Unicorn wrote: > On Sun, 1 Dec 1996, Dale Thorn wrote: > > Black Unicorn wrote: > > > On Sun, 1 Dec 1996, Dale Thorn wrote: > > > > Black Unicorn wrote: > > > > > On Sat, 30 Nov 1996, Dale Thorn wrote: > > > > > > > Example: George Bush's old pal at the Wash. DC P.R. firm hires the > > > > > > > niece(?) of a Kuwaiti official to testify in front of Congress in full > > > > > > > view of the American people on television, that the Iraquis were throwing > > > > > > > babies out of incubators in Kuwait, thereby securing the necessary votes > > > > > > > in Congress to prosecute the Gulf War. [snippo] > What you're talking about is contempt of congress. This is not "fraud." > "I had no idea what I was talking about, but as luck would have it I was > right anyhow." Here, have a bozo button. I was right, and you just can't stand it, can you? I think the shoe fits you, Mr. Clown, so wear it in "good health". From dthorn at gte.net Mon Dec 2 07:21:34 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 2 Dec 1996 07:21:34 -0800 (PST) Subject: [NOISE]-- [PHILOSOPHYPUNKS] Re: The House Rules At The Permanent Virtual Cypherpunks Party In-Reply-To: <199612021148.MAA04719@digicash.com> Message-ID: <32A2F39C.5996@gte.net> Bryce wrote: > Hi Dale. I believe I've seen you around. Thanks for replying > to my article. > > Bryce wrote: > > > I. Etiquette -- The House Rules At The Virtual Cypherpunks Party > > > The Meta-Rule: It's John Gilmore's virtual house. He is the > > > sole owner of the computer (toad.com) that hosts cypherpunks > > > and the sole authority over what the users of that computer > > > (you) can do with it. > > Ordinarily, I'd leave this post alone, but I really hate it when people > > twist ideas for their own philosophical purposes. To whit: "John is the > > sole authority over what the users of his computer can do with his > > computer" (quote approximate). > > I don't *do* anything with *his* computer. I send email into the ether > > with an address on it, and he picks it up at his discretion and does > > what he wants with it. I am in no way involved in that process, and I > > do not share *any* responsibility for how he handles the email. > Hm. So if you send an email into the ether with > "Cc: cypherpunks at toad.com" and "Subject: MAKE MONEY REALLY > TRULY FAST!", then you share no responsibility for the fact > that a copy of that email is going to arrive in the inboxes of > thousands of subscribers? > Okay, it could be an interesting discussion, but what's your point? > My point was (and is) that neither you nor I have any kind of > _right_ to access the services of toad.com against John's > will. Seems like a very simple point (deceptively simple, one > might say...), but I recall several people, including Dale > Thorn, opining that Dmitri Vulis _did_ have the right to access > those services with or without John's consent. Now I've gotcha! If I, Dale Thorn, an ordinary person (not a commercial mailer), realize somehow what your snail mail address is (an analogy), and I send you a personal letter, are you saying I don't have the "right" to do so? Even if I am aware that you redistribute the letter, as, say, a newspaper such as the L.A. Times would? I'm guessing that what you're saying is something to do with the content or size of such a mailing, yes? But whatever the case, I'm not "doing something with" your mailbox if I send you a snail mail letter, and I'm not "doing something with" your computer if I send you a posting. It's you who know the result of opening up your computer to the phone lines, and it's up to you to post *your* "rules", and to date, I don't recall any postings from John Gilmore to me or the list regarding such rules, just a few little tin-plated dictators doing it in his name. From dthorn at gte.net Mon Dec 2 07:27:19 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 2 Dec 1996 07:27:19 -0800 (PST) Subject: denial of service and government rights In-Reply-To: <3.0.32.19961201220509.0068a234@mail.io.com> Message-ID: <32A2F537.16B@gte.net> Greg Broiles wrote: > At 05:24 PM 12/1/96 -0800, Dale Thorn wrote: > >So what you're saying is I (or we) can testify in front of Congress on > >essentially any topic, telling a blatant lie (that we know is false, and > >which they will subsequently prove is false), and totally get away with > >it. You and I can do that, is that what you're saying? > This is idiotic. I suspect it's deliberately idiotic, but I can't see what > anyone gains by it. If you've got a point to make, would you please just > say what you're thinking and move on? See below. > There's a big difference between something being punishable and someone > being punished. The false testimony was given on behalf of a friendly > government, and in favor of a cause which met with widespread national > support and was the focus of much (literal) flag-waving and patriotic > speechifying. In general, you face very few risks if you lie in a way which > helps a very popular cause, and the people you're lying to want to do the > thing that your lies are purportedly justifying. Your risks are much > greater if you're saying something unpopular or if you are an unpopular > person. I'm not talking about law, I'm talking about politics. And the fact > that laws are sometimes enforced in a political matter shouldn't be news to > anyone. (I'm not saying that's good, but I think it's attributable to and a > result of to the general fallibility of human beings, myself included, so > I'm skeptical about easy answers. Real-world solutions tend to fall short > of theoretical perfection. Doh.) > >If that is true, then my original contention that things are far worse > >than the person I originally responded to was imagining, stands as > >correct. Things are bad indeed. > I'd sure appreciate it if you'd just say what you're thinking (if it's > on-topic) instead of playing stupid "Is X true? Is Y true? Wow! I've just > discovered something new!" games. Your comments suggest to me that what > you're dancing around is, essentially, that the government is morally wrong > because it (eliding distinctions between governments and branches of > governments) enforces laws in an erratic or discriminatory or political > fashion. That's what I'm extracting from your messages. If there's > something more to what you're saying, I think I'd have a better chance of > extracting it if you devoted less energy to tricky rhetorical strategies. I sympathize. My original posting was short and clear. This is what happens when people who don't think as clearly as you do (sadly, a majority of c-punks) respond to a posting with deliberately twisted logic to "refute" a point. See Black Unicorn's recent posts about denial of service for an excellent example of this. From bryce at digicash.com Mon Dec 2 07:44:17 1996 From: bryce at digicash.com (Bryce) Date: Mon, 2 Dec 1996 07:44:17 -0800 (PST) Subject: [NOISE]-- [PHILOSOPHYPUNKS] Re: The House Rules At The Permanent Virtual Cypherpunks Party In-Reply-To: <32A2F39C.5996@gte.net> Message-ID: <199612021544.QAA12207@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- > Now I've gotcha! If I, Dale Thorn, an ordinary person (not a commercial > mailer), realize somehow what your snail mail address is (an analogy), > and I send you a personal letter, are you saying I don't have the "right" > to do so? Even if I am aware that you redistribute the letter, as, say, > a newspaper such as the L.A. Times would? Yes this is a fine analogy. You have the right to send whatever letters you want; you don't have the right to demand that any particular thing be _done_ with those letters once they arrive, in the absence of some contract to the contrary. > I'm guessing that what you're saying is something to do with the content > or size of such a mailing, yes? Noooo... What I was saying was that even such a simple service as a mailing list raises some complex issues about agency and responsibility. Did _you_ send MMF to all those people, or did Gilmore? What if Gilmore had a MMF filter in place? What if you evaded it? What if Gilmore only broadcasts signed messages and you signed the MMF? What if you paid to have it broadcast? So what _I'm_ saying is that there are some complex issues about this kind of cyberspatial event, but that the realspace substrate is relatively simple-- it's Gilmore's computer and you have no moral authority to demand that he do or not do any particular thing with it. In the following, you appear to take exception to both of these claims, or at least to the first one-- I'm not sure. > But whatever the case, I'm not "doing something with" your mailbox if > I send you a snail mail letter, and I'm not "doing something with" your > computer if I send you a posting. It's you who know the result of opening > up your computer to the phone lines, and it's up to you to post *your* > "rules", and to date, I don't recall any postings from John Gilmore to > me or the list regarding such rules, just a few little tin-plated > dictators doing it in his name. I'm still not sure if you are just prone to colorful rhetoric, or if I have really upset you with something I've said. If the latter, I still don't understand what, exactly. Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMqL5UEjbHy8sKZitAQEukQMAjS4etLT4pRzoQGrQrNr77m8NwEs4+VYC coIbBNqnVtllRg5eofMUaJvX8zZQKicnwF7ZiT1SxnAlHygOMcnFztI8oJS3HNG5 lpo86+8rtiLjx4jPC4zntGxCrPkECCS3 =UPBq -----END PGP SIGNATURE----- From alzheimer at juno.com Mon Dec 2 08:36:19 1996 From: alzheimer at juno.com (Ronald Raygun Remailer) Date: Mon, 2 Dec 1996 08:36:19 -0800 (PST) Subject: Copyright violations Message-ID: <19961202.103443.9599.0.alzheimer@juno.com> -- Financial Times, 11/29/96 REUTERS STAFFER SABOTAGES HONG KONG BANK DEALING ROOMS A computer operator at Reuters in Hong Kong recently sabotaged the dealing room systems of five of the company's investment bank clients. The attack crippled for up to 36 hours the computer systems delivering market prices and news to traders at NatWest Markets, Jardine Fleming, Standard Chartered and two other banks. The banks, which resorted to alternative terminals such as Bloomberg, claimed the tampering had no significant impact on trading and said neither they nor their clients experienced losses as a result. The initial breach occurred on November 18. Reuters engineer Winston Cheng (now suspended) allegedly paid maintenance visits to several clients and used his password to gain access to the operating system at the heart of the Reuters networks. He entered commands that would delete key operating system files after a delay to allow him to leave the building. The first bank to report problems at 6:00 P.M. was Standard Charter, followed by the others. The dealing room systems were partially fixed by the morning to allow trading to continue more or less as normal but it was not until the next day that they were restored to full operation. As well as reviewing procedures on staff, Reuters is considering restrictions on its maintenance engineers' access to trading floors and the system software. From unde0275 at frank.mtsu.edu Mon Dec 2 09:08:13 1996 From: unde0275 at frank.mtsu.edu (Internaut) Date: Mon, 2 Dec 1996 09:08:13 -0800 (PST) Subject: IP address Message-ID: <01BBE040.DE540E40@s19-pm03.tnstate.campus.mci.net> > Adamsc wrote: > > Igor wrote > > > On Sun, 1 Dec 1996 22:23:30 -0600, Internaut wrote: > > >What is the risk of publishing your dynamic IP address to a web page > > >while you are on line? How vulnerable is someone just connected to > > >the internet, w/o any server running? What attacks are feasable? --> >> Well, if you are running Win95 (all) or 3.1 (w/certain TCP/IP stacks) your >> machine can be locked up or rebooted at *any* time using just PING! >Isn't is Unix that is actually vulnerable? I tried pinging myself off and it didn't work; maby it has to be from a remote host. From unicorn at schloss.li Mon Dec 2 09:40:33 1996 From: unicorn at schloss.li (Black Unicorn) Date: Mon, 2 Dec 1996 09:40:33 -0800 (PST) Subject: denial of service and government rights In-Reply-To: <32A2F0D1.7A5A@gte.net> Message-ID: On Mon, 2 Dec 1996, Dale Thorn wrote: > [snippo] > > > What you're talking about is contempt of congress. This is not "fraud." > > "I had no idea what I was talking about, but as luck would have it I was > > right anyhow." Here, have a bozo button. > > I was right, and you just can't stand it, can you? I think the shoe fits > you, Mr. Clown, so wear it in "good health". Actually, you were not right. Your claim was that this somehow constituted a conspiracy. I was merely pointing out that even if your version of events was correct (which I hardly conceed), you still had no clue what you were talking about when you began and just happened to "fall" into the answer when your legs were knocked out from under you. -- Forward complaints to : European Association of Envelope Manufactures Finger for Public Key Gutenbergstrasse 21;Postfach;CH-3001;Bern Vote Monarchist Switzerland From gary at systemics.com Mon Dec 2 09:42:48 1996 From: gary at systemics.com (Gary Howland) Date: Mon, 2 Dec 1996 09:42:48 -0800 (PST) Subject: ANNOUNCE: Latest Java Cryptix lib - includes PGP and all Java implementation Message-ID: <199612021744.SAA06216@internal-mail.systemics.com> A new ALPHA release of the Systemics Cryptix crypto library for Java is now available for download at http://www.systemics.com/software/ The library is FREE FOR COMMERCIAL AND NON-COMMERCIAL USE. This release of the library is only intended for serious developers, who are prepared to work with a moving API. Differences from the previous release are that the library is now 100% Java, although native code can still be loaded if the libraries are present (which is unlikely, since I haven't completed them yet :-) Also, PGP classes have now been incorportated into the library. And of course, all the source is available (in fact, that's all that is presently available :-) Enjoy! CRYPTIX 2.00 - CRYPTOGRAPHIC CLASSES FOR JAVA _________________________________________________________________ Description This library contains a suite of cryptographic classes for Java. It is important to note that this release is not yet stable, so is only recommended for use by serious developers, since there may be major design and API changes. For users that require stability, please use the previous release . Features missing DES and Blowfish are not yet ported to Java. There is currently very little in the way of documentation and example programs. The auto loading of native libraries (if they are present) has not been tested. Features The library is now 100% Java, although native libraries will be loaded if they are present, in order to improve performance. PGP support is now being added to the library (currently most PGP packet types are supported, except for compressed data packets - anyone developing a zip compression library in Java?). Mailing list A mailing list exists for the developers and users of this library. This list is very low volume, and can be joined by sending subscribe cryptix-java _your mail address_ to majordomo at systemics.com. Another mailing list exists for PGP developers, and can be joined by sending subscribe pgp-dev _your mail address_ to majordomo at systemics.com. Copyright This library is covered by the following licence: Copyright � 1995, 1996 Systemics Ltd (http://www.systemics.com/) All rights reserved. This library and applications are FREE FOR COMMERCIAL AND NON-COMMERCIAL USE as long as the following conditions are adhered to. Copyright remains with Systemics Ltd, and as such any Copyright notices in the code are not to be removed. If this code is used in a product, Systemics should be given attribution as the author of the parts used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by Systemics Ltd (http://www.systemics.com/) THIS SOFTWARE IS PROVIDED BY SYSTEMICS LTD ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.] _________________________________________________________________ From gary at systemics.com Mon Dec 2 09:44:56 1996 From: gary at systemics.com (Gary Howland) Date: Mon, 2 Dec 1996 09:44:56 -0800 (PST) Subject: Announce: New mailing list for PGP developers Message-ID: <199612021747.SAA06243@internal-mail.systemics.com> Hi, I have set up a mailing list for PGP developers. The main topic of conversation will be issues directly related to developing PGP tools and libraries, such as non-standard cipher feedback modes :-/ The list can be joined by sending subscribe pgp-dev _your mail address_ to majordomo at systemics.com. Best regards, Gary Howland -- pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From iang at systemics.com Mon Dec 2 09:54:31 1996 From: iang at systemics.com (Ian Grigg) Date: Mon, 2 Dec 1996 09:54:31 -0800 (PST) Subject: Working Draft: "Using Markets to Achieve Efficient Task Distribution" Message-ID: <32A317FF.773C2448@systemics.com> Our paper on "Using Markets to Achieve Efficient Task Distribution" is now on the web at http://www.systemics.com/docs/papers/task_market.html as a working draft (please don't quote or disseminate - it is now "under offer" for FC97). I, at least, am going to have a break from paper writing and go have a go at coding it, and all the other things in the queue. However, comments are most welcome. Thanks to everyone who has commented so far. -- iang iang at systemics.com From ddt at LSD.com Mon Dec 2 12:00:38 1996 From: ddt at LSD.com (Dave Del Torto) Date: Mon, 2 Dec 1996 12:00:38 -0800 (PST) Subject: Looking for "PrOduct Cypher" In-Reply-To: <573c49$ren@tor-nn1-hb0.netcom.ca> Message-ID: <32A335E3.734A@LSD.com> "PrOduct Cypher," I need to get in touch with you to discuss your PGP library work. Please email me ASAP (my key's on the MIT keyserver). Thanks. dave PS: Pls excuse the x-post. From deviant at pooh-corner.com Mon Dec 2 13:01:01 1996 From: deviant at pooh-corner.com (The Deviant) Date: Mon, 2 Dec 1996 13:01:01 -0800 (PST) Subject: A quick discussion of Mersenne Numbers In-Reply-To: <199612020412.RAA00976@mycroft.actrix.gen.nz> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 2 Dec 1996, Paul Foley wrote: > On Sun, 1 Dec 1996 14:10:13 -0500, Scottauge at aol.com wrote: > > A mercenne number is of the type: > > M(p) = 2**p -1 results in a prime when p is a prime. > > *Occasionally* results in a prime when p is prime. (A Mersenne number > is any number of that form, prime or composite. It so happens that if > M(p) is prime, p is prime) > > Hopefully this will lead the way to see the pattern of prime > numbers and being able to compute prime numbers in a far more > efficient manner (after all a function that when given a prime > number results in a prime number would be quite a kicker now > wouldn't it!) > > That's easy: f(x) = x > > The other Mersenne primes include: > > 2,3,5,7,13,17,19,31,127,61,89, and 107. > > 2, 5, 13, 17, 19, 61, 89 and 107 are not Mersenne numbers :-| > > The first few Mersenne primes are: > 3, 7, 31, 127, 8191, 131071, 524287, 2147483647 True.. but 1 is. 2^1-1=1 --Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 Try `stty 0' -- it works much better. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMqM+rDCdEh3oIPAVAQHFAAf/RZmwPtfhTwZNhVUhQvNcWBU4agpcK7Tt VwULhdS80wcwKr4bwtr/EcJlKR9h9pYvkrB4orQLCMOXoeMBJy2Hz0AwVKyjuWh+ BpvbHHQDd66kcpVEpRBbw5biCYuC5nW5uEtZKvidTgTl9zyh9DcJAv3OBdNwqSjN 61MbNX0WbMDTv/2BpVha4NPAcyPs78xNLzARDpASHV8kSCExDzcPsytu8/g/L0xZ 7fF9OIhqbBJM9KR4Qo7XjcV4dF2t0cCRAicJFf34ZkfHx2NBagYBNUIfLBPcgYWB pUuUxDp4uy2MEAKI3GBYuZ/yXuKnQoBxznO+ltfB37MtVDrzUlq4aw== =GzxY -----END PGP SIGNATURE----- From froomkin at law.miami.edu Mon Dec 2 13:06:34 1996 From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law) Date: Mon, 2 Dec 1996 13:06:34 -0800 (PST) Subject: No Subject Message-ID: [Cross-posted to cyberia & cypherpunks] Links, albeit rather thin ones, to background info on the Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure appear at: http://csrc.nist.gov/tacdfipsfkmi/ The first (public) meeting will be Dec. 5-6 at the Sheraton Grand Hotel at Dallas/Ft. Worth Airport [Highway 114 & Esters Boulevard], 4440 W. John Carpenter Freeway, Irving, Texas. Alas, I won't be able to make it. On-the-spot reports most welcome... The committee is also asking for written submissions (35 copies!!). A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's warm here. From help at pathfinder.com Mon Dec 2 14:03:24 1996 From: help at pathfinder.com (help at pathfinder.com) Date: Mon, 2 Dec 1996 14:03:24 -0800 (PST) Subject: Pathfinder Personal Edition Launches Message-ID: <199612022203.RAA05964@tigger.dev.pathfinder.com.pathfinder.com> Dear Friend of Pathfinder: We invite you to discover Pathfinder Personal Edition, the new personalized news and information service available exclusively on Pathfinder. With Pathfinder Personal Edition, you can customize the news to make it YOUR news. You just specify your areas of interest, and with the click of a mouse, Pathfinder Personal Edition searches the most comprehensive collection of up-to-the-minute news sources available online (including over 20 specialized news wires and some of your favorite magazines -- Time, Fortune, Money, People, Sports Illustrated, Entertainment Weekly and Life) and brings back to you news, sports scores, stock quotes, and even your favorite cartoons. With Pathfinder Personal Edition you're not just getting raw information from news feeds, you're getting in-depth information that's valuable to you, complete with analysis. Pathfinder Personal Edition even has a staff of real editors working every day to bring you the top stories from their areas of expertise. And with eight graphical formats to choose from and control over how sections and articles appear, Pathfinder Personal Edition literally makes the news your news. Everything is up to you -- you can build your own newspaper from the ground up or choose one of our six Editor's Editions from the newsstand and make it your own by personalizing the content right down to your local weather. Pathfinder Personal Edition puts everything in one place, so you spend less time wading through unwanted information and more time soaking up what you want to know. With this special risk-free offer, you can try Pathfinder Personal Edition for free for two full months! Avoid information overload -- try Pathfinder Personal Edition today: http://pathfinder.com/promo Sincerely, Pathfinder Pathfinder Personal Edition - Retrieves your world. From nobody at zifi.genetics.utah.edu Mon Dec 2 14:50:43 1996 From: nobody at zifi.genetics.utah.edu (Anonymous) Date: Mon, 2 Dec 1996 14:50:43 -0800 (PST) Subject: [ANNOUNCEMENT] Sphere packings Message-ID: <199612022250.PAA04546@zifi.genetics.utah.edu> Tim C. May's police record is many times longer than his prick (well, that's not hard). \|/ @ @ -oOO-(_)-OOo- Tim C. May From ichudov at algebra.com Mon Dec 2 15:07:38 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 2 Dec 1996 15:07:38 -0800 (PST) Subject: IP address In-Reply-To: <01BBE040.DE540E40@s19-pm03.tnstate.campus.mci.net> Message-ID: <199612022029.OAA00440@manifold.algebra.com> Internaut wrote: > > > > > Adamsc wrote: > > > Igor wrote > > > > On Sun, 1 Dec 1996 22:23:30 -0600, Internaut wrote: > > > >What is the risk of publishing your dynamic IP address to a web = > page=20 > > > >while you are on line? How vulnerable is someone just connected to = > > > >the internet, w/o any server running? What attacks are feasable? = > -->=20 > >> Well, if you are running Win95 (all) or 3.1 (w/certain TCP/IP stacks) = > your > >> machine can be locked up or rebooted at *any* time using just PING! > >Isn't is Unix that is actually vulnerable? > I tried pinging myself off and it didn't work; maby it has to be from a = > remote host. > =09 > > try ping -l 65510 host.name.edu - Igor. From azur at netcom.com Mon Dec 2 15:09:12 1996 From: azur at netcom.com (Steve Schear) Date: Mon, 2 Dec 1996 15:09:12 -0800 (PST) Subject: wealth and property rights Message-ID: >Adam Back wrote: >> >> Steve Boursy writes: >> >>> That's a fair question. I don't begrude one's ownership of their >>> fair share--but I do have serious problems with what we shall >>> call 'accumulators' if you will. For them I have contempt and no-- >>> they do not have that right of possession and often such 'work' is >>> at the expense and on the backs of others. >> >> I'm an accululator :-) >> >> The investments I have I worked for. > > Well of course you have--but the majority of people >in the world that are poor have worked just as hard >and do not derive the same benefits--that needs to >be changed. > > > >> See, if you spend your money now, on the above, you have no right to >> criticize me when I look relatively wealthy later. It's your choice >> to blow your money. > > > I agree--that's not what I was talking about--the majority of wealth >is handed down not earned--and the ability to earn also more often >than not results in hand me down priv. I believe it was Thomas Jefferson who was successful at getting the practice of primo geniture outlawed in Virginia (it was later adopted by all the other states). He believed in a 'meritocracy' or sorts and abhored any practice which would create a merchant or political aristocracy in the new Republic. Unfortunately much of his wisdom was ignored (e.g. objection to a central bank, and the forbidding of one generation to indebt another) and we suffer the consequences to this day. > > >> Btw, people of your mentality (communists/socialists) already make it >> very difficult for me to accumulate, > > We do our best--some day we'll take it all away--really. > > Steve From apache at quux.apana.org.au Mon Dec 2 15:23:35 1996 From: apache at quux.apana.org.au (apache) Date: Mon, 2 Dec 1996 15:23:35 -0800 (PST) Subject: COREL TO CENSOR ALL CLIP ART WORLDWIDE In-Reply-To: <199612011623.IAA11650@abraham.cs.berkeley.edu> Message-ID: The worlds gone fuckin mad. On Sun, 1 Dec 1996, John Anonymous MacDonald wrote: > Swastikas halt Corel sales > By Reuters > November 25, 1996, 12 p.m. PT > > MUNICH, Germany--Corel (COSFF) software company > has temporarily halted sales of its top-selling Corel Draw {..} > Consideration is also being given to the removal of other images > from the collection, either due to legal restrictions in > various countries, or due to complaints from organisations > such as the Simon Wiesenthal Center. Images considered for > removal include a burning US flag, Josef Stalin, the Star of > David icon, a cannabis leaf, and a drawing of a woman in a > bathing costume. From markm at voicenet.com Mon Dec 2 16:11:30 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 2 Dec 1996 16:11:30 -0800 (PST) Subject: A quick discussion of Mersenne Numbers In-Reply-To: Message-ID: On Mon, 2 Dec 1996, The Deviant wrote: > On Mon, 2 Dec 1996, Paul Foley wrote: > > > On Sun, 1 Dec 1996 14:10:13 -0500, Scottauge at aol.com wrote: > > > > A mercenne number is of the type: > > > > M(p) = 2**p -1 results in a prime when p is a prime. > > > > *Occasionally* results in a prime when p is prime. (A Mersenne number > > is any number of that form, prime or composite. It so happens that if > > M(p) is prime, p is prime) > > > > Hopefully this will lead the way to see the pattern of prime > > numbers and being able to compute prime numbers in a far more > > efficient manner (after all a function that when given a prime > > number results in a prime number would be quite a kicker now > > wouldn't it!) > > > > That's easy: f(x) = x > > > > The other Mersenne primes include: > > > > 2,3,5,7,13,17,19,31,127,61,89, and 107. > > > > 2, 5, 13, 17, 19, 61, 89 and 107 are not Mersenne numbers :-| > > > > The first few Mersenne primes are: > > 3, 7, 31, 127, 8191, 131071, 524287, 2147483647 > > True.. but 1 is. 2^1-1=1 1 isn't prime. It also isn't composite. Same for zero. Mark -- finger -l for PGP key PGP encrypted mail prefered. 0xf9b22ba5 now revoked From Greg_Shanton at csg.stercomm.com Mon Dec 2 16:17:00 1996 From: Greg_Shanton at csg.stercomm.com (Greg Shanton) Date: Mon, 2 Dec 1996 16:17:00 -0800 (PST) Subject: unsunscribe Message-ID: <9611028495.AA849579446@csg.stercomm.com> unsuscribe cypherpunks From deviant at pooh-corner.com Mon Dec 2 16:27:19 1996 From: deviant at pooh-corner.com (The Deviant) Date: Mon, 2 Dec 1996 16:27:19 -0800 (PST) Subject: A quick discussion of Mersenne Numbers In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 2 Dec 1996, The Deviant wrote: > On Mon, 2 Dec 1996, Paul Foley wrote: > > > On Sun, 1 Dec 1996 14:10:13 -0500, Scottauge at aol.com wrote: > > > > A mercenne number is of the type: > > > > M(p) = 2**p -1 results in a prime when p is a prime. > > > > *Occasionally* results in a prime when p is prime. (A Mersenne number > > is any number of that form, prime or composite. It so happens that if > > M(p) is prime, p is prime) > > > > Hopefully this will lead the way to see the pattern of prime > > numbers and being able to compute prime numbers in a far more > > efficient manner (after all a function that when given a prime > > number results in a prime number would be quite a kicker now > > wouldn't it!) > > > > That's easy: f(x) = x > > > > The other Mersenne primes include: > > > > 2,3,5,7,13,17,19,31,127,61,89, and 107. > > > > 2, 5, 13, 17, 19, 61, 89 and 107 are not Mersenne numbers :-| > > > > The first few Mersenne primes are: > > 3, 7, 31, 127, 8191, 131071, 524287, 2147483647 > > True.. but 1 is. 2^1-1=1 > > > --Deviant > PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 > > Try `stty 0' -- it works much better. Please excuse me for writing such idiocy. I was very tired at the time. --Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 Insufficient facts always invite danger. -- Spock, "Space Seed", stardate 3141.9 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMqNy9jCdEh3oIPAVAQHxzwf5ATGxOj0sJuAn/YjgPm4bpjDZRk89UEph CMT+MNTzj82+GsREavEISfWzND+IKXqCB5wnSW4Jy9pAdschNH4LbWoFRUz4BmnR Yr9y9tBpiLizhbwbi011IDTVKobQ0m8ujpzVGkFCqz4HkIJ0+G2F8SGx0lPFJGqM 4PY88eSJwsEDAS406U5jZbtth6SSHER3qaLToqWntdn823fP7lIVpcWu0/4lZtkX WEFinEcI0D1bR7PjVpWDm6YQX1i3laCTJKXgJQA1r5tOSk42XqNyX07rt2dXC892 +Egy0jFYe4T28eCMvJBUU7Gc5jF4ZWHk3GrCQwzlH8jWZfuUeEhC6Q== =RwA0 -----END PGP SIGNATURE----- From AwakenToMe at aol.com Mon Dec 2 16:46:23 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Mon, 2 Dec 1996 16:46:23 -0800 (PST) Subject: IP address Message-ID: <961202194540_1353438965@emout08.mail.aol.com> In a message dated 96-12-02 02:44:30 EST, you write: << >What is the risk of publishing your dynamic IP address to a web page while you are on line? How vulnerable is someone just connected to the internet, w/o any server running? What attacks are feasable? --Internaut Well, if you are running Win95 (all) or 3.1 (w/certain TCP/IP stacks) your machine can be locked up or rebooted at *any* time using just PING! >> Im not sure under what circumstances you were referring this happening in, but I use win95 and so do friends of mine whom I ping ALL the time with their dynamic IP address. I do this to check the time before we do some online gaming across the net. Mind you.... I dont have to be connected to a KALI gaming server to do this.. He lets me know his IP address via his 2nd phone line, I log on the my ISP, goto dos and PING him.. and voila! Adam From bkmarsh at feist.com Mon Dec 2 16:58:56 1996 From: bkmarsh at feist.com (Bruce M.) Date: Mon, 2 Dec 1996 16:58:56 -0800 (PST) Subject: IP address In-Reply-To: <199612021038.EAA02902@manifold.algebra.com> Message-ID: On Mon, 2 Dec 1996 ichudov at algebra.com wrote: > > >What is the risk of publishing your dynamic IP address to a web page while you are on line? How vulnerable is someone just connected to the internet, w/o any server running? What attacks are feasable? --Internaut > > > > Well, if you are running Win95 (all) or 3.1 (w/certain TCP/IP stacks) your > > machine can be locked up or rebooted at *any* time using just PING! > > > > Isn't is Unix that is actually vulnerable? I have never been able to cause more than a mild performance degredation by pinging a Windows 95 machine with large packets. When testing the idea I kept increasing the packet size until the machine no longer responded, but the machine still had TCP/IP capabilities (in terms of transmitting data and forming connections). Ping flooding is another matter though. You probably could cause a larger performance drop. ____________________________________________________ [ Bruce M. - bkmarsh at feist.com - Feist Systems, Inc. ] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ "We don't want to get our butts kicked by a bunch of long-haired 26-year-olds with earrings." -- General John Sheehan on their reasons for InfoWar involvement From gweissman at spyrus.com Mon Dec 2 17:03:28 1996 From: gweissman at spyrus.com (Weissman, Gregg) Date: Mon, 2 Dec 1996 17:03:28 -0800 (PST) Subject: Programming Errors Message-ID: <9611028495.AA849573786@spysouth.spyrus.com> ______________________________ Forward Header __________________________________ Subject: Programming Errors Author: Alan Arndt at internet Date: 11/19/96 1:50 PM >From New Scientist, 28 August 93, Feedback column: "The National Westminster Bank admitted last month that it keeps personal information about its customers, such as their political affiliation on computer. But now Computer Weekly reveals that a financial institution, sadly unnamed, has gone one better and moved into the realm of personal abuse. The institution decided to mailshot 2000 of its richest customers, inviting them to buy extra services. One of its computer programmers wrote a program to search through its databases and select its customers automatically. He tested the program with an imaginary customer called Rich Bastard. Unfortunately, an error resulted in all 2000 letters being addressed "Dear Rich Bastard". The luckless programmer was subsequently sacked." From sandfort at crl.com Mon Dec 2 17:09:23 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 2 Dec 1996 17:09:23 -0800 (PST) Subject: FRIDAY THE 13TH PICTURES Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Well, better late than never. Photos from my last costume party or now on the Web. Check them out at: http://www.c2.net/~sandy/web.htm (My eyebrows and most of my hair have grown back in the ensuing two and a half months.) Mark 15 February on your calendars. I'll be having another gala masquerade ball on that date. The venue will be Pacifica, CA. A formal invitation will be posted to the list a month or so before the party. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From AwakenToMe at aol.com Mon Dec 2 17:24:27 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Mon, 2 Dec 1996 17:24:27 -0800 (PST) Subject: IP address Message-ID: <961202202352_1319999051@emout11.mail.aol.com> In a message dated 96-12-02 20:11:05 EST, you write: << try ping -l 65510 host.name.edu >> from what ive heard, the sytem going down from a ping command is only when you ping with a wrong size packet From varange at crl.com Mon Dec 2 17:54:28 1996 From: varange at crl.com (Troy Varange) Date: Mon, 2 Dec 1996 17:54:28 -0800 (PST) Subject: Phrack, where can i find it? Message-ID: Tim Scanlon writing [ 762] bytes in <$m2n21503-.9612012338.AA09683 at adsl-122.cais.com> from nexp.crl.com!usenet73.supernews.com!news.good.net!news.good.net!www.nntp.primenet.com!nntp.primenet.com!feed1.news.erols.com!phase2.worldnet.att.net!uunet!in1.uu.net!204.171.44.51!scramble.lm.com!mail2news!toad.com!cypherpunks-errors said: > > where can i find latest (and old) phrack issues? > > > ftp.fc.net /pub/phrack has all the back issues, as well as the > current ones. Mid-1995 is about their latest issue. Their older issues truely sucked with mucho false info. -- Cheers! From tcmay at got.net Mon Dec 2 18:15:45 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 2 Dec 1996 18:15:45 -0800 (PST) Subject: Programming Errors--NOT In-Reply-To: <9611028495.AA849573786@spysouth.spyrus.com> Message-ID: At 4:43 PM -0800 12/2/96, Weissman, Gregg wrote: >______________________________ Forward Header >__________________________________ >Subject: Programming Errors >Author: Alan Arndt at internet >Date: 11/19/96 1:50 PM > >>From New Scientist, 28 August 93, Feedback column: > >"The National Westminster Bank admitted last month that it keeps personal >information about its customers, such as their political affiliation on >computer. But now Computer Weekly reveals that a financial institution, >sadly unnamed, has gone one better and moved into the realm of personal >abuse. The institution decided to mailshot 2000 of its richest customers, ... Cypherpunks understand that protection of one's personal data is best done by protecting it oneself, not by advocating or relying on laws to limit the use of data acquired by others. I mention this because I've noticed many forwardings of messages relating to the abstract notion of "privacy," with the subtext--at least as I perceive things--that there "ought to be a law." I'm not saying either Alan Arndt or Gregg Weissman feel there ought to be laws banning what the bank did, but this is certainly something I have heard misguided suscribers (and subscribers) of this list advocating. In the name of privacy, let's pass some more laws! It's hardly surprising in an era of massive data bases and ready availability of much public information--including political affiliations, if so volunteered by voter-units--that some banks are expanding their data bases in the manner described. Get used to it, or don't reveal as much. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From allyn at allyn.com Mon Dec 2 18:43:38 1996 From: allyn at allyn.com (Mark Allyn 206-860-9454) Date: Mon, 2 Dec 1996 18:43:38 -0800 (PST) Subject: New payment scheme for Web access In-Reply-To: Message-ID: <199612030247.SAA20429@mark.allyn.com> Hello! You say: "........... a very popular site could allow access only to domains (....foo.bar) that have paid instead of blocking those who have not, otherwise 'new' sites could circumvent it easily. On the other hand, a proxy server inside of an allowed domain would circumvent the allowing kind of scheme, at least for a while (until they found out about it). Great opportunities for hacking wars. Another payment scheme in use is to recieve passwords for closed Web pages by voice phoning to an expensive number........." First of all, if they block on domains; then it is only a matter of stealing the domain. The DNS naming system is a joke for this. Say, you want to steal my own domain; allyn.com so you can go into the expensive pay per view web site which will allow allyn.com. All you need to do is to change your DNS reverse lookup records (the records which map your IP address to your name) so that when the web site does a reverse DNS lookup at IP address 100.200.3.4 (or whatever your real IP address is); it will return allyn.com. If you have your own name servers, this should be easy. Further; knowing the lack of security at Internic; you could probably go all the way and steal control of the actual domain. The password method is a joke. A bunch of hackers get together and chip in for the cost of one password. Then they share it. Or, the could resort to the old fashioned social engineering methods that have been long discussed in such forums as 2600 and other places. Of course, this all is for discussion purposes only. You have your own concience to live with. Can you really look at yourself in the mirror and sleep at night knowing that you stole something? I certainly can't. Once I accidentally walked out of the corner store with a candy bar when I was a little boy without paying for it. When I reached the house, I discovered that I had the candy bar in my hand and I **RAN** crying back to the store and put it back on the shelf. Mark From perry at piermont.com Mon Dec 2 19:23:27 1996 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 2 Dec 1996 19:23:27 -0800 (PST) Subject: ANNOUNCEMENT: New low-noise cryptography mailing list Message-ID: <199612030316.WAA04403@jekyll.piermont.com> [Sorry that this is several weeks late, folks.] "Cryptography" is a low-noise mailing list devoted to cryptographic technology and its political impact. WHAT TOPICS ARE APPROPRIATE: "On topic" discussion includes technical aspects of cryptosystems, social repercussions of cryptosystems, and the politics of cryptography such as export controls or laws restricting cryptography. Discussions unrelated to cryptography are considered "off topic". If you subscribe, please try to keep your postings "on topic". In order to assure that the quality of postings to the mailing list remains high, repeated postings "off topic" may result in action being taken by the list moderators. MODERATION POLICY: In order to keep the signal to noise ratio high, the mailing list will be moderated during its initial weeks of operation. This will be changed if it appears that the list will remain on topic without moderation. TO SUBSCRIBE: send mail to majordomo at c2.net with the line subscribe cryptography in the body of your mail. If you wish to subscribe a mailing address other than the one you are sending from, send a message with the line subscribe cryptography [address] From dispatch at cnet.com Mon Dec 2 19:42:25 1996 From: dispatch at cnet.com (The CNET newsletter) Date: Mon, 2 Dec 1996 19:42:25 -0800 (PST) Subject: NEWS.COM Dispatch 12.02.96 Message-ID: <199612030323.TAA04177@central.cnet.com> *************************************** CNET's NEWS.COM DISPATCH 7:03 p.m. (PT) Monday, December 2, 1996 San Francisco, California, USA *************************************** WELCOME! *************************************** The NEWS.COM DISPATCH highlights the up-to-the minute technology news presented by NEWS.COM. It tempts readers with coverage of today's hottest stories, news in the making, (in)credible rumors, and other indispensable information. For complete versions of the stories updated all day long, head over to: http://www.news.com/?nd *************************************** CONTENTS SCOOPS AND TOP STORIES IBM plays doctor Net boom eludes main street Battles with Gates...pricing snafus...huge quarterly loss? No problem for AOL! DEC and Carrera team up to create 500-MHz workstations and servers ANNOUNCEMENTS An easy way for you to customize NEWS.COM Late-breaking stories just a click away with Desk Top News Send us your questions, comments, flotsam, and jetsam *************************************** SCOOPS AND TOP STORIES IBM PLAYS DOCTOR Big Blue is developing an innovative Internet "immune system" that intends to do battle with one of the Internet's nastiest hazards - viruses. http://www.news.com/News/Item/0%2C4%2C5829%2C00.html?nd NET BOOM ELUDES MAIN STREET We've all heard the seductive hum of the buzzwords: e-commerce, online advertising, new economic paradigm, secure commerce. And yet, many of those who actually put their sites where their mouths are seem to find one sound to be conspicuously absent: the happy cha-ching of the digital cash register. http://www.news.com/News/Item/0%2C4%2C5824%2C00.html?nd BATTLES WITH GATES...PRICING SNAFUS...HUGE QUARTERLY LOSS? NO PROBLEM FOR AOL! A mere six weeks after a white-knuckled corporate bungee jump during which its stock plummeted to the 22-3/8 mark--AOL's stock rose more than 13 percent in a single day. A major factor in this comeback is the "big news" (300,000 subscribers' worth) expected to be announced at the firm's semiannual partners' conference tomorrow. http://www.news.com/News/Item/0%2C4%2C5825%2C00.html?nd DEC AND CARRERA TEAM UP TO CREATE 500-MHz WORKSTATIONS AND SERVERS Aiming at Internet, scientific, and multimedia markets with their insatiable appetites for processing power, the DEC/Carrera team can boast about offering one of the fastest processors in the world. That is, until 1997, when the race gets even faster. http://www.news.com/News/Item/0%2C4%2C5818%2C00.html?nd *************************************** ANNOUNCEMENTS AN EASY WAY FOR YOU TO CUSTOMIZE NEWS.COM So many bits, so little time? Sounds like you need Custom News. Identify the topics, keywords, or sections you're most interested in, and Custom News will a create a page of headlines and summaries for all stories that match your criteria. Check it out at: http://www.news.com/Personalization/Entry/1%2C21%2C%2C00.html?nocache=1 LATE-BREAKING STORIES A CLICK AWAY WITH DESK TOP NEWS How would you like having split-second access to the very latest news on the Net? Our Desk Top News feature puts our 20 most recent stories right there on your desktop for you to review at any time. Here's how it works: 1. From any story, click Desk Top News in the top right. 2. A window will open showing our last 20 stories. 3. Click on a headline to display the story. 4. Desk Top News updates itself every 30 minutes. 5. You become known as Ms./Mr. Cyber-Info. It feels good. http://www.news.com/Help/Item/0%2C24%2C12%2C00.html?nd SEND US QUESTIONS, COMMENTS, FLOTSAM, AND JETSAM If you have any questions, suggestions or remarks, send us a message: newsdispatch at cnet.com CNET: The Computer Network http://www.cnet.com/ http://www.news.com/ http://www.gamecenter.com/ http://www.download.com/ http://www.search.com/ http://www.shareware.com/ From deviant at pooh-corner.com Mon Dec 2 19:43:02 1996 From: deviant at pooh-corner.com (The Deviant) Date: Mon, 2 Dec 1996 19:43:02 -0800 (PST) Subject: IP address In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 2 Dec 1996, Bruce M. wrote: > On Mon, 2 Dec 1996 ichudov at algebra.com wrote: > > > > >What is the risk of publishing your dynamic IP address to a web page while you are on line? How vulnerable is someone just connected to the internet, w/o any server running? What attacks are feasable? --Internaut > > > > > > Well, if you are running Win95 (all) or 3.1 (w/certain TCP/IP stacks) your > > > machine can be locked up or rebooted at *any* time using just PING! > > > > > > > Isn't is Unix that is actually vulnerable? > > I have never been able to cause more than a mild performance > degredation by pinging a Windows 95 machine with large packets. When > testing the idea I kept increasing the packet size until the machine no > longer responded, but the machine still had TCP/IP capabilities (in terms > of transmitting data and forming connections). Ping flooding is another > matter though. You probably could cause a larger performance drop. > try sending big udp packets instead of big tcp packets; this kills windows faster. --Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 Traveling through hyperspace isn't like dusting crops, boy. -- Han Solo -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMqOhizCdEh3oIPAVAQGmwQf8DFO8mdlkk2TQBTpmsYtGmjw5UsezqjkA AayPyzks+6gcylQiqmOZkNb7LTAdClP3lVdz4nxBJYNUzYBSvYDlAJtRgFC+CR0u NXTdr+FZVOjaqaQkFjyIipOCx51Ljsxzr6zXbKIOHTZI5FU20n/NZJaVYzluC9xm VRu/DEXE54esI5QZIM77d8x5lltj15i88D5/Cq/ufb3xr0EBNK3FxklTgFIzxwuP Bdedcf8Vb1EfI958RxAeZ/AQWFujlZSZPwQ6CScBfJiGb4CNv5zNcbiNP0vdpnl6 DgehGTXRNtD27pA2Y0gx9/AOQIiGGZ2RAmG94iJXn/iEecHQqunqpg== =Tz+8 -----END PGP SIGNATURE----- From deviant at pooh-corner.com Mon Dec 2 19:53:11 1996 From: deviant at pooh-corner.com (The Deviant) Date: Mon, 2 Dec 1996 19:53:11 -0800 (PST) Subject: DES/IDEA In Linux loopback devices... Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Does anybody know where the archive for this kernel patch is? --Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 "If you eliminate the impossible, whatever remains, however improbable, must be true." -- Spock -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMqOj+zCdEh3oIPAVAQF50gf+OA4aDrXpFSTUcpeHRzJC0xIu+TsOi7NI w0qWAK6V9c7olJLqzvUwPt1JkvsihSr8z12JUtGrRjuYUW+Zq4rueX1iwmPmt0EZ HUTZ1Ky6j0L/Ewn5YDjL6QV++zZuLNCCqVXkMee0ezrwi4GwyMMB1cKfbsnkprzu 2oQyDcEJvFXmkEKFv+u54DDB9viOEyBfVJoEHZtzaFrVFtf/QqY9KEY8JuJC6s67 FK4i5ltS4vzCu2cL4EmmWyJDvhPycdOBksU+yrPci4vB1PFzlQJ9I+Vz8Pr/fY6m BwLDu2Ptd9ZfOG51oSI4MaUxeD/Suxt9hPFVe5aU7xCMQ8f5UUbGtA== =R2Xk -----END PGP SIGNATURE----- From zeen at caribe.net Mon Dec 2 20:08:34 1996 From: zeen at caribe.net (Javier Rivera) Date: Mon, 2 Dec 1996 20:08:34 -0800 (PST) Subject: (no subject) Message-ID: <32A3A7C9.58C6@caribe.net> unsuscribe cypherpunks From dthorn at gte.net Mon Dec 2 21:34:31 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 2 Dec 1996 21:34:31 -0800 (PST) Subject: [NOISE]-- [PHILOSOPHYPUNKS] Re: The House Rules At The Permanent Virtual Cypherpunks Party In-Reply-To: <199612021544.QAA12207@digicash.com> Message-ID: <32A3BBD6.1ECA@gte.net> Bryce wrote: > > Now I've gotcha! If I, Dale Thorn, an ordinary person (not a commercial > > mailer), realize somehow what your snail mail address is (an analogy), > > and I send you a personal letter, are you saying I don't have the "right" > > to do so? Even if I am aware that you redistribute the letter, as, say, > > a newspaper such as the L.A. Times would? > Yes this is a fine analogy. You have the right to send > whatever letters you want; you don't have the right to demand > that any particular thing be _done_ with those letters once > they arrive, in the absence of some contract to the contrary. In the interest of reducing the amount of argument, let's speak more precisely: I think people *do* have the right to demand such a thing, although they do *not* necessarily have the right to force such a thing. Perhaps there is a thin line between "demand" and "protest", but most subscribers should be able to figure it out. > > I'm guessing that what you're saying is something to do with the content > > or size of such a mailing, yes? > Noooo... What I was saying was that even such a simple service > as a mailing list raises some complex issues about agency and > responsibility. Did _you_ send MMF to all those people, or did > Gilmore? What if Gilmore had a MMF filter in place? What if > you evaded it? What if Gilmore only broadcasts signed messages > and you signed the MMF? What if you paid to have it broadcast? I can't argue the responsibility part. As far as the size issue, it was raised (sadly) several days and hundreds of postings *after* Dimitri was excommunicated from the list, by none other than T.C. May. Tsk, tsk. > So what _I'm_ saying is that there are some complex issues > about this kind of cyberspatial event, but that the realspace > substrate is relatively simple-- it's Gilmore's computer and > you have no moral authority to demand that he do or not do any > particular thing with it. I made note to this list time and time again requesting that people not state the obvious - who owns what hardware and what rights they have to pull the plug or whatever. I seriously doubt that even the least intelligent cypherpunk would misunderstand such a thing. Do you really believe that myself and other cypherpunks want to "seize" John's equip- ment, morally or otherwise? You are correct about certain issues being complex, but one of the big failings of the crowd who supported Gilmore on this action was their failure to understand the point I've made here - that we *do* understand basic property rights, etc. > In the following, you appear to take exception to both of these > claims, or at least to the first one-- I'm not sure. > > But whatever the case, I'm not "doing something with" your mailbox if > > I send you a snail mail letter, and I'm not "doing something with" your > > computer if I send you a posting. It's you who know the result of opening > > up your computer to the phone lines, and it's up to you to post *your* > > "rules", and to date, I don't recall any postings from John Gilmore to > > me or the list regarding such rules, just a few little tin-plated > > dictators doing it in his name. > I'm still not sure if you are just prone to colorful rhetoric, > or if I have really upset you with something I've said. If the > latter, I still don't understand what, exactly. How can I say this better? Myself and a number of other people would really have appreciated it if John had defended himself. The fact of all these other would-be experts on cyber-rights and morals preaching to the list on behalf of Gilmore, and Gilmore being silent, argues (not proves, just argues) heavily in favor of Dimitri et al. From dthorn at gte.net Mon Dec 2 22:04:35 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 2 Dec 1996 22:04:35 -0800 (PST) Subject: denial of service and government rights In-Reply-To: Message-ID: <32A3BDED.6C81@gte.net> Black Unicorn wrote: > On Mon, 2 Dec 1996, Dale Thorn wrote: > > > What you're talking about is contempt of congress. This is not "fraud." > > > "I had no idea what I was talking about, but as luck would have it I was > > > right anyhow." Here, have a bozo button. > > I was right, and you just can't stand it, can you? I think the shoe fits > > you, Mr. Clown, so wear it in "good health". > Actually, you were not right. Your claim was that this somehow > constituted a conspiracy. I was merely pointing out that even if your > version of events was correct (which I hardly conceed), you still had no > clue what you were talking about when you began and just happened to > "fall" into the answer when your legs were knocked out from under you. Normally, when someone doesn't know when to give up (you and Sandy S. are two who come to mind), I just drop it. But I thought I'd let you know what I think of your "Argumentum ad Nauseam". Education is *not* a substitute for intelligence and common sense, by the way. From logos at c2.net Mon Dec 2 22:04:53 1996 From: logos at c2.net (LOGOS) Date: Mon, 2 Dec 1996 22:04:53 -0800 (PST) Subject: Logos here Message-ID: Sovereign collegues, I am Logos. I have adopted this pseudonym to conceal my 'true name'. I want the ideas which I shall be espousing to stand or fall on their own merits and not on the basis of biases that my name, sex, ethnicity, etc. might otherwise elicit. I hope my contributions to this list will be seen as positive by most list members. I intend to limit my postings to only two meta-topics: decorum and logic. In other words, the way we speak to each other and the quality of our argumentation. Decorum From time to time, I will 'call' posters on their intemperate use of rude or provocative language. I believe Cypherpunks should be a market place of ideas, not a forum for egos and insults. The two houses of the American congress have adopted rules of decorum. Members may be censored or expelled for personal attacks and verbal abuse of other members. This was mandated for a very practical reason. It was realized that insults, profanity, 'fighting words', etc. could get so out of hand that they could interfer with the legitimate work of the congress. While some might say that in the case of the congress, this would be a good thing, I believe in the case of Cypherpunks, it is a bad thing. I, therefore, call upon each Cypherpunk list members to personally adopt such a code of conduct for themselves. If Democrats can refer to Representative Gingrich as 'my esteemed collegue' and Republicans can talk about the 'honorable' Ted Kennedy, I see no reason that we cannot treat Tim May and Dimitry Vilus with similar respect and courtesy. What is at stake is far more important than egos. Cypherpunks defeated Clipper, but of late they have only defeated themselves. Logic The average reader of this list has sufficient education and intelligent to understand the most informal logical falacies. Yet one sees such falacies committed here with disapointing regularity. I will post definitions of the most common falacies and will use examples found on this list as illustrations. If we are to be persuasive among ourselves and with others, we need to be rigorous in our thought processes. I would be honored to hear your thoughts on this post. Logos out. From tcmay at got.net Mon Dec 2 22:35:43 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 2 Dec 1996 22:35:43 -0800 (PST) Subject: Most "digital cash" does not deserve the name In-Reply-To: <84936010217079@cs26.cs.auckland.ac.nz> Message-ID: At 11:04 AM -0500 11/30/96, William H. Geiger III wrote: [stuff about various non-anonymous "digital cash" systems snipped] > Big Brother comming to a bank near you. > >Does anyone understand the implications of a society moving to an >electroinc cash based system?? Yes, many people understand. See messages over the past several years on this list (before the S/N dropped to recent historic lows). See the many discussions here and elsewhere of _real_ "digital cash." "Digital cash" and "electronic commerce" are such hot concepts now that all sorts of non-anonymous, fully traceable systems are being touted as "digital cash." >All trasactions will be recorded, moitored, tracked & analysed. This is >not just the government that one has to worry about but corporations also. > >Insurance industry: > >- Gee Mr. Jones seems that you buy too much junk food & red meat. Our >actuaries say this makes you a "high risk". > >- Gee Ms. Smith you speend too much money at the bars. Our actuaries say >you are a high risk for DUI & accidents. These are indeed reasons to someday be even more concerned than now about traceable transactions. (Just for the record, what the hypothetical insurance companies and employers are doing by using data they have obtained should not, in a free society, be illegal in any way. All information contributes to decision-making, about loans, credit, insurance, employment, etc. In a free society, it is up to people to not disclose that which they do not wish remembered.) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From sandfort at crl.com Mon Dec 2 22:54:28 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 2 Dec 1996 22:54:28 -0800 (PST) Subject: denial of service and government rights In-Reply-To: <32A3BDED.6C81@gte.net> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Mon, 2 Dec 1996, Dale Thorn wrote: > Normally, when someone doesn't know when to give up (you and > Sandy S. are two who come to mind), I just drop it... Wrong AGAIN. I gave up on Dale a long time ago. That's why *I* dropped it. S a n d y "Never underestimate the power of human stupidity" --Robert Heinlein ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From tcmay at got.net Mon Dec 2 23:49:42 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 2 Dec 1996 23:49:42 -0800 (PST) Subject: Modulating the FM noise spectrum considered infeasible In-Reply-To: <849204012.65013.0@fatmans.demon.co.uk> Message-ID: At 12:30 PM +0100 11/29/96, Pavel Korensky wrote: >paul at fatmans.demon.co.uk wrote: >> >> I`m not entirely sure about the possibility of correlations in any of >> these sources but they aren`t really a good idea because all can be >> accessed by someone else. eg. Steal your random noise audio tape, >> sample dolby decoded sound at the same time as you etc. > >And what if I will use FM receiver, tuned on some channel where is the noise. >If the potentional attacker don't know the what channel was tuned, he is not >able to reproduce this IMHO. Of course, maybe it is possible to record the >whole >spectrum to tapes, but I think that the noise will change when recorded and >played back from tape. Not to mention the point that an external attacker--say, the NSA van parked across the street--will under no circumstances be able to measure "the" spectrum: his antennas cannot possibly measure the signals (at the lower bits) seen by the FM receiver, noise source local to the computer, whatever. (Obviously other SIGINT/TEMPEST methods might be able to read the bits in other ways, but this is a different issue. Ditto for black bag cryptanalysis, which is usually the most cost-effective approach.) Likewise, feeding the FM antennas with "special hiss" is implausible in the extreme. Again, the attackers don't know antenna responses, atmospheric and room geometry variations, etc. Even if the FM hiss were to be somewhat biased, the LSBs would have a fair amount of entropy....collecting and distilling this entropy would still be trivial. Yes, this is all obvious stuff. But it keeps coming up. Not even the NSA has the super powers to modulate the FM noise spectrum in a cost-effective way. Having said this, Johnson noise makes a superior noise source, if a physical source is desired. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From nobody at cypherpunks.ca Mon Dec 2 23:57:16 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Mon, 2 Dec 1996 23:57:16 -0800 (PST) Subject: [IMPORTANT NOTICE] Mercenne primes Message-ID: <199612030742.XAA12459@abraham.cs.berkeley.edu> Tim May studied yoga back-streching exercises for five years so he could blow himself (nobody else will). ' ' ' ' ^-O-O-^ -ooO--U--Ooo- Tim May From ichudov at algebra.com Tue Dec 3 00:16:54 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Tue, 3 Dec 1996 00:16:54 -0800 (PST) Subject: Logos here In-Reply-To: Message-ID: <199612030753.BAA02432@manifold.algebra.com> [Cc'ed to Bill Palmer himself. Bill, use 'Group Reply' button if you want your replies to be seen by all participants.] Dear LOGOS, I suggest contacting Bill Palmer, wilhelp at ix.netcom.com. You will find that Bill's and your opinions on many issues are very close. Best regards to both of you, - Igor. LOGOS wrote: > > Sovereign collegues, > > I am Logos. I have adopted this pseudonym to conceal my > 'true name'. I want the ideas which I shall be espousing > to stand or fall on their own merits and not on the basis > of biases that my name, sex, ethnicity, etc. might otherwise > elicit. I hope my contributions to this list will be seen as > positive by most list members. > I intend to limit my postings to only two meta-topics: > decorum and logic. In other words, the way we speak to each > other and the quality of our argumentation. > > Decorum > > From time to time, I will 'call' posters on their > intemperate use of rude or provocative language. I believe > Cypherpunks should be a market place of ideas, not a forum > for egos and insults. > The two houses of the American congress have adopted > rules of decorum. Members may be censored or expelled for > personal attacks and verbal abuse of other members. This > was mandated for a very practical reason. It was realized > that insults, profanity, 'fighting words', etc. could get so > out of hand that they could interfer with the legitimate > work of the congress. While some might say that in the case > of the congress, this would be a good thing, I believe in > the case of Cypherpunks, it is a bad thing. > I, therefore, call upon each Cypherpunk list members to > personally adopt such a code of conduct for themselves. If > Democrats can refer to Representative Gingrich as 'my > esteemed collegue' and Republicans can talk about the > 'honorable' Ted Kennedy, I see no reason that we cannot > treat Tim May and Dimitry Vilus with similar respect and > courtesy. What is at stake is far more important than egos. > Cypherpunks defeated Clipper, but of late they have only > defeated themselves. > > Logic > > The average reader of this list has sufficient > education and intelligent to understand the most informal > logical falacies. Yet one sees such falacies committed here > with disapointing regularity. I will post definitions of the > most common falacies and will use examples found on this > list as illustrations. If we are to be persuasive among > ourselves and with others, we need to be rigorous in our > thought processes. > > I would be honored to hear your thoughts on this post. > > Logos out. > - Igor. From dthorn at gte.net Tue Dec 3 01:02:09 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 3 Dec 1996 01:02:09 -0800 (PST) Subject: Logos here In-Reply-To: Message-ID: <32A3EC7E.2EF8@gte.net> LOGOS wrote: > Sovereign collegues, > I am Logos. I have adopted this pseudonym to conceal my > 'true name'. I want the ideas which I shall be espousing > to stand or fall on their own merits and not on the basis > of biases that my name, sex, ethnicity, etc. might otherwise > elicit. I hope my contributions to this list will be seen as > positive by most list members. > I intend to limit my postings to only two meta-topics: > decorum and logic. In other words, the way we speak to each > other and the quality of our argumentation. [decorum snipped for space] > Logic > The average reader of this list has sufficient > education and intelligent to understand the most informal > logical falacies. Yet one sees such falacies committed here > with disapointing regularity. I will post definitions of the > most common falacies and will use examples found on this > list as illustrations. If we are to be persuasive among > ourselves and with others, we need to be rigorous in our > thought processes. Sounds like a heck of a good idea, if: 1. You can ID the bad logic with a high percent of success (90+ ?). 2. You can comment/reply for all members fairly, but if limited by the large number of postings (and fallacies ?), give priority to ??? As far as Congress expelling members, are you saying that the Senate and/or H.O.R. can permanently eliminate a person elected by the people? Has this ever been tested? From tcmay at got.net Tue Dec 3 01:21:44 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Dec 1996 01:21:44 -0800 (PST) Subject: Culling the proles with crypto anarchy In-Reply-To: <1.5.4.32.19961127210637.006e33c4@popd.ix.netcom.com> Message-ID: At 4:06 PM -0500 11/27/96, Clay Olbon II wrote: >At 12:46 PM 11/27/96 -0800, Dave Kinchlea wrote: >>I am not in a position to argue with you, I simply don't have the facts. >>My question is, do You? can you cite where this figure came from, it >>sounds like Republican rhetoric to me. Of course, I will point out, that >>minimum wage is simply not enough to feed a family. It is (or at least >>it should be) reserved for single folks just starting out. > >Can't give you the exact date, but it was an article in our local paper (The >Detroit News). The $10 figure is not exact, as the actual number varies >from state to state, I remember that number as being about average. I can confirm the gist of Clay's point: I saw a table listing "effective hourly welfare pay" for the 50 states and D.C. This was in the "San Jose Mercury News," at least 8-10 months ago (and presumably elsewhere, as it was a major story). I used it in one of my articles, and gave the reference then (sorry, not handy, and my own welfare rate does not pay me enough to spend hours sifting through past articles for something so minor, an old cite, that is). The interesting thing was that New York had an effective welfare pay rate of $14 an hour, and New York City was more than that (due to higher benefits and higher taxes dragging down the income of actual workers). By "effective" the idea is to add up direct welfare benefits, food stamps, WIC payments, AFDC payments, and then correct for the various tax treatments (e.g., some or all of these benefits are untaxed). A worker would have to be earning $14 an hour, or about $30 K a year, to get the same amount of effective take home pay that a welfare recipient with two children receives. Given that the worker has to get up at, say, 6 a.m., get on a bus or train or in a car to get to work, put up with hassles, and, basically, _work_, the welfare alternative looks pretty good. Which is of course the problem so-called democratic societies are having--increasing numbers of layabouts, slackers, and leeches. The "list relevance" of this is this: crypto provides means of hiding income, or arbitraging income sources and regulations, and of basically undermining the welfare state. Many of my tradtionally libertarian friends dispute my beliefs, but I believe income disparities will grow with time, not decrease. The top tier of fiction writers, for example, can easily earn several million dollars or more a year, while the second tier sees their stuff remaindered and the third tier never makes it into print. Ditto for programmers and others. With the "force multiplication" seen in modern economies, there are vast riches to be had for the best few percent in any field, and much less for the drones. Those with no skills to hire out face the prospect of zero income, with not even there physical labor in demand. I basically see no hope for the bottom 30% of the population, and less and less hope for the bottom 70%. Fortunately, my ethical system is such that I see this as just the nature of things, evolution in action. Crypto anarchy will do a more efficient job of culling than many imagine. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Tue Dec 3 01:29:28 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Dec 1996 01:29:28 -0800 (PST) Subject: Logos here In-Reply-To: Message-ID: At 1:53 AM -0600 12/3/96, Igor Chudov @ home wrote: >[Cc'ed to Bill Palmer himself. Bill, use 'Group Reply' button if you >want your replies to be seen by all participants.] > >Dear LOGOS, > >I suggest contacting Bill Palmer, wilhelp at ix.netcom.com. You will find >that Bill's and your opinions on many issues are very close. > >Best regards to both of you, > > - Igor. > >LOGOS wrote: >> >> Sovereign collegues, ... And quoting the entire article by "Logos" without even saying what it is this mysterious Bill Palmer believes in yet another reason the list is filling up with junk. If the message was to "LOGOS," his c2 address would get it to him. If the message was to the rest of us, why so cryptic about Bill Palmer? In any case, the Logos articles needed to be trimmed out. I'm not picking on Igor...I just wish people would learn to summarize and excerpt, and not just forward on entire quoted articles. "Your text editor is your friend." Someone once pointed out to me that quoting _at most_ a half screenful of stuff is best: quoting a screenful or more before comments begin is almost a guarantee that many people will hit the "delete" key. I try to follow this rule of thumb, and limit my quotes accordingly. Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jcate at 501.yc.yu.edu Tue Dec 3 06:11:01 1996 From: jcate at 501.yc.yu.edu (Jack) Date: Tue, 3 Dec 1996 06:11:01 -0800 (PST) Subject: Phrack, where can i find it? In-Reply-To: Message-ID: On Mon, 2 Dec 1996, Troy Varange wrote: > Tim Scanlon writing [ 762] bytes in <$m2n21503-.9612012338.AA09683 at adsl-122.cais.com> from nexp.crl.com!usenet73.supernews.com!news.good.net!news.good.net!www.nntp.primenet.com!nntp.primenet.com!feed1.news.erols.com!phase2.worldnet.att.net!uunet!in1.uu.net!204.171.44.51!scramble.lm.com!mail2news!toad.com!cypherpunks-errors said: > > > > where can i find latest (and old) phrack issues? > > > > > ftp.fc.net /pub/phrack has all the back issues, as well as the > > current ones. > > Mid-1995 is about their latest issue. Their older issues > truely sucked with mucho false info. > Phrack 49 has been out for a while. It's from November of this year. -Jack From jbugden at smtplink.alis.ca Tue Dec 3 06:36:34 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Tue, 3 Dec 1996 06:36:34 -0800 (PST) Subject: Speedbumps Message-ID: <9611038496.AA849634495@smtplink.alis.ca> Zona Research Inc. Sun Wins China Internet Backbone Deal Sun Microsystems announced it has been chosen by China Internet Corporation (CIC) to provide equipment and technology for CIC's Internet/Intranet network for China -- the China Wide Web (CWW). Pursuant to a nonbinding memorandum of understanding, CIC intends to purchase $15 million of Sun servers and network security and management products, as well as Java computing technology. Expected to service 50 major Chinese cities, the CWW will enable companies within and outside of China to search, exchange, and promote business information and services. The significance of this deal goes beyond its face value in dollars. * We believe the CWW will assume the characteristics of a national Intranet*, becoming an important vehicle for Chinese communications and commerce. As a key supplier of technology to CIC, Sun gains a high profile status within China, which we believe gives Sun significant leverage on future Chinese Internet/Intranet deals. Overall, this deal provides Sun with a major inroad to the Chinese Internet market. From Tunny at inference.com Tue Dec 3 06:54:04 1996 From: Tunny at inference.com (James A. Tunnicliffe) Date: Tue, 3 Dec 1996 06:54:04 -0800 (PST) Subject: Modulating the FM noise spectrum considered infeasible Message-ID: > [...]Having said this, Johnson noise makes a superior noise source, > if a physical source is desired. > > --Tim May Yours makes NOISE? Impressive... In this case, I guess entropy is preferable to atrophy, though. :-) Tunny ====================================================================== James A. Tunnicliffe | WWWeb: http://www.inference.com/~tunny Inference Corporation | PGP Fingerprint: CA 23 E2 F3 AC 2D 0C 77 tunny at Inference.com | 36 07 D9 33 3D 32 53 9C ====================================================================== From dthorn at gte.net Tue Dec 3 06:58:27 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 3 Dec 1996 06:58:27 -0800 (PST) Subject: denial of service and government rights In-Reply-To: Message-ID: <32A43FF7.2089@gte.net> Sandy Sandfort wrote: > On Mon, 2 Dec 1996, Dale Thorn wrote: > > Normally, when someone doesn't know when to give up (you and > > Sandy S. are two who come to mind), I just drop it... > Wrong AGAIN. I gave up on Dale a long time ago. That's why *I* > dropped it. I think the above reply proves my point. Thank you Sandy. From dlv at bwalk.dm.com Tue Dec 3 07:06:43 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 3 Dec 1996 07:06:43 -0800 (PST) Subject: Hurray! A good example of rational thinking ... In-Reply-To: Message-ID: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) writes: > Rich Graves writes: > > But in general, cypherpunks seems to have improved remarkably over the > > last couple weeks. I'd guess that the V-flames had the unintended > > consequence of driving off the other ranters and ravers, because they > > tend to lack the technical and thinking skills necessary for building > > killfiles. > > Timmy May (fart) appears to have shut up, and that's a Good Thing. > > Good riddance to Timmy. And the moment I said that, Timmy woke up and posted a pile of non-crypto-related drivel again. Timmy is soooo predictable and easy to manipulate, it's hardly even funny anymore. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Dec 3 07:07:25 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 3 Dec 1996 07:07:25 -0800 (PST) Subject: Logos here In-Reply-To: Message-ID: "Timothy C. May" writes: > At 1:53 AM -0600 12/3/96, Igor Chudov @ home wrote: > >[Cc'ed to Bill Palmer himself. Bill, use 'Group Reply' button if you > >want your replies to be seen by all participants.] > > > >Dear LOGOS, > > > >I suggest contacting Bill Palmer, wilhelp at ix.netcom.com. You will find > >that Bill's and your opinions on many issues are very close. I think Bill is head and shoulders above Logos. > >Best regards to both of you, > > > > - Igor. > > > >LOGOS wrote: > >> > >> Sovereign collegues, > ... > > And quoting the entire article by "Logos" without even saying what it is > this mysterious Bill Palmer believes in yet another reason the list is > filling up with junk. If the message was to "LOGOS," his c2 address would > get it to him. If the message was to the rest of us, why so cryptic about > Bill Palmer? In any case, the Logos articles needed to be trimmed out. Igor sure has better manners than Timmy, so whose cow should moo... Anyways Bill Palmer is a really cool guy. Bill, if you care to comment on issues of cryptoanarchy and content-based plug-pulling and are not afraid to join a high-volume mailing list, please send this command to majordomo at toad.com: subscribe cypherpunks Note that you can send contributions to cypherpunks at toad.com even if you're not subscribed. You can also cross-post anything you post to alt.flame to mail.cypherpunks. Have fun - I'm looking forward to your contributions. Thanks in advance, --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Dec 3 07:07:28 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 3 Dec 1996 07:07:28 -0800 (PST) Subject: Culling the proles with crypto anarchy In-Reply-To: Message-ID: "Timothy C. May" writes: > The interesting thing was that New York had an effective welfare pay rate > of $14 an hour, and New York City was more than that (due to higher > benefits and higher taxes dragging down the income of actual workers). By > "effective" the idea is to add up direct welfare benefits, food stamps, WIC > payments, AFDC payments, and then correct for the various tax treatments > (e.g., some or all of these benefits are untaxed). A worker would have to > be earning $14 an hour, or about $30 K a year, to get the same amount of > effective take home pay that a welfare recipient with two children receives. I wonder if the study took medical insurance into account? I used to pay $8K/ year for a pretty skimpy family medical insurance plan. (They cost so much in NYC because of AIDS.) People on welfare get Medicaid. > Given that the worker has to get up at, say, 6 a.m., get on a bus or train > or in a car to get to work, put up with hassles, and, basically, _work_, > the welfare alternative looks pretty good. Which is of course the problem > so-called democratic societies are having--increasing numbers of layabouts, > slackers, and leeches. Can you blame people like Igor Chudov? I happen to think that I can obtain more wordly goods by working hard; but if someone prefers to subsist on my taxes, more power to them. If you don't like the present system, don't blame the people who take advantage of it, change it. Of course Tim May is incapable of doing anything to help bring about his beloved "crypto anarchy" except whining. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From mycroft at actrix.gen.nz Tue Dec 3 07:11:14 1996 From: mycroft at actrix.gen.nz (Paul Foley) Date: Tue, 3 Dec 1996 07:11:14 -0800 (PST) Subject: [NOISE]-- [PHILOSOPHYPUNKS] Re: The House Rules At The Permanent Virtual Cypherpunks Party In-Reply-To: <32A3BBD6.1ECA@gte.net> Message-ID: <199612031405.DAA02486@mycroft.actrix.gen.nz> On Mon, 02 Dec 1996 21:34:14 -0800, Dale Thorn wrote: Bryce wrote: > whatever letters you want; you don't have the right to demand > that any particular thing be _done_ with those letters once > they arrive, in the absence of some contract to the contrary. In the interest of reducing the amount of argument, let's speak more precisely: I think people *do* have the right to demand such a thing, Do you indeed? OK, I hereby demand that you set up a mailing list on your computer for discussion of "censorship" on cypherpunks. Why do I have the right to demand this? although they do *not* necessarily have the right to force such a thing. do not *necessarily*?? Obviously they have no right to use force, since they have no right to make such a demand in the first place. But *if* they had such a right, why on earth would you say they have no right to use force? (You may not agree that they should be able to use physical force themselves, but at least they should have a law or something to apply pressure, right? What kind of right is it if it has nothing at all backing it up?) intelligent cypherpunk would misunderstand such a thing. Do you really believe that myself and other cypherpunks want to "seize" John's equip- ment, morally or otherwise? You are correct about certain issues being Yes. You said so yourself, in this very same post. complex, but one of the big failings of the crowd who supported Gilmore on this action was their failure to understand the point I've made here - that we *do* understand basic property rights, etc. This must be some newspeak interpretation of "understand" of which I was not previously aware... How can I say this better? Myself and a number of other people would really have appreciated it if John had defended himself. The fact of He had no need to defend himself. Any attempt to "defend" himself from people who claim they have a right to demand the use of his computer (if not *necessarily* to back up said demand with force) would probably have been wasted effort anyway. [Yes, I know you think posting to cypherpunks is not "use" of John's computer. Substitute whatever word fits what you think it *is*, if you must.] all these other would-be experts on cyber-rights and morals preaching to the list on behalf of Gilmore, and Gilmore being silent, argues (not proves, just argues) heavily in favor of Dimitri et al. So Tim May's silence in response to Vulis's nonsense, while some others came out in his favour "argues (not proves, just argues) heavily in favor of Dimitri" too? Yeah, sure! Wanna buy a bridge? -- Paul Foley --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- This Fortue Examined By INSPECTOR NO. 2-14 From dthorn at gte.net Tue Dec 3 07:34:16 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 3 Dec 1996 07:34:16 -0800 (PST) Subject: [NOISE]-- [PHILOSOPHYPUNKS] Re: The House Rules At The Permanent Virtual Cypherpunks Party In-Reply-To: <199612031405.DAA02486@mycroft.actrix.gen.nz> Message-ID: <32A44861.3619@gte.net> Paul Foley wrote: > On Mon, 02 Dec 1996 21:34:14 -0800, Dale Thorn wrote: > Bryce wrote: > > whatever letters you want; you don't have the right to demand > > that any particular thing be _done_ with those letters once > > they arrive, in the absence of some contract to the contrary. > In the interest of reducing the amount of argument, let's speak more > precisely: I think people *do* have the right to demand such a thing, > Do you indeed? OK, I hereby demand that you set up a mailing list on > your computer for discussion of "censorship" on cypherpunks. I hear your demand, which you have a right to make, and I reject it, which is my right. You proved my point, that you could make the demand, and I further proved it, by saying no. Is that clear enough? [other similar drivel snipped] From rah at shipwright.com Tue Dec 3 07:38:17 1996 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 3 Dec 1996 07:38:17 -0800 (PST) Subject: Modulating the FM noise spectrum considered infeasible In-Reply-To: Message-ID: At 9:52 am -0500 12/3/96, James A. Tunnicliffe wrote: > At 2:55 am -0500 12/3/96, Timothy C. May wrote: >> [...]Having said this, Johnson noise makes a superior noise source, ^^^^^^^ >> if a physical source is desired. >Yours makes NOISE? Impressive... > >In this case, I guess entropy is preferable to atrophy, though. :-) Indeed. I've found that my Johnson only makes noise with the proper, er, peripheral, though... Cheers, Bob Hettinga (whose .sig seems quite appropriate to cypherpunks today...) ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/ From eva at dsnt.com Tue Dec 3 07:51:37 1996 From: eva at dsnt.com (eva bozoki) Date: Tue, 3 Dec 1996 07:51:37 -0800 (PST) Subject: The Good dr. Dobbs Message-ID: <32A44A86.35AE4690@dsnt.com> John Fricker It would appear that Ms. Bozoki would not purchase the product sheis creating! > In order to establish trust in an encryption product more is required than > simply agreeing that the company is competent. Competence does not imply > trustworthiness. Trust can be established through review and examination of > the innards, algo's and source code. A quick read of www.dsnt.com does not > reveal any additional information on the crypto used (other than it being > 512 byte public key algo using Diffie-Hellman key exchange) I would like to point out that our white paper with technical details can be found on our Web-site: www.dsnt.com/whitepaper.htm -- Dr. Eva Bozoki Chief Scientist DSN Technology, Inc. (516)467-0400 From ichudov at algebra.com Tue Dec 3 08:17:42 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Tue, 3 Dec 1996 08:17:42 -0800 (PST) Subject: PRIVACY: X-No-Archive and mail.cypherpunks Message-ID: <199612031615.KAA03400@manifold.algebra.com> Hi, This is primarily addressed to the person who supports cypherpunks mail-to-news gateway. If you know who such person is, please send his/her address to me. Dear gateway maintainer, Please modify your reposting program so that it does not remove the X-No-Archive: yes header line from email messages. This particular header line is an indication to USENET search engines that the author of the message would not like it to be stored in these engines. It preserves the author's privacy and enforces the copyright protection. I am opposed to seeing my articles showing up in DejaNews and other search engines. All my emails and usenet postings have this header line. However, when cypherpunks-to-newsgroup gateway reposts all articles, it strips this header line. I believe it to be a mistake and hope that it will be corrected. Thank you. - Igor. From bryce at digicash.com Tue Dec 3 08:27:49 1996 From: bryce at digicash.com (Bryce) Date: Tue, 3 Dec 1996 08:27:49 -0800 (PST) Subject: [NOISE]-- [PHILOSOPHYPUNKS] Re: The House Rules At The Permanent Virtual Cypherpunks Party In-Reply-To: <32A3BBD6.1ECA@gte.net> Message-ID: <199612031627.RAA21581@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- > I made note to this list time and time again requesting that people not > state the obvious - who owns what hardware and what rights they have to > pull the plug or whatever. I seriously doubt that even the least > intelligent cypherpunk would misunderstand such a thing. Do you really > believe that myself and other cypherpunks want to "seize" John's equip- > ment, morally or otherwise? You are correct about certain issues being > complex, but one of the big failings of the crowd who supported Gilmore > on this action was their failure to understand the point I've made here - > that we *do* understand basic property rights, etc. Ah. Then we are in agreement here. My "Rule" in the House Rules etc. simply stated the obvious fact, for the benefit of those who need it stated, of Gilmore's sole authority over the physical substrate. I vaguely recall some subscribers implying or stating otherwise during the vanish Vulis fracas. It would not at all surprise me if some people disagreed with this simple premise-- they habitually do so with regard to "public" establishments like bars and restaurants, and it isn't much of a stretch to start thinking of cypherpunks as a similarly "public" institution. Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMqRVAUjbHy8sKZitAQFRMgL/UTIlPbTu2Z8sIIKLX4wkLWS23WCrVmDr R7PVfovgZgIYoJYPAwtRxrqqQxOJtaS2SAMIItbDtGA1jG75q5GlxeS/wg303NbE f9gX1Ok0vjbfGiyC/lyf58DJfJ6FUDal =kkrb -----END PGP SIGNATURE----- From mjmiski at execpc.com Tue Dec 3 08:51:48 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Tue, 3 Dec 1996 08:51:48 -0800 (PST) Subject: Most "digital cash" does not deserve the name Message-ID: <3.0.32.19961203105035.0069b06c@execpc.com> (snip) >(Just for the record, what the hypothetical insurance companies and >employers are doing by using data they have obtained should not, in a free >society, be illegal in any way. All information contributes to >decision-making, about loans, credit, insurance, employment, etc. In a free >society, it is up to people to not disclose that which they do not wish >remembered.) While the libertarians on the list have affected my way of looking at regulation I, and others, do not subscribe (suscribe ;)) to Tim's absolute theory. Unless, of course, by free society Tim is refering to one where corporations hold themselves to a level of "personal" responsibility, which in many realms is part of any definition of "free". Take, for example, the practice of redlining. How are people who live in "bad" neighborhoods supposed to not reveal that information. Has anyone tried to get a loan or a reasonable insurance rate without disclosing your address? Like I said, if insurance companies exercised some "responsibility" as opposed to inaccurate assesments based on residence, then this problem would not exist. In the real world one can not avoid all collection of data to be used in Bad(TM) ways. Media attention doesn't work. Bad Business practices dont matter to most. But those in need here should not have the luxury of appealing to their elected officials? Matthew J. Miszewski > >--Tim May > > >Just say "No" to "Big Brother Inside" >We got computers, we're tapping phone lines, I know that that ain't allowed. >---------:---------:---------:---------:---------:---------:---------:---- >Timothy C. May | Crypto Anarchy: encryption, digital money, >tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero >W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, >Higher Power: 2^1398269 | black markets, collapse of governments. >"National borders aren't even speed bumps on the information superhighway." > > > > > From alzheimer at juno.com Tue Dec 3 09:08:12 1996 From: alzheimer at juno.com (Ronald Raygun Remailer) Date: Tue, 3 Dec 1996 09:08:12 -0800 (PST) Subject: Copyright violations Message-ID: <19961203.110728.12095.0.alzheimer@juno.com> Washington Post: Monday, December 2, 1996 Folks Who Welcome Charge Cards By Daniel Grant In days past, one measure of someone's wealth was the thickness of his or her wallet. Nowadays, many consumers carry hardly any cash at all, relying instead on the cards issued to them by major credit card companies. Most self-employed people and those who work out of their homes recognize that an increasing number of the people who buy from them are more likely to pay with a credit card than with cash or a check. A benefit of being paid by credit card is that, first, by not carrying large amounts of cash or checks one is less vulnerable to robbery and, second, financial institutions credit one's bank account faster for a payment by credit card than for a check. As a result, more and more self-employed individuals are seeking authorization from banks and other financial institutions to accept payment by credit card. Banks that issue Diners, MasterCard and Visa cards, however, have become increasingly wary of extending such authorization to individual entrepreneurs. "Citibank is no longer accepting applications for credit card processing for home-based operations," company representatives in the bank's Merchant Services section are instructed to say. Other banks say the same, citing a recurring problem of mismanagement and fraud on the part of these entrepreneurs. Problems include refusing to resolve complaints from customers, going out of business, running into debt and declaring bankruptcy, relocating elsewhere without revealing their new addresses. Clyde Heasly, an adviser to entrepreneurs at the Small Business Administration in the District of Columbia, says, "I just tell people to call the credit card department of bank after bank after bank until someone eventually will take care of you." Some people will do just that. Others apply directly to American Express (800-445-2639, ask for Establishment Services) or Discover (800-347-6673), which grant permission to accept payment by these cards directly, without the intercession of a bank. An ongoing problem for banks is the merchant's lack of a "storefront," a business address where the seller can be found most weeks during business hours. "I was told by a number of banks, 'If you don't have a storefront, you can't be a credit card accepter,' " says Ed Duggan of Boca Raton, Fla., who with his wife, Helen, makes teddy bears out of recycled fur coats, which they sell at arts and crafts shows. "When I finally found a bank that would let me process credit card receipts, it charged me 5 percent on all sales plus deposit charges plus verification charges, and there may have been some other charges." Other sellers who are often on the road say they have had the same experience: "I had been banking with this East Dallas bank for 12 years, establishing a good history, but when I asked to process credit card orders, nothing about me was good enough because I didn't have a storefront," says Sharon Johnston, a jewelry maker in Dallas, who largely sells her work at shows or through mail-order. "Finally, I made up a 3-by-5-foot storefront in a friend's gallery in order to have a store address that wasn't my home address." Both the Duggans and Johnston eventually moved their credit card processing accounts to Electronic Card Acceptance Corp. in Alexandria, which set up merchant accounts for them at banks, lowering their fees to 1.75 percent of sales. There are a number of bank brokerage firms to which sellers of all kinds, including those who work out of their homes, may apply for permission to accept credit card payment. The largest include Seattle-based Card Services International (206-608-1364), First Data Resources in Omaha (402-222-2000), and First USA Payment Tech in Dallas (214-849-3776), as well as Financial Alliance (800-928-2273 or 502-339-0595) and National Processing Co. (502-364-2000), both in Louisville. Such companies arrange approval for merchants through banks that are willing to take on the risk, accepting some or all of the major credit cards. There also are several hundred other companies around the country, known as independent sales organizations, or ISOs, that look to sign up merchants for these brokers as well as for certain banks. Most ISOs belong to the Electronic Transactions Association (3101 Broadway, Suite 585, Kansas City, Mo. 64111; 800-695-5509). "We probably work with about 20 new customers a month," says John Carro, president of Tri-State Merchant Services in Hauppauge, N.Y. "A lot of them sell by mail-order or telephone, and it is often a type of second or additional income. We get almost all of them through referrals from banks who don't want to handle them because of the perceived risk factor." That risk, Carro says, is the potentially weak financial situation of the merchant who may be able to sell items but not have money (or other collateral) in the bank in the event of "charge-backs" -- a dissatisfied customer wanting his or her money back. The bank, or whoever processes the charges, ultimately is responsible for those debts. Whether applying to a bank or bank brokerage company, American Express or Discover, all applicants are asked for basically the same information: name, address, Social Security number and telephone number (also, home address and telephone number if the applicant's place of business is elsewhere); the applicant's bank; how long in business; what products are being sold; the average price for products sold; how the product is marketed; annual or monthly sales volume of sales; the state sales tax number or federal tax identification number; business references (suppliers, patrons, shops or galleries). Additionally, the applicant may be asked to submit federal tax statements for the preceding two years and/or bank statements for the preceding three months. Applicants are asked how they plan to process credit payments. There are two main methods of processing credit card receipts: manually, using an imprinter and later that day processing the charges into an IBM-compatible computer and transmitting them via modem to the bank or bank brokerage company; and electronically, through a point-of-sale terminal, of the kind one often sees used in restaurants and department stores. The benefit of the point-of-sale terminal is that approval of the credit card takes less than a minute, reducing the risk factor for fraud. Such terminals, however, generally cost far more than the software required for the modem method, and they also require separate telephone lines, which may not be available at many arts and crafts shows. The credit companies check business and credit references (through the same sources as a mortgage broker), the applicant's financial history and other relevant information. For instance, Card Services International will hire a local appraiser to examine where the applicant works, taking photographs of the person's house, sales booth and studio in an attempt to determine the viability of his business. The approval process normally takes one to three weeks. As anxious as people may be for a credit company to approve them, they should shop around for the best rates, which vary widely. American Express, for example, has no application or setup fees, and it charges merchants an average of 3.5 percent (if the sale is processed electronically) and 4.5 percent (if the sale is processed manually) for each sale. (Working with American Express is complicated in that one does not submit charges to the company and, instead, must use a third-party processor, which involves an extra charge.) Financial Alliance, for its part, takes 2 to 3 percent of the sales price (depending upon the volume, lowering the rate for higher sales), but it charges a $ 125 application fee, a $ 7.50 monthly statement fee, transaction fees of 20 to 30 cents per sale and adds a $ 695 charge for the purchase of the imprinter, computer terminal and modem (for transmitting charges back to the company) and credit card decals. Other companies' rates range from 2 to 5 percent (depending upon the average price of the pieces sold, with higher rates for less-expensive items), and there may be application and monthly maintenance fees. Some companies sell point-of-sale terminals to customers for less than others, but their percentage rate may be higher. Thus there are several factors to weigh in selecting one company over another. Different companies also have their own prejudices. American Express does not allow its cards to be used when selling as a wholesaler to retail outlets, for instance, and Financial Alliance is unwilling to authorize credit card activity for all but the smallest amount of mail-order sales. "Mail-order is a high-risk business," says Dave Lutrell, sales manager at Financial Alliance. "You don't know who's calling in. They can have fraudulent cards. It's better when you can see the customer." Boston Globe: Sunday, November 24, 1996 Rocking the Cradles of Capitalism By Maria Shao Harvard Business School and the Sloan School of Management at the Massachusetts Institute of Technology, rivals in the samll world of elite business schools, are separated by much more than the Charles River. Harvard, renowned for turning out the future chief executives of America, has long ben a citadel of general management education. Sloan, with a reputation for producing financial wizards and high-tech managers, has grown up under the umbrella of one of America's premier technology universities. Now, in an era when business schools are jockeying more than ever to attract top students, Harvard and Sloan are, in some ways, tring to become more like each other. "I'm the poster child for poets," declares Sarah Fulkerson. Indeed, the 28-year-old majored in the philosophy of religion at Williams College, holds a graduate degree in art history, and, for four years, owned and managed the Boston Banshees, a men's professional bicycle racing team. So what's she doing at the Sloan School of Management? Students such as Fulkerson are proof that the business school at the Massachusetts Institute of Technology has moved beyond its image as a training ground for "quant jocks" and computer nerds. No one could be happier about that than Glen L. Urban, dean of the 44-year-old business school. A marketing specialist and sometime sculptor, Urban has followed celebrity economist Lester C. Thurow -- his predecessor -- in broadening the school's reputation beyond a technological niche. "We want them to be general managers and technologically smart. It's not either or," says Urban, 56, whose bold suits, shoulder-length hair and silver bracelet defy the pinstriped stereotype of a business dean. Since becoming dean in 1993, Urban has revamped the curriculum, launched global projects, started forays into "distance learning" and overseen a 40 percent increase in Sloan's MBA enrollment. The efforts seem to have paid off: Sloan has moved up in magazine rankings, to No. 9 on Business Week's 1996 roster, compared with 13th in 1992. In U.S. News & World Report rankings, the school slipped to No. 2 in 1996, down from first place in 1995, but up substantially from No. 6 in 1993. While all the elite business schools are enjoying an applications boom, Sloan has experienced the biggest windfall: Applications soared 80 percent between 1994 and 1996. This past year, 83 percent of those accepted chose to enroll, up from 66 percent three years earlier. Still, at least locally, Sloan is often overshadowed by its richer, bigger and more well-known rival across the river. Harvard Business School is viewed as the preeminent breeding ground for corporate chief executives, has a far bigger base of loyal alumni and boasts a $ 545 million endowment, compared with Sloan's $ 153 million. While HBS's stately neo-Georgian campus boasts manicured lawns, tennis courts and 27 well-appointed buildings, Sloan faculty and students are squeezed into four industrial-style buildings featuring metal file cabinets, linoleum floors and flourescent lighting. And unlike HBS, which operates autonomously from the rest of Harvard, Sloan maintains close links with MIT, particularly its School of Engineering. The MIT shadow has been both a blessing and a curse. "We don't want to run away from our strength. I want to be perceived as having the technological skills, but I don't want the shadow of being seen as nerds," says Urban. The school still has far to go before burying the numbers-crunching image. A hefty 45 percent of its MBA students majored in engineering as undergraduates while 12 percent majored in math and sciences. A survey found that some corporate recruiters still view Sloan as a "technical business school" rather than a "management school." "It takes a long time to change market perception," says Ilse Evans, career placement office director and a former software marketing executive Urban hired to promote Sloan among recruiters. "I see an enormous future for an MBA with a technology-oriented curriculum. General management and a grounding in technology are going to meet." Even Fulkerson, the poet-turned-Sloan-student, says she chose to attend the school because "it had such quantitative weight . . . I have a very liberal arts background. I wanted to balance myself out." Under Urban, the school has done much to balance itself out. In 1994, it began granting a master's in business administration instead of its traditional master's of science in management. With the MBA, Sloan dropped its longstanding thesis requirement. Today, the vast majority of students choose the MBA. The curriculum has been revamped to emphasize "soft" people skills as compared to "hard" quantitative and analytical skills. Students are now required to take a communications course. And, in an effort to teach teamwork, they're divided into groups of eight for first-term classes. The more flexible curriculum -- fully implemented last year -- features required core courses in the first term, followed by a choice among seven different "tracks," such as financial management, entrepreneurship and manufacturing. Urban himself seems to be the antithesis of the MIT financial jock. An expert on linking market research and product development, he is also a sculptor whose creations adorn his office: stone and metal abstract pieces, a welded steel eagle and a glass-topped coffee table with metal bolts as legs. A "Dean's Gallery" outside his office displays art by MIT faculty, staff and students. "Creativity is in an important element for my job, and important to train our students in," says Urban. Now, as the business world goes global, Urban (along with many other leading business deans) is pushing his school's brand of management education beyond American shores. Already, Sloan's student body is the most international of the top business schools, with 37 percent of its MBA candidates coming from outside the United States. Seizing on the cachet the MIT name has long enjoyed in Asia, Urban launched alliances in June with two of China's leading universities, Fudan University in Shanghai and Tsinghua University in Beijing. Sloan also has collaborations planned or under way in Singapore, Taiwan, Thailand, India, Mexico and Chile. And while Harvard may be an Information Age neophyte, Sloan is well under way in using technology to transform teaching and learning. A $ 3.5 million trading room features Wall Street-style technology for teaching financial engineering. An evangelist for what is called "distance learning," Urban foresees a day when business education can be delivered to students - particularly executives taking mid-career or refresher courses - around the globe without leaving their job sites. In December 1995, Sloan installed two distance learning facilities. A system design and management program will teach engineering managers by videoconference hookup; the students will come from AT&T, IBM, Raytheon and other sponsors. The school recently offered a Web-based course on negotiation for alumni, many of whom logged on from home. Call it glasnost with a mouse. In the 14 months since taking the reins at Harvard Business School, Kim B. Clark has moved quickly to put his stamp on the West Point of capitalism. He has brought the tradition-bound, 88-year-old institution into the computer age and created a more open culture, all while carrying out the school's biggest curriculum redesign since the 1960s. "This place was hungry for change," declares Clark, 47, from his sparse, cavernous office in 125 Morgan Hall. While the Harvard Business School is still indisputably the world's most famous training ground for business leaders, other schools have challenged its standing in recent years. When Clark became the school's eighth dean in October 1995, many looked to him to launch innovations that would help Harvard maintain its leadership. Nowadays, "the place is on the move," the dean insists. Still, Clark, who spent 18 years on the business school faculty before becoming dean, has had to tred gingerly among a faculty of world-class egos and management experts. Says a rival business dean: "He has a freighter to move. He may be running the risk of changing too much." But so far, Clark has received plaudits from faculty and students for his most visible project: an $ 11 million technology initiative. Under his predecessor, John H. McArthur, the school had fallen behind its rivals in joining the Information Age. McArthur had frozen technology spending, according to Clark, because the school had sprouted too many disparate computer networks. Even senior faculty had to pay for their own office computers. "Up until a year or two ago, you could go there with a quill pen and papyrus," says Dwight Gertz, a graduate of the school who heads Symmetrix, a Lexington management consulting firm that recruits at Harvard. "We were behind. It wasn't a perception. It was a reality," says Clark. Clark himself is something of a computer guru, thanks to a background in technology and product development. He moved quickly to install a computer lab in the basement of Shad Hall, with 108 PCs capable of delivering desktop video. Another lab with 50 computers will open Monday. All told, 1,400 desktop machines have been replaced. The school previously had seven networking standards, six e-mail systems that weren't linked and 77 models of computers on faculty desks. That has now been simplified into a system of PowerMac and Pentium machines running on a single schoolwide intranet connecting students, faculty and, soon, alumni. Students now receive e-mail addresses with lifelong forwarding that will link them even after graduation. "We went from 1989 to 1996 in about four months," says Earl Sasser, a professor of service management. In September, the school unveiled a software "platform" that gives students customized access to everything from their daily schedules and course work to student biographies and class seating charts. Faculty members are required to put assignments, slide presentations and other course materials on line. "It's great. You can have everything at your fingertips," says Christine Dinh-Tan, a second-year MBA student. "I feel much closer to my students. We have a little electronic community rather than the class being a physical community," says professor David Upton. But Clark has grander visions than just using technology for convenience and connections. He is encouraging the use of desktop video, a technology that he says could "reinvent" Harvard's vaunted case method of teaching. (Business case involves studying a specific situation, with students discussing and coming up with their own solutions.) Upton, a professor of operations management, developed the school's first fully computerized case study. His Pacific Dunlop China case brings to life the dilemmas faced by the Australian manager of a Chinese sock factory -- through video interviews, spreadsheets, multimedia "tours" of the plant and living quarters, and simulations of the workings of the factory. "It makes the situation much richer. We don't have to tell them about the situation in a case; we can show them," says Upton. More than a half dozen such electronic cases have been written. That's still a paltry proportion of the 600 cases the school writes yearly, but Clark's goal is 50 to 100 electronic cases over the next few years. David Garvin, who teaches general management, recently ran an "electronic bulletin board" discussion for his students with 60 alumni, who ms with "smart" lecturns that can deliver full-motion video to every student desktop. Some skeptics suggest that Clark's ballyhooed high-tech plunge may be more style than substance. "It's a visible shallow sign of change. I suspect it won't have a big impact in the foreseeable future," snaps one professor. Still, Clark's championing of an electronic community at the school goes hand in hand with the more open culture he has fostered. While McArthur rarely used e-mail, Clark makes a point of returning student e-mail. "The students have been very respectful of my time. I have not been inundated," he says. He has held numerous question-and-answer sessions with students. Twice a year, he holds a campus party for staff and students, the most recent one a "Family Day" with pony rides and golf demonstrations. "They're trying to be more customer-focused, trying to please the students," says student Dinh-Tan. "There's more openness and dialogue," says professor Garvin. While McArthur ran the school with a tight circle of senior faculty and administrators, Clark has given more budgeting and staffing autonomy to each of 12 academic "areas." A group of 25 area heads, senior associate deans and directors of research -- called the "Unit Planning Group" - meets monthly with him. Clark is also shifting the school to a less rigid curriculum and schedule, changes that were first planned in the early 1990s under McArthur. The school now offers a short-track MBA that takes 16 months instead of two academic years. And it now admits students in January as well as September. Previously, the school offered one monolithic MBA program, with 800 students entering each September. Professors say the new structure puts students into smaller groups, allowing for more varied course work, quicker changes and a more personal experience. From nobody at zifi.genetics.utah.edu Tue Dec 3 09:37:18 1996 From: nobody at zifi.genetics.utah.edu (Anonymous) Date: Tue, 3 Dec 1996 09:37:18 -0800 (PST) Subject: Counterproductive Dorothy Denning Flames Message-ID: <199612031737.KAA02719@zifi.genetics.utah.edu> At 10:10 AM 11/27/1996, Mike Duvos wrote: >William H. Geiger III writes: > > > Dorthy Denning is a boot-licking fasicist!!! > > > William Reinsch is a lying bastard. Fucking politions!! > > Fucking goverment!! They all deserve a long rope!! > >It is perhaps a point in Dr. Denning's favor that her most >vitriolic detractors can spell neither "Dorothy" nor "fascist". > >I must admit that I am at a loss to understand the heat which >Dorothy Denning generates on the Cypherpunks list, which seems to >be second only to the heat generated by posting recipes for roast >feline in rec.pets.cats. I find it interesting that you see Willam H. Geiger as a spokesman for the cypherpunks list. Remember, the list is open to anyone who can operate majordomo except one. The level of vitriol expressed by random e-mail users in the whole world can hardly be said to be a "point" in anyone's favor. >All of the people I know who have met her find her to be a >pleasant person, and the occasional Email messages we have >exchanged have certainly been positive and friendly. Irrelevant, of course. Some of the most terrible people in the world have been pleasant. D. Denning may or may not be the most terrible person in the world, but her pleasantness is unrelated. >While she tends to view the Four Horsemen of the Infocolypse as a bit >more threatening than the typical Cypherpunk, I don't think her views >are so extreme as to justify the continuous screams of "crypto >toady", "government suckup", and "wicked witch" which seem to pop up >in response to her every utterance. Personally, what I have found irritating about Denning is the fact that she is widely considered to be a credible spokesperson. Statements along the lines of "I can't tell you the scenarios we are worried about because they are classified" are a little hard to take seriously in a democracy. Imagine if you or I tried to claim that we had to deploy strong crypto but that for "reasons of cypherpunk security" the scenarios with which we were concerned could not be revealed. We would be laughed out of the forum and properly so. Denning is considered credible solely because her statements are consistent with the interests and views of those in authority. >I would even go so far as to say that this list would be a lot >more entertaining if she were contributing to it, and sci.crypt >is certainly a less interesting place now than it was in bygone >days when she was posting there. Denning has little to add to the cypherpunks list. The core belief of the cypherpunks is that their mail is their business. People who do not believe this are not cypherpunks and should not subscribe to the list nor should they post to it. Sir Galahad From tcmay at got.net Tue Dec 3 10:19:07 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Dec 1996 10:19:07 -0800 (PST) Subject: PRIVACY: X-No-Archive and mail.cypherpunks In-Reply-To: <199612031615.KAA03400@manifold.algebra.com> Message-ID: At 10:15 AM -0600 12/3/96, Igor Chudov @ home wrote: >This is primarily addressed to the person who supports cypherpunks >mail-to-news gateway. If you know who such person is, please send >his/her address to me. .... >I am opposed to seeing my articles showing up in DejaNews and other >search engines. All my emails and usenet postings have this header >line. However, when cypherpunks-to-newsgroup gateway reposts all >articles, it strips this header line. I believe it to be a mistake >and hope that it will be corrected. Igor raises an important point. I believe he is misguided in his expectation that his public utterances in a forum containing at least 1200 readers (and probably more, through gateways, etc.) that he can limit uses of his posts. Any recipient of his public utterances may choose to quote them in other articles, forward them to friends, archive them on his own disks, etc. (The interesting issue of whether making a file accessible to a search engine spider, and hence making the material much more widely accessible, is unresolved in the courts at this time. I was involved in a forum for U.S. Copyright Office issues--a virtual electronic forum of law professors and such--and I brought this issue up several times...with little interest, I should add.) "Archive policy arbitrage" is much like "cancellation policy arbitrage": any site which honors "no archive" policies is likely to be in competition with sites or search spiders which ignore "no archive" requests. If the U.S. courts rule--someday--that a "no archive" tag is enforceable (how?), then this'll just shift the sites and spiders to other jurisdictions. In a free society it is impossible to control what people do with material given to them. The best means of protecting one's writings is not to distribute them. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From haystack at cow.net Tue Dec 3 10:59:19 1996 From: haystack at cow.net (Bovine Remailer) Date: Tue, 3 Dec 1996 10:59:19 -0800 (PST) Subject: No Subject Message-ID: <9612031845.AA10920@cow.net> At 10:50 AM 12/3/1996, Matthew J. Miszewski wrote: >(snip) >>(Just for the record, what the hypothetical insurance companies and >>employers are doing by using data they have obtained should not, in a free >>society, be illegal in any way. All information contributes to >>decision-making, about loans, credit, insurance, employment, etc. In a free >>society, it is up to people to not disclose that which they do not wish >>remembered.) > >While the libertarians on the list have affected my way of looking at >regulation I, and others, do not subscribe (suscribe ;)) to Tim's absolute >theory. Unless, of course, by free society Tim is refering to one where >corporations hold themselves to a level of "personal" responsibility, which >in many realms is part of any definition of "free". > >Take, for example, the practice of redlining. How are people who live in >"bad" neighborhoods supposed to not reveal that information. You may lend your own money to whomever you wish. If you do not wish to lend money to somebody, that is your business. It is difficult to understand why redlining should be illegal, to the extent that it even occurs. When it does occur, we expect that eager entrepreneurs such as yourself will rush in to grab new customers. As for the privacy issue, you seem to be proposing that you have some sort of right to borrow money on terms which are not acceptable to the lender. You need not give your address just as you need not borrow the money. Of course, we hardly live in a free banking era. Most people would prefer to bank with a company that respects their privacy. Yet, banks are so tightly controlled in the United States that they most often will not dare to protect the privacy of their customers for fear of regulatory consequences. When the service is provided, it cannot be advertised. And, the banks are required to report all transactions over $10,000 or give up all information if the attorney general tells them it involves national security. You are in the unpleasant position of appealing for protection from the very people who have robbed you of your privacy. Red Rackham From haystack at cow.net Tue Dec 3 11:14:07 1996 From: haystack at cow.net (Bovine Remailer) Date: Tue, 3 Dec 1996 11:14:07 -0800 (PST) Subject: No Subject Message-ID: <9612031900.AA11026@cow.net> Timothy C[ocksucker] May, a product of anal birth, appeared with a coathanger through his head. /o)\ Timothy C[ocksucker] May \(o/ From nobody at cypherpunks.ca Tue Dec 3 11:14:12 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Tue, 3 Dec 1996 11:14:12 -0800 (PST) Subject: PRIVACY: X-No-Archive and mail.cypherpunks Message-ID: <199612031904.LAA23702@abraham.cs.berkeley.edu> At 10:24 AM 12/3/1996, Timothy C. May wrote: >At 10:15 AM -0600 12/3/96, Igor Chudov @ home wrote: > >>This is primarily addressed to the person who supports cypherpunks >>mail-to-news gateway. If you know who such person is, please send >>his/her address to me. >.... >>I am opposed to seeing my articles showing up in DejaNews and other >>search engines. All my emails and usenet postings have this header >>line. However, when cypherpunks-to-newsgroup gateway reposts all >>articles, it strips this header line. I believe it to be a mistake >>and hope that it will be corrected. > >Igor raises an important point. > >I believe he is misguided in his expectation that his public utterances in >a forum containing at least 1200 readers (and probably more, through >gateways, etc.) that he can limit uses of his posts. Any recipient of his >public utterances may choose to quote them in other articles, forward them >to friends, archive them on his own disks, etc. > > ... > >In a free society it is impossible to control what people do with material >given to them. The best means of protecting one's writings is not to >distribute them. It is unlikely that anybody is going to pay money for our postings, even Igor's postings. Copyright is not the issue. Perhaps, Igor is worried about the unpredictable consequences of his posts being readable by anybody, anywhere, forever. The solution to that problem is straightforward and I leave it as an exercise. Red Rackham From jubois at netcom.com Tue Dec 3 11:47:36 1996 From: jubois at netcom.com (Jeff Ubois) Date: Tue, 3 Dec 1996 11:47:36 -0800 (PST) Subject: Culling the proles with crypto anarchy Message-ID: <2.2.32.19961203024102.008bd390@netcom.com> The numbers quoted in the press were based on a study by the Cato Institute, "The Work Welfare Trade-Off: An Analysis of the Total Level of Welfare Benefits by the State" by Michael Tanner, Stephen Moore, and David Hartman, September, 1995. It's at . Extracts: * To match the value of welfare benefits, a mother with two children would have to earn as much as $36,400 in Hawaii or as little as $11,500 in Mississippi. * In New York, Massachusetts, Connecticut, the District of Columbia, Hawaii, Alaska, and Rhode Island, welfare pays more than a $12.00-an-hour job--or more than two and a half times the minimum wage. * In 40 states welfare pays more than an $8.00-an-hour job. In 17 states the welfare package is more generous than a $10.00-an-hour job. * Welfare benefits are especially generous in large cities. Welfare provides the equivalent of an hourly pretax wage of $14.75 in New York City, $12.45 in Philadelphia, $11.35 in Baltimore, and $10.90 in Detroit. * In 9 states welfare pays more than the average first-year salary for a teacher. In 29 states it pays more than the average starting salary for a secretary. In 47 states welfare pays more than a janitor earns. Indeed, in the 6 most generous states, benefits exceed the entry-level salary for a computer programmer. At 01:27 AM 12/3/96 -0800, Timothy C. May wrote: >At 4:06 PM -0500 11/27/96, Clay Olbon II wrote: >>At 12:46 PM 11/27/96 -0800, Dave Kinchlea wrote: > >>>I am not in a position to argue with you, I simply don't have the facts. >>>My question is, do You? can you cite where this figure came from, it >>>sounds like Republican rhetoric to me. Of course, I will point out, that >>>minimum wage is simply not enough to feed a family. It is (or at least >>>it should be) reserved for single folks just starting out. >> >>Can't give you the exact date, but it was an article in our local paper (The >>Detroit News). The $10 figure is not exact, as the actual number varies >>from state to state, I remember that number as being about average. > >I can confirm the gist of Clay's point: I saw a table listing "effective >hourly welfare pay" for the 50 states and D.C. This was in the "San Jose >Mercury News," at least 8-10 months ago (and presumably elsewhere, as it >was a major story). I used it in one of my articles, and gave the reference >then (sorry, not handy, and my own welfare rate does not pay me enough to >spend hours sifting through past articles for something so minor, an old >cite, that is). > From varange at crl.com Tue Dec 3 12:09:37 1996 From: varange at crl.com (Troy Varange) Date: Tue, 3 Dec 1996 12:09:37 -0800 (PST) Subject: IP address Message-ID: Well, the "danger" of posting a static IP must be even greater than with a temporary IP. Just call the police if you uncover a bonafide case of a denial of service attack. From what I gather, they take this shit seriously, and have better capacities of getting lazy admins to reveal the relevent data in their logs. -- Cheers! From tcmay at got.net Tue Dec 3 12:18:25 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Dec 1996 12:18:25 -0800 (PST) Subject: PRIVACY: X-No-Archive and mail.cypherpunks In-Reply-To: <199612031904.LAA23702@abraham.cs.berkeley.edu> Message-ID: At 11:04 AM -0800 12/3/96, John Anonymous MacDonald wrote: >It is unlikely that anybody is going to pay money for our postings, >even Igor's postings. Copyright is not the issue. Copyright is not identical with commercial use. A copyrighted work, even if not sold commercially, remains protected. (Though of course the most commercial works are the works most aggressively litigated on copyright grounds.) In any case, my example was not arguing that someone was planning to pay for our posts. Even if I had made this point, I'd've been _right_, as some of the filtering services charge _money_, e.g., Eric Blossom's service, so people are clearly paying for the posts, or the filtering, or both. A familiar situation with edited items. (And the issue becomes much more tangible when stuff from commercial newspapers gets forwarded to the Cypherpunks list, and then archived. Even if Igor Chudov is not primarily concerned with commercialization of his posts, clearly "The New York Times" and "The Wall Street Journal" are. Recall the reports--confirmed?--that Todd Masco had to drop his archiving of the list when legal warnings arrived from these sorts of news services, complaining about their items being archived and made available via search engines.) >Perhaps, Igor is worried about the unpredictable consequences of his >posts being readable by anybody, anywhere, forever. The solution to >that problem is straightforward and I leave it as an exercise. Indeed, if Igor does not want his posts added to his dossier entry in the BlackNet Dossier Service (coming to an offshore site soon), he has various ways to ensure this. At least until better tools exist to link nyms to true names, a service BlackNet expects to offer (using the latest Bayesian inference techniques) within the next 18 months. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From blancw at microsoft.com Tue Dec 3 12:19:36 1996 From: blancw at microsoft.com (Blanc Weber) Date: Tue, 3 Dec 1996 12:19:36 -0800 (PST) Subject: Counterproductive Dorothy Denning Flames Message-ID: From: "Sir Galahad" >All of the people I know who have met her find her to be a >pleasant person, and the occasional Email messages we have >exchanged have certainly been positive and friendly. Irrelevant, of course. Some of the most terrible people in the world have been pleasant. D. Denning may or may not be the most terrible person in the world, but her pleasantness is unrelated. ............................................................ Statements like these, with which cpunks retort to each other all the time, are examples of the ever-continuing exercise of logic which goes on on the list - even if not formally delineated nor announced as being of such intent (LOGOS). I am glad for the points which "Sir Galahad" brought up, because they point out the difference between essential vs non-essential elements in arguments like this one. Objections present the opportunity to more definitely identify what *is* the critical element which makes up the substance of an issue (such as what is really is offensive and objectionable about Denning, aside from her personality characteristics). Denning is considered credible solely because her statements are consistent with the interests and views of those in authority. Yet even if one's statements are not consistent with the established authorities, they could be credible and noteworthy to a wide audience, were the statements in consonance with reality, expressing truths observable to any (once they were isolated and identified) and understable to those who hear or read them. The 'authorities' (appointed, not necessarily actually "authorities" in terms of knowledge) may find Denning's statements agreeable because these support their own views and government positions, but what is crucial in this support is the consequence of her arguments about GAK: if her statements convince the right people into complicity, into giving up the authority over their right to self-determined privacy, then the 'authorities' will be satisified that they will not have to deal with any protesting opposition which would prevent them from implementing their plans - they can proceed with their 'authority' intact, as though it had been validated. But if she (among others, of course) cannot convince the right influential bodies that passive acceptance of the 'authorized' point of view is correct and noble, then this means that the authorities cannot not proceed as they would like, and this would reduce the power of their position in society. If there was not an issue of power involved, it wouldn't matter so much what Denning has to say or whether it is credible or not. But if what she has to say adds support to the positions of those already in 'authority' - that is, if people accept her arguments for GAK in place of their own apprehensions against it, then control in the central corridors of government will have been preserved and it will be 'business as usual'. So is Denning offensive because she is unpleasant per se, or do negative opinions of her exist because of who/what she is supporting? i.e., because she is on "their" side, rather than "ours", because she employes her reasoning to their benefit, rather than to ours whose singular authority in this matter is under contention? .. Blanc > > From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 12:51:05 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 12:51:05 -0800 (PST) Subject: testing Message-ID: <194088121E9@scholars.bellevue.edu> PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From dlchris at minot.ndak.net Tue Dec 3 12:53:34 1996 From: dlchris at minot.ndak.net (Wolf) Date: Tue, 3 Dec 1996 12:53:34 -0800 (PST) Subject: Cool site In-Reply-To: Message-ID: <32A4A194.1F1@minot.ndak.net> Go here http://members.tripod.com/~wolf16 From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:05:43 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:05:43 -0800 (PST) Subject: testing Message-ID: <194471E623C@scholars.bellevue.edu> PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:07:02 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:07:02 -0800 (PST) Subject: testing new Home Web site Message-ID: <19447242C13@scholars.bellevue.edu> try this site and tell me how you like it if you dont like it then message Mr.Angry on that page PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:07:49 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:07:49 -0800 (PST) Subject: testing Message-ID: <194505C019D@scholars.bellevue.edu> PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:08:03 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:08:03 -0800 (PST) Subject: testing new Home Web site Message-ID: <19450661BF7@scholars.bellevue.edu> try this site and tell me how you like it if you dont like it then message Mr.Angry on that page PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:09:21 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:09:21 -0800 (PST) Subject: testing new Home Web site Message-ID: <194505E06E2@scholars.bellevue.edu> try this site and tell me how you like it if you dont like it then message Mr.Angry on that page PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:09:39 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:09:39 -0800 (PST) Subject: testing new Home Web site Message-ID: <19457A07DE1@scholars.bellevue.edu> try this site and tell me how you like it if you dont like it then message Mr.Angry on that page PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:10:38 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:10:38 -0800 (PST) Subject: testing new Home Web site Message-ID: <19457A42C4C@scholars.bellevue.edu> try this site and tell me how you like it if you dont like it then message Mr.Angry on that page PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:11:17 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:11:17 -0800 (PST) Subject: testing new Home Web site Message-ID: <1945DA23E8D@scholars.bellevue.edu> try this site and tell me how you like it if you dont like it then message Mr.Angry on that page PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:11:25 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:11:25 -0800 (PST) Subject: test new web site Message-ID: <1945DA3597E@scholars.bellevue.edu> look at my page and tell me how you like it if you dont like it please tell Mr.Angry , just click on the un happy face on that page for a quicker reply PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:11:38 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:11:38 -0800 (PST) Subject: test new web site Message-ID: <1945EAD746D@scholars.bellevue.edu> look at my page and tell me how you like it if you dont like it please tell Mr.Angry , just click on the un happy face on that page for a quicker reply PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:11:49 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:11:49 -0800 (PST) Subject: testing Message-ID: <194604F4239@scholars.bellevue.edu> PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:11:59 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:11:59 -0800 (PST) Subject: testing new Home Web site Message-ID: <1946140381A@scholars.bellevue.edu> try this site and tell me how you like it if you dont like it then message Mr.Angry on that page PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:12:14 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:12:14 -0800 (PST) Subject: testing new Home Web site Message-ID: <1945EA972F4@scholars.bellevue.edu> try this site and tell me how you like it if you dont like it then message Mr.Angry on that page PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:12:30 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:12:30 -0800 (PST) Subject: testing Message-ID: <1945EA87276@scholars.bellevue.edu> PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:12:30 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:12:30 -0800 (PST) Subject: testing Message-ID: <194613F379C@scholars.bellevue.edu> PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:12:33 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:12:33 -0800 (PST) Subject: testing new Home Web site Message-ID: <194605042B7@scholars.bellevue.edu> try this site and tell me how you like it if you dont like it then message Mr.Angry on that page PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:12:34 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:12:34 -0800 (PST) Subject: test new web site Message-ID: <19460561CED@scholars.bellevue.edu> look at my page and tell me how you like it if you dont like it please tell Mr.Angry , just click on the un happy face on that page for a quicker reply PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:12:46 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:12:46 -0800 (PST) Subject: testing Message-ID: <19461895C72@scholars.bellevue.edu> PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:13:07 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:13:07 -0800 (PST) Subject: testing new Home Web site Message-ID: <19463AD699A@scholars.bellevue.edu> try this site and tell me how you like it if you dont like it then message Mr.Angry on that page PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:13:13 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:13:13 -0800 (PST) Subject: testing new Home Web site Message-ID: <19461DB0F5C@scholars.bellevue.edu> try this site and tell me how you like it if you dont like it then message Mr.Angry on that page PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:13:15 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:13:15 -0800 (PST) Subject: test new web site Message-ID: <19463AF28C7@scholars.bellevue.edu> look at my page and tell me how you like it if you dont like it please tell Mr.Angry , just click on the un happy face on that page for a quicker reply PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:13:28 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:13:28 -0800 (PST) Subject: testing Message-ID: <19463AC689F@scholars.bellevue.edu> PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:13:32 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:13:32 -0800 (PST) Subject: testing new Home Web site Message-ID: <19463AE2DCB@scholars.bellevue.edu> try this site and tell me how you like it if you dont like it then message Mr.Angry on that page PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:13:34 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:13:34 -0800 (PST) Subject: testing new Home Web site Message-ID: <1945DA17149@scholars.bellevue.edu> try this site and tell me how you like it if you dont like it then message Mr.Angry on that page PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:13:38 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:13:38 -0800 (PST) Subject: testing Message-ID: <194579F7D64@scholars.bellevue.edu> PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:13:41 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:13:41 -0800 (PST) Subject: test new web site Message-ID: <19461473B8A@scholars.bellevue.edu> look at my page and tell me how you like it if you dont like it please tell Mr.Angry , just click on the un happy face on that page for a quicker reply PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:13:47 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:13:47 -0800 (PST) Subject: test new web site Message-ID: <19461DC04B9@scholars.bellevue.edu> look at my page and tell me how you like it if you dont like it please tell Mr.Angry , just click on the un happy face on that page for a quicker reply PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:13:54 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:13:54 -0800 (PST) Subject: testing Message-ID: <1945DA0704E@scholars.bellevue.edu> PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:13:57 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:13:57 -0800 (PST) Subject: testing new Home Web site Message-ID: <194605110EA@scholars.bellevue.edu> try this site and tell me how you like it if you dont like it then message Mr.Angry on that page PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:14:14 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:14:14 -0800 (PST) Subject: testing new Home Web site Message-ID: <1945EAC763D@scholars.bellevue.edu> try this site and tell me how you like it if you dont like it then message Mr.Angry on that page PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:14:49 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:14:49 -0800 (PST) Subject: test new web site Message-ID: <19457A40056@scholars.bellevue.edu> look at my page and tell me how you like it if you dont like it please tell Mr.Angry , just click on the un happy face on that page for a quicker reply PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:15:30 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:15:30 -0800 (PST) Subject: testing new Home Web site Message-ID: <19461463B0C@scholars.bellevue.edu> try this site and tell me how you like it if you dont like it then message Mr.Angry on that page PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From scholars.bellevue.edu at ns.ccsn.edu Tue Dec 3 13:15:41 1996 From: scholars.bellevue.edu at ns.ccsn.edu (Phiberelic Phreaker) Date: Tue, 3 Dec 1996 13:15:41 -0800 (PST) Subject: testing new Home Web site Message-ID: <19461D17FCF@scholars.bellevue.edu> try this site and tell me how you like it if you dont like it then message Mr.Angry on that page PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html PhIbErDeLiC PhReAkEr From dlv at bwalk.dm.com Tue Dec 3 13:31:28 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 3 Dec 1996 13:31:28 -0800 (PST) Subject: ANNOUNCEMENT: New low-noise cryptography mailing list In-Reply-To: <199612030316.WAA04403@jekyll.piermont.com> Message-ID: Meta-question: if someone posts strong crypto source code to the moderated mailing list, can the moderator(s) be prosecuted under ITAR? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Dec 3 13:34:20 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 3 Dec 1996 13:34:20 -0800 (PST) Subject: Logos here In-Reply-To: Message-ID: LOGOS writes: > Sovereign collegues, You already sound like a jerk. > I am Logos. I have adopted this pseudonym to conceal my > 'true name'. I want the ideas which I shall be espousing > to stand or fall on their own merits and not on the basis > of biases that my name, sex, ethnicity, etc. might otherwise sexual preferences... > elicit. I hope my contributions to this list will be seen as > positive by most list members. Well, I'm not a list member. > treat Tim May and Dimitry Vilus with similar respect and > courtesy. What is at stake is far more important than egos. > Cypherpunks defeated Clipper, but of late they have only > defeated themselves. That's right. You lack the decorum to spell either my first name or my last name correctly. "Cypher punks" are a gang of uncouth juveniles What logic? "Cypher punks" such as Paul Bradley are incapable of discussing a technical topic (such as Don Wood's IPG proposal) without putting "(spit)" after Don's name and calling his algorithm "bullshit". That's from the same person who first ranted about "brute force attacks on one-time pads", then attributed to me various shit I never said. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From sfnf9uy at scfn.thpl.lib.fl.us Tue Dec 3 13:34:30 1996 From: sfnf9uy at scfn.thpl.lib.fl.us (Napalm) Date: Tue, 3 Dec 1996 13:34:30 -0800 (PST) Subject: AOL In-Reply-To: Message-ID: Whats the deal here? did those idiots really knock off that $3.00 /hour thing? That would rule. L8R -Napalm SFNF9UY at SCFN.THPL.LIB.FL.US From zeen at caribe.net Tue Dec 3 13:46:24 1996 From: zeen at caribe.net (Angel Luis Ortiz Ruiz) Date: Tue, 3 Dec 1996 13:46:24 -0800 (PST) Subject: (no subject) In-Reply-To: Message-ID: <32A49FBD.7342@caribe.net> Sandy Sandfort wrote: > > On Tue, 3 Dec 1996, Javier Rivera wrote: > > > unsuscribe cypherpunks > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > SANDY SANDFORT > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > > Friend, > > It is impolite and counter-productive to spam a list asking > or demanding how to get unsubscribed. In the future, if you > do not know how to get off a list, ask ONE person on the > list for help. > > To get off Cypherpunks: > > 1) Address an e-mail message to: majordomo at toad.com > > 2) In the message body write: unsubscribe cypherpunks > > You will be removed soon thereafter. > > S a n d y > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Friend: Thank's for your asnswer but I already do that. The server say that I'm not in the list but I still reacive the messages. Thankx From zeen at caribe.net Tue Dec 3 13:59:39 1996 From: zeen at caribe.net (Javier Rivera) Date: Tue, 3 Dec 1996 13:59:39 -0800 (PST) Subject: (no subject) Message-ID: <32A4A305.6769@caribe.net> Sandy Sandfort wrote: > > On Tue, 3 Dec 1996, Javier Rivera wrote: > > > unsuscribe cypherpunks > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > SANDY SANDFORT > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > > Friend, > > It is impolite and counter-productive to spam a list asking > or demanding how to get unsubscribed. In the future, if you > do not know how to get off a list, ask ONE person on the > list for help. > > To get off Cypherpunks: > > 1) Address an e-mail message to: majordomo at toad.com > > 2) In the message body write: unsubscribe cypherpunks > > You will be removed soon thereafter. > > S a n d y > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Friend: Thank's for your asnswer but I already do that. The server say that I'm not in the list but I still reacive the messages. Thankx again! From nobody at sierra.com Tue Dec 3 14:36:16 1996 From: nobody at sierra.com (Sierra On-Line) Date: Tue, 3 Dec 1996 14:36:16 -0800 (PST) Subject: The latest from Sierra On-Line Message-ID: Thanks from all of us at Sierra for registering your product. Be sure to check our Web site for all kinds of extras and goodies to help you enjoy your product all the more. We also wanted to tell you about a special offer for our online customers--just in time for the holidays. Buy two Sierra products and get one free. Yep, gratis, complimentary, no charge. That "free." So go to our web site to find out about our newest releases and take advantage of this limited-time offer. Thanks and enjoy the holidays. Sincerely, Ken Williams From jya at pipeline.com Tue Dec 3 14:45:15 1996 From: jya at pipeline.com (John Young) Date: Tue, 3 Dec 1996 14:45:15 -0800 (PST) Subject: TIA Counsel Writes Message-ID: <1.5.4.32.19961203224026.00686724@pop.pipeline.com> Fax header: Dec 03 '96 03:57PM D'Ancona &Pflaum D'Ancona & Pflaum, Suite 2900, 30 North LaSalle Street, Chicago, Illinois. Telephone (312) 580-2000. Fax (312) 580- 0923 By Certified Mail Return Receipt Requested and by Fax (212) 799-4003 Mr. John Young 251 West 89th Street Suite 6E New York, New York 10024 Dear Mr. Young: I am writing to you as general counsel of Telecommunications Industry Association ("TIA") which, as you may know, is engaged in the formulation and publication of standards in the communications field. At the request of our client, on November 26, 1996, I accessed your WEB site and both viewed and printed out a list of links to documents dealing with encryption. Among them were documents described as a CAVE Report, CAVE Table and a CAVE Algorithm dated November 20 and November 21, 1996. In this fashion I was also able to view and print out the algorithm document of TIA's Committee TR45.3, with a clear statement that the information in the document may be subject to the export juristiction of the U. S. Department of State under the applicable regulations. The posting on the WEB site of these documents is, in our opinion, a violation of the copyright of TIA and unlawful. Furthermore, the posting of the algorithm may constitute a violation of applicable export regulations. It seems in any event that it will be a violation under regulations to be drafted pursuant to the President's Executive Order of November 15, 1996 which was also accessed by me on your WEB site. I returned to the site last Friday and yesterday, December 2 and noticed that these documents are no longer there. I commend you removing them, but ask for your assurances that they will not be posted again. In addition, it is important that we know how you received this documentation which is strictly restricted in its circulation. I would appreciate hearing from you at your very earliest convenience. Sincerely, Paul H. Vishny To: Susan Hoyler [TIA] by fax (703) 907-7727 To: Eric Schimmel, c/o Wyndham Bristol Hotel - Dallas, by fax (214) 761-7520 ---------- Mr. Vishny and I spoke about his fax. I said that the CAVE- related documents would not be reposted on my Web site, and that TR45.3 had come by anonymous mail, as have others we've published. Mr. Vishny said TIA intended to take no action on this matter but its members must abide NDA. Don't know what the Feds will do with Susan Hoyler's notification about TR45.3. Along with several telcomm biggies some Ft. Meade servers siphoned TR45.3 and most other files on the site -- several times. Well, well! WSJ also remonstrated yesterday; we'll share that thank-you separately. From jya at pipeline.com Tue Dec 3 15:19:49 1996 From: jya at pipeline.com (John Young) Date: Tue, 3 Dec 1996 15:19:49 -0800 (PST) Subject: Dow-Jones Counsel Writes Message-ID: <1.5.4.32.19961203225226.006a479c@pop.pipeline.com> --------- Date: Mon, 2 Dec 1996 11:15:07 -0500 To: jya at pipeline.com From: legalwfc at wsj.dowjones.com (Legal Department - Dow Jones & Co. NYC) Subject: Articles on Your Web Site Hello. I am an attorney with Dow Jones & Company, Inc. I came across your Web site recently and saw that you have incorporated articles from The Wall Street Journal, which is a publication of Dow Jones. Dow Jones is pleased that readers find information in The Wall Street Journal important enough to communicate to other Web users. The articles I've seen are, or have been, located at http://jya.com/clash0.txt; http://jya.com/xpanix.txt; http://www.jya.com/peanut.txt; and http://www.jya.com/boomer.txt. We also appreciate your encouraging others to take a look at our articles. The problem is that posting our copyrighted material at your site violates copyright laws, even if you give us credit, and even if you don't charge people to read the posted material. The same would be true if someone were to republish material that you created without your permission. You can, of course, recommend stories from The Wall Street Journal at your site by citing the headline and the date of the article and providing a brief description. And those articles can be viewed quite easily for a modest subscription fee in The Wall Street Journal Interactive Edition, the Web site of The Wall Street Journal (http://wsj.com). While we hope you keep reading The Wall Street Journal, you must remove our articles from any Web site you control as soon as possible. If you want to talk to me about this, you can reach me at (212) 416-3108. Many thanks. Sincerely, Hunter Farrell Counsel Dow Jones & Company, Inc. --------- We thanked Mr. Farrell for his courteous note, promised to keep WSJ articles off our site and read the paper. From ericm at lne.com Tue Dec 3 15:23:00 1996 From: ericm at lne.com (Eric Murray) Date: Tue, 3 Dec 1996 15:23:00 -0800 (PST) Subject: testing In-Reply-To: <194505C019D@scholars.bellevue.edu> Message-ID: <199612032234.OAA13958@slack.lne.com> Phiberelic Phreaker writes: > > PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD > eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS > rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, > bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. > PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html Evidently "PhReAkInG" causes uncontrollable ourbursts of CaPiTaLiZaTiOn due to horrible shift-key spasms... > PhIbErDeLiC PhReAkEr You probably want alt.2600, it'll be more your style. BTW, you've posted the same fucking message 4 times now. Plonk. -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From unicorn at schloss.li Tue Dec 3 16:19:20 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 3 Dec 1996 16:19:20 -0800 (PST) Subject: Dec 3rd, discussion. Message-ID: I want to thank the members of the DCSB and other attendees for the forum. Unfortuantely, I have to include an apology. I managed to run significantly over time, and missed the chance to deal with many of the more interesting subjects. (My own fault in that I thought I had one more hour than I did). I hope the discussion was intersting to the attendees in any event. I will be posting a paper outlining the subject matter in some detail presently. In any event, I'd like to thank those present once again. It was a pleasure. -- Forward complaints to : European Association of Envelope Manufactures Finger for Public Key Gutenbergstrasse 21;Postfach;CH-3001;Bern Vote Monarchist Switzerland From apf at ma.ultranet.com Tue Dec 3 16:21:09 1996 From: apf at ma.ultranet.com (Andrew Fairbanks) Date: Tue, 3 Dec 1996 16:21:09 -0800 (PST) Subject: (no subject) Message-ID: <199612032327.SAA04610@lucius.ultra.net> unsuscribe cypherpunks From security at kinch.ark.com Tue Dec 3 16:35:45 1996 From: security at kinch.ark.com (Dave Kinchlea) Date: Tue, 3 Dec 1996 16:35:45 -0800 (PST) Subject: your mail In-Reply-To: <2.2.16.19961202024920.3fb73e1e@best.com> Message-ID: Talk to your credit card company, explain to them the whole story, refuse to pay these unauthorized charges. You should get satisfaction. The moral here is, however, that nothing beats putting things down on paper. You SHOULD have sent a letter of cancellation, I'll bet dollars to donuts that the contract you signed stated that you would send cancellation notice IN WRITING. cheers, kinch On Sun, 1 Dec 1996 vitamin at best.com wrote: > Date: Sun, 01 Dec 1996 18:49:20 -0800 > From: vitamin at best.com > To: cypherpunks at toad.com > > > I apologize if this is off topic. > > I received free one month trial in July from Netcom and in mid July I > canceled my account with > Netcom due to lousy customer service. When I called I was treated rudely > because of > canceling netcom. I called again the next day and the person who answered > the phone > apologized me for the behaviour of the previous employee and I was told my > account > will be canceled. Low and behold come July I got my credit card statement and > netcom had billed me. I promtly called them and was assured that my account > would > be cancelled. Come September I was billed again for August and September. > Once again I called and she assured me it would be cancelled. Again, it > was not. > Come October they still billed me. In my November statement they are still > billing me. > > I prefer L.A. Better Business Bureau and District Attorney emails and > physical addresses. > > Someone please help me!!!!! > > Thank You > Key fingerprint = CE 54 C3 93 48 C0 74 A0 D5 CA F8 3E F9 A3 0B B7 From roy at sendai.scytale.com Tue Dec 3 17:35:15 1996 From: roy at sendai.scytale.com (Roy M. Silvernail) Date: Tue, 3 Dec 1996 17:35:15 -0800 (PST) Subject: Copyright violations In-Reply-To: <19961203.110728.12095.0.alzheimer@juno.com> Message-ID: <961203.174512.3H7.rnr.w165w@sendai.scytale.com> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, alzheimer at juno.com forwards: > Washington Post: Monday, December 2, 1996 > > Folks Who Welcome Charge Cards Hey, Ronnie... if you're going to run this stuff through the cp list, at least break it into separate articles so I can skip through it easier. [ now back to your regularly scheduled flamewar ] - -- Roy M. Silvernail [ ] roy at scytale.com "There are two major products that came out of Berkeley: LSD and UNIX. This is no coincidence." -- glen.turner at itd.adelaide.edu.au (Glen Turner) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMqS8BBvikii9febJAQGO4wP9HEVLPuUrUAwPY+p6iZ9RRrfYjvRE3xap E3hJqjUrI8L56Yb+vst8ePYyCRhinYpDZgiQut5SmFsffvwTi4ZRDSZ+Fi0oizjE Lkxj6xq7FaRYvCrzXEOkOd7Nk9ncEBKnt7vjLtW2N8ICSi3ESjWkelqpi/QksTyr ZzKrEJ6VpAU= =9ot2 -----END PGP SIGNATURE----- From security at kinch.ark.com Tue Dec 3 17:48:55 1996 From: security at kinch.ark.com (Dave Kinchlea) Date: Tue, 3 Dec 1996 17:48:55 -0800 (PST) Subject: Culling the proles with crypto anarchy In-Reply-To: <2.2.32.19961203024102.008bd390@netcom.com> Message-ID: I hardly want to be known as the champion of welfare, despite my recent posts ;-( I wonder, however, if these figures are to some large extent a result of health care benefits (presumedly) being paid for whereas ordinary folk in the states do not get such access. Assuming these figures are accurate, there does appear to be a problem! While I do believe that most people would rather work than not, there really should not be any financial incentive to chose welfare over honest work. FWIW, I don't *believe* these figures are representative of Canadian welfare roles as we all get (more or less) free health care to begin with, something I and most Canadians are proud of. (Once again, I am back on cypherpunks talking about non-crypt related subjects. This is my last public posting on this subject.) cheers, kinch On Mon, 2 Dec 1996, Jeff Ubois wrote: > Date: Mon, 02 Dec 1996 18:41:02 -0800 > From: Jeff Ubois > To: cypherpunks at toad.com > Subject: Re: Culling the proles with crypto anarchy > > The numbers quoted in the press were based on a study by the Cato Institute, > "The Work Welfare Trade-Off: An Analysis of the Total Level of Welfare > Benefits by the State" by Michael Tanner, Stephen Moore, and David Hartman, > September, 1995. It's at > . > > Extracts: > > * To match the value of welfare benefits, a mother with two children would > have to earn as much as $36,400 in Hawaii or as little as $11,500 in > Mississippi. > > * In New York, Massachusetts, Connecticut, the District of Columbia, > Hawaii, Alaska, and Rhode Island, welfare pays more than a $12.00-an-hour > job--or more than two and a half times the minimum wage. > > * In 40 states welfare pays more than an $8.00-an-hour job. In 17 states > the welfare package is more generous than a $10.00-an-hour job. > > * Welfare benefits are especially generous in large cities. Welfare > provides the equivalent of an hourly pretax wage of $14.75 in New York > City, $12.45 in Philadelphia, $11.35 in Baltimore, and $10.90 in Detroit. > > * In 9 states welfare pays more than the average first-year salary for a > teacher. In 29 states it pays more than the average starting salary for a > secretary. In 47 states welfare pays more than a janitor earns. Indeed, in > the 6 most generous states, benefits exceed the entry-level salary for a > computer programmer. > > > At 01:27 AM 12/3/96 -0800, Timothy C. May wrote: > >At 4:06 PM -0500 11/27/96, Clay Olbon II wrote: > >>At 12:46 PM 11/27/96 -0800, Dave Kinchlea wrote: > > > >>>I am not in a position to argue with you, I simply don't have the facts. > >>>My question is, do You? can you cite where this figure came from, it > >>>sounds like Republican rhetoric to me. Of course, I will point out, that > >>>minimum wage is simply not enough to feed a family. It is (or at least > >>>it should be) reserved for single folks just starting out. > >> > >>Can't give you the exact date, but it was an article in our local paper (The > >>Detroit News). The $10 figure is not exact, as the actual number varies > >>from state to state, I remember that number as being about average. > > > >I can confirm the gist of Clay's point: I saw a table listing "effective > >hourly welfare pay" for the 50 states and D.C. This was in the "San Jose > >Mercury News," at least 8-10 months ago (and presumably elsewhere, as it > >was a major story). I used it in one of my articles, and gave the reference > >then (sorry, not handy, and my own welfare rate does not pay me enough to > >spend hours sifting through past articles for something so minor, an old > >cite, that is). > > > Key fingerprint = CE 54 C3 93 48 C0 74 A0 D5 CA F8 3E F9 A3 0B B7 From hallam at ai.mit.edu Tue Dec 3 17:51:41 1996 From: hallam at ai.mit.edu (Phillip M. Hallam-Baker) Date: Tue, 3 Dec 1996 17:51:41 -0800 (PST) Subject: Anyone considered adding crypto into Microsoft Outlook? Message-ID: <01BBE14A.04580F10@crecy.ai.mit.edu> Hi, I've been playing around with the new beta of office '97. The main addition is a pretty nice integrated calendar, task list, address book and email doobrie. It just struck me that it would probably make the most convenient platform for integrating cryptography. After all MAPI is an open, extensible API allowing ready access to the email "hooks" necessary. The integration of an address book with the email system makes it very easy to add public key information into a person's entry. I'm not sure whether PGP or MOSS would be the most compatible format. Its quite possible that S/MIME would be more appropriate. It seems to me however that the main thing stopping the use of crypto has been the pretty weedy interfaces. I'm afraid the MH hacks just don't cut it. It seems to me that a downloadable plug-in would be very popular. I know a lot of lawyers who would jump at the chance to use email but realize they have to have crypto. The main problem so far seems to be the impenetrability of the MAPI documentation. Does anyone know of a usable reference or which of the gazillion Microsoft Developer network CDs one can find more information? Phill From varange at crl.com Tue Dec 3 19:39:33 1996 From: varange at crl.com (Troy Varange) Date: Tue, 3 Dec 1996 19:39:33 -0800 (PST) Subject: PRIVACY: X-No-Archive and mail.cypherpunks Message-ID: Igor Chudov @ home writing [ 1422] bytes in <$m2n26165-.199612031615.KAA03400 at manifold.algebra.com> said: > This is primarily addressed to the person who supports cypherpunks > mail-to-news gateway. If you know who such person is, please send > his/her address to me. > > Please modify your reposting program so that it does not remove the > > X-No-Archive: yes > > header line from email messages. This particular header line is an > indication to USENET search engines that the author of the message would > not like it to be stored in these engines. It preserves the author's > privacy and enforces the copyright protection. "X-No-Archive: yes" is for idiots. Who wants to censor their own posts? -- Cheers! From dlv at bwalk.dm.com Tue Dec 3 19:46:59 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 3 Dec 1996 19:46:59 -0800 (PST) Subject: Culling the proles with crypto anarchy In-Reply-To: <2.2.32.19961203024102.008bd390@netcom.com> Message-ID: Jeff Ubois writes: > secretary. In 47 states welfare pays more than a janitor earns. Indeed, in > the 6 most generous states, benefits exceed the entry-level salary for a > computer programmer. Igor may be in a better position to comment on welfare benefits in Oklahoma, but I find the above statement highly questionable. New York is one of the most generous states. An entry-level computer programmer with a B.S. and no work experience fetches 45K on the average. Sure beats welfare. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tcmay at got.net Tue Dec 3 20:04:37 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Dec 1996 20:04:37 -0800 (PST) Subject: "Just call the police"...yeah, right In-Reply-To: Message-ID: At 12:03 PM -0800 12/3/96, Troy Varange wrote: > Well, the "danger" of posting a static IP must be even > greater than with a temporary IP. > > Just call the police if you uncover a bonafide case of a > denial of service attack. From what I gather, they take > this shit seriously, and have better capacities of > getting lazy admins to reveal the relevent data in their > logs. Saying "just call the police" strikes me as being one of the most absurd things I've ever heard on this list. (If I receive a "Logos-gram" warning me I am being unpolite, you know where it'll go.) 99.7% of all local police departments will say, "Huh?" Then they will ask what an "IP" is, then they will advise the caller to deal with it in civil court, and hang up. Most police departments seem to have a hard time using their 8086-based PCs to run WordPerfect, and have almost no contact with the Internet. If your local cops are prepared to deal with a subtle attack involing IP pings, or whatever, they all I can say is that you must live in the nerd capital of the world....actually, I thought Silicon Valley was that place, and I know for sure that the local police aren't prepared to handle obscure attacks. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jmr at shopmiami.com Tue Dec 3 20:07:27 1996 From: jmr at shopmiami.com (Jim Ray) Date: Tue, 3 Dec 1996 20:07:27 -0800 (PST) Subject: testing new Home Web site Message-ID: <199612040406.XAA46358@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: scholars.bellevue.edu at ns.ccsn.edu, Banshee at evil-empire.com, phiberdelic at mailmasher.com, phiberdelic at hotmail.com, phreaker at scholars.bellevue.edu, phreaker at scholars.bellevue.edu, phiberdelic at hotmail.com, cypherpunks at toad.com Date: Wed Dec 04 23:04:24 1996 Phiberelic Phreaker wrote, repeatedly... > try this site and tell me how you like it > if you dont like it then message Mr.Angry on that page ... [gibberish] Ok, Perry. I guess we're all coming over to your list now. JMR Regards, Jim Ray DNRC Minister of Encryption Advocacy One of the "legitimate concerns of law enforcement" seems to be that I was born innocent until proven guilty and not the other way around. -- me Please note new 2000bit PGPkey & address PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5 57 52 64 0E DA BA 2C 71 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEPAwUBMqZJ0jUhsGSn1j2pAQEzUwfPVVsmLa2kGRrHqxk1jur6Ckg+hJAVhk5x e6sNSen8Txa8jTy4noQmPFbekte/628Ig3zd0OvomsGSv0Cp6l9smHOOWZGA74lw 4XgQWyEz05V/twm0mec5M2MNBkOr12rTC4nIQG6zgRz2XJLpqs0ij8/WDLvOW1/w zZT168ijF8UlQx/BneJfN4tgC3+KuSFqC6g7Hxz/Br+ZhQ3Zo8ptk+zdNbnjYwHS 61WmQ3m40dOhxflmaSxsE1jtLLWqTAJgbQN65VsJxRmUG6aYvfv8Q4Y7YZ4alGr5 CApU5eEat5lbkl3HcapG/4GYv3XfUvrnEL/TbMjmjJUqhg== =lKHY -----END PGP SIGNATURE----- From mjmiski at execpc.com Tue Dec 3 20:20:11 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Tue, 3 Dec 1996 20:20:11 -0800 (PST) Subject: Message-ID: <3.0.32.19961203221845.006a4438@execpc.com> At 01:45 PM 12/3/96 EST, Bovine Remailer wrote: >At 10:50 AM 12/3/1996, Matthew J. Miszewski wrote: >>Take, for example, the practice of redlining. How are people who live in >>"bad" neighborhoods supposed to not reveal that information. > >You may lend your own money to whomever you wish. If you do not wish >to lend money to somebody, that is your business. I consider it my business also, when people are denied opportunity because of where they live. I may also hire whomever I wish, but I would have to pay the consequences if I happened to discriminate based on a protected class while doing so. That is the society in which I live. If I dont like it, I try to change it. Our society is not libertarian. If I would prefer that form of society I would have to accept that result. Therefore I choose a balance between liberty and social justice. There are times when government should intervene. I believe it should be as infrequent as possible, but would not want to live in a society where disinfranchised people have no possible recourse. Your choice would apparently be different. >It is difficult to understand why redlining should be illegal, to the >extent that it even occurs. When it does occur, we expect that eager >entrepreneurs such as yourself will rush in to grab new customers. I have not heard serious doubts for a while that redlining occurs. But then again we are on the net. I would love to have the financial wherewithal to startup such an enterprise. Unfortuantely I reside in one such neighborhood. It is difficult enough to raise money to run a small business (and turned out to be much easier to do without any bank lending at all). I have talked with people about starting their own banks. When you are working to make sure all the bills are paid it is a bit difficult to also build an entirely new socio-economic structure. >As for the privacy issue, you seem to be proposing that you have some >sort of right to borrow money on terms which are not acceptable to the >lender. You need not give your address just as you need not borrow >the money. Actually I was stating the opposite. You do not need to do so. You just wont get the money if you dont. >Of course, we hardly live in a free banking era. Most people would >prefer to bank with a company that respects their privacy. Yet, banks >are so tightly controlled in the United States that they most often >will not dare to protect the privacy of their customers for fear of >regulatory consequences. When the service is provided, it cannot be >advertised. Whom would the service be more readily available to? Who uses tax-havens? Who has access to swiss bank accounts? Are you insinuating that my local bank actually has anonymous accounts and just won't tell me? I wish that people DID value anonymous banking in this country. The fact is they just don't care. As long as they get short lines or myriads of ATM machines they are happy. I am largely in favor of banking deregulation. There are places where I simply draw the line. Utter racism is one of them. Everyone can now clamor that it just isnt true. Banks have never discriminated. Its all a big lie. Whatever. (snip) >You are in the unpleasant position of appealing for protection from >the very people who have robbed you of your privacy. You are right. It is far from a perfect system. We make trade-offs every day. The real world I live in is just not as simple as the Libertarian Wet Dream(TM). > >Red Rackham > Matt From haygor at dtx.net Tue Dec 3 20:20:57 1996 From: haygor at dtx.net (William Winans) Date: Tue, 3 Dec 1996 20:20:57 -0800 (PST) Subject: test new web site In-Reply-To: <19460561CED@scholars.bellevue.edu> Message-ID: <32a4fc5b.504896687@mail.dtx.net> On Tue, 3 Dec 1996 15:13:14 CDT, you wrote: >look at my page and tell me how you like it >if you dont like it please tell Mr.Angry , just click on the un happy >face on that page for a quicker reply > PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD >eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS >rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, >bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. > PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html > PhIbErDeLiC PhReAkEr From haygor at dtx.net Tue Dec 3 20:21:45 1996 From: haygor at dtx.net (William Winans) Date: Tue, 3 Dec 1996 20:21:45 -0800 (PST) Subject: test new web site In-Reply-To: <19460561CED@scholars.bellevue.edu> Message-ID: <32a4fcb1.504982851@mail.dtx.net> On Tue, 3 Dec 1996 15:13:14 CDT, you wrote: >look at my page and tell me how you like it >if you dont like it please tell Mr.Angry , just click on the un happy >face on that page for a quicker reply > PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD >eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS >rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, >bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. > PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html > PhIbErDeLiC PhReAkEr ENOUGH ALREADY!!!!!!!!!!!! From tcmay at got.net Tue Dec 3 20:23:44 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Dec 1996 20:23:44 -0800 (PST) Subject: Silence is not assent (re the Vulis nonsense) In-Reply-To: <32A3BBD6.1ECA@gte.net> Message-ID: At 3:05 AM +1300 12/4/96, Paul Foley wrote: >So Tim May's silence in response to Vulis's nonsense, while some >others came out in his favour "argues (not proves, just argues) >heavily in favor of Dimitri" too? Yeah, sure! Wanna buy a bridge? Actually, I've gotten several comments in e-mail to this effect, that if I'm not actively defending myself, maybe I'm guilty. Most were written roughly along the lines of: "Yo, Tim! This Dimitri dewd is rilly, rilly makin' some heavy charges. So how come your not, like, defending your self? Like, is he maybe like right?" [spelling and grammatical errors deliberate, to provide the flavor of some of the post-literate e-mail I get] As to the ramblings of Dale Thorn about how John Gilmore has an obligation to provide services on his machine, well, I gave up on Thorn a long time ago. (In fact, I seem to recall a Dale Thorn I killfiled years ago on the Extropians list...maybe I'm confusing his name with someone else, but it sure rings a bell.) I returned Sunday from several days away from my computer to find the expected several hundred messages in my various IN baskets, but was chagrinned to see just how many of them were pure garbage. Between the "virtual Montgolfiering" of Don Wood and his critics, and the coprophilic insults of Vulis, little of substance lay in between. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From haygor at dtx.net Tue Dec 3 20:32:04 1996 From: haygor at dtx.net (William Winans) Date: Tue, 3 Dec 1996 20:32:04 -0800 (PST) Subject: testing new Home Web site Message-ID: <32a4fed3.505529414@mail.dtx.net> >try this site and tell me how you like it >if you dont like it then message Mr.Angry on that page > PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD >eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS >rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, >bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. > PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html > PhIbErDeLiC PhReAkEr ENOUGH ALREADY!!!!!!!1 From dispatch at cnet.com Tue Dec 3 20:34:41 1996 From: dispatch at cnet.com (The CNET newsletter) Date: Tue, 3 Dec 1996 20:34:41 -0800 (PST) Subject: NEWS.COM DISPATCH December 3, 1996 Message-ID: <199612040411.UAA09486@cappone.cnet.com> *************************************** CNET's NEWS.COM DISPATCH Tuesday, December 3, 1996 San Francisco, California, USA *************************************** WELCOME! *************************************** The NEWS.COM DISPATCH highlights the up-to-the minute technology news presented by NEWS.COM. It tempts readers with coverage of today's hottest stories, news in the making, (in)credible rumors, and other indispensable information. For complete versions of the stories updated all day long, head over to: http://www.news.com/?nd *************************************** CONTENTS SCOOPS AND TOP STORIES January trading often a microcosm of year to come It's not just an online ad--it's a purchase order, too Chasing Gates, Oracle's Ellison finds someone chasing him Sybase finds a sugar daddy, and the market responds ANNOUNCEMENTS An easy way for you to customize NEWS.COM Late-breaking stories just a click away with Desk Top News Send us your questions, comments, flotsam, and jetsam Search the site for particular topics and articles How to subscribe and unsubscribe *************************************** SCOOPS AND TOP STORIES JANUARY TRADING OFTEN A MICROCOSM OF THE YEAR TO COME For 40 of the last 45 years, all bear markets began or continued with losing or below-average Januarys, while the best market years all had above-average Januarys. In today's Perspectives feature, California Technology Stock Letter Editor Michael Murphy analyzes what trends investors should look for during this bellwether month. http://www.news.com/Perspectives/perspectives.html?nd IT'S JUST NOT AN ONLINE AD, IT'S A PURCHASE ORDER TOO File under: "Oh, so THAT'S where all the money is going to come from." Ted Leonsis of AOL predicts that a revolutionary breed of transaction-enabled advertisements will bring billions of dollars in ad revenues to the Net in the near future. He also opines that these new hybrids will make today's "banners and buttons" obsolete by 1998. http://www.news.com/News/Item/0%2C4%2C5872%2C00.html?nd CHASING GATES, ORACLE'S ELLISON FINDS SOMEONE CHASING HIM Larry Ellison, who has portrayed himself as a Microsoft-slayer with his vaunted vision of the Network Computer, is himself facing a challenge, this time on Oracle's traditional home ground. Informix's Phil White is hoping that his new product will make his company the king of the database hill. http://www.news.com/News/Item/0%2C4%2C5867%2C00.html?nd SYBASE FINDS A SUGAR DADDY, AND THE MARKET RESPONDS Although formerly number-two database maker Sybase has suffered three consecutive quarterly losses, things might finally be looking up for the troubled firm. The company's stock, which had been virtually flat for more than a month, rose in response to the news that renowned financier George Soros was bringing in the cavalry. http://www.news.com/News/Item/0%2C4%2C5870%2C00.html?nd *************************************** ANNOUNCEMENTS AN EASY WAY FOR YOU TO CUSTOMIZE NEWS.COM So many bits, so little time? Sounds like you need Custom News. Identify the topics, keywords, or sections you're most interested in, and Custom News will a create a page of headlines and summaries for all stories that match your criteria. Check it out at: http://www.news.com/Personalization/Entry/1%2C21%2C%2C00.html?nocache=1 LATE-BREAKING STORIES A CLICK AWAY WITH DESK TOP NEWS How would you like having split-second access to the very latest news on the Net? Our Desk Top News feature puts our 20 most recent stories right there on your desktop for you to review at any time. Here's how it works: 1. From any story, click Desk Top News in the top right. 2. A window will open showing our last 20 stories. 3. Click on a headline to display the story. 4. Desk Top News updates itself every 30 minutes. 5. You become known as Ms./Mr. Cyber-Info. It feels good. http://www.news.com/Help/Item/0%2C24%2C12%2C00.html?nd SEND US QUESTIONS, COMMENTS, FLOTSAM, AND JETSAM If you have any questions, suggestions or remarks, send us a message: newsdispatch at cnet.com SEARCH THE SITE FOR PARTICULAR TOPICS AND ARTICLES Search the entire NEWS.COM database for stories you saw in News Dispatch, or track any story we've run. http://www.news.com/Searching/Entry/0%2C17%2C0%2C00.html?nd HOW TO SUBSCRIBE AND TO UNSUBSCRIBE To subscribe to News Dispatch: Send mail to listserv at dispatch.cnet.com with the message: subscribe news-dispatch (your name) in the message body. To unsubscribe send the message: signoff news-dispatch *************************************** CNET: The Computer Network http://www.cnet.com/ http://www.news.com/ http://www.gamecenter.com/ http://www.download.com/ http://www.search.com/ http://www.shareware.com/ From dthorn at gte.net Tue Dec 3 20:39:22 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 3 Dec 1996 20:39:22 -0800 (PST) Subject: [NOISE]-- [PHILOSOPHYPUNKS] Re: The House Rules At The Permanent Virtual Cypherpunks Party In-Reply-To: <199612031627.RAA21581@digicash.com> Message-ID: <32A50047.2D13@gte.net> Bryce wrote: > > I made note to this list time and time again requesting that people not > > state the obvious - who owns what hardware and what rights they have to > > pull the plug or whatever. I seriously doubt that even the least > > intelligent cypherpunk would misunderstand such a thing. Do you really > > believe that myself and other cypherpunks want to "seize" John's equip- > > ment, morally or otherwise? You are correct about certain issues being > > complex, but one of the big failings of the crowd who supported Gilmore > > on this action was their failure to understand the point I've made here - > > that we *do* understand basic property rights, etc. > Ah. Then we are in agreement here. My "Rule" in the House > Rules etc. simply stated the obvious fact, for the benefit of > those who need it stated, of Gilmore's sole authority over the > physical substrate. I vaguely recall some subscribers implying > or stating otherwise during the vanish Vulis fracas. It would > not at all surprise me if some people disagreed with this > simple premise-- they habitually do so with regard to "public" > establishments like bars and restaurants, and it isn't much of > a stretch to start thinking of cypherpunks as a similarly > "public" institution. *We* are not in agreement. If you insist on arguing that, I'll have to resort to the "Spock" clarification (a la Star Trek), that it's not merely what you say I object to, it's you I object to. From mjmiski at execpc.com Tue Dec 3 20:40:00 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Tue, 3 Dec 1996 20:40:00 -0800 (PST) Subject: Anyone considered adding crypto into Microsoft Outlook? Message-ID: <3.0.32.19961203223913.006a35b0@execpc.com> > It just struck me that it would probably make the most convenient >platform for integrating cryptography. After all MAPI is an open, extensible >API allowing ready access to the email "hooks" necessary. The integration of >an address book with the email system makes it very easy to add public key >information into a person's entry. > > I'm not sure whether PGP or MOSS would be the most compatible format. >Its quite possible that S/MIME would be more appropriate. I am currently using the new EPPI DLL for Eudora 3.0. It integrates PGP almost seamlessly. I have had no problems at all ... yet. > It seems to me however that the main thing stopping the use of crypto has been the pretty weedy interfaces. I'm afraid the MH hacks just don't cut it. It seems to me that a downloadable plug-in would be very popular. I know a lot of lawyers who would jump at the chance to use email but realize they have to have crypto. > > The main problem so far seems to be the impenetrability of the MAPI documentation. Does anyone know of a usable reference or which of the gazillion Microsoft Developer network CDs one can find more information? hehe. I totally agree. MS = MaSsive Confusion. > > Phill Matt From ichudov at algebra.com Tue Dec 3 21:01:58 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Tue, 3 Dec 1996 21:01:58 -0800 (PST) Subject: PRIVACY: X-No-Archive and mail.cypherpunks In-Reply-To: <199612031904.LAA23702@abraham.cs.berkeley.edu> Message-ID: <199612040457.WAA05128@manifold.algebra.com> John Anonymous MacDonald wrote: > At 10:24 AM 12/3/1996, Timothy C. May wrote: > >At 10:15 AM -0600 12/3/96, Igor Chudov @ home wrote: > > > >>This is primarily addressed to the person who supports cypherpunks > >>mail-to-news gateway. If you know who such person is, please send > >>his/her address to me. > >.... > >>I am opposed to seeing my articles showing up in DejaNews and other > >>search engines. All my emails and usenet postings have this header > >>line. However, when cypherpunks-to-newsgroup gateway reposts all > >>articles, it strips this header line. I believe it to be a mistake > >>and hope that it will be corrected. > > > >Igor raises an important point. > > > >I believe he is misguided in his expectation that his public utterances in > >a forum containing at least 1200 readers (and probably more, through > >gateways, etc.) that he can limit uses of his posts. Any recipient of his > >public utterances may choose to quote them in other articles, forward them > >to friends, archive them on his own disks, etc. > > > > ... > > > >In a free society it is impossible to control what people do with material > >given to them. The best means of protecting one's writings is not to > >distribute them. > > It is unlikely that anybody is going to pay money for our postings, > even Igor's postings. Copyright is not the issue. > > Perhaps, Igor is worried about the unpredictable consequences of his > posts being readable by anybody, anywhere, forever. The solution to > that problem is straightforward and I leave it as an exercise. > Surely, I am not expecting that presence of some magic header line would prevent everyone from archiving all my posts. I am fairly sure that Dimitri Vulis, for example, archives all my messages just in case. There is little one can do to prevent that. I do, however, believe that limiting the availability of archived posts, even to a small degree, is a valuable thing. - Igor. From ichudov at algebra.com Tue Dec 3 21:05:26 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Tue, 3 Dec 1996 21:05:26 -0800 (PST) Subject: PRIVACY: X-No-Archive and mail.cypherpunks In-Reply-To: Message-ID: <199612040501.XAA05167@manifold.algebra.com> Timothy C. May wrote: > >Perhaps, Igor is worried about the unpredictable consequences of his > >posts being readable by anybody, anywhere, forever. The solution to > >that problem is straightforward and I leave it as an exercise. > > Indeed, if Igor does not want his posts added to his dossier entry in the > BlackNet Dossier Service (coming to an offshore site soon), he has various > ways to ensure this. At least until better tools exist to link nyms to true > names, a service BlackNet expects to offer (using the latest Bayesian > inference techniques) within the next 18 months. > Actually I think that you misunderstand the issue: even if I manage to reduce availability of my posts by only 1%, that is already good. I was not making pipe dreams about 100% protection from atchiving. - Igor. From ericm at lne.com Tue Dec 3 21:25:25 1996 From: ericm at lne.com (Eric Murray) Date: Tue, 3 Dec 1996 21:25:25 -0800 (PST) Subject: more IPG and random numbers Message-ID: <199612040524.VAA18488@slack.lne.com> I did some more experiments with the IPG stream-cipher algorithim and random number tests. Since IPG claim that their algorithim passes chi-square tests of randomness, I found a chi-square test program. It's written by Peter Boucher and was posted to sci.crypt in '93 (<2bum8sINN98j at roche.csl.sri.com>). I found it on the web site crypto.com, sorry I don't remember the exact URL but I can send it on request. From the comments: > New, and improved anal.c, uses chi-square. > > Does the 'runs up' (or 'runs down') test with run-length equal to two > get me anything over the standard chi-square test? I left it in. > > BTW, the buf[i] = (((seed = (1103515245*seed +12345)) >> 16) & 0xff); > test fails this one at high numbers. It's too evenly distributed. > > -Peter > > /* *************************************************************** > * anal.c -- > * > * Copyright 1993 Peter K. Boucher > * Permission to use, copy, modify, and distribute this > * software and its documentation for any purpose and without > * fee is hereby granted, provided that the above copyright > * notice appear in all copies. > * > * Usage: anal [input_file [output_file]] > * > * This program counts the occurances of each character in a file > * and notifies the user when a the distribution is too ragged or > * too even. > * > * Because the chance of getting byte B after byte A should be 1:256 > * (for all A's and B's), the program also checks that the successors > * to each byte are randomly distributed. This means that for each byte > * value (0 - 255) that occurs in the text, a count is kept of the > * byte value that followed in the text, and the frequency distribution > * of these succeeding bytes is also checked. > * > */ [..] > #define Vmin (205.33) /* 1% chance it's less */ > #define Vlo (239.39) /* 25% chance it's less */ > #define Vhi (269.88) /* 75% chance it's less */ > #define Vmax (310.57) /* 99% chance it's less */ > > First I ran the output from my version of the IPG algorithim that I posted a couple days ago : % ./boucher < ipg.out Occurances: n = 12000000, V=-8375833.71 Character occurances non-random Successions: n = 46875, V=62287.82 Character successions non-random Then I ran output from a test RNG that's basically a loop around random(): % ./boucher < myrandom/out Occurances: n = 3414720, V=213050.62 Character occurances non-random Successions: n = 13338, V=1143.41 Character successions non-random As you'd expect, it doesn't look like the output from random() is all that great. Finally I generated some output from a random seed generator I wrote a while back. It gets randomness from high-resolution timers and hashing system files. It's not as fast as repeated calls to rand() but is faster than reading from /dev/random: % ./boucher < out Occurances: n = 594352, V=269.75 ================ Frequency distribution excellent! ==================== Successions: n = 2321, V=256.12 ================= Successor randomness excellent! ===================== So, from these tests it looks like IPGs PRNG, which their stream cipher is based on, is not a very good source of random values. Hence anything encrypted with it is succeptable to cryptoanalysis. How succeptable, I do not know. I am sort of curious, since IPG claimed that their PRNG produces "perfect" random data as measured by chi-square analysis, yet my analysis shows otherwise. Perhaps I have coded the algorithim incorrectly (I don't think so, it's pretty simple). Or perhaps IPG chose their keys for the ABC tables carefully to produce good results. Unfortunately that would mean that keys would have to be carefully chosen, something that's not very practical. Based on the work I've done, and the work Igor Chudov posted, it looks like the IPG algorithim is probably not very strong. If two relative crypto neophytes can find serious problems with it, imagine what might happen if experienced cryptoanalists look at it. If you were one of the people who said "it's snake oil unless it's been been tested for a zillion years" etc. you can pat yourself on the back now 'cause you were right. However I think that some of us owe Mr Wood, if not an apology for the excessive abuse he got on this list, at least some respect for putting his money where his mouth is and posting his algorithims. Maybe he'll do some research, tone down the hype, and come back with something better. -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From nobody at cypherpunks.ca Tue Dec 3 21:57:31 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Tue, 3 Dec 1996 21:57:31 -0800 (PST) Subject: Counterproductive Dorothy Denning Flames Message-ID: <199612040549.VAA06361@abraham.cs.berkeley.edu> At 11:58 AM 12/3/1996, Blanc Weber wrote: > Denning is considered credible solely because her statements are > consistent with the interests and views of those in authority. > >Yet even if one's statements are not consistent with the established >authorities, they could be credible and noteworthy to a wide audience, >were the statements in consonance with reality, expressing truths >observable to any (once they were isolated and identified) and >understable to those who hear or read them. I agree. I hope that my own statements have influence in spite of my mouldy reputation. (BTW, when I was young, hacking your opponents to death with a broadsword was noble and now it is politically incorrect. Privacy skeptics nota bene! Times do not change for the better.) >So is Denning offensive because she is unpleasant per se, or do negative >opinions of her exist because of who/what she is supporting? i.e., >because she is on "their" side, rather than "ours", because she employes >her reasoning to their benefit, rather than to ours whose singular >authority in this matter is under contention? There are a number of reasons why Denning gets so much attention. She is the most prominent spokesperson for the pro-GAK view and is, therefore, a lightning rod. There was a German newscaster during the Nazi era who has been described as the "the German Walter Cronkite". He was seen as a top war criminal and was tried at Nuremburg. More recently, after the wall fell many people in Germany were eager to prosecute the East German newscaster who played a similar role in promoting the Honecker regime. It may be unjust, but people feel like they actually know the spokesperson, for better or for worse. She is seen as "one of us" because she wrote a book on cryptography. As a consequence, she is seen as a traitor. I am not endorsing this view. Many people believe that she could not honestly believe everything she says. Instead, they believe that she is sticking to a difficult party line in anticipation of rewards down the road in terms of greater prestige, career advancement, access to grant money, and maybe in other ways. This is called "toadying". It is not going to be popular amongst people who value intellectual integrity. The alternative explanation to many is that she is clueless. There is some evidence that this is the correct explanation. Denning, however, doesn't get off the hook. In the technical community, cluelessness is seen as being just short of a crime against humanity. Persistent cluelessness *is* a crime against humanity. Toadying and cluelessness are both irritating to the author. Denning may also be seen as a "suit" dictating to the programmers what kinds of programs they may write. This is not a formula for social success in the technical community. The academic community has been relatively quiet during the Clipper debate. There are very few members of academia who have gone on the record repeatedly and publicly to say that GAK is the most ridiculous thing we have ever heard and that the people proposing it must be out of their minds, or Nazis, or both. We all know that many academics believe this to be true. However, they are keeping quiet until it is clear which way the wind sets. This is irritating to many and it spills over on Denning. That is probably unfair. Unless you think she is a toady, in which case she is the canonical example of academic indifference and cynicism. In my last message, I said that it was irritating that Denning is seen as a credible spokesperson. Can we fairly hold Denning responsible for the poor judgement of the media which is employed through the poor judgement of the masses? Not really, but she's handy. Many people find the government's underhanded tactics irritating. Rather than honestly raise the issue for public discussion, and maturely, responsibly, and honestly discuss their views, the government has resorted to subterfuge in an attempt to achieve its goals. Clipper was supposed to fool everybody into accepting GAK. The export laws have been, to put it charitably, abused. These tactics are irritating because their intention is to deceive the American people. Denning appears to many to be party to these tactics. We have seen a number of people attempt to win the loyalty of the Net constituency. Gore attempted it with promises of massive funding. Gingrich has attempted it through various pronouncements. The usual pattern is to offer a reward, but in return the constituency has to compromise on something. This pattern is seen over and over again. Denning may be seen by some as yet another politician attempting to get in a position to "deliver" the Net "precinct". Some believe that she positioned herself first as "one of us" and then attempted to sell us out. In the past, it was easier to sell out a constituency due to widespread ignorance and misguided trust. This didn't work for the Net due to the high intellectual integrity of long time Net denizens, the fact that the Net abhors ignorance, and our strong belief that we do not need help reading our mail or paying for it. Still, every politician that attempts this sort of thing is irritating and Denning, if guilty, is no exception. Sir Galahad From dave at kachina.jetcafe.org Tue Dec 3 22:01:14 1996 From: dave at kachina.jetcafe.org (Dave Hayes) Date: Tue, 3 Dec 1996 22:01:14 -0800 (PST) Subject: The Rise and Fall of Cypherpunks WAS [Re: the Dennings] Message-ID: <199612040600.WAA16892@kachina.jetcafe.org> attila at primenet.com writes: > > we, and I mean all of us, who contribute the bulk of the > > "opinions" to cypherpunks gave the mainstream press the biggest > > possible hole to run straight over us, declaring us anarchists > > and wild-eyed fanatics. unless we as a group mend our ways, and > > turn out intelligent reasoning for the advance of cryptography as > > a mainstream way of life, we will be forever consigned not only to > > the dustbin, but subject to the ridicule of both the press and the > > government. Quite surprising. This proves (to me) that cypherpunks is nothing more than lipservice, covertly contributing to the death of the human spirit which most people seem to want. "Unless we as a group mend our ways", indeed. By whose standard of "mending"? If they construct the proper standard can they not control you by that choice? Is your goal in life to be controlled by the press and the government? > > None of us are above a little sarcasm --but let's get the > > vituperative effluent out of the system. do whatever you wish in > > private mail, but keep the profane rantings off the list. The very existance of the "profane" keeps the "sacred" in existance as well. If you cannot see that, then John Grubor's lesson is wasted on you. ------ Dave Hayes - Altadena CA, USA - dave at jetcafe.org Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet It is only knowledge that will destroy bias. From osborne at gateway.grumman.com Tue Dec 3 22:03:46 1996 From: osborne at gateway.grumman.com (Rick Osborne) Date: Tue, 3 Dec 1996 22:03:46 -0800 (PST) Subject: Anyone considered adding crypto into Microsoft Outlook? Message-ID: <3.0.32.19961204010208.00949a80@gateway.grumman.com> At 06:44 PM 12/3/96 -0500, Phillip M. Hallam-Baker wrote: [[It just struck me that it would probably make the most convenient platform for integrating cryptography. After all MAPI is an open, extensible API allowing ready access to the email "hooks" necessary. The integration of an address book with the email system makes it very easy to add public key information into a person's entry. ]] It's already been done with MS Exchange. I assume that this new version ("Outlook", did you call it?) is backwards compatible with Exchange plugins. Take a look at: http://homepage.interaccess.com/~jon/ [[The main problem so far seems to be the impenetrability of the MAPI documentation. Does anyone know of a usable reference or which of the gazillion Microsoft Developer network CDs one can find more information?]] Well, the MAPI SDK used to me on the MS FTP server, but I don't know where it is since they did their reorganization. Rick Osborne / osborne at gateway.grumman.com / Northrop Grumman Corporation ------------------------------------------------------------------------- "A few memory locations short of an address space." From logos at c2.net Tue Dec 3 22:06:37 1996 From: logos at c2.net (logos) Date: Tue, 3 Dec 1996 22:06:37 -0800 (PST) Subject: No Subject Message-ID: You wrote: >Sounds like a heck of a good idea, if: >1. You can ID the bad logic with a high percent of success >(90+ ?). I shall endevor to do my best. Initially, I shall only comment on the most flagrant violations. 90+% should be easy. >2. You can comment/reply for all members fairly, but if> >limited by the large number of postings (and fallacies ?), >give priority to ??? Worst first. >As far as Congress expelling members, are you saying that >the Senate and/or H.O.R. can permanently eliminate a person >elected by the people? Yes, the congress is the sole determiner of the qualifications of its members. >Has this ever been tested? Adam Clayton Powell. Logos out From ichudov at algebra.com Tue Dec 3 22:11:08 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Tue, 3 Dec 1996 22:11:08 -0800 (PST) Subject: Culling the proles with crypto anarchy In-Reply-To: Message-ID: <199612040602.AAA05560@manifold.algebra.com> Dr.Dimitri Vulis KOTM wrote: > > Jeff Ubois writes: > > secretary. In 47 states welfare pays more than a janitor earns. Indeed, in > > the 6 most generous states, benefits exceed the entry-level salary for a > > computer programmer. > > Igor may be in a better position to comment on welfare benefits in Oklahoma, > but I find the above statement highly questionable. New York is one of the > most generous states. An entry-level computer programmer with a B.S. and > no work experience fetches 45K on the average. Sure beats welfare. > I am not an entry-level computer programmer, sorry. - Igor. From logos at c2.net Tue Dec 3 22:12:26 1996 From: logos at c2.net (logos) Date: Tue, 3 Dec 1996 22:12:26 -0800 (PST) Subject: No Subject Message-ID: An anonymous poster wrote: >Timothy C[*] May, a product of a* birth, appeared with >coathanger through his head. >/o)\ Timothy C[*] May >\(o/ I respectfully ask that the author of this post contact me. I am curious about his or her motives and would appreciate it if he or she would address these questions: 1) Why are you attacking Tim May? Has he harmed you in some way? 2) Do you think such posts harm Tim May or help you in some fashion? 3) What do you hope to accomplish by these posts? 4) Do you favor the use of strong cryptography to preserve privacy? 5) If Yes, do you think such posts are constructive to that end? If No, is it your intent that your posts harm the cause of strong cryptography and privacy? 6) Why have you chosen to hide your true identity? Logos out From ichudov at algebra.com Tue Dec 3 22:12:51 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Tue, 3 Dec 1996 22:12:51 -0800 (PST) Subject: PRIVACY: X-No-Archive and mail.cypherpunks In-Reply-To: Message-ID: <199612040606.AAA05594@manifold.algebra.com> Troy Varange wrote: > > Igor Chudov @ home writing [ 1422] bytes in <$m2n26165-.199612031615.KAA03400 at manifold.algebra.com> said: > > > This is primarily addressed to the person who supports cypherpunks > > mail-to-news gateway. If you know who such person is, please send > > his/her address to me. > > > > Please modify your reposting program so that it does not remove the > > > > X-No-Archive: yes > > > > header line from email messages. This particular header line is an > > indication to USENET search engines that the author of the message would > > not like it to be stored in these engines. It preserves the author's > > privacy and enforces the copyright protection. > > "X-No-Archive: yes" is for idiots. Who wants to censor > their own posts? Why don't you let "idiots" do what they want. - Igor. From logos at c2.net Tue Dec 3 22:14:17 1996 From: logos at c2.net (logos) Date: Tue, 3 Dec 1996 22:14:17 -0800 (PST) Subject: No Subject Message-ID: Blanc Weber wrote: >Statements like these, with which cpunks retort to each >other all the time, are examples of the ever-continuing >exercise of logic which goes on the list - even if not >formally delineated nor announced as being of such intent >(LOGOS). > >I am glad for the points which "Sir Galahad" brought up, >because they point out the difference between essential vs >non-essential elements in arguments like this one. My warmest thanks to Blanc Weber for 'beating me to the punch' about 'Sir Galahad's' thoughtful analysis. His post is the sort of give and take which focuses debate and raises the level of intellectual discourse. Thank you, 'Sir Galahad' and Blanc Weber. I hope other posters to this list can emulate your examples. Logos out From dthorn at gte.net Tue Dec 3 22:22:40 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 3 Dec 1996 22:22:40 -0800 (PST) Subject: Culling the proles with crypto anarchy In-Reply-To: <2.2.32.19961203024102.008bd390@netcom.com> Message-ID: <32A517F0.486B@gte.net> Jeff Ubois wrote: > The numbers quoted in the press were based on a study by the Cato Institute, > "The Work Welfare Trade-Off: An Analysis of the Total Level of Welfare > Benefits by the State" by Michael Tanner, Stephen Moore, and David Hartman, > September, 1995. It's at > * To match the value of welfare benefits, a mother with two children would > have to earn as much as $36,400 in Hawaii or as little as $11,500 in > Mississippi. > * Welfare benefits are especially generous in large cities. Welfare > provides the equivalent of an hourly pretax wage of $14.75 in New York > City, $12.45 in Philadelphia, $11.35 in Baltimore, and $10.90 in Detroit. [snip] Why bother with theory? By January sometime, I ought to have my own personal set of numbers finalized. My mate and I are caring for three orphaned children, we both work (good paying corporate jobs), yet it appears we'll be collecting at least $1400 per month tax-free for the kiddies, from various agencies, not including medical/dental benefits. I'd guess the medical/dental will be worth $300, so $1700 divided by 172.5 (or 173.33) work hours is $9.80 to $9.85 per hour after taxes. Imagine what it would be if we were also collecting for the grownups. This is in the greater L.A. area. It looks like the bigger the family, i.e., the more dependents, the bigger the income. Does this hold true elsewhere? From logos at c2.net Tue Dec 3 22:30:08 1996 From: logos at c2.net (logos) Date: Tue, 3 Dec 1996 22:30:08 -0800 (PST) Subject: "Just call the police"...yeah, right In-Reply-To: Message-ID: On Tue, 3 Dec 1996, Timothy C. May wrote: > Saying "just call the police" strikes me as being one of > the most absurd things I've ever heard on this list. > > (If I receive a "Logos-gram" warning me I am being > unpolite, you know where it'll go.) The name of the informal logical fallacy Tim May has *not* made is 'argumentum ad hominem' (literally, 'an argument to the man'; attacking one's opponent rather than dealing with the subject under discussion; aka name calling). Having said that, while Tim May has not committed a logical fallacy, neither has he advanced a logical argument. He has merely stated his conclusory opinion of the other person's comment. By itself, it adds little or nothing of substance to the argument. Logos out From jens.melander at vpress.se Tue Dec 3 22:41:33 1996 From: jens.melander at vpress.se (Jens Melander) Date: Tue, 3 Dec 1996 22:41:33 -0800 (PST) Subject: No Subject Message-ID: <01BBE1B6.8E8BBA80@modem-2.vpress.se> unsuscribe cyberpunks From AwakenToMe at aol.com Tue Dec 3 22:56:45 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Tue, 3 Dec 1996 22:56:45 -0800 (PST) Subject: AOL Message-ID: <961204015554_1985863255@emout03.mail.aol.com> yes.... they did knock off that $3.00 an hour thing. now.. $20.00 unlimited.. I'd hate to do an AOL spam to the list.. but someone asked.. and for all you that say 'get a real internet provider'. Well.. I get ALL the same access most of you do. No shell account...But I can telnet from AOL to one. So there. Nah nah nah =} From logos at c2.net Tue Dec 3 23:34:12 1996 From: logos at c2.net (logos) Date: Tue, 3 Dec 1996 23:34:12 -0800 (PST) Subject: Logos here In-Reply-To: Message-ID: Dr.Dimitri Vulis KOTM wrote: > LOGOS writes: > > > Sovereign collegues, > > You already sound like a jerk. Perhaps you should suspend judgment until you have the opportunity to evaluate the content of my posts. What are you antagonistic to the use of honorifics? > > I am Logos. I have adopted this pseudonym to conceal my > > 'true name'. I want the ideas which I shall be espousing > > to stand or fall on their own merits and not on the basis > > of biases that my name, sex, ethnicity, etc. might otherwise > > sexual preferences... Yes, that and other catagorizations which are irrelevant to the primary focus of this list. > That's right. You lack the decorum to spell either my > first name or my last name correctly. 'Decorum' has to do with polite behaviour. While I was certainly remiss in my hasty spelling of your name, it was not intentional, therefore not a lack of decorum. I do apologize for my negligence. I shall endeavor to spell you name correctly in the future. > "Cypher punks" are a gang of uncouth juveniles I'm not sure I understand the relevance of this comment. Was it made in response to my error in spelling? In any case, it is a good example of the informal logical fallacy of 'over generalization'. As I understand it, there are circa 1000 people subscribed to Cypherpunks. To paint an entire group with such a characterization is both illogical and unfair. I also question your use of the word 'uncouth'. I have seen no posts on Cypherpunks that were any more 'uncultured; crude; or boorish' than those posted by you. I am not saying that uncouth posts have not been made by others, but it is disingenuous for one to judge others by a standard that one does not apply to one's self. > What logic? "Cypher punks" such as Paul Bradley are incapable of > discussing a technical topic (such as Don Wood's IPG proposal) without > putting "(spit)" after Don's name I could be wrong, but I believe this was done as an intentional parody of your own similar posts. If it is illogical for Paul Bradley to do this, does it not follow that is was illogical when you did it as well? It is obvious to me that you are an intelligent person. I am concerned, however, with your apparent intellectual dishonesty. It would appear that you know perfectly well that your posts serve no purpose in the cause of promoting privacy through the use of cryptography. It is hard to draw any other conclusion then that you are intentionally being provocative for the purpose of disrupting the work of this list. If this is not so, I apologize, but how else can we judge your actions? Please step outside of yourself for a moment and give us an honest self-assessment of your behavior and the motives behind it. Respectfully yours, Logos out From haystack at cow.net Tue Dec 3 23:39:33 1996 From: haystack at cow.net (Bovine Remailer) Date: Tue, 3 Dec 1996 23:39:33 -0800 (PST) Subject: No Subject Message-ID: <9612040725.AA18903@cow.net> At 10:18 PM 12/3/1996, Matthew J. Miszewski wrote: >At 01:45 PM 12/3/96 EST, Bovine Remailer wrote: >>At 10:50 AM 12/3/1996, Matthew J. Miszewski wrote: >>>Take, for example, the practice of redlining. How are people who live in >>>"bad" neighborhoods supposed to not reveal that information. >> >>You may lend your own money to whomever you wish. If you do not wish >>to lend money to somebody, that is your business. > >I consider it my business also, when people are denied opportunity because >of where they live. Why not simply disagree with me? You do not believe that people may lend their very own money, earned honestly, to anybody they please. If you are ashamed of that, change your mind. If you are not ashamed, proclaim it the world and justify it. >I may also hire whomever I wish, but I would have to pay the >consequences if I happened to discriminate based on a protected class >while doing so. That is the society in which I live. If I dont like >it, I try to change it. Our society is not libertarian. Current policy doesn't matter if we are discussing the wisdom or justice of possible policies. >If I would prefer that form of society I would have to accept that >result. Therefore I choose a balance between liberty and social >justice. It isn't clear to me whether you are discussing policy options or whether one should violate laws one does not like. When an action is illegal, it is still permissible to discuss its legalization. >There are times when government should intervene. I believe it >should be as infrequent as possible, but would not want to live in a >society where disinfranchised people have no possible recourse. Your >choice would apparently be different. Perhaps. In any event, it is important to understand precisely the mechanisms through which people are disenfranchised, if that is in fact what has happened. It is also important to understand the ramifications of phrases like "no possible recourse". To borrow money? It is safe to say that most poor people should be saving money rather than borrowing it. >>It is difficult to understand why redlining should be illegal, to the >>extent that it even occurs. When it does occur, we expect that eager >>entrepreneurs such as yourself will rush in to grab new customers. > >I have not heard serious doubts for a while that redlining occurs. It seems likely that people draw lines around certain areas and decide not to lend money there. What is less clear is that this is unreasonable. There may be a few good credit risks in poor neighborhoods. But, it may just be too much trouble weeding through the others to make it a paying business. It may also be the case that people lending money are behaving irrationally and drawing lines around neighborhoods for simple racial reasons and for no others. There is a word for this: opportunity. Bank of America was built by a man who perceived and exploited one such opportunity. Italian shop keepers in California could not get good banking services for, it turned out, irrational reasons. >I would love to have the financial wherewithal to startup such an >enterprise. Unfortuantely I reside in one such neighborhood. People start businesses without their own capital all the time. If there really is such a great opportunity, go find some rich people. Rich people, like other people, are always happy to hear about ways to make more money. They don't even have to put the money in for a long time. Once you've set up a package of mortgages, you can sell them off on the CMO market which is liquid and, I believe, quite colorblind. The beauty of this scheme is that you can take your profits right away and let other people take on the long term interest rate risk, default risk, and management hassles. This will make your plan easier to sell to investors. You might also look into the microlending market. The idea is to lend poor people small amounts of money (less than $10,000) to start businesses and the like. The default rates are claimed to be surprisingly low. I have my doubts, but it sounds as if you do not. Good luck. >It is difficult enough to raise money to run a small business (and >turned out to be much easier to do without any bank lending at all). >I have talked with people about starting their own banks. In principle, there is no reason at all why banks are the only institutions that can lend money for mortgages. There may be legal impediments, but then we are back to the actual culprit, the government. You might find that opening a bank was easier if all you had to do was take deposits and lend money rather than wading through the morass of legal requirements and paperwork. >When you are working to make sure all the bills are paid it is a bit >difficult to also build an entirely new socio-economic structure. You don't have to build an entirely new socio-economic structure. You just have to find some good credit risks, some people with money to lend, and put them together taking a cut for yourself, unless the government has thrown up some obstacles to this. >>Of course, we hardly live in a free banking era. Most people would >>prefer to bank with a company that respects their privacy. Yet, banks >>are so tightly controlled in the United States that they most often >>will not dare to protect the privacy of their customers for fear of >>regulatory consequences. When the service is provided, it cannot be >>advertised. > >Whom would the service be more readily available to? Who uses tax-havens? >Who has access to swiss bank accounts? Are you insinuating that my local >bank actually has anonymous accounts and just won't tell me? I wish that >people DID value anonymous banking in this country. The fact is they just >don't care. No, actually they do care, they just don't think (correctly) that they can get it easily. I have no idea if your local bank has "anonymous accounts". More probably, they have accounts for which they do not report transactions in excess of $10,000, but which are held by people they know fairly well. This is more common than you might think, and not just for laundering drug money. Tax evasion is widely practiced. >As long as they get short lines or myriads of ATM machines they are >happy. I am largely in favor of banking deregulation. There are >places where I simply draw the line. Utter racism is one of them. But wouldn't the racist banks be hurting their business? Doesn't the punishment go quite closely with the "crime"? If you believe that there is a huge opportunity which the racist banks (i.e., all of them) will not take advantage of, you had better explain why there is nobody anywhere with any capital who wouldn't want to make even more money off poor people. Can it really be the case that 99+% of rich people will run fleeing from such a great opportunity? Oh, and speaking of racism, where do wealthy African-Americans invest their money? >Everyone can now clamor that it just isnt true. Banks have never >discriminated. Its all a big lie. Whatever. Banks have practiced discrimination, and not just against black people. They have been able to get away with it. How? Because the government has protected the banking guild from competition. If opening a bank were as easy as forming a corporation, you would not see much discrimination, I assure you. There is no reason why a bank shouldn't be that easy to open. >(snip) >>You are in the unpleasant position of appealing for protection from >>the very people who have robbed you of your privacy. > >You are right. It is far from a perfect system. We make trade-offs every >day. Appeals to the very people who are exploiting you are not likely to meet with success, are they? >The real world I live in is just not as simple as the Libertarian Wet >Dream(TM). Then it should be fairly easy to refute my points instead making fatuous remarks such as the one above. Red Rackham From sandfort at crl.com Tue Dec 3 23:55:25 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 3 Dec 1996 23:55:25 -0800 (PST) Subject: The Rise and Fall of Cypherpunks WAS [Re: the Dennings] In-Reply-To: <199612040600.WAA16892@kachina.jetcafe.org> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Tue, 3 Dec 1996, Dave Hayes wrote: > The very existance of the "profane" keeps the "sacred" in > existance as well. If you cannot see that, then John Grubor's > lesson is wasted on you. If this bit of verbal legerdemain makes any sense at all (Logos?), then Grubor must be personally responsible for the existance of every saint on the Catholic calendar...not. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From tcmay at got.net Wed Dec 4 00:01:11 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 4 Dec 1996 00:01:11 -0800 (PST) Subject: In-Reply-To: <01BBE1B6.8E8BBA80@modem-2.vpress.se> Message-ID: At 7:41 AM +0100 12/4/96, Jens Melander wrote: >unsuscribe cyberpunks ^b ^^ph ...and the wrong address, of course. The correct information follows. Please use your cut-and-paste editing tools to ensure you spell things correctly. --Tim May To subscribe to the Cypherpunks mailing list: -send a message to: majordomo at toad.com -body message of: subscribe cypherpunks To unsubscribe from the Cypherpunks mailing list: -send a message to: majordomo at toad.com -body message of: unsubscribe cypherpunks From dlchris at minot.ndak.net Wed Dec 4 00:14:10 1996 From: dlchris at minot.ndak.net (Wolf) Date: Wed, 4 Dec 1996 00:14:10 -0800 (PST) Subject: Cool Website Check it out Message-ID: <32A54106.EDF@minot.ndak.net> Check out my cool website at http://members.tripod.com/~wolf16 From tcmay at got.net Wed Dec 4 00:17:22 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 4 Dec 1996 00:17:22 -0800 (PST) Subject: Angel and Javier can't unsubscribe! In-Reply-To: Message-ID: At 5:46 PM -0400 12/3/96, Angel Luis Ortiz Ruiz wrote: > > Friend: Thank's for your asnswer but I already do that. The server say >that I'm not in the list but I still reacive the messages. Thankx And then there was another message: At 6:00 PM -0400 12/3/96, Javier Rivera wrote: > Friend: Thank's for your asnswer but I already do that. The >server say that I'm not in the list but I still reacive the messages. >Thankx again! Both seemed to come from "zeen at caribe.net". One under the Ruiz name, the other under the Rivera name. And similar messages, both in broken English. I suggest Angel and Javier get together and decide which one of them is the name they or it subscribed under, and use that. Oh, and I have a sneaking suspicion they sent in the increasingly-canonical "unsuscribe" or "unscribe" misspelling. I'm beginning to think that Cypherpunks appeals especially to morons. --Tim May To subscribe to the Cypherpunks mailing list: -send a message to: majordomo at toad.com -body message of: subscribe cypherpunks To unsubscribe from the Cypherpunks mailing list: -send a message to: majordomo at toad.com -body message of: unsubscribe cypherpunks From dlchris at minot.ndak.net Wed Dec 4 00:59:30 1996 From: dlchris at minot.ndak.net (Wolf) Date: Wed, 4 Dec 1996 00:59:30 -0800 (PST) Subject: (no subject) Message-ID: <32A54BB4.5A23@minot.ndak.net> unsubscibe cypherpunks From pclow at extol.com.my Wed Dec 4 01:11:21 1996 From: pclow at extol.com.my (pclow) Date: Wed, 4 Dec 1996 01:11:21 -0800 (PST) Subject: The Good dr. Dobbs Message-ID: <96Dec5.012029gmt+0800.21892@portal.extol.com.my> Sorry Dr Boz, but all I saw on the page was this : "404 Not Found The requested URL /whitepaper.htm was not found on this server. " I would like to point out that our white paper with technical details can be found on our Web-site: www.dsnt.com/whitepaper.htm -- Dr. Eva Bozoki Chief Scientist DSN Technology, Inc. (516)467-0400 From dlchris at minot.ndak.net Wed Dec 4 01:37:53 1996 From: dlchris at minot.ndak.net (Wolf) Date: Wed, 4 Dec 1996 01:37:53 -0800 (PST) Subject: Go to my website Message-ID: <32A554B6.E9A@minot.ndak.net> Games,links,and a hacking page under construction http://members.tripod.com/~wolf16 From lucifer at dhp.com Wed Dec 4 02:00:25 1996 From: lucifer at dhp.com (Anonymous) Date: Wed, 4 Dec 1996 02:00:25 -0800 (PST) Subject: testing Message-ID: <199612041000.FAA10537@dhp.com> On Tue, 3 Dec 1996, Eric Murray wrote: > Phiberelic Phreaker writes: > > > > PhReAkInG iS a ViOlEnT pOiSoN. iT cAnNoT Be ApPlIeD > > eXtErNaLlY tO aNiMaL oR hUmAn TiSsUe WiThOuT sErIoUs InJuRiOuS > > rEsUlTs. It CaNnOt Be TaKeN iNtErNaLlY wItHoUt InDuCiNg VoMiTtInG, > > bLiNdNeSs, AnD GeNeRaL pHySiCaLlY uLtImAtElLy ReSuLtInG iN dEaTh. > > PhReAk ThE pLaNeT--http://www.angelfire.com/ne/PhreakThePlanet/index.html > > > Evidently "PhReAkInG" causes uncontrollable ourbursts of CaPiTaLiZaTiOn due > to horrible shift-key spasms... > > > > PhIbErDeLiC PhReAkEr > > You probably want alt.2600, it'll be more your style. > BTW, you've posted the same fucking message 4 times now. > Plonk. 4 only? We have received over 30 copies of this shit. From c.musselman at internetmci.com Wed Dec 4 02:16:36 1996 From: c.musselman at internetmci.com (Charley Musselman) Date: Wed, 4 Dec 1996 02:16:36 -0800 (PST) Subject: Modulating the FM noise spectrum considered infeasible Message-ID: <1.5.4.16.19961204051022.32b74fec@mail98.internetMCI.com> At 10:38 AM 12/3/96 -0500, Bob Hettinga wrote: >At 9:52 am -0500 12/3/96, James A. Tunnicliffe wrote: >> At 2:55 am -0500 12/3/96, Timothy C. May wrote: >>> [...]Having said this, Johnson noise makes a superior noise source, > ^^^^^^^ >>> if a physical source is desired. > >>Yours makes NOISE? Impressive... >> >>In this case, I guess entropy is preferable to atrophy, though. :-) > >Indeed. > >I've found that my Johnson only makes noise with the proper, er, >peripheral, though... Geez, guys, what's this? Pound the physicist day? Johnson noise is the Brownian motion of electrons in an electronic circuit. It is the irreducible noise, often measured in temperature (obvious?) Cheers, Charley "We accomplish what we work at." | Rules from "We get better at what we practice." | childhood. From unde0275 at frank.mtsu.edu Wed Dec 4 02:22:12 1996 From: unde0275 at frank.mtsu.edu (Internaut) Date: Wed, 4 Dec 1996 02:22:12 -0800 (PST) Subject: IP address Message-ID: <01BBE19A.A32BF200@s22-pm03.tnstate.campus.mci.net> Even greater than denial of service I believe that there are other threats. Like I just found this file on c2.org (I believe it was) on using an IP address to explore somebody's hard drive under certain conditions. EXPORTING YOUR ENTIRE FILESYSTEM Samba When a Windows for Workgroups or Windows 95 machine shares any folder, bugs in Microsoft's SMB implementation over all network protocols allow access to the whole drive, with whatever permissions the sharename was given. These resources are advertised on a browse list that is made available to anyone on the local network by default, and to anyone on the Internet who knows the machine's IP address. Any user sharing any folder over TCP/IP without a password is opening the whole disk to the whole Internet (for those that can locate the machine) and those with a password should be aware that Windows has no protection against brute force attacks. SMBCLIENT, an ftp-style browser for any UNIX, plus a complete file system for Linux and a few UNIX versions, are available from the Samba web site. Please note that Samba's exploitation of this fundamental bug in Microsoft file sharing was unintentional, and was immediately reported to Microsoft. It could have happened with any client over any protocol. An alleged fix for Windows for Workgroups was quietly released in early October, and Microsoft publicly announced a fix for Win95 on October 20th. It has not been rigorously tested, but it appears to fix the problem. The fix for Windows for Workgroups might not be a complete fix, but rather a patch for one way to exploit the problem. (The release version of Win95 prevented cd .. below the shared folder "root," but not cd ../) The patches and Microsoft press releases (which have been corrected at least twice, but which still erroneously identify Samba as shareware, neglect to credit the people who notified Microsoft of the problem, and neglect to mention that this is a fundamental bug in Windows, not a problem specific to TCP/IP or Samba) are available on Microsoft's Windows 95 Updates Page. The patch only works on the US/English version of Windows 95; at this writing, all non-English versions of Windows 95 are still vulnerable. Troy Varange wrote: > Well, the "danger" of posting a static IP must be even > greater than with a temporary IP. > > Just call the police if you uncover a bonafide case of a > denial of service attack. From what I gather, they take > this shit seriously, and have better capacities of > getting lazy admins to reveal the relevent data in their > logs. I just have this gut feeling that sitting out here without any protection somebody could write something that could hook into a program, or even worse the system (i.e. Explorer). Perhaps my fears are totally unfounded (besides above problem w/ samba), but I have not heard anyone say that one *is* secure. -- Internaut PS: I am running win95 but feel free to answer this question for any os. From bryce at digicash.com Wed Dec 4 02:57:24 1996 From: bryce at digicash.com (Bryce) Date: Wed, 4 Dec 1996 02:57:24 -0800 (PST) Subject: [NOISE]-- [PHILOSOPHYPUNKS] Re: The House Rules At The Permanent Virtual Cypherpunks Party In-Reply-To: <32A50047.2D13@gte.net> Message-ID: <199612041057.LAA07494@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- > > > I made note to this list time and time again requesting that people not > > > state the obvious - who owns what hardware and what rights they have to > > > pull the plug or whatever. I seriously doubt that even the least > > > intelligent cypherpunk would misunderstand such a thing. Do you really > > > believe that myself and other cypherpunks want to "seize" John's equip- > > > ment, morally or otherwise? You are correct about certain issues being > > > complex, but one of the big failings of the crowd who supported Gilmore > > > on this action was their failure to understand the point I've made here - > > > that we *do* understand basic property rights, etc. > > > Ah. Then we are in agreement here. My "Rule" in the House > > Rules etc. simply stated the obvious fact, for the benefit of > > those who need it stated, of Gilmore's sole authority over the > > physical substrate. I vaguely recall some subscribers implying > > or stating otherwise during the vanish Vulis fracas. It would > > not at all surprise me if some people disagreed with this > > simple premise-- they habitually do so with regard to "public" > > establishments like bars and restaurants, and it isn't much of > > a stretch to start thinking of cypherpunks as a similarly > > "public" institution. > > *We* are not in agreement. If you insist on arguing that, I'll have to > resort to the "Spock" clarification (a la Star Trek), that it's not merely > what you say I object to, it's you I object to. Um.. Whatever, dude. Have a nice day. Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMqVZC0jbHy8sKZitAQFdjQMAhFo4RA1n+O4Giksi+4alHibWZ3euNy9F NZCh4q7V0KFxV4JScokr1lOYLnudsRaH61gHhyJ38mXXwfgKLbcg0Dd1iY8IiQit 8YvRXTqx+GLZI26aZ5UDL9FriMRbxSnf =iRix -----END PGP SIGNATURE----- From whgiii at amaranth.com Wed Dec 4 02:58:12 1996 From: whgiii at amaranth.com (William H. Geiger III) Date: Wed, 4 Dec 1996 02:58:12 -0800 (PST) Subject: Sorry for the "TWIT" messages Message-ID: <199612041216.GAA07370@mailhub.amaranth.com> Hi, Well seems I had a rather intresting morining. :) After receiving several "Phreak messages I went to modify my "twit" scripts. Unfortunatly the changes I made caused ~50 "twit" messages to go out. My appologies to anyone who received these messages. Thanks, -- ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Cooking With Warp 4.0 Author of PGPMR2 - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii at amaranth.com for PGP Key and other info ----------------------------------------------------------- *MR/2 ICE: OS/2: Logic, not magic. From dlv at bwalk.dm.com Wed Dec 4 04:34:16 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Dec 1996 04:34:16 -0800 (PST) Subject: PRIVACY: X-No-Archive and mail.cypherpunks In-Reply-To: Message-ID: <0VueyD63w165w@bwalk.dm.com> varange at crl.com (Troy Varange) writes: > "X-No-Archive: yes" is for idiots. Who wants to censor > their own posts? Lame losers who call themselves "cypher punks" and bend over for John Gilmore. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Wed Dec 4 04:34:17 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Dec 1996 04:34:17 -0800 (PST) Subject: Anyone considered adding crypto into Microsoft Outlook? In-Reply-To: <01BBE14A.04580F10@crecy.ai.mit.edu> Message-ID: <9PueyD62w165w@bwalk.dm.com> "Phillip M. Hallam-Baker" writes: > It just struck me that it would probably make the most convenient = > platform for integrating cryptography. After all MAPI is an open, = > extensible API allowing ready access to the email "hooks" necessary. The = > integration of an address book with the email system makes it very easy = > to add public key information into a person's entry. Yes, this would be feasible. Problem is, "cypher punks" don't write code. They only write flames and postmaster complaints. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Wed Dec 4 04:34:25 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Dec 1996 04:34:25 -0800 (PST) Subject: Culling the proles with crypto anarchy In-Reply-To: <199612040602.AAA05560@manifold.algebra.com> Message-ID: ichudov at algebra.com (Igor Chudov @ home) writes: > Dr.Dimitri Vulis KOTM wrote: > > > > Jeff Ubois writes: > > > secretary. In 47 states welfare pays more than a janitor earns. Indeed, i > > > the 6 most generous states, benefits exceed the entry-level salary for a > > > computer programmer. > > > > Igor may be in a better position to comment on welfare benefits in Oklahoma > > but I find the above statement highly questionable. New York is one of the > > most generous states. An entry-level computer programmer with a B.S. and > > no work experience fetches 45K on the average. Sure beats welfare. > > > > I am not an entry-level computer programmer, sorry. Too bad. It's a well-paying job. :-) Instead of trying to hack sites in Norway (quite ineptly) and getting caught, why don't you finish the misc.jobs.* robomoderator and run the proposal. I guess writing code is un-"cypher punk". "Eiffel programmer" is an oxymoron. Read Bertrand Meyer's Web page. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Wed Dec 4 04:35:56 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Dec 1996 04:35:56 -0800 (PST) Subject: PRIVACY: X-No-Archive and mail.cypherpunks In-Reply-To: <199612040457.WAA05128@manifold.algebra.com> Message-ID: ichudov at algebra.com (Igor Chudov @ home) writes: > Dimitri Vulis, for example, archives all my messages just in case. Nope - only the ones I think might be useful to me and my friends. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Wed Dec 4 04:37:38 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Dec 1996 04:37:38 -0800 (PST) Subject: testing new Home Web site In-Reply-To: <199612040406.XAA46358@osceola.gate.net> Message-ID: Jim Ray writes: > Ok, Perry. I guess we're all coming over to your list now. > JMR Good riddance. Does anyone know the e-mail address for Judge Kosinski? I'd like to expose Jim Ray as a liar and a hypocritical shyster. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From boursy at earthlink.net Wed Dec 4 05:12:53 1996 From: boursy at earthlink.net (Stephen Boursy) Date: Wed, 4 Dec 1996 05:12:53 -0800 (PST) Subject: The Rise and Fall of Cypherpunks WAS [Re: the Dennings] In-Reply-To: Message-ID: <32A579A8.718@earthlink.net> Sandy Sandfort wrote: > > C'punks, > > On Tue, 3 Dec 1996, Dave Hayes wrote: > >> The very existance of the "profane" keeps the "sacred" in >> existance as well. If you cannot see that, then John Grubor's >> lesson is wasted on you. > > If this bit of verbal legerdemain makes any sense at all > (Logos?), then Grubor must be personally responsible for the > existance of every saint on the Catholic calendar...not. Well saints come on go on the Roman Catholic calander--doesn't mean a hell of a lot. Dr. Grubor does an excellent job of bring the vermin out of the woodwork. Steve From jya at pipeline.com Wed Dec 4 05:15:53 1996 From: jya at pipeline.com (John Young) Date: Wed, 4 Dec 1996 05:15:53 -0800 (PST) Subject: OPE_nup Message-ID: <1.5.4.32.19961204131259.0069a9d0@pop.pipeline.com> Two reports on BSA's letter Monday to Gore opposing crypto export regulations as "headed in the wrong direction." And claims the administration has "significantly backtracked" since announcing the new policy October 1. IBM, MS, et al are withdrawing earlier support for it. Without change, BSA said, encryption export policies will fail as did Administration policy of Clipper. ----- OPE_nup From dlv at bwalk.dm.com Wed Dec 4 05:30:37 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Dec 1996 05:30:37 -0800 (PST) Subject: Angel and Javier can't unsubscribe! In-Reply-To: Message-ID: "Timothy C. May" writes: > I'm beginning to think that Cypherpunks appeals especially to morons. > > --Tim May Me too. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Wed Dec 4 05:40:42 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Dec 1996 05:40:42 -0800 (PST) Subject: The Rise and Fall of Cypherpunks WAS [Re: the Dennings] In-Reply-To: <32A579A8.718@earthlink.net> Message-ID: Stephen Boursy writes: > Sandy Sandfort wrote: > > > > C'punks, See punks post. See punks rant. See punks flame. Laugh, laugh, laugh. > > On Tue, 3 Dec 1996, Dave Hayes wrote: > > > >> The very existance of the "profane" keeps the "sacred" in > >> existance as well. If you cannot see that, then John Grubor's > >> lesson is wasted on you. > > > > If this bit of verbal legerdemain makes any sense at all > > (Logos?), then Grubor must be personally responsible for the "Logos" suffers from verbal diarrhea and can only be pitied. Anonymous cowards like him are the worst enemy of crypto-enhanced privacy. > > existance of every saint on the Catholic calendar...not. > > Well saints come on go on the Roman Catholic calander--doesn't > mean a hell of a lot. We have a Greek Orthodox church of St. Dimitri not too far from here. They mistakenly think that I'm Greek and send me the same newsletter they send to everybody else named Dimitri. Some of it is in English, so I learned quite a bit about the life of the original St. Dimitri: He was a foul-mouthed Greek who lived in 3rd century CE and got into trouble for badmouthing the Romans and other Pagans. I suppose he's an RC saint too. I used to work for the Jesuits - very educational. He is not to be confused with the Russian St. Dimitri Donskoy who beat the shit out of the Mongols. That was after the schism, so he's _not RC saint. > Dr. Grubor does an excellent job of bring the vermin out of > the woodwork. Yes - thank you Dr. Grubor for your fine work. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From olbon at ix.netcom.com Wed Dec 4 06:28:01 1996 From: olbon at ix.netcom.com (Clay Olbon II) Date: Wed, 4 Dec 1996 06:28:01 -0800 (PST) Subject: more IPG and random numbers Message-ID: <1.5.4.32.19961204142607.006a18bc@popd.ix.netcom.com> At 09:24 PM 12/3/96 -0800, Eric Murray wrote: >I did some more experiments with the IPG stream-cipher >algorithim and random number tests. Since IPG claim that their >algorithim passes chi-square tests of randomness, I found >a chi-square test program. It's written by Peter Boucher >and was posted to sci.crypt in '93 (<2bum8sINN98j at roche.csl.sri.com>). Eric, The chi-square test is fairly easy to implement. Understanding the alogrithm and interpreting what the test results mean is as important as a proper implementation. An excellent text that covers testing PRNGs (including, chi-square, KS, runs (up, down, above & below the mean), and autocorrelation) is Simulation Modeling & Analysis, by Law & Kelton. >> Does the 'runs up' (or 'runs down') test with run-length equal to two >> get me anything over the standard chi-square test? I left it in. Yes. It tests yet another aspect of "is the data truly random?" >First I ran the output from my version of the IPG algorithim that I >posted a couple days ago : > >% ./boucher < ipg.out >Occurances: n = 12000000, V=-8375833.71 >Character occurances non-random >Successions: n = 46875, V=62287.82 >Character successions non-random Unless the V is a typo, there is an error in the code. The chi-square statistic can never be negative. >Then I ran output from a test RNG that's basically a loop around random(): > >% ./boucher < myrandom/out >Occurances: n = 3414720, V=213050.62 >Character occurances non-random >Successions: n = 13338, V=1143.41 >Character successions non-random I did considerable testing on random() a while back. It is actually quite good at producing a uniform distribution. There were other problems however (notably autocorrelation in triplets). >Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm >PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF I suggest you take a look at the chi-square program and check it for errors. Based on the above observations, I am a little suspicious of your results. As a side note, I tend to test PRNGs using stream lengths that are similar to what I will need in a real use of the generator. I also test multiple seeds, because statistically, some seeds will fail. Of course, testing multiple seeds has its own problems (see the bonferroni inequality) of which most non-statisticians are unaware. I have been curious for a while about developing a statistical test that would examine the expected number of failures of a repeated statistical test. Haven't had the time to look into it yet though - not enough hours in the day. ******************************************************* Clay Olbon olbon at ix.netcom.com engineer, programmer, statistitian, etc. **********************************************tanstaafl From mctaylor at olympus.mta.ca Wed Dec 4 06:39:33 1996 From: mctaylor at olympus.mta.ca (Michael C Taylor (CSD)) Date: Wed, 4 Dec 1996 06:39:33 -0800 (PST) Subject: new mailing list & ITAR In-Reply-To: Message-ID: On Tue, 3 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > Meta-question: if someone posts strong crypto source code to the > moderated mailing list, can the moderator(s) be prosecuted under ITAR? The moderator would not prosecuted if the moderator & host machine wasn't located in USA and not a USA citizen and if the post was not from USA. The poster may be a target if located inside USA or a USA citizen. The moderator might be prosecuted if the post originated inside USA or went through USA to be exported outside USA & Canada. Welcome to the rest of the world. ---- Michael C. Taylor Programmer, Mount Allison University From sandfort at crl.com Wed Dec 4 06:54:32 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 4 Dec 1996 06:54:32 -0800 (PST) Subject: The Rise and Fall of Cypherpunks WAS [Re: the Dennings] In-Reply-To: <32A579A8.718@earthlink.net> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, > Well saints come on go on the Roman Catholic calander--doesn't > mean a hell of a lot. Obviously Steve has a defective "ironometer." > Dr. Grubor does an excellent job of bring the vermin out of > the woodwork. Yes, riding at the head of the pack. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From logos at c2.net Wed Dec 4 07:16:04 1996 From: logos at c2.net (logos) Date: Wed, 4 Dec 1996 07:16:04 -0800 (PST) Subject: No Subject Message-ID: Dimitri Vulis wrote: > Lame losers who call themselves "cypher punks" and bend > over for John Gilmore. It is obvious that you, Dimitri Vulis, intend to be disruptive to the operation of this list. I have politely asked you several specific questions about your motives. I am politely asking you again, Dimitri Vulis, why are you unwilling to rationally and politely discuss whatever grievances you have with specific Cypherpunks? I believe you are capable of rational discourse, you allegedly have some academic credentials so you must have a passing familiarity with formal debate. Why are you unwilling to join this discussion with anything other than immature insults? If the facts are on your side, a reasonable demeanor can only enhance your arguments. If the facts are not on your side, why can you not graciously admit you are wrong and withdraw your accusations. I have been unfailingly polite to you. Do you have it within your character to respond to me in kind? Thank you for your attentions to this matter. Logos out From trei at process.com Wed Dec 4 07:28:47 1996 From: trei at process.com (Peter Trei) Date: Wed, 4 Dec 1996 07:28:47 -0800 (PST) Subject: [NO CRYPTO] Recommended reading. Message-ID: <199612041528.HAA13860@toad.com> The current (Dec 2) issue of Forbes is a special - the cover article is 'Cyber power gives financial markets a veto over the President and Congress', by Peter Huber. This has already been covered in this list. However, the real prize is a second complete magazine included with the Forbes in a plastic bag - the premiere issue of Forbes ASAP: "The Big Issue - Where do we go from here?", which contains 53 essays from various commentators on the significance and future of the techno revolution. I haven't finished it yet, but found the essays by Tom Wolfe on the social implications of neuroscience and Mark Helprin on life's accelerating pace superb. Other authors include: Gingrich, Fukuyama, Nader, Simon Schama, Rifkin, Esther Dyson, Al Goldstein, Buckley, Paglia, Gates, Negroponte,, Richard Leakey, Steven Weinberg, Brokaw, Limbaugh, Huber, and George Gilder, among others. Highly recommended! Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From alzheimer at juno.com Wed Dec 4 07:34:24 1996 From: alzheimer at juno.com (Ronald Raygun Remailer) Date: Wed, 4 Dec 1996 07:34:24 -0800 (PST) Subject: Copyright violations Message-ID: <19961204.093329.12447.0.alzheimer@juno.com> Bank Mutual Fund Report: December 2, 1996 Consumer Bankers Association Adopts Privacy Guidelines The Consumer Bankers Association has adopted a set of voluntary "best practice" privacy guidelines that it will offer members for use in structuring their own consumer financial privacy programs. This is becoming especially important as banking regulators continue to scrutinize banks' sales practices of investment products and insurance. In a related announcement, CBA said that it has scheduled an information workshop for Dec. 9, where member banks will discuss the implementation of privacy guidelines and other steps that can be taken to improve customer privacy protection. In adopting the guidelines, CBA stressed that customer confidentiality is a long-standing and essential principle of banking; but it noted that developments in technology have made it easier for financial institutions and other companies to collect, store and analyze data relating to their customers. The guidelines are intended to help member banks keep their privacy policies in step with these advances in technology. "Our director of government relations, Marcia Sullivan, worked closely with a committee of Board members for more than a year to design these guidelines," said Joe Belew, president of the Consumer Bankers Association. "All of us are proud that their efforts have put our industry in the forefront of the drive to keep pace with technology in protecting consumer privacy." "We worked closely with privacy, marketing, and database experts to give our industry this blueprint for consumer privacy," said Pam Flaherty, a member of CBA's Board of Directors and a senior vice president of Citibank. "We are confident that these guidelines will enable our members to continue delivering top-quality service and choice, while maintaining the trust of consumers." The announcement of the new guidelines was welcomed by experts who study issues surrounding consumer privacy. "I applaud CBA for taking this first, industry-wide step to further protect customers' privacy," said Alan Westin, professor of public law and government at Columbia. "These guidelines should give consumer bankers a solid foundation on which to base their future privacy protections, especially as they move toward new consumer financial products such as smart cards, money cards, and Internet banking." The CBA workshop on customer information is being conducted in partnership with the Washington law firm of Morrison & Foerster. The one-day session will be attended by retail bankers, compliance managers and database marketing managers of the member banks. "Consumer privacy concerns are an understandable result of the advent of virtual information systems," said L. Richard Fischer, a partner with Morrison & Foerster and author of "The Law of Financial Privacy," adding that, "this is clearly the time to champion such industry-wide guidelines." Houston Chronicle: Sunday, December 1, 1996 Gtech Loss 'Significant'; Penalties Light in Welfare Card Launch BY POLLY ROSS HUGHES Persistent problems with the Lone Star card -- widely credited for cutting food-stamp fraud -- could have cost the company behind it $ 7 million in penalties had state officials not let it off the hook. Despite losing a ""significant'' amount of money during the first year of operation, Transactive Corp., a subsidiary of the controversial lottery operator Gtech Corp., insists that Texas' Lone Star card for welfare and food stamp benefits is a model of success. Likewise, Comptroller John Sharp last month sent out a press release calling the statewide launch a year ago "a successful experiment in welfare reform. '' But a box full of documents obtained under the Public Information Act tells the darker side of what Texas Department of Human Services spokeswoman Jessica Shahin calls the ""yin-yang'' of government contracts. The Lone Star card is the nation's first grand-scale system to issue welfare benefits through a private technology company. The card, which resembles a credit card, replaces food stamps at the grocery store and can be used to withdraw welfare benefits. Use of the card could be expanded to include unemployment insurance, child support collections and other government payments. Texas is also the first and largest state planning to privatize the screening of welfare applicants. State officials intend to arrange a much larger, $ 2 billion contract with a private company to handle that job. But a look behind the scenes of the Lone Star card could prove helpful as the state moves toward more public-private partnerships. The history of the contract shows what can happen when the state tries to do too much too quickly with too little money. Just as the statewide start-up was about to begin, problems with the card's help line for retailers and customers were so bad that DHS officials cut off payment to Transactive for three months. "The Lone Star Help Desk continues to function at an unacceptable level,'' Bob Ambrosino, DHS' director for the project, wrote to Transactive officials at the time. "One thing is quite clear. Transactive is not providing the level of service promised in the contract. '' To make matters worse, the start-up months were marred by several system shutdowns and technical glitches that made it impossible to process Lone Star sales electronically. Several grocers complained of lost sales, and customers went home with less food as a result. Grocers could ring up $ 50 with handwritten vouchers, but only if they got approval via the help line. If they couldn't get through, they could ring up sales of no more than $ 25 -- "extremely risky transactions subject to fraud,'' Ambrosino said. Complaints rolled in. Among them: A grocer in Midland said he tried unsuccessfully all day to get through to the help line. ""He stated the phone rings and rings -- he literally let it ring over 100 times -- and no one picks it up,'' reports say. The Lone Star system shut down for 10 days near Christmas at Big B Food Store in Karnes City, but the help desk repeatedly advised the owner to unplug the machine and try again later. This didn't work. When the grocer finally asked to speak to a supervisor, the help desk hung up on him -- twice. In San Antonio, a retailer said he tried for five months to get a terminal installed. He called the help desk four times seeking the equipment and each time was told it would arrive in a week. It never did. DHS itself complained of several breaches of the contract terms, including Transactive reports that were habitually late, inaccurate and sometimes incomprehensible. ""This was an extremely ambitious project. It had a very short time frame,'' Ambrosino said in a recent interview. "The complexity, the size and the time frame all added to the risk. '' The other obstacle was skimpy funding, stemming from federal and state requirements that the Lone Star card system had to cost the same as the old paper food stamp system. The contract is worth about $ 224 million over seven years. Three bids were made for the contract, coming from Transactive, Deluxe Data Systems with EDS, and Citibank with Lockheed Martin. "All three vendors had a problem with the fact that we had a limited amount of money,'' Ambrosino said. "The bids all came in too high and we had to start all over. '' In the second round, Transactive prevailed. "Absolutely, no question, hands down, it was the best bid,'' Ambrosino said. "It provided the most services for the amount of money that was available. '' One of Transactive's promises that proved decisive in winning the contract, records show, was a superior help line. The outcome of the bidding drew formal protests from Deluxe Data Systems, which argued that Transactive's lack of experience should have disqualified it. Since awarding the contract, DHS officials have documented more than $ 7 million in fines they could have assessed because of Transactive's mistakes, but the agency never did so. Ambrosino said his contract management team chose instead to hold the possibility of penalties over Transactive as an incentive to improve while the system was relatively new. He also said that DHS withheld $ 6 million in payments to the company during the statewide start-up as an alternative to actual fines. As the company made improvements, DHS reinstated the held-up payments in early 1996. However, last week, after inquiries from the Houston Chronicle, DHS decided to fine Transactive $ 345,300 for foul-ups occurring in May, June and July. Assessing the damages had been recommended as early as Oct. 8 in an internal memo to Ambrosino from Hank Dembosky, DHS' Lone Star contract manager. Nearly half of the fine is related to an AT&T network failure on July 11, a problem that set off a chain of negative reactions. Retailers again had to process Lone Star sales manually but couldn't get quick enough authorizations, resulting in lost sales and "associated inconveniences. '' Finally, with a flood of retailers dialing the help line for authorizations, calls from cardholders with questions were abandoned. The fine includes $ 60,000 for slower system response times than the federal government requires, a failure that has occurred every month since the Lone Star card went statewide. Additionally, there is a penalty of $ 135,300 for late or inaccurate reports. Meanwhile, Transactive reported "significant'' losses for the fiscal year ending in February 1996 and predicted more losses to come in the current fiscal year. Parent company Gtech's most recent annual report points to investments exceeding $ 61 million for electronic benefits systems to support its business in Texas and start-ups in Illinois and Mississippi. Transactive received $ 24 million from Texas in the state's fiscal year that ended in August, said Shahin, the DHS spokeswoman. Gtech's report to stockholders says Transactive plans to increase sales, cut costs and line up more business in other states. If the plan fails to turn the losses around ""within a reasonable'' time, the company would consider a joint venture. Failing that, Gtech could be required to recognize a loss on part of its Transactive investment. Transactive is betting on a dual strategy to make its start-up investments pay off, said company spokesman Marc Palazzo. First, it is banking on the Texas contract as a selling point for winning similar contracts in other states. Transactive also hopes to snare more business should Texas expand the government benefits it distributes through the Lone Star card. Transactive won't say how much of its Lone Star investment went toward solving major problems. But Ambrosino said he believes the company was forced to pour millions into perfecting the system. "Certainly there have been problems that have developed during the implementation of this system,'' said Palazzo. ""This is a new system. In a project of this size those issues are to be expected. I think the program is working, and that is the bottom line. '' From dthorn at gte.net Wed Dec 4 07:38:42 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 4 Dec 1996 07:38:42 -0800 (PST) Subject: Silence is not assent (re the Vulis nonsense) In-Reply-To: <32A3BBD6.1ECA@gte.net> Message-ID: <32A59AA0.1C89@gte.net> Timothy C. May wrote: > At 3:05 AM +1300 12/4/96, Paul Foley wrote: > >So Tim May's silence in response to Vulis's nonsense, while some > >others came out in his favour "argues (not proves, just argues) > >heavily in favor of Dimitri" too? Yeah, sure! Wanna buy a bridge? > Actually, I've gotten several comments in e-mail to this effect, that if > I'm not actively defending myself, maybe I'm guilty. Most were written > roughly along the lines of: [snippo] > As to the ramblings of Dale Thorn about how John Gilmore has an obligation > to provide services on his machine, well, I gave up on Thorn a long time > ago. (In fact, I seem to recall a Dale Thorn I killfiled years ago on the > Extropians list...maybe I'm confusing his name with someone else, but it > sure rings a bell.) Since I wasn't on the Internet before, the answer is no. As to Dale insisting on Gilmore providing services, the answer to that is clear if you actually read my posts, which you apparently claim to have done, yet claim not to have done since you "gave up" a long time ago. Which is it, Tim? Tim May writes on certain topics a la "Crypto Anarchy and Virtual Communities" with a passion that is compelling, if not entirely convincing, yet this "leader of cypherpunks" is pitifully out of his element dealing with a truly rational person such as myself, since in Tim's universe, emotion seems to be the more desirable substitute. BTW, I never suggested guilt via not answering up to the list on any topic. I said it would have been clearer to the list subscribers if John had explained things himself instead of having a plethora of defenses coming from hacks like yourself, who don't represent John. If you, Sandy, and the other offenders *really* want to keep the noise down, then next time ask John directly for a reply, and if none is forthcoming, say to the list *once*, "John will not answer up", etc., and let the subscribers draw their own conclusions from the silence, instead of from your inane "defenses". From jdelgado at nexus.net.mx Wed Dec 4 07:49:11 1996 From: jdelgado at nexus.net.mx (Jose Luis Delgado) Date: Wed, 4 Dec 1996 07:49:11 -0800 (PST) Subject: (no subject) In-Reply-To: <199612032327.SAA04610@lucius.ultra.net> Message-ID: unsuscribe cypherpunks From enzo at ima.com Wed Dec 4 07:59:52 1996 From: enzo at ima.com (Enzo Michelangeli) Date: Wed, 4 Dec 1996 07:59:52 -0800 (PST) Subject: The Good dr. Dobbs In-Reply-To: <96Dec5.012029gmt+0800.21892@portal.extol.com.my> Message-ID: On Thu, 5 Dec 1996, pclow wrote: > Sorry Dr Boz, but all I saw on the page was this : > > "404 Not Found > > The requested URL /whitepaper.htm was not found on this server. " > > > > I would like to point out that our white paper with technical details > can be found on our Web-site: www.dsnt.com/whitepaper.htm > > -- > Dr. Eva Bozoki > Chief Scientist > DSN Technology, Inc. > (516)467-0400 Almost, but not quite: you forgot a trailing "l". http://www.dsnt.com/whitepaper.html Anyway, 512 bit for a permanent public key doesn't sound that safe. And this phrase: Encrypting the Diffie-Hellman exchange and changing the dynamic common key every 24 hours foils "man-in-the-middle" attacks because each renegotiation authenticates the two boxes to each other. sounds especially obscure to me. If the initial exchange of the "permanent common private key" through a non-authenticated D-H key exchange was compromised (as it is entirely possible) by a man-in-the-middle attack, also the subsequent D-H key exchanges encrypted with that supposedly common key will be subject to the same attack: actually there will be TWO non-common private keys, and the man in the middle will know both of them. Enzo From jamie at comet.net Wed Dec 4 08:08:27 1996 From: jamie at comet.net (jamie dyer) Date: Wed, 4 Dec 1996 08:08:27 -0800 (PST) Subject: test Message-ID: 'scuse the spam.... jamie ------------------------------------------------------------------------------ jamie dyer Send empty message to jamie at comet.net | Comet.Net | pgpkey at comet.net | Charlottesville, Va. | for pgp public key. | (804)295-2407 | | http://www.comet.net | "Linux perceiveth of The Dos, the Dos perceiveth not of the Linux." ------------------------------------------------------------------------------ From kkoller at panix.com Wed Dec 4 08:22:55 1996 From: kkoller at panix.com (captain.sarcastic) Date: Wed, 4 Dec 1996 08:22:55 -0800 (PST) Subject: no subject (file transmission) Message-ID: <199612041622.LAA28641@panix.com> >From cypherpunks-errors at toad.com Wed Dec 4 11:22:29 1996 Received: from RES2.RESNET.UPENN.EDU (root at RES2.RESNET.UPENN.EDU [130.91.195.242]) by mail1.panix.com (8.7.5/8.7.1/PanixM1.0+) with ESMTP id LAA14598 for ; Wed, 4 Dec 1996 11:22:24 -0500 (EST) Received: from poboxer.pobox.com (poboxer.pobox.com [207.8.188.2]) by RES2.RESNET.UPENN.EDU (8.7.6/8.7.3) with ESMTP id LAA13349 for ; Wed, 4 Dec 1996 11:23:19 -0500 Received: from toad.com (toad.com [140.174.2.1]) by poboxer.pobox.com (8.7.6/8.7.1) with ESMTP id LAA24598 for ; Wed, 4 Dec 1996 11:21:08 -0500 Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id EAA12176 for cypherpunks-outgoing; Wed, 4 Dec 1996 04:34:17 -0800 (PST) Received: from uu.psi.com (uu.psi.com [136.161.128.3]) by toad.com (8.7.5/8.7.3) with SMTP id EAA12170 for ; Wed, 4 Dec 1996 04:34:13 -0800 (PST) Received: by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via UUCP; id AA25881 for ; Wed, 4 Dec 96 07:26:15 -0500 Received: by bwalk.dm.com (1.65/waf) via UUCP; Wed, 04 Dec 96 06:51:51 EST for cypherpunks at toad.com To: cypherpunks at toad.com Subject: Re: Anyone considered adding crypto into Microsoft Outlook? From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Comments: All power to the ZOG! Message-Id: <9PueyD62w165w at bwalk.dm.com> Date: Wed, 04 Dec 96 06:50:07 EST In-Reply-To: <01BBE14A.04580F10 at crecy.ai.mit.edu> Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y. Sender: owner-cypherpunks at toad.com Precedence: bulk "Phillip M. Hallam-Baker" writes: > It just struck me that it would probably make the most convenient = > platform for integrating cryptography. After all MAPI is an open, = > extensible API allowing ready access to the email "hooks" necessary. The = > integration of an address book with the email system makes it very easy = > to add public key information into a person's entry. Yes, this would be feasible. Problem is, "cypher punks" don't write code. They only write flames and postmaster complaints. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From Tunny at inference.com Wed Dec 4 08:23:35 1996 From: Tunny at inference.com (James A. Tunnicliffe) Date: Wed, 4 Dec 1996 08:23:35 -0800 (PST) Subject: [Noise]RE: Modulating the FM noise spectrum considered infeasible Message-ID: Charley Musselman writes: >At 10:38 AM 12/3/96 -0500, Bob Hettinga wrote: >>At 9:52 am -0500 12/3/96, James A. Tunnicliffe wrote: >>> At 2:55 am -0500 12/3/96, Timothy C. May wrote: >>>> [...]Having said this, Johnson noise makes a superior noise source, >> ^^^^^^^ >>>> if a physical source is desired. >> >>>Yours makes NOISE? Impressive... >>> >>>In this case, I guess entropy is preferable to atrophy, though. :-) >> >>Indeed. >> >>I've found that my Johnson only makes noise with the proper, er, >>peripheral, though... > >Geez, guys, what's this? Pound the physicist day? Johnson noise >is the Brownian motion of electrons in an electronic circuit. It >is the irreducible noise, often measured in temperature (obvious?) >Cheers, Charley And to think some folks perceive physicists as lacking a sense of humor... Johnson (n., [vulgar slang]) A euphemism for penis. joke (n. [L. jocus]) 1. Anything said or done to arouse laughter, as a humorous anecdote 2. a thing done or said merely in fun Tunny (steadfastly resisting any temptation to attempt humorous comment on "Brownian motion") ====================================================================== James A. Tunnicliffe | WWWeb: http://www.inference.com/~tunny Inference Corporation | PGP Fingerprint: CA 23 E2 F3 AC 2D 0C 77 tunny at Inference.com | 36 07 D9 33 3D 32 53 9C ====================================================================== begin 600 WINMAIL.DAT M>)\^(A\0`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <` M& ```$E032Y-:6-R;W-O9G0 at 36%I;"Y.;W1E`#$(`06 `P`.````S <,``0` M" `5`!P``P`?`0$@@ ,`#@```,P'# `$``@`%0`=``,`( $!"8 !`"$````P M.39&131!,#!&-$1$,#$Q.3,P0S P04$P,$$U1C8P1 `:!P$-@ 0``@````(` M`@`!!( !`$(```!;3F]IL"@P!0$P-4`@!C: K 102X at 5'62;@,` M8VP&D&9E(P[6/A5P!4 R)$ U)'\B("L'82,P:![@0R8036$G'N F_B?@6RXK MP%U()&%V(L$@ $`"6!;V@`@ (@(-QN;P0`)M `P&L'D2+P^'-U M< 9Q!;$MI"U@"'!H8V4L(W<@,'\Q!EYO,A0J^@:0+E%P*? `D&-_!T O93,P M!" -L "0&:$N22-W/',#`' ^)UA9!PAA!" N!$Y/25-%X"X$+:0#\/\IX"RQ)M 3H#O !) B($2A M[R-W+J(SD#QQ;#V'.,@@%GI'">!Z(B [(!A0(B!WW4'1)P0 at +,(WX5!!=41! M]S.C! `%0&0J8#?A+2L@%NLTD40B0 at -@=P,``Y$IP?\NT$*A,U ?0 60.Z$& M,0N /RAP`Z!.)B9P.I T\&-U 1X"(@'G8* MA0J%04&2 ]QF at 0N%.P68F0%:\)C)6IJ(H&&%A9&8ZL'1" MX?\X04J16L-BH%/#`9!-HSSC]VSC9@@%H&T'@ (P6W8#H.HB3/TB/E8]<7]R MCW.?/72O/64F):\FLC$`?"!B5W?@96(Z7 `"0'#0.B\O=WC + at N /&'+"? O ML"YNT2]^5$!JF.!01U @1B+!!) 3H!T+@'1X,%8A M7T R,R!*11(@1GW 04,H($1D(#!^4#L=YDC$"=\" _X$@,R&P M8# W($0Y at B!]P#.5?H S$B U?< Y0W$/OX2OA;^&SW5.5KP8P0"*````0 `Y M`"#VV#/_X;L!`P#Q/PD$```"`4<``0```#(```!C/553.V$](#MP/4EN9F5R M96YC93ML/4Q!3D1252TY-C$R,#0Q-C(Q,CA:+3$S,C0X`````@'Y/P$```!* M`````````-RG0,C 0A :M+D(`"LOX8(!`````````"]//4E.1D5214Y#12]/ M53U.3U9!5$\O0TX]4D5#25!)14Y44R]#3CU454Y.60```!X`^#\!````%0`` M`$IA;65S($$N(%1U;FYI8VQI9F9E``````(!^S\!````2@````````#`/H_`0```!4```!*86UE`#T``0````$````````` M"P`I```````+`",```````(!?P`!````40```#QC/553)6$]7R5P/4EN9F5R M96YC925L/4Q!3D1252TY-C$R,#0Q-C(Q,CA:+3$S,C0X0&QA;F1R=2YN;W9A 8=&\N:6YF97)E;F-E,BYC;VT^`````,I+ ` end From kkoller at panix.com Wed Dec 4 08:53:05 1996 From: kkoller at panix.com (captain.sarcastic) Date: Wed, 4 Dec 1996 08:53:05 -0800 (PST) Subject: no subject (file transmission) Message-ID: <199612041652.LAA07860@panix.com> >From cypherpunks-errors at toad.com Wed Dec 4 11:52:55 1996 Received: from RES2.RESNET.UPENN.EDU (root at RES2.RESNET.UPENN.EDU [130.91.195.242]) by mail2.panix.com (8.7.5/8.7.1/PanixM1.0) with ESMTP id LAA08214 for ; Wed, 4 Dec 1996 11:52:54 -0500 (EST) Received: from serve.com (serve.com [206.1.57.2]) by RES2.RESNET.UPENN.EDU (8.7.6/8.7.3) with ESMTP id LAA15135 for ; Wed, 4 Dec 1996 11:54:19 -0500 Received: from toad.com (toad.com [140.174.2.1]) by serve.com (8.7.6/8.7.3) with ESMTP id LAA32480 for ; Wed, 4 Dec 1996 11:47:45 -0500 Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id FAA12660 for cypherpunks-outgoing; Wed, 4 Dec 1996 05:30:37 -0800 (PST) Received: from uu.psi.com (uu.psi.com [136.161.128.3]) by toad.com (8.7.5/8.7.3) with SMTP id FAA12644 for ; Wed, 4 Dec 1996 05:30:24 -0800 (PST) Received: by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via UUCP; id AA29852 for ; Wed, 4 Dec 96 08:20:12 -0500 Received: by bwalk.dm.com (1.65/waf) via UUCP; Wed, 04 Dec 96 08:11:41 EST for cypherpunks at toad.com To: cypherpunks at toad.com Subject: Re: Angel and Javier can't unsubscribe! From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Comments: All power to the ZOG! Message-Id: Date: Wed, 04 Dec 96 08:10:48 EST In-Reply-To: Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y. Sender: owner-cypherpunks at toad.com Precedence: bulk "Timothy C. May" writes: > I'm beginning to think that Cypherpunks appeals especially to morons. > > --Tim May Me too. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From kkoller at panix.com Wed Dec 4 08:55:20 1996 From: kkoller at panix.com (captain.sarcastic) Date: Wed, 4 Dec 1996 08:55:20 -0800 (PST) Subject: no subject (file transmission) Message-ID: <199612041655.LAA08241@panix.com> >From cypherpunks-errors at toad.com Wed Dec 4 11:55:03 1996 Received: from RES2.RESNET.UPENN.EDU (root at RES2.RESNET.UPENN.EDU [130.91.195.242]) by mail1.panix.com (8.7.5/8.7.1/PanixM1.0+) with ESMTP id LAA17828 for ; Wed, 4 Dec 1996 11:55:01 -0500 (EST) Received: from serve.com (serve.com [206.1.57.2]) by RES2.RESNET.UPENN.EDU (8.7.6/8.7.3) with ESMTP id LAA15267 for ; Wed, 4 Dec 1996 11:56:37 -0500 Received: from toad.com (toad.com [140.174.2.1]) by serve.com (8.7.6/8.7.3) with ESMTP id LAA32629 for ; Wed, 4 Dec 1996 11:50:14 -0500 Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id FAA12517 for cypherpunks-outgoing; Wed, 4 Dec 1996 05:15:53 -0800 (PST) Received: from mule0.mindspring.com (mule0.mindspring.com [204.180.128.166]) by toad.com (8.7.5/8.7.3) with ESMTP id FAA12512 for ; Wed, 4 Dec 1996 05:15:48 -0800 (PST) Received: from default (slip166-72-219-242.ny.us.ibm.net [166.72.219.242]) by mule0.mindspring.com (8.8.2/8.7.3) with SMTP id NAA26708 for ; Wed, 4 Dec 1996 13:15:44 GMT Message-Id: <1.5.4.32.19961204131259.0069a9d0 at pop.pipeline.com> X-Sender: jya at pop.pipeline.com X-Mailer: Windows Eudora Light Version 1.5.4 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 04 Dec 1996 08:12:59 -0500 To: cypherpunks at toad.com From: John Young Subject: OPE_nup Sender: owner-cypherpunks at toad.com Precedence: bulk Two reports on BSA's letter Monday to Gore opposing crypto export regulations as "headed in the wrong direction." And claims the administration has "significantly backtracked" since announcing the new policy October 1. IBM, MS, et al are withdrawing earlier support for it. Without change, BSA said, encryption export policies will fail as did Administration policy of Clipper. ----- OPE_nup From kkoller at panix.com Wed Dec 4 08:55:21 1996 From: kkoller at panix.com (captain.sarcastic) Date: Wed, 4 Dec 1996 08:55:21 -0800 (PST) Subject: no subject (file transmission) Message-ID: <199612041655.LAA08274@panix.com> >From cypherpunks-errors at toad.com Wed Dec 4 11:55:04 1996 Received: from RES2.RESNET.UPENN.EDU (root at RES2.RESNET.UPENN.EDU [130.91.195.242]) by mail2.panix.com (8.7.5/8.7.1/PanixM1.0) with ESMTP id LAA08377 for ; Wed, 4 Dec 1996 11:55:02 -0500 (EST) Received: from poboxer.pobox.com (poboxer.pobox.com [207.8.188.2]) by RES2.RESNET.UPENN.EDU (8.7.6/8.7.3) with ESMTP id LAA15261 for ; Wed, 4 Dec 1996 11:56:28 -0500 Received: from toad.com (toad.com [140.174.2.1]) by poboxer.pobox.com (8.7.6/8.7.1) with ESMTP id LAA29435 for ; Wed, 4 Dec 1996 11:54:13 -0500 Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id FAA12478 for cypherpunks-outgoing; Wed, 4 Dec 1996 05:12:53 -0800 (PST) Received: from spain.it.earthlink.net (spain-c.it.earthlink.net [204.119.177.66]) by toad.com (8.7.5/8.7.3) with ESMTP id FAA12473 for ; Wed, 4 Dec 1996 05:12:48 -0800 (PST) Received: from prosac (Cust62.Max20.Boston.MA.MS.UU.NET [153.35.79.62]) by spain.it.earthlink.net (8.7.5/8.7.3) with SMTP id FAA09364; Wed, 4 Dec 1996 05:12:32 -0800 (PST) Message-ID: <32A579A8.718 at earthlink.net> Date: Wed, 04 Dec 1996 08:16:24 -0500 From: Stephen Boursy X-Mailer: Mozilla 2.0 (Win95; U) MIME-Version: 1.0 To: freedom-knights at jetcafe.org CC: cypherpunks at toad.com Subject: Re: The Rise and Fall of Cypherpunks WAS [Re: the Dennings] References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-cypherpunks at toad.com Precedence: bulk Sandy Sandfort wrote: > > C'punks, > > On Tue, 3 Dec 1996, Dave Hayes wrote: > >> The very existance of the "profane" keeps the "sacred" in >> existance as well. If you cannot see that, then John Grubor's >> lesson is wasted on you. > > If this bit of verbal legerdemain makes any sense at all > (Logos?), then Grubor must be personally responsible for the > existance of every saint on the Catholic calendar...not. Well saints come on go on the Roman Catholic calander--doesn't mean a hell of a lot. Dr. Grubor does an excellent job of bring the vermin out of the woodwork. Steve From kkoller at panix.com Wed Dec 4 09:13:44 1996 From: kkoller at panix.com (captain.sarcastic) Date: Wed, 4 Dec 1996 09:13:44 -0800 (PST) Subject: no subject (file transmission) Message-ID: <199612041713.MAA12742@panix.com> >From cypherpunks-errors at toad.com Wed Dec 4 12:13:32 1996 Received: from RES2.RESNET.UPENN.EDU (root at RES2.RESNET.UPENN.EDU [130.91.195.242]) by mail1.panix.com (8.7.5/8.7.1/PanixM1.0+) with ESMTP id MAA19692 for ; Wed, 4 Dec 1996 12:13:31 -0500 (EST) Received: from poboxer.pobox.com (poboxer.pobox.com [207.8.188.2]) by RES2.RESNET.UPENN.EDU (8.7.6/8.7.3) with ESMTP id MAA16268 for ; Wed, 4 Dec 1996 12:15:08 -0500 Received: from toad.com (toad.com [140.174.2.1]) by poboxer.pobox.com (8.7.6/8.7.1) with ESMTP id MAA32202 for ; Wed, 4 Dec 1996 12:12:55 -0500 Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id FAA12796 for cypherpunks-outgoing; Wed, 4 Dec 1996 05:40:42 -0800 (PST) Received: from uu.psi.com (uu.psi.com [136.161.128.3]) by toad.com (8.7.5/8.7.3) with SMTP id FAA12790 for ; Wed, 4 Dec 1996 05:40:24 -0800 (PST) Received: by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via UUCP; id AA02842 for ; Wed, 4 Dec 96 08:38:47 -0500 Received: by bwalk.dm.com (1.65/waf) via UUCP; Wed, 04 Dec 96 08:32:49 EST for cypherpunks at toad.com To: cypherpunks at toad.com, freedom-knights at jetcafe.org Subject: Re: The Rise and Fall of Cypherpunks WAS [Re: the Dennings] From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Comments: All power to the ZOG! Message-Id: Date: Wed, 04 Dec 96 08:22:00 EST In-Reply-To: <32A579A8.718 at earthlink.net> Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y. Sender: owner-cypherpunks at toad.com Precedence: bulk Stephen Boursy writes: > Sandy Sandfort wrote: > > > > C'punks, See punks post. See punks rant. See punks flame. Laugh, laugh, laugh. > > On Tue, 3 Dec 1996, Dave Hayes wrote: > > > >> The very existance of the "profane" keeps the "sacred" in > >> existance as well. If you cannot see that, then John Grubor's > >> lesson is wasted on you. > > > > If this bit of verbal legerdemain makes any sense at all > > (Logos?), then Grubor must be personally responsible for the "Logos" suffers from verbal diarrhea and can only be pitied. Anonymous cowards like him are the worst enemy of crypto-enhanced privacy. > > existance of every saint on the Catholic calendar...not. > > Well saints come on go on the Roman Catholic calander--doesn't > mean a hell of a lot. We have a Greek Orthodox church of St. Dimitri not too far from here. They mistakenly think that I'm Greek and send me the same newsletter they send to everybody else named Dimitri. Some of it is in English, so I learned quite a bit about the life of the original St. Dimitri: He was a foul-mouthed Greek who lived in 3rd century CE and got into trouble for badmouthing the Romans and other Pagans. I suppose he's an RC saint too. I used to work for the Jesuits - very educational. He is not to be confused with the Russian St. Dimitri Donskoy who beat the shit out of the Mongols. That was after the schism, so he's _not RC saint. > Dr. Grubor does an excellent job of bring the vermin out of > the woodwork. Yes - thank you Dr. Grubor for your fine work. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From alan at ctrl-alt-del.com Wed Dec 4 09:17:28 1996 From: alan at ctrl-alt-del.com (Alan Olsen) Date: Wed, 4 Dec 1996 09:17:28 -0800 (PST) Subject: Codebreakers on the shelves! Message-ID: <3.0.1.32.19961204090346.010a4898@mail.teleport.com> The Codebreakers by Kahn is available at some stores. (Powell's Technical books in Portland, OR has copies. It is right next to Applied Cryptography.) It has not filtered down to some ordering systems, so some bookstores claim it is out of print. Warning: The book is $65.00 hardbound! (It is also *NOT* a small book. It is large. About 2000 pages by my guess. (Maybe more. I was being pulled out of the bookstore at the time. My wife was trying to save me from the evil mind control rays of Powell's Tech books.) I know what is on my shopping list for Christmas. --- | "Spam is the Devil's toothpaste!" - stuart at teleport.com | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.ctrl-alt-del.com/~alan/ |alan at ctrl-alt-del.com| From mjmiski at execpc.com Wed Dec 4 09:27:03 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Wed, 4 Dec 1996 09:27:03 -0800 (PST) Subject: Message-ID: <3.0.32.19961204112605.006a6514@execpc.com> >>I consider it my business also, when people are denied opportunity because >>of where they live. > >Why not simply disagree with me? You do not believe that people may >lend their very own money, earned honestly, to anybody they please. Actually, I never said that. Anyone may. I may hire only white people (even with the intent not to hire others). I will also pay the consequences. And if someone feels that they need to do this, the teachers of civil disobedience indeed state it is their duty to. Anyone may give their money to whomever they choose. I was simply stating it was morally wrong. >If you are ashamed of that, change your mind. If you are not ashamed, >proclaim it the world and justify it. I have never been ashamed of my opinions. Its just that I never said they couldn't do it. I justify my position as follows: It is costly to everyone in the state to have areas of under and unemployment, poverty and usually high-crime rates. It is unjust and costly to deny opportunity based upon residence. It is just and efficient to allow markets to indeed be free instead of falsely supporting a certain hegemony based upon residence. Free and full competition is the only way to achieve a free market. This can only happen when access to capital is equal with regard to worthless indicators (race, sex, residence and aga's favorite, sexual orientation). I have never suggested that provably bad credit risks should be given money. >>I may also hire whomever I wish, but I would have to pay the >>consequences if I happened to discriminate based on a protected class >>while doing so. That is the society in which I live. If I dont like >>it, I try to change it. Our society is not libertarian. > >Current policy doesn't matter if we are discussing the wisdom or >justice of possible policies. It does if my argument is that this part of the system *is* just. I realize you disagree, but I am sure you are not dismissing my argument out-of-hand. If you disagree, as you say, then disagree. >It isn't clear to me whether you are discussing policy options or >whether one should violate laws one does not like. When an action is >illegal, it is still permissible to discuss its legalization. I agree. I am not arguing that we need to withdraw Title VII. Aparently you are? >>There are times when government should intervene. I believe it >>should be as infrequent as possible, but would not want to live in a >>society where disinfranchised people have no possible recourse. Your >>choice would apparently be different. > >Perhaps. In any event, it is important to understand precisely the >mechanisms through which people are disenfranchised, if that is in >fact what has happened. It is also important to understand the >ramifications of phrases like "no possible recourse". To borrow >money? It is safe to say that most poor people should be saving money >rather than borrowing it. Why are you stepping around your opinion? "...if that is in fact what has happened." Just say it. You do not believe poor people are disenfranchised. I understand the ramifications of "no possible recourse". How should poor people save money? Through some forms of civil disobedience like stealing food and clothes and then putting that money in the bank? Of course, the police will understand. The government will back them. Look, capital begets capital. I favor increasing opportunity. As I will discuss below, there are reasons why capital does not flow to poor areas. >>I have not heard serious doubts for a while that redlining occurs. > >It seems likely that people draw lines around certain areas and decide >not to lend money there. What is less clear is that this is >unreasonable. There may be a few good credit risks in poor >neighborhoods. But, it may just be too much trouble weeding through >the others to make it a paying business. I thought that it didnt matter where people came from as long as the risk was low in reality. Banks weed through the people coming to them from the suburbs. Is it harder for them to see past a red line? More costly? How? It is too much trouble because of the way that bankers think. >It may also be the case that people lending money are behaving >irrationally and drawing lines around neighborhoods for simple racial >reasons and for no others. There is a word for this: opportunity. It also screws up the market. I am glad that you admit that racism is irrational. That is the core as to why the problem doesnt go away. It is an infinite loop. Current interests wont go there. Generally, people who understand the problem are without access to capital. They would like to go there. They cant get capital. When they approach current interests, they wont go there. >Bank of America was built by a man who perceived and exploited one >such opportunity. Italian shop keepers in California could not get >good banking services for, it turned out, irrational reasons. > There are a few examples of people who actually realize this as a problem/opportunity. Oddly enough, this point reinforces mine. Redlining did exist. Bank of America realized it and made a lot of money. But it still exists elsewhere. Why dont business plans around the country spring up on venture capitalists desks with an approved stamp on them? >>I would love to have the financial wherewithal to startup such an >>enterprise. Unfortuantely I reside in one such neighborhood. > >People start businesses without their own capital all the time. If >there really is such a great opportunity, go find some rich people. >Rich people, like other people, are always happy to hear about ways to >make more money. Ahhh. This is the key (which I probably did not make as clear as I should have). They wont. It is a bit irrational, I know. But we just discussed irrationality. Racism doesnt see green. If it did, I agree with you that capital would flow there. It doesnt. >They don't even have to put the money in for a long >time. Once you've set up a package of mortgages, you can sell them >off on the CMO market which is liquid and, I believe, quite >colorblind. The beauty of this scheme is that you can take your >profits right away and let other people take on the long term interest >rate risk, default risk, and management hassles. This will make your >plan easier to sell to investors. I agree with you that it is a financially attractive proposition. At the Center for Public Representation where I worked during Law School we approached investors. The ROI was extremely attractive not to mention the added "goodwill" in a largely liberal community (I went to Law School in Madison, Wisconsin). No one bit. Hmm? >You might also look into the microlending market. The idea is to lend >poor people small amounts of money (less than $10,000) to start >businesses and the like. The default rates are claimed to be >surprisingly low. I have my doubts, but it sounds as if you do not. >Good luck. Actually, I am very glad you brought it up because I was just going to. Microloans are successful not only in this country but in India and around the world as well. The Grammeen Bank initiated its microloan program in India by loaning usually less than $100 to individuals. They fixed up their residences or started extremely small businesses. The default rate was less than 5%. (BTW, the system also encouraged community by a system of cyclical neighborhood lending where neighbors took responsibility for neighbors). Compare this now to people whom banks would generally consider a good risk. College Graduates. Generally, these folks live outside of the red line. Good risks right? What about those nasty student loan default rates? The red lines dont make business sense. >>It is difficult enough to raise money to run a small business (and >>turned out to be much easier to do without any bank lending at all). >>I have talked with people about starting their own banks. > >In principle, there is no reason at all why banks are the only >institutions that can lend money for mortgages. There may be legal >impediments, but then we are back to the actual culprit, the >government. > >You might find that opening a bank was easier if all you had to do was >take deposits and lend money rather than wading through the morass of >legal requirements and paperwork. I favor the elimination of illogical regulation. I favor ridding banks of burdensome personal property taxes. Hopefully the deregulation set for 1997 will help. My desire for regulation in this case is to eliminate redlining. It is far more burdensome to retain this system than it would be to eliminate it. >>When you are working to make sure all the bills are paid it is a bit >>difficult to also build an entirely new socio-economic structure. > >You don't have to build an entirely new socio-economic structure. You >just have to find some good credit risks, some people with money to >lend, and put them together taking a cut for yourself, unless the >government has thrown up some obstacles to this. I wish it were this easy. Economically depressed areas need new structures built. The current structure adds to the cycle of poverty. First, earnings are low. Second, costs are high (Warehouse foodstores dont locate there so corner stores become the means of feeding the family ($$$)). Again, business plans have been presented to no avail. Even private foundation subsidized events were tried. To no avail. >No, actually they do care, they just don't think (correctly) that they >can get it easily. > >I have no idea if your local bank has "anonymous accounts". More >probably, they have accounts for which they do not report transactions >in excess of $10,000, but which are held by people they know fairly >well. This is more common than you might think, and not just for >laundering drug money. Tax evasion is widely practiced. I am aware of this. But drug dealers hold more cash than CEO's. Aparently the laundromat isnt open for everyone. ;-) >But wouldn't the racist banks be hurting their business? Doesn't the >punishment go quite closely with the "crime"? They would not be making as much as they could. Irrational, I know. >If you believe that there is a huge opportunity which the racist banks >(i.e., all of them) will not take advantage of, you had better explain >why there is nobody anywhere with any capital who wouldn't want to >make even more money off poor people. Can it really be the case that >99+% of rich people will run fleeing from such a great opportunity? I once believed much like you. I saw an "opportunity" the existance of which I could not explain. It seemed irrational. And it was. Racism is irrational. As you seem aware (BTW, I applaud you on what seems to be an honest degree of care) some are trying to break through the cycle. The south side of Chicago recently started there own bank. It is working. As you mention, historically, the Bank of America story. Redevelopment efforts "seem" to abound. >Oh, and speaking of racism, where do wealthy African-Americans invest >their money? Huh? What is your point? >>Everyone can now clamor that it just isnt true. Banks have never >>discriminated. Its all a big lie. Whatever. > >Banks have practiced discrimination, and not just against black >people. They have been able to get away with it. How? Because the >government has protected the banking guild from competition. > >If opening a bank were as easy as forming a corporation, you would not >see much discrimination, I assure you. There is no reason why a bank >shouldn't be that easy to open. We agree. But I feel that a legal elimination of redlining would decrease costs to the industry. >Appeals to the very people who are exploiting you are not likely >to meet with success, are they? If they never did we would still have slavery and only white, adult, male, land-owners would vote. While success is rare, it has prevailed when the cause is just. >>The real world I live in is just not as simple as the Libertarian Wet >>Dream(TM). > >Then it should be fairly easy to refute my points instead making >fatuous remarks such as the one above. Come on, one fatuous remark in a whole post? I thought that was good ;-) >Red Rackham > Matt From declan at well.com Wed Dec 4 09:40:44 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 4 Dec 1996 09:40:44 -0800 (PST) Subject: Singapore Sling -- A second look, from The Netly News Message-ID: ---------- Forwarded message ---------- Date: Wed, 4 Dec 1996 12:38:28 -0500 (EST) From: Declan McCullagh To: fight-censorship at vorlon.mit.edu Subject: Singapore Sling -- A second look, from The Netly News The Netly News http://netlynews.com December 4, 1996 SINGAPORE SLING By Declan McCullagh (declan at well.com) ����Singapore seems to possess no more resolution than some primitive VR world. There is no dirt whatsoever, no muss, no furred fractal edge to things. Outside, the organic, florid as ever in the tropics, has been gardened into brilliant green, and all-too-perfect examples of itself. ����At least that's what William Gibson wrote about the country in Wired magazine three years ago. I'm in Singapore now to find out what's happened since then. ����Marvin Tay stands at the exit to the airport, waving a copy of the December issue of Wired in semaphore, as animated and affable as the corridors of the Changi Airtropolis are chilly and sterile. Marvin works at Information Frontiers Ltd, a local Internet firm. He's also my self-appointed tour guide and critic. "You've developed quite a reputation around here," he tells me on the drive into town. To Marvin, my criticisms of Singapore in previous columns were too harsh. The country is not a police state. Gibson was wrong. Singapore is not "Disneyland with a death penalty." ����Marvin is one of Singapore's growing number of digerati. Glued to his handphone, he tears around the island in a late-model Alfa Romeo that, thanks to the astronomical auto taxes, cost him more than I make in three years. "The government is basically very paternalistic," he says. "Like your government and J. Edgar Hoover in the 1950s." He doesn't seem to mind. Business is good. We drive on. ����Indeed, Singapore is like the U.S. of four decades ago. It's like flying into a kind of twisted central-planning father-knows-best time warp. Lining the streets next to such quintessentially American stores as Reebok, Esprit and Timberland are government agencies like the Board of Film Censors and buildings housing the "Social Development Unit" government-run dating service and the "Home Ownership for the People Scheme." Yet Singapore is aggressively marketing itself as an information city of the future. Data will flow through its cyber-byways and as an online hub the nation will prosper as it did as a 19th century trading center. At least that's the plan. ����Singapore's commitment to free trade is long-standing. Settled by the British in 1819, the 585-square kilometer island quickly became Fortress Singapore, the empire's key southeast Asia trading post. After WWII and independence from the crown came Prime Minister Lee Kuan Yew, a censor-happy kind of politico whose accomplishments include a ban on jukeboxes. Lee Kuan Yew believes that this tiny island-nation prospers best under a blend of economic freedom and strict social controls. Political liberty is to be shoved aside in favor of strengthening economic muscle. As Ian Buruma writes in a recent issue of TIME Asia, now that Asians are in power themselves, they endorse the essentially colonial idea that Asian people are not yet ready for freedom. The public must become better educated, or wealthier, or more disciplined, or more virtuous. The point is that for an authoritarian government, people are never ready for freedom, not just yet. ����The traffic light turns yellow. We screech to a stop. Marvin glances at me. "Here we slow down for a yellow light," he explains. All is proper. Order is king. ����That's why criticizing Singapore is almost too easy. Chaos is verboten. Chewing gum sales are prohibited. Sell drugs, you face the gallows. Canings are routine. Playboy, Penthouse and Cosmo all are banned. (The offending article in Cosmo was the one giving women tips on how to commit adultery and not get caught.) Even a recent episode of "Friends" was censored. This summer, of course, the Singapore Broadcasting Authority (SBA) decided to regulate the Net. Now Internet traffic crossing the border must flow through filters blocking sites that may cause impure thoughts. ����But still. . . People live here. What do they think of this? ����In the five days I've spent here so far, at cafes on the Boat-quay, in government offices lining Orchard Road and over Indonesian oxtail soup, I've learned that netizens in Singapore are slightly embarrassed. They don't particularly care for the SBA's regs, yet they defend them with the lackluster effort that Americans might reserve for justifying the wackier actions of the U.S. Congress. "Americans distrust the government," the locals say. "Singaporeans don't. You know they'll do it right. The government has a track record of success." Small surprise; nobody likes to hear outsiders criticizing their culture. ����What's more, goes the argument, the SBA has only extended existing rules to the Net. "How can we argue for Net freedom without attacking the existing laws?" one lawyer asks me. Marvin suggests an answer: you can't. "Outwardly, Singaporeans may look like any western people. But by culture, by value, they're still Asian," he says. ����"Do we look repressed here?" a group of soc.culture.singapore denizens asks me. Marvin has driven me to one of the cyber-cafes overlooking the waterfront. I rest my $4 lime juice on one of the Sun Sparcstation 4s tied into a T-1. "No," I say. ����Perhaps it's that wealth, the economic riches so evident in the glittering glass-and-steel office towers, that permits Singapore cyberians to tolerate broad restrictions on online speech. Or perhaps it's the fact that the nation has no First Amendment tradition -- its constitution includes explicit provisions for government censorship. Besides, the restrictions arguably aren't overly burdensome. Only about 100 overseas sites are blocked by the proxy filters, and circumventing these automated border police is a snap. [...] From sunder at brainlink.com Wed Dec 4 09:42:21 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Wed, 4 Dec 1996 09:42:21 -0800 (PST) Subject: your mail In-Reply-To: Message-ID: On Tue, 3 Dec 1996, logos wrote: > An anonymous poster wrote: > > >Timothy C[*] May, a product of a* birth, appeared with > >coathanger through his head. > > >/o)\ Timothy C[*] May > >\(o/ > > I respectfully ask that the author of this post contact > me. I am curious about his or her motives and would > appreciate it if he or she would address these questions: > 1) Why are you attacking Tim May? Has he harmed you in > some way? > 2) Do you think such posts harm Tim May or help you in > some fashion? > 3) What do you hope to accomplish by these posts? > 4) Do you favor the use of strong cryptography to > preserve privacy? > 5) If Yes, do you think such posts are constructive to > that end? If No, is it your intent that your posts harm the > cause of strong cryptography and privacy? > 6) Why have you chosen to hide your true identity? Just ignore them - Vulis is on the rag again. Someone please buy Vulis a box of anal tampons so he can calm down. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From nobody at cypherpunks.ca Wed Dec 4 09:59:34 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Wed, 4 Dec 1996 09:59:34 -0800 (PST) Subject: Sorry for the "TWIT" messages Message-ID: <199612041753.JAA18678@abraham.cs.berkeley.edu> Don't worry about it. You don't have to send anyone any more messages to confirm your twit-ness. diGriz > >Hi, > >Well seems I had a rather intresting morining. :) After receiving several "Phreak messages >I went to modify my "twit" scripts. Unfortunatly the changes I made caused ~50 "twit" >messages to go out. My appologies to anyone who received these messages. > >Thanks, > >-- >----------------------------------------------------------- >William H. Geiger III http://www.amaranth.com/~whgiii >Geiger Consulting WebExplorer & Java Enhanced!!! From whgiii at amaranth.com Wed Dec 4 10:53:37 1996 From: whgiii at amaranth.com (whgiii at amaranth.com) Date: Wed, 4 Dec 1996 10:53:37 -0800 (PST) Subject: Wasting your time :) In-Reply-To: Message-ID: <199612042011.OAA12269@mailhub.amaranth.com> In , on 12/04/96 at 07:15 AM, logos said: > I have been unfailingly polite to you. Do you have it >within your character to respond to me in kind? Good 'ol Dimitri :) What can be said other than Dimitri is Dimitri. He has a long and colorfull history of this childish behavior not only on the cypherpunks list but is well know on many of the UseNet Newsgroups. You may also note that many of the more "colorfull" anonymous postings are of the same format and most likely can be traced back to our good doctor. -- ----------------------------------------------------------- whgiii at amaranth.com ----------------------------------------------------------- From Mullen.Patrick at mail.ndhm.gtegsc.com Wed Dec 4 11:06:14 1996 From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick) Date: Wed, 4 Dec 1996 11:06:14 -0800 (PST) Subject: new mailing list & ITAR Message-ID: ==========> _______________________________________________________________________________ From: Michael C Taylor (CSD) on Wed, Dec 4, 1996 13:54 On Tue, 3 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > Meta-question: if someone posts strong crypto source code to the > moderated mailing list, can the moderator(s) be prosecuted under ITAR? The moderator would not prosecuted if the moderator & host machine wasn't located in USA and not a USA citizen and if the post was not from USA. The poster may be a target if located inside USA or a USA citizen. The moderator might be prosecuted if the post originated inside USA or went through USA to be exported outside USA & Canada. Welcome to the rest of the world. ---- Michael C. Taylor Programmer, Mount Allison University <========== Wouldn't this be the case only if it was a *moderated* list? If it's moderated, the list operator becomes a _publisher_ and is responsible for it's content. If it's *unmoderated*, the list operator is a _distributor_ and therefore not responsible for the content his medium provides. Just like how a bookstore isn't responsible for the contents of the books; the publishers/authors are. (Well, public opinion may drive a store out of town, just like public opinion may kill a listserv...) My apologies if I'm behind in the times and this decision no longer stands. PM #include Spyjure at comports.com http://www.netforward.com/comports/?Spyjure Crypto-Anarchy-Security esp. WRT Linux From dlv at bwalk.dm.com Wed Dec 4 11:26:00 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Dec 1996 11:26:00 -0800 (PST) Subject: new mailing list & ITAR In-Reply-To: Message-ID: "Michael C Taylor (CSD)" writes: > On Tue, 3 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > > > Meta-question: if someone posts strong crypto source code to the > > moderated mailing list, can the moderator(s) be prosecuted under ITAR? > > The moderator would not prosecuted if the moderator & host machine wasn't > located in USA and not a USA citizen and if the post was not from USA. > > The poster may be a target if located inside USA or a USA citizen. The > moderator might be prosecuted if the post originated inside USA or went > through USA to be exported outside USA & Canada. Years ago I was participating in a moderated cryptography mailing list hosted in Japan. I'm sorry I don't recall the name of our gracious moderated from Tohoku U. Eventually he had no time for it and let it die. Anyway I recall posting Gilmore's DES code to that list. How ironic. Anyway, it looks like almost every packet these days goes via mae-west and/or mae-east. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Wed Dec 4 11:56:10 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Dec 1996 11:56:10 -0800 (PST) Subject: Modulating the FM noise spectrum considered infeasible In-Reply-To: <1.5.4.16.19961204051022.32b74fec@mail98.internetMCI.com> Message-ID: Charley Musselman writes: > At 10:38 AM 12/3/96 -0500, Bob Hettinga wrote: > >At 9:52 am -0500 12/3/96, James A. Tunnicliffe wrote: > >> At 2:55 am -0500 12/3/96, Timothy C. May wrote: > >>> [...]Having said this, Johnson noise makes a superior noise source, > > ^^^^^^^ > >>> if a physical source is desired. > > > >>Yours makes NOISE? Impressive... > >> > >>In this case, I guess entropy is preferable to atrophy, though. :-) > > > >Indeed. > > > >I've found that my Johnson only makes noise with the proper, er, > >peripheral, though... > > Geez, guys, what's this? Pound the physicist day? Johnson noise > is the Brownian motion of electrons in an electronic circuit. It > is the irreducible noise, often measured in temperature (obvious?) That's what I mean when I call the "cypher punks" "uncouth juveniles". To them "Johnson" is only another name for a penis. Elliptic curves are off-topic. One time pads are succeptible to brute-force attacks. Etc. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From security at kinch.ark.com Wed Dec 4 12:09:18 1996 From: security at kinch.ark.com (Dave Kinchlea) Date: Wed, 4 Dec 1996 12:09:18 -0800 (PST) Subject: The Good dr. Dobbs In-Reply-To: <96Dec5.012029gmt+0800.21892@portal.extol.com.my> Message-ID: On Thu, 5 Dec 1996, pclow wrote: > Sorry Dr Boz, but all I saw on the page was this : > > "404 Not Found > > The requested URL /whitepaper.htm was not found on this server. " It probably wouldn't have hurt you to try: www.dsnt.com/whitepaper.html as dropping (or adding) the trailing "l" is a common mistake, one appearently made in this case as well. cheers, kinch From rcgraves at ix.netcom.com Wed Dec 4 12:18:36 1996 From: rcgraves at ix.netcom.com (Rich Graves) Date: Wed, 4 Dec 1996 12:18:36 -0800 (PST) Subject: PRIVACY: X-No-Archive and mail.cypherpunks In-Reply-To: <199612031615.KAA03400@manifold.algebra.com> Message-ID: <32A5DC5B.3411@ix.netcom.com> FYI, the search engines that honor an X-No-Archive header also tend to skip posts with X-No-Archive: yes as the first line of the body of the message. IMO this is preferable anyway, because it lets your readers know what you're doing. -rich From nobody at cypherpunks.ca Wed Dec 4 12:27:46 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Wed, 4 Dec 1996 12:27:46 -0800 (PST) Subject: Mounties charge dealer over sales of U.S. Dishes Message-ID: <199612042020.MAA22897@abraham.cs.berkeley.edu> By Robert Brehl - Toronto Star Business Reporter Canada's satellite wars have heated up with the first dealers of the U.S. DirecTV dishes being arrested and charged under the federal Radiocommunication Act. ``Iraq doesn't allow its citizens to have satellite dishes either,'' said Stan LeBlanc, a dealer in Yarmouth, N.S., who was charged. ``Never thought I'd see the day when 12 or 15 Mounties would storm into my building because I'm selling things the public wants.'' LeBlanc was charged this week after Royal Canadian Mounted Police raided his electronics store Nov. 13 and seized 83 access cards for DirecTV set-top boxes, some computers, cash and two satellite dishes. The Mounties have raided dozens of satellite dealers from coast-to-coast, except in Ontario, since June. Now formally charged are LeBlanc; his father, Ray Sr.; and David Lloyd Williams. LeBlanc said the access cards were not the so-called pirate cards that allow viewers to watch DirecTV programming for free. The cards seized require customers to have U.S. addresses for DirecTV bills, he said. The dealers have been charged with possessing and selling equipment that decodes encrypted satellite signals. LeBlanc said he has seven competitors in Yarmouth that also sell U.S. satellite dishes, and none was charged. ``When they raided me, they even parked in one of my competitor's parking lots under a sign advertising the 18-inch dishes,'' LeBlanc said. Last month, Industry Minister John Manley issued a warning to satellite dealers and TV viewers that selling or using U.S. dishes could be illegal. Canada is estimated to have more than 200,000 U.S. dishes. Three Canadian firms have been licensed to offer direct-to-home satellite service, but none has yet launched. RCMP officials in Nova Scotia could not be reached last night. From haystack at cow.net Wed Dec 4 12:28:50 1996 From: haystack at cow.net (Bovine Remailer) Date: Wed, 4 Dec 1996 12:28:50 -0800 (PST) Subject: No Subject Message-ID: <9612042014.AA25633@cow.net> At 11:26 AM 12/4/1996, Matthew J. Miszewski wrote: >>>I consider it my business also, when people are denied opportunity because >>>of where they live. >> >>Why not simply disagree with me? You do not believe that people may >>lend their very own money, earned honestly, to anybody they please. > >Actually, I never said that. You say it below. >Anyone may. I may hire only white people (even with the intent not >to hire others). I will also pay the consequences. And if someone >feels that they need to do this, the teachers of civil disobedience >indeed state it is their duty to. > >Anyone may give their money to whomever they choose. I was simply stating >it was morally wrong. > >>If you are ashamed of that, change your mind. If you are not ashamed, >>proclaim it the world and justify it. > >I have never been ashamed of my opinions. Its just that I never said they >couldn't do it. I justify my position as follows: > >It is costly to everyone in the state to have areas of under and >unemployment, poverty and usually high-crime rates. > >It is unjust and costly to deny opportunity based upon residence. > >It is just and efficient to allow markets to indeed be free instead of >falsely supporting a certain hegemony based upon residence. > >Free and full competition is the only way to achieve a free market. This >can only happen when access to capital is equal with regard to worthless >indicators (race, sex, residence and aga's favorite, sexual orientation). See, right above there. If I earned my very own money honestly and I choose to lend it only to Albanians, you believe that this would be inefficient and, therefore, forbidden. In other words, you do not believe that I should be able to lend money to anybody I please. You can call it "equal access to capital" or "denial of opportunity", but the clearest and simplest description is that you believe I should not be able to lend my money to whomever I please. Instead of pretending otherwise, just say "I believe you should not be able to lend your own money which you earned honestly to anybody you please. I believe you should be allowed only to lend money in these circumstances..." Of course, non-discrimination is a vague term. Let's say I lend money only to people I know. I only know Albanians. Am I therefore a racist in my lending practices? That is unclear. Am I racist in my choice of friends? Perhaps we should make that illegal. >I have never suggested that provably bad credit risks should be given money. What is irksome is that you are talking about Other People's Money and not your own. The perspective tends to change when it's your own savings on the line. >>>I may also hire whomever I wish, but I would have to pay the >>>consequences if I happened to discriminate based on a protected class >>>while doing so. That is the society in which I live. If I dont like >>>it, I try to change it. Our society is not libertarian. >> >>Current policy doesn't matter if we are discussing the wisdom or >>justice of possible policies. > >It does if my argument is that this part of the system *is* just. I >realize you disagree, but I am sure you are not dismissing my argument >out-of-hand. If you disagree, as you say, then disagree. Actually, I have trouble following your argument. Please forgive me for my limited intelligence. If you are arguing that the current policy is just, that question is not related to whether it is the current policy. But, I suppose you were just sort of observing on the side something like "oh, and by the way, this is current policy." >>It isn't clear to me whether you are discussing policy options or >>whether one should violate laws one does not like. When an action is >>illegal, it is still permissible to discuss its legalization. > >I agree. I am not arguing that we need to withdraw Title VII. Aparently >you are? I do not know what is in Title VII. Perhaps it would be better to ask me about particular policies. >>>There are times when government should intervene. I believe it >>>should be as infrequent as possible, but would not want to live in a >>>society where disinfranchised people have no possible recourse. Your >>>choice would apparently be different. >> >>Perhaps. In any event, it is important to understand precisely the >>mechanisms through which people are disenfranchised, if that is in >>fact what has happened. It is also important to understand the >>ramifications of phrases like "no possible recourse". To borrow >>money? It is safe to say that most poor people should be saving money >>rather than borrowing it. > >Why are you stepping around your opinion? "...if that is in fact what has >happened." Just say it. You do not believe poor people are >disenfranchised. In fact, I am open to the possibility that poor people really are disenfranchised. But, if I am to believe that I must hear an explanation that makes sense to me. If poor people are poor because absolutely nobody will do business with them for completely irrational reasons, that seems extremely unlikely. Even if most rich people are able to control their greed just to punish poor people of the wrong race, which is already hard to believe, you actually have to claim that they are all this way. >I understand the ramifications of "no possible recourse". How should >poor people save money? Just like anybody else does. You watch every penny. You don't eat meat. When you buy food, you buy inexpensive healthy food like lentils instead of expensive unhealthy food like Coca-Cola and potato chips. You do not go to McDonald's. You walk when you can instead of taking the bus or you ride a (used) bicycle. You don't smoke cigarettes. You do not buy alcohol. You do not buy other recreational drugs. You buy your clothing used. You economize on your living arrangements, perhaps by having a large number of roomates. (Note that this is illegal in most cities. That is a form of disenfranchisment.) You do not make long distance calls. If you can, you share a phone with other people. etc. etc. etc. If you know poor people, you will know that few of them do these things. Also, you work hard to increase your earnings. You show up at work on time every time. You develop a good work ethic. You wear clean professional clothing at work. You treat your employer and coworkers with respect. etc. etc. etc. Read "Your Money or Your Life" by Joe Dominguez and Vicki Robin. It outlines a workable program that all poor people - and quite a few others - will be able to use to their benefit. >>>I have not heard serious doubts for a while that redlining occurs. >> >>It seems likely that people draw lines around certain areas and decide >>not to lend money there. What is less clear is that this is >>unreasonable. There may be a few good credit risks in poor >>neighborhoods. But, it may just be too much trouble weeding through >>the others to make it a paying business. > >I thought that it didnt matter where people came from as long as the risk >was low in reality. Banks weed through the people coming to them from the >suburbs. Is it harder for them to see past a red line? More costly? How? If you are going through prospective leads and the number of qualified people is, say, 10 in 1000, you will make a lot more money than going through a pool of leads that only has 1 qualified person per 1000. >>It may also be the case that people lending money are behaving >>irrationally and drawing lines around neighborhoods for simple racial >>reasons and for no others. There is a word for this: opportunity. > >It also screws up the market. But why isn't that good news? If it's really market inefficiency, why not exploit it? >I am glad that you admit that racism is irrational. A lot of human activity is irrational. In the case of racism, it is difficult to even define what it is for the purpose of writing a law under which people are to be prosecuted. This undermines the rule of law in the United States and opens the way to abuse and political corruption. Probably that was the idea. But, even if it were possible to define precisely what racism is, I would still believe it should be legal. There is no accounting for taste and it is wrong to dictate it to other people when they are causing no harm to others. >That is the core as to why the problem doesnt go away. It is an >infinite loop. Current interests wont go there. Not one? Absolutely no one? That's pretty hard to believe. >Generally, people who understand the problem are without access to >capital. They would like to go there. They cant get capital. When >they approach current interests, they wont go there. Maybe there's something funny about the deal. >>Bank of America was built by a man who perceived and exploited one >>such opportunity. Italian shop keepers in California could not get >>good banking services for, it turned out, irrational reasons. >There are a few examples of people who actually realize this as a >problem/opportunity. Oddly enough, this point reinforces mine. >Redlining did exist. Bank of America realized it and made a lot of >money. But it still exists elsewhere. Why dont business plans >around the country spring up on venture capitalists desks with an >approved stamp on them? More to the point, why isn't Matthew J. Miszewski drooling in anticipation of all the money he is going to make by recognizing this glorious opportunity? Giannini made a tremendous amount of money. Even if you don't care about money, which is unlikely, think of all the good you could do once you made that fortune! >>They don't even have to put the money in for a long >>time. Once you've set up a package of mortgages, you can sell them >>off on the CMO market which is liquid and, I believe, quite >>colorblind. The beauty of this scheme is that you can take your >>profits right away and let other people take on the long term interest >>rate risk, default risk, and management hassles. This will make your >>plan easier to sell to investors. > >I agree with you that it is a financially attractive proposition. At the >Center for Public Representation where I worked during Law School we >approached investors. The ROI was extremely attractive not to mention the >added "goodwill" in a largely liberal community (I went to Law School in >Madison, Wisconsin). No one bit. Hmm? Hmmm? Maybe it was lousy investment in spite of a good ROI number. Nobody? Not one person was willing to buy in? Hardly an endorsement. >>You might also look into the microlending market. The idea is to lend >>poor people small amounts of money (less than $10,000) to start >>businesses and the like. The default rates are claimed to be >>surprisingly low. I have my doubts, but it sounds as if you do not. >>Good luck. > >Actually, I am very glad you brought it up because I was just going to. >Microloans are successful not only in this country but in India and around >the world as well. The Grammeen Bank initiated its microloan program in >India by loaning usually less than $100 to individuals. They fixed up >their residences or started extremely small businesses. The default rate >was less than 5%. (BTW, the system also encouraged community by a system >of cyclical neighborhood lending where neighbors took responsibility for >neighbors). > >Compare this now to people whom banks would generally consider a good risk. >College Graduates. Generally, these folks live outside of the red line. >Good risks right? What about those nasty student loan default rates? The >red lines dont make business sense. I'm hearing that cash register ringing. Go for it! >>>When you are working to make sure all the bills are paid it is a bit >>>difficult to also build an entirely new socio-economic structure. >> >>You don't have to build an entirely new socio-economic structure. You >>just have to find some good credit risks, some people with money to >>lend, and put them together taking a cut for yourself, unless the >>government has thrown up some obstacles to this. > >I wish it were this easy. Economically depressed areas need new structures >built. The current structure adds to the cycle of poverty. First, >earnings are low. Guess rents must be low too, otherwise why live there? Rents are a dominant expense for poor people. >Second, costs are high (Warehouse foodstores dont locate there so >corner stores become the means of feeding the family ($$$)). That's easy. Once a month get ten families together to go to the nearest warehouse store in the suburbs and stock up on provisions. Or, one poor family could buy a bunch of stuff every month and sell it out of their house and save everybody the trip. Discussions regarding "the cycle of poverty" are usually little more than litanies of excuses. >Again, business plans have been presented to no avail. Even private >foundation subsidized events were tried. To no avail. Gee, you would almost think there was something wrong with the investment. I challenge you to put your own money into this venture. You don't even have to quit your job to get into the microlending business until you've built it up to the point where it can support you. >>If you believe that there is a huge opportunity which the racist banks >>(i.e., all of them) will not take advantage of, you had better explain >>why there is nobody anywhere with any capital who wouldn't want to >>make even more money off poor people. Can it really be the case that >>99+% of rich people will run fleeing from such a great opportunity? > >I once believed much like you. I saw an "opportunity" the existance of >which I could not explain. It seemed irrational. And it was. What I don't understand is why you are not excited by this opportunity. You claim there is this gaping hole in the banking business. If that is true, whoever exploits it is going to be unbelievably rich in addition to being a great human being. My point is not that there is a great opportunity so "somebody somewhere" will solve the racism problem. My point is that you yourself do not believe there is a great opportunity if it involves money you really care about, i.e. your own. >Racism is irrational. As you seem aware (BTW, I applaud you on what >seems to be an honest degree of care)... Don't get your hopes up. I've been poor and I've known many poor people. The unpleasant truth is that there are usually reasons why people are poor. >>Oh, and speaking of racism, where do wealthy African-Americans invest >>their money? > >Huh? What is your point? You are claiming that there are ZERO investors who will invest in this great opportunity because they are racists. Contrary to popular belief, most African-Americans are not poor or even gang members. There are large numbers of middle class African-Americans and a smaller number of quite successful African-American businesspeople. If everybody rich is a racist, go to these people and propose that they can make money pursuing a business opportunity which they are uniquely qualified to identify and exploit. If you are claiming that even African-American investors are irrationally racist about lending to poor people, you should be forewarned that I and many other people are going to find that a little hard to believe. >>>Everyone can now clamor that it just isnt true. Banks have never >>>discriminated. Its all a big lie. Whatever. >> >>Banks have practiced discrimination, and not just against black >>people. They have been able to get away with it. How? Because the >>government has protected the banking guild from competition. >> >>If opening a bank were as easy as forming a corporation, you would not >>see much discrimination, I assure you. There is no reason why a bank >>shouldn't be that easy to open. > >We agree. But I feel that a legal elimination of redlining would decrease >costs to the industry. Wrong. Redlining is devilishly difficult to define. That hurts a small bank more than any other because they have to figure out how to comply with the law and defend themselves against the regulators instead of just borrowing and lending money. It raises the costs of banking. That means it is harder for people to borrow and lend money. And that, if you care about efficiency, is inefficient. >>Appeals to the very people who are exploiting you are not likely >>to meet with success, are they? > >If they never did we would still have slavery and only white, adult, male, >land-owners would vote. While success is rare, it has prevailed when the >cause is just. I hate to admit it, but you do have a point here. However, the way privacy will be permanently eroded is through laws called "The Privacy Protection Act" which have clauses allowing the government to do whatever it wants. It is disconcerting to have the government dictating what information you may or may not keep on your computer or who you may give it to. Red Rackham From leefi at microsoft.com Wed Dec 4 12:41:03 1996 From: leefi at microsoft.com (Lee Fisher) Date: Wed, 4 Dec 1996 12:41:03 -0800 (PST) Subject: Anyone considered adding crypto into Microsoft Outlook? Message-ID: | The main problem so far seems to be the impenetrability of the | MAPI documentation. Does anyone know of a usable reference or | which of the gazillion Microsoft Developer network CDs one can | find more information? MAPI is in part of the Win32 SDK, whichi is available on MSDN level 2, in the \mstools\mapi subdirectory. http://www.microsoft.com/win32dev/mapi/ is the MAPI home page. http://www.microsoft.com/win32dev/mapi/internet.htm has some good MAPI/Exchange resource pointers. http://www.microsoft.com/msdn/sdk/ is a new site for downloading parts of the SDK online, but it is just getting started (i.e., i'm not sure that the MAPI part is ready yet). as for the other question about Outlook -vs- Exchange, see http://www.microsoft.com/outlook/documents/emailfs/default.htm for a comparison. Lee From dave at kachina.jetcafe.org Wed Dec 4 12:42:00 1996 From: dave at kachina.jetcafe.org (Dave Hayes) Date: Wed, 4 Dec 1996 12:42:00 -0800 (PST) Subject: The Rise and Fall of Cypherpunks WAS [Re: the Dennings] Message-ID: <199612042041.MAA19687@kachina.jetcafe.org> SANDY SANDFORT wrote: > On Tue, 3 Dec 1996, Dave Hayes wrote: > > The very existance of the "profane" keeps the "sacred" in > > existance as well. If you cannot see that, then John Grubor's > > lesson is wasted on you. > If this bit of verbal legerdemain makes any sense at all > (Logos?), then Grubor must be personally responsible for the > existance of every saint on the Catholic calendar...not. Now there's an example of properly used logic...not. Why didn't you be honest and just say "I don't understand this, please explain"? This could be because you *want* to be hostile, and you *want* to produce meaningless flames. ------ Dave Hayes - Altadena CA, USA - dave at jetcafe.org Freedom Knight of Usenet - http://www.jetcafe.org/~dave/usenet "A terrorist is someone who has a bomb and doesn't have an air force." --some letter-writer in the Manchester Guardian, some years ago From mrosen at peganet.com Wed Dec 4 13:54:23 1996 From: mrosen at peganet.com (Mark Rosen) Date: Wed, 4 Dec 1996 13:54:23 -0800 (PST) Subject: AOL Message-ID: <199612042158.QAA01672@mercury.peganet.com> > yes.... they did knock off that $3.00 an hour thing. now.. $20.00 unlimited.. > I'd hate to do an AOL spam to the list.. but someone asked.. and for all you > that say 'get a real internet provider'. Well.. I get ALL the same access > most of you do. No shell account...But I can telnet from AOL to one. So > there. Nah nah nah =} Hehe. Then you'll like this: http://www.geocities.com/TimesSquare/6660 From blancw at microsoft.com Wed Dec 4 14:08:59 1996 From: blancw at microsoft.com (Blanc Weber) Date: Wed, 4 Dec 1996 14:08:59 -0800 (PST) Subject: Silence is not assent (re the Vulis nonsense) Message-ID: From: Dale Thorn (in reply to Tim May) If you, Sandy, and the other offenders *really* want to keep the noise down, then next time ask John directly for a reply, and if none is forthcoming, say to the list *once*, "John will not answer up", etc., and let the subscribers draw their own conclusions from the silence, instead of from your inane "defenses". .......................................................... As for myself, I was not speaking for Gilmore nor defending him when I added my reply to the discussion. I brought up an item which others had overlooked (the fact that Vulis had challenged John to censor him) as specific reference to include in their judgement of his actions, as well as illustrating how Vulis had invested a lot of effort in motivating someone into just such a response. As I mentioned in another post yesterday, situations like this, where people overlook elements in an argument, are opportunities for others to "fill in the blanks" or add commentary to clear up the understanding of a situation. It is not unusual for cpunks to post their opinions about an event on the list. The cpunks have strong opinions regarding censorship and there are always arguments about the details of its impropriety or the place of it in a society; the list is a form of cyberspatial "virtual" society, and if the concept of censorship vs private property as it affects the list comes up, it is to be expected that the ideas will be addressed. So I (and others as well) were addressing the *ideas* of censorship & the actions of private property owners, arguing in regard of a more precise & correct understanding of the principles involved, as exemplified by John's actions - but not in place of his own "self-defense" of them. Frankly, most of the long-time members of the list would not need any such statements of defense from John in order to appreciate the nature of the circumstance and the reasoning for his symbolic 'censorship'. .. Blanc From schryver at radiks.net Wed Dec 4 14:09:22 1996 From: schryver at radiks.net (Scott J. Schryvers) Date: Wed, 4 Dec 1996 14:09:22 -0800 (PST) Subject: "Just call the police"...yeah, right Message-ID: <199612042200.QAA27118@sr.radiks.net> -----BEGIN PGP SIGNED MESSAGE----- >The name of the informal logical fallacy Tim May has *not* >made is 'argumentum ad hominem' (literally, 'an argument >to the man'; attacking one's opponent rather than dealing >with the subject under discussion; aka name calling). > >Having said that, while Tim May has not committed a logical >fallacy, neither has he advanced a logical argument. He >has merely stated his conclusory opinion of the other >person's comment. By itself, it adds little or nothing of >substance to the argument. > >Logos out > Uh logos... Deal with it. If I needed some one to walk me through a mailing list when it concerns constructive arguements I'd be requesting a moderated list and since I find moderated news groups to be nonproductive affairs I tend to find this mailing list perfect for my needs. As for judging if Tim has advanced the arguement or not that is for each person to decide not you. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMqXvk/+hzPlzwZAdAQF5Lgf/e3/99SUkd9aADGeS8UjYYcSxTuH8LxE5 AdvIRgLmv11BdTgcyK+q03MYV1gGjmZmtWtEuCiPN/O39gtMM4RYcz2/c5f7bMMA h8QwKP9h4RNA1dWgDDF54PQuKElMr9SBJJwLdyYwPddkjjVEs0tjFRoJv2MsEkmB nK3REFH75U6F7q0NZB8IHxBbYNDYbTejRcx5yfP+W1lg2cLK2lonis/G4X6Kj7gu BdNLn3PLS6qr1YgTB1gWQD5JzCN6FJ7Gw0snjALLFbG0QbiMLJd7TT/bWc8ExDoo HUg+U4OKZ/oPLzNMiZqvzn9gMjGKWz0+hQbi8kR1f8OT/5+bJ4CFjw== =xM3k -----END PGP SIGNATURE----- From lurker at mail.tcbi.com Wed Dec 4 15:22:13 1996 From: lurker at mail.tcbi.com (Lurker) Date: Wed, 4 Dec 1996 15:22:13 -0800 (PST) Subject: No Subject Message-ID: <3.0.32.19961204173115.006924ac@mail.tcbi.com> Could someone tell me where I can find a text file of *all* usenet newsgroups? From hua at chromatic.com Wed Dec 4 15:38:10 1996 From: hua at chromatic.com (Ernest Hua) Date: Wed, 4 Dec 1996 15:38:10 -0800 (PST) Subject: Suggestion for "the serious encryption customers" to end ITAR battle Message-ID: <199612042337.PAA11363@ohio.chromatic.com> I think we can all agree that the level of confidence in software-only approaches to security is clearly lower than combination software plus hardware approaches. It is clear that what is available over the Internet is software. (It is much harder to distribute "hardware" as you can only really distribute design information. The closest analogy could be a FPGA program, a Verilog description or some other ASIC net list.) How about the following as an approach to resolving the dispute over encryption exports: 1. Allow arbitrary exports of software-only encryption. This means that PGP is exportable as is DES crypt libraries. 2. Restrict exports of hardware-only or hardware/software encryption. This means that smart cards, HP's crypto policy cards, crypto processors with tamper-resistant casing, etc ... are restricted. Why does this make sense? 1. Reality check on export control of software: Software is just too transportable to be restricted, no matter WHAT the software does. Any restriction on WHERE software may be or may go is just not feasible, and it's not going to get any easier in the foreseeable future. 2. Take John Deutch at his word: Deutch has claimed that "serious users of cryptography" would not trust software downloaded over the Internet. We clearly do not agree with him on this aspect, but if he truly believes it (and is not just making PR spin statements for the NSA), then he must believe that allowing software exports will not significantly increase the user base (and therefore, harm CIA's or NSA's intelligence capabilities), but it will shut up the software companies' complaints. 3. Give the NSA what it wants: Software tends to standardize. Encryption is only a small part of the chain of security measures. Other weaknesses are surely part of the NSA's target for intercepts (no self-respecting codebreaking agency should stick to exploiting only one class of failures; if it is, we should question the value we are getting out of the billions of dollars we blindly give to the NSA). If the NSA stops whining about what is too hard to break, then protocol weakness and other non-encryption problems could easily creep into standards, and the NSA would surely have an analytical advantage over anyone else. Since the NSA is happily bragging that it does not even need to crack the code to break in, it should be able to live with hardware-only export restriction. The fact that the NSA is no longer drawing any lines anywhere for software will leave the bad guys guessing as to what it can really decode. In addition, hardware manufacturers will probably have a tougher overturning export restrictions on hardware-enhanced solutions after that because software companies will probably not care. It is clear that the NSA only trusts hardware implementations, as it required Clipper to be manufactured in tamper-resistant cases. All constructive replies welcome. Ern From sandfort at crl.com Wed Dec 4 15:55:58 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 4 Dec 1996 15:55:58 -0800 (PST) Subject: The Rise and Fall of Cypherpunks WAS [Re: the Dennings] In-Reply-To: <199612042041.MAA19687@kachina.jetcafe.org> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Wed, 4 Dec 1996, Dave Hayes wrote: > Why didn't you be honest and just say "I don't understand this, > please explain"? Dave is assuming facts not in evidence. His meaning was transparently obvious. My comment was merely the /reducto ad absurdum/ of his statement. Dave's "insight" is not profound, merely shallow and specious. Sort of like "Deep Thoughts" on Saturday Night Live--"Without night, there can be no day." (Whoa man, that's SO heavy!) S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From Majordomo at c2.net Wed Dec 4 16:24:31 1996 From: Majordomo at c2.net (Majordomo at c2.net) Date: Wed, 4 Dec 1996 16:24:31 -0800 (PST) Subject: Confirmation for subscribe cryptography Message-ID: <199612050022.QAA22242@blacklodge.c2.net> -- Someone (possibly you) has requested that your email address be added to or deleted from the mailing list "cryptography at c2.net". If you really want this action to be taken, please send the following commands (exactly as shown) back to "Majordomo at c2.net": auth 727e8b91 subscribe cryptography cypherpunks at toad.com If you do not want to this action taken, just ignore this message and no action will be taken. If you have any questions about the policy of the list owner, please contact "cryptography-approval at c2.net". Thanks! Majordomo at c2.net From bcungham at entrust.com Wed Dec 4 16:34:29 1996 From: bcungham at entrust.com (Brent Cunningham) Date: Wed, 4 Dec 1996 16:34:29 -0800 (PST) Subject: Why Cryptography is harder than it looks? Message-ID: Can you please either: 1) email me a copy; or 2) give me a pointer as to where I can get a copy; of Bruce Schneier's paper on "Why Cryptography is harder than it looks?" Much appreciated. - Brent Check out the Network Computing review of Entrust: www.nwc.com Brent Cunningham Nortel Secure Networks Post Office Box 190 Ramona, California 92065 Tel: 619 788-7676 Fax: 619 788-9696 Email: bc1 at entrust.com www.nortel.com/entrust From dlv at bwalk.dm.com Wed Dec 4 16:50:14 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Dec 1996 16:50:14 -0800 (PST) Subject: Politeness In-Reply-To: Message-ID: logos writes: > I have been unfailingly polite to you. Do you have it > within your character to respond to me in kind? Do you think spelling my last name "Vilus" is polite? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From Ryan.Russell at sybase.com Wed Dec 4 17:09:05 1996 From: Ryan.Russell at sybase.com (Ryan Russell/SYBASE) Date: Wed, 4 Dec 1996 17:09:05 -0800 (PST) Subject: [crypto] Avatar Protection? Message-ID: <9612050108.AA07734@notesgw2.sybase.com> A graphic-designer friend of mine and I were talking about VRML avatars, and custom design work, and could he offer a service designing them etc... His worry is that since everyone in the same virtual environment as his customer would see the designer avatar, wouldn't they also be able to easily rip off his work? (or his customer's property, take your pick.) I wasn't sure...it seems to me that I read something vaguely along these lines for a cryptography protocol of some sort.. The problem is this: Is there a way for a user to "view" the client's avatar (and in this sense, the user usually has to receive a copy of the code to render the avatar and render it on the local machine) but not save a copy? Assume that a client with no save feature is not a viable option...too easy to work around. I suppose an analogy would be: Is there a way for a person to see the plaintext, but not record it? I think that question really answers itself - no. How about alternatives? If the server of the environment only renders "views" (say, certain angles, or a bitmap) of the avatar, rather than sending the description file? Any other thoughts? Ryan From jdelgado at nexus.net.mx Wed Dec 4 17:17:53 1996 From: jdelgado at nexus.net.mx (Jose Luis Delgado) Date: Wed, 4 Dec 1996 17:17:53 -0800 (PST) Subject: No Subject Message-ID: unsuscribe cypherpunks From robertb at tritro.com.au Wed Dec 4 17:26:23 1996 From: robertb at tritro.com.au (Robert Barnes) Date: Wed, 4 Dec 1996 17:26:23 -0800 (PST) Subject: Anyone considered adding crypto into Microsoft Outlook? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I have downloaded, and strongly recommend, Jon S. Whalen's Microsoft Exchange Client PGP Command Extension. It adds PGP functionality to Exchange Client in a very neat and clean way. Rob -----BEGIN PGP SIGNATURE----- Version: 2.63ui iQCVAwUBMqYkarl39AMaT2JtAQHmtQP/Yu8rh5OkkMC1GVEnz4hY6xFczeDM0Y3U 7toMIDZLVnDwRXuoo9+10sUMnB289mkjoi54fuAhbkjDKYejXVIFilJoSFq+s5FZ K0Rdcaj8qv6VkJwL63gXMdXsFlxHIyQ/oK9/3r7tBgFyzab3tcjVXUGRy/NE5sLD osrJm4WzfVU= =+ffh -----END PGP SIGNATURE----- From tcmay at got.net Wed Dec 4 17:33:07 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 4 Dec 1996 17:33:07 -0800 (PST) Subject: Suggestion for "the serious encryption customers" to end ITARbattle In-Reply-To: <199612042337.PAA11363@ohio.chromatic.com> Message-ID: At 3:37 PM -0800 12/4/96, Ernest Hua wrote: >I think we can all agree that the level of confidence in software-only >approaches to security is clearly lower than combination software plus >hardware approaches. > >It is clear that what is available over the Internet is software. (It >is much harder to distribute "hardware" as you can only really >distribute design information. The closest analogy could be a FPGA >program, a Verilog description or some other ASIC net list.) But of course this is a distinction without a difference, at least for all but 0.00073% of Internet users. That is, downloading a Verilog or whatever description would be no more "verifiable to the user" than a software-only program. In fact, the hardware description _is_ just another program! >How about the following as an approach to resolving the dispute over >encryption exports: > >1. Allow arbitrary exports of software-only encryption. The government will of course not be fooled by this. Whether one accepts my point that hardware = software (effectively), the government has heretofore seen software as an important issue. In fact, I will take issue with my distinguished colleague (are you satisfied, Logos?) Ernest Hua's point that only hardware provides real security. To whit, for several years we on the Cypherpunks list have advocated this strategy: -- standardized hardware, such as PCs and Soundlaster cards -- community-checkable software, such as PGP This combination is preferable to "black boxes" which the average user cannot verify (not that the average user can verify, say, PGP, but digital signatures means the average user can more effectively "trust" the consensus of those who _have_ looked at, say, PGP 2.6ui, and have vouched for it. (This debate came up several times when people proposed specialized hardware, which would be a) hard to verify, b) hard to distribute widely, and c) something very few people would casually try. Regardless of our arguments--though perhaps confirming them--there have been no commonly used hardware widgets or cards used by any significant number of us.) >2. Take John Deutch at his word: > > Deutch has claimed that "serious users of cryptography" would not > trust software downloaded over the Internet. We clearly do not > agree with him on this aspect, but if he truly believes it (and is > not just making PR spin statements for the NSA), then he must > believe that allowing software exports will not significantly > increase the user base (and therefore, harm CIA's or NSA's > intelligence capabilities), but it will shut up the software > companies' complaints. I don't think he believes this. Think: FUD. There is no evidence that properly authenticated PGP is "weak." And if it were, John Deutch would be a fool to cast doubt on it. I think they're terrified as hell about software-only approaches running on widely-available hardware and would like nothing more than to see hardware-only approaches mandated (as this would provide slightly more control over exports and distibution). Not that this'll happen, of course. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From um at c2.net Wed Dec 4 17:34:07 1996 From: um at c2.net (Ulf =?ISO-8859-1?Q?M=F6ller?=) Date: Wed, 4 Dec 1996 17:34:07 -0800 (PST) Subject: Strong-crypto smart cards in Singapore and Germany In-Reply-To: <199612040350.WAA08153@beast.brainlink.com> Message-ID: Peter Gutmann writes: >The standardisation committee of the German banks have also produced >an electronic wallet which should have 25 million (yes, 25M) users by >January of next year. Again, this is a pure electronic wallet, with >2-key triple DES and 768-bit (to become 1024-bit) RSA encryption. >[...] This looks like a very nice system, and unlike Mondex doesn't >rely entirely on the hope that criminals can't get at the data on the >card. For 'security reasons', all transactions are logged in what is called 'shadow accounts'. Not what I would call a very nice system. From mycroft at actrix.gen.nz Wed Dec 4 18:11:18 1996 From: mycroft at actrix.gen.nz (Paul Foley) Date: Wed, 4 Dec 1996 18:11:18 -0800 (PST) Subject: [NOISE]-- [PHILOSOPHYPUNKS] Re: The House Rules At The Permanent Virtual Cypherpunks Party In-Reply-To: <32A44861.3619@gte.net> Message-ID: <199612050209.PAA08297@mycroft.actrix.gen.nz> On Tue, 03 Dec 1996 07:33:53 -0800, Dale Thorn wrote: Paul Foley wrote: > Do you indeed? OK, I hereby demand that you set up a mailing list on > your computer for discussion of "censorship" on cypherpunks. I hear your demand, which you have a right to make, and I reject it, which is my right. You proved my point, that you could make the demand, and I further proved it, by saying no. Is that clear enough? Help! Help! I'm being censored! -- Paul Foley --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- Justice, n.: A decision in your favor. From blake at bcdev.com Wed Dec 4 18:12:15 1996 From: blake at bcdev.com (Blake Coverett) Date: Wed, 4 Dec 1996 18:12:15 -0800 (PST) Subject: Microsoft & Key Escrow Message-ID: <01BBE227.C266CEA0@bcdev.com> Following are some of the relevent snippets from http://www.microsoft.com/intdev/security/export/exporfaq-f.htm. The comments in square brackets are mine. ---cut here--- What is Microsoft's position on supporting key escrow? Key escrow encryption is not a market-driven solution and it raises serious privacy concerns for many customers. It is also new, undeveloped, untested, and uncosted, and it will take a long time to be worked out. Additionally, customers have expressed hesitation about mandatory key escrow, especially if they have to give the keys to the government or a government-selected third party. Therefore, we are not actively adding support for key escrow in our products and technologies. [About as good as we can ask for. I would, however, like that last sentence better if the word 'actively' was missing.] Shouldn't the U.S. government be able to access information that could prevent terrorist acts and crime? Strong non-key escrow encryption is already available from retail outlets, foreign companies, and off the Internet. Thus the U.S. government is already having--and will continue to have--a harder time in the future accessing plain text regardless of U.S. export restrictions. [I suppose it would be too much to expect a third sentence reading. 'This is a good thing.'] What is key recovery? How does it relate to key escrow? Market-driven data recovery refers to a product feature that allows users to maintain a spare private encryption key in a safe place. Generally, a data recovery system escrows a copy of the session key with the message or file and the user (or perhaps his employer) controls the decision whether to utilize this feature. With key escrow the U.S. government holds or has access to a user's private encryption key. It is not yet clear whether such systems are exportable. In the October 1 announcement, the U.S. government referred to "key recovery" without defining it; in all likelihood, however, they still have in mind government key escrow, and not market-driven data recovery. [Hmm... it's just possible that Microsoft's spin doctors are better than those of the US government. Perhaps they can sell the world on their definition of 'key recovery' instead of the one we know the TLAs intended.] ---cut here--- regards, -Blake From tomalb at microsoft.com Wed Dec 4 18:47:09 1996 From: tomalb at microsoft.com (Tom Albertson (LCA)) Date: Wed, 4 Dec 1996 18:47:09 -0800 (PST) Subject: Microsoft & Key Escrow Message-ID: These issues are also addressed at somewhat greater length than in the FAQ in "Microsoft Policy on Export Controls on Encryption" at http://www.microsoft.com/intdev/security/export/expcont1.htm (updated since the recent Administration announcements). rgds tom >-----Original Message----- >From: Blake Coverett [SMTP:blake at bcdev.com] >Sent: Wednesday, December 04, 1996 6:12 PM >To: 'cypherpunks at toad.com' >Subject: Microsoft & Key Escrow > >Following are some of the relevent snippets from >http://www.microsoft.com/intdev/security/export/exporfaq-f.htm. >The comments in square brackets are mine. > >---cut here--- >What is Microsoft's position on supporting key escrow? > >Key escrow encryption is not a market-driven solution and it raises serious >privacy concerns for many customers. It is also new, undeveloped, untested, >and uncosted, and it will take a long time to be worked out. Additionally, >customers have expressed hesitation about mandatory key escrow, especially if >they have to give the keys to the government or a government-selected third >party. Therefore, we are not actively adding support for key escrow in our >products and technologies. > >[About as good as we can ask for. I would, however, like that last sentence > better if the word 'actively' was missing.] > >Shouldn't the U.S. government be able to access information that could >prevent terrorist acts and crime? > >Strong non-key escrow encryption is already available from retail outlets, >foreign companies, and off the Internet. Thus the U.S. government is already >having--and will continue to have--a harder time in the future accessing >plain text regardless of U.S. export restrictions. > >[I suppose it would be too much to expect a third sentence > reading. 'This is a good thing.'] > >What is key recovery? How does it relate to key escrow? > >Market-driven data recovery refers to a product feature that allows users to >maintain a spare private encryption key in a safe place. Generally, a data >recovery system escrows a copy of the session key with the message or file >and the user (or perhaps his employer) controls the decision whether to >utilize this feature. With key escrow the U.S. government holds or has access >to a user's private encryption key. > >It is not yet clear whether such systems are exportable. In the October 1 >announcement, the U.S. government referred to "key recovery" without defining >it; in all likelihood, however, they still have in mind government key >escrow, and not market-driven data recovery. > >[Hmm... it's just possible that Microsoft's spin doctors are > better than those of the US government. Perhaps they can > sell the world on their definition of 'key recovery' instead of > the one we know the TLAs intended.] >---cut here--- > >regards, >-Blake > From logos at c2.net Wed Dec 4 18:55:38 1996 From: logos at c2.net (logos) Date: Wed, 4 Dec 1996 18:55:38 -0800 (PST) Subject: Politeness Message-ID: Dimitri Vulis wrote: >logos writes: >> I have been unfailingly polite to you. Do you have it >> within your character to respond to me in kind? >Do you think spelling my last name "Vilus" is polite? I think it was neither polite nor impolite. It was a innocent transposition error. Correcting the error and apologizing were polite, however. Do you disagree? I have already raised the question of your apparent lack of intellectual honesty in that you seem to not apply the same rules of conduct on yourself as you would on others. In English there is the saying, 'what is sauce for the goose, is sauce for the gander'. I note that you have spelt my name as 'logos'. As it is a proper noun in the usage and I have spelt it with the 'L', I would ask you if you consider this spelling of my name to be polite? Logos out From nobody at cypherpunks.ca Wed Dec 4 18:58:19 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Wed, 4 Dec 1996 18:58:19 -0800 (PST) Subject: Chippen@Dale Message-ID: <199612050252.SAA00466@abraham.cs.berkeley.edu> At 07:37 AM 12/4/96 -0800, Dale Thorn wrote: : :If you, Sandy, and the other offenders *really* want to keep the noise :down, then next time ask John directly for a reply, and if none is :forthcoming, say to the list *once*, "John will not answer up", etc., :and let the subscribers draw their own conclusions from the silence, :instead of from your inane "defenses". : Dale, John has no obligation to say anything. In all fairness, no conclusions should be drawn based on any individual's saying nothing. Such thinking is from the Dark Ages. Lighten up, and let go of it. From ichudov at algebra.com Wed Dec 4 19:24:45 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 4 Dec 1996 19:24:45 -0800 (PST) Subject: PRIVACY: X-No-Archive and mail.cypherpunks In-Reply-To: <32A5DC5B.3411@ix.netcom.com> Message-ID: <199612050317.VAA18674@manifold.algebra.com> X-No-Archive: yes Rich Graves wrote: > > FYI, the search engines that honor an X-No-Archive header also tend to > skip posts with X-No-Archive: yes as the first line of the body of the > message. But it is so simple to modify the reposting program... > IMO this is preferable anyway, because it lets your readers know what > you're doing. To me, it is easier to define X-No-Archive: yes once and for all. - Igor. From flee at teleport.com Wed Dec 4 19:32:20 1996 From: flee at teleport.com (Felix Lee) Date: Wed, 4 Dec 1996 19:32:20 -0800 (PST) Subject: Culling the proles with crypto anarchy In-Reply-To: <2.2.32.19961203024102.008bd390@netcom.com> Message-ID: <199612050332.TAA20993@desiree.teleport.com> > "The Work Welfare Trade-Off: An Analysis of the Total Level of Welfare > Benefits by the State" by Michael Tanner, Stephen Moore, and David Hartman, > September, 1995. It's at . actual report is at http://www.cato.org/pubs/pas/pa-240.html offhand, I don't have a basis for grokking the numbers, because I've never been an unwed mother with two children under 5yrs old. if they had done numbers for a single male with no children, I'd have a better chance of knowing how attractive welfare would be over random lowpaying jobs I used to have. I find it very odd that the study does an elaborate benefits calculation for a mother without a job, but doesn't do a similar calculation for a mother with an entry-level job. this would be a directly meaningful comparison. instead, it tries to convert welfare benefits to "pretax wage equivalent", which is just silly. people with a pretax income of $30k/yr probably have a health plan paid for by their employer, which invalidates the comparison being made. something else that's iffy is inclusion of median housing assistance paid out by agencies, rather than median received by the sample population. this means the model individual is a nonworking unwed mother of two infants who gets housing assistance, rather than just any nonworking unwed mother of two infants on welfare. report rejected: meaningless numbers thesis not supported by the evidence -- From dlv at bwalk.dm.com Wed Dec 4 19:40:50 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Dec 1996 19:40:50 -0800 (PST) Subject: Logorrhea In-Reply-To: Message-ID: logos writes: > > Dimitri Vulis wrote: > > > Lame losers who call themselves "cypher punks" and bend > > over for John Gilmore. > > It is obvious that you, Dimitri Vulis, intend to be > disruptive to the operation of this list. I have politely > asked you several specific questions about your motives. Hmm, I looked at my mailbox and haven't found any questions. > I am politely asking you again, Dimitri Vulis, why are > you unwilling to rationally and politely discuss whatever > grievances you have with specific Cypherpunks? I believe > you are capable of rational discourse, you allegedly have > some academic credentials so you must have a passing > familiarity with formal debate. Why are you unwilling to > join this discussion with anything other than immature > insults? If the facts are on your side, a reasonable I've been participating in this discussion for a considerable period of time before being attacked by Tim May for no apparent reason (other than his hatred for Jews and for immigrants). I tried unsuccessfully to convince him off-list that his attacks are off-topic and false (he attributed to me various bizarre stuff that I never said). Since he insists on continuing his attacks on my character, I will point out that he's a liar and a racist. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Wed Dec 4 19:41:46 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Dec 1996 19:41:46 -0800 (PST) Subject: Arsen In-Reply-To: Message-ID: <7RZFyD77w165w@bwalk.dm.com> > Just ignore them - Vulis is on the rag again. Someone please buy Vulis a > box of anal tampons so he can calm down. This reminds me how someone posted an anonymous message to this list calling Matt Blaze a "homosexual Jew" and Tim Scanlon (another lying Tim) immediately announced that I must be its author. He lied, of course, being a "cypher punk". Anyway, seeing that Arsen posted the above obscenities during duty hours, I figured I'll post another tutorial on tracking down information on the 'net. Arsen vainly insisted on listing his name in InterNIC's database as RA1215 (unusual for someone supposedly interested in privacy). Arsen listed a phone number (+1 718 786 4227) which is apparently at his parents' residence (48-21 40th St, Apt 2B, Calvary, NY 11104-4111) and a fax number (+1 212 725 6559). The fax number is in Manhattan area code. A good conjecture is that it belongs to some sort of business, and that the business's main number ends with a 0. Indeed, calling +1 212 725 6550 (Arsen's listed fax number, 9 replaced by a 0) and talking to a nice young lady reveals that this phone number belongs to the Web designer EarthWeb, LLC; that they're at 3 Park Ave, 38th floor, New York, NY 10016; that the partnership's principals are: * Jack D. Hidary, president and CEO, * Murray Hidary, senior vice president for operations, * Nova Spivack, senior vice president for marketing, and that Arsen is their associate network administrator. That's how much one can learn just from the fax number in one's InterNIC entry. For the logorrhetics' reading pleasure, I'll quote some of Arsen's earlier writings on the "cypher punks" mailing list: ]Actually, unlike you, I do feel sorry for you, for you truly have no life ]and have nothing better to do than to start flame wars and such. Do ]yourself a favor, get a real life. Go get off your fat ass and do ]something with yourself other than masturbating. ... ]You wouldn't know what a life is if one came up to you and bit you on your ]ass. Oh tell us oh great one, and what is it that you know? But spare us ]the flames and hate. We already know that you are an asshole, of that ]there is little doubt. What is at doubt is your degree, or is it a ]pedigree? Shower us with your knowledge if you have any, for it is ]apparent that dazzling us with your bullshit isn't working. ... ]And what by your definition is your level of life if all your output ]seems to be nothing more than flames and flame bait? How much of a loser ]are you to resort to anonymous daily warnings about Tim? Just how off ]topic and stupid was your message when you posted it? Just how many ]plates of pork and beans do you eat each day to keep up your innane level ]of flatulence? ... ]Apparently that "Doctorhood" of yours is good only for masturbatory self ]congratulations, and when nobody pays attention to it, you turn around and ]put others down so that in your oppinion, such as it is, you come out ]smelling like roses. Buddy, I've news for you, you aren't fooling anyone. ]You are the total absolute embodyment of shit. No, before you ]congratulate yourself on your achievement of shithood, you aren't even ]even human or dog shit, no. You are the essence of amoeba shit. The ]lowest of the low. You've a long way to go before you will ever achive ]the status of high human shit. But I must admit, you certainly know how ]to strive for that goal. It's too bad you'll never be more than low ]grade microscopic shit though. ]... ]And for that, you have my deepest condolances. At least I hope this ]comforts you in your lack of life, for assuredly you haven't much of one. ]At least at a minimum, if you get nothing else from this message, you'll ]get a tenth of an ounce of pitty. ]... ]And maybe someday, if you are really really good you might even achive ]rat shitdom. Then we'll be real proud of you for being rat shit, but ]until that time, strive hard and work long hours. Hey, and when you reach ]rat shitdom and become emeritus ratus shitus, we'll throw you a party! Aren't the "cypher punks" a polite lot? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Wed Dec 4 19:41:56 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Dec 1996 19:41:56 -0800 (PST) Subject: Intellectual dishonesty In-Reply-To: Message-ID: OK - logos claims that he misspelled my name by accient. Let's give him one more chance. logos writes: > Dr.Dimitri Vulis KOTM wrote: > > > LOGOS writes: > > > > > Sovereign collegues, > > > > You already sound like a jerk. > > Perhaps you should suspend judgment until you have the > opportunity to evaluate the content of my posts. What are > you antagonistic to the use of honorifics? Because reading fantasyland jargon (like 'Toad Hall') wastes my time. > > > I am Logos. I have adopted this pseudonym to conceal my > > > 'true name'. I want the ideas which I shall be espousing > > > to stand or fall on their own merits and not on the basis > > > of biases that my name, sex, ethnicity, etc. might otherwise > > > > sexual preferences... > > Yes, that and other catagorizations which are > irrelevant to the primary focus of this list. It's funny that you should say this, since Tim May and other prominent "cypher punks" devote so much attention to their "enemies'" ethnicity and religion. Recall the attacks on "crazy Russians", "immigrants who abuse American freedoms", the recent attack on Hispanics, the attacks on Jews, the attacks on Mormons... > > That's right. You lack the decorum to spell either my > > first name or my last name correctly. > > 'Decorum' has to do with polite behaviour. While I > was certainly remiss in my hasty spelling of your name, it > was not intentional, therefore not a lack of decorum. I > do apologize for my negligence. I shall endeavor to spell > you name correctly in the future. I find it hard to believe that one misspells "Vulis" as "Vilus" unintentionally, but I'll give you another chance... > > "Cypher punks" are a gang of uncouth juveniles > > I'm not sure I understand the relevance of this > comment. Was it made in response to my error in spelling? Oops! I accidentally deleted a big chunk of my own article before sending it out. Sorry. I'll see if I can find it. > In any case, it is a good example of the informal logical > fallacy of 'over generalization'. As I understand it, there > are circa 1000 people subscribed to Cypherpunks. To paint > an entire group with such a characterization is both > illogical and unfair. I also question your use of the What about painting entire ethnic or religion groups, as Timmy May does? > word 'uncouth'. I have seen no posts on Cypherpunks > that were any more 'uncultured; crude; or boorish' than > those posted by you. I am not saying that uncouth posts > have not been made by others, but it is disingenuous for > one to judge others by a standard that one does not apply > to one's self. You sound like someone who doesn't read this list, but only "reads the logs" and sees the complaints from the likes of Arsen... I've recently quoted the selected writings of Paul Bradley, most of which were far more "uncultured; crude; or boorish" that anything I ever said. For example: ]From: paul at fatmans.demon.co.uk ]To: "Dr.Dimitri Vulis KOTM" ]Date: Sat, 21 Sep 1996 17:37:23 +0000 ]Subject: Re: CIA hacked ]Message-Id: <843401979.17072.0 at fatmans.demon.co.uk> ] ]> >Dr. John M. Grubor created the 'net. ]> ]> Who created you? You tub of shit? ] ] ]Fuck you and fuck your cheap ass fucked up life motherfucker (look ]for the fuck redundancy index here, should be an interesting figure, ]motherfucker) ] ]good day to you (The "tub of shit" quote isn't from me either.) Here's what Graham-John Bullers of alt.2600.moderated infamy said: ]Date: Mon, 2 Dec 1996 12:15:35 -0700 (MST) ]From: Graham-John Bullers ]To: "Dr.Dimitri Vulis KOTM" ]Subject: Re: Hurray! A good example of rational thinking ... ]In-Reply-To: ]Message-Id: ] ]GROW UP CUNT ] ] ] http://www.freenet.edmonton.ab.ca/~real/index.html ] ] : real at freenet.edmonton.ab.ca ]Graham-John Bullers email ] : ab756 at freenet.toronto.on.ca (I had dozens of these, but I only saved some.) How do you expect one to carry out a _polite conversation with these "punks"? I mostly choose to ignore this lot, or to re-state my opinion of them. > > What logic? "Cypher punks" such as Paul Bradley are incapable of > > discussing a technical topic (such as Don Wood's IPG proposal) without > > putting "(spit)" after Don's name > > I could be wrong, but I believe this was done as an > intentional parody of your own similar posts. If it is > illogical for Paul Bradley to do this, does it not follow > that is was illogical when you did it as well? Paul tries to suppress the discussion of crypto on this list. Before I gave up on this list completely, I used to think that it's a veru evil thing to do. Even if there are problems with Don Wood's IPG cryptoscheme (something I don't know to be true until I find the time to look at it myself), it's outright evil to harrass Don the way Paul did. It's clear that Don knows more about the field of cryptography than most people remaining on this mailing list. If indeed there are holes in his scheme (and I don't know that), it certainly is no excuse to submit him to the kind of verbal abuse that he's been subjected to on this list. Would you submit the authors of the knapsack scheme to the same kind of abuse because it was broken? In fact, how many people are there still on this list who know what the knapsack scheme is? > It is obvious to me that you are an intelligent person. > I am concerned, however, with your apparent intellectual > dishonesty. It would appear that you know perfectly well You want intellectual dishonesty - look upstairs from toad.com. > that your posts serve no purpose in the cause of promoting > privacy through the use of cryptography. It is hard to > draw any other conclusion then that you are intentionally > being provocative for the purpose of disrupting the work > of this list. If this is not so, I apologize, but how > else can we judge your actions? Please step outside of > yourself for a moment and give us an honest self-assessment > of your behavior and the motives behind it. The work of this list appears to be character assassination. If people like Paul Bradley and Tim May insist on slandering people and trying to harm their professional reputations (see the thread on "don't hire" lists), I will do my best to defend them and their freedom of speech, and to expose the likes of Paul Bradley - an ignorant buffoon out to silence anyone who knows more about the field than he does. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jmr at shopmiami.com Wed Dec 4 19:57:07 1996 From: jmr at shopmiami.com (Jim Ray) Date: Wed, 4 Dec 1996 19:57:07 -0800 (PST) Subject: PGPfone list Message-ID: <199612050356.WAA58944@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: jmr at shopmiami.com Date: Thu Dec 05 22:54:33 1996 [My apologies for cross-posting this, but it's important IMO.] The list owners have given me permission to post an announcement of a list for those of us who wish to play with the new PGP-fone software. This is a list solely for the discussion of PGP-fone. It is to be low volume and on topic, with none of the garbage that the cypherpunks are presently enduring (my killfile filter gets enough of a daily workout as it is). Usual rules apply on the posting of private mail without the other author's consent, polite discussion, etc. Violators of these policies will likely be *truly* "censored," (booted off the list, *and* unable to post). To subscribe to the list, use the web based gateway at: http://www.rivertown.net/cgi-bin/lwgate [To prevent abuse, your subscription will be verified.] PGPfone for Macintosh and Windows 95/NT can be obtained at these locations: US/Canada users [like PGP, PGPfone falls under ITAR export restrictions.]: http://web.mit.edu/network/pgpfone International users: http://www.ifi.uio.no/pgp/PGPfone.shtml Current versions are: Macintosh - version 1.0b7 Windows 95/NT - version 1.0b2 These versions DON'T talk to previous versions. Presently, the PGPfone Owner's manual is a MAC file and unfortunately it won't open in the Windows environment. Those of us who are MAC-impaired can use the on-line manual available at: http://www.pgp.com/products/fone_01.cgi There is also a "PGP Fone Registry" at the Rivertown.net PGP-users site (which is quite extensive and worth a look for other crypto-related stuff). At this site, people willing to test PGP Fone with others can leave their names and e-mail addresses, along with their area code and local telephone exchange (first three digits) which indicates willingness to be contacted via e-mail to possibly set up a time and place to use PGP Fone with each other. It's very basic right now. You can access it at: http://pgp.rivertown.net/pgp-fone and follow the instructions to sign up. The biggest problem folks have had with PGP Fone is finding someone else to use it with. This site can help alleviate this. Rivertown.net also has a fine PGPfone icon by Mike Acklin. P.S. I concur with Peter Trei on the Forbes ASAP big issue. Try to find a Forbes subscriber and read it all. He left out one author, cypherpunk Bill Frezza. I liked Bill's article best of all. IMO, Buckley and Paglia unwittingly proved in their ASAP articles that it's much easier to fashionably label yourself a "libertarian" than it is to actually *be* one. JMR Regards, Jim Ray DNRC Minister of Encryption Advocacy One of the "legitimate concerns of law enforcement" seems to be that I was born innocent until proven guilty and not the other way around. -- me Please note new 2000bit PGPkey & address PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5 57 52 64 0E DA BA 2C 71 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEPAwUBMqeZATUhsGSn1j2pAQFFOQfQzF0pGgGKt9/VR44TzGxAq9yk7dUs0JPK 4G9TIRePcnZ+IYqBFiqGaCws9EGrK/1ztv7ryl0FstROmldTxFj197lSsEysPMQb M8DUbKsDbsLYlNJNCFJkYz9tihM5w5h1YNj4jPwjec3Js/Bh4T3ab6d+h4Ax1ku0 wsWlVv0keP2yXhcFFHPRkkyXmPtTL31/zkGKkwU9dY/efYSf4GeIApfvnYXzInFD vraFSVd0Qi+8py86RZBauKO/vt7mj9r32HCZevPE89AUDVgVnb9Y5SeT9J0f2pXT qHrpDEguBofvsU/q436Vgla+wrHme2rNYqEPqDslSkNzgg== =FH37 -----END PGP SIGNATURE----- From ichudov at algebra.com Wed Dec 4 19:57:59 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 4 Dec 1996 19:57:59 -0800 (PST) Subject: Microsoft & Key Escrow In-Reply-To: <01BBE227.C266CEA0@bcdev.com> Message-ID: <199612050349.VAA18948@manifold.algebra.com> this is unfortunate -- key escrow is a very good thing as long as it is not mandated by law. any reasonable employer concerned about secrecy and recoverability of his data should use key escrow solutions for their employees' encryption. igor Blake Coverett wrote: > > Following are some of the relevent snippets from > http://www.microsoft.com/intdev/security/export/exporfaq-f.htm. > The comments in square brackets are mine. > > ---cut here--- > What is Microsoft's position on supporting key escrow? > > Key escrow encryption is not a market-driven solution and it raises = > serious privacy concerns for many customers. It is also new, = > undeveloped, untested, and uncosted, and it will take a long time to be = > worked out. Additionally, customers have expressed hesitation about = > mandatory key escrow, especially if they have to give the keys to the = > government or a government-selected third party. Therefore, we are not = > actively adding support for key escrow in our products and technologies. = > > > [About as good as we can ask for. I would, however, like that last = > sentence > better if the word 'actively' was missing.] > > Shouldn't the U.S. government be able to access information that could = > prevent terrorist acts and crime? > > Strong non-key escrow encryption is already available from retail = > outlets, foreign companies, and off the Internet. Thus the U.S. = > government is already having--and will continue to have--a harder time = > in the future accessing plain text regardless of U.S. export = > restrictions.=20 > > [I suppose it would be too much to expect a third sentence > reading. 'This is a good thing.'] > > What is key recovery? How does it relate to key escrow? > > Market-driven data recovery refers to a product feature that allows = > users to maintain a spare private encryption key in a safe place. = > Generally, a data recovery system escrows a copy of the session key with = > the message or file and the user (or perhaps his employer) controls the = > decision whether to utilize this feature. With key escrow the U.S. = > government holds or has access to a user's private encryption key.=20 > > It is not yet clear whether such systems are exportable. In the October = > 1 announcement, the U.S. government referred to "key recovery" without = > defining it; in all likelihood, however, they still have in mind = > government key escrow, and not market-driven data recovery.=20 > > [Hmm... it's just possible that Microsoft's spin doctors are > better than those of the US government. Perhaps they can > sell the world on their definition of 'key recovery' instead of > the one we know the TLAs intended.] > ---cut here--- > > regards, > -Blake > > - Igor. From dlv at bwalk.dm.com Wed Dec 4 20:00:25 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Dec 1996 20:00:25 -0800 (PST) Subject: The House Rules At The Permanent Virtual Cypherpunks Party In-Reply-To: <199612021122.MAA02666@digicash.com> Message-ID: <2D3FyD78w165w@bwalk.dm.com> Bryce writes: > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Rule 2: Don't forward articles from other forums to > > > cypherpunks. We can find it ourselves the same place you did > > > > This is not universally true. Everyone doesn't have access to > > a functional News server or even to the Web, and some interesting > > stuff could come from closed commercial sites etc. > > Yeah, my "rules" are mainly to intimidate newbies into holding > still long enough to be properly socialized. Only the > Meta-Rule is inviolate. Thank you, Bryce, for an excellent quote. Indeed "cypher punks" control freaks are into indimidation and power games. No wonder there's so much intersection between the "cypher punks" and the Usenet news.* Cabal! "Cypher punks" have degenerated into an inbred cybermob whose goal in life is to "enforce" the "rules" that apply to "newbies" (more Cabal-speak) but not to the "in-crowd". Paul Bradley, the vitriolic flamer, is a good example of a "cypher punk". Paul doesn't know much about cryptography, but he's been harrassing Don Wood because Don Wood dared propose a cryprosystem. I haven't examined Don's proposal and don't know how good it is. Paul apparently FTP's Don's files but lacked the technical knowledge to understand the proposal. Paul first posted nonsensical attacks on Don's proposal (discussing a brute-force attack on one-time pad). When several people, including myself, pointed out that Paul was writing nonsense, Paul claimed that he mistyped "one-time pad" for "stream cypher". Although it's an entirely different animal, Paul's writings were still nonsense, even if one substituted "stream cypher" for "one-time pad". After being exposed as ignoramus, Paul abandoned attempts at technical discussion and turned to baiting Don with ad hominem attacks, calling him "master of bullshit", and putting "(spit)" after his name. Don reacted to Paul's provocation exactly once and rather mildly - calling Paul "fatbrain" in reference to his e-mail host. That was the last we heard from Don. Has the content-based censor John Gilmore pulled Don's plug as punishment for "inappropriate content"? Inquiring minds want to know. For the logorrhetics' reading pleasure, I reproduce another quote from Paul: ]From: paul at fatmans.demon.co.uk ]To: "Dr.Dimitri Vulis KOTM" ]Date: Wed, 18 Sep 1996 15:18:16 +0000 ]Subject: Re: Workers Paradise. /Political rant. ]Message-Id: <843149202.18173.0 at fatmans.demon.co.uk> ] ]> Yeah!!! And I'll bounce each mailbomb to everyone who tries it. Won't ]> that be fun. Too ba your netcom account won't last long. ] ]`Fraid not loser, I`ll just mailbomb your ass so bad you won`t know ]what hit you, and my account is on demon, who can handle my incoming ]mail (about 300 a day) without a problem, go ahead punk, make my ]day.. (Paul tried mailbombing me and was warned that his mailbombs will be bounced back to him.) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dthorn at gte.net Wed Dec 4 20:07:38 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 4 Dec 1996 20:07:38 -0800 (PST) Subject: Silence is not assent (re the Vulis nonsense) In-Reply-To: Message-ID: <32A6498D.6010@gte.net> Blanc Weber wrote: > From: Dale Thorn (in reply to Tim May) > If you, Sandy, and the other offenders *really* want to keep the noise > down, then next time ask John directly for a reply, and if none is > forthcoming, say to the list *once*, "John will not answer up", etc., > and let the subscribers draw their own conclusions from the silence, > instead of from your inane "defenses". > As for myself, I was not speaking for Gilmore nor defending him when I > added my reply to the discussion. I brought up an item which others > had overlooked (the fact that Vulis had challenged John to censor him) > as specific reference to include in their judgement of his actions, as > well as illustrating how Vulis had invested a lot of effort in > motivating someone into just such a response. [snip] Thanks for a curteous reply. I believe that my idea above is still a great idea (if the subscribers are not afraid of confrontation), as it would tend to force the issue more into the open. You mention what "others had overlooked". How about this: Tim May sent a message the other day stating (in essence) that the whole "censorship" thing was pretty much a size (rather than content) problem. I posted that notion twice, and there has been *no* discussion of it, as far as I know. Too bad Tim didn't post that at the beginning of the affair, since everyone apparently reads *his* mail. > So I (and others as well) were addressing the *ideas* of censorship & > the actions of private property owners, arguing in regard of a more > precise & correct understanding of the principles involved, as > exemplified by John's actions - but not in place of his own > "self-defense" of them. Can I speculate here? The nature of the list, as pertains to messaging, is fairly quick response for most postings. I'm sure you realize that that raises the emotional content quite a bit, as would be lessened if people typed out their responses and then sat on them (and reviewed them) for a day or so before re-posting. I have no problem with *any* discussion that any subscriber feels necessary, but frankly, when I add it all up, the pro-Gilmore faction went way overboard restating ad nauseam to the effect that "John can do whatever he wants, and y'all can take a hike". > Frankly, most of the long-time members of the list would not need any > such statements of defense from John in order to appreciate the nature > of the circumstance and the reasoning for his symbolic 'censorship'. I apologize in advance for this one, but I honestly think that statement says more about acceptance of the Iron Boot principle than it says about what really happened. I for one am not an insider in any of the various cliques that surround this list, so perhaps I missed something that would explain it better to me. I suppose you are referring to an unspoken understanding, but again, and for future reference, you might want to consider the non-long-time members and speak the unspoken, as it were. From dlv at bwalk.dm.com Wed Dec 4 20:20:57 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Dec 1996 20:20:57 -0800 (PST) Subject: Politeness In-Reply-To: Message-ID: logos writes: > Dimitri Vulis wrote: > > >logos writes: > >> I have been unfailingly polite to you. Do you have it > >> within your character to respond to me in kind? > > >Do you think spelling my last name "Vilus" is polite? > > I think it was neither polite nor impolite. It was > a innocent transposition error. "The lady doth protest too much." --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From blake at bcdev.com Wed Dec 4 20:23:43 1996 From: blake at bcdev.com (Blake Coverett) Date: Wed, 4 Dec 1996 20:23:43 -0800 (PST) Subject: Microsoft & Key Escrow Message-ID: <01BBE23A.1EB130D0@bcdev.com> Igor wrote: > this is unfortunate -- key escrow is a very good thing as long > as it is not mandated by law. > > any reasonable employer concerned about secrecy and recoverability > of his data should use key escrow solutions for their employees' > encryption. It appears you only read the first question and answer. Go back and read the third one. regards, -Blake From deviant at pooh-corner.com Wed Dec 4 20:25:50 1996 From: deviant at pooh-corner.com (The Deviant) Date: Wed, 4 Dec 1996 20:25:50 -0800 (PST) Subject: [crypto] Avatar Protection? In-Reply-To: <9612050108.AA07734@notesgw2.sybase.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 4 Dec 1996, Ryan Russell/SYBASE wrote: > A graphic-designer friend of mine and I were talking > about VRML avatars, and custom design work, and > could he offer a service designing them etc... > > His worry is that since everyone in the same virtual > environment as his customer would see the designer > avatar, wouldn't they also be able to easily rip off > his work? (or his customer's property, take your pick.) > > I wasn't sure...it seems to me that I read something vaguely > along these lines for a cryptography protocol of some sort.. > The problem is this: Is there a way for a user to "view" the client's > avatar (and in this sense, the user usually has to receive a copy > of the code to render the avatar and render it on the local machine) > but not save a copy? Assume that a client with no save feature > is not a viable option...too easy to work around. Well, its concievable to write your own client, and make the code such that it only works with that client... I know, it kindof sucks, doesn't it? > > I suppose an analogy would be: Is there a way for a person to > see the plaintext, but not record it? I think that question really > answers itself - no. How about alternatives? If the server > of the environment only renders "views" (say, certain angles, or > a bitmap) of the avatar, rather than sending the description file? > > Any other thoughts? > > Ryan > --Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 "First things first -- but not necessarily in that order" -- The Doctor, "Doctor Who" -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMqZOczCdEh3oIPAVAQHEAwf+IZ4KzMjcmb8t/HTMBvp83ChZ0VLS6xa3 +OwtpvkVGnuD4AJ+ayvDS10u4oAx78OillYDPolz6Gpnv0L+KDseo0sz7Yhgvepp HwUw4UqMDBu9BMfkITFs6IS773EIgC8JmIf8/u6xEH/tvUjl44RQlgX+YE1Ybhvq cGo3dF60fdiYzmoYvYESrMo9ldr97bImSjUE46bd4ZrtHjVTqDB75r9Uhb38SPWD SdEi6rdC4sX1dY9zdJHIruhIM5BBpZcHX9Vo8cOSvzZY1s7rHXVQgb34rIcUcx7T 2GJTeJsTS2boi9O0urkKW8FIZtq82AnBk5WsavRtEIw0O5pC0jhR2g== =aWWo -----END PGP SIGNATURE----- From logos at c2.net Wed Dec 4 20:37:06 1996 From: logos at c2.net (logos) Date: Wed, 4 Dec 1996 20:37:06 -0800 (PST) Subject: for future reference Message-ID: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzKk8w8AAAEEANQEG7EoV5nsodaoASR7tW0kMp438idFKQRH768R9QLkHpuK Ec3VI1DbTivF8W9UpVdTyLbXMf3rVysVEOnVeRKlyZV4m+qMneCc4GBUJhDoJ/Ic jEAnaoM7V7KHoGLzpQGDWOG633TcBIjURVmyr9pIYIGMXnpxvpZRaIBMOSlxAAUR tBRMb2dvcyA8bG9nb3NAYzIubmV0Pg== =PRk1 -----END PGP PUBLIC KEY BLOCK----- Logos out From ares at imaginet-us.net Wed Dec 4 20:54:15 1996 From: ares at imaginet-us.net (Ares GodOfWar) Date: Wed, 4 Dec 1996 20:54:15 -0800 (PST) Subject: PGP 5.0?? In-Reply-To: Message-ID: <32A654A4.D8D@imaginet-us.net> lo all i am in a terrible mess... can someone inform me as to the location of PGP 5.0 shareware?? i need it asap ;] thanx From deviant at pooh-corner.com Wed Dec 4 21:10:43 1996 From: deviant at pooh-corner.com (The Deviant) Date: Wed, 4 Dec 1996 21:10:43 -0800 (PST) Subject: Politeness In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 4 Dec 1996, logos wrote: > Dimitri Vulis wrote: > > >logos writes: > >> I have been unfailingly polite to you. Do you have it > >> within your character to respond to me in kind? > > >Do you think spelling my last name "Vilus" is polite? > > I think it was neither polite nor impolite. It was > a innocent transposition error. > Correcting the error and apologizing were polite, > however. Do you disagree? > I have already raised the question of your apparent > lack of intellectual honesty in that you seem to not apply > the same rules of conduct on yourself as you would on > others. In English there is the saying, 'what is sauce for > the goose, is sauce for the gander'. I note that you have > spelt my name as 'logos'. As it is a proper noun in the > usage and I have spelt it with the 'L', I would ask you if > you consider this spelling of my name to be polite? > > Logos out > While I neither agree nor disagree with either of your positions, I must point out that "Logos" did indeed spell his name as "logos" in his own message header. --Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 Without followers, evil cannot spread. -- Spock, "And The Children Shall Lead", stardate 5029.5 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMqZY2TCdEh3oIPAVAQHCawf8CrLnuTWx2Z2N+E/I5EA2ZeE5YVi8YoUO w4kZcb5AnrPhDIZzJBhIYyKZ3eprVlVW+wwRd7EwFksk2GgrJwEKdfBKtS7PhcCb kY87KVbtkCYodeVIi7zplla7CQ3k2zSvcIx27GYSO1RJsj/z5Bmyq8rOkbqocvrR 6QUjyejb5IaYmYCVcDvbblialdIkU8y2L27hfukAISx9pPQ8nf/X+NDV6QmILZNY 9rJSTPGsMchqNrZ4yYbVeUWl7VfxTuuKbx4BSXS0GFR5xnETs+Z43MJDjp0ukctj iimhecpMWd7+xdrTAZWsHGQ/kHk6vQGjSFpr7s3qpIpi+yCQCdXF2w== =QzdT -----END PGP SIGNATURE----- From dthorn at gte.net Wed Dec 4 21:21:09 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 4 Dec 1996 21:21:09 -0800 (PST) Subject: Logos -vs- Vulis In-Reply-To: Message-ID: <32A65894.1A5@gte.net> logos wrote: > Dimitri Vulis wrote: > > Lame losers who call themselves "cypher punks" and bend > > over for John Gilmore. > It is obvious that you, Dimitri Vulis, intend to be > disruptive to the operation of this list. I have politely > asked you several specific questions about your motives. Sorry for the noise, but could Logos be specific as to the fallacy in each item he/she is addressing? I thought that was the purpose of the Logos character. From dlv at bwalk.dm.com Wed Dec 4 21:30:37 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Dec 1996 21:30:37 -0800 (PST) Subject: Politeness In-Reply-To: Message-ID: <4X7FyD2w165w@bwalk.dm.com> The Deviant writes: > On Wed, 4 Dec 1996, logos wrote: > > > Dimitri Vulis wrote: > > > > >logos writes: ... > > I have already raised the question of your apparent > > lack of intellectual honesty in that you seem to not apply > > the same rules of conduct on yourself as you would on > > others. In English there is the saying, 'what is sauce for > > the goose, is sauce for the gander'. I note that you have > > spelt my name as 'logos'. As it is a proper noun in the > > usage and I have spelt it with the 'L', I would ask you if > > you consider this spelling of my name to be polite? > > > > Logos out > > While I neither agree nor disagree with either of your positions, I must > point out that "Logos" did indeed spell his name as "logos" in his own > message header. He he he what is sauce for the goose is sauce for the gander blah blah blah intellectual dishonesty blah blah blah typical logorrhetic "cypher punk" can't spell his own nym politely. Thanks, Deviant. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tcmay at got.net Wed Dec 4 21:33:47 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 4 Dec 1996 21:33:47 -0800 (PST) Subject: Microsoft & Key Escrow In-Reply-To: <01BBE227.C266CEA0@bcdev.com> Message-ID: At 9:49 PM -0600 12/4/96, Igor Chudov @ home wrote: >this is unfortunate -- key escrow is a very good thing as long >as it is not mandated by law. Agreed, except that I would call voluntary, corporate plans "key recovery," not "key escrow." (The government now calls their non-voluntary system "key recovery" as well, so the term is still overloaded.) The concern many of us have had for several years (*) is that such schemes are very dangerous, acting as a kind of "sword of Damocles" over our heads. A widely-used, government-encouraged key recovery program, once deployed, could too easily be made mandatory. Hence our interest in sabotaging or subverting such schemes, to preserve additional degrees of freedom should a ban be attempted. And clearly even corporate key recovery schemes are not really designed to be robust against willful attempts to subvert the recovery of plaintext. The intention is to deal with forgetful employees, departed employees, etc., not those who attempt to, for example, superencrypt their communications. Furthermore--and this has been noted many, many times--there are essentially no plausible situations in which either _corporations_ or _individuals_ would need or want key recovery for *communications*. After all, individuals or employees within corporations have (possibly) encrypted files on their disks, including outgoing and incoming e-mail. They use communications cryptography--PGP, whatever--to guard against _interception_ by other corporations, other individuals, or governments (including their own). For example, they encrypt using the public key of their recipient. So, why would someone practicing such communications security care about key recovery, for the communications? Only one word suffices here: "Duh." On other hand, _governments_ are thwarted by such communications security, and this is the real motivation for key recovery. Louis Freeh, Jim Kallstrom, Dorothy Denning, and others have said as much. >any reasonable employer concerned about secrecy and recoverability >of his data should use key escrow solutions for their employees' >encryption. But certainly not for *communications security*. Corporations such as Microsoft would do well, I think, to explicitly point this out and to make clear that corporate key recovery products will be oriented toward key recovery for files stored on corporate computers--which would presumably include the originally-generated plaintext messages sent to other sites or users--and not oriented toward mandating the forms the _communications_ must take. Sadly, most journalists who write about crypto have failed to pick up on this important point....I guess writing articles about the "death of the Cypherpunks list" is more important (and keeps Vulis feeling good about himself). Oh well. (* Just as the Cypherpunks list was being formed, circa October 1993, I posted an article to sci.crypt about "A Trial Balloon to Ban Encryption?" This was based on some views expressed by Prof. Dorothy Denning, who even then, six months before Clipper, was making arguments for government access to keys. I anticipated a government move to limit public key encryption, using some form of key escrow. Sure enough....) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dispatch at cnet.com Wed Dec 4 21:43:57 1996 From: dispatch at cnet.com (The CNET newsletter) Date: Wed, 4 Dec 1996 21:43:57 -0800 (PST) Subject: NEWS.COM Dispatch, Dec. 4, 1996 Message-ID: <199612050528.VAA11544@cappone.cnet.com> **************************************** NEWS.COM DISPATCH Wednesday, December 4, 1996 San Francisco, California, USA *************************************** WELCOME! *************************************** NEWS.COM DISPATCH summarizes the up-to-the minute technology news presented by NEWS.COM. It tempts readers with coverage of today's hottest stories, news in the making, (in)credible rumors, and other indispensable information. For complete versions of the stories updated all day long, head over to: http://www.news.com/?nd *************************************** SCOOPS AND TOP STORIES Gore gets an earful from cybermoguls on encryption policy Steve Jobs tells tech crowd, "It's the content, stupid!" Microsoft's Ballmer takes verbal digs at NC-happy competitors ANNOUNCEMENTS An easy way for you to customize NEWS.COM Send us your questions, comments, flotsam, and jetsam How to subscribe and unsubscribe *************************************** SCOOPS AND TOP STORIES GORE GETS AN EARFUL FROM CYBERMOGULS ON ENCRYPTION POLICY Al Gore, the ultimate information highway cheerleader, won't like what he sees in his in-box: stern criticism of the White House's encryption policy. The Business Software Alliance's letter says Bill and Al are heading in the "absolute wrong direction." But giving is better than receiving (it is, after all, the holidays), and the industry group offers five ways out of the morass. http://www.news.com/News/Item/0%2C4%2C5909%2C00.html?nd STEVE JOBS TELLS TECH CROWD, "IT'S THE CONTENT, STUPID!" The man who helped launch the computer revolution of the 1980s is now exhorting creative types to take their rightful place at the digital table. Citing blockbuster films Toy Story, Jobs preached that only the combination of technology AND creativity will get the consumers' juices flowing. http://www.news.com/News/Item/0%2C4%2C5913%2C00.html?nd MICROSOFT'S BALLMER TAKES VERBAL DIGS AT NC HAPPY COMPETITORS Perhaps you thought Microsoft was worried, or at least cranky, about all the predictions Ellison and company have been making about the network computer dethroning the PC as machine du jour? Not at all. In fact, says Steve Ballmer, "it's fantastic!" http://www.news.com/News/Item/0%2C4%2C5896%2C00.html?nd *************************************** ANNOUNCEMENTS AN EASY WAY FOR YOU TO CUSTOMIZE NEWS.COM So many bits, so little time? Sounds like you need Custom News. Identify topics, keywords, or sections you're interested in, and Custom News will a create a page of headlines and summaries for stories matching your criteria. Check it out at: http://www.news.com/Personalization/Entry/1%2C21%2C%2C00.html?nocache=1 SEND US QUESTIONS, COMMENTS, FLOTSAM, AND JETSAM If you have any questions, suggestions or remarks, send us a message: newsdispatch at cnet.com HOW TO SUBSCRIBE AND TO UNSUBSCRIBE To subscribe to News Dispatch: Send mail to listserv at dispatch.cnet.com with the message: subscribe news-dispatch (your name) in the message body. To unsubscribe send the message: signoff news-dispatch *************************************** CNET: The Computer Network http://www.cnet.com/ http://www.news.com/ http://www.gamecenter.com/ http://www.download.com/ http://www.search.com/ http://www.shareware.com/ From erehwon at c2.net Wed Dec 4 22:11:35 1996 From: erehwon at c2.net (William Knowles) Date: Wed, 4 Dec 1996 22:11:35 -0800 (PST) Subject: PGP 5.0?? In-Reply-To: Message-ID: Ares GodOfWar writes: >lo all > >i am in a terrible mess... >can someone inform me as to the location of PGP 5.0 shareware?? >i need it asap ;] Telnet to: all.net login: your name Password: guest Good Luck! William Knowles erehwon at c2.net -- William Knowles PGP mail welcome & prefered / KeyID 1024/2C34BCF9 PGP Fingerprint 55 0C 78 3C C9 C4 44 DE 5A 3C B4 60 9C 00 FB BD Finger for public key -- Sitting on the razors edge of freedom of speech. From logos at c2.net Wed Dec 4 22:12:26 1996 From: logos at c2.net (logos) Date: Wed, 4 Dec 1996 22:12:26 -0800 (PST) Subject: Intellectual dishonesty Message-ID: Dimitri Vulis wrote: > > LOGOS writes: > > > > Yes, that and other catagorizations which are > > irrelevant to the primary focus of this list. > It's funny that you should say this, since Tim May and other prominent > "cypher punks" devote so much attention to their "enemies'" ethnicity and > religion. Recall the attacks on "crazy Russians", "immigrants who abuse > American freedoms", the recent attack on Hispanics, the attacks on Jews, > the attacks on Mormons... Yes I do recall some of those statements. Since you feel that those 'attacks' were inappropriate, is it not intellectually dishonest to engage in such 'attacks' yourself? If it was wrong for them, how can it be right for you? If your age, sex, sexual preference, race, ethnicity, mother tongue, nationality, etc. are irrelevant to the discussions on this list, what possible justification is there for you to raise such issues in my case? I wrote: > > In any case, it is a good example of the informal logical > > fallacy of 'over generalization'. As I understand it, there > > are circa 1000 people subscribed to Cypherpunks. To paint > > an entire group with such a characterization is both > > illogical and unfair. I also question your use of the To which you replied: > What about painting entire ethnic or religion groups, as Timmy May does? This is truly a non-sequitor. I am sure you know better than this. Tim May is responsible for his actions; you are responsible for yours. Taken to it's logical conclusion, if Tim were to murder a random Russian immigrant, you would be justified in killing a random native American. As I said before, you are obviously too smart to seriously entertain such an irrational viewpoint. Thus it is difficult to draw any conclusion other then that you are rationalizing your inappropriate behaviour. > You sound like someone who doesn't read this list, but only "reads the > logs" and sees the complaints from the likes of Arsen... Actually, I read it quite thoroughly. > I've recently quoted the selected writings of Paul Bradley, most of > which were far more "uncultured; crude; or boorish" that anything I > ever said. For example: [elided] Again, would you please explain the logical basis for committing the same abuses you cite from others? I would think you would seek to distance yourself from such behavior, rather than to exceed it. The inappropriate abuse of the 1000 members of this list by others can in no way excuse their further abuse by you. > > It is obvious to me that you are an intelligent person. > > I am concerned, however, with your apparent intellectual > > dishonesty. It would appear that you know perfectly well > You want intellectual dishonesty - look upstairs from toad.com. No, I want intellectual honesty. But even if I look upstairs from toad.com and find intellectual dishonesty, how would that in any way mitigate your apparent intellectual dishonesty? Are you arguing that one is somehow dependent on, or the result of the other? This makes no sense to me. Does it to you? > > that your posts serve no purpose in the cause of promoting > > privacy through the use of cryptography. It is hard to > > draw any other conclusion then that you are intentionally > > being provocative for the purpose of disrupting the work > > of this list. If this is not so, I apologize, but how > > else can we judge your actions? Please step outside of > > yourself for a moment and give us an honest self-assessment > > of your behavior and the motives behind it. > The work of this list appears to be character assassination. If people like > Paul Bradley and Tim May insist on slandering people and trying to harm > their professional reputations (see the thread on "don't hire" lists), > I will do my best to defend them and their freedom of speech,... The above does not appear to make sense. Did you leave something out? It is unclear to me how rude and provocative personal attacks and broad, unkind generalizations about Cypherpunk list members defends freedom of speech, protects privacy or promotes cryptography. Would you please explain the rationale behind your actions? Logos out From ichudov at algebra.com Wed Dec 4 22:21:57 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 4 Dec 1996 22:21:57 -0800 (PST) Subject: The House Rules At The Permanent Virtual Cypherpunks Party In-Reply-To: <2D3FyD78w165w@bwalk.dm.com> Message-ID: <199612050559.XAA19657@manifold.algebra.com> Dr.Dimitri Vulis KOTM wrote: > > "Cypher punks" have degenerated into an inbred cybermob whose goal in life > is to "enforce" the "rules" that apply to "newbies" (more Cabal-speak) but > not to the "in-crowd". > > Paul Bradley, the vitriolic flamer, is a good example of a "cypher punk". > Paul doesn't know much about cryptography, but he's been harrassing Don Wood > because Don Wood dared propose a cryprosystem. I haven't examined Don's > proposal and don't know how good it is. Paul apparently FTP's Don's files > but lacked the technical knowledge to understand the proposal. Paul first Why don't you look at it. I am interested in your comments regarding possible attacks on Don Wood's system. - Igor. From stewarts at ix.netcom.com Wed Dec 4 22:23:21 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Wed, 4 Dec 1996 22:23:21 -0800 (PST) Subject: W3C Picks PICS for Censorship Message-ID: <1.5.4.32.19961205062304.003a76c8@popd.ix.netcom.com> >> W3C ISSUES PICS AS A RECOMMENDATION; PICS READY FOR WIDESPREAD ADOPTION; ENABLING USERS TO FILTER INTERNET CONTENT WITHOUT CENSORSHIP - The World Wide Web Consortium today endorsed the Platform for Internet Content Selection specifications as a W3C Recommendation. This Recommendation represents the W3C's highest "Stamp of Approval." It signifies that PICS specifications are stable ... [Business Wire, 854 words] # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk # (If this is posted to cypherpunks, I'm currently lurking from fcpunx, # so please Cc: me on replies. Thanks.) From rkluge at nunic.nu.edu Wed Dec 4 22:27:19 1996 From: rkluge at nunic.nu.edu (bobbi) Date: Wed, 4 Dec 1996 22:27:19 -0800 (PST) Subject: Why Cryptography is harder than it looks? In-Reply-To: Message-ID: try http://www.counterpane.com/ On Wed, 4 Dec 1996, Brent Cunningham wrote: ~~Can you please either: 1) email me a copy; or 2) give me a pointer as ~~to where I can get a copy; of Bruce Schneier's paper on "Why ~~Cryptography is harder than it looks?" ~~ ~~ bobbi kluge voice: 619.945.6248 rkluge at nunic.nu.edu fax: 619.945.6397 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #!/bin/perl -sp0777i Dale Thorn wrote: > Dimitri Vulis wrote: > > Lame losers who call themselves "cypher punks" and bend > > over for John Gilmore. > It is obvious that you, Dimitri Vulis, intend to be > disruptive to the operation of this list. I have politely > asked you several specific questions about your motives. Sorry for the noise, but could Logos be specific as to the fallacy in each item he/she is addressing? I thought that was the purpose of the Logos character. I indicated in my original post that I would be addressing both logic and decorum. With regard to the questions above, I was asking Dimitri Vulis to give a more detailed explanation of his thinking process. Once some of his assumptions are made explicit, it will be easier to make meaningful comments about the rigor of his reasoning process. It was never my intent to nit pick about every bit of sloppy reasoning by every poster to Cypherpunks. Rather, I am trying to elevate the general level of discourse via selective commentary and (hopefully) by example. If Dale Thorn, or anyone else, feels that a more rigourous attention to logic and/or decorum is called for, I heartily welcome your participation. Logos out From Adamsc at io-online.com Wed Dec 4 22:58:20 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 4 Dec 1996 22:58:20 -0800 (PST) Subject: IP address Message-ID: <19961205065535453.AAA200@rn215.io-online.com> On Mon, 2 Dec 1996 04:38:46 -0600 (CST), Igor Chudov @ home wrote: >> >What is the risk of publishing your dynamic IP address to a web page while you are on line? How vulnerable is >> >someone just connected to the internet, w/o any server running? What attacks are feasable? --Internaut >> Well, if you are running Win95 (all) or 3.1 (w/certain TCP/IP stacks) your >> machine can be locked up or rebooted at *any* time using just PING! >Isn't is Unix that is actually vulnerable? Actually, it anything from Windows systems to Unix boxes to routers to printers to firewalls, etc can be vulnerable..! I know that linux got a patch out in 2 hours 35 minutes 10 seconds and that OS/2 hasn't been vulnerable since 1990 or so, but that's just because I use those systems. Check http://www.sophist.demon.co.uk/ping/ for details on your system. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From lucifer at dhp.com Wed Dec 4 23:00:25 1996 From: lucifer at dhp.com (Anonymous) Date: Wed, 4 Dec 1996 23:00:25 -0800 (PST) Subject: [CRYPTO] Forgery detection Message-ID: <199612050700.CAA10539@dhp.com> Timmy `C' May uses an Adolf Hitler action figure as a dildo. >\\\|/< |_ ; (O) (o) -OOO--(_)--OOOo- Timmy `C' May From dthorn at gte.net Wed Dec 4 23:19:56 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 4 Dec 1996 23:19:56 -0800 (PST) Subject: Logos -vs- Vulis In-Reply-To: Message-ID: <32A67717.1E5D@gte.net> logos wrote: > Dale Thorn wrote: > > Dimitri Vulis wrote: > > > Lame losers who call themselves "cypher punks" and bend > > > over for John Gilmore. > > It is obvious that you, Dimitri Vulis, intend to be > > disruptive to the operation of this list. I have politely > > asked you several specific questions about your motives. > Sorry for the noise, but could Logos be specific as to the fallacy in > each item he/she is addressing? I thought that was the purpose of > the Logos character. > I indicated in my original post that I would be addressing both logic > and decorum.[snip] > It was never my intent to nit pick about every bit of sloppy reasoning > by every poster to Cypherpunks. Rather, I am trying to elevate the > general level of discourse via selective commentary and (hopefully) by > example. If Dale Thorn, or anyone else, feels that a more rigourous > attention to logic and/or decorum is called for, I heartily welcome > your participation. I understand that you don't want to nit-pick *every* bit of every post, however, once you do decide to pick on somebody, surely you could point to the specific fallacies, rather than wring your hands and gnash your teeth as you did in the long note to the Great Expelled One. Don't think I don't know what's going on here. I got permanently expelled from two schools as a youth, to name just two examples from my illustrious career, yet after learning how to play the game, I probably am doing much better than most of the drones who completed their studies and kept their mouths shut. My life is continually interesting, and I wouldn't think of trading it for the neurotic, control-freak-mentality lifestyle certain folks around here "enjoy". I'm sure (if you know crypto topics) you realize that in creating a crypto solution, there's no substitute for rigorous attention to detail. I'm not opposed to paying some attention to decorum, but logic comes first, otherwise, you won't have a leg to stand on. From tcmay at got.net Wed Dec 4 23:49:43 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 4 Dec 1996 23:49:43 -0800 (PST) Subject: Intellectual dishonesty In-Reply-To: Message-ID: Though I have some suspicions that "Logos" is someone I know in Real Life, I've come to think he's as bad for the list as Vulis, Grubor, and the others are. His "superficial decorum" does not hide a deeper viciousness and cluelessness. At 10:12 PM -0800 12/4/96, logos wrote: >Dimitri Vulis wrote: ... >> It's funny that you should say this, since Tim May and other prominent >> "cypher punks" devote so much attention to their "enemies'" ethnicity and >> religion. Recall the attacks on "crazy Russians", "immigrants who abuse >> American freedoms", the recent attack on Hispanics, the attacks on Jews, >> the attacks on Mormons... > > Yes I do recall some of those statements. Since you >feel that those 'attacks' were inappropriate, is it not >intellectually dishonest to engage in such 'attacks' >yourself? If it was wrong for them, how can it be right >for you? Fatuous nonsense. The "attacks" Vulis refers to were satirical. This has been lost in the Noise of the Big Lie. Logos is now the 17th resident of my Eudora filter file. --Tim May P.S. I certainly hope this "Logos" nym is not who I suspect it is, as this will surely end our Real World friendship. A fucking bozo. Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From blancw at cnw.com Wed Dec 4 23:51:30 1996 From: blancw at cnw.com (blanc) Date: Wed, 4 Dec 1996 23:51:30 -0800 (PST) Subject: Counterproductive Dorothy Denning Flames Message-ID: <01BBE23E.19BA2560@king1-01.cnw.com> From: Sir Galahad I agree. I hope that my own statements have influence in spite of my mouldy reputation. ........................................... Well, on the net nobody knows if you're mouldy, but only if your ideas are fresh. :>) You've presented some quite insightful explanations for why Ms. Denning's prestigious image would give one pause to consider her with reprehension, if not outright contempt. As they say, YMMV, depending on how educated you are on the subject of encryption, privacy, and crimes against humanity. .. Blanc From aga at dhp.com Thu Dec 5 01:32:23 1996 From: aga at dhp.com (aga) Date: Thu, 5 Dec 1996 01:32:23 -0800 (PST) Subject: Jack D. Hidary & Arsen In-Reply-To: <7RZFyD77w165w@bwalk.dm.com> Message-ID: Does this "Arsen" still work for Jack D. Hidary and that EarthWeb LLC? On Wed, 4 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > > Just ignore them - Vulis is on the rag again. Someone please buy Vulis a > > box of anal tampons so he can calm down. > > This reminds me how someone posted an anonymous message to this list calling > Matt Blaze a "homosexual Jew" and Tim Scanlon (another lying Tim) immediately > announced that I must be its author. He lied, of course, being a "cypher punk". > > Anyway, seeing that Arsen posted the above obscenities during duty hours, I > figured I'll post another tutorial on tracking down information on the 'net. > > Arsen vainly insisted on listing his name in InterNIC's database as RA1215 > (unusual for someone supposedly interested in privacy). Arsen listed a phone > number (+1 718 786 4227) which is apparently at his parents' residence (48-21 > 40th St, Apt 2B, Calvary, NY 11104-4111) and a fax number (+1 212 725 6559). > > The fax number is in Manhattan area code. A good conjecture is that it belongs > to some sort of business, and that the business's main number ends with a 0. > > Indeed, calling +1 212 725 6550 (Arsen's listed fax number, 9 replaced by a 0) > and talking to a nice young lady reveals that this phone number belongs to the > Web designer EarthWeb, LLC; that they're at 3 Park Ave, 38th floor, New York, > NY 10016; that the partnership's principals are: > * Jack D. Hidary, president and CEO, > * Murray Hidary, senior vice president for operations, > * Nova Spivack, senior vice president for marketing, > and that Arsen is their associate network administrator. > > That's how much one can learn just from the fax number in one's InterNIC entry. > > For the logorrhetics' reading pleasure, I'll quote some of Arsen's earlier > writings on the "cypher punks" mailing list: > > ]Actually, unlike you, I do feel sorry for you, for you truly have no life > ]and have nothing better to do than to start flame wars and such. Do > ]yourself a favor, get a real life. Go get off your fat ass and do > ]something with yourself other than masturbating. > ... > ]You wouldn't know what a life is if one came up to you and bit you on your > ]ass. Oh tell us oh great one, and what is it that you know? But spare us > ]the flames and hate. We already know that you are an asshole, of that > ]there is little doubt. What is at doubt is your degree, or is it a > ]pedigree? Shower us with your knowledge if you have any, for it is > ]apparent that dazzling us with your bullshit isn't working. > ... > ]And what by your definition is your level of life if all your output > ]seems to be nothing more than flames and flame bait? How much of a loser > ]are you to resort to anonymous daily warnings about Tim? Just how off > ]topic and stupid was your message when you posted it? Just how many > ]plates of pork and beans do you eat each day to keep up your innane level > ]of flatulence? > ... > ]Apparently that "Doctorhood" of yours is good only for masturbatory self > ]congratulations, and when nobody pays attention to it, you turn around and > ]put others down so that in your oppinion, such as it is, you come out > ]smelling like roses. Buddy, I've news for you, you aren't fooling anyone. > ]You are the total absolute embodyment of shit. No, before you > ]congratulate yourself on your achievement of shithood, you aren't even > ]even human or dog shit, no. You are the essence of amoeba shit. The > ]lowest of the low. You've a long way to go before you will ever achive > ]the status of high human shit. But I must admit, you certainly know how > ]to strive for that goal. It's too bad you'll never be more than low > ]grade microscopic shit though. > ]... > ]And for that, you have my deepest condolances. At least I hope this > ]comforts you in your lack of life, for assuredly you haven't much of one. > ]At least at a minimum, if you get nothing else from this message, you'll > ]get a tenth of an ounce of pitty. > ]... > ]And maybe someday, if you are really really good you might even achive > ]rat shitdom. Then we'll be real proud of you for being rat shit, but > ]until that time, strive hard and work long hours. Hey, and when you reach > ]rat shitdom and become emeritus ratus shitus, we'll throw you a party! > > Aren't the "cypher punks" a polite lot? > > --- > > Dr.Dimitri Vulis KOTM > Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps > From stewarts at ix.netcom.com Thu Dec 5 01:45:22 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Thu, 5 Dec 1996 01:45:22 -0800 (PST) Subject: SAIC buying Bellcore - Spooks have your number. Message-ID: <1.5.4.32.19961205094500.003b870c@popd.ix.netcom.com> The papers have been announcing recently that SAIC is buying Bellcore for ~$700M. SAIC is the spook-connected beltway bandit firm that recently bought the Network Solutions folks who run the Internet NIC. Bellcore is the Bell Labs spinoff that the RBOCs have jointly owned since the breakup of the Bell System a decade ago. One of the interesting things that Bellcore does is own and administer the North American Numbering Plan, which is the telephone numbering space for Country Code 1, including the US, Canada, and much of the Caribbean. (Mexico used to have a kluged subset of 1, but a few years ago decided to join with Latin America instead, gaining 5- prefixes.) So you want an Internet domain name? Ask SAIC. You want a phone number? Ask SAIC. It's nothing to get all paranoid about, probably, but it would be interesting to speculate what they can do with it, besides finding a post-Cold-War income stream. I wonder if the Ethernet address space or IPv4 or maybe IPv6 addresses are their next acquisition? # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk # (If this is posted to cypherpunks, I'm currently lurking from fcpunx, # so please Cc: me on replies. Thanks.) From stewarts at ix.netcom.com Thu Dec 5 01:47:02 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Thu, 5 Dec 1996 01:47:02 -0800 (PST) Subject: Laptops and TEMPEST Message-ID: <1.5.4.32.19961205094443.003ac018@popd.ix.netcom.com> >Not to mention the point that an external attacker--say, the NSA van parked >across the street--will under no circumstances be able to measure "the" >spectrum: his antennas cannot possibly measure the signals (at the lower >bits) seen by the FM receiver, noise source local to the computer, whatever. Tim was talking about the Bad Guys setting your radio noise generator, but the other side of the coin is TEMPEST - making sure your computers don't emit enough radiation for Bad Guys to read it. CRTs are well known as emitters of easily decoded signal, but people have occasionally suggested on this list that laptop LCD screens are much quieter. I now have a data point on this one, and basically, it ain't so. Take a basic television with big rabbit-ear antennas. Tune to the football game on Channel 6. Take your AT&T Globalyst 250P (which is a gray NEC Versa with a Death Star), with the 16-million-color 640x480 screen in 65536-color mode, and pop up a DOS command window in white-on-black. Type a few lines of text, then look at the TV. The sync wasn't quite right, but there were about three copies of my DOS window. It may have been scrolling slowly vertically or horizontally, but it was relatively readable given the lack of resolution of the screen. A good receiver run by a Bad Guy ought to be able to set its scan rates correctly to pick up the screen at better resolution. There are obviously more variables to be explored, but other people who were present at the time considered the football game to be more important :-) # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk # (If this is posted to cypherpunks, I'm currently lurking from fcpunx, # so please Cc: me on replies. Thanks.) From jt at freenix.fr Thu Dec 5 03:00:36 1996 From: jt at freenix.fr (J. Thorel / Netpress) Date: Thu, 5 Dec 1996 03:00:36 -0800 (PST) Subject: Leaked Letter Reveals French Key-Escrow Scheme Message-ID: lambda 2.12 * * * * * For several months French authorities have quietly begun to build the world's first "key recovery" encryption scheme, scheduled to take effect early in 1997. But a leaked letter sent to the official security agency, the SCSSI, reveals that the so-called "trust" has some limitation in the draft project. The proposal, called a "decret d'application," is a prime ministerial decree scheduled to be issued after the Telecommunications Reform Act of July 27, 1996 (http://www.telecom.gouv.fr/francais/activ/telecom/lrt96.htm). In France, a law only takes effect after the government signs it as a decree. The decree will define the business conditions of future "trusted third party" (TTP) systems -- in French referred to as "tiers de confidentialite," or a "privacy third party" -- and stresses the difference between the two basic encryption applications: digital signature and privacy. These agents will have the role of electronic notaries, keeping crypto keys in custody for law enforcement or national intelligence purposes. Lambda Bulletin has also learned that French authorities won't impose the "key recovery" scheme as a "mandatory" one. Yet it seems clear that a company will not be able to do business-as-usual if its encryption systems aren't certified by TTPs. Is this good news for individual users? It's not certain: The law says that crypto is legal *only* if keys are kept in custody. It won't be mandatory -- however if you get caught using PGP, it could be considered as a criminal offense. The letter obtained by the press is signed by Jean-Claude Jouas, president of the computer security think tank CLUSIF, and addressed to General Jean-Louis Desvignes, head of the SCSSI. The CLUSIF represents security-related executives from large French companies (some of which are state-owned, such as Bull and Thomson) and also from private consultancies. The SCSSI decided, after intense lobbying, to meet the industry think tank -- which highly suggests that the CLUSIF saw the close-doors draft decree. * Point 1: The letter emphasizes the lack of resolving important questions such as "international exchanges." The letter says: "It shall be possible for [future TTPs] to search partners in foreign countries in order to make these international exchanges a reality, if these partners are ready to respect French national legislation...." The letter goes on to say: "section 5 [of the draft decree] presents a 'franco-francais' project," which could undermine the basic purposes of TTPs. This national approach could create a blow for the OECD initiatives to reach a worldwide consensus for encryption policies (as described in previous bulletins). Stephane Bortzmeyer, speaking for the French Internet Users Association, says: "We'll need more than these suggestions for allowing a reasonable use of crypto. For instance, the international exchanges case is simple: either PGP or SSH use are legal, or people [in France] won't be able to subscribe to CERT mailing lists." This is because CERT urges its participants to encrypt their communications (for integrity reasons). * Point 2: The so-called "certification" procedures. The CLUSIF says "concerning the users' point of view, the most critical point [is] the certification of encryption means and technologies which will be offered by the [TTP], especially concerning the trust level the users will have to afford. [Evaluation and certification] is the key point to establish a trusted relationship, and we consider it as fundamental to include [this point] in the decree". In terms of certification, people can understand that this will protect the user from possible illegal duplication of encryption private keys, thus helping to prevent illegal interception of communications. If these certification procedures are not scheduled in the draft, people could consider it as a reason for an additional lack of trust. * Point 3: The think tank severely notes that "there is nothing scheduled in the draft in the case of legal disputes ... between the user and the third party." The litigation could erupt if the TTP gives up a users' private keys to unauthorized parties (i.e., a competitor or a curious, wiretapping official...). Epilogue: The SCSSI says the final decree could be published by the end of this month. Lambda personal bet: It might be published on Friday, December 27th. (The previous crypto legislation, in 1990, was passed as law on December 29 -- and the decrees for it were officially signed in 1992, on December 28.) P.S.: The whole CLUSIF letter will be published in the French version of this bulletin (check the Web site: http://www.freenix.fr/netizen) * * * * * Short Notes * * * * * * OECD update: The OECD draft guidelines of the crypto expert group have been revealed in Austria. Check: ftp://ftp.netsphere.co.at/Public/OECD/oecd.doc This is the document that was amended during the September 26-27 meeting in Paris, thus there have been changes since then. * EPIC conference proceedings: It's a long after the event, but you can read the English version of a report on the crypto conference EPIC organized in Paris on Sept. 25, on the eve of the OECD meeting. Check the Planete Internet Web site (English translation by K. N. Cukier): http://194.51.213.12:80/interface/SendPage.exe?ID=389 * EF-Sverige: One Lambda subscriber advises people interesting in cyber-rights in Sweden to check EF Sverige, independent from the US-based organization (although, as for EF France and others, the EFF has given them the right to use the name EF-Sverige. Check their web page at: http://connectum.skurup.se/~annami/ EF-Sveridge was founded by two journalists: Anna-Mi Wendel , the chairman, and Peppe Arninge , a member of the board. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Jerome Thorel Planete Internet Journalist, Paris Editor / Redac chef thorel at netpress.fr 191 av A. Briand, 94230 Cachan Tel: 33 1 49085833 - fax-31 www.planete-internet.com From andrew_loewenstern at il.us.swissbank.com Thu Dec 5 03:33:32 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Thu, 5 Dec 1996 03:33:32 -0800 (PST) Subject: Counterproductive Dorothy Denning Flames In-Reply-To: <199612040549.VAA06361@abraham.cs.berkeley.edu> Message-ID: <9612042128.AA00799@ch1d157nwk> nobody writes: > She is seen as "one of us" because she wrote a book on > cryptography. As a consequence, she is seen as a traitor. > I am not endorsing this view. She didn't just write a book on cryptography, but several books. She is also the Chairperson (eek, PC titles...) of the CS department at Georgetown, a very respectable institution, and has taught classes there on cryptology. She has also done research on crytpographic access control to databases and other stuff. So as far as being a cryptologist she is quite learned and should deserve respect regardless of her political views. However, after reviewing the Skipjack algorithm (of course her being invited to look at it was certainly due to her anti-strong-crypto-for-the-masses views), she said something to the effect of "We looked at it over the weekend and couldn't find anything wrong with it, so you should trust it." when she knows damned well that you can't evaluate a cypher in three days. It is for this that she no longer deserves respect as a cryptologist. She basically cashed in her reputation-capital to help the U.S. Govt. dupe the American people into buying Clipper. Fortunately, we didn't buy it. andrew From se7en at dis.org Thu Dec 5 03:50:32 1996 From: se7en at dis.org (Evil se7en) Date: Thu, 5 Dec 1996 03:50:32 -0800 (PST) Subject: Travelling With Laptops/PGP Message-ID: Problem: I will be spending a couple of months chilling out in Barcelona, Spain. I will have a local Internet account/dial-up in that city, and will use it to telnet into my various US-based accounts. This is how I plan to keep in touch with various people while I am gone. Questions: 1 - Is the importation of two laptops and it's various peripheral devices by a US citizen into Spain going to be a problem? I know it is in some European countries. 2 - Will having PGP 2.6.2, with 2048-bit keys, or any key length for this matter, installed on these two machines, cause a problem? 3 - What about having SSH and ESM installed on the laptops? Will this set off red flags as well? Now, I see a work around if this is a problem, but would like advice on this also: If I generate a temporary PGP key, and distribute it prior to my departure, and then store it on the US-based server (not a good idea, but it is a temporary key, and if it is not a problem in Spain, SSH and ESM would be in use) then bouncing out of Spain via telnet into US-based computers to process encryption/decryption, key management, etc, any encryption would never actually take place on servers outside of the US. Would this be a viable workaround? Or should I just say fuck it, and just disavow myself of any reason/need for PGP for the duration of my stay? If this is gonna be a problem, I'll just forego anything requiring encryption while I am in Spain. I have no interest in smuggling crypto in, or defying international law just to use PGP for personal use. If it's not allowed, I simply won't use it. But, I MUST be able to bring my laptops into the country. That HAS to happen. My Research: I tried to find these answers myself via conventioanl methods, and either there was no information available, or the embassy people I spoke to weren't sure. (Go figure!) So now I ask for your opinions. se7en From se7en at dis.org Thu Dec 5 04:38:01 1996 From: se7en at dis.org (Evil se7en) Date: Thu, 5 Dec 1996 04:38:01 -0800 (PST) Subject: Addendum Message-ID: For those who may bring this up, my questions are in relation to Spain's view of my problems, not the US view, as I can bring PGP out of the US legally. In February 1996, the ITAR rules were amended as regards personal use of cryptography. Temporary export of products for personal use is exempted from the need of a license, provided the exporter takes normal precautions to ensure the security of the product, including locking the product in a hotel room or safe. The product must not be intended for copying, demonstratrion, marketing, sale, re-export, or transfer of ownership or control. In transit, the product must remain with the exporter's accompanying baggage. The exporter must keep records of each export for five years. Export to certain "dangerous" countries (e.g., Cuba, Libya, Syria) is prohibited. See the text of the amendment. se7en From cmcurtin at research.megasoft.com Thu Dec 5 04:59:31 1996 From: cmcurtin at research.megasoft.com (C Matthew Curtin) Date: Thu, 5 Dec 1996 04:59:31 -0800 (PST) Subject: Why Cryptography is harder than it looks? In-Reply-To: Message-ID: <199612051252.HAA04550@goffette.research.megasoft.com> >>>>> "Brent" == Brent Cunningham writes: Brent> Can you please either: 1) email me a copy; or 2) give me a Brent> pointer as to where I can get a copy; of Bruce Schneier's paper Brent> on "Why Cryptography is harder than it looks?" http://www.counterpane.com/whycrypto.html -- Matt Curtin cmcurtin at research.megasoft.com Megasoft, Inc Chief Scientist http://www.research.megasoft.com/people/cmcurtin/ I speak only for myself. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet From gary at systemics.com Thu Dec 5 05:03:46 1996 From: gary at systemics.com (Gary Howland) Date: Thu, 5 Dec 1996 05:03:46 -0800 (PST) Subject: Pronunciation of the "name" "logos" [Was: Re: Politeness] In-Reply-To: Message-ID: <199612051306.OAA01601@internal-mail.systemics.com> > I note that you have > spelt my name as 'logos'. As it is a proper noun in the > usage and I have spelt it with the 'L', I would ask you if > you consider this spelling of my name to be polite? Why don't you change your mail address instead of whinging? If you can't be bothered to use a capital 'L', why should you expect anyone else to? And whilst on the subject of your "name", how is it pronounced? Is it "low goes" (as in "Intel Inside"), or "low goss" (as in "Star Trek")? > Logos out May the force be with you, Gary From cmcurtin at research.megasoft.com Thu Dec 5 05:07:32 1996 From: cmcurtin at research.megasoft.com (C Matthew Curtin) Date: Thu, 5 Dec 1996 05:07:32 -0800 (PST) Subject: Encryption policy challenged Message-ID: <199612051300.IAA04559@goffette.research.megasoft.com> http://www.news.com/News/Item/0,4,5909,00.html?dtn.head "The Business Software Alliance, a powerful Washington trade organization, warned the White House that its encryption policy will fail if the government does not turn to the industry for guidance." blah blah blah ... Interesting how these polite requests from the SBA, et al, are going for such ridiculously low goals. Being able to export 56-bit symmetric cipher products... Why in the world go for such a low number when that is the absolute *best* that you can possibly get? And with such a small difference between 56 and 40 bits, there isn't really any room to haggle. Duh. -- Matt Curtin cmcurtin at research.megasoft.com Megasoft, Inc Chief Scientist http://www.research.megasoft.com/people/cmcurtin/ I speak only for myself. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet From gary at systemics.com Thu Dec 5 05:09:43 1996 From: gary at systemics.com (Gary Howland) Date: Thu, 5 Dec 1996 05:09:43 -0800 (PST) Subject: The House Rules At The Permanent Virtual Cypherpunks Party In-Reply-To: <2D3FyD78w165w@bwalk.dm.com> Message-ID: <199612051312.OAA01650@internal-mail.systemics.com> Dr.Dimitri Vulis KOTM writes: > Bryce writes: > > > Yeah, my "rules" are mainly to intimidate newbies into holding > > still long enough to be properly socialized. Only the > > Meta-Rule is inviolate. > > "Cypher punks" have degenerated into an inbred cybermob whose goal in life > is to "enforce" the "rules" that apply to "newbies" (more Cabal-speak) but > not to the "in-crowd". "Double standards" is the term that springs to mind ... From dlv at bwalk.dm.com Thu Dec 5 05:31:03 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 5 Dec 1996 05:31:03 -0800 (PST) Subject: Intellectual dishonesty In-Reply-To: Message-ID: Timmy May farts: > Though I have some suspicions that "Logos" is someone I know in Real Life, Me too. > P.S. I certainly hope this "Logos" nym is not who I suspect it is, as this > will surely end our Real World friendship. A fucking bozo. Timmy May (fart) lies. He has no friends except lady Palm and her 5 daughters. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Thu Dec 5 05:31:17 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 5 Dec 1996 05:31:17 -0800 (PST) Subject: Fan mail from John Gilmore and his cronies In-Reply-To: <199612050704.AAA02080@zifi.genetics.utah.edu> Message-ID: Apparently I'm not the only one not believing that "Logos" did not misspell both my first name and my last name just "accidentally". >Received: (from bin at localhost) by zifi.genetics.utah.edu (8.8.3/8.6.9) id AAA02080 for dlv at bwalk.dm.com; Thu, 5 Dec 1996 00:04:58 -0700 >Date: Thu, 5 Dec 1996 00:04:58 -0700 >Message-Id: <199612050704.AAA02080 at zifi.genetics.utah.edu> >To: dlv at bwalk.dm.com >From: nobody at zifi.genetics.utah.edu (Anonymous) >Comments: Please report misuse of this automated remailing service to > >You wrote: > >>logos writes: >>> I have been unfailingly polite to you. Do you have it >>> within your character to respond to me in kind? >> >>Do you think spelling my last name "Vilus" is polite? > >Polite, no. Accurate, and perhaps a "freudian typo"? YES. > >Let me guess, O proud (if irony impaired) kook: > >You're now an authority on on-line manners? > > > No. Logos thinks s/he is. :-) From dlv at bwalk.dm.com Thu Dec 5 05:32:44 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 5 Dec 1996 05:32:44 -0800 (PST) Subject: PGP 5.0?? In-Reply-To: <32A654A4.D8D@imaginet-us.net> Message-ID: Ares GodOfWar writes: > lo all > > i am in a terrible mess... > can someone inform me as to the location of PGP 5.0 shareware?? > i need it asap ;] > > thanx While at it, can someone please inform me as to the location of PGP 3.0? I guess it's an old obsolete version. :-) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From v-ntxces at microsoft.com Thu Dec 5 05:46:04 1996 From: v-ntxces at microsoft.com (Clark E. Satter) Date: Thu, 5 Dec 1996 05:46:04 -0800 (PST) Subject: No Subject Message-ID: unsuscribe cypherpunks >X48186 >NC-ITG When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From harka at nycmetro.com Thu Dec 5 05:54:18 1996 From: harka at nycmetro.com (harka at nycmetro.com) Date: Thu, 5 Dec 1996 05:54:18 -0800 (PST) Subject: PGP in Russia Message-ID: Hi there, it's been asked before but I don't know the current answer: Is the use of PGP legal in Russia? And if it's not, how are the chances of a foreigner in Russia using it anyway to get away with it? Please reply privately as I am currently not subscribed to the list... Thanks in advance, Harka at nycmetro.com From SButler at chemson.com Thu Dec 5 07:03:49 1996 From: SButler at chemson.com (Butler, Scott) Date: Thu, 5 Dec 1996 07:03:49 -0800 (PST) Subject: FW: Intellectual dishonesty Message-ID: >Timmy May wrote: > >>P.S. I certainly hope this "Logos" nym is not who I suspect it is, as this >>will surely end our Real World friendship. A fucking bozo. > ^^^^^^^^^^^^^^^^ >^^^ > >Now ... now Timothy. If there is anyone reading this message in the U.K..... Can you remember a television series featuring Ronnie Corbet.. "SORRY" TIMOTHY ! Cheers Scott :-D > > > > From ichudov at algebra.com Thu Dec 5 07:33:22 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Thu, 5 Dec 1996 07:33:22 -0800 (PST) Subject: Travelling With Laptops/PGP In-Reply-To: Message-ID: <199612051519.JAA01171@manifold.algebra.com> if you are afraid of taking pgp with you, here's a proposed solution: do not take pgp with you. when you get to spain, download pgp from norway and recompile. taking keys should not be a problem. igor Evil se7en wrote: > > > > Problem: > > I will be spending a couple of months chilling out in Barcelona, Spain. > I will have a local Internet account/dial-up in that city, and will use > it to telnet into my various US-based accounts. This is how I plan to > keep in touch with various people while I am gone. > > Questions: > > 1 - Is the importation of two laptops and it's various peripheral devices > by a US citizen into Spain going to be a problem? I know it is in some > European countries. > > 2 - Will having PGP 2.6.2, with 2048-bit keys, or any key length for this > matter, installed on these two machines, cause a problem? > > 3 - What about having SSH and ESM installed on the laptops? Will this set > off red flags as well? > > Now, I see a work around if this is a problem, but would like advice on > this also: > > If I generate a temporary PGP key, and distribute it prior to my departure, > and then store it on the US-based server (not a good idea, but it is a > temporary key, and if it is not a problem in Spain, SSH and ESM would be in > use) then bouncing out of Spain via telnet into US-based computers to > process encryption/decryption, key management, etc, any encryption would > never actually take place on servers outside of the US. > > Would this be a viable workaround? Or should I just say fuck it, and just > disavow myself of any reason/need for PGP for the duration of my stay? If > this is gonna be a problem, I'll just forego anything requiring > encryption while I am in Spain. > > I have no interest in smuggling crypto in, or defying international law > just to use PGP for personal use. If it's not allowed, I simply won't use > it. But, I MUST be able to bring my laptops into the country. That HAS to > happen. > > My Research: I tried to find these answers myself via conventioanl > methods, and either there was no information available, or the embassy > people I spoke to weren't sure. (Go figure!) So now I ask for your > opinions. > > se7en > - Igor. From abarrett at checkfree.com Thu Dec 5 08:22:29 1996 From: abarrett at checkfree.com (AJ Barrett) Date: Thu, 5 Dec 1996 08:22:29 -0800 (PST) Subject: [crypto] Avatar Protection? Message-ID: <2.2.32.19961205161828.006f1aa8@xavier> At 09:13 PM 12/4/96 -0500, e$pam wrote: This sounds like a good argument for the crypto "watermark" idea that was discussed a few times earlier on the list. I think it goes something like this: The document/avatar/code/whatever has a crypto identifier embedded in it that can be extracted to verify ownership. Perhaps a good analogy might be a steganographic application. > The problem is this: Is there a way for a user to "view" the client's > avatar (and in this sense, the user usually has to receive a copy > of the code to render the avatar and render it on the local machine) > but not save a copy? Assume that a client with no save feature > is not a viable option...too easy to work around. Yep. Even the "eyes only" setting in PGP is no good if the recipient is savvy enough to cut and paste the plaintext to the clipboard. -- Sincerely, AJ Barrett Product Analyst CheckFree Corporation: The Way Money Moves http://www.checkfree.com From reagle at rpcp.mit.edu Thu Dec 5 08:40:56 1996 From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.) Date: Thu, 5 Dec 1996 08:40:56 -0800 (PST) Subject: Bank Of America To Launch Internet Banking System 12/02/96 Message-ID: <9612051640.AA23802@rpcp.mit.edu> TOKYO, JAPAN, 1996 DEC 2 (NB) -- By Martyn Williams. Bank of America is due to offer its credit card customers the ability to perform basic account transactions via the Internet next year. The bank will be using a system currently under development by Hitachi Ltd. and Bank of America subsidiary Concorde Solutions, a Hitachi spokeswoman confirmed to Newsbytes today. "The new system will enable credit card transactions via the Internet," said Hitachi's Emi Takase. "Bank of America is aiming to market the system from August, 1997." Customers should be able to check credit card balances and account details, apply for credit limit increases, and many of the other actions that a telephone is currently used for. Concorde Solutions, a company 70 percent owned by Bank of America, will develop the application for users with Hitachi. It will run on top of the Japanese company's TP Broker system, an object request broker that was developed with Visigenic Software Inc. Launch customer for the system will be Concorde parent Bank of America, but plans are for the system to be marketed to other banks. "The product will be sold by both companies afterwards," said Takase. (19961202/Press contact: Emi Takase, Hitachi Ltd., +81-3-3258-2055, fax +81-3-3258-5480, e-mail emi at cm.head.hitachi.co.jp; Reported By Newsbytes News Network: http://www.newsbytes.com) -- C O P Y R I G H T * R E M I N D E R This article is Copyright 1996 by Newsbytes News Network. All articles in the clari.* news hierarchy are Copyrighted and licensed to ClariNet Communications Corp. for distribution. Except for articles in the biz.clarinet.sample newsgroup, only paid subscribers may access these articles. Any unauthorized access, reproduction or transmission is strictly prohibited. We offer a reward to the person who first provides us with information that helps stop those who distribute or receive our news feeds without authorization. Please send reports to reward at clari.net. [Use info at clari.net for sales or other inquiries.] Details on use of ClariNet material and other info can be found in the user documentation section of our web page: . You can also read ClariNet news from your Web browser. From Ryan.Russell at sybase.com Thu Dec 5 08:47:16 1996 From: Ryan.Russell at sybase.com (Ryan Russell/SYBASE) Date: Thu, 5 Dec 1996 08:47:16 -0800 (PST) Subject: [crypto] Avatar Protection? Message-ID: <9612051646.AA15568@notesgw2.sybase.com> Even with a custom client, I suppose there's always a chance of pulling things out of RAM. How about a slightly different question: Is there a way to sign it such that it wouldn't work if the signature was removed, so there would be no question of who created it? I suppose this is analogous to: Is there a way to sign plaintext such that the plaintext can't be seen without the signature attached? I suppose not.. Is there a way to embed the signature as part of the code so it can't be removed? Ryan ---------- Previous Message ---------- To: Ryan.Russell cc: cypherpunks From: deviant @ pooh-corner.com (The Deviant) @ smtp Date: 12/05/96 04:24:15 AM Subject: Re: [crypto] Avatar Protection? -----BEGIN PGP SIGNED MESSAGE----- On 4 Dec 1996, Ryan Russell/SYBASE wrote: > A graphic-designer friend of mine and I were talking > about VRML avatars, and custom design work, and > could he offer a service designing them etc... > > His worry is that since everyone in the same virtual > environment as his customer would see the designer > avatar, wouldn't they also be able to easily rip off > his work? (or his customer's property, take your pick.) > > I wasn't sure...it seems to me that I read something vaguely > along these lines for a cryptography protocol of some sort.. > The problem is this: Is there a way for a user to "view" the client's > avatar (and in this sense, the user usually has to receive a copy > of the code to render the avatar and render it on the local machine) > but not save a copy? Assume that a client with no save feature > is not a viable option...too easy to work around. Well, its concievable to write your own client, and make the code such that it only works with that client... I know, it kindof sucks, doesn't it? > > I suppose an analogy would be: Is there a way for a person to > see the plaintext, but not record it? I think that question really > answers itself - no. How about alternatives? If the server > of the environment only renders "views" (say, certain angles, or > a bitmap) of the avatar, rather than sending the description file? > > Any other thoughts? > > Ryan > --Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 "First things first -- but not necessarily in that order" -- The Doctor, "Doctor Who" -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMqZOczCdEh3oIPAVAQHEAwf+IZ4KzMjcmb8t/HTMBvp83ChZ0VLS6xa3 +OwtpvkVGnuD4AJ+ayvDS10u4oAx78OillYDPolz6Gpnv0L+KDseo0sz7Yhgvepp HwUw4UqMDBu9BMfkITFs6IS773EIgC8JmIf8/u6xEH/tvUjl44RQlgX+YE1Ybhvq cGo3dF60fdiYzmoYvYESrMo9ldr97bImSjUE46bd4ZrtHjVTqDB75r9Uhb38SPWD SdEi6rdC4sX1dY9zdJHIruhIM5BBpZcHX9Vo8cOSvzZY1s7rHXVQgb34rIcUcx7T 2GJTeJsTS2boi9O0urkKW8FIZtq82AnBk5WsavRtEIw0O5pC0jhR2g== =aWWo -----END PGP SIGNATURE----- From proff at suburbia.net Thu Dec 5 08:48:14 1996 From: proff at suburbia.net (Julian Assange) Date: Thu, 5 Dec 1996 08:48:14 -0800 (PST) Subject: No Subject Message-ID: <199612051647.DAA09954@suburbia.net> >From smtpd Fri Dec 6 03:03:59 1996 Return-Path: Received: (from smtpd at localhost) by suburbia.net (8.8.3/8.8.2) id DAA08167 for ; Fri, 6 Dec 1996 03:03:59 +1100 (EST) Received: from presence.lglobal.com(207.107.12.2) via SMTP by suburbia.net, id smtpd008159; Thu Dec 5 16:03:41 1996 Received: (from majordom at localhost) by presence.lglobal.com (8.6.12/8.6.12) id PAA02103 for foreignc-outgoing; Thu, 5 Dec 1996 15:43:37 GMT Received: from presence.lglobal.com (jessepub at presence.lglobal.com [207.107.12.2]) by presence.lglobal.com (8.6.12/8.6.12) with SMTP id KAA02097 for ; Thu, 5 Dec 1996 10:43:34 -0500 Date: Thu, 5 Dec 1996 15:43:33 +0000 (GMT) From: Local GlobalPublishing To: foreignc at lglobal.com Subject: ForeignCorrespondent REVENGE OF HER MAJESTY'S SPOOKS Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Precedence: bulk Reply-To: emargolis at lglobal.com Sender: proff Foreign Correspondent Inside Track On World News By International Syndicated Columnist & Broadcaster Eric Margolis ,,ggddY"""Ybbgg,, ,agd888b,_ "Y8, ___`""Ybga, ,gdP""88888888baa,.""8b "888g, ,dP" ]888888888P' "Y `888Yb, ,dP" ,88888888P" db, "8P""Yb, ,8" ,888888888b, d8888a "8, ,8' d88888888888,88P"' a, `8, ,8' 88888888888888PP" "" `8, d' I88888888888P" `b 8 `8"88P""Y8P' 8 8 Y 8[ _ " 8 8 "Y8d8b "Y a 8 8 `""8d, __ 8 Y, `"8bd888b, ,P `8, ,d8888888baaa ,8' `8, 888888888888' ,8' `8a "8888888888I a8' `Yba `Y8888888P' adP' "Yba `888888P' adY" `"Yba, d8888P" ,adP"' `"Y8baa, ,d888P,ad8P"' ``""YYba8888P""'' REVENGE OF HER MAJESTY'S SPOOKS by Eric Margolis 5 Dec 1996 Comrade-in-Chief Leonid Ilyich Brezhnev banged his fist onto a solid oak table, knocking over bottles of Armenian mineral water and vodka, and bellowed at the ashen-faced chiefs of the Soviet aircraft industry: `The Motherland's honor is a stake. Beat the Concorde! Or you will all be designing coal mines cars in Siberia!' Such is the story I'm told by someone who was there. I'm recalling these events now because a group of US aircraft companies and NASA have partnered with Russia's Tupelov aircraft firm to take the old TU-144 supersonic transports out of mothballs and fly 32 test flights. My advice to the eager US aviation people is: watch the tests from the ground. Here's why: In the late 1950's and early 1960's, the Soviets were boasting they would shortly overtake America's capitalist technology. Soviet propaganda dismissed France as a nation of foppish boulevardiers, and Britain as a degenerate, toothless old lion. The `degenerate' British and French stunned and mortified Moscow by announcing development of a supersonic jet transport, made with European technology. The outcome of this project was the exquisite, technologically superb Concorde, which continues today to fly passengers at twice the speed of sound. The Kremlin ordered a crash program to develop a Soviet supersonic transport, or SST, no matter the cost. The famous Tupelov design bureau was selected to develop the plane, by `storming,' if necessary, 24-hours a day, until completion. Unfortunatly, Tupelov designers couldn't develop a workable design in the short time given them by the Kremlin. So KGB was ordered to steal the blueprints of the Concorde. A score of KGB agents were dispatched to England and France in a highly complex and expensive mission designed to infiltrate plants where the Concorde was being built. Such military-industrial spying is often used by nations trying to save time, money, or both. Agents of Israel's Mossad, for example, managed to steal the complete blueprints of the French Mirage III fighter after Paris refused to supply them to Israel. Now comes the fun part- as told to me by the late, distinguished RAF commander, Air Marshall Menaul. British counter-intelligence, MI5, according to Menaul, learned of the Soviet penetration and identified many of the agents whose haste, and deviation from KGB standard operating procedures, made them sloppy. The wicked British got their top aviation engineers to doctor a set of Concorde plans - so that the aircraft's center of gravity was too far aft, making it dangerously unstable, particularly at low speeds. The bogus drawings were left where they could be purloined by the KGB. A few days later, the tainted plans were in Moscow. On Dec 31, 1968, the TU-144 - instantly dubbed `Conkordski'- made its maiden flight - a few days before the Concorde's inaugural flight. Chairman Brezhnev was ecstatic. In 1973, the Soviets triumphantly sent their TU-144 to the Paris Air Show. There,. before the world's eyes, the `Conkordski' went out of control and crashed. The horrified Soviets became the butt of international ridicule. Another TU-144 crashed outside Moscow in 1978. From 'pride of Soviet aviation,' the poor TU-144 soon was called, `the supersonic coffin.' A few were put into Moscow-Tashkent service, first flying terrified passengers, then just mail. The `Conkordski' were taken out of service in 1978 after the second spectacular accident. I'm sure many toasts were drunken that night in London at MI5 headquarters. The new TU-144 flights are being conducted with the Americans to develop a future, 300-passenger SST. Tupelov has refurbished some of the aircraft, but I'm uncertain if the basic design flaw introduced by Her Majesty's spooks has been corrected. Probably not, leaving the Conkordski lethally wobbly. Such is the revenge of British intelligence, served up cold and lethal - as the best revenge always is. copyright eric margolis 1996 ***************************************************************** ***************************************************************** --------------------------------------------------------------- To receive Foreign Correspondent via email send a note to Majordomo at lglobal.com with the message in the body: subscribe foreignc To get off the list, send to the same address but write: unsubscribe foreignc WWW: www.bigeye.com/foreignc.htm For Syndication Information please contact: Email: emargolis at lglobal.com FAX: (416) 960-4803 Smail: Eric Margolis c/o Editorial Department The Toronto Sun 333 King St. East Toronto Ontario Canada M5A 3X5 --------------------------------------------------------------- From leeelder at flash.net Thu Dec 5 09:10:16 1996 From: leeelder at flash.net (Lee Elder) Date: Thu, 5 Dec 1996 09:10:16 -0800 (PST) Subject: I would like to get on the mailing list Message-ID: <32A702B3.459@flash.net> I don't know anything about this subject but I do know it's a must because of what's happening in the country. From pyro-teknik at mail.geocities.com Thu Dec 5 09:36:55 1996 From: pyro-teknik at mail.geocities.com (Pyro Teknik) Date: Thu, 5 Dec 1996 09:36:55 -0800 (PST) Subject: Travelling With Laptops/PGP Message-ID: <199612051730.JAA17379@geocities.com> > Problem: > > I will be spending a couple of months chilling out in Barcelona, Spain. > I will have a local Internet account/dial-up in that city, and will use > it to telnet into my various US-based accounts. This is how I plan to > keep in touch with various people while I am gone. > > Questions: > > 1 - Is the importation of two laptops and it's various peripheral devices > by a US citizen into Spain going to be a problem? I know it is in some > European countries. > > 2 - Will having PGP 2.6.2, with 2048-bit keys, or any key length for this > matter, installed on these two machines, cause a problem? > > Would this be a viable workaround? Or should I just say fuck it, and just > disavow myself of any reason/need for PGP for the duration of my stay? If > this is gonna be a problem, I'll just forego anything requiring > encryption while I am in Spain. I walked straight through British, Dutch and Maltese Customs at the respective airports and they didn't even ask what was in the bag, let alone what software. I had PGP and a huge keyring stored on my hard drive and they were known the wiser. > I have no interest in smuggling crypto in, or defying international law > just to use PGP for personal use. If it's not allowed, I simply won't use > it. But, I MUST be able to bring my laptops into the country. That HAS to > happen. I'd suggest to lugging them through as hand luggage. If you are worred, zip up pgp and so on with a password - if customs do check, they aren't gonna waste breaking the zip password (even though it can be done quickly) Also, I think the law may different, as you are an American Citizen using your own equipment... [*]-------------------------------------------[*]----------------[*] [*] Pyro Teknik - [*] Linux Guru [*] [*] www.geocities.com/SunsetStrip/Alley/7705/ [*] Phone Phreaker [*] [*]-------------------------------------------[*]----------------[*] From 72124.3234 at compuserve.com Thu Dec 5 10:26:29 1996 From: 72124.3234 at compuserve.com (Kent Briggs) Date: Thu, 5 Dec 1996 10:26:29 -0800 (PST) Subject: Codebreakers on the shelves! In-Reply-To: <3.0.1.32.19961204090346.010a4898@mail.teleport.com> Message-ID: <32A71484.6C15@compuserve.com> Alan Olsen wrote: > > Warning: The book is $65.00 hardbound! (It is also *NOT* a small book. > It is large. About 2000 pages by my guess. 1181 actually, not including the table of contents and preface. Kent From vipul at pobox.com Thu Dec 5 11:02:09 1996 From: vipul at pobox.com (Vipul Ved Prakash) Date: Thu, 5 Dec 1996 11:02:09 -0800 (PST) Subject: HP Message-ID: <199612060036.AAA00456@fountainhead.net> > HP UNVEILS NEW CRYPTO CONTROL FRAMEWORK > > Hewlett-Packard announced a new framework technology designed to let > governments enable and disable strong cryptography products. The > framework is independent of the method used in a given product. The > heart of the system is a small, tamper-resistant module with the > cryptographic algorithms that remain dormant until activated. A policy > activation token (basically some key bits) can be used to choose > between the various crypto algorithms stored on the module. The HP > press release makes this sound like the greatest thing since public > key encryption, but in reality it appears to be just another attempt > to insert government control into private data exchanges. Look for > legislative attempts to make this technology mandatory on all > encryption products. Technology details are at the site. > > > > > NETSURFER DIGEST (c)1996 Netsurfer Communications, Inc. > All rights reserved. > > NETSURFER DIGEST is a trademark of Netsurfer Communications, Inc. > -- Vipul Ved Prakash | - Electronic Security & Crypto vipul at pobox.com | - Internet & Intranets 91 11 2233328 | - Web Development & PERL 198 Madhuban IP Extension | - Linux & Open Systems Delhi, INDIA 110 092 | - (Networked) Multimedia From attila at primenet.com Thu Dec 5 11:13:38 1996 From: attila at primenet.com (attila at primenet.com) Date: Thu, 5 Dec 1996 11:13:38 -0800 (PST) Subject: Logos -vs- Vulis In-Reply-To: <32A67717.1E5D@gte.net> Message-ID: <199612051913.MAA29639@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- In <32A67717.1E5D at gte.net>, on 12/04/96 at 11:17 PM, Dale Thorn said: ::I understand that you don't want to nit-pick *every* bit of every post, ::however, once you do decide to pick on somebody, surely you could point ::to the specific fallacies, rather than wring your hands and gnash your ::teeth as you did in the long note to the Great Expelled One. :: hey, logos wants to perform a service. however, let's keep the wailing, weeping, and gnashing of teeth on the sidelines with direct mail to the group involved instead of cluttering the list with yet more noise (like this waste of time). ::Don't think I don't know what's going on here. I got permanently ::expelled from two schools as a youth, to name just two examples from my ::illustrious career, yet after learning how to play the game, I probably ::am doing much better than most of the drones who completed their studies ::and kept their mouths shut. My life is continually interesting, and I ::wouldn't think of trading it for the neurotic, control-freak-mentality ::lifestyle certain folks around here "enjoy". :: you're not unusual, in the first place since many high performers just were not willing to waste time in a slow paced and probably parochial (not religion connotation) school. as for a the attitude, Dale has carried right on without taking a break. as for being less wired and neurotic, I doubt it --Dale's into big time, including picking on anyone who he deems inferior and or maybe even "Children of a Lesser god." ::I'm sure (if you know crypto topics) you realize that in creating a ::crypto solution, there's no substitute for rigorous attention to detail. ::I'm not opposed to paying some attention to decorum, but logic comes ::first, otherwise, you won't have a leg to stand on. :: and to prove your own point --but not in your favour: since when did logic preclude decorum. that's sort of follows the rule: "profanity is the refuge of inarticulate motherfuckers." when you blow you own logic by being profanely indecorus. And I'll say it again, and again: if the residents of cypherpunk land can not express themselves with respect for their colleages, even in disagreement, then cp is a has been and will be quoted in ridicule by the news organizations and the Congress as an anarchistic bunch of uncivilized and uncouth barbarians screaming "cryptography and anarchy for the masses." Is that what you want? -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMqcc3L04kQrCC2kFAQHObQP/X6CJaH21BMssKXNXWFaAhR24Vs/aqtp4 W/a/QUC8Us5EBTUmdAW7DZo241DJJE0y/eNI3DQHspVBwfXTmJIEDX4cluoe9aP4 wdQNw2U+y/TNP1bWiOvincOEaevwwS/v55uaCyUHBMmZZo8y8Xi8Zyac8fzBvpkX ggzsnDTtjqU= =Re0l -----END PGP SIGNATURE----- From nobody at cypherpunks.ca Thu Dec 5 11:27:22 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Thu, 5 Dec 1996 11:27:22 -0800 (PST) Subject: Dimitri IS Detweiler Message-ID: <199612051916.LAA20806@abraham.cs.berkeley.edu> Dimitri Vulis wrote: | He he he what is sauce for the goose is sauce for the gander blah blah ^^^^^^^^ | blah intellectual dishonesty blah blah blah typical logorrhetic "cypher | punk" can't spell his own nym politely. There we have it! PROOF that Dimitri is a tentacle of Detweiler. Own up Dimitri! (sorry for the previous accusation Dale) From alan at ctrl-alt-del.com Thu Dec 5 11:52:49 1996 From: alan at ctrl-alt-del.com (Alan Olsen) Date: Thu, 5 Dec 1996 11:52:49 -0800 (PST) Subject: Laptops and TEMPEST Message-ID: <3.0.1.32.19961205114746.011fbf84@mail.teleport.com> -----BEGIN PGP SIGNED MESSAGE----- At 01:44 AM 12/5/96 -0800, stewarts at ix.netcom.com wrote: >Take a basic television with big rabbit-ear antennas. >Tune to the football game on Channel 6. >Take your AT&T Globalyst 250P (which is a gray NEC Versa with a Death Star), >with the 16-million-color 640x480 screen in 65536-color mode, >and pop up a DOS command window in white-on-black. >Type a few lines of text, then look at the TV. > >The sync wasn't quite right, but there were about three copies of >my DOS window. It may have been scrolling slowly vertically or horizontally, >but it was relatively readable given the lack of resolution of the screen. >A good receiver run by a Bad Guy ought to be able to set its scan rates >correctly to pick up the screen at better resolution. >There are obviously more variables to be explored, but other people >who were present at the time considered the football game to be >more important :-) Wow! I am amazed the FCC has not come down hard on AT&T for something that noisy. (I have run my system with an open case and never gotten interference that bad.) Or maybe it is a plot to keep an eye on Matt Blaze. ("Here... Have this free company laptop!") Now the truly paranoia will not only cover their heads with tinfoil, they will cover their laptops as well. But seriously, it does not sound good. I know there is specialized equiptment used by ham radio operators to locate leakage of radio frequencies. Maybe someone could use it to find who the worst offenders are and how bad the problem is. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMqb8n+QCP3v30CeZAQEe5gf/WWxP6BSq17o9OPUXu2bu4DNPldb42CpB 2QHFs2N3VKymiOa1wQH7E4XyeKZzsZQdt8d6fpl12t+jMS9XqMi+2uaQNQ9IeMDG UVAc04La/MTVCeL+SkxZUfHSp618cB/QNRT9l7MpcplfCmnhODNx06i9De7MDfnc 4zSRLMZ0mXzoOl0tKunRGSGKDVn5Yh/3Lxdk2KwR3ITUrhiENowEvBaLithv5jYG GXdUzQwoMfEZ+rHhHJuXB0TQT4KtyrsnpNLrkH2h16j2kIp9fO05+mh9Ef2UYWgo TeIiHal3BjZ537hmF2JpUd7ShJYhooDrKOHRXAoaMhg5ny87FTtq4g== =Las6 -----END PGP SIGNATURE----- --- | "Spam is the Devil's toothpaste!" - stuart at teleport.com | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.ctrl-alt-del.com/~alan/ |alan at ctrl-alt-del.com| From nelson at media.mit.edu Thu Dec 5 12:29:47 1996 From: nelson at media.mit.edu (Nelson Minar) Date: Thu, 5 Dec 1996 12:29:47 -0800 (PST) Subject: [crypto] Avatar Protection? In-Reply-To: <9612050108.AA07734@notesgw2.sybase.com> Message-ID: >Is there a way for a user to "view" the client's avatar (and in this >sense, the user usually has to receive a copy of the code to render >the avatar and render it on the local machine) but not save a copy? Ah, the age-old question. This is the same question as "is there a way for me to show a web page to someone and not let them copy it?", "is there a way I can loan someone my CD and not let them copy it?", etc. If you have control of the viewer, the answer is trivially yes. If you don't, then it's not. Digital watermarks / fingerprints are one alternative - if someone steals it, you can at least prove whom it was stolen from. Or you might be able to exploit some of the structure of VRML to show people an avatar but not ever reveal the *whole* thing for copying. But in general, this sort of problem seems to demand a social solution (intellectual property law), not technical. ObLogos: all things are true From ckuethe at gpu.srv.ualberta.ca Thu Dec 5 13:03:32 1996 From: ckuethe at gpu.srv.ualberta.ca (C. Kuethe) Date: Thu, 5 Dec 1996 13:03:32 -0800 (PST) Subject: Laptops and TEMPEST In-Reply-To: <1.5.4.32.19961205094443.003ac018@popd.ix.netcom.com> Message-ID: On Thu, 5 Dec 1996 stewarts at ix.netcom.com wrote: > don't emit enough radiation for Bad Guys to read it. CRTs are well known > as emitters of easily decoded signal, but people have occasionally suggested > on this list that laptop LCD screens are much quieter. I now have a data > point on this one, and basically, it ain't so. > > Take a basic television with big rabbit-ear antennas. > Tune to the football game on Channel 6. > Take your AT&T Globalyst 250P (which is a gray NEC Versa with a Death Star), > with the 16-million-color 640x480 screen in 65536-color mode, > and pop up a DOS command window in white-on-black. > Type a few lines of text, then look at the TV. [snip] Here's some more about that. I use both the Texas Instruments ti85 and Hewlett Packard HP48 graphics calculators. I was playing tetris on my ti85 one day and had the radio on. every now and then this funny noise would come out of my radio. After a while I noticed it was sync'ed with a keypress on my calc. So I tried some experiments, and I found that doing just about anything would emit a detectable signal. Keep in mind that I was using a cheap radio, tuned to a 100kW radio stn and still could tune in a calc. I tried indiviual keystrokes.........yup individual pixel changes.....yup idling.......................yup printing to screen...........yup "For" loop...................yup NOP's........................yup and they all sound different. My favorite was the for loop.... sounds like a diesel engine. Maybe that's why my calc is running so slow. it's only going at 1500 RPM (revolutions per minute) The hamster inside must be getting tired. I guess that's why there's that crap like this that's printed in the manual of everything electronic... This equipment generates and uses radio frequency energy may interfere with radio and television reception. This device complies with the limits for a class B computing device as specified in part 15 of the FCC Rules for radio frequency emission and SIGINT operations pursuant to the interests of national security and inter-departmental funnies and scandals. In the unlikely event that there is no interference, please call your local spook-funded telco and the will be more than happy to remedy this situation. I think it was "Lucky Green" whose friend saw the little TEMPEST demo. Perhaps this friend might care to elaborate on this issue. I almost wonder if there is some kind of order from on high (NSA, [A-Za-z0-0]1,5) <--regexp to include other agencies like CSIS, MI5, Mafia, etc... -- to make "leaky" computers. So now we have to have thermite wired onto our HD's and Noise generators on the board. :) ICK. -- Chris Kuethe LPGV Electronics and Controls http://www.ualberta.ca/~ckuethe/ RSA in 2 lines of PERL lives at http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0 --- begin forwarded text Date: Thu, 5 Dec 1996 15:38:01 -0500 (EST) From: Rich Lethin To: dcsb at ai.mit.edu Subject: New DCSB list for announcements Sender: bounce-dcsb at ai.mit.edu Precedence: bulk Reply-To: Rich Lethin By request, I've created a new DCSB mailing list, dcsb-announce at ai.mit.edu which will be for DCSB-related announcements, only. The ability to post to the list will be restricted by Majordomo. Subscriptions are for folks who can't/don't/won't paw through the talk on the normal DCSB mailing list and digest, but would like to hear about upcoming lunches. Because the lunch announcements will be sent to both the dcsb-announce and dcsb lists, there's no need to be on both. To subscribe, send an email To: dcsb-announce-request at ai.mit.edu Subject: irrelevant subscribe Rich ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To unsubscribe from this list, send a letter to: Majordomo at ai.mit.edu In the body of the message, write: unsubscribe dcsb Or, to subscribe, write: subscribe dcsb If you have questions, write to me at Owner-DCSB at ai.mit.edu --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/ From tcmay at got.net Thu Dec 5 14:12:33 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 5 Dec 1996 14:12:33 -0800 (PST) Subject: Laptops, TEMPEST, chewing gum, and baling wire In-Reply-To: <3.0.1.32.19961205114746.011fbf84@mail.teleport.com> Message-ID: At 11:52 AM -0800 12/5/96, Alan Olsen wrote: >Now the truly paranoia will not only cover their heads with tinfoil, they >will cover their laptops as well. Just be careful to remove the tinfoil prior to leaving the country. As you know, tinfoil is an ITAR-controlled item. (Pending the outcome of a court case, where a physics professor is challenging the ITARs on the grounds that using aluminum or tin foil in his physics lectures may subject him to imprisonment. That rolls of aluminum foil are commonly available in supermarkets throughout the country--and even at foreign sites!--does not mean the ITARs will not be enforced.) The traditional "personal use exemption," such as for the tin foil contained in chewing gum wrappers, is causing alarm in the Administration, as NSA researchers have discovered that some users are gluing together many gum wrappers to make RF shields. "We have notified Wrigley's Gum Company that their wrappers may constitute illegal "hooks" and may violate the ITARs even if any single wrapper is too small to be useful." The Administration is working with industry to relax export controls on tinfoil and other shielding substances. H-P and Intel have announced a solution the Administration may find acceptable: exports of shielded laptops would be allowed if special keystroke capture programs are installed. As Special Crytography Envoy David Aaron puts it, "This is for the protection of the consumer, not for use by the government." (When pressed to explain this, Ambassador Aaron admitted it made no sense to him either, but that he was just following orders. He also acknowledged that the Administration's policy appears to be held together by baling wire and chewing gum, so the Administration has a special interest in the wrapper issue.) --Klaus! von Future Prime -- [This Bible excerpt awaiting review under the U.S. Communications Decency Act of 1996] And then Lot said, "I have some mighty fine young virgin daughters. Why don't you boys just come on in and fuck them right here in my house - I'll just watch!"....Later, up in the mountains, the younger daughter said: "Dad's getting old. I say we should fuck him before he's too old to fuck." So the two daughters got him drunk and screwed him all that night. Sure enough, Dad got them pregnant, and had an incestuous bastard son....Onan really hated the idea of doing his brother's wife and getting her pregnant while his brother got all the credit, so he pulled out before he came....Remember, it's not a good idea to have sex with your sister, your brother, your parents, your pet dog, or the farm animals, unless of course God tells you to. [excerpts from the Old Testament, Modern Vernacular Translation, TCM, 1996] From tcmay at got.net Thu Dec 5 14:18:36 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 5 Dec 1996 14:18:36 -0800 (PST) Subject: Laptops and TEMPEST In-Reply-To: <1.5.4.32.19961205094443.003ac018@popd.ix.netcom.com> Message-ID: At 2:03 PM -0700 12/5/96, C. Kuethe wrote: >Here's some more about that. I use both the Texas Instruments ti85 and >Hewlett Packard HP48 graphics calculators. I was playing tetris on my ti85 >one day and had the radio on. every now and then this funny noise would >come out of my radio. After a while I noticed it was sync'ed with a >keypress on my calc. So I tried some experiments, and I found that doing >just about anything would emit a detectable signal. Keep in mind that I was >using a cheap radio, tuned to a 100kW radio stn and still could tune in a >calc. I tried ... >and they all sound different. My favorite was the for loop.... sounds like >a diesel engine. Maybe that's why my calc is running so slow. it's only ... Back in the Olden Days, we used to use these signals as sound output for our computers. For example, on my Sol 20 computer (bought and soldered together in 1978, in case anyone's interested). There were various BASIC programs that ran various loops, thus generating crude tones on nearby radios. And the games that were available had routines which used radios as crude sound devices. (None of which could hold a candle to my 1968 "amateur transmitters": neon sign transformers, sending Morse code to my friend a mile or so away...it was detectable on all AM bands! I never got a visit from the FCC, but I only "transmitted" a few times.) --Tim Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From joelm at eskimo.com Thu Dec 5 14:19:50 1996 From: joelm at eskimo.com (Joel McNamara) Date: Thu, 5 Dec 1996 14:19:50 -0800 (PST) Subject: Laptops and TEMPEST Message-ID: <3.0.32.19961205141815.007404a8@mail.eskimo.com> Thinking that LCD screens reduce the risks of emanation monitoring is a dangerous misconception (at least under a high threat model). LCDs' current requirements are pretty small, and they only emanate a low magentic and electrical field. However, the gotcha with current laptops is their backlighting. Electric and magnetic fields are considerably higher compared with a low-res/contrast device. There are documents that circulate within certain security circles that list just how noisy (and therefore easy to monitor) various off-the-shelf machines are. It would be an interesting project for some ham radio type Cypherpunks to measure their machines, and publish the results. Or, for some well connected person just to scan and anonymously post such a document to the list. Of course, I'd never encourage anyone to do something illegal. Joel From tcmay at got.net Thu Dec 5 14:25:47 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 5 Dec 1996 14:25:47 -0800 (PST) Subject: [crypto] Avatar Protection? In-Reply-To: <9612050108.AA07734@notesgw2.sybase.com> Message-ID: At 3:32 PM -0500 12/5/96, Nelson Minar wrote: >Ah, the age-old question. This is the same question as "is there a way >for me to show a web page to someone and not let them copy it?", "is >there a way I can loan someone my CD and not let them copy it?", etc. >If you have control of the viewer, the answer is trivially yes. If you >don't, then it's not. > >Digital watermarks / fingerprints are one alternative - if someone >steals it, you can at least prove whom it was stolen from. Or you ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >might be able to exploit some of the structure of VRML to show people >an avatar but not ever reveal the *whole* thing for copying. But in >general, this sort of problem seems to demand a social solution >(intellectual property law), not technical. Yes, you can perhaps show whom it was stolen _from_, i.e., the creator, but not _who_ stole it. Even in the case where each end recipient receives a uniquely watermarked or marked image, e.g., where N different instances of the work are instantiated, there are ways to obscure the source of the theft (or leak, when one is using such techniques to detect leaks of confidential information, a la the famous "canary traps"). To whit, M recipients of the work can compare their copies and remove or modify the bits which don't match up. This then yields only a "collusion set" the original creator can narrow things down to. Enough to cast doubt on the M recipients, but probably not enough to "probabalistically convict" them of a crime, unless the crime is "conspiracy." An interesting question. As Nelson notes, not something with easy technical solutions. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From blancw at microsoft.com Thu Dec 5 16:20:36 1996 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 5 Dec 1996 16:20:36 -0800 (PST) Subject: Silence is not assent (re the Vulis nonsense) Message-ID: From: Dale Thorn ... I believe that my idea above [asking John Gilmore to speak up, and if he doesn't, say to the list that he has declined to do so] is still a great idea (if the subscribers are not afraid of confrontation), as it would tend to force the issue more into the open. I don't know what you mean by "forcing the issue more into the open". Do you mean the issue of John' s not replying, or of censorship per se? If you mean "forcing the issue of John not defending himself on the list", I don't see where the issue needs to be forced. John has rarely posted to the list since it started, and typically only announcements of events or crypto papers/conferences, etc.; he does not engage in the discussions at all. I personally have no argument with his decision over when he posts or what he cares to post about, or how much or how little. My own interest in the list has nothing to do with whether the list owner is moved to defend himself or not. I'm free to roam at will, read or delete, post or unsubscribe, publicly and loudly or privately & quietly. I don't feel constrained in any way, shape or form to stay or go or speak or stay quiet. I make all my own decisions about this and John never knows nor, I expect, suffers any concern over it. And vice-versa. I (and apparently many others) do not feel the need to discuss John's decisions. I, and others, are not bound, like geese flying in formation, to follow his lead, nor are we going to fall apart at a loss for direction if he fails to "show up". You mention what "others had overlooked". How about this: Tim May sent a message the other day stating (in essence) that the whole "censorship" thing was pretty much a size (rather than content) problem. I posted that notion twice, and there has been *no* discussion of it, as far as I know. Too bad Tim didn't post that at the beginning of the affair, since everyone apparently reads *his* mail. What I meant by what "others had overlooked" was in regard of the content of posted messages which I have read, not in regard of *which* poster's messages are overlooked/not read by others. Tim can have whatever opinion he likes about censorship or size or content, and none of us are under any obligation to either agree or disagree with him. On a libertarian/anarcho-capitalistic list like this, the individuals who have elected to join and lurk or post are not expected to do anything but follow their interest. There are more than 1200 subscribers to the list; if each and everyone of them had decided they had something to say to each other about the concept of the rights of the person whose computer these messages are all flowing through, that would have been their fortunate privilege to do, as no one has put any limit to the number of messages allowed, from any one, during any particular period of time. (Of course they would all be expecting not only that their particular message would be read, but that everyone would absorb their wisdom, right. Not!) >Frankly, most of the long-time members of the list would not need any > such statements of defense from John in order to appreciate the nature > of the circumstance and the reasoning for his symbolic 'censorship'. I apologize in advance for this one, but I honestly think that statement says more about acceptance of the Iron Boot principle than it says about what really happened. I for one am not an insider in any of the various cliques that surround this list, so perhaps I missed something that would explain it better to me. I suppose you are referring to an unspoken understanding, but again, and for future reference, you might want to consider the non-long-time members and speak the unspoken, as it were. What really happened is that, upon weighing the relative merits of John's action vs Vulis' contributions, what John did was seen as more of a benefit than a detriment, and this dimmed any arguments which might have been raised against it. It's not like everyone was clammoring for the privilege of reading what Vulis had to say or there aren't any other avenues to getting his literary works. The "unspoken" understanding on the list is that it was started by a couple of guys who happen to be very libertarian/cryptoanarchist in their philosophy of life (not simply as it applies to cryptography, but rather as cryptography relates to that philosophy). I put "unspoken" in quotes because there have been no end of discussion and comments and replies and retorts and flames on this very subject in the past years since I've been on the list (Oct '93, and it is actually what attracted me to subscribing), so it has hardly gone unmentioned and to many is no surprise, although is often difficult to for them to see or agree with. I recommend that you go through the archives and do a little light reading. Your mind will soon be saturated with the flavor of the underlying theme, and you will Understand. .. Blanc From apf at ma.ultranet.com Thu Dec 5 16:25:04 1996 From: apf at ma.ultranet.com (Andrew Fairbanks) Date: Thu, 5 Dec 1996 16:25:04 -0800 (PST) Subject: (no subject) Message-ID: <199612060024.TAA01172@cinna.ultra.net> unsuscribe cypherpunks From nobody at cypherpunks.ca Thu Dec 5 16:42:38 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Thu, 5 Dec 1996 16:42:38 -0800 (PST) Subject: PGP 5.0?? In-Reply-To: Message-ID: <199612060032.QAA29008@abraham.cs.berkeley.edu> William Knowles writes: > Ares GodOfWar writes: > > Telnet to: all.net > > login: your name > Password: guest > > Good Luck! Wrong! You must telnet to all.net, but the correct logname is "getpgp" with no password. It will ask you some questions (like are you a US citizen), and then give you an export-controlled ftp directory to go to. As far as I know, however, PGP 5.0 is still in beta test, though you can get a snapshot from there (in source form only). They also have source and binaries for the latest released version of PGP 3. Does anyone know what happened to PGP 4, BTW? Is that version number just being skipped because it was used by Viacrypt or something? From alan at ctrl-alt-del.com Thu Dec 5 16:55:43 1996 From: alan at ctrl-alt-del.com (Alan Olsen) Date: Thu, 5 Dec 1996 16:55:43 -0800 (PST) Subject: Laptops, TEMPEST, chewing gum, and baling wire Message-ID: <3.0.1.32.19961205165527.01136a74@mail.teleport.com> At 02:18 PM 12/5/96 -0800, Timothy C. May wrote: >At 11:52 AM -0800 12/5/96, Alan Olsen wrote: > >>Now the truly paranoia will not only cover their heads with tinfoil, they >>will cover their laptops as well. > >Just be careful to remove the tinfoil prior to leaving the country. As you >know, tinfoil is an ITAR-controlled item. "Curses! Foiled again!" --- | "Spam is the Devil's toothpaste!" - stuart at teleport.com | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.ctrl-alt-del.com/~alan/ |alan at ctrl-alt-del.com| From Mullen.Patrick at mail.ndhm.gtegsc.com Thu Dec 5 17:01:03 1996 From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick) Date: Thu, 5 Dec 1996 17:01:03 -0800 (PST) Subject: [crypto] Avatar Protection? Message-ID: _______________________________________________________________________________ From: Nelson Minar on Thu, Dec 5, 1996 19:00 >Ah, the age-old question. This is the same question as "is there a way >for me to show a web page to someone and not let them copy it?", As a sidelight to this thread which has already strewn far from the [crypto] heading, it *is* possible to show a web page to someone w/out letting them copy it. Some guy in California, who touts the fact he has "every foul word known to man" on his site (to generate more hits) has (I believe developed/worked to help develop) a product which does so. I don't know how he does it, and I know there are ways around it through sniffing, etc., but when you do the trivial act of "View Source" in Netscape, a filtered version is displayed in the source window. While it's really not possible (AFAIK) to eliminate unwanted copying by a person who knows what they're doing, this works against people who don't (like most people). If anyone's interested, I *might* be able to find the URL somewhere. PM From dlv at bwalk.dm.com Thu Dec 5 17:11:39 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 5 Dec 1996 17:11:39 -0800 (PST) Subject: PGP in Russia In-Reply-To: Message-ID: harka at nycmetro.com writes: > Hi there, > > it's been asked before but I don't know the current answer: Is the use > of PGP legal in Russia? And if it's not, how are the chances of a > foreigner in Russia using it anyway to get away with it? Cryptography is outlawed in Russia (search the archives for my articles circa April '95). You can probably get away with using it anyway, but they just might make an example out of you. :-) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From mark at unicorn.com Thu Dec 5 17:18:05 1996 From: mark at unicorn.com (Mark Grant) Date: Thu, 5 Dec 1996 17:18:05 -0800 (PST) Subject: PGP Tools for Linux Message-ID: Hi, Now that I'm back in Europe I've been able to do some more work on Privtool (PGP-aware mail-reader for X11 on SunOS/Solaris, Linux and FreeBSD) and should be releasing version 0.86 once I've fixed the last segmentation fault (see my Web site for details of the latest changes). In the meantime I've finally got around to fixing one of the early PGP Tools versions that escaped to Europe so that it works on Linux (and probably FreeBSD). I'm just about to upload pgptools.linux.1.0.tar.gz to utopia.hacktic.nl and idea.sec.dsi.unimi.it, so it should be available there shortly. I'm not back on the list yet, so send any mail to this address. Mark |-----------------------------------------------------------------------| |Mark Grant M.A., U.L.C. EMAIL: mark at unicorn.com | |WWW: http://www.c2.org/~mark MAILBOT: bot at unicorn.com | |-----------------------------------------------------------------------| From Majordomo at c2.net Thu Dec 5 17:27:17 1996 From: Majordomo at c2.net (Majordomo at c2.net) Date: Thu, 5 Dec 1996 17:27:17 -0800 (PST) Subject: Welcome to cryptography Message-ID: <199612060127.RAA27322@blacklodge.c2.net> -- Welcome to the cryptography mailing list! Please save this message for future reference. Thank you. If you ever want to remove yourself from this mailing list, you can send mail to with the following command in the body of your email message: unsubscribe cryptography cypherpunks at toad.com Here's the general information for the list you've subscribed to, in case you don't already have it: [Last updated on: Mon Dec 2 19:23:19 1996] "Cryptography" is a low-noise mailing list devoted to cryptographic technology and its political impact. WHAT TOPICS ARE APPROPRIATE: "On topic" discussion includes technical aspects of cryptosystems, social repercussions of cryptosystems, and the politics of cryptography such as export controls or laws restricting cryptography. Discussions unrelated to cryptography are considered "off topic". Please try to keep your postings "on topic". In order to assure that the quality of postings to the mailing list remains high, repeated postings "off topic" may result in action being taken by the list moderators. MODERATION POLICY: In order to keep the signal to noise ratio high, the mailing list will be moderated during its initial weeks of operation. This will be changed if it appears that the list will remain on topic without moderation. TO POST: send mail with your message to cryptography at c2.net TO UNSUBSCRIBE: send mail to majordomo at c2.net with the line unsubscribe cryptography in the body of your mail. IMPORTANT -- PLEASE READ: Please note that sending requests to unsubscribe to the mailing list itself is considered highly antisocial. If the software running the mailing list is not working and you cannot reach the moderator, the users of the mailing list will be utterly unable to help you, so sending requests to the list will only succeed in annoying them. If all else fails, send mail to postmaster, NOT to the mailing list. If you think you may have trouble remembering how to unsubscribe, then save this message forever -- do not simply try asking the mailing list for help. From haystack at cow.net Thu Dec 5 17:28:34 1996 From: haystack at cow.net (Bovine Remailer) Date: Thu, 5 Dec 1996 17:28:34 -0800 (PST) Subject: No Subject Message-ID: <9612060114.AA15422@cow.net> At 3:28 PM 12/4/1996, Andrew Loewenstern wrote: >nobody writes: >> She is seen as "one of us" because she wrote a book on >> cryptography. As a consequence, she is seen as a traitor. >> I am not endorsing this view. > >She didn't just write a book on cryptography, but several books. She is also >the Chairperson (eek, PC titles...) of the CS department at Georgetown, a >very respectable institution, and has taught classes there on cryptology. She >has also done research on crytpographic access control to databases and other >stuff. So as far as being a cryptologist she is quite learned and should >deserve respect regardless of her political views. > >However, after reviewing the Skipjack algorithm (of course her being invited >to look at it was certainly due to her anti-strong-crypto-for-the-masses >views), she said something to the effect of "We looked at it over the weekend >and couldn't find anything wrong with it, so you should trust it." when she >knows damned well that you can't evaluate a cypher in three days. It is for >this that she no longer deserves respect as a cryptologist. She basically >cashed in her reputation-capital to help the U.S. Govt. dupe the American >people into buying Clipper. Fortunately, we didn't buy it. You make an excellent point. Didn't Denning claim that they just reviewed NSA's evaluation process? Regardless, the claim that SKIPJACK is therefore trustworthy is irresponsible. Sir Galahad From andrew_loewenstern at il.us.swissbank.com Thu Dec 5 17:30:25 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Thu, 5 Dec 1996 17:30:25 -0800 (PST) Subject: PGP 5.0?? In-Reply-To: Message-ID: <9612060130.AA01059@ch1d157nwk> someone writes: > Wrong! You must telnet to all.net, but the correct logname > is "getpgp" with no password. It will ask you some questions > (like are you a US citizen), and then give you an > export-controlled ftp directory to go to. > > As far as I know, however, PGP 5.0 is still in beta test, > though you can get a snapshot from there (in source form only). > They also have source and binaries for the latest released > version of PGP 3. what are you guys talking about??? AFAIK, the most current, released, version of PGP is 2.6.2. Version 3 is not finished and anything you may get your hands on is a prerelease version. PGP 4 and 5 simply don't exist! ...and isn't all.net the site of the Good Doctor Fred Cohen?? andrew From jimbell at pacifier.com Thu Dec 5 17:31:16 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 5 Dec 1996 17:31:16 -0800 (PST) Subject: Laptops and TEMPEST Message-ID: <199612060131.RAA19977@mail.pacifier.com> At 02:18 PM 12/5/96 -0800, Joel McNamara wrote: >Thinking that LCD screens reduce the risks of emanation monitoring is a >dangerous misconception (at least under a high threat model). I disagree that it's a "dangerous misconception" to believe that "LCD screens reduce the risks of emanation." While it might be correct to say that it would be dangerous to believe that they ELIMINATE the risks, LCD displays would make it exceedingly difficult to read the screen remotely. The main reason is that the LCD segments are activated in parallel, which means that the electronic noise associated with a particular row is a smeared product of each portion of the display. This is quite unlike CRT's, in which individual pixel information is completely (well, except for color) demultiplexed by time. > However, the gotcha with current laptops is their >backlighting. Electric and magnetic fields are considerably higher >compared with a low-res/contrast device. What does the backlighting have to do with anything? The backlight and its noise is not modulated (at least, not in anything less than the optical band) by the imformation provided on the screen. Jim Bell jimbell at pacifier.com From tuvak at troi.iq-internet.com Thu Dec 5 17:47:29 1996 From: tuvak at troi.iq-internet.com (tuvak at troi.iq-internet.com) Date: Thu, 5 Dec 1996 17:47:29 -0800 (PST) Subject: Control E-Mail Advertising Message-ID: <199612060117.SAA02652@troi.iq-internet.com> We all love or hate advertising, it just depends on if it interests us ... Advertisers want to send YOU E-Mail ... BUT, will it interest you??? Reply to this message with the names of your favorite magazines to receive messages from firms who would advertise in those publications. Reply to this message with NO MAIL to prevent ANY commercial E-Mail from C.A.R.E. member firms. Thank You, The Red Pages and C.A.R.E. ( 1-800-257-7831 ) "Concientious Advertising thru Responsible E-Mail" From logos at c2.net Thu Dec 5 17:56:26 1996 From: logos at c2.net (logos) Date: Thu, 5 Dec 1996 17:56:26 -0800 (PST) Subject: Logos -vs- Vulis In-Reply-To: <32A67717.1E5D@gte.net> Message-ID: On Wed, 4 Dec 1996, Dale Thorn wrote: > I'm not > opposed to paying some attention to decorum, but logic comes first, > otherwise, you won't have a leg to stand on. Reasonable minds can differ on this subject. I think decorum must come first. We must first stop 'shouting' before logic may be heard. Logos out From angie at cpci.net Thu Dec 5 18:27:36 1996 From: angie at cpci.net (angie at cpci.net) Date: Thu, 5 Dec 1996 18:27:36 -0800 (PST) Subject: SMILE :) Message-ID: <199612060208.SAA13268@armenia.it.earthlink.net> DentlCare Management, Inc. (DentlCare) is a publicly listed Nevada corporation founded for the purpose of acquiring dental health care facilities nationwide. DentlCare has developed a model for the delivery of quality dental care to all segments of its population. DentlCare and subsidiaries provide innovative services and products to the dental marketplace, at affordable rates. "Given the rapid success of this concept, it�s no surprise that Wall Street has latched on to it. In the past year eight PPMs have gone public, raising over $350 million in new capital. Many of the stocks sell at better than 35 times earnings. Some, like Med-Partners, are closer to 70 times." Forbes Magazine, September 1995. The DentlCare model provides a fully-operational dental health care facility and all management support to the dental professional on a "turn key" basis. Because of its managerial efficiency and the volume of business created by aggressive advertising to the "fee-for-service patient" and participation in "managed care" dental plans, the model generates higher than average operating margins. DentlCare provides business and practice management services to dentists through its wholly owned subsidiaries, which currently manage twelve fully operational clinics, along with one mobile dental team. Through these contractual relationships, the Company manages the financial, administrative and marketing activities, allowing Dentists to concentrate on the delivery of high quality, affordable dental care to their patients. The success of these operations indicates that the same concepts can be duplicated in major metropolitan areas throughout the United States. The clinics are to be located in those regions of the country where the demographics support a high volume operation, mainly in large metropolitan areas or in cities where the percent of residents over age 65 exceeds 15% of the total population, or in areas which have strong Managed Care programs. The Company�s target market is the estimated 60% of the American public that do not have a dentist. They will go to one only if they are in pain. As badly as they need regular dental care, they avoid it because they are afraid of pain, expense, and humiliation. The Company has so successfully addressed these three fears that 90% of the fee-for-service customer base are patients who have previously avoided regular dental care. We believe this is a timely opportunity to invest on the ground floor of a new company with explosive growth potential. Symbol: DCMI Exchange Listed: OTC: Bulletin Board Shares Outstanding: 10.7 million Current Price: $3.00 For a FREE Investor Relation Package, simply email your request to the email address above and put MORE INFO in the subject line. Be sure to include your complete name, address, and daytime phone number in the body of the email message. All information MUST be provided. You have just received a FREE special report designed to inform you of emerging growth companies. If you wish to be removed from our mailing list, simply send your remove request to the email address above with REMOVE in the subject line. The information contained in this report was provided by the companies featured and they are solely responsible for the accuracy and adequacy of the information provided. *** This is an information notice only, not an offer to sell securities. *** From blancw at microsoft.com Thu Dec 5 18:47:15 1996 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 5 Dec 1996 18:47:15 -0800 (PST) Subject: Silence is not assent (re the Vulis nonsense) Message-ID: Well, I see that my email came out a bit skewed, so I'm reformatting a bit and resending to make it more readable: ----------------------------------------------- From: Dale Thorn ... I believe that my idea above [asking John Gilmore to speak up, and if he doesn't, say to the list that he has declined to do so] is still a great idea (if the subscribers are not afraid of confrontation), as it would tend to force the issue more into the open. I don't know what you mean by "forcing the issue more into the open". Do you mean the issue of John' s not replying, or of censorship per se? If you mean "forcing the issue of John not defending himself on the list", I don't see where the issue needs to be forced. John has rarely posted to the list since it started, and typically only announcements of events or crypto papers/conferences, etc.; he does not engage in the discussions at all. I personally have no argument with his decision over when he posts or what he cares to post about, or how much or how little. My own interest in the list has nothing to do with whether the list owner is moved to defend himself or not. I'm free to roam at will, read or delete, post or unsubscribe, publicly and loudly or privately & quietly. I don't feel constrained in any way, shape or form to stay or go or speak or stay quiet. I make all my own decisions about this and John never knows nor, I expect, suffers any concern over it. And vice-versa. I (and apparently many others) do not feel the need to discuss John's decisions. I, and others, are not bound, like geese flying in formation, to follow his lead, nor are we going to fall apart at a loss for direction if he fails to "show up". You mention what "others had overlooked". How about this: Tim May sent a message the other day stating (in essence) that the whole "censorship" thing was pretty much a size (rather than content) problem. I posted that notion twice, and there has been *no* discussion of it, as far as I know. Too bad Tim didn't post that at the beginning of the affair, since everyone apparently reads *his* mail. What I meant by what "others had overlooked" was in regard of the content of posted messages which I have read, not in regard of *which* poster's messages are overlooked/not read by others. Tim can have whatever opinion he likes about censorship or size or content, and none of us are under any obligation to either agree or disagree with him. On a libertarian/anarcho-capitalistic list like this, the individuals who have elected to join and lurk or post are not expected to do anything but follow their interest. There are more than 1200 subscribers to the list; if each and everyone of them had decided they had something to say to each other about the concept of the rights of the person whose computer these messages are all flowing through, that would have been their fortunate privilege to do, as no one has put any limit to the number of messages allowed, from any one, during any particular period of time. (Of course they would all be expecting not only that their particular message would be read, but that everyone would absorb their wisdom, right. Not!) >Frankly, most of the long-time members of the list >would not need any such statements of defense from >John in order to appreciate the nature of the >circumstance and the reasoning for his symbolic >'censorship'. I apologize in advance for this one, but I honestly think that statement says more about acceptance of the Iron Boot principle than it says about what really happened. I for one am not an insider in any of the various cliques that surround this list, so perhaps I missed something that would explain it better to me. I suppose you are referring to an unspoken understanding, but again, and for future reference, you might want to consider the non-long-time members and speak the unspoken, as it were. What really happened is that, upon weighing the relative merits of John's action vs Vulis' contributions, what John did was seen as more of a benefit than a detriment, and this dimmed any arguments which might have been raised against it. It's not like everyone was clammoring for the privilege of reading what Vulis had to say or there aren't any other avenues to getting his literary works. The "unspoken" understanding on the list is that it was started by a couple of guys who happen to be very libertarian/cryptoanarchist in their philosophy of life (not simply as it applies to cryptography, but rather as cryptography relates to that philosophy). I put "unspoken" in quotes because there have been no end of discussion and comments and replies and retorts and flames on this very subject in the past years since I've been on the list (Oct '93, and it is actually what attracted me to subscribing), so it has hardly gone unmentioned and to many is no surprise, although is often difficult for them to see or agree with. I recommend that you go through the archives and do a little light reading. Your mind will soon be saturated with the flavor of the underlying theme, and you will Understand. .. Blanc From azur at netcom.com Thu Dec 5 19:08:12 1996 From: azur at netcom.com (Steve Schear) Date: Thu, 5 Dec 1996 19:08:12 -0800 (PST) Subject: Stinger Specs Message-ID: >Stinger (AIM-92) (Jane's #: 6604.331) >152 x 7-14 cm (l x d - span) >Weight: 18 kg >Warhead: HE >Propulsion: Solid >Range: 2-4 km >Guidance: IR > >Exact effective range / altitude is not listed in the quick guide I have >on my desk. I will pull it out of a larger volume when I have time. > When I was doing my undergraduate work several of us built a heat-seeking and homing circuit which we subsequently tested in a small (24-inch) solid propellent rocket. Four CO-2 cooled germanium sensors picked up radiation from a small flat-topped piramidal mirror which drove fin servos to 'null' onto (place its image atop the piramid) the heat source. One evening we were able to 'shoot down' a lit cigarette tied to fence up in the hills near the college from a distance of about 1/4-mile. For some time we considered making available 'Visible Missile" plans/kits, for a few hundred dollars, which had everything except the easily obtained zinc-sulphur propellent (would this be illegal given the laws passed since the '70s?) so those interested in IR missile technology could learn from a functioning testbed. I did quite a bit of serious amateur rocketry in my teen years through the Northrup Rocketry Club (So. Cal) and launches at a site near Edwards AFB (they were happy to track our launches and make sure there was no aircraft hazzard). Our 24-inch rockets reached speeds of over 1000 mph in about 1 second and altitudes of about 10,000 ft. 48-inch rockets (still small enough for shoulder launch) could reach over Mach 2 and altitude/ranges of about 50,000 ft (all figures insignificant payloads). I'm certain I and many of my friends got much of our interest for math and science and subsequent academic success from such hands-on activities which were encouraged or supported by teachers, parents, corporations and the government. We were forced to solve real chemistry, math, engineering, physics and material science problems. This has all vanished is our zeal to protect youth and society from any activity which might lead injury or misuse. I can't even find a place to buy a niece a real chemistry set as tort laws have forced them from the market. When considering the plumeting interest and achievement of our youth in math and science we look nor further for a reason. -- Steve From ichudov at algebra.com Thu Dec 5 19:26:27 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Thu, 5 Dec 1996 19:26:27 -0800 (PST) Subject: PGP in Russia In-Reply-To: Message-ID: <199612060321.VAA06453@manifold.algebra.com> Dr.Dimitri Vulis KOTM wrote: > harka at nycmetro.com writes: > > it's been asked before but I don't know the current answer: Is the use > > of PGP legal in Russia? And if it's not, how are the chances of a > > foreigner in Russia using it anyway to get away with it? > > Cryptography is outlawed in Russia (search the archives for my articles > circa April '95). You can probably get away with using it anyway, but > they just might make an example out of you. :-) Severity of Russian laws is compensated by lack of their enforcement. I would not expect Russian authorities to look for people using PGP or even react to complaints that certain persons use it. They might use this law to harass people for something else though. Kinda similar to taking PGP on diskettes out of United States: it is nominally illegal, but n oone bothers. I AM NOT A LAWYER - Igor. From bgrosman at healey.com.au Thu Dec 5 19:27:07 1996 From: bgrosman at healey.com.au (Benjamin Grosman) Date: Thu, 5 Dec 1996 19:27:07 -0800 (PST) Subject: Encryption/data-changing in russia Message-ID: <2.2.32.19961207002348.00874dcc@healey.com.au> Dear All, whilst on the subject of PGP in Russia, I encountered something very interesting. A friend of mine who is Russian, but lives out here, frequently corresponds with friends in Russia via email, and in the course of sending emai, they occasionally send an attachment. However, the attachment that _all_ his russian friends send, including the ones who use MIME capable email clients such as Eudora, always, _always_, uuencode files, and they say they can't do MIME. I am wondering if the encryption/data-changing laws in Russia are so strict as to disallow MIME encoding even, but still allows UU for some reason? Any clues as to this? Yours Sincerely, Benjamin Grosman From tcmay at got.net Thu Dec 5 20:41:20 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 5 Dec 1996 20:41:20 -0800 (PST) Subject: The Science Generations In-Reply-To: Message-ID: Steve brings us some important issues. Even a few crypto-related issues, later. At 7:08 PM -0800 12/5/96, Steve Schear wrote: >When I was doing my undergraduate work several of us built a heat-seeking >and homing circuit which we subsequently tested in a small (24-inch) solid .... >functioning testbed. I did quite a bit of serious amateur rocketry in my >teen years through the Northrup Rocketry Club (So. Cal) and launches at a >site near Edwards AFB (they were happy to track our launches and make sure .... >I'm certain I and many of my friends got much of our interest for math and >science and subsequent academic success from such hands-on activities which >were encouraged or supported by teachers, parents, corporations and the >government. We were forced to solve real chemistry, math, engineering, >physics and material science problems. This has all vanished is our zeal >to protect youth and society from any activity which might lead injury or >misuse. I can't even find a place to buy a niece a real chemistry set as >tort laws have forced them from the market. When considering the plumeting >interest and achievement of our youth in math and science we look nor >further for a reason. I never was seriously into rockets, but I sure was heavily into Gilbert chemistry sets, making low-grade explosives, etc., and, as I shifted into physics (around the 8th grade), into Tesla coils, radio emissions, plasmas, tunnel diodes, etc. (Tunnel diodes may seem low-tech to you Gen-X folks, given that Esaki's invention never really changed the world as transistors did, but it was amazing to me as a 10th grader to be experimenting with "quantum tunneling." Your mileage may vary.) I'm not sure if Gilbert chemistry sets went off the market for liablity reasons, or for "lack of interest." The "4-banger" I had in 1961, supplemented with varius Bunsen burners, arc furnaces, Erlenmayer flasks, and whatnot, was amazing for its time. (And not terribly expensive, in case some of the "social democrats" on this list are thinking I lived a (I used to lie in bed at night, after my eyes adjusted to total darkness, watching through the lens on my Gilbert "spinthariscope," watching the flashes and trails of alpha particles striking the scintillator screen. Little did I know then that these same alpha particles would make my career 15 years later.) I believe there have been roughly (very roughly) three genarations of "science kids": * Generation 1: The kids of the 1920s-40s. The Ernest Lawrences and the Robert Noyces, who grew up on farms, repairing tractors and farm machinery. They learned about machinery at a direct level. These were the giants of the post-war science community, and the founders of modern American chip companies. * Generation 2: The Sputnik generation, of the 1950s-60s. They grew up with Gilbert chemistry sets, Erector sets, "All About" books, and with constant exposure to nuclear physics, relativily, molecular biology, etc. These were the workers who staffed the companies formed by the Noyces and Moores of the world, and the young scientists who pioneered the use of computers. * Generation 3: The computer generation. The 1970s-80s, who grew up with Commodore PETs and Apple IIs (and some later machines). These are the "new pioneers" of the 1980s-90s, the Marc Andreesens and the like. (I could imagine expanding this to 4 or 5 "generations," but I think you get the point. Being 44 years old, and almost 45, I claim no knowledge about what the "latest generation" is all about. Maybe it's the "Beavis and Butthead" generation...I don't know.) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From gbroiles at netbox.com Thu Dec 5 20:47:53 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Thu, 5 Dec 1996 20:47:53 -0800 (PST) Subject: Crypto hits the mainstream Message-ID: <3.0.32.19961205203741.006d6b5c@mail.io.com> PC Magazine's web site has a prominent article reviewing four PC-based crypto apps: they all seem to be oriented towards storage security not communications security (to adopt Tim's taxonomy). The apps are from Symantec, RSA, AT&T, and PGP; their "Editors' Choice" was Symantec's program, followed closely by RSA's. They seem more concerned with speed and user interface rather than the strength of the algorithms or their implementations. The article won't teach anyone who's read Applied Crypto anything new about crypto, but it's neat to see that security is becoming a mainstream concern. (It should have always been one.) There may very well be an associated dead-tree version of the article as well, but I've lost touch with the PC market. The article is located at . -- Greg Broiles | US crypto export control policy in a nutshell: gbroiles at netbox.com | http://www.io.com/~gbroiles | Export jobs, not crypto. | From shamrock at netcom.com Thu Dec 5 21:23:07 1996 From: shamrock at netcom.com (Lucky Green) Date: Thu, 5 Dec 1996 21:23:07 -0800 (PST) Subject: Stinger Specs Message-ID: <3.0.32.19961205212336.006a520c@netcom14.netcom.com> At 07:08 PM 12/5/96 -0800, Steve Schear wrote: >This has all vanished is our zeal >to protect youth and society from any activity which might lead injury or >misuse. I can't even find a place to buy a niece a real chemistry set as >tort laws have forced them from the market. When considering the plumeting >interest and achievement of our youth in math and science we look nor >further for a reason. When Wernher von Braun (if the reader doesn't know who von Braun was, shame on your teachers. Hint: first human on the Moon.) first became interested in rocketry, he was a student of music. Classical piano, to be exact. He got his hands on a book about using rockets for space exploration. To his dismay, the book was full of mathematical equations. He went to his math teacher, asking him for help with the equations. The teacher must have been of help, since von Braun went on to become the single most knowledgable person in his field. And no, it wasn't piano playing. There is nothing like some real life challenges to spark a young person's mind. Today, conducting the experiments that fueled von Braun's imagination would be a felony. The mere posession of the chemicals he used in his early twenties is illegal. This country has set out on a project to dumb the minds of its young. With great success. -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://ourworld.compuserve.com/homepages/justforfun/prime.htm From attila at primenet.com Thu Dec 5 21:37:05 1996 From: attila at primenet.com (attila at primenet.com) Date: Thu, 5 Dec 1996 21:37:05 -0800 (PST) Subject: Ira Magaziner: FREE Internet Message-ID: <199612060538.WAA20032@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Just posted an hour ago on CNN I don't believe it! Ira Magaziner's interagency task for recommended that the Internet be a free zone, duty free, and to try and persuade all countries not to limit speech, encryption, etc. two days in a row: first the SPA changed course and really balked, and now this from an ultra-liberal! maybe there is such a thing as a spark of freedom in the gathering darkness! Ira Magaziner Task force recommends Free Zone Internet ===CNN post follows=== Magaziner recommends Free Internet </a>

Clinton advisers urge free market approach for Internet

December 5, 1996
Web posted at: 10:30 p.m. EST

WASHINGTON (Reuter) -- The Internet could provide a huge boost to the U.S. economy if the federal government pursues "free market" policies in cyberspace, a group of President Clinton's top advisers said in a draft report obtained by Reuters.

The group, an interagency task force headed by senior presidential adviser Ira Magaziner, recommended the administration work globally to protect the Internet from new taxes, censorship and other onerous forms of regulation.

After seven months of deliberations, the task force is preparing to issue for public comment a report of principles and policies the Unites States should pursue, Magaziner said in an interview.

"One of the things we're trying to do with this paper is as much say what government should not do as say what they should do," Magaziner said."A lot of what industry is concerned about is that governments are already beginning to take actions around the world that would inhibit commerce."

The growth of Internet commerce could help boost U.S. exports of everything from movies and news to software and consulting services. Exports of such products totaled $40 billion in 1995, the draft report noted.

The idea is to hitch U.S. exports to the speeding Internet commerce train. Sales of goods and services online are projected to grow to $7 billion in the year 2000, from about $1 billion this year, according to market researchers at Jupiter Communications.

"Companies have told us there would be a tremendous potential to increase world trade across the Internet if we could provide the right kind of environment," Magaziner said.

The draft report, called "A Framework for Global Electronic Commerce," covers nine issues, from taxation and customs to privacy and security.

On taxation, the draft report echoes a report issued by the Treasury Department last month by stating no new taxes should be imposed. Acting through the World Trade Organization,the United States should push for the Internet to be designated a duty-free zone, the draft said.

Some consumers worry their privacy will be violated when they shop online. he report said governments should push vendors to disclose what will be done with information about consumers rather than dictate to merchants what they can or cannot do with the data.

On some issues, such as encryption -- encoding information in a scrambled format to provide a measure of security or privacy -- existing administration policies may be seen as conflicting with the free market approach of the draft report.

Copyright 1996 Reuters Limited . All rights reserved. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMqewuL04kQrCC2kFAQH7eAP+L4Fk1sZgMl/YhufgluegE5Xo7nCvSJ8u rqhgBGmvE1/rY1HacDFt/4a9SgXkEfNPohkQoGnFccx1jhgZpBKbx8SQrIPPboHh Indv5MJbvcdGYfTR0UKms1t0iCv0DiQgtyXMxvHWFVTzByaKLu4cuEgatlSmsIoK SfRT376DqLg= =SSQB -----END PGP SIGNATURE----- From foodie at netcom.com Thu Dec 5 22:07:51 1996 From: foodie at netcom.com (Jamie Lawrence) Date: Thu, 5 Dec 1996 22:07:51 -0800 (PST) Subject: The Science Generations In-Reply-To: Message-ID: At 8:44 PM -0800 on 12/5/96, Timothy C. May wrote: > I'm not sure if Gilbert chemistry sets went off the market for liablity > reasons, or for "lack of interest." The "4-banger" I had in 1961, > supplemented with varius Bunsen burners, arc furnaces, Erlenmayer flasks, > and whatnot, was amazing for its time. (And not terribly expensive, in case > some of the "social democrats" on this list are thinking I lived a I can provide a datapoint here. I started getting into chemistry when I was about 8, which was in 1981. I can't remember the brand name, but my first (and last, actually) 'value-added' kit was designed to keep kids from doing anything that could be dangerous, a fact tactfully explained on the packaging. To solve that problem, my mother gave me an Edmund Scientific catalog and a (severely limited, given my family background) budget for whatever I wanted. I ordered direct for supplies from then on. > * Generation 3: The computer generation. The 1970s-80s, who grew up with > Commodore PETs and Apple IIs (and some later machines). These are the "new > pioneers" of the 1980s-90s, the Marc Andreesens and the like. I would have killed for a computer growing up. I finally got one, a Mac IIsi, when I went to college (I'm still paying off the loan I took out to buy it. I gave it to someone when I got another machine, and it will, if I'm not mistaken, retrieve this message the next time a certain someone checks mail. That helps me overlook the fact that I still owe more than the machine is worth... I learned my lesson.) There are many in my age bracket who play with non-computer science; the relevent fact being that whatever the field of study (I personally know folks doing research in bio, physics, chemistry and economics (arguably not a science ;)), they all use computers as a daily part of their work. You can run, but you can't hide. > (I could imagine expanding this to 4 or 5 "generations," but I think you > get the point. Being 44 years old, and almost 45, I claim no knowledge > about what the "latest generation" is all about. Maybe it's the "Beavis and > Butthead" generation...I don't know.) Yes, many of us are devoted to the study of Brute Force Insect Dissection. -j > --Tim May -- "I'm about to, or I am going to, die. Either expression is used." - Last words of Dominique Bouhours, Grammarian, 1702 ____________________________________________________________________ Jamie Lawrence foodie at netcom.com From tcmay at got.net Thu Dec 5 22:28:09 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 5 Dec 1996 22:28:09 -0800 (PST) Subject: Crypto hits the mainstream In-Reply-To: <3.0.32.19961205203741.006d6b5c@mail.io.com> Message-ID: At 8:48 PM -0800 12/5/96, Greg Broiles wrote: >PC Magazine's web site has a prominent article reviewing four PC-based >crypto apps: they all seem to be oriented towards storage security not >communications security (to adopt Tim's taxonomy). The apps are from ... A good way of putting things. I wann't thinking in terms of a strict tanonomy of "storage" vs. "communications,: but this is certainly so. The government wants access to our _commuinications_,, while it is our _storage_ that we as users are interested in protected. (Not that I grant them access to "storage," but it's important to point out that their claims about helping to protect ciitizen-units are bogus, too.) --Tim Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dlv at bwalk.dm.com Thu Dec 5 22:40:42 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 5 Dec 1996 22:40:42 -0800 (PST) Subject: Arsen Message-ID: <7XXHyD13w165w@bwalk.dm.com> An unknown person asked: > >Arsen vainly insisted on listing his name in InterNIC's database as RA1215 > >(unusual for someone supposedly interested in privacy). Arsen listed a phone > >number (+1 718 786 4227) which is apparently at his parents' residence (48-2 > >40th St, Apt 2B, Calvary, NY 11104-4111) and a fax number (+1 212 725 6559). > > Where does one find information to recreate your research? I was all > over > InterNIC's websight but could not find anything on RA1215 or Arsen, let > alone > a phone number. Don't these information services rely on user > volunteering > information. If not, how do I make this information about myself > secure? Your tcp/ip package should have a program called 'whois', which goes to internic and searches its database. I'm not sure if MS includes it in NT or whatever you're using... If you can't find it, just telnet to internic.net or rs.internic.net port 43 (important!) and type the string you want to search for. Save the output - it closes the telnet connection after sending it. Yes, it relies on people supplying the information about themselves. Some folks are pretty paranoid about. E.g., fingering unicorn at uiuc.edu says: ]---------------------------------------- ] name: You may not view this field. ] department: You may not view this field. ] title: You may not view this field. ] phone: You may not view this field. ] address: You may not view this field. ] other: You may not view this field. ] email to: unicorn at uiuc.edu (Not present in entry.) ] public_key: ]You may not view this field. ]---------------------------------------- May not view the public key? Come on. From dlv at bwalk.dm.com Thu Dec 5 22:42:22 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 5 Dec 1996 22:42:22 -0800 (PST) Subject: Dimitri IS Detweiler In-Reply-To: <199612051916.LAA20806@abraham.cs.berkeley.edu> Message-ID: nobody at cypherpunks.ca (John Anonymous MacDonald) writes: > Dimitri Vulis wrote: > > | He he he what is sauce for the goose is sauce for the gander blah blah > ^^^^^^^^ > | blah intellectual dishonesty blah blah blah typical logorrhetic "cypher > | punk" can't spell his own nym politely. > > There we have it! PROOF that Dimitri is a tentacle of Detweiler. > Own up Dimitri! (sorry for the previous accusation Dale) How do you know that Dale != me? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From frantz at netcom.com Thu Dec 5 22:57:22 1996 From: frantz at netcom.com (Bill Frantz) Date: Thu, 5 Dec 1996 22:57:22 -0800 (PST) Subject: Red Letter Day Message-ID: <199612060657.WAA19189@netcom7.netcom.com> An entirely on-topic post from Dimitri: >To: cypherpunks at toad.com >Subject: Re: PGP in Russia >From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) >Comments: All power to the ZOG! >Date: Thu, 05 Dec 96 16:36:33 EST >Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y. >Sender: owner-cypherpunks at toad.com >Precedence: bulk > >harka at nycmetro.com writes: > >> Hi there, >> >> it's been asked before but I don't know the current answer: Is the use >> of PGP legal in Russia? And if it's not, how are the chances of a >> foreigner in Russia using it anyway to get away with it? > >Cryptography is outlawed in Russia (search the archives for my articles >circa April '95). You can probably get away with using it anyway, but >they just might make an example out of you. :-) > >--- > >Dr.Dimitri Vulis KOTM >Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps > ------------------------------------------------------------------------- Bill Frantz | The lottery is a tax on | Periwinkle -- Consulting (408)356-8506 | those who can't do math. | 16345 Englewood Ave. frantz at netcom.com | - Who 1st said this? | Los Gatos, CA 95032, USA From frantz at netcom.com Thu Dec 5 23:23:50 1996 From: frantz at netcom.com (Bill Frantz) Date: Thu, 5 Dec 1996 23:23:50 -0800 (PST) Subject: The Science Generations Message-ID: <199612060723.XAA21230@netcom7.netcom.com> At 8:44 PM 12/5/96 -0800, Timothy C. May wrote: >* Generation 1: The kids of the 1920s-40s. The Ernest Lawrences and the >Robert Noyces, who grew up on farms, repairing tractors and farm machinery. >They learned about machinery at a direct level. These were the giants of >the post-war science community, and the founders of modern American chip >companies. > >* Generation 2: The Sputnik generation, of the 1950s-60s. They grew up with >Gilbert chemistry sets, Erector sets, "All About" books, and with constant >exposure to nuclear physics, relativily, molecular biology, etc. These were >the workers who staffed the companies formed by the Noyces and Moores of >the world, and the young scientists who pioneered the use of computers. > >* Generation 3: The computer generation. The 1970s-80s, who grew up with >Commodore PETs and Apple IIs (and some later machines). These are the "new >pioneers" of the 1980s-90s, the Marc Andreesens and the like. I am definitly from Generation 2. I have tried to interest my children in playing with ICs and various electronic pieces. I have also worked hand-in-hand with them, rebuilding auto engines and transmissions. We will see how it plays out. ------------------------------------------------------------------------- Bill Frantz | The lottery is a tax on | Periwinkle -- Consulting (408)356-8506 | those who can't do math. | 16345 Englewood Ave. frantz at netcom.com | - Who 1st said this? | Los Gatos, CA 95032, USA From ichudov at algebra.com Thu Dec 5 23:27:44 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Thu, 5 Dec 1996 23:27:44 -0800 (PST) Subject: Encryption/data-changing in russia In-Reply-To: <2.2.32.19961207002348.00874dcc@healey.com.au> Message-ID: <199612060721.BAA08398@manifold.algebra.com> Benjamin Grosman wrote: > > Dear All, > > whilst on the subject of PGP in Russia, I encountered something very > interesting. A friend of mine who is Russian, but lives out here, frequently > corresponds with friends in Russia via email, and in the course of sending > emai, they occasionally send an attachment. However, the attachment that > _all_ his russian friends send, including the ones who use MIME capable > email clients such as Eudora, always, _always_, uuencode files, and they say > they can't do MIME. I am wondering if the encryption/data-changing laws in > Russia are so strict as to disallow MIME encoding even, but still allows UU > for some reason? benjamin, you do have a valid concern, but: who cares about these laws if no one enforces them? russia is such a libertarian country now, all commerce is based on private enforcement by mobs, the government is so corrupt that all regulation is sort of auctioned to the highest bribe bidder, and the government spending is only 13% of GDP because nobody pays taxes. in economic reality this is actually good because the government is very small and impotent, as long as it does not spend more than what it makes. nobody cares about encryption/shmencryption unless you are a spy. i regularly send encrypted emails to my russian acquaintainces. - Igor. From ichudov at algebra.com Thu Dec 5 23:30:24 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Thu, 5 Dec 1996 23:30:24 -0800 (PST) Subject: Stinger Specs In-Reply-To: Message-ID: <199612060727.BAA08435@manifold.algebra.com> Steve Schear wrote: > > >Stinger (AIM-92) (Jane's #: 6604.331) > >152 x 7-14 cm (l x d - span) > >Weight: 18 kg > >Warhead: HE > >Propulsion: Solid > >Range: 2-4 km > >Guidance: IR > > > >Exact effective range / altitude is not listed in the quick guide I have > >on my desk. I will pull it out of a larger volume when I have time. > > > > When I was doing my undergraduate work several of us built a heat-seeking > and homing circuit which we subsequently tested in a small (24-inch) solid > propellent rocket. Four CO-2 cooled germanium sensors picked up radiation > from a small flat-topped piramidal mirror which drove fin servos to 'null' > onto (place its image atop the piramid) the heat source. One evening we > were able to 'shoot down' a lit cigarette tied to fence up in the hills > near the college from a distance of about 1/4-mile. > > For some time we considered making available 'Visible Missile" plans/kits, > for a few hundred dollars, which had everything except the easily obtained > zinc-sulphur propellent (would this be illegal given the laws passed since > the '70s?) so those interested in IR missile technology could learn from a > functioning testbed. I did quite a bit of serious amateur rocketry in my very interesting. how to make this propellent? and why it was banned? thanks! death to zealous "child protectors". > teen years through the Northrup Rocketry Club (So. Cal) and launches at a > site near Edwards AFB (they were happy to track our launches and make sure > there was no aircraft hazzard). Our 24-inch rockets reached speeds of over > 1000 mph in about 1 second and altitudes of about 10,000 ft. 48-inch khm, it means that the acceleration was 45g. it is a lot, how come the rockets did not break apart? what were the rocket bodies made from? > rockets (still small enough for shoulder launch) could reach over Mach 2 > and altitude/ranges of about 50,000 ft (all figures insignificant > payloads). > I'm certain I and many of my friends got much of our interest for math and > science and subsequent academic success from such hands-on activities which > were encouraged or supported by teachers, parents, corporations and the > government. We were forced to solve real chemistry, math, engineering, > physics and material science problems. This has all vanished is our zeal > to protect youth and society from any activity which might lead injury or > misuse. I can't even find a place to buy a niece a real chemistry set as > tort laws have forced them from the market. When considering the plumeting > interest and achievement of our youth in math and science we look nor > further for a reason. of course, protection leads to stupidification. is this rocketry club still operational? - Igor. From Adamsc at io-online.com Thu Dec 5 23:41:43 1996 From: Adamsc at io-online.com (Adamsc) Date: Thu, 5 Dec 1996 23:41:43 -0800 (PST) Subject: (null) Message-ID: <19961206073720359.AAA122@gigante> On Wed, 04 Dec 1996 17:33:59 -0600, Lurker wrote: >Could someone tell me where I can find a text file of *all* usenet newsgroups? Check www.spam-monkeys.com. If you use a Un*x based newsreader, they should have some sort of .newsrc file available. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From attila at primenet.com Thu Dec 5 23:56:15 1996 From: attila at primenet.com (attila at primenet.com) Date: Thu, 5 Dec 1996 23:56:15 -0800 (PST) Subject: [PVT] Re: Stinger Specs In-Reply-To: <3.0.32.19961205212336.006a520c@netcom14.netcom.com> Message-ID: <199612060757.AAA23206@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- In <3.0.32.19961205212336.006a520c at netcom14.netcom.com>, on 12/05/96 at 09:24 PM, Lucky Green said: ::At 07:08 PM 12/5/96 -0800, Steve Schear wrote: ::>This has all vanished is our zeal ::>to protect youth and society from any activity which might lead ::>injury or misuse. I can't even find a place to buy a niece a real ::>chemistry set as tort laws have forced them from the market. When ::>considering the plummeting >interest and achievement of our youth in ::> math and science we look no further for a reason. ::When Wernher von Braun (if the reader doesn't know who von Braun was, ::shame on your teachers. Hint: first human on the Moon.) first became ::interested in rocketry, he was a student of music. Classical piano, to ::be exact. He got his hands on a book about using rockets for space ::exploration. To his dismay, the book was full of mathematical ::equations. He went to his math teacher, asking him for help with the ::equations. The teacher must have been of help, since von Braun went on ::to become the single most knowledgable person in his field. And no, it ::wasn't piano playing. ::There is nothing like some real life challenges to spark a young ::person's mind. Today, conducting the experiments that fueled von ::Braun's imagination would be a felony. The mere possession of the ::chemicals he used in his early twenties is illegal. ::This country has set out on a project to dumb the minds of its young. ::With great success. bingo! and, how. they have succeeded beyond their wildest dreams! I had a roommate at Harvard (late fifties) who had incredibly deep pockets. his mother died his freshman year, leaving him her estate on the tip of Fisher's Island, including the costal defense battery positions and bunkers. he had an Apache twin for which I managed to get a license including instrument very quickly --we then went to FI for weekends and built and fired everything you can imagine. only a few curious paid us any mind as the closest estate to hers was at least 1/2 mile. can you imagine that today? --the tip guards the entrance to the New London pig boat pens and the LI sound! there were still plenty of professors with both knowledge on the early rockets, and open enough to "private" teach. My advisor was a Nobel prize winner, very accessible, and provided both help and introductions to men most never knew even existed in the vast science complex north of the yard. most were in the same old building (Pierce) with the RF screens on the outside walls to shield against the primitive radar --long dark and narrow halls. It is a whole different ball game in academia. men whom I have recently met are nothing like their predecessors who were open and warm --everyone is so "professional" and they are _cold_. sad story in general. some bright spots though, I guess. I was rather surprised by experiments and their depths in AP Chemistry offered my third son by St George's Dixie High School --impressive and not the usual restrictions on "oh, poor Johnny might hurt himself while clowning ...err learning." a) we have better discipline which works; and b) we don't put up with those silly whiners (so far). but the future does not speak well with declining tests scores which, for instance, require the SATs to be watered 20-30% so the median would still be 500! to think that the pair of 800s I received in the 50s can be acquired by someone scoring less than 650s --what value has the US placed on education? enough so our students now rank well down in the second 10 on international tests! what makes that worse is the _majority_ of Korean students can perform --the lower 1/3 of our students have already dropped out of school, and the second third are too uneducated to participate. junior colleges are graduating students who would not have passed out of tenth grade 20-30 years ago. and, the government wants more mind control --even Bitch's "It Takes a Global Village." at least it's fat chance out here in the high desert. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMqfRNr04kQrCC2kFAQHfxAP+NbZ4JZIjraKsVBAKLx60AAKYyFDeT8Ly o8DAnYdfkuEtN04orz+fqFIKUeNjonglMYeIp/xGqTtQeqVRS6uURpD/K8EAxDR/ jv1EQanC2SrV6yc0TtiNwV9WTFlRrOZjt0gH3uwfv+yDPtgpDVaBL0b6sNH+6BDg Sh7UaRbkeYo= =Ssdu -----END PGP SIGNATURE----- From dthorn at gte.net Fri Dec 6 00:10:01 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 6 Dec 1996 00:10:01 -0800 (PST) Subject: Logos -vs- Vulis In-Reply-To: <199612051913.MAA29639@infowest.com> Message-ID: <32A7D456.4C4@gte.net> attila at primenet.com wrote: > at 11:17 PM, Dale Thorn said: [snippo] > ::Don't think I don't know what's going on here. I got permanently > ::expelled from two schools as a youth, to name just two examples from my > ::illustrious career, yet after learning how to play the game, I probably > ::am doing much better than most of the drones who completed their studies > ::and kept their mouths shut. My life is continually interesting, and I > ::wouldn't think of trading it for the neurotic, control-freak-mentality > ::lifestyle certain folks around here "enjoy". > you're not unusual, in the first place since many high performers > just were not willing to waste time in a slow paced and probably > parochial (not religion connotation) school. > as for a the attitude, Dale has carried right on without taking > a break. as for being less wired and neurotic, I doubt it --Dale's > into big time, including picking on anyone who he deems inferior > and or maybe even "Children of a Lesser god." Are you saying I've picked on everyone? I didn't claim to be neurosis- free, but at least I recognize neurosis and deal with it reasonably well. If you think any specific point I've made connotes neurosis rather than an attempt to help someone out or correct a serious fallacy, then feel free to point it out, and please be specific. It's not fair to blame someone who is an active and somewhat feisty thinker for your own inferiority complex. > ::I'm sure (if you know crypto topics) you realize that in creating a > ::crypto solution, there's no substitute for rigorous attention to detail. > ::I'm not opposed to paying some attention to decorum, but logic comes > ::first, otherwise, you won't have a leg to stand on. > did logic preclude decorum. that's sort of follows the rule: > "profanity is the refuge of inarticulate motherfuckers." > when you blow you own logic by being profanely indecorus. And I'll > say it again, and again: Profanity? I doubt I've been as profane as most of the long-term subscribers (leaders?) on the list. Maybe you should check those posts more carefully. > if the residents of cypherpunk land can not express themselves > with respect for their colleages, even in disagreement, then cp is > a has been and will be quoted in ridicule by the news organizations > and the Congress as an anarchistic bunch of uncivilized and uncouth > barbarians screaming "cryptography and anarchy for the masses." I/we should seek respect from "news organizations" and/or "the Congress"?? You must have ate something really bad before you had that dream. From Adamsc at io-online.com Fri Dec 6 00:10:46 1996 From: Adamsc at io-online.com (Adamsc) Date: Fri, 6 Dec 1996 00:10:46 -0800 (PST) Subject: The Science Generations Message-ID: <19961206080621390.AAA81@gigante> On Thu, 5 Dec 1996 22:10:04 -0800, Jamie Lawrence wrote: >> I'm not sure if Gilbert chemistry sets went off the market for liablity >> reasons, or for "lack of interest." The "4-banger" I had in 1961, >> supplemented with varius Bunsen burners, arc furnaces, Erlenmayer flasks, >> and whatnot, was amazing for its time. (And not terribly expensive, in case >> some of the "social democrats" on this list are thinking I lived a >I can provide a datapoint here. I started getting into chemistry >when I was about 8, which was in 1981. I can't remember the brand >name, but my first (and last, actually) 'value-added' kit was >designed to keep kids from doing anything that could be >dangerous, a fact tactfully explained on the packaging. Or how about those TrashShack kits everyone buys a science-oriented kid (until you warn them not to)? Geez. It's about as fun as one of those slide-show demo programs. >To solve that problem, my mother gave me an Edmund Scientific >catalog and a (severely limited, given my family background) >budget for whatever I wanted. >I ordered direct for supplies from then on. Gee, you too? I probably could have broke the $30k mark, though, if given the chance. Still could, easily, but it'd be Computer Shopper now. >computers as a daily part of their work. You can run, but you can't >hide. Hehe ... Person one: "And they [computer illiterates] will call us" Person two: "Secretaries" Bonus points if you get the reference. >> get the point. Being 44 years old, and almost 45, I claim no knowledge >> about what the "latest generation" is all about. Maybe it's the "Beavis and >> Butthead" generation...I don't know.) >Yes, many of us are devoted to the study of Brute Force Insect >Dissection. Many others are devoted to "the study of Chaotic systems involving realtime exothermic reactions with common household substances". (Pyromania might not be a bad sub title) Others still are most interested in Brute Force Wallet Extraction. Or, of course, the ever popular: Members of the Opposite Sex and How to Attract Them. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From jc105558 at spruce.hsu.edu Fri Dec 6 00:24:57 1996 From: jc105558 at spruce.hsu.edu (jc105558 at spruce.hsu.edu) Date: Fri, 6 Dec 1996 00:24:57 -0800 (PST) Subject: cypher-PUNKS... Message-ID: <009AC690.10DDC280.3@SPRUCE.HSU.EDU> I am writing this post to inform subcsribers of this list of the problems I have seen in this service. The number one problem being off subject discussion I understand that the name of this is cypherpunks, but why not put a little more cypher and a lot less punk. I can understand how it can all get started One person posts some intelligent information. Then another replys dissagreeing with the original sender. Then the sender takes it personally, and feels a need to flame the other. There is nothing wrong with flaming a bit, but for the name-sake of this mailer, please post more realevent (or at least interesting) information. Logos take a chill pill. You aren't a policeman. Tim May, do you have anything on subject to discuss? Allright, enough about that. I have a heard of a new encryption style called something like "Zone-redundant" and I was hoping if someone had any information on it? I think it is based on encrypting random pieces of encrypted data, but since I have very VERY little knowledge of the subject (hoping to learn a little from this mailer) I'm not sure. Does anyone have more information on the subject? - James - p.s. Logos, Tim May nothing personal, I hope. From dthorn at gte.net Fri Dec 6 00:39:03 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 6 Dec 1996 00:39:03 -0800 (PST) Subject: Silence is not assent (re the Vulis nonsense) In-Reply-To: Message-ID: <32A7DB2D.6B3F@gte.net> Blanc Weber wrote: > From: Dale Thorn > >... I believe that my idea above [asking John Gilmore to speak up, > >and if he doesn't, say to the list that he has declined to do so] is > >still a great idea (if the subscribers are not afraid of confrontation), > >as it would tend to force the issue more into the open. > I don't know what you mean by "forcing the issue more into the open". > Do you mean the issue of John' s not replying, or of censorship per se? It's very simple, really. Don't *anyone* speak for John, since John exercised his *right* to expel someone, surely only John himself knows the real reason(s), and anyone else's explanation is going to sound hollow and unconvincing. Doesn't anyone get the point? John took the action, you didn't, so either he explains or he doesn't, but I don't think other people trying to explain for him accomplishes anything except creating more bad feelings on the list. > If you mean "forcing the issue of John not defending himself on the > list", I don't see where the issue needs to be forced. No, I didn't mean that. We've seen enough of that already. [snip] > I (and apparently many others) do not feel the need to discuss John's > decisions. I, and others, are not bound, like geese flying in > formation, to follow his lead, nor are we going to fall apart at a loss > for direction if he fails to "show up". Sounds good to me. I don't try to keep track of who says what over a period of time, which makes it easier to forget unpleasantness after it settles down, even if other people don't forget my unpleasant moods when I wish they would. > >You mention what "others had overlooked". How about this: Tim May sent > >a message the other day stating (in essence) that the whole "censorship" > >thing was pretty much a size (rather than content) problem. I posted > >that notion twice, and there has been *no* discussion of it, as far as > >I know. Too bad Tim didn't post that at the beginning of the affair, > >since everyone apparently reads *his* mail. > What I meant by what "others had overlooked" was in regard of the > content of posted messages which I have read, not in regard of *which* > poster's messages are overlooked/not read by others. > Tim can have whatever opinion he likes about censorship or size or > content, and none of us are under any obligation to either agree or > disagree with him. [snip] Maybe I shouldn't admit this openly, then, but I thought that admission from Tim was quite significant, given both the physical limitations of the processing hardware and phone lines, and Tim's apparent influence with c-punks people, including (I would certainly guess) John Gilmore. > > >Frankly, most of the long-time members of the list would not need any > > >such statements of defense from John in order to appreciate the nature > > >of the circumstance and the reasoning for his symbolic 'censorship'. > >I apologize in advance for this one, but I honestly think that > >statement says more about acceptance of the Iron Boot principle than > >it says about what really happened. I for one am not an insider in any > >of the various cliques that surround this list, so perhaps I missed > >something that would explain it better to me. I suppose you are > >referring to an unspoken understanding, but again, and for future > >reference, you might want to consider the non-long-time members and > >speak the unspoken, as it were. > What really happened is that, upon weighing the relative merits of > John's action vs Vulis' contributions, what John did was seen as more of > a benefit than a detriment, and this dimmed any arguments which might > have been raised against it. It's not like everyone was clammoring for > the privilege of reading what Vulis had to say or there aren't any other > avenues to getting his literary works. Convenience and practicality are certainly compelling, but... > The "unspoken" understanding on the list is that it was started by a > couple of guys who happen to be very libertarian/cryptoanarchist in > their philosophy of life (not simply as it applies to cryptography, but > rather as cryptography relates to that philosophy). I put "unspoken" in > quotes because there have been no end of discussion and comments and > replies and retorts and flames on this very subject in the past years > since I've been on the list (Oct '93, and it is actually what attracted > me to subscribing), so it has hardly gone unmentioned and to many is no > surprise, although is often difficult to for them to see or agree with. > I recommend that you go through the archives and do a little light > reading. Your mind will soon be saturated with the flavor of the > underlying theme, and you will Understand. Oh, I *do* understand. I think personal privacy is sacred, even for underage people who are frequently robbed of it unfairly by older people and by bullies. That's only one of the reasons I found the "Crypto Anarchy and Virtual Communities" paper so interesting. If you could analogize the list to a human society, then you might understand that a pattern of decadence can set in here as it does in the more visible society, as is run from Washington DC, etc. It is my hope to make a contribution here (as in the more visible society) to fight off some of that decadence, even when I get beat up on for it. From SButler at chemson.com Fri Dec 6 00:52:35 1996 From: SButler at chemson.com (Butler, Scott) Date: Fri, 6 Dec 1996 00:52:35 -0800 (PST) Subject: FW: Dimitri IS Detweiler Message-ID: Nobody wrote: > >Dimitri Vulis wrote: > >| He he he what is sauce for the goose is sauce for the gander blah blah > ^^^^^^^^ >| blah intellectual dishonesty blah blah blah typical logorrhetic "cypher >| punk" can't spell his own nym politely. > >There we have it! PROOF that Dimitri is a tentacle of Detweiler. >Own up Dimitri! (sorry for the previous accusation Dale) > If THAT (he he he) is proof that Dimitri is Lance Detwieler then using the same theory, so it Mutley the cartoon dog. Nobody wrote this......I wish they hadn't bothered! > > From dthorn at gte.net Fri Dec 6 01:03:20 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 6 Dec 1996 01:03:20 -0800 (PST) Subject: Logos -vs- Vulis In-Reply-To: Message-ID: <32A7E0DB.46FD@gte.net> logos wrote: > On Wed, 4 Dec 1996, Dale Thorn wrote: > > I'm not opposed to paying some attention to decorum, but logic comes > > first, otherwise, you won't have a leg to stand on. > Reasonable minds can differ on this subject. I think decorum must come > first. We must first stop 'shouting' before logic may be heard. Easily disproved. You can shout a logical proposition/exposition or you can whisper it, it's just as clear and relevant (if it's really logical) either way. Decorum, on the other hand, is somewhat nebulous, which I suppose is attractive to some.... If it doesn't "feel" good to some subscribers, they'll ignore it, which must be your point, eh? From dthorn at gte.net Fri Dec 6 01:14:28 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 6 Dec 1996 01:14:28 -0800 (PST) Subject: The Science Generations In-Reply-To: Message-ID: <32A7E393.6AE3@gte.net> Timothy C. May wrote: > Steve brings us some important issues. Even a few crypto-related issues, later. > At 7:08 PM -0800 12/5/96, Steve Schear wrote: > >When I was doing my undergraduate work several of us built a heat-seeking > >and homing circuit which we subsequently tested in a small (24-inch) solid [snip] > I believe there have been roughly (very roughly) three genarations of > "science kids": [snip] > * Generation 3: The computer generation. The 1970s-80s, who grew up with > Commodore PETs and Apple IIs (and some later machines). These are the "new > pioneers" of the 1980s-90s, the Marc Andreesens and the like. I would guess that those who became and remained successful technically (as opposed to becoming "business people") were using HP computers and such in the 1970s. I for one was a heavy user then, and PETs, Apples, Radio Shack, etc. computers weren't reliable enough for serious work. From declan at eff.org Fri Dec 6 02:22:10 1996 From: declan at eff.org (Declan McCullagh) Date: Fri, 6 Dec 1996 02:22:10 -0800 (PST) Subject: Ira Magaziner: FREE Internet In-Reply-To: <199612060538.WAA20032@infowest.com> Message-ID: Yeah, I read the report from Magaziner's task force. Don't be taken in by the CNN story. The news on crypto is not as good as it sounds; far from it. Hold the applause. Read the report for yourself. -Declan (Jacking in from Kuala Lumpur.) On Fri, 6 Dec 1996 attila at primenet.com wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > - ---------------------------------------------------------------------- > > Just posted an hour ago on CNN > > I don't believe it! Ira Magaziner's interagency task for recommended > that the Internet be a free zone, duty free, and to try and persuade > all countries not to limit speech, encryption, etc. two days in a > row: first the SPA changed course and really balked, and now this > from an ultra-liberal! maybe there is such a thing as a spark of > freedom in the gathering darkness! > > > Ira Magaziner Task force recommends Free Zone Internet > > ===CNN post follows=== > > Magaziner recommends Free Internet </a> > >

Clinton advisers urge free market approach for Internet

> December 5, 1996
> Web posted at: 10:30 p.m. EST > >

> WASHINGTON (Reuter) -- The Internet could provide a huge > boost to the U.S. economy if the federal government pursues > "free market" policies in cyberspace, a group of President > Clinton's top advisers said in a draft report obtained by > Reuters.

> > The group, an interagency task force headed by senior > presidential adviser Ira Magaziner, recommended the > administration work globally to protect the Internet from new > taxes, censorship and other onerous forms of regulation.

> > After seven months of deliberations, the task force is > preparing to issue for public comment a report of principles and > policies the Unites States should pursue, Magaziner said in an > interview.

> > "One of the things we're trying to do with this paper is as > much say what government should not do as say what they should > do," Magaziner said."A lot of what industry is concerned > about is that governments are already beginning to take actions > around the world that would inhibit commerce."

> > The growth of Internet commerce could help boost U.S. > exports of everything from movies and news to software and > consulting services. Exports of such products totaled $40 > billion in 1995, the draft report noted.

> > The idea is to hitch U.S. exports to the speeding Internet > commerce train. Sales of goods and services online are projected > to grow to $7 billion in the year 2000, from about $1 billion > this year, according to market researchers at Jupiter > Communications.

> > "Companies have told us there would be a tremendous > potential to increase world trade across the Internet if we > could provide the right kind of environment," Magaziner said.

> > The draft report, called "A Framework for Global Electronic > Commerce," covers nine issues, from taxation and customs to > privacy and security.

> > On taxation, the draft report echoes a report issued by the > Treasury Department last month by stating no new taxes should be > imposed. Acting through the World Trade Organization,the United > States should push for the Internet to be designated a duty-free > zone, the draft said.

> > Some consumers worry their privacy will be violated > when they shop online. he report said governments should push > vendors to disclose what will be done with information about > consumers rather than dictate to merchants what they can or > cannot do with the data.

> > On some issues, such as encryption -- encoding information > in a scrambled format to provide a measure of security or > privacy -- existing administration policies may be seen as > conflicting with the free market approach of the draft report. >

> > Copyright 1996 > > Reuters Limited . All rights reserved. > > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3i > Charset: latin1 > Comment: Encrypted with 2.6.3i. Requires 2.6 or later. > > iQCVAwUBMqewuL04kQrCC2kFAQH7eAP+L4Fk1sZgMl/YhufgluegE5Xo7nCvSJ8u > rqhgBGmvE1/rY1HacDFt/4a9SgXkEfNPohkQoGnFccx1jhgZpBKbx8SQrIPPboHh > Indv5MJbvcdGYfTR0UKms1t0iCv0DiQgtyXMxvHWFVTzByaKLu4cuEgatlSmsIoK > SfRT376DqLg= > =SSQB > -----END PGP SIGNATURE----- > // declan at eff.org // I do not represent the EFF // declan at well.com // From declan at eff.org Fri Dec 6 02:29:14 1996 From: declan at eff.org (Declan McCullagh) Date: Fri, 6 Dec 1996 02:29:14 -0800 (PST) Subject: PGP in Russia In-Reply-To: <199612060321.VAA06453@manifold.algebra.com> Message-ID: A slight correction -- taking PGP out of the US is not illegal, as long as you take adequate measures under the presonal use exception to prevent your laptop from being stolen by foreign nationals and keep records of your trip for five years. At least that's what y my friend from the State Dept told me when we had dinner a few weeks ago. -Declan On Thu, 5 Dec 1996 ichudov at algebra.com wrote: > Dr.Dimitri Vulis KOTM wrote: > > harka at nycmetro.com writes: > > > it's been asked before but I don't know the current answer: Is the use > > > of PGP legal in Russia? And if it's not, how are the chances of a > > > foreigner in Russia using it anyway to get away with it? > > > > Cryptography is outlawed in Russia (search the archives for my articles > > circa April '95). You can probably get away with using it anyway, but > > they just might make an example out of you. :-) > > Severity of Russian laws is compensated by lack of their enforcement. > > I would not expect Russian authorities to look for people using PGP or > even react to complaints that certain persons use it. They might use this > law to harass people for something else though. > > Kinda similar to taking PGP on diskettes out of United States: it > is nominally illegal, but n oone bothers. > > I AM NOT A LAWYER > > - Igor. > // declan at eff.org // I do not represent the EFF // declan at well.com // From adam at rosa.com Fri Dec 6 03:53:15 1996 From: adam at rosa.com (Adam philipp) Date: Fri, 6 Dec 1996 03:53:15 -0800 (PST) Subject: Nice use of crypto... Message-ID: <3.0.32.19961206035242.006f9c7c@mail.infonex.com> While browsing for some JAVA material I can across the following article that seems like a real nice application of crypto. What is it? Oh, you can just click on the URL and find out... its 4am and I'm too tired to give a precis. http://www.javaworld.com/javaworld/jw-12-1996/jw-12-int.property.html Adam, Esq. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\ | My PGP key is available on my |Unauthorized interception violates | | home page: http://www.rosa.com |federal law (18 USC Section 2700 et| |=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-|seq.). In any case, PGP encrypted | |SUB ROSA...see home page... |communications are preferred for | | -=[ FUCK THE CDA]=- |sensitive materials. | \=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-/ If A is a success in life, then A = x + y + z. Work is x; y is play; and z is keeping your mouth shut. Albert Einstein (1879-1955) From asgaard at Cor.sos.sll.se Fri Dec 6 04:07:41 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Fri, 6 Dec 1996 04:07:41 -0800 (PST) Subject: Decline of Science ?? (Was: Stinger Specs) In-Reply-To: <199612060757.AAA23206@infowest.com> Message-ID: Attila wrote: > to participate. junior colleges are graduating students who > would not have passed out of tenth grade 20-30 years ago. Isn't this merely an effect of mass education instead of elite_only education? And the peak performers will do as well as they ever did? Doesn't every generation claim that the younger people get defective education in some sense? The Latin speakers of Gen 1 were horrified that Gen 2 didn't get a thorough understanding of classic Greek culture and geometry (but started with 'sets' and 'subsets' instead). Science is still exploding in electro-physics, digital programming, molecular biology and several other fields. (I wonder what is happening in Pure Math with No Applications - not even for Cryptography :) - these days?) And formal education is gradually loosing to actual competence. A real difference, though, is the relative lack of multidisciplinary theorists nowadays, I mean with a deep understanding of several 'unrelated' fields of knowledge. Most of us with actual competence in a certain area are SUBspecialists. This is natural since the knowledge bases have exploded to become impossible for any one man or woman to comprehend. An industrial cobol programmer probably doesn't know shit about Java (perhaps a bad example; I'm not a programmer, but I know a guy who makes a good living off cobol!) and a PCR biochemist hacking DNA doesn't know shit about immunology or molecular neurology. In bio-science there is a discipline which tries to put all such kinds of specialties into a broader understanding of the human/animal body and soul - it's called physiology, and is a declining field with chronic lack of funds; not much money in it. I'm sure there is a comparable discipline of computer science that I'm not able to name (information theory??), with similar economic problems. But there is still hope for the GMAU (Grand Meta-Analysis of the Universe); AltaVista is a new, good start for collecting ingredients :-) So, I'm not worried. When I indulge in the inevitable bashing of younger generations I stick to their bade taste of music, like rap and hip-hop (but some acid house/techno is ok), and appearance, like tatoos and piercing, and life-style, like working-out, cliff-climbing and resorting to vitamins, herbal medicine and other useless stuff. (But even so, psychodelic drugs are making a come-back which I think is a Good Thing.) Asgaard (Gen 2) From gary at systemics.com Fri Dec 6 04:13:24 1996 From: gary at systemics.com (Gary Howland) Date: Fri, 6 Dec 1996 04:13:24 -0800 (PST) Subject: Stinger Specs In-Reply-To: <3.0.32.19961205212336.006a520c@netcom14.netcom.com> Message-ID: <199612061215.NAA12924@internal-mail.systemics.com> Lucky Green wrote: > There is nothing like some real life challenges to spark a young person's > mind. Today, conducting the experiments that fueled von Braun's imagination > would be a felony. The mere posession of the chemicals he used in his early > twenties is illegal. > > This country has set out on a project to dumb the minds of its young. With > great success. Quite. I once heard a comment that young pyrotechnicians (?) go on to become either great scientists or great lawyers, presumably due to their having to explain to their parents the reason for large clouds of smoke etc. Gary From hvdl at sequent.com Fri Dec 6 04:30:03 1996 From: hvdl at sequent.com (Hans Unicorn Van de Looy) Date: Fri, 6 Dec 1996 04:30:03 -0800 (PST) Subject: Travelling With Laptops/PGP In-Reply-To: Message-ID: <9612061227.AA15287@amsqnt.nl.sequent.com> Hi Se7en, The one-and-only Evil se7en once stated: ! ! Problem: ! ! I will be spending a couple of months chilling out in Barcelona, Spain. ! I will have a local Internet account/dial-up in that city, and will use ! it to telnet into my various US-based accounts. This is how I plan to ! keep in touch with various people while I am gone. No problem there... ! Questions: ! ! 1 - Is the importation of two laptops and it's various peripheral devices ! by a US citizen into Spain going to be a problem? I know it is in some ! European countries. Not as far as I know, but then again I'm no lawer... ! 2 - Will having PGP 2.6.2, with 2048-bit keys, or any key length for this ! matter, installed on these two machines, cause a problem? Why not bring the systems with keyrings alone, and install 2.6.3ui when you are actually in Spain? ! 3 - What about having SSH and ESM installed on the laptops? Will this set ! off red flags as well? The people searching though your stuff will most likely be unaware of any of these program's. Just tell them (if they ask) that you must use it to contact another computer, just like they would use . When I visited Rome (I know that's Italy, but there is no big difference between these countries) I brought my equipment, and it was never searched, although I was asked to boot-up before entering the plane... ! Now, I see a work around if this is a problem, but would like advice on ! this also: ! ! If I generate a temporary PGP key, and distribute it prior to my departure, ! and then store it on the US-based server (not a good idea, but it is a ! temporary key, and if it is not a problem in Spain, SSH and ESM would be in ! use) then bouncing out of Spain via telnet into US-based computers to ! process encryption/decryption, key management, etc, any encryption would ! never actually take place on servers outside of the US. Why make live more difficult than it already is? ! Would this be a viable workaround? Or should I just say fuck it, and just I guess it would be a viable workaround, but I would still go for the international version of PGP. For once I could leave some stuff encrypted on my system, just in case... ! disavow myself of any reason/need for PGP for the duration of my stay? If ! this is gonna be a problem, I'll just forego anything requiring ! encryption while I am in Spain. Forget the above, just use the international version of PGP while you are in Europe, and reinstall the US version once you get back. ! I have no interest in smuggling crypto in, or defying international law ! just to use PGP for personal use. If it's not allowed, I simply won't use ! it. But, I MUST be able to bring my laptops into the country. That HAS to ! happen. See above. ! My Research: I tried to find these answers myself via conventioanl ! methods, and either there was no information available, or the embassy ! people I spoke to weren't sure. (Go figure!) So now I ask for your ! opinions. Just my $0.02. ! se7en Ciao, Hans. -- ==== _ __,;;;/ TimeWaster on http://www.IAEhv.nl/users/hvdl ============ ,;( )_, )~\| Hans "Unicorn" Van de Looy PGP: ED FE 42 22 95 44 25 D8 ;; // `--; GSM: +31 653 261 368 BD F1 55 AA 04 12 44 54 '= ;\ = | ==== finger hvdl at sequent.com for more info =================== From dlv at bwalk.dm.com Fri Dec 6 04:34:18 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 6 Dec 1996 04:34:18 -0800 (PST) Subject: [crypto] Avatar Protection? In-Reply-To: Message-ID: <07eiyD3w165w@bwalk.dm.com> "Timothy C. May" writes: > information, a la the famous "canary traps"). To whit, M recipients of the "Cypher punks" can't spell. ^ --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From pclow at extol.com.my Fri Dec 6 05:24:09 1996 From: pclow at extol.com.my (pclow) Date: Fri, 6 Dec 1996 05:24:09 -0800 (PST) Subject: PGP 5.0?? Message-ID: <96Dec7.022914gmt+0800.21897@portal.extol.com.my> Ah! You got it! ---------- > ...and isn't all.net the site of the Good Doctor Fred Cohen?? andrew From mark at unicorn.com Fri Dec 6 05:44:10 1996 From: mark at unicorn.com (Mark Grant) Date: Fri, 6 Dec 1996 05:44:10 -0800 (PST) Subject: PGP DLLs for Windows Message-ID: BTW, someone was looking for PGP DLLs for Windows. There is a PGP Tools DLL documented at http://www.cam.org/~droujav/pgp/pgplib.html, though I presume that's as patent-infringing in the US as PGP Tools. I haven't seen the code as it doesn't seem to have escaped to Europe yet. Mark |-----------------------------------------------------------------------| |Mark Grant M.A., U.L.C. EMAIL: mark at unicorn.com | |WWW: http://www.c2.org/~mark MAILBOT: bot at unicorn.com | |-----------------------------------------------------------------------| From gimonca at skypoint.com Fri Dec 6 05:46:20 1996 From: gimonca at skypoint.com (Charles Gimon) Date: Fri, 6 Dec 1996 05:46:20 -0800 (PST) Subject: Encryption/data-changing in russia (fwd) Message-ID: Forwarded message: > Date: Fri, 06 Dec 1996 14:23:48 -1000 > To: cypherpunks at toad.com > From: Benjamin Grosman > Subject: Encryption/data-changing in russia > A friend of mine who is Russian, but lives out here, frequently > corresponds with friends in Russia via email, and in the course of sending > emai, they occasionally send an attachment. However, the attachment that > _all_ his russian friends send, including the ones who use MIME capable > email clients such as Eudora, always, _always_, uuencode files, and they say > they can't do MIME. I am wondering if the encryption/data-changing laws in > Russia are so strict as to disallow MIME encoding even, but still allows UU > for some reason? > Probably has to do with the character set they're using; nothing more. -- Wild new Ubik salad dressing, not | gimonca at skypoint.com Italian, not French, but an entirely | Minneapolis MN USA new and different taste treat that's | http://www.skypoint.com/~gimonca waking up the world! | A lean, mean meme machine. From farber at cis.upenn.edu Fri Dec 6 06:03:55 1996 From: farber at cis.upenn.edu (Dave Farber) Date: Fri, 6 Dec 1996 06:03:55 -0800 (PST) Subject: EudoraWin95 3.0 /PGP plugin query Message-ID: <3.0.1.32.19961206090404.006ca494@linc.cis.upenn.edu> I am trying to find the plugin but it seems to have vanished and lkinks to it seem to fail. Anyone there who can help me find it? From schneier at counterpane.com Fri Dec 6 06:23:21 1996 From: schneier at counterpane.com (Bruce Schneier) Date: Fri, 6 Dec 1996 06:23:21 -0800 (PST) Subject: DES in IBM 730 Assembler and/or COBOL Message-ID: I need a DES (preferrably public domain, but I will pay for it) in IBM 730 assembler and COBOL. Anybody know of one? Bruce ************************************************************************ * Bruce Schneier 2,000,000,000,000,000,000,000,000,002,000, * Counterpane Systems 000,000,000,000,000,000,002,000,000,002,293 * schneier at counterpane.com The last prime number...alphabetically! * (612) 823-1098 Two vigintillion, two undecillion, two * 101 E Minnehaha Pkwy trillion, two thousand, two hundred and * Minneapolis, MN 55419 ninety three. * http://www.counterpane.com ************************************************************************ From dlv at bwalk.dm.com Fri Dec 6 06:30:30 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 6 Dec 1996 06:30:30 -0800 (PST) Subject: Proof that "cypher punks" have complete degenerated... Message-ID: No one even commented on the latest Dr. Dobbs issue. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From paul at fatmans.demon.co.uk Fri Dec 6 07:12:47 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Fri, 6 Dec 1996 07:12:47 -0800 (PST) Subject: What's a "fingerprint" ? Message-ID: <849884578.522759.0@fatmans.demon.co.uk> > Speaking about PGP.. Guys... > Whats fingerprint is need for ? And how to create it ? A key fingerprint is a unique identifier for an individual PGP key, it is used for verifying that a recieved key is authentic before signing it, to generate a PGP key fingerprint use pgp -kvc Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey" From aba at dcs.ex.ac.uk Fri Dec 6 07:27:28 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Fri, 6 Dec 1996 07:27:28 -0800 (PST) Subject: PGP 5.0?? In-Reply-To: <9612060130.AA01059@ch1d157nwk> Message-ID: <199612061027.KAA00273@server.test.net> Andrew Loewenstern writes: > someone writes: > > Wrong! You must telnet to all.net, but the correct logname > > is "getpgp" with no password. It will ask you some questions > > (like are you a US citizen), and then give you an > > export-controlled ftp directory to go to. > > > > As far as I know, however, PGP 5.0 is still in beta test, > > though you can get a snapshot from there (in source form only). > > They also have source and binaries for the latest released > > version of PGP 3. > > what are you guys talking about??? AFAIK, the most current, > released, version of PGP is 2.6.2. pgp263ia is more recent, and has more bug fixes. pgp263ui more recent still, and has the same bug fixes plus some additional functionality, minus some other functionality. Chronologically: mit pgp262 pgp263i pgp263ia pgp263ui > Version 3 is not finished and anything you may get your hands on is > a prerelease version. You won't be getting your hands on a prerelease version unless you're one of their commercial licensors. > PGP 4 and 5 simply don't exist! quite so. > > ...and isn't all.net the site of the Good Doctor Fred Cohen?? Sure is. That part I think was a practical joke. Much like suggesting someone connect to ftp site `127.0.0.1' for kewl war3z. Cohen was actively harrassing people (email to postmaster, employee, etc) who so much as pinged his site, for some unfathomable reason he viewed this as a malicious attack on the security of his machine. Adam -- print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0 > Speaking about PGP.. Guys... > Whats fingerprint is need for ? And how to create it ? A key fingerprint is a unique identifier for an individual PGP key, it is used for verifying that a recieved key is authentic before signing it, to generate a PGP key fingerprint use pgp -kvc Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey" From paul at fatmans.demon.co.uk Fri Dec 6 07:38:20 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Fri, 6 Dec 1996 07:38:20 -0800 (PST) Subject: What's a "fingerprint" ? Message-ID: <849884582.522786.0@fatmans.demon.co.uk> > Speaking about PGP.. Guys... > Whats fingerprint is need for ? And how to create it ? A key fingerprint is a unique identifier for an individual PGP key, it is used for verifying that a recieved key is authentic before signing it, to generate a PGP key fingerprint use pgp -kvc Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey" From dlv at bwalk.dm.com Fri Dec 6 07:38:56 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 6 Dec 1996 07:38:56 -0800 (PST) Subject: The House Rules At The Permanent Virtual Cypherpunks Party In-Reply-To: <199612050559.XAA19657@manifold.algebra.com> Message-ID: ichudov at algebra.com (Igor Chudov @ home) writes: > Dr.Dimitri Vulis KOTM wrote: > > > > "Cypher punks" have degenerated into an inbred cybermob whose goal in life > > is to "enforce" the "rules" that apply to "newbies" (more Cabal-speak) but > > not to the "in-crowd". > > > > Paul Bradley, the vitriolic flamer, is a good example of a "cypher punk". > > Paul doesn't know much about cryptography, but he's been harrassing Don Woo > > because Don Wood dared propose a cryprosystem. I haven't examined Don's > > proposal and don't know how good it is. Paul apparently FTP's Don's files > > but lacked the technical knowledge to understand the proposal. Paul first > > Why don't you look at it. I am interested in your comments regarding > possible attacks on Don Wood's system. Igor, If an entrepreneur wants to sell a new electrical gizmo and wants an independent review of its safety, he pays $$$ for it. Apparently one of the functions of the new brand of "cypher punks" is to provide a similar service for free. Sorry, I'm not a part of it, and I'm not *that* interested in Don's proposal. I have better use for my time. (I suspect that you too have better use of your time, like shagging your girlfriend and/or working on the robomoderated misc.jobs.* - nag, nag) I also don't think that the ease of breaking the code should be the only consideration in evaluating a low-end cryptographic product. I happen to advocate widest possible availabily of crypto for the unwashed masses - again, unlike today's "cypher punks" who think crypto is "kewl" stuff for the "3lit3 d00dz". This current pseudo-crypto crowd reminds me of a hobby I had when I was very young and New York City had hundreds of dial-up BBS's. Most of them were run by kids and their main function was the "elite" download section featuring pirated copyrighted software. I figured out a technique to download whatever I wanted from the "elite" sections without the BBS operator's knowing who it was. (They normally "validated" only someone they knew and demanded uploades for downloads. "Expropriate the expropriator", as Lenin taught us.) After a while I got tired of it because invariably the commercial software I downloaded was junk, not worth the downloading time and the disk space. Back to crypto: If someone wants to market (and support) a crypto package for the masses and gets the masses to deploy it, I take my hat off to them. It doesn't matter if the code itself can be cracked as easily as the codes used in PKZIP or MS Excel or MS Word (reportedly). If the users discover that the code isn't strong enough for their needs, they'll upgrade to stronger codes. The path from weak crypto to strong crypto is much shorter than the path from no crypto to some crypto. If the user interface and logical and transparent and provides hooks to replace the weak (non-export-controlled) crypto being shipped with a stronger one (say, by FTPing a DLL) then it's a Good Thing. Don is doing a Good Thing and the "cypher punks" are doing an evil thing. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From m1tca00 at FRB.GOV Fri Dec 6 07:43:51 1996 From: m1tca00 at FRB.GOV (Thomas C. Allard) Date: Fri, 6 Dec 1996 07:43:51 -0800 (PST) Subject: PGP 5.0?? In-Reply-To: <9612060130.AA01059@ch1d157nwk> Message-ID: <199612061541.KAA24145@bksmp2.FRB.GOV> andrew_loewenstern at il.us.swissbank.com said: > what are you guys talking about??? AFAIK, the most current, > released, version of PGP is 2.6.2. Version 3 is not finished and > anything you may get your hands on is a prerelease version. PGP 4 > and 5 simply don't exist! PGP 4 is ViaCrypt's latest version of pgp. It has some features that pgp 2.6.* doesn't have. >From the User's Manual: > > ViaCrypt PGP supports three types of keys: > > Dual-Function Keys are keys that are interoperable and > compatible with pre-4.0 versions of ViaCrypt PGP. They can be used > for encryption/decryption and for digital signatures. > > Single-Function, Encryption-Only Keys are keys that have been > designated to be used for only encryption/decryption, and cannot be > used for digital signatures. > > Single-Function, Signature-Only Keys are keys that have been > designated to be used for only digital signatures, and cannot be used > for encryption/decryption. Single function keys are not usable by > Version 2.7.1 or earlier. There is also a "business edition" with still other featuers, namely a "Corporate Access Key". See http://www.pgp.com/products/viacrypt-business.cgi rgds-- TA (tallard at frb.gov) I don't speak for the Federal Reserve Board, it doesn't speak for me. pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6 DE 14 25 C8 C0 E2 57 9D From paul at fatmans.demon.co.uk Fri Dec 6 07:46:21 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Fri, 6 Dec 1996 07:46:21 -0800 (PST) Subject: What's a "fingerprint" ? Message-ID: <849884583.522794.0@fatmans.demon.co.uk> > Speaking about PGP.. Guys... > Whats fingerprint is need for ? And how to create it ? A key fingerprint is a unique identifier for an individual PGP key, it is used for verifying that a recieved key is authentic before signing it, to generate a PGP key fingerprint use pgp -kvc Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey" From SButler at chemson.com Fri Dec 6 07:50:21 1996 From: SButler at chemson.com (Butler, Scott) Date: Fri, 6 Dec 1996 07:50:21 -0800 (PST) Subject: Gilmore / Logos Message-ID: Sorry for the spam, but does anyone know if it is true that John Gilmore and this Logos character are the same person ? Before you dismiss the idea, just think about it for a minute. Cheers Scott ;-D From paul at fatmans.demon.co.uk Fri Dec 6 07:54:34 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Fri, 6 Dec 1996 07:54:34 -0800 (PST) Subject: What's a "fingerprint" ? Message-ID: <849884579.522766.0@fatmans.demon.co.uk> > Speaking about PGP.. Guys... > Whats fingerprint is need for ? And how to create it ? A key fingerprint is a unique identifier for an individual PGP key, it is used for verifying that a recieved key is authentic before signing it, to generate a PGP key fingerprint use pgp -kvc Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey" From paul at fatmans.demon.co.uk Fri Dec 6 07:56:18 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Fri, 6 Dec 1996 07:56:18 -0800 (PST) Subject: Intellectual dishonesty Message-ID: <849884540.522598.0@fatmans.demon.co.uk> > Paul tries to suppress the discussion of crypto on this list. Before I gave up > on this list completely, I used to think that it's a veru evil thing to do. I very much doubt you have anyone whatsoever to agree with you on this. I very rarely post anything that is not crypto-relevant to this list, apart from my occasional indulgance in flaming people. > Even if there are problems with Don Wood's IPG cryptoscheme (something I don't > know to be true until I find the time to look at it myself), it's outright > evil to harrass Don the way Paul did. It's clear that Don knows more about the > field of cryptography than most people remaining on this mailing list. Don has a record of creating noise and flames on this list because he incites them, when someone refuses for example, to admit that a software generated random number stream is not a one time pad there is very little one can do to maintain a sensible discussion on the matter. Once Don conceded his system was not a one time pad I stopped protesting. As for Dons knowledge about cryptography I seem to remember him once promising to sell his company for $1 if his previous cryptosystem was broken which it summarily was. True, my flames of Don have maybe been a little more vitriolic than strictly necessary but he did ask for it.. > to on this list. Would you submit the authors of the knapsack scheme to the > same kind of abuse because it was broken? In fact, how many people are there > still on this list who know what the knapsack scheme is? No, because they would not for example initially claim the scheme was a one time pad then rant endlessly about QED and proofs of security based on statistical analysis of output data. And as to your last question I for one do know what the knapsack scheme is, its a pity there were weaknesses as it was an elegant cryptosystem. > The work of this list appears to be character assassination. If people like > Paul Bradley and Tim May insist on slandering people and trying to harm their > professional reputations (see the thread on "don't hire" lists), I will do my > best to defend them and their freedom of speech, and to expose the likes of > Paul Bradley - an ignorant buffoon out to silence anyone who knows more about > the field than he does. I am neither ignorant nor out to silence people. My knowledge of cryptography as compared to yours is not the issue, I post information and answers to questions that are of worth to the other members of the list, your knowledge of cryptography may be better or worse than my own, however, you have posted nothing crypto-relevant so we must assume you know very little. Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey" From unicorn at schloss.li Fri Dec 6 08:03:54 1996 From: unicorn at schloss.li (Black Unicorn) Date: Fri, 6 Dec 1996 08:03:54 -0800 (PST) Subject: Mondex Message-ID: Can anyone briefly discuss the anonymity features (or lack thereof) for Mondex? -- Forward complaints to : European Association of Envelope Manufactures Finger for Public Key Gutenbergstrasse 21;Postfach;CH-3001;Bern Vote Monarchist Switzerland From ark at paranoid.convey.ru Fri Dec 6 08:10:04 1996 From: ark at paranoid.convey.ru (ArkanoiD) Date: Fri, 6 Dec 1996 08:10:04 -0800 (PST) Subject: Encryption/data-changing in russia In-Reply-To: <2.2.32.19961207002348.00874dcc@healey.com.au> Message-ID: <199612061607.TAA17337@paranoid.convey.ru> nuqneH, > > whilst on the subject of PGP in Russia, I encountered something very > interesting. A friend of mine who is Russian, but lives out here, frequently > corresponds with friends in Russia via email, and in the course of sending > emai, they occasionally send an attachment. However, the attachment that > _all_ his russian friends send, including the ones who use MIME capable > email clients such as Eudora, always, _always_, uuencode files, and they say > they can't do MIME. I am wondering if the encryption/data-changing laws in > Russia are so strict as to disallow MIME encoding even, but still allows UU > for some reason? > > Any clues as to this? > 1) We do not care about computer laws. At all. 2) We just do not like mime UUENCODE is ok to send files,and we (at least i) consider MIME almost useless and annoying - MIMEish sendmails often encode russian text (8th bit set) just because they think it's kosher. I don't think so and there are still many people with MIME-unaware readers who get highly annoyed when they see mime crap instead of plain text. BTW i've seen only one REALLY mime-aware MUA,the Pine,others (incl elm) often work with national codesets.. hmm.. i can' say incorrectly but when it forgets to decode header of message.. -- _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! From paul at fatmans.demon.co.uk Fri Dec 6 08:34:34 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Fri, 6 Dec 1996 08:34:34 -0800 (PST) Subject: What's a "fingerprint" ? Message-ID: <849884583.522793.0@fatmans.demon.co.uk> > Speaking about PGP.. Guys... > Whats fingerprint is need for ? And how to create it ? A key fingerprint is a unique identifier for an individual PGP key, it is used for verifying that a recieved key is authentic before signing it, to generate a PGP key fingerprint use pgp -kvc Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey" From jya at pipeline.com Fri Dec 6 09:43:52 1996 From: jya at pipeline.com (John Young) Date: Fri, 6 Dec 1996 09:43:52 -0800 (PST) Subject: UNR_avl Message-ID: <1.5.4.32.19961206174050.006989b4@pop.pipeline.com> 12-06-96, NYT: Compromise on Encryption Exports Seems to Unravel "We really feel that there has been a bait and switch situation and I'm not going to be silent about it," said Roel Pieper, chief executive and vice chairman of Tandem Computers. A Nov. 15 executive order that transferred export oversight to Commerce contained several new wrinkles that even previous industry supporters consider potential deal breakers. For one thing, the Justice Department would play a consulting role to the Commerce Department, which industry executives see as giving law-enforcement officials too big a role in the export process. And they contend that the order prescribes a system that might enable law-enforcement officials to unscramble messages while they are being transmitted, rather than after the fact, as the IBM compromise had seemed to specify. ----- http://www.nytimes.com/library/cyber/week/1206encrypt.html UNR_avl From jc105558 at spruce.hsu.edu Fri Dec 6 10:04:01 1996 From: jc105558 at spruce.hsu.edu (jc105558 at spruce.hsu.edu) Date: Fri, 6 Dec 1996 10:04:01 -0800 (PST) Subject: Apology Message-ID: <009AC6F5.DD0C50A0.3@SPRUCE.HSU.EDU> - James - wrote: >I am writing this ... >Tim May, do >you have anything on subjest to discuss? I apologies publicly for this comment. I'm sorry Tim. My bad. - James - From tcmay at got.net Fri Dec 6 10:13:06 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 6 Dec 1996 10:13:06 -0800 (PST) Subject: The Science Generations In-Reply-To: Message-ID: At 1:12 AM -0800 12/6/96, Dale Thorn wrote: >Timothy C. May wrote: >> * Generation 3: The computer generation. The 1970s-80s, who grew up with >> Commodore PETs and Apple IIs (and some later machines). These are the "new >> pioneers" of the 1980s-90s, the Marc Andreesens and the like. > >I would guess that those who became and remained successful technically >(as opposed to becoming "business people") were using HP computers and >such in the 1970s. I for one was a heavy user then, and PETs, Apples, >Radio Shack, etc. computers weren't reliable enough for serious work. My points were about the _children_ and what they were using when they grew up. (In fact, note my use of the phrase "who grew up with Commodore PETs and Apple IIs...") Indeed, in the 1970s I was using H-P 9825s and DEC PDP 11/34s, but the teenagers of that decade were, if they were fortunate and energetic, using PETs, Apple IIs, and the like. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From perry at piermont.com Fri Dec 6 10:13:31 1996 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 6 Dec 1996 10:13:31 -0800 (PST) Subject: stop annoying me Message-ID: <199612061813.NAA21559@jekyll.piermont.com> Someone is sending me lots of requests, with forged from addresses, asking that the cryptography mailing list sign up "cypherpunks at toad.com" for the cryptography mailing list. I'm obviously not going to do it. The only result repeated requests will have is that I'll put in a regexp to filter all the mail with these stupid requests. In other words, stop. There is no point. Perry From tqdb at feist.com Fri Dec 6 10:16:09 1996 From: tqdb at feist.com (TQDB) Date: Fri, 6 Dec 1996 10:16:09 -0800 (PST) Subject: Aghast.. Message-ID: I couldn't believe my eyes when reading through Inter at ctive Week's "The Driving Forces of Cyberspace" Top 25 list I saw that Louis J. Freeh, Director of the FBI received an Honorable Mention because of him supposedly believing that "Encryption is an inalienable right." I suppose that isn't necessarily a lie, but it would need the word "Weak" added on to the front in order to qualify it. Anyway, I was quite disappointed in seeing their poor choice of this candidate. .TQDB -=| T.Q.D.B. - tqdb at wichita.fn.net - http://www.feist.com/~tqdb |=- "The term 'hacker' is not necessarily derogatory. A small percentage of them give the rest a bad name." --Special Agent Andrew Black, FBI SF Computer Crime Squad From nobody at cypherpunks.ca Fri Dec 6 10:44:42 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Fri, 6 Dec 1996 10:44:42 -0800 (PST) Subject: Gilmore / Logos Message-ID: <199612061833.KAA16864@abraham.cs.berkeley.edu> Heh. Think again. Logos is obviously someone who has a lot of time on his/her hands. Consider the volume of Gilmore over the last several months compared to the volume of Logos over the last several days. Gilmore has quite a bit more on his mind than how people behave on CP. Logos' identity is clearly not Gilmore. I doubt Gilmore even reads CP anymore. So who _is_ Logos. We know that Logos: 1)Tim May suspects who Logos is 2)Is a prolific poster 3)Intends to combat DLV/DT and other Detweilers The oddest tidbit yet is Tim May's posting to the *list* "P.S. I certainly hope this "Logos" nym is not who I suspect it is, as this will surely end our Real World friendship. A fucking bozo." This post clearly is an act of misdirection. If May had a personal bone to pick with someone he actually knows than what purpose does it serve to announce this to the list? Nothing less than to preempt the obvious assertation that Logos is Tim May. W.W. Brierson From frantz at netcom.com Fri Dec 6 10:58:45 1996 From: frantz at netcom.com (Bill Frantz) Date: Fri, 6 Dec 1996 10:58:45 -0800 (PST) Subject: The Science Generations Message-ID: <199612061858.KAA22343@netcom7.netcom.com> At 1:12 AM 12/6/96 -0800, Dale Thorn wrote: >I would guess that those who became and remained successful technically >(as opposed to becoming "business people") were using HP computers and >such in the 1970s. I for one was a heavy user then, and PETs, Apples, >Radio Shack, etc. computers weren't reliable enough for serious work. I guess those people using VisiCalc on the Apple ][ weren't doing serious work :-). (Also the many small businesses using these early machines for AR, Accounting etc.) Me, I was doing OS programming on IBM 370s. ------------------------------------------------------------------------- Bill Frantz | The lottery is a tax on | Periwinkle -- Consulting (408)356-8506 | those who can't do math. | 16345 Englewood Ave. frantz at netcom.com | - Who 1st said this? | Los Gatos, CA 95032, USA From tcmay at got.net Fri Dec 6 10:59:18 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 6 Dec 1996 10:59:18 -0800 (PST) Subject: cypher-PUNKS... In-Reply-To: <009AC690.10DDC280.3@SPRUCE.HSU.EDU> Message-ID: At 11:54 PM -0500 12/5/96, jc105558 at spruce.hsu.edu wrote: >I am writing this post to inform subcsribers of this list of the problems I >have seen in this service. The number one problem being off subject >discussion >I understand that the name of this is cypherpunks, but why not put a little >more cypher and a lot less punk. I can understand how it can all get started >One person posts some intelligent information. Then another replys >dissagreeing >with the original sender. Then the sender takes it personally, and feels >a need >to flame the other. There is nothing wrong with flaming a bit, but for the >name-sake of this mailer, please post more realevent (or at least interesting) >information. Logos take a chill pill. You aren't a policeman. Tim May, do ^^^^^^^^^^^ >you have anything on subject to discuss? ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I've initiated more threads on crypto-related and politico-crypto topics than nearly anyone else. If you haven't seen them, you've been on the list too short a time to be making such pronouncements as you've just made. --Tim May >p.s. Logos, Tim May nothing personal, I hope. And don't take it personally that "jc105558 at spruce.hsu.edu" is now in my kill file. Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From froomkin at law.miami.edu Fri Dec 6 11:40:49 1996 From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law) Date: Fri, 6 Dec 1996 11:40:49 -0800 (PST) Subject: Mondex In-Reply-To: Message-ID: http://www.law.miami.edu/~froomkin/articles/oceanno.htm#xtocid583129 http://www.privacy.org/pi/activities/mondex/ On Fri, 6 Dec 1996, Black Unicorn wrote: > > Can anyone briefly discuss the anonymity features (or lack thereof) for > Mondex? A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) ** Away from Miami -- and at times from the 'net -- Dec. 12 to Jan. 8 ** Associate Professor of Law | U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's warm here. From frantz at netcom.com Fri Dec 6 12:35:27 1996 From: frantz at netcom.com (Bill Frantz) Date: Fri, 6 Dec 1996 12:35:27 -0800 (PST) Subject: Systems with weak crypto, was: The House Rules At The Permanent VirtualCypherpunks Party Message-ID: <199612062035.MAA03484@netcom7.netcom.com> At 9:46 AM 12/6/96 -0500, Dr.Dimitri Vulis KOTM wrote: >If an entrepreneur wants to sell a new electrical gizmo and wants an >independent review of its safety, he pays $$$ for it. Apparently one of the >functions of the new brand of "cypher punks" is to provide a similar service >for free. Sorry, I'm not a part of it, and I'm not *that* interested in Don's >proposal. I have better use for my time. However, I assume that you have no objection to others reviewing Don't proposal for free (Actually for reputation). > >I also don't think that the ease of breaking the code should be the only >consideration in evaluating a low-end cryptographic product. ... > >... If someone wants to market (and support) a crypto package for >the masses and gets the masses to deploy it, I take my hat off to them. It >doesn't matter if the code itself can be cracked as easily as the codes used >in PKZIP or MS Excel or MS Word (reportedly). If the users discover that the >code isn't strong enough for their needs, they'll upgrade to stronger codes. >The path from weak crypto to strong crypto is much shorter than the path from >no crypto to some crypto. > >If the user interface and [did you mean "is" - bf] logical and transparent >and provides hooks to >replace the weak (non-export-controlled) crypto being shipped with a stronger >one (say, by FTPing a DLL) then it's a Good Thing. Good interfaces are definitely something needed for the widespread adoption of crypto, either strong or weak. However, the general opinion I have heard is that UIs with easily replaced crypto are covered by ITAR. >Don is doing a Good Thing and the "cypher punks" are doing an evil thing. If Don is contributing to better interfaces, then I agree he is doing a good thing. If all he is doing is proposing a new algorithm and describing it with, to be charitable, non-standard uses of well defined terms, then I disagree. I strongly disagree that cypherpunks are doing an evil thing by exposing the weaknesses in anyone's (including Don's) crypto system. There are many ways to contribute, and publicizing the facts about a system are one of them. ------------------------------------------------------------------------- Bill Frantz | The lottery is a tax on | Periwinkle -- Consulting (408)356-8506 | those who can't do math. | 16345 Englewood Ave. frantz at netcom.com | - Who 1st said this? | Los Gatos, CA 95032, USA From blancw at microsoft.com Fri Dec 6 12:48:42 1996 From: blancw at microsoft.com (Blanc Weber) Date: Fri, 6 Dec 1996 12:48:42 -0800 (PST) Subject: Silence is not assent (re the Vulis nonsense) Message-ID: From: Dale Thorn If you could analogize the list to a human society, then you might understand that a pattern of decadence can set in here as it does in the more visible society, as is run from Washington DC, etc. It is my hope to make a contribution here (as in the more visible society) to fight off some of that decadence, even when I get beat up on for it. ................................................. There is a huge the difference between a society of people relating to each other based on principles of coercion vs an extemporaneous society of individuals who make their own decisions (daily) about when/where/how long they will associate with another. The society run by Washington,D.C. expects that people will have no choice but to fly in formation in the direction set by the leader who represents the majority (sort of). The virtual "society" of the cpunks is only based on their interest in opening up their mail and reading a few messages here & there according to their mood of the day or the moment. It is true that formal societies, like the one which was initially intended by The Founders (of the US), often run afoul of the original purpose for which it was begun. They decay for many reasons. This is precisely one of the elements in the background of the cpunks thinking ("the founders" and others) about societies and the "ties that bind" (supposedly) us to each other: the interest in being released from that supposition that we are bound to each other and are obligated to maintain a relationship of some kind (as determined by the PC moral 'authorities'). The concepts are too involved to discuss the details on this list, but the fact that individuals do not maintain a steady and predictable course throughout their lifetime, or the lifetime of the projects which they begin, is the very reason why your attempts at "fighting off the decadence" are doomed: the objects of your attention may not hang around on the list long enough to be reformed. Remember the purpose of the list is discussion & information, not moral rehabilitation (except as it clears the intellectual air regarding privacy & potential crimes to humanity). It could happen that some decadent subscriber would "see the light" and behave themselves, but if it does I expect it would be an indirect side-effect and the result of their own desire to change their style & manners. .. Blanc > > From jfricker at vertexgroup.com Fri Dec 6 12:59:29 1996 From: jfricker at vertexgroup.com (John Fricker) Date: Fri, 6 Dec 1996 12:59:29 -0800 (PST) Subject: Proof that "cypher punks" have complete degenerated... Message-ID: <19961206205919815.AAA172@dev.vertexgroup.com> >Dr.Dimitri Vulis KOTM (dlv at bwalk.dm.com) said something about Proof that "cypher punks" have complete degenerated... on or about 12/6/96 9:17 AM > >No one even commented on the latest Dr. Dobbs issue. Oh? If you had something to follow up on my postings re: RIPEMD-160 and the Bozoki interview I didn't see them. --j ----------------------------------- | John Fricker (jfricker at vertexgroup.com) | -random notes- | My PGP public key is available by sending me mail with subject "send pgp key". | www.Program.com is a good programmer web site. ----------------------------------- From ichudov at algebra.com Fri Dec 6 13:35:51 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Fri, 6 Dec 1996 13:35:51 -0800 (PST) Subject: Stinger Specs In-Reply-To: <199612061215.NAA12924@internal-mail.systemics.com> Message-ID: <199612062132.PAA13293@manifold.algebra.com> Gary Howland wrote: > > Lucky Green wrote: > > > There is nothing like some real life challenges to spark a young person's > > mind. Today, conducting the experiments that fueled von Braun's imagination > > would be a felony. The mere posession of the chemicals he used in his early > > twenties is illegal. > > > > This country has set out on a project to dumb the minds of its young. With > > great success. > > Quite. I once heard a comment that young pyrotechnicians (?) go on to become > either great scientists or great lawyers, presumably due to their having to > explain to their parents the reason for large clouds of smoke etc. > or computer consultants - Igor. From rodger at worldnet.att.net Fri Dec 6 13:51:22 1996 From: rodger at worldnet.att.net (Will Rodger) Date: Fri, 6 Dec 1996 13:51:22 -0800 (PST) Subject: Aghast.. Message-ID: <3.0.32.19961206164801.006bf36c@postoffice.worldnet.att.net> Folks - just for the record - the Freeh summary was a CLEAR typo, or at least vague in its meaning. Someone meant to say Freeh thought it was an *alienable* right. So much for cute phraseology. Then again, anyone familiar with the numerous pieces we've run on crypto would likely have guessed at our meaning. Sen. Conrad Burns, after all, was #21 on our list. > I couldn't believe my eyes when reading through Inter at ctive Week's > "The Driving Forces of Cyberspace" Top 25 list I saw that Louis J. > Freeh, Director of the FBI received an Honorable Mention because of him > supposedly believing that "Encryption is an inalienable right." I > suppose that isn't necessarily a lie, but it would need the word "Weak" > added on to the front in order to qualify it. Anyway, I was quite > disappointed in seeing their poor choice of this candidate. And yes, my face is at least as my hair, right now....... Will Rodger Washington Bureau Chief Inter at ctive Week From rah at shipwright.com Fri Dec 6 14:00:18 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 6 Dec 1996 14:00:18 -0800 (PST) Subject: Aghast.. Message-ID: --- begin forwarded text Sender: e$@thumper.vmeng.com Reply-To: Will Rodger Mime-Version: 1.0 Precedence: Bulk Date: Fri, 06 Dec 1996 16:48:05 -0500 From: Will Rodger To: Multiple recipients of Subject: Re: Aghast.. Folks - just for the record - the Freeh summary was a CLEAR typo, or at least vague in its meaning. Someone meant to say Freeh thought it was an *alienable* right. So much for cute phraseology. Then again, anyone familiar with the numerous pieces we've run on crypto would likely have guessed at our meaning. Sen. Conrad Burns, after all, was #21 on our list. > I couldn't believe my eyes when reading through Inter at ctive Week's > "The Driving Forces of Cyberspace" Top 25 list I saw that Louis J. > Freeh, Director of the FBI received an Honorable Mention because of him > supposedly believing that "Encryption is an inalienable right." I > suppose that isn't necessarily a lie, but it would need the word "Weak" > added on to the front in order to qualify it. Anyway, I was quite > disappointed in seeing their poor choice of this candidate. And yes, my face is at least as my hair, right now....... Will Rodger Washington Bureau Chief Inter at ctive Week --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/ From haystack at cow.net Fri Dec 6 14:10:57 1996 From: haystack at cow.net (Bovine Remailer) Date: Fri, 6 Dec 1996 14:10:57 -0800 (PST) Subject: KIDNEYS STOLEN FROM A NAKED DRUGGED MAN Message-ID: <9612062156.AA26710@cow.net> | >>> A friend of mine from UT passed this story onto me from the "Daily | >>> Texan" - the University of Texas newspaper. Apparently it occured | >>> during Fall Premier -- a UT tradition that is a celebration of the | >>> end of midterms. | >>> | >>> >"Reason to not party anymore"- | >>> > | >>> > | >>> >This guy went out last Saturday night to a party. He was having a | >>> >good time, had a couple of beers and some girl seemed to like him | >>> >and invited him to go to another party. He quickly agreed and | >decided | >>> >to go along with her. She took him to a party in some apartment | >and | >>> >they continued to drink, and even got involved with some other | >drugs | >>> >(unknown which). | >>> > | >>> >The next thing he knew, he woke up completely naked in a bathtub | >>> >filled with ice. He was still feeling the effects of the drugs, | >but | >>> >looked around to see he was alone. | >>> > | >>> >He looked down at his chest, which had "CALL 911 OR YOU WILL DIE" | >>> >written on it in lipstick. He saw a phone was on a stand next to | >>> >the tub, so he picked it up and dialed. He explained to the EMS | >>> >operator what the situation was and that he didn't know where he | >was, | >>> >what he took, or why he was really calling. She advised him to get | >>> >out of the tub. He did, and she asked him to look himself over in | >>> >the mirror. He did, and appeared normal, so she told him to check | >>> >his back. He did, only to find two 9 inch slits on his lower back. | >>> >She told him to get back in the tub immediately, and they sent a | >>> >rescue team over. | >>> > | >>> >Apparently, after being examined, he found out more of what had | >>> >happened. His kidneys were stolen. They are worth 10,000 dollars | >>> >each on the black market. (I was unaware this even existed.) | >>> >Several guesses are in order: | >>> >The second party was a sham, the people involved had to be at least | >>> >medical students, and it was not just recreational drugs he was | >>> >given. | >>> > | >>> >Regardless, he is currently in the hospital on life support, | >>> >awaiting a spare kidney. The University of Texas in conjunction | >>> >with Baylor University Medical Center is conducting tissue research | >>> >to match the sophomore student with a donor. | >>> > | >>> >Any information leading to the arrest of the individuals may be | >>> >forwarded to the University of Texas Campus police, or the Texas | >>> >Rangers. | >>> > | >>> >Kimm Antell, Editor of the Daily Texan | >>> >University of Texas at Austin | >>> >Mechanical Engineering, Graduate Office | >>> > | >>> >Phone: (512) 471-7571 | >>> >Voice: (512) 475-9794 | >>> >Fax: (512) 471-8727 | >>> > | >>> > | >>> -- | >>> | >>> --------- End forwarded message ---------- | > [5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~ From gorkab at sanchez.com Fri Dec 6 14:11:27 1996 From: gorkab at sanchez.com (Brian Gorka) Date: Fri, 6 Dec 1996 14:11:27 -0800 (PST) Subject: CDA Again Message-ID: Supreme Court to hear Internet indecency case December 6, 1996 Web posted at: 2:45 p.m. EST WASHINGTON (Reuter) -- The Supreme Court agreed Friday to hear a landmark case on free-speech rights in cyberspace arising from a federal law that effectively bans indecent material on the Internet global computer network. http://www.cnn.com/US/9612/06/scotus.reut/index.html From kozubik at shoelace.FirstLink.com Fri Dec 6 14:16:39 1996 From: kozubik at shoelace.FirstLink.com (John Kozubik) Date: Fri, 6 Dec 1996 14:16:39 -0800 (PST) Subject: Strong-crypto smart cards in Singapore and Germany In-Reply-To: <199611301740.LAA29497@mailhub.amaranth.com> Message-ID: > > Does anyone understand the implications of a society moving to an > electroinc cash based system?? > Well, yes - or do you mean the implications for criminals? > All trasactions will be recorded, moitored, tracked & analysed. This is > not just the government that one has to worry about but corporations also. First of all, a lot of that information is already available - we do use credit cards for virtually everything, and also, I doubt our spending habits will be readily available to anyone who asks... > > Insurance industry: > > - Gee Mr. Jones seems that you buy too much junk food & red meat. Our > actuaries say this makes you a "high risk". > > - Gee Ms. Smith you speend too much money at the bars. Our actuaries say > you are a high risk for DUI & accidents. Well, if I were an insurance company, and I could get this data, I too would make these decisions - it makes good business sense - insurance isn't your right you know... > > Company Employment: > > - Gee Mr. Thompson you spend too much on beer & cigarettes. Oh yes we > don't like the magizines you read either. > That would suck, but really, how is everyone in the world going to get this information? > IRS: > > - Well, well, well Mr & Ms Washington our records show that you spent > $50,000 last year but only declaired $35,000 care to explain where the > extra money came from?? Hmmmm.....why exactly would one declare less than they made? If you don't agree with the tax system, use your democratic voice to change it OR get out. From musicblvd at n2k.com Fri Dec 6 14:27:28 1996 From: musicblvd at n2k.com (musicblvd at n2k.com) Date: Fri, 6 Dec 1996 14:27:28 -0800 (PST) Subject: Happy Holidays from Music Boulevard! Message-ID: <199612062227.RAA09980@riker.telebase.com> Happy Holidays! ------------------------------------------------------ Check out all of the fun at: http://www.musicblvd.com ------------------------------------------------------ Now that we we are in the hectic holiday home stretch, here is what's going on at Music Boulevard that will make your holiday shopping fast, fun, and give you the best deals around. Everything in the store is on sale now! Just for a little while longer every CD and cassette (more titles than you can shake a stick at!) is reduced at least another 10% off of our everyday low price. Our international (outside of the United States & Canada, that is) shipping rates have been dramatically lowered! So, if you are over there, you have another reason to shop here. This week's great gift ideas: *Holiday music in for every musical taste..... *Great Gift sets for everyone... *A Monster list of "Greatest hits..... Our Featured Sale Titles For The Week (at special low prices) are: *** Pop/Rock *** Prince - "Emancipation" 3 CD Set only $24.99 Enigma - "Enigma 3 - Le Roi Est Mort" $11.99 Bush - "Razorblade Suitcase" $11.99 *** Jazz *** Dianne Reeves - "Grand Encounter" $11.99 Branford Marsalis - "Dark Keys" $11.99 Pat Metheny Group - "Quartet" $11.99 *** Classical *** Leonard Bernstein - "New York Philharmonic Debut" $15.99 Pavarotti - "War Child" $11.99 Yo Yo Ma - "Appalachia Waltz" $11.99 *** Country *** Mark Chestnutt - "Greatest Hits" $11.99 Alan Jackson - "Everything I Love" $11.99 Reba McEntire - "What If It's You" $11.99 *** Eclectic *** Julio Iglesias - "Tango" $11.99 Soundtrack - "Preacher's Wife" $11.99 Music Boulevard is located on the Internet at http://www.musicblvd.com. No traffic, no lines, no hassle - just tons of music. Thanks for your continued support, and have a great holiday. Neil Roseman Manager, Music Boulevard neil.roseman at n2k.com /******************************************************************/ * If you do not want to receive any more Music Boulevard mail * * simply reply to this message with the word UNSUBSCRIBE in * * the body of the mail. * /******************************************************************/ From nobody at cypherpunks.ca Fri Dec 6 14:44:05 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Fri, 6 Dec 1996 14:44:05 -0800 (PST) Subject: Law crosses speed bumps Message-ID: <199612062235.OAA22930@abraham.cs.berkeley.edu> FTC News Release FTC TO DISTRIBUTE NEARLY $338,000 TO VICTIMS OF HIGH-TECH FRAUD FOLLOWING SETTLEMENT: Funds to be Retrieved from Bahamas In a case that will mark the first time the U.S. government has obtained an asset freeze issued by a foreign court and returned the frozen funds to American telemarketing fraud victims, the Federal Trade Commission today announced that consumers victimized by a fraudulent paging license application mill will share $337,780 out of funds that a defendant in an FTC case allegedly diverted to a Bahamian bank. The defendant is Robert Corey (also known as Michael Allen), who was a hidden principal in a company called On Line Communications, Inc. that, while headquartered in Las Vegas, Nevada, actually conducted business out of Los Angeles. The FTC charged the firm and its principals in January with making false claims to investors about the nature and value of the paging licenses it could obtain for them. Corey has agreed to disgorge a total of $362,500, of which $337,780 is for the refund pool, as part of a settlement that will end the FTC litigation against him. The FTC said it has been working with such agencies as the Securities and Exchange Commission, the Commodity Futures Trading Commission and the Justice Department to return funds hidden in overseas banks to American fraud victims, and this case is a successful example of that effort. [Ed. Note: Many details were snipped in length's best interest. If you'd like to receive a full-text copy of the 6K PR, send Email to: liz at kersur.net SUBJECT: FTC News Release ] [BY: Capitol NewsWire-D.C. Bureau-Law Correspondent ] From kkirksey at appstate.campus.mci.net Fri Dec 6 14:45:09 1996 From: kkirksey at appstate.campus.mci.net (Ken Kirksey) Date: Fri, 6 Dec 1996 14:45:09 -0800 (PST) Subject: "Family Channel" of the Internet? Message-ID: <199612062239.RAA26100@aus-c.mp.campus.mci.net> I had a rather interesting conversation today with a man who works for an individual who is getting into the ISP business. The guy freely admitted that he was not a technical kind of guy, and was only repeating what he had been told. The gist of the conversation: this company was going to try to position itself as, and I quote, "The Family Channel of the Internet" by going SurfWatch one better. If you sign up with them as your ISP, you'll only be able to access sites that they have personally inspected and approved. He said that they were going to do this, again I quote, "using the same encryption that Visa and Mastercard use." The last statment pegged my bogometer, of course. Now, since I know that I don't know everything about crypto, and I know even less about the inner workings of IP, I'm going to pose a couple of questions: 1) Is it technically possible for them to limit access to only approved IP addresses? If so, how can they do this, and is it possible to get around these measures. 2) What in the world would SET--I assume that was what he was talking about--have to do with this? 3) In general, how would you use crypto to ensure that your users only connected to approved sites, regardless of the platform or browser software they were using? I asked the guy to send me some technical details. If I receive them, I'll share unless he makes me sign an NDA. Ken From harmon at tenet.edu Fri Dec 6 14:55:24 1996 From: harmon at tenet.edu (Dan Harmon) Date: Fri, 6 Dec 1996 14:55:24 -0800 (PST) Subject: KIDNEYS STOLEN FROM A NAKED DRUGGED MAN In-Reply-To: <9612062156.AA26710@cow.net> Message-ID: This sound like the movie Harvest that came out several years ago. Dan Surf'n the singularity. On Fri, 6 Dec 1996, Bovine Remailer wrote: > | >>> A friend of mine from UT passed this story onto me from the "Daily > | >>> Texan" - the University of Texas newspaper. Apparently it occured > | >>> during Fall Premier -- a UT tradition that is a celebration of the > | >>> end of midterms. > | >>> > | >>> >"Reason to not party anymore"- > | >>> > > | >>> > > | >>> >This guy went out last Saturday night to a party. He was having a > | >>> >good time, had a couple of beers and some girl seemed to like him > | >>> >and invited him to go to another party. He quickly agreed and > | >decided > | >>> >to go along with her. She took him to a party in some apartment > | >and > | >>> >they continued to drink, and even got involved with some other > | >drugs > | >>> >(unknown which). > | >>> > > | >>> >The next thing he knew, he woke up completely naked in a bathtub > | >>> >filled with ice. He was still feeling the effects of the drugs, > | >but > | >>> >looked around to see he was alone. > | >>> > > | >>> >He looked down at his chest, which had "CALL 911 OR YOU WILL DIE" > | >>> >written on it in lipstick. He saw a phone was on a stand next to > | >>> >the tub, so he picked it up and dialed. He explained to the EMS > | >>> >operator what the situation was and that he didn't know where he > | >was, > | >>> >what he took, or why he was really calling. She advised him to get > | >>> >out of the tub. He did, and she asked him to look himself over in > | >>> >the mirror. He did, and appeared normal, so she told him to check > | >>> >his back. He did, only to find two 9 inch slits on his lower back. > | >>> >She told him to get back in the tub immediately, and they sent a > | >>> >rescue team over. > | >>> > > | >>> >Apparently, after being examined, he found out more of what had > | >>> >happened. His kidneys were stolen. They are worth 10,000 dollars > | >>> >each on the black market. (I was unaware this even existed.) > | >>> >Several guesses are in order: > | >>> >The second party was a sham, the people involved had to be at least > | >>> >medical students, and it was not just recreational drugs he was > | >>> >given. > | >>> > > | >>> >Regardless, he is currently in the hospital on life support, > | >>> >awaiting a spare kidney. The University of Texas in conjunction > | >>> >with Baylor University Medical Center is conducting tissue research > | >>> >to match the sophomore student with a donor. > | >>> > > | >>> >Any information leading to the arrest of the individuals may be > | >>> >forwarded to the University of Texas Campus police, or the Texas > | >>> >Rangers. > | >>> > > | >>> >Kimm Antell, Editor of the Daily Texan > | >>> >University of Texas at Austin > | >>> >Mechanical Engineering, Graduate Office > | >>> > > | >>> >Phone: (512) 471-7571 > | >>> >Voice: (512) 475-9794 > | >>> >Fax: (512) 471-8727 > | >>> > > | >>> > > | >>> -- > | >>> > | >>> --------- End forwarded message ---------- > | > > [5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~[5~ > From kozubik at shoelace.FirstLink.com Fri Dec 6 15:03:35 1996 From: kozubik at shoelace.FirstLink.com (John Kozubik) Date: Fri, 6 Dec 1996 15:03:35 -0800 (PST) Subject: denial of service and government rights In-Reply-To: <32A11CFB.421@gte.net> Message-ID: you were speaking of human rights, and the issue of Bush being Knighted ... just out of curiousity, why is it against the constitution for Bush to be Knighted?? Thanks From alzheimer at juno.com Fri Dec 6 15:14:10 1996 From: alzheimer at juno.com (Ronald Raygun Remailer) Date: Fri, 6 Dec 1996 15:14:10 -0800 (PST) Subject: Copyright violations Message-ID: <19961206.171251.8567.0.alzheimer@juno.com> New York Times: Thursday, December 5, 1996 Stock Hyped On Internet Resumes Trading By LESLIE EATON Peter Usinger was incensed. The Rochester business consultant was using the Internet, as he often does, to check up on a little company he had bought stock in called Omnigene Diagnostics Inc. But when Usinger reached the company's site on the World Wide Web, he did not find the usual information about its patented test to diagnose gum disease. Instead, he read that the company was in default on the license agreement that lets it use the patent -- the company's main asset. Usinger fired off an angry electronic message to the Web site manager, who had put up the information. Usinger correctly suspected the site manager was embroiled in a dispute with the company. ``If you are not able to substantiate your claims and we have to take a financial loss,'' Usinger wrote, ``we will notify our lawyers.'' The manager, Robert Gibson, shot back his own e-mail, with enough details to convince Usinger. And that was the beginning of the end of a high-technology hype that had turned Omnigene Diagnostics stock from a dud into a high flyer almost overnight. Within two weeks, the Securities and Exchange Commission halted trading in the stock and announced its action on America Online, the agency's first such use of an electronic bulletin board. With the expiration Wednesday night of the trading suspension, the cyberspace drama resumes Thursday. If the stock follows the usual pattern, it could well fall back to earth with a thud. The Omnigene Diagnostics story shows the effects Internet technology is having, for good and bad, on investors and investing. Reams of information are available -- but truthfulness and accuracy can be almost impossible to judge. Amateur investors find their way to obscure securities and mingle online with both stock promoters trying to drive prices up and short-sellers trying to drive prices down. But the tale also illustrates the changes occurring in the still young world of Internet investing. Securities regulators are becoming more aggressive about online stock fraud; at the same time, individual investors like Usinger are becoming warier and starting to use the power of the Internet to protect themselves. ``A lot has changed -- dramatically -- in the last six months,'' said John Stark, a lawyer for the SEC who specializes in Internet fraud. ``There was a real culture of trust and benevolence; now people are becoming more skeptical.'' And not a moment too soon. Online investing is growing by leaps and bounds; with that growth has come a corresponding rise in scams, including manipulation of small stocks with few shares outstanding. ``It's a growth industry,'' said William McLucas, the director of enforcement for the SEC. Regulators are investigating several suspected ``pump and dumps,'' in which the Internet is used to stir up investor enthusiasm and inflate prices. The perpetrators, who usually own shares they acquired for little or no money, sell them into the rising market. When the scam falls apart, legitimate investors are left holding the worthless shares. To be sure, such schemes have flourished for decades without the Internet. And the Omnigene Diagnostics story includes some traditional elements of stock hype, including the use of a radio talk-show host, who was paid with stock to promote the company. But the Internet was integral to the rise and fall of Omnigene Diagnostics, which is based in West Palm Beach, Fla. The stock was touted on electronic bulletin boards; clues about the company's problems first appeared on its site on the World Wide Web; the details were fleshed out using e-mail, which was also employed to alert regulators, and the company's management took to the Net to defend itself before the SEC stepped in online. When Omnigene Diagnostics first showed up on Internet bulletin boards in early October, virtually identical messages praising the company appeared on different boards, signed with different names. These messages said the company had no competition, had already racked up sales of $400,000, would have revenues of more than $2 million next year and had only 450,000 tradeable shares. Urging readers to call the company's 800 number for more information, the messages concluded, ``This could be your stock buy of the year ... Take a look NOW.'' By then, the share price of Omnigene Diagnostics, known as ``Oh My God'' because of its ticker symbol of OMGD, had already jumped from $1, where it traded over the counter -- very occasionally -- in July, to about $4. But as the Internet messages flew, so did the price, topping $6.50 by mid-November. Even early on there were voices of caution. ``Oh no, not another FL company,'' wrote someone on America Online's Investor Network. ``I have heard that a lot of scams originate out of Florida.'' Other writers noted that the company did not seem to have filed documents with the SEC, and was not traded on an exchange. But naysayers were quickly shouted down by writers who accused them of trying to profit from a drop in the stock price. The boosters hinted of a deal with Procter & Gamble, and cheered each day's rising price with lines like, ``I'm going to ride this train to the gold mine. Toooot!! TOOOOT!!'' Meanwhile, the Internet was helping to bring together two men with a rather different view of Omnigene Diagnostics: Robert Gibson, a computer programmer in Florida, and Peter Mahler, president of the company's former parent, Omnigene Inc. of Cambridge, Mass. With sales at its diagnostics unit declining, Omnigene Inc. sold the unit in May 1995 to the American Biodental Corporation, of Boca Raton, Fla., which makes dental implants. Though its testing operations continued in Cambridge, Omnigene Diagnostics was to be run from Florida. But almost from the beginning, things went wrong, Mahler said. Omnigene Diagnostics quickly fell behind on its rent and royalty payments to its former parent. Most of its staff quit, and Mahler's company went to court to evict its one-time subsidiary. Though the company dropped the suit after receiving a payment, Omnigene Diagnostics still owes it money, Mahler said. Even worse, people were confusing Omnigene Inc. with Omnigene Diagnostics and its troubles; another spinoff, Omnigene Bioproducts, mistakenly had its credit shut off, Mahler said, adding, ``It's an awful situation.'' But the final straw for Mahler may have been Omnigene Diagnostics' Web site, which had the address www.omnigene.com. The site was operated by Gibson, the computer programmer, whose main business includes running Web sites for legal process servers. Last year, at an Office Depot store in West Palm Beach, Gibson bumped into an old acquaintance, Dominic Scacci, and eventually agreed to do some programming for businesses Scacci was involved with, which included Omnigene Diagnostics. In fact, Gibson said, he ended up sharing an office with Scacci, who used his phones, computers and copier. But like Mahler, to whom he had spoken about Omnigene Diagnostics' computer system, Gibson said he was having trouble getting paid. The company did not seem to be doing nearly as much business as Scacci said. And earlier this fall, Gibson began to have suspicions about what Scacci was up to. ``The company was always short of money, and suddenly Dominic drives up in a new car,'' Gibson recalled. He also found a list, left in his computer by Scacci, that indicated the company had been issuing hundreds of thousands of free shares to Scacci's other companies, his friends and family, Gibson said. ``It started to smell,'' he said, so he called the SEC. Shares also went to Jerome Wenger, host of ``The Next Superstock,'' a program that is heard on radio stations around the country, including WEVD in New York. In an interview, Wenger said that he received the stock for serving as a consultant to bring the company to investors' attention, and that he discloses such arrangements to his listeners. On Oct. 31, Mahler sent an e-mail to Gibson complaining that the Web site's address infringed on his trademark and saying that unless the site was removed immediately, ``legal action will result.'' Instead, on Nov. 3, Gibson changed the first page of the site to the message that so irked Usinger, the Rochester investor. (Gibson also took his equipment out of the office he had shared with Scacci.) Which brings the story back to the angry e-mail sent by Usinger, who had bought several hundred shares of Omnigene Diagnostics in October. After Gibson replied to his message, Usinger said, ``all the little tricks you see in shells and scams started surfacing like little bubbles.'' So he decided to send some information to the SEC's online complaint division. He also decided to sell his stock, at a nice profit. As Usinger and a few other investors began posting their information on the bulletin boards, a free-for-all broke out in cyberspace. Some people scolded Usinger for trying to make people panic and sell their shares, and bulls and bears got into online shouting matches. Messages signed by Scacci appeared, saying that Gibson owed him money and had encoded the company's computer data. ``He demanded $10,000 to give us the key,'' read one such message posted on Nov. 7 on a bulletin board on the Silicon Investor Web site. ``I refused. This is when he decided to proceed to send falsehoods out over the Internet.'' As for the default on the patent license, a message on America Online signed Scacci6733 said that Omnigene Diagnostics ``owns the patent purchased from Omnigene Inc. It's as simple as that.'' But there were a number of things Scacci did not tell people in his messages. A former stockbroker with a history of regulatory run-ins, Scacci has filed for personal bankruptcy protection twice, according to regulatory records. Scacci was the agent for something called the Austria International Fund, which was based in the Bahamas, according to documents filed with the SEC by American Biodental. These filings say that it was really the fund, not American Biodental, that spent $189,000 to buy Omnigene Diagnostics. Omnigene Diagnostics was spun off in January, shortly before American Biodental filed for bankruptcy protection. But American Biodental's shareholders never received any OMGD shares, said Ingo Kozak, a director of American Biodental, which has changed its name to Biolok International Inc. Scacci said in a brief interview last week that, on the advice of his lawyers, he could not answer questions about the Omnigene situation. But he said his previous regulatory difficulties were basically problems with record-keeping. And he denied being the agent for the Austria International Fund. On Nov. 20, the SEC said it was suspending trading in Omnigene Diagnostics' shares for 10 business days, the maximum allowed. The reason: questions about the company's ``alleged ownership and other rights as to certain patents and trademarks, ODI's sales, past and projected, ODI's operations and facilities, and the number of freely traded shares.'' The SEC posted a notice of the halt on America Online's bulletin board because ``it looks like one of the vehicles people were using to disseminate a substantial amount of hype'' about the company, said McLucas, the enforcement chief, adding that he expects the agency to make similar electronic announcements in the future. Whether the SEC will go after anyone it believes has hyped the stock electronically is unknown; the commission never comments on current investigations. The company's fate will become clearer Thursday, when trading can resume -- which will occur only if brokerage firms are confident they have enough information to make bids on the stock. In the past, stocks in which trading has been suspended have tended to plunge when it resumes. Gibson is still unhappy about his run-in with Omnigene Diagnostics and the investors who excoriated him online. But, he said, ``the good news is that this stuff can come to the surface quicker because of the open lines of communication'' that the Internet allows. As for Usinger, he said that his Omnigene experiences have made him a more cautious investor. And that despite the abuse he received from some online critics, he does not regret having shared his discoveries about the company with his fellow Internet investors, some of whom also got their money out before trading was halted. ``I thought everyone should know this,'' he said. ``It's the difference between having something more before Christmas and having nothing.'' New York Times: Thursday, December 5, 1996 Mastercard's "Smart Card" Builds Support By SAUL HANSELL Seven financial giants, including Wells Fargo, Chase Manhattan and Dean Witter, Discover, have agreed to market the Mondex electronic-cash product in the United States. The Mondex ``smart card,'' which was developed in Britain, is a plastic card containing a computer chip that can be used to make purchases in vending machines, via pay telephones and over the Internet. Customers can transfer money onto and off the card at an automated teller machine or by using a specially equipped telephone. The backing ensures that Mondex will be one of the leading systems in the country as the market for smart cards evolves. Last month Mastercard International bought 51 percent of the international arm of Mondex, which will sell franchises in various regions. The seven companies plan to announce Thursday that they will form a company to offer Mondex in the United States. Wells Fargo & Co. will own 30 percent of Mondex USA, Chase will own 20 percent, and 10 percent stakes will each be owned by Dean Witter, AT&T, First Chicago NBD, Michigan National Bank and Mastercard. This group will license the right to issue Mondex cards to other financial companies. The card will get its major introduction in the United States in New York City as part of a test by Chase and the Citibank unit of Citicorp. That test, which will involve 50,000 consumers and 500 merchants, was to have introduced another smart-card system, Mastercard Cash. But when Mastercard bought Mondex, it abandoned that system, and Chase will have to modify its systems to use Mondex. ``We were moving along at a real good pace and expected to deliver Mastercard Cash, as promised, in the first quarter,'' said Ronald Braco, senior vice president of Chase. ``But we felt it would be foolish to go forward. Chase is not in the business of having our customers test technology that has no future.'' In the New York test, Citibank will use the Visa Cash smart-card system by Visa International. A primary goal of the test is to develop terminals for merchants to use that will be able to accept both the Visa and the Mondex cards. Unlike Visa Cash and other smart-card programs, Mondex allows people to transfer money between their cards, allowing a parent to put money on a child's card, for example. The transfers use a $100 calculating device called an electronic wallet. The owners of Mondex will conduct several tests in the next year. Plans call for introducing the product more widely in 1998. Initial tests of smart cards -- such as the high-profile introduction Visa Cash had at the Atlanta Olympics -- have shown that the technology is effective but that consumer demand is tepid. ``The technology works well, but the consumer proposition has not been a grand-slam home run,'' said Janet Crane, president of Mondex USA. ``Cash works fine, and getting people to replace something they are quite happy with is very hard.'' Ms. Crane said that additional smart-card applications, such as shopping on the Internet, and frequent-buyer rewards at fast-food restaurants would help spur Mondex's acceptance. Still, it is unclear who will be willing to bear the costs of introducing expensive new technology. Merchants have to buy new terminals that now cost about $500. The cards themselves cost $10 each wholesale. And Mondex USA will charge banks that issue the cards 25 cents each time money is transferred to Mondex cards. The banks, in turn, are expected to pass this fee and their own costs to customers. The inclusion of Dean Witter puts that company in the unusual role of cooperating with Mastercard, which has stringent rules against linking its brand with rival credit-card marketers like Discover. Shawn Healy, a Mastercard spokesman, said that unlike credit cards, Mondex was meant to be an ``open system.'' Dean Witter's main interest is in offering merchants the ability to accept Mondex cards. The company has not decided yet whether to add a chip that can store Mondex cash on its Discover cards or to offer Mondex as a separate product. American Banker: Thursday, December 5, 1996 Wells, Chase Take Lead Stakes As Seven Invest in Mondex USA By JEFFREY KUTLER Wells Fargo & Co. and Chase Manhattan Corp. head a group of seven U.S. companies making equity investments in the Mondex smart card system. Wells and Chase -- through subsidiaries Wells Fargo Bank and Texas Commerce Bank -- have acquired 30% and 20%, respectively, of Mondex USA, the global payment organization's U.S. franchise. They will be joined by five 10% owners in a formal announcement today of the launching of Mondex USA. It will be based in San Francisco, with Wells Fargo executive Janet Hartung Crane as president and chief executive officer. "We have an impressive group of well-capitalized players who are making very significant, long-term commitments," Ms. Crane said in an interview Wednesday. She said her unit would begin in earnest to staff up in January -- it has heretofore relied on about 15 Wells people led by Ms. Crane and executive vice president Dudley Nigg - to "propel Mondex in the United States." Along with Wells and Texas Commerce, two other national banks -- subsidiaries of First Chicago NBD Corp. and Michigan National Corp. -- got approval this week from the Office of the Comptroller of the Currency to participate in Mondex USA. Also owning 10% each will be three nonbanks that did not require OCC clearance: Dean Witter, Discover & Co.; AT&T Corp.'s Universal Card Services unit; and MasterCard International Inc. Only Wells and AT&T were previously listed as Mondex owners. They and Natwest Group, the London banking company that developed Mondex, were the first equity participants in Mondex USA and were among the 17 "global founders" of the Mondex International umbrella organization incorporated in July. Wells and AT&T "sold down" their interests to accommodate the five additional partners, Ms. Crane said. And Natwest Group completely sold what was designed to be a temporary, minority stake. Meanwhile, Mondex International is in a state of flux, awaiting MasterCard's purchase of a 51% interest, leaving the U.S. company, Mondex UK, and other regional entities with pieces of the remaining 49%. The U.S. owners did not disclose the value of their equity stakes. It has been publicly acknowledged only that the original capitalization of Mondex USA was 30 million British pounds, or about $50 million. That is likely to be a fraction of the marketing and development expenditures required to realize Mondex's vision of "global electronic cash." "This is something that is definitely not going to be a smashing success in one year," Ms. Crane said. But given Mondex's blue-chip backing and the owners' desire to sign others as card issuers, merchant-acquirers, and licensees, Ms. Crane said she has every reason to be confident. As evidence that momentum is already building, she cited growing trials in Britain and Canada, the rapid sign-up of 12,000 cardholders for a test in Hong Kong, and commitments from technology vendors like Verifone Inc. to create the necessary infrastructure. Infrastructure-building and pilot testing are the Mondex USA priorities for 1997, the CEO said. Wells has 800 employees using the chip cards at 22 merchants; AT&T just launched a 200-employee test in Jacksonville, Fla., and is planning to handle "virtual" transactions via the Internet and intranets. The last will demonstrate Mondex's ability to operate in both the physical and virtual worlds, which Ms. Crane said gives Mondex a unique advantage. An eagerly awaited New York City trial -- the first attempt by MasterCard and Visa to prove their competing technologies can "interoperate" -- has been put off from the first to the fourth quarter next year, in part to let MasterCard implement the Mondex system. Each of the Mondex USA owners has a seat on the board of directors, with Mr. Nigg of Wells as chairman. Ms. Crane, who joined Wells a year ago from MasterCard, is also a director as well as Mondex International vice chairman. The others are Walter Korchin, senior vice president and general counsel of AT&T Universal Card Services; Ronald Braco, senior vice president at Chase; William Simmons, executive vice president of Novus, the Dean Witter merchant services unit; Bruce Nyberg, senior vice president, First Chicago NBD; Alan Heuer, MasterCard's U.S. region president; and Michael King, senior vice president of alternative delivery at Michigan National. Michigan National's parent, National Australia Bank, is a Mondex global founder. Mondex USA actually consists of two Delaware-incorporated entities: a services company headed by Ms. Hartung and a lower-profile originating company charged with monetary operations and risk management issues. Wells Fargo vice president Jim Rudd is president of the latter. From nelson at media.mit.edu Fri Dec 6 15:36:02 1996 From: nelson at media.mit.edu (Nelson Minar) Date: Fri, 6 Dec 1996 15:36:02 -0800 (PST) Subject: summary of talk by Birgit Pfitzmann on "Asymmetric and Anonymous Fingerprinting" Message-ID: <199612062335.SAA09798@hattrick.media.mit.edu> I just heard an interesting talk by Birgit Pfitzmann of the University of Hildesheim on "asymmetric and anonymous fingerprinting". I thought I'd write up a little summary of the techniques she presented, what they are good for. More detail (including papers) is available on the web at http://www.semper.org/sirene/ see below for specific references Quick summary: background for what fingerprints are and what they're good for traditional fingerprints are symmetric - buyer and merchant both have the fingerprinted data scheme for asymmetric fingerprinting so only buyer has the fingerprint but merchant can still trace fingerprint scheme for anonymous asymmetric fingerprinting so buyer remains anonymous Fingerprinting is something like watermarking. The basic idea is giving merchants of data some way to protect themselves if unauthorized copies of the data are made. Watermarking is useful for proving that a document came from some provider. Fingerprinting goes further in that the merchant gives different buyers subtly different copies of the data - if a copy shows up, the merchant can look at the fingerprint imbedded in the data and figure out who leaked the copy. Traditional fingerprinting has a few hard problems. First, the fingerprint marks need to be embedded in the data without causing any significant change to the data itself. But this goal is in tension with the goal of having the fingerprint survive through potentially lossy transforms. Ie, if I want to fingerprint an audio stream I could modify some of the least significant bits. But then if that audio stream were compressed through some lossy filter the fingerprint might be removed. Furthermore, you want to make it difficult for multiple buyers to collude to remove your fingerprint. Ie: if two buyers compare their purchased data they can identify the parts that are different and conclude that these parts are part of the fingerprint. A good fingerprint coding will make this sort of collusion difficult, although there's a tradeoff between the size of the fingerprint and the number of colluders you can protect against. In a typical fingerprint protocol the merchant calculates the fingerprint, applies it to the data, and then gives the marked copy to the buyer. This is OK except that it means that if an illicit copy of the data shows up no one can prove whether it was the buyer who was responsible for the copy or if it was the merchant. At first glance this might seem silly (what incentive does the merchant have to make illegal copies?) but you can imagine several scenarios where this is a problem. For instance, the buyer wants to be sure it's impossible for the merchant to frame him or her. Also if the merchant's data storage is insecure then someone could steal the merchant's copy and the buyer would be falsely accused. So traditional fingerprints are something like symmetric authentication schemes: both the merchant and the buyer have the secret. The asymmetric fingerprint scheme presented provides a way for the merchant to guarantee that the buyer gets a fingerprinted copy of the data but *the merchant never has a copy of the data with the fingerprint*. Ie: the fingerprinted version is a secret that only the buyer has. This is analagous to asymmetric authentication: people can check that the fingerprint belongs to a buyer but they can't generate it. If a copy with the fingerprint is released then the world knows which buyer is to blame. The details of how this is accomplished were presented but I confess I didn't follow them very closely. Each buyer has a public/secret key pair: the fingerprint is keyed to the buyer's secret key. With a bit commitment algorithm it's possible to arrange it so that the merchant can generate a fingerprint based on the buyer's secret key without actually seeing the key or the fingerprint itself. The merchant can check if a copy of his data came from a buyer by checking the fingerprint with the buyer's public key. I'm sure the paper has the details of the actual algorithm. The system sketched above is not anonymous - the merchant knows the identity of the buyer. The next goal is to make it possible for a buyer to get a fingerprinted copy of data from the merchant without revealing his or her identity. Full anonymity is currently not possible. I didn't follow this very well, but my understanding is there's some scheme where the buyer registers a pseudonym with a third party who then works with the merchant to perform the transaction. The third party doesn't need to be trusted. Consult the web site for details. Overall, this work seems like a nice improvement on fingerprinting schemes. The asymmetry seems like a big win to me. The two directly relevant papers are linked from http://www.semper.org/sirene/lit/abstr96.html Birgit Pfitzmann, Matthias Schunter: Asymmetric Fingerprinting; Eurocrypt 96, LNCS 1070, Springer-Verlag, Berlin 1996, 84-95. Birgit Pfitzmann, Michael Waidner: Anonymous Fingerprinting; IBM Research Report RZ 2881 (#90829) 11/18/96, IBM Research Division, Z�rich, Nov. 1996. From nobody at zifi.genetics.utah.edu Fri Dec 6 15:45:32 1996 From: nobody at zifi.genetics.utah.edu (Anonymous) Date: Fri, 6 Dec 1996 15:45:32 -0800 (PST) Subject: Elliptic curves Message-ID: <199612062345.QAA11915@zifi.genetics.utah.edu> The arrival of warm weather is heralded by the pig shit (or whatever kind of shit Intel swines have for brains) getting soft in Timothy C[unt] May's mini-cranium and the resulting green slime seeping through key cocaine- and syphilis- damaged nose and onto his keyboard. ^ ^ (o o) Timothy C[unt] May ( ) \___/ !_! From EALLENSMITH at ocelot.Rutgers.EDU Fri Dec 6 15:57:11 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Fri, 6 Dec 1996 15:57:11 -0800 (PST) Subject: Decline of Science ?? (Was: Stinger Specs) Message-ID: <01ICP7V0UQ80AEL0DS@mbcl.rutgers.edu> From: IN%"asgaard at Cor.sos.sll.se" "Asgaard" 6-DEC-1996 09:42:25.11 >and a PCR biochemist hacking DNA doesn't know shit about immunology >or molecular neurology. In bio-science there is a discipline >which tries to put all such kinds of specialties into a broader >understanding of the human/animal body and soul - it's called >physiology, and is a declining field with chronic lack of funds; >not much money in it. I'm sure there is a comparable discipline While not a bio_chemist_, I am a molecular geneticist who has heavily used PCR in the past - and am interested in learning more about why particular "tweaks" work the way they do. I'm also probably more familiar with immunology and with molecular neurology (at least if you're meaning neuropsychopharmacology) than most scientists outside those fields - certainly more so than most people. There are still a few of us like that... and I'm Generation 3 in TCMay's terminology. BTW, I have taken physiology, and in its human physiology manifestation it's actually a growing field in the biomedical sciences area. Sure, a lot of people are overspecializing up the wazoo... but those of us who don't are getting more done. -Allen From drink at aa.net Fri Dec 6 16:57:33 1996 From: drink at aa.net (! Drive) Date: Fri, 6 Dec 1996 16:57:33 -0800 (PST) Subject: Please post Eudora PGP plugin URL Message-ID: <3.0.32.19691231160000.0069f468@aa.net> Or Email it to me Thanks in advance From markm at voicenet.com Fri Dec 6 17:00:37 1996 From: markm at voicenet.com (Mark M.) Date: Fri, 6 Dec 1996 17:00:37 -0800 (PST) Subject: "Family Channel" of the Internet? In-Reply-To: <199612062239.RAA26100@aus-c.mp.campus.mci.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 6 Dec 1996, Ken Kirksey wrote: > 1) Is it technically possible for them to limit access to only approved > IP addresses? If so, how can they do this, and is it possible to get > around these measures. Packet filters can do this. This could be thwarted by using a proxy located on a trusted host. There are more complicated ways (source routing, IP spoofing, etc.) but these would require the cooperation of the target host. Very improbable. > 3) In general, how would you use crypto to ensure that your users only > connected to approved sites, regardless of the platform or browser > software they were using? Crypto would probably only be used for authentication. A simple password system would work, but wouldn't be as secure, of course. The ISP could pass the packets through the appropriate filter rules depending on the user. I don't know how much overhead would be associated with this technique, but it seems to be the most secure way to do this. > > I asked the guy to send me some technical details. If I receive them, > I'll share unless he makes me sign an NDA. > > Ken > Mark - -- finger -l for PGP key PGP encrypted mail prefered. 0xf9b22ba5 now revoked -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMqjCVSzIPc7jvyFpAQE7egf+OMTzXyu/zzEg1+KE1v1/LgoyKXFc6QSr 7X5cqhyyX7kDzjUC+g/yklu9AQK1PRpM8SsYTP5uSSEWW/joBjMmUaVPdlnTctgD Osa8rE2EPL1QkojK3thEaSn5OrxAzmEvTYnhJH53c2WIPFpsGm1Ipi9SHaMGQtgY xFFR03gRSN1TeiULYzQHWXdovKFWFFNtYNgGTHd1et/TJvr67E30zRjOMIP0fD21 GN6fOPMsbbdtEwQsohrUkdsR+kMcOJDtYvBP/eJm4WCiie8SrEhCBSS7SKmkaWzX zzc/UOIX3/LY9t5dt52fO4T8vNfoSsc4plc5wIsDkJbdbBwc9RlCsw== =tFgY -----END PGP SIGNATURE----- From Adamsc at io-online.com Fri Dec 6 17:23:35 1996 From: Adamsc at io-online.com (Adamsc) Date: Fri, 6 Dec 1996 17:23:35 -0800 (PST) Subject: Decline of Science ?? (Was: Stinger Specs) Message-ID: <19961207012015890.AAD166@rn29.io-online.com> On Fri, 6 Dec 1996 13:10:57 +0100 (MET), Asgaard wrote: >> to participate. junior colleges are graduating students who >> would not have passed out of tenth grade 20-30 years ago. > > > >Isn't this merely an effect of mass education instead of >elite_only education? And the peak performers will do as Not really; high schools have gotten worse -- it was amusing for me to read Robert Heinlein's rant in the first chapters of "Have spacesuit..." because the school he was complaining about would have been GOOD today. >A real difference, though, is the relative lack of multidisciplinary >theorists nowadays, I mean with a deep understanding of several >'unrelated' fields of knowledge. Most of us with actual competence >in a certain area are SUBspecialists. This is natural since the >knowledge bases have exploded to become impossible for any one man >or woman to comprehend. An industrial cobol programmer probably >doesn't know shit about Java (perhaps a bad example; I'm not >a programmer, but I know a guy who makes a good living off cobol!) You aren't that far off - at our developer's conference most people didn't know why Java was so hot. Particularly funny since Acucobol users have been getting that compile-once/run-anywhere ability for quite awhile. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From ichudov at algebra.com Fri Dec 6 17:39:14 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Fri, 6 Dec 1996 17:39:14 -0800 (PST) Subject: Elliptic curves In-Reply-To: <199612062345.QAA11915@zifi.genetics.utah.edu> Message-ID: <199612070132.TAA15751@manifold.algebra.com> boring igor Anonymous wrote: > > The arrival of warm weather is heralded by the > pig shit (or whatever kind of shit Intel swines > have for brains) getting soft in Timothy C[unt] > May's mini-cranium and the resulting green > slime seeping through key cocaine- and > syphilis- damaged nose and onto his keyboard. > > ^ ^ > (o o) Timothy C[unt] May > ( ) > \___/ > !_! > - Igor. From azur at netcom.com Fri Dec 6 17:40:20 1996 From: azur at netcom.com (Steve Schear) Date: Fri, 6 Dec 1996 17:40:20 -0800 (PST) Subject: KIDNEYS STOLEN FROM A NAKED DRUGGED MAN Message-ID: I heard an almost identical story from a security guard at DEFCON IV last july in Las Vegas. He said it happened in the hotel where he was working (not the Monte Carlo, which had just opened) in 1995. The management managed to cover the event up and it never, according to him, appeared in the local papers. >| >>> A friend of mine from UT passed this story onto me from the "Daily >| >>> Texan" - the University of Texas newspaper. Apparently it occured >| >>> during Fall Premier -- a UT tradition that is a celebration of the >| >>> end of midterms. >| >>> >| >>> >"Reason to not party anymore"- >| >>> > >| >>> > >| >>> >This guy went out last Saturday night to a party. He was having a >| >>> >good time, had a couple of beers and some girl seemed to like him >| >>> >and invited him to go to another party. He quickly agreed and >| >decided >| >>> >to go along with her. She took him to a party in some apartment >| >and >| >>> >they continued to drink, and even got involved with some other >| >drugs >| >>> >(unknown which). >| >>> > >| >>> >The next thing he knew, he woke up completely naked in a bathtub >| >>> >filled with ice. He was still feeling the effects of the drugs, >| >but >| >>> >looked around to see he was alone. >| >>> > >| >>> >He looked down at his chest, which had "CALL 911 OR YOU WILL DIE" >| >>> >written on it in lipstick. He saw a phone was on a stand next to >| >>> >the tub, so he picked it up and dialed. He explained to the EMS >| >>> >operator what the situation was and that he didn't know where he >| >was, >| >>> >what he took, or why he was really calling. She advised him to get >| >>> >out of the tub. He did, and she asked him to look himself over in >| >>> >the mirror. He did, and appeared normal, so she told him to check >| >>> >his back. He did, only to find two 9 inch slits on his lower back. >| >>> >She told him to get back in the tub immediately, and they sent a >| >>> >rescue team over. >| >>> > >| >>> >Apparently, after being examined, he found out more of what had >| >>> >happened. His kidneys were stolen. They are worth 10,000 dollars >| >>> >each on the black market. (I was unaware this even existed.) >| >>> >Several guesses are in order: >| >>> >The second party was a sham, the people involved had to be at least >| >>> >medical students, and it was not just recreational drugs he was >| >>> >given. >| >>> > >| >>> >Regardless, he is currently in the hospital on life support, >| >>> >awaiting a spare kidney. The University of Texas in conjunction >| >>> >with Baylor University Medical Center is conducting tissue research >| >>> >to match the sophomore student with a donor. >| >>> > >| >>> >Any information leading to the arrest of the individuals may be >| >>> >forwarded to the University of Texas Campus police, or the Texas >| >>> >Rangers. >| >>> > From dlv at bwalk.dm.com Fri Dec 6 17:50:40 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 6 Dec 1996 17:50:40 -0800 (PST) Subject: Apology In-Reply-To: <009AC6F5.DD0C50A0.3@SPRUCE.HSU.EDU> Message-ID: <81iJyD1w165w@bwalk.dm.com> jc105558 at spruce.hsu.edu writes: > - James - wrote: > >I am writing this > ... > >Tim May, do > >you have anything on subjest to discuss? > > I apologies publicly for this comment. I'm sorry Tim. My bad. > > - James - Another "newbie" beaten into submission by the cybermob. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From osborne at gateway.grumman.com Fri Dec 6 18:08:04 1996 From: osborne at gateway.grumman.com (Rick Osborne) Date: Fri, 6 Dec 1996 18:08:04 -0800 (PST) Subject: "Family Channel" of the Internet? Message-ID: <3.0.32.19961206210712.0091fda0@gateway.grumman.com> At 05:40 PM 12/6/96 -0500, Ken Kirksey wrote: >1) Is it technically possible for them to limit access to only approved >IP addresses? If so, how can they do this, and is it possible to get >around these measures. Oh yeah, very easily. Can you say 'proxy server'? Corporations [including the one I work for] have been using them for quite some time to control Internet access. For example, everytime I try to hit anything in the GeoCities domain I get a nice little message saying I've been caught and to stop being naughty. You can get around it by using services (like Anonymizer) beyond the proxy server that get pages, files, etc for you. Assuming, of course, that the ISPs don't block those as well. >2) What in the world would SET--I assume that was what he was talking >about--have to do with this? Absolutely nothing. >3) In general, how would you use crypto to ensure that your users only >connected to approved sites, regardless of the platform or browser >software they were using? I wouldn't. It's not even a crypto issue. That's like asking how you would use your tea kettle to peel this orange: sure, you *could* do it, but why? I think your pegged 'bogometer' had it pegged. -Rick Rick Osborne / osborne at gateway.grumman.com / Northrop Grumman Corporation ------------------------------------------------------------------------- Double your drive space - delete Windows! From jimbell at pacifier.com Fri Dec 6 18:32:49 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 6 Dec 1996 18:32:49 -0800 (PST) Subject: PGP in Russia Message-ID: <199612070232.SAA04844@mail.pacifier.com> At 02:29 AM 12/6/96 -0800, Declan McCullagh wrote: >A slight correction -- taking PGP out of the US is not illegal, as long >as you take adequate measures under the presonal use exception to prevent >your laptop from being stolen by foreign nationals and keep records of >your trip for five years. At least that's what y my friend from the State >Dept told me when we had dinner a few weeks ago. Don't the ITARs say it's illegal to "disclose" that material to a foreign person? If that's the case, then presumably a person could take the material out of the country without "disclosing it," or he could "disclose" it to that foreign person inside the US. True, the government seems to have already taken the position that there is a personal-use exemption, but so far we haven't heard any action with regards to in-country disclosure to a foreigner. I'm not trying to give them any nasty ideas, but a domestic sting with this as its nexus seems possible. Jim Bell jimbell at pacifier.com From furballs at netcom.com Fri Dec 6 18:34:24 1996 From: furballs at netcom.com (furballs) Date: Fri, 6 Dec 1996 18:34:24 -0800 (PST) Subject: Decline of Science ?? (Was: Stinger Specs) In-Reply-To: Message-ID: On Fri, 6 Dec 1996, Asgaard wrote: > > Attila wrote: > > > to participate. junior colleges are graduating students who > > would not have passed out of tenth grade 20-30 years ago. > > > > Isn't this merely an effect of mass education instead of > elite_only education? And the peak performers will do as > well as they ever did? Doesn't every generation claim that > the younger people get defective education in some sense? > The Latin speakers of Gen 1 were horrified that Gen 2 didn't > get a thorough understanding of classic Greek culture and > geometry (but started with 'sets' and 'subsets' instead). I disagree. The parochial schools (at least in Oregon) are also showing declining test scores. As a parent I make it a habit to look through the text books to see what they are teaching - and as expected, the Revisionists have not only rewritten and deleted much of the relavent American and World history, but have watered down the math and science to the point or ludicracy in some cases. Let's face it, when Bill Nye the Science Guy is the most popular and the *most informative* science educational show on the mass media tube - we've got more than a little problem (For the Bill Nye fans - yes I do enjoy watching the show with my younger kids). As a second oberservation, much of the yuppie/hippie generations dont seem to give a damn about what their kids are taught - but more that the grades are good and they qualify for the "right" schools. Many of these schools (college's) are finding that they have to teach the rudiments before moving onto what they would have taught first year had the kids come properly educated in the first place. Having lived in a number of school districts (some better than others), the problem of parental non-participation and NEA interference is endemic at those institutions where my children have attended. I have even taken on teachers and adminstrators over the issues of lack of home work, why my children have *not* read literature such as Shakespeare, why they are not learning about the Founding Father's, why Columbus is considered politically incorrect, why they are not requiring Algebra prior to the Senior year in High School, why my children must be subject to "sensitivity training" as *part* of the curriculum, and the list goes on. The US spends more money per child each year, but the level of education and necessary skill drilling keeps declining, being replaced by courses in sex education, diversity training, etc. - creating a class of state indoctrinated, functionally illiterate, non-competative individuals that think the goverment is mom and pop. As for the best and the brightest, they will only succeed if the parents take responsibility for managing their kid's education. I know Attila's kids personally, and just about any one of them is intellectually capable and educated enough to mop the floor with a majority of posters I have seen on this list. Why? Because he has spent years fostering their inquisitive nature and getting them to push themselves along - outside of and at the expense of the teachers' and administrators' sanity. > > Science is still exploding in electro-physics, digital > programming, molecular biology and several other fields. > (I wonder what is happening in Pure Math with No Applications > - not even for Cryptography :) - these days?) And formal > education is gradually loosing to actual competence. > Interesting point. More to the point, where is the innovation in the field coming from? Europe ? Asia? US? elsewhere? > A real difference, though, is the relative lack of multidisciplinary > theorists nowadays, I mean with a deep understanding of several > 'unrelated' fields of knowledge. Most of us with actual competence > in a certain area are SUBspecialists. This is natural since the > knowledge bases have exploded to become impossible for any one man > or woman to comprehend. An industrial cobol programmer probably > doesn't know shit about Java (perhaps a bad example; I'm not > a programmer, but I know a guy who makes a good living off cobol!) > and a PCR biochemist hacking DNA doesn't know shit about immunology > or molecular neurology. In bio-science there is a discipline > which tries to put all such kinds of specialties into a broader > understanding of the human/animal body and soul - it's called > physiology, and is a declining field with chronic lack of funds; > not much money in it. I'm sure there is a comparable discipline > of computer science that I'm not able to name (information theory??), > with similar economic problems. But there is still hope for the GMAU > (Grand Meta-Analysis of the Universe); AltaVista is a new, good start > for collecting ingredients :-) > I will agree with you here. It has been said to me many times by Buisness types and Scientists that the days of the Generalist have long since died. One must specialize in order to survive. While there may be a certain amount of truth to that - it is a short sighted and disasterous claim at best, as it precludes the visonaries who understand the big picture and can collect, organize, and execute designs the push us forward with useful innovations. > > So, I'm not worried. When I indulge in the inevitable bashing of > younger generations I stick to their bade taste of music, like rap > and hip-hop (but some acid house/techno is ok), and appearance, like > tatoos and piercing, and life-style, like working-out, cliff-climbing > and resorting to vitamins, herbal medicine and other useless stuff. > (But even so, psychodelic drugs are making a come-back which I think > is a Good Thing.) > > > Asgaard (Gen 2) > Every generation has their "rebellious" stage designe to piss off the "establishment". What I find amusing is that liberal parents are horrified when their kids, cut their hair, take an interest in education, economics and politics, and turn conservative as a result. :-) ...Paul From furballs at netcom.com Fri Dec 6 18:43:05 1996 From: furballs at netcom.com (furballs) Date: Fri, 6 Dec 1996 18:43:05 -0800 (PST) Subject: The Science Generations In-Reply-To: Message-ID: On Fri, 6 Dec 1996, Timothy C. May wrote: > At 1:12 AM -0800 12/6/96, Dale Thorn wrote: > >Timothy C. May wrote: > > >> * Generation 3: The computer generation. The 1970s-80s, who grew up with > >> Commodore PETs and Apple IIs (and some later machines). These are the "new > >> pioneers" of the 1980s-90s, the Marc Andreesens and the like. > > > >I would guess that those who became and remained successful technically > >(as opposed to becoming "business people") were using HP computers and > >such in the 1970s. I for one was a heavy user then, and PETs, Apples, > >Radio Shack, etc. computers weren't reliable enough for serious work. > > > My points were about the _children_ and what they were using when they grew up. > > (In fact, note my use of the phrase "who grew up with Commodore PETs and > Apple IIs...") > > Indeed, in the 1970s I was using H-P 9825s and DEC PDP 11/34s, but the > teenagers of that decade were, if they were fortunate and energetic, using > PETs, Apple IIs, and the like. > > --Tim May > > DEC PDP 11's - spaghetti code extrordinaire! :-) I reall don't miss those old beasts, but they did provide the means to learn quite a bit about how a computer (of the day) really functions. It's too bad that kids today haven't been subjected to the experience - we might start seeing a better appreciation for coding, as well as some innovation outside of the "objectivfying" development that is bloating many a Wintel hard drive. ...Paul From cbarnett at eciad.bc.ca Fri Dec 6 19:03:42 1996 From: cbarnett at eciad.bc.ca (Clint Barnett) Date: Fri, 6 Dec 1996 19:03:42 -0800 (PST) Subject: Exon Countdown Clock and farewell messages In-Reply-To: Message-ID: okay, how bout this? just shoot the fucker in the head. Instead of trying to be coolin front of the rest of the c-punks by writing a letter, just go out and do what you gotta do. clint barnett lord of the cosmos emily carr institute On Mon, 25 Nov 1996, Steve Schear wrote: > This is a draft of my letter to our dear retiring senator. Any suggested > improvements? > > ------------- > Honorable Senator Exon, > > Although in all likelyhood you will never read this memorandum, I wish to > express my sincere regret at your retirement and thanks for your many years > of ignoble service to our nation misrepresenting the wishes of your > constituents. > > You have served as a stallwart against change as did those who resisted the > telephone, automobile, radio, television and computer (to name but a few) > before you. You are a champion of politically correct thinking and > behaviour, perhaps the most dangerous manifestation of an American trend to > intolerence and obedience to social rules. > > It is a shame we will not have your carcass to kick around in the halls of > Congress come next term. All the luck you're due. > > -- Steve Schear > > From crypto at uhf.wireless.net Fri Dec 6 19:05:00 1996 From: crypto at uhf.wireless.net (Crypto Policy) Date: Fri, 6 Dec 1996 19:05:00 -0800 (PST) Subject: ANSI X9 pointers In-Reply-To: <199612070301.WAA01247@uhf.wdc.net> Message-ID: Hi: I am writing a paper on the ridiculous/backwards US crypto policy. I am trying to write a few words about the ANSI X9 vs. clipper fight, but I haven't been able to find anything on ANSI X9. Can anyone point me to info on ANSI x9 on the web? Bernie From crypto at uhf.wireless.net Fri Dec 6 19:12:24 1996 From: crypto at uhf.wireless.net (Crypto Policy) Date: Fri, 6 Dec 1996 19:12:24 -0800 (PST) Subject: DES/IDEA In Linux loopback devices... In-Reply-To: Message-ID: On Tue, 3 Dec 1996, The Deviant wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > > Does anybody know where the archive for this kernel patch is? > Please let me know too!. I didn't know such a thing existed. Bernie crypto at uhf.wireless.net From frissell at panix.com Fri Dec 6 19:24:52 1996 From: frissell at panix.com (Duncan Frissell) Date: Fri, 6 Dec 1996 19:24:52 -0800 (PST) Subject: denial of service and government rights Message-ID: <3.0.32.19961206222425.00c4bbe0@panix.com> At 04:02 PM 12/6/96 -0700, John Kozubik wrote: >you were speaking of human rights, and the issue of Bush being Knighted >... just out of curiousity, why is it against the constitution for Bush >to be Knighted?? > >Thanks > Article 1 Section 9 of the Constitution of the United States: No Title of Nobility shall be granted by the United States: And no Person holding any Office of Profit or Trust under them, shall, without the Consent of the Congress, accept of any present, Emolument, Office, or Title, of any kind whatever, from any King, Prince, or foreign State. From mixmaster at remail.obscura.com Fri Dec 6 19:27:06 1996 From: mixmaster at remail.obscura.com (Mixmaster) Date: Fri, 6 Dec 1996 19:27:06 -0800 (PST) Subject: Coderpunks Message-ID: <199612070228.SAA21299@sirius.infonex.com> Tim C[retin] May's IQ is lower than the belly of a pregnant snake. His ignorance and stupidity are bottomless. o o /< >\ Tim C[retin] May \\\_______/// // ||||||| \\ From ichudov at algebra.com Fri Dec 6 19:32:45 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Fri, 6 Dec 1996 19:32:45 -0800 (PST) Subject: States' crypto legislation Message-ID: <199612070316.VAA16489@manifold.algebra.com> hi I wonder whether various states in the US have laws restricting use of cryptography. In particular, does anyone know of such laws in Oklahoma? thank you - Igor. From dthorn at gte.net Fri Dec 6 19:54:14 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 6 Dec 1996 19:54:14 -0800 (PST) Subject: The Science Generations In-Reply-To: <199612061858.KAA22343@netcom7.netcom.com> Message-ID: <32A8E900.6F37@gte.net> Bill Frantz wrote: > At 1:12 AM 12/6/96 -0800, Dale Thorn wrote: > >I would guess that those who became and remained successful technically > >(as opposed to becoming "business people") were using HP computers and > >such in the 1970s. I for one was a heavy user then, and PETs, Apples, > >Radio Shack, etc. computers weren't reliable enough for serious work. > I guess those people using VisiCalc on the Apple ][ weren't doing serious > work :-). (Also the many small businesses using these early machines for > AR, Accounting etc.) Me, I was doing OS programming on IBM 370s. Let's talk about some real data processing. dBase II on CP/M computers (or certain proprietary hardware with adaptor cards), circa 1980-1982, would be a good example. If you had the right stuff, say, an HP-120 or HP-125, or even an 80 series with the adaptor, and HP floppy drives, you could process all day long for (years?) with scarcely a hitch. You try to put something like that on an Apple II with Apple floppies (using whatever software was available), and you couldn't do the job. The machine and/or drives would quit in a few days, if not the first day, and might even erase your diskettes in the process (a common occurrence in those days). In early 1985, just for fun, I had an HP-71 pocket computer hooked up to a LaserJet printer and a couple of HP portable floppies, and printed my store's databases on it. Multiple indexes, thousands of records, each index printed complete every day in separate copies for each salesman. I wouldn't dream of trying that with an IBM or Apple floppy system. Hard disks? I *never* heard of an HP microcomputer hard disk crash in those days, short of dropping the computer onto the floor while writing a file. We used to pull the wall plugs on our HP's while writing to a file, with no bad effect. Try that on an IBM or Apple circa <= 1985. Computer hardware? One thing I enjoyed doing for customers was pulling a RAM card out of an HP-86 while it was running a program, then forcing the card back into the slot. Usually pulling the card had no effect, then, putting it back in would generally reset the program. Surge protectors? Never sold one. Not needed with HP's then. An Apple II (like the other toy computers from 1975 to 1982) was a hobbyist computer, which required frequent cleaning and scrubbing internally to keep it running. A pencil eraser was a common tool... And let's not forget Apple and IBM attitudes: When I had HP's, if I ever needed service, HP did it themselves, professionally (using static mats etc.) and promptly. You wouldn't find Apple or IBM offering to repair their own microcomputers in those days (or ever). For good reason! Cost of service? HP's contracts were usually 3% to 5% of the item cost per year, compared to the "industry standard" of 15%. Not a bad deal. From dthorn at gte.net Fri Dec 6 20:18:32 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 6 Dec 1996 20:18:32 -0800 (PST) Subject: Gilmore / Logos In-Reply-To: Message-ID: <32A8EF3E.3249@gte.net> Butler, Scott wrote: > Sorry for the spam, > but does anyone know if it is true that John Gilmore and this Logos > character are the same person ? > Before you dismiss the idea, just think about it for a minute. Seriously, it's very doubtful. The Logos character is too lame to be Gilmore. Remember the Star Trek, Trouble With Tribbles, where the Klingon says "...but Kirk, he's not soft. He may be a swaggering,...", and so on. Whatever Gilmore is, I hope to God it's not Logos, or we're in big trouble. From dthorn at gte.net Fri Dec 6 20:22:33 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 6 Dec 1996 20:22:33 -0800 (PST) Subject: denial of service and government rights In-Reply-To: <3.0.32.19961206222425.00c4bbe0@panix.com> Message-ID: <32A8F086.4286@gte.net> Duncan Frissell wrote: > At 04:02 PM 12/6/96 -0700, John Kozubik wrote: > >you were speaking of human rights, and the issue of Bush being Knighted > >... just out of curiousity, why is it against the constitution for Bush > >to be Knighted?? > Article 1 Section 9 of the Constitution of the United States: > No Title of Nobility shall be granted by the United States: And no Person > holding any Office of Profit or Trust under them, shall, without the > Consent of the Congress, accept of any present, Emolument, Office, or > Title, of any kind whatever, from any King, Prince, or foreign State. Re: The consent of Congress clause. Someone claimed already that Congress *did* approve of it, for Bush and Schwartzkopf. Does anyone have factual info on this? An article perhaps? From dthorn at gte.net Fri Dec 6 20:57:36 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 6 Dec 1996 20:57:36 -0800 (PST) Subject: Silence is not assent (re the Vulis nonsense) In-Reply-To: <199612070421.WAA24511@mail.gte.net> Message-ID: <32A8F8CA.1F7C@gte.net> Blanc Weber wrote: NOTE: original posting undeliverable due to spelling: cyhpherpunks > From: Dale Thorn > If you could analogize the list to a human society, then you might > understand that a pattern of decadence can set in here as it does in > the more visible society, as is run from Washington DC, etc. It is > my hope to make a contribution here (as in the more visible society) > to fight off some of that decadence, even when I get beat up on for it. > There is a huge the difference between a society of people relating to > each other based on principles of coercion vs an extemporaneous society > of individuals who make their own decisions (daily) about when/where/how > long they will associate with another. > The society run by Washington,D.C. expects that people will have no > choice but to fly in formation in the direction set by the leader who > represents the majority (sort of). That's a judgement, rather than an obvious truth. Fact is, service in Washington is purely voluntary, and one can leave anytime they wish. > The virtual "society" of the cpunks is only based on their interest in > opening up their mail and reading a few messages here & there according > to their mood of the day or the moment. Sounds pretty casual, doesn't it? Maybe there are a *few* c-punks who fit that description, but there are at least as many who are in this thing for some heavy action, if you know what I mean, and I think you do. > It is true that formal societies, like the one which was initially > intended by The Founders (of the US), often run afoul of the original > purpose for which it was begun. They decay for many reasons. This is > precisely one of the elements in the background of the cpunks thinking > ("the founders" and others) about societies and the "ties that bind" > (supposedly) us to each other: the interest in being released from that > supposition that we are bound to each other and are obligated to > maintain a relationship of some kind (as determined by the PC moral > 'authorities'). [snip] When I "joined" the Audio Engineering Society in the late 1970's, to get their journal cheap, it was going pretty good. Eventually it decayed quite a bit, where they were running more pictures of their get-togethers and awards programs than anything else. I see cypherpunks in the same straits potentially, as long as so many of the long-term "members" can continue claiming that "It belongs to one person, really, our Cypherpunks God", etc. Don't get me wrong, there's a lot of potential here, and I hope it continues, but.... BTW, thanks for a very civil reply. From dlv at bwalk.dm.com Fri Dec 6 21:00:17 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 6 Dec 1996 21:00:17 -0800 (PST) Subject: Systems with weak crypto, was: The House Rules At The Permanent Virtual In-Reply-To: <199612062035.MAA03484@netcom7.netcom.com> Message-ID: <42PJyD12w165w@bwalk.dm.com> frantz at netcom.com (Bill Frantz) writes: > At 9:46 AM 12/6/96 -0500, Dr.Dimitri Vulis KOTM wrote: > >If an entrepreneur wants to sell a new electrical gizmo and wants an > >independent review of its safety, he pays $$$ for it. Apparently one of the > >functions of the new brand of "cypher punks" is to provide a similar service > >for free. Sorry, I'm not a part of it, and I'm not *that* interested in Don's > >proposal. I have better use for my time. > > However, I assume that you have no objection to others reviewing Don't > proposal for free (Actually for reputation). Right now "snake oil" vendors treat the review process as an entitlement. I think the world would be a slightly better place if punks of search of reputation capital limited free reviews to freely available software; those who *sell* something crypto-related deserve to be told, sternly: "Sorry, union rules. You want a critique of your software, you pay for it." --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Fri Dec 6 21:00:18 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 6 Dec 1996 21:00:18 -0800 (PST) Subject: Systems with weak crypto, was: The House Rules At The Permanent Virtual In-Reply-To: <199612062035.MAA03484@netcom7.netcom.com> Message-ID: frantz at netcom.com (Bill Frantz) writes: > >I also don't think that the ease of breaking the code should be the only > >consideration in evaluating a low-end cryptographic product. ... > > > >... If someone wants to market (and support) a crypto package for > >the masses and gets the masses to deploy it, I take my hat off to them. It > >doesn't matter if the code itself can be cracked as easily as the codes used > >in PKZIP or MS Excel or MS Word (reportedly). If the users discover that the > >code isn't strong enough for their needs, they'll upgrade to stronger codes. > >The path from weak crypto to strong crypto is much shorter than the path fro > >no crypto to some crypto. > > > >If the user interface and [did you mean "is" - bf] logical and transparent > >and provides hooks to > >replace the weak (non-export-controlled) crypto being shipped with a stronge > >one (say, by FTPing a DLL) then it's a Good Thing. > > Good interfaces are definitely something needed for the widespread adoption > of crypto, either strong or weak. However, the general opinion I have > heard is that UIs with easily replaced crypto are covered by ITAR. I too have heard a lot of bullshit on this mailing list with no basis in reality. Suppose a vendor sells (or gives away) a software product, say, a front end to POP3/SMTP, or a secure filesystem for WinNT, with hooks to crypto routines in a DLL (or a shared library). The vendor bundles 2+ crypto libraries with the product, publishes the API for plugging in 3rd party libraries, and makes a diligent effort to limit key size to, say, 16 bits. Later a strong library becomes available from overseas (perhaps a PGP interface.) and it turns out that the key size limitation sort of doesn't work (e.g. disallows keys from 17 to 127 keys but allows 128+). "Sorry, officer, a bug in our program!" Is USG going to risk a test case on the vendor? Suppose an organization deploys (weak) crypto and establishes policies and procedures for distributing keys, for ensuring that all that needs to be encrypted is, for clearing plaintexts, etc. Suppose one day it becomes dissatisfied with the weak crypto package and replaces it by a stronger one. How much of the time and effort invested in deploying the weak package will be directly transferrable? > >Don is doing a Good Thing and the "cypher punks" are doing an evil thing. > > If Don is contributing to better interfaces, then I agree he is doing a > good thing. If all he is doing is proposing a new algorithm and describing > it with, to be charitable, non-standard uses of well defined terms, then I > disagree. Don promotes the use of crypto. I have no idea what exactly he's selling. I haven't been paid to review it. :-) > I strongly disagree that cypherpunks are doing an evil thing by exposing > the weaknesses in anyone's (including Don's) crypto system. There are many > ways to contribute, and publicizing the facts about a system are one of > them. "Cypher punks" are doing an evil thing not by exposing the alleged weaknesses in Don't proposal (I have no idea if they're there or not, and I don't care). "Cypher punks" such as Paul Bradley verbally abuse Don and turn this mailing list into a laughing stock for the media. Putting "(spit)" after Don's name and calling him "bullshit master" is not the same as exposing weaknesses in his proposal. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From markm at voicenet.com Fri Dec 6 21:10:20 1996 From: markm at voicenet.com (Mark M.) Date: Fri, 6 Dec 1996 21:10:20 -0800 (PST) Subject: DES/IDEA In Linux loopback devices... In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 6 Dec 1996, Crypto Policy wrote: > On Tue, 3 Dec 1996, The Deviant wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > Does anybody know where the archive for this kernel patch is? > > > > Please let me know too!. I didn't know such a thing existed. It's at csclub.uwaterloo.ca/pub/linux-stego . Mark - -- finger -l for PGP key PGP encrypted mail prefered. 0xf9b22ba5 now revoked -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMqj8tizIPc7jvyFpAQE1xAgAjzGpLhMx3F3PO2zpV5qq0yOL/paq3hRn DyCkcp8vx7kk06uASHod3IIGaEJ3F1WA5unHzS4wV0q7cCURXyX8iz0p4hhrc14W r3feO4T8uNcobAKP5GcP4q6uin8z1FHCtPJrKePb++I7joo/qaQ3xXXp4mCDb77H AJyZJsaFCR6Cd6wsViVTSuOTu9ZvPIyLFUEZZ5kzGlEk4wcsKKYZ8Wqg8jRCZIot oWiVuqgquvZjP9ad5HGVBwPDYw1Ujl5WqyPS/xPP3UHCJ2THGpR4PFw7F+gWhh/x l4qeFuEqV08uo0IYwAEky727IvvUM7aVTKY7F6OquxcDo83J12EAFw== =/o7Z -----END PGP SIGNATURE----- From dthorn at gte.net Fri Dec 6 21:31:38 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 6 Dec 1996 21:31:38 -0800 (PST) Subject: The Science Generations In-Reply-To: Message-ID: <32A900DF.2521@gte.net> Timothy C. May wrote: > At 1:12 AM -0800 12/6/96, Dale Thorn wrote: > >Timothy C. May wrote: > >> * Generation 3: The computer generation. The 1970s-80s, who grew up with > >> Commodore PETs and Apple IIs (and some later machines). These are the "new > >> pioneers" of the 1980s-90s, the Marc Andreesens and the like. [snip my text] > My points were about the _children_ and what they were using when they grew up. > (In fact, note my use of the phrase "who grew up with Commodore PETs and > Apple IIs...") > Indeed, in the 1970s I was using H-P 9825s and DEC PDP 11/34s, but the > teenagers of that decade were, if they were fortunate and energetic, using > PETs, Apple IIs, and the like. I hope you find this interesting (or amusing): When I worked at Olympic Sales in El Segundo (2/81 thru 3/83), Saturday was the big shopping day for electronics goodies, and the Hughes, Northrop etc. guys would pile in with their kids and have a good time pestering the OS salespeople. I made a lot of observations and notes, and one of the truly fascinating was how, when parents would bring the kids in, the kids would be faced with Commodores, Ataris, TIs, Apples, and HPs, all on and running [but the non-HPs would almost always be running some video software (games usually) and the HPs would have a text screen up], and the kids would most often make a beeline for the HP-87s and HP-85s. Particularly the younger kids, say, 8 to 12 years old. The argument at the time (as I recall) was that the parents were right to steer the kids over to the Apples and Ataris, since they didn't cost an arm and a leg. It it had been my dad, though, he would have forgone the Apple until he could get the HP, which is a big part of the reason I'm able to do what I do today. More power to dads like mine (in spite of failings here and there)! From nobody at zifi.genetics.utah.edu Fri Dec 6 22:15:25 1996 From: nobody at zifi.genetics.utah.edu (Anonymous) Date: Fri, 6 Dec 1996 22:15:25 -0800 (PST) Subject: No Subject Message-ID: <199612070615.XAA16720@zifi.genetics.utah.edu> Vulis, the KOTM, Wrote: >No one even commented on the latest Dr. Dobbs issue. Maybe they were just too busy sifting through your irrelevant bullshit. (And to continue the irrelevancies, so you can maybe see a bit of the irony of all this garbage you tend to keep sending despite pleas and flames, try checking your subject line if you are going to bitch about others' spelling. Adverbs need an "ly," and you should drop the "e.") From tcmay at got.net Fri Dec 6 22:25:54 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 6 Dec 1996 22:25:54 -0800 (PST) Subject: CRYPTO KEYS STOLEN FROM A NAKED DRUGGED MAN In-Reply-To: Message-ID: At 5:40 PM -0800 12/6/96, Steve Schear wrote: >I heard an almost identical story from a security guard at DEFCON IV last >july in Las Vegas. He said it happened in the hotel where he was working >(not the Monte Carlo, which had just opened) in 1995. The management >managed to cover the event up and it never, according to him, appeared in >the local papers. > > >>| >>> A friend of mine from UT passed this story onto me from the "Daily >>| >>> Texan" - the University of Texas newspaper. Apparently it occured >>| >>> during Fall Premier -- a UT tradition that is a celebration of the >>| >>> end of midterms. ... This whole event actually happened to a friend of someone a friend of mine knows, or at least he heard about from a friend, or maybe he read about it one of Brunwand's (sp?) "urban legend" books ("Choking Doberman," and several others. The more things change.... --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From talkingmail at prognet.com Fri Dec 6 23:31:06 1996 From: talkingmail at prognet.com (Progressive Networks) Date: Fri, 6 Dec 1996 23:31:06 -0800 (PST) Subject: RealAudio 3.0 ships! Download it now, for free. Message-ID: <199612070731.XAA08682@correro2.prognet.com> Dear RealAudio User, We are pleased to tell you that RealAudio Player and Player Plus 3.0 have shipped! You can download RealAudio 3.0 from our Web site at http://www.realaudio.com. RealAudio 3.0 supports broadcast-quality audio, including stereo at 28.8 Kbps and near-CD quality audio at ISDN. Platform support includes Microsoft Windows 95 and 3.1, Macintosh PowerPC and 68040, and many flavors of UNIX. In addition, you can give friends and family the gift of Internet audio with our full-featured RealAudio Player Plus. Order online, and we'll ship it in a special gift box to the person of your choice. We hope you enjoy RealAudio 3.0. Best wishes, Rob Glaser Chairman & CEO Progressive Networks, Inc. ------------------------------------------------------ For more information on RealAudio e-mail updates, visit http://www.realaudio.com/mailinglist/index.html. From ChrisMSW1 at aol.com Sat Dec 7 04:36:58 1996 From: ChrisMSW1 at aol.com (ChrisMSW1 at aol.com) Date: Sat, 7 Dec 1996 04:36:58 -0800 (PST) Subject: Paradise Message-ID: <961207072021_808040999@emout10.mail.aol.com> --------------------- Forwarded message: Subj: Paradise Date: 96-12-07 05:48:26 EST From: ChrisMSW1 To: ChrisMSW1 This is to inform you about the new adult game that VCS Magazine rated "The best game of '96" and gave an "Outstanding ****" (4 stars). "The Search for Paradise is no doubt one of the greatest XXX Adult games available." The first game where it is as much fun as it is a turn on. Travel the world to every continent, every country you can think of, and meet some of the most beautiful women in existence. These women will treat you like a king and obey your every command. Any sexual wish you can think of, these women know it all. There is a different paradise for every guy out there, and this game will have them all. This game uses real models, digital video, and digital sound to make it as realistic as possible. You will feel like you're in the same room as the girl you're talking to. --- Required: 386 or better, 4 meg ram or better, Windows 3.1 or higher (Win95 is fine), sound card is optional, CD-Rom is optional. Game is given either CD-rom, or compressed 3.5" diskettes.) - $19.95. The last adult game we are going to inform you about is the newly released "Club Celebrity X". Imagine being in a club with some very beautiful, well known, ACTUAL celebrities that with skill, will be making you breakfast in bed the next day. These girls you have seen on television, magazines, and billboard ads, and now they are on your computer, begging for action. Each girl you will recognize and you won't believe your eyes when you got them in your own bedroom. This game is hot, and once you start playing, you won't be able to stop. --- Required: 386 or better, 4 meg ram or better, Windows 3.1 or higher (Win95 is fine), sound card is optional, CD-Rom is optional. Game is given either CD-rom, or compressed 3.5" diskettes.) - $19.95. Software arrives is a plain, unmarked, brown package. Delivery takes no longer than 7 to 8 working days. Both your email address, and mailing address are NOT added to any mailing lists whatsoever. Once you are mailed this email, your name is deleated from all lists to ensure you are not mailed again. Each game is $19.95, but for a limited time, you can get both "The Search for Paradise" and "Club Celebrity X" for just $29.95. Shipping and handling is $2.00 for each game ordered. There are no additional charges or fees. Please make checks or money orders out to: Chris Mark Send to: Chris Mark Software SMD, Inc. 9800-D Topanga Cyn Blvd. #348 Chatsworth, CA 91311 You must be at least 18 years of age to order this software. PHONE# 818-948-5837 From gary at systemics.com Sat Dec 7 06:06:20 1996 From: gary at systemics.com (Gary Howland) Date: Sat, 7 Dec 1996 06:06:20 -0800 (PST) Subject: Mondex In-Reply-To: Message-ID: <199612071408.PAA22126@internal-mail.systemics.com> > Can anyone briefly discuss the anonymity features (or lack thereof) for > Mondex? Any anonymity derives from the fact that Mondex cards are bearer devices. Sure, a real name may have to be used to obtain a card, but I don't see how Mondex can prevent the cards being passed on. One would guess that they could only realistically achieve this if the card were embedded in a credit card or something similar. As far as I can see, the transactions have to be untraceable, as long as user to user transactions can occur, and there is no limit to the number of transactions per card. Even if the cards record the last 300 (as rumours suggest) transactions, that just means I have to perform 300 transactions between a pair of my cards in order to erase the "interesting" history. The ability to erase the history could only be prevented by restricting the number of transactions per card, or by preventing card to card transactions. There does seem to be some scope for other tracing tricks however. For instance, it may be possible for a card to remember IDs of the last few hundred cards it has communicated with. However, if we know this, then we just have to have a few hundred cards of our own to "erase" the interesting IDs. Bear in mind that it may be possible for all "electronic coins" that are issued to be given a serial number. There would be no tricks to circumvent this, but of course tracing can only occur when the money leaves and enters the bank (and perhaps at every shop counter), so the usefulness of this is limited if many user to user transactions are occurring. I don't think Mondex does this, though, since the memory requirements seem to be too large for todays smartcards. What I *guess* Mondex does do though, is "mark" coins in certain situations - eg. a kidnapper is paid a ransom via cellphone in another country using Mondex, but the coins are marked. They will stay marked no matter how many times they are transferred, and eventually will be caught by the system (either as they are deposited into an account, or perhaps via shop terminals looking for the mark). This would not ensure the catching of the kidnapper, but at least gives the authorities a start. It may also be possible to put a time limit on these expired coins, so that the money "vanishes" some time after the baby is returned alive (or whatever). Gary From strix at rust.net Sat Dec 7 07:17:26 1996 From: strix at rust.net (Jennifer Mansfield-Jones) Date: Sat, 7 Dec 1996 07:17:26 -0800 (PST) Subject: KIDNEYS STOLEN FROM A NAKED DRUGGED MAN In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 6 Dec 1996, Steve Schear wrote: > > I heard an almost identical story from a security guard at DEFCON IV last > july in Las Vegas. He said it happened in the hotel where he was working One might (I'm not a surgeon) be able to get viable kidneys under the circumstances mentioned, but the victim wouldn't wake up. This has all the hallmarks of a good urban legend. `=-`=-`=-`=- -='-='-='-=' Jennifer Mansfield-Jones http://www.rust.net/~strix/strix.html strix at rust.net PGP key ------^ Never try to outstubborn a cat. (R.A.H.) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMqmX70xVmNNM34OxAQET4gQAnNvhfuaCdrHrblE/9C2nWiKXJjbMIqOw SgGsbfBqySdi0/SvDH9+obv2ijf6dOfuFuGDA3CZN+UGA6/9Opew+HLaGuWeHyLf aFiw13Aemu3R0V0E6U/jD2IKs2GU7b5lxzXNVZ/velZCBeRqpBXIdkfYIFBUo57J B/kU7/xf030= =WK8m -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Sat Dec 7 08:50:19 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 7 Dec 1996 08:50:19 -0800 (PST) Subject: Crypto continues to go mainstream Message-ID: <46RkyD19w165w@bwalk.dm.com> >From: hoffman at seas.gwu.edu (Lance J. Hoffman) >Newsgroups: sci.crypt,alt.security,comp.security.misc,alt.security.pgp >Subject: Re: University courses on cryptography and security >Date: 4 Dec 1996 22:17:20 -0500 >Organization: George Washington University >Message-ID: <585es0$gac at felix.seas.gwu.edu> >References: <57v5k0$8ql at news.eecs.umich.edu> > >The George Washington University >GRADUATE DEGREE IN COMPUTER SCIENCE >Specialization in Computer Security > > The George Washington University Department of Electrical >Engineering and Computer Science >offers a traditional graduate program with a few twists. One of the >twists is that we now have four >graduate courses related to computer security, and an area of >specialization (within computer science) in >it. In addition, the opportunities to pursue dissertation work and >special projects are "real world" since >many government administrative agencies, laboratories, and Congress >are usually just a metro ride away. >=46or those who wish to combine technology and public policy, excellent >contacts are maintained with the >law and medical schools and with key congressional and administration >offices. > >DESCRIPTIONS OF COMPUTER SECURITY RELATED COURSES > >CS 229. Computer Security Systems I. Techniques for security in >computer systems. Authentication, >logging, authorization, encryption. International criteria.ia s. >Effects of operating systems and >machine architecture, countermeasures, risk-analysis systems. >Companion course to EE 250. >Prerequisite: CSci 144 (Concepts of Programming Languages) or >equivalent. > >CS 329. Computer Security Systems II. Advanced topics in information >system security. Intrusion detection. Viruses, worms, and trojan >horses, and other rogue programs. Advanced risk analysis methodologies, >developing international standards, computer security models. Network >security. Protection against statistical inference. Prerequisite CS229. >B >s >EE250. Telecommunications Security Systems. Cryptography. Speech >and data scrambling. Nonlinear >transformations. Block and stream ciphers. DES algorithm and public >key cryptography. Key >management, digital signatures, and authentication. Data >communication security protocols. Secure voice >communications. The CLIPPER initiative and escrowed-key schemes. >Companion course to CS 229. >Prerequisite EE 204 (Stochastic signals and noise) or equivalent. > >CS 230. Information Policy. Issues related to computers and privacy, >equity, freedom of speech, search >and seizure, access to personal and governmental information, >professional responsibilities, ethics, >criminality, and law enforcement. This course examines these policy >issues using the current literature >and written, electronic, and videotape proceedings of recent major >conferences and government hearings. >Prerequiste CS 131 (Programming and Data Structures) or equivalent. > > FOR FURTHER INFORMATION > >Administrative: Contact the Department of Electrical Engineering and >Computer Science, (202) 994-6083. >About courses: Contact Prof. Lance J. Hoffman, (202) 994-4955 or >hoffman at seas.gwu.edu. > > > >December 4, 1996 >-- >Professor Lance J. Hoffman >Department of Electrical Engineering and Computer Science >The George Washington University (202) 994-4955 Fax: (202) 994-0227 >Washington, D. C. 20052 hoffman at seas.gwu.edu > >-- >Professor Lance J. Hoffman >Dept of Elec Eng and Comp Sci, The Geo Washington U, 801 22nd St NW >Wash DC 20052 (202) 994-5513 Fax: (202) 994-0227 = >hoffman at seas.gwu.edu >See also info on the Cyberspace Policy Institute: >http://www.cpi.seas.gwu.edu/ From firstpr at ozemail.com.au Sat Dec 7 09:22:44 1996 From: firstpr at ozemail.com.au (Robin Whittle) Date: Sat, 7 Dec 1996 09:22:44 -0800 (PST) Subject: PICS is not censorship Message-ID: <199612071722.EAA26996@oznet02.ozemail.com.au> I do not believe that PICS is a form of censorship, except for those people - children and employees - whose computing environment is beyone their direct control and who have to live with a browser that filters based on PICS labels. For much, much more on the Internet content regulation debate, see my WWW site. PICS is basically an excellent idea in my view. It provides a means of child protection which is not censorship of the net or censorship of sources of information. It is also useful for other things. However I don't beleive it is practical or desirable to insist that all people use PICS and a particular value system to label their WWW material - there is likely to be no suitable value system which is adequate in all situations. - Robin > From: stewarts at ix.netcom.com > Date: Wed, 04 Dec 1996 22:23:04 -0800 > To: cypherpunks at toad.com > Subject: W3C Picks PICS for Censorship > >> W3C ISSUES PICS AS A RECOMMENDATION; PICS READY FOR WIDESPREAD > ADOPTION; ENABLING USERS TO FILTER INTERNET CONTENT WITHOUT > CENSORSHIP - The World Wide Web Consortium today endorsed the > Platform for Internet Content Selection specifications as a W3C > Recommendation. This Recommendation represents the W3C's highest > "Stamp of Approval." It signifies that PICS specifications are stable > ... [Business Wire, 854 words] > > # Thanks; Bill > # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com > # You can get PGP outside the US at ftp.ox.ac.uk > # (If this is posted to cypherpunks, I'm currently lurking from fcpunx, > # so please Cc: me on replies. Thanks.) . Robin Whittle . . http://www.ozemail.com.au/~firstpr firstpr at ozemail.com.au . . 11 Miller St. Heidelberg Heights 3081 Melbourne Australia . . Ph +61-3-9459-2889 Fax +61-3-9458-1736 . . Consumer advocacy in telecommunications, especially privacy . . . . First Principles - Research and expression - music, . . music industry, telecommunications . . human factors in technology adoption. . . . Real World Interfaces - Hardware and software, especially . . for music . From firstpr at ozemail.com.au Sat Dec 7 09:22:47 1996 From: firstpr at ozemail.com.au (Robin Whittle) Date: Sat, 7 Dec 1996 09:22:47 -0800 (PST) Subject: OECD policy: constructive comments? Message-ID: <199612071722.EAA27014@oznet02.ozemail.com.au> The US, French and UK government policies on crypto control are stupid. The OECD has a group of so-called experts who are likely to reach the same conclusion about how governements "must" have access to the content of criminal communications. For a commented version of a leaked draft the OECD crypto guidelines, see my WWW site. Recently I got some email from someone at the OECD who is on the secretariat working on this. The didn't seem to mind me publishing the draft and they seemed to appreciate my comments. These people seem to be in their own government circle - but if you can get through to them, at least some of them will listen. They are likely to be intelligent, concerned people, but due to their lack of wide perspective (something they really should be working harder on, for sure) they may come up with some totally unrealistic policies. In fact, most of the draft seems to be really good - it is only the last bit on law-enforcement access which is crook and this seems to be at odds with the rest of the draft. It is no good complaining about them sitting in their bunker if we won't crawl out of ours. If you have some constructive comments on the draft, let me know and I will put you in touch with the OECD secretariat. - Robin > Date: Thu, 5 Dec 1996 08:00:32 -0500 > From: C Matthew Curtin > To: cypherpunks at toad.com > Subject: Encryption policy challenged > http://www.news.com/News/Item/0,4,5909,00.html?dtn.head > > "The Business Software Alliance, a powerful Washington trade > organization, warned the White House that its encryption policy will > fail if the government does not turn to the industry for guidance." > > blah blah blah ... > > Interesting how these polite requests from the SBA, et al, are going > for such ridiculously low goals. Being able to export 56-bit symmetric > cipher products... Why in the world go for such a low number when that > is the absolute *best* that you can possibly get? And with such a > small difference between 56 and 40 bits, there isn't really any room > to haggle. > > Duh. > > -- > Matt Curtin cmcurtin at research.megasoft.com Megasoft, Inc Chief Scientist > http://www.research.megasoft.com/people/cmcurtin/ I speak only for myself. > Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet . Robin Whittle . . http://www.ozemail.com.au/~firstpr firstpr at ozemail.com.au . . 11 Miller St. Heidelberg Heights 3081 Melbourne Australia . . Ph +61-3-9459-2889 Fax +61-3-9458-1736 . . Consumer advocacy in telecommunications, especially privacy . . . . First Principles - Research and expression - music, . . music industry, telecommunications . . human factors in technology adoption. . . . Real World Interfaces - Hardware and software, especially . . for music . From snow at smoke.suba.com Sat Dec 7 09:34:44 1996 From: snow at smoke.suba.com (snow) Date: Sat, 7 Dec 1996 09:34:44 -0800 (PST) Subject: ANSI X9 pointers In-Reply-To: Message-ID: <199612071753.LAA00820@smoke.suba.com> > Hi: > I am writing a paper on the ridiculous/backwards US crypto policy. > I am trying to write a few words about the ANSI X9 vs. clipper > fight, but I haven't been able to find anything on ANSI X9. > Can anyone point me to info on ANSI x9 on the web? An altavista seach on: ansi and x9 returned: Documents 1-10 of about 400 matching the query, in no particular order. Hope that helps. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From eb at comsec.com Sat Dec 7 10:13:20 1996 From: eb at comsec.com (Eric Blossom) Date: Sat, 7 Dec 1996 10:13:20 -0800 (PST) Subject: The Science Generations In-Reply-To: Message-ID: <199612071749.JAA08668@comsec.com> > Indeed, in the 1970s I was using H-P 9825s and DEC PDP 11/34s, but the > teenagers of that decade were, if they were fortunate and energetic, using > PETs, Apple IIs, and the like. Right On! PDP 11's rule!!! My favorite one was an 11/34 with "Hardware Floating Point" that had a GT-43 vector display processor as a coprocessor. You'd build a double buffered display list of vector instructions for the coprocessor, using your handy dandy fortran program, and then let it rip. As long as you weren't trying to do hidden line removal, or draw more than about 200 vectors, you could get smooth, real-time wire frame animation. We had it hooked up to a couple of knob boxes and some nice three axis joy sticks connected to 10 bit A/D's. Eric From djphill at umich.edu Sat Dec 7 10:22:15 1996 From: djphill at umich.edu (David J. Phillips) Date: Sat, 7 Dec 1996 10:22:15 -0800 (PST) Subject: Mondex Message-ID: <199612071821.NAA16697@rodan.rs.itd.umich.edu> At 11:02 AM 12/6/96 -0500, you wrote: >Can anyone briefly discuss the anonymity features (or lack thereof) for >Mondex? The following information is gleaned from Seth Grodin's "Presenting Digital Cash" (Sams.net Publishing 1995), the British Environmental Health and Trading Standards' response to Simon Davies' false advertising claim against Mondex, The FAQ page of Mondex's web site, and Tim Jones' testimony before the U.S. House of Representatives. Each card is uniquely identified, and the id of the card is linked at the issuing bank with the identity of the card holder. According to Grodin, each card has 3 logs, the transaction log (recording the recipient, date, and amount of the last ten transactions), a pending log of current transaction process, and an exception log recording "unsuccessful transactions". When the exception log is filled, card is disabled. Traders' tills retain the last 300 transactions as card number, value and date. (Presumably this log info can be offloaded to another devise after every 300 transactions, so the merchant's log can be limitless in size.) Tills record the card's identity, not the user's identity. However, banks have access (I'm not sure by what mechanism) to the till logs, and can then link transactions to card holders (or at least to the individual to whom they have issued the card - whether or not this is the person actually using the card.) Mondex touts their system's ability to monitor aggregate monetary flow, presumably through monitoring merchants' tills. (Jones to House of Reps: "Retailer's terminals and bank cashpoints provide many opportunities for Mondex to capture transaction data and patterns of behaviour which can be analysed to give warning of suspicious circumstances.") In addition to aggregate data, there is also some mechanism for isolating unusual activity on a particular card. (Jones to House of Reps: "In addition, Mondex transactions can be assessed automatically against threshold parameters, derived from past experience. Discovery that a transaction exceeded such thresholds can raise a warning, which can enable a member bank to disable or lock the card if desired.") I don't know how this is supposed to work, but I suppose it could be linked to the exception log on each card, which may record anomalous transactions as well as unsuccessful ones. Banks have the option of issuing cards which require on-line authorization for transactions (or, I imagine, for transactions above a certain threshold or meeting some other sort of criteria.) Much of the monitoring capacity seems to depend on communication between merchant tills and banks, or through auditing of individual deposits and withdrawals at the bank. (Jones to House of Reps: "Suspicions can be aroused, for instance, by regular or frequent value redemption from particular 'unexplained' sources, by a high average of redemptions relative to the card limit (for example, an individual's card behaving as if it was handling the amounts appropriate to a shopkeeper's card) or single large redemptions from an unusual location.") But apparently value can also be transferred between consumer wallets, and I don't know how that is monitored. I'm eager to learn anything more about this. djp From nobody at replay.com Sat Dec 7 10:33:24 1996 From: nobody at replay.com (Anonymous) Date: Sat, 7 Dec 1996 10:33:24 -0800 (PST) Subject: [STEGO] Firewalls Message-ID: <199612071818.TAA14496@basement.replay.com> Tim C[retin] Mayflower's wee-wee is so tiny that only his mommy is allowed to touch it. |\ \ \ \ \ \ \ \ __ | \ \ \ \ \ \ \ \ | O~-_ Tim C[retin] Mayflower | >----|-|-|-|-|-|-|--| __/ | / / / / / / / / |__\ |/ / / / / / / / From camcc at abraxis.com Sat Dec 7 14:48:49 1996 From: camcc at abraxis.com (Alec) Date: Sat, 7 Dec 1996 14:48:49 -0800 (PST) Subject: Please post Eudora PGP plugin URL Message-ID: <3.0.32.19961207173112.006a0994@smtp1.abraxis.com> At 04:57 PM 12/6/96 -0800, you wrote: :Or Email it to me : : :Thanks in advance : You're welcome ----------------------------------------------------- Eudora/PGP Plug-In Download version 0.20 from the Web: http://www.prism.gatech.edu/~gt6525c/eppi/epp16_02.zip (for 16-bit version of Eudora 3.0 for Windows 3.1) http://www.prism.gatech.edu/~gt6525c/eppi/epp32_02.zip (for 32-bit version of Eudora 3.0 for Windows NT/95) If you don't have Web access, but have FTP access, try the following sites. Note that if the version you are trying to get was released today or just a few days ago, it may not have shown up at the sites below yet, so give it a few days: papa.indstate.edu: /pub/winsock-l/mail/epp16_02.zip /pub/winsock-l/Windows95/mail/epp32_02.zip /pub/winsock-l/WindowsNT/mail/epp32_02.zip ftp.winsite.com: /pub/pc/win3/winsock/epp16_02.zip /pub/pc/win95/winsock/epp32_02.zip If you want to be automatically notified of new versions, send e-mail to gt6525c at prism.gatech.edu with the subject of "eppi news", and the following message body: join stop You will not be able to post to this list. It is merely a convenient way to receive notification of new updates to EPPI. Send comments to: gt6525c at prism.gatech.edu What is EPPI? EPPI is the acronym for Eudora/PGP Plug-In. It is a "Plug-In" module for Eudora for Windows. Eudora Plug-Ins are simply programs that utilize the new Extended Messaging Services API (EMSAPI) that were introduced with Eudora 3.0. EPPI makes it easier to use PGP (Pretty Good Privacy) with e-mail via Eudora. Note that EPPI does not contain any encryption/decryption routines, so it should not violate anybody's export/import restrictions. It simply calls the PGP executable with the appropriate command-line options in order to perform the requested functions. It's also 100% free! Get a copy, give it to your friends, spread it around... From tcmay at got.net Sat Dec 7 14:50:56 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 7 Dec 1996 14:50:56 -0800 (PST) Subject: PICS is not censorship In-Reply-To: <199612071722.EAA26996@oznet02.ozemail.com.au> Message-ID: At 4:18 AM +0000 12/8/96, Robin Whittle wrote: >I do not believe that PICS is a form of censorship, except for those >people - children and employees - whose computing environment is >beyone their direct control and who have to live with a browser that >filters based on PICS labels. > >For much, much more on the Internet content regulation debate, see my >WWW site. > >PICS is basically an excellent idea in my view. It provides a means >of child protection which is not censorship of the net or censorship >of sources of information. It is also useful for other things. > >However I don't beleive it is practical or desirable to insist that >all people use PICS and a particular value system to label their WWW >material - there is likely to be no suitable value system which is >adequate in all situations. PICS is yet another "sword of Damocles." While I agree that a completely voluntary PICS system is unexceptionable, how long can we expect that PICS will remain voluntary? Given the way our democracies work, when little Johnnie and little Suzie start accessing "naughty" or "controversial" material, sans PICS, or with "fraudulent PICS" (e.g., "PICS = G, for all ages, ethnic groups, genders, and emotional maturities"), how long will it be before governments respond to pressure and make PICS mandatory? Now it happens that this probably runs smack into the First Amendment, for U.S. folks. While there may or may not be valid controls on access to pornography--a hotly debated issue for many decades and not one I'll get into here--it is almost a certainty that one is under no compulsion to categorize and label one's speech or one's writings--modulo the porn issue, as noted. A requirement that one categorize and label one's words, based on some criteria established, is tantamount to making a law about what speech is acceptable. (Legal bozos may jump in here with proposals that PICS standards not be enforced as a prior restraint, but that anyone who fails to PICS label his or her material is potentially liable under civil law...a distinction without a difference, as I see it.) So, as long as PICS is fully voluntary, and I mean _fully_ voluntary, civil libertarians will likely not object. After all, it's just a system _some_ other people (maybe even most) are voluntarily adhering to. However, the pressure to stop "rogues" from "subverting" the PICS system by either not using it, or by deliberately monkeywrenching it, will be enormous. (As an example, there are many folks who, for their various reasons, believe children _should_ be exposed to sexual material at an early age. If they label their explicit material as "suitable for all children," who is to decide they have committed "fraud"? Will their be "PICS courts" arbitrating? And if so, the system is no longer fully voluntary, at least in terms of interpreting the standards.) This is why I fear PICS. Democracy has run amok in the Western world, and the various "herds" will vote to constrain the freedoms of other members of the herd. My Prediction: If PICS is used voluntarily by more than 80% of Net users to label their Web pages and their writings, etc., then less than 3 years later PICS will be mandated in the United States and other such countries. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dlv at bwalk.dm.com Sat Dec 7 14:51:12 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 7 Dec 1996 14:51:12 -0800 (PST) Subject: cypher-PUNKS... In-Reply-To: Message-ID: "Timothy C. May" writes: > I've initiated more threads on crypto-related and politico-crypto topics > than nearly anyone else. Ritalin, attacks on Mormons, assault rifles, attacks on "crazy Russians"... Crackpot spammer Timmy May (fart) lies again. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Dec 7 14:51:22 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 7 Dec 1996 14:51:22 -0800 (PST) Subject: KIDNEYS STOLEN FROM A NAKED DRUGGED MAN In-Reply-To: Message-ID: <6mykyD28w165w@bwalk.dm.com> Jennifer Mansfield-Jones writes: > -----BEGIN PGP SIGNED MESSAGE----- > > On Fri, 6 Dec 1996, Steve Schear wrote: > > > > I heard an almost identical story from a security guard at DEFCON IV last > > july in Las Vegas. He said it happened in the hotel where he was working > > One might (I'm not a surgeon) be able to get viable kidneys under the > circumstances mentioned, but the victim wouldn't wake up. This has all the > hallmarks of a good urban legend. When it doubt, blame Timmy May (fart). --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Dec 7 14:52:53 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 7 Dec 1996 14:52:53 -0800 (PST) Subject: "Family Channel" of the Internet? In-Reply-To: <3.0.32.19961206210712.0091fda0@gateway.grumman.com> Message-ID: Rick Osborne writes: > >3) In general, how would you use crypto to ensure that your users only > >connected to approved sites, regardless of the platform or browser > >software they were using? > I wouldn't. It's not even a crypto issue. That's like asking how you > would use your tea kettle to peel this orange: sure, you *could* do it, but > why? > > I think your pegged 'bogometer' had it pegged. I think one come up with a scheme where the web access is through a proxy server which doesn't let through HTML pages unless the contain a sort of digitally signed 'G rating'. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From shamrock at netcom.com Sat Dec 7 15:12:17 1996 From: shamrock at netcom.com (Lucky Green) Date: Sat, 7 Dec 1996 15:12:17 -0800 (PST) Subject: Laptops and TEMPEST Message-ID: <3.0.32.19961207151252.0068e328@netcom14.netcom.com> [Sorry, I don't have the attribution for the fist quote. The remainder of the post was authored by a friend of mine who retired from decades in military SIGINT. He allowed me to forward it to the list.] >>> don't emit enough radiation for Bad Guys to read it. CRTs are well known >>> as emitters of easily decoded signal, but people have occasionally >suggested >>> on this list that laptop LCD screens are much quieter. I now have a data >>> point on this one, and basically, it ain't so. Look - if it uses electricity; if there is an oscillator anywhere innit; if there is a ground loop in the circuit design, if there are make/break contacts anywhere - It will radiate, and the amount it radiates is directly proportional to the basic power source ... And circuit board traces are getting so damned close that engineers I know/knew were worried about friggin' arc-over at 3 volts. By now, may be even closer and voltage worries lower... So we have a problem. The only computer I know of that is (at this date) leak-proof is the biological one 'twixt one's ears. And soon, maybe not even that. Those who laugh at the paranoiacs who wear aluminum helmets and wear shoes with a static strap to the sidewalk may be laughing out the other side of their moufs too soon... As for any government directives requiring companies to make computers leak, I know of none, but CAVEAT: I've been retired from source info since '91, and most of my friends/fellow engrs who occasionally got together for a few brewskis and BS sessions over in Mt. View have either gone to better jobs (more $$$), transferred back east, or inconsiderately died. So, who knows? And of course, the ability to detect this RF/RFI/EMI leakage from your information processor is similarly dependent on the sensitivity of the equipment you're using for detection. I've seen absolute magic performed using a Wullenweber antenna, and that is NOT state-of-the-art equipment any more (ca. 1965-70), even tho the DoD keeps throwing money at it in upgrades (affectionately called 'the elephant's cage' by those who worked with it). If you really need to keep your information processing "private", then you can either isolate yourself inside a double-shielded room of solid copper; power everything with batteries; have no wires leading out of that room; make damned sure the door has the nice secure wiping strips to complete the shield when you close it -- or move your information processor into the middle of a whole bunch of the same or worse RF/RFI/EMI emitters, and just _maybe_ your data will get lost or become inaccessible because of the overload of the detection equipment by much larger interference fields. Or use paper, pencil, and one-time pads and burn everything that's done "in the clear" and really scrunch the ashes into dust. [Again, I am not the author of the above post.] -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://ourworld.compuserve.com/homepages/justforfun/prime.htm From attila at primenet.com Sat Dec 7 15:51:55 1996 From: attila at primenet.com (attila at primenet.com) Date: Sat, 7 Dec 1996 15:51:55 -0800 (PST) Subject: The Science Generations In-Reply-To: <199612060723.XAA21230@netcom7.netcom.com> Message-ID: <199612072353.QAA19021@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- In <199612060723.XAA21230 at netcom7.netcom.com>, on 12/05/96 at 11:27 PM, frantz at netcom.com (Bill Frantz) said: ::At 8:44 PM 12/5/96 -0800, Timothy C. May wrote: ::>* Generation 1: The kids of the 1920s-40s. The Ernest Lawrences and the ::>Robert Noyces, who grew up on farms, repairing tractors and farm ::>machinery. They learned about machinery at a direct level. These were ::>the giants of the post-war science community, and the founders of ::>modern American chip companies. ::> ::>* Generation 2: The Sputnik generation, of the 1950s-60s. They grew up ::>with Gilbert chemistry sets, Erector sets, "All About" books, and with ::>constant exposure to nuclear physics, relativily, molecular biology, ::>etc. These were the workers who staffed the companies formed by the ::>Noyces and Moores of the world, and the young scientists who pioneered ::>the use of computers. ::> ::>* Generation 3: The computer generation. The 1970s-80s, who grew up ::>with Commodore PETs and Apple IIs (and some later machines). These are ::>the "new pioneers" of the 1980s-90s, the Marc Andreesens and the like. ::I am definitly from Generation 2. I have tried to interest my children ::in playing with ICs and various electronic pieces. I have also worked ::hand-in-hand with them, rebuilding auto engines and transmissions. We ::will see how it plays out. well, I class out as a Generation 1, born before the war --as a multi-disciplined generalist. during the 70s and 80s, we sat in the king's chair when they need us. by the late 80s and in the 90s, all they want are narrowly focused specialists, ignoring the generalist concept of overview and understanding the "big picture. we are considered too broad to understand the high tech... --and obsolete. I used to call most of my contracts "on the job training" --but the point of a generalist is the ability to comprehend the narrow field and separate the bullshitters and space-shot dreamers from the doers. just who on that team can cooperate well enough to get it out the door when it is months (or years) behind. it was the last legal stand of the man with a mask and gun. My only complaint is that generation 1 generalists were dead about five years too soon --unless you were Gordon Moore, etc. those of us who were cowboys --the last and best gunslingers in the West; we were passe. I never once in my 35 year career collected a W2 wage, (and sometimes none in any form --feast or famine). Tim May probably pulled off the best of all gigs --on the Intel wagon as it went down, with stock options which gave Tim full independence in his low forties. I may not have much of a pot to piss in, but it was one long rockin' and rollin' ride --basket to hell and all. you don't look back, you just slam the throttle forward --same way I fly stunt planes or hang from the apes of my hawg. several of my five children are true generalists. have I (am I) advised them to go the route of the cowboy --not on your life! but I certainly do not recommend engineering in any form --they would be bored out of their squashs and in-trouble/restless all their lives. I encourage academia --the last refuge of the absent-minded professors and researchers. I do not like academia in general, but at least you can breath. all the government wants and expects is mindless robots, useless automans. I have "persuaded" more than one school district and its teachers to stop playing with my kids' heads, trying to change them to Hillary's mold for a global village... (so I practiced a little: "...intimidation is just another form of communication" --BFD, whatever works...). even today's computer kids are poorly focused; they have no concept of what's under the hood, or why! they have no interest in the technology, methodology, or the modular concept of solution. they in the turn, and sooner than later, will be burned out without a clue of how to improve the interrelated functions. grade school children with calculators??? how are they supposed to absorb the rote learnign drill which makes it possible to "think on your feet?" The ability to mentally calculate and visualize are the keys of a generalist. *generation 4: MTV and power action games of death and violence. actually, I am not qualified to speak on either. I have never allowed a TV or video game in my house. - -- without arms they do not resist; without communication they know not what to resist. -attila -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMqoCQL04kQrCC2kFAQHBUAQAxItjS573rKpQ2NgAD77JuOcy2s/a6aFj sbak8xWZ4rwd0dlTeTIZc2ahjIIGDDY/QEiFxonz0M6i0T+BJkRyUawOY0XakYEb uhumEO1VWcbj6IdA+zfi1sC5VMEQTXGP4S88VBF0FQDfibdGlxTOa0DECG3jYp12 AOlXiS5fwcE= =sfql -----END PGP SIGNATURE----- From samiam at coqui.net Sat Dec 7 15:58:48 1996 From: samiam at coqui.net (Rosario Family) Date: Sat, 7 Dec 1996 15:58:48 -0800 (PST) Subject: [Fwd: Returned mail: User unknown] Message-ID: <32A9CBCC.731A@coqui.net> An embedded message was scrubbed... From: unknown sender Subject: no subject Date: no date Size: 4531 URL: From attila at primenet.com Sat Dec 7 16:26:31 1996 From: attila at primenet.com (attila at primenet.com) Date: Sat, 7 Dec 1996 16:26:31 -0800 (PST) Subject: Laptops and TEMPEST In-Reply-To: <3.0.32.19961207151252.0068e328@netcom14.netcom.com> Message-ID: <199612080027.RAA19767@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- In <3.0.32.19961207151252.0068e328 at netcom14.netcom.com>, on 12/07/96 at 03:12 PM, Lucky Green said: :: As for any government directives requiring companies to make :: computers leak, I know of none, but CAVEAT: I've been retired :: from source info since '91, and most of my friends/fellow engrs :: who occasionally got together for a few brewskis and BS sessions :: over in Mt. View have either gone to better jobs (more $$$), :: transferred back east, or inconsiderately died. So, who :: knows? are you, as well as your correspondent, showing your age, already? slides up on you. I didn't need reading glasses until 55 --but, wow, did it head for the far end of the range in just a few months. - -- Now, with a black jack mule you wish to harness, you walk up, look him in the eye, and hit him with a 2X4 over the left eye. If he blinks, hit him over the right eye! He'll cooperate. --so will politicians. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMqoK5L04kQrCC2kFAQFGlAQAv/XDHYKdc1Ma+0zhOcy6cJI0V47w76co BI576BrBG83G4O5Ipp0GiT5vzA+3AE44x0wGhZMNKTf9UsGFR9GgK5HP3xD2FcdV 97+aCmoy7ZsfqsVCRUQDh8e5OoQJ/VymTyKuaIdVlJ8Zfw6CJXyIM+0yxFxoCtrr M/jC/jq0uuI= =Pv7C -----END PGP SIGNATURE----- From ichudov at algebra.com Sat Dec 7 17:30:30 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sat, 7 Dec 1996 17:30:30 -0800 (PST) Subject: Laptops and TEMPEST In-Reply-To: <3.0.32.19961207151252.0068e328@netcom14.netcom.com> Message-ID: <199612080126.TAA27410@manifold.algebra.com> Lucky Green wrote: > If you really need to keep your information processing > "private", then you can either isolate yourself inside > a double-shielded room of solid copper; power everything > with batteries; have no wires leading out of that room; > make damned sure the door has the nice secure wiping strips > to complete the shield when you close it -- or move your > information processor into the middle of a whole bunch of > the same or worse RF/RFI/EMI emitters, and just _maybe_ > your data will get lost or become inaccessible because > of the overload of the detection equipment by much larger > interference fields. > > Or use paper, pencil, and one-time pads and burn everything > that's done "in the clear" and really scrunch the ashes into > dust. > [Again, I am not the author of the above post.] An interesting use of one time pads -- to keep one's own secrets. And where to keep the pads themselves? - Igor. From attila at primenet.com Sat Dec 7 19:37:33 1996 From: attila at primenet.com (attila at primenet.com) Date: Sat, 7 Dec 1996 19:37:33 -0800 (PST) Subject: The Science Generations In-Reply-To: <199612071749.JAA08668@comsec.com> Message-ID: <199612080338.UAA24072@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- In <199612071749.JAA08668 at comsec.com>, on 12/07/96 at 09:49 AM, Eric Blossom said: ::> Indeed, in the 1970s I was using H-P 9825s and DEC PDP 11/34s, but ::> the teenagers of that decade were, if they were fortunate and ::> energetic, using PETs, Apple IIs, and the like. ::Right On! PDP 11's rule!!! ::My favorite one was an 11/34 with "Hardware Floating Point" that had a ::GT-43 vector display processor as a coprocessor. :: that's what I thought until my 11/44 rolled in! ::You'd build a double ::buffered display list of vector instructions for the coprocessor, ::using your handy dandy fortran program, and then let it rip. As long ::as you weren't trying to do hidden line removal, or draw more than ::about 200 vectors, you could get smooth, real-time wire frame ::animation. We had it hooked up to a couple of knob boxes and some ::nice three axis joy sticks connected to 10 bit A/D's. :: you're showing your age, too! remember the old, old Logo before the IBM PC --ran on an 11/34? and the sandbox for the turtle. I still had an 11/34 when my youngest son was 2-3; and he would spend hours driving the turtle with its headlight in the sand, trailing its umbilical cord until he would hopelessly entangle it --and the old DEC Gigi keyboard which was only produced for educational sales --I managed to acquire a salesman's demo. I still have the Gigi, the special color monitor, and the source code tape from U of Toronto via DEC --compiled it on V6 UNIX if I remember, then Berkeley 3.9 for the 11/44 I had just acquired which was obsoleted by a pair of Vaxen in about a year. am I showing my age, yet? BTW, I think I can still read 9 track tapes. The old Pertec 800/1600 is still racked with a minivax with Ultrix V7. anyone still wish to play with that old dinosaur? - -- Cyberspace is OUR Freedom. FUCK your CDA! and, FUCK your WIPO, too. -attila -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMqo3wr04kQrCC2kFAQF7nwP+LM3FpVutojYbQCFPrRpOJZqtLC7r5+pw 68yo0gV0xmaMwVvkNSE48x4Y9ApkuLurE6wjDP1OyqY2IpF4vqORejpass223qtU Iz7mlds+uMP11nnct34OF+Q4vkE+ey5xHhd6Xz1ejRQ0wUaA23NWEabQPMr2iLEd 1aL5uPkp0c0= =F0ZH -----END PGP SIGNATURE----- From thad at hammerhead.com Sat Dec 7 20:41:47 1996 From: thad at hammerhead.com (Thaddeus J. Beier) Date: Sat, 7 Dec 1996 20:41:47 -0800 (PST) Subject: Laptops and TEMPEST Message-ID: <199612080443.UAA01700@hammerhead.com> I'll bet that the laptop that was radiating stuff was doing it from the external VGA port that many laptops have, rather than from the LCD screen. thad -- Thaddeus Beier thad at hammerhead.com Visual Effects Supervisor 408) 287-6770 Hammerhead Productions http://www.got.net/people/thad From thad at hammerhead.com Sat Dec 7 21:13:35 1996 From: thad at hammerhead.com (Thaddeus J. Beier) Date: Sat, 7 Dec 1996 21:13:35 -0800 (PST) Subject: PICS is not censorship Message-ID: <199612080515.VAA01745@hammerhead.com> tcmay at got.net ("Timothy C. May") sez > This is why I fear PICS. Democracy has run amok in the Western world, and > the various "herds" will vote to constrain the freedoms of other members of > the herd. > > My Prediction: If PICS is used voluntarily by more than 80% of Net users to > label their Web pages and their writings, etc., then less than 3 years > later PICS will be mandated in the United States and other such countries. PICS, or something like it, is the absolutely right response to calls for true Internet censorship. People agreeing to a language, a way of communicating, is a good thing. Did you object to HTML? TCP/IP? Other agreements that limited the way that people communicate? I don't think that PICS will be mandated any more than those two standards are mandated, perhaps I'm naive, but I think that the social conventions will work in this case. I suppose the a better solution would have been to have many competing private rating services, but PICS will work well, not put much load on the net, and is transparent and simple. I like it. thad -- Thaddeus Beier thad at hammerhead.com Visual Effects Supervisor 408) 287-6770 Hammerhead Productions http://www.got.net/people/thad From varange at crl.com Sat Dec 7 21:24:34 1996 From: varange at crl.com (Troy Varange) Date: Sat, 7 Dec 1996 21:24:34 -0800 (PST) Subject: wealth and property rights Message-ID: If the free market is a good thing, that it's a democratic way of getting the best to the top of the economic ladder, then I see no reason why this should not also apply to politics. The people have every right to use democracy to establish a non-democratic system re: abolishment of the wealthy as a class and sentencing the entire Forbes 400 and their underlings to 25 years at forced labor, say 16 hour days at picking vegetables under the pain of the knouted whip. No Libertarian could oppose the use of the political free market of democracy for undemocratic ends; that would violate the spirit of liberty! -- Cheers! From richieb at teleport.com Sat Dec 7 23:37:58 1996 From: richieb at teleport.com (Rich Burroughs) Date: Sat, 7 Dec 1996 23:37:58 -0800 (PST) Subject: cause for alarm Message-ID: <3.0.32.19961207233839.00696dbc@mail.teleport.com> The dec96 issue of _cause for alarm_ has hit the web. You can get to it via the home page, at: http://www.teleport.com/~richieb/cause/ _cause for alarm_ is a zine which explores threats to freedom of speech, as well as other online freedoms. This month's features focus on the persecution of Bernie S, and the landmark Bernstein v US Department of State crypto case. Past topics have included a primer on starting local activist groups, Intel's hosing of Perl wizard Randal Schwartz, and the Church of Scientology. Also, interviews with prominent Net activists. I'm seeking contributions for future issues. If you'd like more info, point your web browser at: http://www.teleport.com/~richieb/cause/submit.html Or send email to richieb at teleport.com with the words "submission guidelines" (without the quotes) in the subject line of your message. Rich Burroughs Editor and Publisher, cause for alarm http://www.teleport.com/~richieb/cause/ From frantz at netcom.com Sun Dec 8 00:18:31 1996 From: frantz at netcom.com (Bill Frantz) Date: Sun, 8 Dec 1996 00:18:31 -0800 (PST) Subject: PICS is not censorship Message-ID: <199612080818.AAA05613@netcom7.netcom.com> At 12:02 PM 12/7/96 -0800, Timothy C. May wrote: >So, as long as PICS is fully voluntary, and I mean _fully_ voluntary, civil >libertarians will likely not object. After all, it's just a system _some_ >other people (maybe even most) are voluntarily adhering to. However, the >pressure to stop "rogues" from "subverting" the PICS system by either not >using it, or by deliberately monkeywrenching it, will be enormous. The last time I looked at PICS, there was a mode where sites were checked against a third party "PICS server", and a mode which used signed ratings. Now I am not saying these modes can't be hacked. I don't remember the details well enough. But they should be somewhat resistant to problems with false self-rating. (How these "PICS servers" and "Rating signers" keep up with the number of sites and the growth of web page publishing is not at all clear. It would seem to me that it would require many people. Perhaps the Christian Coalition can put together a cooperative effort among their members.) Note that the "PICS server" approach has major privacy problems. However, I don't think that many censors are interested in privacy, so they may not be a barrier to censorious parents. ------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA From furballs at netcom.com Sun Dec 8 00:37:21 1996 From: furballs at netcom.com (furballs) Date: Sun, 8 Dec 1996 00:37:21 -0800 (PST) Subject: PICS is not censorship In-Reply-To: <199612080515.VAA01745@hammerhead.com> Message-ID: On Sat, 7 Dec 1996, Thaddeus J. Beier wrote: > tcmay at got.net ("Timothy C. May") sez > > This is why I fear PICS. Democracy has run amok in the Western world, and > > the various "herds" will vote to constrain the freedoms of other members of > > the herd. > > > > My Prediction: If PICS is used voluntarily by more than 80% of Net users to > > label their Web pages and their writings, etc., then less than 3 years > > later PICS will be mandated in the United States and other such countries. > > PICS, or something like it, is the absolutely right response to calls > for true Internet censorship. People agreeing to a language, a way > of communicating, is a good thing. > > Did you object to HTML? TCP/IP? Other agreements that limited the way > that people communicate? > > I don't think that PICS will be mandated any more than those two standards > are mandated, perhaps I'm naive, but I think that the social conventions > will work in this case. > > I suppose the a better solution would have been to have many competing > private rating services, but PICS will work well, not put much load on > the net, and is transparent and simple. I like it. > > thad I disagree. If people want a rating system, then they should voluntarily do it, not have it shoved down their throats "for their own good". Your examples are bogus in the light of what PICS is and what TCP/IP is. One is a transport layer, the other a label for flagging. While both can control the flow of information, there is a big difference between the political behavior of the two as seen by the great unwashed who fain to rule over us. TCP/IP to them means nothing becuase they do not understand it's relation to content. However, they do understand PICS as it's whole existence is to delineat and ultimately control content. They pushed the development of PICS and it's ilk for the express purpose of *control*. TCP/IP was developed for the express purposed of common ground for dissemination. I would suggest you rethink the position. I'll give you a better example of why PICS *wont* work despite the Clintonista's claim of caring for children. You remember Playboy. That magazine was a right of passage for many a 12 or 13 year old boy who could get his hands on it. Could they buy it? No, that was against the law. So where did they get it? Dad, ofcourse. His subscription came every month, and "johnny" had no trouble finding it once Dad hid it. Or, it came by way of "johnny's" big brother's room; or a friend with the same circumstances at his home. Regardless of the smut laws on the books, regardless of how zealous the local constable was in rooting out the evils of pornography, you could find the magazine and pre-teens willing to look in many places. Did the government ban Playboy? No.. So why do you think they are all fired up about banning smut on the Internet (which BTW is international in scope) ? I'll tell you why... control, plain and simple control of information. Let's go back to one small piece of the CDA: the phrase "patently offensive". Now, I have yet to see a *consistent* legal defintion of obscene, much less "patently offensive". Now, let's suppose that someone publishes a piece that says to the effect "I think that Clinton is a complete idiot because of policies 'X', 'Y', and 'Z'" and critiques them verbalizing reasons why these policies are a failure. What's to stop her majesty and Bill from saying "We are patently offended by this material"? Nothing. Nothing now. But, if the CDA is enforced, then it is not unreasonable to forsee another shade of grey come into being by making it a jailable offense to openly critisize the government's mandated policies as it goes to (Clinton's favorite euphemism) "National Security and the reputation of the United States amongst it's peers". (Not that we enjoy any peerage these days). Any legal manuevering that restricts legitimate critism of the federal goverment's policies, actions, or positions diminshes the effectiveness of the First Amendment. If our elected officials can not be publicly chastized and shamed into enacting good policy or dispensing the will of the people, then we have a Republic in name only. That is why the Consitutuion starts with "We the People of the United States..." not "We the Government of the United States..." That is why the First Amendment is about free speech and the Second Amendment concerns the right to bear arms. The Founding Fathers believed in the people's ability to "adjust" government when government became like George III. On the surface, PICS seems harmless to the average person. It's the hue and cry "ofcourse we should protect our children!" From what? Themselves? Other people? Good Information? Bad Information? (choice your poison). More to the point, it is people wanting to alleveat their responsibility as parents from dealing with their children. They are willing to give up a portion of their free agency to try and avoid parenting and the government is only too eager to help. One question: can you really legislate morality and make it stick? ...Paul From paul at fatmans.demon.co.uk Sun Dec 8 00:54:55 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Sun, 8 Dec 1996 00:54:55 -0800 (PST) Subject: What's a "fingerprint" ? Message-ID: <850034599.56426.0@fatmans.demon.co.uk> > Subject: Re: What's a "fingerprint" ? Sorry punks, my mailer somehow posted my reply to this question 5 or 6 times, the spam was not intentional... Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey" From paul at fatmans.demon.co.uk Sun Dec 8 00:59:18 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Sun, 8 Dec 1996 00:59:18 -0800 (PST) Subject: "Family Channel" of the Internet? Message-ID: <850034600.56427.0@fatmans.demon.co.uk> > inspected and approved. He said that they were going to do this, again I > quote, "using the same encryption that Visa and Mastercard use." The > last statment pegged my bogometer, of course. Sounds distinctly bogus to me... > 1) Is it technically possible for them to limit access to only approved > IP addresses? If so, how can they do this, and is it possible to get > around these measures. Yes, there are a number of ways probably the easiest of which would be a proxy server. A number of corporations have these set up so their employees spend more time looking at relevant information and less looking at porn sites ;-) > 3) In general, how would you use crypto to ensure that your users only > connected to approved sites, regardless of the platform or browser > software they were using? I assume here he means that the pages will be encrypted at the ISP end and the browser will only decrypt the pages the user logged on at that time has access to. This all sounds very confused to me, he is talking bollocks I would wager. > I asked the guy to send me some technical details. If I receive them, > I'll share unless he makes me sign an NDA. I would be interested to see them but would guess at this point he doesn`t quite understand what he`s talking about himself... Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey" From dlv at bwalk.dm.com Sun Dec 8 05:20:14 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 8 Dec 1996 05:20:14 -0800 (PST) Subject: cypher-PUNKS... In-Reply-To: Message-ID: <31BmyD51w165w@bwalk.dm.com> More fan mail from John Gilmore and his friends: >Received: from random.sp.org (deviant at random.sp.org [152.52.195.2]) by random.sp.org (8.6.12/8.6.12) with SMTP id FAA08153 for ; Sun, 8 Dec 1996 05:39:40 GMT >Date: Sun, 8 Dec 1996 05:38:57 +0000 (GMT) >From: The Deviant >X-Sender: deviant at random.sp.org >To: "Dr.Dimitri Vulis KOTM" >Subject: Re: cypher-PUNKS... >In-Reply-To: >Message-Id: >Organization: The Silicon Pirates >Mime-Version: 1.0 >Content-Type: TEXT/PLAIN; charset=US-ASCII > >-----BEGIN PGP SIGNED MESSAGE----- > >On Sat, 7 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > >> "Timothy C. May" writes: >> > I've initiated more threads on crypto-related and politico-crypto topics >> > than nearly anyone else. >> >> Ritalin, attacks on Mormons, assault rifles, attacks on "crazy Russians"... >> >> Crackpot spammer Timmy May (fart) lies again. > >Dimitri, just go away. Tim _has_ initiated more crypto-relivant >discussions on this list than anybody else I can think of, and the only >thing I've seen you initiating around here is spam wars. Just go the hell >away. > > --Deviant Silly Deviant, How could Timmy May initiate a crypto-relevant thread if he knows nothing about crypto? Timmy posted a series of message via anonymous remailers praising himself and calling himself "a genius among geniuses" or some such. What a moron. From jya at pipeline.com Sun Dec 8 08:19:38 1996 From: jya at pipeline.com (John Young) Date: Sun, 8 Dec 1996 08:19:38 -0800 (PST) Subject: KEE_pin Message-ID: <1.5.4.32.19961208161626.0069f66c@pop.pipeline.com> The NYT reports today on the administration's new national security team and the formulation of policy to focus on international crime as a national security threat. Cited are thriving Russian black marketers selling hardware, software, and skills developed by the USSR; high-technology which has speeded communication and dissolved national borders; the diffusion of many enemies rather than a single superpower. The nature of crime has changed. No longer limited to drugs, terrorism and flight from justice, now there's money laundering, kidnapping, smuggling, credit card scams, even auto theft. It describes measures to combat this threat to all nations by cooperating and competing foreign affairs, intelligence and law-enforcement agencies around the world. None so trusting of each other. Some fund- and purpose-scrambling agencies klaxon that international crime is now as grave as nuclear proliferation and ethnic conflict. The three threats may merge, and new nations are at greatest peril. Which supports the administration's bulldogged clamp on crypto export limits: if we knew what they knew about rogue, ex-officials arranging their future with successors inside -- they need to communicate in private. What crypto will Perry, Deutch and consorts use to keep secrets among the few who know what we don't -- yet? Cryptanalysts, dissolve borders set by secret pacts. ----- KEE_pin From firstpr at ozemail.com.au Sun Dec 8 09:27:04 1996 From: firstpr at ozemail.com.au (Robin Whittle) Date: Sun, 8 Dec 1996 09:27:04 -0800 (PST) Subject: PICS is not censorship Message-ID: <199612081726.EAA20762@oznet02.ozemail.com.au> I agree to a certain extent with Timothy May about the potential for content labelling of Internet resources being made compulsory in the US. The country seems at times to be run be run by nutcases and their elected representatives. There are huge swings in fashion regarding prohibition, liberty etc. To the extent that this is a risk, lets hope it is only an American problem. I understand that the Australian Broadcasting Authority http://www.dca.gov.au/aba/invest.htm does not recommend compulsory labelling. thad at hammerhead.com (Thaddeus J. Beier) wrote: > I suppose the a better solution would have been to have many competing > private rating services, but PICS will work well, not put much load on > the net, and is transparent and simple. I like it. This may be seen to imply that PICS is a ratings service or a single set of values. It is not. PICS is a protocol for labelling things, either within themselves or labelling them remotely. There can be any number of value systems for labelling things. See my site for links to the PICS site and some discussion. However, talk of "compulsory PICS" really must mean that all content be labelled with a PICS protocol label (presumably inside the resource itself) according to _at_least_one_ globally or nationally mandated value system. Even with a descriptive rather than an evaluative value system (see ABA Chairman's recent speech at above link) I think it would take years to come up with a descriptive value system which would be generally useful for filtering material according to child protection, cultural specific issues (like Singapore banning horse race tipping and astrology) and protecting adults/employees from violence, erotica, gambling etc. etc. Then the value system would be impossibly complex. Then, how would you decide whether something was properly labelled. This is probably off topic for Cypherpunks (if that is indeed possible) so I won't say any more. - Robin . Robin Whittle . . http://www.ozemail.com.au/~firstpr firstpr at ozemail.com.au . . 11 Miller St. Heidelberg Heights 3081 Melbourne Australia . . Ph +61-3-9459-2889 Fax +61-3-9458-1736 . . Consumer advocacy in telecommunications, especially privacy . . . . First Principles - Research and expression - music, . . music industry, telecommunications . . human factors in technology adoption. . . . Real World Interfaces - Hardware and software, especially . . for music . From jmr at shopmiami.com Sun Dec 8 09:31:24 1996 From: jmr at shopmiami.com (Jim Ray) Date: Sun, 8 Dec 1996 09:31:24 -0800 (PST) Subject: Gosh, now I feel much better... Message-ID: <199612081731.MAA42352@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: cypherpunks at toad.com Date: Sun Dec 08 12:31:18 1996 http://www.usnews.com/usnews/issue/9arms.htm Has an interesting story by by Peter Cary, Douglas Pasternak and Penny Loeb, about big mother's great care in disposing of munitions; including, but not at all limited to, encryption. For sale are attack helicopter partss, bombs, missiles, guidance systems, howitzer parts, computers, and yes, military cryptosystems. While by law all these things are supposed to be demilitarized, they aren't in many cases. They are instead evidently sold as scrap (and at scrap prices) and go to nice countries like China. If it were closer to April 1st, I would doubt this story is real. According to the assistant U.S. attorney in Sacramento, "The scope of this program and the amount of materiel going out the door is so huge, people normally don't believe you. Only the government could have a program where they give everything away for free and they screw it up." Couldn't have said it better myself... JMR Regards, Jim Ray DNRC Minister of Encryption Advocacy One of the "legitimate concerns of law enforcement" seems to be that I was born innocent until proven guilty and not the other way around. -- me Please note new 2000bit PGPkey & address PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5 57 52 64 0E DA BA 2C 71 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEPAwUBMqr7ajUhsGSn1j2pAQG8dAfQrBqvkOgXWaT507n5mxYX7kGYDr2hSEz+ cgVkTlipih2ThLRfLWlgO8+cwodifUkQDCAdpA1GKqCJL08ZBdnRex+ecygcrKP/ 84pIa2PfOtpeK6Srggpp8X5/aodBDlsZR2n++rJA1b65m6T54g6LvDrEwiv9dStR /4VaMGlAz465XbgjPmCQ5ME44p7cKk0ZQ/Q3kKdpyZTfRC6H+Xl1PVQq87dm1eYQ ibyA3VzFRGAIy9lLdMW4RuGoCqw0yKpdaVY8Bjhv8LVWUkETADbfCWPG3gXmkpV/ Hm4tEvdtV99wXygyjTBd1zlbKTuZa0GPd46reBJlo5Xylg== =kZ+Z -----END PGP SIGNATURE----- From jmr at shopmiami.com Sun Dec 8 09:31:35 1996 From: jmr at shopmiami.com (Jim Ray) Date: Sun, 8 Dec 1996 09:31:35 -0800 (PST) Subject: Gosh, now I feel _much_ better... Message-ID: <199612081731.MAA15546@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: cypherpunks at toad.com Date: Sun Dec 08 12:31:34 1996 http://www.usnews.com/usnews/issue/9arms.htm US News has an interesting story by by Peter Cary, Douglas Pasternak and Penny Loeb, about big mother's great care in disposing of surplus munitions; including, but not at all limited to, the encryption variety. For sale are attack helicopter parts, bombs, missiles, guidance systems, howitzer parts, computers, and yes, military cryptosystems. While by law all these things are supposed to be "demilitarized," they aren't, in many cases. They are instead evidently sold as scrap (and at scrap prices) and go to nice countries like China. Maybe I'm missing something or being fooled, if it were closer to April 1st, I would doubt that this story is real. According to an assistant U.S. attorney in Sacramento, "The scope of this program and the amount of materiel going out the door is so huge, people normally don't believe you. Only the government could have a program where they give everything away for free and they screw it up." I couldn't have said it better myself... And *they* think _WE_ need more "gun control." JMR Regards, Jim Ray DNRC Minister of Encryption Advocacy One of the "legitimate concerns of law enforcement" seems to be that I was born innocent until proven guilty and not the other way around. -- me Please note new 2000bit PGPkey & address PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5 57 52 64 0E DA BA 2C 71 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEPAwUBMqr7ezUhsGSn1j2pAQEybwfPSUQ4pPXDFtCBvMAoBXpSQm7QcY3Qp/Dr jVFrHhxuyTz+jpcHMxE9AKt468UL60CrVVNZ/vPYlz9/nuabHVgKEB5F9hvuR7zj jP67eGpeO5ck3vttQDiyvB3DzkaSqaJVre01dXoL3OenXRYnd7HVLg2S8HzdERqv gIHMIbFE5wMd7wjG7YkCwzVFVD7aK+erxuuI0lNA8b8/sfEkhdJUw1FMOJsIUh6R qbQi4GFipIcTuUcipYiKgq73gb7b9KTT9SvERQ9i2acfPIBPILoi0vsJc+46Dukh CC0pFdpDbvefYYqeAiPEzUMdQY5PxLtSVp+Wk5pRvnVw+A== =DQYX -----END PGP SIGNATURE----- From dthorn at gte.net Sun Dec 8 10:15:34 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 8 Dec 1996 10:15:34 -0800 (PST) Subject: The Science Generations In-Reply-To: <199612080818.AAA05597@netcom7.netcom.com> Message-ID: <32AB0479.41BD@gte.net> Bill Frantz wrote: > Off list 'cause it's off topic. > Dale - My experiences don't parallel yours. (BTW - I agree that HP makes > good equipment. HP has always been one of the industries class acts. I > just don't agree that you couldn't do small business computing on > Apple/IBM/Osborne etc. because many people did it.) > I never used an Apple ][ hard disk, but I worked in a room with perhaps 30 > IBM PCs with the first 5MB disks for about three years. Don't ever > remember any of them crashing. > Yea, I remember doing that once in the eight years or so we ran the system. > Better reliability than some 4 function calculators I had. The point is > not that these systems were better than your beloved HPs. The point is > that they were good enough so many people used them for serious applications. > Applications that earned these systems a place in the business. > Applications that returned more to the business than the cost of the systems. The phrase "your beloved HPs" gives your hand away. The truth is, many customers I knew would reiterate exactly what you said. But when I would press for details, I would find that they were *very* lightweight apps, and the ability to deliver day in day out was essentially nonexistent. BTW, I don't see above where you said what would happen to the IBMs or Apples when the power shut off while writing to the hard disk.... And Apples and IBMs *did* require surge protectors, not provided by the manufacturer. And neither Apple or IBM would repair their own stuff. This last point is very important to me, but I can see where it would be lost on non-professional users. HPs were made for use in less than ideal environments, which is why: 1. When you use an HP or Apple in lots of areas of Southern California, particularly close to the ocean where most people live, the HP will perform for a long time and the Apple will corrode rather quickly. 2. When I went to a show in Anaheim once in the summer, and the air conditioning quit, and the temperature reached 100+ fahrenheit in the display areas, the HPs were the only micros still running. 3. As far as calculators go, try leaving several CMOS machines in your locked car with windows up in the summer for, say, 3 or 4 hours while you're inside of a mall, to name an example. See which ones still have their CMOS data intact. To sum up, when you haven't had to depend on professional gear for real production work at home or on the road, you can't make these kinds of judgements knowledgeably. The main gripe I have about postings like this is that they argue on emotion about a technical issue. HP is far from a *good* company these days. Matter of fact, the day that they introduced the HP-150 (touchscreen) computer, they yanked the engineers off the new-item rollout team and replaced them with IBM PC dodos who knew nothing about HP. This is very similar to what Volkswagen did when they dumped the reliability ads for the Beetle and started cranking up the sexy ads for the Rabbit. That's when Honda started to eat Volkswagen's lunch, 20 years and running. I can see clearly where this strategy put HP a lot of years behind the competition. You will recall, of course, that HP started this whole thing with the first-ever personal (take it home and plug it in and start programming in Fortran immediately) computer, the 2116A, in 1966. Expensive, yes, but still by every technical account a personal computer. In case you haven't noticed, and in spite of HP being full of assholes these days (I don't use that term lightly), HP has gained market share in PCs (not just printers) against Apple and IBM by a factor of several times. HP is now #2 in the PC server market, for example. How Compaq got to be #1 I don't know, since when I worked in Pasadena we couldn't leave the machines on all day, since none of them would last more than 3 weeks that way. From dthorn at gte.net Sun Dec 8 10:17:27 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 8 Dec 1996 10:17:27 -0800 (PST) Subject: Laptops and TEMPEST In-Reply-To: <199612080126.TAA27410@manifold.algebra.com> Message-ID: <32AB05C0.346C@gte.net> Igor Chudov @ home wrote: > Lucky Green wrote: > > If you really need to keep your information processing > > "private", then you can either isolate yourself inside > > a double-shielded room of solid copper; power everything > > with batteries; have no wires leading out of that room; > > make damned sure the door has the nice secure wiping strips > > to complete the shield when you close it -- or move your > > information processor into the middle of a whole bunch of > > the same or worse RF/RFI/EMI emitters, and just _maybe_ > > your data will get lost or become inaccessible because > > of the overload of the detection equipment by much larger > > interference fields. Or use paper, pencil, and one-time pads > > and burn everything that's done "in the clear" and really > > scrunch the ashes into dust. > > [Again, I am not the author of the above post.] > An interesting use of one time pads -- to keep one's own secrets. > And where to keep the pads themselves? I apologize sincerely for mentioning this, but in reference to "where to keep the pads", maybe that's why Don Wood (when he was at NSA) got into doing what he does. From dsmith at prairienet.org Sun Dec 8 10:23:32 1996 From: dsmith at prairienet.org (David E. Smith) Date: Sun, 8 Dec 1996 10:23:32 -0800 (PST) Subject: cypher-PUNKS... Message-ID: <199612081821.MAA12262@cdale3.midwest.net> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: dlv at bwalk.dm.com, cypherpunks at toad.com Date: Sun Dec 08 12:22:55 1996 > Timmy posted a series of message via anonymous remailers > praising himself and calling himself "a genius among geniuses" or some > such. That charge is every bit as foundless as the charges that you are responsible for the "A Daily Warning Regarding Tim May" posts of a while back, or the current round of remailed messages featuring the sickeningly cutesy ASCII graphics at the bottom. OTOH, if you've discovered a way to gain access to the remailers in such a fashion as to prove those messages originated from Tim May, please share. (It just might be crypto-relevant, which would be a small miracle on the cypherpunks list these days :) > What a moron. I'm not even touching that sentence. It's just too tempting. - ----- David Smith, Thinker of Deep Thoughts :) http://www.prairienet.org/bureau42/library.html -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMqsHlnEZTZHwCEpFAQF7iwf9Ers31ZMzVyKglW2DON71s/x9w9iqPlzV ISWZLyJPNjzUkrhg67XGAuumaJB+gmSYmnnn4xVfW1bmBHD2r3p+d0zG7sE0vc/e M2YlMq7b3oUv7XcRRRwAycasboqidpsNoQUq3eiwcraHessYIKSm6PezOgjB+DOG rC9u+zirILrjmS7F6wizHB5Eex/VnK9kwbBmpOmGVPuS+muxeEF1GONeuRI+cibD Q0M8PqTyPuSA/T2AD6IIH51hAf0+nTxrxUzfioK8/OAMYnk3gdhJzsi7SfK8fzdJ SjqdqI5fJ4RGVy7p3GHthnS8d70VMcoTwaWAeETQvsuugd24bLowYg== =yaDS -----END PGP SIGNATURE----- From mwohler at ix.netcom.com Sun Dec 8 10:32:33 1996 From: mwohler at ix.netcom.com (Marc J. Wohler) Date: Sun, 8 Dec 1996 10:32:33 -0800 (PST) Subject: New York Area CPUNKS meet Message-ID: <3.0.32.19961208131249.006b2f50@popd.ix.netcom.com> -----BEGIN PGP SIGNED MESSAGE----- The NewYork City area Cypherpunks will meet on the UpperWest Side of Manhattan. Date: Thursday 12/19/96 Time: 7:30 PM Place: The Club. Park Royal Hotel, 23 West 73rd Street. Between Columbus & Amsterdam Avenue. Subway stops: 72nd & Broadway #1 #9 #2 #3 (express stop) 72nd & Central Park West A or D trains Refreshments: BYOB & snacks. We can order out for dinner. All our welcome but please email me your intention to attend (if you have not already done so.) Marc -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMqsDk2eikzgqLB7pAQHxFgP9FbdXYo4qiubH9zBFW+CdQb5LZVxKAhWB EwfV+2EquVT94dokYMN9P0n26ZIozJejpXf44QLLgNPvWHqHB8Wult/U7zyVeVid 1YVRftVFnxPlBjkabH5yGR8efP7L2i5Ynh5X8I0jFy9G8Wfilxsg8QT8r+eYtDWB g/b4Wpr0/0w= =CIyV -----END PGP SIGNATURE----- From nobody at cypherpunks.ca Sun Dec 8 11:42:31 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Sun, 8 Dec 1996 11:42:31 -0800 (PST) Subject: [CRYPTO] PGP Message-ID: <199612081938.LAA31429@abraham.cs.berkeley.edu> Timothy C[retin] May's IQ is lower than the belly of a pregnant snake. . o c , `'#v-- --v#`' Timothy C[retin] May /'> <`\ From frantz at netcom.com Sun Dec 8 11:45:58 1996 From: frantz at netcom.com (Bill Frantz) Date: Sun, 8 Dec 1996 11:45:58 -0800 (PST) Subject: The Science Generations In-Reply-To: <199612080818.AAA05597@netcom7.netcom.com> Message-ID: At 10:10 AM -0800 12/8/96, Dale Thorn wrote: >The phrase "your beloved HPs" gives your hand away. What hand? You appeared by your statements to be a lover of HP stuff. I now find it was only from that era. My of my hand is only to say that people DID use them other things for real business uses. Your posts appeared to say that was impossible. However, as Bob Hettinger says, "Reality is not optional." ------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA From sakwad at earthlink.net Sun Dec 8 14:28:47 1996 From: sakwad at earthlink.net (Scott Kimmel) Date: Sun, 8 Dec 1996 14:28:47 -0800 (PST) Subject: info Message-ID: <32AADE6F.8AB@earthlink.net> From shamrock at netcom.com Sun Dec 8 15:51:29 1996 From: shamrock at netcom.com (Lucky Green) Date: Sun, 8 Dec 1996 15:51:29 -0800 (PST) Subject: Please post Eudora PGP plugin URL Message-ID: <3.0.32.19961208153244.006a7474@netcom14.netcom.com> At 05:31 PM 12/7/96 -0500, Alec wrote: >At 04:57 PM 12/6/96 -0800, you wrote: >:Or Email it to me >: >: >:Thanks in advance >: >You're welcome > >----------------------------------------------------- >Eudora/PGP Plug-In [...] >If you want to be automatically notified of new versions, send e-mail to >gt6525c at prism.gatech.edu with the subject of "eppi news", and the following >message body: Just FYI, while the plugin is still available, email to this address has been bouncing for weeks. It is therefore impossible to submit bug reports or subscribe to the EPPI mailing list. If somebody on this list knows the current address of the EPPI author, please post it. Thanks, -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://ourworld.compuserve.com/homepages/justforfun/prime.htm From shamrock at netcom.com Sun Dec 8 15:51:42 1996 From: shamrock at netcom.com (Lucky Green) Date: Sun, 8 Dec 1996 15:51:42 -0800 (PST) Subject: PICS is not censorship Message-ID: <3.0.32.19961208154000.006adf40@netcom14.netcom.com> At 09:15 PM 12/7/96 -0800, Thaddeus J. Beier wrote: >I don't think that PICS will be mandated any more than those two standards >are mandated, perhaps I'm naive, but I think that the social conventions >will work in this case. Let's put the question if something like PICS will be mandated aside for the moment. Do you agree that sites that deliberately mislabel their content, will eventually face legal action? If so, then PICS should not be considered truly voluntary. -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://ourworld.compuserve.com/homepages/justforfun/prime.htm From Bryondp at aol.com Sun Dec 8 16:48:26 1996 From: Bryondp at aol.com (Bryondp at aol.com) Date: Sun, 8 Dec 1996 16:48:26 -0800 (PST) Subject: take me off the list Message-ID: <961208194747_1953081358@emout15.mail.aol.com> take me off the list From dthorn at gte.net Sun Dec 8 17:28:39 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 8 Dec 1996 17:28:39 -0800 (PST) Subject: The Science Generations In-Reply-To: <199612080818.AAA05597@netcom7.netcom.com> Message-ID: <32AB6AAA.79D@gte.net> Bill Frantz wrote: > At 10:10 AM -0800 12/8/96, Dale Thorn wrote: > >The phrase "your beloved HPs" gives your hand away. > What hand? You appeared by your statements to be a lover of HP stuff. > I now find it was only from that era. > My of my hand is only to say that people DID use them other things for > real business uses. Your posts appeared to say that was impossible. > However, as Bob Hettinger says, "Reality is not optional." First, let me apologize for something I try never to do. When someone sends private email, if I put it to the list I should remove the sender's name (if no permission given). I still use HP personal computers, since (despite their problems) they are still the most effective at running for a long time and processing a lot of data. As far as showing your hand, I find it interesting how many erstwhile serious users will nonetheless wave away any discussion of the specific problems computers have (particularly the early ones), which I can only relate to denial. In the words of Consumer Reports back in the early-mid 1980s, "These electronic items are the least reliable and most problematic things we've ever tested" (quote approximate). I never said it was impossible to use an Apple (or early IBM) for serious work of *some* kind, i.e., simple spreadsheet work. What I said and I hope it came through is this: If you were using an IBM mainframe in the period 1980-1982 or thereabouts, you would have what I call unreliable equipment, but, you would probably also have IBM person(s) on site to keep the stuff running. On the other hand, IBM PC users (outside of large corporate sites) didn't necessarily have that luxury, therefore, if they tried to do what I could easily do with HP personal computer equipment, their IBM PCs would die and have to be fixed "by the dealer", with more consequent unreliability added. How many people have you heard of who could run databases on an IBM or Apple II floppy system, entering data with fairly large files and several indexes, and searching and printing the data almost continuously? Those people who know what I'm talking about should have a good laugh on that one. From gbroiles at netbox.com Sun Dec 8 17:55:41 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Sun, 8 Dec 1996 17:55:41 -0800 (PST) Subject: PICS is not censorship Message-ID: <3.0.32.19961208175430.006c1ac0@mail.io.com> At 03:52 PM 12/8/96 -0800, Lucky Green wrote: >Let's put the question if something like PICS will be mandated aside for >the moment. Do you agree that sites that deliberately mislabel their >content, will eventually face legal action? If so, then PICS should not be >considered truly voluntary. Self-labeling is useless without regulation and punishment - there's too much incentive to treat the label like a marketing tool. My hunch is that courts will never allow compulsory labeling at the level that most people would want - my bet is that labeling re visual depictions of nudity/sex can be mandated, but that labeling re editorial/political content can't be. (I'm not saying I think a fair reading of the Constitution says that, I'm saying I think that's the compromise that judges will come up with.) And labeling that keeps kids from seeing female breasts but lets them find out about where to get abortions, or how to do their own at home*, or that lets kids see home pages about how it's OK to be gay or a nazi or a nerd or a creationist or a Republican or whatever isn't going to serve the needs of the people who want to impose a strict content-control regime on their kids, or on the net. And while my faith in the judiciary is pretty weak, I just don't think they'll go so far as to say that the Constitution allows the government to force people to put subject labels on their web pages. *(circa 1991, there was a videotape circulating in keep-abortion-legal activist circles which described and showed how to perform an early-term abortion using relatively simple technology (e.g., suction) - I can't seem to remember the medical term for the procedure, but the tape was intended, a la PGP, to make the technology available while it was still legal to discuss it. Someone must have ported this video to Quicktime by now.) Third party labeling/rating is a much superior solution because it allows the labelers to examine data with a mindset compatible with the mindset of the customer, which source-labeling, nor automated filtering, will never do. Here's to hoping that regulators/legislators won't get around to imposing a source-labeling scheme before experience is able to show them that it's neither necessary nor sufficient to reach their goals. -- Greg Broiles | US crypto export control policy in a nutshell: gbroiles at netbox.com | http://www.io.com/~gbroiles | Export jobs, not crypto. | From stewarts at ix.netcom.com Sun Dec 8 18:41:04 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Sun, 8 Dec 1996 18:41:04 -0800 (PST) Subject: Mykotronx update Message-ID: <1.5.4.32.19961209024043.005a5b30@popd.ix.netcom.com> Remember Mykotronx, makers of the Clipper Chip? Apparently, they were bought in 1995 by Rainbow Technologies, http://www.rnbo.com/, who make dongles and crypto accelerator boards. Some quotes from their web page: http://www.rnbo.com/mykoweb/geninfo.htm Headquarted in Torrance, California, Mykotronx employs approximately 110 people. The company was founded in 1979 as Myko Enterprises; it incorporated and became Mykotronx, Inc. in 1987. In 1995, Mykotronx became a part of Rainbow Technologies Inc. (NASDAQ: RNBO), a world leader for intellectual property protection. .... Anticipating higher production volumes, in October 1995, Mykotronx opened a new facility that has dramatically enhanced its capacity for testing and programming cryptographic microprocessors. The facility expands annual programming and test capability to more than 1.2 million devices, with potential expansion to 5 million units. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk # (If this is posted to cypherpunks, I'm currently lurking from fcpunx, # so please Cc: me on replies. Thanks.) From kozubik at shoelace.FirstLink.com Sun Dec 8 18:52:04 1996 From: kozubik at shoelace.FirstLink.com (John Kozubik) Date: Sun, 8 Dec 1996 18:52:04 -0800 (PST) Subject: New payment scheme for Web access In-Reply-To: <199612030247.SAA20429@mark.allyn.com> Message-ID: > walked out of the corner store with a candy bar when I was a little > boy without paying for it. When I reached the house, I discovered that > I had the candy bar in my hand and I **RAN** crying back to the store and > put it back on the shelf. Good Dog. From shamrock at netcom.com Sun Dec 8 19:30:24 1996 From: shamrock at netcom.com (Lucky Green) Date: Sun, 8 Dec 1996 19:30:24 -0800 (PST) Subject: To all IETF attendees Message-ID: <3.0.32.19961208193102.00683fd4@netcom14.netcom.com> Any Cypherpunks attending this weeks IETF meeting in San Jose are encouraged to send me some email if you want to get together. -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://ourworld.compuserve.com/homepages/justforfun/prime.htm From thad at hammerhead.com Sun Dec 8 19:31:51 1996 From: thad at hammerhead.com (Thaddeus J. Beier) Date: Sun, 8 Dec 1996 19:31:51 -0800 (PST) Subject: PICS is not censorship Message-ID: <199612090318.TAA02510@hammerhead.com> Lucky Green says: > ..Do you agree that sites that deliberately mislabel their > content, will eventually face legal action? If so, then PICS should not be > considered truly voluntary. I think that most of the PICS labels that are on web pages will be those generated by scripts from groups like RSACi. (http://www.rsac.org) These groups have contracts that require you to not lie when you fill out their questionnaires, and if you do lie, you are in breach of contract and should expect to be sued by them. These companies should create a cryptographic signature for their labels, I'm really surprised that RSACi doesn't do that yet; I don't know if other PICS labelers do. If you just make up your own PICS label, then I can't believe that you would have any problems saying whatever you want. Of course, it's likely that most of the Surfwatch type programs will have options to block all pages without a well-known label attached to it, and this will probably be the default in a couple of years. If this is the way it works out, then I'd consider this voluntary. I think that this is the way it will work out, too. thad -- Thaddeus Beier thad at hammerhead.com Visual Effects Supervisor 408) 287-6770 Hammerhead Productions http://www.got.net/people/thad From shamrock at netcom.com Sun Dec 8 20:37:17 1996 From: shamrock at netcom.com (Lucky Green) Date: Sun, 8 Dec 1996 20:37:17 -0800 (PST) Subject: PICS is not censorship Message-ID: <3.0.32.19961208203718.00692ac8@netcom14.netcom.com> A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 840 bytes Desc: not available URL: From roy at sendai.scytale.com Sun Dec 8 22:28:46 1996 From: roy at sendai.scytale.com (Roy M. Silvernail) Date: Sun, 8 Dec 1996 22:28:46 -0800 (PST) Subject: PICS is not censorship In-Reply-To: <3.0.32.19961208154000.006adf40@netcom14.netcom.com> Message-ID: <961208.231901.9L7.rnr.w165w@sendai.scytale.com> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, shamrock at netcom.com writes: > Let's put the question if something like PICS will be mandated aside for > the moment. Do you agree that sites that deliberately mislabel their > content, will eventually face legal action? If so, then PICS should not be > considered truly voluntary. A thought: The way you word your question is likely the way any regulation will be worded, to wit "mislabeling the content". I wonder what might happen to sites that deliberately label their content as offensively as possible, even though the content is actually benign. Certainly this is "mislabeling", but you want to bet whether this inversion gets prosecuted? - -- Roy M. Silvernail [ ] roy at scytale.com DNRC Minister Plenipotentiary of All Things Confusing, Software Division PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMquiAxvikii9febJAQGzHgP/RQ1aKrc/sUr6YcSI3WUxtJgEMBo7SA48 sY6MF13HcZ12yRNrawp8Dfh5WGAesjCTPiOeNhQSVLNUlShr7U1aEJYFWmFPf9qM HkMkZyEWlrMMRvOTc0AbQD3is7aQT4z0WUDwa8T+psRFc1FZYHmvtgm5Qah2FD+M L8R8GxIoGdw= =CtSM -----END PGP SIGNATURE----- From gbroiles at netbox.com Mon Dec 9 00:11:56 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Mon, 9 Dec 1996 00:11:56 -0800 (PST) Subject: PICS is not censorship Message-ID: <3.0.32.19961208235541.006c69d4@mail.io.com> At 08:37 PM 12/8/96 -0800, Lucky Green wrote: >>>> At 07:18 PM 12/8/96 -0800, Thaddeus J. Beier wrote: >I think that most of the PICS labels that are on web pages will be those >generated by scripts from groups like RSACi. (http://www.rsac.org) >These groups have contracts that require you to not lie when you fill out their >questionnaires, and if you do lie, you are in breach of contract and should expect >to be sued by them. So what is going to happen if I generate one of their tags from scratch without filling out their questionnaire? Are they going to sue me, claiming that they own an html tag? Can one own an html tag? "Owning" an html tag is oversimplifying things; but claiming that you've been rated a certain way by a certain group (if you haven't) could potentially create fraud, trademark, and (maybe) copyright problems - an easy analogy is to the "UL" and "Good Housekeeping" symbols displayed on some consumer goods. -- Greg Broiles | US crypto export control policy in a nutshell: gbroiles at netbox.com | http://www.io.com/~gbroiles | Export jobs, not crypto. | From pavelk at dator3.anet.cz Mon Dec 9 04:33:48 1996 From: pavelk at dator3.anet.cz (Pavel Korensky) Date: Mon, 9 Dec 1996 04:33:48 -0800 (PST) Subject: Protect against physical theft of the harddisk ?? Message-ID: <199612091234.NAA00444@zenith.dator3.anet.cz> Hello, I have one problem which I would like to consult with you. I need to protect the data on the computer harddisk against physical theft. Current situation: Computer with several harddisks - approx. 9 GB. On this computer, the following OS are used: Linux, DOS, Windows NT. The data on this computer must be accessible from all operating systems. Encryption of files must be transparent to user and encryption algorithm must be "strong". Because I am not able to find any disk encryption software which is able to run on all these platforms, I decided to use the following temporary solution: Add one more computer with Linux OS. On this computer, there will be only a small root partition with necessary Linux components. All other disk space will be encrypted with IDEA, using the /dev/loop. This machine will be some kind of secure file server. On the second machine, where the user works, there will be partitions with operating systems, necessary utilities and the TCP/IP stack for DOS/Windows, NT and Linux. The data and application disks will be mounted via NFS and user will work with files from file server. The computers will be interconnected with Fast Ethernet. This mini-network is NOT connected to the Internet, so the NFS (in)security should not be a problem. Also, both computers will be placed in the same room (distance approx. 3 m), so there should be no problem with tapping/data capturing on the Fast Ethernet connection. I have the following questions. Can anybody see some major security hole in this system ? How fast will be this system ? Anybody has any idea if there is some more sophisticated solution for this problem ? Anybody heard about some strong disk encryption which is able to rund under Windows NT, Linux and DOS ? It seems that the Win NT are the major problem. I am not able to find any disk encryption for NT. Anybody is able to port Secure File System to Windows NT ? I am trying to port this program under Linux, but I am not the NT system programmer. Thanx for any comments, help, ideas etc. Best regards PavelK -- **************************************************************************** * Pavel Korensky (pavelk at dator3.anet.cz) * * DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic * * PGP key fingerprint: 00 65 5A B3 70 20 F1 54 D3 B3 E4 3E F8 A3 5E 7C * **************************************************************************** From sue1968 at ix17.ix.netcom.com Mon Dec 9 06:04:41 1996 From: sue1968 at ix17.ix.netcom.com (sue1968 at ix17.ix.netcom.com) Date: Mon, 9 Dec 1996 06:04:41 -0800 (PST) Subject: A Message From Sue Message-ID: <199612090548.VAA12554@dfw-ix8.ix.netcom.com> Hi, Please excuse this intrusion into your mailbox, but I would like to tell you about something which will be of interest to you. About a year ago, I purchased two personalized children's books for my kids and they have been such an incredible hit with them that the parents of several of their friends have gone out and purchased the books for their own kids. I've also ended up buying several more as gifts. This gave me the idea of becoming a distributor for these great books. The books are all made with highly durable, hard cover bindings and have tons of full color illustrations. Your child's name and the names of their friends are woven into the story and appear on every page. They not only hear the story, they're actually a part of it and no other book has inspired my children to want to read more than these books have. Whether it's for your own child or for another child you care about, these books make the perfect gift, especially with the holiday season approaching. It's impossible for me to describe these books well enough to do them justice, so instead, I would like to invite you to visit my web site at: http://www.steppingstones.com Click here to go to the website www.steppingstones.com There you will find pictures of each of the books I offer and a more complete description. I'm so sure you'll love these books as much as I do, that I'm offering a 100% money back guarantee if you're not completely satisfied. We are currently offering a Holiday Special: For every book you order at the regular price of only $12.95 you can order another for 1/2 price!!! In order to claim this special offer, you must include Invitation # 192 on your order form. Note: All orders for Christmas must be placed by Wednesday December 18th in order to ensure on time delivery!!!!!!!!!! Thanks for taking the time to read this. If you are not interested, please pass it on to a friend who might be, or simply hit delete. Have a great day!!! Sue :-) From alan at ctrl-alt-del.com Mon Dec 9 06:14:44 1996 From: alan at ctrl-alt-del.com (Alan Olsen) Date: Mon, 9 Dec 1996 06:14:44 -0800 (PST) Subject: Please post Eudora PGP plugin URL Message-ID: <3.0.1.32.19961209061226.0127c62c@mail.teleport.com> At 03:52 PM 12/8/96 -0800, Lucky Green wrote: >>If you want to be automatically notified of new versions, send e-mail to >>gt6525c at prism.gatech.edu with the subject of "eppi news", and the following >>message body: > >Just FYI, while the plugin is still available, email to this address has >been bouncing for weeks. It is therefore impossible to submit bug reports >or subscribe to the EPPI mailing list. If somebody on this list knows the >current address of the EPPI author, please post it. The current address of the author of the Eudora plug-in is Damon Gallaty . I have been coorisponding with him on a couple of odd problems with the software. (Implemenation issues more than bugs.) He has been very responsive. (In fact, I need to send him another bug report tonight about failing to deal with line wrap in signatures.) So far the set of plug-ins have been very useful. I have been pretty happy with it so far. (It does have the problem of not word wrapping before applying the PGP sig and defaulting to the last key if you do not set one in config.txt.) All in all, worth the download. --- | "Spam is the Devil's toothpaste!" - stuart at teleport.com | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.ctrl-alt-del.com/~alan/ |alan at ctrl-alt-del.com| From raph at CS.Berkeley.EDU Mon Dec 9 06:52:57 1996 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 9 Dec 1996 06:52:57 -0800 (PST) Subject: List of reliable remailers Message-ID: <199612091450.GAA07475@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail. For more information, see: http://www.c2.org/~raph/premail.html For the PGP public keys of the remailers, finger pgpkeys at kiwi.cs.berkeley.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"extropia"} = " cpunk pgp special"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord ?"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{'alpha'} = ' alpha pgp'; $remailer{'nymrod'} = ' alpha pgp'; $remailer{"lead"} = " cpunk mix pgp hash latent cut ek"; $remailer{"exon"} = " cpunk pgp hash latent cut ek"; $remailer{"haystack"} = " cpunk mix pgp hash latent cut ek"; $remailer{"lucifer"} = " cpunk mix pgp hash latent cut ek"; $remailer{"jam"} = " cpunk mix pgp hash latent cut ek"; $remailer{"winsock"} = " cpunk pgp pgponly hash cut ksub reord"; $remailer{'nym'} = ' newnym pgp'; $remailer{"balls"} = " cpunk pgp hash latent cut ek"; $remailer{"squirrel"} = " cpunk mix pgp pgponly hash latent cut ek"; $remailer{"middle"} = " cpunk mix pgp hash middle latent cut ek reord ?"; $remailer{'cyber'} = ' alpha pgp'; $remailer{"dustbin"} = " cpunk pgp hash latent cut ek mix reord middle ?"; $remailer{'weasel'} = ' newnym pgp'; $remailer{"death"} = " cpunk pgp hash latent post"; $remailer{"reno"} = " cpunk mix pgp hash middle latent cut ek reord ?"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. remailer at crynwr.com is _not_ a remailer. There is no remailer at relay.com. Groups of remailers sharing a machine or operator: (cyber mix) (weasel squirrel) The alpha and nymrod nymservers are down due to abuse. However, you can use the nym or weasel (newnym style) nymservers. The cyber nymserver is quite reliable for outgoing mail (which is what's measured here), but is exhibiting serious reliability problems for incoming mail. The squirrel and winsock remailers accept PGP encrypted mail only. 403 Permission denied errors have been caused by a flaky disk on the Berkeley WWW server. This seems to be fixed now. The penet remailer is closed. Last update: Mon 9 Dec 96 6:45:04 PST remailer email address history latency uptime ----------------------------------------------------------------------- cyber alias at alias.cyberpass.net +***+**+*+** 32:58 99.98% jam remailer at cypherpunks.ca ************ 14:36 99.97% nym config at nym.alias.net ####***#*### :48 99.97% lucifer lucifer at dhp.com ++++++++++++ 38:32 99.96% lead mix at zifi.genetics.utah.edu +++*+++-++-+ 1:00:18 99.93% middle middleman at jpunix.com -.---------- 4:01:26 99.93% reno middleman at cyberpass.net -.--------- 3:15:16 99.74% squirrel mix at squirrel.owl.de --+++-+++++ 1:40:17 99.68% dustbin dustman at athensnet.com __.-+++-++++ 7:14:49 99.66% weasel config at weasel.owl.de --+++-+++-+ 1:39:24 99.50% haystack haystack at holy.cow.net #** **#*#**+ 4:58 99.42% replay remailer at replay.com +**** *-- -* 1:22:47 99.41% exon remailer at remailer.nl.com #*#***#+#### 6:25 99.29% extropia remail at miron.vip.best.com -- -- .. -- 9:05:48 94.66% winsock winsock at rigel.cyberpass.net - - ----- 3:43:35 93.66% balls remailer at huge.cajones.com #**** 1:37:33 74.17% mix mixmaster at remail.obscura.com ._.--++-. 8:37:03 71.73% History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From firstpr at ozemail.com.au Mon Dec 9 07:42:09 1996 From: firstpr at ozemail.com.au (Robin Whittle) Date: Mon, 9 Dec 1996 07:42:09 -0800 (PST) Subject: OECD crypto policy draft guidelines Message-ID: <199612091541.CAA14288@oznet02.ozemail.com.au> There is an ad-hoc group of government representatives (called an "expert group" actually) working on an OECD set of cryptography policy guidelines. They have a big five day meeting coming up starting 12 December in Paris. A September draft of their guidelines was leaked and put on a WWW site in Austria: http://www.quintessenz.at/Netzteil/OECD/index.html as a Word 6 file. I got it, turned it into HTML and put it on my site with comments. http://www.ozemail.com.au/~firstpr Recently, someone from the OECD crypto secretariat emailed me indicating they had read my comments and found them reasonably constructive. I have since added more comments, which I emailed to the secretariate person. If anyone has something constructive to convey to them, email me and I will put you in touch with them. I understand there will be an article on the debate in the next weekly edition of The European newspaper. The people at Quintessenz apparently have a later draft which they are scanning and will put up on their site ASAP. - Robin . Robin Whittle . . http://www.ozemail.com.au/~firstpr firstpr at ozemail.com.au . . 11 Miller St. Heidelberg Heights 3081 Melbourne Australia . . Ph +61-3-9459-2889 Fax +61-3-9458-1736 . . Consumer advocacy in telecommunications, especially privacy . . . . First Principles - Research and expression - music, . . music industry, telecommunications . . human factors in technology adoption. . . . Real World Interfaces - Hardware and software, especially . . for music . From samiam at coqui.net Mon Dec 9 07:51:51 1996 From: samiam at coqui.net (Rosario Family) Date: Mon, 9 Dec 1996 07:51:51 -0800 (PST) Subject: [Fwd: take me off the list] Message-ID: <32ABFCA0.B53@coqui.net> me too samiam at coqui.net To: cypherpunks at toad.com Subject: take me off the list From: Bryondp at aol.com Date: Sun, 8 Dec 1996 19:47:48 -0500 Sender: owner-cypherpunks at toad.com take me off the list From declan at well.com Mon Dec 9 09:15:59 1996 From: declan at well.com (Declan McCullagh) Date: Mon, 9 Dec 1996 09:15:59 -0800 (PST) Subject: Malaysian Netropolis and Net-regs, from The Netly News Message-ID: ---------- Forwarded message ---------- Date: Mon, 9 Dec 1996 09:15:12 -0800 (PST) From: Declan McCullagh To: fight-censorship at vorlon.mit.edu Subject: Malaysian Netropolis and Net-regs, from The Netly News The Netly News December 9, 1996 http://netlynews.com/ The Malaysian Solution By Declan McCullagh (declan at well.com) My first thought when I arrived in Kuala Lumpur was that it was dirty, at least compared to whisper-clean Singapore, where I had just been. Yet the city was fully alive -- not just with hawker stalls but with a newfound sense of optimism. That's because Malaysia, long a sleepy jungle backwater, is carefully preparing an area just south of the capital to be the Asian technology center, a no-taxes-here free trade zone, the place to be for all things cyber. It will be patterned after Penang, an island off Malaysia's northwest coast that's home to one of the largest collections of chip manufacturers in the world. The way Prime Minister Mahathir Mohamad describes it, fiber will line the streets of the $8 billion "Multimedia Super Corridor" and dollars will flow into the coffers of Western businesses that settle here. Malaysia is busy crafting a Netropolis. Dr. Tommi Chen, the CEO of asiapac.net, explains the government's plan to me over satay and bowls of chee cheong fun. We're waiting out the monsoon rain in one of the countless Malay-Chinese eateries in Petaling Jaya, a town about 15 miles from the capital, Kuala Lumpur. "This region is exploding," he says. "Everyone is competing to be the information-technology hub. The government is trying to attract the best to create another Silicon Valley." Sun Microsystems, Ernst & Young and Microsoft have already announced plans to shift Asian operations to this tropical city. That influx will doubtless be hastened in February when intellectual property and digital signature laws are set to be introduced. To attract firms, the government is unabashedly pro-business. "I think Malaysia will leapfrog other countries in the region as a business center," Chen says. "The prime minister and the deputy prime minister championed the Internet themselves." Yet just like everywhere else that embraces rapid datafication, a Net connection brings with it overseas ideas and values that alarm authorities in this strict Islamic state, which still refuses to sign the International Declaration of Human Rights and has a police force that can indefinitely detain individuals deemed a threat to national security. In a country where chaste kisses -- a tepid buss on the cheek! -- are chopped out of television broadcasts, what's a poor government censor to do when images from alt.binaries.pictures.erotica.pornstar flow through Malaysian cyberspace? The answer may lie in the history books. North of Singapore, south of Thailand, straddling the South China Sea, Malaysia was settled by the British in 1795. The country won its independence in 1957, but an internal Communist uprising quickly destablized the young government. Then, on May 13, 1969, members of a Chinese political party took to the streets of Kuala Lumpur to celebrate a strong showing in a parliamentary election. Malay-Chinese riots flared for four days and hundreds died. The government responded by taking extreme measures to reduce ethnic friction, echoes of which exist today in draconian laws punishing people (such as newspaper editors) who "incite" racial tension. In this atmosphere, Prime Minister Mahathir prospered. Once a critic of autocratic government, he dismantled the formerly independent judiciary after a court threatened his grip on power in 1987. His other censor-happy feats include once banning the Wall Street Journal and the Far East Economic Review. No viable opposition party exists. Lim Guan Eng, an opposition leader, is being tried for sedition. Local newspapers are uniformly pro-government. Issues of Western magazines with articles critical of Mahathir somehow never make it to newsstands. Malaysian netizens have a ready answer for these criticisms of their country. To them, Malaysia may not be ready for the kind of freedoms the West enjoys. "Most Asians see Westerners as being too liberal with too many things," a Chinese manager at a technology firm told me. The country's perception of liberty, I begin to understand, is seen through the lens of communist threats and the May 13 racial riots. With freedom, perhaps, comes instability, uncertainty... chaos. That's why Mahathir is faced with an exquisitely delicate balancing act: providing enough freedom to attract Western companies and American-educated workers accustomed to it, while meeting the demands of powerful Islamic fundamentalists who would put Senator Exon to shame. "The pornography laws exist. They will just extend these laws to the Net," says Chen. The rain has slowed to a light patter. We're almost ready to return to his office, across the street, where a score of 20-somethings work late into the night. He concludes: "Malaysia is Muslim. They have to do it -- they have no choice. They know there is no foolproof control, but they have to do it anyway." My next visit is to the office of Dr. Mohamed Awang Lah, the head of Jaring, the only other licensed and government-approved Internet provider in Malaysia. Like asiapac.net, Jaring is owned by the state. (Three illicit providers, however, apparently exist.) "We block about a hundred web sites, otherwise people complain," Awang Lah tells me. This, then, is the balancing act: "If we are too open, people complain. If we are too closed, people complain." This is an epiphany for me: the Notorious 100, presumably the same web sites blocked by the government of Singapore! It's a token gesture, not too much, not too little. In a lot of ways, it's a far better solution than the U.S. Congress's ham-handed Communications Decency Act, now on the Supreme Court's calendar. "The government will not regulate the Internet," Awang Lah says. "The only part we don't like, that is not acceptable to the culture, to the religion, is pornography... There are also some restrictions on religious content. But there is no intention to regulate the free flow of discussion." (Except for anti-Islam or anti-Mahathir criticisms, I'd wager.) Still, Malaysia seems to follow a pattern of strict laws and lax enforcement. Sure, sexually explicit materials may be banned by law. But just a block from my hotel in downtown Kuala Lumpur, I was able to buy three porn videos -- two American, one Japanese -- for 50 ringgit, or U.S. $7 each, from a sidewalk vendor. Perhaps there's some hope for the Net after all. ### From Ryan.Russell at sybase.com Mon Dec 9 09:42:33 1996 From: Ryan.Russell at sybase.com (Ryan Russell/SYBASE) Date: Mon, 9 Dec 1996 09:42:33 -0800 (PST) Subject: The Science Generations Message-ID: <9612091741.AA08891@notesgw2.sybase.com> If I may offer another opinion... I ran a BBS for about three years straight off of floppies on an Apple ][+, without any hardware failures or disk problems. Ryan ---------- Previous Message ---------- To: frantz cc: cypherpunks From: dthorn @ gte.net (Dale Thorn) @ smtp Date: 12/06/96 07:48:16 PM Subject: Re: The Science Generations Bill Frantz wrote: > At 1:12 AM 12/6/96 -0800, Dale Thorn wrote: > >I would guess that those who became and remained successful technically > >(as opposed to becoming "business people") were using HP computers and > >such in the 1970s. I for one was a heavy user then, and PETs, Apples, > >Radio Shack, etc. computers weren't reliable enough for serious work. > I guess those people using VisiCalc on the Apple ][ weren't doing serious > work :-). (Also the many small businesses using these early machines for > AR, Accounting etc.) Me, I was doing OS programming on IBM 370s. Let's talk about some real data processing. dBase II on CP/M computers (or certain proprietary hardware with adaptor cards), circa 1980-1982, would be a good example. If you had the right stuff, say, an HP-120 or HP-125, or even an 80 series with the adaptor, and HP floppy drives, you could process all day long for (years?) with scarcely a hitch. You try to put something like that on an Apple II with Apple floppies (using whatever software was available), and you couldn't do the job. The machine and/or drives would quit in a few days, if not the first day, and might even erase your diskettes in the process (a common occurrence in those days). In early 1985, just for fun, I had an HP-71 pocket computer hooked up to a LaserJet printer and a couple of HP portable floppies, and printed my store's databases on it. Multiple indexes, thousands of records, each index printed complete every day in separate copies for each salesman. I wouldn't dream of trying that with an IBM or Apple floppy system. Hard disks? I *never* heard of an HP microcomputer hard disk crash in those days, short of dropping the computer onto the floor while writing a file. We used to pull the wall plugs on our HP's while writing to a file, with no bad effect. Try that on an IBM or Apple circa <= 1985. Computer hardware? One thing I enjoyed doing for customers was pulling a RAM card out of an HP-86 while it was running a program, then forcing the card back into the slot. Usually pulling the card had no effect, then, putting it back in would generally reset the program. Surge protectors? Never sold one. Not needed with HP's then. An Apple II (like the other toy computers from 1975 to 1982) was a hobbyist computer, which required frequent cleaning and scrubbing internally to keep it running. A pencil eraser was a common tool... And let's not forget Apple and IBM attitudes: When I had HP's, if I ever needed service, HP did it themselves, professionally (using static mats etc.) and promptly. You wouldn't find Apple or IBM offering to repair their own microcomputers in those days (or ever). For good reason! Cost of service? HP's contracts were usually 3% to 5% of the item cost per year, compared to the "industry standard" of 15%. Not a bad deal. From ark at paranoid.convey.ru Mon Dec 9 09:52:41 1996 From: ark at paranoid.convey.ru (ArkanoiD) Date: Mon, 9 Dec 1996 09:52:41 -0800 (PST) Subject: The Science Generations In-Reply-To: <199612080338.UAA24072@infowest.com> Message-ID: <199612091750.UAA25235@paranoid.convey.ru> nuqneH, > > I still have the Gigi, the special color monitor, and the > source code tape from U of Toronto via DEC --compiled it on V6 > UNIX if I remember, then Berkeley 3.9 for the 11/44 I had just > acquired which was obsoleted by a pair of Vaxen in about a year. > Oh really? I thought BSD 2.x was the last for pdp-11. Can i get a copy of 3.9 from you? > 800/1600 is still racked with a minivax with Ultrix V7. anyone > still wish to play with that old dinosaur? > Great thing! -- _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! From jya at pipeline.com Mon Dec 9 10:26:48 1996 From: jya at pipeline.com (John Young) Date: Mon, 9 Dec 1996 10:26:48 -0800 (PST) Subject: Baran on Net Security Message-ID: <1.5.4.32.19961209182328.00679df8@pop.pipeline.com> RAND has put on it Web site eleven "classics" on distributed communications, most of them by Paul Baran. They offer good background to current debate on secrecy, security and cryptography. Here are the contents of No. 9 on security. http://www.rand.org/publications/RM/RM3765/ Memorandum RM-3765-PR August 1964 On Distributed Communications: IX Security, Secrecy, and Tamper-Free Considerations Paul Baran Contents, Preface, Summary, Foreword I. Introduction II. The Paradox of the Secrecy About Secrecy The Assumption of a Clear Dichotomy Between Classified and Unclassified Subject Matter Cost and Result of Present-Day Cryptographic Equipment On Secrecy of Secrecy III. Some Fundamentals of Cryptography Digital Transmission Layers of Encryption IV. Implications for the Distributed Network System Link-by-Link Cryptography in the Distributed Network End-to-End Cryptography in the Distributed Network Genealogy of the Keys Generation and Distribution of Keys Protection Offered by Semi-Random Path Choice V. A "Devil's Advocate" Examination Appendix Use of a Function of N-Boolean Variables as a Second-Order Modifier for "Next-Key" Generation From vznuri at netcom.com Mon Dec 9 11:33:28 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Mon, 9 Dec 1996 11:33:28 -0800 (PST) Subject: Mykotronx update In-Reply-To: <1.5.4.32.19961209024043.005a5b30@popd.ix.netcom.com> Message-ID: <199612091933.LAA19520@netcom15.netcom.com> >http://www.rnbo.com/mykoweb/geninfo.htm > Headquarted in Torrance, California, Mykotronx employs approximately > 110 people. The company was founded in 1979 as Myko Enterprises; > it incorporated and became Mykotronx, Inc. in 1987. > In 1995, Mykotronx became a part of Rainbow Technologies Inc. > (NASDAQ: RNBO), a world leader for intellectual property protection. >.... > Anticipating higher production volumes, in October 1995, > Mykotronx opened a new facility that has dramatically enhanced its > capacity for testing and programming cryptographic microprocessors. > The facility expands annual programming and test capability to more > than 1.2 million devices, with potential expansion to 5 million >units. > the obvious question is: does mykotronx currently have some kind of crypto product that is selling that well? if not, then what the @#$%^&* do they have up their sleeve? is this part of the clipper fallout? or is it a new plan? encyphering minds want to know.. From jya at pipeline.com Mon Dec 9 11:36:23 1996 From: jya at pipeline.com (John Young) Date: Mon, 9 Dec 1996 11:36:23 -0800 (PST) Subject: The Advent of Netwar Message-ID: <1.5.4.32.19961209193256.006865f8@pop.pipeline.com> A RAND publication relates to the administration's focus on borderless crime and/or dissent as national security threats: The Advent of Netwar. J. Arquilla, D.F. Ronfeldt 118 pp, 1996. $15.00 ISBN: 0833024140 Key concepts: Cybernetics -- Military aspects; Electronic intelligence; Military art and science -- Technological innovations; Communications, Military -- Technological aspects; Electronic countermeasures Abstract: The information revolution is leading to the rise of network forms of organization, with unusual implications for how societies are organized and conflicts are conducted. "Netwar" is an emerging consequence. The term refers to societal conflict and crime, short of war, in which the protagonists are organized more as sprawling "leaderless" networks than as tight-knit hierarchies. Many terrorists, criminals, fundamentalists, and ethno-nationalists are developing netwar capabilities. A new generation of revolutionaries and militant radicals is also emerging, with new doctrines, strategies, and technologies that support their reliance on network forms of organization. Netwar may be the dominant mode of societal conflict in the 21st century. These conclusions are implied by the evolution of societies, according to a framework presented in this RAND study. The emergence of netwar raises the need to rethink strategy and doctrine to conduct counternetwar. Traditional notions of war and low-intensity conflict as a sequential process based on massing, maneuvering, and fighting will likely prove inadequate to cope with nonlinear, swarm-like, information-age conflicts in which societal and military elements are closely intermingled. ----- There is a summary of this document and ordering info at: http://www.rand.org/publications/MR/MR789.html From jya at pipeline.com Mon Dec 9 11:42:18 1996 From: jya at pipeline.com (John Young) Date: Mon, 9 Dec 1996 11:42:18 -0800 (PST) Subject: Chaum to Step Aside Message-ID: <1.5.4.32.19961209193858.00688674@pop.pipeline.com> http://www.msnbc.com/news/45558.asp According to knowledgeable sources, Digicash b.v., the Dutch-based privately held Internet payment company that was founded and is chaired by Chaum, is in the market for a new top executive. The 6-year-old company plans to make Chaum, the ponytailed inventor of Digicash's innovative payment system, chief technology officer and to hire a new CEO to run the company. From nobody at zifi.genetics.utah.edu Mon Dec 9 12:00:43 1996 From: nobody at zifi.genetics.utah.edu (Anonymous) Date: Mon, 9 Dec 1996 12:00:43 -0800 (PST) Subject: [ADMINISTRATIVIUM] One-time pads Message-ID: <199612092000.NAA02778@zifi.genetics.utah.edu> Many forgeries are traceable with mathematical certainty to feebleminded Timmy C[ocksucker] Mayflower's poison keyboard. /\ /..\ Timmy C[ocksucker] Mayflower /_\/_\ From jf_avon at citenet.net Mon Dec 9 12:06:21 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Mon, 9 Dec 1996 12:06:21 -0800 (PST) Subject: What OS/2 software? Message-ID: <9612092004.AA21831@cti02.citenet.net> -----BEGIN PGP SIGNED MESSAGE----- Hi! I am off from the list nowadays so please reply directly. Can anybody point me to the most accepted crypto softwares running under OS/2? I already have PGP 2.6.3i Here is my shopping list: - - file encryption utility other than PGP, *if advisable* - - GUI shell (Aegis Shell style, if possible) - - hard drive on-the-fly encryption (I used CryptDisk in DOS) - - swap deleter - - file wiper - - any other program that would take care of a security issue the I still ignore about OS/2 (I'm absolutely new to it) - - any must-read OS/2 specific security-related document(s) I am looking for software that has been peer-reviewed and that is widely accepted among Cypher/Coder Punks. As a result of thoses replies, I will create a web page dedicated to OS/2 security applications. Regards jfa - -- Jean-Francois Avon, Pierrefonds(Montreal) QC Canada DePompadour, Societe d'Importation Ltee: Fine Limoges porcelain and Crystal JFA Technologies: R&D Physicists, Eng, Techies, LabView stuff, etc PGP encryption keys at: http://w3.citenet.net/users/jf_avon and: http://bs.mit.edu:8001/pks-toplev.html ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 ID# 5B51964D : 152ACCBCD4A481B0 254011193237822C -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQEVAgUBMqv/bciycyXFit0NAQFqcAgAh2e3qveaBXyAhAwm4P35cM8Ho6PnW2i8 pfqpHOzKtYyoACgWT40Q/L9Rv7Zq2S7YTY07+Ges56nwczKQdCFigH8PTUas5TOJ WC+sddxZCWT57XxEA2NGW/DBH90lrRJ+0Yq2e42So1KzQ/5RWcpZPIL60fEusrc0 I1E+qCcGkxFtm/1ISwIHwtpx3E7u4l8jMZy71dX+/Wp1LfSinbudjkTWYkCYTifW XL5q/wHTQ3/+UetoczQL7k6o1teOBJA1NIjZ5BRlvDfAYwhz1W1f8IbV8l/2tP0q r3sNaDN0hBdMzvz4tWXdMYObkr5tE7XSl5EJLUkRb3O15+8UK4XB6g== =lzne -----END PGP SIGNATURE----- From foodie at netcom.com Mon Dec 9 12:39:16 1996 From: foodie at netcom.com (Bryna Bank/Jamie Lawrence) Date: Mon, 9 Dec 1996 12:39:16 -0800 (PST) Subject: Secure Erase for PCs? Message-ID: <199612092039.MAA09769@netcom.netcom.com> Hi all - I know this has been discussed multiple times, but archive searching has turned up nothing. What freely available tools are there for securely erasing a disk under DOS and Windows? Ideally I'd like a tool for each, but pointers to either are much appreciated. Thanks, -j From mjmiski at execpc.com Mon Dec 9 14:18:07 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Mon, 9 Dec 1996 14:18:07 -0800 (PST) Subject: Message-ID: <3.0.32.19961205133306.006952e4@execpc.com> At 03:14 PM 12/4/96 EST, Bovine Remailer wrote: >At 11:26 AM 12/4/1996, Matthew J. Miszewski wrote: [snippo] >If I earned my very own money honestly and I choose to lend it only to >Albanians, you believe that this would be inefficient and, therefore, >forbidden. Actually I didnt say anything about private lending. But as this thread goes on you seem to assume much. >In other words, you do not believe that I should be able >to lend money to anybody I please. You can call it "equal access to >capital" or "denial of opportunity", but the clearest and simplest >description is that you believe I should not be able to lend my money >to whomever I please. Instead of pretending otherwise, just say "I >believe you should not be able to lend your own money which you earned >honestly to anybody you please. I believe you should be allowed only >to lend money in these circumstances..." I dont assume that anyone (or any corporation) has earned their money honestly. Quite often that is not the case. I have said a few times already that I *do* believe in limited regulation. And apparently you believe that ad hominem is cool. >Of course, non-discrimination is a vague term. Actually it is not. I am an employment law attroney. I know the definition. I know also what I need to do to prove it. I also know that many times the definition (legal) fails to meet the reality of the situation. But as I said before, we do not live in a perfect society. >Let's say I lend money >only to people I know. I only know Albanians. Am I therefore a >racist in my lending practices? That is unclear. See above. > >Am I racist in my choice of friends? Perhaps we should make that >illegal. > Perhaps we should argue irrelevant things. >>I have never suggested that provably bad credit risks should be given money. > >What is irksome is that you are talking about Other People's Money and >not your own. The perspective tends to change when it's your own >savings on the line. > Actually, in my case, it absolutely does not. But as I said above, you appear to continually assume things. My perspective doesnt change, maybe yours does. >>It does if my argument is that this part of the system *is* just. I >>realize you disagree, but I am sure you are not dismissing my argument >>out-of-hand. If you disagree, as you say, then disagree. > >Actually, I have trouble following your argument. Please forgive me >for my limited intelligence. You were forgiven long ago ;-) [snipped] >>I agree. I am not arguing that we need to withdraw Title VII. Aparently >>you are? > >I do not know what is in Title VII. Perhaps it would be better to ask >me about particular policies. > It is all becoming clear to me now. Perhaps you should understand what laws you are rallying against before you attempt to defeat them. I have no need to ask *you* about policies. Considering you have recently popped up, you have not even a small collection of reputation built up. [snip] >In fact, I am open to the possibility that poor people really are >disenfranchised. No you are not. You show your stripes below. >But, if I am to believe that I must hear an >explanation that makes sense to me. If poor people are poor because >absolutely nobody will do business with them for completely irrational >reasons, that seems extremely unlikely. Even if most rich people are >able to control their greed just to punish poor people of the wrong >race, which is already hard to believe, you actually have to claim >that they are all this way. > Actually, I dont. Not all rich people utilize their wealth. Dont believe it? Ask Bill Gates and the latest Slate. >Just like anybody else does. You watch every penny. You don't eat >meat. When you buy food, you buy inexpensive healthy food like >lentils instead of expensive unhealthy food like Coca-Cola and potato >chips. You do not go to McDonald's. You walk when you can instead of >taking the bus or you ride a (used) bicycle. You don't smoke >cigarettes. You do not buy alcohol. You do not buy other >recreational drugs. You buy your clothing used. You economize on >your living arrangements, perhaps by having a large number of >roomates. (Note that this is illegal in most cities. That is a form >of disenfranchisment.) You do not make long distance calls. If you >can, you share a phone with other people. etc. etc. etc. > >If you know poor people, you will know that few of them do these >things. My vocation is intimately involved with poor people. I have been there myself. I do not defend my beliefs on those grounds. If I did I could easily just state the opposite. But hey, Ill bet you arent racist either 'cause you have Black friends. The poor people that I help are nothing like the media productions you believe in. I realized after reading this last paragraph what kind of person I am dealing with. Poor people, in your eyes, remain poor because they apparently have no will of their own to get out. If you *actually* understood utter poverty you would also understand the idiocy of the statement. Many of personal friends have 'escaped from the killing fields' and have opened my eyes to the reality of the situation. I will no longer try to open yours. You are not interested in learning anything. >Also, you work hard to increase your earnings. You show up at work on >time every time. You develop a good work ethic. You wear clean >professional clothing at work. You treat your employer and coworkers >with respect. etc. etc. etc. That's right. I forgot. Poor people dont come to work on time. They dont develop a work ethic. They wear dirty clothes. And they are disrespectful. And when they dont do these things they are not passed up for promotion, never meet a glass ceiling and are never discriminated against. Now I get it. What was I thinking? >Read "Your Money or Your Life" by Joe Dominguez and Vicki Robin. It >outlines a workable program that all poor people - and quite a few >others - will be able to use to their benefit. I live in reality not theory. >If you are going through prospective leads and the number of qualified >people is, say, 10 in 1000, you will make a lot more money than going >through a pool of leads that only has 1 qualified person per 1000. Redlining occurs when people from these neighborhoods *go to the bank*. Banks do not target these people. When approached by them, the banks look at the lines and decide. They are not weighing whether to do business there. They simply dont. >But why isn't that good news? If it's really market inefficiency, why >not exploit it? > Because I personally carry to high a debt burden to qualify for the loan. I also suffer from doing something with my life that I both enjoy and feel makes a difference. I advocate for others that would like opportunity. >>I am glad that you admit that racism is irrational. > >A lot of human activity is irrational. > >In the case of racism, it is difficult to even define what it is for >the purpose of writing a law under which people are to be prosecuted. >This undermines the rule of law in the United States and opens the way >to abuse and political corruption. Probably that was the idea. Yep, that was it. We all got together in 1964 to try to find a way that we could increase political corruption. Read the law. >But, even if it were possible to define precisely what racism is, I >would still believe it should be legal. There is no accounting for >taste and it is wrong to dictate it to other people when they are >causing no harm to others. Try defining harm. Try defining taste. People like you have argued that slavery caused no harm. Disallowing women to vote caused no harm. And of course that discrimination in the workplace causes no harm. You may believe that in all of these cases the legislature should not have acted. This just makes me glad that you are clearly in a minority, unable to withstand the wheels of change. You and Tim could start your own country. >>That is the core as to why the problem doesnt go away. It is an >>infinite loop. Current interests wont go there. > >Not one? Absolutely no one? That's pretty hard to believe. Irrationality is always hard to believe. >>Generally, people who understand the problem are without access to >>capital. They would like to go there. They cant get capital. When >>they approach current interests, they wont go there. > >Maybe there's something funny about the deal. That's it. All those lawyers involved with putting together deals (something they succesfully do for a living) put together a funny deal. That's it. It's a conspiracy. Be careful everyone, the poor people are planning something. Run, run. >>There are a few examples of people who actually realize this as a >>problem/opportunity. Oddly enough, this point reinforces mine. >>Redlining did exist. Bank of America realized it and made a lot of >>money. But it still exists elsewhere. Why dont business plans >>around the country spring up on venture capitalists desks with an >>approved stamp on them? > >More to the point, why isn't Matthew J. Miszewski drooling in >anticipation of all the money he is going to make by recognizing this >glorious opportunity? Giannini made a tremendous amount of money. Just because a market exists that is far from stating that barriers to entry arent enormous and that a market segment is sufficient to make 'tremendous amounts of money'. Money is also far from my prime motivator. This will be hard for you to understand, but apparently you have no interest in expanding your horizons. >Hmmm? Maybe it was lousy investment in spite of a good ROI number. >Nobody? Not one person was willing to buy in? Hardly an endorsement. What are you talking about? Good ROI, good investment. How do you define 'lousy investment'? Maybe you work for a bank? What do you do? Oh yeah, you are Red Rackham. >>Compare this now to people whom banks would generally consider a good risk. >>College Graduates. Generally, these folks live outside of the red line. >>Good risks right? What about those nasty student loan default rates? The >>red lines dont make business sense. > >I'm hearing that cash register ringing. Go for it! > Whenever a good point is made, you go to that nifty "ring, ring" crap. Do you deny that the default rate on student loans is outrageous. Do you deny that these people generally live out of the redlines? >That's easy. Once a month get ten families together to go to the >nearest warehouse store in the suburbs and stock up on provisions. Have you carried that much home on a bus lately? I mean, you were poor, no? Or do we all forget little things like that? >Or, one poor family could buy a bunch of stuff every month and sell it >out of their house and save everybody the trip. Making the original capital in their basement of course. How many microloan programs do you know of Red? >Discussions regarding "the cycle of poverty" are usually little more >than litanies of excuses. I keep forgetting that poor people want to remain poor. When will I learn. They use up all their energy thinking up excuses. Oil Company execs never treat blacks differently. Glass ceilings dont exist. Hey if I keep saying it maybe I will learn. >>Again, business plans have been presented to no avail. Even private >>foundation subsidized events were tried. To no avail. > >Gee, you would almost think there was something wrong with the >investment. See above. >I challenge you to put your own money into this venture. You don't >even have to quit your job to get into the microlending business until >you've built it up to the point where it can support you. This sounds like advice from someone who has never tried. Not you, red. >>I once believed much like you. I saw an "opportunity" the existance of >>which I could not explain. It seemed irrational. And it was. > >What I don't understand is why you are not excited by this >opportunity. You claim there is this gaping hole in the banking >business. If that is true, whoever exploits it is going to be >unbelievably rich in addition to being a great human being. See above. >My point is not that there is a great opportunity so "somebody >somewhere" will solve the racism problem. My point is that you >yourself do not believe there is a great opportunity if it involves >money you really care about, i.e. your own. Actually, my largest investment is in a minority owned business. Funny thing. My money. How odd. >>Racism is irrational. As you seem aware (BTW, I applaud you on what >>seems to be an honest degree of care)... > >Don't get your hopes up. I've been poor and I've known many poor >people. The unpleasant truth is that there are usually reasons why >people are poor. I keep forgeting. What was it stupid, lazy, smelly, discourteous? I have to watch the news more closely. >You are claiming that there are ZERO investors who will invest in this >great opportunity because they are racists. Contrary to popular >belief, most African-Americans are not poor or even gang members. Where the hell did this come from? I *never* asserted it. Red must be watching too much TV. >There are large numbers of middle class African-Americans and a >smaller number of quite successful African-American businesspeople. > I know some of them. They work very hard. Funny thing is, Red, they sound nothing like you. Go read your book. >If you are claiming that even African-American investors are >irrationally racist about lending to poor people, you should be >forewarned that I and many other people are going to find that a >little hard to believe. Racism is a dynamic of Power Red. There are, unfortunately, successful Blacks that do not help out the neighborhoods they came from. They do not credit Affirmative Action for its help. Consider me 'forewarned'. >>>Banks have practiced discrimination, and not just against black >>>people. They have been able to get away with it. How? Because the >>>government has protected the banking guild from competition. I never mentioned that blacks were the only poor in this country. That was one of Red's assumptions. Much like the ones about poor people being lazy, dirty, blah, blah. >>We agree. But I feel that a legal elimination of redlining would decrease >>costs to the industry. > >Wrong. Redlining is devilishly difficult to define. What's so difficult. God, I hope you arent an attorney. >That hurts a >small bank more than any other because they have to figure out how to >comply with the law and defend themselves against the regulators >instead of just borrowing and lending money. It raises the costs of >banking. That means it is harder for people to borrow and lend money. >And that, if you care about efficiency, is inefficient. > It costs money *to practice* redlining. Not to eliminate the practice. If decisions are based on merit alone, where do costs increase. Redlining adds a layer of investigation to a loan analysis. Eliminating it eliminates one. >>If they never did we would still have slavery and only white, adult, male, >>land-owners would vote. While success is rare, it has prevailed when the >>cause is just. > >I hate to admit it, but you do have a point here. > And yet you assert that the government should not tell you what to do. Make up your mind Red. >However, the way privacy will be permanently eroded is through laws >called "The Privacy Protection Act" which have clauses allowing the >government to do whatever it wants. It is disconcerting to have the >government dictating what information you may or may not keep on your >computer or who you may give it to. While this is totally of the point of the post, at least we can agree on something. > >Red Rackham [Excuse the tone of the post. Dealing daily with some of the effects of racism, one gets sick of the same arguments and assumptions made by most. I thought you were interested in differing points of view, but the tone of your post suggested otherwise.] From dlv at bwalk.dm.com Mon Dec 9 14:29:34 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 9 Dec 1996 14:29:34 -0800 (PST) Subject: cypher-PUNKS... In-Reply-To: <199612081821.MAA12262@cdale3.midwest.net> Message-ID: <9mwoyD80w165w@bwalk.dm.com> "David E. Smith" writes: > > Timmy posted a series of message via anonymous remailers > > praising himself and calling himself "a genius among geniuses" or some > > such. > > That charge is every bit as foundless as the charges that you are > responsible for the "A Daily Warning Regarding Tim May" posts > of a while back, or the current round of remailed messages featuring > the sickeningly cutesy ASCII graphics at the bottom. Tim must have been a heinous baby... > OTOH, if you've discovered a way to gain access to the remailers in > such a fashion as to prove those messages originated from Tim May, > please share. (It just might be crypto-relevant, which would be > a small miracle on the cypherpunks list these days :) The real identities of people who use the "anonymous" remails to send out "homophobic" or otherwise "politically incorrect" materials are frequently disclosed on the "remailer-operators" mailing list. For example: ]Date: Mon, 9 Dec 1996 12:50:40 -0800 (PST) ]From: ************* <******************> ]X-Sender: ******************** ]To: remailer-operators at c2.net ]Subject: feh. ]Message-Id: ] ] ]Someone who proports to be from ******************* is sending out a huge ]spam/mailbomb right now. I suggest you sourceblock the prick now. ] ]-***** ] ]----------------------------------------------------------------------- ] Upon advice from his attorney, my tagline has no comment at this time ] Is that "anonymous"? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From mixmaster at remail.obscura.com Mon Dec 9 14:39:18 1996 From: mixmaster at remail.obscura.com (Mixmaster) Date: Mon, 9 Dec 1996 14:39:18 -0800 (PST) Subject: [ANNOUNCEMENT] Secure envelopes Message-ID: <199612092202.OAA25870@sirius.infonex.com> Here, Timmy Mayflower descends into total inanity. He should have a cold shower and/or a Turkish coffee. |\ \ \ \ \ \ \ \ __ | \ \ \ \ \ \ \ \ | O~-_ Timmy Mayflower | >----|-|-|-|-|-|-|--| __/ | / / / / / / / / |__\ |/ / / / / / / / From jya at pipeline.com Mon Dec 9 15:14:32 1996 From: jya at pipeline.com (John Young) Date: Mon, 9 Dec 1996 15:14:32 -0800 (PST) Subject: FIPS key recovery meeting (long) Message-ID: <1.5.4.32.19961209231109.0067efd0@pop.pipeline.com> Forward from: cyberia-l at LISTSERV.AOL.COM Date: Mon, 9 Dec 1996 15:03:27 -0800 From: "John A. Thomas" Subject: FIPS key recovery meeting (long) John Taber and I attended the first meeting of the technical advisory committee to develop a Federal Information Processing Standard (FIP) for the federal "key management infrastructure." The meeting was held December 5 and 6, 1996 near the Dallas/Fort Worth Airport. Although the official documents referred only to "key recovery" instead of "key escrow", representatives used both terms interchangeably. The committee is an advisory body to the Dept. of Commerce. Its recommendations pass through the National Institute of Technical Standards (NIST). The charter states membership will be no more than 24, so the ten "federal liaisons" present are apparently not considered members of the committee. The chairman is Stephen Kent, chief scientist for information security at BBN Systems. The other members of the committee were employees of various computer and computer-security firms, including Sun Microsystems, Microsoft, Intel, Lucent Technologies, Cisco Systems, Digital Equipment, IBM and Motorola. Some security related firms were Trusted Systems, GlobalKey, and CygnaCom. Officials from Chase Manhattan Bank and Visa were also present. The only academic member was Dorothy Denning of Georgetown University. The government liaisons included Michael Gilmore of the FBI, Jan Manning of NSA, and representatives of NIST, the Federal Reserve Bank, and the Defense Information Systems Agency. Some representatives were from agencies having no apparent need for cryptography, and therefore key recovery, such as the Small Business Administration and the Social Security Administration. Kent later questioned why the SBA would need key recovery when it had no need to store encrypted data. SSA needs encryption only when it receives confidential information over insecure systems. Mary Good of the Commerce Department opened the meeting with a speech charging the committee to develop a federal key-recovery standard that can be extended to "public policy". Good urged the committee to confine itself to technical issues only, and arrive at a standard that could be implemented and would not be merely theoretical. Good also asked for "transparency" in key recovery, and a couple of the government liaisons mentioned this as well. Kent's opening remarks included the comment that the FIPS would only deal with crypto key recovery, not recovery of digital signatures, or with public key certification. Most of the rest of the first day was taken up with introductions and comments by the members and liaisons. The general tenor of comments from corporate representatives was that key recovery had not been important to their customers, and while they did not oppose a key recovery standard for the government, they did oppose any effort to make it mandatory or make it a requirement for export. Some differed on whether an export requirement would be a problem. Some typical comments follow. GlobalKey (which runs a private encrypted mail system) said using key escrow would be against is policy, and its customers would not accept it. Oracle stated it had had no requirement for key escrow from customers and saw no need for key escrow from its customers. It supported software-only solutions, and emphasized they must have no classified content. Motorola stated it was important not to impact the performance of wireless systems. Motorola advocated an open system supporting multiple algorithms and opposed the trusted third-party concept. Microsoft said it was pragmatic, willing to provide key recovery if customers want it, but it definitely does not want it mandated, nor tied in with export licensing. The Digicom member assumed the committee was not concerned with individual privacy rights vis-a-vis the corporate employer's power to recover an employee's encrypted message. Jan Manning of NSA and Patricia Edfors of Treasury said the government had a corporate interest in key recovery like any other business, as well as for national security or law enforcement purposes. Manning agreed there was no place in the FIPS for concern over individual privacy rights and urged the committee to avoid privacy issues. Kent said another issue the committee would face was the timeliness of any response required to a key-recovery request. Gilmore of FBI says the FBI's need for timeliness would vary, depending on the investigation. Denning said that data other than law-enforcement related messages could need timely recovery, citing encrypted medical data, or encrypted data from some kind of sensor. Another parameter for timeliness would be the number of requests made in a given time. Although the issue was not explicitly debated, the commercial members seemed to feel that key recovery should be directed to stored data, while the government representatives were clearly using the term to cover both stored data and communications. Someone asked how session keys in a communication system were archived, and Denning remarked she didn't know of any system which archived session keys. The following morning, Kent said the issues included key recovery for storage, key recovery for communications, and key recovery for staged delivery (email). This seemed to remove the doubts some members had about the scope of the proposal. We were left wondering how key archiving could possibly work in communications networks. Consider a system where encrypted packets arrive in any order, with different keys and different key expirations. After a commenter asked for clarification of who the users of the new standard were assumed to be, Kent stated: "The government wants the FIPS so that industry will produce products that government can use, and others will use as well." When another commenter pointed out that a user could defeat a key-recovery system with superencryption or other means, Kent said "...we have to be willing to let [that case] slip through the cracks." Some participants attempted to distinguish between key backup and key recovery, the latter being the case where the parties to the communication are themselves unwilling to give up keys. Denning responded that "key recovery _is_ backup." The distinction seems to be about who is a party to the communication--the corporation whose employee has lost his keys, or the employee himself. Confusion on this point may exist because the members didn't distinguish the case where an entity using key recovery doesn't care about it in particular cases, but another entity, government, very well might. Kent asked if the new standard should require a data recovery field in encrypted messages or files, and if so, should there be check for integrity of this field. Requiring a recipient to check this would encourage senders to use the standard. Someone asked how a recipient could check if a sender were, in fact, escrowing data, even if the field were present. Others said requiring a data-recovery field would make compatibility difficult for older systems, or "...those choosing not to use key recovery." Some expressed concern for the impact on system performance of sending extra bits. Miles Smid of NIST once referred to the data-recovery field as a "LEAF," invoking some laughter from those recalling Clipper's "law-enforcement access field." Following a question on interoperability with systems not using the standard, Manning of NSA said the new export law required products to interoperate only with products using key recovery. This brought some irritated responses from the commercial members. One asked if the government had some bottom line the committee would have to accept if there were to be a FIPS. Manning said NSA had some requirements, and he assumed the FBI did as will. Kent suggested the government side put together a position paper. A member then asked who the customers of FIPS were supposed to be; given the government's special requirements, why was industry input even needed? Smid of NIST said industry input was needed, or no one would build systems for the government to use; also, the government may be involved in key recovery in commercial systems where "...public safety is involved." (It seemed plain that "public safety" in this committee is a code word for "law enforcement"). Kent suggested that if private parties want to operate key-recovery services (apparently meaning escrow services), they would have some negligence defense if they used a federal standard. On the following day, December 6, Dorothy Denning presented a high-level schematic of key recovery associated with key fields and encrypted data. The schematic was thrown together the night before. She promised to make it available on her web page (www.georgetown.edu/~denning/). Patricia Edfors of Treasury spoke about federal public key infrastructure pilot projects. She also described an "Emergency Access Demonstration Project," which was to "demonstrate the viability of key recovery, as a security service, for federal business applications." The project is to last 9-15 months, beginning August 1996. There will apparently be participation between certain government agencies and some private firm. Edfors said no attempt would be made to recover digital signature keys, create a key management infrastructure, or mandate which cryptography is used. However, "export requirements" will apply to all plans. Kent wondered why the government would need key recovery for itself. He seemed to feel that key recovery for an individual's worksation is a data protection issue (backups) rather than true key recovery. Members mentioned a few cases where an employee was unable to decrypt his files, but no one knew of a case where an organization was unable to obtain shared data (e.g., a database), because it was encrypted. Other members seemed reluctant to accept his distinction. They seem to view key recovery as a way to audit proper use of organization assets by employees, or to protect the organization from malicious acts of employees, or to recover data if a custodian is run over by a bus. Discussions continued to frame the issues for the project and assign functional tasks for sub-committees. Gilmore of the FBI said most key-recover issues would arise (for law enforcement) in the context of search warrants, not wiretaps, although the latter could be very important. In a question as to how long escrowed or archived keys should be kept, Gilmore said as long as the data existed, which might be indefinitely. When pressed, Gilmore said this was because some crimes have no statute of limitation. We thought some members might be mentally calculating storage requirements for session keys in a large communications system, if key storage and indexing was to be indefinite. Manning of NSA said the National Archives, for example, would have to have access to recovery keys forever. No one asked why the National Archives might be archiving encrypted data. Boland of GlobalKey also asked about keys to encrypted voice or video. No one seemed to have thought of this before. Kent wrapped things up with a list of issues for discussion at the next meeting. These included: --the threat model --interoperability --key recovery agents --performance issues, computation and bandwidth --algorithm independence --enforcement measures The next meeting will be held in the San Francisco area on February 19 and 20, 1996. Before then the members will confer by email and attempt to set up working groups to present papers on particular topics. The meeting ended with an opportunity for public comment. None was offered. Our opinion was that the only reason for the existence of this project was the insistence of the government, primarily the law enforcement and state security agencies. Private industry seems to feel there is little demand for a key-recovery standard, since those needing it can implement it themselves. Industry representatives were obviously worried about export restrictions requiring key escrow, and possible attempts to make it mandatory in some way. As corporations use encryption more and more, there will obviously be a need to develop key recovery systems inside the firm. The justification for a federal standard, however, seems weak. We felt that this project would probably end in failure, through inability of the industry and government parties to compromise, or if a standard did issue, few private firms would use it. It's even doubtful a standard could be completed and adopted before private systems are firmly in place. Is the whole thing just more of the government's increasingly delusional effort to control private cryptography, or does someone besides the security agencies really want a standard? The committee will post information at www.crsc.nist.gov. We can fax a copy of the materials handed out. We'll try to answer any questions by email (or phone, if you're really in a hurry). --------------------------------------------------------------------- John A. Thomas | (972) 263-4351 | jathomas at netcom.com Bowles & Thomas, L.L.P. | Voice | CompuServe 75236,3536 410 N.W Eleventh St. | (972) 262-6520 | Grand Prairie, Tx 75050 | Fax | PGP public key available --------------------------------------------------------------------- =======> After January 1, 1997: --------------------------------------------------------------------- John A. Thomas | (972) 387-8880 | jathomas at netcom.com Dolce & Thomas, L.L.P. | Voice | CompuServe 75236,3536 5720 LBJ Fwy., Suite 470| (972) 387-8881 | Dallas, Texas 75240 | Fax | PGP public key available --------------------------------------------------------------------- From bressen at hks.net Mon Dec 9 16:47:03 1996 From: bressen at hks.net (Andrew K. Bressen) Date: Mon, 9 Dec 1996 16:47:03 -0800 (PST) Subject: nyc internet world party schedule and survival tips Message-ID: <199612100044.TAA19951@spirit.hks.net> Folks, an internet world nyc party schedule is at http://www.webcinema.org/party/ There's a mondo party at the Tunnel Club on thursday night, 220 12th Ave (West Side Highway and 27th Street), 18:30-20:30 one of the groups I'm affiliated with (WWWeb Artists Consortium) is one of the hosts. I believe that thursday night is also the PGP Inc party. This makes wednesday the logical night for a get-together, unless folks tell me otherwise. People who are around and interested in dinner after the show and before the vendor parties, send me mail. I live about 15 blocks from Javits, so if folks have problems (stolen luggage, need crash space, etc.) or just want to swing by to say hi, gimme a ring. home number: 212-489-6913. I don't have a pager just now. I'll probably be at the exhibit hall wandering during the afternoons. At least one person asked for directions: the front door of the javits convention center is at about 36th street and 11th avenue. http://www.metrobeat.com/nyc/loc/Javits-Center.html has pictures and directions. For good food, hike (1/2 - 1 mile; do not try to take a taxi this way during rush hours) over to 9th avenue from 42nd to 55th streets. There is very little food anywhere near javits; one diner across the street, the concessions inside, and the street vendors are about it. Thus, eat before or after, but don't expect to pop out for 10 minutes and find something you'd want. See recommendations at bottom. Saturday I plan to drive to ~Boston, so folks wanting a lift can also drop me a line. Some recommendations (North-South): Mee Noodle Shop 795 Ninth Avenue, at 53rd Street. 212-765-2929 very cheap, pretty fast, and yummy chinese. Afghan Kebab House 764 Ninth Avenue, between 51st and 52nd Streets. authentic and yummy kebobs and rice there are one or two other afghan places within spitting distance, all are closet sized (DON'T try to bring in more than 4 people at once) The Lemon Tree middle eastern; falafal, humous, kebabs served at glacial speeds. cheap, and they have lamayjan (middle eastern spicy cold meat pizza) El Azteca ninth ave new york mexican, with the nicest restaurant owner I know Uncle Nick's ninth ave greek food that many of my greek friends rave about J West ninth ave ok chinese. lobster tank, and you can draw on the placemats. sometimes not spicy enough. Pongsri Thai 244 W. 48th Street, between Broadway and Eighth Avenue. a long hike from javits, and too close to the theaters, but there just isn't much good thai around here these days. Avanti 700 Ninth Avenue, at 48th Street. 212-586-7410 expense account italian; fireplace and you might want reservations Pietrasanta Ninth ave, ~47th street _very_ good italian, though portions aren't humungous. upscale enough that you might want reservations. Meskerem 47 st near 10th avenue home-style (teff-based injera) ethiopian Asia Caribe ninth ave chino-latino (chinese with a latin american influence). Zen Palate 663 Ninth Avenue, at 46th Street. 212-582-1669 height of elegant, sophisticated vegetarian dining Bali Nusa Indah 651 Ninth Avenue, between 45th and 46th Streets Indonesian. Features Rijstaafl (a little bit of everything). Turkish Cuisine 631 Ninth Avenue, between 44th and 45th Streets perfectly reasonable turkish food all the sushi joints lining ninth ave along this stretch are ok, but not exemplery. avoid the thai places on the east side of ninth avenue; they just aren't too good anymore. there's also a german place and a few fern bars; these are mostly ok. the block of 46th street labeled "restaurant row" is a tourist trap. --cheers --andy From mrosen at peganet.com Mon Dec 9 17:09:26 1996 From: mrosen at peganet.com (Mark Rosen) Date: Mon, 9 Dec 1996 17:09:26 -0800 (PST) Subject: Secure Erase for PCs? Message-ID: <199612100112.UAA28661@mercury.peganet.com> > I know this has been discussed multiple times, but > archive searching has turned up nothing. > > What freely available tools are there for securely > erasing a disk under DOS and Windows? > > Ideally I'd like a tool for each, but pointers > to either are much appreciated. > > Thanks, > Though, technically, no disk can be securely erased, my program, Very Good Privacy, can securely delete files after they have been encrypted. I don't know if this is what you're looking for, but if it is, check out the VGP home page at: http://www.geocities.com/SiliconValley/Pines/2690 From foodie at netcom.com Mon Dec 9 17:31:42 1996 From: foodie at netcom.com (Bryna Bank/Jamie Lawrence) Date: Mon, 9 Dec 1996 17:31:42 -0800 (PST) Subject: Secure Erase for PCs? Message-ID: <199612100131.RAA19898@netcom.netcom.com> > Though, technically, no disk can be securely erased, my program, Very Good > Privacy, can securely delete files after they have been encrypted. I don't > know if this is what you're looking for, but if it is, check out the VGP > home page at: http://www.geocities.com/SiliconValley/Pines/2690 > > Ideally, I'm looking for a free space wiper, along the lines of what Burn 2.4 on the Mac can do. As in, create a file the size of available free space, and then write garbage repeatedly to that file. I've found "Real Deal", a TSR that intercepts the DEL command, but that's a poor substitute, at least for my needs. Anyway, thanks. -j From haystack at cow.net Mon Dec 9 17:59:39 1996 From: haystack at cow.net (Bovine Remailer) Date: Mon, 9 Dec 1996 17:59:39 -0800 (PST) Subject: No Subject Message-ID: <9612100145.AA00126@cow.net> Dr.Dimitri Vulis KOTM blathered: >More fan mail from John Gilmore and his friends: ... Kook, must you post all the private mail you dislike to the list, while at the same time whining and bitching about the crypto-relevance of anyone and everyone else. Many folks you critique do post off topic shit from time to time, but nowhere near the percentage (much less the volume) that you do. I can't killfile your ass from this machine, but I've decided to provide a cypherpunks public service to those who can. It will be low-volume. I am going to anonymously repost everything you post that is actually crypto-relevant. It will be REALLY low volume. Now, quit posting shit about "Timmy" anonymously, with your stupid ascii drawings, and start taking your medications so you'll behave nice at the get together, where I'll see you and try not to vomit. From jya at pipeline.com Mon Dec 9 19:08:05 1996 From: jya at pipeline.com (John Young) Date: Mon, 9 Dec 1996 19:08:05 -0800 (PST) Subject: FIPS Meeting Material Message-ID: <1.5.4.32.19961210030455.0066808c@pop.pipeline.com> John Thomas has provided copies of printed material handed out at the Dallas meeting on FIPS for the Federal Key Management Infrastructure (KMI) on December 5-6. It consists of lists of particpants, charts, diagrams and outlines of the government's prayerful intentions for KMI which Mr. Thomas admirably assessed in his post earlier today. We've digitized and put it with his post on the meeting at: http://jya.com/fipsmeet.htm Thanks to Mr. Thomas and Bowles & Thomas, L.L.P. From lwp at conch.aa.msen.com Mon Dec 9 19:12:01 1996 From: lwp at conch.aa.msen.com (Lou Poppler) Date: Mon, 9 Dec 1996 19:12:01 -0800 (PST) Subject: Security problems in recent list spam Message-ID: I was irritated enough by a recent Commercial spam to the list, (a message from Sue) that I researched the web pages it points us to. I note 2 very interesting features in the order form page (www.steppingstones.com/ordercab.htm) This form collects various info, and returns a POST request invoking ACTION="/cgi-bin/mailto.exe" It appears that these folks leave themselves open to some abuse, from anyone creative enough to modify the form slightly! Also, in the ObSnakeOil department, the form contains this claim: > You are ordering via a secure server which scrambles your credit card > information to prevent it from being intercepted. If, however, you are > still not comfortable sending your credit card number on line, please > fill out the above order form without any payment information and either > call us toll free at 1-800-585-1118 (outside the US, call (203) 730-2220) ... Now, it appears that this form returns a non-encrypted POST request to their server, and furthermore the action taken by the server is to email all the data to the ultimate business recipient. Thus the credit card info would be sent through the net TWICE as plaintext. From rcgraves at ix.netcom.com Mon Dec 9 19:18:18 1996 From: rcgraves at ix.netcom.com (Rich Graves) Date: Mon, 9 Dec 1996 19:18:18 -0800 (PST) Subject: The Advent of Netwar In-Reply-To: <1.5.4.32.19961209193256.006865f8@pop.pipeline.com> Message-ID: <32ACD63F.4AEB@ix.netcom.com> John Young wrote: [...] > There is a summary of this document and ordering info at: > > http://www.rand.org/publications/MR/MR789.html Typo. Should be: http://www.rand.org/publications/MR/MR789/ Thanks. What's with the subject line, John? Shouldn't that be NET_war? -rich From dthorn at gte.net Mon Dec 9 19:25:09 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 9 Dec 1996 19:25:09 -0800 (PST) Subject: Secure Erase for PCs? In-Reply-To: <199612092039.MAA09769@netcom.netcom.com> Message-ID: <32ACD770.4DFB@gte.net> Bryna Bank/Jamie Lawrence wrote: > Hi all - > I know this has been discussed multiple times, but > archive searching has turned up nothing. > What freely available tools are there for securely > erasing a disk under DOS and Windows? > Ideally I'd like a tool for each, but pointers > to either are much appreciated. Since a filewipe or diskwipe followed by a flush would be extremely easy to do with most any compiler, what would be good to know is if there's a shortcut to repeating this process 30 or so times the hard way. From ichudov at algebra.com Mon Dec 9 19:29:29 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 9 Dec 1996 19:29:29 -0800 (PST) Subject: Secure Erase for PCs? In-Reply-To: <199612100131.RAA19898@netcom.netcom.com> Message-ID: <199612100325.VAA07661@manifold.algebra.com> Bryna Bank/Jamie Lawrence wrote: > > > Though, technically, no disk can be securely erased, my program, Very Good > > Privacy, can securely delete files after they have been encrypted. I don't > > know if this is what you're looking for, but if it is, check out the VGP > > home page at: http://www.geocities.com/SiliconValley/Pines/2690 > > > > > Ideally, I'm looking for a free space wiper, along the lines > of what Burn 2.4 on the Mac can do. > > As in, create a file the size of available free space, and then > write garbage repeatedly to that file. > > I've found "Real Deal", a TSR that intercepts the DEL command, > but that's a poor substitute, at least for my needs. I am attaching a program that does it for Unix. /******************************************************* wipedisk.c */ /* U N I X w i p e d i s k p r o g r a m .*/ /********************************************************************/ /* * Copyright(C) 1995, Igor Chudov, ichudov at algebra.com. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License , or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, write to the Free Software * Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. */ /* * Syntax: wipedisk /my/directory/filename */ /* * This program creates a file with a specified name (which you must * supply) and simply writes pseudo-random data into this file. It * deletes this file after it filled the whole disk with this file. * Actually it unlinks the file _right after_ that file was created * to avoid shitting all over the place with dummy files left in case * it was killed. * * Therefore, this program may be used to securely wipe (delete) all * data that does not belong to legitimate files. Pretty neat thing to * use with PGP. Note that I am not an expert in secure erasure of data: * if you use this program to delete criminal traces and FBI is going * after you, talk to an expert first :-) * * It wipes disk only once; call it several times for more secure * erasure. If you run it more than six times at once, consult with your * psychiatrist. * * Note that user filesystem quotas may conflict with wiping the whole * disk. Also, there may be some percentage of every filesystem (usually * 5%) that can only be used by root. It is best if this program is run * by root. Note that for a short period of time this program can make * all disk space used and not available for users. Please notify your * root if you plan to run this program, because running it can create * hardships for other users of your Unix system. * * It is best run from root's crontab in the middle of the night, * when everyone should be sleeping and not hacking. * * The file named in the argument 1 must NOT exist before program is * called. */ #include #include #include #include #include #include #define KILOBYTE 1024 #define PAGE_SIZE (1024 * KILOBYTE) /* This is a standard page size on my system. */ /* should be proportional to 1024 */ #define KB_PER_PAGE (PAGE_SIZE / KILOBYTE) /*********************************************************** randomize */ /* fills buffer with random data */ char * randomize( buf ) char * buf; { int i; int * ibuf = (int *)buf; int int_PAGE_SIZE = PAGE_SIZE / sizeof( int ); for( i=0; i < int_PAGE_SIZE; i++ ) ibuf[i] = rand(); /* So we set 4 bytes at a time, not 1 byte at a time */ return( buf ); } /************************************************************** main() */ int main( argc, argv ) int argc; char *argv[]; { int fd, i; char * buf; if( argc != 2 || !strcmp( argv[1], "--help" ) ) { fprintf( stderr, "usage: %s file-name-to-use-for-wiping\n" "This utility fills free space on disk with random garbage.\n" "There is NO WARRANTY!!! Covered by GNU Public License.\n", argv[0] ); exit( 1 ); } fd = open( argv[1], O_WRONLY | O_CREAT | O_EXCL ); if( fd < 0 ) { fprintf( stderr, "Can't open file %s for EXCLUSIVE writing\n", argv[1] ); exit( 1 ); } unlink( argv[1] ); /* let's unlink it now so that if someone kills me, the file with bullshit will be gone */ if( (buf = (char *)malloc( PAGE_SIZE )) == 0 ) { fprintf( stderr, "Wow, malloc failed. Your system must be royally hosed.\n" ); exit( 1 ); } srand( time( 0 ) ); for( i=0; write( fd, randomize( buf ), PAGE_SIZE ) == PAGE_SIZE; i++ ) { /* every time we write a newly randomized buffer and stop * writing when we cannot write any more */ if( (i % 1) == 0 ) { /* Just to say I am not dead */ printf( "%d Kbytes of pseudo-random data (rand()) written\r", i * KB_PER_PAGE ); fflush( stdout ); } } printf( "\nSyncing disk (wait 30 sec)...\n" ); /* Ughh... */ sync(); sleep( 30 ); printf( "Done.\n" ); free( buf ); /* I am a good guy */ close( fd ); } From snow at smoke.suba.com Mon Dec 9 19:53:03 1996 From: snow at smoke.suba.com (snow) Date: Mon, 9 Dec 1996 19:53:03 -0800 (PST) Subject: [ANNOUNCEMENT] Secure envelopes In-Reply-To: <199612092202.OAA25870@sirius.infonex.com> Message-ID: <199612100411.WAA00425@smoke.suba.com> > |\ \ \ \ \ \ \ \ __ > | \ \ \ \ \ \ \ \ | O~-_ > | >----|-|-|-|-|-|-|--| __/ > | / / / / / / / / |__\ > |/ / / / / / / / > Feessssssshhhhhh Boooooooooooooooooooonnnneee!!! Petro, Christopher C. petro at suba.com snow at smoke.suba.com From dthorn at gte.net Mon Dec 9 20:01:44 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 9 Dec 1996 20:01:44 -0800 (PST) Subject: The Science Generations In-Reply-To: <9612091741.AA08881@notesgw2.sybase.com> Message-ID: <32ACDFEA.24A8@gte.net> Ryan Russell/SYBASE wrote: > If I may offer another opinion... > I ran a BBS for about three years straight off > of floppies on an Apple ][+, without any > hardware failures or disk problems. [snip] I can't argue against someone else's personal experience, but, if you are asking me to believe that the rather cheaply made Apple II would perform nearly as long and reliably as an HP-86/87 (for example), when making hundreds of thousands (millions?) of accesses to floppies over a period of weeks or months, without a disk drive tuneup or alignment, then I must be living in the wrong reality, i.e., everything performs the same, regardless of its construction design. SHOCK TIME: I'm going to shock you now, by telling you that of all the HP computer gear I have bought, the failure rate of new computers and major peripherals was approximately 40%, within the initial one-year warranty period. Actually, the failure rate within 90 days was well over 30%. When I wrote out the detailed list and sent it to corp. HQ, they must have peed their pants, judging by the reaction I got. Surprised? So how do I justify this? All I really know for sure, besides what I've told you, is when the initial fixes are made, I can run heavy- duty operations for many times longer without interruption than I possibly could with most other brands. Wanna know who the worst offenders are in consumer electronics, not only when it comes to warranty-period failures, but failures soon after, due to shoddy failure-proofing? Sony and Toshiba. I haven't had a lot of Toshiba equipment, but the experiences I've had, and the attitude of the company for not fixing them, are convincing for me (just my opinion). I have had a *lot* of Sony stuff, mostly small (but fairly expensive) items, and their product quality is abysmal, excepting large items such as TVs, or a couple of small "professional" items such as the Walkman D6C cassette recorder (Stereophile's favorite) and their pilot's radios S??-70 and -80. From jfricker at vertexgroup.com Mon Dec 9 20:05:03 1996 From: jfricker at vertexgroup.com (John Fricker) Date: Mon, 9 Dec 1996 20:05:03 -0800 (PST) Subject: Secure Erase for PCs? Message-ID: <19961210040455486.AAA189@dev.vertexgroup.com> >Mark Rosen (mrosen at peganet.com) said something about Re: Secure Erase for PCs? on or about 12/9/96 6:19 PM >> I know this has been discussed multiple times, but >> archive searching has turned up nothing. >> >> What freely available tools are there for securely >> erasing a disk under DOS and Windows? >> >> Ideally I'd like a tool for each, but pointers >> to either are much appreciated. >> >> Thanks, >> > Though, technically, no disk can be securely erased, my program, Sure it can. Ten overwrites will rendered remnant data obscure. So says the electron microscope waving data recovery experts anyway. > Very Good Privacy, can securely delete files after they have been encrypted. Thought you said "no disk...". So how does VGP do it? --j ----------------------------------- | John Fricker (jfricker at vertexgroup.com) | -random notes- | My PGP public key is available by sending me mail with subject "send pgp key". | www.Program.com is a good programmer web site. ----------------------------------- From norm at netcom.com Mon Dec 9 20:43:23 1996 From: norm at netcom.com (Norman Hardy) Date: Mon, 9 Dec 1996 20:43:23 -0800 (PST) Subject: Go to my website In-Reply-To: <32A554B6.E9A@minot.ndak.net> Message-ID: At 2:38 AM -0800 12/4/96, Wolf wrote: >Games,links,and a hacking page under construction >http://members.tripod.com/~wolf16 I looked at your site with Netscape 3.0 with my Mac. I use 18 point font which is larger than the default. I like more pixels per character. The text in the left column is thus truncated. Some web pages that use frames somehow cause the text to adapt to the available space. I don't know how html manages this issue. From foodie at netcom.com Mon Dec 9 21:40:11 1996 From: foodie at netcom.com (Jamie Lawrence) Date: Mon, 9 Dec 1996 21:40:11 -0800 (PST) Subject: Secure Erase for PCs? In-Reply-To: <199612100131.RAA19898@netcom.netcom.com> Message-ID: Igor - Thanks for sending this. If I end up porting it, I'll send you a copy. I just wanted to wipe a client's disk. I'm a little surprised that there doesn't seem to be any tools for this on the PC. Another area where Mac's seem to be innovative... -j At 9:25 PM -0600 on 12/9/96, Igor Chudov @ home wrote: > I am attaching a program that does it for Unix. -- "I'm about to, or I am going to, die. Either expression is used." - Last words of Dominique Bouhours, Grammarian, 1702 ____________________________________________________________________ Jamie Lawrence foodie at netcom.com From frantz at netcom.com Mon Dec 9 22:06:36 1996 From: frantz at netcom.com (Bill Frantz) Date: Mon, 9 Dec 1996 22:06:36 -0800 (PST) Subject: Secure Erase for PCs? In-Reply-To: <19961210040455486.AAA189@dev.vertexgroup.com> Message-ID: At 8:05 PM -0800 12/9/96, John Fricker wrote: >> Though, technically, no disk can be securely erased, my program, > >Sure it can. Ten overwrites will rendered remnant data obscure. So says the >electron microscope waving data recovery experts anyway. You should really check out Peter Gutmann's paper in the 1996 Usenix Security Conference Proceedings. After reading it, I think you will come to the conclusion that the only secure data destruction technique, against a well-funded attacker, is destruction of the disk. I like thermite myself. ------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA From tcmay at got.net Mon Dec 9 22:14:51 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 9 Dec 1996 22:14:51 -0800 (PST) Subject: PICS is not censorship In-Reply-To: <3.0.32.19961208154000.006adf40@netcom14.netcom.com> Message-ID: At 3:52 PM -0800 12/8/96, Lucky Green wrote: >At 09:15 PM 12/7/96 -0800, Thaddeus J. Beier wrote: >>I don't think that PICS will be mandated any more than those two standards >>are mandated, perhaps I'm naive, but I think that the social conventions >>will work in this case. > >Let's put the question if something like PICS will be mandated aside for >the moment. Do you agree that sites that deliberately mislabel their >content, will eventually face legal action? If so, then PICS should not be >considered truly voluntary. Or, the version I think is simpler: If I believe pictures of people having sex should be marked "Suitable for all ages" (or whatever the Official PICS Status Code is) will I be criminally or civilly in danger? If so, then PICS is a ratings system which individuals are likely to be unable to interpret themselves. (This takes the element of intent to deliberately defeat PICS out of the equation, and asks if "innocent mislabeling" or "philosophical disagreement alternate labeling" will expose the mislabeller to charges. What I see with any such enforcement of PICS standards is yet another Full Employment Act for Lawyers, and the Lawyer's Guild will be oh so happy to see PICS essentially made part of the bureacratic morass: "Due to the complexities of the PICS ratings system, and varying community interpretations of the elements of PICS, we advise that no person post anything to the Net with a PICS rating without seeking competent legal advice from a PICS-licensed legal professional." --Tim (my "Suitable for religious students of all ages"-rated alternate sig follows.) -- [This Bible excerpt awaiting review under the U.S. Communications Decency Act of 1996] And then Lot said, "I have some mighty fine young virgin daughters. Why don't you boys just come on in and fuck them right here in my house - I'll just watch!"....Later, up in the mountains, the younger daughter said: "Dad's getting old. I say we should fuck him before he's too old to fuck." So the two daughters got him drunk and screwed him all that night. Sure enough, Dad got them pregnant, and had an incestuous bastard son....Onan really hated the idea of doing his brother's wife and getting her pregnant while his brother got all the credit, so he pulled out before he came....Remember, it's not a good idea to have sex with your sister, your brother, your parents, your pet dog, or the farm animals, unless of course God tells you to. [excerpts from the Old Testament, Modern Vernacular Translation, TCM, 1996] From tcmay at got.net Mon Dec 9 22:33:28 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 9 Dec 1996 22:33:28 -0800 (PST) Subject: PICS is not censorship In-Reply-To: <199612080515.VAA01745@hammerhead.com> Message-ID: At 9:15 PM -0800 12/7/96, Thaddeus J. Beier wrote: >PICS, or something like it, is the absolutely right response to calls >for true Internet censorship. People agreeing to a language, a way >of communicating, is a good thing. > >Did you object to HTML? TCP/IP? Other agreements that limited the way >that people communicate? These examples are essentially part of the "infrastructure." They are akin to video tape standards (Beta vs. VHS) or t.v. formats (NTSC, PAL, SECAM). Or to the physical and electrical standards for cable transmission. In none of these cases is _content_ looked at. Indeed, the average user of TCP/IP and HTML need never concern himself with such things. PICS, on the other hand, would not be at such an "infrastructure" level, as it would involve the human originator of a work making value judgements about the prurient content of his work, the blasphemy quotient, perhpas, and so forth. And, failure to make the correct value decision could presumably expose the author/labeller to various charges (should PICS be mandated or should the standards be implemented in civil code, etc.). (If they are not mandated/implemented, an awful lot of folks like me are going to deliberately label our material in various monkeywrenching and "imp of the perverse" ways, just to watch the sparks fly.) In any case, I don't see PICS as anything like the "infrastructure layer" protocols of TCP/IP and HTML, just as I don't see the MPAA ratings systems on movies as anything comparable to motion picture technical standards like sprocket spacing, frame rates, etc. --Tim May -- [This Bible excerpt awaiting review under the U.S. Communications Decency Act of 1996] And then Lot said, "I have some mighty fine young virgin daughters. Why don't you boys just come on in and fuck them right here in my house - I'll just watch!"....Later, up in the mountains, the younger daughter said: "Dad's getting old. I say we should fuck him before he's too old to fuck." So the two daughters got him drunk and screwed him all that night. Sure enough, Dad got them pregnant, and had an incestuous bastard son....Onan really hated the idea of doing his brother's wife and getting her pregnant while his brother got all the credit, so he pulled out before he came....Remember, it's not a good idea to have sex with your sister, your brother, your parents, your pet dog, or the farm animals, unless of course God tells you to. [excerpts from the Old Testament, Modern Vernacular Translation, TCM, 1996] From nobody at huge.cajones.com Tue Dec 10 00:15:42 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Tue, 10 Dec 1996 00:15:42 -0800 (PST) Subject: Redlining Message-ID: <199612100815.AAA09236@mailmasher.com> I seem to have upset you, Matt Miszewski, and I am sorry for that. It appears to me that the problem we have is that we have different ideas about what is right and different perceptions of the nature of the world. It may appear that I intentionally put words in your mouth. This is not the case. We have different ideas about what is obvious. I have made assumptions, but they seemed clear to me. Apparently, they were not. We may still have a fruitful discussion. At 4:17 PM 12/9/1996, Matthew J. Miszewski wrote: >At 03:14 PM 12/4/96 EST, Bovine Remailer wrote: >>At 11:26 AM 12/4/1996, Matthew J. Miszewski wrote: >[snippo] >>If I earned my very own money honestly and I choose to lend it only to >>Albanians, you believe that this would be inefficient and, therefore, >>forbidden. > >Actually I didnt say anything about private lending. But as this thread >goes on you seem to assume much. I am assuming that you agree that somebody who has earned their money honestly should be able to lend it to whomever they please for whatever reason they like. You call this private lending. (Please correct me if I am wrong.) I believe that five friends should be able to get together, pool their resources, and lend their money to whomever they like. I believe that ten, or a hundred, or a thousand people should be able to pool their money and lend it to whomever they please for whatever reason they like. That, essentially, is what a bank is. I do not believe the government should dictate which people you, or your bank, are allowed to lend to. >>In other words, you do not believe that I should be able >>to lend money to anybody I please. You can call it "equal access to >>capital" or "denial of opportunity", but the clearest and simplest >>description is that you believe I should not be able to lend my money >>to whomever I please. Instead of pretending otherwise, just say "I >>believe you should not be able to lend your own money which you earned >>honestly to anybody you please. I believe you should be allowed only >>to lend money in these circumstances..." > >I dont assume that anyone (or any corporation) has earned their money >honestly. Quite often that is not the case. It does not seem reasonable to me to tell people who they may lend money to on the grounds that some people might have obtained their money dishonestly. What would be reasonable would be to charge the dishonest people with their crimes and return the property to the rightful owners. >I have said a few times already that I *do* believe in limited >regulation. However, we disagree about which regulations are just. >And apparently you believe that ad hominem is cool. >>Of course, non-discrimination is a vague term. > >Actually it is not. I am an employment law attroney. I know the >definition. I know also what I need to do to prove it. I also know that >many times the definition (legal) fails to meet the reality of the >situation. But as I said before, we do not live in a perfect society. I do not believe that in practice discrimination is clear at all. If I put up a sign in my store saying "Irish need not apply", then there is a case. Usually, it is not so clear. It is difficult to prove discrimination because merit is so hard to determine. Many factors go into a hiring decision. In the end, it is usually made on the gut level. There is really no way to prove that the decision was discriminatory. Consider the computer industry. For whatever reasons, right now there are very few African-American software engineers who are amongst the very best. They exist, but you don't see them very often. What this means is that you can't look at the percentage of African-Americans working for a software company to decide whether the company makes discriminatory hiring decisions. >>>I agree. I am not arguing that we need to withdraw Title VII. >>>Aparently you are? >> >>I do not know what is in Title VII. Perhaps it would be better to >>ask me about particular policies. > >It is all becoming clear to me now. Perhaps you should understand >what laws you are rallying against before you attempt to defeat them. >I have no need to ask *you* about policies. Considering you have >recently popped up, you have not even a small collection of >reputation built up. We can certainly discuss policy without delving into Title VII and its repeal. One advantage of discussing the policy in general is that we can make statements about entire classes of legislation, rather than specific laws which should be added or repealed. >>In fact, I am open to the possibility that poor people really are >>disenfranchised. > >No you are not. You show your stripes below. No, I told you my opinion. So far nobody has demonstrated in a persuasive manner how the poor are disenfranchised. Consequently, I believe that disenfranchisement is a small part of the explanation. >>But, if I am to believe that I must hear an explanation that makes >>sense to me. If poor people are poor because absolutely nobody will >>do business with them for completely irrational reasons, that seems >>extremely unlikely. Even if most rich people are able to control >>their greed just to punish poor people of the wrong race, which is >>already hard to believe, you actually have to claim that they are >>all this way. > >Actually, I dont. Not all rich people utilize their wealth. Dont >believe it? Ask Bill Gates and the latest Slate. It is true that not all rich people use their wealth to their own best advantage. I am not claiming that all rich people are greedy and smart. What I am claiming is that many rich people are greedy and will certainly seize opportunities that are presented to them. Let's say one in a thousand rich people is willing to exploit the inefficiencies of the home mortgage market. This represents a vast pool of capital which we are not seeing in "redlined" areas, if what you say is true. When people with capital so universally avoid an investment, my first thought is not that every last one of them is a racist. My first thought is that it is not a good investment. (My next thought is "Gee, if they're wrong, I could make a lot of money!") >>Just like anybody else does. You watch every penny. You don't eat >>meat. When you buy food, you buy inexpensive healthy food like >>lentils instead of expensive unhealthy food like Coca-Cola and potato >>chips. You do not go to McDonald's. You walk when you can instead of >>taking the bus or you ride a (used) bicycle. You don't smoke >>cigarettes. You do not buy alcohol. You do not buy other >>recreational drugs. You buy your clothing used. You economize on >>your living arrangements, perhaps by having a large number of >>roomates. (Note that this is illegal in most cities. That is a form >>of disenfranchisment.) You do not make long distance calls. If you >>can, you share a phone with other people. etc. etc. etc. >> >>If you know poor people, you will know that few of them do these >>things. > >My vocation is intimately involved with poor people. I have been there >myself. I do not defend my beliefs on those grounds. You asked me how poor people could save money. I believe I have answered the question. I am sorry if I have pursued an irrelevant line of inquiry. >If I did I could easily just state the opposite. But hey, Ill bet >you arent racist either 'cause you have Black friends. You have no idea of my race or my friends. Yet, it appears that you are making some assumptions based on a few thousand bytes of text. Interesting. >The poor people that I help are nothing like the media productions >you believe in. Actually, I believe my own experience of being poor and living with poor people. I am prepared to believe that my experience was unusual, but you will have to provide some evidence, anecdotal at the very least. >I realized after reading this last paragraph what kind of person I am >dealing with. I may be the most terrible person in the world. It is not relevant to this discussion, is it? >Poor people, in your eyes, remain poor because they apparently have >no will of their own to get out. If you *actually* understood utter >poverty you would also understand the idiocy of the statement. I like to think I am not an idiot. Fortunately, you say little here that makes me think I am. You might find it more effective to explain in what way I am an idiot. Remember, I and the thousands of other people who read this list may not necessarily know what you know. It may be that some of us only lack a little explanation or a little helping hand to start us on the road from idiocy. >Many of personal friends have 'escaped from the killing fields' and >have opened my eyes to the reality of the situation. I will no >longer try to open yours. You are not interested in learning >anything. How will I learn if you call me an idiot instead of explaining your other views? That may be effective in convincing people who already agree with you, but it is not a way to win converts. When you mention escaping from the killing fields, I simply have no idea what you are talking about. (I do not say this to be insulting.) >>Also, you work hard to increase your earnings. You show up at work on >>time every time. You develop a good work ethic. You wear clean >>professional clothing at work. You treat your employer and coworkers >>with respect. etc. etc. etc. > >That's right. I forgot. Poor people dont come to work on time. They >dont develop a work ethic. They wear dirty clothes. And they are >disrespectful. And when they dont do these things they are not >passed up for promotion, never meet a glass ceiling and are never >discriminated against. Now I get it. What was I thinking? I can only tell you what I have seen. >>Read "Your Money or Your Life" by Joe Dominguez and Vicki Robin. It >>outlines a workable program that all poor people - and quite a few >>others - will be able to use to their benefit. > >I live in reality not theory. If a theory does not work out in reality it is not of much use. Next time you are in the bookstore, flip through the book. It's not what you think it is. You'll like it. Really. >>But why isn't that good news? If it's really market inefficiency, >>why not exploit it? > >Because I personally carry to high a debt burden to qualify for the >loan. I outlined a plan which would not require you to put up any money of your own. As an attorney, you have a tremendous advantage because you don't have to pay legal fees. Your own debt burden doesn't matter much if the holding company borrows the money. You can give your investors control of the company and just take commissions on every mortgage you create. >I also suffer from doing something with my life that I both enjoy and >feel makes a difference. That's nice. I mean that. But, if the inefficiency you are pointing at is as large as you say, there should be an opportunity to make many millions of dollars. Surely, you could do some good with all that money. And, imagine what effect you would have if you did make yourself rich lending to poor people who are subjected to irrational discrimination. Maybe some other rich people would get the good idea. >>But, even if it were possible to define precisely what racism is, I >>would still believe it should be legal. There is no accounting for >>taste and it is wrong to dictate it to other people when they are >>causing no harm to others. > >Try defining harm. Try defining taste. People like you have argued that >slavery caused no harm. Now who is making an ad hominem attack? In this discussion I am arguing for greater human freedom and you are not. You have more in common with the slaver than I do, sir. >Disallowing women to vote caused no harm. What are you talking about? >And of course that discrimination in the workplace causes no harm. It causes harm if you believe people have an obligation to work with everybody. I don't believe this. Let's say somebody likes only Albanians and hates everybody else. I would rather that person spent his or her time with Albanians and not with me. No harm done. What is more, I believe I have no moral right to demand that person spend time with me if they don't want to do so, for whatever reason, including discrimination. >This just makes me glad that you are clearly in a minority, unable to >withstand the wheels of change. Change is not in and of itself a blessing or a curse. Positive change is a blessing. Redlining laws are nothing new. Cryptoanarchy is. >>>Generally, people who understand the problem are without access to >>>capital. They would like to go there. They cant get capital. When >>>they approach current interests, they wont go there. >> >>Maybe there's something funny about the deal. > >That's it. All those lawyers involved with putting together deals >(something they succesfully do for a living) put together a funny deal. >That's it. It's a conspiracy. Be careful everyone, the poor people are >planning something. Run, run. The "funny" I had in mind was that it wasn't such a good investment, not that lawyers are universally corrupt. The fear that potential investors have is not that the "poor people are planning something", but that they are not planning anything and will be unable to pay back the money they borrow. >>>There are a few examples of people who actually realize this as a >>>problem/opportunity. Oddly enough, this point reinforces mine. >>>Redlining did exist. Bank of America realized it and made a lot of >>>money. But it still exists elsewhere. Why dont business plans >>>around the country spring up on venture capitalists desks with an >>>approved stamp on them? >> >>More to the point, why isn't Matthew J. Miszewski drooling in >>anticipation of all the money he is going to make by recognizing this >>glorious opportunity? Giannini made a tremendous amount of money. > >Just because a market exists that is far from stating that barriers to >entry arent enormous and that a market segment is sufficient to make >'tremendous amounts of money'. But the mortgage market is huge. And, we have inner cities all over the U.S. If you there are large areas which are completely unserviced by lending institutions, this is a huge opportunity. I am prepared to hear that there are barriers to entry. What are they? >This will be hard for you to understand, but apparently you have no >interest in expanding your horizons. Could this be considered an ad hominem attack? >>Hmmm? Maybe it was lousy investment in spite of a good ROI number. >>Nobody? Not one person was willing to buy in? Hardly an >>endorsement. > >What are you talking about? Good ROI, good investment. How do you >define 'lousy investment'? Maybe you work for a bank? What do you >do? Oh yeah, you are Red Rackham. If you knew where Red Rackham got his name, you would find it amusing. No, good ROI does not mean good investment. "Past performance does not guarantee future results." An investor cares about future results. What happens to mortgages in poor areas during the next recession? BTW, what reasons did your prospective investors give for declining? >>>Compare this now to people whom banks would generally consider a >>>good risk. College Graduates. Generally, these folks live outside >>>of the red line. Good risks right? What about those nasty student >>>loan default rates? The red lines dont make business sense. >> >>I'm hearing that cash register ringing. Go for it! >> > >Whenever a good point is made, you go to that nifty "ring, ring" >crap. Do you deny that the default rate on student loans is >outrageous. Do you deny that these people generally live out of the >redlines? This wouldn't surprise me much. But, aren't student loans typically cosigned, often by the government? I hope the problem is obvious. If people (e.g., banks) want to lend their money to high default rate groups, I won't object unless it's my money. >>That's easy. Once a month get ten families together to go to the >>nearest warehouse store in the suburbs and stock up on provisions. > >Have you carried that much home on a bus lately? I mean, you were >poor, no? Or do we all forget little things like that? Incidentally, I do see poor people taking their groceries on the bus. Smart. Usually, poor people know somebody with a car. But, let's say they don't. There are all sorts of delivery and shipping services available. Taxi services, for instance, usually have a few vans around for hauling things. And, there are grocery delivery services. You could probably find a store which would throw in delivery if enough goods were moving. Say it costs $20 (you take the bus there), that's not much when spread over a thousand dollars of food. >>Or, one poor family could buy a bunch of stuff every month and sell it >>out of their house and save everybody the trip. > >Making the original capital in their basement of course. How many >microloan programs do you know of Red? It doesn't require a microloan. The other families could give their friends the money and save the trip. >>Discussions regarding "the cycle of poverty" are usually little more >>than litanies of excuses. > >I keep forgetting that poor people want to remain poor. When will I >learn. They use up all their energy thinking up excuses. Oil >Company execs never treat blacks differently. Glass ceilings dont >exist. Hey if I keep saying it maybe I will learn. I don't believe I have said anything about the management of oil companies or glass ceilings. The reason most people are poor is because they are not functioning well in their environment. I am prepared to hear otherwise, but this has been my experience. >>I challenge you to put your own money into this venture. You don't >>even have to quit your job to get into the microlending business until >>you've built it up to the point where it can support you. > >This sounds like advice from someone who has never tried. Not you, red. Would it make a lot of sense for me to try this? I'm the one arguing that investors probably know what they are doing. >>My point is not that there is a great opportunity so "somebody >>somewhere" will solve the racism problem. My point is that you >>yourself do not believe there is a great opportunity if it involves >>money you really care about, i.e. your own. > >Actually, my largest investment is in a minority owned business. Funny >thing. My money. How odd. Well, good for you. I mean that sincerely. Doing well, I trust? >>You are claiming that there are ZERO investors who will invest in this >>great opportunity because they are racists. Contrary to popular >>belief, most African-Americans are not poor or even gang members. > >Where the hell did this come from? I *never* asserted it. Red must be >watching too much TV. Perhaps I misunderstood. Didn't you say that you were involved with a mortgage program for poor people and were unable to find any investors? >>If you are claiming that even African-American investors are >>irrationally racist about lending to poor people, you should be >>forewarned that I and many other people are going to find that a >>little hard to believe. > >Racism is a dynamic of Power Red. There are, unfortunately, >successful Blacks that do not help out the neighborhoods they came >from. They do not credit Affirmative Action for its help. Consider >me 'forewarned'. Please explain in greater detail how the dynamic of power works in this situation. I am truly interested, but your one line sentence gives me little to go on. I was not proposing that successful African-Americans "help out" their old neighborhoods. Rather, I was proposing that they would be able to see the opportunity and exploit it to the benefit of all parties. "Greed is good." >>>>Banks have practiced discrimination, and not just against black >>>>people. They have been able to get away with it. How? Because >>>>the government has protected the banking guild from competition. > >I never mentioned that blacks were the only poor in this country. >That was one of Red's assumptions. Much like the ones about poor >people being lazy, dirty, blah, blah. Yes, it appears I did make an assumption. Every redlining discussion I have seen in the past concerned African-Americans and this caused me to make a careless statement. My apologies. Getting back to the point, you have failed to explain how banks get away with their discriminatory practices. I think the markets see redlining as damage and route around it. Why do you believe this is not happening? (Astute observers will notice that this thread really does concern the cypherpunk list. Summary: Cryptoanarchy will loosen or even eliminate controls on the flow of capital. This benefits anybody who is otherwise shut out of the system, including poor people.) >>>We agree. But I feel that a legal elimination of redlining would >>>decrease costs to the industry. >> >>Wrong. Redlining is devilishly difficult to define. > >What's so difficult. God, I hope you arent an attorney. Let's consider some laws we could make to stop redlining. "You will not draw red lines on maps around neighborhoods where you will not make loans." In practice, you will not find the maps and it will be hard to prove the case. The banks will make a few loans in the areas they have redlined just to comply with the law. The next law will be more complicated. The government has to dictate how many loans in what amounts are to be made where. This is known in other countries as "central planning". It has a poor track record. You may counter, "But you said it would be hard to define and then you said it could be defined." I believe that this sort of "law" stretches the meaning of the phrase the "rule of law" because the government is not constrained in any way. It dictates the bank's actions. In practice, I think the way it works is that a bank has to make loans to the same area where it received deposits. It is unclear whether this benefits poor people who are good credit risks, but it definitely punishes poor people who want to deposit money because it makes it a less attractive market in which to offer banking services. The consequence is that many poor people keep their cash around the house. Naturally, this leads to increased theft and greater difficulty in saving. The law has the effect of saying "Poor people can only lend their money to other poor people." I find it hard to believe that his benefits the poor or was intended to do so. >>That hurts a small bank more than any other because they have to >>figure out how to comply with the law and defend themselves against >>the regulators instead of just borrowing and lending money. It >>raises the costs of banking. That means it is harder for people to >>borrow and lend money. And that, if you care about efficiency, is >>inefficient. > >It costs money *to practice* redlining. Not to eliminate the >practice. If decisions are based on merit alone, where do costs >increase. Redlining adds a layer of investigation to a loan >analysis. Eliminating it eliminates one. It's a pretty easy investigation. I doubt it costs much. You've already heard what I have to say about opportunities. >>>If they never did we would still have slavery and only white, >>>adult, male, land-owners would vote. While success is rare, it has >>>prevailed when the cause is just. >> >>I hate to admit it, but you do have a point here. > >And yet you assert that the government should not tell you what to do. >Make up your mind Red. Maybe you can help me with some history. Didn't the government have something to do with enforcing slavery laws? Perhaps I missed something. Usually, we want the government to tell other people what to do and to leave ourselves alone. Since I respect the desire other people have to make decisions about their lives, I oppose most governmental interference. >>However, the way privacy will be permanently eroded is through laws >>called "The Privacy Protection Act" which have clauses allowing the >>government to do whatever it wants. It is disconcerting to have the >>government dictating what information you may or may not keep on your >>computer or who you may give it to. > >While this is totally of the point of the post, at least we can agree on >something. You did not give the appearance of agreeing with me. For instance: At 10:50 AM 12/3/1996, Matthew J. Miszewski wrote: >(snip) >>(Just for the record, what the hypothetical insurance companies and >>employers are doing by using data they have obtained should not, in >>a free society, be illegal in any way. All information contributes >>to decision-making, about loans, credit, insurance, employment, etc. >>In a free society, it is up to people to not disclose that which >>they do not wish remembered.) > >While the libertarians on the list have affected my way of looking at >regulation I, and others, do not subscribe (suscribe ;)) to Tim's >absolute theory. Unless, of course, by free society Tim is refering >to one where corporations hold themselves to a level of "personal" >responsibility, which in many realms is part of any definition of >"free". > >Take, for example, the practice of redlining. How are people who live in >"bad" neighborhoods supposed to not reveal that information. While you did not state it explicitly, in the context above I interpreted this to mean that you supported laws which restricted the use banks make of information they obtain from their clients. In other words, people are not allowed to tell each other what they know. That does not seem like a good idea. >[Excuse the tone of the post. Dealing daily with some of the effects of >racism, one gets sick of the same arguments and assumptions made by most. >I thought you were interested in differing points of view, but the tone of >your post suggested otherwise.] What you discovered was that I strongly disagree with your point of view. That does not mean that I am not interested in what you have to say. But let's assume the worst: I am terrible person and I am only using you to disseminate my own political ideas. You may find that patiently demonstrating the flaws in my thinking or how my beliefs are unfounded in reality is more effective at persuading other people. As it is, it appears that you are evading the questions I raise. The views I hold are not uncommon in the United States. I have to think that you would do the world a service by exposing their flaws, if there are any. Red Rackham From nobody at cypherpunks.ca Tue Dec 10 00:57:22 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Tue, 10 Dec 1996 00:57:22 -0800 (PST) Subject: [URGENT] Forgery detection Message-ID: <199612100850.AAA10214@abraham.cs.berkeley.edu> The only `culture' Timmy May possesses is that cultivated from his foreskin scrapings. ,,, -ooO(o o)Ooo- Timmy May v From lucifer at dhp.com Tue Dec 10 01:01:27 1996 From: lucifer at dhp.com (Anonymous) Date: Tue, 10 Dec 1996 01:01:27 -0800 (PST) Subject: PGP 3 Beta testers needed Message-ID: <199612100901.EAA21823@dhp.com> > Here, Timmy Mayflower descends into total > inanity. He should have a cold shower and/or a > Turkish coffee. > > |\ \ \ \ \ \ \ \ __ > | \ \ \ \ \ \ \ \ | O~-_ Timmy Mayflower > | >----|-|-|-|-|-|-|--| __/ > | / / / / / / / / |__\ > |/ / / / / / / / > All joking aside, is there any reason I shouldn't trust Tim May (assuming I don't care about his personal details like sexual preference, etc.)? Thanks. From rp at rpini.com Tue Dec 10 01:17:19 1996 From: rp at rpini.com (Remo Pini) Date: Tue, 10 Dec 1996 01:17:19 -0800 (PST) Subject: Codebreakers on the shelves! Message-ID: <9612100917.AA00662@srzts100.alcatel.ch> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: cypherpunks at toad.com Date: Tue Dec 10 10:16:58 1996 >> Warning: The book is $65.00 hardbound! (It is also *NOT* a small >> book. It is large. About 2000 pages by my guess. > 1181 actually, not including the table of contents and preface. It's available in swiss bookstores for $49. I'm about to get one :) - ------< fate favors the prepared mind >------ Remo Pini rp at rpini.com PGP: http://www.rpini.com/crypto/crypto.html - ----< words are what reality is made of >---- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: http://www.rpini.com/crypto/crypto.html iQEVAwUBMq0qjRFhy5sz+bTpAQER8Af8DviUdSvXhR1Ue7mMJY5/RndZjrTTEdU3 aMEkm7+Xly4ChN62CvKfiBwPjU/eYaEWPiC7YTYGJxe1tSnUoA4K0SHShPAmGI0M vj0/YlaST2/eSwm0m9bu9pcQLEGqX0w/ZsVHPliqTfjcA2k4c6feQg0ku0Ddfija x5y3MfkKoSGohbF96LQ6+KTJkKJuxnHZnRYPFUiXZCS5+CQHqK1I9VAGzeyF+7th Wj0vNif7oUBWH7Qssib380FQj5GtVN0IH/Z/vdcFBrxlXMPRqHWDVmPuIB2BTd2p 6aF4ioF4IUPKTydxJ4ZIVIyh9mV3QHQeJE1hbBb4AoDpxBp0Mrn7Cg== =Ek6e -----END PGP SIGNATURE----- From jbaber at mi.leeds.ac.uk Tue Dec 10 01:39:20 1996 From: jbaber at mi.leeds.ac.uk (jbaber at mi.leeds.ac.uk) Date: Tue, 10 Dec 1996 01:39:20 -0800 (PST) Subject: PICS is not censorship Message-ID: <4396.9612100936@misun2.mi.leeds.ac.uk> Tim May writes: > At 3:52 PM -0800 12/8/96, Lucky Green wrote: > >Let's put the question if something like PICS will be mandated aside for > >the moment. Do you agree that sites that deliberately mislabel their > >content, will eventually face legal action? If so, then PICS should not be > >considered truly voluntary. I disagree, mandating labeling is a completely separate thing from deliberately mislabeling. No one could force me into entering into a contract with them, but if I chose to then it would, and very probably should, be enforceable. > If I believe pictures of people having sex should be marked "Suitable for > all ages" (or whatever the Official PICS Status Code is) will I be > criminally or civilly in danger? If so, then PICS is a ratings system which > individuals are likely to be unable to interpret themselves. What if the PICS classifications were worded so as to describe the factual content of a page rather than the writers opinion of its suitability? This, if correctly implemented, could remove the problem of interpretation. > (This takes the element of intent to deliberately defeat PICS out of the > equation, and asks if "innocent mislabeling" or "philosophical disagreement > alternate labeling" will expose the mislabeller to charges. Factual classifications should completely remove the problems of innocent mislabeling and philosophical disagreement (if you disagree don't label but if you use our labels follow our rules). I would never claim to be a lawyer but from my naive point of view I would say that putting false labels on a page would be misrepresenting it and could possibly constitute fraud? Take for example a page labeled with the factual tag, that charged for access. Surely a user could, at the very least claim that false advertising got him to (pay to) view the page if he was searching for Topless pictures? > What I see with any such enforcement of PICS standards is yet another Full > Employment Act for Lawyers, and the Lawyer's Guild will be oh so happy to > see PICS essentially made part of the bureacratic morass: > > "Due to the complexities of the PICS ratings system, and varying community > interpretations of the elements of PICS, we advise that no person post > anything to the Net with a PICS rating without seeking competent legal > advice from a PICS-licensed legal professional." Unfortunately this may be the case, however I would suspect that this may go the other way with people thinking that if they can be sued for mislabeling their pages they just will not label them at all. Jon Baber jbaber at mi.leeds.ac.uk http://chem.leeds.ac.uk/ICAMS/people/jon/ From tcmay at got.net Tue Dec 10 02:29:51 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 10 Dec 1996 02:29:51 -0800 (PST) Subject: Codebreakers on the shelves! In-Reply-To: <9612100917.AA00662@srzts100.alcatel.ch> Message-ID: At 10:17 AM +0100 12/10/96, Remo Pini wrote: >It's available in swiss bookstores for $49. I'm about to get one :) I took a look at it a few days ago, and am disappointed. As near as I can tell, from the comments by Kahn and from looking at it, the new edition is _exactly_ the same as the 1967 edition, with the exception of one additional chapter. The last chapter covers the Enigma story in detail. However, the public key cryptography revolution is covered in about two or three pages (or at least this is my recollection). Brief mention is made of Diffie, Hellman, etc., but nothing surprising or new. So, it seems a better deal is to get one of the many used copies of the original, for $20 or less, and then read any of the many good articles on modern cryptography. I'm hoping the new edition of Bamford is handled better. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Tue Dec 10 02:48:34 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 10 Dec 1996 02:48:34 -0800 (PST) Subject: PICS is not censorship In-Reply-To: <4396.9612100936@misun2.mi.leeds.ac.uk> Message-ID: At 9:36 AM +0000 12/10/96, jbaber at mi.leeds.ac.uk wrote: >Tim May writes: >> At 3:52 PM -0800 12/8/96, Lucky Green wrote: >> >Let's put the question if something like PICS will be mandated aside for >> >the moment. Do you agree that sites that deliberately mislabel their >> >content, will eventually face legal action? If so, then PICS should not be >> >considered truly voluntary. > >I disagree, mandating labeling is a completely separate thing from >deliberately >mislabeling. No one could force me into entering into a contract with them, >but if I chose to then it would, and very probably should, be enforceable. If it's only a contract, and forever only a contract, then I am less worried. But my point is that I fear the purely contractual status will not last. (And, as I think it was Lucky Green who pointed out, what is to stop people who have _not_ entered into any contract with one of the (several?) PICS agencies from simply claiming a rating? If the PICS folks want to set up a system for digital signatures, compliance testing, etc., fine...so long as non-customers don't have to pay for it. Let the Hallelujah Brigade and the Dervishes subsidize their systems.) >> If I believe pictures of people having sex should be marked "Suitable for >> all ages" (or whatever the Official PICS Status Code is) will I be >> criminally or civilly in danger? If so, then PICS is a ratings system which >> individuals are likely to be unable to interpret themselves. > >What if the PICS classifications were worded so as to describe the factual >content of a page rather than the writers opinion of its suitability? This, >if correctly implemented, could remove the problem of interpretation. Doubful. I contend that any such approach is bound to fail. Suppose I describe a picture of adults having sex as "A joyful experience," or "Children need to look at this!"? There simply is no "factual" description of a page. Every person will have their own descriptions. Mandating that words be "true" is the end of free speech as we know it. (For starters, religions--all of them--will have to be shut down.) >> (This takes the element of intent to deliberately defeat PICS out of the >> equation, and asks if "innocent mislabeling" or "philosophical disagreement >> alternate labeling" will expose the mislabeller to charges. > >Factual classifications should completely remove the problems of innocent >mislabeling and philosophical disagreement (if you disagree don't label but >if you use our labels follow our rules). I would never claim to be a lawyer >but from my naive point of view I would say that putting false labels on a >page would be misrepresenting it and could possibly constitute fraud? Fraud? What happened to free speech? The assumption that there even exist "factual descriptions" (and presumably "false descriptions") is an incredibly pernicious idea, at least as regards free speech. If I wish to describe two people having sex as "Two happy persons engaged in a happy pursuit," this is not "fraud." True, many parents will dislike it, as will many Mennonites, etc. So? >Take for example a page labeled with the factual tag, that charged >for access. Surely a user could, at the very least claim that false >advertising got him to (pay to) view the page if he was searching for Topless >pictures? Not even close. On Highway One, near Monterey, California, is a large sign saying "Topless." Turns out to be for artichokes. There may be "implied contracts" for nightclubs with "topless" signs, but in other contexts "topless" may mean various things. >> What I see with any such enforcement of PICS standards is yet another Full >> Employment Act for Lawyers, and the Lawyer's Guild will be oh so happy to >> see PICS essentially made part of the bureacratic morass: >> >> "Due to the complexities of the PICS ratings system, and varying community >> interpretations of the elements of PICS, we advise that no person post >> anything to the Net with a PICS rating without seeking competent legal >> advice from a PICS-licensed legal professional." > >Unfortunately this may be the case, however I would suspect that this may go >the other way with people thinking that if they can be sued for mislabeling >their pages they just will not label them at all. Of course, the most correct and consistent view is to just leave it for a market solution: some label, some don't, some label carelessly, some label anally [no content is implied! :-}), some label deceptively, some label clearly, and so on. Again, my concern is not that some bunch of folks initiate a PICS or SICS or LIKS system, but that it the legal system gets involved...I surmise that many lawmakers are already talking about this--this came up in connection with the CDA case, that a labelling system such as PICS could resolve some of the issues....I hardly expect that a fully voluntary system would meet the demands of the censors. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From alan at ctrl-alt-del.com Tue Dec 10 05:48:57 1996 From: alan at ctrl-alt-del.com (Alan Olsen) Date: Tue, 10 Dec 1996 05:48:57 -0800 (PST) Subject: Puzzle Palace 2nd edition (1983) Info Message-ID: <3.0.1.32.19961209211613.010dc81c@mail.teleport.com> I remember that there was some confusion as to the second edition of _The Puzzle Palace_ by Bamford. (Sorry if this info has been posted before. I did not see a resolution to it. I may have missed it if it was.) "I found a copy of _The Puzzle Palace_ 2nd edition!", he said crypticly. In the Penguin Press printing of _The Puzzle Palace_, it notes that there is the 1982 edition (published by Houghton Mifflin) and one in 1983 (published by Penguin) with a new afterward. Since the afterward contains a fair amount of new information (it looks like a number of FOIA requests came in after going to press), it is probibly the "Second Edition" of which Schneier speaks... Hope that clears things up... (I am going to see if the dealer I got the book from will give me the info on where he ordered it. It was in stock, whereever he got it...) --- | "Spam is the Devil's toothpaste!" - stuart at teleport.com | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.ctrl-alt-del.com/~alan/ |alan at ctrl-alt-del.com| From alan at ctrl-alt-del.com Tue Dec 10 05:48:58 1996 From: alan at ctrl-alt-del.com (Alan Olsen) Date: Tue, 10 Dec 1996 05:48:58 -0800 (PST) Subject: Review of the EPP plug-in 0.2 for Eudora Message-ID: <3.0.1.32.19961209221426.010dc81c@mail.teleport.com> [Note: this is CCed to the developer for two reasons. First, I wanted him to know of the review. Second, I have another two bugs at the bottom that I have not reported.] I have been putting the Eudora PGP plug-in through its paces. My findings have been interesting... The instalation was quick and painless. All of the defaults were pulled from the mail information upon first running the Eudora after installing. It provides some basic functions for using PGP. The functions provided are: -- Clearsign Message -- Decrypt Message -- Encrypt Message -- Verify Signature -- Add Key -- Paste (Insert) Key These appear under the Edit menu in the plug-ins submenu. (It would be nice for these to be in their own seperate menu, but that may be beyond the scope of the plug-in developers kit.) I have not seen any glaring errors (GPFs and the like.) There are some functional problems I have discovered. These should be cleaned up in a future version. (What do you expect for a 0.2 release?) These are the problems/bugs I have found so far: -- If you do not define a default ID in the PGP config.txt, it will take the last ID generated on the secret key ring. (This is a common problem. This is not the only app that has it.) -- The program does not word wrap before sending the message to get signed. This breaks the signature when Eudora word wraps it opon sending the message. (Another common problem. I remember a bunch of apps fixing this one at one time a few months ago...) -- If you decrypt a message, the mail headers are destroyed. (I just discovered this one last night. It makes replying a bit of a challenge...) -- The plug-in does not deal with "personalities". (This is not a bug, but something that would be *REAL* helpful. Now if you could get personalities that connected to nym servers.) All in all, this is a useful plug-in. It has a few rough spots, but that is to be expected. (This is a 0.2 release.) Having this functionality in Eudora makes PGP encrypted lists *MUCH* more usable. (Cut and paste for each message and/or firing up a seperate e-mail app to scan for messages becomes more trouble than it is worth in a real hurry...) BTW, this is the original information as to where to get the plug-in. How much of this is current, i am not certain... (The mailing list was broken according to Lucky Green.) > Eudora/PGP Plug-In > >Download version 0.20 from the Web: > * http://www.prism.gatech.edu/~gt6525c/eppi/epp16_02.zip > (for 16-bit version of Eudora 3.0 for Windows 3.1) > * http://www.prism.gatech.edu/~gt6525c/eppi/epp32_02.zip > (for 32-bit version of Eudora 3.0 for Windows NT/95) > >If you don't have Web access, but have FTP access, try the following sites. >Note that if the version you are trying to get was released today or just a few days ago, it may not have shown up at the sites below yet, so give it a few days: > >papa.indstate.edu: /pub/winsock-l/mail/epp16_02.zip > /pub/winsock-l/Windows95/mail/epp32_02.zip > /pub/winsock-l/WindowsNT/mail/epp32_02.zip > >ftp.winsite.com: /pub/pc/win3/winsock/epp16_02.zip > /pub/pc/win95/winsock/epp32_02.zip > >If you want to be automatically notified of new versions, send e-mail to gt6525c at prism.gatech.edu with the subject of "eppi news", and the following message body: > >join >stop > > --- | "Spam is the Devil's toothpaste!" - stuart at teleport.com | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.ctrl-alt-del.com/~alan/ |alan at ctrl-alt-del.com| From unicorn at schloss.li Tue Dec 10 06:06:14 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 10 Dec 1996 06:06:14 -0800 (PST) Subject: Redlining In-Reply-To: <199612100815.AAA09236@mailmasher.com> Message-ID: On Tue, 10 Dec 1996, Huge Cajones Remailer wrote: > Date: Tue, 10 Dec 1996 00:15:30 -0800 > From: Huge Cajones Remailer > To: cypherpunks at toad.com > Subject: Re: Redlining > > > I seem to have upset you, Matt Miszewski, and I am sorry for that. It > appears to me that the problem we have is that we have different ideas > about what is right and different perceptions of the nature of the > world. > > It may appear that I intentionally put words in your mouth. This is > not the case. We have different ideas about what is obvious. I have > made assumptions, but they seemed clear to me. Apparently, they were > not. We may still have a fruitful discussion. > > At 4:17 PM 12/9/1996, Matthew J. Miszewski wrote: > >At 03:14 PM 12/4/96 EST, Bovine Remailer wrote: > >>At 11:26 AM 12/4/1996, Matthew J. Miszewski wrote: > >[snippo] > >>If I earned my very own money honestly and I choose to lend it only to > >>Albanians, you believe that this would be inefficient and, therefore, > >>forbidden. > > > >Actually I didnt say anything about private lending. But as this thread > >goes on you seem to assume much. > > I am assuming that you agree that somebody who has earned their money > honestly should be able to lend it to whomever they please for > whatever reason they like. You call this private lending. (Please > correct me if I am wrong.) > > I believe that five friends should be able to get together, pool their > resources, and lend their money to whomever they like. > > I believe that ten, or a hundred, or a thousand people should be able > to pool their money and lend it to whomever they please for whatever > reason they like. > > That, essentially, is what a bank is. I do not believe the government > should dictate which people you, or your bank, are allowed to lend to. Create a bank where the identity of the customers are unknown and you solve the redlining problem. -- Forward complaints to : European Association of Envelope Manufactures Finger for Public Key Gutenbergstrasse 21;Postfach;CH-3001;Bern Vote Monarchist Switzerland From jbaber at mi.leeds.ac.uk Tue Dec 10 06:15:37 1996 From: jbaber at mi.leeds.ac.uk (jbaber at mi.leeds.ac.uk) Date: Tue, 10 Dec 1996 06:15:37 -0800 (PST) Subject: PICS is not censorship Message-ID: <4484.9612101411@misun2.mi.leeds.ac.uk> > Tim May writes: > If it's only a contract, and forever only a contract, then I am less > worried. But my point is that I fear the purely contractual status will not > last. This point is something that we can agree on completely. But the question is should be approach it from a 'compromising' point of view encouraging completely volentary contracts or wait for the government to attempt to mandate a system. Although ideal we should fight against any form of censorship I think that the public are generally ignorant enough to say 'well it works with films so why not with web pages' when faced with the four horsemen. > (And, as I think it was Lucky Green who pointed out, what is to stop people > who have _not_ entered into any contract with one of the (several?) PICS > agencies from simply claiming a rating? If the PICS folks want to set up a > system for digital signatures, compliance testing, etc., fine...so long as > non-customers don't have to pay for it. Let the Hallelujah Brigade and the > Dervishes subsidize their systems.) Again I was thinking more along the lines of having the PICS system similar to british standards where claiming to have something that you do not is illegal. However I think that your idea, although put forward facetiously, is actually ideal. People currently pay for web-blockers so why should they not buy web browsers that allow restricting (for their own children of course) which web sites etc they can reach from digitally signed ratings on pages. Initially browser sales could pay for web ratings (much as they currently pay for researching which sites should and should not be allowed into things like surfwatch), once the browsers themselves become widespread, and view per page (or even site) automatic charging comes into use then such an organisation could even charge to review your web pages - if you do not like their evaluation then just do not use them. > >> If I believe pictures of people having sex should be marked "Suitable for > >> all ages" (or whatever the Official PICS Status Code is) will I be > >> criminally or civilly in danger? If so, then PICS is a ratings system which > >> individuals are likely to be unable to interpret themselves. > > > >What if the PICS classifications were worded so as to describe the factual > >content of a page rather than the writers opinion of its suitability? This, > >if correctly implemented, could remove the problem of interpretation. > > Doubful. I contend that any such approach is bound to fail. > > Suppose I describe a picture of adults having sex as "A joyful experience," > or "Children need to look at this!"? > > There simply is no "factual" description of a page. Every person will have > their own descriptions. Mandating that words be "true" is the end of free > speech as we know it. I was starting from the point that there were a number of officially (by the PICS organisation) recognised PICS labels each of which had specific definations in a similar manner to existing HTML tage.. Nothing would stop anyone from making up their own new tags but browsers could only assume that the official ones would be strictly defined. > (For starters, religions--all of them--will have to be shut down.) This is a bad thing? (;->) > >> (This takes the element of intent to deliberately defeat PICS out of the > >> equation, and asks if "innocent mislabeling" or "philosophical disagreement > >> alternate labeling" will expose the mislabeller to charges. > > > >Factual classifications should completely remove the problems of innocent > >mislabeling and philosophical disagreement (if you disagree don't label but > >if you use our labels follow our rules). I would never claim to be a lawyer > >but from my naive point of view I would say that putting false labels on a > >page would be misrepresenting it and could possibly constitute fraud? > > Fraud? What happened to free speech? The assumption that there even exist > "factual descriptions" (and presumably "false descriptions") is an > incredibly pernicious idea, at least as regards free speech. Not having a detailed knowledge of the American right to free speach I can only go on my opinions, but lieing with the intent to defraud would almost certainly be illegal over here. The solution for this of course goes right back to reputations and digital signatures. > If I wish to describe two people having sex as "Two happy persons engaged > in a happy pursuit," this is not "fraud." True, many parents will dislike > it, as will many Mennonites, etc. So? But these would not be 'Officially Recognised tags' so would essentially mean nothing. How to inforce the Official Recognition is another matter and I believe that your sugestion of digital signatures would fit the bill (although it does introduce the problem of another person rating your work - you must either accept their 'Official' rating or do without (or find another company that rates your work in the way that you wish)). > >> What I see with any such enforcement of PICS standards is yet another Full > >> Employment Act for Lawyers, and the Lawyer's Guild will be oh so happy to > >> see PICS essentially made part of the bureacratic morass: > >> > >> "Due to the complexities of the PICS ratings system, and varying community > >> interpretations of the elements of PICS, we advise that no person post > >> anything to the Net with a PICS rating without seeking competent legal > >> advice from a PICS-licensed legal professional." > > > >Unfortunately this may be the case, however I would suspect that this may go > >the other way with people thinking that if they can be sued for mislabeling > >their pages they just will not label them at all. > > Of course, the most correct and consistent view is to just leave it for a > market solution: some label, some don't, some label carelessly, some label > anally [no content is implied! :-}), some label deceptively, some label > clearly, and so on. A market solution with a number of different labeling organisations, and labels validated by digital signatures would be idea.... if you want what your child sees to be decided by ratings assigned by the "good mothers of america' or the 'porn hunters of the UK' then it is up to you. > Again, my concern is not that some bunch of folks initiate a PICS or SICS > or LIKS system, but that it the legal system gets involved...I surmise that > many lawmakers are already talking about this--this came up in connection > with the CDA case, that a labelling system such as PICS could resolve some > of the issues....I hardly expect that a fully voluntary system would meet > the demands of the censors. I agree, the censors will at an absolute minimum want everything labeled in such a way that they can get rid of anything that they deam 'inappropriate'. This means a centralised authority and everyone getting all of their pages labeled. Thankfully, given the size, complexity and multi-jurisdictional nature of the web (and internet in general) this is simply not practical, and I believe that it should be possible to persuade them so. The only way for them to achieve anything near their ends would be a widely deployed rating system backed by digital signatures and browsers capable of recognising these signatures and labels and descrimingating based on them. The only disadvantage that I can see to such a system would be that it would make it easier for goverments, corporations and other organisation from passing through their servers and routers allowing wide scale sensorship. This should be prevented by having a number of rating organisations slowly gaining popularity (overall they must be popular or parents blocking unrated would be unacceptably restrictive). There would be nothing to stop a page having ratings from a number of organisations or infact from none at all. Jon Baber jbaber at mi.leeds.ac.uk http://chem.leeds.ac.uk/ICAMS/people/jon From nobody at cypherpunks.ca Tue Dec 10 06:27:19 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Tue, 10 Dec 1996 06:27:19 -0800 (PST) Subject: Patriots should use PGP Message-ID: <199612101423.GAA15046@abraham.cs.berkeley.edu> From betsys at cs.umb.edu Tue Dec 10 06:41:04 1996 From: betsys at cs.umb.edu (Elizabeth Schwartz) Date: Tue, 10 Dec 1996 06:41:04 -0800 (PST) Subject: Codebreakers on the shelves! In-Reply-To: Message-ID: <199612101440.JAA19770@terminus.cs.umb.edu> I've been looking for a used copy for over a year so I was happy to find the new edition! I *was* disappointed by the last chapter, althouh I know that historians hate to make early judgements about which current events are important. From dlv at bwalk.dm.com Tue Dec 10 06:41:54 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 10 Dec 1996 06:41:54 -0800 (PST) Subject: PGP 3 Beta testers needed In-Reply-To: <199612100901.EAA21823@dhp.com> Message-ID: lucifer at dhp.com (Anonymous) writes: > All joking aside, is there any reason I shouldn't trust Tim May > (assuming I don't care about his personal details like sexual > preference, etc.)? Timmy May is a racist (especially hates Jews) and a proven liar. Perhaps this doesn't bother you. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Dec 10 06:42:23 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 10 Dec 1996 06:42:23 -0800 (PST) Subject: Secure Erase for PCs? In-Reply-To: Message-ID: Jamie Lawrence writes: > Igor - > > Thanks for sending this. If I end up porting it, I'll send > you a copy. I just wanted to wipe a client's disk. I'm a > little surprised that there doesn't seem to be any tools for > this on the PC. Another area where Mac's seem to be innovative... The problem with running Igor's program on PC has to do with the last allocation cluster of each file: it's in use (so this program won't write over it), but it only has new data at the beginning, and might contain some interesting old data at the end. For the PCs, Norton Utilities (now from Symantec) include a wiping utility that addresses the above problem. Specifially for OS/2 HPFS, the Gammatech utility also include one. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Dec 10 06:43:04 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 10 Dec 1996 06:43:04 -0800 (PST) Subject: More "arsenic" fan mail from John Gilmore, his friends and lovers In-Reply-To: <9612100145.AA00126@cow.net> Message-ID: <0H3PyD88w165w@bwalk.dm.com> Carriage returns added: >Date: Mon, 9 Dec 96 20:45:12 EST >Message-Id: <9612100145.AA00126 at cow.net> >From: Bovine Remailer >Comments: This message did not originate from the address above. It was remailed by an anonymous remailing service. If you have questions or complaints, please direct them to >To: cypherpunks at toad.com >Sender: owner-cypherpunks at toad.com >Precedence: bulk > >Dr.Dimitri Vulis KOTM blathered: > >>More fan mail from John Gilmore and his friends: > >... > >Kook, must you post all the private mail you dislike to the list, while at >the same time whining and bitching about the crypto-relevance of anyone and >everyone else. Many folks you critique do post off topic shit from time to >time, but nowhere near the percentage (much less the volume) that you do. I >can't killfile your ass from this machine, but I've decided to provide a >cypherpunks public service to those who can. It will be low-volume. I am >going to anonymously repost everything you post that is actually >crypto-relevant. It will be REALLY low volume. Now, quit posting shit about >"Timmy" anonymously, with your stupid ascii drawings, and start taking your >medications so you'll behave nice at the get together, where I'll see you >and try not to vomit. I'm not sure if I'm going to the get-together. From dlv at bwalk.dm.com Tue Dec 10 06:43:08 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 10 Dec 1996 06:43:08 -0800 (PST) Subject: A new memetic message In-Reply-To: Message-ID: I've never seen this one before: >Date: Tue, 10 Dec 1996 08:28:10 +0100 (MET) >From: Ahsan Yousaf Durrani >To: dlv at bwalk.dm.com >Subject: *splat* (fwd) >Message-Id: >Mime-Version: 1.0 >Content-Type: TEXT/PLAIN; charset=US-ASCII > > > >---------- Forwarded message ---------- >Date: Fri, 6 Dec 1996 14:02:10 +0100 (MET) >From: Ahsan Yousaf Durrani >To: c948148 at student.dtu.dk >Subject: *splat* > > > > > salaaaam, you've been hit! > > > **** * * *** * * > * * ** * * * * * > * * * * * * * * > * * * * * * * * > * * * * * * * * * > * * * * * * * * * * > * * * * * * * * * * > * * * * * * * * * * * > **** * ** *** * * > > *** * * * > * * * * * * > * * * * * * > * * * * * * > ***** ******* * * > * * * * * * > * * * * * * > * * * * * * > ***** * * ****** ****** > > > Consider yourself hit by a snowball !! > >Send this message to as many people as possible, in the first > *E-MAIL SNOWBALL FIGHT!* > >Send it back or to people already listed above. Send it to your >parents, siblings, politicians, teachers, bullies or anyone else >you've wanted to hit with a snowball. have fun. but don't blame me if >you're hit back !! > >Remember: e-mail snowballs don't hurt, don't get you soaked and >don't melt away. Throw one today ! > > > > From m5 at tivoli.com Tue Dec 10 06:44:57 1996 From: m5 at tivoli.com (Mike McNally) Date: Tue, 10 Dec 1996 06:44:57 -0800 (PST) Subject: PICS is not censorship In-Reply-To: <4484.9612101411@misun2.mi.leeds.ac.uk> Message-ID: <32AD772D.589B@tivoli.com> jbaber at mi.leeds.ac.uk wrote: > > Not having a detailed knowledge of the American right to free > speach I can only go on my opinions, but lieing with the intent > to defraud would almost certainly be illegal over here. So where lies intent to defraud in the act of deliberately mislabeling a web page? Why is that any different from me standing on the street corner (or at Hyde Park Corner) announcing that I'm the Messiah? -- ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Mike McNally -- Egregiously Pointy -- Tivoli Systems, "IBM" -- Austin mailto:m5 at tivoli.com mailto:m101 at io.com http://www.io.com/~m101 ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ From dthorn at gte.net Tue Dec 10 07:11:41 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 10 Dec 1996 07:11:41 -0800 (PST) Subject: PGP 3 Beta testers needed In-Reply-To: <199612100901.EAA21823@dhp.com> Message-ID: <32AD7D31.6DBD@gte.net> Anonymous wrote: [snip cartoon] > All joking aside, is there any reason I shouldn't trust Tim May > (assuming I don't care about his personal details like sexual > preference, etc.)? You would be well advised not to trust *anyone* unless: 1. They have *your* personal interests at heart (not likely here) -or- 2. It is necessary for you to trust them for a particular reason, and you feel that you can justify the risk (more likely). From dthorn at gte.net Tue Dec 10 07:22:08 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 10 Dec 1996 07:22:08 -0800 (PST) Subject: Redlining In-Reply-To: <199612100815.AAA09236@mailmasher.com> Message-ID: <32AD7FA4.4C47@gte.net> Huge Cajones Remailer wrote: > I seem to have upset you, Matt Miszewski, and I am sorry for that. It > appears to me that the problem we have is that we have different ideas > about what is right and different perceptions of the nature of the world. [snip] > I am assuming that you agree that somebody who has earned their money > honestly should be able to lend it to whomever they please for > whatever reason they like. You call this private lending. (Please > correct me if I am wrong.) > I believe that five friends should be able to get together, pool their > resources, and lend their money to whomever they like. > I believe that ten, or a hundred, or a thousand people should be able > to pool their money and lend it to whomever they please for whatever > reason they like. The logical implication here is that a thousand people "getting together" and doing something is no different in principle than one person doing that something. Not a valid implication, although the result is not necessarily false on a per-case basis. [snip] > If I put up a sign in my store saying "Irish need not apply", then > there is a case. Usually, it is not so clear. > It is difficult to prove discrimination because merit is so hard to > determine. Many factors go into a hiring decision. In the end, it is > usually made on the gut level. Ironically, discrimination, prejudice, bigotry, hate, etc. are often judged by the public on a "gut level" as well. It's just a matter of how to "educate" the public to see these things. [snip remainder] From dthorn at gte.net Tue Dec 10 07:33:40 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 10 Dec 1996 07:33:40 -0800 (PST) Subject: Secure Erase for PCs? In-Reply-To: <199612100131.RAA19898@netcom.netcom.com> Message-ID: <32AD80DC.4CAD@gte.net> Jamie Lawrence wrote: > Igor - > Thanks for sending this. If I end up porting it, I'll send > you a copy. I just wanted to wipe a client's disk. I'm a > little surprised that there doesn't seem to be any tools for > this on the PC. Another area where Mac's seem to be innovative... It's a hundred times easier to do tools for the IBM PC. I make utilities for the PC, and it would take no more than ten or fifteen minutes to cook this one up. But nobody answered my question: Is there a shortcut way to do the wipe, say, thirty times? Ordinarily, I'd run the program thirty times, which would consist of a data write followed by a flush, which would take 30x amount of time. From jbaber at mi.leeds.ac.uk Tue Dec 10 07:42:26 1996 From: jbaber at mi.leeds.ac.uk (jbaber at mi.leeds.ac.uk) Date: Tue, 10 Dec 1996 07:42:26 -0800 (PST) Subject: PICS is not censorship Message-ID: <4496.9612101529@misun2.mi.leeds.ac.uk> Mike McNally writes: > jbaber at mi.leeds.ac.uk wrote: > > > > Not having a detailed knowledge of the American right to free > > speach I can only go on my opinions, but lieing with the intent > > to defraud would almost certainly be illegal over here. > > So where lies intent to defraud in the act of deliberately > mislabeling a web page? Why is that any different from me > standing on the street corner (or at Hyde Park Corner) announcing > that I'm the Messiah? I seem to have edited the previous message badly and left out the context which was false labeling on pages for which there was a charge to view. More along the lines of false advertising to be sure but still fraud in my opinion. Also, of course, it would be very hard to show that you were not, in fact, the Messiah (;->). Jon Baber jbaber at mi.leeds.ac.uk http://chem.leeds.ac.uk/ICAMS/people/jon From byrd at ACM.ORG Tue Dec 10 07:49:43 1996 From: byrd at ACM.ORG (Jim Byrd) Date: Tue, 10 Dec 1996 07:49:43 -0800 (PST) Subject: Patriots should use PGP Message-ID: <3.0.32.19961210104240.006dd358@super.zippo.com> Why on earth would an American football team need PGP? From thad at hammerhead.com Tue Dec 10 08:21:29 1996 From: thad at hammerhead.com (Thaddeus J. Beier) Date: Tue, 10 Dec 1996 08:21:29 -0800 (PST) Subject: PICS is not censorship In-Reply-To: Message-ID: <32AD8E70.41C6@hammerhead.com> Timothy C. May wrote: > > If it's only a contract, and forever only a contract, then I am less > worried. But my point is that I fear the purely contractual status will not > last. I completely agree, if the labels, and their format, are mandated, then it is a bad thing. > (And, as I think it was Lucky Green who pointed out, what is to stop people > who have _not_ entered into any contract with one of the (several?) PICS > agencies from simply claiming a rating? If the PICS folks want to set up a > system for digital signatures, compliance testing, etc., fine...so long as > non-customers don't have to pay for it. Let the Hallelujah Brigade and the > Dervishes subsidize their systems.) 'zactly. Signatures are pretty easy, and DSS is free. Compliance testing I'm not so sure about. They should be able to finance the whole project by suing label forgers :-) > > Doubful. I contend that any such approach is bound to fail. > > Suppose I describe a picture of adults having sex as "A joyful experience," > or "Children need to look at this!"? > > There simply is no "factual" description of a page. Every person will have > their own descriptions. Mandating that words be "true" is the end of free > speech as we know it. You can label it however you want, Tim. But, most browsers won't recognize these ad-hoc labels, and many people will be blocked from your page. Which is fine, those people have chosen to not see pages that aren't labeled in a way that they understand, and that is as it should be. > > Fraud? What happened to free speech? The assumption that there even exist > "factual descriptions" (and presumably "false descriptions") is an > incredibly pernicious idea, at least as regards free speech. Again, the only fraud I would recognize would be if you created a label that used the trademark of a labeling company. I completely agree that you should be allowed to describe your page in any way you want, or not at all. > > Of course, the most correct and consistent view is to just leave it for a > market solution: some label, some don't, some label carelessly, some label > anally [no content is implied! :-}), some label deceptively, some label > clearly, and so on. That's a really > > Again, my concern is not that some bunch of folks initiate a PICS or SICS > or LIKS system, but that it the legal system gets involved...I surmise that > many lawmakers are already talking about this--this came up in connection > with the CDA case, that a labelling system such as PICS could resolve some > of the issues....I hardly expect that a fully voluntary system would meet > the demands of the censors. We'll just have to see about this, won't we. I'm betting that it will work. I think that you'll be able to set up your browser very easily to restrict it to only see the 5% of the pages that happen to be rated (these will be, naturally, from the big companies like Discover, Microsoft, McDonalds, and so on) and these companies will pressure the government to declare the problem solved, as the kids will be funneled to their sites. -- Thaddeus Beier thad at hammerhead.com Visual Effects Supervisor 408) 287-6770 Hammerhead Productions http://www.got.net/people/thad From dlv at bwalk.dm.com Tue Dec 10 08:22:39 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 10 Dec 1996 08:22:39 -0800 (PST) Subject: Codebreakers on the shelves! In-Reply-To: Message-ID: <1c7PyD98w165w@bwalk.dm.com> "Timothy C. May" writes: > As near as I can tell, from the comments by Kahn and from looking at it, > the new edition is _exactly_ the same as the 1967 edition, with the > exception of one additional chapter. The last chapter covers the Enigma > story in detail. > > However, the public key cryptography revolution is covered in about two or > three pages (or at least this is my recollection). Brief mention is made of > Diffie, Hellman, etc., but nothing surprising or new. The "cypher punks" mailing list isn't even mentioned, whines Timmy. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From sunder at brainlink.com Tue Dec 10 08:23:56 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Tue, 10 Dec 1996 08:23:56 -0800 (PST) Subject: Java DES breaker? Message-ID: Here's a thought, While Java isn't a workhorse performance wise, it's very simple for anyone with a half decent browser to use java applets. Writing an implementation of DES in Java should be fairly easy, however it will run slow on most browsers. This performance drop will make it far easier for Joe Webuser to easily help break DES for us. Previous efforts at breaking DES and RSA have done quite well, but the number of people involved can be greatly increased if you tell someone just go to this page and leave your browser on overnight, every night. The applets would get a key range from the server, process them, and return a yeah or nay back for however far they manage to process before the user returns in the morning. With JIT's (Just In Time Compilers) and the sheer numbers of users that this can attract, the efforts at breaking weaker cyphers can be increased. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From dlv at bwalk.dm.com Tue Dec 10 08:31:22 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 10 Dec 1996 08:31:22 -0800 (PST) Subject: PICS is not censorship In-Reply-To: Message-ID: "Timothy C. May" writes: > (For starters, religions--all of them--will have to be shut down.) So, what's your problem, Timmy? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Dec 10 08:59:18 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 10 Dec 1996 08:59:18 -0800 (PST) Subject: Redlining In-Reply-To: <199612100815.AAA09236@mailmasher.com> Message-ID: This has no crypto-relevance... nobody at huge.cajones.com (Huge Cajones Remailer) writes: > > I believe that five friends should be able to get together, pool their > resources, and lend their money to whomever they like. > > I believe that ten, or a hundred, or a thousand people should be able > to pool their money and lend it to whomever they please for whatever > reason they like. > > That, essentially, is what a bank is. I do not believe the government > should dictate which people you, or your bank, are allowed to lend to. Without government regulation, a bank would charge higher interest rates for (e.g.) residential mortgages in neighborhoods where the bank thinks they have more likelyhood of default and eventual foreclosure. This is no different from life insurance companies charging smokers higher premiums because they think that smokers die younger. A bank would not flatly refuse to lend money in a certain neighborhood if they could charge an interest rate at which they would still make money (with appropriate reserves for defaults). But because they can't discriminate freely in setting the interest rate, the banks try to avoid high-risk loans altogether. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From attila at primenet.com Tue Dec 10 09:18:02 1996 From: attila at primenet.com (attila at primenet.com) Date: Tue, 10 Dec 1996 09:18:02 -0800 (PST) Subject: A New First on this List In-Reply-To: <32AD7D31.6DBD@gte.net> Message-ID: <199612101719.KAA16046@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- In <32AD7D31.6DBD at gte.net>, on 12/10/96 at 07:09 AM, Dale Thorn said: :: Anonymous wrote (after rude cartoon) :: ::> All joking aside, is there any reason I shouldn't trust Tim May ::> (assuming I don't care about his personal details like sexual ::> preference, etc.)? :: ::You would be well advised not to trust *anyone* unless: :: ::1. They have *your* personal interests at heart (not likely here) :: :: -or- :: ::2. It is necessary for you to trust them for a particular reason, :: and you feel that you can justify the risk (more likely). :: actually, two [recent] new firsts on this list! 1. Dale is polite. 2. Dale is reasonable. does that mean: "A gentleman is a man who knows _when_ to be rude" --Oscar Wilde -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMq2bEL04kQrCC2kFAQFtVgQA3c8h5EBRIqGsb5ac7jy930nogtgOZgsd z92PUinyG188NvJzc6fuZp64P7FBbH/WB/ctBxyui+bsATWVAcxkxh4tHyp9+kbn suYv8u2+1OzqP0F/gCI7Y18kCRZg6P98zaE/5iYzpjUWVkSeKpAPE8t8qFyUyK+I EOrq9UcT6Zw= =B81i -----END PGP SIGNATURE----- From pfarrell at cybercash.com Tue Dec 10 09:56:29 1996 From: pfarrell at cybercash.com (pfarrell at cybercash.com) Date: Tue, 10 Dec 1996 09:56:29 -0800 (PST) Subject: No Subject Message-ID: <199612101756.JAA22373@toad.com> From tcmay at got.net Tue Dec 10 09:57:57 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 10 Dec 1996 09:57:57 -0800 (PST) Subject: Puzzle Palace 2nd edition (1983) Info In-Reply-To: <3.0.1.32.19961209211613.010dc81c@mail.teleport.com> Message-ID: At 5:48 AM -0800 12/10/96, Alan Olsen wrote: >I remember that there was some confusion as to the second edition of _The >Puzzle Palace_ by Bamford. (Sorry if this info has been posted before. I >did not see a resolution to it. I may have missed it if it was.) > >"I found a copy of _The Puzzle Palace_ 2nd edition!", he said crypticly. > >In the Penguin Press printing of _The Puzzle Palace_, it notes that there >is the 1982 edition (published by Houghton Mifflin) and one in 1983 >(published by Penguin) with a new afterward. Since the afterward contains >a fair amount of new information (it looks like a number of FOIA requests >came in after going to press), it is probibly the "Second Edition" of which >Schneier speaks... > >Hope that clears things up... No, I fear you are _confusing_ people with this comment. Yes, there was a 1983 paperbound edition, with a few new items added to the 1982 orginal. Ho hum. (I have both, and have for many years. It was finding the '92 edition that sparked much of my interest in the NSA, back in 1982.) What we are waiting for is the _real_ Second Edition, the long-awaited revising of "The Puzzle Palace." It is expected later this year or next. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Tue Dec 10 10:08:59 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 10 Dec 1996 10:08:59 -0800 (PST) Subject: PICS is not censorship In-Reply-To: <4484.9612101411@misun2.mi.leeds.ac.uk> Message-ID: At 8:43 AM -0600 12/10/96, Mike McNally wrote: >jbaber at mi.leeds.ac.uk wrote: >> >> Not having a detailed knowledge of the American right to free >> speach I can only go on my opinions, but lieing with the intent >> to defraud would almost certainly be illegal over here. > >So where lies intent to defraud in the act of deliberately >mislabeling a web page? Why is that any different from me >standing on the street corner (or at Hyde Park Corner) announcing >that I'm the Messiah? This was, of course, my point about there being no universally valid truth, and what such anti-fraud statutes must mean about religions. Basically, "free speech" entails a kind of anarchy (= no law) with regard to truths and falsehoods. As I like to say, "at most, one religion is correct" (with the other 783 major sects clearly spouting falsehoods...and probably _all_ 784 major sects doing so). If PICS codes are ever mandated, this will be placing the legal system and governments in the business of deciding truth. The meta-point I am making is not about truth and religion, but about this business of insisting that people label their words by some criteria. Speech should not require prior approval by a standards body, or self-labelling. (And, to repeat, any such labelling implies standards of truth that simply don't exist.) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From unde0275 at frank.mtsu.edu Tue Dec 10 10:13:20 1996 From: unde0275 at frank.mtsu.edu (Internaut) Date: Tue, 10 Dec 1996 10:13:20 -0800 (PST) Subject: FIPS key recovery meeting Message-ID: <01BBE693.53DB90E0@s24-pm03.tnstate.campus.mci.net> >Members mentioned a few cases where an employee was unable to decrypt >his files, but no one knew of a case where an organization was unable to >obtain shared data (e.g., a database), because it was encrypted. Other >members seemed reluctant to accept his distinction. They seem to view key >recovery as a way to audit proper use of organization assets by employees, >or to protect the organization from malicious acts of employees, or to >recover data if a custodian is run over by a bus. pretty funny! think of all the loss of unrecoverable encrypted data from a custodian run over by a bus! From nobody at cypherpunks.ca Tue Dec 10 10:27:56 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Tue, 10 Dec 1996 10:27:56 -0800 (PST) Subject: Diffie-Hellman Mayonnaise Message-ID: <199612101825.KAA20242@abraham.cs.berkeley.edu> Tim Mayonnaise is just a poor excuse for an unschooled, retarded thug. ___ <*,*> Tim Mayonnaise [`-'] ' - ' From Ryan.Russell at sybase.com Tue Dec 10 10:31:00 1996 From: Ryan.Russell at sybase.com (Ryan Russell/SYBASE) Date: Tue, 10 Dec 1996 10:31:00 -0800 (PST) Subject: PICS is not censorship Message-ID: <9612101829.AA10141@notesgw2.sybase.com> Are you people trying to bait us Mormons again? :) Ryan ---------- Previous Message ---------- To: cypherpunks cc: jbaber From: jbaber @ mi.leeds.ac.uk @ smtp Date: 12/10/96 03:29:34 PM Subject: Re: PICS is not censorship Mike McNally writes: > jbaber at mi.leeds.ac.uk wrote: > > > > Not having a detailed knowledge of the American right to free > > speach I can only go on my opinions, but lieing with the intent > > to defraud would almost certainly be illegal over here. > > So where lies intent to defraud in the act of deliberately > mislabeling a web page? Why is that any different from me > standing on the street corner (or at Hyde Park Corner) announcing > that I'm the Messiah? I seem to have edited the previous message badly and left out the context which was false labeling on pages for which there was a charge to view. More along the lines of false advertising to be sure but still fraud in my opinion. Also, of course, it would be very hard to show that you were not, in fact, the Messiah (;->). Jon Baber jbaber at mi.leeds.ac.uk http://chem.leeds.ac.uk/ICAMS/people/jon From nobody at replay.com Tue Dec 10 11:16:41 1996 From: nobody at replay.com (Anonymous) Date: Tue, 10 Dec 1996 11:16:41 -0800 (PST) Subject: [CRYPTO] E-Cash Message-ID: <199612101916.UAA06043@basement.replay.com> Tim C[reep] May uses an Adolf Hitler action figure as a dildo. ____ \ _/__ Tim C[reep] May \\ / \/ From asgaard at Cor.sos.sll.se Tue Dec 10 11:29:38 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Tue, 10 Dec 1996 11:29:38 -0800 (PST) Subject: PICS is not censorship In-Reply-To: Message-ID: >>What if the PICS classifications were worded so as to describe the factual >>content of a page rather than the writers opinion of its suitability? This, >>if correctly implemented, could remove the problem of interpretation. > > Doubful. I contend that any such approach is bound to fail. I agree with the last statement. Who decides if Great Tits is about sex or ornithology? (This example has reportedly confused many admirers of prolific milk-producing tissue searching on AltaVista ending up at Bird Sites.) Asgaard From asgaard at Cor.sos.sll.se Tue Dec 10 11:36:08 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Tue, 10 Dec 1996 11:36:08 -0800 (PST) Subject: Chaum to Step Aside In-Reply-To: <1.5.4.32.19961209193858.00688674@pop.pipeline.com> Message-ID: > The 6-year-old company plans to make > Chaum, the ponytailed inventor of Digicash's > innovative payment system, chief technology > officer and to hire a new CEO to run the > company. I hope they'll find some bigshot who can revive the momentum of Digicash that existed about a year ago. That the Digicash promotional press releases still mention the Swedish Post is a sign of lack of other examples. It looks like the Swedish Post just bought the rights and now is having second thoughts, just sitting on it. Asgaard From dbell at maths.tcd.ie Tue Dec 10 11:54:15 1996 From: dbell at maths.tcd.ie (Derek Bell) Date: Tue, 10 Dec 1996 11:54:15 -0800 (PST) Subject: Codebreakers on the shelves! In-Reply-To: Message-ID: <9612101953.aa22445@salmon.maths.tcd.ie> In message , "Timothy C. May" writes: >As near as I can tell, from the comments by Kahn and from looking at it, >the new edition is _exactly_ the same as the 1967 edition, with the >exception of one additional chapter. The last chapter covers the Enigma >story in detail. Is it based on the abridged or unabridged edition? >I'm hoping the new edition of Bamford is handled better. Any news as to a possible release date for that book? Derek From dlv at bwalk.dm.com Tue Dec 10 12:02:44 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 10 Dec 1996 12:02:44 -0800 (PST) Subject: Redlining In-Reply-To: Message-ID: Black Unicorn writes: > > That, essentially, is what a bank is. I do not believe the government > > should dictate which people you, or your bank, are allowed to lend to. > > Create a bank where the identity of the customers are unknown and you > solve the redlining problem. Supposedly in redlining the bank discriminates based not on the race of the loan applicants, but on the location. If they're unwilling to lend money to buy a house in a "bad neighborhood" at the same interest rate they use in a "good neighborhood", then chances are that they don't look at the identify (race, income, etc) of the customers - only at the address. I hope you're not suggesting that a bank should accept a house as collateral without knowing there that house is. :-) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Dec 10 12:50:56 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 10 Dec 1996 12:50:56 -0800 (PST) Subject: Patriots should use PGP In-Reply-To: <3.0.32.19961210104240.006dd358@super.zippo.com> Message-ID: Jim Byrd writes: > Why on earth would an American football team need PGP? If they negotiate fixing a game and don't want anyone to find out... --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Dec 10 12:53:11 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 10 Dec 1996 12:53:11 -0800 (PST) Subject: PICS is not censorship In-Reply-To: <4496.9612101529@misun2.mi.leeds.ac.uk> Message-ID: jbaber at mi.leeds.ac.uk writes: > > So where lies intent to defraud in the act of deliberately > > mislabeling a web page? Why is that any different from me > > standing on the street corner (or at Hyde Park Corner) announcing > > that I'm the Messiah? > > I seem to have edited the previous message badly and left out the > context which was false labeling on pages for which there was a > charge to view. More along the lines of false advertising to be sure > but still fraud in my opinion. > > Also, of course, it would be very hard to show that you were not, > in fact, the Messiah (;->). Claiming that you're the Messiah might get you and your followers burned. Remember David Koresh? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From nobody at huge.cajones.com Tue Dec 10 13:05:07 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Tue, 10 Dec 1996 13:05:07 -0800 (PST) Subject: Redlining Message-ID: <199612102104.NAA32212@mailmasher.com> At 9:04 AM 12/10/1996, Black Unicorn wrote: >On Tue, 10 Dec 1996, Huge Cajones Remailer wrote: >> I believe that ten, or a hundred, or a thousand people should be able >> to pool their money and lend it to whomever they please for whatever >> reason they like. >> >> That, essentially, is what a bank is. I do not believe the government >> should dictate which people you, or your bank, are allowed to lend to. > >Create a bank where the identity of the customers are unknown and you >solve the redlining problem. I can imagine a bank whose depositors are not known. I can also imagine a bank which itself operates anonymously. How would people borrow money against real estate and remain anonymous? It seems to me that the borrower cannot do so if the real estate will act as collateral. Also, how would an anonymous bank foreclose on a mortgage? Red Rackham From tcmay at got.net Tue Dec 10 13:16:48 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 10 Dec 1996 13:16:48 -0800 (PST) Subject: The Sword of Damocles Message-ID: The recent discussion of the dangers of PICS--especially the dangers that a widely-deployed PICS system might encourage/enable governments to mandate PICS ratings in various ways--is just one of several "swords of Damocles" we have talked about for several years. By a "sword of Damocles" I mean any technology or system which, if deployed, could present an almost overwhelming temptation for governments or special interest groups to direct in directions most of us would find highly objectionable and even dangerous. (I use the metaphor of this sword of Damocles--the king of some place placed Damocles under a sword suspended by the thinnest of threads, to remind Damocles of who had the power--because no other metaphor seems to fit as well. Another metaphor is that of the danger of any technology which could become oppressive by the "flip of a switch." For example, if key recovery becomes widespread, with limited numbers of recovery centers, then governments could quite easily use administrative or executive orders to limit the options available for choosing such centers, or the licensing requirements for such centers...by the "stroke of a pen" ("flip of a a switch," or "flag day" in computerese), the voluntary system becomes much less voluntary. At the most extreme level, nearly all of us would object mightily to any system in which cyanide release systems were installed in our homes, no matter the assurances that the cyanide would only be released if proper legal orders were gotten!)) Some of the debates over crypto policy have involved people who don't see what the concern is about future actions, who basically trust the government to keep a system voluntary when it was promised to be voluntary. (David Sternlight comes to mind...from 1993 onward several of us just could not convince him that the Clipper danger lay in the potential for key escrow eventually being mandated...he just kept focussing on the "voluntary" aspects of Clipper sales, and thought our criticism of Clipper as an attempt to interfere with "free markets." Nonsense of course, but because of the "sword of Damocles" concerns, not the particular situation at some present instant.) To make this issue clearer, I'll just list several sorts of examples. Not all are the same, but the themes are similar. 1. An implantable ID device is developed for humans, along the lines of the "Pet I.D." chips which are already gaining wide acceptance. (And which we've discussed several times on this list. See archives or use Alta Vista, etc.) While such a "voluntary" system is "unexceptionable" to most civil libertarians, in the sense that libertarians do not object to the non-aggressive choices of others to do with their bodies as they please, there are clearly some "sword of Damocles" concerns. For example, a widely-used system of implants could be mandated first for schoolchildren (gotta stop those kidnappings), then for released criminals (part of parole), then for deadbeat dads (don't want them to flee), then for other classes. This is of course a serious issue, despite some marginalization in the press as being primarily a concern of the religious Right and their fixation on "the mark of the Beast." 2. Key Escrow, a la Clipper, the latest Key Recovery plans, etc. Even if announced as "voluntary," as of course Clipper was, our concern was largely with the "sword of Damocles" aspects, that the government appeared to be interested in driving out non-escrow alternatives and widely-deploying a nominally voluntary system which could, at the stroke of a pen, become mandatory. The various issues surrounding key escrow have been so well-covered I won't repeat points here. This is just a classical sword of Damocles issue. 3. Government regulation in general. Anytime the government gains the power to regulate some product class or industry, there is this sword of Damocles effect. A recent example is the area of _vitamins_, with the vitamin and health food store industry vigorously fighting proposals that the Food and Drug Administration (FDA) step in to the "vitamin anarchy" arena and place restrictions on vitamins, advertising, licensing, etc. The sword of Damocles comes from the very real possibility that initially quite "reasonable" limits will "open the door" for later, more draconian actions. (Whew, I've mixed a couple of metaphors with a couple of classical Greek allusions. Sorry.) 4. Gun control. Gun _registration_ is almost the canonical sword of Damocles, in terms of what gun rights folks fear the most. They know that once the locations and quantities of guns are known, it is a much simpler matter for some later government to order such guns turned in to be melted down. It happened in the 1930s in Germany, it happened in other countries more recently, and it is even happening with the U.S. military "disarming the civilians" in places like Somalia, Bosnia, Zaire, and any other place the U.S. military is sent in as a "peacekeeper." (Note: In Somalia, the U.S. disarmed the "soft targets:: simple farmers who had rifles they'd had in their families for generations. This had the tragic effect of making these very farmers then easier prey for jeeploads of looters and Somali "soldiers," who often followed the U.S. "pacification" squads and looted the homes and farms of the now-disarmed villagers! Some tradition for the U.S. to uphold, eh? No "right to keep and bear arms" for the peasants we are supposedly there to help.) Whatever one thinks of guns and gun rights, clearly this is a good example of why registration is fought by so many people, even if "assurances" are given that the registration has nothing to do with confiscation. (Right.) 5. "Voluntary self-ratings." The PICS discussion, and earlier discussions of "voluntary self-ratings" of CDs, videos, and other entertainment, brings up these same issues of Damoclean swords. Could a nominally voluntary ratings system be mandated by the courts, or by Congress? Depending on the outcome of the CDA case, I think so. If the Supreme Court upholds the CDA, it could be argued that anyone who fails to voluntarily self-label his speech faces sanctions if anyone finds his speech in violation of community standards, blah blah. (If one's speech is "non-explicit," as, say, this post of mine is here, then of course it almost certainly would not have to be self-rated...unless I said "Fuck," in which case I'd better consult the various PICS ratings and pick one to protect me to the maximum extent...I consider this scenario probable if the CDA is upheld and a major step away from "free speech" and "cabeat emptor" and a step toward wide self-suppression of controversial speech.) So, these are various examples of "swords of Damocles." That is, systems or technologies which are so potentially dangerous to deploy--in the sense that governments, do-gooders, and lawyers are so tempted to make them mandatory or to use coercion to drive out alternatives--that we should try to anticipate the Damoclean dangers of such technologies and work to head off such futures. Cypherpunks don't trust governments which say "Trust us" or "We're here to help." Governments, like that king in the myth, can cut that threat holding up that sword with little effort. "The Position Escrow System is voluntary. Citizen-units who wish to wear the Localizer (tm) are encouraged to do so, This has been shown to help the police in deterring kidnappings and is helping rescue units find lost hikers and skiers. Those citizen-units who wish not to cooperate in such efforts are free at this time to be rogues, but rogue-units will of course be treated with more suspicion and the failure to wear a Localizer (tm) may of course, as the Supreme Court ruled in 2003, be considered probable cause for a search. And since there are now twice as many laws as there were in 1996, most citizen-units are choosing not to be rogue-units." --Citizen-Unit Timothy C. May ID: 7734%-sd123227-666 Location at 19:09 UCT: 37 02 30 N / 121 48 45 W Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From Mullen.Patrick at mail.ndhm.gtegsc.com Tue Dec 10 13:25:42 1996 From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick) Date: Tue, 10 Dec 1996 13:25:42 -0800 (PST) Subject: Java DES breaker? Message-ID: A few small bugs in this idea, at least for the masses -- 1) This would only appeal to people who have unlimited usage 2) ...and don't care about not having their phone available (I know they're asleep at the time) 3) ...and don't have an ISP that will kick them off when a timeout period expires. ...But if you implement it in a way where the user can hang up the phone and leave the browser on with the applet running, that would probably work. It would be easier to use than downloading executable code and a keyspace manually... PM _______________________________________________________________________________ From: Ray Arachelian on Tue, Dec 10, 1996 15:57 Subject: Java DES breaker? To: cypherpunks at toad.com Here's a thought, While Java isn't a workhorse performance wise, it's very simple for anyone with a half decent browser to use java applets. Writing an implementation of DES in Java should be fairly easy, however it will run slow on most browsers. This performance drop will make it far easier for Joe Webuser to easily help break DES for us. Previous efforts at breaking DES and RSA have done quite well, but the number of people involved can be greatly increased if you tell someone just go to this page and leave your browser on overnight, every night. The applets would get a key range from the server, process them, and return a yeah or nay back for however far they manage to process before the user returns in the morning. With JIT's (Just In Time Compilers) and the sheer numbers of users that this can attract, the efforts at breaking weaker cyphers can be increased. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= ------------------ RFC822 Header Follows ------------------ Received: by mail.ndhm.gtegsc.com with SMTP;10 Dec 1996 15:57:37 -0400 Received: from toad.com by delphi.ndhm.gtegsc.com with SMTP; Tue, 10 Dec 1996 20:57:29 GMT Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id IAA21427 for cypherpunks-outgoing; Tue, 10 Dec 1996 08:23:56 -0800 (PST) Received: from beast.brainlink.com (sunder at beast.brainlink.com [206.127.58.17]) by toad.com (8.7.5/8.7.3) with ESMTP id IAA21422 for ; Tue, 10 Dec 1996 08:23:53 -0800 (PST) Received: (from sunder at localhost) by beast.brainlink.com (8.8.2/8.6.12) id LAA01432; Tue, 10 Dec 1996 11:26:19 -0500 (EST) Date: Tue, 10 Dec 1996 11:26:19 -0500 (EST) From: Ray Arachelian To: cypherpunks at toad.com Subject: Java DES breaker? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cypherpunks at toad.com Precedence: bulk From dlv at bwalk.dm.com Tue Dec 10 13:51:23 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 10 Dec 1996 13:51:23 -0800 (PST) Subject: PICS is not censorship In-Reply-To: <32AD8E70.41C6@hammerhead.com> Message-ID: "Thaddeus J. Beier" writes: > Timothy C. May wrote: > > > If it's only a contract, and forever only a contract, then I am less > > worried. But my point is that I fear the purely contractual status will not > > last. Timmy May is a disgusting low-life - a true human garbage slimeball. > I completely agree, if the labels, and their format, are mandated, then > it is > a bad thing. Most WWW browsers won't understand your HTML if you choose not to use the , , , etc tags. If you think that's censorship, you should write your own browser. :-) (Just trying to replicate the "logic" of Gilmore defenders here.) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From andis at taa.com Tue Dec 10 14:01:25 1996 From: andis at taa.com (Andi Stewart) Date: Tue, 10 Dec 1996 14:01:25 -0800 (PST) Subject: FW: **VIRUS ALERT*** Message-ID: <19961210205135940.AAA136@luka.taa.com> >Return-Path: >Received: from cdoss.taa.com ([204.140.196.68]) by taa.com > (post.office MTA v1.7.1.1 ID# 0-11167) with SMTP id AAA62; > Tue, 10 Dec 1996 11:48:10 -0800 >X-Sender: cdoss at 204.140.196.66 >X-Mailer: Windows Eudora Version 1.4.4 >Mime-Version: 1.0 >Content-Type: text/plain; charset="us-ascii" >Date: Tue, 10 Dec 1996 11:48:11 -0500 >To: andis at taa.com >From: cdoss at taa.com (Carl Doss) >Subject: FW: **VIRUS ALERT*** >Cc: bill.burbank at taa.com >Message-ID: <19961210194810338.AAA62 at cdoss.taa.com> > >>Return-Path: >>Received: from mail.grubb-ellis.com ([206.171.46.58]) by taa.com >> (post.office MTA v1.7.1.1 ID# 0-11167) with SMTP id AAA97 >> for ; Tue, 10 Dec 1996 10:09:28 -0800 >>Received: by mail.grubb-ellis.com with SMTP (Microsoft Exchange Server >Internet Mail Connector Version 4.0.993.5) >> id <01BBE682.370D0E00 at mail.grubb-ellis.com>; Tue, 10 Dec 1996 10:09:22 -0800 >>Message-ID: > >>From: "Fillmore, Tom" >>To: "'Carl Doss (NEW)'" >>Subject: FW: **VIRUS ALERT*** >>Date: Tue, 10 Dec 1996 09:56:21 -0800 >>Return-Receipt-To: >>X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5 >>Encoding: 69 TEXT >> >>Danger, Will Robinson!!! >> >>>---------- >>>From: Paul.Goldenberg at cwi.cablew.com >>>To: Frye, Doug; INTERNET-us2b7ak6 (052); INTERNET-shellyka (052); >>>INTERNET-ORDNGaol (052); INTERNET-metracom (052); INTERNET-mdobiepf (052); >>>INTERNET-KAGSEFao (052); INTERNET-HVoldtof (052); INTERNET-HAGERMAN (052); >>>INTERNET-goldnson (052); INTERNET-georgebr (052); INTERNET-dmenkenw (052); >>>INTERNET-ChrisShr (052); INTERNET-BSledzva (052); INTERNET-bnorwood (052); >>>INTERNET-AGolden9 (052); INTERNET-8442po5n (052); INTERNET-498038OV (052) >>>Subject: FW: **VIRUS ALERT*** >>>Date: Tuesday, December 10, 1996 1:20AM >>> >>> >>> >>>**********VIRUS ALERT********** >>> >>>VERY IMPORTANT INFORMATION, PLEASE >>>READ! >>> >>>There is a computer virus that is being sent across the Internet. Ifyou >>>receive an email message with the subject line "Deeyenda", DO NOT >>>read the message, DELETE it immediately! DO NOT OPEN !!! >>> >>>Some miscreant is sending email under the title "Deeyenda" nationwide,if >>>you get anything like this DON'T DOWNLOAD THE FILE! It has a virus that >>>rewrites your hard drive, obliterates anything on it. Please be careful >>>and forward this e-mail to anyone you care about. >>> >>>Please read the message below. >>> >>>FCC WARNING!!!!! -----DEEYENDA PLAGUES INTERNET >>> >>>The Internet community has again been plagued by another computer >>>virus. This message is being spread throughout the >>>Internet, including USENET posting, EMAIL, and other Internet >>>activities. The reason for all >>>the attention is because of the nature of this virus and the >>>potential security risk it makes. >>> >>>Instead of a destructive Trojan virus (like most viruses!), this >>>virus, referred to as Deeyenda Maddick, performs a comprehensive >>>search on your computer, looking for valuable >>>information, such as email and login passwords, credit cards, >>>personal info., etc. >>> >>>The Deeyenda virus also has the capability to stay memory resident >>>while running a host of applications and operation systems, such >>>as Windows 3.11 and Windows 95. What this means to Internet users is >>>that when a login and password are send to the server, this virus >>>can copy this information and SEND IT OUT TO AN UNKNOWN ADDRESS >>>(varies). >>> >>>The reason for this warning is because the Deeyenda virus is >>>virtually undetectable. Once attacked, your computer will be >>>unsecure. Although it can attack any O/S, this virus is most likely >>>to attack those users viewing Java enhanced Web Pages >>>(Netscape 2.0+ and Microsoft >>>Internet Explorer 3.0+ which are running under Windows 95). >>> >>>Researchers at Princeton University have found this virus on a >>>number of World Wide Web pages and fear its spread. >>> >>>Please pass this on, for we must alert the general public of the >>>security risks. >>> >>> >>> >>> >> > > From mrosen at peganet.com Tue Dec 10 14:34:24 1996 From: mrosen at peganet.com (Mark Rosen) Date: Tue, 10 Dec 1996 14:34:24 -0800 (PST) Subject: Secure Erase for PCs? Message-ID: <199612102235.RAA29568@mercury.peganet.com> > > Though, technically, no disk can be securely erased, my program, Read Peter Gutmann's paper on securely deleting files at: http://www.cs.auckland.ac.nz/~pgut001/secure_del.html. > > Very Good Privacy, can securely delete files after they have been encrypted. > > Thought you said "no disk...". So how does VGP do it? I should have added quotes around "securely delete." The end of Peter Gutmann's paper states "it is effectively impossible to sanitise storage locations by simple overwriting them, no matter how many overwrite passes are made or what data patterns are written. However by using the relatively simple methods presented in this paper the task of an attacker can be made significantly more difficult, if not prohibitively expensive." VGP tries to make is prohibitively expensive (that is, in essence, what all ciphers do; someone can break just about any cipher if they have enough money). VGP can be downloaded at: http://www.geocities.com/SiliconValley/Pines/2690 If you have any questions, please e-mail vgp at cryogen.com From mrosen at peganet.com Tue Dec 10 14:35:34 1996 From: mrosen at peganet.com (Mark Rosen) Date: Tue, 10 Dec 1996 14:35:34 -0800 (PST) Subject: The product formerly known as VGP Message-ID: <199612102238.RAA29779@mercury.peganet.com> I am just announcing that I am changing the name of my program, Very Good Privacy (distinct from Pretty Good Privacy) in response to a complaint from PGP, Inc. It was cool, though, because I got an e-mail message from Phil, which is akin to talking with God. Just to quell the trademark questions some people might have, a trademark violation is defined as something where there is a possibility of confusion with another product; as made obvious by the hundreds (literally) of messages I have received asking about the features of this new version of PGP (which it is not). I have not changed the name of the product on the web page, and will just post a notice of clarification until I think of a new name. Does anyone have any ideas? Thanks. The product formerly known as VGP can be downloaded at: http://www.geocities.com/SiliconValley/Pines/2690 If you have any questions, please e-mail vgp at cryogen.com From jw250 at columbia.edu Tue Dec 10 14:38:29 1996 From: jw250 at columbia.edu (Jim Wise) Date: Tue, 10 Dec 1996 14:38:29 -0800 (PST) Subject: Redlining In-Reply-To: <32AD7FA4.4C47@gte.net> Message-ID: On Tue, 10 Dec 1996, Dale Thorn wrote: > The logical implication here is that a thousand people "getting together" > and doing something is no different in principle than one person doing > that something. Not a valid implication, although the result is not > necessarily false on a per-case basis. Actually, I think this is a very valid implication. One of the main ways in which statist societies justify their restrictions on individuals is by reifying large bodies of individuals and giving them their own rights and responsibilities _as_a_seperate_entity_. To speak of a mass of individuals, whether you call it a corporation, a collective, or a government, as having a different set of rights than the individuals who make it up, is the heart of statism. > Ironically, discrimination, prejudice, bigotry, hate, etc. are often > judged by the public on a "gut level" as well. It's just a matter of > how to "educate" the public to see these things. Exactly. Like most, I have a strongly visceral negative reaction to bigotry. I wish there could be a system of law which contained it. There cannot, or at least not without doing even more harm. What will contain bigotry is education and example which inculcate this same visceral response to the destructiveness of bigotry. Unfortunately, statist systems (and IMHO especially those of a cpaitalist nature) thrive on turning subsets of society against each other, so that the populace are to busy to turn against the state. -- Jim Wise System Administrator GSAPP, Columbia University jim at santafe.arch.columbia.edu http://www.arch.columbia.edu/~jim * Finger for PGP public key * From dlv at bwalk.dm.com Tue Dec 10 14:51:25 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 10 Dec 1996 14:51:25 -0800 (PST) Subject: A New First on this List In-Reply-To: <199612101719.KAA16046@infowest.com> Message-ID: attila at primenet.com writes: > > In <32AD7D31.6DBD at gte.net>, on 12/10/96 > at 07:09 AM, Dale Thorn said: > > :: Anonymous wrote (after rude cartoon) > :: > ::> All joking aside, is there any reason I shouldn't trust Tim May Timmy May is a Jew-hating liar. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From m5 at tivoli.com Tue Dec 10 15:02:25 1996 From: m5 at tivoli.com (Mike McNally) Date: Tue, 10 Dec 1996 15:02:25 -0800 (PST) Subject: Java DES breaker? In-Reply-To: Message-ID: <32ADEBC6.7255@tivoli.com> Mullen Patrick wrote: > > ...But if you implement it in a way where the user can hang up the > phone and leave the browser on with the applet running, that would > probably work. It would be easier to use than downloading executable > code and a keyspace manually... I think that's the most likely way to do it. You'd write a little applet that'd just chug away, and could perhaps periodically try to connect back and deliver results. Note that you could do it by e-mail too, if your targets read e-mail with Netscape (or maybe IE; I don't know if it runs applets in the mail reader when it gets a text/html content mail message). ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Mike McNally -- Egregiously Pointy -- Tivoli Systems, "IBM" -- Austin mailto:m5 at tivoli.com mailto:m101 at io.com http://www.io.com/~m101 ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ From dsmith at prairienet.org Tue Dec 10 15:03:37 1996 From: dsmith at prairienet.org (David E. Smith) Date: Tue, 10 Dec 1996 15:03:37 -0800 (PST) Subject: cypher-PUNKS... Message-ID: <199612102303.RAA20254@cdale3.midwest.net> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: dlv at bwalk.dm.com, cypherpunks at toad.com Date: Tue Dec 10 17:03:21 1996 Dimitri hath written... (and the killfiles sang...) > > That charge is every bit as foundless as the charges that you are > > responsible for the "A Daily Warning Regarding Tim May" posts > > of a while back, or the current round of remailed messages featuring > > the sickeningly cutesy ASCII graphics at the bottom. > Tim must have been a heinous baby... I would call this a non sequitur, but I can honestly say that I have no idea what the hell that sentence is supposed to mean. > The real identities of people who use the "anonymous" remails to send > out "homophobic" or otherwise "politically incorrect" materials are > frequently disclosed on the "remailer-operators" mailing list. For > example: > > ]To: remailer-operators at c2.net > ]Someone who proports to be from ******************* is sending out a > ]huge spam/mailbomb right now. I suggest you sourceblock the prick > ]now. How did you translate "huge spam" into "homophobic"? Are you using the Windows translation of the Russian character set, or what? You are obviously seeing something that just ain't there. dave - ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702 dsmith at prairienet.org http://www.prairienet.org/~dsmith send mail with subject of "send pgp-key" for my PGP public key "Remember: King Kong died for your sins" - Principia Discordia -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMq3sRnEZTZHwCEpFAQF7GAf+JvaozDbAgY+kXv2dhi8Z43i1XusRzRzK gvJmWF5gafgdxWyBiBxjuEYNdca24jreIVWG8YbSSauvl2xt4al/jzhGLoOcBAC1 7KwydcwaEn3p1vkRmp4rwT8gxQ/Nb68z1NYZzktBxl3/Evo2kgUCkVG6xpAUBixA LKKtMAmiZlqqiTYmB/Se+RMBPjhgiGsuAosca7S/Ia3m2f7mBmyKAB7khcbgHUJ8 ARr9zfj4+pykt9z0W6SCPlxMoXNzu1ozmmHIojDVMBSAY26reGNWkLclLSrOCzyU pktVLlVMyL95TKjXomByCuNC9Dp23wHmCBKQufNRQN70c87eIbh09A== =L6ZG -----END PGP SIGNATURE----- From nobody at squirrel.owl.de Tue Dec 10 15:06:50 1996 From: nobody at squirrel.owl.de (Secret Squirrel) Date: Tue, 10 Dec 1996 15:06:50 -0800 (PST) Subject: "I've Always Wondered..." In-Reply-To: <199612090548.VAA12554@dfw-ix8.ix.netcom.com> Message-ID: <19961210214400.24763.qmail@squirrel.owl.de> sue1968 at ix17.ix.netcom.com wrote to All: s> Hi, s> Please excuse this intrusion into your mailbox, but I would like to s> tell you about something which will be of interest to you... Fat chance. Still, this brings up an interesting point: Considering the special abilities of many of the principals here, is there something especially tasty in store for those net predators who spam this list? I've always imagined something _very_ special happens to their accounts, but I may just be a hopeless romantic, I dunno... If not, why not? From jfricker at vertexgroup.com Tue Dec 10 15:31:35 1996 From: jfricker at vertexgroup.com (John Fricker) Date: Tue, 10 Dec 1996 15:31:35 -0800 (PST) Subject: Secure Erase for PCs? Message-ID: <19961210233018452.AAA215@dev.vertexgroup.com> Peter's paper is an interesting overview of data recovery technology. He does conclude that his 35 write regiment will overwrite all signals on hard disk media. It would seem that performing the 35 writes multiple times would yield an securely erased drive. Yet he clearly is not an expert in data recovery, is organizing others research, and does not provide evidence or tests for his postulates such as the need for a good PRNG. It would be quite interesting to send a disk off to a data recovery company after running through Peter's method with perhaps different parts of the disk treated differently. Also, the section on RAM talks about data persistance but does not cover recovery methods other than SRAM power up bias. Nor is the RAM section referenced. RAM is so active that it would seem little pertinent data could be recovered if any. So, in spite of not being an expert myself I am not convinced that any very well funded entity can recover data that has been overwritten an arbitrarily large number of times. Of course the relative value of my personal data is low and my level of paranoia follows. One can not be called reactionary by recommending a "no-trust" policy. Reading the paper reminds me how long ago it was that I studied the physics of microelectronic devices. Yow! >Bill Frantz (frantz at netcom.com) said >At 8:05 PM -0800 12/9/96, John Fricker wrote: >>> Though, technically, no disk can be securely erased, my program, >> >>Sure it can. Ten overwrites will rendered remnant data obscure. So says the >>electron microscope waving data recovery experts anyway. > >You should really check out Peter Gutmann's paper in the 1996 Usenix >Security Conference Proceedings. After reading it, I think you will come >to the conclusion that the only secure data destruction technique, against >a well-funded attacker, is destruction of the disk. I like thermite myself. > > >------------------------------------------------------------------------- >Bill Frantz | I still read when I should | Periwinkle -- Consulting >(408)356-8506 | be doing something else. | 16345 Englewood Ave. >frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA > --j --------------------------------------------------------------------------------- ------------------------ | John Fricker (jfricker at vertexgroup.com) | -random notes- | My PGP public key is available by sending | me email with subject "send pgp key". | www.Program.com is a good programmer web site. -------------------------------------------------------------------------------------------------------- - From DWSKI1283 at aol.com Tue Dec 10 16:01:50 1996 From: DWSKI1283 at aol.com (DWSKI1283 at aol.com) Date: Tue, 10 Dec 1996 16:01:50 -0800 (PST) Subject: take me off the list, please!!! Message-ID: <961210190110_1652280118@emout17.mail.aol.com> please take me off the mailing list, i cant stand the petty bickering. What a waste, you guys spend all your time taking potshots at each other instead of really relevant issues. My sincere apologies to those not involved. From gt at kdn0.attnet.or.jp Tue Dec 10 16:17:43 1996 From: gt at kdn0.attnet.or.jp (Gemini Thunder) Date: Tue, 10 Dec 1996 16:17:43 -0800 (PST) Subject: [OFF-TOPIC]Re: PICS is not censorship In-Reply-To: <4484.9612101411@misun2.mi.leeds.ac.uk> Message-ID: <32aff84c.38472077@kdn0.attnet.or.jp> "Timothy C. May" wrote: >This was, of course, my point about there being no universally valid truth, >and what such anti-fraud statutes must mean about religions. >Basically, "free speech" entails a kind of anarchy (= no law) with regard >to truths and falsehoods. As I like to say, "at most, one religion is >correct" (with the other 783 major sects clearly spouting falsehoods...and >probably _all_ 784 major sects doing so). I just want to comment on this, as this is one of my pet peeves. There are universally valid truths. You implicitly admit so by stating "...at most, one religion is correct". The problem is we can not always determine what the universally valid truth is (especially so in moral/religious matters), so we tend to cop-out and say there are no truths, or something along the lines of: "Well, that might be right for you, but not for me." or the one I love to hate: "Perception is reality." _______________ If Gump knew C: "Momma always said life is like chocolates = chocolates++, you never know what you're gonna get." From m5 at tivoli.com Tue Dec 10 16:59:30 1996 From: m5 at tivoli.com (Mike McNally) Date: Tue, 10 Dec 1996 16:59:30 -0800 (PST) Subject: [OFF-TOPIC]Re: PICS is not censorship In-Reply-To: <4484.9612101411@misun2.mi.leeds.ac.uk> Message-ID: <32AE0747.2CA5@tivoli.com> Gemini Thunder wrote: > > There are universally valid truths. You implicitly admit so by > stating "...at most, one religion is correct". No, he didn't; he said "at most". I personally think none is correct, and I don't agree there are universally valid truths. I defy you to explain how you know that to be so. > The problem is we can not always determine what the universally valid > truth is (especially so in moral/religious matters) Then why do you think there is such a thing? > so we tend to cop-out Why is it a "cop-out" to accept the limits of human perception? > and say there are no truths, or something > along the lines of: > > "Well, that might be right for you, but not for me." > > or the one I love to hate: > > "Perception is reality." How do you know reality is something other than perception if you don't perceive it to be so? -- ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Mike McNally -- Egregiously Pointy -- Tivoli Systems, "IBM" -- Austin mailto:m5 at tivoli.com mailto:m101 at io.com http://www.io.com/~m101 ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ From nobody at cypherpunks.ca Tue Dec 10 17:12:55 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Tue, 10 Dec 1996 17:12:55 -0800 (PST) Subject: PGP 3 Beta testers needed In-Reply-To: Message-ID: <199612110108.RAA31207@abraham.cs.berkeley.edu> > lucifer at dhp.com (Anonymous) writes: > > All joking aside, is there any reason I shouldn't trust Tim May > > (assuming I don't care about his personal details like sexual > > preference, etc.)? > > Timmy May is a racist (especially hates Jews) and a proven liar. > Perhaps this doesn't bother you. The "proven liar" thing doesn't really bother me if I don't know what he lied about and why. I mean people say things which are untrue all the time, but often by mistake or as a joke. It's always possible for some people to misinterpret what someone is saying or get really upset about it when most people just don't think it matters. The charges of racism and anti-semitism seem a bit more serious. I've been subscribed to cypherpunks for a couple of years, and have not seen any evidence of such an attitude on the list. I therefore find the charges difficult to believe. However, I'm willing to investiate further if you point me in the right direction, as I'd like to know about it if Tim May truly is some kind of horrible person. Thanks. From m5 at tivoli.com Tue Dec 10 17:27:39 1996 From: m5 at tivoli.com (Mike McNally) Date: Tue, 10 Dec 1996 17:27:39 -0800 (PST) Subject: Apropros of labeling systems... Message-ID: <32AE0DE0.6BBC@tivoli.com> Yahoo has a Reuter's story covering a policy statement from the American Academy of Pediatrics. They're concerned about record content description labels; they don't think their "strong" enough. If the industry does not develop a stronger voluntary system, it said, Congress should impose one. (I wonder if they really said that Congress should impose a stronger voluntary system?) I wonder when people will realize that the threat of Congress imposing a ratings system seems functionally equivalent to Congress imposing a ratings system? -- ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Mike McNally -- Egregiously Pointy -- Tivoli Systems, "IBM" -- Austin mailto:m5 at tivoli.com mailto:m101 at io.com http://www.io.com/~m101 ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ From nobody at huge.cajones.com Tue Dec 10 17:47:24 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Tue, 10 Dec 1996 17:47:24 -0800 (PST) Subject: Redlining Message-ID: <199612110147.RAA24444@mailmasher.com> At 5:37 PM 12/10/1996, Jim Wise wrote: >On Tue, 10 Dec 1996, Dale Thorn wrote: > >> The logical implication here is that a thousand people "getting >> together" and doing something is no different in principle than one >> person doing that something. Not a valid implication, although the >> result is not necessarily false on a per-case basis. > >Actually, I think this is a very valid implication. One of the main >ways in which statist societies justify their restrictions on >individuals is by reifying large bodies of individuals and giving >them their own rights and responsibilities _as_a_seperate_entity_. >To speak of a mass of individuals, whether you call it a corporation, >a collective, or a government, as having a different set of rights >than the individuals who make it up, is the heart of statism. Naturally, I agree with Jim. To expand on his comments, if it is acceptable to lend your money to whomever you like, surely it must be acceptable to lend your money to other people on whatever terms you like. These terms could be "I will lend you this money on the condition that you lend it only to pure-blooded Albanians." The reason organizations are subjected to controls has only to do with what is feasible. The people who want to control these organizations would be quite happy to dictate to individuals what they may do with their money. Fortunately, this is not practical. Historically, many societies have not allowed the formation of organizations without governmental approval. For instance, in pre-Revolutionary France, it was not even possible to form a club without official sanction. The Monarchy made a major concession when it permitted the free formation of clubs. It may also have been a strategic blunder, as the clubs immediately became the focus of Revolutionary political activity. I believe that in many Medieval and Renaissance societies, even something as simple as a market could not be established without approval. One of the great ideas of the modern age is that people have the right to form organizations. It should probably be in the Bill of Rights. (We do have the right to "peaceably assemble", but that is not as general as the right to organize.) You are completely correct that control of human organizational activity is the hallmark of a totalitarian state. Back to redlining, it is typically minority groups which are the most prone to lending only to their own group. This has been said about Jewish people, although I haven't seen it in practice. (Perhaps this was true a few centuries ago?) An excellent modern example is the Korean-American community. There is a custom to form pools of capital between small numbers of friends, five would be a typical number. One friend is appointed to set up and run the business. There are very powerful social prohibitions against failure and consequent loss of capital. Very seldom is one of the group anything but Korean. My understanding is that this works quite well. It is hard to find anything objectionable in the practice. >> Ironically, discrimination, prejudice, bigotry, hate, etc. are often >> judged by the public on a "gut level" as well. It's just a matter of >> how to "educate" the public to see these things. > >Exactly. Like most, I have a strongly visceral negative reaction to >bigotry. I wish there could be a system of law which contained it. >There cannot, or at least not without doing even more harm. But what is it that we want to make illegal? Bigotry is not a well defined term. Generally what we object to is people drawing the "wrong" conclusions about other groups of people. Certainly, we do not believe that we should dictate what conclusions people should draw, any more than we believe we should dictate what they may say. Do we then believe that we should outlaw the actions they take based on these beliefs? So long as the people in question are doing no harm, I propose we leave them alone to live their lives. Ironically, I have found that those who are most vocal on the subject of bigotry are most prone to it themselves. It isn't okay to make statements of your belief regarding Albanians - especially poor Albanians - but it is okay to make any statement about yuppies, preppies, geeks, nerds, Libertarians, Objectivists, or any other sort of approved "those people" groups. I'm sure many readers of this list have had conversations which abruptly end with "Are you a Libertarian?", which is generally completely irrelevant to the point under discussion. What is happening is that the other person is more interested in knowing your tribal identification than what you believe. A pity. Red Rackham From anon333 at cryogen.com Tue Dec 10 18:05:26 1996 From: anon333 at cryogen.com (Morbid Angel) Date: Tue, 10 Dec 1996 18:05:26 -0800 (PST) Subject: FW: Hoax: the "Deeyenda" virus (was ... VIRUS ALERT ...) Message-ID: <325D9BB8.1345@cryogen.com> found in a Usenet posting: ----------------------------------- >From Melvin Klassen Date: Wed, 4 Dec 1996 12:00:00 PST Newsgroups: bit.listserv.help-net MIKE R BLAKE <> writes: >>> FYI... >>> **********VIRUS ALERT********** >>> There is a computer virus that is being sent across the Internet. If >>> you receive an email message with the subject line "Deeyenda", DO NOT >>> read the message, DELETE it immediately! Nonsense. Your message is a **HOAX** ! Instead, check the "Computer Virus Myths Home Page", and the specific page describing "Deeyenda", at: http://www.kumite.com/myths/myth027.htm >>> FCC WARNING!!!!! -----DEEYENDA PLAGUES INTERNET The FCC (Federal Communications Commission) does not issue such messages. It's not part of their mandate to do such. -- returning to lurk mode... From Burnett at vmi.edu Tue Dec 10 18:12:36 1996 From: Burnett at vmi.edu (Aaron Burnett) Date: Tue, 10 Dec 1996 18:12:36 -0800 (PST) Subject: Virus? Message-ID: Has anybody heard of the Monkey_B virus? If so what does it do exactly? Also does anybody know where I could find a downloadable Win95 upgrade upgrading Windows 3.x to Win95? From nobody at replay.com Tue Dec 10 18:21:35 1996 From: nobody at replay.com (Anonymous) Date: Tue, 10 Dec 1996 18:21:35 -0800 (PST) Subject: Are accountants smart or stupid? Message-ID: <199612110221.DAA25419@basement.replay.com> xx From gt at kdn0.attnet.or.jp Tue Dec 10 18:47:11 1996 From: gt at kdn0.attnet.or.jp (Gemini Thunder) Date: Tue, 10 Dec 1996 18:47:11 -0800 (PST) Subject: [OFF-TOPIC]Re: PICS is not censorship In-Reply-To: <4484.9612101411@misun2.mi.leeds.ac.uk> Message-ID: <32AE206F.2D021C6D@kdn0.attnet.or.jp> Mike McNally wrote: > > Gemini Thunder wrote: > > > > There are universally valid truths. You implicitly admit so by > > stating "...at most, one religion is correct". > > No, he didn't; he said "at most". I personally think none is correct, > and I don't agree there are universally valid truths. I defy you to > explain how you know that to be so. Simple. Let us consider all religions: Now, here are our possibilities: 1. All are right 2. One or more is right, the remaining are wrong 3. None are right One of these possibilities must be true, but we can not know which one. (This is why "at most" is the very phrase that implictly admits there must be some universal truth concerning the validity of religions) > > The problem is we can not always determine what the universally valid > > truth is (especially so in moral/religious matters) > > Then why do you think there is such a thing? Please see above. Not knowing something does not mean it does not exist. > > so we tend to cop-out > > Why is it a "cop-out" to accept the limits of human perception? You are too quick to argue. The statement that there must be some universal truth even if we can not know what it is seems quite accepting of the limits of human perception. > How do you know reality is something other than perception if you > don't perceive it to be so? Simple. A man may perceive he can fly unassisted. However, once he steps off the building the universal truth of gravity takes hold of his ass. -- _______________________ Powered by LINUX! -- .sig under construction 2[b] || !2[b] -- What's the question? It's a tautology! From vincent at psnw.com Tue Dec 10 18:50:04 1996 From: vincent at psnw.com (Vincent M. Padua) Date: Tue, 10 Dec 1996 18:50:04 -0800 (PST) Subject: Deeyenda, is a fucking hoax... Message-ID: <199612110250.SAA15515@sierra.psnw.com> Deeyenda is not a virus, it's a hoax (like "Good Times" and "Irina") A warning about a virus called Deeyenda is being distributed around the internet. However, the virus does not exist and this is yet another example of a growing trend: hoax virus alerts being mistakenly sent all around the internet. If you receive the warning about Deeyenda (which has many similarities to another hoax, "Good Times") be sure to tell the person who sent the warning to you that it is in fact a hoax, and they should take care not to pass the hoax warning on to anyone else. Please quit propogating this bullshit. //Vince From ichudov at algebra.com Tue Dec 10 19:10:59 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Tue, 10 Dec 1996 19:10:59 -0800 (PST) Subject: PGP 3 Beta testers needed In-Reply-To: <199612110108.RAA31207@abraham.cs.berkeley.edu> Message-ID: <199612110304.VAA17784@manifold.algebra.com> IGNORE ABSOLUTELY ALL FLAMES FLAMES, TRUE OR FALSE, HAVE ZERO NET PRESENT VALUE IGOR John Anonymous MacDonald wrote: > > > lucifer at dhp.com (Anonymous) writes: > > > All joking aside, is there any reason I shouldn't trust Tim May > > > (assuming I don't care about his personal details like sexual > > > preference, etc.)? > > > > Timmy May is a racist (especially hates Jews) and a proven liar. > > Perhaps this doesn't bother you. > > The "proven liar" thing doesn't really bother me if I don't know what > he lied about and why. I mean people say things which are untrue all > the time, but often by mistake or as a joke. It's always possible for > some people to misinterpret what someone is saying or get really upset > about it when most people just don't think it matters. > > The charges of racism and anti-semitism seem a bit more serious. I've > been subscribed to cypherpunks for a couple of years, and have not > seen any evidence of such an attitude on the list. I therefore find > the charges difficult to believe. However, I'm willing to investiate > further if you point me in the right direction, as I'd like to know > about it if Tim May truly is some kind of horrible person. > > Thanks. > - Igor. From Xenu at nym.alias.net Tue Dec 10 19:28:04 1996 From: Xenu at nym.alias.net (Xenu) Date: Tue, 10 Dec 1996 19:28:04 -0800 (PST) Subject: Codebreakers on the shelves! Message-ID: <199612110327.WAA15236@anon.lcs.mit.edu> -----BEGIN PGP SIGNED MESSAGE----- > Subject: Re: Codebreakers on the shelves! > Date: Tue, 10 Dec 1996 02:36:11 -0800 > From: "Timothy C. May" [snip] > I took a look at it a few days ago, and am disappointed. [snip] > However, the public key cryptography revolution is covered in about two or > three pages (or at least this is my recollection). Brief mention is made of > Diffie, Hellman, etc., but nothing surprising or new. 2 or 3 pages for public key crypto? That's disgusting! > So, it seems a better deal is to get one of the many used copies of the > original, for $20 or less, and then read any of the many good articles on > modern cryptography. I was considering getting a copy of the new edition, but now I think I'll look for a used 1st edition. > I'm hoping the new edition of Bamford is handled better. Let's hope... > --Tim May Xenu 1024/0C436F8D 1996/07/14 PGP KEY Fingerprint 06 94 31 1F 96 EF C9 ED E9 86 6A AF 6E 10 E2 86 -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: cp850 iQCVAgUBMq3wDV4LyFQMQ2+NAQEbcAP9FIj8LxwQB2Jq5MivyRp0Nj1Lo25BnSqk 6phIL7jSNiwZGDa735zD8cIJz+Rh8Fq42MEBX3NczCae3nBr8BBPXLR6k4XKH7wR u1eWMaqM2Dl5h9w7XwA/Edd1miw/f85gxKIiF7tYE/whkD/bMK8+Ry9Sh9bMDGKm DowxFvOMwAU= =wTVs -----END PGP SIGNATURE----- From tcmay at got.net Tue Dec 10 19:36:19 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 10 Dec 1996 19:36:19 -0800 (PST) Subject: The product formerly known as VGP In-Reply-To: <199612102238.RAA29779@mercury.peganet.com> Message-ID: At 2:03 PM -0500 12/10/96, Mark Rosen wrote: > I am just announcing that I am changing the name of my program, >Very Good >Privacy (distinct from Pretty Good Privacy) in response to a complaint from >PGP, Inc. It was cool, though, because I got an e-mail message from Phil, >which is akin to talking with God. Just to quell the trademark questions >some people might have, a trademark violation is defined as something where >there is a possibility of confusion with another product; as made obvious >by the hundreds (literally) of messages I have received asking about the >features of this new version of PGP (which it is not). I have not changed >the name of the product on the web page, and will just post a notice of >clarification until I think of a new name. Does anyone have any ideas? >Thanks. How about something like "Really Secure Algorithm"? (I doubt people would confuse your program with the Republic of South Africa, usually abbreviated as "RSA," so there should be no further collision problems.) --Klaus! From alan at ctrl-alt-del.com Tue Dec 10 20:02:36 1996 From: alan at ctrl-alt-del.com (Alan Olsen) Date: Tue, 10 Dec 1996 20:02:36 -0800 (PST) Subject: Puzzle Palace 2nd edition (1983) Info Message-ID: <3.0.1.32.19961210195927.01241f10@mail.teleport.com> At 10:03 AM 12/10/96 -0800, you wrote: >>Hope that clears things up... > >No, I fear you are _confusing_ people with this comment. > >Yes, there was a 1983 paperbound edition, with a few new items added to the >1982 orginal. Ho hum. (I have both, and have for many years. It was finding >the '92 edition that sparked much of my interest in the NSA, back in 1982.) > >What we are waiting for is the _real_ Second Edition, the long-awaited >revising of "The Puzzle Palace." It is expected later this year or next. Sorry I was unclear. Actually I was refering to what _Schneier_ was calling the "Second edition". (The penguin edition is more like version 1.1.) The afterward just seems to be a tacked on collection of fragments. Hopefully the real Second Edition will add more content. --- | "Spam is the Devil's toothpaste!" - stuart at teleport.com | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.ctrl-alt-del.com/~alan/ |alan at ctrl-alt-del.com| From dlv at bwalk.dm.com Tue Dec 10 20:31:04 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 10 Dec 1996 20:31:04 -0800 (PST) Subject: Redlining In-Reply-To: <199612102104.NAA32212@mailmasher.com> Message-ID: <207qyD118w165w@bwalk.dm.com> nobody at huge.cajones.com (Huge Cajones Remailer) writes: > At 9:04 AM 12/10/1996, Black Unicorn wrote: > >On Tue, 10 Dec 1996, Huge Cajones Remailer wrote: > >> I believe that ten, or a hundred, or a thousand people should be able > >> to pool their money and lend it to whomever they please for whatever > >> reason they like. > >> > >> That, essentially, is what a bank is. I do not believe the government > >> should dictate which people you, or your bank, are allowed to lend to. > > > >Create a bank where the identity of the customers are unknown and you > >solve the redlining problem. > > I can imagine a bank whose depositors are not known. I can also > imagine a bank which itself operates anonymously. > > How would people borrow money against real estate and remain > anonymous? It seems to me that the borrower cannot do so if the real > estate will act as collateral. > > Also, how would an anonymous bank foreclose on a mortgage? Actually, this is not as wild as it first sounds, even though the location forms a major part of the price of real estate. (We seem to be talking about mortgages for primary residences now. Actually, the bigger problem with redlining is the banks' refusal to extend loans to business venture (such as retail stores) in neighborhoods they consider too risky.) Suppose the bank deals with a middleman (perhaps even a government agency - something in the spirit of Sally Maie, Freddie Mac, and Fannie May) that guarantees that the collateral is worth a certain amount and the bank can set the interest rate based on the borrower's crddit history etc. If the bank forecloses, they get the value of the collateral from the middleman. A bank would charge lower rates because they wouldn't have to deal with the potential foreclosures. Alternatively, the information about the location can be held in a kind of escrow while the mortage is being negotiated and disclosed to the bank immediately after they agree on terms. The bank can pull out if they, e.g., disagree with the appraisal. Anonymous transactions are surprisingly common in financial markets (I again refer you to Solnik's book for some examples). I used to work with a very curious kind of transaction called "principal bid". Let's suppose that you own 10,000 shares of IBM and you want to sell them and buy 150,000 shares of Novell with the proceeds. If you do it through a regular broker, it'll cost you a great deal in both commission cost and market impact. For large transactions ($20M+) asset managers use the following technique: Compose a description of the package you're trying to buy/sell. You might list things like the number of shares you're trying to buy and sell, the average closing price from the day before, some indication of market capitalization, liquidity, bid/ask spread, etc. Fax it over to your brokers who *can't* determine from this information which stocks you're trying to trade. (If they could, they would manupulate the market against you.) Based on the description you supply, the brokers send in bids in the form "closing price plus n cents", where n is usually between 5 and 20 cents. This is done in the afternoon and the closing price for that day is not known to either party. The lowest bidder buys/sells the package at the close minus/plus the n cents and finds out afterwards what he got (a cat in the bag indeed). The other bidders don't even know what got traded. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From ichudov at algebra.com Tue Dec 10 21:08:31 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Tue, 10 Dec 1996 21:08:31 -0800 (PST) Subject: [OFF-TOPIC]Re: PICS is not censorship In-Reply-To: <32AE206F.2D021C6D@kdn0.attnet.or.jp> Message-ID: <199612110448.WAA18528@manifold.algebra.com> Gemini Thunder wrote: > Mike McNally wrote: > > Gemini Thunder wrote: > > > There are universally valid truths. You implicitly admit so by > > > stating "...at most, one religion is correct". > > > > No, he didn't; he said "at most". I personally think none is correct, > > and I don't agree there are universally valid truths. I defy you to > > explain how you know that to be so. > > Simple. Let us consider all religions: > > Now, here are our possibilities: > 1. All are right > 2. One or more is right, the remaining are wrong > 3. None are right > > One of these possibilities must be true, but we can not know which one. > (This is why "at most" is the very phrase that implictly admits there > must be some universal truth concerning the validity of religions) The fact that the universal truth exists is useless of the truth cannot be found. - Igor. From dthorn at gte.net Tue Dec 10 21:10:19 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 10 Dec 1996 21:10:19 -0800 (PST) Subject: A New First on this List In-Reply-To: <199612101719.KAA16046@infowest.com> Message-ID: <32AE41AA.A79@gte.net> attila at primenet.com wrote: > at 07:09 AM, Dale Thorn said: > :: Anonymous wrote (after rude cartoon) > ::> All joking aside, is there any reason I shouldn't trust Tim May > ::> (assuming I don't care about his personal details like sexual > ::> preference, etc.)? > ::You would be well advised not to trust *anyone* unless: > ::1. They have *your* personal interests at heart (not likely here) -or- > ::2. It is necessary for you to trust them for a particular reason, > :: and you feel that you can justify the risk (more likely). > actually, two [recent] new firsts on this list! > 1. Dale is polite. > 2. Dale is reasonable. > does that mean: "A gentleman is a man who knows _when_ to be rude" > --Oscar Wilde Ah, c'mon. You remember what Cap'n Kirk said to the Melkotians (sp?): "Sure we're killers, we just aren't gonna kill today" (quote very approximate, and I hope I got the ethnicity right). From ichudov at algebra.com Tue Dec 10 21:14:34 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Tue, 10 Dec 1996 21:14:34 -0800 (PST) Subject: The product formerly known as VGP In-Reply-To: Message-ID: <199612110510.XAA18700@manifold.algebra.com> Timothy C. May wrote: > At 2:03 PM -0500 12/10/96, Mark Rosen wrote: > > I am just announcing that I am changing the name of my program, > >Very Good Privacy > >the name of the product on the web page, and will just post a notice of > >clarification until I think of a new name. Does anyone have any ideas? > >Thanks. > > How about something like "Really Secure Algorithm"? > I was thinking about creating a Committee of Concerned Computer Programmers, abbreviated as CCCP. To Mark Rosen: name it Cryptographic Utility for Network Transmissions. - Igor. From dlv at bwalk.dm.com Tue Dec 10 21:15:09 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 10 Dec 1996 21:15:09 -0800 (PST) Subject: PGP 3 Beta testers needed In-Reply-To: <199612110108.RAA31207@abraham.cs.berkeley.edu> Message-ID: nobody at cypherpunks.ca (John Anonymous MacDonald) writes: > The charges of racism and anti-semitism seem a bit more serious. I've > been subscribed to cypherpunks for a couple of years, and have not > seen any evidence of such an attitude on the list. ... You must have Timmy May in your killfile then. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jw250 at columbia.edu Tue Dec 10 21:18:45 1996 From: jw250 at columbia.edu (Jim Wise) Date: Tue, 10 Dec 1996 21:18:45 -0800 (PST) Subject: Redlining In-Reply-To: <199612110147.RAA24444@mailmasher.com> Message-ID: On Tue, 10 Dec 1996, Huge Cajones Remailer wrote: > One of the great ideas of the modern age is that people have the right > to form organizations. It should probably be in the Bill of Rights. > (We do have the right to "peaceably assemble", but that is not as > general as the right to organize.) > > You are completely correct that control of human organizational > activity is the hallmark of a totalitarian state. I would go further than this, though. I would say that that mode of thought which considers an organization to _be_ an individual, with rights and responsibilities of its own, is the hallmark of a state. (_all_ states are totalitarian to some degree, that is what makes them states). That is to say, when we say "General Electric owns so and so many dollars in assets" or "The government has a duty to protect its citizens", we are accepting the basic precept of statism, that these groups should be treated as something other than the sum of the individuals whom they are made up of. > >Exactly. Like most, I have a strongly visceral negative reaction to > >bigotry. I wish there could be a system of law which contained it. > >There cannot, or at least not without doing even more harm. > > But what is it that we want to make illegal? Bigotry is not a well That's the point I was trying to make. We cannot outlaw `bigotry' because any such law would be a basic violation of the rights of thought, and expression. What we should do is combat the ignorance and factionalism which make it possible. As I said, the main obstacle to doing away with bigotry is the fact that modern statist societies rely on alienating the masses against themselves to keep prevent popular insurrection. -- Jim Wise System Administrator GSAPP, Columbia University jim at santafe.arch.columbia.edu http://www.arch.columbia.edu/~jim * Finger for PGP public key * From dthorn at gte.net Tue Dec 10 21:41:21 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 10 Dec 1996 21:41:21 -0800 (PST) Subject: [OFF-TOPIC]Re: PICS is not censorship In-Reply-To: <4484.9612101411@misun2.mi.leeds.ac.uk> Message-ID: <32AE4912.3442@gte.net> Gemini Thunder wrote: > "Timothy C. May" wrote: > >This was, of course, my point about there being no universally valid truth, > >and what such anti-fraud statutes must mean about religions. [snip] > I just want to comment on this, as this is one of my pet peeves. > There are universally valid truths. You implicitly admit so by > stating "...at most, one religion is correct". > The problem is we can not always determine what the universally valid > truth is (especially so in moral/religious matters), so we tend to > cop-out and say there are no truths, or something along the lines of: The syllogism I remember goes something like this: If all things are relative then the statement I just made is relative (sometimes true and sometimes false). When the statement is false, something is not relative, but implicitly absolute. From dthorn at gte.net Tue Dec 10 21:55:23 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 10 Dec 1996 21:55:23 -0800 (PST) Subject: Redlining In-Reply-To: <199612110147.RAA24444@mailmasher.com> Message-ID: <32AE4C11.7839@gte.net> Huge Cajones Remailer wrote: > At 5:37 PM 12/10/1996, Jim Wise wrote: > >On Tue, 10 Dec 1996, Dale Thorn wrote: > >> The logical implication here is that a thousand people "getting > >> together" and doing something is no different in principle than one > >> person doing that something. Not a valid implication, although the > >> result is not necessarily false on a per-case basis. > >Actually, I think this is a very valid implication. One of the main > >ways in which statist societies justify their restrictions on > >individuals is by reifying large bodies of individuals and giving > >them their own rights and responsibilities _as_a_seperate_entity_. > >To speak of a mass of individuals, whether you call it a corporation, > >a collective, or a government, as having a different set of rights > >than the individuals who make it up, is the heart of statism. [snip] If you're saying that it's wrong (bad, whatever) for corporations to have special protections and so on (taxes, other things) that don't apply to individuals who are (for example) not part of any corporations, then I do agree with you. OTOH, the evils which can be accomplished in practice (never mind theory) by power groups such as large corporations, which cannot be accomplished by individuals (or cannot in practice be defended against) are a problem that society has addressed, sometimes on a case-by-case basis (usually better), and sometimes through big legislation, which often far outlives its usefulness. I hope we're at least seeing the same points. From nobody at huge.cajones.com Tue Dec 10 22:11:06 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Tue, 10 Dec 1996 22:11:06 -0800 (PST) Subject: [OFF-TOPIC]Re: PICS is not censorship Message-ID: <199612110610.WAA06225@mailmasher.com> >> and I don't agree there are universally valid truths. I defy you to >> explain how you know that to be so. > Simple. Let us consider all religions: Your argument has grown tiresome. Now is the time on cypherpunks when we dance. From snow at smoke.suba.com Tue Dec 10 22:16:22 1996 From: snow at smoke.suba.com (snow) Date: Tue, 10 Dec 1996 22:16:22 -0800 (PST) Subject: The product formerly known as VGP In-Reply-To: <199612102238.RAA29779@mercury.peganet.com> Message-ID: <199612110634.AAA00188@smoke.suba.com> > > I am just announcing that I am changing the name of my program, Very Good > Privacy (distinct from Pretty Good Privacy) in response to a complaint from > PGP, Inc. It was cool, though, because I got an e-mail message from Phil, > which is akin to talking with God. Just to quell the trademark questions > some people might have, a trademark violation is defined as something where > there is a possibility of confusion with another product; as made obvious > by the hundreds (literally) of messages I have received asking about the > features of this new version of PGP (which it is not). I have not changed > the name of the product on the web page, and will just post a notice of > clarification until I think of a new name. Does anyone have any ideas? > Thanks. > The product formerly known as VGP can be downloaded at: Call it Prince Cypher, the product formerly known as ... Petro, Christopher C. petro at suba.com snow at smoke.suba.com From mjmiski at execpc.com Tue Dec 10 22:27:00 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Tue, 10 Dec 1996 22:27:00 -0800 (PST) Subject: Redlining Message-ID: <3.0.32.19961211002633.00699be0@execpc.com> -----BEGIN PGP SIGNED MESSAGE----- Red, I will not re-quote and rehash the argument thus far. You do have a knack to ignore strong points (although admittedly not all) of your opponent in an argument. Additionally, I am not trying to show anyone that you are a "bad person". I was trying to carry-on civil discourse. I know you really feel that you had no part in disrupting the discourse we started out in, I disagree. My original point, in fact, was taken out of context and so: At 10:50 AM 12/3/1996, Matthew J. Miszewski wrote: >(snip) >>(Just for the record, what the hypothetical insurance companies and >>employers are doing by using data they have obtained should not, in >>a free society, be illegal in any way. All information contributes >>to decision-making, about loans, credit, insurance, employment, etc. >>In a free society, it is up to people to not disclose that which >>they do not wish remembered.) > >While the libertarians on the list have affected my way of looking at >regulation I, and others, do not subscribe (suscribe ;)) to Tim's >absolute theory. Unless, of course, by free society Tim is refering >to one where corporations hold themselves to a level of "personal" >responsibility, which in many realms is part of any definition of >"free". > >Take, for example, the practice of redlining. How are people who live in >"bad" neighborhoods supposed to not reveal that information. My question was a real one. The basis of it comes from my work with the homeless in which they have a difficult time getting a job because they have no "home address" to put on the forms, some do not have or remember their SSNs, etc. This causes a cyclic problem for the homeless. My question to Tim was, in the real world, how is the protection of this data feasible. As I discuss briefly at the end of this post, I also was pointing out my differing opinion on the meaning of "free society". You responded in your last post thus: >While you did not state it explicitly, in the context above I >interpreted this to mean that you supported laws which restricted the >use banks make of information they obtain from their clients. This is a factual summary of my opinion but has absolutely nothing to do with my post (I *never* mentioned support or opposition of such laws. It also has nothing to do with my opinions on cryptography or privacy (which you also criticized in your last post). I do have responses to each of your "points" in your last post, but have found the process of responding point-by-point tedious and non-productive (maybe less productive than the time I have to give to the exercise, I was not intending on placing a value judgement on it). So that you can understand my position (in case your sarcasm was not really turned up that high) I will outline it more succinctly below. You are quite right. We disagree. As the topic quickly wandered from the original post on privacy concerns to racial discrimination, I will address that. I apologize to the list (for those that find it irrelevant), but I can not reply directly to Red. - ----- I, personally, find racial discrimination to be a problem in the USA. Not only do I find it a moral problem, but it has adverse effects on markets and the efficiency of these same markets. It is costly not only in personal measures, but in economical terms as well. As a way to address these concerns, holistically, moral concerns as well as economic concerns, I do support limited regulation specifically tailored to address this problem. One of the means of addressing only one specific aspect of this problem is to legislatively restrict the practice of redlining. - ----- I do expect many on the list to disagree with me. They will disagree that racism exists (some). They will disagree that it is morally wrong. They will disagree that it affects markets in any way. They will assert that legislative restrictions are far worse than industry self-policing. More will disagree that the government has any business regulating the area. As I had stated simply before, I disagree. Personally, because of the life I have led, I draw my line here. Others draw it elsewhere. Some dont draw it. (at one time in my life, i fought for not drawing the line. Thru painful learning experiences and reality checks - long arguments over several months and too much coffee - I decided that I would not want to live in a libertarian's ideal society. This decision was based on my perception that it just wouldnt work in reality. I am well aware others will differ. Maybe we can pursue that thread.) Matt -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMq5T/7pijqL8wiT1AQEycgP/bo6zV8B+DySD62zLMz6jYHiJeiW2XYkH UVO+Ixyl8ogRuZOTo09pF1+6X8olT5mCY2SxYb6z43UUDZDHhwT+A/8qc8WdF3la HCiJ2scterzYdh113Jn3M4TQomakuU1wY36nZzldMN5B2iIyRmAvRynPRYA+0I51 q06tPm36eq8= =q3zf -----END PGP SIGNATURE----- From dthorn at gte.net Tue Dec 10 22:28:47 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 10 Dec 1996 22:28:47 -0800 (PST) Subject: Secure Erase for PCs? In-Reply-To: <199612110355.UAA21125@zifi.genetics.utah.edu> Message-ID: <32AE5411.6C56@gte.net> Anonymous wrote: > Dale Thorn sez: > >Jamie Lawrence wrote: [snip] > >But nobody answered my question: Is there a shortcut way to do the > >wipe, say, thirty times? Ordinarily, I'd run the program thirty > >times, which would consist of a data write followed by a flush, > >which would take 30x amount of time. > Buffered writes won't work for obvious reasons. You must make raw > writes to the sectors you seek to scramble after you gather information > about what sectors you want to write. That much I've known for 15 years or so.... > The innovation you are looking for is > called "the loop". You can implement "the loop" many ways including > taping the end of your program to the beginning. Be careful not to > accidentally twist the paper as this will cause your writes to become reads. > If you are using punch cards you are SOL. sheesh. > Remind me not to use any of Dale's "utilities". You would not likely ever have the opportunity to use such utilities, since you obviously lack certain basic ingredients of intelligence. I don't do "user-friendly" GUI programs, but I suppose this list is full of MAC users for reasons known only to themselves (I don't want to know). From nobody at replay.com Tue Dec 10 22:36:24 1996 From: nobody at replay.com (Anonymous) Date: Tue, 10 Dec 1996 22:36:24 -0800 (PST) Subject: Are accountants smart or stupid? Message-ID: <199612110636.HAA25808@basement.replay.com> Yes From mjmiski at execpc.com Tue Dec 10 22:41:48 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Tue, 10 Dec 1996 22:41:48 -0800 (PST) Subject: Redlining Message-ID: <3.0.32.19961211004126.00698998@execpc.com> -----BEGIN PGP SIGNED MESSAGE----- At 05:47 PM 12/10/96 -0800, Huge Cajones Remailer wrote: (snip) > >Do we then believe that we should outlaw the actions they take based >on these beliefs? So long as the people in question are doing no >harm, I propose we leave them alone to live their lives. > This is the essence of, at least, my disagreement with you Red. I dont agree that redlining doesnt harm people. You see no harm. I do. >I'm sure many readers of this list have had conversations which >abruptly end with "Are you a Libertarian?", which is generally >completely irrelevant to the point under discussion. What is >happening is that the other person is more interested in knowing your >tribal identification than what you believe. A pity. As strange as it may sound to you, most of my conversations go this way. It is ironic to me that I have been placed on this side of an argument. Do you tend to think of me now as "less of a Libertarian" much as your forewarned "In the House" black reference? > >Red Rackham > Matt -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMq5XjbpijqL8wiT1AQGb4QQAlfkJjGxTli09WNWmKO5xL1raxv52ccQ7 WKPdLclQDhXD8rMrQQr85WgOhm6d/dEwJ0n8LKCz5i7OOuDE1YufgMBjQste9/Ul GJodjM4dbxDDqxdErPtIWTkkhTDNKqHNoZXMvQCDmYfQrBnRfsiOJcwXaz7sqoNF f+JHUSPjHGY= =q6bO -----END PGP SIGNATURE----- From brettc at tritro.com.au Tue Dec 10 22:43:29 1996 From: brettc at tritro.com.au (Brett Carswell) Date: Tue, 10 Dec 1996 22:43:29 -0800 (PST) Subject: Virus? Message-ID: > >Also does anybody know where I could find a downloadable Win95 upgrade >upgrading Windows 3.x to Win95? ftp://ftp.microsoft.com/^L^O^S^E^R From zerofaith at mail.geocities.com Tue Dec 10 22:56:23 1996 From: zerofaith at mail.geocities.com (Psionic Damage) Date: Tue, 10 Dec 1996 22:56:23 -0800 (PST) Subject: Virus? Message-ID: <199612110649.WAA16287@geocities.com> Would you like a decompiled version of the Monkey_B virus, because I have over 6000 virii, including that one, if so, mail me personally. It corrupts your boot sector, and sooner or later, deletes your files. At 09:10 PM 12/10/96 EST, you wrote: > > >----------geoboundary >Content-Type: text/html; charset=us-ascii >Content-Transfer-Encoding: 7bit > > > > > >

>Postage paid by:
> > > >----------geoboundary > > > >Has anybody heard of the Monkey_B virus? If so what does it do exactly? >Also does anybody know where I could find a downloadable Win95 upgrade >upgrading Windows 3.x to Win95? > >----------geoboundary-- > ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ---------------------- Zer0 Faith Inc. H/P/A/V/C UNDER-WORLD www.geocities.com/SiliconValley/Heights/2608 MEMBERZ: GATEMASTER, VIRIZZ, KRASH, EVIL TWIN, KORRUPT, PHONEHAZORD, PSIONIC DAMAGE, ORPHEUS (the pirate), MANTICORE, ERADICATOR, PSYCHODROME, BIONIC SMURF, SONIK, �ILVER KAT, kOBRA, & KRYPTIK! EMAIL:zerofaith at nlights.net (headquarterz) hakker1 at hotmail.com (Delious's Haus!) hackerz at juno.com (The Gatemaster'z palace) zerofaith at geocities.com (delivery/help/requests/suggestions) From nobody at cypherpunks.ca Tue Dec 10 22:57:52 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Tue, 10 Dec 1996 22:57:52 -0800 (PST) Subject: [ADMINISTRATIVIUM] Zero-knowledge interactive proofs Message-ID: <199612110642.WAA04116@abraham.cs.berkeley.edu> Timothy May carries a turd in his wallet for identification purposes. ' ' ' ' ^-O-O-^ -ooO--U--Ooo- Timothy May From rp at rpini.com Tue Dec 10 23:11:00 1996 From: rp at rpini.com (Remo Pini) Date: Tue, 10 Dec 1996 23:11:00 -0800 (PST) Subject: Java DES breaker? Message-ID: <9612110711.AA25962@srzts100.alcatel.ch> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: cypherpunks at toad.com Date: Wed Dec 11 08:11:13 1996 > A few small bugs in this idea, at least for the masses -- > 1) This would only appeal to people who have unlimited usage > 2) ...and don't care about not having their phone available (I know > they're asleep at the time) > 3) ...and don't have an ISP that will kick them off when a timeout > period expires. AND don't have a phone system that charges for local calls (like for example almost everyone except americans... :( - ------< fate favors the prepared mind >------ Remo Pini rp at rpini.com PGP: http://www.rpini.com/crypto/crypto.html Fingerprint: 33F9B4E9 - ----< words are what reality is made of >---- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: http://www.rpini.com/crypto/crypto.html iQEVAwUBMq5ekRFhy5sz+bTpAQHLRgf+NQY8XwrB+Fjdto+1bsr8M2vaH9GdNS9R PjjbNitAnXrqnoyeYHq4IyC4zkfr6wYce14McRyp5ePjNrfYO0n0rTFH3XBvpFwx usgDSeYNWrcXPuOB8WrPjHxy7OVv8kgnAp00PHImk+x9E5ppJHfSFUDzYlKProie 8CelWUb/EcKkwTJfMnH+s1S9HRPDwxiE7m2OlID1c/+ZobQr0B7BqbSnK9CIvPst cwpzzoAUjNOiSoOIHuUO7ud/Ie03ohPDF0bF4KiKJaeRUNZjLaK7V7DgpfgWv+Zk V2K14TLQ5gAFcFCDnLKo1qePLmZtu1F0YJcbYkQLBh7dhqQpoPtHrQ== =Xg6k -----END PGP SIGNATURE----- From nobody at cypherpunks.ca Tue Dec 10 23:27:49 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Tue, 10 Dec 1996 23:27:49 -0800 (PST) Subject: [Crypto Patent] Authentication "scheme" Message-ID: <199612110718.XAA04680@abraham.cs.berkeley.edu> Just snatched off the newspool... Anitro --------------------------------------------------------------------------- Scheme for authentication of at least one prover by a verifier Source: MicroPatent MicroPatent via Individual Inc. : Abstract: A new procedure for authentication of at least one prover by a verifier, the authentication being based on public and secret key cryptographic techniques and making use of a zero-knowledge protocol. In addition, this protocol is established using the problem of constrained linear equations and finds applications in cryptography. This procedure uses a published matrix M of dimension m.times.n where coefficients are chosen at random from the integers from 0 to d-1, where d is generally a prime number close the square of a number c. The "prover" authenticates itself to a "verifier" by performing hashing functions based on a randomly chosen vector U of dimension m and a randomly chosen vector V of dimension n, the results of which are called commitments and are sent to the prover. The prover then chooses one of several predefined functions and requests that the verifier perform this one predefined function. When the verifier receives a result of the predefined function, it compares the result with the commitments to determine if the prover has provided a correct set of responses. The procedure also can be repeated for other random vectors U and V for increased security. Ex Claim Text: Method for authenticating a prover by a verifier based on a cryptographic technique using a secret key, a public key and a zero-knowledge protocol, the method comprising the steps of: a) generating a secret key, including at least one vector S of dimension n having coordinates chosen from a set X, b) generating a matrix M of dimensions m.times.n whose coefficients are chosen at random from integer values from 0 to d-1, where d is a prime integer close to the square of a number c, c) generating a public key comprising at least one vector P such that P=g(M(S)), where g is a function defined by said set X and a subgroup G of a set of integers (1, 2, . . . d-1) and which associates an element g(x) of G to each coordinate x of the at least one vector P such that x is described uniquely as a product of g(x) and an element k(x) of X; d) generating at least two random vectors by the prover; e) generating plural commitments by applying a cryptographic hash function to functions of S, M and the at least two random numbers; f) exchanging plural messages between the prover and the verifier based on said public key and said secret key; and g) authenticating the prover by the verifier based on said plural messages, said public key and said secret key. Patent Number: 5581615 Issue Date: 1996 12 03 Inventor(s): Stern, Jacques [12-09-96 at 14:42 EST, Copyright 1996, MicroPatent] From wichita at cyberstation.net Tue Dec 10 23:31:45 1996 From: wichita at cyberstation.net (wichita at cyberstation.net) Date: Tue, 10 Dec 1996 23:31:45 -0800 (PST) Subject: Another problem with IPG algorithm In-Reply-To: <199612011844.MAA03510@manifold.algebra.com> Message-ID: On Sun, 1 Dec 1996, Igor Chudov @ home wrote: > Don and others, > > At the heart of IPG algorithm there is a pseudo-random number generator > which generates values of A(JV). (see http://www.netprivacy.com/algo.html) > > DO > JV=JV+1 > IF JV=53 THEN JV=0 > A(JV)=(A(JV)+B(JV)) MOD C(JV) > UNTIL A(JV)<16384 > > Note that if B(JV) and C(JV) in a triplet (A(JV), B(JV), C(JV)) are not > mutually prime, they will generate very few numbers and not a whole set > 0-16383. For example, if C(JV) is 20000, and B(JV) is 10000, and initial > A is (for example) 57, the only two numbers that this triplet will > generate will be 57 and 10057. > > This refutes Don Wood's claim that the distribution of results > approaches even. Even if only ONE triplet is such as I described (and it > is VERY likely to happen statistically), the distribution will be > skewed. > > Don, what do you think about it? > > igor > Igor, Also included in the more detailed explanation is the set of As, Bs, and Cs that are used. Either the B or a C is prime in all instances, I would agree with you if that was not the case. All 16384 numbers, 0 through 16383, are always generated. In addition of course, the numbers between 16384 and each of the Cs are also generated but not used. Thus each of the C(JV) values are operating at different speeds and produce a staccato, meaning in this case, something that is discontinious or disjointed. However, the sum of series approaches an even distribution in the almost precisely same manner as a true random number generator approaches an even distribution. Thus over short frames variance is great but over long frames, the frequency of occurrence tends to approach a perfectly even distribution. Also, keep in mind, that the values are never used directly - they are only used as a variable for a three dimensional table lookup, where all three of the 4096 element tables are constantly changing depending upon the the sum of the A(JV) variables combined with the initial settings, which were initally determined determined by the user generated key, and other related information. Also, remember that the order and the actual As, Bs, and Cs used are also randomly arrived at by using the user defined key, 256 bytes or 8192 bytes. There is a lot more revealed at the web site. If you have further interest, I would provide you, Igor, with source code for the algorithm, subject to a binding NDA. I think you will be suprised if you examined it in detail. With kindest regards, Don Wood From frantz at netcom.com Tue Dec 10 23:37:51 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 10 Dec 1996 23:37:51 -0800 (PST) Subject: Java DES breaker? In-Reply-To: Message-ID: At 8:26 AM -0800 12/10/96, Ray Arachelian wrote: >While Java isn't a workhorse performance wise, it's very simple for >anyone with a half decent browser to use java applets. Writing an >implementation of DES in Java should be fairly easy, however it will run >slow on most browsers. This performance drop will make it far easier for >Joe Webuser to easily help break DES for us. I have a client who needs strong crypto routines in Java. (They want maintain the privacy of their customer's data when stored on the customer's disk.) They need the platform independence that Java provides. I would appreciate pointers to implementations. (BTW - I already know about the Systemics routines.) Thanks - Bill ------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA From frantz at netcom.com Tue Dec 10 23:37:53 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 10 Dec 1996 23:37:53 -0800 (PST) Subject: Patriots should use PGP In-Reply-To: <3.0.32.19961210104240.006dd358@super.zippo.com> Message-ID: At 7:42 AM -0800 12/10/96, Jim Byrd wrote: >Why on earth would an American football team need PGP? Why, certainly during contract negotiation there is a need for privacy, and a LOT of money at stake. :-) ------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA From wichita at cyberstation.net Tue Dec 10 23:49:22 1996 From: wichita at cyberstation.net (wichita at cyberstation.net) Date: Tue, 10 Dec 1996 23:49:22 -0800 (PST) Subject: IPG Algorith Broken! In-Reply-To: Message-ID: On Sun, 1 Dec 1996, The Deviant wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > On Sat, 30 Nov 1996 wichita at cyberstation.net wrote: > > > No correct period, for the same reason. To paraphrase Gertrude Stein, an > > OTP is an OTP is an OTP. > > And IPGs algorithm is not OTP, so what you're saying is irrelevant. > > > More dumbest information, from FAT BRAIN. If an OTP is used more than > > once, it is not an OTP by definition. Plaintext xor Plaintext, even in > > Correction. If I generate a completely random number, and use it in my > pad, and then generate another random number, and the 2 randoms happen to > be the same, they are still perfectly valid pads; as long as the numbers > were truly random. Don't get me wrong -- its still stupid to use the same > one twice, and it defies the point, but it is not "not an OTP by > definition". > > Correction, an OTP means a One Time Pad. If it is used more than once, it is not a One Time Pad. The likelihood of a duplicate random number series of any significant length of course is very remote. If it did occur and you were able to to XOR the resultant ciphertexts together, partial or complete compromise might be possible. An OTP means one time use period, why call it a One Time Pad, why not call it a Random Number Series or some other appellation. This is just another example or more pendant pap. Obviously, you like Paul, do not know what you are talking about. You have read some textbooks and think that makes you are an expert. I suggest that you take some time off and learn some IT and what an OTP is. It most certainly is not two identical random number series. > > > derivative forms. Like so much of his dribble, that paragraph contains > > some words but I challenge anyone to tell us what it means. It simply > > does not say anything which translates into anything meaningful. > > Stop describing what you write. > > > Frequently, you fill in some, and maybe even all of the plaintext, if you > > have part of the plain text, for example if you have the partial signature > > of a message emanating from the White House of: > > > > Wi Jef on > > > > You might reasonably conclude that the missing characters could be filled > > in to be: > > > > William Jefferson Clinton > > > > > > Two plaintexts xored together can reveal much more than you might think. > > > > This is, as they say, completely irrelevant. > Not nearly as irrelevant as your meaningless dribble. > > Don Wood > > --Deviant With Kindest regards, Don Wood From ichudov at algebra.com Wed Dec 11 00:14:43 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 11 Dec 1996 00:14:43 -0800 (PST) Subject: Another problem with IPG algorithm In-Reply-To: Message-ID: <199612110810.CAA00508@manifold.algebra.com> wichita at cyberstation.net wrote: > On Sun, 1 Dec 1996, Igor Chudov @ home wrote: > > Don and others, > > > > At the heart of IPG algorithm there is a pseudo-random number generator > > which generates values of A(JV). (see http://www.netprivacy.com/algo.html) > > > > DO > > JV=JV+1 > > IF JV=53 THEN JV=0 > > A(JV)=(A(JV)+B(JV)) MOD C(JV) > > UNTIL A(JV)<16384 > > > > Note that if B(JV) and C(JV) in a triplet (A(JV), B(JV), C(JV)) are not > > mutually prime, they will generate very few numbers and not a whole set > > 0-16383. For example, if C(JV) is 20000, and B(JV) is 10000, and initial > > A is (for example) 57, the only two numbers that this triplet will > > generate will be 57 and 10057. > > > > This refutes Don Wood's claim that the distribution of results > > approaches even. Even if only ONE triplet is such as I described (and it > > is VERY likely to happen statistically), the distribution will be > > skewed. > > > > Don, what do you think about it? > > > > igor > > > Igor, > > Also included in the more detailed explanation is the set of As, Bs, and > Cs that are used. Either the B or a C is prime in all instances, ^^^^^^^^^^^^^^^^^^^^^^^^^^ see below > I would agree with you if that was not the case. All 16384 numbers, 0 > through 16383, are always generated. In addition of course, the numbers > between 16384 and each of the Cs are also generated but not used. If only B is required to be a prime, that is incorrect. See below. > Thus each of the C(JV) values are operating at different speeds and > produce a staccato, meaning in this case, something that is discontinious > or disjointed. However, the sum of series approaches an even distribution > in the almost precisely same manner as a true random number generator > approaches an even distribution. Thus over short frames variance is great > but over long frames, the frequency of occurrence tends to approach a > perfectly even distribution. > > Also, keep in mind, that the values are never used directly - they are > only used as a variable for a three dimensional table lookup, where all > three of the 4096 element tables are constantly changing depending upon > the the sum of the A(JV) variables combined with the initial settings, > which were initally determined determined by the user generated key, and > other related information. > > Also, remember that the order and the actual As, Bs, and Cs used are also > randomly arrived at by using the user defined key, 256 bytes or 8192 > bytes. > > There is a lot more revealed at the web site. If you have further > interest, I would provide you, Igor, with source code for the > algorithm, subject to a binding NDA. I think you will be suprised if > you examined it in detail. Thanks for your response, Don. I appreciate that we are able to talk about cryptography because it is interesting. Re: triplets. It seems that even if only one number in each triplet (B or C) must be prime, as you said, we are still not guaranteed that the PRNG will be "good". For example, suppose that B is a prime around, say, 10000, and C is 2*B. In this case, the problem would still be the same. I agree that since lookup tables are used, the output for the XOR engine would be more obscure than if the output of the PRNG was used directly. This obscurity, however, does not imply that the resulting XOR key data would be free of biases that I described. There is a possibility that the biases could be exploited. Take the extreme case: suppose that by an extreme stroke of bad luck the output of your PRNG is only 11252 and 1. This may happen if B=11251 and C=11251*2 (I am too lazy to check if 11251 is a prime, but you get the idea) for all triplets, and all A=1. Would the three tables DIFF, etc. be able to "randomise" the output? I doubt that, although can't say for sure right now. As for the code, I can sign the NDA *if* it is reasonable, but I can only read your code if it is written and commented well. The problem is, suppose I read your code and find a weakness. What do I do next since my NDA forbids me from quotinbg relevant parts of the code? Again, I am far from a professional cryptographer and would not be able to do even a half-decent review. The comments that I make are my attempt to find weaknesses in your algorithm. I suggest that you hire a professional cryptographer with an academic degree and ask him/her/it to produce an independent evaluation. It will be worth more than my comments. - Igor. From mixmaster at remail.obscura.com Wed Dec 11 00:34:28 1996 From: mixmaster at remail.obscura.com (Mixmaster) Date: Wed, 11 Dec 1996 00:34:28 -0800 (PST) Subject: [CRYPTO] Sphere packings Message-ID: <199612110730.XAA09567@sirius.infonex.com> Timmy May's police record is many times longer than his prick (well, that's not hard). /\ __/__\__ | 00 | Timmy May |: \ :| | \_/| \__/ From wichita at cyberstation.net Wed Dec 11 00:49:45 1996 From: wichita at cyberstation.net (wichita at cyberstation.net) Date: Wed, 11 Dec 1996 00:49:45 -0800 (PST) Subject: IPG algorithim In-Reply-To: <199611302118.NAA12825@slack.lne.com> Message-ID: On Sat, 30 Nov 1996, Eric Murray wrote: Eric, unlike all the other forespeakers, I do appreciate the fact that you tried to understand the algorithm and implement it. However, you have several things wrong, the most important being that the PRNG produces ONLY a seed for the main algorithm and over short sequences, for example 53^2, that is only slightly over an average occurrence of 8 each for the 256 ASC II characters, and the seed streams are congruent. However, the algorithm uses a 3 dimensional table lookup to translate the numbers to the Encryptor stream. I suggest that you get a free copy of the operating program, generate your own key, and then run the output through any meaningful test that you might desire. That would indeed establish whether or not our system does what we claim it will do or not. It does, but neither my words or your partial tests prove anything. The expected occurrence of an identical repeat, that is a where the same seed gives the same result is 1 in 2^36. Of course that does not mean that the same resultant encryptor character might not be generate because there are only 256 possibilities, so the same character would result from the same seed at least 1 in 256 times, and of course statistically more frequently than that, but the over sequence of events leading to the production of that character is different. While I do appreciate your effort to understand and implement the algorithm, it would be helpful if you would contact me first and get a copy of the keys and everything detailed in the web site. I take it that you used the abbreviated version, or failed to read all the information etal. If you use the tables and so forth detailed at the web site and use the full algorithm, the results will be far different as you will find. > > > I have translated the IPG algorithim's "engine" to C, to generate > some random values from it for testing purposes. It does not > look very random in either the xnoisesph program or the DIEHARD > test battery. However I may well have misinterprested Mr. Wood's > description (his writing is, as Mr. Chudov points out, difficult to > understand) or written my code incorrectly. Here it is, play > with it yourself. To my untrained eye the lack of randomness > in what's essentially a stream cipher would be disturbing. > However I am not a cryptoanalysist so I do not know to > what extent this weakens the cipher. > > > The IPG description does not say (but implies to me) that > the various tables that are to be filled in by "random" values must > be filled in by PRNGs that are seeded with the same seeds by > each of the party that knows the key. Otherwise the "encryptor > streams" that are generated will be unrelated and decryption will not > be possible. To make my test work I have used the simple rand() > function to fill in the tables. > > > Corrections are welcome. > > > > #include > > /* a C translation of the IPG "EUREKA" algorithim's "engine". > ** This is supposed to produce random numbers for the IPG > ** "encryptor stream". > ** See http://www.netprivacy.com/ for the original description. > ** Eric Murray ericm at lne.com This code placed under GNU copyleft. */ > > /* machine-dependent stuff, change to suit different platforms: */ > typedef unsigned char byte; > typedef unsigned short uint16; > > > /* tables: */ > uint16 A[53]; > uint16 B[53]; > uint16 C[53]; > > > int init_table(uint16*table, uint16 min, uint16 max) > { > /* IPG specifies no algorithim for producing the "random" > ** initial values in the ABC tables, but it's obvious that > ** it requires a PRNG that's somehow seeded from the "key". > ** I've just used rand() here. In UNIX rand() called with no > ** seed is supposed to seed itself with 0. */ > int i; > int count, r; > Wrong - the algorithms are specified at the web site - look again. You cannot just use rand(). That is patently absurd. > for(i = 0; i < 53; i++) { > table[i] = min + (rand() % (max - min)); > } > } > > main(int argc, char **argv) > { > uint16 jv; > int argcnt, i, n, count, diehard, nelem; > > diehard = 0; > argcnt = 1; > if (argc >= 2) { > if (strncmp(argv[argcnt],"-d") == 0) { > diehard++; > argcnt++; > } > } > if (argc > argcnt - 1 ) { > n = atoi(argv[argcnt]); > fprintf(stderr,"Generating %d values\n",n); > } > else { > n = 2000; > } > > /* seed tables: */ > fprintf(stderr,"Seeding: A"); fflush(stderr); > init_table(A,0,65535); > fprintf(stderr," B"); fflush(stderr); > init_table(B,0,12227); > fprintf(stderr," C"); fflush(stderr); > init_table(C,16384,20361); > fprintf(stderr,"\n"); fflush(stderr); > > /* generate n values: */ > for(; n > 0; n--) { > /* jv is "random" (where's it seeded from?) */ from the key > jv = (uint16)(rand() % 53); > > /* count limits the number of traverses to 53^2 so we don't get stuck */ > for(count = 0; count < 2809; count++) { > jv++; > if (jv == 53) jv = 0; > A[jv] = (A[jv] + B[jv]) % C[jv]; > if (A[jv] < 16384) break; > } > if (count == 2809) fprintf(stderr,"Oops.\n"); > else { > if (!diehard) { > printf("%d\n",A[jv]); > } > else { > /* print output in DIEHARD required format: > ** actually since we have 16-bit ints and DIEHARD > ** wants 32-bit ints, we print 20 per line instead of 10 */ > if (nelem++ > 19) {printf("\n"); nelem = 0;} > printf("%4.4x",(unsigned int)A[jv]); > } > } > } > } > > > > -- But they do not reference the same table entries either as is plain to see. Your implementation, while appreciated, is plain flawed in many respects. We do not use any special As, Bs and Cs. Any selection will do. If you are going to implement that algorithm, please use all of it, not just the seed generator. I grant you that with only 53 different equations, the resultant seed numbers do not give a random CHI square, especially over short frame sizes. Certainly over 53^2, it would give you staccato results. Not only that, but they are congruent. Nevertheless, this is more of the supercilious half ass crap that writers post. If you implement the rest of the algorithm, you will find that it does always meet the Chi Square tests for randomness, not sometimes but always. I have posted over 200 megabytes of data to our web site and it is still there. Pick any spot in the data, and run your chi squares tests on it. If you are going to try to critiqued the IPG algorithm, please use the entire algorithm set out. There are so many things wrong with your implementation, that it would take me days to cover everything. I suggest that you get a sample copy of our operating program , generate your own Keys and then analyze the output data. Then if it does not perform as we have stated you can tear us apart. But your meaningless jabberwocky means nothing other than you have at least tried to understand the algorithm, which to repeat, we appreciate. From wichita at cyberstation.net Wed Dec 11 01:30:14 1996 From: wichita at cyberstation.net (wichita at cyberstation.net) Date: Wed, 11 Dec 1996 01:30:14 -0800 (PST) Subject: Ignoramus Chewed-Off on IPG algorithm In-Reply-To: <199611301953.NAA14436@manifold.algebra.com> Message-ID: On Sat, 30 Nov 1996, Igor Chudov @ home wrote: > Igor Chudov @ home wrote: > > > > Let's go on, to the description of the "scrambling tables" and > > actual encryption. > > > > He uses three tables, DIFF, DISP, DETR, each containing 4096 elements. > > DISP is randomly generated (or so I understand his term "prescrambled"), > > DIFF is a random transposition of DISP (same values as in DISP, but in > > another order), and DETR, again, is filled with some random data. > > > > Correction: by "scrambling" Don means transposing elements of the > table containing 4096 numbers 1-4096. Yes, but using the algorithms set out at the web site and our own 8192 byte keys, using the timing of keystrokes. Thus, we have randomized them, in a manner similar, but far more complex, to what Dr. Rivest did in his systems, and what I have done previously at NSA. > Only the DIFF and DISP tables are random transpositions of the numbers 0 - 4095, the DETR table is a random transposition of 16 sets of the numbers 0 - 255, the ASCII values. > - Igor. > Yes, but if you read the web site, you will find that those are only the initial values. The user generated key, the most important element, and the time and the message number, both of which are transmitted, are used to further randomize the three tables. Also, an user can customize their own initial values so that they are unlike any other set of values. In these respects, the technique is similar to aspects RC4/RC5, except far more complex, three tables instead of 1, and 4096 values instead of 256. I might add that the table lookup techniques are in effect similar to prime number cipher wheel systems employed by NSA over the years for very secure encryption systems, except that instead of the clear text providing an additional variable, CFB, the PRNG stream, the ABC equations, does that. Again, the best way to analyze the system is to get a copy and analyze the results using your own keys. As indicated, we even provide a test version where you can look at all the intermediate tables, the As, Bs, and Cs actually used and everything. With kindest regards, Don Wood From wichita at cyberstation.net Wed Dec 11 01:41:23 1996 From: wichita at cyberstation.net (wichita at cyberstation.net) Date: Wed, 11 Dec 1996 01:41:23 -0800 (PST) Subject: IPG algorithim In-Reply-To: <199611302150.PAA15126@manifold.algebra.com> Message-ID: Igor, Eric, As I have noted to Eric, I appreciate that at least both of you are trying to understand and implement the algorithm. My comments follow: On Sat, 30 Nov 1996, Igor Chudov @ home wrote: > [This is an addition to my previous reply to Eric] > > It bugs me that you are using rand() (a fairly lame pseudo-random > function that was never intended to be used in cryptographic > applications) to seed A, B, C and JV and then test the A(JV) for > randomness. Some may object to that. Just for fun, I am attaching a hex > dump of output from my /dev/random (Linux 2.0.24). You could simply take > these truly random values and put them in initial A, B, C and JV, just > to be sure. > > I doubt though that your results (poor randomness of A(JV)) will be > any different. I agree, and as I have indicated elsewhere, either the B or the C is is a prime number. The numbers in A, B, and C are not random numbers, they are only selected randomly in a manner almost identical to a LOTTO selections, except that the pools are much larger and the order is very significant. There are so many things that are wrong with the Murray implementation that it would be takes days to clarify it. It is simply not the algorithm, nor even any significant part of it. The actual As, Bs and Cs are specified at the Web ,site as is the algorithm for using the Key to select the ones actually used. In the example, 53 of 512 As, 53 of 600 plus Bs, and 53 of some 500 plus Cs. > > igor > > 0000000 c76d 74ac b253 ffc3 ae97 e092 629c 7a53 > 0000010 087a 21e6 8c2c 0ab6 a03a ea3c 0c71 a748 > 0000020 68f0 540d a4f2 0a2b b62b 4ab6 ddaa d3e4 > 0000030 a795 51f3 7dff 067d 2f6b 8d18 fa23 0200 > 0000040 99df 1d97 e232 b8d5 381f cf1e 7ea8 d971 > 0000050 8aa0 df0b cf41 53e2 a9f5 5304 dc28 c242 > 0000060 c01b 5990 75a1 688d 497f cc54 d336 217e > 0000070 7dd7 4800 09d4 ff5b 53b8 6308 d38f 60f5 > 0000080 513a 3ea7 90f6 4cdf e783 6a14 145a e2b1 > 0000090 2041 6bb5 f417 6109 6101 fecd b7f1 7287 > 00000a0 f31a 6cb4 d559 ed7c 1be8 e0ca 21f9 8779 > 00000b0 701e bbcc 8909 7743 bfef c5ef 0f60 cd6a > 00000c0 565b 30b5 e710 5f66 aa83 0751 5bc7 867e > 00000d0 87a8 8511 9969 d101 c1bb 871b a2e5 f579 > 00000e0 5e14 9167 480a 9fc2 8354 5769 4ee0 7765 > 00000f0 faf5 c29f 25ad 77ea 9ecf 39b4 2d11 969f > 0000100 099c f85a 7240 9922 0513 d607 41ea ba29 > 0000110 1886 2611 e577 50c6 87af 393a 782a 6666 > 0000120 9ae0 221e ec58 ce2e de77 b6de 5821 82e9 > 0000130 db17 5027 7e57 567a 2e82 f056 01d0 2cde > 0000140 0314 ac33 78bd d569 215e b8d7 6a3b 0caa > 0000150 b44f 8c6c 04de 4cf2 e111 2803 a073 7d27 > 0000160 f78c 9d28 70ca 1cd4 ce53 5dea 3141 efa9 > 0000170 8246 c7ee 4ed3 e49a 8d97 8ded d818 327a > 0000180 f999 e044 ff28 ffe9 0254 535c 7e70 a09c > 0000190 af58 bcd2 07b0 8146 f4cc 7568 751c c6ee > 00001a0 b6b7 be3f d870 84ce 7f8c 3ec4 1427 09fc > 00001b0 706e 93f8 9752 230b 74cd 0b0b 38be ba5b > 00001c0 a9a6 062a cdee f11d d367 37e2 ec4f 90e4 > 00001d0 9019 d9ff 2ff9 fb5d 559b 4dd0 2ab0 7e35 > 00001e0 184a 3e90 f072 7349 007f 5d41 c176 8d8a > 00001f0 a30c 1a68 eca6 63f4 256f 88e1 2cec dc1a > 0000200 a0ac 90f0 b515 2fbc 2778 4e66 2323 7528 > 0000210 59c3 c3a9 3ccd e29d 315a fa6a 7821 f6e4 > 0000220 7977 5e9f df6c f87e 5d15 5693 3da8 9790 > 0000230 faaf d028 0c05 f5f0 160a 8cb7 f726 18cf > 0000240 796d 77c5 3c2e 5ddb f770 7183 3c17 81b7 > 0000250 b0ff ad01 a4d3 26a1 7821 d210 376a 8283 > 0000260 3860 61a9 c509 e34c 46a4 7f70 b2ff 18db > 0000270 24ad 97b5 e474 eee2 9036 c125 3fdb 88ce > 0000280 824a 3096 98fc 0b9f 2f3a 6ac3 25e1 8d08 > 0000290 46c6 7218 ea87 3c6d 6395 6fc5 34b0 1447 > 00002a0 ddb3 b3af fdbf b545 5f47 0fe6 bfd0 e799 > 00002b0 99f6 1fc6 c70b 524f 717f a25d 9f08 f78a > 00002c0 e230 b4b9 2045 5652 9677 5ce3 a827 9e8f > 00002d0 261f 4650 c731 afbb e257 8410 621a 09aa > 00002e0 d991 7a3b bb68 4995 fd15 2afc 8e26 842b > 00002f0 cdf7 2d13 4055 9d22 be44 aa16 ed06 db8a > 0000300 4210 714b 330d 6c9e 3f81 c993 4d8b 2f6b > 0000310 134f 1566 8170 9cc6 4cff d188 78c4 29ae > 0000320 27ec 731f 391c 6241 ffaf 2967 8756 1517 > 0000330 5d1a e807 c477 7757 bd6a ff4c 1cf1 01ce > 0000340 dfa7 25b4 5a4f 9cf0 e96e 2d69 0de0 c24e > 0000350 0a2c 9ec8 112d 0851 c028 917b b00b f9a0 > 0000360 0b07 b9f0 c4ef 4426 1cce c8c8 7186 8c24 > 0000370 9868 fe68 9136 1316 1e58 e883 5aa9 1298 > 0000380 c0ed eaa4 aaa2 7f23 48d1 5056 8837 06ec > 0000390 5f69 ce3a 3d5b 1e7a 7545 e237 352d d887 > 00003a0 df9c 734d a441 7fa5 6685 eff0 4ce8 1876 > 00003b0 f9c9 2e18 f825 3a3a a6b8 e0cc 5d49 136a > 00003c0 853d dd88 c0f8 befc 8b87 e261 fd73 09af > 00003d0 b392 3afa f38e 6a25 cc5d b624 1012 49f3 > 00003e0 31b0 196c aa02 b3f2 454a 7817 2198 5ad7 > 00003f0 84c5 f22d 8b6e cdc9 12c3 d0b5 b866 9976 > 0000400 97a7 3b5e dedf 201d 50f5 99a6 bf54 04ab > 0000410 a34e 3a66 538c 51a0 c00b 7ae8 f2ae 6343 > 0000420 c5f1 1ef1 1f8f 7415 5b50 53a4 33ad d046 > 0000430 13b6 62a2 cc34 feee 7fda 671a 2b28 a36c > 0000440 a806 15be 1ccc b5b9 ef85 04ca 168c 8cd0 > 0000450 c44e d117 a6c8 cbaf 3b5b 581c d94a 8469 > 0000460 effb 0f18 cd45 5c77 6ab1 1289 e385 9771 > 0000470 199f 5610 8095 be8b e257 2ef8 a221 99ee > 0000480 1d8b c81c 9781 e803 e4ab 4afb 5669 efb1 > 0000490 b31f 36e2 5930 b838 e84c 4f6e a709 0c40 > 00004a0 fefe c530 4ee2 ee3a aa2e e278 de99 8b1e > 00004b0 4e83 c98a 47cd 4715 081d 7c7d 5f6f 657c > 00004c0 49b5 70c0 937a d4c2 39ff d282 8768 1d7c > 00004d0 40fe 1ed1 59b9 d0f7 b4cc 55b3 5da2 4118 > 00004e0 14dc 4b71 202a fb96 0bed 6d2a 03d6 2f2d > 00004f0 9056 8d84 8b6e 948b 4b89 efd1 53ba 9a13 > 0000500 ea01 770a dc40 fcad bf69 cf60 7884 3f66 > 0000510 b057 2e82 3745 2839 f68d f637 ad95 5463 > 0000520 ff3c 353d 08b2 44c2 72bb b25b f60d 0dbf > 0000530 455a e9b4 8bbf 3307 071a f720 f00e 0217 > 0000540 f8cc f7cc 2cc4 ef14 e6b6 7dbc ceff 2dea > 0000550 fc34 ed72 d59b 8cd2 794c 2d11 e470 ba44 > 0000560 bff3 c531 b38b 5398 4a46 63be d86b ae19 > 0000570 d6a4 2e8d da0d 0ff9 a3db 2cc4 0494 72b1 > 0000580 b871 1f7e b8da a2f0 2f63 b522 3212 43da > 0000590 f910 374e b1f5 5462 8db0 65ef 5e5b 9bf1 > 00005a0 9337 5003 31fc 47a9 8c06 d0d8 c8ab 8732 > 00005b0 ff5e 7fe3 b43c 9ba0 14dd f31f cf4c a5b5 > 00005c0 5552 b1ee 0ee6 a38f dc2b 32ac ab80 e12d > 00005d0 be8c ad7d 89e9 5cda 0781 f30c b1d1 3163 > 00005e0 72f9 bcbe 5972 1862 3a15 660f 4227 b168 > 00005f0 280d 35fa 1765 46f3 468b 0538 44fc 216e > 0000600 30f6 8340 6805 7f5c a280 fcdf 563d 9751 > 0000610 50c9 fb04 065c 12ec 9ce3 34ee 2a3d f821 > 0000620 d43e b64e 067f fd26 5e94 b7d1 9b28 fbcf > 0000630 811b 4631 6018 5385 1297 e37a b0ea c6fd > > Eric Murray wrote: > > > > > > > > I have translated the IPG algorithim's "engine" to C, to generate > > some random values from it for testing purposes. It does not > > look very random in either the xnoisesph program or the DIEHARD > > test battery. However I may well have misinterprested Mr. Wood's > > description (his writing is, as Mr. Chudov points out, difficult to > > understand) or written my code incorrectly. Here it is, play > > with it yourself. To my untrained eye the lack of randomness > > in what's essentially a stream cipher would be disturbing. > > However I am not a cryptoanalysist so I do not know to > > what extent this weakens the cipher. > > > > > > The IPG description does not say (but implies to me) that > > the various tables that are to be filled in by "random" values must > > be filled in by PRNGs that are seeded with the same seeds by > > each of the party that knows the key. Otherwise the "encryptor > > streams" that are generated will be unrelated and decryption will not > > be possible. To make my test work I have used the simple rand() > > function to fill in the tables. > > > > > > Corrections are welcome. > > > > > > > > #include > > > > /* a C translation of the IPG "EUREKA" algorithim's "engine". > > ** This is supposed to produce random numbers for the IPG > > ** "encryptor stream". > > ** See http://www.netprivacy.com/ for the original description. > > ** Eric Murray ericm at lne.com This code placed under GNU copyleft. */ > > > > /* machine-dependent stuff, change to suit different platforms: */ > > typedef unsigned char byte; > > typedef unsigned short uint16; > > > > > > /* tables: */ > > uint16 A[53]; > > uint16 B[53]; > > uint16 C[53]; > > > > > > int init_table(uint16*table, uint16 min, uint16 max) > > { > > /* IPG specifies no algorithim for producing the "random" > > ** initial values in the ABC tables, but it's obvious that > > ** it requires a PRNG that's somehow seeded from the "key". > > ** I've just used rand() here. In UNIX rand() called with no > > ** seed is supposed to seed itself with 0. */ > > int i; > > int count, r; > > > > for(i = 0; i < 53; i++) { > > table[i] = min + (rand() % (max - min)); > > } > > } > > > > main(int argc, char **argv) > > { > > uint16 jv; > > int argcnt, i, n, count, diehard, nelem; > > > > diehard = 0; > > argcnt = 1; > > if (argc >= 2) { > > if (strncmp(argv[argcnt],"-d") == 0) { > > diehard++; > > argcnt++; > > } > > } > > if (argc > argcnt - 1 ) { > > n = atoi(argv[argcnt]); > > fprintf(stderr,"Generating %d values\n",n); > > } > > else { > > n = 2000; > > } > > > > /* seed tables: */ > > fprintf(stderr,"Seeding: A"); fflush(stderr); > > init_table(A,0,65535); > > fprintf(stderr," B"); fflush(stderr); > > init_table(B,0,12227); > > fprintf(stderr," C"); fflush(stderr); > > init_table(C,16384,20361); > > fprintf(stderr,"\n"); fflush(stderr); > > > > /* generate n values: */ > > for(; n > 0; n--) { > > /* jv is "random" (where's it seeded from?) */ > > jv = (uint16)(rand() % 53); > > > > /* count limits the number of traverses to 53^2 so we don't get stuck */ > > for(count = 0; count < 2809; count++) { > > jv++; > > if (jv == 53) jv = 0; > > A[jv] = (A[jv] + B[jv]) % C[jv]; > > if (A[jv] < 16384) break; > > } > > if (count == 2809) fprintf(stderr,"Oops.\n"); > > else { > > if (!diehard) { > > printf("%d\n",A[jv]); > > } > > else { > > /* print output in DIEHARD required format: > > ** actually since we have 16-bit ints and DIEHARD > > ** wants 32-bit ints, we print 20 per line instead of 10 */ > > if (nelem++ > 19) {printf("\n"); nelem = 0;} > > printf("%4.4x",(unsigned int)A[jv]); > > } > > } > > } > > } > > > > > > > > -- > > > > - Igor. > With Kindest Regards, Don Wood From wichita at cyberstation.net Wed Dec 11 01:47:11 1996 From: wichita at cyberstation.net (wichita at cyberstation.net) Date: Wed, 11 Dec 1996 01:47:11 -0800 (PST) Subject: IPG algorithim In-Reply-To: <199611302127.PAA14989@manifold.algebra.com> Message-ID: On Sat, 30 Nov 1996, Igor Chudov @ home wrote: > Eric Murray wrote: > > > > > > > > I have translated the IPG algorithim's "engine" to C, to generate > > some random values from it for testing purposes. It does not > > look very random in either the xnoisesph program or the DIEHARD > > test battery. However I may well have misinterprested Mr. Wood's > > description (his writing is, as Mr. Chudov points out, difficult to > > understand) or written my code incorrectly. Here it is, play > > with it yourself. To my untrained eye the lack of randomness > > in what's essentially a stream cipher would be disturbing. > > However I am not a cryptoanalysist so I do not know to > > what extent this weakens the cipher. > > Thanks for an interestnig approach to testing (see below). > > > The IPG description does not say (but implies to me) that > > the various tables that are to be filled in by "random" values must > > be filled in by PRNGs that are seeded with the same seeds by > > each of the party that knows the key. Otherwise the "encryptor > > streams" that are generated will be unrelated and decryption will not > > be possible. To make my test work I have used the simple rand() > > function to fill in the tables. > > A good point. > > > Corrections are welcome. > > see below. > > > > > #include > > > > /* a C translation of the IPG "EUREKA" algorithim's "engine". > > ** This is supposed to produce random numbers for the IPG > > ** "encryptor stream". > > ** See http://www.netprivacy.com/ for the original description. > > ** Eric Murray ericm at lne.com This code placed under GNU copyleft. */ > > > > /* machine-dependent stuff, change to suit different platforms: */ > > typedef unsigned char byte; > > typedef unsigned short uint16; > > > > > > /* tables: */ > > uint16 A[53]; > > uint16 B[53]; > > uint16 C[53]; > > > > > > int init_table(uint16*table, uint16 min, uint16 max) > > { > > /* IPG specifies no algorithim for producing the "random" > > ** initial values in the ABC tables, but it's obvious that > > ** it requires a PRNG that's somehow seeded from the "key". > > ** I've just used rand() here. In UNIX rand() called with no > > ** seed is supposed to seed itself with 0. */ > > int i; > > int count, r; > > > > for(i = 0; i < 53; i++) { > > table[i] = min + (rand() % (max - min)); > > } > > } > > > > main(int argc, char **argv) > > { > > uint16 jv; > > int argcnt, i, n, count, diehard, nelem; > > > > diehard = 0; > > argcnt = 1; > > how about doing randomize()? > > > if (argc >= 2) { > > if (strncmp(argv[argcnt],"-d") == 0) { > > diehard++; > > argcnt++; > > } > > } > > if (argc > argcnt - 1 ) { > > n = atoi(argv[argcnt]); > > fprintf(stderr,"Generating %d values\n",n); > > } > > else { > > n = 2000; > > } > > > > /* seed tables: */ > > fprintf(stderr,"Seeding: A"); fflush(stderr); > > init_table(A,0,65535); > > fprintf(stderr," B"); fflush(stderr); > > init_table(B,0,12227); > > fprintf(stderr," C"); fflush(stderr); > > init_table(C,16384,20361); > > fprintf(stderr,"\n"); fflush(stderr); > > > > /* generate n values: */ > > for(; n > 0; n--) { > > /* jv is "random" (where's it seeded from?) */ > > jv = (uint16)(rand() % 53); > > > > /* count limits the number of traverses to 53^2 so we don't get stuck */ > > for(count = 0; count < 2809; count++) { > > 2809 is a too small limit. For example, if ALL B == 1, A == 16385, and > C == 20361, the loop may need (20361-16385) passes to get to the < 16384 > value. > > Again, if all A = 16385, all B = 0, all C = 16386, the loop will never > end with a correct A (your code reflects that). > > > jv++; > > if (jv == 53) jv = 0; > > A[jv] = (A[jv] + B[jv]) % C[jv]; > > if (A[jv] < 16384) break; > > } > > if (count == 2809) fprintf(stderr,"Oops.\n"); > > else { > > if (!diehard) { > > printf("%d\n",A[jv]); > > } > > else { > > /* print output in DIEHARD required format: > > ** actually since we have 16-bit ints and DIEHARD > > ** wants 32-bit ints, we print 20 per line instead of 10 */ > > if (nelem++ > 19) {printf("\n"); nelem = 0;} > > printf("%4.4x",(unsigned int)A[jv]); > > } > > } > > } > > } > > > > > > You are also bringing a good point that Chi-squared tests are not > sufficient to make any conclusions about usefulness of this particular > pseudo random number generator. > > - Igor. > Chi Squares alone are not sufficient but we are only talking about the seed algorithm, and at our web sites, you will find Standard Deviations, Chi Squares, Delta ICs, autocorrelations, cross correlations, and a variety of other tests done on single characters, couplets - pairs, first differences, second differences, offset differences and all kinds of other tests. From wichita at cyberstation.net Wed Dec 11 01:51:04 1996 From: wichita at cyberstation.net (wichita at cyberstation.net) Date: Wed, 11 Dec 1996 01:51:04 -0800 (PST) Subject: IPG algorithim In-Reply-To: <32A0EE99.1023@gte.net> Message-ID: On Sat, 30 Nov 1996, Dale Thorn wrote: > Eric Murray wrote: > > I have translated the IPG algorithim's "engine" to C, to generate > > [snippo] > > Now that's what I call amazing. Maybe I could rewrite PGP > tomorrow (hee hee). > > More than amazing, it is all screwed up to. Random As, Bs, and Cs which granted would never work, no 3 dimensional lookup tables and kinds of other problems too. But at least he and Igor are trying, and you to a degree too. Thanks, Don Wood From wichita at cyberstation.net Wed Dec 11 01:54:03 1996 From: wichita at cyberstation.net (wichita at cyberstation.net) Date: Wed, 11 Dec 1996 01:54:03 -0800 (PST) Subject: IPG algorithim In-Reply-To: <199612010021.QAA14426@slack.lne.com> Message-ID: Everything is still screwed up. The As, Bs and Cs are selected in much the same fashion as LOTTO numbers except that the pools are much larger and order is significant. They are not random, that would never work. On Sat, 30 Nov 1996, Eric Murray wrote: > > Igor Chudov @ home writes: > > > > [This is an addition to my previous reply to Eric] > > > > It bugs me that you are using rand() (a fairly lame pseudo-random > > function that was never intended to be used in cryptographic > > applications) to seed A, B, C and JV and then test the A(JV) for > > randomness. Some may object to that. > > Yea, you're right, rand() is lame. > > I added /dev/random to my Linux box and changed my small test to use it. > I also changed the way that I use JV- I had been setting it to a random > value for each trip through the "engine", but since I beleive that > its value can't really be random (if you want to be able to have someone > decrypt your stuff :-) but must be exchanged in the key, I set it > to a random value once and then let it float. It's also a lot faster > that way, /dev/random is pretty slow (because it's looking for real > random material). > > My results from xnoisesph were wrong- xnoisesph wants random bytes > instead of random integers in ascii format as I was producing. > Changing it (as I have below) makes the xnoisesph output look > much better, but it still isn't all that random. The random seed generators > I have written that get their randomness from repeated calls > to high-resolution timers and hashes of system log files do better. > I also fixed a minor bug in arg processing. > > > > > > > #include > #include > > /* a C translation of the IPG "EUREKA" algorithim's "engine". > ** This is supposed to produce random numbers for the IPG > ** "encryptor stream". > ** See http://www.netprivacy.com/ for the original description. > ** Eric Murray ericm at lne.com This code placed under GNU copyleft. > ** V0.2 */ > > typedef unsigned char byte; > typedef unsigned short uint16; > > > /* tables: */ > uint16 A[53]; > uint16 B[53]; > uint16 C[53]; > > > #ifndef NO_DEV_RANDOM > uint16 getrand() > { > uint16 ret; > int fd = open("/dev/random",O_RDONLY); > if (fd <= 0) { > perror("/dev/random"); exit(-1); > } > read(fd,(unsigned char *)(&ret),sizeof(ret)); > close(fd); > return(ret); > } > #else > /* do something appropriate for your OS here, rand() is lame. */ > #define getrand rand > #endif > > > int init_table(uint16*table, uint16 min, uint16 max) > { > /* IPG specifies no algorithim for producing the "random" > ** initial values in the ABC tables, but it's obvious that > ** it requires a PRNG that's somehow seeded from the "key". > ** I've used /dev/random here, so there's no question that > ** I'm starting out with pretty good random values. */ > int i; > int count, r; > > for(i = 0; i < 53; i++) { > table[i] = min + (getrand() % (max - min)); > } > } > > main(int argc, char **argv) > { > uint16 jv; > int argcnt, i, n, count, diehard, nelem; > > diehard = 0; > argcnt = 1; > if (argc >= 2) { > if (strncmp(argv[argcnt],"-d",2) == 0) { > diehard++; > argcnt++; > } > } > if (argc > argcnt - 1 ) { > n = atoi(argv[argcnt]); > fprintf(stderr,"Generating %d values\n",n); > } > else { > n = 2000; > } > > /* seed tables: */ > fprintf(stderr,"Seeding: A"); fflush(stderr); > init_table(A,0,65535); > fprintf(stderr," B"); fflush(stderr); > init_table(B,0,12227); > fprintf(stderr," C"); fflush(stderr); > init_table(C,16384,20361); > fprintf(stderr,"\n"); fflush(stderr); > > /* generate n values: */ > /* jv is "random" (where's it seeded from?) */ > jv = (uint16)(getrand() % 53); > for(; n > 0; n--) { > > /* count limits the number of traverses to 53^2 so we don't get stuck */ > /* 2809 is actually too low per Chudov: > ** "For example, if ALL B == 1, A == 16385, and C == 20361, the > ** loop may need (20361-16385) passes to get to the < 16384 value." > */ > for(count = 0; count < 2809; count++) { > jv++; > if (jv == 53) jv = 0; > A[jv] = (A[jv] + B[jv]) % C[jv]; > if (A[jv] < 16384) break; > } > if (count == 2809) fprintf(stderr,"Oops.\n"); > else { > if (!diehard) { > write(1,(unsigned char *)&A[jv],sizeof(uint16)); > } > else { > /* print output in DIEHARD required format: > ** actually since we have 16-bit ints and DIEHARD > ** wants 32-bit ints, we print 20 per line instead of 10 */ > if (nelem++ > 19) {printf("\n"); nelem = 0;} > printf("%4.4x",(unsigned int)A[jv]); > } > } > } > } > -- > Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm > PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF > From wichita at cyberstation.net Wed Dec 11 01:55:46 1996 From: wichita at cyberstation.net (wichita at cyberstation.net) Date: Wed, 11 Dec 1996 01:55:46 -0800 (PST) Subject: IPG algorithim In-Reply-To: <199612010026.SAA15878@manifold.algebra.com> Message-ID: Read the others, they are trying but like Dale Thorn said, they cannot do it in a few minutes. Thanks, Don Wood From drose at AZStarNet.com Wed Dec 11 02:06:00 1996 From: drose at AZStarNet.com (drose at AZStarNet.com) Date: Wed, 11 Dec 1996 02:06:00 -0800 (PST) Subject: Redlining Message-ID: <199612111005.DAA17355@web.azstarnet.com> Matthew J. Miszewski wrote: (snip) >I, personally, find racial discrimination to be a problem in the USA. > >Not only do I find it a moral problem, but it has adverse effects on >markets and the efficiency of these same markets. > >It is costly not only in personal measures, but in economical terms as well. > >As a way to address these concerns, holistically, moral concerns as well as >economic concerns, I do support limited regulation specifically tailored to >address this problem. > >One of the means of addressing only one specific aspect of this problem is >to legislatively restrict the practice of redlining. (snip) Many people of good will find racial discrimination to be abhorrent. OTOH, I'm sure that as an attorney you are cognizant of the fact that financial institutions have a fiduciary responsibility to their shareholders. In any case, have you given any consideration to taking your well-meaning but off-topic thoughts to any one of a number of perhaps more appropriate fora? From wichita at cyberstation.net Wed Dec 11 02:06:37 1996 From: wichita at cyberstation.net (wichita at cyberstation.net) Date: Wed, 11 Dec 1996 02:06:37 -0800 (PST) Subject: more IPG and random numbers In-Reply-To: <1.5.4.32.19961204142607.006a18bc@popd.ix.netcom.com> Message-ID: I agree generally to what Clay sets out below. However, the test cannot be run apart from the other integral parts involved. Incidentally, try running triplet, or even greater, autocorrelation of the 200 megabytes set out at our web site. there is absolutely no problem. As indicated in our statistics, we have already done that. On Wed, 4 Dec 1996, Clay Olbon II wrote: > At 09:24 PM 12/3/96 -0800, Eric Murray wrote: > >I did some more experiments with the IPG stream-cipher > >algorithim and random number tests. Since IPG claim that their > >algorithim passes chi-square tests of randomness, I found > >a chi-square test program. It's written by Peter Boucher > >and was posted to sci.crypt in '93 (<2bum8sINN98j at roche.csl.sri.com>). > > Eric, > > The chi-square test is fairly easy to implement. Understanding the > alogrithm and interpreting what the test results mean is as important as a > proper implementation. An excellent text that covers testing PRNGs > (including, chi-square, KS, runs (up, down, above & below the mean), and > autocorrelation) is Simulation Modeling & Analysis, by Law & Kelton. > > >> Does the 'runs up' (or 'runs down') test with run-length equal to two > >> get me anything over the standard chi-square test? I left it in. > > Yes. It tests yet another aspect of "is the data truly random?" > > >First I ran the output from my version of the IPG algorithim that I > >posted a couple days ago : > > > >% ./boucher < ipg.out > >Occurances: n = 12000000, V=-8375833.71 > >Character occurances non-random > >Successions: n = 46875, V=62287.82 > >Character successions non-random > > Unless the V is a typo, there is an error in the code. The chi-square > statistic can never be negative. > > >Then I ran output from a test RNG that's basically a loop around random(): > > > >% ./boucher < myrandom/out > >Occurances: n = 3414720, V=213050.62 > >Character occurances non-random > >Successions: n = 13338, V=1143.41 > >Character successions non-random > > I did considerable testing on random() a while back. It is actually quite > good at producing a uniform distribution. There were other problems however > (notably autocorrelation in triplets). > > >Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm > >PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF > > I suggest you take a look at the chi-square program and check it for errors. > Based on the above observations, I am a little suspicious of your results. > > As a side note, I tend to test PRNGs using stream lengths that are similar > to what I will need in a real use of the generator. I also test multiple > seeds, because statistically, some seeds will fail. Of course, testing > multiple seeds has its own problems (see the bonferroni inequality) of which > most non-statisticians are unaware. > > I have been curious for a while about developing a statistical test that > would examine the expected number of failures of a repeated statistical > test. Haven't had the time to look into it yet though - not enough hours in > the day. > ******************************************************* > Clay Olbon olbon at ix.netcom.com > engineer, programmer, statistitian, etc. > **********************************************tanstaafl > > With Kindest regards, Don Wood From wichita at cyberstation.net Wed Dec 11 02:45:00 1996 From: wichita at cyberstation.net (wichita at cyberstation.net) Date: Wed, 11 Dec 1996 02:45:00 -0800 (PST) Subject: Ignoramus Chewed-Off on IPG algorithm In-Reply-To: <199611301803.MAA13859@manifold.algebra.com> Message-ID: Igor, I greatly appreciate the fact that you are looking at the algorithm. You have the general idea but I do not believe that you have spent enough time with it to understand what all is going on. For instance, be advised that all Bs and Cs are not random numbers at all, but rather they are randomly selected from a previously selected set of values, so that there are no repeats and all Bs are less than the smallest possible C, and the sum of B plus C is always < 32761. Furthermore, either B or C, one and sometimes both, are prime numbers. You might have an A(i) value of zero, and will have it 1 in C(i) iterations, but you can never have a b value of 0, or a C values or zero. Nor can any set of: A(JV)=A(JV)+B(JV) MOD C(JV) generate a partial set set of the possible C values because either the B value or the C value is prime. Furthermore, initial A values are chosen so that A+ Bmax + Cmax is less than 32761. Accordingly the circumstances that you describe cannot occur. The randomness referred to in the As, Bs, and Cs, result from the selection process, not from the values themselves. It goes without saying that using random values would not work, for the reason that you mention plus other. For instance, there are no repeats between any of the As, Bs, and Cs which is one indication that they are not random. To the contrary, the pool of numbers are selected numbers, approximately 66% prime and 33% nonprime, which maximizes the covariance, in a LP sense, with the modulos 4096 and 256. The selection process uses a key, generated by the user from the timing of keystrokes, to select the which As, Bs and Cs will actually be used. I tried to explain this in the detailed algorithm explanation. at the web site. On Sat, 30 Nov 1996, Igor Chudov @ home wrote: > Igor Chudov @ home wrote: > > > > Hi, > > > > I was sort of tired of endless talk that "IPG algorithm was not > > peer-reviewed, blah blah blah, so we won't even look at it, > > blah blah blah", and decided to look at what Don Wood writes and > > try to see how his program actually works. > > > > Of course, I am not an expert in cryptography, and will appreciate all > > corrections. The web page to look at is http://www.netprivacy.com/algo.html, > > and it describes IPG algorithm in some detail. > > > > First of all, the description of the algorithm is extremely unclear. I > > understand that this may be Don Wood's writing style, but it is certainly > > not the most efficient style for precise communications. I suggest that > > Don tries to rewrite his description to be more structured. > > > > Second, I seriously suspect that his algorithm of "trimming" is NOT > > going to work right. Just to remind everyone, he generates pseudo-random > > A(JV), B(JV), C(JV) such that > > > > 16384 < C < 20361 > > B < 12227 > > A arbitrary (at least the web page contains no restrictions > > on the value of A). > > > > and then goes on to "trimming" -- a process that obtains a new value > > of A that is LESS than 16384 through this algorithm: > > > > DO > > JV=JV+1 > > IF JV=53 THEN JV=0 > > A(JV)=(A(JV)+B(JV)) MOD C(JV) > > UNTIL A(JV)<16384 > > > > We shall first note that THERE ARE CASES WHEN THIS ALGORITHM WILL NEVER > > STOP! For example, if all A values are _initially_ 16385 and all C > > values are 16386 and all B's are 0, it is obvious that the pseudocode > > above will be stuck in endless loop. > > > > No good for IPG algorithm. > > > > in fact, if only some triplets of A, B, and C have B == 0 and 16384 < A < C, > > these triplets will always be ignored (skipped) by his trimming process. > > Note also that if B(K) == 1, his algorithm will need to make C passes > through the loop for JV == k, in order to generate a new value of A(JV). > > This is very inefficient and results in a bias for triplets with high > Bs -- because they will generate good A(JV) more frequently. > > - Igor. > From mf at MediaFilter.org Wed Dec 11 02:49:45 1996 From: mf at MediaFilter.org (MediaFilter) Date: Wed, 11 Dec 1996 02:49:45 -0800 (PST) Subject: black.hole in the net Message-ID: <1361846569-1146094@MediaFilter.org> Call For Projects: ____________________the black.hole in the net is open. ____________________please go to: ____________________http://black.hole. or ____________________http://blackhole.autono.net. for name.space. networks, go directly to ____________________http://project.black.hole. to add your link (name.space. url's only!). and ____________________http://switchboard.black.hole. This project is based on "soft home" or "multi-homing" on web servers with the use of only one ip number. any number of names can be mapped to a single ip number. the server delivers the web page associated with the name that the server answers to, i.e. http://black.hole returns the black.hole page http://switchboard.black.hole returns the black.hole link page http://project.black.hole returns the black.hole link generator page The black.hole is an example of content-routing possible with the name.space naming system. Best regards, Paul Garrin mf at mediafilter.org please forward this message. http://name.space. http://namespace.autono.net. for more info on name.space, visit the site, or hear the confrontation over it on hotwired's hotseat (this is not an ad or endorsement for wired!) http://www.packet.com/hotseat (in realaudio) From nobody at huge.cajones.com Wed Dec 11 03:16:24 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Wed, 11 Dec 1996 03:16:24 -0800 (PST) Subject: Redlining Message-ID: <199612111116.DAA05699@mailmasher.com> At 12:26 AM 12/11/1996, Matthew J. Miszewski wrote: >My original point, in fact, was taken out of context and so: > >At 10:50 AM 12/3/1996, Matthew J. Miszewski wrote: >>(snip) >>>(Just for the record, what the hypothetical insurance companies and >>>employers are doing by using data they have obtained should not, in >>>a free society, be illegal in any way. All information contributes >>>to decision-making, about loans, credit, insurance, employment, etc. >>>In a free society, it is up to people to not disclose that which >>>they do not wish remembered.) >> >>While the libertarians on the list have affected my way of looking at >>regulation I, and others, do not subscribe (suscribe ;)) to Tim's >>absolute theory. Unless, of course, by free society Tim is refering >>to one where corporations hold themselves to a level of "personal" >>responsibility, which in many realms is part of any definition of >>"free". >> >>Take, for example, the practice of redlining. How are people who live in >>"bad" neighborhoods supposed to not reveal that information. > >My question was a real one. The basis of it comes from my work with >the homeless in which they have a difficult time getting a job >because they have no "home address" to put on the forms, some do not >have or remember their SSNs, etc. This causes a cyclic problem for >the homeless. My question to Tim was, in the real world, how is the >protection of this data feasible. The way you protect your home address is by using another address for work which is not your home. The way I would do this is to find a mail box service which offers addresses that look like a home. A homeless person might find somebody with a home (like you) who will receive their work related mail for them. A "phone" is easy to get, too. You can get a telephone number which is linked to a voicemail box. You can even get this number listed in the telephone book, if you like. The cost of this service should be less than twenty dollars a month. If you want to go wild, you can get a pager linked voicemail number. This means your pager goes off when you get a message. Handy. But, even this small expense may be out of reach of a homeless person or a homeless advocate. What you can do is get a second line for your home and keep it unlisted. Then, give it to your homeless friends for work related purposes. If the number is only used for work messages, you could probably handle over a hundred people on this one line. As for the social security number, it has been claimed many times on this list that nobody checks them anyway. There are programs which generate real-appearing numbers. (I think one was called "ssn.exe".) And, you can go to the SSA to find out somebody's SS number or to have one issued. It will take awhile. >I do have responses to each of your "points" in your last post, but have >found the process of responding point-by-point tedious and non-productive >(maybe less productive than the time I have to give to the exercise, I was >not intending on placing a value judgement on it). This gives the appearance that you are avoiding the points I raised. My conclusion is that your views are indefensible. Having described my views on the poor as "idiotic", I think it is in poor taste to withdraw from the field without justifying your claim. >As the topic quickly wandered from the original post on privacy >concerns to racial discrimination, I will address that. I apologize >to the list (for those that find it irrelevant), but I can not reply >directly to Red. Cryptoanarchy is not friendly to schemes to prohibit racial discrimination. Indeed, it is unfriendly to any scheme which attempts to control the relationships between people. >I, personally, find racial discrimination to be a problem in the USA. It would be nice if everybody in the U.S. was not a racist. It would be nice if all the bad people just left. >Not only do I find it a moral problem, but it has adverse effects on >markets and the efficiency of these same markets. It is costly not >only in personal measures, but in economical terms as well. But, of course, I don't subscribe to the notion that market efficiency is the best means of determining policy. For one thing, concepts such as efficiency and production are politically defined. If I grow food for myself, it does not affect GDP figures. If I trade the food for money and buy something, then the same production increases GDP. This is not sensible. More importantly, I don't believe that market efficiency, however measured, is sufficient justification for dictating other people's actions. "Market efficiency" is a gambit to conceal dictatorial powers in a scientific cloak. Discussions of market efficiency typically overrule the preference that citizens have. One could imagine that a study that concluded alcohol consumption reduced national efficiency and should therefore be banned. Yet, this completely fails to take into account the strong preference many people have to drink. Some even consider it to be a religious sacrament. I don't believe such preferences should be ignored. They should be respected. Likewise, if somebody just cannot stand Albanians, we should respect their preference even though we may personally disagree with it and even though we may believe it makes the annual GDP number lower. I am not sure exactly what "costly ... in personal measures" means. If you mean that somebody who will not speak with Albanians is deprived of rewarding friendships they might otherwise have, that is probably true. On the other hand, the Albanian-hater will not see it that way. That is his or her tough luck. >I do expect many on the list to disagree with me....They will >disagree that it affects markets in any way. Just for the record, I can imagine that racial prejudice could have a slight effect on mortgage prices (i.e, interest). But, since the CMO revolution, I am inclined to believe that effect will be quite small and is probably unnoticeable. >They will assert that legislative restrictions are far worse than >industry self-policing. Just for the record, I am not advocating "industry self-policing". Policing is what I disagree with. >More will disagree that the government has any business regulating >the area. As I had stated simply before, I disagree. All you have really said is "I believe X." Should we take your belief on faith or are there reasons which underly your beliefs? >Thru painful learning experiences and reality checks - long arguments >over several months and too much coffee - I decided that I would not >want to live in a libertarian's ideal society. This decision was >based on my perception that it just wouldnt work in reality. >>I'm sure many readers of this list have had conversations which >>abruptly end with "Are you a Libertarian?", which is generally >>completely irrelevant to the point under discussion. What is >>happening is that the other person is more interested in knowing your >>tribal identification than what you believe. A pity. > >As strange as it may sound to you, most of my conversations go this >way. It is ironic to me that I have been placed on this side of an >argument. Yet, you are doing something very similar when you raise the issue of "a libertarian's ideal society". Likewise, you criticized Tim May for having (roughly) "too absolute a theory". In either case, you are avoiding substantive discussion, preferring to make prejudicial remarks. Here we are discussing some very specific policies and their ethical implications. There is no need to raise the specter of the "libertarian ideal society". One nice thing about Libertarian-style discussions is that most of the policies are separable; that is, we can discuss redlining without discussing highway privatization. This makes a nice contrast to other styles of discussion in which the proposed scheme only works if everybody participates. The most extreme example was Marxism where it was claimed that it would fail if the entire world was not Marxist. >Do you tend to think of me now as "less of a Libertarian" much as >your forewarned "In the House" black reference? "In the house"? This appears to be an American idiom which I haven't learned yet. I used the word "forewarned" once. I said that it would be hard to believe that even wealthy African-Americans were racist in their lending practices. I still find it hard to believe. It may surprise you to know that I am not all the interested in whether you call yourself a Libertarian. >>Do we then believe that we should outlaw the actions they take based >>on these beliefs? So long as the people in question are doing no >>harm, I propose we leave them alone to live their lives. > >This is the essence of, at least, my disagreement with you Red. I >dont agree that redlining doesnt harm people. You see no harm. I >do. Your reluctance to discuss the nature of the harm you perceive does not give the impression that you have good reasons for your perception. Red Rackham From mf at MediaFilter.org Wed Dec 11 03:22:38 1996 From: mf at MediaFilter.org (MediaFilter) Date: Wed, 11 Dec 1996 03:22:38 -0800 (PST) Subject: Much Ado About Names Message-ID: <1361845458-1212940@MediaFilter.org> Much Ado About Names The internet naming system, known as the "domain name system" has made the transition to the private sphere from the once taxpayer supported public sphere, under guardianship of the National Science Foundation. The current operator of the name registry, the InterNIC (internet network information center), is Network Solutions, Inc.who now enjoys a highly profitable monopoly. Network Solutions, Inc., who is owned by Scientific Applications International Corporation (SAIC) began charging for the once gratis name registrations in September 1995 as the internet was well on its transition to a commercial marketplace. Their registration fee of $100 for the first 2 years of service has richly lined NSI's coffers as the number of registrations reached around 50,000 per month during 1996. During this interval, the limitations of the current naming paradigm became obvious as companies discovered that they had to race, or in some cases litigate, to secure their internet identities, "their-name.com"--only to discover that it was already assigned. Some, like golf protege, Tiger Woods, became victims of name speculators who registered famous names in hopes of selling them back to their rightful owners. The holders of "tigerwoods.com" were said to be willing to give the REAL Tiger Woods his name back only if they could do his website! Part of the problem lies not just in human greed, but in the limited number of the so-called "top level domains" administered by the InterNIC, "com." "edu." "org." "net." and "gov.". Under this system, which has its roots in the US Dept. of Defense bureaucracy, was designed to identify the purpose or geographic location of computers on the internet. The "com." domain was the division given to commercial network addresses, who at the time the system was established, were a minority of networks on the interet--the majority being "mil." "gov." "edu." and "net.". Now that the number of commercial networks has grown beyond any scale ever imagined by the architects of the internet, the "com." domain has proven to have reached its limits. Users have been frustrated by the limitations, speculation, and buraucracy associated with registering an address on the internet with the InterNIC/NSI/SAIC monopoly. Pressure on the committee that assigns unique parameters on the internet, the Internet Assigned Numbers Authority (IANA) has pushed IANA to for an ad-hoc committee to decide how to deal with the domain name "shortages". IANA has put forth a controversial plan to license comapnies who wish to compete in the market for domain name service--in a market- place which was recently deregulated, and in which IANA has no congressional authority to impose regulation, or levy taxes --or as they frame it, collect license fees: a $1000 non-refundable application fee, a $2000 annual license fee, plus 2% of comapany revenues. IANA claims that these funds will be spent on maintaining the rootservers--the computers which hold the central name dabase. The computers holding the domain name database are currently run by an inner circle, most of whom are members of the IANA. The server at University of Southern California, USC, for example, is run by Mr. John Postel, the head of the IANA. The locations and operators of the current rootservers include: Defense Research and Engineering Network (DREN-DOM) Department of Defense High Performance Computing Modernization Working Group, Networking Subcommittee c/o Director U.S. Army Research Laboratory Aberdeen Proving Ground, MD 21005-5067 Domain Name: DREN.NET Administrative Contact: Reschly, Robert J., Jr. (RJR3) reschly at ARL.ARMY.MIL (410) 278-6808/8676 (DSN) 298-6808/8676 Technical Contact, Zone Contact: Fielding, James L. (JLF) jamesf at ARL.MIL University of Maryland (UMD-DOM) Academic Information Technology Services Network Operations Center Bldg 224, Room 1301 College Park, MD 20742 Domain Name: UMD.EDU Administrative Contact, Technical Contact, Zone Contact: Sneeringer, Gerry (GS307) sneeri at NI.UMD.EDU (301) 405-2996 Network Solutions, Inc. (INTERNIC-DOM) 505 Huntmar Park Drive Herndon, VA 22070 Domain Name: INTERNIC.NET Administrative Contact: Network Solutions, Inc. (HOSTMASTER) hostmaster at INTERNIC.NET (703) 742-4777 (FAX) (703) 742-4811 Technical Contact, Zone Contact, Billing Contact: Kosters, Mark A. (MAK21) markk at NETSOL.COM (703) 742-4795 (FAX) (703) 742-4811 Los Nettos (LN-DOM) USC Information Sciences Institute 4676 Admiralty Way Marina del Rey, CA 90292-6695 US Domain Name: LN.NET Administrative Contact: Postel, Jon (JBP) POSTEL at ISI.EDU <-----Mr. Postel is head of IANA****** (310) 822-1511 Technical Contact, Zone Contact: Woolf, Suzanne (SW145) WOOLF at ISI.EDU (310) 822-1511 Billing Contact: Anderson, Celeste (CA534) celeste at ISI.EDU (310) 822-1511 University of Maryland (UMD-DOM) Academic Information Technology Services Network Operations Center Bldg 224, Room 1301 College Park, MD 20742 Domain Name: UMD.EDU Administrative Contact, Technical Contact, Zone Contact: Sneeringer, Gerry (GS307) sneeri at NI.UMD.EDU (301) 405-2996 U.S. Sprint/NSF International Connectivity Project (ICP-DOM) VAHRNA0401 13221 Woodland Park Road Herndon, VA 22071 Domain Name: ICP.NET Administrative Contact: Kurt, Gastrock (GK368) gastrock at SPRINT.NET 1-800-230-5108 Technical Contact: Kilmer, Hank (HK468) hank at SPRINT.NET 1-800-230-5108 (FAX) 703-904-2292 Zone Contact, Alternate Contact: Sprint Network Info. & Support Center (SPRINT-NOC) noc at sprintlink.net (800) 669-8303 Billing Contact: Goel, Vab (VAB-US) vgoel at SPRINT.NET 7039042635 NORDUnet (NORDU-DOM) c/o SUNET-KTH S-100 44 Stockholm SWEDEN Domain Name: NORDU.NET Administrative Contact: Eriksen, Bjorn [System Manager] (BE10) BER at SUNIC.SUNET.SE +46 8 790 60 00 Technical Contact, Zone Contact: Liman, Lars-Johan (LL846) LIMAN at SUNET.SE +46 8 790 65 60 (FAX) +46 8 24 11 79 Vixie Enterprises (VIX-DOM) Star Route Box 159A Woodside, CA 94062 Domain Name: VIX.COM Administrative Contact, Technical Contact, Zone Contact, Billing Contact: Vixie, Paul (PV15) paul at VIX.COM (415) 747-0204 DOD Network Information Center (NIPR-DOM) Government Systems, Inc. Attn: NSI (Hostmaster) 14200 Park Meadow Dr., Suite 200 Chantilly, VA 20151 Domain Name: NIPR.MIL Administrative Contact, Technical Contact: Government Systems, Inc. (HOSTMASTER) 703-802-4535 (FAX)703-802-8376 HOSTMASTER at NIC.DDN.MIL IANA's plan, which has no congressional mandate, is imposing regulation on a deregulated market, subsidizing corporations, and collecting double taxes on US and International companies, as evidenced by the identities of the networks who would reap the benefits of any fees imposed on other registries. To add insult to injury, is to examine the profile of SAIC, a 2 billion dollar company with strong ties to the Pentagon and the NSA. SAIC is an employee-owned company of 20,000 with about 450 offices around the globe. Its current board of directors include former National Security Agency chief Bobby Inman, Former Defense Secretary Melvin Laird, and the former head of research and development for the Pentagon, Donald Hicks. Ex-CIA director Robert Gates, Secretary of Defense William Perry and CIA Director John Deutsch have been past board members. Eighty-three percent of SAIC's $2 billion annual revenue comes from government contracts, including defense, intelligence and law enforcement contracts. SAIC is designing new information systems for the Pentagon, helping to automate the FBI's computerized fingerprint identification system, and last year won a $200million contract to provide "information support" to the IRS. (source: John Dillon, "Networking with Spooks", CAQ magazine, winter, 1996). Enter the free market. Individual comapnies cropped up in response to the command economy of artificial shortages that had been imposed by a US-centric, militaristic bureaucracy and created new networks of rootservers outside the "sanctioned" servers on which all connections on the internet depend. If your name does not appear in the "sanctioned" database (the rootservers detailed above), your name will not be found everywhere on the internet....only other computers who check the "outsider" database will be able to resolve the new domain names created by the independent companies.--and there are already around 200 new possible names under which one can register on these new services. This poses a problem for the independent upstart name registries because, although they may have a fully functional rootserver system in place, and a fully automated and operational registration service in place, they are essentially frozen out of service becuase the de-facto rootservers, controlled by members of IANA, decide which entries will be in the database of the "sanctioned" rootservers. Hence, the IANA has a vested interest in protecting their control over the "whos-who" list of internet networks, as do their compatriots at Network Solutions, Inc., SAIC, and the government agencies who do business with them. For an example of a fully functional, independent name registry, please go to http://namespace.pgpmedia.com. For some further information on the controversy, please go to http://www.packet.com/hotseat this is a "realaudio" webcast between John McChesney of NPR, Paul Garrin of name.space., and Simpson Garfinkel of WIRED magazine. Also see, "Rebellion Over Who Controls the Net" by Christine Biederman and Jamie Murphy (N.Y. Times, "Cybertimes", November 23, 1996) "Internet Domain Names: Whose Domain is This?" http://www.itu.ch/intreg/dns.html by Robert Shaw,Advisor, Global Information Infrastructure Information Services Department, International Telecommunication Union (ITU) Geneva, Switzerland (Presented at the workshop "Coordination and Administration of the Internet" held at the John F. Kennedy School of Government, Harvard University, Cambridge, Massachusetts, USA, September 9-10, 1996). the John Dillon article "Networking with Spooks" appears in the latest issue of CAQ, available soon at http://mediafilter.org/caq (or http://caq.mag.) From anonymous at null.net Wed Dec 11 04:43:33 1996 From: anonymous at null.net (Anonymous) Date: Wed, 11 Dec 1996 04:43:33 -0800 (PST) Subject: I thought this was a technical list. Message-ID: <32AEAE92.586F@null.net> From dgal at cad.gatech.edu Wed Dec 11 05:03:42 1996 From: dgal at cad.gatech.edu (Damon Gallaty) Date: Wed, 11 Dec 1996 05:03:42 -0800 (PST) Subject: Review of the EPP plug-in 0.2 for Eudora Message-ID: <2.2.32.19961211130202.0068f0bc@gypsy.cad.gatech.edu> At 05:48 AM 12/10/96 -0800, Alan Olsen wrote: >[Note: this is CCed to the developer for two reasons. First, I wanted him >to know of the review. Second, I have another two bugs at the bottom that >I have not reported.] > Hi...I'm the developer. I'd like to respond to these items that Alan Olsen listed so that everyone knows what the heck I'm doing with the Eudora/PGP Plug-In, a.k.a EPPI. [snippet about what EPPI is deleted] >The functions provided are: > >-- Clearsign Message >-- Decrypt Message >-- Encrypt Message >-- Verify Signature >-- Add Key >-- Paste (Insert) Key > >These appear under the Edit menu in the plug-ins submenu. (It would be >nice for these to be in their own seperate menu, but that may be beyond the >scope of the plug-in developers kit.) > Unfortunately, the plug-in developers kit, called the Eudora Messaging System API (EMS API), is very limited, and only provides the functions necessary to get the incoming or currently-displayed mail message, and to paste the results of the plug-in into said message. It gives _no_ control over the Eudora menus. In fact, you can't even activate any arbitrary menu or function of Eudora, nor can you read any information besides what is passed to you by the various functions which call your plug-in. Many of the problems below have been called to my attention. I'll note those that have, and add to my list those that haven't. I'll also explain what I'm doing to correct the problems. If anyone has a better suggestion of fixing a specific problem, please let me know. > >These are the problems/bugs I have found so far: > >-- If you do not define a default ID in the PGP config.txt, it will take >the last ID generated on the secret key ring. (This is a common problem. >This is not the only app that has it.) > Already known. I'll have a field to specify default ID, with an entry for the hex key ID in case there are more than one of the same user ID. >-- The program does not word wrap before sending the message to get >signed. This breaks the signature when Eudora word wraps it opon sending >the message. (Another common problem. I remember a bunch of apps fixing >this one at one time a few months ago...) > Already known. I'll perform the word-wrap in the plug-in. >-- If you decrypt a message, the mail headers are destroyed. (I just >discovered this one last night. It makes replying a bit of a challenge...) > Already known. I'll change the way the plug-in replaces text by only replacing the text between the PGP BEGIN and END headers. >-- The plug-in does not deal with "personalities". (This is not a bug, but >something that would be *REAL* helpful. Now if you could get personalities >that connected to nym servers.) > There's not much I can do about this. I have no way of knowing in the plug-in that a user has switched personalities, so there is no way to notify the plug-in to use a different configuration. I could, however, add personalities to the plug-in, which would at least let the user select different configurations in it to match the current personality being used. Comments? >All in all, this is a useful plug-in. It has a few rough spots, but that >is to be expected. (This is a 0.2 release.) > Thank you. Yes, I knew it was going to be rough at first, hence the version numbering of 0.x. I'll get to 1.0 when I feel it's truly a polished Eudora plug-in worthy of paying for (though I plan to keep it freeware). > >BTW, this is the original information as to where to get the plug-in. How >much of this is current, i am not certain... (The mailing list was broken >according to Lucky Green.) > Sadly, my account was unexpectedly yanked out from under me, so that information is wrong. However, thanks to some generous folks who responded to my plight, I have some temporary locations set up, until I can find a permanent home. Here is the updated information: Download version 0.20 from the Web: * http://www.geocities.com/Heartland/5065/epp16v02.zip (for 16-bit version of Eudora 3.0 for Windows 3.1) * http://www.geocities.com/Heartland/5065/epp32v02.zip (for 32-bit version of Eudora 3.0 for Windows NT/95) If you don't have Web access, but have FTP access, try the following sites. Note that if the version you are trying to get was released today or just a few days ago, it may not have shown up at the sites below yet, so give it a few days: papa.indstate.edu: /pub/winsock-l/mail/epp16v02.zip /pub/winsock-l/Windows95/mail/epp32v02.zip /pub/winsock-l/WindowsNT/mail/epp32v02.zip ftp.winsite.com: /pub/pc/win3/winsock/epp16v02.zip /pub/pc/win95/winsock/epp32v02.zip If you want to be automatically notified of new versions, send e-mail to EPPINEWS at professional.org with the following message body: join stop You will not be able to post to this list. It is merely a convenient way to receive notification of new updates to EPPI. Send comments to: dgal at cad.gatech.edu I have noticed that GeoCities has had some problems last week. Hopefully, these are corrected by now. If not, try the FTP sites. - Damon Gallaty From camcc at abraxis.com Wed Dec 11 05:07:31 1996 From: camcc at abraxis.com (Alec) Date: Wed, 11 Dec 1996 05:07:31 -0800 (PST) Subject: take me off the list, please!!! Message-ID: <3.0.32.19961211080756.00694f94@smtp1.abraxis.com> A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 645 bytes Desc: not available URL: From pavelk at dator3.anet.cz Wed Dec 11 05:15:45 1996 From: pavelk at dator3.anet.cz (Pavel Korensky) Date: Wed, 11 Dec 1996 05:15:45 -0800 (PST) Subject: Harddisk encryption ?? Message-ID: <199612111316.OAA00245@zenith.dator3.anet.cz> Hello, I am trying to post this message once more. It seems that my first message somehow didn't find the way to the mail-list. I have one problem which I would like to consult with you. I need to protect the data on the computer harddisk against physical theft. Current situation: Computer with several harddisks - approx. 9 GB. On this computer, the following OS are used: Linux, DOS, Windows NT. The data on this computer must be accessible from all operating systems. Encryption of files must be transparent to user and encryption algorithm must be "strong". Because I am not able to find any disk encryption software which is able to run on all these platforms, I decided to use the following temporary solution: Add one more computer with Linux OS. On this computer, there will be only a small root partition with necessary Linux components. All other disk space will be encrypted with IDEA, using the /dev/loop. This machine will be some kind of secure file server. On the second machine, where the user works, there will be partitions with operating systems, necessary utilities and the TCP/IP stack for DOS/Windows, NT and Linux. The data and application disks will be mounted via NFS and user will work with files from file server. The computers will be interconnected with Fast Ethernet. This mini-network is NOT connected to the Internet, so the NFS (in)security should not be a problem. Also, both computers will be placed in the same room (distance approx. 3 m), so there should be no problem with tapping/data capturing on the Fast Ethernet connection. I have the following questions. Can anybody see some major security hole in this system ? How fast will be this system ? Anybody has any idea if there is some more sophisticated solution for this problem ? Anybody heard about some strong disk encryption which is able to rund under Windows NT, Linux and DOS ? It seems that the Win NT are the major problem. I am not able to find any disk encryption for NT. Anybody is able to port Secure File System to Windows NT ? I am trying to port this program under Linux, but I am not the NT system programmer. Thanx for any comments, help, ideas etc. Best regards PavelK -- **************************************************************************** * Pavel Korensky (pavelk at dator3.anet.cz) * * DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic * * PGP key fingerprint: 00 65 5A B3 70 20 F1 54 D3 B3 E4 3E F8 A3 5E 7C * **************************************************************************** From dlv at bwalk.dm.com Wed Dec 11 05:55:25 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 11 Dec 1996 05:55:25 -0800 (PST) Subject: Java DES breaker? In-Reply-To: Message-ID: Bill Frantz writes: > I have a client who needs strong crypto routines in Java. (They want > maintain the privacy of their customer's data when stored on the customer's > disk.) They need the platform independence that Java provides. I would > appreciate pointers to implementations. (BTW - I already know about the > Systemics routines.) I think it would make much more sense to implement a CPU-intensive problem like DES in ActiveX. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From serw30 at laf.cioe.com Wed Dec 11 05:56:37 1996 From: serw30 at laf.cioe.com (Eric Wilson) Date: Wed, 11 Dec 1996 05:56:37 -0800 (PST) Subject: Virus? Message-ID: <1.5.4.32.19961211135334.008962e0@gibson.cioe.com> At 09:10 PM 12/10/96 EST, you wrote: >Has anybody heard of the Monkey_B virus? If so what does it do exactly? >Also does anybody know where I could find a downloadable Win95 upgrade >upgrading Windows 3.x to Win95? > > The Monkey virus ( I'm not sure what the "B" variant has altered ) is a memory resident, stealth, boot infector that writes ( and encrypts!) the partition table to side 0, cyl 0, sector 3 of your hard disk. It then modifies your MBR to point to this location. When the virus is resident it infects any floppy ( not write protected )that is accessed by the system. If you need help with cleaning the Monkey from your system, try asking the geniuses at alt.comp.virus for some help. Keep in mind they argue with each other more than cypherpunks do! Here's a hint on cleanup, booting clean and running Fdisk/mbr will remove the virus from your hard disk, but it WILL NOT restore your partition table! Eric From dlv at bwalk.dm.com Wed Dec 11 05:57:10 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 11 Dec 1996 05:57:10 -0800 (PST) Subject: The product formerly known as VGP In-Reply-To: <199612110510.XAA18700@manifold.algebra.com> Message-ID: ichudov at algebra.com (Igor Chudov @ home) writes: [VGP] > To Mark Rosen: name it Cryptographic Utility for Network Transmissions. This reminds me how when I was a student at CUNY, I computerized many things, including the distribution of the bulletin with seminar announcements. One day I misspelled CUNY by pressing a letter next to Y instead of Y. (The spell checker didn't complain.) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From rah at shipwright.com Wed Dec 11 06:22:00 1996 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 11 Dec 1996 06:22:00 -0800 (PST) Subject: DCSB: Applying PGP To Digital Commerce Message-ID: --- begin forwarded text X-Sender: rah at pop.tiac.net Mime-Version: 1.0 Date: Wed, 11 Dec 1996 08:08:44 -0500 To: dcsb at ai.mit.edu, dcsb-announce at ai.mit.edu From: Robert Hettinga Subject: DCSB: Applying PGP To Digital Commerce Sender: bounce-dcsb at ai.mit.edu Precedence: bulk Reply-To: Robert Hettinga -----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL----- The Digital Commerce Society of Boston Presents Rodney Thayer Sable Technology Corporation "Applying PGP To Digital Commerce" Tuesday, January 7, 1996 12 - 2 PM The Downtown Harvard Club of Boston One Federal Street, Boston, MA Rodney Thayer has 20 years experience in the software development business. For the past 10 years he has been designing, implementing, deploying, and troubleshooting networking software. He currently is the Principal of a consulting firm based in Newton, Massachusetts where he is involved in the implementation of communications products for a variety of customers, including software vendors, major end-user organizations, and several governmental organizations both foreign and domestic. He also writes and lectures on the deployment, troubleshooting, and implementation of data communications networks. Mr. Thayer will talk about how PGP can be used in the business world today, for exchange of information, digitally identifying documents, and other commerce applications. In this presentation, we will discuss the application of PGP, including mechanics, the cryptographic and legal issues, and the infrastructure requirements for it's use. The state of the art in digital message encryption is now at the point where it has become practical to use encrypted and digitally signed email for digital commerce. Recently, one scheme, PGP, has emerged from the realm of the cyberpunk as a legitimate tool for business. Commercial products are now available that support PGP encryption in electronic mail and for documents and digital storage. PGP is no longer a cult tool for computer junkies and cyberpunks. It is a legitimate, sound cryptographic technology that can be used, today, for digital commerce. As an increasingly crypto-aware business community searches for solutions, the question of how to use message encryption tools such as PGP becomes germaine to the business community. This meeting of the Digital Commerce Society of Boston will be held on Tuesday, January 7, 1996 from 12pm - 2pm at the Downtown Branch of the Harvard Club of Boston, One Federal Street. The price for lunch is $27.50. This price includes lunch, room rental, and the speaker's lunch. ;-). The Harvard Club *does* have dress code: jackets and ties for men, and "appropriate business attire" for women. We will attempt to record this meeting and put it on the web in RealAudio format at some future date We need to receive a company check, or money order, (or, if we *really* know you, a personal check) payable to "The Harvard Club of Boston", by Saturday, January 4, or you won't be on the list for lunch. Checks payable to anyone else but The Harvard Club of Boston will have to be sent back. Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston, Massachusetts, 02131. Again, they *must* be made payable to "The Harvard Club of Boston". If anyone has questions, or has a problem with these arrangements (We've had to work with glacial A/P departments more than once, for instance), please let us know via e-mail, and we'll see if we can work something out. Planned speakers for DCSB are: February David Kaufman 1996 in Review / Predictions for 1997 March TBA April Stewart Baker Encryption Policy and Digital Commerce We are actively searching for future speakers. If you are in Boston on the first Tuesday of the month, and you would like to make a presentation to the Society, please send e-mail to the DCSB Program Commmittee, care of Robert Hettinga, rah at shipwright.com . For more information about the Digital Commerce Society of Boston, send "info dcsb" in the body of a message to majordomo at ai.mit.edu . If you want to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a message to majordomo at ai.mit.edu . Looking forward to seeing you there! Cheers, Robert Hettinga Moderator, The Digital Commerce Society of Boston -----BEGIN PGP SIGNATURE-----BY SAFEMAIL----- Version: 1.0b5 e29 iQCVAwUBMq6xm/gyLN8bw6ZVAQFMMAP/f1zlK1gngnR8Lj3YXAIuKaZhw5ldsCb5 h0+JqPT6i6Yxxd64sOUosIZ20jgd2Msjg3Di3We4TfZVB/fZRq89sjDp+9CYd32o MSN8ldSGbaTGabwvAMGWMG5OkCwBGYjPyxwSf6/iBZtb3VbWiTHdR+g/YMIkCKHJ WMclXCtZAHU= =1f7Q -----END PGP SIGNATURE----- ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To unsubscribe from this list, send a letter to: Majordomo at ai.mit.edu In the body of the message, write: unsubscribe dcsb Or, to subscribe, write: subscribe dcsb If you have questions, write to me at Owner-DCSB at ai.mit.edu --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/ From ichudov at algebra.com Wed Dec 11 07:41:55 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 11 Dec 1996 07:41:55 -0800 (PST) Subject: IPG algorithim In-Reply-To: Message-ID: <199612111534.JAA00488@manifold.algebra.com> Don, Eric -- I think that Eric simply tried to test the PRNG without the tables, to see how good it is. igor wichita at cyberstation.net wrote: > > > > > On Sat, 30 Nov 1996, Eric Murray wrote: > > > Eric, unlike all the other forespeakers, I do appreciate the fact that > you tried to understand the algorithm and implement it. However, you > have several things wrong, the most important being that the PRNG > produces ONLY a seed for the main algorithm and over short sequences, > for example 53^2, that is only slightly over an average occurrence > of 8 each for the 256 ASC II characters, and the seed streams are > congruent. However, the algorithm uses a 3 dimensional table lookup to > translate the numbers to the Encryptor stream. > > I suggest that you get a free copy of the operating program, generate your > own key, and then run the output through any meaningful test that you > might desire. That would indeed establish whether or not our system does > what we claim it will do or not. It does, but neither my words or your > partial tests prove anything. > > The expected occurrence of an identical repeat, that is a where the same > seed gives the same result is 1 in 2^36. Of course that does not mean that > the same resultant encryptor character might not be generate because there > are only 256 possibilities, so the same character would result from the > same seed at least 1 in 256 times, and of course statistically more > frequently than that, but the over sequence of events leading to the > production of that character is different. > > While I do appreciate your effort to understand and implement the > algorithm, it would be helpful if you would contact me first and get a > copy of the keys and everything detailed in the web site. I take it that > you used the abbreviated version, or failed to read all the information etal. > If you use the tables and so forth detailed at the web site and use the > full algorithm, the results will be far different as you will find. > > > > > > > > > I have translated the IPG algorithim's "engine" to C, to generate > > some random values from it for testing purposes. It does not > > look very random in either the xnoisesph program or the DIEHARD > > test battery. However I may well have misinterprested Mr. Wood's > > description (his writing is, as Mr. Chudov points out, difficult to > > understand) or written my code incorrectly. Here it is, play > > with it yourself. To my untrained eye the lack of randomness > > in what's essentially a stream cipher would be disturbing. > > However I am not a cryptoanalysist so I do not know to > > what extent this weakens the cipher. > > > > > > The IPG description does not say (but implies to me) that > > the various tables that are to be filled in by "random" values must > > be filled in by PRNGs that are seeded with the same seeds by > > each of the party that knows the key. Otherwise the "encryptor > > streams" that are generated will be unrelated and decryption will not > > be possible. To make my test work I have used the simple rand() > > function to fill in the tables. > > > > > > Corrections are welcome. > > > > > > > > #include > > > > /* a C translation of the IPG "EUREKA" algorithim's "engine". > > ** This is supposed to produce random numbers for the IPG > > ** "encryptor stream". > > ** See http://www.netprivacy.com/ for the original description. > > ** Eric Murray ericm at lne.com This code placed under GNU copyleft. */ > > > > /* machine-dependent stuff, change to suit different platforms: */ > > typedef unsigned char byte; > > typedef unsigned short uint16; > > > > > > /* tables: */ > > uint16 A[53]; > > uint16 B[53]; > > uint16 C[53]; > > > > > > int init_table(uint16*table, uint16 min, uint16 max) > > { > > /* IPG specifies no algorithim for producing the "random" > > ** initial values in the ABC tables, but it's obvious that > > ** it requires a PRNG that's somehow seeded from the "key". > > ** I've just used rand() here. In UNIX rand() called with no > > ** seed is supposed to seed itself with 0. */ > > int i; > > int count, r; > > > Wrong - the algorithms are specified at the web site - look again. You > cannot just use rand(). That is patently absurd. > > > for(i = 0; i < 53; i++) { > > table[i] = min + (rand() % (max - min)); > > } > > } > > > > main(int argc, char **argv) > > { > > uint16 jv; > > int argcnt, i, n, count, diehard, nelem; > > > > diehard = 0; > > argcnt = 1; > > if (argc >= 2) { > > if (strncmp(argv[argcnt],"-d") == 0) { > > diehard++; > > argcnt++; > > } > > } > > if (argc > argcnt - 1 ) { > > n = atoi(argv[argcnt]); > > fprintf(stderr,"Generating %d values\n",n); > > } > > else { > > n = 2000; > > } > > > > /* seed tables: */ > > fprintf(stderr,"Seeding: A"); fflush(stderr); > > init_table(A,0,65535); > > fprintf(stderr," B"); fflush(stderr); > > init_table(B,0,12227); > > fprintf(stderr," C"); fflush(stderr); > > init_table(C,16384,20361); > > fprintf(stderr,"\n"); fflush(stderr); > > > > /* generate n values: */ > > for(; n > 0; n--) { > > /* jv is "random" (where's it seeded from?) */ > from the key > > > jv = (uint16)(rand() % 53); > > > > /* count limits the number of traverses to 53^2 so we don't get stuck */ > > for(count = 0; count < 2809; count++) { > > jv++; > > if (jv == 53) jv = 0; > > A[jv] = (A[jv] + B[jv]) % C[jv]; > > if (A[jv] < 16384) break; > > } > > if (count == 2809) fprintf(stderr,"Oops.\n"); > > else { > > if (!diehard) { > > printf("%d\n",A[jv]); > > } > > else { > > /* print output in DIEHARD required format: > > ** actually since we have 16-bit ints and DIEHARD > > ** wants 32-bit ints, we print 20 per line instead of 10 */ > > if (nelem++ > 19) {printf("\n"); nelem = 0;} > > printf("%4.4x",(unsigned int)A[jv]); > > } > > } > > } > > } > > > > > > > > -- > But they do not reference the same table entries either as is plain to see. > Your implementation, while appreciated, is plain flawed in many respects. We do not use any > special As, Bs and Cs. Any selection will do. > > If you are going to implement that algorithm, please use all of it, not > just the seed generator. I grant you that with only 53 different > equations, the resultant seed numbers do not give a random CHI square, > especially over short frame sizes. Certainly over 53^2, it would give you > staccato results. Not only that, but they are congruent. Nevertheless, > this is more of the supercilious half ass crap that writers post. If you > implement the rest of the algorithm, you will find that it does always > meet the Chi Square tests for randomness, not sometimes but always. I have > posted over 200 megabytes of data to our web site and it is still there. > Pick any spot in the data, and run your chi squares tests on it. > > If you are going to try to critiqued the IPG algorithm, please use the > entire algorithm set out. There are so many things wrong with your > implementation, that it would take me days to cover everything. > I suggest that you get a sample copy of our operating program , generate > your own Keys and then analyze the output data. Then if it does not > perform as we have stated you can tear us apart. But your meaningless > jabberwocky means nothing other than you have at least tried to understand > the algorithm, which to repeat, we appreciate. > > > - Igor. From ichudov at algebra.com Wed Dec 11 07:42:06 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 11 Dec 1996 07:42:06 -0800 (PST) Subject: IPG algorithim In-Reply-To: Message-ID: <199612111538.JAA00529@manifold.algebra.com> wichita at cyberstation.net wrote: > > > > Igor, Eric, > > As I have noted to Eric, I appreciate that at least both of you are trying > to understand and implement the algorithm. My comments follow: > > On Sat, 30 Nov 1996, Igor Chudov @ home wrote: > > > [This is an addition to my previous reply to Eric] > > > > It bugs me that you are using rand() (a fairly lame pseudo-random > > function that was never intended to be used in cryptographic > > applications) to seed A, B, C and JV and then test the A(JV) for > > randomness. Some may object to that. Just for fun, I am attaching a hex > > dump of output from my /dev/random (Linux 2.0.24). You could simply take > > these truly random values and put them in initial A, B, C and JV, just > > to be sure. > > > > I doubt though that your results (poor randomness of A(JV)) will be > > any different. > > > I agree, and as I have indicated elsewhere, either the B or the C is ^^^^^^^^^^^^^^^^ > is a prime number. The numbers in A, B, and C are not random numbers, Don, see my another letter that I sent out last night. What you _need_ to require is that C is prime, not B. Suppose B == p -- some prime number, A == 1, and C == 2*B. This triplet would fit your criteria, but would be BAD because the only two numbers it will generate is 1 and P+1. That would be a rather biased output :) igor > they are only selected randomly in a manner almost identical to a LOTTO > selections, except that the pools are much larger and the order is > very significant. > > There are so many things that are wrong with the Murray > implementation that it would be takes days to clarify it. It is simply not > the algorithm, nor even any significant part of it. The actual As, Bs and > Cs are specified at the Web ,site as is the algorithm for using the Key to > select the ones actually used. In the example, 53 of 512 As, 53 of 600 > plus Bs, and 53 of some 500 plus Cs. > > > > > > igor > > > > 0000000 c76d 74ac b253 ffc3 ae97 e092 629c 7a53 > > 0000010 087a 21e6 8c2c 0ab6 a03a ea3c 0c71 a748 > > 0000020 68f0 540d a4f2 0a2b b62b 4ab6 ddaa d3e4 > > 0000030 a795 51f3 7dff 067d 2f6b 8d18 fa23 0200 > > 0000040 99df 1d97 e232 b8d5 381f cf1e 7ea8 d971 > > 0000050 8aa0 df0b cf41 53e2 a9f5 5304 dc28 c242 > > 0000060 c01b 5990 75a1 688d 497f cc54 d336 217e > > 0000070 7dd7 4800 09d4 ff5b 53b8 6308 d38f 60f5 > > 0000080 513a 3ea7 90f6 4cdf e783 6a14 145a e2b1 > > 0000090 2041 6bb5 f417 6109 6101 fecd b7f1 7287 > > 00000a0 f31a 6cb4 d559 ed7c 1be8 e0ca 21f9 8779 > > 00000b0 701e bbcc 8909 7743 bfef c5ef 0f60 cd6a > > 00000c0 565b 30b5 e710 5f66 aa83 0751 5bc7 867e > > 00000d0 87a8 8511 9969 d101 c1bb 871b a2e5 f579 > > 00000e0 5e14 9167 480a 9fc2 8354 5769 4ee0 7765 > > 00000f0 faf5 c29f 25ad 77ea 9ecf 39b4 2d11 969f > > 0000100 099c f85a 7240 9922 0513 d607 41ea ba29 > > 0000110 1886 2611 e577 50c6 87af 393a 782a 6666 > > 0000120 9ae0 221e ec58 ce2e de77 b6de 5821 82e9 > > 0000130 db17 5027 7e57 567a 2e82 f056 01d0 2cde > > 0000140 0314 ac33 78bd d569 215e b8d7 6a3b 0caa > > 0000150 b44f 8c6c 04de 4cf2 e111 2803 a073 7d27 > > 0000160 f78c 9d28 70ca 1cd4 ce53 5dea 3141 efa9 > > 0000170 8246 c7ee 4ed3 e49a 8d97 8ded d818 327a > > 0000180 f999 e044 ff28 ffe9 0254 535c 7e70 a09c > > 0000190 af58 bcd2 07b0 8146 f4cc 7568 751c c6ee > > 00001a0 b6b7 be3f d870 84ce 7f8c 3ec4 1427 09fc > > 00001b0 706e 93f8 9752 230b 74cd 0b0b 38be ba5b > > 00001c0 a9a6 062a cdee f11d d367 37e2 ec4f 90e4 > > 00001d0 9019 d9ff 2ff9 fb5d 559b 4dd0 2ab0 7e35 > > 00001e0 184a 3e90 f072 7349 007f 5d41 c176 8d8a > > 00001f0 a30c 1a68 eca6 63f4 256f 88e1 2cec dc1a > > 0000200 a0ac 90f0 b515 2fbc 2778 4e66 2323 7528 > > 0000210 59c3 c3a9 3ccd e29d 315a fa6a 7821 f6e4 > > 0000220 7977 5e9f df6c f87e 5d15 5693 3da8 9790 > > 0000230 faaf d028 0c05 f5f0 160a 8cb7 f726 18cf > > 0000240 796d 77c5 3c2e 5ddb f770 7183 3c17 81b7 > > 0000250 b0ff ad01 a4d3 26a1 7821 d210 376a 8283 > > 0000260 3860 61a9 c509 e34c 46a4 7f70 b2ff 18db > > 0000270 24ad 97b5 e474 eee2 9036 c125 3fdb 88ce > > 0000280 824a 3096 98fc 0b9f 2f3a 6ac3 25e1 8d08 > > 0000290 46c6 7218 ea87 3c6d 6395 6fc5 34b0 1447 > > 00002a0 ddb3 b3af fdbf b545 5f47 0fe6 bfd0 e799 > > 00002b0 99f6 1fc6 c70b 524f 717f a25d 9f08 f78a > > 00002c0 e230 b4b9 2045 5652 9677 5ce3 a827 9e8f > > 00002d0 261f 4650 c731 afbb e257 8410 621a 09aa > > 00002e0 d991 7a3b bb68 4995 fd15 2afc 8e26 842b > > 00002f0 cdf7 2d13 4055 9d22 be44 aa16 ed06 db8a > > 0000300 4210 714b 330d 6c9e 3f81 c993 4d8b 2f6b > > 0000310 134f 1566 8170 9cc6 4cff d188 78c4 29ae > > 0000320 27ec 731f 391c 6241 ffaf 2967 8756 1517 > > 0000330 5d1a e807 c477 7757 bd6a ff4c 1cf1 01ce > > 0000340 dfa7 25b4 5a4f 9cf0 e96e 2d69 0de0 c24e > > 0000350 0a2c 9ec8 112d 0851 c028 917b b00b f9a0 > > 0000360 0b07 b9f0 c4ef 4426 1cce c8c8 7186 8c24 > > 0000370 9868 fe68 9136 1316 1e58 e883 5aa9 1298 > > 0000380 c0ed eaa4 aaa2 7f23 48d1 5056 8837 06ec > > 0000390 5f69 ce3a 3d5b 1e7a 7545 e237 352d d887 > > 00003a0 df9c 734d a441 7fa5 6685 eff0 4ce8 1876 > > 00003b0 f9c9 2e18 f825 3a3a a6b8 e0cc 5d49 136a > > 00003c0 853d dd88 c0f8 befc 8b87 e261 fd73 09af > > 00003d0 b392 3afa f38e 6a25 cc5d b624 1012 49f3 > > 00003e0 31b0 196c aa02 b3f2 454a 7817 2198 5ad7 > > 00003f0 84c5 f22d 8b6e cdc9 12c3 d0b5 b866 9976 > > 0000400 97a7 3b5e dedf 201d 50f5 99a6 bf54 04ab > > 0000410 a34e 3a66 538c 51a0 c00b 7ae8 f2ae 6343 > > 0000420 c5f1 1ef1 1f8f 7415 5b50 53a4 33ad d046 > > 0000430 13b6 62a2 cc34 feee 7fda 671a 2b28 a36c > > 0000440 a806 15be 1ccc b5b9 ef85 04ca 168c 8cd0 > > 0000450 c44e d117 a6c8 cbaf 3b5b 581c d94a 8469 > > 0000460 effb 0f18 cd45 5c77 6ab1 1289 e385 9771 > > 0000470 199f 5610 8095 be8b e257 2ef8 a221 99ee > > 0000480 1d8b c81c 9781 e803 e4ab 4afb 5669 efb1 > > 0000490 b31f 36e2 5930 b838 e84c 4f6e a709 0c40 > > 00004a0 fefe c530 4ee2 ee3a aa2e e278 de99 8b1e > > 00004b0 4e83 c98a 47cd 4715 081d 7c7d 5f6f 657c > > 00004c0 49b5 70c0 937a d4c2 39ff d282 8768 1d7c > > 00004d0 40fe 1ed1 59b9 d0f7 b4cc 55b3 5da2 4118 > > 00004e0 14dc 4b71 202a fb96 0bed 6d2a 03d6 2f2d > > 00004f0 9056 8d84 8b6e 948b 4b89 efd1 53ba 9a13 > > 0000500 ea01 770a dc40 fcad bf69 cf60 7884 3f66 > > 0000510 b057 2e82 3745 2839 f68d f637 ad95 5463 > > 0000520 ff3c 353d 08b2 44c2 72bb b25b f60d 0dbf > > 0000530 455a e9b4 8bbf 3307 071a f720 f00e 0217 > > 0000540 f8cc f7cc 2cc4 ef14 e6b6 7dbc ceff 2dea > > 0000550 fc34 ed72 d59b 8cd2 794c 2d11 e470 ba44 > > 0000560 bff3 c531 b38b 5398 4a46 63be d86b ae19 > > 0000570 d6a4 2e8d da0d 0ff9 a3db 2cc4 0494 72b1 > > 0000580 b871 1f7e b8da a2f0 2f63 b522 3212 43da > > 0000590 f910 374e b1f5 5462 8db0 65ef 5e5b 9bf1 > > 00005a0 9337 5003 31fc 47a9 8c06 d0d8 c8ab 8732 > > 00005b0 ff5e 7fe3 b43c 9ba0 14dd f31f cf4c a5b5 > > 00005c0 5552 b1ee 0ee6 a38f dc2b 32ac ab80 e12d > > 00005d0 be8c ad7d 89e9 5cda 0781 f30c b1d1 3163 > > 00005e0 72f9 bcbe 5972 1862 3a15 660f 4227 b168 > > 00005f0 280d 35fa 1765 46f3 468b 0538 44fc 216e > > 0000600 30f6 8340 6805 7f5c a280 fcdf 563d 9751 > > 0000610 50c9 fb04 065c 12ec 9ce3 34ee 2a3d f821 > > 0000620 d43e b64e 067f fd26 5e94 b7d1 9b28 fbcf > > 0000630 811b 4631 6018 5385 1297 e37a b0ea c6fd > > > > Eric Murray wrote: > > > > > > > > > > > > I have translated the IPG algorithim's "engine" to C, to generate > > > some random values from it for testing purposes. It does not > > > look very random in either the xnoisesph program or the DIEHARD > > > test battery. However I may well have misinterprested Mr. Wood's > > > description (his writing is, as Mr. Chudov points out, difficult to > > > understand) or written my code incorrectly. Here it is, play > > > with it yourself. To my untrained eye the lack of randomness > > > in what's essentially a stream cipher would be disturbing. > > > However I am not a cryptoanalysist so I do not know to > > > what extent this weakens the cipher. > > > > > > > > > The IPG description does not say (but implies to me) that > > > the various tables that are to be filled in by "random" values must > > > be filled in by PRNGs that are seeded with the same seeds by > > > each of the party that knows the key. Otherwise the "encryptor > > > streams" that are generated will be unrelated and decryption will not > > > be possible. To make my test work I have used the simple rand() > > > function to fill in the tables. > > > > > > > > > Corrections are welcome. > > > > > > > > > > > > #include > > > > > > /* a C translation of the IPG "EUREKA" algorithim's "engine". > > > ** This is supposed to produce random numbers for the IPG > > > ** "encryptor stream". > > > ** See http://www.netprivacy.com/ for the original description. > > > ** Eric Murray ericm at lne.com This code placed under GNU copyleft. */ > > > > > > /* machine-dependent stuff, change to suit different platforms: */ > > > typedef unsigned char byte; > > > typedef unsigned short uint16; > > > > > > > > > /* tables: */ > > > uint16 A[53]; > > > uint16 B[53]; > > > uint16 C[53]; > > > > > > > > > int init_table(uint16*table, uint16 min, uint16 max) > > > { > > > /* IPG specifies no algorithim for producing the "random" > > > ** initial values in the ABC tables, but it's obvious that > > > ** it requires a PRNG that's somehow seeded from the "key". > > > ** I've just used rand() here. In UNIX rand() called with no > > > ** seed is supposed to seed itself with 0. */ > > > int i; > > > int count, r; > > > > > > for(i = 0; i < 53; i++) { > > > table[i] = min + (rand() % (max - min)); > > > } > > > } > > > > > > main(int argc, char **argv) > > > { > > > uint16 jv; > > > int argcnt, i, n, count, diehard, nelem; > > > > > > diehard = 0; > > > argcnt = 1; > > > if (argc >= 2) { > > > if (strncmp(argv[argcnt],"-d") == 0) { > > > diehard++; > > > argcnt++; > > > } > > > } > > > if (argc > argcnt - 1 ) { > > > n = atoi(argv[argcnt]); > > > fprintf(stderr,"Generating %d values\n",n); > > > } > > > else { > > > n = 2000; > > > } > > > > > > /* seed tables: */ > > > fprintf(stderr,"Seeding: A"); fflush(stderr); > > > init_table(A,0,65535); > > > fprintf(stderr," B"); fflush(stderr); > > > init_table(B,0,12227); > > > fprintf(stderr," C"); fflush(stderr); > > > init_table(C,16384,20361); > > > fprintf(stderr,"\n"); fflush(stderr); > > > > > > /* generate n values: */ > > > for(; n > 0; n--) { > > > /* jv is "random" (where's it seeded from?) */ > > > jv = (uint16)(rand() % 53); > > > > > > /* count limits the number of traverses to 53^2 so we don't get stuck */ > > > for(count = 0; count < 2809; count++) { > > > jv++; > > > if (jv == 53) jv = 0; > > > A[jv] = (A[jv] + B[jv]) % C[jv]; > > > if (A[jv] < 16384) break; > > > } > > > if (count == 2809) fprintf(stderr,"Oops.\n"); > > > else { > > > if (!diehard) { > > > printf("%d\n",A[jv]); > > > } > > > else { > > > /* print output in DIEHARD required format: > > > ** actually since we have 16-bit ints and DIEHARD > > > ** wants 32-bit ints, we print 20 per line instead of 10 */ > > > if (nelem++ > 19) {printf("\n"); nelem = 0;} > > > printf("%4.4x",(unsigned int)A[jv]); > > > } > > > } > > > } > > > } > > > > > > > > > > > > -- > > > > > > > > - Igor. > > > > With Kindest Regards, > > Don Wood > - Igor. From ichudov at algebra.com Wed Dec 11 07:42:45 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 11 Dec 1996 07:42:45 -0800 (PST) Subject: IPG algorithim In-Reply-To: Message-ID: <199612111539.JAA00672@manifold.algebra.com> These are all good tests, BUT all they can tell you is a negative. Ie, if some tests fail, the RNG is certainly BAD. If they do not fail, we still can't say that the RNG is good. igor wichita at cyberstation.net wrote: > > > > You are also bringing a good point that Chi-squared tests are not > > sufficient to make any conclusions about usefulness of this particular > > pseudo random number generator. > > > > - Igor. > > > Chi Squares alone are not sufficient but we are only talking about the > seed algorithm, and at our web sites, you will find Standard Deviations, > Chi Squares, Delta ICs, autocorrelations, cross correlations, and a > variety of other tests done on single characters, couplets - pairs, > first differences, second differences, offset differences and all kinds of > other tests. > - Igor. From ichudov at algebra.com Wed Dec 11 07:46:48 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 11 Dec 1996 07:46:48 -0800 (PST) Subject: IPG algorithim In-Reply-To: Message-ID: <199612111540.JAA00703@manifold.algebra.com> wichita at cyberstation.net wrote: > > > > Everything is still screwed up. The As, Bs and Cs are selected in much the > same fashion as LOTTO numbers except that the pools are much larger and > order is significant. They are not random, that would never work. Maybe I missed something at your website, but... how exactly they are selected? Where is it described? igor > On Sat, 30 Nov 1996, Eric Murray wrote: > > > > > Igor Chudov @ home writes: > > > > > > [This is an addition to my previous reply to Eric] > > > > > > It bugs me that you are using rand() (a fairly lame pseudo-random > > > function that was never intended to be used in cryptographic > > > applications) to seed A, B, C and JV and then test the A(JV) for > > > randomness. Some may object to that. > > > > Yea, you're right, rand() is lame. > > > > I added /dev/random to my Linux box and changed my small test to use it. > > I also changed the way that I use JV- I had been setting it to a random > > value for each trip through the "engine", but since I beleive that > > its value can't really be random (if you want to be able to have someone > > decrypt your stuff :-) but must be exchanged in the key, I set it > > to a random value once and then let it float. It's also a lot faster > > that way, /dev/random is pretty slow (because it's looking for real > > random material). > > > > My results from xnoisesph were wrong- xnoisesph wants random bytes > > instead of random integers in ascii format as I was producing. > > Changing it (as I have below) makes the xnoisesph output look > > much better, but it still isn't all that random. The random seed generators > > I have written that get their randomness from repeated calls > > to high-resolution timers and hashes of system log files do better. > > I also fixed a minor bug in arg processing. > > > > > > > > > > > > > > #include > > #include > > > > /* a C translation of the IPG "EUREKA" algorithim's "engine". > > ** This is supposed to produce random numbers for the IPG > > ** "encryptor stream". > > ** See http://www.netprivacy.com/ for the original description. > > ** Eric Murray ericm at lne.com This code placed under GNU copyleft. > > ** V0.2 */ > > > > typedef unsigned char byte; > > typedef unsigned short uint16; > > > > > > /* tables: */ > > uint16 A[53]; > > uint16 B[53]; > > uint16 C[53]; > > > > > > #ifndef NO_DEV_RANDOM > > uint16 getrand() > > { > > uint16 ret; > > int fd = open("/dev/random",O_RDONLY); > > if (fd <= 0) { > > perror("/dev/random"); exit(-1); > > } > > read(fd,(unsigned char *)(&ret),sizeof(ret)); > > close(fd); > > return(ret); > > } > > #else > > /* do something appropriate for your OS here, rand() is lame. */ > > #define getrand rand > > #endif > > > > > > int init_table(uint16*table, uint16 min, uint16 max) > > { > > /* IPG specifies no algorithim for producing the "random" > > ** initial values in the ABC tables, but it's obvious that > > ** it requires a PRNG that's somehow seeded from the "key". > > ** I've used /dev/random here, so there's no question that > > ** I'm starting out with pretty good random values. */ > > int i; > > int count, r; > > > > for(i = 0; i < 53; i++) { > > table[i] = min + (getrand() % (max - min)); > > } > > } > > > > main(int argc, char **argv) > > { > > uint16 jv; > > int argcnt, i, n, count, diehard, nelem; > > > > diehard = 0; > > argcnt = 1; > > if (argc >= 2) { > > if (strncmp(argv[argcnt],"-d",2) == 0) { > > diehard++; > > argcnt++; > > } > > } > > if (argc > argcnt - 1 ) { > > n = atoi(argv[argcnt]); > > fprintf(stderr,"Generating %d values\n",n); > > } > > else { > > n = 2000; > > } > > > > /* seed tables: */ > > fprintf(stderr,"Seeding: A"); fflush(stderr); > > init_table(A,0,65535); > > fprintf(stderr," B"); fflush(stderr); > > init_table(B,0,12227); > > fprintf(stderr," C"); fflush(stderr); > > init_table(C,16384,20361); > > fprintf(stderr,"\n"); fflush(stderr); > > > > /* generate n values: */ > > /* jv is "random" (where's it seeded from?) */ > > jv = (uint16)(getrand() % 53); > > for(; n > 0; n--) { > > > > /* count limits the number of traverses to 53^2 so we don't get stuck */ > > /* 2809 is actually too low per Chudov: > > ** "For example, if ALL B == 1, A == 16385, and C == 20361, the > > ** loop may need (20361-16385) passes to get to the < 16384 value." > > */ > > for(count = 0; count < 2809; count++) { > > jv++; > > if (jv == 53) jv = 0; > > A[jv] = (A[jv] + B[jv]) % C[jv]; > > if (A[jv] < 16384) break; > > } > > if (count == 2809) fprintf(stderr,"Oops.\n"); > > else { > > if (!diehard) { > > write(1,(unsigned char *)&A[jv],sizeof(uint16)); > > } > > else { > > /* print output in DIEHARD required format: > > ** actually since we have 16-bit ints and DIEHARD > > ** wants 32-bit ints, we print 20 per line instead of 10 */ > > if (nelem++ > 19) {printf("\n"); nelem = 0;} > > printf("%4.4x",(unsigned int)A[jv]); > > } > > } > > } > > } > > -- > > Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm > > PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF > > > - Igor. From ichudov at algebra.com Wed Dec 11 07:46:56 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 11 Dec 1996 07:46:56 -0800 (PST) Subject: Ignoramus Chewed-Off on IPG algorithm In-Reply-To: Message-ID: <199612111543.JAA00732@manifold.algebra.com> wichita at cyberstation.net wrote: > > > Igor, > > I greatly appreciate the fact that you are looking at the algorithm. > You have the general idea but I do not believe that you have spent > enough time with it to understand what all is going on. > > > For instance, be advised that all Bs and Cs are not random numbers > at all, but rather they are randomly selected from a previously selected > set of values, so that there are no repeats and all Bs are less than the > smallest possible C, and the sum of B plus C is always < 32761. > Furthermore, either B or C, one and sometimes both, are prime numbers. See my another reply, your requirements to A, B, and C above are not good to produce "good numbers". If C is 2*B and B is prime as you require, the only output from the triplet you will see is two numbers. igor > You might have an A(i) value of zero, and will have it 1 in C(i) > iterations, but you can never have a b value of 0, or a C values or zero. > Nor can any set of: > > A(JV)=A(JV)+B(JV) MOD C(JV) > > generate a partial set set of the possible C values because either the B > value or the C value is prime. > > > Furthermore, initial A values are chosen so that A+ Bmax + Cmax is less > than 32761. > > Accordingly the circumstances that you describe cannot occur. The > randomness referred to in the As, Bs, and Cs, result from the selection > process, not from the values themselves. It goes without saying that > using random values would not work, for the reason that you mention > plus other. > > For instance, there are no repeats between any of the As, Bs, and Cs which > is one indication that they are not random. To the contrary, the pool of > numbers are selected numbers, approximately 66% prime and 33% nonprime, > which maximizes the covariance, in a LP sense, with the modulos 4096 and > 256. > > The selection process uses a key, generated by the user from the timing of > keystrokes, to select the which As, Bs and Cs will actually be used. I > tried to explain this in the detailed algorithm explanation. at the web > site. > > > > > On Sat, 30 Nov 1996, Igor Chudov @ home wrote: > > > Igor Chudov @ home wrote: > > > > > > Hi, > > > > > > I was sort of tired of endless talk that "IPG algorithm was not > > > peer-reviewed, blah blah blah, so we won't even look at it, > > > blah blah blah", and decided to look at what Don Wood writes and > > > try to see how his program actually works. > > > > > > Of course, I am not an expert in cryptography, and will appreciate all > > > corrections. The web page to look at is http://www.netprivacy.com/algo.html, > > > and it describes IPG algorithm in some detail. > > > > > > First of all, the description of the algorithm is extremely unclear. I > > > understand that this may be Don Wood's writing style, but it is certainly > > > not the most efficient style for precise communications. I suggest that > > > Don tries to rewrite his description to be more structured. > > > > > > Second, I seriously suspect that his algorithm of "trimming" is NOT > > > going to work right. Just to remind everyone, he generates pseudo-random > > > A(JV), B(JV), C(JV) such that > > > > > > 16384 < C < 20361 > > > B < 12227 > > > A arbitrary (at least the web page contains no restrictions > > > on the value of A). > > > > > > and then goes on to "trimming" -- a process that obtains a new value > > > of A that is LESS than 16384 through this algorithm: > > > > > > DO > > > JV=JV+1 > > > IF JV=53 THEN JV=0 > > > A(JV)=(A(JV)+B(JV)) MOD C(JV) > > > UNTIL A(JV)<16384 > > > > > > We shall first note that THERE ARE CASES WHEN THIS ALGORITHM WILL NEVER > > > STOP! For example, if all A values are _initially_ 16385 and all C > > > values are 16386 and all B's are 0, it is obvious that the pseudocode > > > above will be stuck in endless loop. > > > > > > No good for IPG algorithm. > > > > > > in fact, if only some triplets of A, B, and C have B == 0 and 16384 < A < C, > > > these triplets will always be ignored (skipped) by his trimming process. > > > > Note also that if B(K) == 1, his algorithm will need to make C passes > > through the loop for JV == k, in order to generate a new value of A(JV). > > > > This is very inefficient and results in a bias for triplets with high > > Bs -- because they will generate good A(JV) more frequently. > > > > - Igor. > > > - Igor. From cmcurtin at research.megasoft.com Wed Dec 11 08:06:42 1996 From: cmcurtin at research.megasoft.com (C Matthew Curtin) Date: Wed, 11 Dec 1996 08:06:42 -0800 (PST) Subject: Utility of Snake Oil FAQ Message-ID: <199612111559.KAA13478@goffette.research.megasoft.com> Got a bit of an update for everyone who was interested in the utility of the Snake Oil FAQ. Tim May raised the issue that it seems likely that a usenet FAQ will only reach people sufficiently clued to look for a usenet FAQ, which probably means they're clued enough to already know what's in the FAQ. I myself had this concern, but went ahead taking everyone's input and working on it anyway. I received at least a half dozen requests from folks wanting to include it in internal memorandums, reference it in other (nontechnical) works about Internet and security issues, etc. It would seem that the message is getting out (admittedly slowly, perhaps at the rate of two a month), but I suspect that as more attention is brought to it, we'll continue to reach more people who need to see it. -matt P.S. For those of you who have tuned in late, the URL is http://www.research.megasoft.com/people/cmcurtin/snake-oil-faq.html -- Matt Curtin cmcurtin at research.megasoft.com Megasoft, Inc Chief Scientist http://www.research.megasoft.com/people/cmcurtin/ I speak only for myself. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet From steven at echonyc.com Wed Dec 11 08:07:49 1996 From: steven at echonyc.com (Steven Levy) Date: Wed, 11 Dec 1996 08:07:49 -0800 (PST) Subject: Codebreakers on the shelves! In-Reply-To: <9612101953.aa22445@salmon.maths.tcd.ie> Message-ID: The events occuring after the finish of the original codebreakers (beginning the seventies, and including public key, Clipper ,etc) and covered lightly in the rewrite will be at the center of my book CRYPTO, which I am still finishing. Meanwhile, the re-release of Codebreakers is a firm reminder of Kahn's awesomeness. Steven On Tue, 10 Dec 1996, Derek Bell wrote: > In message , "Timothy C. May" writes: > >As near as I can tell, from the comments by Kahn and from looking at it, > >the new edition is _exactly_ the same as the 1967 edition, with the > >exception of one additional chapter. The last chapter covers the Enigma > >story in detail. > > Is it based on the abridged or unabridged edition? > > >I'm hoping the new edition of Bamford is handled better. > > Any news as to a possible release date for that book? > > Derek > From ichudov at algebra.com Wed Dec 11 08:15:18 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 11 Dec 1996 08:15:18 -0800 (PST) Subject: Harddisk encryption ?? In-Reply-To: <199612111316.OAA00245@zenith.dator3.anet.cz> Message-ID: <199612111610.KAA00971@manifold.algebra.com> i definately see a problem. you encrypt all your data on that another computer, and then send this data over your LAN in the clear. the data can be compromised by snooping at the network connection. that sux, although you are protected against "physical theft". I suggest that you use PGP and DOS partitions to keep your files instead. poka igor Pavel Korensky wrote: > > Hello, > > I am trying to post this message once more. It seems that my first message > somehow didn't find the way to the mail-list. > > I have one problem which I would like to consult with you. > I need to protect the data on the computer harddisk against physical theft. > > Current situation: > > Computer with several harddisks - approx. 9 GB. On this computer, the following > OS are used: Linux, DOS, Windows NT. The data on this computer must be > accessible from all operating systems. Encryption of files must be transparent > to user and encryption algorithm must be "strong". > > Because I am not able to find any disk encryption software which is able to run > on all these platforms, I decided to use the following temporary solution: > > Add one more computer with Linux OS. On this computer, there will be only a > small root partition with necessary Linux components. All other disk space will > be encrypted with IDEA, using the /dev/loop. This machine will be some kind of > secure file server. > On the second machine, where the user works, there will be partitions with > operating systems, necessary utilities and the TCP/IP stack for DOS/Windows, NT > and Linux. The data and application disks will be mounted via NFS and user will > work with files from file server. > The computers will be interconnected with Fast Ethernet. This mini-network is > NOT connected to the Internet, so the NFS (in)security should not be a problem. > Also, both computers will be placed in the same room (distance approx. 3 m), so > there should be no problem with tapping/data capturing on the Fast Ethernet > connection. > > I have the following questions. > > Can anybody see some major security hole in this system ? > How fast will be this system ? > Anybody has any idea if there is some more sophisticated solution for this > problem ? > Anybody heard about some strong disk encryption which is able to rund under > Windows NT, Linux and DOS ? It seems that the Win NT are the major problem. I am > not able to find any disk encryption for NT. > Anybody is able to port Secure File System to Windows NT ? I am trying to port > this program under Linux, but I am not the NT system programmer. > > Thanx for any comments, help, ideas etc. > > > Best regards > > > PavelK > > > -- > **************************************************************************** > * Pavel Korensky (pavelk at dator3.anet.cz) * > * DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic * > * PGP key fingerprint: 00 65 5A B3 70 20 F1 54 D3 B3 E4 3E F8 A3 5E 7C * > **************************************************************************** > - Igor. From snow at smoke.suba.com Wed Dec 11 08:17:32 1996 From: snow at smoke.suba.com (snow) Date: Wed, 11 Dec 1996 08:17:32 -0800 (PST) Subject: [OFF-TOPIC]Re: PICS is not censorship In-Reply-To: <32AE0747.2CA5@tivoli.com> Message-ID: <199612111636.KAA01346@smoke.suba.com> Mike said: > Gemini Thunder wrote: > > There are universally valid truths. You implicitly admit so by > > stating "...at most, one religion is correct". > No, he didn't; he said "at most". I personally think none is correct, > and I don't agree there are universally valid truths. I defy you to > explain how you know that to be so. > Universally valid truths: Down is towards the nearest object of gravitational attraction that you are influenced by. Up is away. E=mc^2. > > The problem is we can not always determine what the universally valid > > truth is (especially so in moral/religious matters) > Then why do you think there is such a thing? To think outherwise would imply a non-casual universe. > > so we tend to cop-out > Why is it a "cop-out" to accept the limits of human perception? Most people who "Accept their limits" never manage to get beyond them. > > and say there are no truths, or something > > along the lines of: > > "Well, that might be right for you, but not for me." > > or the one I love to hate: > > "Perception is reality." > How do you know reality is something other than perception if you > don't perceive it to be so? Collusion (spelling?). Two or more observers get together and compare perceptions. If their perceptions are noot the same, or at most similar, then perception is _not_ reality. HTH. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From ichudov at algebra.com Wed Dec 11 08:19:14 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 11 Dec 1996 08:19:14 -0800 (PST) Subject: IPG Algorith Broken! In-Reply-To: Message-ID: <199612111612.KAA00999@manifold.algebra.com> wichita at cyberstation.net wrote: > This is just another example or more pendant pap. Obviously, you like > Paul, do not know what you are talking about. You have read some > textbooks and think that makes you are an expert. I suggest that you take > some time off and learn some IT and what an OTP is. It most certainly is > not two identical random number series. what is IT? - Igor. From EALLENSMITH at ocelot.Rutgers.EDU Wed Dec 11 08:28:02 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Wed, 11 Dec 1996 08:28:02 -0800 (PST) Subject: Redlining Message-ID: <01ICVRN4ZPMOAEL6R8@mbcl.rutgers.edu> From: IN%"mjmiski at execpc.com" "Matthew J. Miszewski" 11-DEC-1996 03:35:52.25 >My question was a real one. The basis of it comes from my work with the >homeless in which they have a difficult time getting a job because they >have no "home address" to put on the forms, some do not have or remember >their SSNs, etc. This causes a cyclic problem for the homeless. My >question to Tim was, in the real world, how is the protection of this data >feasible. And what institution ultimately requires the SSN and a considerable number of these other pieces of information? What institution puts a considerable number of roadblocks in the way of getting a post office box, for use as a home address, without a "home address"? >I do have responses to each of your "points" in your last post, but have >found the process of responding point-by-point tedious and non-productive If you've got such responses, please give them. They may very well be tedious; I'd disagree about them being non-productive, based on my past experience. Without such responses from you to some very well-reasoned arguments, we are left with the equivalent of the Feds on cryptography, i.e., "if you knew what we know you'd agree with us." -Allen From firstpr at ozemail.com.au Wed Dec 11 08:31:11 1996 From: firstpr at ozemail.com.au (Robin Whittle) Date: Wed, 11 Dec 1996 08:31:11 -0800 (PST) Subject: OECD crypto policy draft guidelines Message-ID: <199612111630.DAA16555@oznet02.ozemail.com.au> What is this list about?? Religion, the semantics of reality vs. perception or doing something constructive about crypto policy??? The latest draft of the OECD guidelines are now at my WWW site. http://www.ozemail.com.au/~firstpr/crypto/oecd_dr.htm Check them out - especially para 59. All the bad bits have been relegated to debateable things in square brackets. Get your mind into this and get your comments to Marc Rotenberg - who I understand is involved with the OECD crew. So much for "PICS is not censorship" being off topic for this list! - Robin . Robin Whittle . . http://www.ozemail.com.au/~firstpr firstpr at ozemail.com.au . . 11 Miller St. Heidelberg Heights 3081 Melbourne Australia . . Ph +61-3-9459-2889 Fax +61-3-9458-1736 . . Consumer advocacy in telecommunications, especially privacy . . . . First Principles - Research and expression - music, . . music industry, telecommunications . . human factors in technology adoption. . . . Real World Interfaces - Hardware and software, especially . . for music . From EALLENSMITH at ocelot.Rutgers.EDU Wed Dec 11 08:33:07 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Wed, 11 Dec 1996 08:33:07 -0800 (PST) Subject: Redlining Message-ID: <01ICVRTK0606AEL6R8@mbcl.rutgers.edu> From: IN%"mjmiski at execpc.com" "Matthew J. Miszewski" 11-DEC-1996 03:52:03.23 >This is the essence of, at least, my disagreement with you Red. I dont >agree that redlining doesnt harm people. You see no harm. I do. Of course redlining causes harm to those who are redlined... they can't get credit. But the same can be said of any system of keeping track of who is likely to repay credit; it means that someone who has defaulted on past loans won't get future ones. Quite simply, while I would agree with you that racism certainly persists (it would be difficult for me to grow up in the South and not see this), I would argue that you have no evidence for that the basic motivation behind redlining is that the people in such areas are less likely to repay credit. -Allen From adam at homeport.org Wed Dec 11 08:49:02 1996 From: adam at homeport.org (Adam Shostack) Date: Wed, 11 Dec 1996 08:49:02 -0800 (PST) Subject: verysign Message-ID: <199612111645.LAA14878@homeport.org> http://www.verisign.com/cgi-bin/authdb/search.cgi Click defense industries, enter a site url of www. I suppose #2 can be seen as a vital part of the defense establishment.. ;) This really should be listed as 'under test.' Enjoy yourselves. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From alexc at firefly.net Wed Dec 11 08:51:50 1996 From: alexc at firefly.net (Alexander Chislenko) Date: Wed, 11 Dec 1996 08:51:50 -0800 (PST) Subject: WEB: Yahoo/Firefly Website recommendation service Message-ID: <3.0.32.19961211115710.00ce9cb0@pop.firefly.net> Firefly Network Inc. has just launched a public beta of our website recommendation service on My Yahoo! This service is the result of a partnership between Yahoo! Inc. and Firefly Network, Inc. in application of Automated Collaborative Filtering (ACF) technology to the Web. It allows users to find interesting websites interest and like-minded people, and otherwise help the user navigate the vast domain of sites and people in an intelligent and personalized way. To access the service, please go to and then click on Firefly button (top right). The recommendation system draws its intelligence from users' ratings. At this point, the database is still small, so you may not get recommendations in all categories and the ones you get may not be optimal. However, as the system collects more ratings and learns more about your personal preferences, you will notice better and better performance. Your ratings will be included into the initial rating database and will help shape experience of many people who will come to the system after you, so please be considerate rating sites. If you have any remarks on the quality of the system or its interface, please send a message to --------------------------------------------------------------------------- Alexander Chislenko www.lucifer.com/~sasha/home.html Firefly Network, Inc.: www.ffly.com 617-234-5452 --------------------------------------------------------------------------- From jya at pipeline.com Wed Dec 11 09:52:56 1996 From: jya at pipeline.com (John Young) Date: Wed, 11 Dec 1996 09:52:56 -0800 (PST) Subject: Data Security in Buildings Message-ID: <1.5.4.32.19961211174935.006b39f0@pop.pipeline.com> As follow-up of the recent discussion of RF detection, we've put a 1995 article on data security in buildings at: http://jya.com/datasec.htm It describes architectural measures to protect data beyond that provided by encryption. We offered this article by E-mail in 1995. Ta-da: a request came from DOJ. It cautions that the global snooping is booming, so what worked in 1995 may be Moscow-Embassy Potemkin: for security hire an ex-KGB spookitect! From sunder at brainlink.com Wed Dec 11 10:03:55 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Wed, 11 Dec 1996 10:03:55 -0800 (PST) Subject: Java DES breaker? In-Reply-To: Message-ID: On Wed, 11 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > Bill Frantz writes: > > I have a client who needs strong crypto routines in Java. (They want > > maintain the privacy of their customer's data when stored on the customer's > > disk.) They need the platform independence that Java provides. I would > > appreciate pointers to implementations. (BTW - I already know about the > > Systemics routines.) > I think it would make much more sense to implement a CPU-intensive problem > like DES in ActiveX. Sure, if all you have on your desktop is a PC. Some folks happen to have Ultra-1's on theirs, and ActiveX won't work there. Besides, Just In Time compilers are doing quite well, even on PC's. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From ddt at pgp.com Wed Dec 11 10:06:47 1996 From: ddt at pgp.com (Dave Del Torto) Date: Wed, 11 Dec 1996 10:06:47 -0800 (PST) Subject: Cypherpunks December Meeting (SF Bay Area) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- [wide distribution: please excuse any duplicates you may receive] Salutations, The Cypherpunks December 96 Physical Meeting is being hosted by Pretty Good Privacy, Inc. We've rented a meeting room at the Hotel Sofitel (see below) that can accomodate ~100 people. There will be munchies, and I think this qualifies as a cypherpunk milestone of sorts, so I hope lots of you show up. Please see . General Info: 1) RSVP's Please RSVP ASAP to if you plan to attend (reply to this with "cpunks-mtg-rsvp" as the Subject). It's very important that I have a clear idea of how many humans plan to attend as soon as possible, because we're also providing refreshments/snacks which we need to order from the hotel in advance. Thanks. 2) Location/Time We'll be holding this "Open Meeting on US Soil" at the: Hotel Sofitel 223 Twin Dolphin Drive Redwood Shores CA 94065 415.598.9000 tel Meeting time is 11 AM - 5 PM (a Sofitel time slot), as we have to be out of the room shortly after 5 PM for a wedding setup). The Sofitel is a block or two south of the shining Oracle towers on Twin Dolphin Drive, which is easily accessible from Hwy 101 (on the east/SF Bay side of the freeway) in Redwood City (12 miles south of SFO airport and a few miles south of the Hwy 92/San Mateo Bridge junction as references). There are directions and a simple GIF map at the meeting info URL. . NOTE: when you arrive at the Sofitel, look for signage pointing to the exact room we're meeting in, or inquire at the main desk. Bring your friends. 3) Demos If you want to demo something at the meeting, tell me ASAP(!). We encourage anyone who has anything Cypherpunks-related to present (even stuff that's already been seen before but which has been updated) to bring/show it. I'm going to set the arbitrary cutoff date for demo reservations as 11:59 PM on Thursday 12 December: we can have the right equipment ready for you if you list what you need in detail. If you wait until the last minute and bandwidth is limited, we may not be able to fit you in, unless you have something very simple to show, so please bear that in mind. There will be overhead projection and an RGB projector available. Net connections can be arranged with advance notice. Right now, we have not arranged anything beyond a Metricom modem (28.8Kbps), but we can arrange an analog modem line or even an ISDN if there's a specific need. Tell me soon(!). 4) Handouts/Door Prizes/Raffle Handouts are welcome: please give me your stack of handouts for the table when you arrive. If you want to pass out detailed mailbomb instructions, please do it outside the building at your own risk (inside the meeting, please refrain from getting PGP Inc in trouble, we do enough of that ourselves already ;). There will be door-prizes from PGP, but supplies are limited if 100 people show up. We may also raffle off some software (upgradable when our new stuff comes out). 5) PGP Key "Thing" Bring a printout of your key fingerprint/key. Or a diskette version, or both. We'll have a key exchange/signing session at the end of the meeting. 6) PGP/MIME BOF at the IETF The IETF's PGP/MIME BOF is Friday 13 Dec, 9:00-11:30 AM (Crystal Room, Fairmont Hotel, 170 South Market St. in Downtown San Jose, 408.998.1900 main). Since it's a Birds Of a Feather session, I think interested people in the San Jose area can show up if they want. Please come by if you want to help support RFC 2015 so PGP/MIME can take the next step toward IETF Working Group discussion so we can eventually move it to the IETF Standards Track process. Anyone who's at the IETF is encouraged to stay over until Saturday and come to the Cypherpunks meeting too! - -- I hope to see everyone there! If you have questions about any of this, email me (I'm at IETF this week, but I'm wireless). If there are any last-minute announcements before Saturday, I'll post them. dave ________________________________________________________________________ Dave Del Torto +1.415.65432.31 tel Manager, Strategic Technical Evangelism +1.415.631.0599 fax Pretty Good Privacy, Inc. http://www.pgp.com web -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv Comment: Verbum sapienti satis est. iQCVAwUBMq7z7KHBOF9KrwDlAQHcRQP/b/FOYPca2tN9mRlJXoLhgeI1swGESUHs 5CzTNcFq92EeiEeNYgq6Ri/itAzovTbt75AvJdfULrHrA48sQ9QGZy/qedRjNv+q w29a0olc9sRh3EpRvW83ioeju2pyJ5zynpu3wua8H5j6p4NAKJmnte0VzxL9n4KA Ezgov90jxuc= =j4Q1 -----END PGP SIGNATURE----- From ichudov at algebra.com Wed Dec 11 10:48:13 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 11 Dec 1996 10:48:13 -0800 (PST) Subject: Redlining In-Reply-To: <01ICVRTK0606AEL6R8@mbcl.rutgers.edu> Message-ID: <199612111843.MAA00290@manifold.algebra.com> E. Allen Smith wrote: > > From: IN%"mjmiski at execpc.com" "Matthew J. Miszewski" 11-DEC-1996 03:52:03.23 > > >This is the essence of, at least, my disagreement with you Red. I dont > >agree that redlining doesnt harm people. You see no harm. I do. > > Of course redlining causes harm to those who are redlined... they > can't get credit. But the same can be said of any system of keeping > track of who is likely to repay credit; it means that someone who has > defaulted on past loans won't get future ones. Quite simply, while I > would agree with you that racism certainly persists (it would be > difficult for me to grow up in the South and not see this), I would > argue that you have no evidence for that the basic motivation behind > redlining is that the people in such areas are less likely to repay > credit. > The problem is, people can choose what credit history they want to have (I can be a saver or a spender, for example), but nobody can change the color of their skin. This is central point of the theory why discrimination based on credit histories is OK, while the discrimination based on race is not. - Igor. From nobody at huge.cajones.com Wed Dec 11 11:08:42 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Wed, 11 Dec 1996 11:08:42 -0800 (PST) Subject: The Redlining Topic Message-ID: <199612111908.LAA24332@mailmasher.com> At 3:05 AM 12/11/1996, drose at AZStarNet.com wrote: >Matthew J. Miszewski wrote: >Many people of good will find racial discrimination to be abhorrent. >OTOH, I'm sure that as an attorney you are cognizant of the fact that >financial institutions have a fiduciary responsibility to their >shareholders. > >In any case, have you given any consideration to taking your >well-meaning but off-topic thoughts to any one of a number of perhaps >more appropriate fora? A discussion of redlining is very much on topic for cypherpunks. Capital markets and their (alleged) inefficiencies are very close to the heart of cypherpunk thinking. A thread we haven't pursued, but will likely get to, is the ways in which inefficiencies are typically introduced by the government, even in the case of redlining. After that point is made, a discussion of the ways in which cryptoanarchy will circumvent governmental scheming will certainly be germane to this forum. Discussions of the nature of bigotry and racial discrimination lie very close to the cypherpunk thinking. In a cryptoanarchy it will be very hard to enforce our ideas of what other people should think. Affirmative action, anti-redlining laws, etc., will likely become far less effective. Disaster? No, a blow struck for human dignity and freedom. Similarly, allegedly well-meaning programs to help the poor through seizure of other people's assets will not do well in a cryptoanarchy. Is this a terrible outcome? Not really. The reasons why are worth discussing and they are worth discussing in this forum. The cypherpunks list benefits from a wide ranging discussion. This was one of the original ideas of the group and is, presumably, why it is a completely open mailing list. These sorts of complaints are particularly inappropriate now that there are two other restrictive mailing lists available for those who want them. One is coderpunks. The other is Perry Metzger's cryptography list. A wide ranging discussion is beneficial because it allows us to truly explore our ideas. Not only do we then achieve a deeper understanding, but completely new ideas also arise. "Let a hundred flowers bloom, let a hundred schools of thought contend." I note that in your comments above, you couldn't resist making a comment which is, apparently in your view, off topic. I would encourage you to pursue these ideas. You obviously find them interesting. Rather than making killjoy comments, which do nothing to promote the discussion, perhaps you should consider posting long thoughtful posts which you believe would raise the level of discourse in this forum. Barring that, learn how to use a killfile. You can killfile on subject line. You can killfile on origin. (I sign my posts consistenly, so they can be killfiled, even though I am posting through the remailers.) Red Rackham From dlv at bwalk.dm.com Wed Dec 11 11:09:05 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 11 Dec 1996 11:09:05 -0800 (PST) Subject: Java DES breaker? In-Reply-To: Message-ID: <6uBsyD129w165w@bwalk.dm.com> Ray Arachelian writes: > On Wed, 11 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > > > Bill Frantz writes: > > > I have a client who needs strong crypto routines in Java. (They want > > > maintain the privacy of their customer's data when stored on the customer > > > disk.) They need the platform independence that Java provides. I would > > > appreciate pointers to implementations. (BTW - I already know about the > > > Systemics routines.) > > > I think it would make much more sense to implement a CPU-intensive problem > > like DES in ActiveX. > > Sure, if all you have on your desktop is a PC. Some folks happen to have > Ultra-1's on theirs, and ActiveX won't work there. Besides, Just In Time > compilers are doing quite well, even on PC's. I happen to have a Sparc 20 box and a Linux box and a SCO box, and ActiveX won't work on any of those. I also work with a bunch of other equipment that's much faster than a PC, but doesn't run browsers. (Most of it is not connected to the 'net for security reasons, but that's besides the point.) If Bill's client is sure to run the platforms that MS IE runs on, then this is not a consideration. Interpreted FORTH bytestream (which is what Java is) may be "doing quite well" when drawing GUI gizmos and widgets, but it can't get anywhere near the performance of hand-optimizer assembler that you can stick into ActiveX. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jer+ at andrew.cmu.edu Wed Dec 11 11:19:35 1996 From: jer+ at andrew.cmu.edu (Jeremiah A Blatz) Date: Wed, 11 Dec 1996 11:19:35 -0800 (PST) Subject: Utility of Snake Oil FAQ In-Reply-To: <199612111559.KAA13478@goffette.research.megasoft.com> Message-ID: <0mfkXF200YUf0BmtQ0@andrew.cmu.edu> -----BEGIN PGP SIGNED MESSAGE----- C Matthew Curtin writes: > Got a bit of an update for everyone who was interested in the utility > of the Snake Oil FAQ. Tim May raised the issue that it seems likely > that a usenet FAQ will only reach people sufficiently clued to look > for a usenet FAQ, which probably means they're clued enough to already > know what's in the FAQ. I myself had this concern, but went ahead > taking everyone's input and working on it anyway. Good for you. I think Tim has largely overestimated the clue of the average FAQ-reader. I've learned quite a bit from FAQs. Besides, multiple distribution points for the same info are a Good Think, in that they increase exposure, and use different language to express the same things, thus allowing greater comprehension. A few suggestions: Pot the warning signs near the top. The technical intro is too brief to be easily understandable by mosr MIS folks, and may scare them away. I think a good organization for the document would be 1) Warning signs 2) The stuff about key sizes 3) The technical intro 4) everything else Also, I saw no mention of source releases in the warning signs section. Publishing your algorithm is good, but if there's a bug in your random-number generator (Netscape?), you're screwed. Examples of good and bad crypto. Stuffit and MSWord encryption is bad, PGP is good, that sort of thing. Anyway, I think it's a good resource. Jer "standing on top of the world/ never knew how you never could/ never knew why you never could live/ innocent life that everyone did" -Wormhole -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMq8Izckz/YzIV3P5AQF70AL8DvPm3YRujGshMZcxlj5Liz+eZEVimOUA zc8P/iePJo4vP+Xt76kHPGGC4BPjgyIggXeLlL0q3H1mkUXCmFZIalAHe8egvOxs g+JrAPppn4VtDjWFbbmtOND6umioxTr9 =PzLL -----END PGP SIGNATURE----- From cman at c2.net Wed Dec 11 11:27:17 1996 From: cman at c2.net (Douglas Barnes) Date: Wed, 11 Dec 1996 11:27:17 -0800 (PST) Subject: Redlining Message-ID: <2.2.32.19961211192516.00b72708@blacklodge.c2.net> Another interesting aspect -- there's been huge growth in the "making loans to folks with non-traditional or bad credit histories" market recently, as the market for folks with good credit histories has become saturated. This has been done largely by various NBFIs operating outside of the normal "bank" structure, and specializing in certain kinds of consumer loans. It is vitally important to realize that to a bank, a loan is a "product," that they "sell" to customers. It is how the bank makes money. If the market is operating properly, irrational refusals to loan on the part of some institutions will create a market opportunity for other institutions. The problem with banking & financial services is that they are already so heavily regulated, and the barrier to entry is so high, that the market seldom operates properly. Thus we see _more_ regulation piled on (such as the CCRI) to address the problems that come about from the previous piling-on of regulations. When there is little competition between banks, this creates a situation which, viewed in isolation, seems "unfair" to those at the fringes of the loan market. The superficial answer to this problem is to force banks to lend in areas that are less profitable for them than their traditional areas -- at this point banks almost begin to resemble monopoly public utilities, which, when you look at the regulations they operate under, is almost the case. The more enlightened answer is to back off enough on the regulation so that marginal loan markets become attractive business opportunities, and any truly irrational lending practices (e.g. based on race) lead directly to losing business to a competitor. Doug At 11:31 AM 12/11/96 EDT, you wrote: >From: IN%"mjmiski at execpc.com" "Matthew J. Miszewski" 11-DEC-1996 03:52:03.23 > >>This is the essence of, at least, my disagreement with you Red. I dont >>agree that redlining doesnt harm people. You see no harm. I do. > > Of course redlining causes harm to those who are redlined... they >can't get credit. But the same can be said of any system of keeping >track of who is likely to repay credit; it means that someone who has >defaulted on past loans won't get future ones. Quite simply, while I >would agree with you that racism certainly persists (it would be >difficult for me to grow up in the South and not see this), I would >argue that you have no evidence for that the basic motivation behind >redlining is that the people in such areas are less likely to repay >credit. > -Allen > From jer+ at andrew.cmu.edu Wed Dec 11 11:33:11 1996 From: jer+ at andrew.cmu.edu (Jeremiah A Blatz) Date: Wed, 11 Dec 1996 11:33:11 -0800 (PST) Subject: Harddisk encryption ?? In-Reply-To: <199612111610.KAA00971@manifold.algebra.com> Message-ID: <0mfkjC200YUf0Bmus0@andrew.cmu.edu> -----BEGIN PGP SIGNED MESSAGE----- ichudov at algebra.com (Igor Chudov @ home) writes: > i definately see a problem. > > you encrypt all your data on that another computer, and then send this > data over your LAN in the clear. the data can be compromised by snooping > at the network connection. If you had read his message, you would have noted that he's on a private network. Net sniffing should not be a problem, unless he's under tempest attack. Of course in that case, he's probably screwd anyway. > that sux, although you are protected against "physical theft". > > I suggest that you use PGP and DOS partitions to keep your files > instead. Nahh, however, watch out for temporary files lying around, post-its with passwords written on them, plaintexts lying around on unencrypted partitions, etc. Jer "standing on top of the world/ never knew how you never could/ never knew why you never could live/ innocent life that everyone did" -Wormhole -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMq8Lyckz/YzIV3P5AQGRBQMA2Y9kWMRhTo7p5NSzYM/jMgG0keHycokD jEkOA2/MhX9G2mH9MtDuqUWMEbRXswPYRBJ41MOMGu4IIXnWMY6mbyB1tHYVGYxL EgqJxSFAexIBewC9gOWoKCFMf53RaRJb =pDRv -----END PGP SIGNATURE----- From lucifer at dhp.com Wed Dec 11 11:42:04 1996 From: lucifer at dhp.com (Anonymous) Date: Wed, 11 Dec 1996 11:42:04 -0800 (PST) Subject: Quadratic residues Message-ID: <199612111941.OAA19216@dhp.com> Now is the time for all good little boys to cum in Tim May's big mouth. \|/ /~~~~~~~\ | O O | -ooo-----U-----ooo- Tim May From tcmay at got.net Wed Dec 11 11:42:10 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 11 Dec 1996 11:42:10 -0800 (PST) Subject: "Bigotry" and related topics...a brief comment In-Reply-To: <01ICVRN4ZPMOAEL6R8@mbcl.rutgers.edu> Message-ID: At 11:26 AM -0400 12/11/96, E. Allen Smith wrote: >From: IN%"mjmiski at execpc.com" "Matthew J. Miszewski" 11-DEC-1996 03:35:52.25 > >>My question was a real one. The basis of it comes from my work with the >>homeless in which they have a difficult time getting a job because they >>have no "home address" to put on the forms, some do not have or remember >>their SSNs, etc. This causes a cyclic problem for the homeless. My >>question to Tim was, in the real world, how is the protection of this data ^^^^^^^^^^^^^^^ >>feasible. I confess to have missed the original "question to Tim." While Matthew M. has been energetic in his posts on this topic, I've been skipping most of this particular debate for a couple of reasons: 1. The _general_ subjects of "bigotry" and "redlining" are not closely related to themes of this list, though the implications of strong privacy for these issues is certainly on topic. (And my views on these implications are well known...I've seen no point to step in to the debate to repeat them, and don't plan to argue with Matt M. about the "evils of bigotry.") 2. Many of the posts by Matt M. and "Red Rackham" and others have been so massive, containing paragraph-by-paragraph rebuttals of political and ethical points, that I've just given up on trying to follow the points. If anyone has well-formed questions about how redlining and "bigotry" is affected by strong cryptography and crypto anarchy, fire away. Just don't bury them deep in a long diatribe about the evils of "prejudice" and "discrimination." (Personally, and off-topic for the list (so I'll be brief), the ills of our society seem to me to have _very little_ to do with "prejudice." In fact, most people are not "discriminating" enough, in the sense that discrimination implies value judgements and assessments of probable success based on data available. As someone noted, the Asian communities in the U.S. are doing well and are quite "discriminatory" in lending policies. Get used to it, as crypto anarchy will make coerced transactions even more difficult. The racial and ethnic groups which are most into "victimology" are the least successful--which is _cause_ and which is _effect_ may be debatable to many of you, but the correlation is very clear....maybe it's time they try something different, like getting their culture to embrace learning, reading, science, math, and business success, instead of glorifying victimization, crack cocaine, basketball stars, and pimps.) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From minow at apple.com Wed Dec 11 11:55:13 1996 From: minow at apple.com (Martin Minow) Date: Wed, 11 Dec 1996 11:55:13 -0800 (PST) Subject: Check out today's Salon Message-ID: <32AF118D.3970@apple.com> There's an article on Phil Zimmerman in today's Salon http://www.salon1999.com/news/newsreal.html Martin. From tcmay at got.net Wed Dec 11 12:00:35 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 11 Dec 1996 12:00:35 -0800 (PST) Subject: Redlining In-Reply-To: <01ICVRTK0606AEL6R8@mbcl.rutgers.edu> Message-ID: At 11:31 AM -0400 12/11/96, E. Allen Smith wrote: >From: IN%"mjmiski at execpc.com" "Matthew J. Miszewski" 11-DEC-1996 03:52:03.23 > >>This is the essence of, at least, my disagreement with you Red. I dont >>agree that redlining doesnt harm people. You see no harm. I do. > > Of course redlining causes harm to those who are redlined... they >can't get credit. But the same can be said of any system of keeping >track of who is likely to repay credit; it means that someone who has >defaulted on past loans won't get future ones. Quite simply, while I >would agree with you that racism certainly persists (it would be >difficult for me to grow up in the South and not see this), I would >argue that you have no evidence for that the basic motivation behind >redlining is that the people in such areas are less likely to repay >credit. Whether to offer credit to some entity is, like many other such transactions, an economic transaction which involves a number of factors: interest rates charged, other uses for the money, expectation of payback, government interference (distortions of markets), etc. As with insurance in all its various forms, the decision process involves _probabalistic assessments_ based on avialable information, such as from past payback data, actuarial tables, the legal system, etc. By the nature of such probabalistic assesments, certain "lumped" categories will have to be used: age groups, sex, For example, here are just some obvious areas to consider: - age -- if under-25 persons have a 20% higher default rate on loans, "for whatever reason," this will be a factor in setting rates or even in granting a loan - sex -- if women are generally twice as likely to repay a loan, this will be a factor - ethnicity -- if persons of Norwegian heritage are 4 times less likely to default on a loan than persons of Blatislavan heritage are, a loan officer would factor this in (absent government market distortions) - education -- if college-educated persons are less likely to default than high school dropout, etc. ...and so on...one could make a list of several dozen categories, then run correlation tests of various sorts. This is clearly what banks and other lenders do in establishing loan criteria. Nothing new here. What is lost on many people who denounce "racism" and demand that banks give equal percentages of banks to various allegedly aggrieved "oppressed minorities," based on various quotas, is that the loan process is almost totally driven by _greed_, as it should be. Any bank which practices "stupid racism," e.g, by ignoring good payback prospects because of tangential or unimportant criteria, faces lost business. That the composite effect of lending criteria studies is that relatively few inner city blacks who failed to graduate from high school and who have menial jobs are offered credit is not a function of racism, but of these correlation studies. Sometimes other criteria can become domiant, such as "loss of face" in Asian cultures if a loan is defaulted upon, especially a loan made by other members of one's ethnic community. This explains the success of the private lending pools many Asian communities have. Blacks who feel "discriminated against" would do well to emulate this example, instead of demanding that Massah in the Big House fix things for them by government distortion. (Note that one way commercial banks have of avoiding the problem of quotas on loan applications is to simply not have offices in inner cities or other areas of poor credit prospects. This has been one of the main effects of government distortions of free markets in credit.) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From mjmiski at execpc.com Wed Dec 11 12:09:34 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Wed, 11 Dec 1996 12:09:34 -0800 (PST) Subject: Redlining Message-ID: <3.0.32.19961211140911.00695a20@execpc.com> -----BEGIN PGP SIGNED MESSAGE----- At 03:05 AM 12/11/96 -0700, drose at azstarnet.com wrote: >Many people of good will find racial discrimination to be abhorrent. OTOH, >I'm sure that as an attorney you are cognizant of the fact that financial >institutions have a fiduciary responsibility to their shareholders. Are you suggesting that a fiduciary responsibility is violated by *not* redlining? I stated before that all *real* qualifying factors remain in force. The only irrelevant method to be eliminated is place of residence. Granted, if a certain bank only made loans through direct mail campaigns or some such, an argument *might* be made that risks are higher in certain residential neighborhoods. Breach of fiduciary duty would be thrown out almost immediately as a claim. > >In any case, have you given any consideration to taking your well-meaning >but off-topic thoughts to any one of a number of perhaps more appropriate fora? > Actually, I mentioned redlining as an aside to a totally different point. Red has asserted, and I tend to agree, that this is actually on point. We are discussing the possibilities of crypto anarchy. Matt -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMq8U4bpijqL8wiT1AQG+KgP9GOTcxgKTqR+AgUf2qiRjO97kV+QdQ7Tq 6PZIjQYmgSM6YS5Yg75A8iSD2soi9ZFfEM++6TGHqCZ1ViLpNTuQZJGjxB3mUs8D U5eYiPmUEw9NC0z0CCwIPFyxouWtL4lhG3rUEopLuUuqB1OwPkbShIddkGxYRnqt prsuIc6m314= =zUqA -----END PGP SIGNATURE----- From tcmay at got.net Wed Dec 11 12:10:22 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 11 Dec 1996 12:10:22 -0800 (PST) Subject: Redlining In-Reply-To: <01ICVRTK0606AEL6R8@mbcl.rutgers.edu> Message-ID: At 12:43 PM -0600 12/11/96, Igor Chudov @ home wrote: > >The problem is, people can choose what credit history they want to have >(I can be a saver or a spender, for example), but nobody can change the >color of their skin. > >This is central point of the theory why discrimination based on credit >histories is OK, while the discrimination based on race is not. But of course one also cannot change one's gender, age (except by waiting), or national origin, marital status (at least not easily), etc. and yet these often offer correlation data on expectation of payback. (If they do, they do. If they don't, they don't. My point is not to argue for these factors, or how a lender might want to weight them, only to note that many such criteria are in fact not changeable by the applicant for credit (or insurance, or a rental, etc.).) Personally, of course, I reject the notion that lenders of money or renters of property should be told by men from the government that they may not take into the gender, ethnicity, age, marital status, etc. of applicants. The knee-jerk demonization of "racism" and "discrimination" in this society needs reexamination. No, I'm not arguing _in favor_ of simplistic notions that the color of one's skin is critical. Rather, it's clearly important for _some_ decisions, as we all know whether we admit it or not. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jya at pipeline.com Wed Dec 11 12:23:18 1996 From: jya at pipeline.com (John Young) Date: Wed, 11 Dec 1996 12:23:18 -0800 (PST) Subject: Commerce Crypto Export Regs Message-ID: <1.5.4.32.19961211201959.0067ef58@pop.pipeline.com> Forward from: cyberia-l at listserv.aol.com Date: Wed, 11 Dec 1996 11:55:52 -0800 From: Cindy Cohn Subject: Draft of Commerce Department Crypto Regs Steptoe and Johnson have kindly posted the draft Commerce Department regulations on encryption exports at http://www.steptoe.com/commerce.htm. [Snip] If you have trouble getting through, we've mirrored this document at: http://jya.com/commerce.htm From tcmay at got.net Wed Dec 11 12:32:19 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 11 Dec 1996 12:32:19 -0800 (PST) Subject: Credentials without Identity--Race Bits Message-ID: By the way, on this oftentimes off-topic issue of "bigotry" and "racism," here's a zinger some of you may not have thought much about. And it's certainly related to the themes of Chaumian "credentials without identity," which is very much on-topic. While it has been claimed by some that "crypto anarchy" means that race won't matter, that cyberspace interactions will be color-blind, this is misleading. While many--probably most--users will care only for cyberspace personna issues, and not meatspace personna issues of race, color, height, weight, etc., this is not something built in to anonymous transactions. Consider a "race credential" offered by some entity. Perhaps one goes down to the local Aryan Nations office and gets one's genetic heritage stamped, or down to the Kwanzaa Youth Center to be similarly stamped.... (Why some groups might want this is left as an exercise for the reader. Perhaps a less-inflammatory example (to some of the sensitive amongst you) might be that some women want to interact in "women only" forums--a clear case of discrimination, no?--and may want a "gender bit" avaiable to display as a credential.) But, you may ask (if you are new here or haven't been following the work of Chaum and others), won't display of such a race or gender bit compromise one's identity or be easily forged? The simple answer is "No." Hal Finney has written several good articles for this list about "credentials without identity." And of course David Chaum wrote the originals. The canonical example is that of an "age field" in an unforgeable ID card, granting one access to, say, a bar, without revealing identity. (This become especially important in an age of smartcards and wide use of cardreaders at entr points to various places...without a "credentials without identity" system, every passage through such a portal provides too much information to those compiling surveillance records, dossiers, customer preference lists, etc.) But a "race field" would allow those who wish to only communicate with certain races to do so. Just to set the record straight, and one reason ethnic separatist groups are likely to become intensely interested in crypto anarchy. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From wb8foz at wauug.erols.com Wed Dec 11 12:35:37 1996 From: wb8foz at wauug.erols.com (David Lesher / hated by RBOC's in 5 states) Date: Wed, 11 Dec 1996 12:35:37 -0800 (PST) Subject: Draft of Commerce Department Crypto Regs (fwd) Message-ID: <199612112035.PAA09754@wauug.erols.com> From: Cindy Cohn Subject: Draft of Commerce Department Crypto Regs via: CYBERIA-L at LISTSERV.AOL.COM Steptoe and Johnson have kindly posted the draft Commerce Department regulations on encryption exports at http://www.steptoe.com/commerce.htm. Of most interest to those of us concerned about the First Amendment is the provision which eliminates the "publicly available" exception to the EAR and states "controlled software will not be eligible for "publicly available" treatment, even if the source code or object code is published in a book or other mdia." It also eliminates the exceptions for educational information and fundamental research contained in the EAR for source code and object code. I haven't had a chance to review the rest in any detail. Cindy ************************ Cindy A. Cohn McGlashan & Sarrail, P. C. -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From hua at chromatic.com Wed Dec 11 12:37:40 1996 From: hua at chromatic.com (Ernest Hua) Date: Wed, 11 Dec 1996 12:37:40 -0800 (PST) Subject: Silly me ... Message-ID: <199612112036.MAA05582@ohio.chromatic.com> About 2 years ago, I attended CFP in San Francisco (really San Mateo, but who's counting), and I ran across a presentation by an ex-Justice Department dude named Kent Walker presenting the government's side of the encryption/wiretap debate. He really seemed nice enough, and I tried to chat with him. My topic was how could a good meaning hacker help good meaning government dudes figure out details to policies so that everyone is happy. Little did I know at that time that this is the same Walker that was quoted by Meeks as saying cute lil' gems like ... "If you ask the public, 'Is privacy more important than catching criminals?' They'll tell you, 'No.'" ... and ... "It's easy to get caught up in the rhetoric that privacy is the end all be all." After a little bit of frustration, I wrote him off as someone cashing in on his Justice days to be some VP of government relations (a.k.a. lobbyist) with Air Touch. Perhaps there is something slightly more spooky with this character than I originally thought. Ern From tcmay at got.net Wed Dec 11 12:39:02 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 11 Dec 1996 12:39:02 -0800 (PST) Subject: Utility of Snake Oil FAQ In-Reply-To: <199612111559.KAA13478@goffette.research.megasoft.com> Message-ID: At 2:17 PM -0500 12/11/96, Jeremiah A Blatz wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >C Matthew Curtin writes: >> Got a bit of an update for everyone who was interested in the utility >> of the Snake Oil FAQ. Tim May raised the issue that it seems likely >> that a usenet FAQ will only reach people sufficiently clued to look >> for a usenet FAQ, which probably means they're clued enough to already >> know what's in the FAQ. I myself had this concern, but went ahead >> taking everyone's input and working on it anyway. > >Good for you. I think Tim has largely overestimated the clue of the >average FAQ-reader. I've learned quite a bit from FAQs. Besides, >multiple distribution points for the same info are a Good Think, in >that they increase exposure, and use different language to express the >same things, thus allowing greater comprehension. Careful. I didn't say precisely what Matthew said I said. My comment, from some months ago, was, as I recall, that the people _most in need_ of reading such a FAQ would probably be unreached by it. By "most in need" I also meant the _developers_ of snake oil systems. As a recent example, I rather doubt that the developers of the "virtual one-time pads" and "really good Caesar ciphers" have seen the FAQ. Or, if they have, that they understood the relevance for their own products. The best "snake oil FAQ" is reading the first few chapters of, say, Schneier. Those who read enough of Schneier are well-prepared to see the flaws in "virtual one time pads," while those too lazy to bother are almost certainly not likely to learn much from a FAQ. I think it's fine that the authors of the Snake Oil FAQ generated it. To each their own. My approval is not needed, as the Cyperpunks group is neither a collective nor a democracy. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Wed Dec 11 13:05:14 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 11 Dec 1996 13:05:14 -0800 (PST) Subject: Why PICS is the wrong approach Message-ID: PICS is the wrong approach becuase it oversimplifies the ratings of content, because it places the ratings made by the author in the payload itself, and because third-party ratings systems are cut out of the loop (effectively). One computerish way to think of this is that the "binding" is too early. At the time of distribution, say, I mark my work something with some PICS label, based upon my best understanding of the PICS labels, ratings, agencies, and laws. But once set, the "binding" has been made. Later reviews or reviews by other entities cannot affect the binding, at least not for this distributed instance. And of course it is quite likely that things important to others in their ratings are not as important to me. I might even ignore certain points, not even seeing the need to point out things in the work. This is inevitable, as there is no uniform view of truth, no uniform set of values and priorities, and no hope there ever can be such a monistic view. Consider the recent example of AOL's lists of banned words, even words in "harmless situations" (e.g, the example someone cited of "tits" being banned, despite being the name of a bird...would an animal-lovers Web page or posting with "Tits and Asses!!!" prominently in the title be PICS labelled as obscene? Some would surely think so.). A much better solution is to let the unique ID block of an article--the Usenet article ID, or some hash of the headers, whatever--be a pointer that other ratings servies could then use to provide for their customers or clients as a filtering mechanism. This would allow as many ratings services to exist as clients would be willing to support. Sure, there are _time delays_ in the evaluation process, as, for example, the Catholic Index reviews Web pages and Usenet posts, but all evaluation causes delay. This puts the burden on those proposing to filter content. More importantly, the "payload" does not carry some particular set of fairly-arbitrary PICS evluations. Binding by the censors instead of by the originator, which is as it should be. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From mjmiski at execpc.com Wed Dec 11 13:14:49 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Wed, 11 Dec 1996 13:14:49 -0800 (PST) Subject: Redlining Message-ID: <3.0.32.19961211151422.0068b9f0@execpc.com> -----BEGIN PGP SIGNED MESSAGE----- My point, Red, at the outset was that your tendency to address each point in turn was not being fruitful to me (my time is a scarce resource). Surely you do not make policy decisions based upon how much time someone has to address your concerns. >>My question was a real one. The basis of it comes from my work with >>the homeless in which they have a difficult time getting a job >>because they have no "home address" to put on the forms, some do not >>have or remember their SSNs, etc. This causes a cyclic problem for >>the homeless. My question to Tim was, in the real world, how is the >>protection of this data feasible. > >The way you protect your home address is by using another address for >work which is not your home. The way I would do this is to find a >mail box service which offers addresses that look like a home. > >A homeless person might find somebody with a home (like you) who will >receive their work related mail for them. > >A "phone" is easy to get, too. You can get a telephone number which >is linked to a voicemail box. You can even get this number listed in >the telephone book, if you like. The cost of this service should be >less than twenty dollars a month. If you want to go wild, you can get >a pager linked voicemail number. This means your pager goes off when >you get a message. Handy. > >But, even this small expense may be out of reach of a homeless person >or a homeless advocate. This is a good attempt at intellectual honesty which was present in your original reply but lacking thereafter. That aftermath explains my tone in my later replies. I apologize. >What you can do is get a second line for your >home and keep it unlisted. Then, give it to your homeless friends for >work related purposes. If the number is only used for work messages, >you could probably handle over a hundred people on this one line. This is actually a great idea. In my real world, I am criticized for taking on the problems of others before myself. While I could work this out, I border on the problem of ignoring (or bypassing) the concerns of my family, which is my prime motivator. I am not saying this is not a great idea. >As for the social security number, it has been claimed many times on >this list that nobody checks them anyway. There are programs which >generate real-appearing numbers. (I think one was called "ssn.exe".) While I understand the greater social good, I, personally, am not interested in violating applicable fraud statutes. This is a borderline case in which consideration to the idea, of course, should be given. I would hesitate to expose these people to that risk. >And, you can go to the SSA to find out somebody's SS number or to have >one issued. It will take awhile. This is the best way to address the problem. But, it leads to my original quandry (not redlining) which was how some people can, realistically, protect this data. You do give some good opportunities. For me they are unacceptable and on balance, I would suggest that people go the latter route and attempt to comply with the statist regulations. Maybe in a more perfect society, they would have an interest in privacy. In the world today, however, I think they would choose to eat. >>I do have responses to each of your "points" in your last post, but have >>found the process of responding point-by-point tedious and non-productive >>(maybe less productive than the time I have to give to the exercise, I was >>not intending on placing a value judgement on it). > >This gives the appearance that you are avoiding the points I raised. >My conclusion is that your views are indefensible. Having described >my views on the poor as "idiotic", I think it is in poor taste to >withdraw from the field without justifying your claim. I claimed that well after your posts became far more condescending than fruitful. You stated your assumptions as fact and dismissed my points with several fininely tuned snips. I really dont care if you find it in poor taste here, because this list is as close to an anarchy as we will get. I do not have to abide by your construct of good argument if i dont want to. If I wanted to I could repeatedly issue heart-wrenching stories of poverty in America (similar, of course, to politicians using "real world examples" in speeches). You seem to assume that this would be "wrong". I have said, repeatedly, that we disagree. Apparently, now I have to *reiterate* why. I am not trying to convert you, Red. I have no reason to. My response, on which you jumped, was a pointed question to Tim about the reality of privacy protection. Once again, we disagree. You do not favor any form of government regulation. I do favor some forms of government regulation. It seems that the turning point for you is your belief that racism causes no real harm. I disagree. If you really want to have a list of the harms caused by racism, I will list them in a seperate note to you. I wish you could be intellectually honest enough to realize these harms. I fear, however, you will not be. >>As the topic quickly wandered from the original post on privacy >>concerns to racial discrimination, I will address that. I apologize >>to the list (for those that find it irrelevant), but I can not reply >>directly to Red. > >Cryptoanarchy is not friendly to schemes to prohibit racial >discrimination. Indeed, it is unfriendly to any scheme which attempts >to control the relationships between people. I do not know where you live, but I live in the US. Cryptoanarchy has not taken hold here yet. As such, my discourse is regarding the political system in which I live. As such I favor regulating behavior between the small number of protected classes and the small number of covered transactions (employment, housing, etc.). You, OTOH, do not. >>I, personally, find racial discrimination to be a problem in the USA. > >It would be nice if everybody in the U.S. was not a racist. It would >be nice if all the bad people just left. Actually, it would be preferable if they would become enlightened. It is difficult to do. I try every day. BTW, if the comment above was supposed to be aimed at me, once again i *never* made any such assertion. >>Not only do I find it a moral problem, but it has adverse effects on >>markets and the efficiency of these same markets. It is costly not >>only in personal measures, but in economical terms as well. >But, of course, I don't subscribe to the notion that market efficiency >is the best means of determining policy. For one thing, concepts such >as efficiency and production are politically defined. If I grow food >for myself, it does not affect GDP figures. If I trade the food for >money and buy something, then the same production increases GDP. This >is not sensible. I subscribe to the notion that policy should be determined by the best balance of several concerns. Among these are market efficiency, social justice, budget constraint and liberty. I am unsure how you would determine policy. >More importantly, I don't believe that market efficiency, however >measured, is sufficient justification for dictating other people's >actions. "Market efficiency" is a gambit to conceal dictatorial >powers in a scientific cloak. Maybe for some, but if you have assumed that is how I act you are mistaken. As I said, I would determine policy based upon a wide range of competing interests. You seem to be violating your own "rule" about not utilizing concepts such as the "libertarians wet dream". Many believe the same about the "gambit to conceal dictatorial powers in a scientific cloak." Apparently those "rules" only apply to others. >Discussions of market efficiency typically overrule the preference >that citizens have. One could imagine that a study that concluded >alcohol consumption reduced national efficiency and should therefore >be banned. Yet, this completely fails to take into account the strong >preference many people have to drink. Some even consider it to be a >religious sacrament. I don't believe such preferences should be >ignored. They should be respected. And neither do I. On balance, I would not have accepted prohibition then, and I do not accept it now. People also have a preference not to hire blacks. I feel that that should not be an acceptable means of interaction between an employer and a prospective employee. You do. That is what I meant by drawing lines. You feel that every employer (a creation of the state) should have the ability to act in a discriminatory fashion. I disagree. You and I do agree that when the personal excercise is for a drink, the government should not respond. This is because, on balance, I believe that the excercise of that freedom is more important than the adverse effects of alcoholism. And vice versa for employment discrimination. >Likewise, if somebody just cannot stand Albanians, we should respect >their preference even though we may personally disagree with it and >even though we may believe it makes the annual GDP number lower. Once again, I would determine policy based on several competing interests. Aparently you would determine it on a notion of absolute freedom. I am trying not to assume anything. And for the record, I have only supported governmental intervention in currently accepted transactions, which do not cover individuals wanting to hold racist beliefs. >I am not sure exactly what "costly ... in personal measures" means. >If you mean that somebody who will not speak with Albanians is >deprived of rewarding friendships they might otherwise have, that is >probably true. On the other hand, the Albanian-hater will not see it >that way. That is his or her tough luck. Actually I was referencing the effects upon the discriminated against. >>I do expect many on the list to disagree with me....They will >>disagree that it affects markets in any way. > >Just for the record, I can imagine that racial prejudice could have a >slight effect on mortgage prices (i.e, interest). But, since the CMO >revolution, I am inclined to believe that effect will be quite small >and is probably unnoticeable. > >>They will assert that legislative restrictions are far worse than >>industry self-policing. > >Just for the record, I am not advocating "industry self-policing". >Policing is what I disagree with. > >>More will disagree that the government has any business regulating >>the area. As I had stated simply before, I disagree. > >All you have really said is "I believe X." Should we take your belief >on faith or are there reasons which underly your beliefs? > I believe in regulating, in one instance, employment discrimination. I do so because I have personally seen the economic impact on the Greater Milwaukee Area of such discrimination - both past and present. I believe X also because I have been witness to the personal impact that such discrimination has upon people. To take advantage of practices effective against poverty, several of which you have mentioned, it helps to have self-confidence and a degree of self-worth. These are directly damaged by employment discrimination. I believe that the elimination of redlining would help to increase capital flows into some of these affected areas. Even if, as you stated, the elimination would allow for a few token investments in order for banks to appear to be in compliance, that is a willing trade off for me. It is not for you. >>Thru painful learning experiences and reality checks - long arguments >>over several months and too much coffee - I decided that I would not >>want to live in a libertarian's ideal society. This decision was >>based on my perception that it just wouldnt work in reality. ^^^^^^^This was, of course, my explanation before. Apparently you didnt see it. I was not using libertarian's ideal society in any derogitive way. At one time I believed in it. Through self-examination I decided that it couldnt work. Is your point that you disagree with me or that Anyone who disagrees with you must be wrong? >>>I'm sure many readers of this list have had conversations which >>>abruptly end with "Are you a Libertarian?", which is generally >>>completely irrelevant to the point under discussion. What is >>>happening is that the other person is more interested in knowing your >>>tribal identification than what you believe. A pity. >> >>As strange as it may sound to you, most of my conversations go this >>way. It is ironic to me that I have been placed on this side of an >>argument. > >Yet, you are doing something very similar when you raise the issue of >"a libertarian's ideal society". Likewise, you criticized Tim May for >having (roughly) "too absolute a theory". In either case, you are >avoiding substantive discussion, preferring to make prejudicial >remarks. Actually that is the substance of my dissention. I do not believe in those theories which results in my favoring X. You disagree and favor an absolute theory of freedom (I may be wrong, but you have never asserted your underlying political theory). My policy decisions are based upon my political philosophy. As are yours, I assume. I never said, Tim was "bad" because of his theory. I was simply pointing out that I did not agree with it. >Here we are discussing some very specific policies and their ethical >implications. There is no need to raise the specter of the >"libertarian ideal society". You have labeled it a specter, not me. I have the utmost respect for libertarians. It was simply a way to reference the subject matter. >One nice thing about Libertarian-style >discussions is that most of the policies are separable; that is, we >can discuss redlining without discussing highway privatization. This >makes a nice contrast to other styles of discussion in which the >proposed scheme only works if everybody participates. The most >extreme example was Marxism where it was claimed that it would fail if >the entire world was not Marxist. You appear here to admit that it is possible to favor one libertarian policy while disagreeing with another. That is what I am doing. >>Do you tend to think of me now as "less of a Libertarian" much as >>your forewarned "In the House" black reference? > >"In the house"? This appears to be an American idiom which I haven't >learned yet. Sorry. Mixing my replies. That was someone else. ;-) >I used the word "forewarned" once. I said that it would be hard to >believe that even wealthy African-Americans were racist in their >lending practices. I still find it hard to believe. > >It may surprise you to know that I am not all the interested in >whether you call yourself a Libertarian. Doesnt suprise me at all. You are only interested in your political philosophy. When it is relevant to my political philosophy and the way in which I would make policy decisions apprently it is irrelevant. It is not to me. >>>Do we then believe that we should outlaw the actions they take based >>>on these beliefs? So long as the people in question are doing no >>>harm, I propose we leave them alone to live their lives. >> >>This is the essence of, at least, my disagreement with you Red. I >>dont agree that redlining doesnt harm people. You see no harm. I >>do. > >Your reluctance to discuss the nature of the harm you perceive does >not give the impression that you have good reasons for your >perception. Much as the line of Don Wood argument, I have no interest in educating you. If you are really interested I will roll out what I perceive as the many harms caused by racism. Unlike you, I am in no rush to call your reasons for your beliefs "good" or "bad". You believe as you do. You do so because of personal reasons. I believe as I do, that racism harms people. I do so because of my personal experiences. Among these are employees explaining to me the nature of the discrimination that they have suffered, their inability to pursue any such claims because of a lack of both self-confidence as well as capital, the faces of their children that do not yet understand the nature of the world they have been brought into and the immense stress on familial relationships caused by the lack of a job caused by employment discrimination. Ill even discard the borderline cases and refer to the slam dunk cases out there. I live and work in Milwaukee, Red. People are fired and told they are fired because they are black. I have settled cases with no dispute of these facts. All of the personal harm and more was suffered by my clients. This is part of the reason for my perception. I wish I lived where you did where racism hurts nobody. Just give me a general location and Ill start to move my clients there ;-|. > >Red Rackham Matt -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMq8kIrpijqL8wiT1AQHNlgP8CoLXjtvPukDuNKu0hi7JHp7ev8HoKVo9 1sMWS5ycOaUvHW/LK81TvmZ15ViCSlqz17TCgkXEw0uvFoaFXkjVcheyBF891blF MuAiBWe+O+R/ZkZ9GcD0tiO9bdk+MBYxLiNTffcQJZnEvV8obxi9zG5l5s4rcd/J Y1JYNtaYTkk= =EqBg -----END PGP SIGNATURE----- From mjmiski at execpc.com Wed Dec 11 13:19:55 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Wed, 11 Dec 1996 13:19:55 -0800 (PST) Subject: Redlining Message-ID: <3.0.32.19961211151926.0068b9f0@execpc.com> -----BEGIN PGP SIGNED MESSAGE----- At 11:31 AM 12/11/96 EDT, E. Allen Smith wrote: >From: IN%"mjmiski at execpc.com" "Matthew J. Miszewski" 11-DEC-1996 03:52:03.23 > >>This is the essence of, at least, my disagreement with you Red. I dont >>agree that redlining doesnt harm people. You see no harm. I do. > > Of course redlining causes harm to those who are redlined... they >can't get credit. But the same can be said of any system of keeping >track of who is likely to repay credit; it means that someone who has >defaulted on past loans won't get future ones. Quite simply, while I >would agree with you that racism certainly persists (it would be >difficult for me to grow up in the South and not see this), I would >argue that you have no evidence for that the basic motivation behind >redlining is that the people in such areas are less likely to repay >credit. Actually, my assertion was that the basic motivation was racism and ignorance. My example of student loan default rates should clear that up. College graduates generally live outside of redlines and yet are regularly offered credit. And yet default rates on student loans are outrageous (the government backing of these loans is irrelevant to individual creditworthiness). > -Allen Matt -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMq8lWbpijqL8wiT1AQF+HQQApA1oGLXhfaxKH8MyDi3HCH2sk2LzKqSB 3DDgKPfyU0nRtGvaLk5xN+8LqmKoQsccJX9Z50+c6Tj+ENE8NAALw9NUsb8ZjV0a zB1iKG0eXgvm4X9Hvg9em/rjA6NlzXW037TJkyg9BCfhgUJN2bRF4J9wupTZJlI3 rzrXV9pgBN0= =/DwJ -----END PGP SIGNATURE----- From nobody at huge.cajones.com Wed Dec 11 14:13:18 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Wed, 11 Dec 1996 14:13:18 -0800 (PST) Subject: Redlining Message-ID: <199612112212.OAA08269@mailmasher.com> At 3:05 AM 12/11/1996, drose at AZStarNet.com wrote: >Many people of good will find racial discrimination to be abhorrent. Abhorrent? To the extent that stupidity is repugnant, I suppose you are right. However, I find it interesting that we are taught to see racism in terms of morals. The basic tone seems to be "Oh, we really shouldn't say such things ... even if they are true." What you don't hear very often is how racists miss out on friendships and valuable life experiences. Why not? Because typically the people condemning racism do not, in their hearts, believe it is worth knowing people in certain racial groups. Imagine a company which avoided hiring good people for dumb reasons. Why is this any different from any other foolish decision? Leave the abhorring to the company's poor stockholders. But, of course, many of the people who are doing the abhorring are unable to picture members of certain racial groups being great people to hire. (My comments are directed to the world at large and not drose at AZStarNet.com) Rather than promoting abhorrence for racism, it would be more constructive to discuss reality itself. This happens infrequently. Instead, we are encouraged to pretend reality is something other than what we believe. Topics of the African-American crime problem are considered to be inappropriate, yet it is a very real component of American urban life. Discouragement of thought and discussion is another hallmark of a totalitarian society. Thought and discussion are not conducive to blind obedience. Ironically, most African-Americans are better equipped to discuss their beliefs about racial groups than their "educated" "defenders". For example, check out the "Last Poets". You won't agree with everything these people have to say, but there is no question that they are speaking their minds, often brilliantly. (I consider the poem "Niggers Are Afraid of Revolution" to be their chef-d'oevre.) Another example can be found in the movie "Crumb". Much, if not all, of Crumb's work is unpopular amongst the "politically correct", often on the grounds that he is racially prejudiced. Crumb reports that African-Americans never object to his work and often give him positive feedback. Clearly, the people Crumb is talking to have the sophistication to recognize his advanced use of satire and courageous exploration of topics forbidden for discussion in American society. (Let me add that remailers are great. I would be reluctant to express these ideas in any other way for professional reasons.) African-Americans have clearly added a great deal to American culture. The great musical achievement of the 20th century is jazz and it was primarily developed by African-Americans. Jazz holds its own intellectually against any other genre of music from any time. Interestingly, jazz did not originate in an elite, like most great cultural achievements. It was developed by an oppressed minority which had only limited access to surplus resources. Jazz was developed in an astonishingly short time, really just a few decades. Most "cultured" Americans would give their eye teeth to go back in time and meet Mozart and his friends. Yet, a short time ago people capable of comparable achievements were available in the United States. Jazz has not received the recognition that it deserves in the United States. In Europe, jazz musicians are given something more like the respect they have earned. This is not to the credit of the United States. (Those who don't believe me should get "Love Supreme" by John Coltrane and listen to it carefully about 20 times. There are layers and layers of depth and meaning. Those who are accustomed to more organized forms of music will initially hear a sloppy performance. This is hard to understand because these are some of the most technically accomplished musicians who have ever lived. hat they are doing is stretching medium and extending the range of meaning which can be expressed. Particularly fascinating is how well the apparent sloppiness of each musician dovetails so well with what the others are doing. This is challenging, to say the least. The relationship with his God that Coltrane expresses is quite different from the one usually hears. Mozart, Bach, et al, have a tendency to fawn. Coltrane expresses a more intimate (dare I say "anarchistic"?) vision.) The canonical jazz musician spends hours and hours of work every day developing his technique, mostly through the love of the art, much like many of us do with computer programming. At any rate, those who wish to enlighten their fellows on the subject of racism can do better than "it's just wrong." >OTOH, I'm sure that as an attorney you are cognizant of the fact that >financial institutions have a fiduciary responsibility to their >shareholders. I'm afraid this misses the points that Matt and I have been discussing. Matt believes that redlining betrays the fiduciary responsibility of the banks. I believe that it doesn't matter. That is, if you want to go to a bank which is riskier and pays lower interest because it avoids good business, that is your problem. Red Rackham From ichudov at algebra.com Wed Dec 11 14:38:52 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 11 Dec 1996 14:38:52 -0800 (PST) Subject: Java DES breaker? In-Reply-To: <6uBsyD129w165w@bwalk.dm.com> Message-ID: <199612112233.QAA02084@manifold.algebra.com> Dr.Dimitri Vulis KOTM wrote: > Ray Arachelian writes: > > I happen to have a Sparc 20 box and a Linux box and a SCO box, and ActiveX > won't work on any of those. I also work with a bunch of other equipment > that's much faster than a PC, but doesn't run browsers. (Most of it is not > connected to the 'net for security reasons, but that's besides the point.) > > If Bill's client is sure to run the platforms that MS IE runs on, then this is > not a consideration. > > Interpreted FORTH bytestream (which is what Java is) may be "doing quite well" > when drawing GUI gizmos and widgets, but it can't get anywhere near the > performance of hand-optimizer assembler that you can stick into ActiveX. I do not see any reason why Java code cannot be compiled. I think that now there are java compilers available. Maybe even browsers will have smarts to compile code that they execute. - Igor. From mjmiski at execpc.com Wed Dec 11 14:43:03 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Wed, 11 Dec 1996 14:43:03 -0800 (PST) Subject: Redlining Message-ID: <3.0.32.19961211164237.0068ac74@execpc.com> -----BEGIN PGP SIGNED MESSAGE----- At 11:25 AM 12/11/96 -0800, Douglas Barnes wrote: [snipped] >The more enlightened answer is to back off enough on the regulation so >that marginal loan markets become attractive business opportunities, >and any truly irrational lending practices (e.g. based on race) lead >directly to losing business to a competitor. This does appear to address both my moral concern (raced-based lending) as well as my liberty concern (favorability of less regulation). I support the repeal of much of the over-burdensome banking regulation already in existence. I continue to work closely with a Congresscritter who satrted off on the Banking Committee (Now has a good Ways and Means seat) whom I have expressed my concerns to. What helps is to have concrete deregulation proposals. In Wisconsin I have supported the extension of personal property tax exemptions to business computers (and an elimination of the personal property tax in total.) While discussions on the list often deal with theory it is important for those with the inclination, to act. Cypherpunks write Code (as in USCA? ;-) > >Doug > Matt -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMq8417pijqL8wiT1AQG6oQP/R8FyZkLz7e6BanUVtP5cQnnwG6FpbupS OWVm/flpKhBOx5T/FL61z8GXbcmqfxqbeBju0MB0WpPJIl1p1nLXqAqsA30ffofY yj3CLN3MXPOYXipttuxYMQoFBjwr99C0kl6kIBYwfvOarR/fffNvoPTXKigM8tCX kpJnEV0Eufg= =MYuQ -----END PGP SIGNATURE----- From nobody at huge.cajones.com Wed Dec 11 15:07:09 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Wed, 11 Dec 1996 15:07:09 -0800 (PST) Subject: Redlining Message-ID: <199612112306.PAA19358@mailmasher.com> At 11:25 AM 12/11/1996, Douglas Barnes wrote an excellent article: >Another interesting aspect -- there's been huge growth in the "making >loans to folks with non-traditional or bad credit histories" market >recently, as the market for folks with good credit histories has >become saturated. This has been done largely by various NBFIs operating >outside of the normal "bank" structure, and specializing in certain >kinds of consumer loans. > >It is vitally important to realize that to a bank, a loan is a "product," >that they "sell" to customers. It is how the bank makes money. If >the market is operating properly, irrational refusals to loan on the >part of some institutions will create a market opportunity for other >institutions. This more true than ever before. Nowadays, banks commonly find themselves in the mortgage origination business. Once a mortgage is originated, it is packed up with many similar mortgages and sold off as a CMO. This means the bank can specialize in what it is good at, rather than speculating in interest risk. The CMO market is intensely competitive. Many people spend a lot of time looking for misperceptions of default rates and the like. Traders are not racists when they are trading, God bless their greedy souls. If it is really the case that mortgages are not being originated irrationally, there is an unbelievable opportunity. Originating mortgages does not require a great deal of capital and the turn around of what investment is needed should be well under a year. >The problem with banking & financial services is that they are already >so heavily regulated, and the barrier to entry is so high, that the >market seldom operates properly. Thus we see _more_ regulation piled >on (such as the CCRI) to address the problems that come about from the >previous piling-on of regulations. > >When there is little competition between banks, this creates a situation >which, viewed in isolation, seems "unfair" to those at the fringes of the >loan market. The superficial answer to this problem is to force banks >to lend in areas that are less profitable for them than their traditional >areas -- at this point banks almost begin to resemble monopoly public >utilities, which, when you look at the regulations they operate under, >is almost the case. > >The more enlightened answer is to back off enough on the regulation so >that marginal loan markets become attractive business opportunities, >and any truly irrational lending practices (e.g. based on race) lead >directly to losing business to a competitor. I would add that the purpose of the regulation is generally not to the benefit of customers, but the banking guild. Increased legislation and control favors people who can afford lawyers or have the political connections to prevent the need for lawyers. Regulation favors the established and not the poor Albanians. Opening a bank should be as easy as forming a corporation. There have been brief periods in U.S. history when this was the case. I have heard it worked quite well. Curiously, preferred stock in the banks was such a liquid market that it became treated as cash. Instead of making a deposit, you could buy some preferred stock. Note that this solves rather elegantly the problem of bank runs. Red Rackham From nobody at squirrel.owl.de Wed Dec 11 15:08:10 1996 From: nobody at squirrel.owl.de (Secret Squirrel) Date: Wed, 11 Dec 1996 15:08:10 -0800 (PST) Subject: I am a stupid cocksucker Message-ID: <19961211230334.8725.qmail@squirrel.owl.de> This Christmas Cypherpunks get a special discount: I will suck you off for only $5. Red Rackham PS: I always sign my posts. I am so stupid. PPS: Please killfile me. From unicorn at schloss.li Wed Dec 11 15:10:45 1996 From: unicorn at schloss.li (Black Unicorn) Date: Wed, 11 Dec 1996 15:10:45 -0800 (PST) Subject: Redlining In-Reply-To: <199612102104.NAA32212@mailmasher.com> Message-ID: On Tue, 10 Dec 1996, Huge Cajones Remailer wrote: > >On Tue, 10 Dec 1996, Huge Cajones Remailer wrote: > >> I believe that ten, or a hundred, or a thousand people should be able > >> to pool their money and lend it to whomever they please for whatever > >> reason they like. > >> > >> That, essentially, is what a bank is. I do not believe the government > >> should dictate which people you, or your bank, are allowed to lend to. > > > >Create a bank where the identity of the customers are unknown and you > >solve the redlining problem. > > I can imagine a bank whose depositors are not known. I can also > imagine a bank which itself operates anonymously. > > How would people borrow money against real estate and remain > anonymous? It seems to me that the borrower cannot do so if the real > estate will act as collateral. What is to stop deeds from being issued in digital bearer certificates? > Also, how would an anonymous bank foreclose on a mortgage? A revocation of the certificate, of course. Really, you must get a bit more creative. -- Forward complaints to : European Association of Envelope Manufactures Finger for Public Key Gutenbergstrasse 21;Postfach;CH-3001;Bern Vote Monarchist Switzerland From ichudov at algebra.com Wed Dec 11 15:10:52 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 11 Dec 1996 15:10:52 -0800 (PST) Subject: Redlining In-Reply-To: Message-ID: <199612112304.RAA02304@manifold.algebra.com> Timothy C. May wrote: > What is lost on many people who denounce "racism" and demand that banks > give equal percentages of banks to various allegedly aggrieved "oppressed > minorities," based on various quotas, is that the loan process is almost > totally driven by _greed_, as it should be. Any bank which practices > "stupid racism," e.g, by ignoring good payback prospects because of > tangential or unimportant criteria, faces lost business. Please correct me, but your representation of what such people demand is totally wrong. No one demands that blacks should be given as much loans as whites. The idea of equal opportunity is that people of equal standing (ie, people with similar credit histories, incomes, levels of savings, and so on) be given same consideration regardless of race. Example: Suppose Mr. White makes $50,000 a year, has 3 credit cards and has never defaulted on anything. Suppose Mr. Black makes $50,000 a year, has 3 credit cards and has never defaulted on anything. The law, as I understand it, required that they both must be treated equally. Understanding of that definition of discrimination by many laypeople is simply distorted by the fact that blacks, on average, have lower incomes due to many factors, of which many are often their own fault. Since incidence of poor credit standing is higher among blacks, the average amount of loans received by blacks is _not an evidence of discrimination_, at least it should not be to reasonable people. There are other issues when some demand that there should be programs helping blacks (or any other category) achieve higher income. These programs are separate issue from what we are discussing. Also, some posters here mix totally different issues: 1) what is discrimination and 2) should the government do anything about it or not. - Igor. From ichudov at algebra.com Wed Dec 11 15:11:00 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 11 Dec 1996 15:11:00 -0800 (PST) Subject: Redlining In-Reply-To: Message-ID: <199612112307.RAA02329@manifold.algebra.com> Timothy C. May wrote: > > At 12:43 PM -0600 12/11/96, Igor Chudov @ home wrote: > > > >The problem is, people can choose what credit history they want to have > >(I can be a saver or a spender, for example), but nobody can change the > >color of their skin. > > > >This is central point of the theory why discrimination based on credit > >histories is OK, while the discrimination based on race is not. > > But of course one also cannot change one's gender, age (except by waiting), > or national origin, marital status (at least not easily), etc. and yet > these often offer correlation data on expectation of payback. > Correlation is not an evidence of discrimination, at least to me. See my another post. You need to do a cross-sectional analysis to find out whether discrimination takes place. I would appreciate if some attorney on this list shed some light on the legal definition of discrimination. Thanks. - Igor. From attila at primenet.com Wed Dec 11 15:11:07 1996 From: attila at primenet.com (attila at primenet.com) Date: Wed, 11 Dec 1996 15:11:07 -0800 (PST) Subject: "Bigotry" and related topics...a brief comment Message-ID: <199612112312.QAA07215@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- In , on 12/11/96 at 11:47 AM, "Timothy C. May" said: ::The racial and ethnic groups which are most into "victimology" ::are the least successful--which is _cause_ and which is _effect_ may be ::debatable to many of you, but the correlation is very clear....maybe it's ::time they try something different, like getting their culture to embrace ::learning, reading, science, math, and business success, instead of glorifying ::victimization, crack cocaine, basketball stars, and pimps.) Not to harp, Tim, but the summation thought in and of itself is probably "discriminatory" to many as it, intentionally or not, appears to single out a specific ethicnic group. OTOH, without or without the description, the indicated class best fits your model above --and I agree with the thesis; even so far as to say that the implentation of CA's anti-affirmative action, which is now blocked by yet another bleeding heart liberal Federal judge, will reduce tension vis a vis ethnic relations --if the supposed victims (of the what was at one time the ethnic majority in CA), will stop crying. and so that everyone can see bigotry: when the demographic changes brought along their ethnic gangs, I moved the children to other schools. when the billboards in the far NW corner of LA city/county were converted to Spanish a couple years ago-- "...that's it; we're leaving! now, regardless of the cost!" -attila - -- Now, with a black jack mule you wish to harness, you walk up, look him in the eye, and hit him with a 2X4 over the left eye. If he blinks, hit him over the right eye! He'll cooperate. --so will politicians. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMq884704kQrCC2kFAQGjvwP/eBEPNRxueY4OOsaTfUAUGctQqdaCSOyn DK5i3u581RTAqixccIgQbC7UpWhlmMwM4/Ildp0kcjxILUsBhoiPc2jnTbKNAejy dI+vONbPlduWsHWAB7xIZjl7lgNqawbD7kHnm3ivGA9UNqe6NSESobgNRNy1agyI NtgBWavsjQE= =IZOR -----END PGP SIGNATURE----- From nobody at huge.cajones.com Wed Dec 11 15:15:28 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Wed, 11 Dec 1996 15:15:28 -0800 (PST) Subject: Redlining Message-ID: <199612112315.PAA21045@mailmasher.com> At 11:47 AM 12/11/1996, Timothy C. May wrote: >1. The _general_ subjects of "bigotry" and "redlining" are not >closely related to themes of this list, though the implications of >strong privacy for these issues is certainly on topic. (And my views >on these implications are well known...I've seen no point to step in >to the debate to repeat them, and don't plan to argue with Matt M. >about the "evils of bigotry.") > >2. Many of the posts by Matt M. and "Red Rackham" and others have >been so massive, containing paragraph-by-paragraph rebuttals of >political and ethical points, that I've just given up on trying to >follow the points. > >If anyone has well-formed questions about how redlining and "bigotry" >is affected by strong cryptography and crypto anarchy, fire away. >Just don't bury them deep in a long diatribe about the evils of >"prejudice" and "discrimination." Didn't Tim May originate the "Generation of Science" thread or, earlier, the sliderule thread? I don't think either topic can said to be strictly cypherpunk unless a discrete logarithm sliderule has been invented. The truth is that I enjoyed those threads as did most others on the list. I would like to see more like them. And, I dare say that my posts are more worthwhile than 7 out of 8 posts we've been seeing on the list lately. >(Personally, and off-topic for the list (so I'll be brief),... Point 1: You obviously find the subject interesting enough to comment on it. Others probably also find it interesting. Point 2: Excuse me if I am wrong, but your comments look to me to be precisely on topic for this list, anyway. >...the ills of our society seem to me to have _very little_ to do >with "prejudice." In fact, most people are not "discriminating" >enough, in the sense that discrimination implies value judgements and >assessments of probable success based on data available. As someone >noted, the Asian communities in the U.S. are doing well and are quite >"discriminatory" in lending policies. Get used to it, as crypto >anarchy will make coerced transactions even more difficult. The >racial and ethnic groups which are most into "victimology" are the >least successful--which is _cause_ and which is _effect_ may be >debatable to many of you, but the correlation is very clear....maybe >it's time they try something different, like getting their culture to >embrace learning, reading, science, math, and business success, >instead of glorifying victimization, crack cocaine, basketball stars, >and pimps.) This obsession of "on topic/off topic" is not healthy for the list. It stifles brainstorming and the free exchange of ideas. Red Rackham P.S. Sorry for the length of some of the messages. That Miszewski had the temerity to actually stand up for his beliefs, so it was unavoidable. From EALLENSMITH at ocelot.Rutgers.EDU Wed Dec 11 15:21:08 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Wed, 11 Dec 1996 15:21:08 -0800 (PST) Subject: Redlining Message-ID: <01ICW62Q119GAEL2GZ@mbcl.rutgers.edu> From: IN%"ichudov at algebra.com" 11-DEC-1996 14:01:18.43 >The problem is, people can choose what credit history they want to have >(I can be a saver or a spender, for example), but nobody can change the >color of their skin. >This is central point of the theory why discrimination based on credit >histories is OK, while the discrimination based on race is not. First, I would point out that redlining does not necessarily equal credit discrimination based on race; it may mean credit discrimination based on poverty, which has an unfortunately high correlation with being a member of some races. (I won't go into the explanations for why this is the case here; most people who try to explain it don't take enough factors into account.) Second, let's take a look at whether inequalities based on factors that people cannot change is something that is wrong. This topic is wider in its application than redlining and credit; one example important to me in my field is in genetic screening usage for insurance purposes. (In that case, you've also got that limits on insurance uses of data when individuals can gather the data in question mean that someone can predict their own chances of needing insurance... leading to those who are healthy not purchasing it, and those who aren't purchasing it.) The first topic to mention in this regard is that of privacy. I believe I am among most people in finding a question about my behavior (e.g, my sexual activities) significantly more intrusive than a question about my personal characteristics (e.g., my gender). But I would hope that everyone would agree that it would be idiotic and irresponsible not to have someone's payments for insurance vary with their behavior; this would encourage irresponsible behavior and discourage responsible behavior. The second topic to mention in this regard is that inequality due to factors one cannot change is a fact of life. This is particularly true of capitalism (e.g., someone who has a genetic tendency toward large size will consume more food and thus spend more money on food), but it is also a problem in any other economic system - economics is not all of life. Even if one concludes that inequality is wrongful and needs to be "alleviated", there are many areas more important than credit on which one would logically start... such as forbidding merit-based admissions, which are biased in favor of those with higher IQs. I trust that my audience sees exactly why this idea, and similar ideas, are ultimately nonsense? The third topic is that one commonly applied idea used by the proponents of absolute equality is that found in Rawls' _Theory of Justice_, under which the just outcome is said to be found by a group of people who do not know what situation they will be in. (This is a vast oversimplification of the book(s) in question, which upon closer examination may realize the idea I am about to write down.) The simplistic conclusion is that everyone will want everything to be the same, since any individual might be in a bad or good situation. But if you have a choice between 49 dollars and a 50/50 chance of 0 or 100 dollars, you should take the latter. In other words, a situation in which inequalities exist can still be one that is overall better than a fully equal situation. There are a number of respects in which the insurance and credit markets fall under this category. The most obvious is the direct cost of regulation. Less obvious but perhaps more important is the uncertainty factor; the use of more data (for an insurance or credit decision) leads to less uncertainty in the ultimate outcome, and thus to less risk of unexpected claims (for insurance) or defaults (for credit). Thus, smaller businesses (which are also made more possible by lowering other regulatory costs) can exist in a deregulated insurance or credit market. The removal of the current ogliopolistic situation in such markets for the initial insurance or credit grantor would improve prices. -Allen From marc at MIT.EDU Wed Dec 11 15:22:49 1996 From: marc at MIT.EDU (Marc Horowitz) Date: Wed, 11 Dec 1996 15:22:49 -0800 (PST) Subject: PGP Public Key Server beta release available! Message-ID: <199612112321.XAA16617@beeblebrox.MIT.EDU> -----BEGIN PGP SIGNED MESSAGE----- The new PGP Public Key Server which has been running on pgp.ai.mit.edu for the past several months is now available as a beta release. This is the first public release of the code, and while it has proven mostly reliable, it is not guaranteed to be perfect. Because it uses hash tables and balanced trees instead of a flat file format, it trades a disk space for a substantial performance improvement over the old pgp-based key server. The PGP Public Key Server home page can be found at . This page contains links to the sources, the server running on pgp.ai.mit.edu, and my thesis, which documents the specification and design of the key server. If you have any problems, questions, or comments, I read comp.security.pgp.tech. That's probably the best forum for discussion and questions, but you can send me email, too. In order to have an idea how how many people are using this key server, if you install it, for public use or not, please let me know. Marc Horowitz marc at mit.edu -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMq85Ce/JP4Ec8n/VAQE+pQP+OOKf9dC06RR/oL+wRPSVBg9TFOrnGhDu AT+qz2pAOchTnVZqPQKEDUr0mfDqmMhC9CU5oAjS36N3OFJoUwuwHSlt+4Ixnj9A ld0fVHKhyME4v+F6X/O7g6LOj07y6qIWcQqoGEqyFH08Keso8wXdH83BLjbN/8tl bwBpSZMUL7E= =Aqyq -----END PGP SIGNATURE----- From EALLENSMITH at ocelot.Rutgers.EDU Wed Dec 11 15:26:32 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Wed, 11 Dec 1996 15:26:32 -0800 (PST) Subject: Redlining Message-ID: <01ICW68U4ZM2AEL2GZ@mbcl.rutgers.edu> From: IN%"mjmiski at execpc.com" "Matthew J. Miszewski" 11-DEC-1996 16:21:56.21 >Actually, my assertion was that the basic motivation was racism and >ignorance. My example of student loan default rates should clear that up. >College graduates generally live outside of redlines and yet are regularly >offered credit. And yet default rates on student loans are outrageous (the >government backing of these loans is irrelevant to individual >creditworthiness). That some groups not within redlines have high default rates is not an argument against groups within redlines having high default rates. The market distortion caused by government sponsorship is certainly relevant to whether individuals are offered credit; I would suggest that in many cases the students in question would not be offered credit, as per their high default rates, if it were not for government sponsorship removing the risk from the lender. You have also not bothered to answer the criticisms from Mr. Rackham about why, if the sole motivations were racism and ignorance, people would not be offering the residents of such areas loans; as (he?) pointed out, this would appear to be a particularly attractive move for middle-class blacks, if your assertion was the case. -Allen From infoserver at reply.net Wed Dec 11 15:28:04 1996 From: infoserver at reply.net (Santa Claus) Date: Wed, 11 Dec 1996 15:28:04 -0800 (PST) Subject: Merry Christmas, You Punk-ass Mo'-fo's! Message-ID: <4245130.0C0DKF@reply.net> * * /|\ ///*\\\ * * * //\\ * //\\ * * * * * // \\ // \\ // \\ S A N T A * * * N O R T H P O L E | | \____/ Wherever you go, whatever you do, Remember that Santa is always with you. I live in your heart, I dance in your soul, I show you what love is, and good things to know. The Spirit of Christmas spreads all through the land, With joy and the giving of gifts you should have. But gifts are just one thing to give and to get -- We wish you much more, far more than that. My elves send you pride in whatever you do, My reindeer give strength on days you feel blue, My wife, Mrs. Claus, grants wisdom and grace, Belief in yourself and all you create. And me, what do I give? Is there much more? Plenty and plenty you won't find in stores. I give you the knowledge that you can do more Than you ever knew -- of that be quite sure. My sleigh's packed with toys, my list sweeps the floor, A cup of hot cocoa and I'm out the door. Just gaze high in the sky where Peace always soars, And you live in my heart as I live in yours. * * * * * * M e r r y C h r i s t m a s * * S a n t a C l a u s --------- This santa poem was sent to you from a person who visited the ReplyNet site (www.reply.net) and entered your name and address on our Santa page. Your e-mail address is NOT being collected. From ichudov at algebra.com Wed Dec 11 15:35:05 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 11 Dec 1996 15:35:05 -0800 (PST) Subject: Redlining In-Reply-To: <01ICW62Q119GAEL2GZ@mbcl.rutgers.edu> Message-ID: <199612112328.RAA02505@manifold.algebra.com> E. Allen Smith wrote: > > From: IN%"ichudov at algebra.com" 11-DEC-1996 14:01:18.43 > > >The problem is, people can choose what credit history they want to have > >(I can be a saver or a spender, for example), but nobody can change the > >color of their skin. > > >This is central point of the theory why discrimination based on credit > >histories is OK, while the discrimination based on race is not. > > First, I would point out that redlining does not necessarily > equal credit discrimination based on race; it may mean credit > discrimination based on poverty, which has an unfortunately high > correlation with being a member of some races. (I won't go into the > explanations for why this is the case here; most people who try to > explain it don't take enough factors into account.) Thanks for an interesting reply. Do we consider discrimination based on poverty illegitimate? Does the law consider discrimination based on poverty illegitimate? I think that most people would answer no to both of these questions. As I said in another letter, correlation, to me, is not an evidence of discrimination, and just as well, making statements about averages is not racist or sexist. It is the cross-section test that evidences discrimination: suppose we have two large groups with the same credit-related parameters (credit history, etc). If one group gets better treatment from a bank, I see a discrimination. I do not see much problem if the percentage of whites with good credit is higher than percentage of blacks with good credit: it is a fact of life. > Second, let's take a look at whether inequalities based on > factors that people cannot change is something that is wrong. This > topic is wider in its application than redlining and credit; one > example important to me in my field is in genetic screening usage for > insurance purposes. (In that case, you've also got that limits on > insurance uses of data when individuals can gather the data in > question mean that someone can predict their own chances of needing > insurance... leading to those who are healthy not purchasing it, > and those who aren't purchasing it.) The crucial question is: do we believe that the characteristic that we are considering directly linked with future performance? > The first topic to mention in this regard is that of privacy. > I believe I am among most people in finding a question about my > behavior (e.g, my sexual activities) significantly more intrusive > than a question about my personal characteristics (e.g., my gender). > But I would hope that everyone would agree that it would be idiotic > and irresponsible not to have someone's payments for insurance vary > with their behavior; this would encourage irresponsible behavior and > discourage responsible behavior. > The second topic to mention in this regard is that inequality > due to factors one cannot change is a fact of life. This is particularly > true of capitalism (e.g., someone who has a genetic tendency toward > large size will consume more food and thus spend more money on food), > but it is also a problem in any other economic system - economics is > not all of life. Even if one concludes that inequality is wrongful and > needs to be "alleviated", there are many areas more important than > credit on which one would logically start... such as forbidding > merit-based admissions, which are biased in favor of those with higher > IQs. I trust that my audience sees exactly why this idea, and similar > ideas, are ultimately nonsense? This is a valid concern. > The third topic is that one commonly applied idea used by the > proponents of absolute equality is that found in Rawls' _Theory of > Justice_, under which the just outcome is said to be found by a group > of people who do not know what situation they will be in. (This is > a vast oversimplification of the book(s) in question, which upon > closer examination may realize the idea I am about to write down.) > The simplistic conclusion is that everyone will want everything to be > the same, since any individual might be in a bad or good situation. But > if you have a choice between 49 dollars and a 50/50 chance of 0 or 100 > dollars, you should take the latter. In other words, a situation in Not necessarily. - Igor. From EALLENSMITH at ocelot.Rutgers.EDU Wed Dec 11 15:42:57 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Wed, 11 Dec 1996 15:42:57 -0800 (PST) Subject: "Bigotry" and related topics...a brief comment Message-ID: <01ICW6TO6LV4AEL2GZ@mbcl.rutgers.edu> From: IN%"tcmay at got.net" "Timothy C. May" 11-DEC-1996 18:12:33.87 >If anyone has well-formed questions about how redlining and "bigotry" is >affected by strong cryptography and crypto anarchy, fire away. Just don't >bury them deep in a long diatribe about the evils of "prejudice" and >"discrimination." Yes... an analysis of the ways in which an insurance or credit company could keep its disallowed data in secret, with sufficient incentives for the individuals with knowledge of it not to disclose this practice, is an interesting topic. One of the more obvious ways is to subcontract the risk analysis to businesses operating in countries without such limits, leaving the main insurance or credit company with just the claims process, reserves management, and paperwork. Unfortunately, as shown by the EU's attempts to make multinationals doing business there keep data inside EU borders and under EU privacy laws, countries are likely to clamp down on this process. >difficult. The racial and ethnic groups which are most into "victimology" >are the least successful--which is _cause_ and which is _effect_ may be >debatable to many of you, but the correlation is very clear....maybe it's >time they try something different, like getting their culture to embrace >learning, reading, science, math, and business success, instead of >glorifying victimization, crack cocaine, basketball stars, and pimps.) While I would fully agree with you that such cultural factors are a considerable amount of the problem, I'd have to call attributing all of the problem to them an oversimplification. I'd also point out the cultural factors caused by the development of cultures under uncivilized (in the sense of lacking cities) and unindustrial conditions, something that is not helped by the current PC multiculturalist wish to bring such cultures back. (The reasons for African cultures not developing in this route are an interesting debate; I find Sowell's argument of lack of navigable rivers and the presence of various diseases such as malaria reasonably convincing.) Other factors include the lack of parental education and nutrition resulting in lower parental IQs resulting in lower child IQs; interracial adoption, while opposed by the PC types, is one way to solve this problem. Another factor is lingering racism, which is regretably still present in subsections of the country. Hopefully, as various factors promoting large, noncompetitive corporations (and unions) disappear, the resulting companies will be forced to be sufficiently competitive to ignore such prejudices. -Allen From nobody at huge.cajones.com Wed Dec 11 15:46:55 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Wed, 11 Dec 1996 15:46:55 -0800 (PST) Subject: Credentials without Identity--Race Bits Message-ID: <199612112346.PAA26588@mailmasher.com> At 12:38 PM 12/11/1996, Timothy C. May wrote: By the way, on this >oftentimes off-topic issue of "bigotry" and "racism," here's a zinger >some of you may not have thought much about. And it's certainly >related to the themes of Chaumian "credentials without identity," >which is very much on-topic. > >While it has been claimed by some that "crypto anarchy" means that >race won't matter, that cyberspace interactions will be color-blind, >this is misleading. > >While many--probably most--users will care only for cyberspace >personna issues, and not meatspace personna issues of race, color, >height, weight, etc., this is not something built in to anonymous >transactions. > >Consider a "race credential" offered by some entity. Perhaps one goes >down to the local Aryan Nations office and gets one's genetic >heritage stamped, or down to the Kwanzaa Youth Center to be similarly >stamped.... > >(Why some groups might want this is left as an exercise for the >reader. Perhaps a less-inflammatory example (to some of the >sensitive amongst you) might be that some women want to interact in >"women only" forums--a clear case of discrimination, no?--and may >want a "gender bit" avaiable to display as a credential.) Tim May is to be commended for making this fine point. I simply had not thought of this possibility. This is also empirical evidence of the worth of a wide ranging discussion. If Matt and I hadn't pursued our discussion, this excellent point would not have been made. As Tim has pointed out, it is time to reconsider our beliefs regarding the morality of discrimination. The fact is, sometimes we like to spend time with people who have a lot in common with ourselves. This often supports a higher level of communication because the parties involved really understand where the other is coming from. This is true of men in the locker room, women, Albanians, or whomever. And what is occuring is not even a bad thing. It's good for people to spend time with people they like and respect or at least know well. ("No man is a hero to his valet.") The "politically correct" fully recognize this. That is why they see gay groups, feminist groups, etc. as worthwhile. It is only people perceived as successful or powerful who are not supposed to associate with each other. Instead, they are expected to volunteer their time and personalities for everyone else's benefit. Somehow we never hear what they are supposed to receive in return for this, but I am guessing they are supposed to lovingly accept rudeness, abuse, and guilt for their services. Tim said in another message that there are times when discrimination is rational. I have no doubt this is true. How often do we look at a degree from MIT on a resume and hire? The degree to which we fear cryptoanarchy is the degree to which we fear leaving people alone to run their lives as they see fit. I do not greatly fear cryptoanarchy. Red Rackham From drose at AZStarNet.com Wed Dec 11 15:47:44 1996 From: drose at AZStarNet.com (drose at AZStarNet.com) Date: Wed, 11 Dec 1996 15:47:44 -0800 (PST) Subject: Redlining Message-ID: <199612112347.QAA08954@web.azstarnet.com> M. Miszewski wrote: >Actually, my assertion was that the basic motivation was racism and >ignorance. My example of student loan default rates should clear that up. >College graduates generally live outside of redlines and yet are regularly >offered credit. And yet default rates on student loans are outrageous (the >government backing of these loans is irrelevant to individual >creditworthiness). Whoa! How 'bout backin' out minority-oriented "beauty" and other phony trade "schools" from your assertions? Looka-here: the moment that you exclude merit from scholastic and credit decisons, the more that you get into unfortunate decisons for society. From tcmay at got.net Wed Dec 11 15:56:19 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 11 Dec 1996 15:56:19 -0800 (PST) Subject: Redlining In-Reply-To: Message-ID: At 5:07 PM -0600 12/11/96, Igor Chudov @ home wrote: >Correlation is not an evidence of discrimination, at least to me. > Nor is it to me. So neither of us will likely object to the neural net-based lending programs which feed in a bunch of applicant data points, train the net by providing feedback on who repaid their loans and with what complications, etc. Even if such nets end up rejecting "otherwise-qualified" (a la your other post) applicants in such a way that the accept/reject ratios appear strongly correlated with certain ethnicities? (Another member of the list sent me private e-mail about his experiences writing a "scoring program" for a bank making just the kinds of loans we're talking about here. He recounted his bank's very real experiences with loan paybacks by various ethnic and national groups. Nothing very surprising, to me.) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From drose at AZStarNet.com Wed Dec 11 16:22:26 1996 From: drose at AZStarNet.com (drose at AZStarNet.com) Date: Wed, 11 Dec 1996 16:22:26 -0800 (PST) Subject: Redlining Message-ID: <199612120021.RAA22769@web.azstarnet.com> Matt Miszewski wrote: (snip) > I wish I lived where you did where racism hurts nobody. Just >give me a general location and Ill start to move my clients there ;-|. A general location? Hee hee! From EALLENSMITH at ocelot.Rutgers.EDU Wed Dec 11 16:28:43 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Wed, 11 Dec 1996 16:28:43 -0800 (PST) Subject: Redlining Message-ID: <01ICW8E2LDSWAEL2GZ@mbcl.rutgers.edu> From: IN%"ichudov at algebra.com" 11-DEC-1996 18:34:46.50 >Thanks for an interesting reply. Quite welcome. Due to the links to my own field, I've been thinking about these issues for a bit. >It is the cross-section test that evidences discrimination: suppose >we have two large groups with the same credit-related parameters >(credit history, etc). If one group gets better treatment from a >bank, I see a discrimination. Is it the credit history that should be the same... or the outcomes? In other words, if two groups of different races are all granted credit and have equal credit histories, are the default rates greater for one group as opposed to the other? If so, then there _is_ a fiduciary responsibility by the bank's directors to not loan to the group that has greater default rates. Now, there's the problem in testing this that if a bank (or, more likely, some loan officers at the bank) is practicing discrimination, those of the discriminated-against races who do get credit evidently had _something_ that convinced the bank to still offer the people credit. This something may or may not be controlled for by the credit factors equalization I mentioned above. If it isn't controlled for, you'll get a bias in the outcome toward the discriminated-against race being _better_ credit risks than they actually are, on the average. This would remove any actual evidence of poor credit riskworthiness on the part of that race (such as for cultural reasons, to the (highly unfortunate) degree that race and culture are correlated). In other words, banks with prejudices (which I do fully admit are out there) will tend to make any actual differences much harder - close to impossible, in fact - to see. >The crucial question is: do we believe that the characteristic >that we are considering directly linked with future performance? As I point out above, studies on this topic are somewhat difficult, and are prone to being biased in favor of discriminated-against races. (This isn't even mentioning political biases...) You may or may not be able to say _why_ a given characteristic is linked with future performance; it's easy to come up with plausible explanations in most cases. >This is a valid concern. Quite... I seem to recall a story involving a "Handicapper General" - perhaps someone would recall the title and author? In it, those with higher IQs were forced to be less intelligent through distractions, those with greater beauty were forced to wear ugly masks, etcetera. >> The third topic is that one commonly applied idea used by the >> proponents of absolute equality is that found in Rawls' _Theory of >> Justice_, under which the just outcome is said to be found by a group >> of people who do not know what situation they will be in. (This is >> a vast oversimplification of the book(s) in question, which upon >> closer examination may realize the idea I am about to write down.) >> The simplistic conclusion is that everyone will want everything to be >> the same, since any individual might be in a bad or good situation. But >> if you have a choice between 49 dollars and a 50/50 chance of 0 or 100 >> dollars, you should take the latter. In other words, a situation in >Not necessarily. With the exception of needing <=49$ to live, under what conditions would the former choice be better than the latter choice? -Allen From infoserver at reply.net Wed Dec 11 16:34:19 1996 From: infoserver at reply.net (Santa Claus) Date: Wed, 11 Dec 1996 16:34:19 -0800 (PST) Subject: Merry Christmas, HipXmas-SantaSpam! Message-ID: <4245141.0C0DKO@reply.net> * * /|\ ///*\\\ * * * //\\ * //\\ * * * * * // \\ // \\ // \\ S A N T A * * * N O R T H P O L E | | \____/ Wherever you go, whatever you do, Remember that Santa is always with you. I live in your heart, I dance in your soul, I show you what love is, and good things to know. The Spirit of Christmas spreads all through the land, With joy and the giving of gifts you should have. But gifts are just one thing to give and to get -- We wish you much more, far more than that. My elves send you pride in whatever you do, My reindeer give strength on days you feel blue, My wife, Mrs. Claus, grants wisdom and grace, Belief in yourself and all you create. And me, what do I give? Is there much more? Plenty and plenty you won't find in stores. I give you the knowledge that you can do more Than you ever knew -- of that be quite sure. My sleigh's packed with toys, my list sweeps the floor, A cup of hot cocoa and I'm out the door. Just gaze high in the sky where Peace always soars, And you live in my heart as I live in yours. * * * * * * M e r r y C h r i s t m a s * * S a n t a C l a u s --------- This santa poem was sent to you from a person who visited the ReplyNet site (www.reply.net) and entered your name and address on our Santa page. Your e-mail address is NOT being collected. From shamrock at netcom.com Wed Dec 11 16:38:50 1996 From: shamrock at netcom.com (Lucky Green) Date: Wed, 11 Dec 1996 16:38:50 -0800 (PST) Subject: New export controls to include code signing applications Message-ID: <3.0.32.19961211163934.006a08a0@netcom14.netcom.com> It has been speculated in the past that certain crypto schemes, such as proposed by Microsoft and Sun, using signed crypto plugins might be helpful to the cause for strong crypto if non-US branches of US software companies would certify foreign developed crypto software. According to the recent proposal by Commerce, this will not happen. It will be illegal to export the software required to sign the code. So much for the government's claim that they make no attempt to limit the export of signing-only software. >From http://www.steptoe.com/commerce.htm [Listing specific software prohibited from export] "c.2. "Software" to certify "software" controlled by 5D002.c.1; " And, btw, virus checkers are also prohibited from export. Makes you wonder. "c.3. "Software" designed or modified to protect against malicious computer damage, e.g., viruses;" -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://ourworld.compuserve.com/homepages/justforfun/prime.htm From ichudov at algebra.com Wed Dec 11 16:45:27 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 11 Dec 1996 16:45:27 -0800 (PST) Subject: Redlining In-Reply-To: <01ICW8E2LDSWAEL2GZ@mbcl.rutgers.edu> Message-ID: <199612120040.SAA03077@manifold.algebra.com> E. Allen Smith wrote: > >> The third topic is that one commonly applied idea used by the > >> proponents of absolute equality is that found in Rawls' _Theory of > >> Justice_, under which the just outcome is said to be found by a group > >> of people who do not know what situation they will be in. (This is > >> a vast oversimplification of the book(s) in question, which upon > >> closer examination may realize the idea I am about to write down.) > >> The simplistic conclusion is that everyone will want everything to be > >> the same, since any individual might be in a bad or good situation. But > >> if you have a choice between 49 dollars and a 50/50 chance of 0 or 100 > >> dollars, you should take the latter. In other words, a situation in > > >Not necessarily. > > With the exception of needing <=49$ to live, under what conditions > would the former choice be better than the latter choice? A good question. It is based on the theory that every person has a "utility" function in their mind. This function determines the "worth" of money and worthiness of risk. If that function as a function of income is strictly concave ^ U| | | _- | ,~ | ,' | .~ | / |/ || +------------------------------------> money then the utility of your gamble would be U(gamble) == 1/2 * U(0) + 1/2 * U(100). By definition of concavity, it is less than utility of $50. Whether it would be more or less than the utility of $49, depends on a consumer, but it may well be that some people will not like this gamble. There is much evidence that indeed most (if not all) consumers have concave utility function. I know that I would refuse a gamble where I could win $20,000 or get nothing, with equal probability, and prefer to get $9,999 for sure instead. There is much theory about financial asset pricing that relies on the assumption that utility functions are concave. - Igor. From drose at AZStarNet.com Wed Dec 11 16:52:54 1996 From: drose at AZStarNet.com (drose at AZStarNet.com) Date: Wed, 11 Dec 1996 16:52:54 -0800 (PST) Subject: I am a stupid cocksucker Message-ID: <199612120052.RAA04610@web.azstarnet.com> Secret Squirrel wrote: >This Christmas Cypherpunks get a special discount: I will >suck you off for only $5. > >Red Rackham > >PS: I always sign my posts. I am so stupid. >PPS: Please killfile me. Mr Squirrel: As much as I may appreciate your response to Mr. Rackham's reaction to my post, in my sole opinion, Dr. Vulis-style epithets do not contribute to reasonable discourse on this list. From rah at shipwright.com Wed Dec 11 17:19:49 1996 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 11 Dec 1996 17:19:49 -0800 (PST) Subject: Call for papers :2nd Mac-Crypto Conference Mar 18-20, 1997 Message-ID: --- begin forwarded text Sender: mac-crypto at thumper.vmeng.com Reply-To: Vinnie Moscaritolo Mime-Version: 1.0 Precedence: Bulk Date: Wed, 11 Dec 1996 16:33:38 -0800 From: Vinnie Moscaritolo To: Multiple recipients of Subject: Call for papers :2nd Mac-Crypto Conference Mar 18-20, 1997 -----BEGIN PGP SIGNED MESSAGE-----BY SAFEMAIL----- Belive it or not we are going to do it again.... The Membership of the Mac-Crypto List invites you to The Second-Ever- Not Nearly-Last-Minute- (most likely) Radar-Jammed To-Hell-with-Forgiveness Macintosh Cryptography and Internet Commerce Software Development Workshop (ex postcrypto postIdes of march) Mar 18 - 20, 1997 Apple R&D Campus, Cupertino, CA, USA If you would like to present a paper or give a talk, please contact Vinnie Moscaritolo at for more info on the damage we did last year check out http://www.vmeng.com/mc/debrief.html dont say I didnt warn ya.. -----BEGIN PGP SIGNATURE-----BY SAFEMAIL----- Version: 1.0b5 e29 iQCVAwUBMq9SvPMF2+rAU+UdAQFU1QQAxKrGHgqd6lEdsB5CgMx20GZV29eJ+od2 OOOh/+SLK8WsYUmNIaA+hYXdlCjBzVoFY6WnOgAferyEZe8G97RAZkCmecv0+7IN XLzw3LXCtsHzyuIi3hjOgpptnBZAscGCc2ZqNd4JineGCTpgn4U4pRaTzvuMajoU 9POCuudysBo= =IsTO -----END PGP SIGNATURE----- Vinnie Moscaritolo ------------------ "friends come and friends go..but enemies accumulate." http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/ From tcmay at got.net Wed Dec 11 17:28:19 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 11 Dec 1996 17:28:19 -0800 (PST) Subject: New export controls to include code signing applications In-Reply-To: <3.0.32.19961211163934.006a08a0@netcom14.netcom.com> Message-ID: At 4:39 PM -0800 12/11/96, Lucky Green wrote: >It has been speculated in the past that certain crypto schemes, such as >proposed by Microsoft and Sun, using signed crypto plugins might be helpful >to the cause for strong crypto if non-US branches of US software companies >would certify foreign developed crypto software. > >According to the recent proposal by Commerce, this will not happen. It will >be illegal to export the software required to sign the code. So much for >the government's claim that they make no attempt to limit the export of >signing-only software. > >>From http://www.steptoe.com/commerce.htm > >[Listing specific software prohibited from export] >"c.2. "Software" to certify "software" controlled by 5D002.c.1; " ... They're really looking desperate, aren't they? They try to limit the export of crypto software, they try to limit the export of anything with "hooks" for adding crypto outside the U.S., they try to limit export of crypto knowledge, and here they're even trying to limit _signing_ software? What's next? Maybe they'll try to limit the dispensing of _legal advice_ by U.S. attorneys to foreign clients. (I keep using the phrase "they try to" becuase obviously few of these schemes to keep the horses in the barn will work.) It's looking more and more obvious that crypto development belongs outside the U.S. (is this observation a controlled item?). --Tim Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dthorn at gte.net Wed Dec 11 17:33:08 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 11 Dec 1996 17:33:08 -0800 (PST) Subject: Redlining In-Reply-To: <3.0.32.19961211002633.00699be0@execpc.com> Message-ID: <32AF6000.1D6@gte.net> Matthew J. Miszewski wrote: > I will not re-quote and rehash the argument thus far. You do have a knack > to ignore strong points (although admittedly not all) of your opponent in > an argument. Additionally, I am not trying to show anyone that you are a > "bad person". I was trying to carry-on civil discourse. I know you really > feel that you had no part in disrupting the discourse we started out in, I disagree. [snip] > My question was a real one. The basis of it comes from my work with the > homeless in which they have a difficult time getting a job because they > have no "home address" to put on the forms, some do not have or remember > their SSNs, etc. This causes a cyclic problem for the homeless. My question > to Tim was, in the real world, how is the protection of this data feasible. I believe the above paragraph could be the key to why a lot of argument goes on unnecessarily - an economic model/theory may be a good one, but is muddied by existing practice/legislation, i.e., the homeless are dis- advantaged insofar as ID, address, credit and so on, which does not say so much about the economic model as it does that the model is perturbed by existing real-world compromises. [remainder snipped] From nobody at huge.cajones.com Wed Dec 11 18:12:32 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Wed, 11 Dec 1996 18:12:32 -0800 (PST) Subject: Redlining Message-ID: <199612120212.SAA19019@mailmasher.com> At 3:14 PM 12/11/1996, Matthew J. Miszewski wrote: >My point, Red, at the outset was that your tendency to address each point >in turn was not being fruitful to me (my time is a scarce resource). >Surely you do not make policy decisions based upon how much time someone >has to address your concerns... > >...This is a good attempt at intellectual honesty which was present >in your original reply but lacking thereafter. That aftermath >explains my tone in my later replies. I apologize. You don't have time to explain your beliefs, but you do apparently have the time to call me an idiot and, now, to tell me that I am intellectually dishonest. Since you don't know much about me, the best you can claim is that I am inconsistent. I am afraid I cannot accept an apology which is prefaced by an insult. When somebody doesn't have time to address my concerns, it does not have much effect on my thinking. I will continue to believe as I did before. This behaviour is not uncommon. >>As for the social security number, it has been claimed many times on >>this list that nobody checks them anyway. There are programs which >>generate real-appearing numbers. (I think one was called >>"ssn.exe".) > >While I understand the greater social good, I, personally, am not >interested in violating applicable fraud statutes. This is a >borderline case in which consideration to the idea, of course, should >be given. I would hesitate to expose these people to that risk. I would not propose committing fraud. I do not understand who would be defrauded by giving an employer an incorrect social security number. The company pays the salary either way. >>And, you can go to the SSA to find out somebody's SS number or to have >>one issued. It will take awhile. > >This is the best way to address the problem. But, it leads to my original >quandry (not redlining) which was how some people can, realistically, >protect this data. You do give some good opportunities. For me they are >unacceptable and on balance, I would suggest that people go the latter >route and attempt to comply with the statist regulations. Maybe in a more >perfect society, they would have an interest in privacy. In the world >today, however, I think they would choose to eat. Giving a false SS number is the fastest way for these people to get employed and get something to eat. >If I wanted to I could repeatedly issue heart-wrenching stories of >poverty in America (similar, of course, to politicians using "real >world examples" in speeches). You seem to assume that this would be >"wrong". No, this is exactly what I've been asking for. In fact, I explicitly suggested that anecdotal evidence based on your experience would have value. >I have said, repeatedly, that we disagree. Apparently, now I have to >*reiterate* why. I don't believe I saw it the first time. >Once again, we disagree. You do not favor any form of government >regulation. I have not stated this. You have concluded, erroneously, that because I am opposed to certain regulations, I am opposed to all. >I do favor some forms of government regulation. It seems that the >turning point for you is your belief that racism causes no real harm. >I disagree. If you really want to have a list of the harms caused by >racism, I will list them in a seperate note to you. I wish you could >be intellectually honest enough to realize these harms. I fear, >however, you will not be. You are actually objecting to my beliefs, not my honesty. And, I don't get the impression that you really understand my beliefs. In order for failure to get a loan to cause harm, there must be some sort of expectation that one has a claim on the money being lent. I do not subscribe to that belief. I do not understand how my money suddenly becomes controllable by somebody else because I decide to lend it. >>>I, personally, find racial discrimination to be a problem in the >>>USA. >> >>It would be nice if everybody in the U.S. was not a racist. It >>would be nice if all the bad people just left. > >Actually, it would be preferable if they would become enlightened. >It is difficult to do. I try every day. BTW, if the comment above >was supposed to be aimed at me, once again i *never* made any such >assertion. No, the point I am making is that it should be legal to be unpleasant so long as you are minding your business. So, employment discrimination should be legal, but burning a cross in somebody's lawn is a shooting offense. (Preferably on the lawn in question soon after the defense.) >>>Not only do I find it a moral problem, but it has adverse effects >>>on markets and the efficiency of these same markets. It is costly >>>not only in personal measures, but in economical terms as well. > >>But, of course, I don't subscribe to the notion that market >>efficiency is the best means of determining policy. For one thing, >>concepts such as efficiency and production are politically defined. >>If I grow food for myself, it does not affect GDP figures. If I >>trade the food for money and buy something, then the same production >>increases GDP. This is not sensible. > >I subscribe to the notion that policy should be determined by the >best balance of several concerns. Among these are market efficiency, >social justice, budget constraint and liberty. I am unsure how you >would determine policy. I think a lot about what is right and wrong. I am skeptical of proposals which say "We want to do the right thing and help poor people, but we want to do it with somebody else's money." If somebody writes a detailed book arguing that a brutal slave regime is efficient, I do not say "Maybe if the regime was a little less brutal, we could still have some efficiency. We must make tradeoffs." Rather, I ask how much money we would have to pay somebody to live the life of a slave. Suddenly, it doesn't look so "efficient" as it did before. This example may appear contrived. It is not. A detailed statistical study of slavery was done in the 1970s. I believe it was called "Time on the Cross". Many people believed that the authors had demonstrated that slavery was efficient. The theory was that the slave owners acted as professional management, seldom exercised brutal punishment, and that in general everybody was better off, sort of. (One of the authors later won a Nobel prize.) I was taught in school that Irish factory workers and laborers often had it worse than the slaves because nobody valued their welfare. (Slaves were quite expensive.) The example that is given over and over again, is a canal which was dug with Irish labor because of the risk of disease from a nearby swamp. The problem with this model is that there is no evidence of Irish workers and laborers rushing southward to volunteer to be slaves. You would almost think there was something wrong with slavery! The way I generally think about policy is to consider the preferences that people have and consider whether they are respected. I believe the basis of legitimacy for a government is that it protects people's rights. >>More importantly, I don't believe that market efficiency, however >>measured, is sufficient justification for dictating other people's >>actions. "Market efficiency" is a gambit to conceal dictatorial >>powers in a scientific cloak. > >Maybe for some, but if you have assumed that is how I act you are >mistaken. What I think is most likely is that, like so many others, you have accepted terms like "market efficiency" without thinking through precisely what they mean. >>Discussions of market efficiency typically overrule the preference >>that citizens have. One could imagine that a study that concluded >>alcohol consumption reduced national efficiency and should therefore >>be banned. Yet, this completely fails to take into account the >>strong preference many people have to drink. Some even consider it >>to be a religious sacrament. I don't believe such preferences >>should be ignored. They should be respected. > >And neither do I. On balance, I would not have accepted prohibition >then, and I do not accept it now. People also have a preference not >to hire blacks. I feel that that should not be an acceptable means >of interaction between an employer and a prospective employee. You >do. That is what I meant by drawing lines. You feel that every >employer (a creation of the state) should have the ability to act in >a discriminatory fashion. I disagree. Every employer is a creation of the state? This certainly explains why we draw different conclusions. If I hire some homeless fellow to dig some post holes and do other work on my property, it is difficult to understand how the state has created me. >You and I do agree that when the personal excercise is for a drink, >the government should not respond. This is because, on balance, I >believe that the excercise of that freedom is more important than the >adverse effects of alcoholism. And vice versa for employment >discrimination. I don't really care how bad alcoholism is. I certainly don't own other people and, thus, cannot dictate how they take care of their bodies, or fail to do so. Often we see expressions of concern used as a justification for any degree of control which can be imagined. While you are opposed to Prohibition, in principle you believe that your "care" is justification for rather extreme control over the choices of others. I generally favor governmental interference when somebody is not being left alone and is being interfered with in some way by others. What causes me to doubt my wisdom is the fact that the government is the primary instigator of these problems. As it is today, half of what I earn is taken away for no good reason and put to no good use. >>All you have really said is "I believe X." Should we take your belief >>on faith or are there reasons which underly your beliefs? > >I believe in regulating, in one instance, employment discrimination. >I do so because I have personally seen the economic impact on the >Greater Milwaukee Area of such discrimination - both past and >present. I believe X also because I have been witness to the >personal impact that such discrimination has upon people. This is still too abstract. What I would be interested in hearing is specific examples. >To take advantage of practices effective against poverty, several of >which you have mentioned, it helps to have self-confidence and a >degree of self-worth. What puzzles me is that when I mentioned the failure of poor people to pursue these beneficial practices you said my comments were "idiotic". Now you appear to be saying that I was right, but that poor people lack the self-confidence to do these things. Please explain. I suspect you are right, by the way, that poor people lack self-confidence and fail to really play the game. >>>Thru painful learning experiences and reality checks - long arguments >>>over several months and too much coffee - I decided that I would not >>>want to live in a libertarian's ideal society. This decision was >>>based on my perception that it just wouldnt work in reality. > >^^^^^^^This was, of course, my explanation before. Apparently you didnt >see it. >I was not using libertarian's ideal society in any derogitive way. At one >time I believed in it. Through self-examination I decided that it >couldnt work. Is your point that you disagree with me or that Anyone >who disagrees with you must be wrong? I am sorry if I misinterpreted what you meant. Given that you also use the phrase "libertarian wet dream", I concluded that "libertarian ideal society" was also derogatory. Yes, I generally believe that people who disagree with me are wrong. If I believed otherwise I would change my mind! (And sometimes I do.) >>>>I'm sure many readers of this list have had conversations which >>>>abruptly end with "Are you a Libertarian?", which is generally >>>>completely irrelevant to the point under discussion. What is >>>>happening is that the other person is more interested in knowing >>>>your tribal identification than what you believe. A pity. >>> >>>As strange as it may sound to you, most of my conversations go this >>>way. It is ironic to me that I have been placed on this side of an >>>argument. >> >>Yet, you are doing something very similar when you raise the issue >>of "a libertarian's ideal society". Likewise, you criticized Tim >>May for having (roughly) "too absolute a theory". In either case, >>you are avoiding substantive discussion, preferring to make >>prejudicial remarks. > >Actually that is the substance of my dissention. I do not believe in >those theories which results in my favoring X. You disagree and >favor an absolute theory of freedom (I may be wrong, but you have >never asserted your underlying political theory). My policy >decisions are based upon my political philosophy. As are yours, I >assume. I never said, Tim was "bad" because of his theory. I was >simply pointing out that I did not agree with it. Saying "I am not a Libertarian" does not tell me much about your underlying political philosophy. I would expect to see something along the lines of "We are a community. We have obligations to each other... etc. etc" Of course, I have no idea if that actually is your theory. >>One nice thing about Libertarian-style discussions is that most of >>the policies are separable; that is, we can discuss redlining >>without discussing highway privatization. This makes a nice >>contrast to other styles of discussion in which the proposed scheme >>only works if everybody participates. The most extreme example was >>Marxism where it was claimed that it would fail if the entire world >>was not Marxist. > >You appear here to admit that it is possible to favor one libertarian >policy while disagreeing with another. That is what I am doing. And I have explained, in glorious detail, why I disagree with you. I have not said that you are inconsistent because you do not subscribe to the ideal libertarian society. I am not sure what such a society would be. >>I used the word "forewarned" once. I said that it would be hard to >>believe that even wealthy African-Americans were racist in their >>lending practices. I still find it hard to believe. >> >>It may surprise you to know that I am not all the interested in >>whether you call yourself a Libertarian. > >Doesnt suprise me at all. You are only interested in your political >philosophy. When it is relevant to my political philosophy and the >way in which I would make policy decisions apprently it is >irrelevant. It is not to me. No, please tell me about your political philosophy. I am not asking which political party you vote for - I am more interested in why you vote for it. >I believe as I do, that racism harms people. I do so because of my >personal experiences. Among these are employees explaining to me the >nature of the discrimination that they have suffered, their inability >to pursue any such claims because of a lack of both self-confidence >as well as capital, the faces of their children that do not yet >understand the nature of the world they have been brought into and >the immense stress on familial relationships caused by the lack of a >job caused by employment discrimination. Now this is real progress. Glad to see it. >Ill even discard the borderline cases and refer to the slam dunk >cases out there. I live and work in Milwaukee, Red. People are >fired and told they are fired because they are black. I have settled >cases with no dispute of these facts. I am curious why people hire an African-American person in the first place if they are just going to fire them later. That doesn't make sense to me. (And, no, I am not being sarcastic, I would like to hear an explanation.) >All of the personal harm and more was suffered by my clients. This >is part of the reason for my perception. I wish I lived where you >did where racism hurts nobody. Just give me a general location and >Ill start to move my clients there ;-|. I think the personal harm is in the minds of your clients. If you are fired and your manager says "it's because you're black", this does not have to be depressing. It says a lot about the manager and nothing about the employee at all. It must be worse to have your manager tell you that you are a fuck-up and an incompetent and that you can't get your act together and have to be fired. The real problem is that a lot of people have accepted some bad ideas. There is still an idea that there is something wrong with being an African-American rather than recognizing that, maybe, some unsavory characters live in the United States. I also fail to understand why anybody would want to work for a racist, even if you can force the relationship on the employer. Red Rackham From markm at voicenet.com Wed Dec 11 18:13:55 1996 From: markm at voicenet.com (Mark M.) Date: Wed, 11 Dec 1996 18:13:55 -0800 (PST) Subject: Java DES breaker? In-Reply-To: <199612112233.QAA02084@manifold.algebra.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 11 Dec 1996, Igor Chudov @ home wrote: > I do not see any reason why Java code cannot be compiled. I think that > now there are java compilers available. Maybe even browsers will have > smarts to compile code that they execute. I assume you mean compiling Java bytecode to native machine code. I don't know of any program that can do this, but Cygnus is developing a Java compiler that compiles Java to a stand-alone executable. Details at http://webhackers.cygnus.com/webhackers/projects/java.html . Mark - -- finger -l for PGP key PGP encrypted mail prefered. 0xf9b22ba5 now revoked -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMq9q/izIPc7jvyFpAQEmqAf/RVn2U+qXk3GZkfwi7NrA6UbbGhbCAp3u hIGUpHyNYPKmcYSrFRuxZN+X0umjkBFc8DVGp/mhY+Sp7W/HT53r9I3sTd8uBs/r z/KtRq3B8eM3rIJTGgSuOaDH4CG9JCAhQvS1HjaHLtKwKeUeQImQ79tpyt9i1DH5 5OvJVzyKQ1/EBKU4hTa+gf8NF7s8xIA6TULCnC5QJPpM+k0YljRUpYG1aXNHYwbI dvylH+9ppYkoeFV2FSQuSS1ElIfLoyzYHlAjOqh5CE0+WqGAh1gDFPJ3fg6hlP73 2BAC9Iid5kWv9Eqi46d6XoJAXukphH9YRAqRcfCNH2kZvgNlPmx95w== =yo31 -----END PGP SIGNATURE----- From nobody at huge.cajones.com Wed Dec 11 18:28:00 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Wed, 11 Dec 1996 18:28:00 -0800 (PST) Subject: Redlining Message-ID: <199612120227.SAA21192@mailmasher.com> At 6:24 PM 12/11/1996, E. Allen Smith wrote: >From: IN%"mjmiski at execpc.com" "Matthew J. Miszewski" 11-DEC-1996 >16:21:56.21 >>Actually, my assertion was that the basic motivation was racism and >>ignorance. My example of student loan default rates should clear >>that up. College graduates generally live outside of redlines and >>yet are regularly offered credit. And yet default rates on student >>loans are outrageous (the government backing of these loans is >>irrelevant to individual creditworthiness). > >That some groups not within redlines have high default rates is not >an argument against groups within redlines having high default rates. >The market distortion caused by government sponsorship is certainly >relevant to whether individuals are offered credit; I would suggest >that in many cases the students in question would not be offered >credit, as per their high default rates, if it were not for >government sponsorship removing the risk from the lender. I have personal experience with cases where the lender (actually the company which bought the loan) misrepresented a loan default apparently in order to get reimbursed by the government. The government requires the lenders to make a certain number of contacts with the borrower before declaring a default. In this case, the lender simply lied about the contacts. Payments had been interrupted as a consequence of confusion relating to the change in procedure when the loan was sold. One presumes that this was not accidental and that somebody had a roaring little business going. I have no trouble believing that the student loan market would quickly dry up were the government to get out of the business. Red Rackham From ddt at pgp.com Wed Dec 11 18:35:05 1996 From: ddt at pgp.com (Dave Del Torto) Date: Wed, 11 Dec 1996 18:35:05 -0800 (PST) Subject: Cypherpunks Dec Mtg / upDate + TEXT-only version Message-ID: Re-Salutations, For those who can't get to the web page for one reason or another, the Cypherpunks December 96 Physical Meeting being hosted by PGP Inc is scheduled for: Saturday 14 December, 11am-5pm PST. My apologies for not being specific in the previous SMTP version. Reminder: _please_ RSVP ASAP as follows: That's a reply to this mail/address with the subject: "cpunks-mtg-rsvp" (no quotes). Thanks to all who've RSVP in compliance with this request so far: I'm no longer worried about being there alone. ;) Note: since there is a limit to the number of people we can fit in this meeting room (above which the Sofitel will no longer "look the other way"), as soon as we go over 100 RSVP's I'll post a notice (this evening, at this rate). We certainly don't want to discourage anyone from showing up, but be aware that there are physical limits involved, so let us know ASAP. dave PS: Here's a TEXT version of the most up-to-date web content: ................................. cut here ................................. -----BEGIN PGP SIGNED MESSAGE----- Cypherpunks December 1996 Physical Meeting [text version] hosted by Pretty Good Privacy, Inc. This meeting is being held on United States Soil and is open to the General Public. Web URL (includes map): ________________________________________ Contents: DATE/TIME LOCATION PURPOSE and AGENDA NOTES Please RSVP! Demos Handouts/Raffle PGP Key Exchange Meeting Time PGP/MIME BOF at the IETF PGP Engineers Directions to the Meeting From the North or East Bay From the South Bay ________________________________________ Important Summary Information: Attendee RSVPs: mail to: subject: cpunks-mtg-rsvp General info queries mail to: subject: cpunks-mtg-info-request Agenda proposals mail to: subject: cpunks-mtg-agenda-request Demo requests mail to: subject: cpunks-mtg-demo-request Demo/Agenda item deadline: 11:59pm PST Thursday 12 December 1996 ________________________________________ DATE/TIME Saturday 14 December 1996 11am to 5pm PST ________________________________________ LOCATION Hotel Sofitel, 223 Twin Dolphin Drive, Redwood Shores, California 94065 +1.415.598.9000 main hotel telephone Room location: ask at hotel Main Desk or follow "Cypherpunks" signs. ________________________________________ PURPOSE and AGENDA The Cypherpunks group is an informal, open-membership group dedicated to various topics on Cryptography and Privacy, and the agenda is determined by the people who attend. Various software and public-interest issues may be discussed. The final agenda for the December meeting will be announced at the meeting based on agenda items submitted by email (see below). The Cypherpunks December 96 Physical Meeting is being hosted by Pretty Good Privacy, Inc in a meeting room at the Hotel Sofitel (see below) that can accomodate up to 100 people. There will be refreshments/snacks, and I think this qualifies as a "cypherpunk milestone" of sorts, so we hope lots of people show up. The meeting has been advertised through numerous Internet resources and in the print media (SJMN Classified Notices 12/7 & 12/8). Please contact me for general information, or to submit an item for the meeting's agenda. Agenda items must be submitted by email with a brief textual summary which should specify any computer or AV equipment needed. The deadline for agenda item requests/proposals is 11:59 PM Thursday 12 December. Dave Del Torto (December chairperson) ________________________________________ NOTES Please RSVP! Please RSVP if you plan to attend. Tell/bring your friends as well. PGP Inc has rented a meeting room (plus amenities) that can accomodate up to 100 people for the meeting. Besides the maximum capacity restrictions on the meeting room (fire codes), it's important that we have an idea of how many people plan to attend as soon as possible before the meeting, because we're also arranging for refreshments/snacks (you do not need to bring anything to eat/drink this time). Thank you for your consideration. Demos If you want to make a Cypherpunks-related presentation or demo software/etc at the meeting, please notify the chairperson before the meeting. (ASAP!) Everyone with something to say or show is encouraged to bring/show it (even stuff that's already been demoed before but which has been updated). The cutoff date for demo reservations is also 11:59 PM Thursday 12 December. We can try to have the equipment you might need ready if you list what you need in detail (and early): otherwise, bring your own equipment. Though we'll do our best to accomodate everyone, if you wait until the last minute, there may not be room for you unless you have something very simple/brief, so please bear that in mind. There will be overhead projector for transparencies and an RGB projector for laptops. Net connections (analog modem, ISDN) can be arranged with enough advance notice. Right now, we have not arranged anything beyond a Metricom modem (28.8Kbps), but we can arrange an analog modem line or even an ISDN if there's a specific need. Tell me soon(!). Handouts/Raffle Paper handouts are welcome: please give me your stack for the handout table when you arrive. There will be door-prizes from PGP, but supplies will be limited if 100 people show up. We will also to raffle off some PGP software (ViaCrypt stuff, upgradable when our new versions arrive). PGP Key Exchange Bring a printout of/screen with your PGP key fingerprint. Or a diskette version if you want to have it signed (or both). We'll have a "key exchange moment" at the end of the meeting to faciitate expansion of the PGP Web of Trust. Meeting Time Meeting time is 11 AM to 5 PM. This is slightly earlier than usual for a Cypherpunks meeting because we have to be out of the meeting room shortly after 5 PM (so a wedding can be set up), but we can meet in small informal groups in the hotel lobby/bar after the meeting. PGP/MIME BOF at the IETF The IETF's PGP/MIME BOF is the previous morning: Friday 13 Dec, 9:00-11:30 AM (Crystal Room, Fairmont Hotel, 170 South Market St. in Downtown San Jose, 408.998.1900 main). Remember: it's a "Birds Of a Feather" session on the last day of the IETF conference (make of that what you will). Please come by if you want to help support RFC 2015 so PGP/MIME can take the next step toward IETF Working Group discussion so we can eventually move it further along the IETF Standards Track. Anyone who's at the IETF is of course encouraged to stay over until Saturday and come to the Cypherpunks meeting too! PGP Engineers PGP's engineering staff is being encouraged to attend the Cypherpunks meeting: not to compromise trade secrets or strategic plans, but to listen to, and/or answer if possible, reasonable questions/bug-reports/feature requests/etc. Persons interested in employment opportunities at PGP Inc are also encouraged to attend and bring a resume/diskette/etc. Directions to the Meeting The Sofitel is just off Twin Dolphin Drive a few blocks south of Oracle's silvery towers (hard to miss). Parking is available in the hotel's parking structure. From the North Bay (East Bay attendees: first cross the San Mateo Bridge/Hwy 92 west). SOUTH on 101 (Bayshore Freeway). EXIT at Ralston Ave/Marine Parkway. GO EAST on Marine Parkway toward SF Bay (Oracle is on the left). RIGHT on Twin Dolphin Drive (2nd light after the overpass) Follow Twin Dolphin (curvy) for less than a mile. LEFT on Shoreline Drive. The Hotel Sofitel is on your left. From the South Bay: NORTH on 101 (Bayshore Freeway) to Redwood City EXIT at Holly Street/Redwood Shores Drive. GO EAST on Redwood Shores Drive (toward SF Bay). LEFT at Twin Dolphin Drive (2nd traffic light) Follow Twin Dolphin (curvy) for less than a mile. RIGHT on Shoreline Drive. The Hotel Sofitel is on your left. ________________________________________________________________________ Copyright 1996 Pretty Good Privacy, Inc., All Rights Reserved. PGP, Pretty Good, and ViaCrypt are registered trademarks of PGP, Inc. Pretty Good Privacy is a trademark of PGP, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv Comment: Verbum sapienti satis est. iQCVAwUBMq9fFaHBOF9KrwDlAQHHTwP/Vyv/wrfHJP0DES52RMZbeCxKgd+xK3qm 6/QobqKB8iR/hYWZ0r1qW5TMsz6vlhphVyp5uYEac2yPJ+7GNAMCU8VHK56IshUN qeZhAWSZF8TCwegIQKWB/CP4yzkj/yHsy0jkWITRk4ghOA+96+W0QZrxHPcRtAGu LkA1LeupEfw= =kfOi -----END PGP SIGNATURE----- From jer+ at andrew.cmu.edu Wed Dec 11 18:44:10 1996 From: jer+ at andrew.cmu.edu (Jeremiah A Blatz) Date: Wed, 11 Dec 1996 18:44:10 -0800 (PST) Subject: Check out today's Salon In-Reply-To: <32AF118D.3970@apple.com> Message-ID: <0mfr3d200YUf0Bmt40@andrew.cmu.edu> -----BEGIN PGP SIGNED MESSAGE----- A less obnoxious URL is "standing on top of the world/ never knew how you never could/ never knew why you never could live/ innocent life that everyone did" -Wormhole -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMq9wsckz/YzIV3P5AQHuRAMAihwGvjP5j2vX7eno1osh2w6W5ECeEQJD ETyWYFwjopvgz5bMTMaQ8DOBSxhiWT0YZNr3jZX8Gj7uZMG1lY6ucW6bquExlYzc O2IPmrBS+mbTrulGIh59ih5keT0ihlHb =9IET -----END PGP SIGNATURE----- From dthorn at gte.net Wed Dec 11 18:54:45 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 11 Dec 1996 18:54:45 -0800 (PST) Subject: WEB: Yahoo/Firefly Website recommendation service In-Reply-To: <3.0.32.19961211115710.00ce9cb0@pop.firefly.net> Message-ID: <32AF7367.7982@gte.net> Alexander Chislenko wrote: > Firefly Network Inc. has just launched a public beta of our website > recommendation service on My Yahoo! This service is the result of a > partnership between Yahoo! Inc. and Firefly Network, Inc. in application > of Automated Collaborative Filtering (ACF) technology to the Web. > It allows users to find interesting websites interest and like-minded > people, and otherwise help the user navigate the vast domain of sites > and people in an intelligent and personalized way. I tried Firefly. What a waste. Unless your tastes in most things entertainment-wise are pretty mundane (music=Pearl Jam, Prince, other mainstream drek), they won't be able to find a match at all, no matter how much information you give them! From kozubik at shoelace.FirstLink.com Wed Dec 11 19:11:41 1996 From: kozubik at shoelace.FirstLink.com (John Kozubik) Date: Wed, 11 Dec 1996 19:11:41 -0800 (PST) Subject: Speaking of Redlining.... Message-ID: Please do not respond on the list, as this does not need to clog it up further. I am 19 years old, and I make 60,000 (verifiable income) per year. I have a 2000 dollar down payment. NOBODY will give me a loan. Everyone tells me my credit is fine, and yet, I cannot get a car loan to save my life. I have so far only tried major banks and GMAC finance. If anyone has any information that could help me find a place in the denver area that would give me a car loan (or anywhere really - money can be wired from anywhere) PLEASE let me know. I am trying to get a ~35,000 car loan - so far EVERYONE has just straight up told me I am too young (even though I make twice what these people make :) ) Thanks... From adam at homeport.org Wed Dec 11 19:14:44 1996 From: adam at homeport.org (Adam Shostack) Date: Wed, 11 Dec 1996 19:14:44 -0800 (PST) Subject: New export controls to include code signing applications In-Reply-To: Message-ID: <199612120310.WAA18334@homeport.org> Timothy C. May wrote: | of crypto software, they try to limit the export of anything with "hooks" | for adding crypto outside the U.S., they try to limit export of crypto | knowledge, and here they're even trying to limit _signing_ software? | | What's next? Maybe they'll try to limit the dispensing of _legal advice_ by | U.S. attorneys to foreign clients. I'm not sure we should be discussing what's next, or how we'll monkey wrench it, before it comes out. Clipper I was mishandled. Clipper II was mishandled. Clipper III looked like it might have had a chance before the administration fumbled the ball with letting the FBI have a veto. Those folks do learn, and they may be learning from their presence here. The NIST meeting, which Pat Farrel reported on, had questions about not interacting with rouge applications, not super-encrypting a data stream, and other things that we talked about and reminded the Feds to deal with. I say let them propose; let them build systems. Then attack them. Why let them release proposals that already deal with our attacks? Incidentally, was Mykrotronix a cheap buy because they bought into Clipper? Is that what happens to companies that try to get all their nourishment from the GAK teat? Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From adam at homeport.org Wed Dec 11 19:23:40 1996 From: adam at homeport.org (Adam Shostack) Date: Wed, 11 Dec 1996 19:23:40 -0800 (PST) Subject: New export controls to include code signing applications In-Reply-To: <3.0.32.19961211163934.006a08a0@netcom14.netcom.com> Message-ID: <199612120319.WAA18401@homeport.org> These are important, and damaging changes to the regulations. My thanks to Lucky for pointing them out. Previously, authentication technologies, signatures and integrity checkers had specific exemptions. I suggest those journalists who lurk here call companies like Digital Pathways, McAffee, Symantec, and see if they are aware of these proposed changes. Adam Lucky Green wrote: | It has been speculated in the past that certain crypto schemes, such as | proposed by Microsoft and Sun, using signed crypto plugins might be helpful | to the cause for strong crypto if non-US branches of US software companies | would certify foreign developed crypto software. | | According to the recent proposal by Commerce, this will not happen. It will | be illegal to export the software required to sign the code. So much for | the government's claim that they make no attempt to limit the export of | signing-only software. | | >From http://www.steptoe.com/commerce.htm | | [Listing specific software prohibited from export] | "c.2. "Software" to certify "software" controlled by 5D002.c.1; " | | And, btw, virus checkers are also prohibited from export. Makes you wonder. | | "c.3. "Software" designed or modified to protect against malicious computer | damage, e.g., viruses;" | | | -- Lucky Green PGP encrypted mail preferred | Make your mark in the history of mathematics. Use the spare cycles of | your PC/PPC/UNIX box to help find a new prime. | http://ourworld.compuserve.com/homepages/justforfun/prime.htm | -- "It is seldom that liberty of any kind is lost all at once." -Hume From shamrock at netcom.com Wed Dec 11 19:24:25 1996 From: shamrock at netcom.com (Lucky Green) Date: Wed, 11 Dec 1996 19:24:25 -0800 (PST) Subject: Official Prediction [was:Re: New export controls to include code signing applications] Message-ID: <3.0.32.19961211192429.006a5f14@netcom14.netcom.com> A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 1577 bytes Desc: not available URL: From bal at martigny.ai.mit.edu Wed Dec 11 19:37:35 1996 From: bal at martigny.ai.mit.edu (Brian A. LaMacchia) Date: Wed, 11 Dec 1996 19:37:35 -0800 (PST) Subject: Why PICS is the wrong approach Message-ID: <3.0.32.19961211223708.0075996c@martigny.ai.mit.edu> At 01:11 PM 12/11/96 -0800, you wrote: > >PICS is the wrong approach becuase it oversimplifies the ratings of >content, because it places the ratings made by the author in the payload >itself, and because third-party ratings systems are cut out of the loop >(effectively). Um, first, there's nothing in the PICS spec that requires ratings to be embedded with the content. PICS labels can be distributed one of three ways: 1) embedded in the content, assuming there's a method of embedding defined for the particular type of content. (For HTML, you can put it in a META tag.) 2) sent "along-with" the content as part of the transmission protocol. (For HTTP, there's a standard by which PICS labels can be sent as RFC-822 headers in the HTTP reply, but no one is using that to the best of my knowledge.) 3) distributed from the third-party label bureau. Method of distribution is independent of author of the label, too. It's perfectly reasonable for the author to distribute labels for his content via a third-part label bureau, or for an author to embed a label from the GoodMouseClicking page rating service within his document. By the way, PICS labels nominally apply to a document named by a particular URL. You can elide the URL, I think, if the label is sent along with the content or embedded within the content, but when you ask a label bureau for labels you request them by URL. Second, I don't see how PICS oversimplifies content rating. If anything, I would expect complaints that PICS complicates things too much because there can be an infinite number of rating systems and a human is forced into the loop to read and evaluate the meaning of any particular rating system. It is true that PICS currently only permits rating values to be numbers, but enough PICS users need non-numeric values that I expect this to be changed in January at the PICS WG meeting. >One computerish way to think of this is that the "binding" is too early. At >the time of distribution, say, I mark my work something with some PICS >label, based upon my best understanding of the PICS labels, ratings, >agencies, and laws. But once set, the "binding" has been made. Later >reviews or reviews by other entities cannot affect the binding, at least >not for this distributed instance. It's true that reviewer B cannot affect reviewer A's labels, but B can make statements about the quality of A's labels, and I can choose (in a more general trust management environment) to accept labels only from label authors who are vouched for by some particular vouching service. So GoodMouseClicking might say I'm a reliable rater of content in "Bal's crypto-relevant rating service" but a lousy judge of pages for "Joe's cool jazz pages rating service." >More importantly, the "payload" does not carry some particular set of >fairly-arbitrary PICS evluations. Binding by the censors instead of by the >originator, which is as it should be. The Feds obviously believe in "encouraging" self-rating as a means of defending yourself when they haul you into court, but in general I think people will tend to defer trust to particular third-party ratings services that they choose over an author's self-labels. After all, if I'm looking for movie reviews the last thing I read is the self-promotion put out by the distributor; I look for a third-party I know who tends to agree with my tastes. Same thing with product reviews (e.g. Consumer Reports) or book reviews. --bal From dthorn at gte.net Wed Dec 11 19:38:05 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 11 Dec 1996 19:38:05 -0800 (PST) Subject: Credentials without Identity--Race Bits In-Reply-To: <199612112346.PAA26588@mailmasher.com> Message-ID: <32AF7D22.6D7@gte.net> Huge Cajones Remailer wrote: > At 12:38 PM 12/11/1996, Timothy C. May wrote: By the way, on this > >oftentimes off-topic issue of "bigotry" and "racism," here's a zinger > >some of you may not have thought much about. And it's certainly > >related to the themes of Chaumian "credentials without identity," > >which is very much on-topic. > >Consider a "race credential" offered by some entity. Perhaps one goes > >down to the local Aryan Nations office and gets one's genetic > >heritage stamped, or down to the Kwanzaa Youth Center to be similarly > >stamped.... > >(Why some groups might want this is left as an exercise for the > >reader. Perhaps a less-inflammatory example (to some of the > >sensitive amongst you) might be that some women want to interact in > >"women only" forums--a clear case of discrimination, no?--and may > >want a "gender bit" avaiable to display as a credential.) There are good things to be said for "hanging out with one's own kind" - sometimes it can facilitate getting things done, by eliminating potential sources of friction, etc. OTOH, this is largely a negatives issue, yes? Looking at positive issues, one could probably find as much interesting and enlightening in direct contact with persons of other races, religions, and cultures (if the conflict isn't too destructive), if not more so than with one's own, when one considers that growth and learning (essential to good health) bring greater conflict than when one is merely comfortable. [remainder snipped] From dlv at bwalk.dm.com Wed Dec 11 19:40:22 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 11 Dec 1996 19:40:22 -0800 (PST) Subject: Utility of Snake Oil FAQ In-Reply-To: Message-ID: "Timothy C. May" writes: > I think it's fine that the authors of the Snake Oil FAQ generated it. To > each their own. My approval is not needed, as the Cyperpunks group is > neither a collective nor a democracy. Dunno about "cyperpunks", but "cypher punks" are a bunch of clueless assholes. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Wed Dec 11 19:44:50 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 11 Dec 1996 19:44:50 -0800 (PST) Subject: Redlining In-Reply-To: Message-ID: "Timothy C. May" writes: > Whether to offer credit to some entity is, like many other such > transactions, an economic transaction which involves a number of factors: > interest rates charged, other uses for the money, expectation of payback, > government interference (distortions of markets), etc. > > As with insurance in all its various forms, the decision process involves > _probabalistic assessments_ based on avialable information, such as from > past payback data, actuarial tables, the legal system, etc. By the nature > of such probabalistic assesments, certain "lumped" categories will have to > be used: age groups, sex, For example, here are just some obvious areas to > consider: > > - age -- if under-25 persons have a 20% higher default rate on loans, "for > whatever reason," this will be a factor in setting rates or even in > granting a loan > > - sex -- if women are generally twice as likely to repay a loan, this will > be a factor > > - ethnicity -- if persons of Norwegian heritage are 4 times less likely to > default on a loan than persons of Blatislavan heritage are, a loan officer > would factor this in (absent government market distortions) > > - education -- if college-educated persons are less likely to default than > high school dropout, etc. > > ...and so on...one could make a list of several dozen categories, then run > correlation tests of various sorts. This is clearly what banks and other > lenders do in establishing loan criteria. As usual, Timmy May spouts racist, anti-Semitic shit. As usual, he has no idea what he's talking about. So what else is new... The interest that a bank charges on a commercial loan can be thought of as three components: a chunk to offset the anticipated effects of inflation; a chunk that goes into a "bad debt" reserve; and a chunk that's the economic revenue of the bank. Imagine that a bank could set its loan rates freely, without the government distorting the market. Two Brooklyn Jews (the kind of people Timmy May hates with a vengeance and wants dead :-) apply for $50K loans to open little grocery stores. The only difference is that Jew 1 (let's call him Abram) wants to open his store in Park Slope (inhabited by Jewish Lesbians) and Jew 2 (Baruch) wants to open his store in Morningside Heights (Blacks, Hispanics, a few Columbia University students). The loan officer would consider the fact that Baruch's business venture is much riskier that Abram's and charge Baruch a higher interest rate to offset the higher risk of the default. If the banks writes a lot of such loans, then on the average they'll have the same profit from all of them. Think of this as the higher life insurance premiums smokers pay - they don't add anything to the insurance company's profits. If Baruch thinks the bank charges him too much for the added risk, he can go to another bank - there are plenty of them. Now consider the distorted market where a bank can't charge Abram and Baruch different rates as determined by the free market. The bank knows precisely how risky each loan is, but is not allowed to use this knowledge. Instead the bank tries its best to avoid giving the loan to Baruch, because this loan would be riskier than the equalized interest rate makes it worth. Baruch can't open a store.* Baruch and his potential customers suffer. The bank is forced to write some Baruch loans (fewer than it would in the previous paragraph), so it tries to charge Abram higher rates that in the previous paragraph to offset the losses on Baruch loans. Abram passes on some of this higher interest to his customers. Abram and his customers suffer. Another bank might be more successful in fending off Baruch's loan application, so it'll offer Abram a lower interest rate, and he'll patronize that bank. Thus "socially undesirable" behavior is rewarded. Finally, banks that don't give loans to Baruch do less business overall, earn less profit, and their owners (shareholders) suffer. (But they'd suffer even more of their banks loaned money to Baruch at the same rate as to Abram, of course.) -- * What happens in real life is - Baruch goes to another institution that issues loans at much higher interest rates than a regular bank (often just below the usury cap, or above if it's an unregular loan shark). Abram is welcome to borrow there too, but he doesn't have to. The institution effectively specializes in loans to businesses that can't obtain loans at regular lending institutions through setting a high interest rate. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Wed Dec 11 20:11:28 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 11 Dec 1996 20:11:28 -0800 (PST) Subject: Credentials without Identity--Race Bits In-Reply-To: <199612112346.PAA26588@mailmasher.com> Message-ID: nobody at huge.cajones.com (Huge Cajones Remailer) writes: > Tim said in another message that there are times when discrimination > is rational. I have no doubt this is true. How often do we look at a > degree from MIT on a resume and hire? > > The degree to which we fear cryptoanarchy is the degree to which we > fear leaving people alone to run their lives as they see fit. I do > not greatly fear cryptoanarchy. > > Red Rackham Yes, even Timmy sometimes tells the truth. It's rational to discriminate against people who don't know C when you're trying to hire someone to write C programs. How profound. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From rah at shipwright.com Wed Dec 11 20:16:16 1996 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 11 Dec 1996 20:16:16 -0800 (PST) Subject: NEWS: Web Security Hole Revealed Message-ID: --- begin forwarded text X-Sender: okeefe at olympus.net Mime-Version: 1.0 Date: Wed, 11 Dec 1996 19:32:32 -0800 To: N E W S R E L E A S E From: "Steve O'Keefe" Subject: NEWS: Web Security Hole Revealed BREAKING NEWS For Release Thursday, December 12, 1996 MAJOR WEB SECURITY FLAW REVEALED (New York) -- Edward Felten, head of Princeton University's Safe Internet Programming Team (SIP), today revealed a major security flaw in the Internet's World Wide Web. Called "web spoofing," the breach allows any Internet server to place itself between a user and the rest of the web. In that middle position, the server may observe, steal and alter any information passing between the unfortunate browser and the web. All major web browsers are vulnerable to web spoofing, including Netscape Navigator and Microsoft Internet Explorer. Using web spoofing, a person can acquire passwords, credit card numbers, account numbers, and other private information, even if transmitted over an apparently secure connection. The Boston Globe published an article about Felten's findings in this morning's "Plugged In" column. The story was written by Simson Garfinkel, technology columnist for HotWired's "Packet" news service. The complete story can be found at the following URL: http://www.boston.com/globe/glohome.shtml Felten will be demonstrating web spoofing TODAY, Thursday, December 12, at the Internet World expo at the Jacob K. Javits Convention Center in New York City. The demonstration will be held at the Wiley Computer Publishing Booth (#822) at 2:00 pm Eastern Time. The web flaw is just the latest in a series of major Internet security problems uncovered by Felten and his team. Felten documents some of these problems in his new book, "Java Security: Hostile Applets, Holes, and Antidotes" to be published in January by Wiley Computer Publishing. For an advance review copy of the book, simply reply to this e-mail. For further information, please contact: Edward Felten: felten at cs.princeton.edu (917) 972-3693 (cellular phone at Internet World) (609) 258-5906 (Princeton University) Jeffrey DeMarrais: jdemarra at wiley.com Wiley Computer Publishing (212) 850-6630 (review copies, interviews) Java Security Web Site: http://www.rstcorp.com/java-security.html Safe Internet Programming Web Site: http://www.cs.princeton.edu/sip/ --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/ From mjmiski at execpc.com Wed Dec 11 20:20:37 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Wed, 11 Dec 1996 20:20:37 -0800 (PST) Subject: Redlining Message-ID: <3.0.32.19961211222012.00698508@execpc.com> -----BEGIN PGP SIGNED MESSAGE----- >(Let me add that remailers are great. I would be reluctant to express >these ideas in any other way for professional reasons.) hehehe. >(Those who don't believe me should get "Love Supreme" by John Coltrane >and listen to it carefully about 20 times. There are layers and And what was it that Bird's contemporary society called him? Was it crazy? This is one of the social ills potentially caused by discrimination. Far more important to me than the politics of any time is the music that a time period presents. But this visionary jazz musician was all but discredited by the musical environment of the times. Thankfully, it survived on its merits. But imagine if the campaign to discredit Coltrane had been successful and my young ears never experienced that beauty. That is part of the potential harm I am talking about. >At any rate, those who wish to enlighten their fellows on the subject >of racism can do better than "it's just wrong." Many of us take many different routes. Most of us fill our days taking action and have precious little time to enlighten people other than those they encounter daily. > >Red Rackham > Matt -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMq+H+LpijqL8wiT1AQEilQQAj4OeVtlDt8OKZmQ6ntLtlG04mMmkRDMa SDSvr0wOuWb5fDQ/TZSB681giFuGOQAtxFMsoZCOM2hodUd0FpbQqTd/EuStEMDp /4doFWAlMoJLs9VK5cAIOppYzVl68NmUoYA/v96ZRHkIaRlV6Ovgfb0ObAB3XT+E HZIrmY82lig= =gn6/ -----END PGP SIGNATURE----- From shamrock at netcom.com Wed Dec 11 20:31:09 1996 From: shamrock at netcom.com (Lucky Green) Date: Wed, 11 Dec 1996 20:31:09 -0800 (PST) Subject: New export controls to include code signing applications Message-ID: <3.0.32.19961211203037.006a4e58@netcom14.netcom.com> A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 2085 bytes Desc: not available URL: From froomkin at law.miami.edu Wed Dec 11 20:32:31 1996 From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law) Date: Wed, 11 Dec 1996 20:32:31 -0800 (PST) Subject: Silly me ... In-Reply-To: <199612112036.MAA05582@ohio.chromatic.com> Message-ID: I have no idea if this is in reference to some thread I missed, but I think it's unfair. The evidence of this will be this year's CFP, chaired by the same Kent Walker. On Wed, 11 Dec 1996, Ernest Hua wrote: > About 2 years ago, I attended CFP in San Francisco (really San Mateo, > but who's counting), and I ran across a presentation by an ex-Justice > Department dude named Kent Walker presenting the government's side of > the encryption/wiretap debate. > > He really seemed nice enough, and I tried to chat with him. My topic > was how could a good meaning hacker help good meaning government dudes > figure out details to policies so that everyone is happy. > > Little did I know at that time that this is the same Walker that was > quoted by Meeks as saying cute lil' gems like ... > > "If you ask the public, 'Is privacy more important than catching > criminals?' They'll tell you, 'No.'" > > ... and ... > > "It's easy to get caught up in the rhetoric that privacy is the > end all be all." > > After a little bit of frustration, I wrote him off as someone cashing > in on his Justice days to be some VP of government relations (a.k.a. > lobbyist) with Air Touch. > > Perhaps there is something slightly more spooky with this character > than I originally thought. > > Ern > A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) ** Away from Miami -- and at times from the 'net -- Dec. 12 to Jan. 8 ** Associate Professor of Law | U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's warm here. From mjmiski at execpc.com Wed Dec 11 20:39:04 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Wed, 11 Dec 1996 20:39:04 -0800 (PST) Subject: Redlining Message-ID: <3.0.32.19961211223821.006a1fe4@execpc.com> -----BEGIN PGP SIGNED MESSAGE----- (snip) >I have no trouble believing that the student loan market would quickly >dry up were the government to get out of the business. Just wanted to clear up that my reference to student loans was not meant to start a discussion of the granting of _those_ loans. It was meant to spark a discussion of the lending to those borrowers *after* they graduate. As a group, their default rate is generally high. And yet, as a group, the extension of credit to these people is not systematically denied (as in redlining). I take responsibility for the thread being confused as I believe my first mention of it was unclear. mea culpa. > >Red Rackham > Matt -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMq+MOLpijqL8wiT1AQFASQQAmyDZh6duHqn2EOMu6vHG4EH7YFOLC/3c UX7WQTeFTJRdstsdot8kbooCpKq6N23m06dBjiiswAs7rLLEypywfKzC1miS5FO0 4sEh0za3Eh7QuGKZJICosl28Y2n6m8XLV8GYMVwRWdWvWMa+/xdtfHZtdji80V75 utym7+FTApY= =/gNF -----END PGP SIGNATURE----- From ichudov at algebra.com Wed Dec 11 20:42:57 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 11 Dec 1996 20:42:57 -0800 (PST) Subject: Redlining In-Reply-To: Message-ID: <199612120438.WAA04640@manifold.algebra.com> Timothy C. May wrote: > At 5:07 PM -0600 12/11/96, Igor Chudov @ home wrote: > >Correlation is not an evidence of discrimination, at least to me. > > > > Nor is it to me. So neither of us will likely object to the neural > net-based lending programs which feed in a bunch of applicant data points, > train the net by providing feedback on who repaid their loans and with what > complications, etc. Even if such nets end up rejecting > "otherwise-qualified" (a la your other post) applicants in such a way that > the accept/reject ratios appear strongly correlated with certain > ethnicities? > > (Another member of the list sent me private e-mail about his experiences > writing a "scoring program" for a bank making just the kinds of loans we're > talking about here. He recounted his bank's very real experiences with loan > paybacks by various ethnic and national groups. Nothing very surprising, to > me.) My readings on neural nets made an impression that they are not necessarily good at all. - Igor. From ichudov at algebra.com Wed Dec 11 20:51:55 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 11 Dec 1996 20:51:55 -0800 (PST) Subject: Speaking of Redlining.... In-Reply-To: Message-ID: <199612120445.WAA04706@manifold.algebra.com> John Kozubik wrote: > Please do not respond on the list, as this does not need to clog it up > further. > > I am 19 years old, and I make 60,000 (verifiable income) per year. I > have a 2000 dollar down payment. > > NOBODY will give me a loan. Everyone tells me my credit is fine, and > yet, I cannot get a car loan to save my life. > > I have so far only tried major banks and GMAC finance. > > If anyone has any information that could help me find a place in the > denver area that would give me a car loan (or anywhere really - money > can be wired from anywhere) PLEASE let me know. > > I am trying to get a ~35,000 car loan - so far EVERYONE has just > straight up told me I am too young (even though I make twice what these > people make :) ) > Try it again with a 10,000 down payment. SHouldn't be a problem with this kind of income. It may help. - Igor, who would never buy a car costing more than 1/10 of his annual income. From tcmay at got.net Wed Dec 11 20:56:18 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 11 Dec 1996 20:56:18 -0800 (PST) Subject: Debate on this list In-Reply-To: <199612112315.PAA21045@mailmasher.com> Message-ID: At 3:15 PM -0800 12/11/96, Huge Cajones Remailer wrote: >Didn't Tim May originate the "Generation of Science" thread or, >earlier, the sliderule thread? I don't think either topic can said to >be strictly cypherpunk unless a discrete logarithm sliderule has been >invented. > >The truth is that I enjoyed those threads as did most others on the >list. I would like to see more like them. And, I dare say that my >posts are more worthwhile than 7 out of 8 posts we've been seeing on >the list lately. Of course I write stuff that is not necessarily "crypto relevant"...we all do. The list is a discussion of issues important to the members of the list: there has never been a formal charter or set of rules on what is "allowed" and what is "not allowed." However, traditionally libertarian vs. socialist debates are seldom useful, and about as welcome on any list (even libertarian lists) as are debates about abortion, gun control, and other such contentious issues. And my point about preferring a "well-formed question" was related to what I said about the huge back-and-forth debate between Red Rackham and Matthew M., which I found too convoluted to follow. I favor well--formed essays; I try my best to write such essays myself. Recall that I specifically said: "Many of the posts by Matt M. and "Red Rackham" and others have been so massive, containing paragraph-by-paragraph rebuttals of political and ethical points, that I've just given up on trying to follow the points." This is what sparked my request for well-formed questions. Interestingly, Matthew M. did just this, in private e-mail. He phrased several questions about crypto anarchy, and implications for the underclasses, and I answered his questions. He is free to post his questions and my answers if he wishes to. >Point 1: You obviously find the subject interesting enough to comment >on it. Others probably also find it interesting. Personally, I think the implications of strong cryptography for "redlining" are indeed on-topic, and interesting. I said as much, and have written several articles yesterday and today on precisely this topic. What I _don't_ find very on-topic, personally, are rambling debates about social justice, labels such as "bigoted" and "racist," and what governments should do to subsidize those who have failed to prepare themselves for the modern world. >Point 2: Excuse me if I am wrong, but your comments look to me to be >precisely on topic for this list, anyway. Thank you. I said it was interesting, just not the "traditional libertarian debate" about social justice and "what to do about the poor." It is rarely fruitful. >This obsession of "on topic/off topic" is not healthy for the list. >It stifles brainstorming and the free exchange of ideas. I'm not so obsessed with this...you must be knew to the list, or you'd've known of my views on this. >P.S. Sorry for the length of some of the messages. That Miszewski had >the temerity to actually stand up for his beliefs, so it was >unavoidable. I have a feeling not more than 5 people even skimmed your extremely long and detailed messages replying to Matthew (in my case, I gave up after several screenfuls, with my scroll bar showing I was only partly through the message!). You might consider instead just picking a couple of his points and using them to make your own points...responding to every single paragraph is rarely effective. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dlv at bwalk.dm.com Wed Dec 11 21:00:25 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 11 Dec 1996 21:00:25 -0800 (PST) Subject: I am a stupid cocksucker In-Reply-To: <199612120052.RAA04610@web.azstarnet.com> Message-ID: drose at AZStarNet.com writes: > Secret Squirrel wrote: > > >This Christmas Cypherpunks get a special discount: I will > >suck you off for only $5. > > > >Red Rackham > > > >PS: I always sign my posts. I am so stupid. > >PPS: Please killfile me. > > Mr Squirrel: > > As much as I may appreciate your response to Mr. Rackham's reaction to my > post, in my sole opinion, Dr. Vulis-style epithets do not contribute to > reasonable discourse on this list. You misspelled "Timmy May", asshole. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From EALLENSMITH at ocelot.Rutgers.EDU Wed Dec 11 21:10:36 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Wed, 11 Dec 1996 21:10:36 -0800 (PST) Subject: Redlining Message-ID: <01ICWIALAGOWAEL2O3@mbcl.rutgers.edu> From: IN%"mjmiski at execpc.com" "Matthew J. Miszewski" 11-DEC-1996 19:43:51.88 >>A "phone" is easy to get, too. You can get a telephone number which >>is linked to a voicemail box. You can even get this number listed in >>the telephone book, if you like. The cost of this service should be >>less than twenty dollars a month. If you want to go wild, you can get >>a pager linked voicemail number. This means your pager goes off when >>you get a message. Handy. Actually, I've heard about one charitable project in which they were giving homeless people voicemail numbers and doing just this. I believe it was in Houston or someplace else in Texas, but my memory is horribly bad. A nice effort. >If I wanted to I could repeatedly issue heart-wrenching stories of poverty >in America (similar, of course, to politicians using "real world examples" >in speeches). You seem to assume that this would be "wrong". As did Ronald Reagan in talking about "welfare queens"... as could I in discussing how my grandparents got out of poverty and have two children with MDs and one with a PhD. Statistics are preferable to anecdotal evidence for just this reason; I've seen that over and over again in science. Anecdotes are for lawyers talking to juries and demagogic politicians talking to the masses. >Once again, we disagree. You do not favor any form of government >regulation. I do favor some forms of government regulation. It seems that >the turning point for you is your belief that racism causes no real harm. >I disagree. If you really want to have a list of the harms caused by >racism, I will list them in a seperate note to you. I wish you could be >intellectually honest enough to realize these harms. I fear, however, you >will not be. While it is perfectly true that racism causes harms, that is true of most actions. When I choose to vote in favor of a Libertarian instead of a Republican or a Democrat, I am harming the Democratic and Republican candidates for a position. As I pointed out earlier, by _correctly_ deeming someone to be a poor credit risk and not lending them money, a lender is doing that person harm... to the degree that redlining due to racism causes harm. I believe, however, you're trying to claim that redlining due to racism is causing the same sort of harm as a KKK lynching. I'm afraid that it's pretty obvious that there are differences between the two. The KKK lynching is forced on one side; the other is not. You might contend that refusing to loan to someone is forcing them to do without that loan... but so is a refusal to loan money to _anyone_. The ultimate extension of this idea would lead to mandated savings accounts. In other words, there is a difference between what one should not do and what one should be punished for doing. I happen to believe that anyone who makes homophobic speech is doing something wrong... but I don't want various list members locked up on that basis. >I do not know where you live, but I live in the US. Cryptoanarchy has not >taken hold here yet. As such, my discourse is regarding the political >system in which I live. As such I favor regulating behavior between the >small number of protected classes and the small number of covered >transactions (employment, housing, etc.). You, OTOH, do not. Umm... you had earlier stated that you had decided that you were not a libertarian, and did not have libertarian beliefs. This would appear to imply that you would prefer to see such regulations even in a cryptoanarchic society... where (as Red, TCMay, and others have pointed out) they would not be possible. (I am not actually in favor of full cryptoanarchy, personally; but I am a libertarian, and I believe that an increased use of cryptography would not lead to full cryptoanarchy, but to a reduction in the size of government to where abuses such as anti-discrimination laws were not practical to enforce.) >And neither do I. On balance, I would not have accepted prohibition then, >and I do not accept it now. People also have a preference not to hire >blacks. I feel that that should not be an acceptable means of interaction >between an employer and a prospective employee. You do. That is what I >meant by drawing lines. You feel that every employer (a creation of the >state) should have the ability to act in a discriminatory fashion. I >disagree. You and I do agree that when the personal excercise is for a >drink, the government should not respond. This is because, on balance, I >believe that the excercise of that freedom is more important than the >adverse effects of alcoholism. And vice versa for employment discrimination. In other words, you are quite willing to shoot someone for being a racist... for expressing their beliefs, even if they aren't doing so by shooting at you. Ultimately, that's what we're talking about... if an employer (or a bank, or an insurance company) goes far enough, they will find a cop with a gun pointing it at them to enforce the fines et al. If it were a bunch of KKK types wanting to lynch you (or anyone else), I'd be right behind you saying they should be shot. But shooting someone for refusing to do business with you is one act of murder that I'd prefer to keep government around to _prevent_. I find it interesting that you claim that an employer is a creation of the state. I suppose that you would not consider a Mafia kingpin, or a Kali cartel boss, to be an employer? It appears that the employee-employer relationship is one that gets set up in any economy that is large enough and which has specialization of labor. It isn't a creation of the state. >Once again, I would determine policy based on several competing interests. >Aparently you would determine it on a notion of absolute freedom. I am >trying not to assume anything. And for the record, I have only supported >governmental intervention in currently accepted transactions, which do not >cover individuals wanting to hold racist beliefs. Umm... the last statement is meaningless. Your first statement essentially says that you're willing to give up freedom for security or whatever else you deem important... not advisible in the long run; that's how Hitler got started. >I believe in regulating, in one instance, employment discrimination. I do >so because I have personally seen the economic impact on the Greater >Milwaukee Area of such discrimination - both past and present. I believe X >also because I have been witness to the personal impact that such >discrimination has upon people. To take advantage of practices effective >against poverty, several of which you have mentioned, it helps to have >self-confidence and a degree of self-worth. These are directly damaged by >employment discrimination. I believe that the elimination of redlining >would help to increase capital flows into some of these affected areas. >Even if, as you stated, the elimination would allow for a few token >investments in order for banks to appear to be in compliance, that is a >willing trade off for me. It is not for you. I am not happy with people who discriminate either; I've run into entirely too many of them. But I don't consider shooting people, or (as in the present case) threatening to shoot them, to be a proper response. Quite simply, your emotions are not a justification for the use of force; the use of force against you (or someone else) is. >^^^^^^^This was, of course, my explanation before. Apparently you didnt >see it. >I was not using libertarian's ideal society in any derogitive way. At one >time I believed in it. Through self-examination I decided that it couldnt >work. Is your point that you disagree with me or that Anyone who disagrees >with you must be wrong? Given that you didn't give any cogent reasons _why_ a libertarian ideal society wouldn't work, of course Red ignored it. Make an argument, not rhetoric, not simple statements of your opinions. Your opinions are meaningless without something to back them. That doesn't mean that you shouldn't be able to have them or to voice them, of course... but it does mean that we shouldn't allow governmental policy to be based on them. > If you are really interested I will roll out what I perceive as the many >harms caused by racism. Unlike you, I am in no rush to call your reasons >for your beliefs "good" or "bad". You believe as you do. You do so >because of personal reasons. I believe as I do, that racism harms people. I would like to point out that this is a prime example of the Politically Correct variety of pluralism. Quite simply, one _must_ discriminate (in the older sense of the word) between beliefs that make sense, beliefs that do not make sense, and beliefs on which one cannot tell (e.g., theism vs atheism). One should avoid making governmental decisions - decisions involving force upon others - that are not based on beliefs that make sense. You have yet to be convincing in arguing that your beliefs make sense. >I do so because of my personal experiences. Among these are employees >explaining to me the nature of the discrimination that they have suffered, >their inability to pursue any such claims because of a lack of both >self-confidence as well as capital, the faces of their children that do not >yet understand the nature of the world they have been brought into and the >immense stress on familial relationships caused by the lack of a job caused >by employment discrimination. Ill even discard the borderline cases and >refer to the slam dunk cases out there. I live and work in Milwaukee, Red. > People are fired and told they are fired because they are black. I have >settled cases with no dispute of these facts. All of the personal harm and >more was suffered by my clients. This is part of the reason for my >perception. I wish I lived where you did where racism hurts nobody. Just >give me a general location and Ill start to move my clients there ;-|. Lack of self-confidence? Please reference my comments on emotions above to see why this _isn't_ a justified reason to threaten violence. Being fired because they're black? I'll perfectly well agree that this is wrong... to use (an admittedly much lesser) example from my personal life, I've been turned down for a job as a _word processor_ because I couldn't type fast enough on a _manual_ typewriter (in case you're wondering, my measured typing speed on a computer would have been quite fast enough). I told them they were idiots and walked out; I looked for a job someplace else. Let me assure you that a job would have been quite helpful at that point. In other words, yes, people are assholes. This doesn't justify sticking a gun into their faces, directly or indirectly, unless they're trying to kill you, steal your property, or otherwise _truly_ harm you. -Allen From dthorn at gte.net Wed Dec 11 21:18:48 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 11 Dec 1996 21:18:48 -0800 (PST) Subject: Redlining In-Reply-To: <199612120227.SAA21192@mailmasher.com> Message-ID: <32AF9518.3B1F@gte.net> Huge Cajones Remailer wrote: > At 6:24 PM 12/11/1996, E. Allen Smith wrote: >>From: IN%"mjmiski at execpc.com" "Matthew J. Miszewski" 11-DEC-1996 >>>Actually, my assertion was that the basic motivation was racism and >>>ignorance. My example of student loan default rates should clear that up. [snip] > I have no trouble believing that the student loan market would quickly > dry up were the government to get out of the business. Hallelujah! The current college system is a fatcat and indentured servant system - the tenured staff (and not necessarily the ones who provide the most service) at the schools suck up the big bucks, and the grads "owe their soul to the company store", just like the serfs of a bygone era. The more things change.... Actually, when I first came to L.A., there was a pretty good college system, where most kids with minimal finances could go for cheap, in some cases nearly free. But this was taken over (co-opted) like so many other programs that can be turned into cash cows. From mjmiski at execpc.com Wed Dec 11 21:19:58 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Wed, 11 Dec 1996 21:19:58 -0800 (PST) Subject: Redlining Message-ID: <3.0.32.19961211231927.006a49fc@execpc.com> -----BEGIN PGP SIGNED MESSAGE----- (snip) >You don't have time to explain your beliefs, but you do apparently >have the time to call me an idiot and, now, to tell me that I am >intellectually dishonest. Since you don't know much about me, the >best you can claim is that I am inconsistent. I am afraid I cannot >accept an apology which is prefaced by an insult. Get over it Red. Fine. I called your ideas idiotic. I called you intellectually dishonest. Admitedly ad hominem. Can we bypass it now? >I would not propose committing fraud. I do not understand who would You already have. >>If I wanted to I could repeatedly issue heart-wrenching stories of >>poverty in America (similar, of course, to politicians using "real >>world examples" in speeches). You seem to assume that this would be >>"wrong". > >No, this is exactly what I've been asking for. In fact, I explicitly >suggested that anecdotal evidence based on your experience would have >value. I try very hard *not* to simply apply my personal experiences to entire classes. I devalue personal stories when discussing policies and try, _try_ to examine facts. >No, the point I am making is that it should be legal to be unpleasant >so long as you are minding your business. So, employment >discrimination should be legal, but burning a cross in somebody's lawn >is a shooting offense. (Preferably on the lawn in question soon after >the defense.) Some of us see little difference. Employment discrimination causes many social problems that you causally associate with personal flaws within the people affected. I place the blame on the people discriminating. You blame the people being discriminated against. Maybe there is a degree of blame to go around. (snip) >I generally favor governmental interference when somebody is not being >left alone and is being interfered with in some way by others. I am curious as to what governmental interference you do accept. (snip) >What puzzles me is that when I mentioned the failure of poor people to >pursue these beneficial practices you said my comments were "idiotic". >Now you appear to be saying that I was right, but that poor people >lack the self-confidence to do these things. Please explain. My belief is that poor people lack some of the resources to effectuate these practices. Among these are self-confidence as well as a perception of inability. Other reasons stem from the very discrimination that I have rallied against. You are "right" in that these practices can eliviate poverty if they are implemented (meaning that people have the will and means). >No, please tell me about your political philosophy. I am not asking >which political party you vote for - I am more interested in why you >vote for it. Actually, i vote to maximize the influence that i have over public policy. That of course is not always consistent with my personal political philosophy. I could benefit from a remailer at this point and so my discussion must go ..... >I am curious why people hire an African-American person in the first >place if they are just going to fire them later. That doesn't make >sense to me. (And, no, I am not being sarcastic, I would like to hear >an explanation.) Generally agency. Hiring is sometimes done by one department and discriminatory firing by another. The principle is held responsible. Sometimes it is direct. Employers may feel that hiring certain minority groups allows them to offer lower pay scales. Then when they have a bad day, they sometimes deal with their anxiety in illegal ways. In reality, I dont think racism can be reasoned away. >I think the personal harm is in the minds of your clients. If you are >fired and your manager says "it's because you're black", this does not >have to be depressing. You are right that it does not have to. And to many it is not. To some it is. It is yet another obstacle to overcome. The obstacles do keep building up. The best way to deal with it is to train everyone to overcome it. I also favor other avenues to help. >I also fail to understand why anybody would want to work for a racist, >even if you can force the relationship on the employer. That often is the problem when it comes to remedy. No one wants to go back to work. You do your best to make whole, where no make whole relief can be found. > >Red Rackham > Matt -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMq+V2rpijqL8wiT1AQFT8QP/d01GTUu6640U4q/jqFPc2OH2qarWri6i B1GqvG23jZnJxAkJdO3uFy+krhwXYvXRIQORXXe0Y9fqMysib1Udh7de8PNlPyx0 3LjK/lOX/8I3sJTPV6IicCyM/Pwoj9bW20yCdcZDznOQjHTKHr7Q3AsPP9eGWMYw 3DgnVxhCSII= =3A+0 -----END PGP SIGNATURE----- From mjmiski at execpc.com Wed Dec 11 21:27:14 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Wed, 11 Dec 1996 21:27:14 -0800 (PST) Subject: Redlining Message-ID: <3.0.32.19961211232644.006a1994@execpc.com> -----BEGIN PGP SIGNED MESSAGE----- >Nor is it to me. So neither of us will likely object to the neural >net-based lending programs which feed in a bunch of applicant data points, You will not get objections from me either. I would advise the banks to make sure they accept all applicants and widely distribute the announcement. I would like them to make extra efforts to examine the potential market in historically redlined areas. I am not suggesting forcing them to do so legislatively. I never suggested a quota system. My point is not that inputing all data you will get equivalence between creditworthiness and racial makeup. My point is that redlining exists and I would favor the elimination of the practice. Given a good program that somehow magically gets to all potential debtors would have the result I intend. Not a quota system. Equal access to capital. Matt -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMq+XjLpijqL8wiT1AQFD0gQAl1zrV0ngwpHPn4dP3Jv8nPluNexAu/CW JtWfyMlDY0FGaIbAgqo+CejYNtDQLqqD1HRrPCmCbm3iplE1sDjWiS70loGdd5U0 PbB6Us5SXfUtCaBq4t3HcJtevhechhs4OI8nymw0sHfTrHB8/cxHx309X5t2WTZ2 znNxC8xmZ5g= =qLqz -----END PGP SIGNATURE----- From EALLENSMITH at ocelot.Rutgers.EDU Wed Dec 11 21:32:16 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Wed, 11 Dec 1996 21:32:16 -0800 (PST) Subject: Redlining Message-ID: <01ICWJ1E2BX2AEL2O3@mbcl.rutgers.edu> From: IN%"ichudov at algebra.com" 11-DEC-1996 23:46:57.12 >I would appreciate if some attorney on this list shed some light on the >legal definition of discrimination. I am not an attorney by any means, but I have looked over the Griggs vs Power decision (which effectively outlawed the use of most standardized tests, such as IQ tests, for employment purposes). A means of deciding on employment is discriminatory if the following are both true: A. Under it, members of a protected minority do worse; B. It has not been shown to be _specifically_ relevant to a job. Please note the second one; this means, effectively, that if you haven't done a full study of people who have done the job and correlated their performance with their scores on the test, it may be discriminatory. You can't use the simple information that an IQ test score is correlated with essentially all job performance measures yet done on any jobs not intended for the mentally retarded. Obviously, this task can't be done by anyone but the largest employers, and they are generally hindered in doing so by: A. Being governments or government contractors, and thus susceptible to political pressure; B. Having unions which object to any job performance measures. I'd appreciate any lawyerly comments that contradict me, particularly in view of some later (and saner) Supreme Court rulings on the matter. -Allen P.S. Please note that we cannot yet tell if the racial differences in IQ are environmental or a mixture of environmental and genetic; I believe they are purely environmental, but there is about as much evidence for this belief as there is for God's existence (something I also believe in). From haystack at cow.net Wed Dec 11 21:33:48 1996 From: haystack at cow.net (Bovine Remailer) Date: Wed, 11 Dec 1996 21:33:48 -0800 (PST) Subject: No Subject Message-ID: <9612120519.AA20735@cow.net> >Anonymous wrote: >> Dale Thorn sez: >> >Jamie Lawrence wrote: > >[snip] > >> >But nobody answered my question: Is there a shortcut way to do the >> >wipe, say, thirty times? Ordinarily, I'd run the program thirty >> >times, which would consist of a data write followed by a flush, >> >which would take 30x amount of time. > >> Buffered writes won't work for obvious reasons. You must make raw >> writes to the sectors you seek to scramble after you gather information >> about what sectors you want to write. > >That much I've known for 15 years or so.... > Hey you asked! >> The innovation you are looking for is >> called "the loop". You can implement "the loop" many ways including >> taping the end of your program to the beginning. Be careful not to >> accidentally twist the paper as this will cause your writes to become reads. >> If you are using punch cards you are SOL. sheesh. >> Remind me not to use any of Dale's "utilities". > >You would not likely ever have the opportunity to use such utilities, >since you obviously lack certain basic ingredients of intelligence. >I don't do "user-friendly" GUI programs, but I suppose this list is >full of MAC users for reasons known only to themselves (I don't want >to know). Ahh come on Dale. Lay one one us! Are you now writing "utilities" in portable batch files? I'd love to see one. Or are you a bare metal guy typing in hex codes in debug? btw, how do you like Win95? Too user-friendly for you? Message-ID: <32AE5411.6C56 at gte.net> Date: Tue, 10 Dec 1996 22:26:25 -0800 From: Dale Thorn X-Mailer: Mozilla 2.01E-GTE (Win95; U) But hey! Real men don't boot gui. Right? From drink at aa.net Wed Dec 11 21:37:44 1996 From: drink at aa.net (! Drive) Date: Wed, 11 Dec 1996 21:37:44 -0800 (PST) Subject: NEWS: Web Security Hole Revealed Message-ID: <3.0.32.19691231160000.006993e8@aa.net> At 11:14 PM 12/11/96 -0500, you wrote: >X-Sender: okeefe at olympus.net >Mime-Version: 1.0 >Date: Wed, 11 Dec 1996 19:32:32 -0800 >To: N E W S R E L E A S E >From: "Steve O'Keefe" >Subject: NEWS: Web Security Hole Revealed > >BREAKING NEWS >For Release Thursday, December 12, 1996 > >MAJOR WEB SECURITY FLAW REVEALED > >(New York) -- Edward Felten, head of Princeton University's >Safe Internet Programming Team (SIP), today revealed a >major security flaw in the Internet's World Wide Web. >Called "web spoofing," the breach allows any Internet >server to place itself between a user and the rest of the >web. In that middle position, the server may observe, steal >and alter any information passing between the unfortunate >browser and the web. > This is considered *NEW* information? From tcmay at got.net Wed Dec 11 21:45:11 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 11 Dec 1996 21:45:11 -0800 (PST) Subject: Redlining In-Reply-To: Message-ID: At 10:38 PM -0600 12/11/96, Igor Chudov @ home wrote: >Timothy C. May wrote: >> At 5:07 PM -0600 12/11/96, Igor Chudov @ home wrote: >> >Correlation is not an evidence of discrimination, at least to me. >> > >> >> Nor is it to me. So neither of us will likely object to the neural >> net-based lending programs which feed in a bunch of applicant data points, >> train the net by providing feedback on who repaid their loans and with what >> complications, etc. Even if such nets end up rejecting >> "otherwise-qualified" (a la your other post) applicants in such a way that >> the accept/reject ratios appear strongly correlated with certain >> ethnicities? >My readings on neural nets made an impression that they are not >necessarily good at all. > Hardly my point, Igor. Oh well, I guess it's pointless. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Wed Dec 11 21:50:31 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 11 Dec 1996 21:50:31 -0800 (PST) Subject: Redlining In-Reply-To: <3.0.32.19961211232644.006a1994@execpc.com> Message-ID: At 11:26 PM -0600 12/11/96, Matthew J. Miszewski wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >>Nor is it to me. So neither of us will likely object to the neural >>net-based lending programs which feed in a bunch of applicant data points, > >You will not get objections from me either. I would advise the banks to >make sure they accept all applicants and widely distribute the >announcement. I would like them to make extra efforts to examine the >potential market in historically redlined areas. I am not suggesting >forcing them to do so legislatively. I never suggested a quota system. > >My point is not that inputing all data you will get equivalence between >creditworthiness and racial makeup. My point is that redlining exists and >I would favor the elimination of the practice. Given a good program that >somehow magically gets to all potential debtors would have the result I >intend. Not a quota system. Equal access to capital. You're jumping to a lot of conclusions. In fact, the neural net program might well "rediscover redlining." Redlining is, after all, a rational response to a situation in which data are murky, competition for loans is strong, and the consequences of bad loans are serious. (I recall reading around 1986 that such "black box" loan programs were in fact "concluding" that loans to certain zip codes were not desirable.) "Equal access to capital" remains the nonsense it has been in all of these posts between Matthew and Red Rackham, and I won't get started on it here. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ichudov at algebra.com Wed Dec 11 21:50:37 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 11 Dec 1996 21:50:37 -0800 (PST) Subject: NEWS: Web Security Hole Revealed In-Reply-To: Message-ID: <199612120546.XAA05186@manifold.algebra.com> does anyone know how to crash Microsoft IIS (MS webserver)? many thanks igor Robert Hettinga wrote: > > > --- begin forwarded text > > > X-Sender: okeefe at olympus.net > Mime-Version: 1.0 > Date: Wed, 11 Dec 1996 19:32:32 -0800 > To: N E W S R E L E A S E > From: "Steve O'Keefe" > Subject: NEWS: Web Security Hole Revealed > > BREAKING NEWS > For Release Thursday, December 12, 1996 > > MAJOR WEB SECURITY FLAW REVEALED > > (New York) -- Edward Felten, head of Princeton University's > Safe Internet Programming Team (SIP), today revealed a > major security flaw in the Internet's World Wide Web. > Called "web spoofing," the breach allows any Internet > server to place itself between a user and the rest of the > web. In that middle position, the server may observe, steal > and alter any information passing between the unfortunate > browser and the web. > > All major web browsers are vulnerable to web spoofing, > including Netscape Navigator and Microsoft Internet > Explorer. Using web spoofing, a person can acquire > passwords, credit card numbers, account numbers, and other > private information, even if transmitted over an apparently > secure connection. > > The Boston Globe published an article about Felten's > findings in this morning's "Plugged In" column. The story > was written by Simson Garfinkel, technology columnist for > HotWired's "Packet" news service. The complete story can be > found at the following URL: > > http://www.boston.com/globe/glohome.shtml > > Felten will be demonstrating web spoofing TODAY, Thursday, > December 12, at the Internet World expo at the Jacob K. > Javits Convention Center in New York City. The > demonstration will be held at the Wiley Computer Publishing > Booth (#822) at 2:00 pm Eastern Time. > > The web flaw is just the latest in a series of major > Internet security problems uncovered by Felten and his > team. Felten documents some of these problems in his new > book, "Java Security: Hostile Applets, Holes, and > Antidotes" to be published in January by Wiley Computer > Publishing. For an advance review copy of the book, simply > reply to this e-mail. For further information, please > contact: > > Edward Felten: felten at cs.princeton.edu > (917) 972-3693 (cellular phone at Internet World) > (609) 258-5906 (Princeton University) > > Jeffrey DeMarrais: jdemarra at wiley.com > Wiley Computer Publishing > (212) 850-6630 (review copies, interviews) > > Java Security Web Site: > http://www.rstcorp.com/java-security.html > > Safe Internet Programming Web Site: > http://www.cs.princeton.edu/sip/ > > --- end forwarded text > > > > ----------------- > Robert Hettinga (rah at shipwright.com) > e$, 44 Farquhar Street, Boston, MA 02131 USA > "The cost of anything is the foregone alternative" -- Walter Johnson > The e$ Home Page: http://www.vmeng.com/rah/ > > - Igor. From dlv at bwalk.dm.com Wed Dec 11 22:00:25 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 11 Dec 1996 22:00:25 -0800 (PST) Subject: Java DES breaker? In-Reply-To: Message-ID: "Mark M." writes: > On Wed, 11 Dec 1996, Igor Chudov @ home wrote: > > > I do not see any reason why Java code cannot be compiled. I think that > > now there are java compilers available. Maybe even browsers will have > > smarts to compile code that they execute. > > I assume you mean compiling Java bytecode to native machine code. I don't kn > of any program that can do this, but Cygnus is developing a Java compiler tha > compiles Java to a stand-alone executable. Details at > http://webhackers.cygnus.com/webhackers/projects/java.html . It would be very foolish to touch any shit that comes out of Cygnus. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From frantz at netcom.com Wed Dec 11 23:13:37 1996 From: frantz at netcom.com (Bill Frantz) Date: Wed, 11 Dec 1996 23:13:37 -0800 (PST) Subject: DNSSEC Message-ID: Today at the IETF DNSSEC working group, the group reached consensus to send the last of their batch of drafts for publication as a RFC. This action breaks the logjam and will allow DNSSEC deployment to proceed. John Gillmore was given a round of applause because he, "Kicked our butts to get this thing out fast." He was the only person so honored. ------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA From vznuri at netcom.com Wed Dec 11 23:14:30 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 11 Dec 1996 23:14:30 -0800 (PST) Subject: Why PICS is the wrong approach In-Reply-To: Message-ID: <199612120714.XAA04720@netcom14.netcom.com> Why TCM is wrong about PICS being wrong: >PICS is the wrong approach becuase it oversimplifies the ratings of >content, because it places the ratings made by the author in the payload >itself, and because third-party ratings systems are cut out of the loop >(effectively). bzzzzzzt. please read about it. there are multiple protocols. some of them allow third-party rating services. some of them support ratings within pages. the standard is neutral. >One computerish way to think of this is that the "binding" is too early. At >the time of distribution, say, I mark my work something with some PICS >label, based upon my best understanding of the PICS labels, ratings, >agencies, and laws. But once set, the "binding" has been made. Later >reviews or reviews by other entities cannot affect the binding, at least >not for this distributed instance. you have a good point, but PICS is about letting the net decide. it supports both self-rated and third-party ratings. we will see whether one eclipses the other in the long term. personally I suspect both will coexist. >And of course it is quite likely that things important to others in their >ratings are not as important to me. I might even ignore certain points, not >even seeing the need to point out things in the work. This is inevitable, >as there is no uniform view of truth, no uniform set of values and >priorities, and no hope there ever can be such a monistic view. this is a ridiculous misunderstanding of the rating system concept. the PICS standard expressly supports diversity by letting a thousand rating services bloom, to borrow a phrase from your own book. some rating services may claim to be canonical, but you don't have to believe them. there will be competition of rating services for a long time into the future. this has already happened with all the filtering software out there. also consider the new Firefly system that doesn't actually have fixed ratings on objects, but in which ratings are determined dynamically based on your own personal ratings of pages. Consider >the recent example of AOL's lists of banned words, even words in "harmless >situations" (e.g, the example someone cited of "tits" being banned, despite >being the name of a bird...would an animal-lovers Web page or posting with >"Tits and Asses!!!" prominently in the title be PICS labelled as obscene? >Some would surely think so.). this would be an example of the most rudimentary and simplistic filtering or rating service, which of course the market would generally ignore in favor of more sophisticated alternative schemes. >A much better solution is to let the unique ID block of an article--the >Usenet article ID, or some hash of the headers, whatever--be a pointer that >other ratings servies could then use to provide for their customers or >clients as a filtering mechanism. This would allow as many ratings services >to exist as clients would be willing to support. that's exactly what PICS is about when you read about it more deeply. >More importantly, the "payload" does not carry some particular set of >fairly-arbitrary PICS evluations. Binding by the censors instead of by the >originator, which is as it should be. PICS supports both, as it was expressly designed to. what Timmy is repeatedly failing to comprehend despite much evidence staring him in the face is that ratings services are going to be a very significant new information industry, if they haven't already become one. there are now many different filtering packages out there and the market is large for them, as has been proven by *existing* sales. this industry will grow. yahoo and many other indexing services are in fact implicitly rating systems, because they utilize editorial discrimination in deciding who to include and who to exclude. they just don't say, "this is rated yahoo approved" overtly. (timmy is also upset that a massive new industry is growing without his personal approval or anticipation. I will amuse myself by counting the days until he does a flip in position and begins to advocate rating system's efficacy while pretending his position was never otherwise) let a thousand rating systems bloom. PICS is about finding good content as much as rejecting uninteresting content. From nobody at cypherpunks.ca Wed Dec 11 23:23:02 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald, a remailer node) Date: Wed, 11 Dec 1996 23:23:02 -0800 (PST) Subject: New export controls to include code signing applications Message-ID: <199612120712.XAA05665@cypherpunks.ca> At 8:31 PM 12/11/1996, Lucky Green wrote: >In a way the new prohibition on exports of software that protects >against malicious computer damage is even more far ranging. > >To quote again from the new list of enumerated items subject to >export controls: "c.3. "Software" designed or modified to protect >against malicious computer damage, e.g., viruses;" > >That includes every firewall product, every virus checker, every data >security product, and this regardless if the product uses crypto or >not. The new regulations go way beyond controlling crypto. The USG, >in a massive power grip, has put data security as a whole on the >export control list. > >One likely explanation for this unprecedented move is the USG's >desire to gain further leverage with US software companies. If they >don't include GAK, they not only won't export their crypto software, >they won't export their other security related products either. Which >may mean for some companies that they won't export anything at all. >That would be a mighty big stick. Another explanation is the USG's obvious interest in "infowar". The idea here would be that the US makes the best security tools and by withholding them from the rest of the world, the US holds the strongest hand in an "infowar". Countries which the US wants to reward will receive "military technology" to protect their networks, just as it does now with actual weapons. Just because this is totally insane doesn't mean they aren't thinking about it. However, all they will succeed in doing is greatly harming the U.S. computer security business. A few decades from now people will look back on these policies in disbelief. Milou From drink at aa.net Wed Dec 11 23:38:07 1996 From: drink at aa.net (! Drive) Date: Wed, 11 Dec 1996 23:38:07 -0800 (PST) Subject: (fwd) Re: WebTV & Encryption Message-ID: <3.0.32.19691231160000.0069eaa8@aa.net> >[This is a FORWARDED MESSAGE from comp.dcom.telecom] >In article Alan Bishop > wrote: > >Howdy. I'm a software engineer at WebTV Networks. I certainly don't >speak for the company, but I can clear up some misunderstandings. > >dr at ripco.com (David Richards) writes: > [snip] > >The box talks to our proxy server over an encrypted channel (using >TCP/IP). This allows us to provide a better service to the user >in several ways: > > - privacy for the user. The number of places that someone could > snoop on a user's session are greatly reduced. We should be > publishing a statement on user privacy in the near future > describing what we will and won't do with information in our > possession. I believe it's designed to answer the same questions > as those posed in >http://www.cdt.org/privacy/online_services/chart.html. > We use strong encryption, and as some of you are already aware, > we've been declared a munition by the US government, and the boxes > have a "do not export" stamp on them somewhere. > > - response time for common sites is more consistent. The time to > connect to a common site is the time between a user's box and the proxy > server, not N different sites on the internet. > > - we transcode images and other media types. For example, image > creators often make their images too detailed or store them in > a format that doesn't compress as well as it should. We fix that > in the proxy before transmitting them over the slow link to the user. > It also means that if we want to support a media type, we don't > need a new client release: we just add it in the server and convert > it to an existing one. > [snip] From attila at primenet.com Thu Dec 12 01:02:15 1996 From: attila at primenet.com (attila at primenet.com) Date: Thu, 12 Dec 1996 01:02:15 -0800 (PST) Subject: Lucky's Official Prediction (raising the ante) In-Reply-To: <3.0.32.19961211192429.006a5f14@netcom14.netcom.com> Message-ID: <199612120903.CAA25493@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- In <3.0.32.19961211192429.006a5f14 at netcom14.netcom.com>, on 12/11/96 at 07:25 PM, Lucky Green said: ::Official Prediction (For new readers of this list, once in a ::while I make an "official prediction". That means the reader is urged to call ::me on it and, yes, I take bets): :: ::The US will make the following acts illegal and or subject to licensing ::within two years: :: ::1. Production of strong crypto for sale abroad by a subsidiary of a US ::corporation. :: ::2. Production of strong crypto for sale abroad, if the project is financed by ::a US corporation. Alternatively, US companies might be prohibited to ::financially benefit from such a product. :: ::I am not saying that these acts will be prohibited in all cases. I am saying ::that they will be prohibited in some cases. :: based on information, and direct experience in some "things." I'll raise the ante on official prediction one more: within two years, Bubba and friends will successfully both: a) destroy the Bill of Rights b) either ban the use of strong crypto or require full real-time GAK access --and the law will make the use of non-approved crypto a federal felony. the first USSC justice who retires (Renquist?) or dies (..?) --the precariously rights balance on the Court goes to Bubba. - -- Now, with a black jack mule you wish to harness, you walk up, look him in the eye, and hit him with a 2X4 over the left eye. If he blinks, hit him over the right eye! He'll cooperate. --so will politicians. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMq/JrL04kQrCC2kFAQGNiwP+JuTM6gvfrmnV6U625BLihhNeOrYPSgfs FNFIAl7xGpxRhE4ReaxnIbSuEM4lYpSyBU03kpedGkvYn0LStmoSKYaF9HOsdcsX OVFMHNv8RD4eQ2ORV9eigyFz1gaZ4WblE7ZMCnip9QgKNK7/vQ/7Icpl9v2Woi0t 9VBHTrFW4k8= =PnC2 -----END PGP SIGNATURE----- From fygrave at freenet.bishkek.su Thu Dec 12 02:42:56 1996 From: fygrave at freenet.bishkek.su (Fyodor Yarochkin) Date: Thu, 12 Dec 1996 02:42:56 -0800 (PST) Subject: Cypherpunks Dec Mtg / upDate + TEXT-only version In-Reply-To: Message-ID: Hey.. is there any CoderPunks Meetings somewhere in russia? -X----- Fyodor --- fygrave at freenet.bishkek.su --------------------------X-- "With heart and hand I pledge you while I load my gun again, you will never be fogotten or the enemy forgiven, my good comrade..." - Anton Szandor LaVay -X--http://www.freenet.bishkek.su/fygrave.html---tel:(3312)474465-------X-- -X--http://www.geocities.com/SunsetStrip/Alley/8302-mirror-at-geocities-X-- pgp is awaliable from pgp-key-servers : pub 2048/3D22AF59 1980/03/24 Fyodor Yarochkin Key fingerprint = 1F 38 55 07 98 F9 42 7D 57 73 74 FA 9C 5B 29 FB "As Above, So Below. The Macrocosm, the Microcosm. The Entire Universe is Contained In The Human Creature" To The Fallen Angels From fygrave at freenet.bishkek.su Thu Dec 12 03:11:11 1996 From: fygrave at freenet.bishkek.su (Fyodor Yarochkin) Date: Thu, 12 Dec 1996 03:11:11 -0800 (PST) Subject: No Subject Message-ID: Hey.. is there any CoderPunks Meetings somewhere in russia? -X----- Fyodor --- fygrave at freenet.bishkek.su --------------------------X-- "With heart and hand I pledge you while I load my gun again, you will never be fogotten or the enemy forgiven, my good comrade..." - Anton Szandor LaVay -X--http://www.freenet.bishkek.su/fygrave.html---tel:(3312)474465-------X-- -X--http://www.geocities.com/SunsetStrip/Alley/8302-mirror-at-geocities-X-- pgp is awaliable from pgp-key-servers : pub 2048/3D22AF59 1980/03/24 Fyodor Yarochkin Key fingerprint = 1F 38 55 07 98 F9 42 7D 57 73 74 FA 9C 5B 29 FB "As Above, So Below. The Macrocosm, the Microcosm. The Entire Universe is Contained In The Human Creature" To The Fallen Angels From jya at pipeline.com Thu Dec 12 04:08:53 1996 From: jya at pipeline.com (John Young) Date: Thu, 12 Dec 1996 04:08:53 -0800 (PST) Subject: EXT_ort Message-ID: <1.5.4.32.19961212120514.006980d8@pop.pipeline.com> "U.S. Will Modestly Revise Encryption Exports Rule" The Administration will modestly revise controversial export rules for computer encoding technology after a private meeting Wednesday with computer and telecommunications companies, Reinsch said after the hour and a half long meeting. Industry officials argued at the meeting that the draft rules were unclear or unworkable on a number of points. BSA said, "We are not optimistic that these rules will be turned around and we feel going to Congress is our only option." "Industry Gears Up To Oppose Newest Encryption Plan" Opposition is mounting to the newest draft plan floated Mon. by the Administration. One company representative called the plan "policy extortion." Until now, most opposition has come from software industry; some hardware companies are now starting to edge away. One rule appeared to expand types of communications subject to key system, noting that rule said that products referred to text of "encrypted data and communications." That could be interpreted as e-mail. The document showed that law enforcement agencies had the upper hand. ----- EXT_ort From pjb at ny.ubs.com Thu Dec 12 04:46:37 1996 From: pjb at ny.ubs.com (pjb at ny.ubs.com) Date: Thu, 12 Dec 1996 04:46:37 -0800 (PST) Subject: (Fwd) Books for Children's Hospitals Message-ID: <199612121245.HAA21446@sherry.ny.ubs.com> i know that this is WAY off topic, and that we never post off-topic mail here, but, this seems worthwhile, so please excuse, (maybe flames for off-topic posts will count ) cheers, -paul ----- Begin Included Message ----- >From jhill at fir.fbc.com Wed Dec 11 07:49:57 1996 From: "Jean Hill" Date: Wed, 11 Dec 1996 07:49:16 -0500 Reply-To: jhill at fir.fbc.com X-Mailer: Z-Mail (3.2.1 10oct95) To: nnyeim at ny.ubs.com, bhill at bis.adp.com, julie.maxwell at gs.com, mgreen at morgan.com, nnysak at ny.ubs.com, pjb at ny.ubs.com Subject: (Fwd) Books for Children's Hospitals Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Length: 701 Guys, Please pass on, great holiday gift. --- Forwarded mail from CU-Alum-L at cornell.edu > >"The Houghton-Mifflin publishing co. is giving books to children's >hospitals; how many books they give depends on how many emails they >receive from people around the world. for every 25 emails they receive, >they give one book--it seems like a great way to help a good cause. > >All that you have to do is email share at hmco.com. > >I hope that you can spare the seconds...and let your friends know. So far >they only have 3,401 messages...last year they reached 23,000. > >This seems like an easy and simple thing to do -- please take the time!" > ---End of forwarded mail from CU-Alum-L at cornell.edu ----- End Included Message ----- From ca3sal at isis.sunderland.ac.uk Thu Dec 12 05:01:32 1996 From: ca3sal at isis.sunderland.ac.uk (Stephen.George.Allport) Date: Thu, 12 Dec 1996 05:01:32 -0800 (PST) Subject: Neural Nets Message-ID: <199612121300.NAA04640@cisc07.cis.sund.ac.uk> Hi Folkd Just sat through a lecture on an itroduction to Neural Nets. Thought. Does anybody know of any tools that use Neural Nets to break ciphers? Cheers Ste From alzheimer at juno.com Thu Dec 12 06:11:34 1996 From: alzheimer at juno.com (Ronald Raygun Remailer) Date: Thu, 12 Dec 1996 06:11:34 -0800 (PST) Subject: Copyright violations Message-ID: <19961212.081120.8575.0.alzheimer@juno.com> Mondex USA Partners Look to Ambitious '97 Tests By VALERIE BLOCK The seven owners of Mondex USA have ambitious plans for 1997. Wells Fargo & Co. and AT&T Universal Card Services -- the two original stakeholders and now owners of 30% and 10%, respectively, of the smart card system -- are furthest along. Wells has issued 800 cards to employees; AT&T, 200; and both plan to expand the pilots next year. Chase Manhattan Corp., with a 20% stake in Mondex USA, had planned to begin testing MasterCard Cash on New York's Upper West Side by March, but its switch to Mondex will force a delay until the fourth quarter. Even so, Janet Hartung Crane, president and chief executive of the joint venture, said, "In 1998, we will roll out" nationally. Chase's pilot, with 50,000 cards and more than 500 merchants, would be by far the biggest. Speaking last week at the Bank Administration Institute's Retail Delivery '96 Conference, where Mondex USA was officially unveiled, Ms. Crane, a Wells Fargo senior vice president, said Wells would expand its San Francisco headquarters pilot in 1997. The bank also plans to test card usage on the Internet, look for a cobranding partner, and install the technology on a university campus. AT&T senior vice president Keith Kendrick said he expects to expand the test at his Jacksonville, Fla., headquarters in the second quarter, along with an Internet pilot, taking advantage of Mondex's ability to download value via smart phones. First Chicago NBD Corp., another 10% owner, will begin testing in the third or fourth quarter with 200 headquarters employees and 12 merchants. Dean Witter, Discover & Co. is "still formulating its plans," said William Simmons, executive vice president of its Novus Services unit. It is looking to get its feet wet on a university or corporate campus. Ironically, Discover is now in bed with MasterCard -- prospective majority owner of Mondex International as well as 10% owner of Mondex USA -- despite Discover's thorny relationship with banks. John R. Mannion, a Novus director, noted that all the Mondex USA partners are fierce competitors. Michigan National Bank -- owned by National Australia Bank, a Mondex global founder -- is planning a test at its headquarters beginning in late spring with a fraction of its 3, 000 employees. Still, winning over merchants and, thus, consumers may be difficult in the United States. The high-quality, low-cost telecommunications infrastructure that underpins magnetic-stripe card systems weakens the case for a costly conversion of point of sale terminals to smart cards. At a BAI seminar just after the Mondex announcement, where Michael J. Shade, vice president of Verifone Inc., and Fred J. Stephens, manager of technology for Shell Oil Co., discussed the migration to smart cards, one observer called them "a solution looking for a problem." Mr. Stephens said the investment, close to $60 million for his company, is hard to justify. While card executives argue that chip cards reduce cash-handling costs and transaction times, Mr. Stephens said it might require reduced interchange fees, personal identification numbers on credit cards to reduce fraud, and cost-sharing to tip the scales in smart cards' favor. Other types of merchants will have other high-priced demands. Visa U.S.A. and its partners in the Visa Cash rollout in Atlanta shared the lessons they had learned at the conference. Michael Love, a First Union Corp. vice president, said merchants are "interested in sales lift." As for the business case, "stored value can ride the railroad, but it will not pay for it," said Richard F. Shaffner, executive vice president at NationsBank Corp. Guardian (Manchester): Saturday, December 7, 1996 Surfing Superhighwaymen By David Gow And Richard Norton-Taylor Carlos Arario, head trader at the Argentinian firm, Invest Capital, picked up the phone and called company director, Roberto Barbosa. "You had better get down here," he said, "we've been raided." Barbosa stared with horror and disbelief at his screen in his Buenos Aires office. Some $ 200,000 had disappeared from his firm's account with Citibank, one of the world's biggest banks, overnight. "We were very, very surprised when we opened the cash management account. There were four wire transfers made out of that account without our authorisation and anonymously sent to four unknown destinations." Barbosa alerted Citibank executives at 111 Wall Street, New York. That was August 1994. For the rest of the year, Citibank's anxiety made its Argentine client's problems appear minor as its executives watched in panic while nearly 20 of their accounts - worth about $ 10 million - were plundered. Citibank's marketing department proudly offers the transfer of funds in any currency straight into a client's account "quickly, easily and cost-effectively" as part of its "wide range of international banking facilities". But the world's fifth-largest bank appeared to have been hoist by its own petard. A hastily-assembled "war-room" on Wall Street watched impotently as its clients' money flowed quickly and easily, and at no cost, into accounts in California, Latin America, Finland, Israel, and the Netherlands. According to US court indictments, Citibank accounts held by Indonesia's Bank Artha Graha, Argentina's Banco del Sud, and Invest Capital SA, were raided with tens of thousands of dollars assigned to accounts set up elsewhere. Citibank's war-room began a global detective hunt as they realised their bank was in danger of acquiring a new image as victim of the world's first grand larceny via cyberspace. Others who have hacked into computerised cash transfer systems were insiders. The hit on Citibank is presented in the US as an outside job. Superhighway Robbery, an Equinox programme to be broadcast on Channel 4 tomorrow night, suggests it was perpetrated by the Russian mafia exploiting the poverty and disenchantment of high-flying technocrats under post-Soviet capitalism. At the centre of a continuing Citibank-FBI investigation is Vladimir Levin, a 29-year-old Russian computer programmer and former biotechnology student from St Petersburg. He is accused by the US authorities of being the person who hacked into the bank's computers and carried out the attempted multi-million-dollar fraud from a laptop at the St Petersburg offices of AO Saturn. That is a shabby software and accountancy firm run by a group of mathematicians and scientists who were losing out on the Croesus-like wealth enjoyed by the entrepreneurial Russian nomenklatura and criminal elite. "The salary at the Institute (St Petersburg's Technological Institute) I was receiving was very low and I was too ashamed to ask for money from my parents," says Levin in an exclusive interview. Computers, he says, were "one of the symbols of perestroika. Unfortunately, since perestroika there was so little money being given to research and science a lot of scientists left Russia and went to other countries where money was more available." Citibank's war-room traced an unauthorised money transfer -- allegedly the result of Levin's hacking -- to banks in Switzerland and St Petersburg. But the saga did not end there. Evgueni Korolkov -- a Russian who moved to the US for a better life -- set up two Californian companies, Shore Co and Primorye. His wife, Ekaterina Korolkova, opened personal accounts at the San Francisco branches of the Sumitomo, Pacific Union, Great Western, and Wells Fargo banks as a conduit for cash from unauthorised Citibank transfers. In August 1994, Ekaterina Korolkova was arrested by FBI agents as she tried to withdraw stolen money from one of her accounts which, they had discovered, was the destination of some of the Argentinian money. She agreed to co-operate with the FBI who persuaded her to enlist her husband, a former employee of AO Saturn, to help track down the perpetrators. The FBI told him they would treat him and his wife leniently if he played ball and gave the name of the hacker. He pointed the finger at Levin. Desperate to find hard evidence linking Levin to the crime, the FBI also contacted the Russian police. An official St Petersburg Special Branch video of what it claims to be the contents of AO Saturn's office shows computers, guns and Levin's passport. Meanwhile, Russian mules -- charged with picking up stolen money from foreign accounts -- were arrested elsewhere as Citibank managed to recover a little over half the $ 10 million loss it initially feared. Among them was Vladimir Voronin, who was arrested in the Netherlands where he was about to collect $ 1 million from Rotterdam's ABN AMRO bank. "It was not because I liked to do it, I had to do it," he says. He was extradited to the US where he pleaded guilty; in return he agreed go cooperate with the investigation. Tomorrow night's programme reveals that, around a year before the alleged Levin conspiracy was plotted, another hacker -- known only as Megazoid -- was the first Russian to break into Citibank's computers. Megazoid, a mathematical wizard obsessed with computers, remains anonymous for fear of criminal gangs anxious to acquire his skills, which he claims enabled him to navigate the Citibank network undetected for months, penetrating secret files, using a computer and modem he bought for $ 10 and a bottle of vodka. But he also claims to know the origin of the attempted $ 10 million-dollar scam. Megazoid, it is alleged, did not work alone. One of his fellow hackers, a regular surfer on the Internet, got drunk and depressed one night -- and sold the secrets of how to break into Citibank for $ 100 and two bottles of vodka. The buyers are said to be the mafia who allegedly used AO Saturn and, claims Janet Reno, the US Attorney General, in a formal extradition request, Vladimir Levin. On March 3 last year, Levin was arrested at Stansted airport. Levin, who proclaims his innocence, has spent the past 21 months in Brixton prison, and yesterday he won a provisional right to appeal to the House of Lords against extradition to the US. He has told his lawyers, who are seeking his return to Russia: "I have never committed any crimes and I do not wish to be sent to America, a country to which I have never been, where I have no home, no relatives, no friends and no money with which to defend myself. I consider my detention here in England to be both illegal and a breach of human rights." The significance of the alleged conspiracy, with some of the players tried and convicted, some released, others on the run and yet more unknown, goes beyond the issue prompted by Megazoid's "career". It highlights the vulnerability of financial institutions' computer systems. Mike McKenna, former Citibank vice-president in charge of technology, talks openly of "years of neglect" during which the bank amassed 10,000 employees in technological services, 1,500 consultants, and, most tellingly of all, 3,400 subsidiaries in almost 100 countries. And, he relates, virtually each daughter-firm, certainly each country, had its own protocol for accessing the network. Five years ago there were 200 home-grown protocols, what he describes as "an orchestra with many people with different violins playing different tunes", rather than a full-scale symphony in which strings, horns and percussion talk to each other. The Bank for International Settlements, Bank of England, and Bundesbank have recently issued warnings about the threat posed by electronic money and open-access computer-networks like the Internet bulletin boards. There is even talk of "off-planet" banking -- banks on Saturn and Jupiter reached by satellite. "These transfers can take place from anywhere," Dietrich Snell, a New York attorney told one of the many US court hearings on the Levin case. "You have the right user ID and the right password and the right computer equipment, the hardware, and so long as you know what you're doing on the computer, you can get into the system literally anywhere." Says Bill Marlow, a banking security consultant: "Let's put it in perspective - the average bank robbery nets you $ 1,900, gets prosecuted 82 per cent of the time and you could get shot. With a computer you see $ 250,000 and get prosecuted less than 2 per cent of the time . . . these figures are staggering. It's safer to go and buy a computer than a gun." Citibank said in a statement last night that it had lost less than $ 400,000 in the scam. "No customers have lost any money," it said, adding that the accounts that were hacked into were not encoded. It has installed an access control system, Des-cards, which uses passwords altered after each time they are used. "Citibank," the statement said, "is a leader in the financial services industry in fraud prevention." American Banker: Tuesday, December 10, 1996 Microsoft Shows It's Catching On and Catching Up By DREW CLARK A year after chairman Bill Gates set out to mend fences with the banking community, Microsoft Corp.'s transformation into a bank ally looked virtually complete at last week's Retail Delivery conference. Through product giveaways, educational efforts, and old-fashioned public relations, Microsoft established its bona fides more convincingly than ever at the Bank Administration Institute conference. And there was evidence that Microsoft is gaining where it really counts -- in the marketplace -through growth in such areas as the NT operating system and Money personal finance software. Microsoft Money appears to be making up ground in the business dominated by Intuit Inc.'s Quicken. One indication was a survey of personal-computer users by Atlanta-based Synergistics Research Corp., showing 13% use Money. Quicken still had a commanding 59%. There was additional, anecdotal evidence of Money's gains. In the three weeks that Community Credit Union in Plano, Tex., has been offering both Money and Quicken, Money downloaders are outnumbering Quicken users two-to- one. Through some partner companies, Microsoft also showed how its computer language, Active-X, could be used to get bank Web pages to function like personal financial software managers. "The Internet provides the opportunity to do exactly what financial institutions have wanted to do for a long time - to get customers to go directly to them," said Lewis Levin, general manager of Microsoft's desktop finance division. "We live and breathe the Web," added Money product manager Matthew Cone. "Bill (Gates) outlined the vision" at last year's Retail Delivery conference, he said. "This year, Microsoft is helping banks build on the Web." Last year's remarks by Mr. Gates came only months after bankers interpreted Microsoft's attempted acquisition of Intuit as a threat. Mr. Gates apologized for what he said was a quotation taken out of context -- that banks are dinosaurs -- and proceeded to say Microsoft is bankers' friend. This year, banks are buying Windows NT over its competitors by a 6-to-1 margin, Microsoft officials said. When demonstrating Internet-related products last week, vendors invariably used Microsoft's Internet browser, Explorer. And Microsoft placed booths throughout the Dallas convention center providing unlimited access to the Internet -- through Explorer, of course. To be sure, Microsoft still faces stiff competition in many areas, including its attempt to set financial data standards with the Open Financial Connectivity protocol it unveiled in March. Others looking to establish similar standards include the Integrion Financial Network (Gold), Visa Interactive (Access Device Messaging Standard), and Intuit (Open Exchange). Representatives from Integrion, Microsoft, and Intuit appeared on stage with panelists from Checkfree Corp. and Security First Technologies in a session dubbed "The Great Debate." The participants generally agreed that their respective standards needed to become interchangeable for on-line consumers to be best served. Some questioned whether Microsoft was geared for such a cooperative effort. In last Wednesday's conference-opening speech, Sun Microsystems Inc. chief executive officer Scott McNealy mocked Mr. Gates as Big Brother. Mr. McNealy touted Sun's Java computer language, citing its ability to operate with a wide variety of computer platforms, including Microsoft Windows, Apple Macintosh, and Unix. But in the exhibition booths, more systems were written in Active-X than in Java. Microsoft collaborators -- such as Vertigo Development Corp., Checkfree Corp., Block Financial Corp., and Ultradata Corp. -- are using Active-X to develop what they promise will be the next generation of banking Web sites. But there were signs that the combat is far from over. During the debate, an audience member asked the panelists which electronic banking technology each uses. Security First Technologies chief executive officer Michael McChesney said he uses a sister company, Security First Network Bank. Microsoft's Mr. Levin said he uses Money. But Quicken still took 60%: Intuit executive vice president William H. Harris, Checkfree's Ken Benvenuto, and Integrion's William M. Fenimore Jr. "We use Quicken, and it has improved our quality of life," said Mr. Fenimore. Financial Times: Tuesday, December 10, 1996 New Smart Card to Be Tried in Russia By George Graham LONDON -- Russian bank customers will be the guinea pigs next year for a new type of smart payment card that could become the standard for emerging markets with inadequate phone networks and weak payments systems. The new Visa card uses a built-in microchip to provide verification in shops and outlets where telephone authorisation is impossible or too expensive. Unlike so-called electronic purses, however, the card is loaded not with money but with a credit limit. Trials will begin in the second quarter of next year by Inkombank, one of Russia's largest commercial banks. Sberbank, which has already issued some smart cards, is also expected to transfer to the pre-authorised system. Ms Anne Cobb, Visa International's president for central and eastern Europe, the Middle East and Africa, said the card provided a way round the infrastructure problems in many countries such as Russia. "If we succeed in Russia, then we will have proved this is the product we need in emerging markets," she said. The card is based on technology developed in South Africa, which, like Russia, has gaps in its telecoms infrastructure. Banks in many countries with still evolving financial systems are often reluctant to issue credit cards, because they do not have enough data on their customers' creditworthiness to judge the risks accurately. But debit cards only work if the telephone network is extensive and cheap enough to allow every transaction to be authorised by the bank's central computer. For small transactions, Visa and its rival MasterCard, along with a number of national payments groups, are developing electronic purses such as the Mondex card. These are loaded with money from a bank account and used instead of cash in shops or machines. But customers are reluctant to load large sums on to them because in many cases they distrust the banks and because if they lose the card they lose the money. The new Chip Off-Line Pre-Authorised Card system to be launched by Visa in Russia is a close cousin of the electronic purse. However, the bank is safe, because it holds the money customers have loaded on to their cards, and customers are safe, because they can still get that money back if they lose the card. Spending limits and personal code numbers are held on the card's microchip, so they can be checked by retailers without a telephone call to a bank computer. Washington Post: Monday, December 9, 1996 Transaction Network Services Faster Than a Speeding Cashier . . . By David S. Hilzenrath If you use a credit card reader in the self-service lane at the gas station, there's a good chance a Reston company called Transaction Network Services Inc. is helping to speed you on your way. Though it's virtually invisible to consumers and retailers alike, Transaction Network Services and companies like it have changed the way people buy things like a tank of gasoline, a bag of groceries or a movie ticket. The company provides a telecommunications network of leased lines that link the credit card terminal to companies that process credit card transactions for banks and other card issuers. By cutting the time and cost required to authorize these transactions electronically, Transaction Network Services and its competitors have helped make plastic the coin of many realms where paper once reigned supreme. "What we've managed to do is reduce the time of a credit card transaction to about the same amount of time it would take the cashier to do a cash transaction," spokesman Karen Kazmark said. Transaction Network Services claims that it is biggest and fastest in the business, but company officials concede that they know of no authoritative data to prove so. This niche accounts for such a small percentage of revenue for rivals Sprint Corp. and AT&T Corp. that they disclose few if any details about it. At the company's largest client, First Data Corp., Vice President George Barby said he has not made a scientific comparison of different carriers' transaction speeds. In terms of reliability, "they're all relatively similar," Barby said. "I believe that in any given situation . . . that we're going to be as fast and as market competitive as any of the providers," said Bart Westberg, director of enterprise services for Sprint. It's a business in which price competition is measured in fractions of a penny: The company's average fee -- paid by the credit card processors -- was about 1.77 cents per transaction during the last quarter, down from 2.3 cents per transaction last year. But it all adds up. Transaction Network Services handles about 5.7 million transactions a day. The company, launched in 1990, capitalized on founder and chief executive John McDonnell Jr.'s idea of using a special type of local telephone service to connect to his network instead of the toll-free 800 lines that were widely used. Along with other innovations, McDonnell's approach cut transaction times by about half, to 9 or 10 seconds, when it debuted in 1991, McDonnell said. Since that time, the company's competitive advantage seems to have narrowed, as rivals such as ATT and Sprint have used a similar approach and as technological improvements have speeded up toll-free 800 service. The company has since diversified by using its network to help authorize food stamps and Medicaid eligibility in some states that automate those benefits. It also sees health insurance as a potential growth area as insurers increasingly automate their benefits systems, enabling doctors' offices to verify patients' coverage on the spot, McDonnell said. Transaction Network Services has developed a second line of business combating telephone fraud by checking calling cards against databases when people place credit card calls from certain pay phones. The company completes the check during the brief pause before the call is put through, remaining just as invisible to the consumer as it is in the retail arena. But that business has been challenged by the growth of prepaid calling card services and other services that use toll-free 800 numbers to "dial around" (bypass) Transaction Network Services' traditional clients, the pay phone operators. The company can't fight the trend, so it plans to join it by helping out in those services, McDonnell said. "We have to become a player in this dial-around business, because that's where this market's headed," he said. The company's revenue rose to $41.4 million last year from $11.5 million in 1993, making it one of the region's fastest-growing companies. Revenue for the first nine months of this year was $38.9 million, up 32 percent from $29.6 million a year earlier. The company earned $4.2 million during the first nine months of the year, up 30 percent from $3.3 million during the same period last year. However, Transaction Network Services sees the increase of its core business slowing. McDonnell said growth in the volume of merchant transactions the company handles will likely slow to 25 percent to 35 percent next year -- faster than the industry as a whole but not as fast as the 50 percent increase the company is logging this year. The company isn't projecting "any real growth" in the phone fraud control area next year, he added. So McDonnell is looking for fresh pastures to plow. "We really need to find a new business that we can create a new growth opportunity," he said. For expansion, the company is looking overseas, to develop network business in Europe. And it is also looking to Wall Street. McDonnell said he hopes to create a new network for brokerage firms and money managers. The network would help the financial firms exchange information about trades over data lines instead of by talking on the phone, he said. "That's the major domestic thing that we're working on." Many firms already are automated, but they rely on a patchwork quilt of networks. "We know that we're not going to just walk in and scoop this thing up," McDonnell said. Christopher Morstatt, a vice president at securities firm Salomon Brothers Inc., said Transaction Network Services' best prospect is to capture firms that are just automating communication functions rather than the larger firms that already are wired, though it could differentiate itself by offering greater privacy and security than existing services. "The reality is that this has been in production . . . for quite a while, and Jack is certainly new to the effort," Morstatt said. From youwin at isp-inter.net Thu Dec 12 06:21:03 1996 From: youwin at isp-inter.net (SAVE NOW) Date: Thu, 12 Dec 1996 06:21:03 -0800 (PST) Subject: (UCE) Corp Buying Power - SAVES YOU $$$ Message-ID: <199612121331.IAA05618@Arl-Mail-Svc-1.compuserve.com> NEW - CORPORATE BUYING POWER $$$$$ SAVES YOU $$$$!!! NOW YOU CAN TAKE ADVANTAGE OF **** MONEY SAVING **** *** CORPORATE BUYING POWER *** FOR YOUR HOME AND BUSINESS!! Dear friend and fellow money-saver, I want to save you some money!!! A billion dollar company has just launched a package of products and services designed to give you some of the same buying advantages major corporations enjoy! Did you know corporations get special rates at hotels and on other travel?? Now you can get similar GREAT discounted rates on airfare, hotels, rental cars, vacation and spa packages too!! Did you know corporations get special rates on communciation services like long distance, paging, conference calling, and fax-on-demand?? You can get low rates on these state-of-the-art communciation services just like the big guys...enhancing your professional image, providing better service to your customers, and cutting expenses!! And this is only the beginning of the savings avaliable to YOU!! To find out how you can start enjoying your own ***** MONEY SAVING ***** *** CORPORATE BUYING POWER *** Just reply to this message at mailto:savenow at isp-inter.net The full details of this exceptional offer will be returned to your mailbox shortly!! ************************************************************************** Please join our remove group if you do not like getting commercial e-mail. mailto:ssremove at isp-inter.net with REMOVE in SUBJECT Please note any unsolicited mail sent from the domain isp-inter.net has a flag (UCE) on the subject heading for Unsolicited Commercial E-mail. Report E-mail violators to mailto:violators at isp-inter.net. Please inform your provider of our efforts and ask them to support ISP. If you would like us to sent you info on setting up Pegasus to perform this for you, mail your request to mailto:efforts at isp-inter.net From walt at blarg.net Thu Dec 12 07:07:58 1996 From: walt at blarg.net (Walt Armour) Date: Thu, 12 Dec 1996 07:07:58 -0800 (PST) Subject: !! Point 'n Crypt -- Win95 Privacy for Everyone !! Message-ID: <01BBE7FB.2D4DC6A0@dialup13.blarg.net> A Windows 95 extension for encrypting files is now available from SoundCode, Inc. Just right-mouse click on any file, provide a passphrase, and it's done. Point 'n Crypt visually indicates that a file is encrypted, and optionally provides the encryptor's name for easy passphrase lookup. Point 'n Crypt is FREE during the beta period (through 12/31/1996) and will list for $19.95. Point 'n Crypt uses 40-bit DES-CBC (exportable), salted SHA passphrases, and conforms to PKCS #5 and PKCS #7. For more info, check out www.soundcode.com/pointNcrypt.htm From dthorn at gte.net Thu Dec 12 07:29:51 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 12 Dec 1996 07:29:51 -0800 (PST) Subject: In-Reply-To: <9612120519.AA20735@cow.net> Message-ID: <32B0241F.7EE1@gte.net> Bovine Remailer wrote: > >Anonymous wrote: > >> Dale Thorn sez:[snippo] > >> The innovation you are looking for is > >> called "the loop". You can implement "the loop" many ways including > >> taping the end of your program to the beginning. > >> Remind me not to use any of Dale's "utilities". > >You would not likely ever have the opportunity to use such utilities, > >since you obviously lack certain basic ingredients of intelligence. > >I don't do "user-friendly" GUI programs, but [snip] > Ahh come on Dale. Lay one one us! Are you now writing > "utilities" in portable batch files? I'd love to see one. > Or are you a bare metal guy typing in hex codes in debug? > btw, how do you like Win95? Too user-friendly for you? Nothing inherently wrong with a GUI if: 1. It doesn't make it much more difficult to do operations which are inherently more efficient from a command line, -and- 2. It doesn't make the computer unacceptably buggy and/or slow, -and- 3. It doesn't make the existing software base unnecessarily obsolete... The representative article on #1 is in Info World a few weeks ago, as I recall. There are a slew of useful DOS operations that are very difficult (and some impossible) through the Win95 interface, but I'm sure you already knew that. I've been of the opinion that Win95 is more stable than Win3.x, since it has its own memory management, but that assumes that any new software for Win95 you load up isn't buggy... On #3, I'm sure you are aware that there are plenty of people around who have "power" in this PC industry, who would like to *remove* some of the current user options from PC's in general, for instance, the DOS command line. Telling users "if you don't like it, buy something else" is analogous to telling a person "if you don't like the way our government and their team of lawyers is destroying your country, go somewhere else". My utilities are a collection of Basic and 'C' code, somewhat modularized, so that a new utility can be quickly pasted together from existing routines, with minimal unique code (or as minimal as possible). My knowledge of the underlying processes in these languages (on a PC, anyway) is sufficient for me to be able to quickly analyze bottlenecks and other areas of code where routines in assembler, etc. can be substi- tuted for better performance or whatever. This is very basic stuff for PC "experts", of course, but lots of folks don't know and (tragically) don't care, particularly about the removal of current user options from the systems. When you operate a Mac, for example, and you are used to not having certain options, you just don't care, right? From rah at shipwright.com Thu Dec 12 07:38:19 1996 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 12 Dec 1996 07:38:19 -0800 (PST) Subject: Alegedly "Breaking News." Message-ID: --- begin forwarded text X-Sender: simsong at vineyard.net Date: Thu, 12 Dec 1996 07:18:34 -0600 To: rah at shipwright.com From: "Simson L. Garfinkel" Subject: Alegedly "Breaking News." Mime-Version: 1.0 Just for the record, my article doesn't say anything about this being a new kind of attack. I wasn't pleased at all with Steve O'Keefe's press release and I would really appreciate it if you published a correction or something to cypherpunks... -Simson * * * LAST KNOWN LOCATION: ST. LOUIS, MO * * * Follow Simson's trip at http://simson.net/trip96 Follow Simson's ramblings at http://www.packet.com/garfinkel --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/ From jya at pipeline.com Thu Dec 12 08:04:42 1996 From: jya at pipeline.com (John Young) Date: Thu, 12 Dec 1996 08:04:42 -0800 (PST) Subject: New E-commerce Paper: Message-ID: <1.5.4.32.19961212160119.006718c4@pop.pipeline.com> A new electronic commerce paper: "Internet Markets: Emerging Business Models" By Dan Yurman December 11, 1996 Abstract What are business models for profiting on the net? Perhaps the best metaphor to describe Internet business is that it is like the California gold rush of 1849. A wave of entrepreneurial start-ups have entered the field, but all are struggling to find the gold. The miners are going broke while the saloon and general store owners, and the brothels, are prospering. Anyone who wants to make real money in mass markets is going to have to break the mold of "business as usual" and offer real value which is not available offline. Meanwhile, business-to-business commerce is growing using the time-based value of data exchange as a pricing mechanism. This brief paper considers the business models and related success factors which favor profitability for doing business on the Internet. It addresses four areas: + Mass Markets + Business-to-Business Markets + Online Banking + Advertising ----- http://jya.com/emarkets.htm (44 kb) From Admin at bexcol.demon.co.uk Thu Dec 12 08:45:08 1996 From: Admin at bexcol.demon.co.uk (Admin at bexcol.demon.co.uk) Date: Thu, 12 Dec 1996 08:45:08 -0800 (PST) Subject: Elliptic curves Message-ID: <850408570.510393.0@bexcol.demon.co.uk> You are all a bunch of faggots. Faggot cannot be allowed on usenet as dictated by the great dr. Grubor. Fuck you all. From alexc at firefly.net Thu Dec 12 08:49:52 1996 From: alexc at firefly.net (Alexander Chislenko) Date: Thu, 12 Dec 1996 08:49:52 -0800 (PST) Subject: WEB: Yahoo/Firefly Website recommendation service Message-ID: <3.0.32.19961212115032.00cf51b0@pop.firefly.net> At 06:52 PM 12/11/96 -0800, Dale Thorn wrote: >Alexander Chislenko wrote: >> Firefly Network Inc. has just launched a public beta of our website >> recommendation service on My Yahoo! This service is the result of a >> partnership between Yahoo! Inc. and Firefly Network, Inc. in application >> of Automated Collaborative Filtering (ACF) technology to the Web. >> It allows users to find interesting websites interest and like-minded >> people, and otherwise help the user navigate the vast domain of sites >> and people in an intelligent and personalized way. > >I tried Firefly. What a waste. Unless your tastes in most things >entertainment-wise are pretty mundane (music=Pearl Jam, Prince, >other mainstream drek), they won't be able to find a match at all, >no matter how much information you give them! > You are talking about our first site, with music and movie recommendations. I personally rated not-at-all-mainstream movies by Kurosawa and Tarkovsky and got a similar advice. Though, I agree, the recommendations are not perfect. Partly, because the most of the audience are mainstream. Partly, because the site runs the first version of our ACF software server. The website recommendation uses the feature-guided ACF server that I hoped would solve most of the algorithmic problems we encountered in the music and movie domains. I'd be interested to know what you think of it. Also: I created a group profile, name: cypherpunk, password: group that people on this list might use together as a common interest view, or a joint bookmark list. --------------------------------------------------------------------------- Alexander Chislenko www.lucifer.com/~sasha/home.html Firefly Network, Inc.: www.ffly.com 617-234-5452 --------------------------------------------------------------------------- From alan at ctrl-alt-del.com Thu Dec 12 09:09:09 1996 From: alan at ctrl-alt-del.com (Alan Olsen) Date: Thu, 12 Dec 1996 09:09:09 -0800 (PST) Subject: [Incredibly Off-topic] Re: (Fwd) Books for Children's Hospitals Message-ID: <3.0.1.32.19961212090614.0120a2e4@mail.teleport.com> At 07:45 AM 12/12/96 -0500, pjb at ny.ubs.com wrote: >i know that this is WAY off topic, and that we never post off-topic mail here, >but, this seems worthwhile, so please excuse, (maybe flames for off-topic posts >will count ) [Mail bomb Hough Miflon spam deleted] Sorry. This was true one. Evidently it blew up their mail server. (As it should. Damn stupid idea.) Unfortunatly the Shergold Effect will keep it in propagation for centuries... --- | "Spam is the Devil's toothpaste!" - stuart at teleport.com | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.ctrl-alt-del.com/~alan/ |alan at ctrl-alt-del.com| From camcc at abraxis.com Thu Dec 12 09:11:59 1996 From: camcc at abraxis.com (Alec) Date: Thu, 12 Dec 1996 09:11:59 -0800 (PST) Subject: (Fwd) Books for Children's Hospitals Message-ID: <3.0.32.19961212121231.0068ba60@smtp1.abraxis.com> At 07:45 AM 12/12/96 -0500, you wrote: :i know that this is WAY off topic, and that we never post off-topic mail here, :but, this seems worthwhile, so please excuse, (maybe flames for off-topic posts :> [snip] :>All that you have to do is email share at hmco.com. :> :>I hope that you can spare the seconds...and let your friends know. So far :>they only have 3,401 messages...last year they reached 23,000. :>[snip] Sounds like a great way to mailbomb someone. Discretion invited. Cordially, Alec PGP Fingerprint: Type bits/keyID Date User ID pub 1024/41207EE5 1996/04/08 Alec McCrackin Key fingerprint = 09 13 E1 CB B3 0C 88 D9 D7 D4 10 F0 06 7D DF 31 From paul at fatmans.demon.co.uk Thu Dec 12 09:29:51 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Thu, 12 Dec 1996 09:29:51 -0800 (PST) Subject: take me off the list Message-ID: <850411279.523996.0@fatmans.demon.co.uk> Bryondp at aol.com spewed forth as follows: > take me off the list Why did you not follow the instructions I have sent to you no less than 5 times? - they follow, for fucks sake do as they say this time. To unsubscribe from the cypherpunks mailing list: Send a message to majordomo at toad.com with the *MESSAGE BODY* reading exactly as follows: unsubscribe cypherpunks you at your.domain.com Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey" From nobody at huge.cajones.com Thu Dec 12 10:13:50 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Thu, 12 Dec 1996 10:13:50 -0800 (PST) Subject: Redlining Message-ID: <199612121813.KAA02708@mailmasher.com> At 10:20 PM 12/11/1996, Matthew J. Miszewski wrote: >>(Let me add that remailers are great. I would be reluctant to express >>these ideas in any other way for professional reasons.) > >hehehe. Actually, there's nothing funny about the suppression of free speech. What I fear is being dragged into a baseless "discrimination" lawsuit if I should ever hire somebody from a "protected class" and find that their employment needs to be terminated. Note that the "protected classes" constitute the overwhelming majority of the US population. >>(Those who don't believe me should get "Love Supreme" by John >>Coltrane and listen to it carefully about 20 times. There are >>layers and > >And what was it that Bird's contemporary society called him? Was it >crazy? This is one of the social ills potentially caused by >discrimination. Far more important to me than the politics of any >time is the music that a time period presents. But this visionary >jazz musician was all but discredited by the musical environment of >the times. Thankfully, it survived on its merits. But imagine if >the campaign to discredit Coltrane had been successful and my young >ears never experienced that beauty. That is part of the potential >harm I am talking about. Is this a joke? How can we pass a law telling people to like somebody's music? Respect cannot be legislated. It must be earned. Red Rackham From junger at pdj2-ra.F-REMOTE.CWRU.Edu Thu Dec 12 10:25:00 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Thu, 12 Dec 1996 10:25:00 -0800 (PST) Subject: Draft of Commerce Department Crypto Regs In-Reply-To: <199612111958.LAA06592@gw.quake.net> Message-ID: <199612121822.NAA11823@pdj2-ra.F-REMOTE.CWRU.Edu> Cindy Cohn writes: : Steptoe and Johnson have kindly posted the draft Commerce Department : regulations on encryption exports at http://www.steptoe.com/commerce.htm. Thanks. Since it took a long time to download them from Steptoe and Johnson's web site, I have taken the liberty of mirroring them at http://samsara.law.cwru.edu/comp_law/commerce.proposed.regs.html on my web server. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu URL: http://samsara.law.cwru.edu From dlv at bwalk.dm.com Thu Dec 12 10:31:26 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 12 Dec 1996 10:31:26 -0800 (PST) Subject: Cypherpunks Dec Mtg / upDate + TEXT-only version In-Reply-To: Message-ID: Fyodor Yarochkin writes: > Hey.. is there any CoderPunks Meetings somewhere in russia? > I think it would be interesting to organize one. Every wannabe asshole will show up. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From Tunny at inference.com Thu Dec 12 10:59:09 1996 From: Tunny at inference.com (James A. Tunnicliffe) Date: Thu, 12 Dec 1996 10:59:09 -0800 (PST) Subject: [OFF-TOPIC] RE: (Fwd) Books for Children's Hospitals Message-ID: >Paul writes: >i know that this is WAY off topic, and that we never post off-topic mail >here, >but, this seems worthwhile, so please excuse, (maybe flames for off-topic >posts >will count ) > >cheers, > -paul >>"The Houghton-Mifflin publishing co. is giving books to children's >>hospitals; how many books they give depends on how many emails they >>receive from people around the world. for every 25 emails they receive, >>they give one book--it seems like a great way to help a good cause. >> >>All that you have to do is email share at hmco.com. >> >>I hope that you can spare the seconds...and let your friends know. So far >>they only have 3,401 messages...last year they reached 23,000. >> >>This seems like an easy and simple thing to do -- please take the time!" My "urban legend detector" pegged when I saw this, but it turns out to be on the level. See http://www.hmco.com/hmco/trade/hmi/polar/ for more info. Tunny ====================================================================== James A. Tunnicliffe | WWWeb: http://www.inference.com/~tunny Inference Corporation | PGP Fingerprint: CA 23 E2 F3 AC 2D 0C 77 tunny at Inference.com | 36 07 D9 33 3D 32 53 9C ====================================================================== From hua at chromatic.com Thu Dec 12 11:21:49 1996 From: hua at chromatic.com (Ernest Hua) Date: Thu, 12 Dec 1996 11:21:49 -0800 (PST) Subject: Silly me ... In-Reply-To: Message-ID: <199612121921.LAA21166@server1.chromatic.com> I'm not sure which part of my message you feel is unfair. The quotes come from: http://cyberwerks.com:70/0h/cyberwire/cwd/cwd.94.01.30.html Incidentally, when I said "VP", I was exaggerating. I think he became a director at Air Touch. Ern > I have no idea if this is in reference to some thread I missed, but I > think it's unfair. > > The evidence of this will be this year's CFP, chaired by the same Kent > Walker. > > > Little did I know at that time that this is the same Walker that was > > quoted by Meeks as saying cute lil' gems like ... > > > > "If you ask the public, 'Is privacy more important than catching > > criminals?' They'll tell you, 'No.'" > > > > ... and ... > > > > "It's easy to get caught up in the rhetoric that privacy is the > > end all be all." > > > > After a little bit of frustration, I wrote him off as someone cashing > > in on his Justice days to be some VP of government relations (a.k.a. > > lobbyist) with Air Touch. > > > > Perhaps there is something slightly more spooky with this character > > than I originally thought. From adam at homeport.org Thu Dec 12 11:30:27 1996 From: adam at homeport.org (Adam Shostack) Date: Thu, 12 Dec 1996 11:30:27 -0800 (PST) Subject: R3 ANNOUNCES SSL HTTP SOLUTION PROVIDING (fwd) Message-ID: <199612121927.OAA22464@homeport.org> ----- Forwarded message from Strate Andreas E. ----- >From list at glacier.mcom.com Thu Dec 12 11:42:56 1996 Resent-Date: Thu, 12 Dec 1996 08:33:29 -0800 (PST) From: "Strate Andreas E." To: "'ssl-talk'" Subject: R3 ANNOUNCES SSL HTTP SOLUTION PROVIDING Date: Thu, 12 Dec 1996 17:32:00 +0100 Message-Id: <96Dec12.173217gmt+0100.41475 at gateway.r3.ch> Encoding: 56 TEXT X-Mailer: Microsoft Mail V3.0 Resent-Message-ID: <"IBQbP2.0.UY.MF3io"@glacier> Resent-From: ssl-talk at netscape.com X-Mailing-List: archive/latest/3087 X-Loop: ssl-talk at netscape.com Precedence: list Resent-Sender: ssl-talk-request at netscape.com [Charset ISO-8859-1 unsupported, filtering to ASCII...] R3 ANNOUNCES SSL HTTP SOLUTION PROVIDING STRONG CRYPTOGRAPHY Aathal, Switzerland, December 12, 1996 - r3 security engineering ag announces "r3 SSL HTTP Client" which provides strong cryptography to any browser which supports HTTP proxies. The product available on Win95/NT and Win3.1 is in final Beta state and will be available on these platforms by the end of this year. A beta version of "r3 SSL HTTP Client" can be downloaded from http://www.r3.ch/products/ssl/ The "r3 SSL HTTP Client" has been selected by the major Swiss Banks to enable their homebanking applications with their customers. The solution provides strong cryptography based on the 128 bit IDEA algorithm. Export security and smaller key lengths were ruled out as inacceptable for sensitive Internet homebanking services. Strong cryptography with 128 bit IDEA algorithm is a must for their homebanking Internet services. The "r3 SSL HTTP Client" is part of a suite of SSL products developed by r3 security engineering which consists of _ r3 SSL HTTP Server _ r3 SSL HTTP Proxy Server _ r3 SSL HTTP Gateway _ r3 SSL FTP Server _ r3 SSL FTP Gateway The r3 SSL server products will be available during the first quarter 97. r3 security engineering ag - located in Aathal/Zurich, Switzerland - is one of the major providers for security solutions in the area of EDIFACT and Internet applications. r3's activities in international standardization committees and in research projects guarantee state of the art products and solutions. "r3 SSL HTTP Server" and "r3 SSL HTTP Client" are trademarks of r3. r3 SSL products use software modules developed by Eric Young (eay at mincom.oz.au). Eric Young's SSLeay is used but the SSL layer has been completely reengineered to provide full control over the SSL handshake. For further information please contact : ---------------------------------------------------- Andreas E. Strate r3 security engineering ag Internet: strate at r3.ch Hofstrasse 98 Phone: +41 1 934 56 56 CH-8620 Wetzikon Direct: +41 1 934 56 72 Switzerland Fax: +41 1 934 56 79 http://www.r3.ch/ ---------------------------------------------------- ----- End of forwarded message from Strate Andreas E. ----- -- "It is seldom that liberty of any kind is lost all at once." -Hume From traviso at spiritone.com Thu Dec 12 11:30:44 1996 From: traviso at spiritone.com (Travis Ogden) Date: Thu, 12 Dec 1996 11:30:44 -0800 (PST) Subject: Windows 95 Easter Egg Message-ID: Thought you all may find this entertaining... Regards, Travis --- ~Webmaster~ ~Tejedormaestro~ Travis Ogden SpiritOne, Inc. traviso at SpiritOne.com 7302 N Richmond Ave Phone: 503.240.8200 Portland OR 97203 Portland's Quality Fax: 503.240.8205 Public-Access Provider Web: http://www.SpiritOne.com Personal: http://www.SpiritOne.com/~traviso ~All opinions expressed herein are mine and not my employers~ --- ============================================================================== 1.Point the mouse at the desktop and click the right mouse button. Choose "New" from the resulting pop-up menu, and then choose "Folder." 2.A new folder will appear on the desktop, with the temporary name "New Folder." Change the folder's name by typing "and now, the moment you've all been waiting for" (do not type the quotation marks), and pressing the Enter key. 3.Point at the folder and click the right mouse button to display its pop-up context menu. Choose the Rename command, and type "we proudly present for your viewing pleasure" (again, without the quotation marks). Press the Enter key. 4.Once again, right-click the folder and choose the Rename command. This time, type "The Microsoft Windows 95 Product Team!" (again, without the quotation marks). Press the Enter key. 5.Double-click on the folder to open it. ============================================================================== From walt at blarg.net Thu Dec 12 11:38:08 1996 From: walt at blarg.net (Walt Armour) Date: Thu, 12 Dec 1996 11:38:08 -0800 (PST) Subject: !! Point 'n Crypt -- Win95 Privacy for Everyone !! Message-ID: <01BBE820.DA06D920@dialup36.blarg.net> The focus for the current PnC offering is more privacy than security. To avoid any issues of ITAR and export we chose to make the first version weak. There will be future offerings that use stronger, non-exportable crypto. As for the posting, I have seen the occasional commercial post float through. This will be the only time that the post will show up on Cypherpunks. Now if we can keep any long threads from getting kicked off (an all too common occurrence). Perhaps replies could be taken to e-mail... walt ---------- From: Gabe Kostolny[SMTP:gabe at ixlabs.com] Sent: Thursday, December 12, 1996 2:45 AM To: Walt Armour Cc: coderpunks at toad.com Subject: Re: !! Point 'n Crypt -- Win95 Privacy for Everyone !! > > Point 'n Crypt uses 40-bit DES-CBC (exportable), salted SHA passphrases, > and conforms to PKCS #5 and PKCS #7. > It seems to me that anything that's exportable is pretty damn useless, if you really want to keep something secret. Also... I kinda got the impression that this list wasn't for silly commercial traffic? -gabe From nobody at huge.cajones.com Thu Dec 12 11:42:46 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Thu, 12 Dec 1996 11:42:46 -0800 (PST) Subject: Social Security Fraud Message-ID: <199612121942.LAA22670@mailmasher.com> Red Rackham wrote: >>>As for the social security number, it has been claimed many times on >>>this list that nobody checks them anyway. There are programs which >>>generate real-appearing numbers. (I think one was called >>>"ssn.exe".) > >>While I understand the greater social good, I, personally, am not >>interested in violating applicable fraud statutes. This is a >>borderline case in which consideration to the idea, of course, should >>be given. I would hesitate to expose these people to that risk. > >I would not propose committing fraud. I do not understand who would >be defrauded by giving an employer an incorrect social security >number. The company pays the salary either way. To which Matthew J. Miszewski replied: >>I would not propose committing fraud. I do not understand who would > >You already have. As Mr. Miszewski is clearly too busy to answer my question, perhaps some of the lawyers on the list will be kind enough to help me out. Under what conditions is it fraudulent to give the wrong social security number? It seems to me that in the case of an employee giving the wrong number to his employer, the only person that suffers is the employee through loss of future payments from the Social Security Administration. The employer certainly doesn't suffer. Assume that the income tax is paid. What laws would an employee violate? What are the chances of conviction? What are the likely penalties if convicted? Red Rackham From dthorn at gte.net Thu Dec 12 11:57:28 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 12 Dec 1996 11:57:28 -0800 (PST) Subject: Redlining In-Reply-To: <01ICWJ1E2BX2AEL2O3@mbcl.rutgers.edu> Message-ID: <32B03E27.5EF9@gte.net> E. Allen Smith wrote: > From: IN%"ichudov at algebra.com" 11-DEC-1996 23:46:57.12 > >I would appreciate if some attorney on this list shed some light on the > >legal definition of discrimination. [snip] > P.S. Please note that we cannot yet tell if the racial differences in > IQ are environmental or a mixture of environmental and genetic; I > believe they are purely environmental, but there is about as much > evidence for this belief as there is for God's existence (something > I also believe in). Actually, there is not only good evidence for the environmental argument, but you can reason it out yourself if you give attention to some things that don't make it into most discussions on this topic. Example: Environment has a profound effect on a person's mind (outlook, perceptions, attitudes, moods, etc.), and thereby has a significant, if indirect effect on that person's hormone production (quantity, balance). Those hormone productions have more effect on the body and brain long- term than any other influence I can think of. And believe it or not, in some (perhaps unusual) cases, unexpected changes in hormone production can happen later in life as well, not just during the "development" years. And I'm not talking about decreased production either. From dthorn at gte.net Thu Dec 12 11:58:14 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 12 Dec 1996 11:58:14 -0800 (PST) Subject: Redlining In-Reply-To: <3.0.32.19961211222012.00698508@execpc.com> Message-ID: <32B041C8.49C8@gte.net> Matthew J. Miszewski wrote: > >(Those who don't believe me should get "Love Supreme" by John Coltrane > >and listen to it carefully about 20 times. There are layers and I have a very intelligent friend who loves jazz and has several thousand LP's; he says Coltrane did some really good stuff early on, then went kinda crazy... I bought some 'trane albums in the 1960's. My impression was that they were very intellectual, or very technical, but not highly musical (my opinion, and I love music). [snip] BTW, the person who claimed that Jazz was the more significant contribution of African-Americans in America is very short-sighted. Jazz is just one expression of a highly intelligent and complex group of people. You should hear some of the gorgeous songs of South Africa as sung by Miriam Makeba, for instance. Also, rock-n-roll emerged from blues, R&B, etc., and is profoundly dominant in Western culture over all other types of music, regardless of what you think of its quality. From dthorn at gte.net Thu Dec 12 11:59:30 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 12 Dec 1996 11:59:30 -0800 (PST) Subject: Why PICS is the wrong approach In-Reply-To: <199612120714.XAA04720@netcom14.netcom.com> Message-ID: <32B043D8.4AC6@gte.net> Vladimir Z. Nuri wrote: > Why TCM is wrong about PICS being wrong: > >PICS is the wrong approach becuase it oversimplifies the ratings of > >content, because it places the ratings made by the author in the payload > >itself, and because third-party ratings systems are cut out of the loop > >(effectively). > bzzzzzzt. please read about it. there are multiple protocols. some > of them allow third-party rating services. some of them support > ratings within pages. the standard is neutral. > also consider the new Firefly system that doesn't > actually have fixed ratings on objects, but in which ratings are > determined dynamically based on your own personal ratings of pages. If Firefly is an example of what PICS is or could become, the hell with PICS. Firefly encourages and rewards group behavior and suppresses individuality. Firefly would reward the discussion of the latest album by a Columbia or Capitol artist, and discourage discussion of material from independent (real independent) labels. I know because I've been there and spent quite a bit of time trying to get a rating. [remainder snipped] From dthorn at gte.net Thu Dec 12 11:59:59 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 12 Dec 1996 11:59:59 -0800 (PST) Subject: Redlining In-Reply-To: <199612112328.RAA02505@manifold.algebra.com> Message-ID: <32B03F2E.4715@gte.net> Igor Chudov @ home wrote: > E. Allen Smith wrote: > > From: IN%"ichudov at algebra.com" 11-DEC-1996 14:01:18.43 > > >The problem is, people can choose what credit history they want to have > > >(I can be a saver or a spender, for example), but nobody can change the > > >color of their skin. > > >This is central point of the theory why discrimination based on credit > > >histories is OK, while the discrimination based on race is not. [snip] > Do we consider discrimination based on poverty illegitimate? Note that when only part of the statistical picture is presented, the result can be misleading: Mississippi is a much poorer state than Ohio or Pennsylvania, but also has a much lower crime rate. [remainder snipped] From hal at martigny.ai.mit.edu Thu Dec 12 12:29:37 1996 From: hal at martigny.ai.mit.edu (Hal Abelson) Date: Thu, 12 Dec 1996 12:29:37 -0800 (PST) Subject: Whom can you trust with your keys -- government version Message-ID: <199612122029.AA144522566@martigny.ai.mit.edu> -----BEGIN PGP SIGNED MESSAGE----- The Commerce Department draft crypto export regulations (see http://www.steptoe.com/commerce.htm) include the following stipulation on Key Recovery Agents: Evidence of an individual's suitability and trustworthiness [to act as a key recovery agent] shall include: (i) Information indicating that the individual(s): (A) Has no criminal convictions of any kind or pending criminal charges of any kind; (B) Has not breached fiduciary responsibilities (e.g., has not violated any surety or performance bonds); and (C) Has favorable results of a credit check; or, (ii) Information that the individual(s) has an active U.S. government security clearance of Secret or higher issued or updated within the last five years. It's nice to know that we can trust ex-cons, frauds, and deadbeats to hold our keys, provided that they have obtained a Secret clearance. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBMrBrBfiGKLV9Y6XFAQH53AP5AXAG5ys1ju6R1imLJYTKQcgDtNec9YBw kSimzx/GIOAf0eWJFTU+fMTsJp9g7K1LasNYRYfXM2aqPuwB6UJ2PU1JKhi2u8ew Qk06TllDvhzGwWTCAd53J616181srw3Gb+lARvBQT4m/1trRNDR24d0rdxS7jxPk ytwNprO06zQ= =CXXb -----END PGP SIGNATURE----- From EALLENSMITH at ocelot.Rutgers.EDU Thu Dec 12 13:08:37 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Thu, 12 Dec 1996 13:08:37 -0800 (PST) Subject: Redlining Message-ID: <01ICXFPL6XZOAEL7YC@mbcl.rutgers.edu> From: IN%"dthorn at gte.net" "Dale Thorn" 12-DEC-1996 14:56:52.69 >Actually, there is not only good evidence for the environmental argument, >but you can reason it out yourself if you give attention to some things >that don't make it into most discussions on this topic. Yes, there are strong arguments for the environment being the determining factor... there are also strong arguments (such as interracial adoption still leaving blacks below the average IQ of adopted siblings) for it being genetics. We won't be able to find out which is which until we know what the genetic determinants of intelligence are, which will take some time. (Using current techniques, several hundred years at the minimum... but I'm not prepared to predict how good techniques will get). As I previously stated, I don't believe it is any part genetic. -Allen From EALLENSMITH at ocelot.Rutgers.EDU Thu Dec 12 13:31:14 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Thu, 12 Dec 1996 13:31:14 -0800 (PST) Subject: Redlining Message-ID: <01ICXGIQSR8MAEL7YC@mbcl.rutgers.edu> From: IN%"mjmiski at execpc.com" "Matthew J. Miszewski" 12-DEC-1996 11:32:36.79 >Just wanted to clear up that my reference to student loans was not meant to >start a discussion of the granting of _those_ loans. It was meant to spark >a discussion of the lending to those borrowers *after* they graduate. As a >group, their default rate is generally high. And yet, as a group, the >extension of credit to these people is not systematically denied (as in >redlining). >I take responsibility for the thread being confused as I believe my first >mention of it was unclear. mea culpa. I see... that explains your apparantly nonsensical answer that the guarantees on student loans don't make any difference. Quite alright; we all make mistakes. I would like to suggest that the essential problem in determining loans to those who have just graduated is that of headaches in gathering sufficient information; namely, the cost of finding out "is this a good school" and "how good are this person's prospects" are sufficiently high so as to make up for the default rates. As previously mentioned by Dale Thorn, the inclusion in this figure of various trade schools is also a (related) problem, one that Clinton's proposal of student loans for 2 years of college for _everyone_ would make worse. -Allen From EALLENSMITH at ocelot.Rutgers.EDU Thu Dec 12 13:36:08 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Thu, 12 Dec 1996 13:36:08 -0800 (PST) Subject: Redlining Message-ID: <01ICXGBPMPJ4AEL7YC@mbcl.rutgers.edu> From: IN%"ichudov at algebra.com" 11-DEC-1996 19:45:12.83 >A good question. It is based on the theory that every person has a >"utility" function in their mind. This function determines the "worth" >of money and worthiness of risk. >If that function as a function of income is strictly concave Except in the case of a consumer for whom the lower end is essentially no different than 0 - e.g., a minimum amount for survival - having a concave utility function for money (as opposed to less-convertible goods/services) is irrational. While I am in favor of allowing people to be irrational if they so desire, I am not in favor of governmental rules (e.g., coercive rules) being determined by irrationality. See my comments on emotion to Matt M. -Allen From ichudov at algebra.com Thu Dec 12 14:04:16 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Thu, 12 Dec 1996 14:04:16 -0800 (PST) Subject: Redlining In-Reply-To: <01ICXGBPMPJ4AEL7YC@mbcl.rutgers.edu> Message-ID: <199612122159.PAA11494@manifold.algebra.com> E. Allen Smith wrote: > > From: IN%"ichudov at algebra.com" 11-DEC-1996 19:45:12.83 > > >A good question. It is based on the theory that every person has a > >"utility" function in their mind. This function determines the "worth" > >of money and worthiness of risk. > > >If that function as a function of income is strictly concave > > Except in the case of a consumer for whom the lower end is essentially > no different than 0 - e.g., a minimum amount for survival - having a concave > utility function for money (as opposed to less-convertible goods/services) > is irrational. While I am in favor of allowing people to be irrational if they > so desire, I am not in favor of governmental rules (e.g., coercive rules) being > determined by irrationality. See my comments on emotion to Matt M. Utility functions, are never irrational. I like tangerines and hate apples, some other are the other way around, but it is not irrational. Concavity of utility function of money (equivalence of risk-aversion) for most consumers is an empirical fact. I agree that rationality per se should not be mandated by the government rules though. - Igor. From nobody at huge.cajones.com Thu Dec 12 14:12:33 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Thu, 12 Dec 1996 14:12:33 -0800 (PST) Subject: In Defense of Anecdotal Evidence Message-ID: <199612122212.OAA27964@mailmasher.com> At 12:09 AM 12/12/1996, E. Allen Smith wrote: >From: IN%"mjmiski at execpc.com" "Matthew J. Miszewski" 11-DEC-1996 19:43:51.88 >>If I wanted to I could repeatedly issue heart-wrenching stories of >>poverty in America (similar, of course, to politicians using "real >>world examples" in speeches). You seem to assume that this would be >>"wrong". > > As did Ronald Reagan in talking about "welfare queens"... as >could I in discussing how my grandparents got out of poverty and have >two children with MDs and one with a PhD. Statistics are preferable >to anecdotal evidence for just this reason; I've seen that over and >over again in science. Anecdotes are for lawyers talking to juries >and demagogic politicians talking to the masses. Statistics are a useful tool, but they have their problems. Their accuracy is often in doubt. Most scientific data comes with an error analysis so you can tell what the figure means. For some reason statisticians never do this so we cannot tell whether their numbers are accurate to within 0.1%, 1.0%, 10%, or even worse. There are many other problems. For instance, users of statistics assume they have a random sample, even in cases where that is far from clear. Social statistics are a black art. There was a study awhile back which claimed gun ownership reduced violent crime. That is a surprising result. It was apparently obtained by subtracting out all the other factors that could explain the differences in the areas studied. This process must involve some real stretches statistically. I can't imagine how cultural differences are determined and subtracted - I assume it is a subjective process. Another problem with statistics is that they are difficult to verify. We may wish to verify the information in cases of deception - sometimes well meaning - but also for cases of statistical incompetence. It is also hard to explore the details of the study if the authors are unavailable. The advantage of first hand experience is that it is primary evidence. You know it's true because you were there and saw it. The advantage of anecdotal evidence (in the sense we have been using it) is that the person who is telling you the anecdote was there and saw it. You can cross-examine them and get a full understanding of the evidence provided. Specific examples, that is anecdotal evidence, also provide a nice framework for discussing our abstract beliefs about what is morally right or wrong, or what various parties should be expected to do or say in particular situations. Specific examples also make it possible for the participants in the conversation to deepen their own understanding of their experiences. You might have seen something and interpreted it in a particular way. Somebody else might be able to show you how you misinterpreted what you saw. Red Rackham From infoserver at reply.net Thu Dec 12 15:15:33 1996 From: infoserver at reply.net (Santa Claus) Date: Thu, 12 Dec 1996 15:15:33 -0800 (PST) Subject: Merry Christmas, HipXmas-SantaSpam Message-ID: <199612122316.SAA14706@reply.net> An Xmas greeting from f_ck at hotmail.com ..... ** **** ****** ******** ********** ************ ************** **************** ****************** ******************** ********************** S A N T A * * * N O R T H P O L E | | \____/ Wherever you go, whatever you do, Remember that Santa is always with you. I live in your heart, I dance in your soul, I show you what love is, and good things to know. The Spirit of Christmas spreads all through the land, With joy and the giving of gifts you should have. But gifts are just one thing to give and to get -- We wish you much more, far more than that. My elves send you pride in whatever you do, My reindeer give strength on days you feel blue, My wife, Mrs. Claus, grants wisdom and grace, Belief in yourself and all you create. And me, what do I give? Is there much more? Plenty and plenty you won't find in stores. I give you the knowledge that you can do more Than you ever knew -- of that be quite sure. My sleigh's packed with toys, my list sweeps the floor, A cup of hot cocoa and I'm out the door. Just gaze high in the sky where Peace always soars, And you live in my heart as I live in yours. * * * * * * M e r r y C h r i s t m a s * * S a n t a C l a u s --------- This santa poem was sent to you from the person with the following e-mail address: f_ck at hotmail.com If you would like to return the greeting then stop by the ReplyNet Santa Site at www.reply.net/santa.html Your e-mail address is NOT being collected or stored. From pobox at pobox.org.sg Thu Dec 12 15:35:21 1996 From: pobox at pobox.org.sg (PObox Adminstrator) Date: Thu, 12 Dec 1996 15:35:21 -0800 (PST) Subject: Thank you for using PostOne service Message-ID: <199612122334.HAA28828@plato.pobox.org.sg> Hi, Thank you for trying our PostOne service. The following account has been created for you: PObox Account: cypherwimps at post1.com Password: XAp9hAd8eX Please change your password as soon as you receive this e-mail. To change your password, just login to PostOne at http://www.post1.com. The email associated with the id cypherwimps at post1.com is Name : spambo Email1: cypherpunks at toad.com Email2: Email3: Your account will be fully functional in no more than 3 hours (the database on our servers are synchronized every three hours). If you receive this email, you can be assured that your account has indeed been created. You can test your own account by sending some email to cypherwimps at post1.com to make sure it is working properly. Please take note that PostOne service is currently in beta testing. Some hiccups are expected as we go about enhancing it to provide you with a better service. Your feedback, comments and suggestions on the service will be appreciated. We also have a mailing list (pobox-user at post1.com) where you can join to discuss the development of PostOne. Major announcement will be sent to the list too. Send an email to "majordomo at post1.com" with the message body containing "subscribe pobox-user" to join this mailing list. Please note that PostOne is more than just an email forwarding service. We also provide other Email/WWW related services too. For more information on PObox service, please check out the URL http://www.post1.com. Please feedback to us if you encounter problems using our service. - Your friendly PostOne Adminstrator (pobox at post1.com) ps: From the FAQ at http://www.post1.com/about/pfaq.html -- CUT HERE -- Q: Help! The password given to me doesn't seem to work! A: Please take note of the following when you are logging in to PObox. 1.The userid is just plainly the PostOne username, without the @post1.com. Eg, if your pobox address is joe at post1.com, you will login simply as joe. 2.Passwords issued are cAsE sEnSiTiVe. -- CUT HERE -- From infoserver at reply.net Thu Dec 12 15:36:39 1996 From: infoserver at reply.net (Santa Claus) Date: Thu, 12 Dec 1996 15:36:39 -0800 (PST) Subject: Merry Christmas, CypherWimps-love-SantaSpam Message-ID: <199612122337.SAA15242@reply.net> An Xmas greeting from cypherwimps at post1.com ..... ** **** ****** ******** ********** ************ ************** **************** ****************** ******************** ********************** S A N T A * * * N O R T H P O L E | | \____/ Wherever you go, whatever you do, Remember that Santa is always with you. I live in your heart, I dance in your soul, I show you what love is, and good things to know. The Spirit of Christmas spreads all through the land, With joy and the giving of gifts you should have. But gifts are just one thing to give and to get -- We wish you much more, far more than that. My elves send you pride in whatever you do, My reindeer give strength on days you feel blue, My wife, Mrs. Claus, grants wisdom and grace, Belief in yourself and all you create. And me, what do I give? Is there much more? Plenty and plenty you won't find in stores. I give you the knowledge that you can do more Than you ever knew -- of that be quite sure. My sleigh's packed with toys, my list sweeps the floor, A cup of hot cocoa and I'm out the door. Just gaze high in the sky where Peace always soars, And you live in my heart as I live in yours. * * * * * * M e r r y C h r i s t m a s * * S a n t a C l a u s --------- This santa poem was sent to you from the person with the following e-mail address: cypherwimps at post1.com If you would like to return the greeting then stop by the ReplyNet Santa Site at www.reply.net/santa.html Your e-mail address is NOT being collected or stored. From infoserver at reply.net Thu Dec 12 15:37:01 1996 From: infoserver at reply.net (Santa Claus) Date: Thu, 12 Dec 1996 15:37:01 -0800 (PST) Subject: Merry Christmas, CypherWimps-hate-SantaSpam Message-ID: <199612122337.SAA15275@reply.net> An Xmas greeting from cypherwimps at post1.com ..... ** **** ****** ******** ********** ************ ************** **************** ****************** ******************** ********************** S A N T A * * * N O R T H P O L E | | \____/ Wherever you go, whatever you do, Remember that Santa is always with you. I live in your heart, I dance in your soul, I show you what love is, and good things to know. The Spirit of Christmas spreads all through the land, With joy and the giving of gifts you should have. But gifts are just one thing to give and to get -- We wish you much more, far more than that. My elves send you pride in whatever you do, My reindeer give strength on days you feel blue, My wife, Mrs. Claus, grants wisdom and grace, Belief in yourself and all you create. And me, what do I give? Is there much more? Plenty and plenty you won't find in stores. I give you the knowledge that you can do more Than you ever knew -- of that be quite sure. My sleigh's packed with toys, my list sweeps the floor, A cup of hot cocoa and I'm out the door. Just gaze high in the sky where Peace always soars, And you live in my heart as I live in yours. * * * * * * M e r r y C h r i s t m a s * * S a n t a C l a u s --------- This santa poem was sent to you from the person with the following e-mail address: cypherwimps at post1.com If you would like to return the greeting then stop by the ReplyNet Santa Site at www.reply.net/santa.html Your e-mail address is NOT being collected or stored. From infoserver at reply.net Thu Dec 12 15:37:21 1996 From: infoserver at reply.net (Santa Claus) Date: Thu, 12 Dec 1996 15:37:21 -0800 (PST) Subject: Merry Christmas, CypherWimps-want-SantaSpam Message-ID: <199612122337.SAA15289@reply.net> An Xmas greeting from cypherwimps at post1.com ..... ** **** ****** ******** ********** ************ ************** **************** ****************** ******************** ********************** S A N T A * * * N O R T H P O L E | | \____/ Wherever you go, whatever you do, Remember that Santa is always with you. I live in your heart, I dance in your soul, I show you what love is, and good things to know. The Spirit of Christmas spreads all through the land, With joy and the giving of gifts you should have. But gifts are just one thing to give and to get -- We wish you much more, far more than that. My elves send you pride in whatever you do, My reindeer give strength on days you feel blue, My wife, Mrs. Claus, grants wisdom and grace, Belief in yourself and all you create. And me, what do I give? Is there much more? Plenty and plenty you won't find in stores. I give you the knowledge that you can do more Than you ever knew -- of that be quite sure. My sleigh's packed with toys, my list sweeps the floor, A cup of hot cocoa and I'm out the door. Just gaze high in the sky where Peace always soars, And you live in my heart as I live in yours. * * * * * * M e r r y C h r i s t m a s * * S a n t a C l a u s --------- This santa poem was sent to you from the person with the following e-mail address: cypherwimps at post1.com If you would like to return the greeting then stop by the ReplyNet Santa Site at www.reply.net/santa.html Your e-mail address is NOT being collected or stored. From snow at smoke.suba.com Thu Dec 12 16:47:38 1996 From: snow at smoke.suba.com (snow) Date: Thu, 12 Dec 1996 16:47:38 -0800 (PST) Subject: New export controls to include code signing applications In-Reply-To: <3.0.32.19961211163934.006a08a0@netcom14.netcom.com> Message-ID: <199612130106.TAA02487@smoke.suba.com> Lucky wrote: > [Listing specific software prohibited from export] > "c.2. "Software" to certify "software" controlled by 5D002.c.1; " ^^^^ Anyone else see the coincidence here? Life can get real strange. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From geeman at best.com Thu Dec 12 16:51:17 1996 From: geeman at best.com (geeman at best.com) Date: Thu, 12 Dec 1996 16:51:17 -0800 (PST) Subject: Neural Nets Message-ID: <3.0.32.19961212164107.006c0ea0@best.com> This comes up once in a while --- it appears an inappropriate approach, they say, since the solution space for the problem consists of exactly one spike, in the vast sea of all possible solutions ... there is no smooth contour over which to minimize the net's error function, and finding the one spike which is the correct result is no more efficient in such a case than any other exhaustive search. This argument would break down if there were detectable biases in the crypto algorithm that you could exploit. But then whether a nn would be the tool of choice in such a case may be uncertain. At 01:00 PM 12/12/96 GMT, you wrote: >Hi Folkd > >Just sat through a lecture on an itroduction to Neural Nets. > >Thought. Does anybody know of any tools that use Neural Nets to break >ciphers? > >Cheers > >Ste > > From snow at smoke.suba.com Thu Dec 12 17:23:19 1996 From: snow at smoke.suba.com (snow) Date: Thu, 12 Dec 1996 17:23:19 -0800 (PST) Subject: Java DES breaker? In-Reply-To: Message-ID: <199612130142.TAA02633@smoke.suba.com> Vulis wrote: > "Mark M." writes: > > compiles Java to a stand-alone executable. Details at > > http://webhackers.cygnus.com/webhackers/projects/java.html . > It would be very foolish to touch any shit that comes out of Cygnus. Why? (specifically, I am about to try using a GCC port to WinNT, and I would like to know _why_ you think their work is shit). Petro, Christopher C. petro at suba.com snow at smoke.suba.com From snow at smoke.suba.com Thu Dec 12 17:26:56 1996 From: snow at smoke.suba.com (snow) Date: Thu, 12 Dec 1996 17:26:56 -0800 (PST) Subject: New export controls to include code signing applications In-Reply-To: <199612120712.XAA05665@cypherpunks.ca> Message-ID: <199612130146.TAA02651@smoke.suba.com> Milou wrote: > However, all they will succeed in doing is greatly harming the U.S. > computer security business. A few decades from now people will look > back on these policies in disbelief. It didn't take that long. I am looking on in disbelief right now. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From snow at smoke.suba.com Thu Dec 12 17:29:01 1996 From: snow at smoke.suba.com (snow) Date: Thu, 12 Dec 1996 17:29:01 -0800 (PST) Subject: Lucky's Official Prediction (raising the ante) In-Reply-To: <199612120903.CAA25493@infowest.com> Message-ID: <199612130148.TAA02667@smoke.suba.com> The Hun said: > within two years, Bubba and friends will successfully both: > a) destroy the Bill of Rights He can't. You can't destroy that which is already rubble. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From vznuri at netcom.com Thu Dec 12 17:37:39 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Thu, 12 Dec 1996 17:37:39 -0800 (PST) Subject: Why PICS is the wrong approach In-Reply-To: <32B043D8.4AC6@gte.net> Message-ID: <199612130137.RAA10448@netcom13.netcom.com> >If Firefly is an example of what PICS is or could become, the hell with >PICS. Firefly encourages and rewards group behavior and suppresses >individuality. Firefly would reward the discussion of the latest album >by a Columbia or Capitol artist, and discourage discussion of material >from independent (real independent) labels. I know because I've been >there and spent quite a bit of time trying to get a rating. > this is absolutely ridiculous. the rating system is designed to be incredibly individualized. it uses sophisticated statistical techniques to find the correlations in your UNIQUE ratings given over a set of items with other people's ratings, and weighs future ratings based on these correlations. it may be even dealing with anti-correlations. in fact what you have, in effect, is a system with *no* hardwired ratings. the ratings space is different for *every*single*person* who uses the service. "you know"? get a clue, please. these systems are not at all like the record rating systems you get in stores. I sympathize with your plight however and agree that the record labeling system is a lame way to go about it. all the more reason to support things like firefly and grouplens (another interesting system that may have inspired firefly, do a yahoo search to find it). superior rating systems will begin to flourish instead of inferior ones... From snow at smoke.suba.com Thu Dec 12 17:37:53 1996 From: snow at smoke.suba.com (snow) Date: Thu, 12 Dec 1996 17:37:53 -0800 (PST) Subject: Redlining In-Reply-To: <32B03E27.5EF9@gte.net> Message-ID: <199612130156.TAA02703@smoke.suba.com> Mr. Thorn wrote: > > P.S. Please note that we cannot yet tell if the racial differences in > > IQ are environmental or a mixture of environmental and genetic; I > > believe they are purely environmental, but there is about as much > > evidence for this belief as there is for God's existence (something > > I also believe in). > Example: Environment has a profound effect on a person's mind (outlook, > perceptions, attitudes, moods, etc.), and thereby has a significant, if > indirect effect on that person's hormone production (quantity, balance). > Those hormone productions have more effect on the body and brain long- > term than any other influence I can think of. I bet the problem is even simpler than that. Look at studies that correlate nutrition with grades/learning. Look at "inner city" dietary habits of 3 to 5 year old children (and any other "under performing" group). I'd bet $20 on the correlation. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From dlv at bwalk.dm.com Thu Dec 12 17:51:55 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 12 Dec 1996 17:51:55 -0800 (PST) Subject: take me off the list In-Reply-To: <850411279.523996.0@fatmans.demon.co.uk> Message-ID: Paul Bradley must be a very sick young man. He can't control himself. He feels compelled to post obscenities to this mailing list. paul at fatmans.demon.co.uk writes: > Why did you not follow the instructions I have sent to you no less > than 5 times? - they follow, for fucks sake do as they say this > time. Has anyone ever seen an article by Paul without the word "fuck" in it? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Thu Dec 12 18:00:20 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 12 Dec 1996 18:00:20 -0800 (PST) Subject: Java DES breaker? Message-ID: More than one person writes: > Vulis wrote: > > "Mark M." writes: > > > compiles Java to a stand-alone executable. Details at > > > http://webhackers.cygnus.com/webhackers/projects/java.html . > > It would be very foolish to touch any shit that comes out of Cygnus. > > Why? (specifically, I am about to try using a GCC port to WinNT, and > I would like to know _why_ you think their work is shit). First, because it's King John "Lackbrain" Gilmore's company. :-) Second, because they hire unqualified people (rather, people whose qualifications have nothing to do with the job) and they've already fucked up every project they've ever touched. Third, because they steal from the people who originally developed the free software by charging money for the non-existent "support". I'm quite happy with MS VC++ for NT. I doubt that Cygnus can do a good job porting gcc to NT. People much better than the assholes at Cygnus have not done a great job porting gcc to OS/2. If I want gcc, I just run it on the Linux box, or a Sun box. Fuck Cygnus. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From KDBriggs1 at aol.com Thu Dec 12 18:08:14 1996 From: KDBriggs1 at aol.com (KDBriggs1 at aol.com) Date: Thu, 12 Dec 1996 18:08:14 -0800 (PST) Subject: Puffer 2.1 Message-ID: <961212210731_2085045806@emout03.mail.aol.com> Puffer 2.1 is now available from http://execpc.com/~kbriggs Puffer is a shareware file and e-mail encryption program for Windows in 16-bit and 32-bit editions. Features 40-bit RC4 encryption in exportable shareware and international versions plus 160-bit Blowfish encryption in US/Canada registered version. A multi-pass data wipe feature is also available for files, file slack, and empty disk space. New for version 2.1: program settings saved in INI file, selectable decryption directory, improved ASCII PUF split option, fixed Windows 95 cache flush bug, other minor bug fixes, new uninstall utility. A patch program is also available from the web site for registered users to self-upgrade from version 2.0. Kent Briggs Briggs Softworks, http://execpc.com/~kbriggs From reagle at rpcp.mit.edu Thu Dec 12 18:17:22 1996 From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.) Date: Thu, 12 Dec 1996 18:17:22 -0800 (PST) Subject: Why PICS is the wrong approach Message-ID: <3.0.32.19961212205225.00a108c0@rpcp.mit.edu> At 07:58 PM 12/11/96 -0500, you wrote: > PICS is the wrong approach becuase it oversimplifies the ratings of > content, because it places the ratings made by the author in the payload > itself, and because third-party ratings systems are cut out of the loop > (effectively). Perhaps I don't understand what you are saying. I just want to ensure that you understand that the PICS labels can be distributed in multiple ways. (document, server, label bureau.) I suspect you do, and what you are objecting to is that documnet-embedded labels will have a greater weight than those distributed by third parties: > agencies, and laws. But once set, the "binding" has been made. Later > reviews or reviews by other entities cannot affect the binding, at least > not for this distributed instance. And consequently authors have a greater responsibility/liability than you would like: > More importantly, the "payload" does not carry some particular set of > fairly-arbitrary PICS evluations. Binding by the censors instead of by the > originator, which is as it should be. In which case, I disagree. I think accurate, consistent, "objective" (I know this is an argument on the other thread, I think one can get relatively "objective ratings" see my RSAC case study for a break down on the qualities of rating systems on my ecommerce page (home page below)) well branded and reputable agents will have a greater weight, and will have a market motivation for accuracy exceeding regulatory pressure. (Plus, there is nothing preventing thresh-hold tolerances for use with multiple ratings.) _______________________ Regards, Restlessness and discontent are the first necessities of progress. -Thomas A. Edison Joseph Reagle http://rpcp.mit.edu/~reagle/home.html reagle at mit.edu E0 D5 B2 05 B6 12 DA 65 BE 4D E3 C1 6A 66 25 4E From dlv at bwalk.dm.com Thu Dec 12 19:00:13 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 12 Dec 1996 19:00:13 -0800 (PST) Subject: In Defense of Anecdotal Evidence In-Reply-To: <199612122212.OAA27964@mailmasher.com> Message-ID: nobody at huge.cajones.com (Huge Cajones Remailer) writes: > Social statistics are a black art. There was a study awhile back > which claimed gun ownership reduced violent crime. That is a > surprising result. .. What's surprising about it?? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From nobody at zifi.genetics.utah.edu Thu Dec 12 19:07:54 1996 From: nobody at zifi.genetics.utah.edu (Anonymous) Date: Thu, 12 Dec 1996 19:07:54 -0800 (PST) Subject: Elliptic curves In-Reply-To: <850408570.510393.0@bexcol.demon.co.uk> Message-ID: <199612130307.UAA13495@zifi.genetics.utah.edu> Admin at bexcol.demon.co.uk writes: > You are all a bunch of faggots. Faggot cannot be allowed on usenet as > dictated by the great dr. Grubor. > > Fuck you all. 1. Cypherpunks is not on usenet. 2. Faggots created and run Usenet, and there's nothing a pathetic, powerless little boy like you can do about it. 3. I enjoy your pathetic little displays of despair about not having any control over usenet. Please keep whining to the mailing lists to remind us all of what a pitiful little loser you are. From shamrock at netcom.com Thu Dec 12 19:08:59 1996 From: shamrock at netcom.com (Lucky Green) Date: Thu, 12 Dec 1996 19:08:59 -0800 (PST) Subject: [Meeting] Cypherpunks Shooting Club Message-ID: <3.0.32.19961212190918.006931e0@netcom14.netcom.com> Fellow firearms friends, The Cypherpunks Shooting Club will meet this Sunday, 12/14/96, the day after the monthly Bay Area Cypherpunks Meeting. From now on, we will meet once a month, on the day after the monthly meeting. Anyone interested in firearms is encouraged to attend. You don't need to own a gun and you don't need to know how to operate one. Of course, if you do, all the better. Various firearms (rifles, handguns, shotguns) will be available. We will gladly provide safety and operations instructions. When: 2:00 pm 12/14/96 Where: United Sportsmen Rifle Range, Ebora Road, Concord, CA, 510-676-1963 How to get there: o From SF, Oakland, the North Bay: [Cross the bridge to the East Bay if applicable]. Take I580 to Highway 24 to WALNUT CREEK. In Walnut Creek, the 24 merges with I680. Follow I680 NORTH. Past Concord, take Highway 4 EAST. Drive for a few miles. Note the nuclear weapons depot on the right. Just past the depot, exit on WILLOW PASS ROAD. Make a LEFT on Willow Pass Road. Cross underneath the highway. At the end of the road, make a RIGHT. Drive 3/4 of a mile. United Sportsmen is the second dirt road on the LEFT. If you reached some homes, you went too far. o From the Peninsula: Take San Mateo Bridge to the East Bay. Go NORTH for a few miles. Take the freeway EAST (number?) to LIVERMORE. At the PLEASANTON interchange, take I680 NORTH. Follow the instructions above. Why we are meeting in the East Bay: Several regular participants are already meeting Sunday morning in Berkeley. What if it rains: The outdoor range is an all weather range. We will meet unless it really pours. Cost: $5 range fee + ammunition. $15 total should suffice for a first timer. What to bring: o Eye protection [mandatory]. Prescription and sunglasses meet the requirements, though I would advise you to use something safer. Chemistry lab glasses work great. o Ear protection [mandatory]. If needed, you can buy some foam type ear protection at the range. It costs less than $5. o Any firearm you might want to bring. Please RSVP if you plan to attend. See you Sunday, -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://ourworld.compuserve.com/homepages/justforfun/prime.htm From sunder at brainlink.com Thu Dec 12 19:22:15 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Thu, 12 Dec 1996 19:22:15 -0800 (PST) Subject: Java DES breaker? In-Reply-To: <6uBsyD129w165w@bwalk.dm.com> Message-ID: On Wed, 11 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > I happen to have a Sparc 20 box and a Linux box and a SCO box, and ActiveX > won't work on any of those. I also work with a bunch of other equipment > that's much faster than a PC, but doesn't run browsers. (Most of it is not > connected to the 'net for security reasons, but that's besides the point.) Right, and Active X, if those machies were on the web, would not be supported. > If Bill's client is sure to run the platforms that MS IE runs on, then this is > not a consideration. Correct, however there is one thing you have forgotten... (next paragraph) > Interpreted FORTH bytestream (which is what Java is) may be "doing quite well" > when drawing GUI gizmos and widgets, but it can't get anywhere near the > performance of hand-optimizer assembler that you can stick into ActiveX. While ActiveX does support hand optmized assembler, there are Java JustInTime compilers which take JVM bytecodes and turn'em into raw assembler. They aren't hand optimized, they are natively compiled code, but they are native code non the less. A good optimizing compiler may not be 100% as cool and as fast as hand optmized code, BUT it'll be almost as fast. And Java will run on just about EVERY platform out there. And that is a bigger, more important point than a 10%-25% increase in power over non-optimized code. Besides, I'm not arguing AGAINST an ActiveX client, there's no reason why there can't be both Java and ActiveX clients out there since there is both a compatibilty issue and a speed increase with ActiveX. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From dlv at bwalk.dm.com Thu Dec 12 20:00:10 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 12 Dec 1996 20:00:10 -0800 (PST) Subject: Java DES breaker? In-Reply-To: Message-ID: <9yVuyD159w165w@bwalk.dm.com> Ray Arachelian writes: > On Wed, 11 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > > > I happen to have a Sparc 20 box and a Linux box and a SCO box, and ActiveX > > won't work on any of those. I also work with a bunch of other equipment > > that's much faster than a PC, but doesn't run browsers. (Most of it is not > > connected to the 'net for security reasons, but that's besides the point.) > > Right, and Active X, if those machies were on the web, would not be > supported. That's what I said in line 1. Your point? (And of course if these machines were on the Web as servers, they could take advantage of ActiveX on clients.) > > Interpreted FORTH bytestream (which is what Java is) may be "doing quite we > > when drawing GUI gizmos and widgets, but it can't get anywhere near the > > performance of hand-optimizer assembler that you can stick into ActiveX. > > While ActiveX does support hand optmized assembler, there are Java > JustInTime compilers which take JVM bytecodes and turn'em into raw > assembler. They aren't hand optimized, they are natively compiled code, > but they are native code non the less. A good optimizing compiler may I've seen many Forth implementations, including pseudo-compilers similar to what you describe. They sure generated a lot of instructions and an occasional speed improvement over a simple-minded interpreter. Can it go out on the web and talk to arbitrary servers? Can it work with local files? > not be 100% as cool and as fast as hand optmized code, BUT it'll be > almost as fast. And Java will run on just about EVERY platform out there. > And that is a bigger, more important point than a 10%-25% increase in > power over non-optimized code. Where did the 10-25% figure come from? Of course, Ray works for Earthweb, who has a "special partnership" with SunSoft, and gets paid to badmouth competing products and push Java when it's clearly inappropriate. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From ichudov at algebra.com Thu Dec 12 20:26:52 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Thu, 12 Dec 1996 20:26:52 -0800 (PST) Subject: In Defense of Anecdotal Evidence In-Reply-To: <199612122212.OAA27964@mailmasher.com> Message-ID: <199612130424.WAA13835@manifold.algebra.com> Huge Cajones Remailer wrote: > Statistics are a useful tool, but they have their problems. Their > accuracy is often in doubt. Most scientific data comes with an error > analysis so you can tell what the figure means. For some reason > statisticians never do this so we cannot tell whether their numbers > are accurate to within 0.1%, 1.0%, 10%, or even worse. > > There are many other problems. For instance, users of statistics > assume they have a random sample, even in cases where that is far from > clear. Wrong statistics is usually obtained by idiots who do not know what statistics is about. Social scientists and feminist studies are a frequent example of such unfortunate situation. - Igor. From ichudov at algebra.com Thu Dec 12 20:36:56 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Thu, 12 Dec 1996 20:36:56 -0800 (PST) Subject: Redlining In-Reply-To: <32B03E27.5EF9@gte.net> Message-ID: <199612130431.WAA13881@manifold.algebra.com> Dale Thorn wrote: > > E. Allen Smith wrote: > > From: IN%"ichudov at algebra.com" 11-DEC-1996 23:46:57.12 > > >I would appreciate if some attorney on this list shed some light on the > > >legal definition of discrimination. > > [snip] > > > P.S. Please note that we cannot yet tell if the racial differences in > > IQ are environmental or a mixture of environmental and genetic; I > > believe they are purely environmental, but there is about as much > > evidence for this belief as there is for God's existence (something > > I also believe in). > > Actually, there is not only good evidence for the environmental argument, > but you can reason it out yourself if you give attention to some things > that don't make it into most discussions on this topic. > > Example: Environment has a profound effect on a person's mind (outlook, > perceptions, attitudes, moods, etc.), and thereby has a significant, if > indirect effect on that person's hormone production (quantity, balance). > Those hormone productions have more effect on the body and brain long- > term than any other influence I can think of. > > And believe it or not, in some (perhaps unusual) cases, unexpected > changes in hormone production can happen later in life as well, not > just during the "development" years. And I'm not talking about decreased > production either. > > Dale, I am sorry if I sound rather harsh, but this is a typical example how real statistical research is replaced by politicized bullshit. How to test a null hypothesis that differences in IQ between whites and blacks are at least partially a result of genetic differences and are not explained by "environment" solely? All this "environment" stuff is rather easy to test and control for: take two groups of children -- one from one race, another from another race, who live in essentially the same conditions. Then compare the average IQs and check statistical validity of your samples. There was one study. They took a number of white adopted children and a number of black adopted children, and made sure that they controlled for other conditions such as adopted parents' income, etc. Guess what was the result of IQ tests of children? - Igor. From EALLENSMITH at ocelot.Rutgers.EDU Thu Dec 12 20:52:45 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Thu, 12 Dec 1996 20:52:45 -0800 (PST) Subject: Why PICS is the wrong approach Message-ID: <01ICXVY7TKJKAEL8AI@mbcl.rutgers.edu> From: IN%"reagle at rpcp.mit.edu" "Joseph M. Reagle Jr." 12-DEC-1996 23:12:04.05 > > More importantly, the "payload" does not carry some particular set of > > fairly-arbitrary PICS evluations. Binding by the censors instead of by the > > originator, which is as it should be. >In which case, I disagree. I think accurate, consistent, "objective" (I >know this is an argument on the other thread, I think one can get >relatively "objective ratings" see my RSAC case study for a break down on >the qualities of rating systems on my ecommerce page (home page below)) >well branded and reputable agents will have a greater weight, and will have >a market motivation for accuracy exceeding regulatory pressure. (Plus, >there is nothing preventing thresh-hold tolerances for use with multiple >ratings.) Umm... I pointed out a while back the considerable problems with the RSAC attempt at objective ratings. See http://infinity.nus.sg/cypherpunks/dir.archive-96.05.09-96.05.15/0092.html for a review of my objections. The system in question is obviously much more subjective than, say, one that had: Does this page contain any female frontal nudity? Does this page contain any male frontal nudity? Does this page contain any female rear nudity? Does this page contain any male rear nudity? and so on. The parts on violence are particularly subjective. -Allen From brettc at tritro.com.au Thu Dec 12 20:54:12 1996 From: brettc at tritro.com.au (Brett Carswell) Date: Thu, 12 Dec 1996 20:54:12 -0800 (PST) Subject: Speaking of Redlining.... Message-ID: >I am trying to get a ~35,000 car loan - so far EVERYONE has just >straight up told me I am too young (even though I make twice what these >people make :) ) Maybe it's your condescending shithead attitude towards people who make less than you. :)) From msprague at ridgecrest.ca.us Thu Dec 12 21:15:20 1996 From: msprague at ridgecrest.ca.us (msprague at ridgecrest.ca.us) Date: Thu, 12 Dec 1996 21:15:20 -0800 (PST) Subject: NEWS: Web Security Hole Revealed (opportunity?) Message-ID: <199612130514.VAA04501@owens.ridgecrest.ca.us> >At 11:14 PM 12/11/96 -0500, you wrote: >>X-Sender: okeefe at olympus.net >>Mime-Version: 1.0 >>Date: Wed, 11 Dec 1996 19:32:32 -0800 >>To: N E W S R E L E A S E >>From: "Steve O'Keefe" >>Subject: NEWS: Web Security Hole Revealed >> >>BREAKING NEWS >>For Release Thursday, December 12, 1996 >> >>MAJOR WEB SECURITY FLAW REVEALED >> >>(New York) -- Edward Felten, head of Princeton University's >>Safe Internet Programming Team (SIP), today revealed a >>major security flaw in the Internet's World Wide Web. >>Called "web spoofing," the breach allows any Internet >>server to place itself between a user and the rest of the >>web. In that middle position, the server may observe, steal >>and alter any information passing between the unfortunate >>browser and the web. (deletia) Wait a minuite; This sounds like an opportunity! I see a possibility for a machine confugured to tx/rx PGP encrypted packets to re-broadcast them with the machines IP. This would become an anonymous ISP From reagle at rpcp.mit.edu Thu Dec 12 21:19:46 1996 From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.) Date: Thu, 12 Dec 1996 21:19:46 -0800 (PST) Subject: Why PICS is the wrong approach Message-ID: <3.0.32.19961213001747.00937d30@rpcp.mit.edu> At 11:51 PM 12/12/96 EDT, E. Allen Smith wrote: > Umm... I pointed out a while back the considerable problems with >the RSAC attempt at objective ratings. See I agree that it is not a purely descriptive system, however it is much moreso than others. I thought the following was a useful breakdown for my own purposes: Caveat on Vocabulary Before proceeding with the analysis we must first discuss some of the terms used in the analysis. The usage of terms "objective" and "judgmental" can be rather contentious. To address this, we disassociate any of these terms with any pejorative meanings ( opinionated gut feelings about Web content can be very useful ) and posit that there are three variables with which content labeling systems can be considered: descriptive/judgmental - does the label describe the content, or provide an opinion about the "appropriateness" of the content. deterministic/non-deterministic - is the previous process a deterministic process, or is it "gut" based, and voluntary, mandatory, or third party - does the author label his works voluntarily, is he required to label his works by some other agency, or can other services label his content. No rating system we discuss is purely descriptive or deterministic. Rather, each system varies with respect to where it falls between extremes. _______________________ Regards, Restlessness and discontent are the first necessities of progress. -Thomas A. Edison Joseph Reagle http://rpcp.mit.edu/~reagle/home.html reagle at mit.edu E0 D5 B2 05 B6 12 DA 65 BE 4D E3 C1 6A 66 25 4E From EALLENSMITH at ocelot.Rutgers.EDU Thu Dec 12 21:33:11 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Thu, 12 Dec 1996 21:33:11 -0800 (PST) Subject: Why PICS is the wrong approach Message-ID: <01ICXXDDFSK6AEL8AI@mbcl.rutgers.edu> From: IN%"reagle at rpcp.mit.edu" "Joseph M. Reagle Jr." 13-DEC-1996 00:19:47.19 To: IN%"EALLENSMITH at mbcl.rutgers.edu" "E. Allen Smith" CC: IN%"cypherpunks at toad.com" Subj: RE: Why PICS is the wrong approach Received: from RPCP.MIT.EDU by mbcl.rutgers.edu (PMDF #12194) id <01ICXWWYIT0GAH4L7K at mbcl.rutgers.edu>; Fri, 13 Dec 1996 00:19 EDT Received: from dialup-273.lcs.mit.edu by rpcp.mit.edu with SMTP id AA05830; Fri, 13 Dec 1996 00:20:21 -0500 Date: Fri, 13 Dec 1996 00:17:54 -0500 From: "Joseph M. Reagle Jr." Subject: RE: Why PICS is the wrong approach To: "E. Allen Smith" Cc: cypherpunks at toad.com Message-id: <3.0.32.19961213001747.00937d30 at rpcp.mit.edu> X-Envelope-to: EALLENSMITH Content-type: text/plain; charset="us-ascii" X-Sender: reagle at rpcp.mit.edu X-Mailer: Windows Eudora Pro Version 3.0 (32) Mime-Version: 1.0 At 11:51 PM 12/12/96 EDT, E. Allen Smith wrote: > Umm... I pointed out a while back the considerable problems with >the RSAC attempt at objective ratings. See > I agree that it is not a purely descriptive system, however it is much >moreso than others. I thought the following was a useful breakdown for my >own purposes: The below (from your essay) is a reasonable way to look at it. I would tend to compare a system to obviously possible systems as well as to simply what else is out there, however. >descriptive/judgmental - does the label describe the content, or provide an >opinion about the "appropriateness" of the content. In this regard, I would call the system in question about midway between a truly descriptive system and such obviously judgemental systems as SafeSurf. This partially judgemental nature is probably unavoidable in systems in which one uses a non-binary rating scheme; if the presence of something inevietably means that the system gives a "high" rating, then the system is judging that the something is more important than other factors. In this case, the judgement is pretty obviously that they deem the something in question (such as "hate speech" that calls for "harm" to some class - although I doubt they'd include pro-Affirmative-Action speech in that...) to be worse than the "lower" rated actions. >deterministic/non-deterministic - is the previous process a deterministic >process, or is it "gut" based, and I would agree that RSAC's system is pretty deterministic; the choices of what is labelled are rather arbitrary, but that falls under the description vs judgement category above. >voluntary, mandatory, or third party - does the author label his works >voluntarily, is he required to label his works by some other agency, or can >other services label his content. As currently set up, RSAC is either voluntary or mandatory - a government could require that it be used as a mandatory system, directly or indirectly (e.g., under threat of lawsuits for "corrupting minors"). >No rating system we discuss is purely descriptive or deterministic. Rather, >each system varies with respect to where it falls between extremes. Agreed. -Allen From cmcurtin at research.megasoft.com Thu Dec 12 21:37:37 1996 From: cmcurtin at research.megasoft.com (C Matthew Curtin) Date: Thu, 12 Dec 1996 21:37:37 -0800 (PST) Subject: Credentials without Identity--Race Bits In-Reply-To: Message-ID: <199612130530.AAA01548@goffette.research.megasoft.com> >>>>> "Tim" == Timothy C May writes: Tim> While it has been claimed by some that "crypto anarchy" means Tim> that race won't matter, that cyberspace interactions will be Tim> color-blind, this is misleading. Race bits, gender bits, etc., are all interesting possibilities. I never thought about anyone wanting to do such a thing, but I suppose that's likely. I've tended to think that as we become increasingly digital, issues like race become less significant (perhaps because it generally isn't immediately obvious in this medium). This doesn't mean that prejudices go away, it means that they shift to stay with what is obvious. For example, people who are unable to spell well (and don't spellcheck email and usenet posts), or use excessively poor grammar are often ridiculed for their lack of mastery of the language in which they're writing. Basically, the prejudices and such continue with us, but change, so as to remain based on things that are easily discernible. Tim> While many--probably most--users will care only for cyberspace Tim> personna issues, and not meatspace personna issues of race, Tim> color, height, weight, etc., this is not something built in to Tim> anonymous transactions. As I'm replying, it's occurred to me that we've already got some sort of persona "certificates" floating around now. (Such as the Geek Code.) Imagine a field there to include race. Wouldn't take a lot to do that, after all. Of course, the implementation of a race bit system that can be trusted is another issue altogether. Would the White Boyz Club then need to have its own trusted arbitrator to introduce people of the same race to each other? (AryanSign?) Is a more elaborate PGP-style web of trust used? Hmm. -- Matt Curtin cmcurtin at research.megasoft.com Megasoft, Inc Chief Scientist http://www.research.megasoft.com/people/cmcurtin/ I speak only for myself. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet From dthorn at gte.net Thu Dec 12 21:55:07 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 12 Dec 1996 21:55:07 -0800 (PST) Subject: New E-commerce Paper: In-Reply-To: <1.5.4.32.19961212160119.006718c4@pop.pipeline.com> Message-ID: <32B06DAA.3DFC@gte.net> John Young wrote: > A new electronic commerce paper: > "Internet Markets: Emerging Business Models" > By Dan Yurman > December 11, 1996 > What are business models for profiting on the net? > Perhaps the best metaphor to describe Internet business > is that it is like the California gold rush of 1849. A > wave of entrepreneurial start-ups have entered the field, > but all are struggling to find the gold. The miners are > going broke while the saloon and general store owners, > and the brothels, are prospering. Anyone who wants to > make real money in mass markets is going to have to > break the mold of "business as usual" and offer real > value which is not available offline. Offer "real value", huh? The one guy who produces something does OK, The leeches do OK, But the vast majority who aren't so *lucky* don't do OK. So the general public is encouraged to follow this example of economic opportunity? More decadence and ruin, if you ask me. From dthorn at gte.net Thu Dec 12 21:55:56 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 12 Dec 1996 21:55:56 -0800 (PST) Subject: WEB: Yahoo/Firefly Website recommendation service In-Reply-To: <3.0.32.19961212115032.00cf51b0@pop.firefly.net> Message-ID: <32B06FFA.D7B@gte.net> Alexander Chislenko wrote: > At 06:52 PM 12/11/96 -0800, Dale Thorn wrote: > >Alexander Chislenko wrote: > >> Firefly Network Inc. has just launched a public beta of our website > >> recommendation service on My Yahoo! This service is the result of a > >> partnership between Yahoo! Inc. and Firefly Network, Inc. in application > >> of Automated Collaborative Filtering (ACF) technology to the Web.[snip] > The website recommendation uses the feature-guided ACF server that I hoped > would solve most of the algorithmic problems we encountered in the music > and movie domains. I'd be interested to know what you think of it. Thanks for the reply. My experience with Firefly #1 has shown that the people who would most need the service (or need it at all) are the least likely to benefit from it, which is why I think it's a bad thing, wasting a lot of valuable time hand-entering data, only to find it doesn't correlate the more interesting (non-mainstream) data. I'll try the website service, but my up-front instinct is that it won't be much better unless the software is a *whole lot* better. From dthorn at gte.net Thu Dec 12 21:56:21 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 12 Dec 1996 21:56:21 -0800 (PST) Subject: Redlining In-Reply-To: <01ICXFPL6XZOAEL7YC@mbcl.rutgers.edu> Message-ID: <32B0EF3D.F5E@gte.net> E. Allen Smith wrote: > From: IN%"dthorn at gte.net" "Dale Thorn" 12-DEC-1996 14:56:52.69 > >Actually, there is not only good evidence for the environmental argument, > >but you can reason it out yourself if you give attention to some things > >that don't make it into most discussions on this topic. > Yes, there are strong arguments for the environment being the determining > factor. there are also strong arguments (such as interracial adoption still > leaving blacks below the average IQ of adopted siblings) for it being genetics. It is possible to understand intelligence as "pattern matching" skills, without having to have attendant math and statistics to define it more precisely or clinically. This understanding (if you have it) is the key to knowing that Black persons do *not* have less IQ than White persons, regardless of the standardized tests. Something I know about, as I've scored in the top 1/1000 of one percent, etc. > We won't be able to find out which is which until we know what the genetic > determinants of intelligence are, which will take some time. (Using current > techniques, several hundred years at the minimum... but I'm not prepared > to predict how good techniques will get). As I previously stated, I don't > believe it is any part genetic. Nice that you have good intuition on this point, however, the big question in your paragraph is not wherefore the genetic determinant, rather, it is the understanding of intelligence in its overall context, which I dare say most researchers in that field are probably ill-equipped to grasp. From dthorn at gte.net Thu Dec 12 22:29:09 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 12 Dec 1996 22:29:09 -0800 (PST) Subject: Redlining In-Reply-To: <199612130431.WAA13881@manifold.algebra.com> Message-ID: <32B0F731.2541@gte.net> Igor Chudov @ home wrote: > Dale Thorn wrote: > > E. Allen Smith wrote: > > Actually, there is not only good evidence for the environmental argument, > > Example: Environment has a profound effect on a person's mind (outlook, > > perceptions, attitudes, moods, etc.), and thereby has a significant, if > > indirect effect on that person's hormone production (quantity, balance). > > And believe it or not, in some (perhaps unusual) cases, unexpected > > changes in hormone production can happen later in life as well, not > > just during the "development" years. And I'm not talking about decreased > I am sorry if I sound rather harsh, but this is a typical example how > real statistical research is replaced by politicized bullshit. There is *no* more real research that the research I do myself, and know about myself: 1) I have generally tested in the top 1/000 of one percent of the population in "intelligence", and 2) I have expended considerable effort in personal study and experiments with what the human body is capable of under given circumstances. I have rubbed elbows with the world's most well-conditioned people (physically), for one, and have learned (for two) how to never get sick again (21 years running). > How to test a null hypothesis that differences in IQ between whites > and blacks are at least partially a result of genetic differences and > are not explained by "environment" solely? I hope I didn't give the wrong impression - genetics are certainly a factor in anything human, however, environment has an overwhelming influence on subsequent development. It's not 100% to 0%, in other words. > All this "environment" stuff is rather easy to test and control for: take > two groups of children -- one from one race, another from another race, > who live in essentially the same conditions. Then compare the average IQs > and check statistical validity of your samples. > There was one study. They took a number of white adopted children and a > number of black adopted children, and made sure that they controlled for > other conditions such as adopted parents' income, etc. > Guess what was the result of IQ tests of children? I hope I don't regret saying this, but the above study has a far greater chance of being "politicized bullshit" than anything I'm likely to say, even when it's not from my personal experience. Get serious, Igor. How the devil are you going to evaluate the fairness, honesty, and other attributes of such a study? Do you know the researchers? If you were evaluating the integrity of a University study on the sexual preferences of a Tsetse fly, there is a reasonable possibility of taint in such an innocuous study, due to the grant money and how the outcome data can leverage other monies, etc., but a study of Black -vs- White IQ's? I wouldn't read such a study unless I were stranded on a desert island with nothing else to do. I'd be better off reading something more relevant to real life, such as the power struggles between the ADL and Willis Carto, or Fred Goldman and O.J. Simpson, whatever. From ichudov at algebra.com Thu Dec 12 22:37:46 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Thu, 12 Dec 1996 22:37:46 -0800 (PST) Subject: Redlining In-Reply-To: <32B0F731.2541@gte.net> Message-ID: <199612130634.AAA14833@manifold.algebra.com> Dale Thorn wrote: > > Igor Chudov @ home wrote: > > Dale Thorn wrote: > > > E. Allen Smith wrote: > > > > Actually, there is not only good evidence for the environmental argument, > > > Example: Environment has a profound effect on a person's mind (outlook, > > > perceptions, attitudes, moods, etc.), and thereby has a significant, if > > > indirect effect on that person's hormone production (quantity, balance). > > > And believe it or not, in some (perhaps unusual) cases, unexpected > > > changes in hormone production can happen later in life as well, not > > > just during the "development" years. And I'm not talking about decreased > > > I am sorry if I sound rather harsh, but this is a typical example how > > real statistical research is replaced by politicized bullshit. > > There is *no* more real research that the research I do myself, and know > about myself: 1) I have generally tested in the top 1/000 of one percent > of the population in "intelligence", and 2) I have expended considerable > effort in personal study and experiments with what the human body is > capable of under given circumstances. I have rubbed elbows with the > world's most well-conditioned people (physically), for one, and have > learned (for two) how to never get sick again (21 years running). Dale, the "bullshit" I referred to was not yours, it was something that you mentioned, so do not take it personally. I read your messages with interest. > > How to test a null hypothesis that differences in IQ between whites > > and blacks are at least partially a result of genetic differences and > > are not explained by "environment" solely? > > I hope I didn't give the wrong impression - genetics are certainly a > factor in anything human, however, environment has an overwhelming > influence on subsequent development. It's not 100% to 0%, in other words. Absolutely agree. Another problem in measuring "environment" is that it is rather hard to quantify. > > All this "environment" stuff is rather easy to test and control for: take > > two groups of children -- one from one race, another from another race, > > who live in essentially the same conditions. Then compare the average IQs > > and check statistical validity of your samples. > > There was one study. They took a number of white adopted children and a > > number of black adopted children, and made sure that they controlled for > > other conditions such as adopted parents' income, etc. > > Guess what was the result of IQ tests of children? > > I hope I don't regret saying this, but the above study has a far greater > chance of being "politicized bullshit" than anything I'm likely to say, > even when it's not from my personal experience. Get serious, Igor. > How the devil are you going to evaluate the fairness, honesty, and other > attributes of such a study? Do you know the researchers? It is a good question. To me, the study can be done by the worst assholes on the Earth. As long as their data can be verified and their methodology is known, I have no problem with personal biases of researchers. - Igor. From dthorn at gte.net Thu Dec 12 22:54:17 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 12 Dec 1996 22:54:17 -0800 (PST) Subject: Redlining In-Reply-To: <01ICXYGET6CSAEL8AI@mbcl.rutgers.edu> Message-ID: <32B0FD15.1F84@gte.net> E. Allen Smith wrote: > From: IN%"dthorn at gte.net" "Dale Thorn" 13-DEC-1996 00:55:54.44 > >It is possible to understand intelligence as "pattern matching" skills, > >without having to have attendant math and statistics to define it more > >precisely or clinically. This understanding (if you have it) is the key > >to knowing that Black persons do *not* have less IQ than White persons, > >regardless of the standardized tests. Something I know about, as I've > >scored in the top 1/1000 of one percent, etc. > Umm... so have I, and I've also done some extensive reading on > the subject. The IQ tests in question do a good job (better than any > other tests - to study & compare you've got to have some sort of test, > and an IQ test doesn't see what color you are) at correlating with > things such as job performance, educational success (e.g., GPA), > likelihood even within given racial groups of being in poverty, etcetera. I have not associated closely with any Black persons since 1981-1983, but at that time, when I had worked with several such persons in Los Angeles, in close quarters (me being the only White person), I was profoundly impressed with the diversity and complexity of the issue (I was curious about the issue due to my circumstances, although I certainly did not mention it) in dealing with real people. My experience tells me that persons who administer intelligence tests and other related tests, or persons who subscribe to study of such things, should get up close to (for example) Black persons for an extended period of time, and I think they (the White persons) would then seriously question any test results which showed a consistent superiority for Whites. > >Nice that you have good intuition on this point, however, the big question > >in your paragraph is not wherefore the genetic determinant, rather, it is > >the understanding of intelligence in its overall context, which I dare say > >most researchers in that field are probably ill-equipped to grasp. > Actually, my conclusions re: genetic differences are an educated > guess... just one that isn't currently testable. My guess comes from such > factors as that some groups that, to all appearances, have high IQs are > actually pretty closely related to some groups that have low IQs; take > hispanics (mixed caucasian and (via American Indian) asian ancestry). > The debates over what is intelligence, etcetera are quite > thoroughly ongoing in the field in question; multiple books have been > written on the subject. I have recently (Oct. 1996) more-or-less inherited three half-Navajo children, upon the death of their father (mother died 1993). The kids are 9, 11, and 13. I have described to various people (schoolteachers, parents, computer programmers, and so on) that raising kids of this age, at this point in my life, is no more difficult than just living my own life without them. Getting past the emotional weaknesses that can hobble you as a parent or guardian is paramount, and once you do that, the rest is a cakewalk. But what I really wanted to say was that my experience with these children now (whom I didn't know until mid-1996) has convinced me more than ever that intelligence is not only not primarily genetic, but may also be recoverable to a large extent up to the beginning of the teen years, if not beyond that. I would guess that children from most any background, young enough and lacking actual physical brain damage or extremely severe psychological trauma, can probably be brought up to the point where they can perform on an equal level with the best our society has to offer. The main and overwhelming factor in developing children who can accomplish at a superior level is the personal attention of a caregiver, and what that attention consists of. There are some things you can read about in a book and guess what they mean, and there are some things you can know when you're staring them in the face... From nobody at replay.com Thu Dec 12 22:54:55 1996 From: nobody at replay.com (Anonymous) Date: Thu, 12 Dec 1996 22:54:55 -0800 (PST) Subject: [Meeting] Cypherpunks wanking club. Message-ID: <199612130654.HAA23835@basement.replay.com> There will be a meeting at my place for all cypherpunks so we can pull each other dicks about how clever we are and bag all those non-entities who aren't. All gun lovers are of course welcome and we can exhibit our manhood paranoia by seeing who has the biggest calibre weapon. Having a deadly weapon after all proves we are grown up, right kiddies. Sufferin' Sam From ddt at pgp.com Thu Dec 12 23:09:09 1996 From: ddt at pgp.com (Dave Del Torto) Date: Thu, 12 Dec 1996 23:09:09 -0800 (PST) Subject: Laptops and TEMPEST In-Reply-To: <199612071705.JAA08570@comsec.com> Message-ID: At 2:18 pm -0800 12/5/96, Joel McNamara wrote: >Thinking that LCD screens reduce the risks of emanation monitoring is a >dangerous misconception [elided] the gotcha with current laptops is their >backlighting. Electric and magnetic fields are considerably higher >compared with a low-res/contrast device. [elided] An interesting point, but the fluorescent is mostly a constant signal, really, but Hugh pointed out that most laptops have a video chip radiating far more useful data than the flourescent backlight. Just a thought. dave ____________________________________________________________________________ "I mixed this myself. (holds up glass of water) Two parts "H," one part "O." I don't trust _anybody_!" --Steven Wright From dthorn at gte.net Thu Dec 12 23:15:28 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 12 Dec 1996 23:15:28 -0800 (PST) Subject: Redlining In-Reply-To: <199612130634.AAA14833@manifold.algebra.com> Message-ID: <32B1020E.7DE7@gte.net> Igor Chudov @ home wrote: > Dale Thorn wrote: > > Igor Chudov @ home wrote: > > > Dale Thorn wrote: > > > > E. Allen Smith wrote: > Dale, the "bullshit" I referred to was not yours, it was something that > you mentioned, so do not take it personally. I read your messages with > interest. Confucius say "To him that taketh offense, let him also take the gate". (Sorry for the stupid pun, and I always assume the non-personal, but, the subject begged for clarification. I feel very limited in my communication, given what I am thinking and trying to express it clearly in English syntax.) [snip] > Absolutely agree. Another problem in measuring "environment" is > that it is rather hard to quantify. I would love to head up such a study, but with a difference: Instead of doing purely passive research, which may have only an academic audience (never minding the occasional Bell Curve etc. book), I would like to impress my own training methods on the subjects, to see what their physical and mental capacities really are (as far as my abilities go, anyway), rather than simply watch. It would be nearly impossible (actually, probably impossible) in the USA to raise Black children and totally isolate them from the mental awareness that a large segment of the population has judgements about them having to do with their race. Very sensitive people such as myself (and perhaps the Black children under study as well?) know all too well the instant(!) impact that such a realization and subsequent awareness has on a person's conscious- ness (self-image, confidence et al), and how debilitating that awareness can be in real life. I don't think the studies reflect that. Then again, to play Devil's Advocate for the studies, perhaps the studies just can't be that broad in their scope, but, such a sensitive issue demands it. [snip] > It is a good question. To me, the study can be done by the worst assholes > on the Earth. As long as their data can be verified and their methodology > is known, I have no problem with personal biases of researchers. There are so many factors, including (but not limited to) the unknown agenda(s) of the senior persons in the money chain at the colleges, think tanks, foundations, you get the picture. From rcgraves at ix.netcom.com Thu Dec 12 23:23:58 1996 From: rcgraves at ix.netcom.com (Rich Graves) Date: Thu, 12 Dec 1996 23:23:58 -0800 (PST) Subject: !! Point 'n Crypt -- Win95 Privacy for Everyone !! In-Reply-To: <01BBE820.DA06D920@dialup36.blarg.net> Message-ID: <32B104E0.70AD@ix.netcom.com> It seems you posted this everywhere but where it belongs: comp.os.ms-windows.announce. I think it's likely that the moderator would approve the posting, even if he is annoyed. Messages with more than one exclamation point on a line are technically off-topic, though. -rich From frantz at netcom.com Fri Dec 13 00:21:40 1996 From: frantz at netcom.com (Bill Frantz) Date: Fri, 13 Dec 1996 00:21:40 -0800 (PST) Subject: Java Crypto Code, was Re: Java DES breaker? In-Reply-To: Message-ID: At 10:29 AM -0800 12/11/96, Dr.Dimitri Vulis KOTM wrote: >If Bill's client is sure to run the platforms that MS IE runs on, then this is >not a consideration. My client is interested in Java for its cross-platform strengths. I think that modern machines are fast enough to encrypt the amount of data involved even running interpreted Java (assuming something like 3DES). JITs will only help. I see no need for assembly level coding for my client's application. (I certainly do see a need for assembly code in the DES crack attempt.) ------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA From dthorn at gte.net Fri Dec 13 00:46:02 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 13 Dec 1996 00:46:02 -0800 (PST) Subject: Redlining In-Reply-To: <01ICY0SRNW7QAEL8AI@mbcl.rutgers.edu> Message-ID: <32B11667.2740@gte.net> E. Allen Smith wrote: > From: IN%"dthorn at gte.net" "Dale Thorn" 13-DEC-1996 01:53:17.65[snip] > >the rest is a cakewalk. But what I really wanted to say was that my > >experience with these children now (whom I didn't know until mid-1996) > >has convinced me more than ever that intelligence is not only not > >primarily genetic, but may also be recoverable to a large extent up to > >the beginning of the teen years, if not beyond that. > Actually, IQ tests in childhood up until about age 12 aren't > particularly well correlated with adult IQ; they would thus agree with > you on that environment can heavily influence IQ until that point. Again, as a statistical exercise, this might be OK, but, quite a bit of what you would see in the exceptional areas of the curve in childhood would be rather obvious in adulthood as well. The fact that this doesn't seem so obvious across the statistical curve is only evidence of poor granularity in the data. > It is possible to raise IQs somewhat with various environmental > interventions; the question is how much. Research such as that > discussed in Herman Spitz's "Raising Intelligence" (_not_ a conservative > or racist by any means) appears to show that such does, unfortunately, > have some points at which one gets to diminishing returns; see below > for more discussion. A typical researcher or team of same would not be proper candidates to lead an interventionist study such as this. You'd need people with proven track records. As I keep telling my wife again and again, when we go into a book store and she picks up some book on a "health" topic: What's the author's track record, not only for him/herself, but in leading others? > Regarding the "physical brain damage," I have earlier mentioned > prenatal traumas such as lead; other instances would be inadequate > maternal nutrition and the intake of alcohol (signifigantly more harmful > to a child than crack). These are among the factors, other than racism, > making studies showing differences in IQ between black adoptees and > white adoptees difficult to interpret; cultural influences (racism, > white adoptive parents trying to hard to raise black children in their > "own" culture, etcetera) are another major group of factors. > In other words, we don't know yet. > >The main and overwhelming factor in developing children who can accomplish > >at a superior level is the personal attention of a caregiver, and what > >that attention consists of. There are some things you can read about > >in a book and guess what they mean, and there are some things you can > >know when you're staring them in the face... > > Certainly, extremely intensive care can help children who do not > have physical brain problems. This does not mean that genetics does not > play a considerable role; neither I nor (so far as I know) Mr. Chudov > are claiming that genetics sets an unoverridable barrier. It is more a > matter of that it will take a lot more to get a genetically unintelligent > child to a given level than it will a genetically intelligent child. It's just that in my personal experience, I've found that the vast majority of children fall into the category of "exceptional potential". I guess what I'm saying is that the accomplishment/test norms for most children are far enough below where I could get them to with personal attention, that 1) The norms are useful (to me) only as a stasticical exercise, and 2) The differences between typical children and typical children performing at or near their potential obscures the differences found amongst the norms. > In the larger, societal context, it is not possible to have > intelligent parents with ample resources taking care of every child > unless the number of children is considerably reduced. Quite simply, > resources are limited (otherwise we would have no need for an > economic system); money, time, etcetera spent on less intelligent > children is not being spent on other pursuits (such as raising > more intelligent children, who will be able to accomplish more in > later life with the same investment of resources). This is, I believe, what I and others feared from studies which provide material for books such as the Bell Curve. Knowing that the potential of an allegedly unintelligent (or less-than-average) child might be so great that that child (if lucky enough to get the opportunity) could actually develop to be a significantly better performer than another child with 40 more IQ points, even if the child with the higher IQ has a reasonably good environment to develop in. Those kinds of possibilities are (I think) near and dear to what some of our more enlightened founding fathers in the USA had in mind when they wrote what they did, way back when. I value the writings of all philosophers, BTW, but I reject the notions of any that I or any other autonomous individual (a human is more-or-less autonomous by definition, yes?) could be defined, limited, or otherwise constrained by studies such as we've discussed. I say constrained since these studies do not happen in a vaccuum, and there is always going to be some kind of fallout. From dthorn at gte.net Fri Dec 13 00:51:51 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 13 Dec 1996 00:51:51 -0800 (PST) Subject: Redlining In-Reply-To: <199612130156.TAA02703@smoke.suba.com> Message-ID: <32B118A7.4463@gte.net> snow wrote: > Mr. Thorn wrote:[snip] > > Example: Environment has a profound effect on a person's mind (outlook, > > perceptions, attitudes, moods, etc.), and thereby has a significant, if > > indirect effect on that person's hormone production (quantity, balance). > > Those hormone productions have more effect on the body and brain long- > > term than any other influence I can think of. > I bet the problem is even simpler than that. > Look at studies that correlate nutrition with grades/learning. > Look at "inner city" dietary habits of 3 to 5 year old children (and > any other "under performing" group). > I'd bet $20 on the correlation. Not a bad point. Theoretically, you can't buy smokes and liquor with food stamps etc., but really, if you stand in a checkout line and see what people *can* get with their handouts, it's, uh, impressive. From dthorn at gte.net Fri Dec 13 00:59:09 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 13 Dec 1996 00:59:09 -0800 (PST) Subject: Why PICS is the wrong approach In-Reply-To: <199612130137.RAA10448@netcom13.netcom.com> Message-ID: <32B11A3E.3304@gte.net> Vladimir Z. Nuri wrote: > >If Firefly is an example of what PICS is or could become, the hell with > >PICS. Firefly encourages and rewards group behavior and suppresses > >individuality. Firefly would reward the discussion of the latest album > >by a Columbia or Capitol artist, and discourage discussion of material > >from independent (real independent) labels. I know because I've been > >there and spent quite a bit of time trying to get a rating. > this is absolutely ridiculous. the rating system is designed to > be incredibly individualized. it uses sophisticated statistical > techniques to find the correlations in your UNIQUE ratings given > over a set of items with other people's ratings, and weighs > future ratings based on these correlations. it may be even > dealing with anti-correlations. in fact what you have, in effect, > is a system with *no* hardwired ratings. the ratings space is > different for *every*single*person* who uses the service. As I said, I spent considerable time there, and typed in considerable data. I used the help facilities, and I corresponded with the persons who do support. Firefly was not able to make a single correlation or suggestion for me, which BTW, Alexander Chislenko acknowledged as a weakness of the (current/old) Firefly system. Perhaps you should ask him what the problem is, if you have a curiosity about it. [snip] From nobody at huge.cajones.com Fri Dec 13 01:15:29 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Fri, 13 Dec 1996 01:15:29 -0800 (PST) Subject: No Subject Message-ID: <199612130915.BAA13307@mailmasher.com> -----BEGIN PGP SIGNED MESSAGE----- At 11:42 AM 12/12/96 -0800, Red Rackham wrote: >It seems to me that in the case of an employee giving the wrong number >to his employer, the only person that suffers is the employee through >loss of future payments from the Social Security Administration. The >employer certainly doesn't suffer. Assume that the income tax is >paid. > >What laws would an employee violate? What are the chances of >conviction? What are the likely penalties if convicted? 26 USC 7205(a), "Any individual required to supply information to his employer under section 3402 who willfully supplies false or fraudulent information . . shall, in addition to any other penalty provided by law, upon conviction thereof, be fined not more than $1,000, or imprisoned not more than 1 year, or both." 42 USC 408(a)(7)(A), "Whoever for the purpose of obtaining (for himself or any other person) any payment or any other benefit to which he (or such other person) is not entitled, or for the purpose of obtaining anything of value from any person, or for any other purpose . . with intent to deceive, falsely represents a number to be the social security account number assigned by the Secretary to him or to another person, when in fact such number is not the social security account number assigned by the Secretary to him or to such other person . . shall be guilty of a felony and upon conviction thereof shall be fined under title 18 or imprisoned for not more than five years, or both." and 8 USC 1324a(b) requires that employers force employees to fill out a form to document citizenship status, and the form currently in use (INS I-9) requests a social security number. - -- Catfish Friend -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMrEM89GzuQsii+JdAQHc8wP/cKizciQHtI3ue/CdKJ62DbuPVlobRTl5 qY1oOQs3L3rb0mKa0FdklcfxaXYYMY0zJpGmGTSynDwJKGSCm5O6fPkCPG064LSp npMzmOqOWpUSrYX652Q8EMFPODHKCl0FX78ksQ1ns8Xv//bT4wdPt5GR6AlTrvdc XH1s/oB9tMM= =2xtm -----END PGP SIGNATURE----- -- Greg Broiles | US crypto export control policy in a nutshell: gbroiles at netbox.com | http://www.io.com/~gbroiles | Export jobs, not crypto. | From Jill014 at aol.com Fri Dec 13 02:18:49 1996 From: Jill014 at aol.com (Jill014 at aol.com) Date: Fri, 13 Dec 1996 02:18:49 -0800 (PST) Subject: Elliptic curves Message-ID: <961213051803_168116926@emout08.mail.aol.com> In a message dated 96-12-12 23:47:15 EST, nobody at zifi.genetics.utah.edu (Anonymous) writes: > Subj: Re: Elliptic curves > Date: 96-12-12 23:47:15 EST > From: nobody at zifi.genetics.utah.edu (Anonymous) > Sender: owner-cypherpunks at toad.com > To: cypherpunks at toad.com > > Admin at bexcol.demon.co.uk writes: > > > You are all a bunch of faggots. Faggot cannot be allowed on usenet as > > dictated by the great dr. Grubor. > > Does dr. Grubor read this list? I never see any postings from him here. Just who is this anonymous poster; does anyone know or have any idea? > > Fuck you all. > > 1. Cypherpunks is not on usenet. > > 2. Faggots created and run Usenet, and there's nothing a pathetic, > powerless little boy like you can do about it. > This is strange. I mean, how do you know who is a faggot? And is this why you all are so sexist? Are all of the faggots so sexist? Just what is it about these queers that makes them hate women so much anyway? Are they jealous of us sexy women because their boyfriends may want us? I have been watching this for a long time here, and this is a very perplexing situation. Just who are these faggots who "created and run Usenet?" Can you give me a list of names? > 3. I enjoy your pathetic little displays of despair about not having > any control over usenet. Please keep whining to the mailing lists > to remind us all of what a pitiful little loser you are. > Yes, but just who is he? Do you know who he really is? With all of you guys always posting through these "nobody" addresses, you can not tell who is who? I mean, how do you know that the anonymous poster is in "despair about not having any control over usenet?" Maybe he does have control. Just who has all of the Usenet control now anyway? Please tell the faggots to stop being so sexist. Jill From mixmaster at remail.obscura.com Fri Dec 13 02:24:28 1996 From: mixmaster at remail.obscura.com (Mixmaster) Date: Fri, 13 Dec 1996 02:24:28 -0800 (PST) Subject: [ADMINISTRATIVIUM] Zero-knowledge interactive proofs Message-ID: <199612130931.BAA27741@sirius.infonex.com> In a jerk-off competition Tim Mayhem finishes second, third and fifth. \\\|||/// ======= | O O | Tim Mayhem \`___'/ _| |_ From Jill014 at aol.com Fri Dec 13 02:30:44 1996 From: Jill014 at aol.com (Jill014 at aol.com) Date: Fri, 13 Dec 1996 02:30:44 -0800 (PST) Subject: Credentials without Identity--Race Bits Message-ID: <961213052957_809296562@emout11.mail.aol.com> In a message dated 96-12-13 02:03:26 EST, cmcurtin at research.megasoft.com (C Matthew Curtin) writes: > Subj: Re: Credentials without Identity--Race Bits > Date: 96-12-13 02:03:26 EST > From: cmcurtin at research.megasoft.com (C Matthew Curtin) > Sender: owner-cypherpunks at toad.com > Reply-to: cmcurtin at research.megasoft.com > To: tcmay at got.net (Timothy C. May) > CC: cypherpunks at toad.com > > >>>>> "Tim" == Timothy C May writes: > > Tim> While it has been claimed by some that "crypto anarchy" means > Tim> that race won't matter, that cyberspace interactions will be > Tim> color-blind, this is misleading. > > Race bits, gender bits, etc., are all interesting possibilities. I > never thought about anyone wanting to do such a thing, but I suppose > that's likely. > > I've tended to think that as we become increasingly digital, issues > like race become less significant (perhaps because it generally isn't > immediately obvious in this medium). This doesn't mean that prejudices > go away, it means that they shift to stay with what is obvious. For > example, people who are unable to spell well (and don't spellcheck > email and usenet posts), or use excessively poor grammar are often > ridiculed for their lack of mastery of the language in which they're > writing. Basically, the prejudices and such continue with us, but > change, so as to remain based on things that are easily discernible. > > Tim> While many--probably most--users will care only for cyberspace > Tim> personna issues, and not meatspace personna issues of race, > Tim> color, height, weight, etc., this is not something built in to > Tim> anonymous transactions. > > As I'm replying, it's occurred to me that we've already got some sort > of persona "certificates" floating around now. (Such as the Geek > Code.) Imagine a field there to include race. Wouldn't take a lot to > do that, after all. > What is the "Geek Code?" > Of course, the implementation of a race bit system that can be trusted > is another issue altogether. Would the White Boyz Club then need to > have its own trusted arbitrator to introduce people of the same race > to each other? (AryanSign?) Is a more elaborate PGP-style web > of trust used? Hmm. So white Boyz Club excludes women to, is that correct? From Jill014 at aol.com Fri Dec 13 02:33:09 1996 From: Jill014 at aol.com (Jill014 at aol.com) Date: Fri, 13 Dec 1996 02:33:09 -0800 (PST) Subject: Redlining Message-ID: <961213053227_1355165508@emout08.mail.aol.com> In a message dated 96-12-13 02:36:46 EST, dthorn at gte.net (Dale Thorn) writes: > Subj: Re: Redlining > Date: 96-12-13 02:36:46 EST > From: dthorn at gte.net (Dale Thorn) > Sender: owner-cypherpunks at toad.com > To: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) > CC: cypherpunks at toad.com > > E. Allen Smith wrote: > > From: IN%"dthorn at gte.net" "Dale Thorn" 12-DEC-1996 14:56:52.69 > > >Actually, there is not only good evidence for the environmental argument, > > >but you can reason it out yourself if you give attention to some things > > >that don't make it into most discussions on this topic. > > > Yes, there are strong arguments for the environment being the determining > > factor. there are also strong arguments (such as interracial adoption > still > > leaving blacks below the average IQ of adopted siblings) for it being > genetics. > > It is possible to understand intelligence as "pattern matching" skills, > without having to have attendant math and statistics to define it more > precisely or clinically. This understanding (if you have it) is the key > to knowing that Black persons do *not* have less IQ than White persons, > regardless of the standardized tests. Something I know about, as I've > scored in the top 1/1000 of one percent, etc. > Are you black? From cmcurtin at research.megasoft.com Fri Dec 13 04:38:46 1996 From: cmcurtin at research.megasoft.com (C Matthew Curtin) Date: Fri, 13 Dec 1996 04:38:46 -0800 (PST) Subject: Credentials without Identity--Race Bits In-Reply-To: <961213052957_809296562@emout11.mail.aol.com> Message-ID: <199612131231.HAA01689@goffette.research.megasoft.com> >>>>> "Jill" == Jill014 writes: Jill> What is the "Geek Code?" http://krypton.mankato.msus.edu/~hayden/geek.html Jill> So white Boyz Club excludes women to, is that correct? Just made that up ... could be any group that is interested in the race, color, religion, sex, age, national origin (or anything else) of those they're dealing with in cyberspace. -- Matt Curtin cmcurtin at research.megasoft.com Megasoft, Inc Chief Scientist http://www.research.megasoft.com/people/cmcurtin/ I speak only for myself. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet From jya at pipeline.com Fri Dec 13 04:54:03 1996 From: jya at pipeline.com (John Young) Date: Fri, 13 Dec 1996 04:54:03 -0800 (PST) Subject: KRA_gak Message-ID: <1.5.4.32.19961213125042.00690070@pop.pipeline.com> 12-12-96 "High-Tech Leaders to Facilitate Recovery of Encrypted Information Globally. Key Recovery Alliance Welcomes 29 New Members" The key recovery alliance has more than tripled its membership and identified its charter objectives. + expediting the widespread, global use of strong encryption + evaluating technologies that are flexible and scaleable to meet various changing commercial needs and policies + promoting interoperability between different key recovery and non-key recovery solutions + defining a commercial infrastructure for worldwide development of strong encryption + maximizing security for business To facilitate meeting these and other objectives, the alliance identified a series of working committees targeted to meet within the next 60 days. Soon after this 60-day period, the now 40-member alliance will re-convene to mark the progress of these committees and to identify future benchmarks and deliverables. The new members of the alliance are: America Online, Inc., Certicom, Compaq Computer Corporation, CygnaCom Solutions, Inc., Cylink Corporation, Data Securities International, Inc., First Data Corporation, Digital Signature Trust Company, Gradient Technologies, Inc., ICL, McAfee, Mitsubishi Corporation of Japan, Motorola, Mytec Technologies, Inc., Network Systems Group of StorageTek, Nortel, Novell, Inc., PSA, Price Waterhouse, Racal Data Group, Rainbow Technologies, SafeNet Trusted Services Corporation, Secure Computing, SourceFile, Sterling Commerce, Telequip, Unisys, Utimaco Mergent, and VPNet Technologies. "IBM SecureWay Framework To Accelerate Growth of Electronic Business" IBM announced a new framework which will advance secure electronic business by making it possible for diverse security offerings to work together. The IBM SecureWay Key Management Framework will let businesses use encryption products interchangeably. The new framework will provide for the easy adoption of new and existing key recovery technologies, while not disturbing existing cryptographic and other security functions and operations. It will effectively isolate the application from the unique properties of a specific key recovery implementation. A white paper describing the SecureWay Key Management Framework is available at http://www.ibm.com/security ----- KRA_gak (19 kb) From aga at dhp.com Fri Dec 13 05:44:13 1996 From: aga at dhp.com (aga) Date: Fri, 13 Dec 1996 05:44:13 -0800 (PST) Subject: Elliptic curves In-Reply-To: <1uJVyD160w165w@bwalk.dm.com> Message-ID: On Fri, 13 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > >From cypherpunks-errors at toad.com Fri Dec 13 00:43:05 1996 > Received: by bwalk.dm.com (1.65/waf) > via UUCP; Fri, 13 Dec 96 01:34:42 EST > for dlv > Received: from toad.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; > id AA22158 for cypherpunks; Fri, 13 Dec 96 00:43:05 -0500 > Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id TAA05349 for cypherpunks-outgoing; Thu, 12 Dec 1996 19:07:54 -0800 (PST) > Received: from zifi.genetics.utah.edu (zifi.genetics.utah.edu [155.100.229.31]) by toad.com (8.7.5/8.7.3) with ESMTP id TAA05344 for ; Thu, 12 Dec 1996 19:07:47 -0800 (PST) > Received: (from bin at localhost) by zifi.genetics.utah.edu (8.8.3/8.6.9) id UAA13495 for cypherpunks at toad.com; Thu, 12 Dec 1996 20:07:52 -0700 > Date: Thu, 12 Dec 1996 20:07:52 -0700 > Message-Id: <199612130307.UAA13495 at zifi.genetics.utah.edu> > To: cypherpunks at toad.com > From: nobody at zifi.genetics.utah.edu (Anonymous) > Comments: Please report misuse of this automated remailing service to > References: <850408570.510393.0 at bexcol.demon.co.uk> > Subject: Re: Elliptic curves > Sender: owner-cypherpunks at toad.com > Precedence: bulk > > Admin at bexcol.demon.co.uk writes: > > > You are all a bunch of faggots. Faggot cannot be allowed on usenet as > > dictated by the great dr. Grubor. > > > > Fuck you all. > > 1. Cypherpunks is not on usenet. > The fuck it ain't. They are at least two newsgroups out there that carry every piece of e-mail that goes to the cypherpunks list. > 2. Faggots created and run Usenet, and there's nothing a pathetic, > powerless little boy like you can do about it. > This may be true, up until now, but the faggots are now getting kicked off of the new UseNet. There are just TOO MANY faggots like Peter Berger and Tim May and John Gilmore runnung around to allow this faggot subculture to continue. > 3. I enjoy your pathetic little displays of despair about not having > any control over usenet. Please keep whining to the mailing lists > to remind us all of what a pitiful little loser you are. > These faggot cypherpunks are not worth wasting your time on, unless you are ready to take their fucking ass to court and cross-examine them. ARE YOU A FAGGOT, Peter Berger? -- ANSWER THE QUESTION !!! (The faggots must answer this question when you get them on the stand.) That Tim Skirvin is also a faggot, so I have been told by his schoolmates. Has he been fucked in the ass by anybody on this list? From robc at xmission.com Fri Dec 13 10:14:25 1996 From: robc at xmission.com (Rob Carlson) Date: Fri, 13 Dec 1996 10:14:25 -0800 (PST) Subject: In Defense of Anecdotal Evidence Message-ID: <199612131649.JAA24217@mail.xmission.com> On Thu, 12 Dec 1996 14:12:23 -0800, Huge Cajones Remailer wrote: >Statistics are a useful tool, but they have their problems. Their >accuracy is often in doubt. Most scientific data comes with an error >analysis so you can tell what the figure means. For some reason >statisticians never do this so we cannot tell whether their numbers >are accurate to within 0.1%, 1.0%, 10%, or even worse. > >There are many other problems. For instance, users of statistics >assume they have a random sample, even in cases where that is far from >clear [ List of other problems deleted ] Of course, anecdotal evidence also suffers from all of these problems. And in greater magnitude. This is true since it is a special case of statistical evidence. With a non-random sample set of one and no controls for observer bias. >The advantage of first hand experience is that it is primary evidence. >You know it's true because you were there and saw it. I have seen women cut in half and rabbits made to appear in an empty hat with my own eyes. I'm quite sure neither of these is true. Humans are poor observers. The data processing unit is easily fooled. Many people make a living off of this fallability such as magicians and politicians. The observer is also tainted by previous experience(or lack of) and individual needs. This leads to bias unavoidable in even the most honest and reliable observers. Statistical methods are used to control for this. Double-blind techniques are one example. Humans also have a need to make conclusions when insufficient evidence is available. Witness the number of people who have an opinion on the innocence of OJ Simpson based on <2 minutes/day condensation of the evidence. >The advantage of anecdotal evidence (in the sense we have been using >it) is that the person who is telling you the anecdote was there and >saw it. You can cross-examine them and get a full understanding of >the evidence provided. The reporting of evidence involves different issues. If you want to believe that women are actually cut in two or that politicians are telling the truth anytime their lips are moving, thats one thing. If you want to tell me its true because you personally observed it, thats quite another. Given the failures of humans as observational tools, your story is unverifiable by me. Perhaps through effective cross examination I can prove you wrong, but I can never prove you right with such a technique.That will require other evidence outside the control of the observer ( statistical is just one available ). Evidence that can be verified independently by many observers increases the reliability. Experiments and polls can be done by me thus eliminating your bias. Independent verification can also check for errors and check the parameters under which the evidence is true. Studies are done with certain assumptions and controls. The evidence loses its reliability when removed from this context. This doesn't make studies or statistical evidence true. Just more reliable than anecdotal evidence. Humans who will lie about their observations will also produce flawed studies. Again the former (anecdotal) is unverifiable, but I can check the latter (statistical) independently. I also don't believe polls can be used to determine the truth. They can only tell what a mass of people believe. And then only if done correctly. To make this on topic, how does this apply to cryptography and crypto-politics? This issue is a foundation of our discussions here. Shall we accept anecdotal evidence such as the "If you only knew what we knew" arguments? What is more reliable: IPG's claims that their product is an OTP because they say it is or Bruce Schneier's book that can be used to point out the fallacy's in their claims? Relying on anecdotal evidence makes you susceptible to the magicians of the world. The honest ones use mirrors and their need is to entertain you enough to get your money. The rest use anecdotal evidence and emotional arguments (verbal misdirection?). Their needs are left as a test of the reader's naivete. Rob Carlson From alzheimer at juno.com Fri Dec 13 10:14:55 1996 From: alzheimer at juno.com (Ronald Raygun Remailer) Date: Fri, 13 Dec 1996 10:14:55 -0800 (PST) Subject: Copyright violations Message-ID: <19961213.104139.8391.0.alzheimer@juno.com> Agence France Presse: Tuesday, December 10, 1996 Visa to Launch Trial Electronic Money Services in Tokyo Visa International said Tuesday it would experiment with electronic money services in central Tokyo [Shibuya district] for about 18 months from June 1998 with Japanese commercial banks and credit card companies. The US-headquartered international credit card firm said it would be the world's largest experiment in terms of the size of participating companies and cards to be issued. The project will be joined by five Japanese commerical banks -- Bank of Tokyo-Mitsubishi Ltd., Dai-ichi Kangyo Bank Ltd., Fuji Bank Ltd., Sumitomo Bank Ltd., and Tokai Bank Ltd. Five Japanese credit card companies, including Credit Saison Co. Ltd. DC Card Co., Sumitomo Credit Service Co., Million Card Service Co. and UC Card Co., will also take part in the trial. Visa said it hoped to use the experiment to assess commercial feasibility and customer affordability before introducing full electronic money services. Visa plans to install its electronic money terminals and issue more than 100,000 cards, including those with built-in integrated circuits, for the experiment. Visa said it had already conducted an electronic money experiment in Atlanta during the Summer Olympic Games. The company is also preparing to try similar systems in Hong Kong and Australia. American Banker: Thursday, December 12, 1996 REPORTER'S NOTEBOOK Home Financial Network Offers Web Software By DREW CLARK The house lights dimmed and music started blaring. Smoke billowed out from the stage and red-and-white lights flashed onto an audience of thousands. Despite the rock-concert atmosphere, complete with an emcee peering out from giant video screens like a live-action "Max Headroom," most of the audience in the Dallas Convention Center Arena was in suits. Welcome to Retail Delivery '96, the new-wave Bank Administration Institute conference covering all that is new and exciting in financial services technology. Having grown into banking's biggest convention, with more than 7,000 people and some 350 exhibiting companies, Retail Delivery made bold promises. Promotional brochures said it would go "beyond the buzzwords." Frank Feather, the Canadian banking consultant in the Max Headroom role, said the event would "unlock the secrets of how to make real money off technology." When the "virtual" Mr. Feather introduced Robert W. Gillespie for the keynote speech last Wednesday, the KeyCorp chief executive officer drew a laugh from the audience by declaring: "This may be the way to start shareholder meetings." Mr. Gillespie and the master of ceremonies were the first of a parade of speakers referring to the dramatic change the industry is undergoing. Mr. Gillespie captured the spirit by describing how his company, the "New Key," is evolving in three directions: national consumer finance, corporate banking, and community banking. His multimedia computer presentation took the audience through a virtual branch and displayed video clips of KeyCorp executives including Steve Cone, its renowned marketing strategist. Mr. Gillespie showcased a marketing campaign so unified that the voice of Anthony Edwards, the company's star ad spokesman, is also heard when consumers dial into KeyCorp call centers. Branding is big in retail banking, nowhere more than at Banc One Corp. The point was reinforced by Kenneth T. Stevens, chief executive of Banc One Corp.'s retail group, who previously worked at Pepsico and its Taco Bell subsidiary. "Strong brands get winning price-earning multiples," he said, which translate into easier entry into new markets and the ability to resist competitive attacks. "Historically, banks didn't need branding because of location," Mr. Stevens said. "With the leveling of competition, the control of brand names will be essential." He said banks' problems are typified by the jumble of logos on automated teller machines -- a stark contrast to the clarity of Coke and Pepsi. Despite such doses of high-level retail strategy, technology held center-stage. The enthusiasm about it was palpable, fueled by the appearances of executives from the Silicon Valley companies Intel Corp. and Sun Microsystems Inc. Generally admonishing the audience to get on the highway before it's too late, both spoke to banking issues. Intel executive vice president Frank Gill demonstrated remote banking with interactive video; Sun CEO Scott McNealy was critical of bankers' willingness to turn technology management over to others. "I can see a forestry company outsourcing information systems because their assets are in the ground," Mr. McNealy said. "But a bank's assets are information. Outsourcing (for banks) is a self-imposed lobotomy. It's like Budweiser outsourcing beer manufacturing." At the closing session Friday, Mr. Feather came out from behind the big screens to discuss his own keys to the future. Foremost, he said, is the Internet -- "the biggest thing ever in human history. It is not a technology, but a socio-economic system changing the way we live." Yet some bankers still "don't get it," Mr. Feather said. They prefer to think of the Internet as a passing fad, like the videophone, or an important but slowly evolving technology. Referring -- though not by name -- to Citicorp chairman John Reed and his prediction that full electronic banking would not be mainstream for 50 to 75 years, Mr. Feather dismissed it with a barnyard epithet. He suggested Citicorp is just trying to throw its competition off-balance. Mr. Feather's counterprediction: Within 25 years, there will be no full- service branches or tellers in North America. "Tens of thousands of branches will be closed, the entire distribution system will be rationalized," he said. From dthorn at gte.net Fri Dec 13 10:15:14 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 13 Dec 1996 10:15:14 -0800 (PST) Subject: Elliptic curves In-Reply-To: <961213051803_168116926@emout08.mail.aol.com> Message-ID: <32B17A10.45E2@gte.net> Jill014 at aol.com wrote: [snip] > > > You are all a bunch of faggots. Faggot cannot be allowed on usenet as > > > dictated by the great dr. Grubor. > Does dr. Grubor read this list? I never see any postings from him here. > Just who is this anonymous poster; does anyone know or have any idea? Somebody knows, but they're not gonna tell. The good news is, they don't send much of anything to the list, except every now and then when someone presses one of their buttons. > This is strange. I mean, how do you know who is a faggot? And is this > why you all are so sexist? Are all of the faggots so sexist? Just what is > it about these queers that makes them hate women so much anyway? > Are they jealous of us sexy women because their boyfriends may want us? > I have been watching this for a long time here, and this is a very perplexing > situation. Just who are these faggots who "created and run Usenet?" > Can you give me a list of names? It's interesting that men, whether they are gay or otherwise, share a lot of things in common. Actually, I've always thought that most heterosexual men don't really like women all that much, beyond having someone to dominate and use sexually. I know I could get yelled at for saying that, but if straight men *really* liked women, they'd show more empathy and understanding toward them. I'm into music a lot (indie-pop), and most men I know wouldn't even consider listening to most girl-groups. Wouldn't it be a nicer world if, when you see a lot of these guys cruising down the street in their car with the radio booming out some male-oriented rap song, if every now and then they'd mix in some female artists? [snip remainder] From adam at homeport.org Fri Dec 13 10:15:21 1996 From: adam at homeport.org (Adam Shostack) Date: Fri, 13 Dec 1996 10:15:21 -0800 (PST) Subject: KRA_gak In-Reply-To: <1.5.4.32.19961213125042.00690070@pop.pipeline.com> Message-ID: <199612131510.KAA27361@homeport.org> John Young wrote: | The key recovery alliance has more than tripled its membership | and identified its charter objectives. | + promoting interoperability between different key recovery and | non-key recovery solutions Isn't this in direct conflict with one of NIST's criteria? | + defining a commercial infrastructure for worldwide development | of strong encryption | | + maximizing security for business Isn't this in direct conflict with the FBI's criteria? ;) | To facilitate meeting these and other objectives, the alliance | identified a series of working committees targeted to meet within | the next 60 days. Soon after this 60-day period, the now | 40-member alliance will re-convene to mark the progress of these | committees and to identify future benchmarks and deliverables. Did they identify the committees, or announce that they will exist? Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From trei at process.com Fri Dec 13 10:15:31 1996 From: trei at process.com (Peter Trei) Date: Fri, 13 Dec 1996 10:15:31 -0800 (PST) Subject: Whom can you trust with your keys -- government version Message-ID: <199612131507.HAA06732@cygnus.com> > From: Hal Abelson > Date: Thu, 12 Dec 1996 15:29:25 -0500 > To: cypherpunks at toad.com > Subject: Whom can you trust with your keys -- government version > Reply-to: hal at MIT.EDU > -----BEGIN PGP SIGNED MESSAGE----- > > > The Commerce Department draft crypto export regulations (see > http://www.steptoe.com/commerce.htm) include the following stipulation > on Key Recovery Agents: > > > Evidence of an individual's suitability and trustworthiness [to > act as a key recovery agent] shall include: > > (i) Information indicating that the individual(s): > > (A) Has no criminal convictions of any kind or > pending criminal charges of any kind; > > (B) Has not breached fiduciary > responsibilities (e.g., has not violated any > surety or performance bonds); and > > (C) Has favorable results of a credit check; > or, > > (ii) Information that the individual(s) has an active > U.S. government security clearance of Secret or higher > issued or updated within the last five years. > > It's nice to know that we can trust ex-cons, frauds, and deadbeats to > hold our keys, provided that they have obtained a Secret clearance. Sorry, but you're mistaken. There is an implied AND between (i) and (ii), not an OR. Curiously, it looks like I may be eligible to run an GAK service. Peter Trei trei at process.com From trei at process.com Fri Dec 13 10:15:39 1996 From: trei at process.com (Peter Trei) Date: Fri, 13 Dec 1996 10:15:39 -0800 (PST) Subject: ASM vs portable code [WAS: Re: Java DES breaker?] Message-ID: <199612131459.GAA06660@cygnus.com> Ray Arachelian wrote: > On Wed, 11 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > > > I happen to have a Sparc 20 box and a Linux box and a SCO box, and ActiveX > > won't work on any of those. I also work with a bunch of other equipment > > that's much faster than a PC, but doesn't run browsers. (Most of it is not > > connected to the 'net for security reasons, but that's besides the point.) > > Right, and Active X, if those machies were on the web, would not be > supported. > > > If Bill's client is sure to run the platforms that MS IE runs on, then this is > > not a consideration. > > Correct, however there is one thing you have forgotten... (next paragraph) > > > Interpreted FORTH bytestream (which is what Java is) may be "doing quite well" > > when drawing GUI gizmos and widgets, but it can't get anywhere near the > > performance of hand-optimizer assembler that you can stick into ActiveX. > > While ActiveX does support hand optmized assembler, there are Java > JustInTime compilers which take JVM bytecodes and turn'em into raw > assembler. They aren't hand optimized, they are natively compiled code, > but they are native code non the less. A good optimizing compiler may > not be 100% as cool and as fast as hand optmized code, BUT it'll be > almost as fast. And Java will run on just about EVERY platform out there. > And that is a bigger, more important point than a 10%-25% increase in > power over non-optimized code. > > Besides, I'm not arguing AGAINST an ActiveX client, there's no reason > why there can't be both Java and ActiveX clients out there since there is > both a compatibilty issue and a speed increase with ActiveX. While I'm reluctant to ever find myself in the same corner as Vulis, he has a point. As one of the few folks on this list who actually writes code, I say that hand-optimized assembler will beat machine generated code every time. I have figures to back me up. As some of you know, I've been working on a DES key recovery tool. I'm have both portable C and x86 assembler versions. They are currently identical, except that the guts of the DES round is written in "C" in one, and hand-optimized Pentium assembler in the other. For this test, I modified the code to cut out the delays associated with incrementing the key schedule, leaving the most of the crunching in the DES decryption. Both versions were compiled under Visual C++ 4.0, with Optimizations set to 'Maximize speed', and inlines to 'any suitable', and run on a 90MHz Digital Celebris 590 under WinNT 3.51. Averaging several runs: "C": 102,300 crypts/sec ASM: 238,000 crypts/sec With Java, it's possible to add native code methods to the interpreter, though this requires extra work by the user - it's harder than 'click on this link to run my reely kool applet'. This violates the Java sandbox, and requires the user to make trust decisions on the methods they are adding. ActiveX lets you add and run native code with a click, but again involves trust decisions. My philosophy is 'the more the merrier'. I'd like to see people work on DES Key Recovery on a large number of platforms - we just need to standardize on the input and output formats. Peter Trei trei at process.com Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From nobody at cypherpunks.ca Fri Dec 13 10:15:43 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald, a remailer node) Date: Fri, 13 Dec 1996 10:15:43 -0800 (PST) Subject: Credentials without Identity--Racey Bits Message-ID: <199612131416.GAA06138@cypherpunks.ca> At 05:30 AM 12/13/96 -0500, Jill heatedly wrote: :So white Boyz Club excludes women to, is that correct? By definition, you steaming dreamboat. Drop me a note, kitten. XXOO Snookums From trei at process.com Fri Dec 13 10:17:01 1996 From: trei at process.com (Peter Trei) Date: Fri, 13 Dec 1996 10:17:01 -0800 (PST) Subject: ASM vs portable code [WAS: Re: Java DES breaker?] Message-ID: <199612131527.HAA07125@cygnus.com> Sorry if this is a repeat - I got a rather opaque 'delivery failure' message when I first sent it. - pt Ray Arachelian wrote: > On Wed, 11 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > > > I happen to have a Sparc 20 box and a Linux box and a SCO box, and ActiveX > > won't work on any of those. I also work with a bunch of other equipment > > that's much faster than a PC, but doesn't run browsers. (Most of it is not > > connected to the 'net for security reasons, but that's besides the point.) > > Right, and Active X, if those machies were on the web, would not be > supported. > > > If Bill's client is sure to run the platforms that MS IE runs on, then this is > > not a consideration. > > Correct, however there is one thing you have forgotten... (next paragraph) > > > Interpreted FORTH bytestream (which is what Java is) may be "doing quite well" > > when drawing GUI gizmos and widgets, but it can't get anywhere near the > > performance of hand-optimizer assembler that you can stick into ActiveX. > > While ActiveX does support hand optmized assembler, there are Java > JustInTime compilers which take JVM bytecodes and turn'em into raw > assembler. They aren't hand optimized, they are natively compiled code, > but they are native code non the less. A good optimizing compiler may > not be 100% as cool and as fast as hand optmized code, BUT it'll be > almost as fast. And Java will run on just about EVERY platform out there. > And that is a bigger, more important point than a 10%-25% increase in > power over non-optimized code. > > Besides, I'm not arguing AGAINST an ActiveX client, there's no reason > why there can't be both Java and ActiveX clients out there since there is > both a compatibilty issue and a speed increase with ActiveX. While I'm reluctant to ever find myself in the same corner as Vulis, he has a point. As one of the few folks on this list who actually writes code, I say that hand-optimized assembler will beat machine generated code every time. I have figures to back me up. As some of you know, I've been working on a DES key recovery tool. I'm have both portable C and x86 assembler versions. They are currently identical, except that the guts of the DES round is written in "C" in one, and hand-optimized Pentium assembler in the other. For this test, I modified the code to cut out the delays associated with incrementing the key schedule (this is not in assembler yet, and slows down the assembler version about 30%), leaving the of the crunching in the DES decryption. Both versions were compiled under Visual C++ 4.0, with Optimizations set to 'Maximize speed', and inlines to 'any suitable', and run on a 90MHz Digital Celebris 590 under WinNT 3.51. Averaging several runs: "C": 102,300 crypts/sec ASM: 238,000 crypts/sec With Java, it's possible to add native code methods to the interpreter, though it requires extra work by the user - it's harder than 'click on this link to run my reely kool applet'. This violates the Java sandbox, and requires the user to make trust decisions on the methods they are adding. ActiveX lets you add and run native code with a click, but again involves trust decisions. My philosophy is 'the more the merrier'. I'd like to see able to people work on DES Key Recovery on a large number of platforms and modes - we just need to standardize on the input and output formats. Peter Trei trei at process.com From adam at homeport.org Fri Dec 13 10:17:10 1996 From: adam at homeport.org (Adam Shostack) Date: Fri, 13 Dec 1996 10:17:10 -0800 (PST) Subject: ITARs effects Message-ID: <199612131507.KAA27336@homeport.org> I cross posted the ITAR proposed rev pointers to Firewalls. In addition to an entertaining rant, Marcus posted this: ----- Forwarded message from Marcus J. Ranum ----- >From mjr at mail.clark.net Thu Dec 12 17:38:57 1996 Message-Id: <199612122240.RAA10556 at mail.clark.net> Comments: Authenticated sender is From: "Marcus J. Ranum" Organization: V-ONE Corp Baltimore office To: adam at homeport.org Date: Thu, 12 Dec 1996 17:42:00 +0000 Subject: that doc.... Priority: normal X-mailer: Pegasus Mail for Win32 (v2.42a) You posted a pointer to that document. It was quite interesting. I see that the feds are making INDIVIDUALS responsible for ENFORCING export laws!!! Read carefully: (9) Export of encryption software. The export of encryption source code and object code software controlled for EI reasons under ECCN 5D002 on the Commerce Control List (see Supplement No. 1 to part 774 of the EAR) includes downloading or causing the downloading, of such software to locations (including electronic bulletin boards and Internet file transfer protocol and World Wide Web sites) outside the U.S., and making such software available for transfer outside the United States, over radio, electromagnetic, photo optical, or photoelectric communications facilities accessible to persons outside the United States, including transfers from electronic bulletin boards and Internet file transfer protocol and World Wide Web sites, or any cryptographic software subject to controls under this regulation unless the person making software available takes precautions as adequate to prevent unauthorized transfer of such code outside the United States. This provision applies both to the uploading and downloading of such software. For purposes of this paragraph, the following shall constitute adequate precautions to prevent unauthorized transfer: This implies that putting something up for FTP == export. Holy shit. mjr. ----- Marcus J. Ranum, Chief Scientist, V-ONE Corporation Work: http://www.v-one.com Personal: http://www.clark.net/pub/mjr "I'll have time to be laid back when I'm laid out on a slab" ----- End of forwarded message from Marcus J. Ranum ----- From nobody at cypherpunks.ca Fri Dec 13 10:17:23 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald, a remailer node) Date: Fri, 13 Dec 1996 10:17:23 -0800 (PST) Subject: Elliptic curves--hot stuff here Message-ID: <199612131413.GAA06098@cypherpunks.ca> At 05:18 AM 12/13/96 -0500, my baby, Jill, wrote: :Please tell the faggots to stop being so sexist. : :Jill : OK, all you faggots stop being so sexist. :Just what is it about these queers that makes them hate women so much :anyway? Are they jealous of us sexy women because their boyfriends :may want us? Oh, yea, and all you sexy hot AOL chicks stop turning on all the queers' boyfriends. P.S.: Jill, come up and see me sometime. I'm ready to start over if you are. XXOO Snookums From gnu at toad.com Fri Dec 13 10:50:00 1996 From: gnu at toad.com (John Gilmore) Date: Fri, 13 Dec 1996 10:50:00 -0800 (PST) Subject: RSA Laboratories seeks contributions for the "next generation" of PKCS Message-ID: <199612131849.KAA01675@toad.com> From: Ray Sidney To: "'e-payment at bellcore.com'" , "'firewalls at greatcircle.com'" , "'ietf-otp at bellcore.com'" , "'ietf-pkix at tandem.com'" , "'ipsec at ans.net'" , "'www-security at ns2.rutgers.edu'" To: "'rsa-licensees at rsa.com'" , "'swan-dev at rsa.com'" , "'smime-dev at rsa.com'" Subject: RSA Laboratories seeks contributions for the "next generation" of PKCS Date: Fri, 13 Dec 1996 10:07:47 -0800 Comments and suggestions are invited for the next generation of the Public-Key Cryptography Standards, the intervendor specifications developed starting in 1991 by RSA Laboratories in conjunction with industry and universities. The Public-Key Cryptography Standards were established to provide a catalyst for interoperable security based on public-key cryptographic techniques, and they have become the basis for many formal standards and are implemented widely. With several years' experience and review, and with many new developments in cryptography since 1991, it is now time to update PKCS. Suggestions are invited in the following areas: * improvements to the current suite of standards * contributions for new standards, including standards for transport and local storage of personal information such as private keys and certificates, and standards for platform-independent cryptographic programming interfaces PKCS documents are low-level standards stating precisely how one may accomplish specific cryptographic or cryptography-related tasks. Most are concerned with specifying byte-level recipes (often in ASN.1) for formatting various types of data (such as a block which is to be RSA-encrypted), rather than making general security-related recommendations ("An RSA modulus should be at least XXX bits long."). RSA Laboratories is actively soliciting suggestions and contributions for the "next generation" of PKCS from now until the end of April 1997. If you have written up a document detailing extensions you've made to an existing PKCS, and you feel that others could benefit from the use of your extensions, then we'd like to see your document. If you have an idea for a new PKCS, we'd like to hear that, too. And if you have something somewhere in between, send it along; of course, detailed, well-developed contributions are generally preferred. Suggestions should be sent either to the pkcs-tng at rsa.com mailing list (you can subscribe to this list by sending email with "subscribe pkcs-tng" in the message body to majordomo at rsa.com; unsubscribe with "unsubscribe pkcs-tng") or to pkcs-editor at rsa.com, whichever is deemed more appropriate. Current PKCS documents are: PKCS #1: RSA Encryption Standard. PKCS #3: Diffie-Hellman Key-Agreement Standard. PKCS #5: Password-Based Encryption Standard. PKCS #6: Extended-Certificate Syntax Standard. PKCS #7: Cryptographics Message Syntax Standard. PKCS #8: Private-Key Information Syntax Standard. PKCS #9: Selected Attribute Types. PKCS #10: Certificate Request Syntax Standard. PKCS #11: Cryptographic Token Interface Standard (CRYPOKI). The above documents are available from RSADSI's web site, and links to them may be found at http://www.rsa.com/rsalabs/pubs/PKCS/. All contributions received shall be examined, and, if appropriate, a workshop (or several workshops) shall be held to further determine the content of the "next generation" of PKCS. From nobody at cypherpunks.ca Fri Dec 13 11:38:11 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald, a remailer node) Date: Fri, 13 Dec 1996 11:38:11 -0800 (PST) Subject: Enigma Message-ID: <199612131923.LAA11742@cypherpunks.ca> Tim C. Mayonnaise, a product of anal birth, appeared with a coathanger through his head. /\_./o__ Tim C. Mayonnaise (/^/(_^^' ._.(_.)_ From trei at process.com Fri Dec 13 11:51:50 1996 From: trei at process.com (Peter Trei) Date: Fri, 13 Dec 1996 11:51:50 -0800 (PST) Subject: ITAR -> EAR; loss of First Amendment Rights. Message-ID: <199612131951.LAA03511@toad.com> Reading the proposed new rules, what disturbs me most deeply is the statement: - start quote - 16. Section 734.7 is amended by revising paragraph (b) to read as follows: 734.7 Published information and software. * * * * * (b) Software and information is published when it is available for general distribution either for free or at a price that does not exceed the cost of reproduction and distribution. See Supplement No. 1 to this part, Questions G(1) through G(3). Note that encryption software controlled under ECCN 5D002 for "EI" reasons on the Commerce Control List (refer to Supplement No. 1 to part 774 of the EAR) remain subject to the EAR even when publicly available. Accordingly, such encryption software in both source code and object code remains subject to the EAR even if published in a book or any other writing or media. - end quote - It appears that we will now have the unique situation that a book which contains cryptographic info or source code will be illegal to export or sell to a non-citizen, without getting export permission. I am not aware of any prior time when the government attempted to claim that printed material, freely available in bookstores and newsstands to US citizens, became contraband when sold or given to a non-citizen. Who's responsible for enforcing this? The vendor? The clerk at Barnes & Noble? The publisher? If the latter, how many publishers will take the risk of printing books with crypto information? Will Wiley pull "Applied Cryptography" from the shelves? This doesn't just chill free speech, it dunks it in liquid helium. It's difficult to think of clearer case of prior restraint. ----------------- Peter Trei trei at process.com Disclaimer: I am not speaking for my employer. From peter.allan at aeat.co.uk Fri Dec 13 11:54:40 1996 From: peter.allan at aeat.co.uk (Peter M Allan) Date: Fri, 13 Dec 1996 11:54:40 -0800 (PST) Subject: Would you send money to Gary Rasmussen ? Message-ID: <9612131954.AA28856@clare.risley.aeat.co.uk> Gary Rasmussen (RagyR at aol.com) replies to me as below: Have people got a view on the second question ? I've had no contact with Gary before and he may very well be honest; but there's proper trust and there's stupidity. > Hi Peter, > > > I'm looking for Kahn's book. Have you an acccurate price now? > > A lot of copies (about 100) have been sold since .... > > > > (And is there anyone I'd know who'd suggest I send you money ?!) > > Good question, but very hard to answer since I don't know who you > know. Can tell you that I operate Classical Crypto Books primarily as > a service for other members of the ACA. Two possible references are > the current and past ACA presidents: > > jimg at mentat.com (Jim Gillogly, ACA President 1996-1998) > 75542.1003 at CompuServe.COM (Randy Nichols, ACA President 1994-1996) > > Operating CCB is not my main occupation (by day I'm a scientist working > for MIT's Lincoln Lab). Can also say proudly that in 1.5 years of operating > CCB I haven't had any complaints. > > Please let me know if you have other questions or would like a complete > copy of the CCB catalog. > > Best Wishes, > Gary Rasmussen > Classical Crypto Books From aaron at herringn.com Fri Dec 13 11:54:55 1996 From: aaron at herringn.com (aaron at herringn.com) Date: Fri, 13 Dec 1996 11:54:55 -0800 (PST) Subject: [Privacy] Airline background checks... Message-ID: WASHINGTON (CNN) -- Under plans to overhaul the airline security system, making a plane reservation would trigger an instant profile of a passenger's background, including past travels and possible criminal history information. [...] Government should pay The committee, made up of 23 industry, government and public interest groups, suggested the federal government, not the airline industry, pay for the increased security measures. It estimated the proposals would cost $9.9 billion over the next 10 years. "It's not an airline or airport problem. It's a national security problem," Lally said. "Airports and airlines are surrogate targets. The real targets are the policies and government of the United States." [...] http://www.cnn.com/US/9612/13/airline/index.html From nobody at replay.com Fri Dec 13 12:57:15 1996 From: nobody at replay.com (Anonymous) Date: Fri, 13 Dec 1996 12:57:15 -0800 (PST) Subject: THE CRYPTOCRACY'S PLAN TO PSYCHOCIVILIZE YOU Message-ID: <199612132057.VAA00967@basement.replay.com> http://www.nwlink.com:88/~dbader/ From jer+ at andrew.cmu.edu Fri Dec 13 13:06:59 1996 From: jer+ at andrew.cmu.edu (Jeremiah A Blatz) Date: Fri, 13 Dec 1996 13:06:59 -0800 (PST) Subject: ITARs effects In-Reply-To: <199612131507.KAA27336@homeport.org> Message-ID: <0mgQIf600YUq02IaY0@andrew.cmu.edu> -----BEGIN PGP SIGNED MESSAGE----- Adam Shostack writes: > I cross posted the ITAR proposed rev pointers to Firewalls. In > addition to an entertaining rant, Marcus posted this: > > ----- Forwarded message from Marcus J. Ranum ----- > > From mjr at mail.clark.net Thu Dec 12 17:38:57 1996 > Message-Id: <199612122240.RAA10556 at mail.clark.net> > Comments: Authenticated sender is > From: "Marcus J. Ranum" > Organization: V-ONE Corp Baltimore office > To: adam at homeport.org > Date: Thu, 12 Dec 1996 17:42:00 +0000 > Subject: that doc.... > Priority: normal > X-mailer: Pegasus Mail for Win32 (v2.42a) > > > You posted a pointer to that document. It was quite interesting. > I see that the feds are making INDIVIDUALS responsible for > ENFORCING export laws!!! Read carefully: > This implies that putting something up for FTP == export. Holy > shit. This has always been the case. At this point, it is sufficient to make the downlaoder promise that they are a US citizen-unit (eg the mit pgp dist.). Of course, seeing as how no congressional laws involved, the ores. could decide that that's not good enough on a whim. Jer "standing on top of the world/ never knew how you never could/ never knew why you never could live/ innocent life that everyone did" -Wormhole -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMrHFJ8kz/YzIV3P5AQE/EgMAuoWyNti9XqXfEGCOCIFHXR7fIPiCJJx1 tbYCGeZlBvIkwopHvGLWpR5AdTSC1/loleWbOCP0hBL13+lVLTtMPaA4OcCBnY34 z75eLpbPUibUxCX+uaLhFAkQF1i0W8Zz =G2HV -----END PGP SIGNATURE----- From nobody at cypherpunks.ca Fri Dec 13 13:22:46 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald, a remailer node) Date: Fri, 13 Dec 1996 13:22:46 -0800 (PST) Subject: Wired Integrity Message-ID: <199612132111.NAA14618@cypherpunks.ca> The latest issue of Wired has a nice article about Sameer Parekh and C2Net. What is troubling is that it is written by Sandy Sandfort who works at C2Net. There is no indication of this in the vicinity of the Wired article. The Little Green Man From llurch at networking.stanford.edu Fri Dec 13 13:23:00 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Fri, 13 Dec 1996 13:23:00 -0800 (PST) Subject: From Houghton-Mifflin MIS regarding the ongoing self-mailbombing Message-ID: -----BEGIN PGP SIGNED MESSAGE----- A lesson in stupidity. - -rich [Forwards from impeccable intermediate sources snipped; if you REALLY need to confirm, mail me.] - ------- Forwarded Message OK. I used to work in the MIS department of Houghton Mifflin, and still am good friends with the upper MIS people. In fact I had dinner with them last night. Although the promotion is/was real, PLEASE DON'T SEND THEM ANY MORE EMAIL. The mail gateway is throttling with the incoming mail - we had a long talk last night over how to aleviate this problem. They've gotten alittle over 100k messages in 1 week. The mail server is currently a SPARC 5 w/ 64MB RAM and a gigabyte of swap, and is so hosed that they're switching in an Ultra2 tonight to try to handle the load. The lesson here is: don't do a marketing ploy without first consulting your Tech people. Apparently, the whole thing was cooked up by one of the departments, who neglected to tell MIS. Also, for those of you who might possibly work in industry in the future and are looking for a way to gather email addresses or do some kind of promotion like this, USE WEB HITS. The average email coming in to HMCo is about 4kb, requires disk space, and requires a vfork() of sendmail to deliver. A typical Http hit runs less than 100bytes, is served by a threaded httpd server, and requires very little disk access. Anyway, this is just a note to please spare my friends at HMCo. The kids are going to get all the donations promised, and my friends have enough headaches. Thanks! -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMrHJDJNcNyVVy0jxAQH98wH/RA2dc5bLz3KbX0JoyVha5+XoppMSgNtB 8MvVemU5iOeBRrJTENo1bj6OYx8b7ie8E95OUsBy9Kx0RpFfpOmBSA== =QdmN -----END PGP SIGNATURE----- From jimg at mentat.com Fri Dec 13 13:30:18 1996 From: jimg at mentat.com (Jim Gillogly) Date: Fri, 13 Dec 1996 13:30:18 -0800 (PST) Subject: Would you send money to Gary Rasmussen ? Message-ID: <199612132135.NAA03111@zendia.mentat.com> Yes, I've sent Gary Rasmussen (RagyR, Classical Crypto Books) money and received books. He's prompt and honest, in my experience, and even offered to refund my money on the latest edition of Kahn's "The Codebreakers" when I pointed out that there's very little new info in it (16 pages), and it's not integrated with the text, nor does it include the copious footnotes that make the original so valuable. I met him at the most recent American Cryptogram Association meeting, and he was efficient and personable there as well. In fact, I just sent him another $69.95 today for the Handbook of Applied Cryptography -- the ACA member price. His price breaks are usually much deeper for ACA members; evidently the margin is lower for modern low-volume professional texts like this than for the classical ones I usually buy. Jim Gillogly jim at acm.org > From: peter.allan at aeat.co.uk (Peter M Allan) > > > (And is there anyone I'd know who'd suggest I send you money ?!) From ichudov at algebra.com Fri Dec 13 13:46:48 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Fri, 13 Dec 1996 13:46:48 -0800 (PST) Subject: your mail In-Reply-To: <199612130915.BAA13307@mailmasher.com> Message-ID: <199612132143.PAA19967@manifold.algebra.com> Huge Cajones Remailer wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > - -- Catfish Friend > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBMrEM89GzuQsii+JdAQHc8wP/cKizciQHtI3ue/CdKJ62DbuPVlobRTl5 > qY1oOQs3L3rb0mKa0FdklcfxaXYYMY0zJpGmGTSynDwJKGSCm5O6fPkCPG064LSp > npMzmOqOWpUSrYX652Q8EMFPODHKCl0FX78ksQ1ns8Xv//bT4wdPt5GR6AlTrvdc > XH1s/oB9tMM= > =2xtm > -----END PGP SIGNATURE----- > -- > Greg Broiles | US crypto export control policy in a nutshell: > gbroiles at netbox.com | > http://www.io.com/~gbroiles | Export jobs, not crypto. > | > :-( Does anyone have any suggestions (checklists of things to do, etc.) for people who are afraid of accidentally disclosing their anonymous identities? It seems to be a common problem that anonymity is violated because people simply screw up with their remailing software. - Igor. From nobody at huge.cajones.com Fri Dec 13 14:26:22 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Fri, 13 Dec 1996 14:26:22 -0800 (PST) Subject: In Defense of Anecdotal Evidence Message-ID: <199612132226.OAA13677@mailmasher.com> Hats off to Rob Carlson for a great article! At 9:54 AM 12/13/1996, Rob Carlson wrote: >On Thu, 12 Dec 1996 14:12:23 -0800, Huge Cajones Remailer wrote: >>Statistics are a useful tool, but they have their problems. Their >>accuracy is often in doubt. Most scientific data comes with an >>error analysis so you can tell what the figure means. For some >>reason statisticians never do this so we cannot tell whether their >>numbers are accurate to within 0.1%, 1.0%, 10%, or even worse. >> >>There are many other problems. For instance, users of statistics >>assume they have a random sample, even in cases where that is far >>from clear > >[ List of other problems deleted ] > >Of course, anecdotal evidence also suffers from all of these >problems. And in greater magnitude. This is true since it is a >special case of statistical evidence. With a non-random sample set of >one and no controls for observer bias. Excellent point. On the other hand, if everybody operates correctly based on their own (non-random) experience in general the right outcomes will occur. This is rational if the tertiary statistical evidence is unreliable. What you are implicitly assuming is that the studies one reads were done honestly and competently. Yet, the chain of evidence is rather weak. Typically, we don't even know the people who did the study. Given the many contradictory results obtained by social statisticians, we have substantial evidence that there is something wrong with their methods or their application. Another way to judge the experts is through selected in depth studies of their work. I have not found the results to be encouraging. >>The advantage of anecdotal evidence (in the sense we have been using >>it) is that the person who is telling you the anecdote was there and >>saw it. You can cross-examine them and get a full understanding of >>the evidence provided. > >The reporting of evidence involves different issues. If you want to >believe that women are actually cut in two or that politicians are >telling the truth anytime their lips are moving, thats one thing. If >you want to tell me its true because you personally observed it, >thats quite another. > >Given the failures of humans as observational tools, your story is >unverifiable by me. Perhaps through effective cross examination I >can prove you wrong, but I can never prove you right with such a >technique. That will require other evidence outside the control of >the observer ( statistical is just one available ). Occasionally we may teach somebody else about something they observed and change their mind. This is not the same thing as proof, but it is worthwhile. In other cases, we may have beliefs about the integrity of our observer. We may believe that they will not intentionally lie. That means we can separate out their interpretations from the exact details they can recall. Even if our correct interpretation is not accepted by the observer, that does not imply that we can learn nothing of interest. >This doesn't make studies or statistical evidence true. Just more >reliable than anecdotal evidence. I should make clear that I have not ruled out statistical evidence as a tool. We have to be aware of its limitations. >Humans who will lie about their observations will also produce flawed >studies. Again the former (anecdotal) is unverifiable, but I can >check the latter (statistical) independently. Actually, it is cheaper and easier to develop an understanding of the reliability of anecdotal evidence. Often we may have known the observer for some time and be able to form theories about their character and ability to accurately interpret what they have seen. We can ask them what they saw on different occasions and see if we get about the same story back. We can think about whether the person has intentionally lied in the past and, if so, under what circumstances. We can ask ourselves what motivation the person might have to lie. Is there any benefit to giving a particular story? >Relying on anecdotal evidence makes you susceptible to the magicians >of the world. The honest ones use mirrors and their need is to >entertain you enough to get your money. The rest use anecdotal >evidence and emotional arguments (verbal misdirection?). Their needs >are left as a test of the reader's naivete. What needs are satisfied by the white cloaked priests of social science? Which of their needs are satisfied by their work? Very few of these people are independent. They are often paid by people whose interest in the truth is in question. That means that the temptation to fudge (and humans find ways to rationalize such actions) is very powerful. The people preparing the statistical studies are often interested in the fame associated with career advancement. None of this is conducive to the search for truth. >Evidence that can be verified independently by many observers >increases the reliability. Experiments and polls can be done by me >thus eliminating your bias. Independent verification can also check >for errors and check the parameters under which the evidence is true. >Studies are done with certain assumptions and controls. The evidence >loses its reliability when removed from this context. I have serious doubts about these methods. I am not a statistician, so there is a possibility that I am simply ignorant. However, I would expect that if these methods of determining the accuracy of the statistics were effective, that it would be possible to provide some sort of error analysis. When we get a figure for the GDP we know that it is highly unlikely to be exactly correct. What is the probability that it is low by 10%? I fail to see how the figure can even be useful without this information. In the case of a complex study involving the measure of biases to adjust the final conclusions, it would be most useful to discuss the probability that the bias was not measured correctly. This must surely affect our final results, especially when many biases and other measurements are combined. Red Rackham From iang at cs.berkeley.edu Fri Dec 13 14:30:33 1996 From: iang at cs.berkeley.edu (Ian Goldberg) Date: Fri, 13 Dec 1996 14:30:33 -0800 (PST) Subject: ITAR -> EAR; loss of First Amendment Rights. In-Reply-To: <199612131951.LAA03511@toad.com> Message-ID: <58sldn$ftp@abraham.cs.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- In article <199612131951.LAA03511 at toad.com>, Peter Trei wrote: >It appears that we will now have the unique >situation that a book which contains cryptographic >info or source code will be illegal to export or >sell to a non-citizen, without getting export permission. > >I am not aware of any prior time when the government >attempted to claim that printed material, freely >available in bookstores and newsstands to US citizens, >became contraband when sold or given to a non-citizen. > >Who's responsible for enforcing this? The vendor? The >clerk at Barnes & Noble? The publisher? If the latter, >how many publishers will take the risk of printing >books with crypto information? Will Wiley pull "Applied >Cryptography" from the shelves? Part 744.9(c) of the draft regs: # (c) Definition of U.S. person. For purposes of this section, the term # U.S. person includes: # # (1) Any individual who is a citizen or permanent resident alien of # the United States; # # (2) Any juridical person organized under the laws of the United States # or any jurisdiction within the United States, including foreign # branches; and # # (3) Any person in the United States. So it would be legal to sell books to foreigners in the US, unless that would be "provid[ing] assistance to foreign persons" (744.9(a)). Funnily enough, "foreign person" isn't defined anywhere in http://jya.com/commerce.htm. Is it safe to assume it means "a person who is not a U.S. person, as defined in 744.9(c)"? If that is the case, then teaching crypto classes to foreigners in the US would be legal. The new regs don't seem to have the exception for "mere travel outside of the United States by a person whose personal knowledge includes technical data" (ITAR, 120.17(1)). Does that mean that such travel is now (or will shortly be, when the new regs are enacted) illegal? I find that hard to believe (but I also find that virus checkers and firewalls are being controlled hard to believe; hell, I find the whole crypto export policy hard to believe). - Ian "heading back to Canada..." -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMrHY70ZRiTErSPb1AQE0VAP/Sa1+s9n5k9V0ybt+xgMqd+lWLRNwsCES y5tBaaU+BApEMrt96EPcvJe/YX5BwhFbKjxMaXjl5brtGe8J3UmgP04lBDlNfS4R XwVqagG8yjmya7e0+/b0//WmFEn+KJCcU7y9HNi/OB4j7aWyB/7lPvSG9rPt2sua 13oBHLnoZIQ= =j7sS -----END PGP SIGNATURE----- From frantz at netcom.com Fri Dec 13 14:43:40 1996 From: frantz at netcom.com (Bill Frantz) Date: Fri, 13 Dec 1996 14:43:40 -0800 (PST) Subject: THE CRYPTOCRACY'S PLAN TO PSYCHOCIVILIZE YOU In-Reply-To: <199612132057.VAA00967@basement.replay.com> Message-ID: At 12:57 PM -0800 12/13/96, Anonymous wrote: >http://www.nwlink.com:88/~dbader/ And I got tired of saying no to cookies. ------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA From nobody at huge.cajones.com Fri Dec 13 14:56:16 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Fri, 13 Dec 1996 14:56:16 -0800 (PST) Subject: Appropriate Topics for Cypherpunks Message-ID: <199612132256.OAA19882@mailmasher.com> At 9:54 AM 12/13/1996, Rob Carlson wrote: >To make this on topic, how does this apply to cryptography and >crypto-politics? This issue is a foundation of our discussions here. >Shall we accept anecdotal evidence such as the "If you only knew what >we knew" arguments? What is more reliable: IPG's claims that their >product is an OTP because they say it is or Bruce Schneier's book >that can be used to point out the fallacy's in their claims? I'm sure Rob Carlson already realizes this, but just in case let's be very clear that a discussion of the value of anecdotal evidence is so on topic to this list that it isn't funny. We are talking about trust models. The reason that the Net is a fundamental threat to the established social order is that it will probably result in a worldwide change in trust models. For one thing, we are now learning just how venal and corrupt the world leadership really is. At the same time, cross-border relationships and trust are flourishing. The rise of anonymous identities raises the question of how we can "trust" somebody we have never met. This immediately leads to the question of why we trust other people we haven't met, such as the President, or scientists, or whomever. It turns out our reasons for "trusting" these people are not as solid as some of us once believed. The attempts to crush strong cryptography - especially if it implies anonymity with strong authentication - is an attempt to undermine the trust developing between disparate groups of people. And, in a sense, that is what politics has always been about: the subversion of trust between groups of people so they can be played off each other for the benefit of the few. Back to what is appropriate to this list: What the cypherpunks is suffering right now is not an excess of well written articles that are off topic. I suggest that anybody who feels very strongly that they are not seeing articles of the appropriate content follow Rob Carlson's example and show the rest of us how it is done. Red Rackham From gnu at toad.com Fri Dec 13 14:59:06 1996 From: gnu at toad.com (John Gilmore) Date: Fri, 13 Dec 1996 14:59:06 -0800 (PST) Subject: NSA/UKUSA Echelon: Exposing the Global Surveillance System Message-ID: <199612132258.OAA06522@toad.com> I don't know the truth of this, but I'm sure it will make interesting reading. -- John Forwarded-By: Dale Amon as Operator Forwarded-By: Steven Carlson This message was forwarded through the Red Rock Eater News Service (RRE). ** Topic: #59 Exposing Global Surveillance System ** ** Written 10:30 AM Dec 3, 1996 by caq in cdp:covertaction ** EXPOSING THE GLOBAL SURVEILLANCE SYSTEM by Nicky Hager ------ The article as it apears in hard copy in the magazine also includes the following sidebars: --"NSA'S BUSINESS PLAN: GLOBAL ACCESS" by Duncan Campbell --GREENPEACE WARRIOR: WHY NO WARNING? and --NZ's PM Kept in the Dark by Nicky Hager ********Hager's book "secret Power" is available from CAQ for $33.******* ----------- IN THE LATE 1980S, IN A DECISION IT PROBABLY REGRETS, THE US PROMPTED NEW ZEALAND TO JOIN A NEW AND HIGHLY SECRET GLOBAL INTELLIGENCE SYSTEM. HAGER'S INVESTIGATION INTO IT AND HIS DISCOVERY OF THE ECHELON DICTIONARY HAS REVEALED ONE OF THE WORLD'S BIGGEST, MOST CLOSELY HELD INTELLIGENCE PROJECTS. THE SYSTEM ALLOWS SPY AGENCIES TO MONITOR MOST OF THE WORLD'S TELEPHONE, E-MAIL, AND TELEX COMMUNICATIONS. For 40 years, New Zealand's largest intelligence agency, the Government Communications Security Bureau (GCSB) the nation's equivalent of the US National Security Agency (NSA) had been helping its Western allies to spy on countries throughout the Pacific region, without the knowledge of the New Zealand public or many of its highest elected officials. What the NSA did not know is that by the late 1980s, various intelligence staff had decided these activities had been too secret for too long, and were providing me with interviews and documents exposing New Zealand's intelligence activities. Eventually, more than 50 people who work or have worked in intelligence and related fields agreed to be interviewed. The activities they described made it possible to document, from the South Pacific, some alliance-wide systems and projects which have been kept secret elsewhere. Of these, by far the most important is ECHELON. Designed and coordinated by NSA, the ECHELON system is used to intercept ordinary e-mail, fax, telex, and telephone communications carried over the world's telecommunications networks. Unlike many of the electronic spy systems developed during the Cold War, ECHELON is designed primarily for non-military targets: governments, organizations, businesses, and individuals in virtually every country. It potentially affects every person communicating between (and sometimes within) countries anywhere in the world. It is, of course, not a new idea that intelligence organizations tap into e-mail and other public telecommunications networks. What was new in the material leaked by the New Zealand intelligence staff was precise information on where the spying is done, how the system works, its capabilities and shortcomings, and many details such as the codenames. The ECHELON system is not designed to eavesdrop on a particular individual's e-mail or fax link. Rather, the system works by indiscriminately intercepting very large quantities of communications and using computers to identify and extract messages of interest from the mass of unwanted ones. A chain of secret interception facilities has been established around the world to tap into all the major components of the international telecommunications networks. Some monitor communications satellites, others land-based communications networks, and others radio communications. ECHELON links together all these facilities, providing the US and its allies with the ability to intercept a large proportion of the communications on the planet. The computers at each station in the ECHELON network automatically search through the millions of messages intercepted for ones containing pre-programmed keywords. Keywords include all the names, localities, subjects, and so on that might be mentioned. Every word of every message intercepted at each station gets automatically searched whether or not a specific telephone number or e-mail address is on the list. The thousands of simultaneous messages are read in "real time" as they pour into the station, hour after hour, day after day, as the computer finds intelligence needles in telecommunications haystacks. SOMEONE IS LISTENING The computers in stations around the globe are known, within the network, as the ECHELON Dictionaries. Computers that can automatically search through traffic for keywords have existed since at least the 1970s, but the ECHELON system was designed by NSA to interconnect all these computers and allow the stations to function as components of an integrated whole. The NSA and GCSB are bound together under the five-nation UKUSA signals intelligence agreement. The other three partners all with equally obscure names are the Government Communications Headquarters (GCHQ) in Britain, the Communications Security Establishment (CSE) in Canada, and the Defense Signals Directorate (DSD) in Australia. The alliance, which grew from cooperative efforts during World War II to intercept radio transmissions, was formalized into the UKUSA agreement in 1948 and aimed primarily against the USSR. The five UKUSA agencies are today the largest intelligence organizations in their respective countries. With much of the world's business occurring by fax, e-mail, and phone, spying on these communications receives the bulk of intelligence resources. For decades before the introduction of the ECHELON system, the UKUSA allies did intelligence collection operations for each other, but each agency usually processed and analyzed the intercept from its own stations. Under ECHELON, a particular station's Dictionary computer contains not only its parent agency's chosen keywords, but also has lists entered in for other agencies. In New Zealand's satellite interception station at Waihopai (in the South Island), for example, the computer has separate search lists for the NSA, GCHQ, DSD, and CSE in addition to its own. Whenever the Dictionary encounters a message containing one of the agencies' keywords, it automatically picks it and sends it directly to the headquarters of the agency concerned. No one in New Zealand screens, or even sees, the intelligence collected by the New Zealand station for the foreign agencies. Thus, the stations of the junior UKUSA allies function for the NSA no differently than if they were overtly NSA-run bases located on their soil. The first component of the ECHELON network are stations specifically targeted on the international telecommunications satellites (Intelsats) used by the telephone companies of most countries. A ring of Intelsats is positioned around the world, stationary above the equator, each serving as a relay station for tens of thousands of simultaneous phone calls, fax, and e-mail. Five UKUSA stations have been established to intercept the communications carried by the Intelsats. The British GCHQ station is located at the top of high cliffs above the sea at Morwenstow in Cornwall. Satellite dishes beside sprawling operations buildings point toward Intelsats above the Atlantic, Europe, and, inclined almost to the horizon, the Indian Ocean. An NSA station at Sugar Grove, located 250 kilometers southwest of Washington, DC, in the mountains of West Virginia, covers Atlantic Intelsats transmitting down toward North and South America. Another NSA station is in Washington State, 200 kilometers southwest of Seattle, inside the Army's Yakima Firing Center. Its satellite dishes point out toward the Pacific Intelsats and to the east. *1 The job of intercepting Pacific Intelsat communications that cannot be intercepted at Yakima went to New Zealand and Australia. Their South Pacific location helps to ensure global interception. New Zealand provides the station at Waihopai and Australia supplies the Geraldton station in West Australia (which targets both Pacific and Indian Ocean Intelsats). *2 Each of the five stations' Dictionary computers has a codename to distinguish it from others in the network. The Yakima station, for instance, located in desert country between the Saddle Mountains and Rattlesnake Hills, has the COWBOY Dictionary, while the Waihopai station has the FLINTLOCK Dictionary. These codenames are recorded at the beginning of every intercepted message, before it is transmitted around the ECHELON network, allowing analysts to recognize at which station the interception occurred. New Zealand intelligence staff has been closely involved with the NSA's Yakima station since 1981, when NSA pushed the GCSB to contribute to a project targeting Japanese embassy communications. Since then, all five UKUSA agencies have been responsible for monitoring diplomatic cables from all Japanese posts within the same segments of the globe they are assigned for general UKUSA monitoring.3 Until New Zealand's integration into ECHELON with the opening of the Waihopai station in 1989, its share of the Japanese communications was intercepted at Yakima and sent unprocessed to the GCSB headquarters in Wellington for decryption, translation, and writing into UKUSA-format intelligence reports (the NSA provides the codebreaking programs). "COMMUNICATION" THROUGH SATELLITES The next component of the ECHELON system intercepts a range of satellite communications not carried by Intelsat.In addition to the UKUSA stations targeting Intelsat satellites, there are another five or more stations homing in on Russian and other regional communications satellites. These stations are Menwith Hill in northern England; Shoal Bay, outside Darwin in northern Australia (which targets Indonesian satellites); Leitrim, just south of Ottawa in Canada (which appears to intercept Latin American satellites); Bad Aibling in Germany; and Misawa in northern Japan. A group of facilities that tap directly into land-based telecommunications systems is the final element of the ECHELON system. Besides satellite and radio, the other main method of transmitting large quantities of public, business, and government communications is a combination of water cables under the oceans and microwave networks over land. Heavy cables, laid across seabeds between countries, account for much of the world's international communications. After they come out of the water and join land-based microwave networks they are very vulnerable to interception. The microwave networks are made up of chains of microwave towers relaying messages from hilltop to hilltop (always in line of sight) across the countryside. These networks shunt large quantities of communications across a country. Interception of them gives access to international undersea communications (once they surface) and to international communication trunk lines across continents. They are also an obvious target for large-scale interception of domestic communications. Because the facilities required to intercept radio and satellite communications use large aerials and dishes that are difficult to hide for too long, that network is reasonably well documented. But all that is required to intercept land-based communication networks is a building situated along the microwave route or a hidden cable running underground from the legitimate network into some anonymous building, possibly far removed. Although it sounds technically very difficult, microwave interception from space by United States spy satellites also occurs.4 The worldwide network of facilities to intercept these communications is largely undocumented, and because New Zealand's GCSB does not participate in this type of interception, my inside sources could not help either. NO ONE IS SAFE FROM A MICROWAVE A 1994 expos of the Canadian UKUSA agency, Spyworld, co-authored by one of its former staff, Mike Frost, gave the first insights into how a lot of foreign microwave interception is done (see p. 18). It described UKUSA "embassy collection" operations, where sophisticated receivers and processors are secretly transported to their countries' overseas embassies in diplomatic bags and used to monitor various communications in foreign capitals. *5 Since most countries' microwave networks converge on the capital city, embassy buildings can be an ideal site. Protected by diplomatic privilege, they allow interception in the heart of the target country. *6 The Canadian embassy collection was requested by the NSA to fill gaps in the American and British embassy collection operations, which were still occurring in many capitals around the world when Frost left the CSE in 1990. Separate sources in Australia have revealed that the DSD also engages in embassy collection. *7 On the territory of UKUSA nations, the interception of land-based telecommunications appears to be done at special secret intelligence facilities. The US, UK, and Canada are geographically well placed to intercept the large amounts of the world's communications that cross their territories. The only public reference to the Dictionary system anywhere in the world was in relation to one of these facilities, run by the GCHQ in central London. In 1991, a former British GCHQ official spoke anonymously to Granada Television's World in Action about the agency's abuses of power. He told the program about an anonymous red brick building at 8 Palmer Street where GCHQ secretly intercepts every telex which passes into, out of, or through London, feeding them into powerful computers with a program known as "Dictionary." The operation, he explained, is staffed by carefully vetted British Telecom people: "It's nothing to do with national security. It's because it's not legal to take every single telex. And they take everything: the embassies, all the business deals, even the birthday greetings, they take everything. They feed it into the Dictionary." *8 What the documentary did not reveal is that Dictionary is not just a British system; it is UKUSA-wide. Similarly, British researcher Duncan Campbell has described how the US Menwith Hill station in Britain taps directly into the British Telecom microwave network, which has actually been designed with several major microwave links converging on an isolated tower connected underground into the station.9 The NSA Menwith Hill station, with 22 satellite terminals and more than 4.9 acres of buildings, is undoubtedly the largest and most powerful in the UKUSA network. Located in northern England, several thousand kilometers from the Persian Gulf, it was awarded the NSA's "Station of the Year" prize for 1991 after its role in the Gulf War. Menwith Hill assists in the interception of microwave communications in another way as well, by serving as a ground station for US electronic spy satellites. These intercept microwave trunk lines and short range communications such as military radios and walkie talkies. Other ground stations where the satellites' information is fed into the global network are Pine Gap, run by the CIA near Alice Springs in central Australia and the Bad Aibling station in Germany. *10 Among them, the various stations and operations making up the ECHELON network tap into all the main components of the world's telecommunications networks. All of them, including a separate network of stations that intercepts long distance radio communications, have their own Dictionary computers connected into ECHELON. In the early 1990s, opponents of the Menwith Hill station obtained large quantities of internal documents from the facility. Among the papers was a reference to an NSA computer system called Platform. The integration of all the UKUSA station computers into ECHELON probably occurred with the introduction of this system in the early 1980s. James Bamford wrote at that time about a new worldwide NSA computer network codenamed Platform "which will tie together 52 separate computer systems used throughout the world. Focal point, or `host environment,' for the massive network will be the NSA headquarters at Fort Meade. Among those included in Platform will be the British SIGINT organization, GCHQ." *11 LOOKING IN THE DICTIONARY The Dictionary computers are connected via highly encrypted UKUSA communications that link back to computer data bases in the five agency headquarters. This is where all the intercepted messages selected by the Dictionaries end up. Each morning the specially "indoctrinated" signals intelligence analysts in Washington, Ottawa,Cheltenham, Canberra, and Wellington log on at their computer terminals and enter the Dictionary system. After keying in their security passwords, they reach a directory that lists the different categories of intercept available in the data bases, each with a four-digit code. For instance, 1911 might be Japanese diplomatic cables from Latin America (handled by the Canadian CSE), 3848 might be political communications from and about Nigeria, and 8182 might be any messages about distribution of encryption technology. They select their subject category, get a "search result" showing how many messages have been caught in the ECHELON net on that subject, and then the day's work begins. Analysts scroll through screen after screen of intercepted faxes, e-mail messages, etc. and, whenever a message appears worth reporting on, they select it from the rest to work on. If it is not in English, it is translated and then written into the standard format of intelligence reports produced anywhere within the UKUSA network either in entirety as a "report," or as a summary or "gist." INFORMATION CONTROL A highly organized system has been developed to control what is being searched for by each station and who can have access to it. This is at the heart of ECHELON operations and works as follows. The individual station's Dictionary computers do not simply have a long list of keywords to search for. And they do not send all the information into some huge database that participating agencies can dip into as they wish. It is much more controlled. The search lists are organized into the same categories, referred to by the four digit numbers. Each agency decides its own categories according to its responsibilities for producing intelligence for the network. For GCSB, this means South Pacific governments, Japanese diplomatic, Russian Antarctic activities, and so on. The agency then works out about 10 to 50 keywords for selection in each category. The keywords include such things as names of people, ships, organizations, country names, and subject names. They also include the known telex and fax numbers and Internet addresses of any individuals, businesses, organizations, and government offices that are targets. These are generally written as part of the message text and so are easily recognized by the Dictionary computers. The agencies also specify combinations of keywords to help sift out communications of interest. For example, they might search for diplomatic cables containing both the words "Santiago" and "aid," or cables containing the word "Santiago" but not "consul" (to avoid the masses of routine consular communications). It is these sets of words and numbers (and combinations), under a particular category, that get placed in the Dictionary computers. (Staff in the five agencies called Dictionary Managers enter and update the keyword search lists for each agency.) The whole system, devised by the NSA, has been adopted completely by the other agencies. The Dictionary computers search through all the incoming messages and, whenever they encounter one with any of the agencies' keywords, they select it. At the same time, the computer automatically notes technical details such as the time and place of interception on the piece of intercept so that analysts reading it, in whichever agency it is going to, know where it came from, and what it is. Finally, the computer writes the four-digit code (for the category with the keywords in that message) at the bottom of the message's text. This is important. It means that when all the intercepted messages end up together in the database at one of the agency headquarters, the messages on a particular subject can be located again. Later, when the analyst using the Dictionary system selects the four- digit code for the category he or she wants, the computer simply searches through all the messages in the database for the ones which have been tagged with that number. This system is very effective for controlling which agencies can get what from the global network because each agency only gets the intelligence out of the ECHELON system from its own numbers. It does not have any access to the raw intelligence coming out of the system to the other agencies. For example, although most of the GCSB's intelligence production is primarily to serve the UKUSA alliance, New Zealand does not have access to the whole ECHELON network. The access it does have is strictly controlled. A New Zealand intelligence officer explained: "The agencies can all apply for numbers on each other's Dictionaries. The hardest to deal with are the Americans. ... [There are] more hoops to jump through, unless it is in their interest, in which case they'll do it for you." There is only one agency which, by virtue of its size and role within the alliance, will have access to the full potential of the ECHELON system the agency that set it up. What is the system used for? Anyone listening to official "discussion" of intelligence could be forgiven for thinking that, since the end of the Cold War, the key targets of the massive UKUSA intelligence machine are terrorism, weapons proliferation, and economic intelligence. The idea that economic intelligence has become very important, in particular, has been carefully cultivated by intelligence agencies intent on preserving their post-Cold War budgets. It has become an article of faith in much discussion of intelligence. However, I have found no evidence that these are now the primary concerns of organizations such as NSA. QUICKER INTELLIGENCE,SAME MISSION A different story emerges after examining very detailed information I have been given about the intelligence New Zealand collects for the UKUSA allies and detailed descriptions of what is in the yards-deep intelligence reports New Zealand receives from its four allies each week. There is quite a lot of intelligence collected about potential terrorists, and there is quite a lot of economic intelligence, notably intensive monitoring of all the countries participating in GATT negotiations. But by far, the main priorities of the intelligence alliance continue to be political and military intelligence to assist the larger allies to pursue their interests around the world. Anyone and anything the particular governments are concerned about can become a target. With capabilities so secret and so powerful, almost anything goes. For example, in June 1992, a group of current "highly placed intelligence operatives" from the British GCHQ spoke to the London Observer: "We feel we can no longer remain silent regarding that which we regard to be gross malpractice and negligence within the establishment in which we operate." They gave as examples GCHQ interception of three charitable organizations, including Amnesty International and Christian Aid. As the Observer reported: "At any time GCHQ is able to home in on their communications for a routine target request," the GCHQ source said. In the case of phone taps the procedure is known as Mantis. With telexes it is called Mayfly. By keying in a code relating to Third World aid, the source was able to demonstrate telex "fixes" on the three organizations. "It is then possible to key in a trigger word which enables us to home in on the telex communications whenever that word appears," he said. "And we can read a pre-determined number of characters either side of the keyword."12 Without actually naming it, this was a fairly precise description of how the ECHELON Dictionary system works. Again, what was not revealed in the publicity was that this is a UKUSA-wide system. The design of ECHELON means that the interception of these organizations could have occurred anywhere in the network, at any station where the GCHQ had requested that the four-digit code covering Third World aid be placed. Note that these GCHQ officers mentioned that the system was being used for telephone calls. In New Zealand, ECHELON is used only to intercept written communications: fax, e-mail, and telex. The reason, according to intelligence staff, is that the agency does not have the staff to analyze large quantities of telephone conversations. Mike Frost's expos of Canadian "embassy collection" operations described the NSA computers they used, called Oratory, that can "listen" to telephone calls and recognize when keywords are spoken. Just as we can recognize words spoken in all the different tones and accents we encounter, so too, according to Frost, can these computers. Telephone calls containing keywords are automatically extracted from the masses of other calls and recorded digitally on magnetic tapes for analysts back at agency headquarters. However, high volume voice recognition computers will be technically difficult to perfect, and my New Zealand-based sources could not confirm that this capability exists. But, if or when it is perfected, the implications would be immense. It would mean that the UKUSA agencies could use machines to search through all the international telephone calls in the world, in the same way that they do written messages. If this equipment exists for use in embassy collection, it will presumably be used in all the stations throughout the ECHELON network. It is yet to be confirmed how extensively telephone communications are being targeted by the ECHELON stations for the other agencies. The easiest pickings for the ECHELON system are the individuals, organizations,and governments that do not use encryption. In New Zealand's area, for example, it has proved especially useful against already vulnerable South Pacific nations which do not use any coding, even for government communications (all these communications of New Zealand's neighbors are supplied, unscreened, to its UKUSA allies). As a result of the revelations in my book, there is currently a project under way in the Pacific to promote and supply publicly available encryption software to vulnerable organizations such as democracy movements in countries with repressive governments. This is one practical way of curbing illegitimate uses of the ECHELON capabilities. One final comment. All the newspapers, commentators, and "well placed sources" told the public that New Zealand was cut off from US intelligence in the mid-1980s. That was entirely untrue. The intelligence supply to New Zealand did not stop, and instead, the decade since has been a period of increased integration of New Zealand into the US system. Virtually everything the equipment, manuals, ways of operating, jargon, codes, and so on, used in the GCSB continues to be imported entirely from the larger allies (in practice, usually the NSA). As with the Australian and Canadian agencies, most of the priorities continue to come from the US, too. The main thing that protects these agencies from change is their secrecy. On the day my book arrived in the book shops, without prior publicity, there was an all-day meeting of the intelligence bureaucrats in the prime minister's department trying to decide if they could prevent it from being distributed. They eventually concluded, sensibly, that the political costs were too high. It is understandable that they were so agitated. Throughout my research, I have faced official denials or governments refusing to comment on publicity about intelligence activities. Given the pervasive atmosphere of secrecy and stonewalling, it is always hard for the public to judge what is fact, what is speculation, and what is paranoia. Thus, in uncovering New Zealand's role in the NSA-led alliance, my aim was to provide so much detail about the operations the technical systems, the daily work of individual staff members, and even the rooms in which they work inside intelligence facilities that readers could feel confident that they were getting close to the truth. I hope the information leaked by intelligence staff in New Zealand about UKUSA and its systems such as ECHELON will help lead to change. n CAQ SUBSCRIPTION INFORMATION CAQ (CovertAction Quarterly) has won numerous awards for investigative journalism. In 1996, it won 4 of "Project Censored" top 25 awards for investigative reporting. CAQ is read around the world by investigative reporters, activists, scholars, intelligence buffs, news junkies, and anyone who wants to know the news and analysis behind the soundbites and headlines. Recommended by Noam Chomsky; targeted by the CIA. Each article in the 64-page magazine, which is in its 19th year of publication, is extensively footnoted and accompanied by photographs and graphics. For a single issue, send $6. A one year subscription: US $22; Canada/Mexico $27; Latin America/Europe $33; Other areas $35. A two year US subscription is $38 Please send check or money order in $US to: CAQ 1500 Massachusetts Ave. #732 Washington, DC 20005, USA Mail, phone or fax Mastercard or Visa with address info and expiration date Phone: 202-331-9763 Fax: 202-331-9751 E-mail: caq at igc.org CHECK OUT OUR WEB SITES: http://mediafilter.org/caq http://www.worldmedia.com/caq ** End of text from cdp:covertaction ** *************************************************************************** This material came from PeaceNet, a non-profit progressive networking service. For more information, send a message to peacenet-info at igc.apc.org *************************************************************************** From azur at netcom.com Fri Dec 13 15:10:33 1996 From: azur at netcom.com (Steve Schear) Date: Fri, 13 Dec 1996 15:10:33 -0800 (PST) Subject: [Privacy] Airline background checks... Message-ID: >WASHINGTON (CNN) -- Under plans to overhaul the airline security system, >making a plane reservation would trigger an instant profile of a >passenger's background, including past travels and possible criminal >history information. > >[...] > >Government should pay > [snip] >"It's not an airline or airport problem. It's a national security problem," >Lally said. "Airports and airlines are surrogate targets. The real targets >are the policies and government of the United States." > For those of you not aware of airport procedures, the real terrorism threats are not only from ground personnel but those impersonating LEOs (Law Enforcement Officers). Fake badges are easy to come by and by filling in a form anyone can get on board an airline with their firearm. No procedures are currently in place to allow airline or airport security personnel to easily and positively identify bogus LEOs. From nobody at cypherpunks.ca Fri Dec 13 15:23:11 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald, a remailer node) Date: Fri, 13 Dec 1996 15:23:11 -0800 (PST) Subject: In Defense of Anecdotal Evidence Message-ID: <199612132316.PAA17263@cypherpunks.ca> At 9:54 AM 12/13/1996, Rob Carlson wrote: >This doesn't make studies or statistical evidence true. Just more >reliable than anecdotal evidence. Humans who will lie about their >observations will also produce flawed studies. Again the former >(anecdotal) is unverifiable, but I can check the latter (statistical) >independently. One other point I forgot to make: It is expensive to verify a long statistical study. Not only does it require extensive knowledge of statistics, but you may actually need to reproduce much of the work. The only people who can afford to pay for such verification work may not be the same people that I would trust. Anecdotal evidence is inexpensive to collect. In many circumstances the cost benefit analysis favors it. Red Rackham From nobody at huge.cajones.com Fri Dec 13 15:26:35 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Fri, 13 Dec 1996 15:26:35 -0800 (PST) Subject: Social Security Fraud Message-ID: <199612132326.PAA26492@mailmasher.com> At 1:15 AM 12/13/1996, Huge Cajones Remailer wrote: >>What laws would an employee violate? What are the chances of >>conviction? What are the likely penalties if convicted? > > ...upon conviction thereof, be fined not more than $1,000, or >imprisoned not more than 1 year, or both." Ouch! >.. . shall be guilty of a felony and upon conviction thereof shall be >fined under title 18 or imprisoned for not more than five years, or >both." Yikes! Thanks to Catfish Friend for the fine research work. So how often are people prosecuted under these laws? That is, if you pay your taxes and don't steal from people, but do give your employer the wrong SS number, what are the odds that you will be prosecuted? If prosecuted, are the odds high that you will receive jail time? Assume a good lawyer, spotless criminal record, and a favored racial class. Red Rackham From blancw at microsoft.com Fri Dec 13 15:35:13 1996 From: blancw at microsoft.com (Blanc Weber) Date: Fri, 13 Dec 1996 15:35:13 -0800 (PST) Subject: Is This for Real? Message-ID: Can you trust anecdotal evidence? Are the statisticians lying, are the marketeers just keeping you entranced; do covert agencies send electromagnet currents through your body, are blatant, secret plots against your privacy in place? Stay tuned for the latest update from . . . P s y c h o P u n k s ! * Yikes - now we need a discussion on teleology & epistemology. .. Blanc * (just kidding. It's Friday afternoon) From nobody at huge.cajones.com Fri Dec 13 16:43:10 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Fri, 13 Dec 1996 16:43:10 -0800 (PST) Subject: Is This for Real? Message-ID: <199612140035.QAA07577@mailmasher.com> At 3:35 PM 12/13/1996, Blanc Weber wrote: >Can you trust anecdotal evidence? > > Are the statisticians lying, > are the marketeers just keeping you entranced; > do covert agencies send > electromagnet currents through your body, > are blatant, secret plots against your privacy > in place? > >Stay tuned for the latest update from . . . > > P s y c h o P u n k s ! * > > >Yikes - now we need a discussion on teleology & epistemology. > > .. >Blanc >* (just kidding. It's Friday afternoon) It's not the Cypherpunks that are crazy - it's the world! ;-) Perhaps an example will be persuasive. Richard Feynman had some interesting things to say about the history of measured charge of the electron. If you look at a graph of the "official" value over time you will find that it drifts downwards to the correct value, or at any rate the value which is universally accepted today. If the charge on the electron has been constant this century - and that seems safe - you would have expected the results of each successive study to be scattered around the actual value. Instead, they start out a little below Milliken's original value and steadily move downward. The most likely explanation is that the experimenters did not want to seem too far out in their results and fudged them. (This is Feynman's explanation.) The charge of the electron is verifiable "hard" science to a degree the social sciences cannot even dream of approaching, and yet we find that the "professionals" were fudging their results. Not just one or two, but a whole flock of them working independently. The charge of the electron is hard for people to get worked up over. It has no political relevance. There is no real reason to boost its value. The social sciences, however, are political in the extreme. Aside from issues of anticipated future earnings (or even employment), many social scientists have strong political beliefs which motivate their work. Given that their studies are often not reproduced - one study can take many years to complete - and that they contradict each other when they are reproduced, I do not feel unlimited confidence in their conclusions. Red Rackham From AwakenToMe at aol.com Fri Dec 13 16:43:40 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Fri, 13 Dec 1996 16:43:40 -0800 (PST) Subject: Social Security Fraud Message-ID: <961213191851_1424786535@emout08.mail.aol.com> It seems to me the government wouldn't like it because someone else (the real owner of the SS#) would be getting the $$$. It is also fraud because this is how the government keeps track of your workplace. Giving a wrong ss# would lead the government to believe that person with that ss# is working two jobs and only paying the taxes in april for one job. From sandfort at crl.com Fri Dec 13 16:45:08 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 13 Dec 1996 16:45:08 -0800 (PST) Subject: Wired Integrity In-Reply-To: <199612132111.NAA14618@cypherpunks.ca> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Fri, 13 Dec 1996 nobody at cypherpunks.ca wrote: > The latest issue of Wired has a nice article about Sameer Parekh > and C2Net. > > What is troubling is that it is written by Sandy Sandfort who > works at C2Net. There is no indication of this in the vicinity > of the Wired article. The piece was commissioned in early summer. It was originally slated to run in the fall. For one reason or another it kept getting pushed back and only just not made it to the light of day. Att the time I wrote and submitted the article I neither worked for Sameer, nor had I applied for a position, nor was I being considered for one (at least, not to my knowledge). When I went to work for Sameer, but before the article was published, I informed my editor of the possible APPEARANCE of a conflict of interest. He did not have a problem with it. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From ghio at myriad.alias.net Fri Dec 13 16:55:02 1996 From: ghio at myriad.alias.net (Matthew Ghio) Date: Fri, 13 Dec 1996 16:55:02 -0800 (PST) Subject: !! Point 'n Crypt -- Win95 Privacy for Everyone !! In-Reply-To: <01BBE7FB.2D4DC6A0@dialup13.blarg.net> Message-ID: <199612140049.TAA24734@myriad> walt at blarg.net (Walt Armour) wrote: > Point 'n Crypt uses 40-bit DES-CBC (exportable), salted SHA passphrases, > and conforms to PKCS #5 and PKCS #7. 40bit encryption isn't much security at all. If you've got something important enough to encrypt, then it's important enough to find a proper encryption program. Why would anyone buy this shit? (That's a rhetorical question, of course; the answer is because some people are stupid...) From ghio at myriad.alias.net Fri Dec 13 17:15:28 1996 From: ghio at myriad.alias.net (Matthew Ghio) Date: Fri, 13 Dec 1996 17:15:28 -0800 (PST) Subject: Neural Nets In-Reply-To: <3.0.32.19961212164107.006c0ea0@best.com> Message-ID: <199612140109.UAA24830@myriad> geeman at best.com wrote: > This comes up once in a while --- it appears an inappropriate approach, > they say, since the solution space for the problem consists of exactly > one spike, in the vast sea of all possible solutions ... there is no > smooth contour over which to minimize the net's error function, and > finding the one spike which is the correct result is no more efficient > in such a case than any other exhaustive search. > > This argument would break down if there were detectable biases in the > crypto algorithm that you could exploit. But then whether a nn would > be the tool of choice in such a case may be uncertain. Detecting and exploting biases of encrypted bits vs plaintext bits is the basis of many well-known techniques which are known as differential and linear cryptanalysis. I think it would certainly be possible to perform differential cryptanalysis via an evolutionary algorithm which looked for correlations and favored those which were statistically more likely. Of course, any well-designed algorithm should make it take an impractically large number of iterations to discover any useful relations, but the technique would probably work pretty well against common snakeoil. From nobody at cypherpunks.ca Fri Dec 13 17:52:50 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald, a remailer node) Date: Fri, 13 Dec 1996 17:52:50 -0800 (PST) Subject: Wired Integrity Message-ID: <199612140137.RAA20020@cypherpunks.ca> At 4:35 PM 12/13/1996, Sandy Sandfort wrote: >> What is troubling is that it is written by Sandy Sandfort who >> works at C2Net.... > >...At the time I wrote and submitted the article I neither worked >for Sameer... Thank you for the clear explanation. Just so you know, I did not doubt your integrity for an instant. Wired should have appended a short paragraph explaining the possible conflict of interest. The Little Green Man From snow at smoke.suba.com Fri Dec 13 18:21:07 1996 From: snow at smoke.suba.com (snow) Date: Fri, 13 Dec 1996 18:21:07 -0800 (PST) Subject: Java DES breaker? In-Reply-To: Message-ID: <199612140240.UAA02300@smoke.suba.com> Vulis wrote: > More than one person writes: > > Vulis wrote: > > > It would be very foolish to touch any shit that comes out of Cygnus. > > Why? (specifically, I am about to try using a GCC port to WinNT, and > > I would like to know _why_ you think their work is shit). > First, because it's King John "Lackbrain" Gilmore's company. :-) That doesn't say anything about the quality of their work. > Second, because they hire unqualified people (rather, people whose > qualifications have nothing to do with the job) and they've already > fucked up every project they've ever touched. Given your statements about Gilmore, can you provide any specifics about individuals lack of competence in a given area? > Third, because they steal from the people who originally developed the > free software by charging money for the non-existent "support". How is this "stealing"? The GNU license explicitly (IIRC) allows this, and it doesn't take anything _away_ from the developer. I don't see how it is stealing. > I'm quite happy with MS VC++ for NT. I doubt that Cygnus can do a good job Where can I download MS VC++ (Microsoft, now there is a company with a marvelous reputation for sterling products.) for the cost of my Internet connection? > porting gcc to NT. People much better than the assholes at Cygnus have not > done a great job porting gcc to OS/2. If I want gcc, I just run it on the > Linux box, or a Sun box. I already use Linux, and I need to learn NT, so I would like to have a compiler, and I can't afford one. It would be nice to be able to learn one compiler that works under both platforms. I don't do enough programming to be able to justify MS VC++, and I don't have piles of cash hanging around waiting for me to throw them at Satan. > Fuck Cygnus. Fuck Shrinkwrapped software. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From blancw at microsoft.com Fri Dec 13 18:31:07 1996 From: blancw at microsoft.com (Blanc Weber) Date: Fri, 13 Dec 1996 18:31:07 -0800 (PST) Subject: Is This for Real? Message-ID: From: nobody at huge.cajones.com/aka Red Rackham It's not the Cypherpunks that are crazy - it's the world! ;-) ........................................................ That's right, Red. Actually, I'm not in need of persuasion regarding the subject of evidence (anecdotal or otherwise). I'm aware of human nature and the frailties of intellect/psychology which can affect the results. It's easy to trust another's word when one does not have much knowledge of what can go wrong or doesn't know "how to know", or how to distinguish between fact & fancy. It's also easy to ignore evidence even when it is blatantly apparent, so that no amount of persuasion will convince a person to give up a mistaken conclusion. There are vested interests at work in the things people do, and it is sometimes shocking to realize that these have been at play when one wasn't expecting it, as in your example from Richard Feynman. That is why it is very important to always note whose interest is being served in any sort of persuasive bit of news from any source. A good question to keep in mind is "what are they trying to accomplish". .. Blanc > > From jya at pipeline.com Fri Dec 13 19:09:21 1996 From: jya at pipeline.com (John Young) Date: Fri, 13 Dec 1996 19:09:21 -0800 (PST) Subject: CPU_two Message-ID: <1.5.4.32.19961214030601.00688d48@pop.pipeline.com> 12-13-96 "A hardware device may offer a solution to software virus problems" Calluna, a Scottish disc drive company, has developed a hardware product which it believes offers computers complete protection against viruses. It consists of a microprocessor on a small circuit board which is placed between the PC's hard disc drive and its system board, and which functions independently of the PC's own CPU as a second CPU. The microprocessor can be programmed to monitor all traffic being routed to the PC's hard disc drive. If it detects virus-like activity or any other illegal activity it alerts the user and allows the option of blocking access to the hard disc drive. The second CPU could also be allocated partitioned sections of the computer's hard drive to store all material downloaded from the Internet. Or the device could be used as a firewall to prevent unauthorised access to the PC's hard drive. [Might this have crypto use?] ----- CPU_two From dlv at bwalk.dm.com Fri Dec 13 19:10:13 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 13 Dec 1996 19:10:13 -0800 (PST) Subject: ASM vs portable code [WAS: Re: Java DES breaker?] In-Reply-To: <199612131527.HAA07125@cygnus.com> Message-ID: "Peter Trei" writes: > While I'm reluctant to ever find myself in the same corner as > Vulis, ... Don't worry, you're not. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Fri Dec 13 19:10:24 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 13 Dec 1996 19:10:24 -0800 (PST) Subject: Java DES breaker? In-Reply-To: <199612140240.UAA02300@smoke.suba.com> Message-ID: > > > > It would be very foolish to touch any shit that comes out of Cygnus. > > > Why? (specifically, I am about to try using a GCC port to WinNT, and > > > I would like to know _why_ you think their work is shit). > > > First, because it's King John "Lackbrain" Gilmore's company. :-) > > That doesn't say anything about the quality of their work. It does. John Gilmore is a proven liar. He has no credibility. > > Second, because they hire unqualified people (rather, people whose > > qualifications have nothing to do with the job) and they've already > > fucked up every project they've ever touched. > > Given your statements about Gilmore, can you provide any specifics > about individuals lack of competence in a given area? They lack competence in all areas except cocksucking. > > Third, because they steal from the people who originally developed the > > free software by charging money for the non-existent "support". > > How is this "stealing"? The GNU license explicitly (IIRC) allows > this, and it doesn't take anything _away_ from the developer. I don't > see how it is stealing. John Gilmore rips off software authors. I don't care what the copyleft says. Gilmore is a crook. > > I'm quite happy with MS VC++ for NT. I doubt that Cygnus can do a good job > > Where can I download MS VC++ (Microsoft, now there is a company with a > marvelous reputation for sterling products.) for the cost of my Internet > connection? Given your brazen disregard for the software authors, and general lack of ethics, you probably have an illegal copy already. Microsoft sucks. I've had plenty of terrible experience with them trying to rip me off. John Gilmore is worse. > > porting gcc to NT. People much better than the assholes at Cygnus have not > > done a great job porting gcc to OS/2. If I want gcc, I just run it on the > > Linux box, or a Sun box. > > I already use Linux, and I need to learn NT, so I would like to have > a compiler, and I can't afford one. It would be nice to be able to learn > one compiler that works under both platforms. I don't do enough programming > to be able to justify MS VC++, and I don't have piles of cash hanging around > waiting for me to throw them at Satan. If you don't do much programming, then you can a) use a DOS C compiler, b) use Perl for NT (free from Microsoft; not that I like Perl), c) use Visual Basic, d) byte the bullet and invest in the compiler from the same company that wrote the OS. If you want to learn NT system APIs, graphics APIs, etc, then you probably can't even call them from gcc reliably. > > Fuck Cygnus. > > Fuck Shrinkwrapped software. Fuck John Gilmore. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From frantz at netcom.com Fri Dec 13 19:14:15 1996 From: frantz at netcom.com (Bill Frantz) Date: Fri, 13 Dec 1996 19:14:15 -0800 (PST) Subject: NSA/UKUSA Echelon: Exposing the Global Surveillance System In-Reply-To: <199612132258.OAA06522@toad.com> Message-ID: At 2:58 PM -0800 12/13/96, John Gilmore wrote: >I don't know the truth of this, but I'm sure it will make >interesting reading. -- John > >... >********Hager's book "secret Power" > is available from CAQ for $33.******* >http://mediafilter.org/caq >http://www.worldmedia.com/caq Most of the information in the article is also in "Secret Power". A couple of items I saw that were not mentioned: * Most major government communication is encrypted. New Zealand is still able to get early warning of things like French nuclear tests via traffic analysis. * Singapore was part of the listening network until there was too much publicity. (They may again be hosting a listening post.) * There was a listening post in Hong Kong which has been decommissioned because of the lease expiration. (Too bad the Brits didn't get an option to renew :-).) J random thoughts: * Pooling of resources in this manner lets the taxpayer's money go further. * NSA etc. could solve the problem of which companies to give their commercial intelligence to by selling it to the highest bidder. These sales could possibly replace their current off-books funding kludge. * As more is learned of the listening network, there is less incentive to keep it secret, and more incentive to publicly use the intercepts. This incentive for secrecy has probably protected many individuals in the past. ------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA From tcmay at got.net Fri Dec 13 20:24:44 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 13 Dec 1996 20:24:44 -0800 (PST) Subject: Race and IQ In-Reply-To: <32B03E27.5EF9@gte.net> Message-ID: At 10:31 PM -0600 12/12/96, Igor Chudov @ home wrote: >All this "environment" stuff is rather easy to test and control for: take >two groups of children -- one from one race, another from another race, >who live in essentially the same conditions. Then compare the average IQs >and check statistical validity of your samples. > >There was one study. They took a number of white adopted children and a >number of black adopted children, and made sure that they controlled for >other conditions such as adopted parents' income, etc. > >Guess what was the result of IQ tests of children? Ah, but the rub is factoring in cultural factors which remain. As an example, a black child raised under similar socioeconomic conditions to, say, a Jewish or Chinese child will still be to some extent a product of his culture. (In fact, even a black child raised in a white neighborhood by adoptive white parents will still have some a different learning experience than a white child raised in the same environment. If not initially, eventually.) I'm not saying this to "defend" any particular ethnic or racial group in this IQ debate, just to point out that cultural factors are not so easily separable in the way Igor describes. (For the curious, I am persuaded that there are minimal differences in "intelligence" between the several or many races, but that cultural and sociological factors strongly affect upbringing, learning, interest in doing well in school, ability on standardized tests, success in business matters, and so on.) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ph at netcom.com Fri Dec 13 21:15:44 1996 From: ph at netcom.com (Peter Hendrickson) Date: Fri, 13 Dec 1996 21:15:44 -0800 (PST) Subject: Magic Numbers in MD5 Message-ID: I am curious where some of the magic numbers in MD5 originated. First, we have the four chaining variables, A, B, C, and D which are initialized with apparently random numbers. Are they as random as they look, or are they carefully chosen? Second, we have the t_i values. Schneier's first edition says this: "In step i, t_i is the integer part of 4294967296xabs(sin(i)), when i is in radians. (Note that 4294967296 is 2^32.)" Does abs(sin()) have some properties that are especially conducive to strengthening MD5 or is it just a function to generate mildly random numbers? If the latter, wouldn't the algorithm be stronger if it was used with completely random numbers? Peter Hendrickson ph at netcom.com From ichudov at algebra.com Fri Dec 13 21:59:54 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Fri, 13 Dec 1996 21:59:54 -0800 (PST) Subject: Race and IQ In-Reply-To: Message-ID: <199612140552.XAA22907@manifold.algebra.com> Timothy C. May wrote: > > At 10:31 PM -0600 12/12/96, Igor Chudov @ home wrote: > > >All this "environment" stuff is rather easy to test and control for: take > >two groups of children -- one from one race, another from another race, > >who live in essentially the same conditions. Then compare the average IQs > >and check statistical validity of your samples. > > > >There was one study. They took a number of white adopted children and a > >number of black adopted children, and made sure that they controlled for > >other conditions such as adopted parents' income, etc. > > > >Guess what was the result of IQ tests of children? > > Ah, but the rub is factoring in cultural factors which remain. As an > example, a black child raised under similar socioeconomic conditions to, > say, a Jewish or Chinese child will still be to some extent a product of > his culture. > > (In fact, even a black child raised in a white neighborhood by adoptive > white parents will still have some a different learning experience than a > white child raised in the same environment. If not initially, eventually.) > > I'm not saying this to "defend" any particular ethnic or racial group in > this IQ debate, just to point out that cultural factors are not so easily > separable in the way Igor describes. > > (For the curious, I am persuaded that there are minimal differences in > "intelligence" between the several or many races, but that cultural and > sociological factors strongly affect upbringing, learning, interest in > doing well in school, ability on standardized tests, success in business > matters, and so on.) > A good point. I personally think that whatever we find -- whether there are genetic differences or not -- is not terribly important since one can make the most money by judging individual people by their merit. It is an interesting academic question, but for a businessman (absent anti-discrimination laws) it is not very relevant. - Igor. From shamrock at netcom.com Fri Dec 13 22:37:18 1996 From: shamrock at netcom.com (Lucky Green) Date: Fri, 13 Dec 1996 22:37:18 -0800 (PST) Subject: ITARs effects Message-ID: <3.0.32.19961213222456.006b3248@netcom14.netcom.com> At 10:06 AM 12/13/96 -0500, Adam Shostack wrote: >This implies that putting something up for FTP == export. Holy >shit. Sure. What did you expect? -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://ourworld.compuserve.com/homepages/justforfun/prime.htm From shamrock at netcom.com Fri Dec 13 22:37:21 1996 From: shamrock at netcom.com (Lucky Green) Date: Fri, 13 Dec 1996 22:37:21 -0800 (PST) Subject: [Privacy] Airline background checks... Message-ID: <3.0.32.19961213223437.006bd61c@netcom14.netcom.com> At 11:53 AM 12/13/96 -0800, aaron at herringn.com wrote: > >WASHINGTON (CNN) -- Under plans to overhaul the airline security system, >making a plane reservation would trigger an instant profile of a >passenger's background, including past travels and possible criminal >history information. > >[...] > >Government should pay Just in case that somebody isn't clear as to what "government should pay" means. It means you and I through out taxes. -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://ourworld.compuserve.com/homepages/justforfun/prime.htm From nobody at huge.cajones.com Fri Dec 13 22:43:20 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Fri, 13 Dec 1996 22:43:20 -0800 (PST) Subject: Race and IQ Message-ID: <199612140643.WAA32553@mailmasher.com> At 8:30 PM 12/13/1996, Timothy C. May wrote: >(For the curious, I am persuaded that there are minimal differences >in "intelligence" between the several or many races, but that >cultural and sociological factors strongly affect upbringing, >learning, interest in doing well in school, ability on standardized >tests, success in business matters, and so on.) The question is certainly interesting scientifically. Some Africans exhibit skills which are not found elsewhere. For example, in some African societies, I am told, there are people who can do things like play a drum with the left hand to 13 beats a measure and do something like 17 beats a measure with the right hand. Those who aren't amazed by this should try doing three beats on the left hand with two on the right. Call me when you master it. ;-) If you lived in a society where this skill was considered an important component of social success, most of us would appear to be retarded. (Consider, for example, the ancient Chinese civilization. Appointment into the imperial bureaucracy occured only after the applicants passed elaborate tests regarding their knowledge and interpretation of poetry. That was the entire qualification.) It has been claimed that African societies have never been "civilized" in the sense of developing large bureaucracies and cities. When many people make this claim there is an implication that the more with it peoples did this. But is that so reasonable? Read reports of life in European cities in the 18th century, before running water and before sewage systems. Give me the country any day! Many of the readers of this list are anarchistically inclined. When we hear that African societies have tended to be anarchistic, we should applaud their wisdom and insight. Perhaps these people could teach the rest of us a few things. (And maybe teach Hilary Clinton a few things. Is there a history of welfare states in Africa, or did they practice voluntary anarchistic communal charity on the level of villages?) It is not out of the question that once the human genome is decoded and its relationship with human intelligence understood that we will find that Africans beat out everyone else. (Incidentally, I question the claim that African societies never developed cities and bureacracies. The Egyptians are the most prominent example. Mathematically adept and literate they prospered for a couple thousand years. A better run than the Romans managed! We tend to think of Egyptians as being sort of like Europeans. I believe this is because Europeans invented Egyptology. Excuse me for pointing out the obvious, but Egypt is in Africa. What is more, if you study Egyptian statuary, you will find many examples of distinctly African looking royalty. Also, I know that cities like Timbuktoo were centers of Muslim learning and were large enough to have streets and houses. We may know little about them because Europeans were not allowed to visit, and also for racist reasons.) Scientific questions aside, it isn't clear why the racial link to intelligence matters. What are we going to do differently if it turns out that, on average, for genetic reasons, Albanians are less quick on the uptake than other people? The link between intelligence and success is not at all clear. We generally consider mathematicians and computer programmers to be smart, but in terms of total life competence, large numbers of these people live less than ideally. There are many instances in which I prefer to hire somebody who is less intelligent, but better equipped to play on the team, better organized, or just less of a primadonna. The eugenicists propose murder. This doesn't make any sense at all. We all have friends who are both smarter and dumber than ourselves, yet we don't plot their murder. Intelligence is just an excuse for what these people really want to do. If God came down and told us that there was no genetic basis for intelligence, next week there would be some other reason for the same policy. On the flip side are those who want to help the unfortunate with the time and labor of others. A racial link to intelligence will not increase my sympathy for such schemes. The upshot is: If you respect the rights of others, it doesn't matter. Now for some entertainment. Oliver Wendell Holmes, when he was a judge in Virginia, ordered the forcible sterilization of several young women. The state would wait until they became ill and then when they were admitted to a hospital, they were sterilized under the guise of giving them some other operation. Holmes claimed that the grandmothers of the women were imbeciles, their mothers were imbeciles, and that they were imbeciles. His great line was "Three generations of imbeciles are enough!" Curiously, it turns out that the word "imbecile" was a euphemism for "illegitimate". Know your doctor! Red Rackham From walt at blarg.net Fri Dec 13 22:43:29 1996 From: walt at blarg.net (Walt Armour) Date: Fri, 13 Dec 1996 22:43:29 -0800 (PST) Subject: !! Point 'n Crypt -- Win95 Privacy for Everyone !! Message-ID: <01BBE945.3B9BC4A0@dialup36.blarg.net> There is no arguing that 40 bits is strong security. I agree with that. But we (Soundcode, and anyone else in the business of crypto) have to also look at things from the standpoint of market share and market size. Exportability directly affects market size and weighs in fairly heavily. (Which is why ITAR (oops, Commerce) restrictions bite). Which is why the current offering is 40 bits. As for security, the current release of PnC is primarily targetting privacy, not security. They are two very similar but different approaches. 40 bits is sufficient to encrypt files and keep them away from friends, family and coworkers (unless you work at the NSA). The point of Point 'n Crypt is to attempt to make encryption technology easily useable and widespread. If anything you have is of such a nature that 40 bits isn't enough protection then by all means don't use PnC (at least not this version :). As for your final point, I agree, some people are stupid. But part of the purpose of being a cypherpunk (and SoundCode) is to educate those that can be educated. Sometimes education just has to take pretty small steps... later, walt ---------- From: Matthew Ghio[SMTP:ghio at myriad.alias.net] Sent: Friday, December 13, 1996 4:49 PM To: walt at blarg.net Cc: cypherpunks at toad.com Subject: Re: !! Point 'n Crypt -- Win95 Privacy for Everyone !! walt at blarg.net (Walt Armour) wrote: > Point 'n Crypt uses 40-bit DES-CBC (exportable), salted SHA passphrases, > and conforms to PKCS #5 and PKCS #7. 40bit encryption isn't much security at all. If you've got something important enough to encrypt, then it's important enough to find a proper encryption program. Why would anyone buy this shit? (That's a rhetorical question, of course; the answer is because some people are stupid...) From svmcguir at syr.edu Fri Dec 13 23:11:21 1996 From: svmcguir at syr.edu (Scott V. McGuire) Date: Fri, 13 Dec 1996 23:11:21 -0800 (PST) Subject: your mail In-Reply-To: <199612132143.PAA19967@manifold.algebra.com> Message-ID: On Fri, 13 Dec 1996, Igor Chudov @ home wrote: > Huge Cajones Remailer wrote: ... snip ... > > -- > > Greg Broiles | US crypto export control policy in a nutshell: > > gbroiles at netbox.com | > > http://www.io.com/~gbroiles | Export jobs, not crypto. > > | > > > > :-( > > Does anyone have any suggestions (checklists of things to do, etc.) > for people who are afraid of accidentally disclosing their anonymous > identities? It seems to be a common problem that anonymity is violated > because people simply screw up with their remailing software. > > > - Igor. > If possible, I suggest using a multi-user operating system (link linux etc.) and setting up an account specifically for an anonymous user/nym. Don't use the account for any non nym stuff. This way, for example, there won't be a signature file with a real name that might get accidently appended to an email. -------------------- Scott V. McGuire PGP key available at http://web.syr.edu/~svmcguir Key fingerprint = 86 B1 10 3F 4E 48 75 0E 96 9B 1E 52 8B B1 26 05 From shamrock at netcom.com Fri Dec 13 23:17:45 1996 From: shamrock at netcom.com (Lucky Green) Date: Fri, 13 Dec 1996 23:17:45 -0800 (PST) Subject: [No joke] The Feds may legally gas us Message-ID: <3.0.32.19961213231550.00698d18@netcom14.netcom.com> Folks, Did you know that the Feds may legally test chemical and biological weapons on the civilian population as long as they give 30 days advance notice to the local bigwigs (so they can get themselves and their families out of the danger zone)? This is not a joke. It is in the United States Code. >Return-Path: >From: JT McBride >Subject: Under color of Law >Date: Fri, 13 Dec 1996 05:34:55 -0800 >BestServHost: lists.best.com >Sender: ca-firearms-errors at lists.best.com >Errors-To: ca-firearms-errors at lists.best.com >To: ca-firearms at lists.best.com > > >I just heard about this on Art Bell's program, but this is United States >Code, Title 50, section 1520. Under the NBC program, our government has >the 'legal' right to gas us. This ought to be all the proof we need that >what is "lawful" isn't necessarily. > >If we can be gassed, why can't we be disarmed? > >There are rights that transcend "law". I'd say LIFE is one, and the need >for self-defense against tyranny should be clear. > >>From the Cornell Law Library: > [Credits and Conditions] [Structure] [Your Comments] > > * UNITED STATES CODE > o TITLE 50 - WAR AND NATIONAL DEFENSE > + CHAPTER 32 - CHEMICAL AND BIOLOGICAL WARFARE PROGRAM > >---------------------------------------------------------------------------- > >� 1520. Use of human subjects for testing of chemical or biological agents >by Department of Defense; accounting to Congressional committees with >respect to experiments and studies; notification of local civilian officials > > * (a) Not later than thirty days after final approval within the > Department of Defense of plans for any experiment or study to be > conducted by the Department of Defense, whether directly or under > contract, involving the use of human subjects for the testing of > chemical or biological agents, the Secretary of Defense shall supply > the Committees on Armed Services of the Senate and House of > Representatives with a full accounting of such plans for such > experiment or study, and such experiment or study may then be conducted > only after the expiration of the thirty-day period beginning on the > date such accounting is received by such committees. > * (b) > o (1) The Secretary of Defense may not conduct any test or > experiment involving the use of any chemical or biological agent > on civilian populations unless local civilian officials in the > area in which the test or experiment is to be conducted are > notified in advance of such test or experiment, and such test or > experiment may then be conducted only after the expiration of the > thirty-day period beginning on the date of such notification. > o (2) Paragraph (1) shall apply to tests and experiments conducted > by Department of Defense personnel and tests and experiments > conducted on behalf of the Department of Defense by contractors. > >---------------------------------------------------------------------------- > [Previous Section] [Next Section] > > [Overview] > >---------------------------------------------------------------------------- >This HTML is automatically generated. A product of the Legal Information >Institute >shelden > > >Jim >The "Assault Weapons" ban is drive-by legislation. The target: Crime; >the victimized innocent bystander: the lawfully armed Citizen. > ~*~*~ Tyranny Insurance by Colt's Manufacturing Cos. ~*~*~ > > -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://ourworld.compuserve.com/homepages/justforfun/prime.htm From frantz at netcom.com Fri Dec 13 23:32:20 1996 From: frantz at netcom.com (Bill Frantz) Date: Fri, 13 Dec 1996 23:32:20 -0800 (PST) Subject: Personal Reputation, was Re: Java DES breaker? In-Reply-To: <199612140240.UAA02300@smoke.suba.com> Message-ID: At 6:39 PM -0800 12/13/96, Dr.Dimitri Vulis KOTM wrote: >It does. John Gilmore is a proven liar. He has no credibility. John will be a much later addition to my killfile than you. This is because everything he posts is interesting. Much of what you post is personal attack and, as such, uninteresting. (N.B. aga is the only person I send directly to the trash at present.) ------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA From EALLENSMITH at ocelot.Rutgers.EDU Fri Dec 13 23:34:04 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Fri, 13 Dec 1996 23:34:04 -0800 (PST) Subject: Race and IQ Message-ID: <01ICZFVCL2QMAEL9I4@mbcl.rutgers.edu> From: IN%"ichudov at algebra.com" 14-DEC-1996 02:25:51.19 >From: TCMay: >> (For the curious, I am persuaded that there are minimal differences in >> "intelligence" between the several or many races, but that cultural and >> sociological factors strongly affect upbringing, learning, interest in >> doing well in school, ability on standardized tests, success in business >> matters, and so on.) It would appear that many of these factors that you mention are correlated together, based on that performance on IQ (and even more background-dependent standardized tests such as the SAT) is highly correlated with academic and business success. >A good point. I personally think that whatever we find -- whether there >are genetic differences or not -- is not terribly important since one >can make the most money by judging individual people by their merit. Agreed on both counts. The differences (whatever origin they have) detected by standardized tests between group averages are vastly outweighed by individual differences. >It is an interesting academic question, but for a businessman (absent >anti-discrimination laws) it is not very relevant. Quite. Unfortunately, the anti-discrimination laws make it hard to make use of all available data. I am not contending that businessmen should only use IQ tests... but that in almost all cases they are important as one data point that is not very expensive to gather. (For cases in which the free market is not operative (e.g., governments and monopolies), they have the additional advantage of not seeing the color of the person's skin or other information on which, for instance, an interviewer may be biased. The free market can take care of keeping businesses making rational decisions; non-market organizations are another matter.) -Allen From zerofaith at mail.geocities.com Fri Dec 13 23:36:34 1996 From: zerofaith at mail.geocities.com (Psionic Damage) Date: Fri, 13 Dec 1996 23:36:34 -0800 (PST) Subject: new homepage Message-ID: <199612140736.XAA25635@geocities.com> Check out This homepage, it's definitely under construction. www.geocities.com/SiliconValley/Heights/2608/ ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ---------------------- Zer0 Faith Inc. H/P/A/V/C UNDER-WORLD www.geocities.com/SiliconValley/Heights/2608 MEMBERZ: GATEMASTER, VIRIZZ, KRASH, EVIL TWIN, KORRUPT, PHONEHAZORD, PSIONIC DAMAGE, ORPHEUS (the pirate), MANTICORE, ERADICATOR, PSYCHODROME, BIONIC SMURF, SONIK, �ILVER KAT, kOBRA, & KRYPTIK! EMAIL:zerofaith at nlights.net (headquarterz) hakker1 at hotmail.com (Delious's Haus!) hackerz at juno.com (The Gatemaster'z palace) zerofaith at geocities.com (delivery/help/requests/suggestions) From EALLENSMITH at ocelot.Rutgers.EDU Sat Dec 14 00:02:51 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Sat, 14 Dec 1996 00:02:51 -0800 (PST) Subject: RRE: The InterNIC: a case study in bad database management Message-ID: <01ICZGWBSDU2AEL9I4@mbcl.rutgers.edu> I've dropped a note to Jonathan Kamens pointing out that InterNIC is a monopoly, and therefore has no real reason to keep up any databases that don't directly generate money. -Allen From: IN%"rre at weber.ucsd.edu" 14-DEC-1996 02:53:56.61 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, send an empty message to rre-help at weber.ucsd.edu =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Date: Fri, 13 Dec 1996 16:44:21 -0800 (PST) From: risks at csl.sri.com Subject: RISKS DIGEST 18.67 RISKS-LIST: Risks-Forum Digest Friday 13 December 1996 Volume 18 : Issue 67 ---------------------------------------------------------------------- Date: Thu, 12 Dec 1996 17:07:04 -0500 From: "Jonathan I. Kamens" Subject: The InterNIC: a case study in bad database management (This message was also sent to comp.protocols.dns.ops .) The InterNIC (http://www.internic.net) is responsible for Internet domain name service for all top-level domains, as well as for second-level domains underneath all the old ARPA domains except MIL (EDU, GOV, NET, ORG, COM). Until a few years ago, domain registration services were provided by the InterNIC for free. That changed when they convinced the NSF that its grant money wasn't enough to cover their costs, so (amid much hubbub on the Net) they started charging $50 per year for any second-level domain registration, with the first two years (i.e., $100) payable in advance. According to , the InterNIC registered 638,788 new domains between August 1993 and September 1996. If I'm doing my math right, at $100 per domain, that's almost $64 million, or over $20 million per year. I would think that with that much money, they'd be able to provide competent service to their customers. Unfortunately, my experience has been that they're simply not doing an acceptable job. Some examples: ***** * Their automated systems do not function properly. They've introduced a PGP-based system for authentication of domain contacts. In other words, they allow domain contacts to register their PGP public keys in the InterNIC public-key database, and then requests which come from those contacts will only be accepted as authentic if they are signed with the corresponding provide key. Unfortunately, this system does not always work. Recently, I submitted a series of twelve database modification requests to the InterNIC in a single day. All of them were correctly signed with my PGP key. Of the twelve requests, three were returned to me in messages beginning, "We are not able to verify the PGP signed message that you sent us." To make matters worse, for one of those three failed requests, I received a message claiming the the modifications I'd requested had been completed, two days *before* I received the message informing me that they were unable to verify my PGP signature. I have asked the InterNIC multiple times why their system randomly fails to verify valid PGP signatures. They have not responded to my inquiries. Interestingly enough, another poster to comp.protocols.dns.ops claimed that when he asked an InterNIC on the telephone about their PGP authentication system, he was told that it is not currently working. That would seem to indicate that the InterNIC is aware that there are problems with it, and yet they continue to advertise it on their Web site without any indication that it might not work for any given request. * There are some data in the database which are impossible to update using the templates they provide. One of the types of data stored in the InterNIC database is hosts; in particular, hosts which act as domain-name servers for domains registered with the InterNIC have records in the database. Host records include an organization name and address associated with the host. And yet, the template for updating host records (available at ) does not have fields in it for updating that information! I believe that there are a couple of other record types in the database which have this same problem. This organization/address data has been described to me by an InterNIC employee as an "old hold-over;" it seems that new host records do not have organization and address data, but old ones do. Nevertheless, one would think that when switching to a new format for host records, the InterNIC would have either removed the obsolete data from the old records or established a procedure for updating it. Instead, the only way to update this information electronically is to send a plain-text message to hostmaster at internic.net explaining what you're trying to do, and then hope that whoever reads your message will be competent enough to understand what you're asking for and do the update by hand. Which brings me to my next point... * When asked how to do something that is not handled automatically by their templates, their staff give incorrect answers (or simply ignore the query) more often than they give correct answers. Of the twelve requests mentioned above, six of them were handled improperly by the InterNIC staff members who processed them. Iwn several cases, I received a response instructing me to use a particular template to make the changes I had requested, when in fact those changes had nothing whatsoever to do with the template they told me to use. I finally had to escalate my requests by sending "out-of-band" E-mail to an InterNIC employee who has resolved problems of this sort for me in the past, and she was able to "bounce" my requests to a high enough level that they actually got processed. Incidentally, the InterNIC introduced one or more typographical errors into the data I sent them when processing six of my twelve requests (i.e., when they were done processing my requests, six of the twelve records I asked them to modify had one or more typographical errors in them). I suppose that sending incorrect answers is better than how things were a few months ago -- then, if you sent a request that the person who read your message did not know how to answer, he/she simply ignored it and sent no response whatsoever. * There are some data in their database which are impossible to update using their current procedures. Imagine this scenario... Joe Admin at Foo, Inc. is responsible for system administration, including DNS administration. He therefore has a contact record in the InterNIC database indicating that he works for Foo, Inc., and he is listed as a contact for various domain, network, and host records, in the InterNIC database. Now, he leaves the company and takes a new job, with no further contact with Foo, Inc. He doesn't bother to update his contact record in the InterNIC database before he leaves. Foo, Inc. would rather not let records remain in the InterNIC database claiming that Joe works for them when in fact he does not. Therefore, they want to contact the InterNIC and tell them, "Look, the information in Joe Admin's contact record which says that he for us is incorrect. You can confirm this by attempting to send E-mail to the address in the record, or by calling the phone number in the record and asking to speak to him. The person who answers will confirm that he no longer works there. Please either delete the contact record completely or remove the information in it which associates Joe Admin with Foo, Inc." Sounds reasonable, right? Well, unfortunately, the InterNIC has *no procedures whatsoever* for allowing a company to remove contact information which incorrectly lists them. I attempted to do just what I described, i.e., to get the InterNIC to remove the contact record for a former employee of OpenVision who no longer works here, and who I cannot contact to ask him to update his own record (and considering that it's not hurting him in any way, I don't see that he'd have any incentive to update it even if I could ask him to). After several rounds of E-mail with the InterNIC, they called me on the telephone to discuss what I was trying to do. Once on the phone with them, I was "bounced up" through several layers of InterNIC staff, until I was finally able to speak to a woman who was perfectly willing to admit that yes, the scenario I described was a somewhat common one, and yes, it was perfectly reasonable for a company not to want the InterNIC database to associate non-employees with the company, but no, there's no way for anyone but the owner of a contact handle to update it. "Perhaps we need to establish a procedure for that, and I'll be glad to discuss that for you with our customer service manager, but we don't have one right now," she said, and she did not offer to make an exception and handle my particular request manually without the blessing of a "procedure". Presumably, this means that I could edit my own contact handle to indicate that I work for any company that I want, and that company would have no way to get the InterNIC to remove the fraudulent information. Similarly, presumably, that means that (to be a little morbid for a moment), if someone listed in the InterNIC database dies, there's no way for anyone else to get the InterNIC to remove the deceased's record from the database. When I pressed the woman about this, she said to me, "If you're a network administrator at this company, you presumably have control over the mail server" (an assumption which is not always true, and indeed isn't true in this case; although I can ask the people who administer the mail server to make changes and hope that they'll listen, I don't have the ability to make the changes directly). "Well," she continued," if you send us a mail message which claims to be from the former employee, asking for his record to be deleted, we'll process it." "Let me get this straight," I responded. "You're telling me that I should forge E-mail to your system in order to delete this record." She confirmed that interpretation. I said, "Surely you see the absurdity of that." She responded, "Well, obviously, ideally we wouldn't want anyone forging requests to our system, but in this case, that's the only way for you to delete the record." "What if the former employee had associated a PGP key with his contact record before he left the company." "Well, in that case, you'd need his private PGP key in order to delete the record." "But surely you know that's impossible -- the whole point of PGP is that only the owner a private key has access to it. Even if I had access to the file in which it was stored, I wouldn't know the correct password to unlock it." "Well, in that case, there would be no way for you to delete the record." ***** There are a number of countries with strict laws about the collection of private information in computerized databases. Database maintainers are required to seek permission from all individuals who have data about them stored in the database, to guarantee the security of the database, and to establish working procedures for keeping the data in the databases up-to-date. The United States has few such laws (there are laws about specific types of databases, such as credit and medical records, but no laws about databases in general). Until I started dealing with the InterNIC, I didn't see much point to them. Well, I've changed my mind. the InterNIC proves rather clearly that left to their own devices, companies will not maintain databases in a responsible manner. Incidentally, nowhere on the InterNIC's WWW site can I find the address or telephone number of the governmental office which oversees their grant and handles complaints about their services. Several months ago, I sent them E-mail asking for them so that I could file a complaint, to be considered the next time their grant comes up for renewal. Like many of my other messages to them, that request was ignored. Jonathan Kamens | OpenVision Technologies, Inc. | jik at cam.ov.com ------------------------------ End of RISKS-FORUM Digest 18.67 ************************ From sandfort at crl.com Sat Dec 14 01:09:42 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sat, 14 Dec 1996 01:09:42 -0800 (PST) Subject: Wired Integrity In-Reply-To: <199612140137.RAA20020@cypherpunks.ca> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Fri, 13 Dec 1996 nobody at cypherpunks.ca wrote: > Wired should have appended a short paragraph explaining the > possible conflict of interest. I agree. It was an editorial decision, of course, but I think it would have been the best course of action. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From proff at suburbia.net Sat Dec 14 01:31:10 1996 From: proff at suburbia.net (proff at suburbia.net) Date: Sat, 14 Dec 1996 01:31:10 -0800 (PST) Subject: Race and IQ In-Reply-To: Message-ID: <19961214054348.15808.qmail@suburbia.net> > (For the curious, I am persuaded that there are minimal differences in > "intelligence" between the several or many races, but that cultural and > sociological factors strongly affect upbringing, learning, interest in > doing well in school, ability on standardized tests, success in business > matters, and so on.) > > --Tim May Just as there are differences in physical attributes between races, so to are there are differences in the brain between races, and even for genetic enclaves within races (and sexes which genetically, contain greater differences than between races). However, it has been my experience that individual differences exceed racial differences making the whole race vs. anything discussion a waste of time. i.e people should be judged as individuals not as members of one race or another, because that is where the most useful discrimination lays. The only time as-a-race attributes matter is when you are setting public policy for an-entire-race, which in my opinion should never be done. Set the rudder of your public policy by the correlation between the statistical attributes that you are trying to address, rather than what may or may not be a real correlation between those attributes and race. -Julian (proff at suburbia.net) From tank at xs4all.nl Sat Dec 14 06:34:26 1996 From: tank at xs4all.nl (tank) Date: Sat, 14 Dec 1996 06:34:26 -0800 (PST) Subject: Radikal: raid in the netherlands Message-ID: <199612141431.PAA28352@xs1.xs4all.nl> PRESS-DECLARATION 14-12-96 After the German authorities tried to force their censorship on people's thoughts and writings worldwide on the Internet, Germany now tries to prosecute a person who lives in the Netherlands for the making of the left-wing newspaper Radikal. In the morning of the 11th of December there was a houseraid in the village of Vaals (The Netherlands). In the raid ten local police-officers, a high officer from the Maastricht-court, two LKA (Landes Kriminal Ambt) German officers and two BKA (Bundes Kriminal Ambt) German officers took place. The 16 German and Dutch officers forced themselves into the house with the help of a lock specialist. The only person at home during the raid only noticed it after some time when the room next to her was already being searched. The german and dutch police refuged to explain the reason for this raid. German autorities refered to the dutch ones for explanations and the other way around. It was only after insisting that they explained the search warrant came from the german authorities in Karlsruhe. During the two hour raid two personal computers, floppy-discs, foto's, a pamflet and some Radikal stickers were seized. During this whole operation it was not clear against who or what this action was aimed and why this house was searched. It only became clear after the raid when another person came home from his work and phoned his mother in Aachen (Germany). At his mothers house there was also a house raid going on, nothing was taken there. At this house-raid six LKA officers took part and in a paper they declaired to have reasons for this raid because of evidence found in the raid in Vaals. "During the raid at the suspect's house evidence was found (...) that show the suspect (...) is using the house of his mother as well". This evidence consisted of his mother's car papers. The declaration paper alsow showed the purpose of the raid: " The search for Radikal publications, subscribers lists and financial information". The suspect is being charged with the making and distributing of the left wing newspaper Radikal. A newspaper that is forbidden only in Germany . The supposed involvement with a political magazine, forbidden in Germany, apparently is enough for the Dutch authorities to work for the German juridical apparatus. This means that the German idea of law and order concerning magazines leads to the joint persecution of a Spanish citizen living in the Netherlands. Although the magazine is entirely legal in the Netherlands. The dimension of the German-Dutch cooperation within the framework of the new "European Security Policy" is shown here in a very clear way. It shows that an attempt is made to completely redefine the persecution, across all borders, of politically unwanted people. Solidaritygroup Political Prisoners P/o box 3762 1001 AN Amsterdam The Nertherlands From tank at xs4all.nl Sat Dec 14 06:37:44 1996 From: tank at xs4all.nl (tank) Date: Sat, 14 Dec 1996 06:37:44 -0800 (PST) Subject: radikal: raid in the netherlands Message-ID: <199612141436.PAA28508@xs1.xs4all.nl> PRESS-DECLARATION 14-12-96 After the German authorities tried to force their censorship on people's thoughts and writings worldwide on the Internet, Germany now tries to prosecute a person who lives in the Netherlands for the making of the left-wing newspaper Radikal. In the morning of the 11th of December there was a houseraid in the village of Vaals (The Netherlands). In the raid ten local police-officers, a high officer from the Maastricht-court, two LKA (Landes Kriminal Ambt) German officers and two BKA (Bundes Kriminal Ambt) German officers took place. The 16 German and Dutch officers forced themselves into the house with the help of a lock specialist. The only person at home during the raid only noticed it after some time when the room next to her was already being searched. The german and dutch police refuged to explain the reason for this raid. German autorities refered to the dutch ones for explanations and the other way around. It was only after insisting that they explained the search warrant came from the german authorities in Karlsruhe. During the two hour raid two personal computers, floppy-discs, foto's, a pamflet and some Radikal stickers were seized. During this whole operation it was not clear against who or what this action was aimed and why this house was searched. It only became clear after the raid when another person came home from his work and phoned his mother in Aachen (Germany). At his mothers house there was also a house raid going on, nothing was taken there. At this house-raid six LKA officers took part and in a paper they declaired to have reasons for this raid because of evidence found in the raid in Vaals. "During the raid at the suspect's house evidence was found (...) that show the suspect (...) is using the house of his mother as well". This evidence consisted of his mother's car papers. The declaration paper alsow showed the purpose of the raid: " The search for Radikal publications, subscribers lists and financial information". The suspect is being charged with the making and distributing of the left wing newspaper Radikal. A newspaper that is forbidden only in Germany . The supposed involvement with a political magazine, forbidden in Germany, apparently is enough for the Dutch authorities to work for the German juridical apparatus. This means that the German idea of law and order concerning magazines leads to the joint persecution of a Spanish citizen living in the Netherlands. Although the magazine is entirely legal in the Netherlands. The dimension of the German-Dutch cooperation within the framework of the new "European Security Policy" is shown here in a very clear way. It shows that an attempt is made to completely redefine the persecution, across all borders, of politically unwanted people. Solidaritygroup Political Prisoners P/o box 3762 1001 AN Amsterdam The Nertherlands From deviant at pooh-corner.com Sat Dec 14 07:21:40 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sat, 14 Dec 1996 07:21:40 -0800 (PST) Subject: [No joke] The Feds may legally gas us In-Reply-To: <3.0.32.19961213231550.00698d18@netcom14.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 13 Dec 1996, Lucky Green wrote: > Folks, > Did you know that the Feds may legally test chemical and biological weapons > on the civilian population as long as they give 30 days advance notice to > the local bigwigs (so they can get themselves and their families out of the > danger zone)? > > This is not a joke. It is in the United States Code. > No, they can't. Development, testing, and use of Biological weapons is banned by the Geneva conventions (among others). International treaty outweighs USC. --Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 "Obviously, a major malfunction has occurred." -- Steve Nesbitt, voice of Mission Control, January 28, 1986, as the shuttle Challenger exploded within view of the grandstands. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMrLFxzCdEh3oIPAVAQEYrwf+PKa9YLfFauJ+iWpGFCRBgLx+Z6skpvlm 2a2YShx/mi7U6UeFav6ldb3PJ5BxjHsrQFy9Fr4Gbxnc0zbDB+3HjHzuAm0+/jLg WMCOif9PR8X8W00BuhUuOC1yvrbzvYv6tVY0LUdMhVScm8chvetUKpGxL2JmF1Hw RUVte+iU7udx4Kkn2PEPzrr3mvQBhBq3mBl3v41kdR8HzmVt+nkjPJ/ynZHr5GLn 1luhz+9uSwYxQKdthgqgKvwA4t8fr7vg7L27Rl6m0OBKVjNFU5tKQVmlfuvXYbwe CUZdy15M78I25o9+4RbeZCNUGjhvbek9GGZEELTkVxeFaNA+Yr9iOw== =DJPE -----END PGP SIGNATURE----- From ark at paranoid.convey.ru Sat Dec 14 08:13:35 1996 From: ark at paranoid.convey.ru (ArkanoiD) Date: Sat, 14 Dec 1996 08:13:35 -0800 (PST) Subject: your mail In-Reply-To: Message-ID: <199612141608.TAA03589@paranoid.convey.ru> nuqneH, > > > Hey.. is there any CoderPunks Meetings somewhere in russia? > > Michael Bravo tried to organize 2600 meetings in SPb and failed. (afaik) -- _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! From mjmiski at execpc.com Sat Dec 14 08:15:24 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Sat, 14 Dec 1996 08:15:24 -0800 (PST) Subject: Redlining Message-ID: <3.0.32.19961214101509.00690b1c@execpc.com> -----BEGIN PGP SIGNED MESSAGE----- At 09:32 AM 12/12/96 -0800, Dale Thorn wrote: >Matthew J. Miszewski wrote: >> >(Those who don't believe me should get "Love Supreme" by John Coltrane >> >and listen to it carefully about 20 times. There are layers and Just for the record, I didn't say this. I believe it was Red. The thread has become so convoluted that I am only sure it wasnt me. ;-) Matt -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMrLSibpijqL8wiT1AQHEoQP/f+G82ePBn6dlm7jgiaYZTalSm2xMAYEd S/wExEh86p0knbt4+fMmREQGR7PXyNJPyDknqSEkmyTh38QfwBwsuF20zEiUM4I2 gXR8e2zeuW1kB1L51PacusxSoAqR7FqIb2euwTlZ+K3GnZVpFPZmdZn03GaTGsvC yVfTehKEE2w= =QcKO -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Sat Dec 14 08:40:22 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 14 Dec 1996 08:40:22 -0800 (PST) Subject: Race and IQ In-Reply-To: <19961214054348.15808.qmail@suburbia.net> Message-ID: proff at suburbia.net writes: > Just as there are differences in physical attributes between races, > so to are there are differences in the brain between races, and even > for genetic enclaves within races (and sexes which genetically, > contain greater differences than between races). However, it has > been my experience that individual differences exceed racial > differences making the whole race vs. anything discussion a waste of time. > i.e people should be judged as individuals not as members of one > race or another, because that is where the most useful discrimination > lays. That's a very good point, Julian, but sometimes the circumstances force us to used "appled epistemology" in less than the ideal conditions, or sometimes we just make up cutesy hypotheticals, complete with ASCII art: 1. Suppose that you have to consider two individuals, Al and Bob, and all you're allowed to know is that Al is white and Bob is black. You must make a bet as to a) which one is smarter, b) which one is physically stronger. You can't learn any additional information about them other than the color of their skin. How do you bet? 2. Suppose that you're walking in the middle of a deserted street in the TRUCK middle of the night in an industrial neighborhood. You see a S \ / S truck coming from the other side. You also notice that there i S i are only two people around, standing on the opposite d t d sidewalks. You'll have to pass close to one of the two e P1 r P2 e people to avoid being hit by the truck. P1 and P2 look the w e w same, moderately menacing, are dressed the same, have no a e a obivious business standing here in the middle of the night, l t l but P1 is white and P2 is black. Are you going to step right k / \ k or left to yield to the truck? (Disregard the reasonable YOU assumption that P1 and P2 are working together. :-) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Dec 14 08:42:02 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 14 Dec 1996 08:42:02 -0800 (PST) Subject: Race and IQ In-Reply-To: <199612140643.WAA32553@mailmasher.com> Message-ID: nobody at huge.cajones.com (Huge Cajones Remailer) writes: > there are people who can do things like > play a drum with the left hand to 13 beats a measure and do something > like 17 beats a measure with the right hand. Those who aren't amazed > by this should try doing three beats on the left hand with two on the > right. Call me when you master it. ;-) > > If you lived in a society where this skill was considered an important > component of social success, most of us would appear to be retarded. Music is not considered important to economic suceesee in the West, so most kids with a talent for it never get to develop it (or never even get "discovered"). But "not being in the top basis point of the population" != "being retarded". Is this trait inherited? Does this trait enable the person who has it to accumulate more wordly goods and to have more children? I suspect that it does in certain societies. A drummer this good would probably be very successful economically in contemporary Western society, while in his native village his skill is wasted. It's funny how Red's been conditioned to ignore the much more obvious disparity in athletic skills. "White man can't jump." > (Consider, for example, the ancient Chinese civilization. Appointment > into the imperial bureaucracy occured only after the applicants passed > elaborate tests regarding their knowledge and interpretation of > poetry. That was the entire qualification.) Again, the racist American doesn't know much about the elaborate Chinese civil service exams, and dismisses them as "interpetation of poetry". Crypto-relevant remark: the exams were anonymous. The candidate submitted the exam paper under a motto (?). The graders were not supposed to know the identity of the candidate. > Many of the readers of this list are anarchistically inclined. When > we hear that African societies have tended to be anarchistic, we > should applaud their wisdom and insight. Perhaps these people could > teach the rest of us a few things. Most primitive societies (not only in Africa) tend to be (effectively) fascist dictatorship, where the chief's word is the law, enforced by his family members and leutenants. The chief would use this power to rob the villages of the products of their labor, to rape their women, etc, and would pass on this power to his son. The priests also had the power to rob the villages (they don't work, but they've got to eat). The shamans could declare a person a "witch"/heretic and have him/her killed. Remember, whites *bought* almost all the slaves that were brought from Africa to the New World. They didn't bring slavery to Africa. Western civilization is the only one I know that voluntarily aboloshed slavery. > few things. Is there a history of welfare states in Africa, or did > they practice voluntary anarchistic communal charity on the level of > villages?) Typically, there were slaves, and even the free villagers had the products of their labor expropriated to feed the vast bureaucracy of chiefs and priests. Also the women were treated pretty shabbily. > (Incidentally, I question the claim that African societies never > developed cities and bureacracies. The Egyptians are the most > prominent example. Mathematically adept and literate they prospered > for a couple thousand years. A better run than the Romans managed! Wrong. Egyptians' math was pretty much non-existent, compared even with their contemporary sumerians' math. You can't get very far with "Egyptian fractions". I guess Red's been going to a public school where the curriculum writers tried to raise the self-confidence of minority kids by teaching them how Egyptians invented the math that the Greeks stole from them. Sorry, your teachers have been lying to you. Egyptian civilization stopped developing the moment they created the strong government based on deification of the pharaoh. There was not a single invention, no development at all for thousands of years. Horses were introduced by Asian conquerors. The writing system got simpler. Otherwise, there was very little new at the time of Alexander the Great as compared to the first pyramids. An amazingly boring history. > We tend to think of Egyptians as being sort of like Europeans. I > believe this is because Europeans invented Egyptology. Excuse me for > pointing out the obvious, but Egypt is in Africa. What is more, if > you study Egyptian statuary, you will find many examples of distinctly > African looking royalty. Also, I know that cities like Timbuktoo were Why do some people look at the lip thickness of the statues? There are thousands of mummies to analyze. There are modern copts, the descendants of the ancient egyptians. The results of their DNA analysis didn't satisfy Red's teachers, so now they measure how thick the statues' lips are. By the way, Ethiopians and Somalians are genetically closer to Arabs and Jews than to African Americans. > centers of Muslim learning and were large enough to have streets and > houses. We may know little about them because Europeans were not > allowed to visit, and also for racist reasons.) Timbuktu had a "medrese" (a place where young people memorized verses from the Quran). There are hundreds of such medredes north of Sakhara, in Middle East, Central Asia, etc. Every Moslem town had at least one. Timbuktu was remarkable being was the only one serving the entire subsakharan region. > Scientific questions aside, it isn't clear why the racial link to > intelligence matters. What are we going to do differently if it turns > out that, on average, for genetic reasons, Albanians are less quick on > the uptake than other people? NOTHING. The individuals' dispersion from the average is so much greater that whatever difference could possibly exist between group adverages that it predicts nothing for individuals once any selection critera are invoked. Consider a basketball team whose coach refuses to accept white players because he believes that "white men can't jump". He'll miss on some excellent white players who will join the competing teams. If this team's objective is to win, then racial discriminations puts it at competetive disadvange. An h.r. person whose task is to hire a C programmer, and who refuses even to interview black candidates because he believes that an average black candidate is dumber than an average white candidate is likewise guilty of economic fallacy (and also various crimes in the U.S.) Even if it were true that the ancient Egyptians were genetically related to subsakharans, and even if they had invented all the math that we attribute to the various "Greek" mathematicians, what would that have to do to the self-esteem of today's African-Americans? > The link between intelligence and success is not at all clear. We > generally consider mathematicians and computer programmers to be > smart, but in terms of total life competence, large numbers of these > people live less than ideally. Do you have any verifiable statistics to support this claim? > The eugenicists propose murder. This doesn't make any sense at all. Now, you're lying. Certain people advocate economic insentives (paying the people believed to carry undesirable genes not to breed), sterilization (again, voluntary, in exchange for economic insentives) and better education (e.g. pregnant women over certain age are strongly encouraged to find out whether the fetus has Down's syndrome and several other common abnormalities; it's up to them to choose to abort). > Oliver Wendell Holmes, when he was a judge in Virginia, ordered the > forcible sterilization of several young women. The state would wait > until they became ill and then when they were admitted to a hospital, > they were sterilized under the guise of giving them some other > operation. > > Holmes claimed that the grandmothers of the women were imbeciles, > their mothers were imbeciles, and that they were imbeciles. His great > line was "Three generations of imbeciles are enough!" > > Curiously, it turns out that the word "imbecile" was a euphemism for > "illegitimate". I think you're referring to the 1927 _Buck v. Bell_ decision, where the Supreme Court upheld the Virginia law that mandated forced sterilization of imbeciles. Justice Oliver Wendell Holmes wrote the decision, which said: "three genereations of is enough". That was 6 years before Hitler won the elections in Germany. What evidence do you have that Justice Oliver Wendell Holmes a) was holding a second job in Virginia, b) had anything to do with the implementation of the law, c) that the young lady was not an imbecile? > Red Rackham Indeed, a typical "cypher punk". --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dthorn at gte.net Sat Dec 14 09:21:03 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 14 Dec 1996 09:21:03 -0800 (PST) Subject: Appropriate Topics for Cypherpunks In-Reply-To: <199612132256.OAA19882@mailmasher.com> Message-ID: <32B2E17E.504@gte.net> Huge Cajones Remailer wrote: > At 9:54 AM 12/13/1996, Rob Carlson wrote:[snip] > We are talking about trust models. > The reason that the Net is a fundamental threat to the established > social order is that it will probably result in a worldwide change in > trust models. For one thing, we are now learning just how venal and > corrupt the world leadership really is. At the same time, > cross-border relationships and trust are flourishing. > The rise of anonymous identities raises the question of how we can > "trust" somebody we have never met. This immediately leads to the > question of why we trust other people we haven't met, such as the > President, or scientists, or whomever. It turns out our reasons for > "trusting" these people are not as solid as some of us once believed. I'd like to take a chance on showing my ignorance, but, if I do learn to trust an anonymous source on something-or-other, and then a forger comes along and disrupts that, i.e., I can no longer tell in all cases which is the old source and which is the bogus, that's a problem. I think I could learn to trust any number of anon's, but will the future technology be able to guarantee ID's as well as, say, looking at someone's face whom I know, or talking to them on the phone? [snip] From dthorn at gte.net Sat Dec 14 09:28:20 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 14 Dec 1996 09:28:20 -0800 (PST) Subject: Race and IQ In-Reply-To: <199612140643.WAA32553@mailmasher.com> Message-ID: <32B2E339.5FE0@gte.net> Huge Cajones Remailer wrote: > At 8:30 PM 12/13/1996, Timothy C. May wrote:[snip] > Now for some entertainment. > Oliver Wendell Holmes, when he was a judge in Virginia, ordered the > forcible sterilization of several young women. The state would wait > until they became ill and then when they were admitted to a hospital, > they were sterilized under the guise of giving them some other > operation. > Holmes claimed that the grandmothers of the women were imbeciles, > their mothers were imbeciles, and that they were imbeciles. His great > line was "Three generations of imbeciles are enough!" > Curiously, it turns out that the word "imbecile" was a euphemism for > "illegitimate". I have heard that in 1800's England, there were cases of children starving to death (even on farms) where the euphemism applied was something like "apoplexy" or whatever, to suggest a disease rather than neglect. But we have some goodies here in the late 20th century too, yes? From dthorn at gte.net Sat Dec 14 09:56:44 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 14 Dec 1996 09:56:44 -0800 (PST) Subject: [No joke] The Feds may legally gas us In-Reply-To: Message-ID: <32B2E9A0.4592@gte.net> The Deviant wrote: > On Fri, 13 Dec 1996, Lucky Green wrote: > > Folks, > > Did you know that the Feds may legally test chemical and biological weapons > > on the civilian population as long as they give 30 days advance notice to > > the local bigwigs (so they can get themselves and their families out of the > > danger zone)? > > This is not a joke. It is in the United States Code. > No, they can't. Development, testing, and use of Biological weapons is > banned by the Geneva conventions (among others). International treaty > outweighs USC. They can't, but they do. The gas used at Waco was banned internationally, but Janet Reno justified it, and she just got rehired. From deviant at pooh-corner.com Sat Dec 14 10:23:57 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sat, 14 Dec 1996 10:23:57 -0800 (PST) Subject: [No joke] The Feds may legally gas us In-Reply-To: <32B2E9A0.4592@gte.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 14 Dec 1996, Dale Thorn wrote: > The Deviant wrote: > > On Fri, 13 Dec 1996, Lucky Green wrote: > > > Folks, > > > Did you know that the Feds may legally test chemical and biological weapons > > > on the civilian population as long as they give 30 days advance notice to > > > the local bigwigs (so they can get themselves and their families out of the > > > danger zone)? > > > This is not a joke. It is in the United States Code. > > > No, they can't. Development, testing, and use of Biological weapons is > > banned by the Geneva conventions (among others). International treaty > > outweighs USC. > > They can't, but they do. The gas used at Waco was banned internationally, > but Janet Reno justified it, and she just got rehired. True, but the point still stands -- They can't, legally. --Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 What does not destroy me, makes me stronger. -- Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMrLtUzCdEh3oIPAVAQGSlAf9F5sRKuqJMdFujzsf/c1dnxBbKjaDoED0 dSKCsGJmgAlpyIFNgSwlfXQV3Q9PM8nHuizb1yGmemOxE9cABQgQhGE817kdcbGH g2V9W7oXGDivK3FsNmEiCQGVuPpu+B4HiypaXaZ5OcUHr1ZXVKiMSgy8LokkdUWn z43HzQ5hKobaRmlc8x+PvCtpSAtiP0EhYBvIUN0+z3cF0IX41fIJK3UawYENskG/ 6kLdozmORTffyQOrbQ4w2IDE16lupsv5xwxYg8mH+edj4iQ74pTqmnl/KFn2vhO3 0taSu3hr6XHMlzQNp0Wa8yTbXiDVbzqdPPKCvoI5kI78W76I7UUXdA== =Jgzf -----END PGP SIGNATURE----- From ichudov at algebra.com Sat Dec 14 10:24:58 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sat, 14 Dec 1996 10:24:58 -0800 (PST) Subject: your mail In-Reply-To: <199612141608.TAA03589@paranoid.convey.ru> Message-ID: <199612141744.LAA01193@manifold.algebra.com> ArkanoiD wrote: > > nuqneH, > > > > > > > Hey.. is there any CoderPunks Meetings somewhere in russia? > > > > > Michael Bravo tried to organize 2600 meetings in SPb and failed. (afaik) > Why? - Igor. From nobody at zifi.genetics.utah.edu Sat Dec 14 10:29:08 1996 From: nobody at zifi.genetics.utah.edu (Anonymous) Date: Sat, 14 Dec 1996 10:29:08 -0800 (PST) Subject: Firewalls Message-ID: <199612141829.LAA08918@zifi.genetics.utah.edu> The only `culture' Timothy May possesses is that cultivated from his foreskin scrapings. )_( [@ @] Timothy May |/ \| \O/ From ichudov at algebra.com Sat Dec 14 10:46:42 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sat, 14 Dec 1996 10:46:42 -0800 (PST) Subject: Race and IQ In-Reply-To: Message-ID: <199612141843.MAA01741@manifold.algebra.com> Dr.Dimitri Vulis KOTM wrote: > proff at suburbia.net writes: > > Just as there are differences in physical attributes between races, > > so to are there are differences in the brain between races, and even > > for genetic enclaves within races (and sexes which genetically, > > contain greater differences than between races). However, it has > > been my experience that individual differences exceed racial > > differences making the whole race vs. anything discussion a waste of time. > > i.e people should be judged as individuals not as members of one > > race or another, because that is where the most useful discrimination > > lays. > > That's a very good point, Julian, but sometimes the circumstances force us to > used "appled epistemology" in less than the ideal conditions, or sometimes > we just make up cutesy hypotheticals, complete with ASCII art: > > 1. Suppose that you have to consider two individuals, Al and Bob, and all > you're allowed to know is that Al is white and Bob is black. You must make a > bet as to a) which one is smarter, b) which one is physically stronger. You > can't learn any additional information about them other than the color of their > skin. How do you bet? This is an unrealistic problem and a stupid situation. > 2. Suppose that you're walking in the middle of a deserted street in the > TRUCK middle of the night in an industrial neighborhood. You see a > S \ / S truck coming from the other side. You also notice that there > i S i are only two people around, standing on the opposite > d t d sidewalks. You'll have to pass close to one of the two > e P1 r P2 e people to avoid being hit by the truck. P1 and P2 look the > w e w same, moderately menacing, are dressed the same, have no > a e a obivious business standing here in the middle of the night, > l t l but P1 is white and P2 is black. Are you going to step right > k / \ k or left to yield to the truck? (Disregard the reasonable > YOU assumption that P1 and P2 are working together. :-) It was my experience that if I go by a scary-looking group of black people, look into their eyes without fear and say "hi" and go further, they would never exhibit any sign of aggressiveness. They even get surprised. This always worked for me in Russia, whenever I had to pass a group of mobsters. I think that internal motivation for aggressive people has something to do with sexual hormones and the need to subdue their victims, so nothing attracts them more than exhibition of fear. I would definitely think it is safer to actually go to the right, even if you assume that P2 has some sinister thoughts. Then again, personal experiences are not a good replacement for statistics. - Igor. From junger at pdj2-ra.F-REMOTE.CWRU.Edu Sat Dec 14 11:07:09 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Sat, 14 Dec 1996 11:07:09 -0800 (PST) Subject: ITARs effects In-Reply-To: <199612131507.KAA27336@homeport.org> Message-ID: <199612141904.OAA07254@pdj2-ra.F-REMOTE.CWRU.Edu> : This implies that putting something up for FTP == export. Holy : shit. That has always been the position of the Department of Defense Trade Controls with respect to the ITAR, the only difference is that now it is going to be in writing. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu URL: http://samsara.law.cwru.edu From markm at voicenet.com Sat Dec 14 11:43:10 1996 From: markm at voicenet.com (Mark M.) Date: Sat, 14 Dec 1996 11:43:10 -0800 (PST) Subject: Magic Numbers in MD5 In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 13 Dec 1996, Peter Hendrickson wrote: > I am curious where some of the magic numbers in MD5 originated. > > First, we have the four chaining variables, A, B, C, and D which > are initialized with apparently random numbers. Are they as > random as they look, or are they carefully chosen? Random? A = 0x01234567 B = 0x89abcdef C = 0xfedcba98 D = 0x76543210 > Second, we have the t_i values. Schneier's first edition says this: > > "In step i, t_i is the integer part of 4294967296xabs(sin(i)), when > i is in radians. (Note that 4294967296 is 2^32.)" > > Does abs(sin()) have some properties that are especially conducive to > strengthening MD5 or is it just a function to generate mildly random > numbers? If the latter, wouldn't the algorithm be stronger if it was > used with completely random numbers? I am not sure of the properties of abs(sin()). I know that the S-boxes in Blowfish are initialized with pi. I would guess that the purpose of using such values is to use easily generated pseudo-random numbers. Mark - -- finger -l for PGP key PGP encrypted mail prefered. 0xf9b22ba5 now revoked -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMrMD/SzIPc7jvyFpAQEA7gf9HAtV1Vy+3LO5OPOHyU9ZHoath32LhAwU PzODS/YJsY9fVxaMHOm15oL9D4CX2D5s/Y9cgrALG6pGzw4dBWJZJyqNAcbmsjp/ B/jNL9jXKCXg1byIzplKSjJqDypLzIPf07xTIQVCC5IDmwZ7pR5owngH9MDaE8is aFiGZvuWNm7eHQg1kJSb40xQjkwszx+SP1Gv9+fvpys5GZLCTHwPx8SCpy7PXwNp lm8fgV9mjc7wZIpw73oqPZEb7Q3VHZUOUXS2i6XNF3UVXa4aykBg5VvALPt0tuvv ah5JjA6JP4STwSCj+HrnMpQJ8SCG4U3kKb54+WOl8H6eo7ekuEU8mw== =uNLG -----END PGP SIGNATURE----- From ghio at myriad.alias.net Sat Dec 14 12:01:03 1996 From: ghio at myriad.alias.net (Matthew Ghio) Date: Sat, 14 Dec 1996 12:01:03 -0800 (PST) Subject: Secure Erase for PCs? In-Reply-To: <199612100131.RAA19898@netcom.netcom.com> Message-ID: <199612141959.OAA00409@myriad> Dale Thorn wrote: > It's a hundred times easier to do tools for the IBM PC. I make > utilities for the PC, and it would take no more than ten or fifteen > minutes to cook this one up. It took me less than ten minutes... > But nobody answered my question: Is there a shortcut way to do the > wipe, say, thirty times? Ordinarily, I'd run the program thirty > times, which would consist of a data write followed by a flush, > which would take 30x amount of time. Try this in Linux... #!/bin/csh set n=1 loop: cat /dev/urandom >/tmp/fill rm /tmp/fill @ n = $n + 1 if ( $n < 30 ) then goto loop endif From markm at voicenet.com Sat Dec 14 12:01:03 1996 From: markm at voicenet.com (Mark M.) Date: Sat, 14 Dec 1996 12:01:03 -0800 (PST) Subject: [No joke] The Feds may legally gas us In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 14 Dec 1996, The Deviant wrote: > On Fri, 13 Dec 1996, Lucky Green wrote: > > > Folks, > > Did you know that the Feds may legally test chemical and biological weapons > > on the civilian population as long as they give 30 days advance notice to > > the local bigwigs (so they can get themselves and their families out of the > > danger zone)? > > > > This is not a joke. It is in the United States Code. > > > > No, they can't. Development, testing, and use of Biological weapons is > banned by the Geneva conventions (among others). International treaty > outweighs USC. This still leaves chemical weapons. Certain chemical weapons are explicitly banned by treaties, but many of them aren't so the USG is free to test them on anyone they want. The U.S. military is also free to conduct training excercises in heavily populated civilian areas. http://www.erols.com/igoddard/copters.htm has an article about the military conducting "urban warfare" training in major U.S. cities. Mark - -- finger -l for PGP key PGP encrypted mail prefered. 0xf9b22ba5 now revoked -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMrMINyzIPc7jvyFpAQECYAgAkGTMTgdpBFR1Nd5wXhD5Xh/axCshijMz C6ff1zNRIYbepZwLVaSx/EXM0+cRiMEIYG8//gtn66+HEsxWoPHhtfl0MUNU2Szd qjB2QfnFDlVcTNkF6z2edqDatgiEy726q3Dd9iWnQ1tPZ8Qpn3KkOJe3AeNHsu93 tv1dQuNel8iMajfj7Hoes7PBrMdRkO0A5eIA7KIWOJ6aHloXijmSEo281DBgKyr4 CKDQ/rI6PX0kTY8hathDRhQfslekX7MF4DKKjpIRkZq6XfnhGeuVgusm+nrE0Ihp TqGmiCY6u9JwOsf6D23ArT5ilJND4+zVihQgHTqv6Ffbet32u4neiA== =/wQb -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Sat Dec 14 12:20:26 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 14 Dec 1996 12:20:26 -0800 (PST) Subject: Personal Reputation, was Re: Java DES breaker? In-Reply-To: Message-ID: Bill Frantz writes: > At 6:39 PM -0800 12/13/96, Dr.Dimitri Vulis KOTM wrote: > >It does. John Gilmore is a proven liar. He has no credibility. > > John will be a much later addition to my killfile than you. John Gilmore (spit) is full of shit just like his boyfriend Timmy May (fart). --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From norm at netcom.com Sat Dec 14 12:32:16 1996 From: norm at netcom.com (Norman Hardy) Date: Sat, 14 Dec 1996 12:32:16 -0800 (PST) Subject: Magic Numbers in MD5 In-Reply-To: Message-ID: At 9:15 PM -0800 12/13/96, Peter Hendrickson wrote: >I am curious where some of the magic numbers in MD5 originated. > >First, we have the four chaining variables, A, B, C, and D which >are initialized with apparently random numbers. Are they as >random as they look, or are they carefully chosen? > >Second, we have the t_i values. Schneier's first edition says this: > >"In step i, t_i is the integer part of 4294967296xabs(sin(i)), when >i is in radians. (Note that 4294967296 is 2^32.)" > >Does abs(sin()) have some properties that are especially conducive to >strengthening MD5 or is it just a function to generate mildly random >numbers? If the latter, wouldn't the algorithm be stronger if it was >used with completely random numbers? > >Peter Hendrickson >ph at netcom.com Perhaps random numbers would be stronger but they would not be manifestly random. MD5's formula for t_i precludes the possibility that the definer of MD5 chose the numbers accoriding to some undisclosed principles that would allow him a trap door. The following code computes the magic numbers without requiring trig functions: static word si[64]; static int md5init() {double c1=0.5403023058681397, s1 = 0.8414709848078965; int j; double a=1, b=0; for(j=0; j<64; ++j) {double p = a*c1 - b*s1, q = a*s1 + b*c1; a=p; b=q; {union{double d; struct{int high; int low;} fx;} z; z.d=(fabs(b)-1.1e-10)+1048576; si[j] = z.fx.low; }}} An alternative would have been to let t_i be MD4(i) or SHA(i). Using SHA to define MD5 would have required collusion between Rivest and NSA to allow for a trap door. Even then it would have been very difficult. From proff at suburbia.net Sat Dec 14 12:56:13 1996 From: proff at suburbia.net (proff at suburbia.net) Date: Sat, 14 Dec 1996 12:56:13 -0800 (PST) Subject: Secure Erase for PCs? In-Reply-To: <199612141959.OAA00409@myriad> Message-ID: <19961214205552.1079.qmail@suburbia.net> > Dale Thorn wrote: > > It's a hundred times easier to do tools for the IBM PC. I make > > utilities for the PC, and it would take no more than ten or fifteen > > minutes to cook this one up. > > It took me less than ten minutes... > > > But nobody answered my question: Is there a shortcut way to do the > > wipe, say, thirty times? Ordinarily, I'd run the program thirty > > times, which would consist of a data write followed by a flush, > > which would take 30x amount of time. > > Try this in Linux... > > #!/bin/csh > set n=1 > loop: > cat /dev/urandom >/tmp/fill + sync;df >/dev/null > rm /tmp/fill > @ n = $n + 1 > if ( $n < 30 ) then > goto loop > endif > and it just might work. From proff at suburbia.net Sat Dec 14 13:09:23 1996 From: proff at suburbia.net (proff at suburbia.net) Date: Sat, 14 Dec 1996 13:09:23 -0800 (PST) Subject: Personal Reputation, was Re: Java DES breaker? In-Reply-To: Message-ID: <19961214210859.2844.qmail@suburbia.net> > Bill Frantz writes: > > > At 6:39 PM -0800 12/13/96, Dr.Dimitri Vulis KOTM wrote: > > >It does. John Gilmore is a proven liar. He has no credibility. > > > > John will be a much later addition to my killfile than you. > > John Gilmore (spit) is full of shit just like his boyfriend Timmy May (fart). Vulis, I can't understand your need for these childish quips. They just make you look idiotic. At least have some sense of your own dignity. > > --- > > Dr.Dimitri Vulis KOTM > Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps > From dlv at bwalk.dm.com Sat Dec 14 13:20:10 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 14 Dec 1996 13:20:10 -0800 (PST) Subject: your mail In-Reply-To: <199612141744.LAA01193@manifold.algebra.com> Message-ID: ichudov at algebra.com (Igor Chudov @ home) writes: > ArkanoiD wrote: > > > > nuqneH, > > > > > Hey.. is there any CoderPunks Meetings somewhere in russia? > > > > > Michael Bravo tried to organize 2600 meetings in SPb and failed. (afaik) > > Why? Potomu, chto Sovok parhatyj. :-) The meetings consisted entirely of "stukachi". --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From wombat at mcfeely.bsfs.org Sat Dec 14 13:29:38 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Sat, 14 Dec 1996 13:29:38 -0800 (PST) Subject: Merry Christmas, HipXmas-SantaSpam! In-Reply-To: <4245141.0C0DKO@reply.net> Message-ID: and a Happy Chanukah to to Dimitri ... -r.w. On Wed, 11 Dec 1996, Santa Claus wrote: > * > * > /|\ > ///*\\\ > * * * > //\\ * //\\ > * * * * * > // \\ // \\ // \\ > S A N T A > * * * > N O R T H P O L E > | | > \____/ > > > Wherever you go, whatever you do, > Remember that Santa is always with you. > I live in your heart, I dance in your soul, > I show you what love is, and good things to know. > > The Spirit of Christmas spreads all through the land, > With joy and the giving of gifts you should have. > But gifts are just one thing to give and to get -- > We wish you much more, far more than that. > > My elves send you pride in whatever you do, > My reindeer give strength on days you feel blue, > My wife, Mrs. Claus, grants wisdom and grace, > Belief in yourself and all you create. > > And me, what do I give? Is there much more? > Plenty and plenty you won't find in stores. > I give you the knowledge that you can do more > Than you ever knew -- of that be quite sure. > > My sleigh's packed with toys, my list sweeps the floor, > A cup of hot cocoa and I'm out the door. > Just gaze high in the sky where Peace always soars, > And you live in my heart as I live in yours. > > * > * * > * * * > M e r r y > C h r i s t m a s > * * > S a n t a C l a u s > > > --------- > This santa poem was sent to you from a person who visited > the ReplyNet site (www.reply.net) and entered your name > and address on our Santa page. Your e-mail address is > NOT being collected. > From dlv at bwalk.dm.com Sat Dec 14 13:30:24 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 14 Dec 1996 13:30:24 -0800 (PST) Subject: Personal Reputation, was Re: Java DES breaker? In-Reply-To: <19961214210859.2844.qmail@suburbia.net> Message-ID: <8q4XyD200w165w@bwalk.dm.com> Julian writes: > > Bill Frantz writes: > > > > > At 6:39 PM -0800 12/13/96, Dr.Dimitri Vulis KOTM wrote: > > > >It does. John Gilmore is a proven liar. He has no credibility. > > > > > > John will be a much later addition to my killfile than you. > > > > John Gilmore (spit) is full of shit just like his boyfriend Timmy May (fart) > > Vulis, I can't understand your need for these childish quips. They just make > you look idiotic. At least have some sense of your own dignity. John Gilmore is a crook and a liar. He has no credibility and no dignity. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From sunder at brainlink.com Sat Dec 14 15:21:56 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Sat, 14 Dec 1996 15:21:56 -0800 (PST) Subject: Java DES breaker? In-Reply-To: <9yVuyD159w165w@bwalk.dm.com> Message-ID: On Thu, 12 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > > While ActiveX does support hand optmized assembler, there are Java > > JustInTime compilers which take JVM bytecodes and turn'em into raw > > assembler. They aren't hand optimized, they are natively compiled code, > > but they are native code non the less. A good optimizing compiler may > > I've seen many Forth implementations, including pseudo-compilers similar > to what you describe. They sure generated a lot of instructions and an > occasional speed improvement over a simple-minded interpreter. Forth!=Java. Test it before you speak. > Can it go out on the web and talk to arbitrary servers? Sure it can, you just have to let your server act as a proxy and do a bit of work. An applet snarfed over the net can only talk to the server. But the server can talk to other servers. > Can it work with local files? Not as an applet, but as an application, sure. Also why would you want a DES breaker to put stuff on the client's hard drive? It's far better in terms of security - both for the client and for the server to store'em on the server. In other words, you can't be lazy. You have to write a good server that will handle some of the legwork, but leave the DES to the client. > Where did the 10-25% figure come from? Like I said - try it. > Of course, Ray works for Earthweb, who has a "special partnership" with > SunSoft, and gets paid to badmouth competing products and push Java when > it's clearly inappropriate. Or maybe Ray knows what he's talking about BECAUSE of that same implication. :) As for inappropriate, ActiveX is inappropriate for most uses - any web page attachable code that when downloaded and executed can format your hard drive is inappropriate. Regardless of performance. Until Microsoft secures ActiveX in it's own sandbox and doesn't allow it to access things it shouldn't, it's not cool. Anyhow, I will drop this topic here since it's becoming an ActiveX vs Java religious crusade and is inappropriate. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From adam at homeport.org Sat Dec 14 16:14:19 1996 From: adam at homeport.org (Adam Shostack) Date: Sat, 14 Dec 1996 16:14:19 -0800 (PST) Subject: ITARs effects In-Reply-To: <199612141904.OAA07254@pdj2-ra.F-REMOTE.CWRU.Edu> Message-ID: <199612150010.TAA02707@homeport.org> Peter D. Junger wrote: | | : This implies that putting something up for FTP == export. Holy | : shit. | | That has always been the position of the Department of Defense Trade | Controls with respect to the ITAR, the only difference is that now | it is going to be in writing. My understanding is that they choose not to continue per^H^Hrosecuting Phil for putting the code up for FTP. Thus, this is a change. Or did Phil not put the code up for FTP? Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From erp at digiforest.com Sat Dec 14 16:55:27 1996 From: erp at digiforest.com (Erp) Date: Sat, 14 Dec 1996 16:55:27 -0800 (PST) Subject: Merry Christmas, HipXmas-SantaSpam! In-Reply-To: Message-ID: Fucking Christians... --- Can't live without getting religious spam mail and being told why I should be there religion and not mine.. Bah.. And yes I know this message wasn't a pressure message.. It was just one of those straws that made me go bleh, time to say something.. On Sat, 14 Dec 1996, Rabid Wombat wrote: > > > and a Happy Chanukah to to Dimitri ... > > -r.w. > > On Wed, 11 Dec 1996, Santa Claus wrote: > > > * > > * > > /|\ > > ///*\\\ > > * * * > > //\\ * //\\ > > * * * * * > > // \\ // \\ // \\ > > S A N T A > > * * * > > N O R T H P O L E > > | | > > \____/ > > > > > > Wherever you go, whatever you do, > > Remember that Santa is always with you. > > I live in your heart, I dance in your soul, > > I show you what love is, and good things to know. > > > > The Spirit of Christmas spreads all through the land, > > With joy and the giving of gifts you should have. > > But gifts are just one thing to give and to get -- > > We wish you much more, far more than that. > > > > My elves send you pride in whatever you do, > > My reindeer give strength on days you feel blue, > > My wife, Mrs. Claus, grants wisdom and grace, > > Belief in yourself and all you create. > > > > And me, what do I give? Is there much more? > > Plenty and plenty you won't find in stores. > > I give you the knowledge that you can do more > > Than you ever knew -- of that be quite sure. > > > > My sleigh's packed with toys, my list sweeps the floor, > > A cup of hot cocoa and I'm out the door. > > Just gaze high in the sky where Peace always soars, > > And you live in my heart as I live in yours. > > > > * > > * * > > * * * > > M e r r y > > C h r i s t m a s > > * * > > S a n t a C l a u s > > > > > > --------- > > This santa poem was sent to you from a person who visited > > the ReplyNet site (www.reply.net) and entered your name > > and address on our Santa page. Your e-mail address is > > NOT being collected. > > > From dlv at bwalk.dm.com Sat Dec 14 17:20:30 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 14 Dec 1996 17:20:30 -0800 (PST) Subject: Merry Christmas, HipXmas-SantaSpam! In-Reply-To: Message-ID: Rabid Wombat writes: > > and a Happy Chanukah to to Dimitri ... > Thank you, Womb [aren't you afraid that Timmy May will mailbomb you for insufficient anti-Semitism unbecoming a "cypher punk"], and a joyous Kwanza to Red Rackham, and a spermy holiday to John Gilmore (swallow, don't spit). *=============================================================================* | | | ***** | | *** | | **** * | | * ** | | * * * * *** | | * * *** ** ** *** | | **** *** **** * * * * * | | * *** * * * * * * | | * *** * * * * *** | | * * * * * * * *** | | * * * ** ** * * *** | | * * **** *** * * * * *** | | * * *** * * * * * * * 1 999 999 777 | | * * * * * * ** * 1 9 9 9 9 7 | | ****** * * *** 1 999 999 7 | | * * *** 1 9 9 7 | | * * 1 999 999 7 | | | |*****************************************************************************| *%\@/*%$%*\@/*%$%*\@/*%$%*\@/*%$%*\^/*%$%*\@/*%$%*\@/*%$%*\@/*%$%*\@/*%* * X ! X ! X ! X ! . ! X ! X ! X ! X * * O O O O .|. O O O O * * -*- * * Athbhliain Faoi Mhaise! '|` _ Happy New Year! * * Frohliche Weihnachten! *:* ("D Chag Sameach! * * Sarbatori Fericite! * . * ~(=r Boas Festas! * * Joyous Solstice! ** ** .../__\ Gut Yontif! * * Mele Kurisumasu! *** o *** [MJ] Iyi YIllar! * * Mele Kalikimaka! *\ O * Wesolych Swiat! * * Merry Christmas! ** \\ ** Velelykh Svyat! * * Happy Hanukkah! *** \\ *** Stastny Novy Rok! * * Pari Dzounount! * o \\ * Kelemes Unnepeket! * * Happy Holidays! ** O \\** Season's Greetings! * * Veseli Vanoce! ***\\ o \*** Gung Hay Fat Choy! * * Feliz Navidad! * \\ o * Felican Jarfinon! * * Joyeux Noel! ** o \\ O ** Joy to the World * * Bom Natal! **** \\ o **** - And to All a * * God Jul! ** o o \\ o ** Good Night! * * Cheers! *** O \\ *** * * *:D o_ ***************************** e@@@@@@@@@@@@@@@ * _ <' )~ ___ ##### _v_ @@@"""""""""""""* * /<~ ["""] V o [___] _ at _ #####__|~|_ A @" ___ ___________ * %'= @|HHH|[~] U |\ /|/^^^\##[{}{}{}{](") ! II__[w] | [i] [z] | * %' ) /%|HHH||$|/V\|XXX|~~~~~##[}{}{}{}](:)<*> {======|_|~~~~~~~~~| * %(__6 |==D|HHH||$|\^/|/ \|=====##[{}{}{}{](:) V /oO--000'"`-OO---OO-' ************************************************************************ From rah at shipwright.com Sat Dec 14 17:23:36 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 14 Dec 1996 17:23:36 -0800 (PST) Subject: ITARs effects In-Reply-To: <199612141904.OAA07254@pdj2-ra.F-REMOTE.CWRU.Edu> Message-ID: At 7:09 pm -0500 12/14/96, Adam Shostack wrote: > My understanding is that they choose not to continue >per^H^Hrosecuting Phil for putting the code up for FTP. Thus, this is >a change. Or did Phil not put the code up for FTP? Actually, it's my understanding that PRZ didn't do it personally. Someone else got the code from Phil and put it on the net. Phil had nothing to do with it. Except for writing PGP, of course. :-). Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/ From jya at pipeline.com Sat Dec 14 17:45:22 1996 From: jya at pipeline.com (John Young) Date: Sat, 14 Dec 1996 17:45:22 -0800 (PST) Subject: ITARs effects Message-ID: <1.5.4.32.19961215014204.00679fac@pop.pipeline.com> Adam Shostack wrote: >Peter D. Junger wrote: >| That has always been the position of the Department of Defense Trade >| Controls with respect to the ITAR, the only difference is that now >| it is going to be in writing. > >My understanding is that they choose not to continue >prosecuting Phil for putting the code up for FTP. Thus, this is >a change. Or did Phil not put the code up for FTP? --------- What was never certain in Phil's case, I believe, is how the code got out of the US. Whether it was deliberately sent outside the US by someone, or just made available on a US site which was accessible from outside the US. The TIA lawyer who wrote me about TR453 indicated that there has been legal dispute about whether mere placement of ITAR-regulated code on a US site, accessible from outside the US, means that the code has been exported by the person placing it there (as I did with the CAVE code on an AOL server in Virginia), or whether the export is done by an accessor who is usually not be subject to US law. The new regs intend to close that loophole, as Peter Junger states, and as the TIA lawyer also indicated, that is, to codify the illegality of putting such code on a site accessible from "outside" the US, or by a "non-US person" inside the US. Heretofore, regulation has been by jaw-boning (as the TIA lawyer jaw-boned me about copyright villation of the uncopyrighted TR453). This is the point about two definitions of geography in conflict -- physical and electronic -- and how state-oriented law is attempting to assert control of the cyber-dissolving national borders. Similar to the struggle over electronic dissolution of intellectual property. As a speaker noted in a recent Congressional crypto hearing: government- aggressive law of cyberspace aims to define a nation's borders well beyond physical territory. As similarly argued against allowing "non-US persons" to study regulated crypto in Professor Junger's class. As others have noted here, other loopholes of by electronic reality are being closed by the new regs, even if First Amendment transgression follows. But I'm not sure that the lawyers are not condemned to trail the leading edge of technology, as ever -- in crypto-munitions as in First Amendment and intellectual property betrayals, misrepresentations and rear guard actions. Reading the new crypto export regs and comparing them to earlier incarnations is instructive. Observe those insertions of bits and bytes of contortinate intellectual labor -- never quite able to get the legilation to fit all the looming permutations of technology -- unable, that is, to stitch the wounds of the stumbling, flailing superpower, unsure where the foe is located who is mortally undermining faith in the physical prowess of the keepers of the privileges. Those vaunted inside secrets of nuclear-munitioned cops don't sell so well these days when the donut-dippers cannot be sure how to distinguish insiders from outsiders, and whose really in control of the armaments keys of keys. Whole lot of shifting of alliances going on, from State to Commerce, or so I read in the quagmire regs. From mwohler at ix.netcom.com Sat Dec 14 17:55:41 1996 From: mwohler at ix.netcom.com (Marc J. Wohler) Date: Sat, 14 Dec 1996 17:55:41 -0800 (PST) Subject: NYC Area Cypherpunks meeting Message-ID: <3.0.32.19961214204533.006bb744@popd.ix.netcom.com> -----BEGIN PGP SIGNED MESSAGE----- The NewYork City area Cypherpunks will meet on the UpperWest Side of Manhattan. Date: Thursday 12/19/96 Time: 7:30 PM Place: The Club. Park Royal Hotel, 23 West 73rd Street. Between Columbus & Amsterdam Avenue. Subway stops: 72nd & Broadway #1 #9 #2 #3 (express stop) 72nd & Central Park West A or D trains Refreshments: BYOB & snacks. We can order out for dinner. All our welcome but please email me your intention to attend (if you have not already done so.) Marc -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMqsDk2eikzgqLB7pAQHxFgP9FbdXYo4qiubH9zBFW+CdQb5LZVxKAhWB EwfV+2EquVT94dokYMN9P0n26ZIozJejpXf44QLLgNPvWHqHB8Wult/U7zyVeVid 1YVRftVFnxPlBjkabH5yGR8efP7L2i5Ynh5X8I0jFy9G8Wfilxsg8QT8r+eYtDWB g/b4Wpr0/0w= =CIyV -----END PGP SIGNATURE----- From tcmay at got.net Sat Dec 14 17:56:36 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 14 Dec 1996 17:56:36 -0800 (PST) Subject: ITARs effects In-Reply-To: <199612141904.OAA07254@pdj2-ra.F-REMOTE.CWRU.Edu> Message-ID: At 7:09 PM -0500 12/14/96, Adam Shostack wrote: >Peter D. Junger wrote: >| >| : This implies that putting something up for FTP == export. Holy >| : shit. >| >| That has always been the position of the Department of Defense Trade >| Controls with respect to the ITAR, the only difference is that now >| it is going to be in writing. > > My understanding is that they choose not to continue >per^H^Hrosecuting Phil for putting the code up for FTP. Thus, this is >a change. Or did Phil not put the code up for FTP? I certainly can't speak for Phil, but according to everything I have heard, and according to several articles that have been written about the events surrounding the release of PGP 1.0, Phil most definitely DID NOT place the PGP 1.0 software on any kind of ftp site. (I believe that at that time, circa 1991, Phil did not even have any kind of ISP or university Internet access which would have even made this possible for him. In fact, I believe it was not until around 1993 that he had a stable e-mail account.) As to who, if anybody, placed PGP 1.0 on an ftp site, I suggest folks read some of the articles about how the software was uploaded to bulletin boards. The evidence is strong that it was NOT Phil who did this, though of course the software at some point got from Phil to whomover it was who did place the software on bulletin boards (and ultimately onto ftp sites). (Note that it was primarily PGP 1.0 which was the subject of the government's investigations. PGP 2.0 and later releases were handled in a different way.) I hope I have not mangled any of the history. These events have been reported in many articles on PGP and the Zimmermann Affair, including a long article by Jim Warren on whom--he claims--actually DID place PGP on publically-accessible sites. See those articles for more details. It seems likely to me that the new laws, pointed out to us by Lucky, would make a much wider range of things illegal, and that the mere appearance of some software on a foreign site could be construed as ipso facto proof that due care was not taken ("you let it leak out"). But this was not the law in 1991, nor is it the law yet. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ravage at einstein.ssz.com Sat Dec 14 18:35:29 1996 From: ravage at einstein.ssz.com (Jim Choate) Date: Sat, 14 Dec 1996 18:35:29 -0800 (PST) Subject: ITARs effects (fwd) Message-ID: <199612150254.UAA02959@einstein> Hi all, Forwarded message: > Date: Sat, 14 Dec 1996 18:02:49 -0800 > From: "Timothy C. May" > Subject: Re: ITARs effects > > I certainly can't speak for Phil, but according to everything I have heard, > and according to several articles that have been written about the events > surrounding the release of PGP 1.0, Phil most definitely DID NOT place the > PGP 1.0 software on any kind of ftp site. > > (I believe that at that time, circa 1991, Phil did not even have any kind > of ISP or university Internet access which would have even made this > possible for him. In fact, I believe it was not until around 1993 that he > had a stable e-mail account.) I believe the first site to carry PGP 1.0 was Adelante BBS in Colorado where Phil was living at the time. I was a user of that site when 1.0 was put online and made publicaly available. I still have the Amiga disk those files were d/l'ed on. Somebody should ask Phil if he put v1.0 on any sites prior to Adelante. Jim Choate CyberTects ravage at ssz.com Best wishes and happy holidays to you all. From dlv at bwalk.dm.com Sat Dec 14 18:40:22 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 14 Dec 1996 18:40:22 -0800 (PST) Subject: Java DES breaker? In-Reply-To: Message-ID: <2RHyyD6w165w@bwalk.dm.com> Ray Arachelian writes: > > > While ActiveX does support hand optmized assembler, there are Java > > > JustInTime compilers which take JVM bytecodes and turn'em into raw > > > assembler. They aren't hand optimized, they are natively compiled code, > > > but they are native code non the less. A good optimizing compiler may > > > > I've seen many Forth implementations, including pseudo-compilers similar > > to what you describe. They sure generated a lot of instructions and an > > occasional speed improvement over a simple-minded interpreter. > > Forth!=Java. Test it before you speak. Forth is close enough to Java to suffer from the same problem: the hacks you describe don't know when they look at your bytecode what a C compiler knows when it looks at a C program. They emit native machine language instructions that emulate the Java machine at run time and repeatedly resolve the references that a C compiler has resolved once at compile time. > > Of course, Ray works for Earthweb, who has a "special partnership" with > > SunSoft, and gets paid to badmouth competing products and push Java when > > it's clearly inappropriate. > > Or maybe Ray knows what he's talking about BECAUSE of that same > implication. :) As for inappropriate, ActiveX is inappropriate for most > uses - any web page attachable code that when downloaded and executed can > format your hard drive is inappropriate. Regardless of performance. > > Until Microsoft secures ActiveX in it's own sandbox and doesn't allow it > to access things it shouldn't, it's not cool. > > Anyhow, I will drop this topic here since it's becoming an ActiveX vs > Java religious crusade and is inappropriate. The great Russian-Scottish poet Mikhail Yur'evich Lermotov said the following about the likes of Ray "Arsen" Arachelian: "Ty trus, ty rab, ry armyanin." --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From junger at pdj2-ra.F-REMOTE.CWRU.Edu Sat Dec 14 18:45:58 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Sat, 14 Dec 1996 18:45:58 -0800 (PST) Subject: ITAR -> EAR; loss of First Amendment Rights. In-Reply-To: <199612131951.LAA03511@toad.com> Message-ID: <199612150243.VAA09651@pdj2-ra.F-REMOTE.CWRU.Edu> "Peter Trei" writes: : It appears that we will now have the unique : situation that a book which contains cryptographic : info or source code will be illegal to export or : sell to a non-citizen, without getting export permission. : : I am not aware of any prior time when the government : attempted to claim that printed material, freely : available in bookstores and newsstands to US citizens, : became contraband when sold or given to a non-citizen. A literal reading of the ITAR's provisions relating to cryptography leads to exactly that result. And there have been strong suggestions that that is the intended result in some of the statements made by representatives of the State Department. If you are interested in this you might look into MIT's experiences when they published the book with the PGP source code. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu URL: http://samsara.law.cwru.edu From junger at pdj2-ra.F-REMOTE.CWRU.Edu Sat Dec 14 18:57:09 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Sat, 14 Dec 1996 18:57:09 -0800 (PST) Subject: ITARs effects In-Reply-To: <199612150010.TAA02707@homeport.org> Message-ID: <199612150254.VAA09810@pdj2-ra.F-REMOTE.CWRU.Edu> Adam Shostack writes: : Peter D. Junger wrote: : | : | : This implies that putting something up for FTP == export. Holy : | : shit. : | : | That has always been the position of the Department of Defense Trade : | Controls with respect to the ITAR, the only difference is that now : | it is going to be in writing. : : My understanding is that they choose not to continue : per^H^Hrosecuting Phil for putting the code up for FTP. Thus, this is : a change. Or did Phil not put the code up for FTP? Phil probably did not put up the code, but that is not the point. They held his feet over the fire for three years and then, as the statute of limitations ran out, dropped the case---perhaps because they could not prove that Phil made the code available, perhaps because they did not want to subject their position to judicial review, probably for a combination of those reasons. But that in no way amounted to a change in what they claim. In my case the government's lawyer has made it quite clear that they would consider putting cryptographic software on a web site as a violation, and I don't think that for this purpose there is any distinction either in the government's mind or in reality between an FTP site and a web site. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu URL: http://samsara.law.cwru.edu From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:34:58 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:34:58 -0800 (PST) Subject: Chek it out Message-ID: <199612150433.WAA02069@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:35:02 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:35:02 -0800 (PST) Subject: Chek it out Message-ID: <199612150433.WAA02074@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:35:14 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:35:14 -0800 (PST) Subject: Chek it out Message-ID: <199612150433.WAA02080@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:35:17 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:35:17 -0800 (PST) Subject: Chek it out Message-ID: <199612150433.WAA02084@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:35:21 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:35:21 -0800 (PST) Subject: Chek it out Message-ID: <199612150433.WAA02094@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:35:25 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:35:25 -0800 (PST) Subject: Chek it out Message-ID: <199612150434.WAA02099@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:35:28 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:35:28 -0800 (PST) Subject: Chek it out Message-ID: <199612150434.WAA02109@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:35:39 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:35:39 -0800 (PST) Subject: Chek it out Message-ID: <199612150434.WAA02114@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:35:50 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:35:50 -0800 (PST) Subject: Chek it out Message-ID: <199612150434.WAA02127@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:35:59 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:35:59 -0800 (PST) Subject: Chek it out Message-ID: <199612150434.WAA02130@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:36:07 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:36:07 -0800 (PST) Subject: Chek it out Message-ID: <199612150434.WAA02138@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:36:17 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:36:17 -0800 (PST) Subject: Chek it out Message-ID: <199612150434.WAA02157@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:36:20 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:36:20 -0800 (PST) Subject: Chek it out Message-ID: <199612150434.WAA02162@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:36:28 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:36:28 -0800 (PST) Subject: Chek it out Message-ID: <199612150434.WAA02173@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:36:30 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:36:30 -0800 (PST) Subject: Chek it out Message-ID: <199612150434.WAA02177@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:36:31 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:36:31 -0800 (PST) Subject: Chek it out Message-ID: <199612150434.WAA02183@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:36:33 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:36:33 -0800 (PST) Subject: Chek it out Message-ID: <199612150434.WAA02196@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:36:35 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:36:35 -0800 (PST) Subject: Chek it out Message-ID: <199612150435.WAA02234@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:36:37 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:36:37 -0800 (PST) Subject: Chek it out Message-ID: <199612150435.WAA02245@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:36:41 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:36:41 -0800 (PST) Subject: Chek it out Message-ID: <199612150433.WAA02065@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:37:12 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:37:12 -0800 (PST) Subject: Chek it out Message-ID: <199612150434.WAA02105@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:37:56 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:37:56 -0800 (PST) Subject: Chek it out Message-ID: <199612150434.WAA02149@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:38:00 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:38:00 -0800 (PST) Subject: Chek it out Message-ID: <199612150434.WAA02166@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:38:12 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:38:12 -0800 (PST) Subject: Chek it out Message-ID: <199612150435.WAA02230@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:38:18 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:38:18 -0800 (PST) Subject: Chek it out Message-ID: <199612150435.WAA02248@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:39:38 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:39:38 -0800 (PST) Subject: Chek it out Message-ID: <199612150434.WAA02134@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 20:40:00 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 20:40:00 -0800 (PST) Subject: Chek it out Message-ID: <199612150435.WAA02239@unix.newnorth.net> www.geocities.com/SiliconValley/Heights/2608 It's Kool, but still under construction. From ichudov at algebra.com Sat Dec 14 21:09:49 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sat, 14 Dec 1996 21:09:49 -0800 (PST) Subject: Java DES breaker? In-Reply-To: Message-ID: <199612150049.SAA00282@manifold.algebra.com> Ray Arachelian wrote: > > Until Microsoft secures ActiveX in it's own sandbox and doesn't allow it > to access things it shouldn't, it's not cool. > I do not understand how one can secure ActiveX. - Igor. From dthorn at gte.net Sat Dec 14 22:04:27 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 14 Dec 1996 22:04:27 -0800 (PST) Subject: ASM vs portable code [WAS: Re: Java DES breaker?] In-Reply-To: <199612131459.GAA06660@cygnus.com> Message-ID: <32B38C8E.484C@gte.net> Peter Trei wrote: > Ray Arachelian wrote: > > On Wed, 11 Dec 1996, Dr.Dimitri Vulis KOTM wrote:[snip] > For this test, I modified the code to cut out the delays associated > with incrementing the key schedule, leaving the most of the > crunching in the DES decryption. Both versions were compiled > under Visual C++ 4.0, with Optimizations set to 'Maximize speed', > and inlines to 'any suitable', and run on a 90MHz Digital > Celebris 590 under WinNT 3.51. > Averaging several runs: > "C": 102,300 crypts/sec > ASM: 238,000 crypts/sec I remember sitting down with some ASM programmers in the mid 1980's (using x86 PCs), and at that time, looking at the Codeview tracings, it occurred to me that ASM would nearly always run 2x faster than 'C', something that is inherent in the processes. Someone on this list should know if it is possible to maximize speed in a typical 'C' routine, using Register variables (particularly for loops), inlining everything possible, etc., to get executable code much closer than a factor of 2x difference. Can it be done on a PC, and how hard would it be to explain, to cover a representative variety of techniques? [snip remainder] From dthorn at gte.net Sat Dec 14 22:05:00 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 14 Dec 1996 22:05:00 -0800 (PST) Subject: In Defense of Anecdotal Evidence In-Reply-To: <199612131649.JAA24217@mail.xmission.com> Message-ID: <32B3923E.6268@gte.net> Rob Carlson wrote: > On Thu, 12 Dec 1996 14:12:23 -0800, Huge Cajones Remailer wrote: > >Statistics are a useful tool, but they have their problems. Their > >accuracy is often in doubt. Most scientific data comes with an error > >analysis so you can tell what the figure means. For some reason > >statisticians never do this so we cannot tell whether their numbers > >are accurate to within 0.1%, 1.0%, 10%, or even worse.[snip] > Of course, anecdotal evidence also suffers from all of these problems. And > in greater magnitude. This is true since it is a special case of statistical > evidence. With a non-random sample set of one and no controls for observer bias. > Humans are poor observers. The data processing unit is easily fooled. Many > people make a living off of this fallability such as magicians and politicians. > This doesn't make studies or statistical evidence true. Just more reliable than > anecdotal evidence. Yes and no. Depends on the objective. If I had to purchase and install a new server for my employer, and not being an expert in security myself, I would (barring having a very trusted friend for advice) certainly be inclined to trust the published reports more than anecdotes, even when the anecdotes come from erstwhile reputable posters on these lists. OTOH, if I were about to hire an employee to do that very job (and other similar jobs as time goes on), I would be much more inclined to trust my instincts, my perceptions during the interview(s), and specific data handcarried in by the prospective hiree than any published statistics or recommendations in hiring methodology that are generally used in large-corporation hiring. Perhaps even this last paragraph wouldn't apply if I were a large-corpor- ation personnel recruiter, since in that case I'd not only be further removed from the IS dept., but I'd be representing people with agendas that aren't necessarily similar to what I deal with in the small company I work in now. From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:12:02 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:12:02 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150213.VAA07590@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:12:05 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:12:05 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150213.VAA07596@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:12:10 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:12:10 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150213.VAA07599@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:12:13 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:12:13 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150213.VAA07609@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:12:17 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:12:17 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150214.VAA07612@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:12:20 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:12:20 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150214.VAA07615@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:12:25 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:12:25 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150214.VAA07618@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:12:30 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:12:30 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150214.VAA07621@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:12:46 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:12:46 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150214.VAA07629@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:12:52 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:12:52 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150214.VAA07636@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:13:05 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:13:05 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150214.VAA07644@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:13:16 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:13:16 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150215.VAA07650@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:13:26 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:13:26 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150215.VAA07653@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:13:28 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:13:28 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150215.VAA07656@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:13:32 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:13:32 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150215.VAA07659@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:13:47 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:13:47 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150213.VAA07593@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:13:50 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:13:50 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150215.VAA07662@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:13:57 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:13:57 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150213.VAA07605@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:14:14 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:14:14 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150215.VAA07666@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:14:27 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:14:27 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150216.VAA07669@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:14:43 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:14:43 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150216.VAA07672@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:14:52 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:14:52 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150216.VAA07675@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:14:54 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:14:54 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150216.VAA07678@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:15:09 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:15:09 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150216.VAA07681@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:15:18 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:15:18 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150217.VAA07684@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:15:36 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:15:36 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150217.VAA07688@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:15:41 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:15:41 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150213.VAA07602@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:15:42 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:15:42 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150217.VAA07692@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:15:48 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:15:48 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150217.VAA07699@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:15:52 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:15:52 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150217.VAA07702@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:15:55 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:15:55 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150217.VAA07705@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:15:57 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:15:57 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150217.VAA07708@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:16:23 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:16:23 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150217.VAA07711@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:16:28 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:16:28 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150218.VAA07718@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:16:42 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:16:42 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150218.VAA07721@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:16:49 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:16:49 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150218.VAA07724@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:16:56 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:16:56 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150218.VAA07727@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:17:02 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:17:02 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150218.VAA07731@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:17:12 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:17:12 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150218.VAA07734@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:17:19 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:17:19 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150218.VAA07738@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From Zer0.Faith.Inc. at website.chek.it.out Sat Dec 14 22:18:22 1996 From: Zer0.Faith.Inc. at website.chek.it.out (Zer0.Faith.Inc. at website.chek.it.out) Date: Sat, 14 Dec 1996 22:18:22 -0800 (PST) Subject: www.geocities.com/SiliconValley/Heights/2608 Message-ID: <199612150217.VAA07715@cps1.starwell.com> www.geocities.com/SiliconValley/Heights/2608 www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.co m/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/H eights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www. geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/Sil iconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Height s/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geoci ties.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconV alley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/260 8www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.c om/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/ Heights/2608www.geocities.com/SiliconValley/Heights/2608www.geocities.com/SiliconValley/Heights/2608 From shamrock at netcom.com Sat Dec 14 22:20:30 1996 From: shamrock at netcom.com (Lucky Green) Date: Sat, 14 Dec 1996 22:20:30 -0800 (PST) Subject: [No joke] The Feds may legally gas us Message-ID: <3.0.32.19961214221317.00683ea0@netcom14.netcom.com> At 06:09 PM 12/14/96 +0000, The Deviant wrote: >True, but the point still stands -- They can't, legally. I am not certain that the chemical weapons prohibitions apply to a country's own civilians. IANAL. -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://ourworld.compuserve.com/homepages/justforfun/prime.htm From dthorn at gte.net Sat Dec 14 22:22:00 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 14 Dec 1996 22:22:00 -0800 (PST) Subject: Secure Erase for PCs? In-Reply-To: Message-ID: <32B39864.608E@gte.net> Steve Schear wrote: > >Steve Schear wrote:[snip] > >I've been watching for a lot of years, and I'm sick of those bastards > >at Apple. Those scumbags not only make a flimsy and unreliable computer, > >they won't repair the machine either. Too bad Ted Kazynski(sp?) didn't > >have a grudge against Apple, the scumbag creeps. > I'm sorry your ownership experience hasn't been pleasant. I've owned six > and installed a hundred or so as a consultant (along with many Wintel > systems) with great reliability. Only one of the machines I know of has > needed service, and this because it was operated in a dirty shop-floor > environment w/o an enclosure or even periodic internal cleaning. Since > I've not had to have one repaired under warranty I can't vouch for their > committment to good service. I'm puzzeled at your reaction. I hope you don't mind my adding this to the list, but since I posted something very pertinent several days ago and got *no* reaction, and since it was something very significant, I wanna try it one more time: This experience on your part, of installing 100-plus Macs with only one needing service, is beyond amazing. Most computer people will readily admit that HP (for example) is the best, reliability-wise, yet I have purchased quite a few of their computers and major peripherals over the past 20 years, and I have experienced an approximate 40% (!) defective rate during the one-year warranty period, more than 30% falling within the first three months. As to why I still use their stuff - it's because the others are worse, a fact which is almost universally agreed on. How can this possibly be, you ask? Could it be really bad luck? No. Could it be mishandling? No. For a reality check, another famed electronics vendor, Sony, has the same problem, but even worse than HP. Unfortunately, in the Sony case, their products don't wear well after fixing, excepting a couple of their rather expensive "professional" series products. I suspect that the 100-plus Apple owners don't really use the machines, otherwise, if they were so reliable, why does Apple desperately avoid repairing their own products, when HP has provided top-level professional technicians (not boys in dusty back rooms of cheap-ass computer stores) to fix their products, and done so consistently ever since the beginning of the PC business in 1966? From dthorn at gte.net Sat Dec 14 22:32:25 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 14 Dec 1996 22:32:25 -0800 (PST) Subject: [No joke] The Feds may legally gas us In-Reply-To: <3.0.32.19961214221317.00683ea0@netcom14.netcom.com> Message-ID: <32B39AA6.58@gte.net> Lucky Green wrote: > At 06:09 PM 12/14/96 +0000, The Deviant wrote: > >True, but the point still stands -- They can't, legally. > I am not certain that the chemical weapons prohibitions apply to a > country's own civilians. IANAL. This is the point that Janet Reno tried to make in front of Congress, that the international accords don't apply internally. While it seemed that some of the representatives or senators were aghast at this, I don't recall any significant rebuttal to her position. From stewarts at ix.netcom.com Sun Dec 15 13:44:35 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Sun, 15 Dec 1996 13:44:35 -0800 (PST) Subject: Gov't Clarifes Position-Surprise! Message-ID: <1.5.4.32.19961215201616.003aa660@popd.ix.netcom.com> Forwarded from "Fred B. Ringel" on pgp-users list: Hi all- A list member forwarded this to me and I thought it was important enough to pass on. Its a "clarification" of the Government's "Key-Escrow/Key Recovery" position which is apparently "worldwide" in its intended reach. Besides the orwellian (sp?) nature of the proposal, I personally cannot imagine how this would be enforceable. Anyway, its something to ponder...how the government intends not only to restrict privacy rights at home, but extend those restrictions beyond our borders. Fred /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Fred B. Ringel Rivertown.Net Systems Administrator P.O. Box 532 and General Fixer-upper Hastings, New York 10706 Voice/Fax/Support: 914.478.2885 Data: 914-478-4988 Westchester's Rivertown's Full Service Flat-Rate Internet Access Provider E-mail "SEND-PGPKEY" in the Subject for my Public Key \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ ----Begin Forwarded Message---- >From EPIC http://www.epic.org/crypto/export_controls/draft_regs_12_96.html **Commerce Department Prepares Draft Encryption Export Regulations** December 11, 1996 The Commerce Department is circulating draft regulations that differ sharply from earlier assurances made by the White House to relax export controls on strong encryption. The draft regulations state that it is the aim of the Commerce Department to promote "a worldwide key management infrastructure with the use of key recovery and key escrow encryption items." The proposal contrasts with earlier assurances that encryption standards would be voluntary and market-driven. The regulations would amend the Export Administration Regulations (EAR) by imposing national security and foreign policy controls ("EI" for Encryption Items) on certain information security systems and equipment, cryptographic devices (including recoverable encryption software) and related technology. For the first time, the Administration makes clear what it means by "Key Recovery Encryption." The regulations state that: For purposes of this rule, "recovery encryption products" refer to encryption products (including software) which allow law enforcement officials to obtain under proper legal authority and without the cooperation or knowledge of the user, the plaintext of encrypted data and communications. This is an exact description of the original Clipper encryption proposal that was widely opposed by Internet users and industry when it was announced in 1993. From geeman at best.com Sun Dec 15 13:45:38 1996 From: geeman at best.com (geeman at best.com) Date: Sun, 15 Dec 1996 13:45:38 -0800 (PST) Subject: Magic Numbers in MD5 Message-ID: <3.0.32.19961215112530.006a9580@best.com> digits of transcendental functions are conjectured to be randomly distributed. however, some specifics of how the sin() function was utilized in MD5 were the basis for a successful attack on the compression function. I don't recall the references. not too hard to find tho. ..snip.. >> Does abs(sin()) have some properties that are especially conducive to >> strengthening MD5 or is it just a function to generate mildly random >> numbers? If the latter, wouldn't the algorithm be stronger if it was >> used with completely random numbers? > >I am not sure of the properties of abs(sin()). I know that the S-boxes in >Blowfish are initialized with pi. I would guess that the purpose of using >such values is to use easily generated pseudo-random numbers. > >Mark >- -- >finger -l for PGP key >PGP encrypted mail prefered. >0xf9b22ba5 now revoked > >-----BEGIN PGP SIGNATURE----- >Version: 2.6.3 >Charset: noconv > >iQEVAwUBMrMD/SzIPc7jvyFpAQEA7gf9HAtV1Vy+3LO5OPOHyU9ZHoath32LhAwU >PzODS/YJsY9fVxaMHOm15oL9D4CX2D5s/Y9cgrALG6pGzw4dBWJZJyqNAcbmsjp/ >B/jNL9jXKCXg1byIzplKSjJqDypLzIPf07xTIQVCC5IDmwZ7pR5owngH9MDaE8is >aFiGZvuWNm7eHQg1kJSb40xQjkwszx+SP1Gv9+fvpys5GZLCTHwPx8SCpy7PXwNp >lm8fgV9mjc7wZIpw73oqPZEb7Q3VHZUOUXS2i6XNF3UVXa4aykBg5VvALPt0tuvv >ah5JjA6JP4STwSCj+HrnMpQJ8SCG4U3kKb54+WOl8H6eo7ekuEU8mw== >=uNLG >-----END PGP SIGNATURE----- > > > From nobody at replay.com Sun Dec 15 13:46:26 1996 From: nobody at replay.com (Anonymous) Date: Sun, 15 Dec 1996 13:46:26 -0800 (PST) Subject: Certified primes Message-ID: <199612151830.TAA23265@basement.replay.com> The only `culture' Timmy C[retin] Maytag possesses is that cultivated from his foreskin scrapings. /\ o-/\ Timmy C[retin] Maytag ///\|/\\\ / /|\ \ From deviant at pooh-corner.com Sun Dec 15 13:46:53 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sun, 15 Dec 1996 13:46:53 -0800 (PST) Subject: [No joke] The Feds may legally gas us In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 15 Dec 1996, Jim Wise wrote: > > > The Deviant wrote: > > > On Fri, 13 Dec 1996, Lucky Green wrote: > > > Folks, > > > Did you know that the Feds may legally test chemical and biological weapons > > > on the civilian population as long as they give 30 days advance notice to > > > > No, they can't. Development, testing, and use of Biological weapons is > > banned by the Geneva conventions (among others). International treaty > > outweighs USC. > > Correct me if I am wrong, but I believe the Geneva conventions do not apply > to nations acting upon their own citizens... This showed up in the legal > wrangling over whether the brutality in Bosnia-Herzegovena was part of a > civil war or a war between nations, and hence whether an international > tribunal had authority... > True; the Geneva conventions only apply to use on other nation's citizenry, but i did note "among others". There are several more which ban development and testing of biological weapons (the names of which i cannot recall, they are mentioned in the nonfiction book "Hot Zone"). --Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 "Evil does seek to maintain power by suppressing the truth." "Or by misleading the innocent." -- Spock and McCoy, "And The Children Shall Lead", stardate 5029.5. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMrQ79zCdEh3oIPAVAQFHgQf8CZ5hMveC1zoOgOyFg8nfXKMPdiju0URW K5iXjpZQSDm6vnTD+eUxynA9FBdhfOB8JKXj/U9VKf6zy7PyL0ZALqsb0tD0k8Y3 eQ1soo3XKVB4Ru2aSVD+Hywr/1NRViPDzaUZSriEA37moke+ChrR9aBcjjxtOE+Y +Z2asE5SYJDCTki/1N3+QVZqI9X2TX/QUpLmMgNyD523ihPeaBn85PR1bbx1rLFs spy+Xg1u/oTIK23rQkBAN+Nd6V+fCuDirLoXnPkUs2PUjl44MwTJ76xQFiID4s9x JWYotVuohV6WAP1UvwzlG7ARN7JD6G8LtlGwTjdxrgkQdS3pOa7hXg== =oovV -----END PGP SIGNATURE----- From olbon at ix.netcom.com Sun Dec 15 13:47:24 1996 From: olbon at ix.netcom.com (Clay Olbon II) Date: Sun, 15 Dec 1996 13:47:24 -0800 (PST) Subject: Medical anonymity Message-ID: <1.5.4.16.19961215111602.345f023e@popd.ix.netcom.com> It probably should no longer surprise me when the popular press is ignorant of anonymity, but of course it still does. There were several otherwise excellent articles in the Detroit News today (http://www.detnews.com/) about DNA research and inherited diseases (specifically breast cancer). The gist of one of the stories is that there are several reasons that deter people from being tested for genetic predispositions to disease, but that one of the primary ones is the fear of losing one's health insurance. Nowhere in the article was the possibility of anonymous testing mentioned. This is a severe oversight in my opinion. Clearly, being tested for a genetic disorder would not require disclosure of one's true name, and the testing could be paid for in cash (of course providing genetic material could eventually be indexed into a database to discover that true name, but I doubt we are there yet, at least I hope not!) The implication of most articles regarding this subject are that "there ought to be a law" prohibiting disclosure by medical practioners. Of course, most of us would probably agree that the proper approach is allowing non-disclosure by those tested. I don't know whether this is currently "legal", is there a legal requirement that medical practioners have "true names" before testing? Medical testing provides a unique opportunity to acquaint the public with the benefits of anonymity. Most americans can clearly see the payoff - not having your health insurance cancelled. Other anonymous transactions have somewhat less tangible benefits for the majority of americans (sorry to be so america-centric, maybe I should change the phrasing to citizen-units ;-) That's my minor rant for a Sunday AM. Now back to my x-mas shopping! Clay ******************************************************* Clay Olbon olbon at ix.netcom.com sys-admin, engineer, programmer, statistitian, etc. **********************************************tanstaafl From frissell at panix.com Sun Dec 15 13:47:46 1996 From: frissell at panix.com (Duncan Frissell) Date: Sun, 15 Dec 1996 13:47:46 -0800 (PST) Subject: Social Security Fraud Message-ID: <3.0.1.32.19961215094900.00cbefbc@panix.com> At 11:42 AM 12/12/96 -0800, Huge Cajones Remailer wrote: > >It seems to me that in the case of an employee giving the wrong number >to his employer, the only person that suffers is the employee through >loss of future payments from the Social Security Administration. The >employer certainly doesn't suffer. Assume that the income tax is >paid. > >What laws would an employee violate? What are the chances of >conviction? What are the likely penalties if convicted? > >Red Rackham Anyone interested should Altavista "social security number FAQ" and read same. DCF > > > From frissell at panix.com Sun Dec 15 13:48:31 1996 From: frissell at panix.com (Duncan Frissell) Date: Sun, 15 Dec 1996 13:48:31 -0800 (PST) Subject: Social Security Fraud Message-ID: <3.0.1.32.19961215094058.00cbf43c@panix.com> At 03:26 PM 12/13/96 -0800, Huge Cajones Remailer wrote: >So how often are people prosecuted under these laws? That is, if you >pay your taxes and don't steal from people, but do give your employer >the wrong SS number, what are the odds that you will be prosecuted? > >If prosecuted, are the odds high that you will receive jail time? >Assume a good lawyer, spotless criminal record, and a favored >racial class. Chances of prosecution zero. Chances of time served zero. DCF From dlv at bwalk.dm.com Sun Dec 15 13:49:07 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 15 Dec 1996 13:49:07 -0800 (PST) Subject: ITARs effects In-Reply-To: Message-ID: Robert Hettinga writes: > At 7:09 pm -0500 12/14/96, Adam Shostack wrote: > > My understanding is that they choose not to continue > >per^H^Hrosecuting Phil for putting the code up for FTP. Thus, this is > >a change. Or did Phil not put the code up for FTP? > > Actually, it's my understanding that PRZ didn't do it personally. Someone > else got the code from Phil and put it on the net. Phil had nothing to do > with it. Except for writing PGP, of course. :-). And what exactly was Kelly Goen's role? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From ravage at einstein.ssz.com Sun Dec 15 13:49:30 1996 From: ravage at einstein.ssz.com (Jim Choate) Date: Sun, 15 Dec 1996 13:49:30 -0800 (PST) Subject: In Defense of Anecdotal Evidence (fwd) Message-ID: <199612151513.JAA03511@einstein> Forwarded message: > Date: Sat, 14 Dec 1996 21:53:02 -0800 > Subject: Re: In Defense of Anecdotal Evidence > > Yes and no. Depends on the objective. If I had to purchase and install > a new server for my employer, and not being an expert in security myself, > I would (barring having a very trusted friend for advice) certainly be > inclined to trust the published reports more than anecdotes, even when > the anecdotes come from erstwhile reputable posters on these lists. Published reports as done in the computer magazines are anecdotal evidence. They neither print their error bands on their stats, the raw results of their tests, or their complete test proceedures. Jim Choate CyberTects ravage at ssz.com From jim at santafe.arch.columbia.edu Sun Dec 15 13:50:11 1996 From: jim at santafe.arch.columbia.edu (Jim Wise) Date: Sun, 15 Dec 1996 13:50:11 -0800 (PST) Subject: [No joke] The Feds may legally gas us In-Reply-To: Message-ID: > The Deviant wrote: > > On Fri, 13 Dec 1996, Lucky Green wrote: > > Folks, > > Did you know that the Feds may legally test chemical and biological weapons > > on the civilian population as long as they give 30 days advance notice to > > No, they can't. Development, testing, and use of Biological weapons is > banned by the Geneva conventions (among others). International treaty > outweighs USC. Correct me if I am wrong, but I believe the Geneva conventions do not apply to nations acting upon their own citizens... This showed up in the legal wrangling over whether the brutality in Bosnia-Herzegovena was part of a civil war or a war between nations, and hence whether an international tribunal had authority... -- Jim Wise jim at santafe.arch.columbia.edu http://www.arch.columbia.edu/~jim * Finger for PGP public key * From ph at netcom.com Sun Dec 15 13:53:05 1996 From: ph at netcom.com (Peter Hendrickson) Date: Sun, 15 Dec 1996 13:53:05 -0800 (PST) Subject: Magic Numbers in MD5 Message-ID: At 2:46 PM 12/14/1996, Mark M. wrote: >On Fri, 13 Dec 1996, Peter Hendrickson wrote: >> First, we have the four chaining variables, A, B, C, and D which >> are initialized with apparently random numbers. > >Random? > >A = 0x01234567 >B = 0x89abcdef >C = 0xfedcba98 >D = 0x76543210 Why yes, those bits are just as likely as any other set. ;-) At 11:39 AM 12/14/1996, Norman Hardy wrote: >Perhaps random numbers would be stronger but they would not be manifestly >random. MD5's formula for t_i precludes the possibility that the definer >of MD5 chose the numbers accoriding to some undisclosed principles that >would allow him a trap door. >The following code computes the magic numbers without requiring trig functions: > >...[nifty code sample redacted]... > >An alternative would have been to let t_i be MD4(i) or SHA(i). > >Using SHA to define MD5 would have required collusion between Rivest >and NSA to allow for a trap door. Even then it would have been very difficult. Still, one prefers to be careful. Rivest is said to be a clever fellow. One or two people at the NSA must know what they are doing. We wouldn't want to bet they aren't smart enough to invent something surprising. Perhaps we should define MD5-Cypherpunks. All interested parties submit sealed random values for the chaining variables and the t_i constants. The new constants are determined by opening the envelopes and XORing all the values. This probably isn't worth the trouble given MD5's known weaknesses, but it might be cool for other algorithms. Does it seem reasonable that this would make cryptanalysis more challenging? One could imagine that brute force attacks exist which are less efficient when the same setup cannot be used for every message. Or, that it is expensive to determine weaknesses for particular sets of constants. It would cause interoperability problems, but one could imagine some organizations would prefer to use their own version of standard algorithms for internal communications if it really did raise the cost of attack. The changes in software would be minimal. Incidentally, when weaknesses were discovered in MD5, did they depend on a particular set of constants, or were the weaknesses general? (I assume the latter, but I would like to know for sure.) Peter Hendrickson ph at netcom.com From shamrock at netcom.com Sun Dec 15 13:53:24 1996 From: shamrock at netcom.com (Lucky Green) Date: Sun, 15 Dec 1996 13:53:24 -0800 (PST) Subject: What a great meeting! Message-ID: <3.0.32.19961214223435.006b32cc@netcom14.netcom.com> I just returned from the monthly CP meeting. This month's meeting was hosted by PGP, Inc. thanks to the efforts of Dave del Torto, who is now with PGP. I would like to publicly thank Dave for making this meeting possible. It was the best CP meeting in a long time. I very much enjoyed Eric Blossom's demo of his voice encryption product. The sound quality is the best I ever heard in such a product. And it uses 3DES. The encryption and sound quality are much better than what you get from AT&T's STU-III. But nothing could have prepared me for the generous gift that PGP, Inc. made to each attendee: a four volume bound set of the *full* pre-alpha source to PGP 3.0, totaling almost 2,000 pages! Way to go, Dave. -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://ourworld.compuserve.com/homepages/justforfun/prime.htm From mycroft at actrix.gen.nz Sun Dec 15 14:33:22 1996 From: mycroft at actrix.gen.nz (Paul Foley) Date: Sun, 15 Dec 1996 14:33:22 -0800 (PST) Subject: Chek it out In-Reply-To: <199612150434.WAA02196@unix.newnorth.net> Message-ID: <199612152232.LAA13462@mycroft.actrix.gen.nz> On Sat, 14 Dec 1996 22:34:58 -0600 (CST), some idiot wrote: > www.geocities.com/SiliconValley/Heights/2608 > It's Kool, but still under construction. It's extremely un-"Kool" to post so many (i.e., more than 0) copies of this crap. Why is cypherpunks the dumping ground for every spotty Herbert's "ChEk Out mY WaY-KoOl RaDiCaL WeBSItE DoOdZ!" ads? :-( -- Paul Foley --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- Power, n: The only narcotic regulated by the SEC instead of the FDA. From wb8foz at wauug.erols.com Sun Dec 15 15:28:11 1996 From: wb8foz at wauug.erols.com (David Lesher / hated by RBOC's in 5 states) Date: Sun, 15 Dec 1996 15:28:11 -0800 (PST) Subject: PGP & Zimmerman on Tonight's CBS News Message-ID: <199612152327.SAA02726@wauug.erols.com> I caught only part of a LONG (by network news standards) piece on crypto with PRZ, Jimmy SuperFed Kellstrom and Scott Charney. If CBS news is yet to air in your area, it is well worth your time to see, and perhaps record. Phil came off very well. -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From frantz at netcom.com Sun Dec 15 15:32:49 1996 From: frantz at netcom.com (Bill Frantz) Date: Sun, 15 Dec 1996 15:32:49 -0800 (PST) Subject: ASM vs portable code [WAS: Re: Java DES breaker?] In-Reply-To: <199612131459.GAA06660@cygnus.com> Message-ID: At 9:28 PM -0800 12/14/96, Dale Thorn wrote: >I remember sitting down with some ASM programmers in the mid 1980's >(using x86 PCs), and at that time, looking at the Codeview tracings, >it occurred to me that ASM would nearly always run 2x faster than 'C', >something that is inherent in the processes. Modern compiler peephole optimizers are quite good, and there is not much to be gained by trying to beat them. The real gains come from being able to make more restrictive assumptions than a compiler based on your superior knowledge of the program. For example, most operating system kernels have a global pointer to the current process. Assembly language kernels normally dedicate a register to hold that pointer. In C, each separately compiled routine must re-load it from its memory location because they can not coordinate register usage. Parameter passing is another place this kind of global register assignment can improve assembly programs. Another place where this global view of a program helps is in re-loads after calling externally compiled routines. The compiler must assume that the external routine has changed the variable while a smart programmer can know better and save the re-load. Even if the data is in the level 1 cache, most architectures can do at most one memory reference instruction per cycle, and memory accesses seem to be the critical path for OS kernels. These optimizations work better with register rich architectures such as the R4000, Sparc, PowerPC etc. than they do on the popular Intel architecture because there are more registers to use. BTW - My experience with Assembler over C is more like 4:1 than 2:1. YMMV! ------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA From hallam at ai.mit.edu Sun Dec 15 16:00:20 1996 From: hallam at ai.mit.edu (Phillip M. Hallam-Baker) Date: Sun, 15 Dec 1996 16:00:20 -0800 (PST) Subject: Why PICS is the wrong approach Message-ID: <01BBEABA.4237CB30@crecy.ai.mit.edu> Dale Thorn wrote in article <58q40v$k22 at life.ai.mit.edu>... > Vladimir Z. Nuri wrote: > If Firefly is an example of what PICS is or could become, the hell with > PICS. Firefly encourages and rewards group behavior and suppresses > individuality. Firefly would reward the discussion of the latest album > by a Columbia or Capitol artist, and discourage discussion of material > from independent (real independent) labels. I know because I've been > there and spent quite a bit of time trying to get a rating. I think there are two issues here, Firefly and PICS. Confusing one with the other is a bad thing. PICS is simply one way of applying labels to content. Its sole reason for being was to head off the CDA. Now that the judicial route has been taken I see little likelyhood that PICS can succeed since either the supreme court will uphold the CDA and we have the Singapore scenario or the CDA gets booted out and the matter is over. If the US congress had wanted to do any good instead of making itself look good then the voluntary approach of PICS with the multiple rating schemes was the one most likely to work. I don't think that it would stop 16 year olds from seeing pornography but since children of that age are in most jurdisdictions permitted by law to engage in sex on their own account it seems a bit bizare to prohibit them from seeing pictures of sexual acts. The problem with Firefly is that its a good(ish) idea baddly implemented. The much vaunted "agent" technology uses only a very primitive nearest neighbour type match. There is no attempt to draw structural inferences from the material, such as abstractions. For example if I enjoy Dire Straights and Peter Gabriel then a shop assistant would peg me as a late 70s rock fan and point me towards the Fleetwood Mac and such. Firefly has 50% of the structure needed to produce interesting matches but lacks the ability to make inferences. At least if it is the same technology as Ringo, the previous generation. This shortcomming of Ringo means that it is very slow work training it. To get a useful measure it needs hundreds of data points. When I visited I was faced with page after page of US 90s chart bands which I've not heard of and have no interest in. Phill From m5 at tivoli.com Sun Dec 15 16:13:11 1996 From: m5 at tivoli.com (Mike McNally) Date: Sun, 15 Dec 1996 16:13:11 -0800 (PST) Subject: ASM vs portable code [WAS: Re: Java DES breaker?] In-Reply-To: <199612131459.GAA06660@cygnus.com> Message-ID: <32B493D9.558F@tivoli.com> Bill Frantz wrote: > > In C, each separately compiled routine must re-load it from its > memory location because they can not coordinate register usage. There are such things as global optimizers that are quite capable of locating heavily-used global variables. > Another place where this global view of a program helps is in re-loads > after calling externally compiled routines. The compiler must assume > that the external routine has changed the variable No, it's not true that it "must" do that. There are optimizer systems that defer decisions until link time (the MIPS compilers for example). That said, it's probably the case that a hand-written DES routine could probably better a good optimizer; the size of the problem is pretty small. On the other hand, I suspect a specially-tuned optimizer that used (maybe; I'm making this up off the top of my head) some sort of genetic techniques could find faster code sequences than a human coder would. ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Mike McNally -- Egregiously Pointy -- Tivoli Systems, "IBM" -- Austin mailto:m5 at tivoli.com mailto:m101 at io.com http://www.io.com/~m101 ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ From dthorn at gte.net Sun Dec 15 17:14:05 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 15 Dec 1996 17:14:05 -0800 (PST) Subject: [No joke] The Feds may legally gas us In-Reply-To: Message-ID: <32B43A02.56CE@gte.net> Jim Wise wrote: > > The Deviant wrote: > > > On Fri, 13 Dec 1996, Lucky Green wrote: > > > Did you know that the Feds may legally test chemical and biological weapons > > > on the civilian population as long as they give 30 days advance notice to > > No, they can't. Development, testing, and use of Biological weapons is > > banned by the Geneva conventions (among others). International treaty > > outweighs USC. > Correct me if I am wrong, but I believe the Geneva conventions do not apply > to nations acting upon their own citizens... This showed up in the legal > wrangling over whether the brutality in Bosnia-Herzegovena was part of a > civil war or a war between nations, and hence whether an international > tribunal had authority... On a related note, the L.A. Times (not a real newspaper) has devoted a tremendous amount of space to convincing their readers that a tribunal can be put together to prosecute the Bosnian Serbs. Anyone familiar with the stories can undoubtedly argue that either the stories didn't exactly say this, or they were obviously wishful thinking with no legal weight, and so on. My point is simply that the vast amount of valuable newspaper space isn't being thrown away; it has a purpose which is tied to investments, probably international. Laws can take a back seat to a strong tide of public pressure - witness the movements to keep trying people in court until a conviction can be obtained to satisfy the public: DeLaBeckwith, Powell/Koon et al, and now O.J. Simpson. The L.A. Times figures (as does former Atty. Gen. Ramsey Clark in his work on the Gulf War) that if they stir up enough "controversy" over the Bosnia issue, the international public will put enough pressure on to satisfy the Times' agenda. Further (and at the risk of being identified with a particular political slant, which I don't have), this "newspaper" is actively collaborating with other international interests to put the nail in Free Speech, via the Holocaust issue. Carto of Liberty Lobby fame (the bane of the ADL) is down for the count again, and unlike the last two or three times, he may not survive this one, probably because his supporters are thinning out from old age. Carto's main theme in life, which I got in person one day in 1993, is that the Holocaust has been co-opted by the National Security State for a variety of reasons, one of which is to curtail Free Speech (Holocaust deniers thrive on Free Speech), by passing laws everywhere that make it a criminal offense to "doubt the Holocaust". Again, my point isn't to argue any law, just to point out where change in the law is going to come from. From zerofaith at mail.geocities.com Sun Dec 15 17:58:18 1996 From: zerofaith at mail.geocities.com (Psionic Damage) Date: Sun, 15 Dec 1996 17:58:18 -0800 (PST) Subject: sorry for the spam! Message-ID: <199612160157.RAA24380@geocities.com> I apologize 4 the spam, not my doing, Haven't figured out who waz responsible, but I will understand if I amd kicked off this list. Once again, I am sorry. ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ---------------------- Zer0 Faith Inc. H/P/A/V/C UNDER-WORLD www.geocities.com/SiliconValley/Heights/2608 MEMBERZ: GATEMASTER, VIRIZZ, KRASH, EVIL TWIN, PHONEHAZORD, PSIONIC DAMAGE, MANTIKORE, ERADIKATOR, PSYCHODROME, SONIK, kOBRA, & KRYPTIK! EMAIL:zerofaith at nlights.net (headquarterz) hakker1 at hotmail.com (Delious's Haus!) hackerz at juno.com (The Gatemaster'z palace) zerofaith at geocities.com (delivery/help/requests/suggestions) From tcmay at got.net Sun Dec 15 18:07:57 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 15 Dec 1996 18:07:57 -0800 (PST) Subject: [No joke] The Feds may legally gas us In-Reply-To: <3.0.32.19961214221317.00683ea0@netcom14.netcom.com> Message-ID: At 10:21 PM -0800 12/14/96, Lucky Green wrote: >At 06:09 PM 12/14/96 +0000, The Deviant wrote: >>True, but the point still stands -- They can't, legally. > >I am not certain that the chemical weapons prohibitions apply to a >country's own civilians. IANAL. > I have no opinion on whether the government has the legal authority to perform CBW experiments on its citizen-units, but clearly what the laws authorize and what is done are two entirely different things. Consider that two major, long-lasting, very damaging wars were fought by U.S. troops--without the "Declaration of War" so prominently included in the Constitution. I refer of course to the Korean War and the Vietnam War, both of which were treated by the U.S. government as "something else" ("police action," "recent unpleasantness," :-}, etc.). When the intent of the Framers can be so skirted by calling a war something besides a war...well, I rather doubt the CBQ experimenters would worry too much about some obscure law. As to experiments on U.S. citizen-units, this seems much less likely than before. First, there are lots of whistle-blowers, journalists, etc. (including perhaps some who might use our remailers to let out details). Second, there are now several dozen "captive nations" under the thrall of the U.S., especiallly with the U.S. the only remaining superpower. In many cases, their governments may take a bribe to allow experimentation on their citizen-units. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From azur at netcom.com Sun Dec 15 18:40:01 1996 From: azur at netcom.com (Steve Schear) Date: Sun, 15 Dec 1996 18:40:01 -0800 (PST) Subject: ITARs effects Message-ID: >Adam Shostack writes: > >: Peter D. Junger wrote: >: | >: | : This implies that putting something up for FTP == export. Holy >: | : shit. >: | >: | That has always been the position of the Department of Defense Trade >: | Controls with respect to the ITAR, the only difference is that now >: | it is going to be in writing. >: >: My understanding is that they choose not to continue >: per^H^Hrosecuting Phil for putting the code up for FTP. Thus, this is >: a change. Or did Phil not put the code up for FTP? > >Phil probably did not put up the code, [snip] > In my case the >government's lawyer has made it quite clear that they would consider >putting cryptographic software on a web site as a violation, and I >don't think that for this purpose there is any distinction either in >the government's mind or in reality between an FTP site and a web >site. > These changes are all aimed at making it harder to make money from strong crypto and therefore reduce its common availability worldwide. They do little to keep it from circulating worlwide, what ever its country of origin as anonymous posting to a newsgroup is still straightforward. Look for more shareware and commercial crypto source to circulate in printed, rather than machine-readable, form to take advantage of freedom of speech rules. -- Steve From mhw at wittsend.com Sun Dec 15 19:50:02 1996 From: mhw at wittsend.com (Michael H. Warfield) Date: Sun, 15 Dec 1996 19:50:02 -0800 (PST) Subject: sorry for the spam! In-Reply-To: <199612160157.RAA24380@geocities.com> Message-ID: Psionic Damage enscribed thusly: > I apologize 4 the spam, not my doing, Haven't figured out who waz > responsible, but I will understand if I amd kicked off this list. > Once again, I am sorry. The individual is a little shit operating a windows system on IP address 206.129.116.108 as of Sunday evening. While the messages where poping up on cypherpunks, one of the Received-By headers was indicating his IP address. I was able to confirm his presence on the network and determine it to be a windows system operating with the workstation name of "MARLAEST" and a workgroup name of "ESTES ADVENTURE". He's not operating a windows messaging pop-up or I would have sent him an appropriate message of appreciation. Since it IS a windows system (and not running sendmail) I think it is safe to assume that he IS the end point of this bullshit. 206.129.116.108 is in a block assigned to Premier1 Internet, Coordinator Michael Heuerman, mikheu at PREMIER1.NET (360-793-3658), who is also getting a copy of this... This individual is still on line as of 22:43 EDT 12/15/96 Can someone kindly track this little asshole down and dump his sorry ass in the nearest toxic waste dump? > ---------------------------------------------------------------------------- > ---------------------------------------------------------------------------- > ---------------------- > Zer0 Faith Inc. H/P/A/V/C UNDER-WORLD > www.geocities.com/SiliconValley/Heights/2608 > > MEMBERZ: > > GATEMASTER, VIRIZZ, KRASH, EVIL TWIN, PHONEHAZORD, PSIONIC DAMAGE, > MANTIKORE, ERADIKATOR, PSYCHODROME, SONIK, kOBRA, & KRYPTIK! > > EMAIL:zerofaith at nlights.net (headquarterz) hakker1 at hotmail.com (Delious's > Haus!) hackerz at juno.com (The Gatemaster'z palace) zerofaith at geocities.com > (delivery/help/requests/suggestions) Mike -- Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com (The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From josh at MCI.net Sun Dec 15 20:09:47 1996 From: josh at MCI.net (VAN HOUTEN) Date: Sun, 15 Dec 1996 20:09:47 -0800 (PST) Subject: read if have time (not important) Message-ID: <01BBEACB.CC7E23A0@usr20-dialup3.mix1.Sacramento.mci.net> Hi thanx for taking time out to read this note. I am doing a school paper on "Sex and Violence on the Internet". If you might be able to write me on your thoughts on the subject that would be very helpfull. Sorry if I took up your time. So you do not have to E-mail to the whole list my address is: josh at mci.net thank you so much....... From jamie at comet.net Sun Dec 15 20:23:44 1996 From: jamie at comet.net (jamie dyer) Date: Sun, 15 Dec 1996 20:23:44 -0800 (PST) Subject: chek it out Message-ID: Thank god for procmail. jamie ------------------------------------------------------------------------------ jamie at comet.net | Comet.Net | Send empty message | Charlottesville, Va. | to pgpkey at comet.net | (804)295-2407 | for pgp public key. | http://www.comet.net | "When buying and selling are controlled by legislation, the first things to be bought and sold are legislators" -P.J. O'Rourke. ------------------------------------------------------------------------------ From jfpoole at undergrad.math.uwaterloo.ca Sun Dec 15 20:38:10 1996 From: jfpoole at undergrad.math.uwaterloo.ca (John Poole) Date: Sun, 15 Dec 1996 20:38:10 -0800 (PST) Subject: ASM vs portable code [WAS: Re: Java DES breaker?] Message-ID: <199612160438.XAA11664@mag1.magmacom.com> Dale Thorn wrote: > I remember sitting down with some ASM programmers in the mid 1980's > (using x86 PCs), and at that time, looking at the Codeview tracings, > it occurred to me that ASM would nearly always run 2x faster than 'C', > something that is inherent in the processes. This discussion sounds similar to the "C vs. Assembler" thread that's been raging on comp.lang.c for the past couple of months. The general consensus seems to be that on an x86 processor, using C for most of your program and using assembler sparingly is the best way to go. Plus, most compilers will produce code that runs about 1.2 - 1.5 times slower than your average assembler code. You mileage, of course, will vary. ----------------------------------------------- John Poole, 2A AM/CS, University of Waterloo http://www.undergrad.math.uwaterloo.ca/~jfpoole "I've gone too far, for too little." From joelm at eskimo.com Sun Dec 15 21:19:37 1996 From: joelm at eskimo.com (Joel McNamara) Date: Sun, 15 Dec 1996 21:19:37 -0800 (PST) Subject: Van Eck articles Message-ID: <3.0.32.19961215211852.00e8ff4c@mail.eskimo.com> Looking for: "Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?" by Wim Van Eck, published in "Computers & Security," 1985, Vol 4 and "Protective Measures Against Compromising Electromagnetic Radiation Emitted by Video Display Terminals" by Professor Erhard Moller, Aachen University, 1990 (no source citation) Haven't found an electronic version of either of these yet, and will visit the good old "paper-based" library next week if no pointers show up. Thanks in advance... Joel From tfs at adsl-122.cais.com Sun Dec 15 21:27:50 1996 From: tfs at adsl-122.cais.com (Tim Scanlon) Date: Sun, 15 Dec 1996 21:27:50 -0800 (PST) Subject: Gov't Clarifes Position-Surprise! In-Reply-To: <1.5.4.32.19961215201616.003aa660@popd.ix.netcom.com> Message-ID: <9612160526.AA21666@adsl-122.cais.com> stewarts at ix.netcom.com said: |----Begin Forwarded Message---- |>From EPIC http://www.epic.org/crypto/export_controls/draft_regs_12_96.html | |**Commerce Department Prepares Draft Encryption Export Regulations** | |December 11, 1996 | [snip] |The regulations would amend the Export Administration Regulations (EAR) |by imposing national security and foreign policy controls ("EI" for |Encryption Items) on certain information security systems and equipment, |cryptographic devices (including recoverable encryption software) and |related technology. Basicly everything. Presuming or believing there are things that are exempt from these regulations is foolish. They're like a rude salesman with a foot in the door, they are not used to being told "no", nor will they stop at a simple "no". | |For the first time, the Administration makes clear what it means by "Key |Recovery Encryption." The regulations state that: | |For purposes of this rule, "recovery encryption products" refer to |encryption products (including software) which allow law enforcement |officials to obtain under proper legal authority and without |the cooperation or knowledge of the user, the plaintext of encrypted data |and communications. This is the important part. US Law Enforcement, specificly the FBI, have a serious desire to obliterate privacy. Reading of documents profiling what they desire spans this, and the only "check" they speak of or envision is that of a warrant or other legal means to do so. I say "other legal means" because they'll probably start chipping away & narrowly interpreting the privacy act as soon as they achieve this goal. As it stands, it's entirely too easy for them to get basic search warrants, and I believe they want to do a technology conversion on that to be able to engage in digital wiretapping & searches. I think they believe computers, properly governed, can make their jobs easier. In this case laziness is the root of all evil. The sick thing is the closest I can come to governmental analogues to what they propose are organizations like the East German Stasi, Stalin's secret police, and other similar police organizations who effectively utilize technology to curtail liberty. In todays society, they don't have to make people "disappeared", but rather to just do it to people's technology. The FBI does this now as things stand. Punitive seizure of computers without indictments or charges are relatively commonplace. I believe the whole situation is going to get worse as they continue to chip away at crypto. They certainly are NOT acting as protectors of liberty in the US in any way with these proposals. | |This is an exact description of the original Clipper encryption proposal |that was widely opposed by Internet users and industry when it was |announced in 1993. Clipper 3.11 shares all the same goals, and in fact, as time has passed, while they try to chip away at privacy, it has become even more apparent that the goals they want are regressive in terms of what we in the US consider basic freedoms, and that they're Orwellian and frightening when you think about the long haul. Expect a 'Clipper 95' if this subsides or gets shot down. These people are in it for the long haul. Snooping has always been the lazy mans way to engage in law enforcement, and is obviously the most comprehensive choice. Privacy is very inconvenient to the "needs" (ever notice they never have 'wants'? and always have some horrific example to dredge up, no matter how fluky or 1-in-a-million, to justify what they "need"? Funny how that works out.) of law enforcement. Expect some form of cooperation with EC governments if this stuff goes through. The recent posting to cypherpunks about the "radikal" raid in the Netherlands is probably a good foreshadowing of this. If you have not seen the article, and want to, I will be happy to remail it. Tim Scanlon From haystack at cow.net Sun Dec 15 21:29:52 1996 From: haystack at cow.net (Bovine Remailer) Date: Sun, 15 Dec 1996 21:29:52 -0800 (PST) Subject: No Subject Message-ID: <9612160514.AA12168@cow.net> >admit that HP (for example) is the best, reliability-wise, yet I have >purchased quite a few of their computers and major peripherals over the >past 20 years, and I have experienced an approximate 40% (!) defective >rate during the one-year warranty period, more than 30% falling within >the first three months. Dale, perhaps it's time for you to seek out a new career. Check that LA "Not a real paper" Times for things like "car wash assistant needed" and good luck. From wombat at mcfeely.bsfs.org Sun Dec 15 22:27:57 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Sun, 15 Dec 1996 22:27:57 -0800 (PST) Subject: sorry for the spam! In-Reply-To: <199612160157.RAA24380@geocities.com> Message-ID: Sorry for the SIN attack. Not my doing. The Ping of Death, either. Nope. -r.w. On Sun, 15 Dec 1996, Psionic Damage wrote: > I apologize 4 the spam, not my doing, Haven't figured out who waz > responsible, but I will understand if I amd kicked off this list. > Once again, I am sorry. > ---------------------------------------------------------------------------- > ---------------------------------------------------------------------------- > ---------------------- > Zer0 Faith Inc. H/P/A/V/C UNDER-WORLD > www.geocities.com/SiliconValley/Heights/2608 > > MEMBERZ: > > GATEMASTER, VIRIZZ, KRASH, EVIL TWIN, PHONEHAZORD, PSIONIC DAMAGE, > MANTIKORE, ERADIKATOR, PSYCHODROME, SONIK, kOBRA, & KRYPTIK! > > EMAIL:zerofaith at nlights.net (headquarterz) hakker1 at hotmail.com (Delious's > Haus!) hackerz at juno.com (The Gatemaster'z palace) zerofaith at geocities.com > (delivery/help/requests/suggestions) > > > > From msprague at ridgecrest.ca.us Sun Dec 15 23:18:36 1996 From: msprague at ridgecrest.ca.us (msprague at ridgecrest.ca.us) Date: Sun, 15 Dec 1996 23:18:36 -0800 (PST) Subject: sorry for the spam! Message-ID: <199612160717.XAA19637@owens.ridgecrest.ca.us> as of Sunday 23:00PST 12/15 he was using a mailto IP of 206.129.116.5 and http's to 192.41.31.20/thatguy/upyours.zip >Psionic Damage enscribed thusly: > >> I apologize 4 the spam, not my doing, Haven't figured out who waz >> responsible, but I will understand if I amd kicked off this list. >> Once again, I am sorry. > > The individual is a little shit operating a windows system on >IP address 206.129.116.108 as of Sunday evening. While the messages >where poping up on cypherpunks, one of the Received-By headers was >indicating his IP address. I was able to confirm his presence on the >network and determine it to be a windows system operating with the workstation >name of "MARLAEST" and a workgroup name of "ESTES ADVENTURE". He's not >operating a windows messaging pop-up or I would have sent him an appropriate >message of appreciation. Since it IS a windows system (and not running >sendmail) I think it is safe to assume that he IS the end point of this >bullshit. > > 206.129.116.108 is in a block assigned to Premier1 Internet, >Coordinator Michael Heuerman, mikheu at PREMIER1.NET (360-793-3658), who is also >getting a copy of this... > > This individual is still on line as of 22:43 EDT 12/15/96 > > Can someone kindly track this little asshole down and dump his sorry >ass in the nearest toxic waste dump? > >> ---------------------------------------------------------------------------- >> ---------------------------------------------------------------------------- >> ---------------------- >> Zer0 Faith Inc. H/P/A/V/C UNDER-WORLD >> www.geocities.com/SiliconValley/Heights/2608 >> >> MEMBERZ: >> >> GATEMASTER, VIRIZZ, KRASH, EVIL TWIN, PHONEHAZORD, PSIONIC DAMAGE, >> MANTIKORE, ERADIKATOR, PSYCHODROME, SONIK, kOBRA, & KRYPTIK! >> >> EMAIL:zerofaith at nlights.net (headquarterz) hakker1 at hotmail.com (Delious's >> Haus!) hackerz at juno.com (The Gatemaster'z palace) zerofaith at geocities.com >> (delivery/help/requests/suggestions) > > Mike >-- > Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com > (The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/ > NIC whois: MHW9 | An optimist believes we live in the best of all > PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! > > From azur at netcom.com Sun Dec 15 23:38:02 1996 From: azur at netcom.com (Steve Schear) Date: Sun, 15 Dec 1996 23:38:02 -0800 (PST) Subject: Van Eck articles Message-ID: >Looking for: > >"Electromagnetic Radiation from Video Display Units: An Eavesdropping >Risk?" by Wim Van Eck, published in "Computers & Security," 1985, Vol 4 I OCR'd this and have it as either an 895K Word 5.1a (Mac) or 705K Acrobat document. I'll email a copy to anyone that's interested. > >and > >"Protective Measures Against Compromising Electromagnetic Radiation Emitted >by Video Display Terminals" by Professor Erhard Moller, Aachen University, >1990 (no source citation) I seem to have misplaced this document. However, I don't recall OCR'r it. -- Steve From rcgraves at ix.netcom.com Sun Dec 15 23:51:51 1996 From: rcgraves at ix.netcom.com (rcgraves at ix.netcom.com) Date: Sun, 15 Dec 1996 23:51:51 -0800 (PST) Subject: Carto international money-laundering/embezzlement case Message-ID: <199612160751.XAA03800@dfw-ix4.ix.netcom.com> -----BEGIN PGP SIGNED MESSAGE----- Dale Thorn wrote: > > Further (and at the risk of being identified with a particular > political slant, which I don't have), this "newspaper" is actively > collaborating with other international interests to put the nail in > Free Speech, via the Holocaust issue. Carto of Liberty Lobby fame Apologies for replying to a crank whom most people are already ignoring, but I've got lots of material relating to the case of Legion v. Carto, which Dale summarizes quite wrongly, at http://www-leland.stanford.edu/~llurch/potw2/legion/ Cypherpunk relevance: HUGE. Money laundering, reputation control, data and tax havens, libertarian and Nazi fantasies, criminal cults, and a dog named Fido. Judge Maino: | I believe that I could appoint a platoon of lawyers and accountants | to look into this case and I would still not be much closer to answering | the following questions than I am today. The reason the truth will never | be fully known is because the parties, all highly intelligent and | capable, seem to have spent their lives forming organizations and then | transferring money between these organizations to avoid problems with | their opponents or the government. A good example of this is Ms. Farrel. | She gives up U.S. Citizenship, takes Columbian citizenship, and resides | in Switzerland to avoid taxes. She keeps her assets in the U.S., England, | Switzerland, Germany, Singapore and Japan. She sets up a Liberian | corporation, Neca, to take charge of her assets for the Legion which is a | Texas corporation doing business in California. Far from Dale's preoccupation with "international joo interests," it's a case of two neo-Nazi groups suing each other over the mismanagement of an inheritance. Stir in a little CoS interest (they want to cover up Marcellus's involvement with Holocaust denial and to associate recent legal actions against the cult in Germany with the Holocaust), and it's a veritable cornucopia of fruitcakes bashing each other, all over money for which no clear accounting can be made because it was always kept at least partly underground. Would that we could all do so well. The judge's letter on how he saw the witnesses is *very* entertaining. It's legion-vs-carto-letter.html in the above directory, but by all means, read it all. If you have soft copies of anything The Spotlight or any other pro-Carto rag has to say for itself, I'd be delighted to archive them, too. - -rich -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMrT+85NcNyVVy0jxAQHhewIArARpR1DeaX+dKeyB+nAbL0otSEbtfO+I kRrfJMG6rR9TrMXPcRpj/ViWXvqEPOMNJoUXjv3xGfT6MoXcsuPFhQ== =f60U -----END PGP SIGNATURE----- From dagmar at edge.net Mon Dec 16 00:10:49 1996 From: dagmar at edge.net (Dagmar the Surreal) Date: Mon, 16 Dec 1996 00:10:49 -0800 (PST) Subject: sorry for the spam! Message-ID: <3.0.32.19961216021235.00725744@edge.net> A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 1810 bytes Desc: not available URL: From 100567.540 at compuserve.com Mon Dec 16 00:23:55 1996 From: 100567.540 at compuserve.com (IIR GmbH & Co) Date: Mon, 16 Dec 1996 00:23:55 -0800 (PST) Subject: xxx Message-ID: <961216082117_100567.540_GHW109-1@CompuServe.COM> From mf at MediaFilter.org Mon Dec 16 01:32:54 1996 From: mf at MediaFilter.org (MediaFilter) Date: Mon, 16 Dec 1996 01:32:54 -0800 (PST) Subject: name.space. call for content Message-ID: <1361416246-7199575@MediaFilter.org> Hello All, The black.hole in the net project is now online and functioning. Please add your project to the "switchboard" via the links generator accessable from the black.hole page: http://black.hole (or http://blackhole.autono.net) The page is beginning to get lots of hits, so now's the time to put up your stuff! Best wishes, Paul Garrin From jya at pipeline.com Mon Dec 16 04:56:26 1996 From: jya at pipeline.com (John Young) Date: Mon, 16 Dec 1996 04:56:26 -0800 (PST) Subject: NYT: Faulty Crypto Policy Message-ID: <1.5.4.32.19961216125254.0067e118@pop.pipeline.com> The New York Times, December 16, 1996, p. A14. Another Faulty Encryption Policy [Editorial] The Clinton Administration has issued its third plan in as many years to keep powerful encryption programs for telephone and computer messages out of the hands of international terrorists and criminals. But this latest plan to control the export of encryption software, like the two before it, is unworkable and risks trampling on privacy rights and harming American software firms. Encryption in the hands of criminals unquestionably makes law enforcement hard. But the greatest use of encryption is by banks and other legal businesses that need to transmit confidential data without fear of interception. In legitimate hands, encryption helps to prevent crime. The Administration first sought to steer all Americans toward an encryption standard that Washington would design, thus preserving the Government's ability to tap phone calls. But after sharp criticism of Government snooping, the Administration retreated to a policy, still rejected by most privacy advocates and software firms, aimed at exports of encryption programs. The newly released regulations, which were supposed to implement the October policy, in fact make a flawed policy even worse. The one consistent thread through the Administration's plans is commitment to an encryption standard that uses mathematical "passwords" to scramble messages. The Government would then have the technical capacity to recover passwords, upon court order, and unscramble the phone or computer message. But the new policy will not succeed abroad. The Administration insists it needs not only to unscramble stored computer files but also to tap phone and computer messages, without the caller's knowledge, as they are transmitted. That would in effect require the foreign purchaser of American software to deposit its passwords with a reputable outside party -- a government agency, a bank or the computer firm from which it bought the software -- which would relinquish them upon court order and without notifying the user. What foreign company or individual will purchase software that is prey to undisclosed Government snooping when they can, buy equally powerful encryption from foreign firms that offer no such path for eavesdropping? The plan runs into other insolvable problems. It does not propose prohibiting powerful encryption software for domestic purchase, where such programs are constitutionally protected and already in wide use. Thus anyone could, with a few key strokes, send the domestically available programs over the Internet to Europe and beyond. The Administration also fears that software firms will write their programs so that the powerful domestic versions communicate readily with the easier-to-tap export products. If so, the technical result would be that criminals here and abroad could communicate out of reach of Government wiretaps. The Administration proposes to solve that problem by prohibiting software firms from providing easy communication between their domestic and export products. But that would make American export encryption programs unsellable abroad. A panel of the National Research Council recommended that Washington drop export restrictions on encryption software already available abroad, beef up the F.B.I.'s ability to crack private encryption codes and support private efforts to develop high quality encryption to stop illegal eavesdropping. Those steps will improve communications security and will not put Government law officers in corporate boardrooms, open E-mail to instant wiretaps or send foreign customers toward European and Asian software firms. [End] From jya at pipeline.com Mon Dec 16 05:25:23 1996 From: jya at pipeline.com (John Young) Date: Mon, 16 Dec 1996 05:25:23 -0800 (PST) Subject: FER_mat Message-ID: <1.5.4.32.19961216132150.00681378@pop.pipeline.com> 12-16-96. NYP Book review: Fermat's Last Theorem: Unlocking the Secret of an Ancient Mathematical Problem By Amir D. Aczel The world has many worlds, with the priestly cult of mathematicians, so mystifyingly and inaccessible to most people, among the more esoterically interesting of them. Aczel describes the intrigue and double-dealing in the international world of mathematical speculation, some of which involves Andrew Wile's proof of Fermat's theorem. ----- FER_mat ---------- The NYP reported on Wile's proof in January, 1995: http://jya.com/fermhak.txt (15 kb) FERM_hak From jya at pipeline.com Mon Dec 16 06:10:32 1996 From: jya at pipeline.com (John Young) Date: Mon, 16 Dec 1996 06:10:32 -0800 (PST) Subject: SAV_eit Message-ID: <1.5.4.32.19961216140703.0067d0c0@pop.pipeline.com> 12-16-96. NYP: "Global Debate Over Treaties On Copyright" Given the overwhelming domestic objections to most of the treaty proposals, the obvious questions are: Who does support them? And why is the United States pushing so hard for them in Geneva? In fact, the main beneficiaries of the new copyright rules are the highest-stake copyright holders: rich, politically powerful entertainment and media conglomerates, which fear that pirated material will destroy the lucrative international market for products that can be digitally copied and distributed globally. In the digital world, computer software companies are already effectively using various data encryption technologies to protect their products for distribution over the network. And if progress to date is any indication, these technologies will become even more sophisticated and effective over time. ----- SAV_eit From trei at process.com Mon Dec 16 06:30:16 1996 From: trei at process.com (Peter Trei) Date: Mon, 16 Dec 1996 06:30:16 -0800 (PST) Subject: ITARs effects Message-ID: <199612161430.GAA20178@toad.com> azur at netcom.com (Steve Schear) writes: > >Adam Shostack writes: > [snip] > > In my case the > >government's lawyer has made it quite clear that they would consider > >putting cryptographic software on a web site as a violation, and I > >don't think that for this purpose there is any distinction either in > >the government's mind or in reality between an FTP site and a web > >site. > > > > These changes are all aimed at making it harder to make money from strong > crypto and therefore reduce its common availability worldwide. They do > little to keep it from circulating worlwide, what ever its country of > origin as anonymous posting to a newsgroup is still straightforward. > > Look for more shareware and commercial crypto source to circulate in > printed, rather than machine-readable, form to take advantage of freedom of > speech rules. > > -- Steve >From the proposed regs: ----------------------- 16. Section 734.7 is amended by revising paragraph (b) to read as follows: 734.7 Published information and software. * * * * * Accordingly, such encryption software in both source code and object code remains subject to the EAR even if published in a book or any other writing or media. ^^^^^^^^^^^^^^^^^^^^^^^^^^^ ------------------------ Peter Trei trei at Process.com From nobody at replay.com Mon Dec 16 06:39:01 1996 From: nobody at replay.com (Anonymous) Date: Mon, 16 Dec 1996 06:39:01 -0800 (PST) Subject: fwd: e-mail for free children's books for hospitals (fwd) Message-ID: <199612161438.PAA00619@basement.replay.com> Forwarded this anonymously so as not to get flames for being OFF Subject. Spread the spirit of Christmas :-) > --------- Begin forwarded message ---------- > From: Janet_Alfermann%TCI_DALLAS at trinityconsultants.com > To: James_McDonald at radian.com, > GARDNER.MINDY at epamail.epa.gov,kelemetcsl at bv.com, eriqe at aol.com, > ericscheier at worldnet.att.net,Denise_Ratcliff at mgind.com,CN=KNICKREHM.DENISE_A/O=Trinity_Consultants at KANSAS-CITY.VA.GOV,jumisch at cris.com, > stelzer at tannalum.attmail.com, effland at juno.com,kopecky at sky.net, > tjalfer at is.usmo.com, pderner at umr.edu,jderner at marvin.ecc.cc.mo.us, > eckelkac at river.it.gvsu.edu,gg14stu at semovm.semo.edu, > Laura.Dulle at anheuser-busch.com,rseggelk at redwood.DN.HAC.COM, > rebecca.light at qm.sprintcorp.com,michelle_wilde_at_NIL001 at ccmailgw.mcgawpark.baxter.com,redingers at earthlink.net, > spring at terra.geology.indiana.edu,schroedp at mail.olathe.k12.ks.us, > kupneski.mj at pg.com, plutz at umr.edu > Subject: Please read > Date: Fri, 13 Dec 1996 14:22:45 -0500 > Message-ID: <862563FF:006DB8EA.00 at mail.trinityconsultants.com> > > > > > > Christmas spirit INTERNET style. > > The Houghton-Mifflin publishing co. is giving books to children's > hospitals; how many books they give depends on how many emails they > receive from people around the world. For every 25 emails they > receive, they give one book--it seems like a great way to help a good > cause. > > All you have to do is email share at hmco.com. > > Hope you can spare the seconds...and let your friends know. So far > they only have 3, 400 messages...last year they reached 23,000. > > Merry Christmas > > > > > --------- End forwarded message ---------- > > > -- From mhw at wittsend.com Mon Dec 16 06:41:41 1996 From: mhw at wittsend.com (Michael H. Warfield) Date: Mon, 16 Dec 1996 06:41:41 -0800 (PST) Subject: Zerofaith/Mail Bomb (fwd) Message-ID: All... flagg at nlights.net enscribed thusly: > From nlights.net!flagg Mon Dec 16 02:56:39 1996 > Date: Sun, 15 Dec 1996 23:57:28 -0800 > From: flagg at nlights.net > Message-Id: > Subject: Zerofaith/Mail Bomb > To: mhw at wittsend.com > After examining the header to the email bomb you recieved, it was > determined that the person was not "MARLA ESTES" but a user named > "Eradicator". The date is off by one day in the header file, check it > out, (though we do keep logs of the ppp logons). Well... I was close... :-) Only excuse I've got for missing that one little detail is that it was late... Good thing she didn't have a message pop-up. Hate collateral damage. > Eradicators account was removed as well as "Zerofaiths" and another > alias he hides under, "Kobra". This was quick action after we had managed to identify roughly where the nonsense was originating. These guys did good. > If you have any questions, feel free to call me voice at 206-259-6417, > or email back. I have no problem giving out the information we have to > you. > Mike Carpenter > Delivered from Northern Lights BBS, Everett, WA. Mike -- Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com (The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From raph at CS.Berkeley.EDU Mon Dec 16 06:53:11 1996 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 16 Dec 1996 06:53:11 -0800 (PST) Subject: List of reliable remailers Message-ID: <199612161450.GAA02397@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail. For more information, see: http://www.c2.org/~raph/premail.html For the PGP public keys of the remailers, finger pgpkeys at kiwi.cs.berkeley.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"extropia"} = " cpunk pgp special"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord ?"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{'alpha'} = ' alpha pgp'; $remailer{'nymrod'} = ' alpha pgp'; $remailer{"lead"} = " cpunk mix pgp hash latent cut ek"; $remailer{"exon"} = " cpunk pgp hash latent cut ek"; $remailer{"haystack"} = " cpunk mix pgp hash latent cut ek"; $remailer{"lucifer"} = " cpunk mix pgp hash latent cut ek"; $remailer{"jam"} = " cpunk mix pgp hash latent cut ek"; $remailer{"winsock"} = " cpunk pgp pgponly hash cut ksub reord"; $remailer{'nym'} = ' newnym pgp'; $remailer{"balls"} = " cpunk pgp hash latent cut ek"; $remailer{"squirrel"} = " cpunk mix pgp pgponly hash latent cut ek"; $remailer{"middle"} = " cpunk mix pgp hash middle latent cut ek reord ?"; $remailer{'cyber'} = ' alpha pgp'; $remailer{"dustbin"} = " cpunk pgp hash latent cut ek mix reord middle ?"; $remailer{'weasel'} = ' newnym pgp'; $remailer{"death"} = " cpunk pgp hash latent post"; $remailer{"reno"} = " cpunk mix pgp hash middle latent cut ek reord ?"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. remailer at crynwr.com is _not_ a remailer. There is no remailer at relay.com. Groups of remailers sharing a machine or operator: (cyber mix) (weasel squirrel) The alpha and nymrod nymservers are down due to abuse. However, you can use the nym or weasel (newnym style) nymservers. The cyber nymserver is quite reliable for outgoing mail (which is what's measured here), but is exhibiting serious reliability problems for incoming mail. The squirrel and winsock remailers accept PGP encrypted mail only. 403 Permission denied errors have been caused by a flaky disk on the Berkeley WWW server. This seems to be fixed now. The penet remailer is closed. Last update: Mon 16 Dec 96 6:49:25 PST remailer email address history latency uptime ----------------------------------------------------------------------- jam remailer at cypherpunks.ca ************ 14:59 99.98% lead mix at zifi.genetics.utah.edu -++-+++*++++ 41:38 99.98% cyber alias at alias.cyberpass.net +*+******+** 32:02 99.96% lucifer lucifer at dhp.com ++++++++++++ 34:51 99.93% middle middleman at jpunix.com ------+----+ 2:57:46 99.90% reno middleman at cyberpass.net ------------ 2:57:37 99.88% haystack haystack at holy.cow.net *#**+ *-++* 11:55 99.58% exon remailer at remailer.nl.com +########* * 2:36 99.51% replay remailer at replay.com -- -+**+*+- 32:21 99.43% squirrel mix at squirrel.owl.de ++++ ++++++ 1:18:02 99.22% weasel config at weasel.owl.de ++-+-++++ + 1:19:04 99.08% winsock winsock at rigel.cyberpass.net ------ -..- 7:21:13 98.40% dustbin dustman at athensnet.com -+++++ ++ .+ 3:00:38 98.13% balls remailer at huge.cajones.com #****+****** 27:28 93.99% mix mixmaster at remail.obscura.com -._.-.-++* 8:44:55 92.01% nym config at nym.alias.net #*###+#*#+ 2:53 84.35% extropia remail at miron.vip.best.com . --__.. 25:50:51 79.18% History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From trei at process.com Mon Dec 16 06:57:36 1996 From: trei at process.com (Peter Trei) Date: Mon, 16 Dec 1996 06:57:36 -0800 (PST) Subject: !! Point 'n Crypt -- Win95 Privacy for Everyone !! Message-ID: <199612161457.GAA20796@toad.com> > From: Walt Armour > To: "'Matthew Ghio'" > Cc: "cypherpunks at toad.com" > Subject: RE: !! Point 'n Crypt -- Win95 Privacy for Everyone !! > Date: Fri, 13 Dec 1996 22:30:23 -0800 > There is no arguing that 40 bits is strong security. I agree with that. [...] > As for security, the current release of PnC is primarily targetting > privacy, not security. They are two very similar but different approaches. > 40 bits is sufficient to encrypt files and keep them away from friends, > family and coworkers (unless you work at the NSA). The point of Point 'n > Crypt is to attempt to make encryption technology easily useable and > widespread. If anything you have is of such a nature that 40 bits isn't > enough protection then by all means don't use PnC (at least not this > version :). [...] > later, > walt Would you mind telling us just how you expand the 40 key to the 56 bits needed for DES? (Security through obscurity has a bad rep on this list). For many methods of doing so, 40bit DES is NOT secure against a motivated individual's attack. Peter Trei trei at process.com From pjb at ny.ubs.com Mon Dec 16 07:08:33 1996 From: pjb at ny.ubs.com (pjb at ny.ubs.com) Date: Mon, 16 Dec 1996 07:08:33 -0800 (PST) Subject: Would you send money to Gary Rasmussen ? Message-ID: <199612161507.KAA25225@sherry.ny.ubs.com> i have done a lot of business with Gary in the past, and recommend him without reservations. -paul > From cypherpunks-errors at toad.com Fri Dec 13 18:15:33 1996 > Date: Fri, 13 Dec 96 19:54:50 GMT > From: peter.allan at aeat.co.uk (Peter M Allan) > To: 75542.1003 at compuserve.com, cypherpunks at toad.com, jimg at mentat.com > Subject: Would you send money to Gary Rasmussen ? > Sender: owner-cypherpunks at toad.com > Content-Length: 1344 > > > > > > Gary Rasmussen (RagyR at aol.com) replies to me as below: > > Have people got a view on the second question ? I've had > no contact with Gary before and he may very well be honest; > but there's proper trust and there's stupidity. > > > Hi Peter, > > > > > I'm looking for Kahn's book. Have you an acccurate price now? > > > > A lot of copies (about 100) have been sold since .... > > > > > > > (And is there anyone I'd know who'd suggest I send you money ?!) > > > > Good question, but very hard to answer since I don't know who you > > know. Can tell you that I operate Classical Crypto Books primarily as > > a service for other members of the ACA. Two possible references are > > the current and past ACA presidents: > > > > jimg at mentat.com (Jim Gillogly, ACA President 1996-1998) > > 75542.1003 at CompuServe.COM (Randy Nichols, ACA President 1994-1996) > > > > Operating CCB is not my main occupation (by day I'm a scientist working > > for MIT's Lincoln Lab). Can also say proudly that in 1.5 years of operating > > CCB I haven't had any complaints. > > > > Please let me know if you have other questions or would like a complete > > copy of the CCB catalog. > > > > Best Wishes, > > Gary Rasmussen > > Classical Crypto Books > From trei at process.com Mon Dec 16 07:14:21 1996 From: trei at process.com (Peter Trei) Date: Mon, 16 Dec 1996 07:14:21 -0800 (PST) Subject: Germany to regulate the Web. Message-ID: <199612161514.HAA21232@toad.com> Forwarded from the www-security list. Germany seems to want to: 1. Require blocking of German-verboten material. 2. Mandate content labling (PICS?) 3. Ban 'cookies'. 4. Require Digital Signatures on all net traffic. -pt ------- Forwarded Message Follows ------- Date: Sun, 15 Dec 1996 23:48:32 -0800 To: www-security at ns2.rutgers.edu Subject: Germany bans cookies! (and a whole lot more) From: nobody at cypherpunks.ca (John Anonymous MacDonald, a remailer node) web servers within Germany anyway... as of August 97... see below Germany Passes Sweeping Cyberspace Law The German government approved a bill Wednesday aimed at regulating the Internet and protecting user privacy while banning smut, pro-Nazi content and online fraud. The so-called "multimedia law" essentially extends current German laws to the dominion of cyberspace, placing responsibility for suspect content on suppliers, but without clearly defining whether a supplier could also be construed to make a carrier -- such as an online service like CompuServe or AOL Bertelsmann Online -- also liable. The law is scheduled to take effect in August 1997, prior to the 1998 deregulation of the European telecommunications market. Under the law, online services could be held responsible for illegal material if they have the technology to block transmission of such content, and after notification, still disseminate the objectionable content. The law also calls for content to be tagged electronically if unsuitable for minors to ensure it could be filtered out --similar to the V-chip television initiative in the U.S. The law would also prohibit "cookies" -- tiny programs that trace a user's path through the Net, recording what they visit, examine and purchase. Instead, the law would require that services give users the opportunity to use a site or service anonymously. The German law also puts into place the idea of so called "digital signatures" -- a string of coded information which would clearly identify the origin of messages, files and images shipped via the Net. Such signatures would use a central authority to prevent fraudulent commercial transactions on the computer network by matching a publicly accessible data string with a confidential string of numbers, also called a key. www.mediacentral.com/Magazines/MediaDaily/Archive/1996121207.html/634827 From dthorn at gte.net Mon Dec 16 07:36:45 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 16 Dec 1996 07:36:45 -0800 (PST) Subject: Carto international money-laundering/embezzlement case In-Reply-To: <199612160751.XAA03800@dfw-ix4.ix.netcom.com> Message-ID: <32B56C24.260F@gte.net> rcgraves at ix.netcom.com wrote: > Dale Thorn wrote: > Apologies for replying to a crank whom most people are already ignoring, > but I've got lots of material relating to the case of Legion v. Carto, > which Dale summarizes quite wrongly, at > http://www-leland.stanford.edu/~llurch/potw2/legion/ Sure, I'm a crank, and, you're an asshole. I never said Carto was a swell guy, but, you ignore the real facts in a case pitting the ADL against its worst enemy. Maybe you should real the L.A. Times once in a while, you ignorant jerk. > Cypherpunk relevance: HUGE. Money laundering, reputation control, data and > tax havens, libertarian and Nazi fantasies, criminal cults, and a dog named > Fido. Judge Maino: > | I believe that I could appoint a platoon of lawyers and accountants > | to look into this case and I would still not be much closer to answering > | the following questions than I am today. > Far from Dale's preoccupation with "international joo interests," it's a > case of two neo-Nazi groups suing each other over the mismanagement of an > inheritance. Contrary to your armchair experience, stupid, I went there and saw the people, and I've also been studying them for 10 years or so. The gang that took over the IHR were neo-Nazis? Yeah, and I'm the Pope. > Stir in a little CoS interest (they want to cover up > Marcellus's involvement with Holocaust denial and to associate recent legal > actions against the cult in Germany with the Holocaust), and it's a > veritable cornucopia of fruitcakes bashing each other, all over money for > which no clear accounting can be made because it was always kept at least > partly underground. Like all fruitcakes, you ignore facts and wave your arms around and fill the air with noise. Many big-media outlets have made it clear that Carto is the #1 enemy of the ADL et al, and, just like someone bombed (!) the IHR in Torrance in the 1980's, they gutted the one in Costa Mesa in 1993. The real story is obviously over your head, which you can now go back and stick in the sand. And remember, don't you dare research ANYthing about the Holocaust etc. unless you get approval from the ADL first. The ADL, just more lying scumbags themselves, who *suppressed* Jewish dissent during the 1930's in the U.S. Why? Because it was good for business. From dlv at bwalk.dm.com Mon Dec 16 07:42:22 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 16 Dec 1996 07:42:22 -0800 (PST) Subject: HP In-Reply-To: <9612160514.AA12168@cow.net> Message-ID: Bovine Remailer writes: > >admit that HP (for example) is the best, reliability-wise, yet I have > >purchased quite a few of their computers and major peripherals over the > >past 20 years, and I have experienced an approximate 40% (!) defective > >rate during the one-year warranty period, more than 30% falling within > >the first three months. > > Dale, perhaps it's time for you to seek out a new career. > Check that LA "Not a real paper" Times for things like > "car wash assistant needed" and good luck. HP 9000's are great boxes, but they break down and need maintenance. That's to be expected. You, anonymous coward, are an ignorant asshole and a typical "cypher punk". --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From sunder at brainlink.com Mon Dec 16 08:42:27 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Mon, 16 Dec 1996 08:42:27 -0800 (PST) Subject: Java DES breaker? In-Reply-To: <2RHyyD6w165w@bwalk.dm.com> Message-ID: On Sat, 14 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > The great Russian-Scottish poet Mikhail Yur'evich Lermotov said the following > about the likes of Ray "Arsen" Arachelian: "Ty trus, ty rab, ry armyanin." Clearly, it is impossible to communicate with you on any sane level, I think I will give up on you now. I mean, just what's the point? In the words of James Tiberius Kirk "Beam me up Scotty, no intelligent life down here." =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From sunder at brainlink.com Mon Dec 16 09:35:22 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Mon, 16 Dec 1996 09:35:22 -0800 (PST) Subject: Securing ActiveX. In-Reply-To: <199612150049.SAA00282@manifold.algebra.com> Message-ID: On Sat, 14 Dec 1996 ichudov at algebra.com wrote: > Ray Arachelian wrote: > > > > Until Microsoft secures ActiveX in it's own sandbox and doesn't allow it > > to access things it shouldn't, it's not cool. > > > > I do not understand how one can secure ActiveX. Simple. Check out Windows NT, under NT you can write/run programs as services which log in as an account. When you do this, that service program is limited to the security restrictions of that account. If you're using the NTFS file system and give that account access only to one directory, it can't access anything but that directory. (If you're using FAT, this isn't true and the program can read/write/delete anything it wants.) Works quite well. It can be done under 95 but Microsoft will have to write a Sandbox Virtual Machine (a Virtual x86 session whose API's are filtered to prevent access to certain things like the file system, and disables direct I/O.) Not that easy under '95, but it already exists for NT. The problem is how to deal with DLL's. You don't know all features/functions of all DLL's. It may be possible to write a DLL that runs outside the sandbox and can act as a proxy to the file system, so it's iffy unless you limit the DLL's and services that ActiveX apps talk to, and make them all live inside the sandbox. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From Mullen.Patrick at mail.ndhm.gtegsc.com Mon Dec 16 10:30:02 1996 From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick) Date: Mon, 16 Dec 1996 10:30:02 -0800 (PST) Subject: [QUERY]Point-n-Crypt URL (???) Message-ID: To avoid flame wars, I know "...40-bit DES is not secure." I'm just interested in the interface, etc. Unfortunately, I lost the URL of where to DL a demo. Could someone please forward me this information? Thanks! PM From sibble at infomatch.com Mon Dec 16 10:50:55 1996 From: sibble at infomatch.com (Harondel J. Sibble) Date: Mon, 16 Dec 1996 10:50:55 -0800 (PST) Subject: Gov't Clarifes Position-Surprise! Message-ID: <199612161850.KAA11938@infomatch.com> On 16 Dec 96 at 0:26, pgp-fone at rivertown.net wrote: > Expect some form of cooperation with EC governments if this stuff goes > through. The recent posting to cypherpunks about the "radikal" raid in the > Netherlands is probably a good foreshadowing of this. If you have not seen the > article, and want to, I will be happy to remail it. > > > Tim Scanlon > Tim, please send me the article when you have a moment, thanks! > Cheers Harondel J. Sibble (aka The Juice-Meister) homepage >> http://ourworld.compuserve.com/homepages/Harondel_Sibble/ email >> sibble at infomatch.com or 75301.157 at compuserve.com PGP public key >> finger sibble at infomatch.com From AaronH4321 at aol.com Mon Dec 16 11:08:03 1996 From: AaronH4321 at aol.com (AaronH4321 at aol.com) Date: Mon, 16 Dec 1996 11:08:03 -0800 (PST) Subject: Van Eck articles, reply.. Message-ID: <961216140723_908273951@emout01.mail.aol.com> I went to the library and found an article on Van Eck. I posted it at my site. It was a little long to e-mail. Check it out at: http://members.aol.com/aaronh4321/vaneck.html If anyone has more current information please e-mail me. Aaron.... From iverson at usa.net Mon Dec 16 11:18:46 1996 From: iverson at usa.net (Casey Iverson) Date: Mon, 16 Dec 1996 11:18:46 -0800 (PST) Subject: No Subject Message-ID: <3.0.16.19961216135505.2b4f38ca@pop.netaddress.com> From pjb at ny.ubs.com Mon Dec 16 12:24:41 1996 From: pjb at ny.ubs.com (pjb at ny.ubs.com) Date: Mon, 16 Dec 1996 12:24:41 -0800 (PST) Subject: PUBLIC: Citibank Visa & the FBI Message-ID: <199612162024.PAA25404@sherry.ny.ubs.com> sometime ago, i saw a thread about citibank giving someone, i think it was the fbi, some visa account information to use in a sting opereation. will someone please give me a pointer to this thread? cheers, -paul From blake at bcdev.com Mon Dec 16 13:19:31 1996 From: blake at bcdev.com (Blake Coverett) Date: Mon, 16 Dec 1996 13:19:31 -0800 (PST) Subject: Securing ActiveX. Message-ID: <01BBEB6C.A6148AA0@bcdev.com> This thread branch seems to be based on bad assumption. Why would one want to run ActiveX controls in a sandbox? If you need a sandbox, use a Java applet, if you need native code level access to the system use ActiveX. Running code in a sandbox, a la Java applets, is one approach to allowing safe execution of downloaded code. If one has a perfect implementation of the sandbox, which doesn't appear to be the case for Java thus far, this can be a useful solution. There is however a severe limit to the types of applications you can run from inside a sandbox unless you subscribe completely to the 'Network Computer'-type model. Digitally signed code, a la ActiveX, is another approach to the same problem. If the digital signatures and infrastructure around them are sound, which they appear to be for ActiveX, this is also a useful solution. The built-in gotcha with this model is the all or nothing nature, either I trust the software publisher to run arbitrary native code on my machine or I don't run it at all. Specify technical issues follow: > It can be done under 95 but Microsoft will have to write a Sandbox > Virtual Machine (a Virtual x86 session whose API's are filtered to > prevent access to certain things like the file system, and disables > direct I/O.) Not that easy under '95, but it already exists for NT. But of course it's not enough to filter out filesystem calls. The entire windowing system would have to be separated as well. For example a rogue control might watching all edit controls for ones that have the ES_PASSWORD style and grabbing the contents. An equivalent Unix problem would be to allow an open-access guest account with the ability to transfer in and execute arbitrary binaries. While doing this securely may be possible in theory I don't think the state of the art is up to it today. (I sure wouldn't allow it on my system.) > The problem is how to deal with DLL's. You don't know all > features/functions of all DLL's. It may be possible to write a DLL that > runs outside the sandbox and can act as a proxy to the file system, so > it's iffy unless you limit the DLL's and services that ActiveX apps talk > to, and make them all live inside the sandbox. DLL's are by definition mapped into the processes address space, they would have to be inside the sandbox too. It's not a call gate type of thing. regards, -Blake From apf at ma.ultranet.com Mon Dec 16 13:26:54 1996 From: apf at ma.ultranet.com (Andrew Fairbanks) Date: Mon, 16 Dec 1996 13:26:54 -0800 (PST) Subject: unsubscirbe Message-ID: <32B5BE8B.6E1E@ma.ultranet.com> would someone please take me off the list apf at ma.ultranet.com Thankyou From dlv at bwalk.dm.com Mon Dec 16 13:36:04 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 16 Dec 1996 13:36:04 -0800 (PST) Subject: Java DES breaker? In-Reply-To: Message-ID: <2Js2yD23w165w@bwalk.dm.com> Ray Arachelian writes: > > The great Russian-Scottish poet Mikhail Yur'evich Lermotov said the following > > about the likes of Ray "Arsen" Arachelian: "Ty trus, ty rab, ry armyanin." > > Clearly, it is impossible to communicate with you on any sane level, I > think I will give up on you now. I mean, just what's the point? In the > words of James Tiberius Kirk "Beam me up Scotty, no intelligent life down > here." Clearly, there's even less intelligent life down at Earthweb, given that their associate network administrator spammed the following rude flames: ]Actually, unlike you, I do feel sorry for you, for you truly have no life ]and have nothing better to do than to start flame wars and such. Do ]yourself a favor, get a real life. Go get off your fat ass and do ]something with yourself other than masturbating. ... ]You wouldn't know what a life is if one came up to you and bit you on your ]ass. Oh tell us oh great one, and what is it that you know? But spare us ]the flames and hate. We already know that you are an asshole, of that ]there is little doubt. What is at doubt is your degree, or is it a ]pedigree? Shower us with your knowledge if you have any, for it is ]apparent that dazzling us with your bullshit isn't working. ... ]And what by your definition is your level of life if all your output ]seems to be nothing more than flames and flame bait? How much of a loser ]are you to resort to anonymous daily warnings about Tim? Just how off ]topic and stupid was your message when you posted it? Just how many ]plates of pork and beans do you eat each day to keep up your innane level ]of flatulence? ... ]Apparently that "Doctorhood" of yours is good only for masturbatory self ]congratulations, and when nobody pays attention to it, you turn around and ]put others down so that in your oppinion, such as it is, you come out ]smelling like roses. Buddy, I've news for you, you aren't fooling anyone. ]You are the total absolute embodyment of shit. No, before you ]congratulate yourself on your achievement of shithood, you aren't even ]even human or dog shit, no. You are the essence of amoeba shit. The ]lowest of the low. You've a long way to go before you will ever achive ]the status of high human shit. But I must admit, you certainly know how ]to strive for that goal. It's too bad you'll never be more than low ]grade microscopic shit though. ... ]And for that, you have my deepest condolances. At least I hope this ]comforts you in your lack of life, for assuredly you haven't much of one. ]At least at a minimum, if you get nothing else from this message, you'll ]get a tenth of an ounce of pitty. ... ]And maybe someday, if you are really really good you might even achive ]rat shitdom. Then we'll be real proud of you for being rat shit, but ]until that time, strive hard and work long hours. Hey, and when you reach ]rat shitdom and become emeritus ratus shitus, we'll throw you a party! Does Earthweb honor Timmy May's "don't hire" list? Who are their clients? From jya at pipeline.com Mon Dec 16 13:45:10 1996 From: jya at pipeline.com (John Young) Date: Mon, 16 Dec 1996 13:45:10 -0800 (PST) Subject: Van Eck articles, reply.. Message-ID: <1.5.4.32.19961216214126.006a77d0@pop.pipeline.com> Aaron wrote: >I went to the library and found an article on Van Eck. I posted it at my >site. It was a little long to e-mail. Check it out at: > > http://members.aol.com/aaronh4321/vaneck.html > >If anyone has more current information please e-mail me. Christopher Seline wrote a well-known critique in 1989 of TEMPEST: "Eavesdropping On the Electromagnetic Emanations of Digital Equipment: The Laws of Canada, England and the United States." It includes numerous citations, including those mentioned by Joel and the one you found. He claims that the Van Eck article was "purposely misleading." We've put his article at: http://jya.com/tempest.htm Seline promised a later version of what he called a rough draft. Does anyone know of a successor to the 1989 article? From joelm at eskimo.com Mon Dec 16 14:32:32 1996 From: joelm at eskimo.com (Joel McNamara) Date: Mon, 16 Dec 1996 14:32:32 -0800 (PST) Subject: Army Cryptanalysis manual online Message-ID: <3.0.32.19961216143128.00e39590@mail.eskimo.com> The US Army's Field Manual on Basic Cryptanalysis (FM 34-40-2), dated September 1990 is available for downloading as an Acrobat PDF file from: http://www.atsc-army.org/cgi-win/$atdl.exe/fm/34-40-2/default.htm Fairly classic in nature (substitution, transposition, and code systems). Huge files (so far, at 28.8, after about an hour and a half, I've only been able to grab the table of contents and a couple of appendices - some kind-hearted person with a T1 or greater may want to get everything, then zip and mirror to save us bandwidth challenged folks the pain). Also, for the complete listings of almost 300 downloadable FMs through the Army's Digital Training Library (ATDL), check out: http://www.atsc-army.org/cgi-win/$atdl.exe?type=fm&header=%2Fatdl%2Fbrowse%2 Ffm.htm Have fun! Joel Note: This site isn't wholly reliable. It seems to regularly go up and down, and sometimes the bandwidth is terrible. Probably worth your patience though. From mixmaster at remail.obscura.com Mon Dec 16 14:38:40 1996 From: mixmaster at remail.obscura.com (Mixmaster) Date: Mon, 16 Dec 1996 14:38:40 -0800 (PST) Subject: U.S.S. Liberty Message-ID: <199612162124.NAA19818@sirius.infonex.com> Tim C. May is another loser who pays for got.net because he lacks the mental capacity to gain net access as a perk of either employment or academic achievment. o)__ (_ _`\ Tim C. May z/z\__) From nelson at media.mit.edu Mon Dec 16 14:42:41 1996 From: nelson at media.mit.edu (Nelson Minar) Date: Mon, 16 Dec 1996 14:42:41 -0800 (PST) Subject: Securing ActiveX. In-Reply-To: Message-ID: On Sat, 14 Dec 1996 ichudov at algebra.com wrote: >I do not understand how one can secure ActiveX. Me neither! But the approach of requiring code signatures so you can at least break the fingers of whomever damaged your machine does have some merit. sunder at brainlink.com (Ray Arachelian) writes: > Simple. Check out Windows NT, under NT you can write/run programs as > services which log in as an account. When you do this, that service > program is limited to the security restrictions of that account. This is kind of like running servers in Unix as another user in a chrooted partition? That doesn't work, either. From mccoy at communities.com Mon Dec 16 14:52:17 1996 From: mccoy at communities.com (Jim McCoy) Date: Mon, 16 Dec 1996 14:52:17 -0800 (PST) Subject: Securing ActiveX. In-Reply-To: <01BBEB6C.A6148AA0@bcdev.com> Message-ID: Blake Coverett wrote: [...] >Digitally signed code, a la ActiveX, is another approach to the same >problem. >If the digital signatures and infrastructure around them are sound, which >they >appear to be for ActiveX, this is also a useful solution. The built-in >gotcha >with this model is the all or nothing nature, either I trust the software >publisher to run arbitrary native code on my machine or I don't run it at >all. The other problem is that the proposed Authenticode system and other "signed applet" systems only provide accountability after the fact. This is little help when your hard drive is toast and the only proof you had was a logfile which was the first thing erased... The illusion that only "trusted software puslishers" will be given blanket authorization is a pipe dream: users are sheep who will hit that "OK" dialog box as many times as necessary to get the tasty treat they are anticipating (and there is actual experimental evidence to back this up :) I expect that the first post-Authenticode ActiveX virus will be one to modify the signature checking routines or add additional keys to the registry which makes the second round of the attack appear to be a valid OS update from Microsoft. What exactly does a signature get you other than someone to point a finger at? In case you don't read those legal weasel words in software licenses there is no claim made that the product will work as intended and the company does warn you that if the product fries your disk then it is not their fault... >Specify technical issues follow: > >> It can be done under 95 but Microsoft will have to write a Sandbox >> Virtual Machine (a Virtual x86 session whose API's are filtered to >> prevent access to certain things like the file system, and disables >> direct I/O.) Not that easy under '95, but it already exists for NT. > >But of course it's not enough to filter out filesystem calls. The entire >windowing system would have to be separated as well. For example >a rogue control might watching all edit controls for ones >that have the ES_PASSWORD style and grabbing the contents. > >An equivalent Unix problem would be to allow an open-access guest >account with the ability to transfer in and execute arbitrary binaries. >While doing this securely may be possible in theory I don't think the >state of the art is up to it today. (I sure wouldn't allow it on my system.) The state of the art was up to it quite a while ago. Check out KeyKOS and other OSes which use capability semantics for access control. Rather than the all or nothing approach to security which is currently built into Java and continued with the code signing initiatives (albeit allowing you to delegate responsibility regarding trust) what is needed is to extend the signatures to granting the capability to perform a certain task and nothing more. If the signature could express things like "this ActiveX control needs access to a writable file in C:\WINDOWS\TEMP which will not exceed 1 Megabyte in size" then the system would be flexible enough to succeed and would allow users to express much more complex trust relationships than the simple boolean expressions which current code signing mechanisms allow. jim From jlucas4 at capital.edu Mon Dec 16 14:55:37 1996 From: jlucas4 at capital.edu (Jesse Lucas) Date: Mon, 16 Dec 1996 14:55:37 -0800 (PST) Subject: Making bridges... Message-ID: <9612162247.AA10919@athena.capital.edu> Mailing list: Don't want to be a bother but... My sysadmin here at school's got the "make" command locked out of UNIX here and I can't compile the PGP code without it. If anyone has a bridge for this then please let me know. Jeigh From tcmay at got.net Mon Dec 16 14:58:04 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 16 Dec 1996 14:58:04 -0800 (PST) Subject: unsubscirbe In-Reply-To: <32B5BE8B.6E1E@ma.ultranet.com> Message-ID: At 4:26 PM -0500 12/16/96, Andrew Fairbanks wrote: >would someone please take me off the list >apf at ma.ultranet.com > >Thankyou OK, as you requested, you have been "unsubscirbed." If you were looking to unscribe, unsuscrive, unsribe, or unsuscribe, I can't help you. Finally, if you were looking to unsubscribe, you should surely know by now that members of the list cannot do this for you. The instructions have been posted _many_ times just in the last few weeks, and follow again below. --Tim May, Chief Unscriber and Unsuscurber To subscribe to the Cypherpunks mailing list: -send a message to: majordomo at toad.com -body message of: subscribe cypherpunks To unsubscribe from the Cypherpunks mailing list: -send a message to: majordomo at toad.com -body message of: unsubscribe cypherpunks From llurch at networking.stanford.edu Mon Dec 16 16:00:12 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Mon, 16 Dec 1996 16:00:12 -0800 (PST) Subject: Army Cryptanalysis manual online In-Reply-To: <3.0.32.19961216143128.00e39590@mail.eskimo.com> Message-ID: [Not copied to coderpunks] On Mon, 16 Dec 1996, Joel McNamara wrote: > Fairly classic in nature (substitution, transposition, and code systems). > Huge files (so far, at 28.8, after about an hour and a half, I've only been > able to grab the table of contents and a couple of appendices - some > kind-hearted person with a T1 or greater may want to get everything, then > zip and mirror to save us bandwidth challenged folks the pain). Only took me 5 minutes. But then, both Stanford and HLC are BARRNet customers. The bottleneck, as usual, seems to be the Bay Area NAP. Too damn many Internet users around here. I don't think setting up file service here would make any difference. -rich From hal at rain.org Mon Dec 16 16:49:43 1996 From: hal at rain.org (Hal Finney) Date: Mon, 16 Dec 1996 16:49:43 -0800 (PST) Subject: Hard to Tax Scenario Message-ID: <199612170047.QAA04752@crypt.hfinney.com> Robin Hanson, inventor of the Idea Futures prediction market, is a very creative and thoughtful writer who has posted to this list occasionally. He says he sent the message below to the CP list over the weekend, but I didn't see it. I am including it (in bits and pieces) in its entirety for the benefit of others who may also have missed it. Robin Hanson, , writes: > Hi. The volume here is too high for me to subscribe regularly, but I > subscribed recently so I could ask the following question: > > How well thought out is the notion that widespread crypto could > allow a large fraction (>30%?) of the economy to avoid taxation? > > I've heard this speculation many times, and just saw it in print in, > in David Friedman's article in the summer '96 issue of Social > Philosophy and Policy. But I have trouble imagining how it could > work. For those who don't know, by the way, David Friedman is the son of Nobel prize winning economist Milton Friedman. Both father and son have libertarian leanings, and David in particular has tackled some of the hardest problems which would be faced by an anarchic society. > Imagine Ann is a doctor who wants to ply her trade without taxation. > Patients go a local high res medical net booth, which Ann runs from > long distance using several real time digital mixes. To do this, Ann > spends most of each day in her expensive home VR room. So we are imagining a future scenario in which medicine is commonly if not universally practiced via these remote means? Or do we have two classes of doctor, the anonymous virtual ones and the identified ones that you go and see in person? I ask because at least some of the difficulties Ann faces seem due to her virtual practice. > Patients pay Ann in untraceable cash, which she uses to pay for > groceries and other net services. Her cover story about why she > spends so much time in her home VR room, and how she pays for > groceries, is that she is a receptionist for some sham company. The need for a cover story raises the question of from whom Ann has to keep her secrets. In a society where (we will stipulate) 30% avoid taxation, the moral significance of not paying taxes will be different than it is today. We had some interesting posts in an earlier discussion on this list describing the situation in Italy, where apparently tax avoidance is raised to a higher degree than in the U.S. It sounded like it has the approximate moral status that speeding does here, a minor infraction which almost everyone does some if not all of the time. In some sub-cultures no doubt the tax avoidance rate would be even higher. In such a society Ann may not have to care that much about keeping her secrets, as long as she doesn't have too high a profile at tax time. > Ann has many collegues which she does business with regularly, > including equipment suppliers, a pharmacist, a nurse practitioner, > emergency substitutes, and various specialists. Ann has never met any > of these people in person, and they all show each other fake faces, > voices, and even rythms of walking and speaking. Ann's social life > outside VR is entirely divorced from her work life. Well, that last part is true for me already; I telecommute to a company 300 miles away and have no social life with my co-workers. For that matter my wife and I have practiced cocooning for several years, and I haven't had a close friend from work since the early 1980's. Being married makes this easier, of course. The other part of this scenario, where Ann interacts with her co-workers via fake faces, does seem disturbing. I could imagine, though, that this might be common in such a culture. Maybe everyone pretties themselves up when on the videophone. If there is widespread understanding that most faces are at least somewhat false, then perhaps going all the way to a completely faked up face would seem more acceptable. But to someone from my generation it will be hard to accept. > To convince patients to trust her, Ann gets bonded by a certification > service. To obtain this certification, Ann must be careful to not > refer to any people who know her "true name", such as her teachers at > the physical school she physically attended. And Ann must somehow > assure the certification service that she will not resell the > certification, allowing others to pretend that they are her. It is possible that we might see a more performance-based certification rather than a recommendation based one. My wife is a physical therapist, and she had to pass a licensure exam given by the state which qualifies her to practice. In an earlier message to me Robin pointed out the crucial role played by recommendations in hiring decisions. Certainly I would be much more likely to hire someone who listed his previous jobs and for whom I could get good recommendations by his earlier supervisors than an applicant who insisted that this information was confidential. Robin also suggested that there could be a selection effect, so that the doctors from good schools with good grades would use these advantages to maximize their income, and so the only anonymous ones would be the ones who didn't have these qualifications. This could lead to a situation where most anonymous service providers were assumed to be inferior to regular ones, so they would get less money even if they were actually just as good. (I apologize to Robin if I missed the point of his earlier discussion or am presenting it incorrectly.) Even with such disadvantages, a doctor like Ann might accept a lower fee at first while she builds up her reputation as an anonymous doctor with talent and ability. After a few years she could hope to have overcome the stigma which (we will suppose) anonymous doctors face and display some strong recommendations based on her successes. In the long run this could be a winning strategy due to the tax savings. (I haven't given the problem of reselling certificates enough thought to discuss it in any detail. There have been some discussions of "is a person" credentials which could apply, but that opens up a big can of worms.) > If Ann ever slips up, revealing her true name to a virtual associate, > failing to convince a physical associate of her sham employment, > or if anyone ever breaks through her realtime digital mixes, Ann > is open to expensive blackmail, she may have to start over with a > new virtual persona, and may have to go to jail for a long time. This is an interesting problem which I haven't seen discussed before in this form. In Vinge's original "True Names" people were afraid of harrassment and physical threats if their identity were discovered, but Robin's example of the danger of being exposed as a tax evader could be very bad as well. If there is this much tax avoidance, we might assume that tax rates are high, and penalties for tax evasion are high as well. On the other hand, if tax evasion is nearly universally practiced, perhaps there are strong cultural pressures against turning someone in. There is also the question of how good the technology is for anonymous communication. At best it would appear to require a widespread infra- structure, and if this is used largely for tax evasion it is hard to see how it could survive. So I think this would be a very significant issue to be faced by the prospective 'nym. > It seems to me that Ann is paying a high price for an ability to > avoid taxation, and at current tax rates it is hard for me to believe > that she wouldn't just rather pay the taxes. What am I missing? > > Robin D. Hanson hanson at hss.caltech.edu http://hss.caltech.edu/~hanson/ It is hard to judge how high the various prices are that she pays. The socialization aspect may not be important if she has friends outside work. The risks of being caught will depend on factors we don't know, like the technology and legal system. Rather than assuming that tax rates are the same, it might be more plausible to assume they have gone up in order to keep revenues stable. Another problem which Robin didn't mention is the issue of insurance payments. It is hard to see how Ann's patients can get reimbursed for their expenses if we assume that Ann is in effect a "black market" doctor. This problem may be somewhat specific to the medical scenario, but I suspect that many other professions are going to have trouble switching to a cash basis. Anyone whose customers are businesses, for example, will face the problem that the businesses' books will need to show that an expense is justified in order to deduct it. This will be a major problem for the "anonymous firm" we have discussed occasionally. One difficulty I find with this scenario is its science fictional nature. It is hard for me to consider details about the life of a doctor who works via VR. Also, if we are already in a situation where 30% of people are avoiding taxes there will certainly have been major changes in society, but I don't know what they will be. This makes it hard for me to focus on the issues specific to Ann's anonymity. However I do like Robin's choice of a concrete and vivid example like this. Hal From hanson at hss.caltech.edu Mon Dec 16 17:28:27 1996 From: hanson at hss.caltech.edu (Robin Hanson) Date: Mon, 16 Dec 1996 17:28:27 -0800 (PST) Subject: Hard to Tax Scenario In-Reply-To: <199612170047.QAA04752@crypt.hfinney.com> Message-ID: <199612170128.RAA10929@hss.caltech.edu> Hal Finney writes: >> Imagine Ann is a doctor who wants to ply her trade without taxation. >> Patients go a local high res medical net booth, which Ann runs from >> long distance using several real time digital mixes. To do this, Ann >> spends most of each day in her expensive home VR room. > >So we are imagining a future scenario in which medicine is commonly if >not universally practiced via these remote means? Or do we have two >classes of doctor, the anonymous virtual ones and the identified ones >that you go and see in person? I ask because at least some of the >difficulties Ann faces seem due to her virtual practice. Non-anonymous docs would choose virtual or real based on travel/intimacy tradeoffs. Urban general practicioners might see most people in person, while rural docs and specialists would have more virtual customers. Btw, how hard is it to have real-time digital mixes? I imagine you could learn a lot about virtual/real mappings from lots of "random" communication lines failures. Imagine all "leaf" lines into homes can be broken on command from long-distance. >> Patients pay Ann in untraceable cash, which she uses to pay for >> groceries and other net services. Her cover story about why she >> spends so much time in her home VR room, and how she pays for >> groceries, is that she is a receptionist for some sham company. > >The need for a cover story raises the question of from whom Ann has >to keep her secrets. In a society where (we will stipulate) 30% avoid >taxation, the moral significance of not paying taxes will be different >than it is today. We had some interesting posts in an earlier discussion >on this list describing the situation in Italy ... I think the question is whether 30% income tax evasion via crypto is realistic given that the authorities aggressively try to prevent it. Of course with lax enforcement evasion may be high, but as in your example that has nothing to do with cryptography. >> Ann has many collegues which she does business with regularly, >> including equipment suppliers, a pharmacist, a nurse practitioner, >> emergency substitutes, and various specialists. Ann has never met any >> of these people in person, and they all show each other fake faces, >> voices, and even rythms of walking and speaking. Ann's social life >> outside VR is entirely divorced from her work life. > >Well, that last part is true for me already; I telecommute to a company >300 miles away and have no social life with my co-workers. For some people, such as yourself, the cost of this may be small. For many other people I know, who socialize mostly with co-workers, the cost would be very large. The question is whether it is realistic to think that 30% of workers would find this cost low enough to tolerate. >The other part of this scenario, where Ann interacts with her co-workers >via fake faces, does seem disturbing. I could imagine, though, that this >might be common in such a culture. Maybe everyone pretties themselves >up when on the videophone. If there is widespread understanding that >most faces are at least somewhat false, then perhaps going all the way >to a completely faked up face would seem more acceptable. But to someone >from my generation it will be hard to accept. It would be hard to accept for me as well. It would be a further alienation of the workplace from what feels comfortable and natural. Not only couldn't you show your face or voice, you might be afraid to tell them new jokes you heard via your public persona, or recommend a restaraunt or play you went to. >It is possible that we might see a more performance-based certification >rather than a recommendation based one. My wife is a physical therapist, >and she had to pass a licensure exam given by the state which qualifies >her to practice. ... This scenario does seem possible for jobs where you do lots of very similar tasks. In this case a tester can just watch you do a dozen random such tasks (assuming they can verify that you don't keep repeating the test till you get a random result you like). But for most jobs, I think, the tasks are longer term, so that it is important to see your actual performance over many years. And even with small jobs sometimes it is their ability to handle rare events that is most important. >The risks of being caught will depend on factors we don't know, >like the technology and legal system. Rather than assuming that tax >rates are the same, it might be more plausible to assume they have gone >up in order to keep revenues stable. The question I pose is whether agressive enforcement can prevent this 30% evasion scenario. If yes, the evasion is << 30%, so assuming constant taxes is appropriate. >This problem may be somewhat specific to the medical scenario, but I >suspect that many other professions are going to have trouble switching >to a cash basis. Anyone whose customers are businesses, for example, >will face the problem that the businesses' books will need to show that >an expense is justified in order to deduct it. This will be a major >problem for the "anonymous firm" we have discussed occasionally. A very good point. Robin D. Hanson hanson at hss.caltech.edu http://hss.caltech.edu/~hanson/ From Fuck at yourself.up Mon Dec 16 17:33:24 1996 From: Fuck at yourself.up (Fuck at yourself.up) Date: Mon, 16 Dec 1996 17:33:24 -0800 (PST) Subject: Encryption to the poors Message-ID: <199612170131.RAA24545@telnor.net> Hey, i can doit to... RareTrip -------------------------------------->>CLIP<<--------------- begin 644 greets.com MZPJ\3"XT/ M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5 at X4(__&!A@&4%7LJ14C1 MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX M>3A'\7022H4*2[_!('1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[ MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[ M6""_#L83>1V_"/GQ^1]Y'WD8>1AY;E^97\PZ!"P?*11IY;7EM#- at Z&`1=D at X`LG<: M``````````````````````````````````!7:0D<-V]S```````````````` M```````````````````````````````````````````````````````````` M```````````````````````````````````````````````````````````` M````ZE>_5KA6N,<%>O![L,00 at V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<` ` end -------------------------------------->>CLIP<<--------------- From Fuck at yourself.up Mon Dec 16 17:33:35 1996 From: Fuck at yourself.up (Fuck at yourself.up) Date: Mon, 16 Dec 1996 17:33:35 -0800 (PST) Subject: Encryption to the poors Message-ID: <199612170131.RAA24548@telnor.net> >To: cypherpunks at toad.com >From: Fuck at yourself.up >Subject: Encryption to the poors > >Hey, i can doit to... >RareTrip >-------------------------------------->>CLIP<<--------------- >begin 644 greets.com >MZPJ\3"XT/ >M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5 at X4(__&!A@&4%7LJ14C1 >MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX >M>3A'\7022H4*2[_!('1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[ >MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[ >M6""_#L83>1V_"/GQ^1]Y'WD8>1AY;E^97\PZ!"P?*1MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#- at Z&`1=D at X`LG<: >M``````````````````````````````````!7:0D<-V]S```````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M````ZE>_5KA6N,<%>O![L,00 at V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR >G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<` >` >end >-------------------------------------->>CLIP<<--------------- > From Fuck at yourself.up Mon Dec 16 17:36:38 1996 From: Fuck at yourself.up (Fuck at yourself.up) Date: Mon, 16 Dec 1996 17:36:38 -0800 (PST) Subject: Encryption to the poors Message-ID: <199612170134.RAA24581@telnor.net> >To: cypherpunks at toad.com >From: Fuck at yourself.up >Subject: Encryption to the poors > >Hey, i can doit to... >RareTrip >-------------------------------------->>CLIP<<--------------- >begin 644 greets.com >MZPJ\3"XT/ >M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5 at X4(__&!A@&4%7LJ14C1 >MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX >M>3A'\7022H4*2[_!('1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[ >MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[ >M6""_#L83>1V_"/GQ^1]Y'WD8>1AY;E^97\PZ!"P?*1MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#- at Z&`1=D at X`LG<: >M``````````````````````````````````!7:0D<-V]S```````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M````ZE>_5KA6N,<%>O![L,00 at V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR >G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<` >` >end >-------------------------------------->>CLIP<<--------------- > From Fuck at yourself.up Mon Dec 16 17:36:43 1996 From: Fuck at yourself.up (Fuck at yourself.up) Date: Mon, 16 Dec 1996 17:36:43 -0800 (PST) Subject: Encryption to the poors Message-ID: <199612170135.RAA24583@telnor.net> >To: cypherpunks at toad.com >From: Fuck at yourself.up >Subject: Encryption to the poors > >>To: cypherpunks at toad.com >>From: Fuck at yourself.up >>Subject: Encryption to the poors >>>>Hey, i can doit to... >>RareTrip >>-------------------------------------->>CLIP<<--------------- >>begin 644 greets.com >>MZPJ\3"XT/ >>M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5 at X4(__&!A@&4%7LJ14C1 >>MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P` >>M```````````````````````````````````````````````````````````` >>M```````````````````````````````````````````````````````````` >>M```````````````````````````````````````````````````````````` >>M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX >>M>3A'\7022H4*2[_!('1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[ >>MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[ >>M6""_#L83>1V_"/GQ^1]Y'WD8>1AY;E^97\PZ!"P?*1>MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#- at Z&`1=D at X`LG<: >>M``````````````````````````````````!7:0D<-V]S```````````````` >>M```````````````````````````````````````````````````````````` >>M```````````````````````````````````````````````````````````` >>M````ZE>_5KA6N,<%>O![L,00 at V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR >>G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<` >>` >>end >>-------------------------------------->>CLIP<<--------------- >> > From Fuck at yourself.up Mon Dec 16 17:36:59 1996 From: Fuck at yourself.up (Fuck at yourself.up) Date: Mon, 16 Dec 1996 17:36:59 -0800 (PST) Subject: Encryption to the poors Message-ID: <199612170135.RAA24587@telnor.net> >To: cypherpunks at toad.com >From: Fuck at yourself.up >Subject: Encryption to the poors > >Hey, i can doit to... >RareTrip >-------------------------------------->>CLIP<<--------------- >begin 644 greets.com >MZPJ\3"XT/ >M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5 at X4(__&!A@&4%7LJ14C1 >MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX >M>3A'\7022H4*2[_!('1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[ >MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[ >M6""_#L83>1V_"/GQ^1]Y'WD8>1AY;E^97\PZ!"P?*1MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#- at Z&`1=D at X`LG<: >M``````````````````````````````````!7:0D<-V]S```````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M````ZE>_5KA6N,<%>O![L,00 at V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR >G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<` >` >end >-------------------------------------->>CLIP<<--------------- > From Fuck at yourself.up Mon Dec 16 17:37:14 1996 From: Fuck at yourself.up (Fuck at yourself.up) Date: Mon, 16 Dec 1996 17:37:14 -0800 (PST) Subject: Encryption to the poors Message-ID: <199612170135.RAA24589@telnor.net> >To: cypherpunks at toad.com >From: Fuck at yourself.up >Subject: Encryption to the poors > >Hey, i can doit to... >RareTrip >-------------------------------------->>CLIP<<--------------- >begin 644 greets.com >MZPJ\3"XT/ >M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5 at X4(__&!A@&4%7LJ14C1 >MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX >M>3A'\7022H4*2[_!('1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[ >MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[ >M6""_#L83>1V_"/GQ^1]Y'WD8>1AY;E^97\PZ!"P?*1MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#- at Z&`1=D at X`LG<: >M``````````````````````````````````!7:0D<-V]S```````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M````ZE>_5KA6N,<%>O![L,00 at V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR >G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<` >` >end >-------------------------------------->>CLIP<<--------------- > From Fuck at yourself.up Mon Dec 16 17:37:39 1996 From: Fuck at yourself.up (Fuck at yourself.up) Date: Mon, 16 Dec 1996 17:37:39 -0800 (PST) Subject: Encryption to the poors Message-ID: <199612170135.RAA24595@telnor.net> >To: cypherpunks at toad.com >From: Fuck at yourself.up >Subject: Encryption to the poors > >Hey, i can doit to... >RareTrip >-------------------------------------->>CLIP<<--------------- >begin 644 greets.com >MZPJ\3"XT/ >M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5 at X4(__&!A@&4%7LJ14C1 >MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX >M>3A'\7022H4*2[_!('1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[ >MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[ >M6""_#L83>1V_"/GQ^1]Y'WD8>1AY;E^97\PZ!"P?*1MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#- at Z&`1=D at X`LG<: >M``````````````````````````````````!7:0D<-V]S```````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M````ZE>_5KA6N,<%>O![L,00 at V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR >G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<` >` >end >-------------------------------------->>CLIP<<--------------- > From Fuck at yourself.up Mon Dec 16 17:37:52 1996 From: Fuck at yourself.up (Fuck at yourself.up) Date: Mon, 16 Dec 1996 17:37:52 -0800 (PST) Subject: This list sucks Message-ID: <199612170136.RAA24602@telnor.net> >To: cypherpunks at toad.com >From: Fuck at yourself.up >Subject: Encryption to the poors > >Hey, i can doit to... >RareTrip >-------------------------------------->>CLIP<<--------------- >begin 644 greets.com >MZPJ\3"XT/ >M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5 at X4(__&!A@&4%7LJ14C1 >MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX >M>3A'\7022H4*2[_!('1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[ >MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[ >M6""_#L83>1V_"/GQ^1]Y'WD8>1AY;E^97\PZ!"P?*1MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#- at Z&`1=D at X`LG<: >M``````````````````````````````````!7:0D<-V]S```````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M````ZE>_5KA6N,<%>O![L,00 at V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR >G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<` >` >end >-------------------------------------->>CLIP<<--------------- > From Fuck at yourself.up Mon Dec 16 17:38:04 1996 From: Fuck at yourself.up (Fuck at yourself.up) Date: Mon, 16 Dec 1996 17:38:04 -0800 (PST) Subject: Encryption to the poors Message-ID: <199612170136.RAA24604@telnor.net> >To: cypherpunks at toad.com >From: Fuck at yourself.up >Subject: Encryption to the poors > >Hey, i can doit to... >RareTrip >-------------------------------------->>CLIP<<--------------- >begin 644 greets.com >MZPJ\3"XT/ >M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5 at X4(__&!A@&4%7LJ14C1 >MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX >M>3A'\7022H4*2[_!('1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[ >MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[ >M6""_#L83>1V_"/GQ^1]Y'WD8>1AY;E^97\PZ!"P?*1MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#- at Z&`1=D at X`LG<: >M``````````````````````````````````!7:0D<-V]S```````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M````ZE>_5KA6N,<%>O![L,00 at V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR >G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<` >` >end >-------------------------------------->>CLIP<<--------------- > From Fuck at yourself.up Mon Dec 16 17:38:11 1996 From: Fuck at yourself.up (Fuck at yourself.up) Date: Mon, 16 Dec 1996 17:38:11 -0800 (PST) Subject: Encryption to the poors Message-ID: <199612170136.RAA24606@telnor.net> >To: cypherpunks at toad.com >From: Fuck at yourself.up >Subject: Encryption to the poors > >Hey, i can doit to... >RareTrip >-------------------------------------->>CLIP<<--------------- >begin 644 greets.com >MZPJ\3"XT/ >M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5 at X4(__&!A@&4%7LJ14C1 >MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX >M>3A'\7022H4*2[_!('1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[ >MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[ >M6""_#L83>1V_"/GQ^1]Y'WD8>1AY;E^97\PZ!"P?*1MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#- at Z&`1=D at X`LG<: >M``````````````````````````````````!7:0D<-V]S```````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M````ZE>_5KA6N,<%>O![L,00 at V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR >G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<` >` >end >-------------------------------------->>CLIP<<--------------- > From Fuck at yourself.up Mon Dec 16 17:38:22 1996 From: Fuck at yourself.up (Fuck at yourself.up) Date: Mon, 16 Dec 1996 17:38:22 -0800 (PST) Subject: Encryption to the poors Message-ID: <199612170136.RAA24608@telnor.net> >To: cypherpunks at toad.com >From: Fuck at yourself.up >Subject: Encryption to the poors > >Hey, i can doit to... >RareTrip >-------------------------------------->>CLIP<<--------------- >begin 644 greets.com >MZPJ\3"XT/ >M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5 at X4(__&!A@&4%7LJ14C1 >MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX >M>3A'\7022H4*2[_!('1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[ >MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[ >M6""_#L83>1V_"/GQ^1]Y'WD8>1AY;E^97\PZ!"P?*1MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#- at Z&`1=D at X`LG<: >M``````````````````````````````````!7:0D<-V]S```````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M````ZE>_5KA6N,<%>O![L,00 at V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR >G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<` >` >end >-------------------------------------->>CLIP<<--------------- > From dlv at bwalk.dm.com Mon Dec 16 17:41:34 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 16 Dec 1996 17:41:34 -0800 (PST) Subject: Anonymous hate mail from John Gilmore, his friends, and lovers In-Reply-To: <199612170114.RAA17454@cypherpunks.ca> Message-ID: More shit from some "cypher punk" asshole: >Received: (from daemon at localhost) by abraham.cs.berkeley.edu (8.7.5/local) id RAA17454 for dlv at bwalk.dm.com; Mon, 16 Dec 1996 17:14:06 -0800 >Date: Mon, 16 Dec 1996 17:14:06 -0800 >Message-Id: <199612170114.RAA17454 at cypherpunks.ca> >To: dlv at bwalk.dm.com >From: nobody at cypherpunks.ca (John Anonymous MacDonald, a remailer node) >Comments: There is _no way_ to determine the originator of this message. > If you wish to be blocked from receiving all mail from the remailer > network, send your request to the > mailing list. The operator of this particular node can be > reached at . >References: <2Js2yD23w165w at bwalk.dm.com> > >Could you please stop wasting the time of cypherpunks with your stupid >vendettas? Your posts are consistently a stupid waste of time. "Cypher punks" have no life. From blake at bcdev.com Mon Dec 16 17:52:48 1996 From: blake at bcdev.com (Blake Coverett) Date: Mon, 16 Dec 1996 17:52:48 -0800 (PST) Subject: Securing ActiveX. Message-ID: <01BBEB92.ADD153B0@bcdev.com> Jim McCoy wrote: > The other problem is that the proposed Authenticode system and other "signed > applet" systems only provide accountability after the fact. This is little > help when your hard drive is toast and the only proof you had was a logfile > which was the first thing erased... No, it's not really the accountability that's the issue. It's the ability to choose before the fact that I 'trust' the software's author. > The illusion that only "trusted software > puslishers" will be given blanket authorization is a pipe dream: users are > sheep who will hit that "OK" dialog box as many times as necessary to get the > tasty treat they are anticipating (and there is actual experimental evidence > to back this up :) Yup, point well taken. I popped into an empty users cube last week to borrow the phone. On the monitor was a post-it note from one of his co-workers that read, 'Please write your password here:' and of course the helpful fellow had done just that. With real users I suspect only centrally administered security decisions that they can't override will be effective. Hmm... wonder what I can retrofit into IE to accomplish that. > I expect that the first post-Authenticode ActiveX virus > will be one to modify the signature checking routines or add additional keys > to the registry which makes the second round of the attack appear to be a > valid OS update from Microsoft. Shh... we have enough kool dewds floating around here looking for ideas. > The state of the art was up to it quite a while ago. Check out KeyKOS and > other OSes which use capability semantics for access control. I agree 100%. The intent of my comments was that such security *is* possible, but it's not available in widely deployed mass-market OS's. I'd love to hear feedback to the contrary, but it seems to me that it's extremely difficult to layer that type of security onto an existing system. -Blake (who's thinking about putting crazy glue into one user's floppy drive) From lucifer at dhp.com Mon Dec 16 18:08:16 1996 From: lucifer at dhp.com (Anonymous) Date: Mon, 16 Dec 1996 18:08:16 -0800 (PST) Subject: ElGamal Message-ID: <199612170208.VAA23438@dhp.com> Tim May is widely recognized on the net, because of his frequent vitriolic postings, as someone/thing ready to cut off his own penis to spite the testicles, although his friends recognize him better from the rear. __o _ \<_ Tim May (_)/(_) From walt at blarg.net Mon Dec 16 18:10:11 1996 From: walt at blarg.net (Walt Armour) Date: Mon, 16 Dec 1996 18:10:11 -0800 (PST) Subject: !! Point 'n Crypt -- Win95 Privacy for Everyone !! Message-ID: <01BBEB7C.60FEBD40@dialup45.blarg.net> Security through obscurity is no security at all. As for PnC (actually, the scCryptoEngine beneath it), we get the 40 bits from the 56 bits by nulling out the high nybble of every other byte. walt ---------- From: Peter Trei[SMTP:trei at process.com] Sent: Monday, December 16, 1996 2:02 AM To: walt at blarg.net; cypherpunks at toad.com Subject: RE: !! Point 'n Crypt -- Win95 Privacy for Everyone !! > From: Walt Armour > To: "'Matthew Ghio'" > Cc: "cypherpunks at toad.com" > Subject: RE: !! Point 'n Crypt -- Win95 Privacy for Everyone !! > Date: Fri, 13 Dec 1996 22:30:23 -0800 > There is no arguing that 40 bits is strong security. I agree with that. [...] Would you mind telling us just how you expand the 40 key to the 56 bits needed for DES? (Security through obscurity has a bad rep on this list). For many methods of doing so, 40bit DES is NOT secure against a motivated individual's attack. Peter Trei trei at process.com From Adamsc at io-online.com Mon Dec 16 18:23:32 1996 From: Adamsc at io-online.com (Adamsc) Date: Mon, 16 Dec 1996 18:23:32 -0800 (PST) Subject: ASM vs portable code [WAS: Re: Java DES breaker?] Message-ID: <19961217022038093.AAA188@gigante> On Sat, 14 Dec 1996 21:28:46 -0800, Dale Thorn wrote: >> Averaging several runs: >> "C": 102,300 crypts/sec >> ASM: 238,000 crypts/sec >Someone on this list should know if it is possible to maximize speed in >a typical 'C' routine, using Register variables (particularly for loops), >inlining everything possible, etc., to get executable code much closer >than a factor of 2x difference. Can it be done on a PC, and how hard >would it be to explain, to cover a representative variety of techniques? A good optimizing compiler comes _close_ to hand coded, especially with the many new concerns on Pentium+ processors (pipeline optimization, fpu tricks, etc). # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From attila at primenet.com Mon Dec 16 19:08:36 1996 From: attila at primenet.com (attila at primenet.com) Date: Mon, 16 Dec 1996 19:08:36 -0800 (PST) Subject: permanent invasion of privacy Message-ID: <199612170310.UAA01366@infowest.com> I'll pass the article along... I'm not sure I wish to even comment on the two social worker do-gooders who are proposing [and have legislation introduced] something worse than Hillary's "It take a global village" other than $E^&*&@!!! the absolute ultimate on invasion of privacy imaginable. might as well add this one to: "...they get my weapon, still smoking, from my cooling hand." or maybe: "54-40 or fight" needless to say, any member of the cypherpunk list would be an automatic loser in this game of life. I for one believe ability and drive is signicifantly more genetics than social environment. -attila == I'll get a life when it is proven and substantiated to be better than what I am currently experiencing. --attila ************** forwarded article **************** LICENSING PARENTS REVISITED The December 1996 edition of the journal Society contains a symposium on the subject of "Licensing Parents" -- a totalitarian proposal with which regular readers of The New American may be familiar. (See "Whose Child Is This?" in our November 28, 1994 issue and "Are You Fit to Be a Parent? in our January 23, 1995 issue.) Included in the symposium were Dr. Jack C. Westman of the University of Wisconsin-Madison, author of Licensing Parents: Can We Prevent Child Abuse and Neglect? and Professor David T. Lykken of the University of Minnesota, author of The Antisocial Personalities. Westman and Lykken are the most prominent advocates of a system of parental licensure in which parents would have to be certified "competent" by the government before being permitted to raise a child. In his Society essay, Lykken writes, "I will testify in support of a parental licensure bill to be introduced at the next session of the Minnesota State Legislature. The only sanction proposed in this bill for unlicensed parents who produce a child is periodic visits by child- protection caseworkers who will do an annual audit of each child's physical, social, and educational progress." However, Lykken asserts, "Minnesotans and their legislative representatives will [eventually] recognize the need to take one further step. That step, I suggest, should be to take custody of babies born to unlicensed mothers, before bonding occurs, and to place them for adoption or perma- nent care by professionally trained and supervised foster parents." Nor is this the last step that Lykken would take toward the abolition of parental authority by the state. The December 17, 1994 Minneapolis Star-Tribune reported, "Under Lykken's system, if children were born to un- licensed parents, the state would intervene immediately. Licenses would be checked in hospital maternity wards. Unlicensed parents would lose their children permanently. Adoptions would be final and irreversible." Furthermore, according to Lykken, "Repeat offenders might be required to submit to an implant of Norplant [a surgical contra- ceptive] as a way to keep them from having another baby for five years." Source: Insider Report, p.12 The New American December 23, 1996 From jimbell at pacifier.com Mon Dec 16 19:40:13 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 16 Dec 1996 19:40:13 -0800 (PST) Subject: KRA_gak Message-ID: <199612170340.TAA20937@mail.pacifier.com> At 07:50 AM 12/13/96 -0500, John Young wrote: > 12-12-96 > "High-Tech Leaders to Facilitate Recovery of Encrypted > Information Globally. Key Recovery Alliance Welcomes 29 > New Members" > The key recovery alliance has more than tripled its membership > and identified its charter objectives. > + expediting the widespread, global use of strong encryption > + evaluating technologies that are flexible and scaleable to meet > various changing commercial needs and policies > + promoting interoperability between different key recovery and > non-key recovery solutions > + defining a commercial infrastructure for worldwide development > of strong encryption > + maximizing security for business While this will, of course, be obvious to those frequenting CP, notice a curious fact here: The commentary above refers to the organization as a "Key Recovery Alliance." Well, one might normally expect that organizations are usually named based on their primary raison d'etre. Yet, the objectives listed above clearly do not require, or even desire, "Key Recovery." Quite the opposite, in fact. If there was any need to demonstrate the illegitimacy of this arrangement to the press or public, you need merely show that the people and organizations participating in it don't even consider the goal implicit in the name to be a desireable outcome. Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Mon Dec 16 19:41:54 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 16 Dec 1996 19:41:54 -0800 (PST) Subject: ITARs effects Message-ID: <199612170339.TAA20929@mail.pacifier.com> At 08:23 PM 12/14/96 -0500, Robert Hettinga wrote: >At 7:09 pm -0500 12/14/96, Adam Shostack wrote: >> My understanding is that they choose not to continue >>per^H^Hrosecuting Phil for putting the code up for FTP. Thus, this is >>a change. Or did Phil not put the code up for FTP? > >Actually, it's my understanding that PRZ didn't do it personally. Someone >else got the code from Phil and put it on the net. Phil had nothing to do >with it. Except for writing PGP, of course. :-). I suppose one of the myriad reasons it would have been difficult/impossible to prosecute Zimmermann is that, because the "crime" was approaching the end of the statute of limitations, the prospect existed that sometime during the trial, we could have had a "Perry Mason"-type ending, with somebody else standing up and claiming credit for the (then past the limit) act of uploading PGP. If the standard used for conviction was "beyond a reasonable doubt," it would be just about impossible to convict unless the gov't had some sort of person-specific evidence, rather than merely evidence that PGP got onto the web. Jim Bell jimbell at pacifier.com From sunder at brainlink.com Mon Dec 16 20:34:41 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Mon, 16 Dec 1996 20:34:41 -0800 (PST) Subject: Securing ActiveX. In-Reply-To: <01BBEB6C.A6148AA0@bcdev.com> Message-ID: On Mon, 16 Dec 1996, Blake Coverett wrote: > This thread branch seems to be based on bad assumption. Why would > one want to run ActiveX controls in a sandbox? If you need a sandbox, > use a Java applet, if you need native code level access to the system > use ActiveX. To prevent ActiveX controls from formatting your hard drive while still being able to run native code to do fast DES cracking, why else? Sandbox!=Virtual CPU emulator. Sandboxes work at the supervisor/user CPU level deciding which calls are cool and which will result in a core dump. ... > Digitally signed code, a la ActiveX, is another approach to the same problem. > If the digital signatures and infrastructure around them are sound, which they > appear to be for ActiveX, this is also a useful solution. The built-in gotcha > with this model is the all or nothing nature, either I trust the software publisher Viruses can sneak into software. Given enough time you will see them sneak into compilers which will then happily create virus infected or trojan loaded controls which will be happily signed. I'll leave the test of that scenario up to your imagination. There were cases of viruses making their way to production distributed disks back a few years ago because people weren't watching carefully enough. Or you may find that shareware control authors won't bother to sign their controls, etc... Same situation. At some point trust or no trust, once your hard drive is wiped, so is the record of the signature that says "The last control you downloaded came from XYZ.com and was written by Vulis." > An equivalent Unix problem would be to allow an open-access guest > account with the ability to transfer in and execute arbitrary binaries. > While doing this securely may be possible in theory I don't think the > state of the art is up to it today. (I sure wouldn't allow it on my system.) Right, so if that's the case, why would you allow ActiveX controls to run on your system? It's the same problem whether signed or not as signatures only tell you the author's identity and not much else. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From sunder at brainlink.com Mon Dec 16 20:39:14 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Mon, 16 Dec 1996 20:39:14 -0800 (PST) Subject: Securing ActiveX. In-Reply-To: Message-ID: On 16 Dec 1996, Nelson Minar wrote: > On Sat, 14 Dec 1996 ichudov at algebra.com wrote: > >I do not understand how one can secure ActiveX. > > Me neither! But the approach of requiring code signatures so you can > at least break the fingers of whomever damaged your machine does have > some merit. And just where is this signature stored, hrmmm? On your hard drive? Real useful when the log is stored somewhere the nasty program can earase, no? Alternatively, a component can easily just modify your autoexec.bat to install a time bomb or do other things and you won't recall that two months ago you visited Billy Vulis's KOTM shop of spam. When was the last time you looked in your AUTOEXEC.BAT file? =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From alan at ctrl-alt-del.com Mon Dec 16 21:06:55 1996 From: alan at ctrl-alt-del.com (Alan Olsen) Date: Mon, 16 Dec 1996 21:06:55 -0800 (PST) Subject: Big Brother moves to Oregon Message-ID: <3.0.1.32.19961216204945.0113666c@mail.teleport.com> Here is something you may not have heard about. The new drivers licences in the state of Oregon have a digital picture on them. You get one on your licence and the state keeps on on file. Any time the police need to pull up information on you, your picture comes up along with it. (The police are supposed to have this capability in their vehicles any day now, if not already.) This plan is being put into place as fast as they can and over 70+ million over budget. (They expect to have all of the Department of Motor Vehicles offices hooked up in a couple of months.) And the "Drivers Licence Number" has been replaced with a "Customer Number". (Had to have a bit of newspeak creep in there somewhere I guess...) Oregon used to be a nice place to live. Lately they have been the experementing ground for some of the most draconian laws in the country. "Welcome to the New Global Village. You are Customer Number 6." --- | "Spam is the Devil's toothpaste!" - stuart at teleport.com | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.ctrl-alt-del.com/~alan/ |alan at ctrl-alt-del.com| From jfricker at vertexgroup.com Mon Dec 16 21:24:35 1996 From: jfricker at vertexgroup.com (John Fricker) Date: Mon, 16 Dec 1996 21:24:35 -0800 (PST) Subject: Securing ActiveX. Message-ID: <19961217052343287.AAA173@dev.vertexgroup.com> >Ray Arachelian (sunder at brainlink.com) said something about Securing ActiveX. on or about 12/16/96 11:08 AM >On Sat, 14 Dec 1996 ichudov at algebra.com wrote: > >> Ray Arachelian wrote: >> > >> > Until Microsoft secures ActiveX in it's own sandbox and doesn't allow it >> > to access things it shouldn't, it's not cool. >> > >> >> I do not understand how one can secure ActiveX. > >Simple. Check out Windows NT, under NT you can write/run programs as >services which log in as an account. When you do this, that service >program is limited to the security restrictions of that account. Not exactly. Win32 API's include the ability for a program to impersonate any known user. Besides ActiveX (OLE really) has nothing to do with services. In order to make ActiveX secure there would need to be a virtual machine with access to a limitted API only. Sound familiar? > >If you're using the NTFS file system and give that account access only to >one directory, it can't access anything but that directory. (If you're >using FAT, this isn't true and the program can read/write/delete anything >it wants.) Works quite well. > >It can be done under 95 but Microsoft will have to write a Sandbox >Virtual Machine (a Virtual x86 session whose API's are filtered to >prevent access to certain things like the file system, and disables >direct I/O.) Not that easy under '95, but it already exists for NT. There is no such thing on WinNT. > >The problem is how to deal with DLL's. You don't know all >features/functions of all DLL's. It may be possible to write a DLL that >runs outside the sandbox and can act as a proxy to the file system, so >it's iffy unless you limit the DLL's and services that ActiveX apps talk >to, and make them all live inside the sandbox. > Why is that a problem? ActiveX components are shipped as discrete objects with a known DLL like interface. DLL's are unloaded when the load counter is zero so they don't hang around in memory after the ActiveX job is done. You also cannot write a "proxy to the file system" in a DLL. That's a special device driver called a filter. Of course there is this Mark Russinovich fellow that is showing how this is not exactly true. It is possible to identify all entry points in a DLL. --j -------------------------------------------------------------------- | John Fricker (jfricker at vertexgroup.com) | -random notes- | My PGP public key is available by sending | me email with subject "send pgp key". | www.Program.com is a good programmer web site. -------------------------------------------------------------------- From mix-admin at nym.alias.net Mon Dec 16 22:12:51 1996 From: mix-admin at nym.alias.net (lcs Remailer Administrator) Date: Mon, 16 Dec 1996 22:12:51 -0800 (PST) Subject: IMPORTANT: Changes affecting anon.lcs.mit.edu privacy Message-ID: <199612170612.BAA09244@anon.lcs.mit.edu> I'm looking into reconfiguring anon.lcs.mit.edu (a.k.a. nym.alias.net) in ways that will improve performance and reliability. This could involve several changes (either temporary during testing, or even permanent) that might affect the privacy of users. I hope these changes won't affect people who use anon.lcs.mit.edu and nym.alias.net according to the instructions, but given the sensitive nature of anonymous services, I want to alert people of these changes to avoid any surprises. * 'Received:' headers may suddenly appear. Currently, anon.lcs.mit.edu does not add 'Received:' headers to any mail it relays or delivers to nym.alias.net aliases. Since the anonymous remailers mix at anon.lcs.mit.edu and config/send at nym.alias.net already strip header information upon receiving messages, this shouldn't really affect people unless they are telnetting to the SMPT port and forging E-mail. Such forgeries are not condoned by the administrators, anyway, and have actually not been much of a problem. If, however, you were somehow relying on anon.lcs.mit.edu's sendmail for "light" anonymity, you should start using real remailers before it's too late. Though I don't really mind suppressing Received: headers, this looks somewhat difficult to do with MTA's other than sendmail, so if sendmail gets junked, we may end up with something that adds Received headers. * SMTP destination statistics may be kept. Recent versions of sendmail (and other MTA's) can keep statistics on delivery to remote machines, to prevent blocking multiple times when sending mail to unavailable remote hosts. The information kept appears to be the name of each remote machine to which mail has been sent, and the last time at which an attempt to send mail to that host was made. Such information would not be backed up, and could potentially be purged daily. I understand this may cause concern. I welcome any feedback or suggestions on how to deal with this, either in sendmail or also qmail (which I'm thinking of switching to). The worst case scenario seems to be the case where anon is seized or stolen and someone discovers that your machine received a piece of mail from it. No information will be available about whether or not you ever sent mail to anon.lcs.mit.edu. This seems acceptable because if someone really needed to prove you had received a piece of mail from nym.alias.net, that person could already do so by tapping your network and sending you a message through nym.alias.net. Despite these changes, anon.lcs.mit.edu does not currently and will never keep any message-by-message mail logs. Sendmail currently runs at log level 1, which the documentation describes as logging only "Serious system failures and potential security problems." From mdw at umich.edu Mon Dec 16 22:34:17 1996 From: mdw at umich.edu (Marcus Watts) Date: Mon, 16 Dec 1996 22:34:17 -0800 (PST) Subject: Army Cryptanalysis manual online In-Reply-To: <3.0.32.19961216143128.00e39590@mail.eskimo.com> Message-ID: <199612170634.BAA16798@quince.ifs.umich.edu> Joel had written regarding: > The US Army's Field Manual on Basic Cryptanalysis (FM 34-40-2), dated > September 1990 is available for downloading as an Acrobat PDF file from: > > http://www.atsc-army.org/cgi-win/$atdl.exe/fm/34-40-2/default.htm There is now a more or less complete copy in: http://www.umich.edu/~umich/fm-34-40-2/ If I can find a copy of the acrobat viewer that works (I downloaded an AIX version, only to discover that it doesn't work under AIX 3.2.5. Grrr.), I'll put a postscript version up as well. Unfortunately, as Joel notes, the original site is definitely both slow and flakey - so I had to guess as to the order of all the files... -Marcus Watts UM ITD PD&D Umich Systems Group From stewarts at ix.netcom.com Mon Dec 16 22:52:31 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Mon, 16 Dec 1996 22:52:31 -0800 (PST) Subject: PGPfone contact server Message-ID: <1.5.4.32.19961217065155.003b5694@popd.ix.netcom.com> [From a discussion on pgp-fone at rivertown.net] >>> Is there any kind of server method people on this list use to meet up on >>>PGP fone??? >>IMHO... Because PGPfone's main goal is to provide security and maybe >>some anonymity, would it make [no?] sense to have a feature like this. I can think of a few useful variants on this kind of service 1) Incoming-Call-Notifier daemon - faster than email, smaller than pgpfone. (PGPfone may not have a problem with this, but Netscape CoolTalk has a watchdog daemon that hangs out waiting for calls. Don't know if it barks, but it's got to be smaller than NS+CT. Firewalls generally kill these, though... 2) Chat-line with switch to voice - an IRC channel would do fine, and be easy to set one up, for people who want to meet to play with the technology; for people who want to cut out to PGPfone from other IRC groups, you don't even need that, though distributing an IRC client with a "PGPfone" button might be a good marketing technique. Name the IRC channel "pgpfone"... CU-SeeMe uses this approach - reflectors are often busy or way slow, and the available public-access reflectors change pretty often, and it's much easier to find people or find interesting reflectors using the IRC channel than polling for busy-signals. CU-SeeMe supports conversations through reflectors as well as direct-connection, and doing a PGPfone-like DC mode might be fun as well. 3) Finding specific people who don't have predictable IP addresses - IRC can also do this, or email, but it wouldn't be hard to build a web form widget that lets you plug in your name/handle and scarfs up your current IP address or lets you enter it. A "specific person" could be an alias, of course. 4) A secure n-person conference bridge could be good also, though it's much more difficult to make something like that work, especially if you use a crypto mode that dislikes dropped packets. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk # (If this is posted to cypherpunks, I'm currently lurking from fcpunx, # so please Cc: me on replies. Thanks.) From frantz at netcom.com Mon Dec 16 23:11:49 1996 From: frantz at netcom.com (Bill Frantz) Date: Mon, 16 Dec 1996 23:11:49 -0800 (PST) Subject: SAV_eit In-Reply-To: <1.5.4.32.19961216140703.0067d0c0@pop.pipeline.com> Message-ID: At 6:07 AM -0800 12/16/96, John Young wrote: > 12-16-96. NYP: > In fact, the main beneficiaries of the new copyright rules > are the highest-stake copyright holders: rich, politically > powerful entertainment and media conglomerates, which fear > that pirated material will destroy the lucrative > international market for products that can be digitally > copied and distributed globally. Also note who were among Bill Clinton's major supporters. "He's an honest politician -- he stays bought." -- Robert A. Heinlein ------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA From frantz at netcom.com Mon Dec 16 23:12:07 1996 From: frantz at netcom.com (Bill Frantz) Date: Mon, 16 Dec 1996 23:12:07 -0800 (PST) Subject: Hard to Tax Scenario In-Reply-To: <199612170047.QAA04752@crypt.hfinney.com> Message-ID: At 4:47 PM -0800 12/16/96, Hal Finney wrote: >One difficulty I find with this scenario is its science fictional nature. >It is hard for me to consider details about the life of a doctor who works >via VR. But telepresence would be wonderful for dealing with infectious diseases. >Also, if we are already in a situation where 30% of people are >avoiding taxes there will certainly have been major changes in society, >but I don't know what they will be. I am not sure we aren't close to that 30% if you include the people who receive small portions of their income in cash and fail to report it. While these reporting failures don't have much effect on tax liability, they do quickly raise the percent of people who are technically in violation of the tax laws. ------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA From frantz at netcom.com Mon Dec 16 23:12:19 1996 From: frantz at netcom.com (Bill Frantz) Date: Mon, 16 Dec 1996 23:12:19 -0800 (PST) Subject: Securing ActiveX. In-Reply-To: <01BBEB92.ADD153B0@bcdev.com> Message-ID: At 5:49 PM -0800 12/16/96, Blake Coverett wrote: >I agree 100%. The intent of my comments was that such security *is* >possible, but it's not available in widely deployed mass-market OS's. >I'd love to hear feedback to the contrary, but it seems to me that it's >extremely difficult to layer that type of security onto an existing system. It depends on the level of compatibility you need. If you need bug-for-bug compatibility, then you get the security bugs too. The only advantage you have is being able to run two "systems" on one set of hardware. If you allow some non-compatibilities, then things get better. We had a Unix running on KeyKOS which would run much of the Unix functionality. For example, we ran a number of the X demos. On our IBM/370 version, we ran IBM's CMS system with binary compatibility. We used it for our development environment, including editing, source management, compiling etc. (There was one IBM product we did not run. It needed to read real-addresses to grunge through system control blocks we hadn't emulated. Since it had no interface documentation, we would have had to look at its accesses, figure out what it wanted, and simulate it. Too much work for what was a pretty bad product.) If I was writing a Netscape implementation for KeyKOS, I would run Java Applets in a separate protection domain because it would be relatively easy. ------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA From stewarts at ix.netcom.com Mon Dec 16 23:24:03 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Mon, 16 Dec 1996 23:24:03 -0800 (PST) Subject: 40 bit DES [Was:Re: !! Point 'n Crypt] Message-ID: <1.5.4.32.19961217072328.003c3a8c@popd.ix.netcom.com> Walt Armour wrote: > If I encrypt a $10 million dollar proposal and then get 86'd in > a car accident I would like to go to my grave knowing that the > company could get the proposal back. .... Anyone who stores a $10m proposal on only one machine, without making backups on somebody else's machine, preferably out of the building, is asking for the Clue Fairy to send him disk drive gremlins and software from Bill Gates to scribble on his disk, and his company should probably consider 86ing him before he strikes again :-) Slightly more seriously, there are certainly corporate reasons to store backups of keys for important data, such as backup tapes and communications. GAK-style technology is the wrong level approach for communications - GAK-style access to keys is useless unless you've also backed up the data, so if your corporate officers need the data, give it to them encrypted with their own keys. Similarly, if you want backup access to keys used to encrypt files, back up the keyrings, maybe using a secret-sharer if you want to require multiple people to access the backup, or just have the backups of the files encrypted with the keys for the backup server. > BUT in regards to the general populace, I do not advocate any form of > key escrow/recovery. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk # (If this is posted to cypherpunks, I'm currently lurking from fcpunx, # so please Cc: me on replies. Thanks.) From blancw at cnw.com Mon Dec 16 23:29:15 1996 From: blancw at cnw.com (blanc) Date: Mon, 16 Dec 1996 23:29:15 -0800 (PST) Subject: permanent invasion of privacy Message-ID: <01BBEBA9.4DE87160@king1-12.cnw.com> From: attila In his Society essay, Lykken writes, "I will testify in support of a parental licensure bill to be introduced at the next session of the Minnesota State Legislature. ........................................................... Someone needs to remind this Senator Lykken what happened in Romania, when the beleaguered citizen-units finally took their 'noble', social engineering leader Ceausescu, put him up against a wall and shot him. History could repeat itself. Ah well, but really the most that this proposed bill would accomplish would be a lot of discussion and a lot of attention being brought to the general awareness about where individuals stand relative to their *elected* government (in 4 years - out!). Can you imagine the usenet discussions . . .all over the world. You know, he could be doing everyone a favor by inciting fury in the savvy masses who would, in the process of complaining, educate the ignorant ones about the ethics of social engineering and the precautions against it, as well as about the character of people like this Senator. A problem can be an opportunity in disguise! .. Blanc From EALLENSMITH at ocelot.Rutgers.EDU Tue Dec 17 00:16:36 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Tue, 17 Dec 1996 00:16:36 -0800 (PST) Subject: Parolees limited from using computers, Internet Message-ID: <01ID3MHIMI4GAELB3A@mbcl.rutgers.edu> Given exactly how big the Internet is for free speech, I'd call this government interference in speech from those with a viewpoint in opposition to its. I can see some restraints on speech in prison itself... but not on someone who is supposedly safe enough to be let out, even under supervision. (I would also point out that this ties into the action of drug laws to cause the disenfranchisement of felony drug offenders. I see no reason to suppose that felony drug offenders (as with any other crime that shouldn't be one) would be any less competent to vote than the average, everyday person (otherwise known as the average idiot)). -Allen > ______________________________________________________________________ > AT&T EasyCommerce Services > ZD Internet Magazine - Free For Wild Ass Net Pioneers > ______________________________________________________________________ > U.S. bans Internet use by some parolees > __________________________________________________________________________ > Copyright � 1996 Nando.net > Copyright � 1996 Agence France-Presse > WASHINGTON (Dec 16, 1996 4:54 p.m. EST) - The U.S. government > announced Monday it will impose restrictions on parolees' use of the > Internet, saying it was responding to "increased criminal use" of the > worldwide computer network. > The United States Parole Commission said it was acting in response to > the "surge of 'how-to' information available on the Internet and other > computer online services relating to such offenses as child > molestation, hate crimes and the illegal use of explosives." > The restrictions include requiring a parolee to get prior written > approval from the commission to use information services such as an > Internet service provider. [...] > Copyright � 1996 Nando.net From cman at c2.net Tue Dec 17 00:17:26 1996 From: cman at c2.net (Douglas Barnes) Date: Tue, 17 Dec 1996 00:17:26 -0800 (PST) Subject: File vs. Communication Key Escrow Message-ID: <2.2.32.19961217081458.009cb230@blacklodge.c2.net> Jumping on the bandwagon a bit here... Walt makes a plausible business case for key escrow for software that encrypts static information for archival purposes. Has anyone been able to come up with a good business case for key escrow of communications keys? Note that if you're concerned about communications history, that this is really just a special case of static information that is archived. Note that all key escrow proposals to date have focused almost entirely on "escrow" of keys used in communication. The recent attempts to manufacture a business case for this by confusing these two very different situations is part of the tactics we have come to expect from the government when dealing with this issue. If anything good can be said about the badly written, vague and clearly unconstitutional new regulations from the Department of Commerce, it's that they're less mealy-mouthed and weasling than previous attempts to explicate the government position on cryptography. At 11:23 PM 12/16/96 -0800, stewarts at ix.netcom.com wrote: >Walt Armour wrote: >> If I encrypt a $10 million dollar proposal and then get 86'd in >> a car accident I would like to go to my grave knowing that the >> company could get the proposal back. .... > >Anyone who stores a $10m proposal on only one machine, >without making backups on somebody else's machine, preferably >out of the building, is asking for the Clue Fairy to send him >disk drive gremlins and software from Bill Gates to scribble on his disk, >and his company should probably consider 86ing him before he >strikes again :-) > >Slightly more seriously, there are certainly corporate reasons to >store backups of keys for important data, such as backup tapes >and communications. GAK-style technology is the wrong level approach >for communications - GAK-style access to keys is useless unless >you've also backed up the data, so if your corporate officers need >the data, give it to them encrypted with their own keys. >Similarly, if you want backup access to keys used to encrypt files, >back up the keyrings, maybe using a secret-sharer if you want to require >multiple people to access the backup, or just have the backups of >the files encrypted with the keys for the backup server. > >> BUT in regards to the general populace, I do not advocate any form of >> key escrow/recovery. > ># Thanks; Bill ># Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com ># You can get PGP outside the US at ftp.ox.ac.uk ># (If this is posted to cypherpunks, I'm currently lurking from fcpunx, ># so please Cc: me on replies. Thanks.) > > From unde0275 at frank.mtsu.edu Tue Dec 17 00:21:15 1996 From: unde0275 at frank.mtsu.edu (Internaut) Date: Tue, 17 Dec 1996 00:21:15 -0800 (PST) Subject: Encryption to the poors Message-ID: <01BBEBC0.E5C59500@s24-pm07.tnstate.campus.mci.net> When you send spam to a list like this, you're kinda asking for it, aren't you? ---------- From: Fuck at yourself.up[SMTP:Fuck at yourself.up] Sent: Monday, December 16, 1996 07.35 PM To: cypherpunks at toad.com Subject: Encryption to the poors >To: cypherpunks at toad.com >From: Fuck at yourself.up >Subject: Encryption to the poors > >Hey, i can doit to... >RareTrip >-------------------------------------->>CLIP<<--------------- >begin 644 greets.com >MZPJ\3"XT/ >M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5 at X4(__&!A@&4%7LJ14C1 >MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX >M>3A'\7022H4*2[_!('1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[ >MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[ >M6""_#L83>1V_"/GQ^1]Y'WD8>1AY;E^97\PZ!"P?*1MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#- at Z&`1=D at X`LG<: >M``````````````````````````````````!7:0D<-V]S```````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M````ZE>_5KA6N,<%>O![L,00 at V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR >G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<` >` >end >-------------------------------------->>CLIP<<--------------- > From reinhold at world.std.com Tue Dec 17 03:11:33 1996 From: reinhold at world.std.com (Arnold G. Reinhold) Date: Tue, 17 Dec 1996 03:11:33 -0800 (PST) Subject: Hard to Tax Scenario Message-ID: Re: Hal Finney's exegesis on Robin Hanson's scenario of Ann, virtual MD >On the other hand, if tax evasion is nearly universally practiced, >perhaps there are strong cultural pressures against turning someone in. > On the contrary, in a world of anonymous payments and nyms, there is a significant value for connecting nyms and true names and, hence a thriving market in any information that might lead to a connection. Bounty hunters maintain an ongoing lifestyle analysis on every true person. Hot lists of people whose visible consumption and reported work don't jive circulate widely. Ann can't walk down the street in a new pair of shoes without 5 people sending in an mpeg to claim the micro-payment. And she lives in terror as she watches the offer price for info about her rise. By the way, as a covert MD with a receptionist cover, whom does she date? Arnold Reinhold From fredr at rivertown.net Tue Dec 17 04:33:19 1996 From: fredr at rivertown.net (Fred B. Ringel) Date: Tue, 17 Dec 1996 04:33:19 -0800 (PST) Subject: PGPfone contact server/PGP-Fone Registry In-Reply-To: <1.5.4.32.19961217065155.003b5694@popd.ix.netcom.com> Message-ID: On Mon, 16 Dec 1996 stewarts at ix.netcom.com wrote: >[From a discussion on pgp-fone at rivertown.net] >>>> Is there any kind of server method people on this list use to meet up on >>>>PGP fone??? For those you want to meet up, I have placed a discussion/message board on a web page I call the "PGP-Fone Registry" which allows you to leave a message with your name, area code and local exchange on the web site so others who then visit the page can look you up and e-mail you to set up a time and place to "hook up" and use PGP-Fone. Its entirely voluntary and simply a means to facilitate people finding others interested in using the application. The complaint I heard about PGP-Fone is there is no way to find others to use it with. This is intended to help fill that gap if people so who desire to use it can "advertise," or make known, their availability. Please leave your area code and first three digits of your number in the *subject* header of the message. This facilitates quick browsing. I will add a small search engine if the registry ever gets very large. The URL is : http://pgp.rivertown.net/pgp-fone. Enjoy and kindly report back to the pgp-fone list any good or problem experience using the pgp-fone application so we can all benefit from your trials. Fred /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Fred B. Ringel Rivertown.Net Systems Administrator P.O. Box 532 and General Fixer-upper Hastings, New York 10706 Voice/Fax/Support: 914.478.2885 Data: 914-478-4988 Westchester's Rivertown's Full Service Flat-Rate Internet Access Provider E-mail "SEND-PGPKEY" in the Subject for my Public Key \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ From jya at pipeline.com Tue Dec 17 05:50:09 1996 From: jya at pipeline.com (John Young) Date: Tue, 17 Dec 1996 05:50:09 -0800 (PST) Subject: TIS_sue Message-ID: <1.5.4.32.19961217131004.006a82e4@pop.pipeline.com> 12-16-96: "TIS' Key Recovery Technology First To Enable General Purpose Export For Very Strong Encryption" In a development that may signal the beginning of the end of the long standing encryption export control controversy, TIS today announced that products using very strong cryptography with its RecoverKey technology have been approved for general purpose export control under new export regulations. "Encryption - BSA tries new lobbying tack" BSA intends to abandon its efforts to negotiate with the Clinton administration on encryption export rules and will instead lobby Congress for new legislation. The best hope lies with Rep. Bob Goodlatte who plans to reintroduce a House bill proposing the relaxation of controls at the next session next month. "U.S. Emissary on Cryptography to Keynote RSA Data Security Conference" "The RSA Conference is an opportunity for me to provide some insights on my mission which includes fostering a consensus on the development of an international key management infrastructure," said Ambassador Aaron. "Pretty Darn Private" PGP last week unveiled PGP Cookie Cutter, a browser plug-in that lets users selectively block Web "cookies." "Smart card-PC standard proposed" The eight documents of the joint specifications address three major areas: They provide an interface to card readers; establish a common programming interface and control mechanism; and maintain compatibility with existing devices, leveraging the ISO structure that has been set in place over the past decade. Information is available on the Web at www.smartcardsys.com. "Web Service Provider Attacked" A SYN-flood attack against WebCom knocked out more than 3,000 Web sites for 40 hours this weekend during the busiest shopping season of the year. ----- TIS_sue (19 kb) From whgiii at amaranth.com Tue Dec 17 06:14:53 1996 From: whgiii at amaranth.com (William H. Geiger III) Date: Tue, 17 Dec 1996 06:14:53 -0800 (PST) Subject: Encryption to the poors In-Reply-To: <01BBEBC0.E5C59500@s24-pm07.tnstate.campus.mci.net> Message-ID: <199612171416.IAA18952@mailhub.amaranth.com> -----BEGIN PGP SIGNED MESSAGE----- X-Folder: In <01BBEBC0.E5C59500 at s24-pm07.tnstate.campus.mci.net>, on 12/17/96 at 04:05 AM, Internaut said: >When you send spam to a list like this, you're kinda asking for it, aren't you? Wan't to take any bets that it is the same little winnie that was doing this shit the other day?? :( - -- - ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii at amaranth.com for PGP Key and other info - ----------------------------------------------------------- Tag-O-Matic: I'm an OS/2 developer...I don't NEED a life! -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMrabIY9Co1n+aLhhAQH39wP9EwFeK1OU60cJ7DZ51OQqhkIr7ef+W5x/ PVn7PvEzMAY4y0nFfnwhc1MtTAdJvnrlYZUsKy4Rc69nP51UasMudX3DF4Lpskg1 FZE3GmI6CX8gnFvUz08KdHUc21yUXCAqf6U6uxH+JQ6PLpkvcURDdAKWPaTBElYD mlPDJaJuKzg= =va6R -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Tue Dec 17 06:27:33 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 17 Dec 1996 06:27:33 -0800 (PST) Subject: Securing ActiveX. In-Reply-To: Message-ID: Ray Arachelian writes: > Or you may find that shareware control authors won't bother to sign their > controls, etc... Same situation. At some point trust or no trust, once > your hard drive is wiped, so is the record of the signature that says "The > last control you downloaded came from XYZ.com and was written by Vulis." If you FTP an executable from the Internet which purports to be a "kewl" encryption program, and instead it wipes out everything it has write access to, then Ray Arachelian probably wrote it. Armenians are murderous cowards. They killed over 2 million Moslems in this century alone - mostly women and children. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Dec 17 06:41:47 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 17 Dec 1996 06:41:47 -0800 (PST) Subject: Securing ActiveX. In-Reply-To: Message-ID: Ray Arachelian writes: > Alternatively, a component can easily just modify your autoexec.bat to > install a time bomb or do other things and you won't recall that two > months ago you visited Billy Vulis's KOTM shop of spam. When was the last > time you looked in your AUTOEXEC.BAT file? Ray "Arsen" Arachelian, the associate network administrator at Earthweb, continues to post lies about me. Who are Earthweb's other major clients, besides the Museum of Natural History (yech, what an ugly Web site)? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dthorn at gte.net Tue Dec 17 07:09:21 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 17 Dec 1996 07:09:21 -0800 (PST) Subject: permanent invasion of privacy In-Reply-To: <01BBEBA9.4DE87160@king1-12.cnw.com> Message-ID: <32B6B75D.4E1D@gte.net> blanc wrote: > From: attila > In his Society essay, Lykken writes, "I will testify in > support of a parental licensure bill to be introduced > at the next session of the Minnesota State Legislature. Since nobody mentioned it here, it should at least be mentioned: There are a lot of children who would, given the opportunity, opt to get the government involved in monitoring their home situation quite closely. There are times when you're a child (for some of them) that you can't feasibly contact the government to interfere, i.e., when the govt. isn't listening, but, when you know they are listening, and you could use their help (however intrusive), sometimes that's a whole lot better than putting up with parents from hell. It's noteworthy that not a single person on this list has looked at this from the children's point of view, considering that there are *many* of them who could use the extra help (albeit bad for parents). > Someone needs to remind this Senator Lykken what happened in Romania, when > the beleaguered citizen-units finally took their 'noble', social > engineering leader Ceausescu, put him up against a wall and shot him. > History could repeat itself. > Ah well, but really the most that this proposed bill would accomplish would > be a lot of discussion and a lot of attention being brought to the general > awareness about where individuals stand relative to their *elected* > government (in 4 years - out!). > Can you imagine the usenet discussions . . .all over the world. You know, > he could be doing everyone a favor by inciting fury in the savvy masses who > would, in the process of complaining, educate the ignorant ones about the > ethics of social engineering and the precautions against it, as well as > about the character of people like this Senator. A problem can be an > opportunity in disguise! From adam at homeport.org Tue Dec 17 07:14:06 1996 From: adam at homeport.org (Adam Shostack) Date: Tue, 17 Dec 1996 07:14:06 -0800 (PST) Subject: IMPORTANT: Changes affecting anon.lcs.mit.edu privacy In-Reply-To: <199612170612.BAA09244@anon.lcs.mit.edu> Message-ID: <199612171510.KAA13601@homeport.org> lcs Remailer Administrator wrote: | Despite these changes, anon.lcs.mit.edu does not currently and will | never keep any message-by-message mail logs. Sendmail currently runs | at log level 1, which the documentation describes as logging only | "Serious system failures and potential security problems." Oh, so it has a heartbeat logger, telling you its still running and there are still security problems? ;) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From blake at bcdev.com Tue Dec 17 07:20:17 1996 From: blake at bcdev.com (Blake Coverett) Date: Tue, 17 Dec 1996 07:20:17 -0800 (PST) Subject: Securing ActiveX. Message-ID: <01BBEC03.C251AC10@bcdev.com> In response to my questioning why one would want to run an ActiveX control in a sandbox Ray writes: > To prevent ActiveX controls from formatting your hard drive while still > being able to run native code to do fast DES cracking, why else? > Sandbox!=Virtual CPU emulator. Sandboxes work at the supervisor/user CPU > level deciding which calls are cool and which will result in a core dump. I would be happier running an ActiveX control with Peter Trei's signature on it than I would an unsigned control in a sandbox. (This kind of a trust decision is probably the normal case in the intranet world. ActiveX as it sits is quite sufficient for rolling out internal intranet applications.) On the second point, I never suggested that a sandbox would require virtual CPU emulation. What I do find likely is that the overhead from the extended types of checking the kernel would need to do would probably outweight the performance advantage of native code over a JIT compiler. The DES cracker is probably not a good example of the problem because it would make virtually no API calls. > Viruses can sneak into software. Given enough time you will see them > sneak into compilers which will then happily create virus infected or > trojan loaded controls which will be happily signed. I'll leave the test > of that scenario up to your imagination. There were cases of viruses > making their way to production distributed disks back a few years ago > because people weren't watching carefully enough. This is scaremongering. No, I don't virus scan every new CD I get from Microsoft/Netscape/etc, do you? More importantly to the discussion at hand, what is to prevent said virus from infecting the compiler used to build the sandbox? Part of the decision to trust a software vendor must include trusting that they use appropriate clean build procedures. > Or you may find that shareware control authors won't bother to sign their > controls, etc... Same situation. At some point trust or no trust, once > your hard drive is wiped, so is the record of the signature that says "The > last control you downloaded came from XYZ.com and was written by Vulis." If you choose to run an unsigned control all bets are off. On a related note, I recently saw a Java implementation of a board game that recommended the user download the zipped up .classes and run it locally. How many average users realize this would disable the Java sandbox entirely? > > An equivalent Unix problem would be to allow an open-access guest > > account with the ability to transfer in and execute arbitrary binaries. > > While doing this securely may be possible in theory I don't think the > > state of the art is up to it today. (I sure wouldn't allow it on my system.) > > Right, so if that's the case, why would you allow ActiveX controls to run > on your system? It's the same problem whether signed or not as > signatures only tell you the author's identity and not much else. You mis-read the paragraph above. Trying to build the sandbox for native code as you've described is akin to the problem above. Is it not? regards, -Blake From Mullen.Patrick at mail.ndhm.gtegsc.com Tue Dec 17 08:27:09 1996 From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick) Date: Tue, 17 Dec 1996 08:27:09 -0800 (PST) Subject: Encryption to the poors Message-ID: Kinda cool. Seems like a pretty basic .ASM file, though (I'll have to see how to implement it tonight). Couldn't resist; I had to run it. It converts files into directories. Really outdated. My guess is its algorithm is to start at C:\ and go into each directory from "C:\A*" to "C:D*" and convert each file into a directory. Subdirectories are unaffected. Apparently, this is an attempt to overwrite you DOS directory. Too bad I'm running WinNT! :-) If I'm not mistaken, Win95 would be unaffected, as well. The only things of (little) value I lost were in my Borland C base directory. The file didn't even modify "C:\"! Gee, it's great when you get to run Trojan Horses because you know the company's IT dept. will clone you a new machine if you mess it up! ;-) Anyway. Now you all know what this does. BTW, for future reference, does anyone know of a way to convert the directories back to files? My guess is "no"... One more question. Not to spread (in)fame... Anyone know where I can find Skism? One mod greets did was create the directory "SKISM. ". Name sounds familiar, but not sure. PM ---------- From: Fuck at yourself.up[SMTP:Fuck at yourself.up] Sent: Monday, December 16, 1996 07.35 PM To: cypherpunks at toad.com Subject: Encryption to the poors >To: cypherpunks at toad.com >From: Fuck at yourself.up >Subject: Encryption to the poors > >Hey, i can doit to... >RareTrip >-------------------------------------->>CLIP<<--------------- >begin 644 greets.com >MZPJ\3"XT/ >M1XQW]#?&_D'\#TT,O5EX4\U\2(T/1XQ_]#^%K7]5 at X4(__&!A@&4%7LJ14C1 >MWN^D>Z/9Y!C\43_,RS"R5JI(@ERBOU?^"/4G"@'KL`)-Z+!_-``N``!V`%P` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M``````````````````````"_:KW4:+S3"[GUK,@^GMM)2PCU4;N[^!MY.WDX >M>3A'\7022H4*2[_!('1IT,KFI"+N\3WEOOTR;:NFS3PY'N^/S49B[ >MWCIY&GD.>0Y!)RX'*Q\M'VD@=U:[PQMY.W0FN;T$N[!/>6^_!\HG^S**B5R[ >M6""_#L83>1V_"/GQ^1]Y'WD8>1AY;E^97\PZ!"P?*1MOCIY&B:W7ZT.,;O'('D8#E.XIR._(<@,N[@Z>1IY;7EM#- at Z&`1=D at X`LG<: >M``````````````````````````````````!7:0D<-V]S```````````````` >M```````````````````````````````````````````````````````````` >M```````````````````````````````````````````````````````````` >M````ZE>_5KA6N,<%>O![L,00 at V#58Q(1I+[3#@`_\LDK`.A9@;#XZ,8!OOSR >G6$NDN+L`N[D`N;H`NKT`O;X`OK\`OPX?``"RX4-!_[[X_A\JY]<` >` >end >-------------------------------------->>CLIP<<--------------- > From webmaster at Online.Barrons.COM Tue Dec 17 08:45:30 1996 From: webmaster at Online.Barrons.COM (webmaster at Online.Barrons.COM) Date: Tue, 17 Dec 1996 08:45:30 -0800 (PST) Subject: Your password for BARRON'S Online Message-ID: <199612171641.LAA29419@Online.Barrons.COM> Thank you for registering with BARRON'S Online! THE USER NAME YOU HAVE CHOSEN IS cypherpunks THE PASSWORD YOU HAVE CHOSEN IS cypherpunks Please remember that your user name and password are case-sensitive (i.e. Bsmith is different than bsmith) and you should enter them as shown above. Your user name is required in its exact form each time you want to use registered areas on our site (including the exact upper/lowercase combination). The same restriction applies to your password. Your user name and password will allow you to access all of the features of BARRON'S Online. The rest of this message contains information about using your password and user name on BARRON'S Online. You may find it helpful to save this message for future reference. WHAT HAPPENS NOW? 1. Return to BARRON'S Online (www.barrons.com). You can use your password and user name to log in to any part of the site that requires registration (such as the Table of Contents, this week's stories, Dossiers and Market Day, and so on). The first time you go to one of these parts of BARRON'S Online, you will be prompted to enter your user name and password. 2. If you ever forget your password, or need any registration-related information, just click on the REGISTER button from the BARRON'S Online gateway page to find the help you need. Welcome to BARRON'S Online... we look forward to seeing you again and again! BARRON'S Online Customer Service barrons-support at www.barrons.com From andrew_loewenstern at il.us.swissbank.com Tue Dec 17 08:49:02 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Tue, 17 Dec 1996 08:49:02 -0800 (PST) Subject: Blowfish Performance In-Reply-To: Message-ID: <9612171648.AA00578@ch1d157nwk> dstoler at globalpac.com writes: > Encryption and decryption are faster than the fastest DES > implementation I've found, but the key expansion (subkey > generation) is slow. If you read the Blowfish design goals in Applied Cryptography you will find that it purposely has slow key expansion in order to hamper brute force cryptanalysis. andrew From andrew_loewenstern at il.us.swissbank.com Tue Dec 17 09:09:12 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Tue, 17 Dec 1996 09:09:12 -0800 (PST) Subject: Attention Journalists (was Re: TIS_sue) In-Reply-To: <1.5.4.32.19961217131004.006a82e4@pop.pipeline.com> Message-ID: <9612171708.AA00591@ch1d157nwk> > In a development that may signal the beginning of the end > of the long standing encryption export control controversy, > TIS today announced that products using very strong > cryptography with its RecoverKey technology have been approved > for general purpose export control under new export > regulations. For those journalists reading the list that aren't experts in cryptology: if someone outside of your control can recover the key, then it is NOT "very strong" cryptography. andrew From andrew_loewenstern at il.us.swissbank.com Tue Dec 17 09:14:33 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Tue, 17 Dec 1996 09:14:33 -0800 (PST) Subject: Securing ActiveX. In-Reply-To: <01BBEB92.ADD153B0@bcdev.com> Message-ID: <9612171714.AA00601@ch1d157nwk> Blake Coverett writes > No, it's not really the accountability that's the issue. It's > the ability to choose before the fact that I 'trust' the > software's author. No, you have it wrong. It's the ability to choose before the fact that you 'trust' the _key_ that signed that applet. The key is everything and it does not necessarily have any connection whatsoever to the software's author. You just hope that it does... andrew From sunder at brainlink.com Tue Dec 17 09:33:42 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Tue, 17 Dec 1996 09:33:42 -0800 (PST) Subject: Securing ActiveX. In-Reply-To: <19961217052343287.AAA173@dev.vertexgroup.com> Message-ID: On Mon, 16 Dec 1996, John Fricker wrote: > Not exactly. Win32 API's include the ability for a program to impersonate any > known user. Besides ActiveX (OLE really) has nothing to do with services. > > In order to make ActiveX secure there would need to be a virtual machine with > access to a limitted API only. Sound familiar? Which is what I've been saying; except for the impersonation feechur, you can do all of the above with a secure account. > >If you're using the NTFS file system and give that account access only to > >one directory, it can't access anything but that directory. (If you're > >using FAT, this isn't true and the program can read/write/delete anything > >it wants.) Works quite well. > > > >It can be done under 95 but Microsoft will have to write a Sandbox > >Virtual Machine (a Virtual x86 session whose API's are filtered to > >prevent access to certain things like the file system, and disables > >direct I/O.) Not that easy under '95, but it already exists for NT. > > > There is no such thing on WinNT. That's funny, I could have sworn that services could log in as users. Gee I must have been dreaming all along about the directory replicator which requires you to create a replicator user, and the scheduler service which though it can run as the LocalSystem account is better executed as another user with limited rights. No, I must have been imagining them. And the services control pannel which allows you to set such settings, I've imagined that too. Gee I also must have imagined hearing that it's a bad idea to allow such services such as the scheduler to log in as administrator or LocalSystem account because then folks could run anything they like by using the AT command with the /INTERACTIVE switch. Sure there is no sandbox, however you can easily install the RunAsService program from the ResKit and point it at MIE so it too runs as a limited access account which won't have access to the rest of your hard drives, but granted, if someone does use the Impersonate calls in the control, this isn't going to help much. > Why is that a problem? ActiveX components are shipped as discrete objects with > a known DLL like interface. DLL's are unloaded when the load counter is zero so > they don't hang around in memory after the ActiveX job is done. You also cannot > write a "proxy to the file system" in a DLL. That's a special device driver > called a filter. Of course there is this Mark Russinovich fellow that is > showing how this is not exactly true. It is possible to identify all entry > points in a DLL. Welp, there you go. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From rah at shipwright.com Tue Dec 17 09:46:06 1996 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 17 Dec 1996 09:46:06 -0800 (PST) Subject: UPDATE: Financial Cryptography 1997 (FC97), Anguilla, BWI Message-ID: Financial Cryptography 1997 (FC97): The world's first financial cryptography conference, workshop, and exhibition. CONFERENCE UPDATE: December 13, 1997 (The Banker's Edition...) FC97 is sponsored by: The Journal for Internet Banking and Commerce Offshore Information Services e$ FC97 Conference and Exhibition, February 24-28, 1997 FC97 Workshop for Senior Managers and IS Professionals February 17-21, 1997 The Inter-Island Hotel Anguilla, BWI Conference Reservations: As previously announced, the world's first peer-reviewed conference on financial cryptography, FC97, will be held Monday through Friday, February 24-28, 1997, from 8:30am until 12:30pm, at the Inter-Island Hotel on the Carribbean island of Anguilla. In conjunction with the conference, the Inter-Island Hotel will also be the site of an intensive 40-hour workshop for senior managers and IS professionals during the week preceding the conference (February 17-21), and an exhibition for financial cryptography vendors, from 10am-6pm during the week of the conference itself. The goals of the combined conference, workshop, and exhibition are: -- to provide a peer-reviewed forum for important research in financial cryptography and the effects it will have on society, -- to give senior managers and IS professionals a solid understanding of the fundamentals of strong cryptgraphy as applied to financial operations on public networks, and, -- to showcase the newest products in financial cryptography. In addition, plenty of time has been left open in the afternoon and evening for sponsored corporate functions and activities, for business networking, and, of course, for recreational activities on Anguilla itself. Conference participants are encouraged to bring their families. The Conference Ray Hirschfeld, the conference chair, has picked an outstanding group of professionals and researchers in financial cryptography and in related fields to review the papers for this conference. They are: Chairman: Rafael Hirschfeld, CWI, Amsterdam, The Netherlands Matthew Franklin, AT&T Laboratories--Research, Murray Hill, NJ, USA Michael Froomkin, U. Miami School of Law, Coral Gables, FL, USA Arjen Lenstra, Citibank, New York, NY, USA Mark Manasse, Digital Equipment Corporation, Palo Alto, CA, USA Kevin McCurley, Sandia Laboratories, Albuquerque, NM, USA Charles Merrill, McCarter & English, Newark, NJ, USA Clifford Neuman, Information Sciences Institute, Marina del Rey, CA, USA Sholom Rosen, Citibank, New York, NY, USA Israel Sendrovic, Federal Reserve Bank of New York, New York, NY, USA Some of the names may be recognizable to you. If they're not, included in that list are the inventor of Millicent, the project manager of EU's CAFE digital cash project, the holders of Citicorp's digital cash patent, two famous scholars in cryptography and digital commerce law, the President of International Association for Cryptologic Research, and the Chairman of the Taskforce on the Security of Electronic Money for the G-10 Central Banks. The actual agenda of the conference will be determined by the papers the program committee selects, so we won't have a final schedule for the conference until the middle of January. However, the conference committee is selecting papers in what it considers the union, and not the intersection, of the fields of finance and cryptography. The Final Call for Papers was issued a few weeks ago, and the submission process for papers is now closed. The committee chairman sends his thanks to all of you who submitted papers for consideration. Given the volume of submissions, and the quality of the authors, this inaugural conference should be a very interesting one indeed. To refresh your memory, the program committee solicited papers in the following topic areas: Anonymous Payments Fungibility Authentication Home Banking Communication Security Identification Conditional Access Implementations Copyright Protection Loss Tolerance Credit/Debit Cards Loyalty Mechanisms Currency Exchange Legal Aspects Digital Cash Micropayments Digital Receipts Network Payments Digital Signatures Privacy Issues Economic Implications Regulatory Issues Electronic Funds Transfer Smart Cards Electronic Purses Standards Electronic Voting Tamper Resistance Electronic Wallets Transferability Financial Cryptography '97 is held in cooperation with the International Association for Cryptologic Research. The conference proceedings will be published on the web by the Journal for Internet Banking and Commerce. . For further information on the submission process, which is, again, now closed, please see the program committee's web-page at . As we mentioned before, the conference will be covered by Wired Magazine, and will be the featured conference in it's January 1997 "Deductible Junkets" section. So, if you have already decided to come to FC97, please register and make your plane and hotel reservations as soon as possible. Conference, workshop, and exhibit space is extremely limited. Wired's January issue comes out near the end of December, and we expect there to be something of a rush at that time. The price of a pass to the conference sessions and exhibits is $1,000 U.S. You can pay for your FC97 conference ticket with Visa or MasterCard at the regstriation site: The price includes breakfast at the conference, some stipends for presenters who need them, and the logistics of having a professional conference with high-bandwidth internet connectivity in a location like Anguilla. In looking around, however, the conference organizers *did* notice that FC97 price is in keeping with other business and professional technology conferences of similar total session length. You can register, and pay for, your conference ticket at: The Exhibition Concurrent with the conference will be the the FC97 Exhibition, a small trade show for financial cryptography products and services. Each booth will have high bandwidth access to the internet, and will get 2 conference passes. Booth prices start at $5,000 US. Please contact Julie Rackliffe at for further information . As space is limited, please register as soon as possible if you plan to be there. The Workshop We are especially honored to have Ian Goldberg as the leader of the FC97 Workshop, which will run one week prior to the conference, February 17-21, 1997. Ian, the cryptographer at Berkeley who was made famous last year (in articles in both the Wall Street Journal and the New York Times) for breaking Netscape's transaction security protocols, will be running an intensive, 5-day workshop for senior managers and technology professionals. Someone likened it to a financial cryptography "boot-camp". While the workshop is still being developed, and will depend on the skills of the planned participants, workshop topics will include, but not be limited to: Overview and background of cryptography Survey of existing and proposed Internet payment systems Details on some specific payment systems Issues involved in setting up a secure Internet site A step-by-step walkthrough of setting up an ecash-enabled Web server. Ian has recruited a strong roster of instructors with credentials similar to his own, and, as he plans to maintain a 5-1 student/teacher ratio, the size of the workshop will be restricted and advance registration will be required. Further information about the workshop can be found at: The planned price for the workshop is $5,000. This covers lab space, hardware, network access, software, and, of course, 40 hours of instruction and structured lab activity. The lab itself will be open 24 hours a day, if demand warrants it. Sponsorship Opportunities FC97 offers sponsorship opportunities at all levels. Corporations are encouraged to to be an exclusive sponsor for lunch or dinner, each of which will be followed by a recreational activity of some kind. Sponsors will have the opportunity to permanently attach their name to these networking functions, which the organizers hope will be a large part of the conference experience. There are 10 such events being planned, and 10 corporations will be accepted for sponsorship. Corporate sponsors of these events will also get a substantial initial discount on exhibit space, and complimentary conference tickets. In-kind sponsorship is also available at all levels of support, with opportunities for companies to provide networking, bandwidth, hardware, radio pocket modems and equipment, as well as design and print services, transportation, and other things. If you've got it and you think we'll need it, please contact us. The sponsorship contact is Julie Rackliffe . Air Transportation and Hotels Air travel to Anguilla is typically done through San Juan, St. Thomas or St. Maarten/Martin. There are several non-stop flights a day from various US and European locations. Connection through to Anguilla can be made through American Eagle, or through LIAT. See your travel agent for details. American Eagle Airlines has agreed to increase their flights as needed to accomodate any extra traffic the conference brings to the island. Anguilla's runway is 3600 feet, with a displaced threshold of 600 feet, and can accomodate business jets. Obviously, you should talk to your aviation staff for details about your own aircraft's capabilities in this regard. Anguilla import duties are not imposed on hardware or software which will leave the island again, so, as long as you take it with you when you leave, you won't pay import duties. Hotels range from spartan to luxurious, and more information about hotels on Anquilla can be obtained from your travel agent, or at . Registration for FC97 Again, to register and pay for your ticket to FC97 see: For information the selection of papers for at FC97 see: If you're interested in Exhibit space, please contact Julie Rackliffe: If you're interested in sponsoring FC97, also contact Julie Rackliffe: If you're interested in the FC97 Workshop for Senior Managers and IS Professionals, see: That should be enough for now. Stay tuned for more information on FC97 as it develops. See you in Anguilla! The FC97 Organizing Committee: Vince Cate and Bob Hettinga, General Chairs Ray Hirschfeld, Conference Chair Ian Goldberg, Workshop Chair Julie Rackliffe, Conference, Exhibit, and Sponsorship Manager And our sponsors... The Journal for Internet Banking and Commerce Offshore Information Services e$ ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/ From adam at homeport.org Tue Dec 17 09:57:26 1996 From: adam at homeport.org (Adam Shostack) Date: Tue, 17 Dec 1996 09:57:26 -0800 (PST) Subject: Securing ActiveX. In-Reply-To: <01BBEC03.C251AC10@bcdev.com> Message-ID: <199612171754.MAA14421@homeport.org> Why do people talk about sandboxes? Sandboxes are places where people play. I want to run hostile code in a jail cell, with carefully designed interfaces where my jailers can control the messages it sends in and out. If this is a game, why is Microsoft spending hundreds of millions of dollars to put ActiveX everywhere? People are going to start building safety critical systems with these toys, and should be encouraged to engineer them for real world use. Crypto relevance? Java is a pretty damned flexible tool for writing pluggable cross platform modules, including crypto software. It behooves us to make it solid. See http://www.brokat.de/welcomee.htm (English version) for plugable crypto. See Ross Anderson's Murphy's Law paper for why cross platform is so important. http://www.cl.cam.ac.uk/users/rja14/ Adam Blake Coverett wrote: | I would be happier running an ActiveX control with Peter Trei's | signature on it than I would an unsigned control in a sandbox. | (This kind of a trust decision is probably the normal case in the | intranet world. ActiveX as it sits is quite sufficient for rolling | out internal intranet applications.) -- "It is seldom that liberty of any kind is lost all at once." -Hume From snow at smoke.suba.com Tue Dec 17 10:16:40 1996 From: snow at smoke.suba.com (snow) Date: Tue, 17 Dec 1996 10:16:40 -0800 (PST) Subject: permanent invasion of privacy In-Reply-To: <01BBEBA9.4DE87160@king1-12.cnw.com> Message-ID: <199612171835.MAA02169@smoke.suba.com> > History could repeat itself. s/could/should/g Petro, Christopher C. petro at suba.com snow at smoke.suba.com From alexc at firefly.net Tue Dec 17 10:22:40 1996 From: alexc at firefly.net (Alexander Chislenko) Date: Tue, 17 Dec 1996 10:22:40 -0800 (PST) Subject: WARNING: VIRUS: [Was: Re: Encryption to the poors] Message-ID: <3.0.32.19961217132851.00c9ee90@pop.firefly.net> The last message from Fuck at yourself.up contained a dirBomb virus as an attachment; file name GREETS.COM Make sure you don't execute it. Maybe, we should execute Fuck at yourself.up instead. --------------------------------------------------------------------------- Alexander Chislenko www.lucifer.com/~sasha/home.html Firefly Network, Inc.: www.ffly.com 617-234-5452 --------------------------------------------------------------------------- From frantz at netcom.com Tue Dec 17 10:45:18 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 17 Dec 1996 10:45:18 -0800 (PST) Subject: Securing ActiveX. In-Reply-To: <01BBEC03.C251AC10@bcdev.com> Message-ID: At 7:19 AM -0800 12/17/96, Blake Coverett wrote: >I would be happier running an ActiveX control with Peter Trei's signature >on it >than I would an unsigned control in a sandbox. (This kind of a trust decision >is probably the normal case in the intranet world. ActiveX as it sits is >quite >sufficient for rolling out internal intranet applications.) While I might agree about Peter, I wouldn't agree if the signature was Microsoft's (or any other large software vendor). There is just too much room for bugs and or Trojan horses to enter via that route. >On the second point, I never suggested that a sandbox would require >virtual CPU >emulation. What I do find likely is that the overhead from the extended types >of checking the kernel would need to do would probably outweight the >performance advantage of native code over a JIT compiler. Not necessarily true. See Goldberg, Wagner, Thomas, and Brewer, "A Secure Environment for Untrusted Helper Applications, Confining the Wily Hacker" from the 6th USENIX Security Symposium proceedings. (The paper won the "best paper" award too.) >This is scaremongering. No, I don't virus scan every new CD I get from >Microsoft/Netscape/etc, do you? No, but I would prefer to know what their applications are accessing and why. That's why current systems are not good from a security prospective. I would be a great advance in security if *everything* ran in a sandbox. A sandbox specially built for it where it had access to the things it customarily needed and all other access was mediated by the user. This kind of environment has its costs, not so much in performance as in changing the way people work with computers, but it would be a lot more secure. ------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA From hanson at hss.caltech.edu Tue Dec 17 10:51:42 1996 From: hanson at hss.caltech.edu (Robin Hanson) Date: Tue, 17 Dec 1996 10:51:42 -0800 (PST) Subject: Hard to Tax Scenario In-Reply-To: Message-ID: <199612171852.KAA18841@hss.caltech.edu> Arnold G. Reinhold writes: >By the way, as a covert MD with a receptionist cover, whom does she date? Good point. A big advantage of larger incomes for many people is the ability to impress other people, like potential dates, with whom they would like a relationship in the physical world. Bill Frantz writes: >I am not sure we aren't close to that 30% if you include the people who >receive small portions of their income in cash and fail to report it. I meant 30% of income, not 30% of people. Robin D. Hanson hanson at hss.caltech.edu http://hss.caltech.edu/~hanson/ From joelm at eskimo.com Tue Dec 17 11:30:08 1996 From: joelm at eskimo.com (Joel McNamara) Date: Tue, 17 Dec 1996 11:30:08 -0800 (PST) Subject: The Complete, Unofficial TEMPEST Information Page Message-ID: <3.0.32.19961217112923.00e9a284@mail.eskimo.com> Everything (well almost everything) you ever wanted to know about TEMPEST but were afraid to ask. Research papers, links to TEMPEST hardware manufacturers and consultants, military security manuals, monitoring devices, history, and more. http://www.eskimo.com/~joelm The page is devoted to presenting open-source information about TEMPEST and related topics. There is actually quite a large body of unclassified information available about this subject (much of it on the Net). My goal is to provide a useful reference for those interested in emanations security as it relates to intelligence, computer security, and privacy issues. Joel McNamara joelm at eskimo.com Disclaimer: I've never been involved with the TEMPEST community, had a security clearance for TEMPEST, or have access to classified material relating to TEMPEST. Like most good intelligence gathering, the information on the above-mentioned page is completely derived from publicly available, unclassified sources. From sunder at brainlink.com Tue Dec 17 12:44:32 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Tue, 17 Dec 1996 12:44:32 -0800 (PST) Subject: Securing ActiveX. In-Reply-To: <01BBEC03.C251AC10@bcdev.com> Message-ID: On Tue, 17 Dec 1996, Blake Coverett wrote: > I would be happier running an ActiveX control with Peter Trei's signature on it > than I would an unsigned control in a sandbox. (This kind of a trust decision > is probably the normal case in the intranet world. ActiveX as it sits is quite > sufficient for rolling out internal intranet applications.) And I'd be happier running the signed ActiveX control, written by Peter Trie, or anyone else within a Sandbox regardless of signature as it increases security. > On the second point, I never suggested that a sandbox would require virtual CPU > emulation. What I do find likely is that the overhead from the extended types > of checking the kernel would need to do would probably outweight the performance > advantage of native code over a JIT compiler. The DES cracker is probably not > a good example of the problem because it would make virtually no API calls. You did however say this a few days ago: "This thread branch seems to be based on bad assumption. Why would one want to run ActiveX controls in a sandbox? If you need a sandbox, use a Java applet, if you need native code level access to the system use ActiveX." The above says that you wouldn't want to run ActiveX in a sandbox while you would want to run Java in a sandbox. The difference between technologies is that one runs native the other emulative. I wouldn't want to run ANY foreign code outside a sandbox. Java or ActiveX. The whole point of this was creating a distributed network of DES crackers. There is zero API security checking on a control that does nothing but math and integer operations. The loss of performance occurs when the control or applet wants to read or write to the file system or tries to talk over the network, which a DES cracker won't do very much of, hrrrm? In other words, an ActiveX sandbox will not slow down the DES cracker, and it will increase security. What's your problem with it being used on ActiveX when you say it's cool to use on Java applets? > This is scaremongering. No, I don't virus scan every new CD I get from > Microsoft/Netscape/etc, do you? I back up my hard drives to CDR's. While it is true that viruses can get into my system, I'd notice them quickly with the scanners, and if they did manage to wipe my drives, I'd have the data safe on CD where they can't write. I don't store programs on the CD's, just data. > More importantly to the discussion at > hand, what is to prevent said virus from infecting the compiler used to > build the sandbox? Part of the decision to trust a software vendor must > include trusting that they use appropriate clean build procedures. Precisely why you need to sandbox an OS. A good operating system / virus scanner doesn't allow programs to modify other programs, except for a user approved compiler. If you've ever used a Mac compiler and Symantec's SAM, you'll notice that if you enable certain features, you have to allow exceptions for your compilers - you as the user. If a virus infects your compiler it is because you've allowed it permissions to do so previously. (With my Mac, I have the virus checkers warn me, even when I compile. Yes, it is annoying, but it's much safer.) > If you choose to run an unsigned control all bets are off. On a related note, > I recently saw a Java implementation of a board game that recommended > the user download the zipped up .classes and run it locally. How many > average users realize this would disable the Java sandbox entirely? How many users know how to download the jdk and run the java vm locally? Yeah, all bets are off when you download an unsigned control, but having them downloaded into a sandbox means that even if they are written by VulisSoft, they won't damage anything of importantce. > > Right, so if that's the case, why would you allow ActiveX controls to run > > on your system? It's the same problem whether signed or not as > > signatures only tell you the author's identity and not much else. > > You mis-read the paragraph above. Trying to build the sandbox for native > code as you've described is akin to the problem above. Is it not? It is not. The sandbox runs in supervisory (Ring 0 for you intel freaks) mode, the code it allows to execute runs in user mode (ring 3 is an example) so no matter what the control does, it cannot get into anything the sandbox doesn't allow it to since it cannot switch to supervisory mode. (Assuming you've implemented your sandbox securely and it lacks security holes.) At the same time, only I/O calls are hindered by the extra checking, so it's a moot point in the case of the DES cracker. Now what you are saying is that if you don't trust the control, why should you trust the manufacturer of the sandbox? The answer is that they are a highly more visible target for lawsuits than a possibly unknown author who wrote some control which you ran ten months ago that decided to wake up today and wipe your drive. There's a big difference between protect the user wholy and presenting a dialog box where they can press Ok to download a destructive bit of code. In one case the user is culpable for agreeing to download destructive code, the other prevents the problem from happening. Also, the secure sandbox source code can be made visible (if such an entity as one that wrote it deems to do so in the name of trust.) See pgp. need I say more? Would you trust PGP more or less than say Norton Diskreet? Whether or not you are qualified to analyze PGP source code isn't the issue, you at least have the ability to do so once you learn how. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From hallam at ai.mit.edu Tue Dec 17 14:00:12 1996 From: hallam at ai.mit.edu (Phillip M. Hallam-Baker) Date: Tue, 17 Dec 1996 14:00:12 -0800 (PST) Subject: Securing ActiveX. Message-ID: <01BBEC3B.F2F5EF10@crecy.ai.mit.edu> Bill Frantz wrote in article <59721c$t8o at life.ai.mit.edu>... > At 7:19 AM -0800 12/17/96, Blake Coverett wrote: > >I would be happier running an ActiveX control with Peter Trei's signature > >on it > >than I would an unsigned control in a sandbox. (This kind of a trust decision > >is probably the normal case in the intranet world. ActiveX as it sits is > >quite > >sufficient for rolling out internal intranet applications.) > > While I might agree about Peter, I wouldn't agree if the signature was > Microsoft's (or any other large software vendor). There is just too much > room for bugs and or Trojan horses to enter via that route. I fail to see what the fuss is about. there are clearly advantages to having a good operating system architecture which provides protection for running applications and allows fine grained control over access to sensitive resources. The problem with the Java Sandbox model is that its all or nothing. In order to protect the user it allows the applet access to nothing that is important. As a result the applet can perform no function that is of importance. "Give us your corporate strategy and billing record and we will give you dancing beans on your screen" as one wag put it. I am still waiting to see a Java applet that does anything usefull. Most do no more than an animated gif would. The most elaborate are little more than carbon copies of the standard computer games. The download problem really is not that hard. The big problem is content. So far nobody appears to have the remotest idea how to use Java and I expect it to be about five years before the model emerges. From hypercard to the Web took ten so don't expect it to be overnight. The Microsoft bashing could be given a rest. Bill G. wins only because the rest of the market gave up. Stick a non computer litterate person in front of UNIX, Lotus 1-2-3 for MS Dos or Wordperfect for MS-Dos. If you don't realse then why Bill won you should try another career. MS-DOS and Windows are crappy O/S because they lack the type of memory protection that VMS and UNIX have. This was in part incompetence but mostly Intels disastrous design for the 80286. Meanwhile Apple managed to produce an inexcusably bad O/S without protection on a chip that had excelent provision for it. If you want your applet to do anything of use then the Java security model is inadequate. It is usefull for the software developer to have a rich security model since it makes it much easier to build secure software. Under VMS there are 32 different priviledges allowing fairly fine grained control. It is possible in some cases to access a wider range of resources by nafarious tricks but its hard to do something bad by accident. Phill From james at hotwired.com Tue Dec 17 14:40:52 1996 From: james at hotwired.com (James Glave) Date: Tue, 17 Dec 1996 14:40:52 -0800 (PST) Subject: Ping of Death? Message-ID: Anyone heard of the Ping of Death, aka the Ping Bomb. It's a large chunk of hostile code, disguised as a mere ping, that can lead to server rebooting. James Glave Technology Assignment Editor, Wired News, http://www.wired.com/ Producer, Packet, http://www.packet.com/ Phone: 1.415.276.8455 Fax: 1.415.276.8499 From stripes at m3142axc.ssr.hp.com Tue Dec 17 15:01:01 1996 From: stripes at m3142axc.ssr.hp.com (Anne Carasik) Date: Tue, 17 Dec 1996 15:01:01 -0800 (PST) Subject: UNIX crypt Message-ID: <199612172302.SAA05145@m3142axc.ssr.hp.com> I'm sure this has been discussed before, but this has come to mind recently. Has UNIX crypt been broken? If so, what was used to break the encryption? Are there any documented cases of it? Thanks for your help, AC --------------------------------------------------------------- /_ __ / Anne Carasik / Professional Services Organization / / /_/ / TN 919.460.2368 / Raleigh Sales Office / / Fax 919.460.2249 / stripes at m3142axc.ssr.hp.com All opinions expressed are mine, no one else would want them From jya at pipeline.com Tue Dec 17 15:05:53 1996 From: jya at pipeline.com (John Young) Date: Tue, 17 Dec 1996 15:05:53 -0800 (PST) Subject: Van Eck's TEMPEST Paper Message-ID: <1.5.4.32.19961217230218.006e1f30@pop.pipeline.com> As a supplement to Joel McNamara's exemplary new TEMPEST page, and thanks to Steve Schear, we've put Van Eck's 1985 paper on TEMPEST at: http://jya.com/emr.pdf (702 kb) It's a finely detailed paper on EMR snooping with copious graphics. As Joel and Seline note, it may be purposely misleading on TEMPEST, (as appropriate to TEMPEST legends; Seline's may be bent as well, but who knows what the disinfoes know). Read Joel's page for the bright light facts. From ericm at lne.com Tue Dec 17 15:19:07 1996 From: ericm at lne.com (Eric Murray) Date: Tue, 17 Dec 1996 15:19:07 -0800 (PST) Subject: Ping of Death? In-Reply-To: Message-ID: <199612172317.PAA22019@slack.lne.com> James Glave writes: > > Anyone heard of the Ping of Death, aka the Ping Bomb. It's a large chunk of > hostile code, disguised as a mere ping, that can lead to server rebooting. > It would be quite a trick to get an OS to run code from inside a ping packet. Are you sure this isn't the well-known giant ping packet bug? Receiving one or more of those can cause some hosts to reboot. -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From llurch at networking.stanford.edu Tue Dec 17 15:36:28 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Tue, 17 Dec 1996 15:36:28 -0800 (PST) Subject: Microsoft IE may not work without censorship files Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Thought you'd find this amusing. Some names may have been changed to protect the innocent. - -rich - ---------- Forwarded message ---------- Date: Tue, 17 Dec 1996 15:24:36 -0800 From: Alice D'Anonymous <> To: win95netbugs-owner at lists.stanford.edu Subject: Inernet Eplorer I reqiure assistance in obtaining my internet explorer connection. I made an error while deleting cache, history and temp files which somehow prevents me from hooking up to Microsoft's Explorer. In the control panel I attempt to click on the Internet Icon and the following occurs: A Content Advisor box appears and states the following: Content advisor configuration information is missing. Someone may have tried to tamper with it. Check content Advisor Settings. End of quote. In the internet properties box, I tried to look for what they recommended but was not sure what to look for. I have the Windows 95 disk. Could you please advise accordingly. P.S. Netscape works fine. I previously had Internet Explorer woking before I cleaned house. Thanks... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBMrcuKZNcNyVVy0jxAQF7dgH+JZt25esoFtkgsVx/p6iRJkvQVvkYpSDr OKoAL4PB01++okGIKOCGPdWC+Uxs9cQJTX+4ZW/8CTN5aHX/D2glmg== =qsrc -----END PGP SIGNATURE----- From drink at aa.net Tue Dec 17 15:55:59 1996 From: drink at aa.net (! Drive) Date: Tue, 17 Dec 1996 15:55:59 -0800 (PST) Subject: Ping of Death? Message-ID: <3.0.32.19691231160000.006b2998@aa.net> read about it here http://www.sophist.demon.co.uk/ping/ At 02:39 PM 12/17/96 -0700, you wrote: >Anyone heard of the Ping of Death, aka the Ping Bomb. It's a large chunk of >hostile code, disguised as a mere ping, that can lead to server rebooting. > >James Glave > >Technology Assignment Editor, Wired News, http://www.wired.com/ >Producer, Packet, http://www.packet.com/ >Phone: 1.415.276.8455 >Fax: 1.415.276.8499 ------------------------------------ pgp KeyID 3D932EA9 pub key available via mailto:pgp-public-keys at keys.pgp.net subject: get drink at aa.net From lile at art.net Tue Dec 17 16:01:31 1996 From: lile at art.net (Lile Elam) Date: Tue, 17 Dec 1996 16:01:31 -0800 (PST) Subject: Computer crime prompts new parole restrictions Message-ID: <199612172358.PAA29660@art.net> Hi all, I saw this article in the nando.net paper today and was interested in your thoughts on it. It looks like people on probation will be limited in there use of encryption and access to the Internet. To me, it seems like this could be equated to preventing people on probabtion from using something like a phone. I am having problems with it because I feel these limitations are too severe. I mean, a good way someone on probabtion to make a living is to learn how to use the web and prehaps get a job as a html coder. There is a hacker I know of (Kevin Poulsen) who is prevented from using computers during his current probation and it really has limited his options alot. I curated and maintain a website for him at URL: http://www.catalog.com/kevin/ where this issue is dicussed. It also seems to me that preventing people on probation from using encryption would be difficult especially when encryption is used in webservers (ie Netscapes Secure Server). One could accidentally access one and not know that he was sending/receiving information via an encrypted channel. thanks, -lile http://www.nando.net/newsroom/ntn/info/121796/info1_7523.html ---------------------------------------------------------------------------- Computer crime prompts new parole restrictions ---------------------------------------------------------------------------- Copyright � 1996 Nando.net Copyright � 1996 The Associated Press WASHINGTON (Dec 17, 1996 07:42 a.m. EST) -- The U.S. Parole Commission has approved restrictions on the use of computers by certain high-risk parolees. The Justice Department announced Monday that the panel voted this month to authorize such restrictions as requiring certain parolees to get prior written approval from the commission before using an Internet service provider, computerized bulletin board system or any public or private computer network. Other restrictions would: prohibit particular parolees from possessing or using data encryption programs, require some parolees to agree to unannounced inspection of computers by probation officers, require some parolees to compile daily logs of computer use or to pay for equipment to monitor their computer use. "Unrestricted access to the Internet and other computer online services can provide sophisticated offenders with new opportunities for crime and criminal associations," said Edward F. Reilly Jr., commission chairman. "We cannot ignore the possibility that such offenders may be tempted to use computer services to repeat their crimes." The commission noted a surge in "how-to" information on child molestation, hate crime and the illegal use of explosives available on the Internet and on computer online services. Copyright � 1996 Nando.net Do you have some feedback for the Nando Times staff? From vincent at psnw.com Tue Dec 17 16:37:35 1996 From: vincent at psnw.com (Vincent Padua) Date: Tue, 17 Dec 1996 16:37:35 -0800 (PST) Subject: The virus I got... Message-ID: <199612180037.QAA09468@sierra.psnw.com> There was an e-mail sent to the list that had attached to it a virus. Well lucky me I got. It was a .com file that apparently turns your files into directories. I can't boot into Win95 since it turned my HIMEM.SYS into a directory. So, I seem to have fixed that, but now it says "access denied" and then prompts me with C:\>. Did anyone else get it? Has anyone heard or fixed this virus? Thanks //Vince From assar at sics.se Tue Dec 17 16:43:12 1996 From: assar at sics.se (Assar Westerlund) Date: Tue, 17 Dec 1996 16:43:12 -0800 (PST) Subject: Ping of Death? In-Reply-To: Message-ID: <5lzpzc7kes.fsf@assaris.sics.se> james at hotwired.com (James Glave) writes: > > Anyone heard of the Ping of Death, aka the Ping Bomb. It's a large chunk of > hostile code, disguised as a mere ping, that can lead to server rebooting. http://www.sophist.demon.co.uk/ping From rcgraves at ix.netcom.com Tue Dec 17 17:06:46 1996 From: rcgraves at ix.netcom.com (rcgraves at ix.netcom.com) Date: Tue, 17 Dec 1996 17:06:46 -0800 (PST) Subject: Parolees limited from using computers, Internet Message-ID: <199612180106.RAA06684@mailhub.Stanford.EDU> -----BEGIN PGP SIGNED MESSAGE----- E. Allen Smith wrote: [As title] When I saw the title, I though this was a parody, but sad to say, it's not. Why yes, the world has gone mad; it's not just Vulis. What's next, libraries? (Scratch that -- libraries are already censored.) - -rich -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEPAwUBMrdDQEFGBFr0lf2RAQFqAAfQtp9UwxMaq70WGp7AiXKekwPDGTy1CKvI xmJB/rICQVqaZZOLe40rIgDHVS7wPeIqtjpXoxEskR9qBOTkZwmNVTMMYzPNQlX5 SdVgm8ikfRQiSXM6HIuDIj6AdFjOz0SE5htR8ZGWFIbG8K3F30KF3lno0/oIr0I9 rMttYasUINoF6lObn0G/mObQ0OkG9u9t1vq7xbs1q7ro20BkXelA/x3/4aCYKg85 NUXR4ZeAAiS2NgfKAH8sLWjCo7CnUe1+yJFgqnhyS86nGucWMauSqtzHmMg+0WN4 1vLVCqq/AKF6tZSmSw2kIJbhzMw2eyQuwR3SIjA4NXVR8g== =d+pm -----END PGP SIGNATURE----- From shamrock at netcom.com Tue Dec 17 17:26:57 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 17 Dec 1996 17:26:57 -0800 (PST) Subject: Securing ActiveX. Message-ID: <3.0.32.19961217172629.006ae028@netcom14.netcom.com> At 04:41 PM 12/17/96 -0500, Phillip M. Hallam-Baker wrote: >I am still waiting to see a Java applet that does anything usefull. Most >do no more than an animated gif would. The most elaborate are little >more than carbon copies of the standard computer games. Try it now. It is not only good, it is fast. -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://ourworld.compuserve.com/homepages/justforfun/prime.htm From shamrock at netcom.com Tue Dec 17 17:43:27 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 17 Dec 1996 17:43:27 -0800 (PST) Subject: Computer crime prompts new parole restrictions Message-ID: <3.0.32.19961217173732.006a2d38@netcom14.netcom.com> At 03:58 PM 12/17/96 -0800, Lile Elam wrote: [...] >It also seems to me that preventing people on probation from >using encryption would be difficult especially when encryption is used >in webservers (ie Netscapes Secure Server). One could accidentally >access one and not know that he was sending/receiving information >via an encrypted channel. [...] Note that the new rules require logging of computer usage. I would assume that means keystroke logging with nightly uploads to the Feds. What motto does the US Parole Commission have on their seal? May I suggest "Arbeit macht frei"? Who are these people anyway? I never heard of this commission... -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://ourworld.compuserve.com/homepages/justforfun/prime.htm From SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil Tue Dec 17 18:45:57 1996 From: SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil (SUCRUM22_at_INDY-ADP at smtp-gw.cv62.navy.mil) Date: Tue, 17 Dec 1996 18:45:57 -0800 (PST) Subject: Maybe the CypherPunks *do* have some heart Message-ID: <9611188509.AA850936189@smtp-gw.cv62.navy.mil> ------------------ Begin Forwarded Message Text --------------------- The Houghton-Mifflin Publishing Co.. is giving books to children's hospitals; how many books they give depends on how many emails they receive from people around the world. For every 25 emails they receive, they give one book -- it seems like a great way to help a good cause. All you have to do is mail: share at hmco.com. Hope you can spare some time to write and then let your friends know. ------------------- End Forwarded Message Text ---------------------- Hey cypherpunks, just thought this might be of interest, forgive the spam, but remember, knowledge begins with reading. And no, don't go e-mail and ask what books the Co. is donating (i.e.. gov't supportive, procrypto controls etc etc) Its the Holidays, have some heart. And hey - if the number of books is related to the number of e-mails, i wonder if maybe we can enlist those "i'm sorry" spammers to fill those e-mail boxes . Happy . ---------------------- SUCRUM22 at cv62.navy.mil ----------------------- Don't confuse my views with those of the DoD or the United States Navy From blake at bcdev.com Tue Dec 17 18:55:49 1996 From: blake at bcdev.com (Blake Coverett) Date: Tue, 17 Dec 1996 18:55:49 -0800 (PST) Subject: Microsoft IE may not work without censorship files Message-ID: <01BBEC64.E3422BF0@bcdev.com> > In the control panel I attempt to click on the Internet Icon and the > following occurs: A Content Advisor box appears and states the > following: Content advisor configuration information is missing. > Someone may have tried to tamper with it. Check content Advisor > Settings. End of quote. In the internet properties box, I tried to > look for what they recommended but was not sure what to look for. It's good to see they make at least an attempt at preventing the PICS filter from being turned off without a password. Of course the obvious answer is to give it to a teenage boy who wants to look at the dirty pictures and watch how fast it can be fixed with a little registry editing. regards, -Blake From reece at taz.nceye.net Tue Dec 17 19:00:14 1996 From: reece at taz.nceye.net (Bryan Reece) Date: Tue, 17 Dec 1996 19:00:14 -0800 (PST) Subject: The virus I got... In-Reply-To: <199612180037.QAA09468@sierra.psnw.com> Message-ID: <19961218025949.23374.qmail@taz.nceye.net> Delivered-To: reece-cpunks at taz.nceye.net Delivered-To: reece at taz.nceye.net From: "Vincent Padua" Date: Tue, 17 Dec 1996 16:41:57 -0800 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-cypherpunks at toad.com Precedence: bulk There was an e-mail sent to the list that had attached to it a virus. Well lucky me I got. It was a .com file that apparently turns your files into directories. I can't boot into Win95 since it turned my HIMEM.SYS into a directory. So, I seem to have fixed that, but now it says "access denied" and then prompts me with C:\>. Did anyone else get it? Has anyone heard or fixed this virus? Yes. It's a deadly mutation of the GOOD TIMES virus. (People actually go to the trouble of stripping off the leading crap from the uuencoded part and then *run a program* from someone called Fuck at yourself.up? Furrfu.) From blake at bcdev.com Tue Dec 17 19:00:33 1996 From: blake at bcdev.com (Blake Coverett) Date: Tue, 17 Dec 1996 19:00:33 -0800 (PST) Subject: Ping of Death? Message-ID: <01BBEC65.8DA20C00@bcdev.com> > Anyone heard of the Ping of Death, aka the Ping Bomb. It's a large chunk of > hostile code, disguised as a mere ping, that can lead to server rebooting. > Technology Assignment Editor, Wired News, http://www.wired.com/ > Producer, Packet, http://www.packet.com/ I read the two parts above and shake my head... A 'technology assignment editor' that has missed this story till now, and can't use a search engine to boot? -Blake (who should only look at the pictures) From llurch at networking.stanford.edu Tue Dec 17 19:57:02 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Tue, 17 Dec 1996 19:57:02 -0800 (PST) Subject: Microsoft IE may not work without censorship files In-Reply-To: <01BBEC64.E3422BF0@bcdev.com> Message-ID: On Tue, 17 Dec 1996, Blake Coverett wrote: > > In the control panel I attempt to click on the Internet Icon and the > > following occurs: A Content Advisor box appears and states the > > following: Content advisor configuration information is missing. > > Someone may have tried to tamper with it. Check content Advisor > > Settings. End of quote. In the internet properties box, I tried to > > look for what they recommended but was not sure what to look for. > > It's good to see they make at least an attempt at preventing the > PICS filter from being turned off without a password. True, but my point was stronger. The program *will not work* if there have been even inadvertent changes to the self-censorship files. This person emailed me because he couldn't get it to work after an unrelated change. This sort of contradicts Microsoft's claims that they don't require ratings because they're turned off by default. If the file can't fix itself, I'd say that's not "default." This person wasn't trying to get around ratings. It was his personal machine, which up and broke because of the censorship bits. Sorry, I didn't get the context across. Read it again alongside this: http://pathfinder.com/Netly/daily/961213.html -rich From blake at bcdev.com Tue Dec 17 20:18:03 1996 From: blake at bcdev.com (Blake Coverett) Date: Tue, 17 Dec 1996 20:18:03 -0800 (PST) Subject: Securing ActiveX. Message-ID: <01BBEC70.68E48680@bcdev.com> Ray wrote: > And I'd be happier running the signed ActiveX control, written by Peter > Trie, or anyone else within a Sandbox regardless of signature as it > increases security. We're in violent agreement here Ray. Sandboxes are good, signed code is good, having both is very good. We differ on the relative importance of the two techniques but I suspect that is because we are coming from different contexts. My work is all intranet so the users trust the software produced for them by definition. Obviously the factors are different on the net at large. > The above says that you wouldn't want to run ActiveX in a sandbox while > you would want to run Java in a sandbox. The difference between > technologies is that one runs native the other emulative. I wouldn't > want to run ANY foreign code outside a sandbox. Java or ActiveX. It's not a Java vs ActiveX thing for me at all. What is important is that some of the applets I write can't function in a sandbox, they need access to the disk and other resources for business reasons. For this type of thing signed code without a sandbox is the only choice. What I'd really like is the sort of thing Bill Frantz is describing on another branch of this thread. Signed code and an administrator defined policy that specified for a given signature exactly what types of resources should be accessible. Anything from don't execute and audit a security alarm to complete access to the whole machine. > The whole point of this was creating a distributed network of DES > crackers. Yes, but in good cypherpunk fashion I've hijacked the original topic into a new direction. :-) > > If you choose to run an unsigned control all bets are off. On a related note, > > I recently saw a Java implementation of a board game that recommended > > the user download the zipped up .classes and run it locally. How many > > average users realize this would disable the Java sandbox entirely? > > How many users know how to download the jdk and run the java vm locally? They don't need to. All they need to do is unzip the java classes into their classpath and all of the normal restrictions on an applet are ignored. Think it would be very hard to persuade a user to do just that in order to play a kewl java game? More importantly it shows that even expert users don't always know where the holes in the sandbox are. regards, -Blake From bob at jail.sg Tue Dec 17 20:21:53 1996 From: bob at jail.sg (Bob. R. Roberts) Date: Tue, 17 Dec 1996 20:21:53 -0800 (PST) Subject: Test only, sorry, NOISE, do not read Message-ID: <199612180421.UAA11164@toad.com> The following form contents were entered on 18th Dec 96 Date = 18 Dec 96 04:18:56 subject = Test only, sorry, NOISE, do not read resulturl = http://www.netmart.com/steppingstones/thanks.html uname = Bob. R. Roberts email = bob at jail.sg Address = 4625 E. Elm Drive Apartment or suite = 14 CITY = Chula Vista STATE/PROVINCE = Oklahoma country = USA zip = 01238 phone = 407-251-1701 work phone = 407-352-1702 FAX = 407-453-1703 ship to name = Mary M. Roberts ship to email = mary at aol.gov ship toAddress = 14207 Broadway NE ship to Apartment or suite = 600 ship to CITY = Janesville ship to STATE/PROVINCE = Texas ship to country = USA ship to zip = 95442 Book = My Dinosaur Adventure first name = Freddie middle name = Jurgen last name = Robertson nickname = Goober age = 6 hometown = Hickville gender = Boy dedication = grow up, punk book from = Gran & Grump Date Book = 12/4/95 Friend#1 = Muffy Friend#2 = Scooter Friend#3 = Slim Child's Birthday = 2/1/91 Baby's name = Grinder Baby's gender = Boy How did you hear? = E-Mail Invitation # = none Mastercard = on call = on credit card number = 251-4444-25713-591-3 credit card name = Richard Q. Nickson expiraion date = 8/22/98 From accessnt at ozemail.com.au Tue Dec 17 20:44:32 1996 From: accessnt at ozemail.com.au (Mark Neely) Date: Tue, 17 Dec 1996 20:44:32 -0800 (PST) Subject: Maybe the CypherPunks *do* have some heart Message-ID: <3.0.32.19961218140815.006c4f78@ozemail.com.au> Just a quick note to say that Houghton-Mifflin has posted a request for people to _STOP_ emailing them! This wasn't a hoax, but they have reached their email target numbers > The Houghton-Mifflin Publishing Co.. is giving books to children's Mark Neely - accessnt at ozemail.com.au Lawyer, Internet Consultant, Professional Cynic & Author BizWeb: For Serious Intrepreneurs - www.maximedia.com.au/bizweb From AwakenToMe at aol.com Tue Dec 17 21:03:21 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Tue, 17 Dec 1996 21:03:21 -0800 (PST) Subject: The virus I got... Message-ID: <961218000243_34679065@emout12.mail.aol.com> Uh..... My question is WHO in gods name trusts a uuencoded file that small especially from an address like that. Sounds like stupidity to me... From gbroiles at netbox.com Tue Dec 17 21:11:29 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Tue, 17 Dec 1996 21:11:29 -0800 (PST) Subject: Computer crime prompts new parole restrictions Message-ID: <3.0.32.19961217210630.006f1a24@mail.io.com> At 05:44 PM 12/17/96 -0800, Lucky Green wrote: >What motto does the US Parole Commission have on their seal? May I suggest >"Arbeit macht frei"? Who are these people anyway? I never heard of this >commission... See ; I dunno what's on their seal. -- Greg Broiles | US crypto export control policy in a nutshell: gbroiles at netbox.com | http://www.io.com/~gbroiles | Export jobs, not crypto. | From roy at sendai.scytale.com Tue Dec 17 21:21:22 1996 From: roy at sendai.scytale.com (Roy M. Silvernail) Date: Tue, 17 Dec 1996 21:21:22 -0800 (PST) Subject: [NOT NOISE] Microsoft Crypto Service Provider API Message-ID: <961217.193402.3q9.rnr.w165w@sendai.scytale.com> -----BEGIN PGP SIGNED MESSAGE----- I just got my copy of the Microsoft Cryptographic Service Provider Development Kit, Version 1.0. It appears to support only Windows NT. A first glance reveals no built-in GAK (but I haven't examined it closely yet!). Dammit, now I'm going to have to build an NT box! - -- Roy M. Silvernail [ ] roy at scytale.com DNRC Minister Plenipotentiary of All Things Confusing, Software Division PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMrdK4Rvikii9febJAQFXQQP/TUlEBwQpLNE3WBq45AXcbAzqc8RkmvkT 5mtz2FSwGleKvg5HRjB5JF3SjjyQ32nsGMpnt/J/r6K84Q7pJWPBHOPgcVzEGSqw ORqumCQlL8uUJKk552BdB9X92QNiDV33QkIIyKQv8An208jTnqEWrYvg1R1lwCXf lkne/kxf0po= =fQZX -----END PGP SIGNATURE----- From vangelis at qnis.net Tue Dec 17 21:29:02 1996 From: vangelis at qnis.net (Vangelis) Date: Tue, 17 Dec 1996 21:29:02 -0800 (PST) Subject: The virus I got... In-Reply-To: <199612180037.QAA09468@sierra.psnw.com> Message-ID: <32B77DD1.5060@qnis.net> Vincent Padua wrote: > > There was an e-mail sent to the list that had attached to it a virus. > Well lucky me I got. It was a .com file that apparently turns your > files into May I ask what on earth possessed you to run on a non-expendable machine a .COM attached to email sent by a spammer who obviously didn't even have business-related intentions? -- Vangelis /\oo/\ Finger for public key. PGP KeyID 1024/A558B025 PGP Fingerprint AE E0 BE 68 EE 7B CF 04 02 97 02 86 F0 C7 69 25 Life is my religion, the world is my altar. From gbroiles at netbox.com Tue Dec 17 21:36:12 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Tue, 17 Dec 1996 21:36:12 -0800 (PST) Subject: Computer crime prompts new parole restrictions Message-ID: <3.0.32.19961217213649.00725928@mail.io.com> At 03:58 PM 12/17/96 -0800, Lile Elam wrote: >I saw this article in the nando.net paper today and was interested in >your thoughts on it. It looks like people on probation will be limited >in there use of encryption and access to the Internet. One nit to pick - parole and probation are not the same thing. Probation is a sentence imposed by a judge, and parole is the administrative/executive modification of a sentence. They function in similar ways (e.g., people who have been convicted of a crime are not locked up but subjected to extra rules) but have some legally meaningful differences. The press release from the USPC is online at . >To me, it seems like this could be equated to preventing >people on probabtion from using something like a phone. I am >having problems with it because I feel these limitations are too >severe. I mean, a good way someone on probabtion to make a living >is to learn how to use the web and prehaps get a job as a html >coder. This seems like a pretty fact-specific question; but it's not unusual for people convicted of crimes to be restricted from using tools similar to the ones they used to commit crimes, e.g., drivers' licenses are suspended where people are convicted of driving crimes, professional licenses are taken away when people have committed professional misconduct, and so forth. I agree that this can be counterproductive (it doesn't make much sense to seriously handicap someone and then blame them for not doing very well) but I don't think that computers and the Internet are meaningfully different in this way. >There is a hacker I know of (Kevin Poulsen) who is prevented from >using computers during his current probation and it really has limited >his options alot. I curated and maintain a website for him at URL: > > http://www.catalog.com/kevin/ > >where this issue is dicussed. My hunch is it didn't make a big difference, but his letter to the judge who accepted his guilty plea and sentenced him seems to suggest that he turns to computer crime out of curiosity, boredom, and obsession - motives which are probably still present. Three years without computers may force him to find some other outlet for his creative and exploratory drives. This seems like a long-term win for him. (I think denying him access to higher education is much worse than denying him access to computers.) >It also seems to me that preventing people on probation from >using encryption would be difficult especially when encryption is used >in webservers (ie Netscapes Secure Server). One could accidentally >access one and not know that he was sending/receiving information >via an encrypted channel. This sounds like a fact issue for a probation/parole revocation hearing, e.g., did the defendant intend to violate the terms of his or her release agreement? Depending on the situation, an unintentional violation of the terms of release might not result in revocation. (I'm inclined to think it never should, but I'm not having much luck finding any relevant caselaw quickly. I'm also handwaving here because different jurisdictions will probably apply different rules.) My impression is that the USPC was bamboozled (by the USDOJ?) into adopting unnecessary regulations - the press release mentions a "surge of how-to information" available on the Net re criminal activity; but I'm skeptical that such a surge has taken place, or that it's especially relevant to people on parole. The action may also have been unnecessary (viz, the restrictions on crypto) because people subject to parole and probation are already subjected to incredibly draconian restrictions - e.g., the terms of probation and parole usually specify that they must allow the supervising officer to search their home at any time, must report where they live and work, cannot form social relationships with people deemed undesirable, cannot quit their job or change residences, must report their income and expenses in considerable detail, must give blood/urine samples on a surprise basis, etc. People who are on parole or probation have no privacy and very little autonomy. It's not much of a stretch to "You must let the probation officer look through your house" to "You must let the probation officer see what's on your hard disk" - in fact, I think the first implies the second. (Obviously, there are a ton of fact-specific issues here (and I've written briefs arguing why parolees/prisoners should get more privacy), but at the "public policy" level, it's pretty clear that probationers and parolees have sharply curtailed Constitutional rights - which is usually OK with them, because they like that better than being locked up. In my perspective, it makes more sense to rethink the goals and methods of the criminal trial/punishment system, rather than focus on minutiae about computer crime. Lots of otherwise apparently decent people are subjected to relatively harsh punishment on a pretty regular basis, and many people think we aren't already mean enough to convicted people. Most of the people who think this have never had someone they cared about subjected to the penal system. But this isn't really C-punks material any more, so I'll stop here.) -- Greg Broiles | US crypto export control policy in a nutshell: gbroiles at netbox.com | http://www.io.com/~gbroiles | Export jobs, not crypto. | From zerofaith at mail.geocities.com Tue Dec 17 21:59:19 1996 From: zerofaith at mail.geocities.com (Psionic Damage) Date: Tue, 17 Dec 1996 21:59:19 -0800 (PST) Subject: The virus I got... Message-ID: <199612180559.VAA06903@geocities.com> How come not everyone got it, did it depend on the x-mailer you are using? At 02:59 AM 12/18/96 -0000, you wrote: > > >----------geoboundary >Content-Type: text/html; charset=us-ascii >Content-Transfer-Encoding: 7bit > > > > > >
>Postage paid by:
> > > >----------geoboundary > > > > Delivered-To: reece-cpunks at taz.nceye.net > Delivered-To: reece at taz.nceye.net > From: "Vincent Padua" > Date: Tue, 17 Dec 1996 16:41:57 -0800 > X-MSMail-Priority: Normal > X-Priority: 3 > X-Mailer: Microsoft Internet Mail 4.70.1155 > MIME-Version: 1.0 > Content-Type: text/plain; charset=ISO-8859-1 > Content-Transfer-Encoding: 7bit > Sender: owner-cypherpunks at toad.com > Precedence: bulk > > There was an e-mail sent to the list that had attached to it a virus. Well > lucky me I got. It was a .com file that apparently turns your files into > directories. I can't boot into Win95 since it turned my HIMEM.SYS into a > directory. So, I seem to have fixed that, but now it says "access denied" > and then prompts me with C:\>. Did anyone else get it? Has anyone heard > or fixed this virus? > >Yes. It's a deadly mutation of the GOOD TIMES virus. > >(People actually go to the trouble of stripping off the leading crap >from the uuencoded part and then *run a program* from someone called >Fuck at yourself.up? Furrfu.) > >----------geoboundary-- > From blake at bcdev.com Tue Dec 17 22:02:27 1996 From: blake at bcdev.com (Blake Coverett) Date: Tue, 17 Dec 1996 22:02:27 -0800 (PST) Subject: Microsoft IE may not work without censorship files Message-ID: <01BBEC7E.FC7178F0@bcdev.com> Rich writes: > > It's good to see they make at least an attempt at preventing the > > PICS filter from being turned off without a password. > > True, but my point was stronger. > > The program *will not work* if there have been even inadvertent changes > to the self-censorship files. This person emailed me because he couldn't > get it to work after an unrelated change. My original response was really just meant as humor. (The other paragraph in particular.) I'm of the school that ratings are a profoundly useless idea for their supposed purpose, and dangerous in their possible misuse by the government. > This sort of contradicts Microsoft's claims that they don't require > ratings because they're turned off by default. If the file can't fix > itself, I'd say that's not "default." If a user randomly deletes parts of an application and it stops working I'm afraid the fault is entirely with the user. Reinstalling the damaged software would seem the obvious answer. > Sorry, I didn't get the context across. Read it again alongside this: > > http://pathfinder.com/Netly/daily/961213.html That article say in part, "Microsoft has indicated that future generations may well come out of the box with RSAC-i, by default, activated." I follow Microsoft's strategy and announcements very closely and as far as I can tell this is sheer fabrication. The closest thing they've announced (and shipped) is the IE Admin Kit that lets a corporation build a custom version of IE with the settings to their liking. I can't find any fault with that. regards -Blake (who's played apologist to Rich's MS-bashing before) From marc at cygnus.com Tue Dec 17 22:14:14 1996 From: marc at cygnus.com (Marc Horowitz) Date: Tue, 17 Dec 1996 22:14:14 -0800 (PST) Subject: [NOT NOISE] Microsoft Crypto Service Provider API In-Reply-To: <961217.193402.3q9.rnr.w165w@sendai.scytale.com> Message-ID: roy at sendai.scytale.com (Roy M. Silvernail) writes: >> I just got my copy of the Microsoft Cryptographic Service Provider >> Development Kit, Version 1.0. It appears to support only Windows NT. A >> first glance reveals no built-in GAK (but I haven't examined it closely >> yet!). You're right, you haven't looked at it closely. Although it doesn't have Key Escrow, new cryptosystems can only be added if they are signed by a private key held by Microsoft. Of course, Microsoft has agreed with the State Dept. to sign only export-"strength" crypto. Marc From jamie at comet.net Tue Dec 17 22:22:26 1996 From: jamie at comet.net (jamie dyer) Date: Tue, 17 Dec 1996 22:22:26 -0800 (PST) Subject: Echelon: The Global Surveillance System (fwd) Message-ID: Found this on another mailing list. jkd -------------------------------------------------------- EXPOSING THE GLOBAL SURVEILLANCE SYSTEM by Nicky Hager ------ The article as it appears in hard copy in the magazine also includes the following sidebars: --"NSA'S BUSINESS PLAN: GLOBAL ACCESS" by Duncan Campbell --GREENPEACE WARRIOR: WHY NO WARNING? and --NZ's PM Kept in the Dark by Nicky Hager ********Hager's book "secret Power" is available from CAQ for $33.******* ----------- [See end] IN THE LATE 1980S, IN A DECISION IT PROBABLY REGRETS, THE US PROMPTED NEW ZEALAND TO JOIN A NEW AND HIGHLY SECRET GLOBAL INTELLIGENCE SYSTEM. HAGER'S INVESTIGATION INTO IT AND HIS DISCOVERY OF THE ECHELON DICTIONARY HAS REVEALED ONE OF THE WORLD'S BIGGEST, MOST CLOSELY HELD INTELLIGENCE PROJECTS. THE SYSTEM ALLOWS SPY AGENCIES TO MONITOR MOST OF THE WORLD'S TELEPHONE, E-MAIL, AND TELEX COMMUNICATIONS. For 40 years, New Zealand's largest intelligence agency, the Government Communications Security Bureau (GCSB) the nation's equivalent of the US National Security Agency (NSA) had been helping its Western allies to spy on countries throughout the Pacific region, without the knowledge of the New Zealand public or many of its highest elected officials. What the NSA did not know is that by the late 1980s, various intelligence staff had decided these activities had been too secret for too long, and were providing me with interviews and documents exposing New Zealand's intelligence activities. Eventually, more than 50 people who work or have worked in intelligence and related fields agreed to be interviewed. The activities they described made it possible to document, from the South Pacific, some alliance-wide systems and projects which have been kept secret elsewhere. Of these, by far the most important is ECHELON. Designed and coordinated by NSA, the ECHELON system is used to intercept ordinary e-mail, fax, telex, and telephone communications carried over the world's telecommunications networks. Unlike many of the electronic spy systems developed during the Cold War, ECHELON is designed primarily for non-military targets: governments, organizations, businesses, and individuals in virtually every country. It potentially affects every person communicating between (and sometimes within) countries anywhere in the world. It is, of course, not a new idea that intelligence organizations tap into e-mail and other public telecommunications networks. What was new in the material leaked by the New Zealand intelligence staff was precise information on where the spying is done, how the system works, its capabilities and shortcomings, and many details such as the codenames. The ECHELON system is not designed to eavesdrop on a particular individual's e-mail or fax link. Rather, the system works by indiscriminately intercepting very large quantities of communications and using computers to identify and extract messages of interest from the mass of unwanted ones. A chain of secret interception facilities has been established around the world to tap into all the major components of the international telecommunications networks. Some monitor communications satellites, others land-based communications networks, and others radio communications. ECHELON links together all these facilities, providing the US and its allies with the ability to intercept a large proportion of the communications on the planet. The computers at each station in the ECHELON network automatically search through the millions of messages intercepted for ones containing pre-programmed keywords. Keywords include all the names, localities, subjects, and so on that might be mentioned. Every word of every message intercepted at each station gets automatically searched whether or not a specific telephone number or e-mail address is on the list. The thousands of simultaneous messages are read in "real time" as they pour into the station, hour after hour, day after day, as the computer finds intelligence needles in telecommunications haystacks. SOMEONE IS LISTENING: The computers in stations around the globe are known, within the network, as the ECHELON Dictionaries. Computers that can automatically search through traffic for keywords have existed since at least the 1970s, but the ECHELON system was designed by NSA to interconnect all these computers and allow the stations to function as components of an integrated whole. The NSA and GCSB are bound together under the five-nation UKUSA signals intelligence agreement. The other three partners all with equally obscure names are the Government Communications Headquarters (GCHQ) in Britain, the Communications Security Establishment (CSE) in Canada, and the Defense Signals Directorate (DSD) in Australia. The alliance, which grew from cooperative efforts during World War II to intercept radio transmissions, was formalized into the UKUSA agreement in 1948 and aimed primarily against the USSR. The five UKUSA agencies are today the largest intelligence organizations in their respective countries. With much of the world's business occurring by fax, e-mail, and phone, spying on these communications receives the bulk of intelligence resources. For decades before the introduction of the ECHELON system, the UKUSA allies did intelligence collection operations for each other, but each agency usually processed and analyzed the intercept from its own stations. Under ECHELON, a particular station's Dictionary computer contains not only its parent agency's chosen keywords, but also has lists entered in for other agencies. In New Zealand's satellite interception station at Waihopai (in the South Island), for example, the computer has separate search lists for the NSA, GCHQ, DSD, and CSE in addition to its own. Whenever the Dictionary encounters a message containing one of the agencies' keywords, it automatically picks it and sends it directly to the headquarters of the agency concerned. No one in New Zealand screens, or even sees, the intelligence collected by the New Zealand station for the foreign agencies. Thus, the stations of the junior UKUSA allies function for the NSA no differently than if they were overtly NSA-run bases located on their soil. The first component of the ECHELON network are stations specifically targeted on the international telecommunications satellites (Intelsats) used by the telephone companies of most countries. A ring of Intelsats is positioned around the world, stationary above the equator, each serving as a relay station for tens of thousands of simultaneous phone calls, fax, and e-mail. Five UKUSA stations have been established to intercept the communications carried by the Intelsats. The British GCHQ station is located at the top of high cliffs above the sea at Morwenstow in Cornwall. Satellite dishes beside sprawling operations buildings point toward Intelsats above the Atlantic, Europe, and, inclined almost to the horizon, the Indian Ocean. An NSA station at Sugar Grove, located 250 kilometers southwest of Washington, DC, in the mountains of West Virginia, covers Atlantic Intelsats transmitting down toward North and South America. Another NSA station is in Washington State, 200 kilometers southwest of Seattle, inside the Army's Yakima Firing Center. Its satellite dishes point out toward the Pacific Intelsats and to the east. *1 The job of intercepting Pacific Intelsat communications that cannot be intercepted at Yakima went to New Zealand and Australia. Their South Pacific location helps to ensure global interception. New Zealand provides the station at Waihopai and Australia supplies the Geraldton station in West Australia (which targets both Pacific and Indian Ocean Intelsats). *2 Each of the five stations' Dictionary computers has a codename to distinguish it from others in the network. The Yakima station, for instance, located in desert country between the Saddle Mountains and Rattlesnake Hills, has the COWBOY Dictionary, while the Waihopai station has the FLINTLOCK Dictionary. These codenames are recorded at the beginning of every intercepted message, before it is transmitted around the ECHELON network, allowing analysts to recognize at which station the interception occurred. New Zealand intelligence staff has been closely involved with the NSA's Yakima station since 1981, when NSA pushed the GCSB to contribute to a project targeting Japanese embassy communications. Since then, all five UKUSA agencies have been responsible for monitoring diplomatic cables from all Japanese posts within the same segments of the globe they are assigned for general UKUSA monitoring.3 Until New Zealand's integration into ECHELON with the opening of the Waihopai station in 1989, its share of the Japanese communications was intercepted at Yakima and sent unprocessed to the GCSB headquarters in Wellington for decryption, translation, and writing into UKUSA-format intelligence reports (the NSA provides the codebreaking programs). "COMMUNICATION" THROUGH SATELLITES The next component of the ECHELON system intercepts a range of satellite communications not carried by Intelsat.In addition to the UKUSA stations targeting Intelsat satellites, there are another five or more stations homing in on Russian and other regional communications satellites. These stations are Menwith Hill in northern England; Shoal Bay, outside Darwin in northern Australia (which targets Indonesian satellites); Leitrim, just south of Ottawa in Canada (which appears to intercept Latin American satellites); Bad Aibling in Germany; and Misawa in northern Japan. A group of facilities that tap directly into land-based telecommunications systems is the final element of the ECHELON system. Besides satellite and radio, the other main method of transmitting large quantities of public, business, and government communications is a combination of water cables under the oceans and microwave networks over land. Heavy cables, laid across seabeds between countries, account for much of the world's international communications.. After they come out of the water and join land-based microwave networks they are very vulnerable to interception. The microwave networks are made up of chains of microwave towers relaying messages from hilltop to hilltop (always in line of sight) across the countryside. These networks shunt large quantities of communications across a country. Interception of them gives access to international undersea communications (once they surface) and to international communication trunk lines across continents. They are also an obvious target for large-scale interception of domestic communications. Because the facilities required to intercept radio and satellite communications use large aerials and dishes that are difficult to hide for too long, that network is reasonably well documented. But all that is required to intercept land-based communication networks is a building situated along the microwave route or a hidden cable running underground from the legitimate network into some anonymous building, possibly far removed. Although it sounds technically very difficult, microwave interception from space by United States spy satellites also occurs.4 The worldwide network of facilities to intercept these communications is largely undocumented, and because New Zealand's GCSB does not participate in this type of interception, my inside sources could not help either. NO ONE IS SAFE FROM A MICROWAVE: A 1994 expos of the Canadian UKUSA agency, Spyworld, co-authored by one of its former staff, Mike Frost, gave the first insights into how a lot of foreign microwave interception is done (see p. 18). It described UKUSA "embassy collection" operations, where sophisticated receivers and processors are secretly transported to their countries' overseas embassies in diplomatic bags and used to monitor various communications in foreign capitals. *5 Since most countries' microwave networks converge on the capital city, embassy buildings can be an ideal site. Protected by diplomatic privilege, they allow interception in the heart of the target country. *6 The Canadian embassy collection was requested by the NSA to fill gaps in the American and British embassy collection operations, which were still occurring in many capitals around the world when Frost left the CSE in 1990. Separate sources in Australia have revealed that the DSD also engages in embassy collection. *7 On the territory of UKUSA nations, the interception of land-based telecommunications appears to be done at special secret intelligence facilities. The US, UK, and Canada are geographically well placed to intercept the large amounts of the world's communications that cross their territories. The only public reference to the Dictionary system anywhere in the world was in relation to one of these facilities, run by the GCHQ in central London. In 1991, a former British GCHQ official spoke anonymously to Granada Television's World in Action about the agency's abuses of power. He told the program about an anonymous red brick building at 8 Palmer Street where GCHQ secretly intercepts every telex which passes into, out of, or through London, feeding them into powerful computers with a program known as "Dictionary." The operation, he explained, is staffed by carefully vetted British Telecom people: "It's nothing to do with national security. It's because it's not legal to take every single telex. And they take everything: the embassies, all the business deals, even the birthday greetings, they take everything. They feed it into the Dictionary." *8 What the documentary did not reveal is that Dictionary is not just a British system; it is UKUSA-wide. Similarly, British researcher Duncan Campbell has described how the US Menwith Hill station in Britain taps directly into the British Telecom microwave network, which has actually been designed with several major microwave links converging on an isolated tower connected underground into the station.9 The NSA Menwith Hill station, with 22 satellite terminals and more than 4.9 acres of buildings, is undoubtedly the largest and most powerful in the UKUSA network. Located in northern England, several thousand kilometers from the Persian Gulf, it was awarded the NSA's "Station of the Year" prize for 1991 after its role in the Gulf War. Menwith Hill assists in the interception of microwave communications in another way as well, by serving as a ground station for US electronic spy satellites. These intercept microwave trunk lines and short range communications such as military radios and walkie talkies. Other ground stations where the satellites' information is fed into the global network are Pine Gap, run by the CIA near Alice Springs in central Australia and the Bad Aibling station in Germany. *10 Among them, the various stations and operations making up the ECHELON network tap into all the main components of the world's telecommunications networks. All of them, including a separate network of stations that intercepts long distance radio communications, have their own Dictionary computers connected into ECHELON. In the early 1990s, opponents of the Menwith Hill station obtained large quantities of internal documents from the facility. Among the papers was a reference to an NSA computer system called Platform. The integration of all the UKUSA station computers into ECHELON probably occurred with the introduction of this system in the early 1980s. James Bamford wrote at that time about a new worldwide NSA computer network codenamed Platform "which will tie together 52 separate computer systems used throughout the world. Focal point, or `host environment,' for the massive network will be the NSA headquarters at Fort Meade. Among those included in Platform will be the British SIGINT organization, GCHQ." *11 LOOKING IN THE DICTIONARY: The Dictionary computers are connected via highly encrypted UKUSA communications that link back to computer data bases in the five agency headquarters. This is where all the intercepted messages selected by the Dictionaries end up. Each morning the specially "indoctrinated" signals intelligence analysts in Washington, Ottawa, Cheltenham, Canberra, and Wellington log on at their computer terminals and enter the Dictionary system. After keying in their security passwords, they reach a directory that lists the different categories of intercept available in the data bases, each with a four-digit code. For instance, 1911 might be Japanese diplomatic cables from Latin America (handled by the Canadian CSE), 3848 might be political communications from and about Nigeria, and 8182 might be any messages about distribution of encryption technology. They select their subject category, get a "search result" showing how many messages have been caught in the ECHELON net on that subject, and then the day's work begins. Analysts scroll through screen after screen of intercepted faxes, e-mail messages, etc. and, whenever a message appears worth reporting on, they select it from the rest to work on. If it is not in English, it is translated and then written into the standard format of intelligence reports produced anywhere within the UKUSA network either in entirety as a "report," or as a summary or "gist." INFORMATION CONTROL: A highly organized system has been developed to control what is being searched for by each station and who can have access to it. This is at the heart of ECHELON operations and works as follows. The individual station's Dictionary computers do not simply have a long list of keywords to search for. And they do not send all the information into some huge database that participating agencies can dip into as they wish. It is much more controlled. The search lists are organized into the same categories, referred to by the four digit numbers. Each agency decides its own categories according to its responsibilities for producing intelligence for the network. For GCSB, this means South Pacific governments, Japanese diplomatic, Russian Antarctic activities, and so on. The agency then works out about 10 to 50 keywords for selection in each category. The keywords include such things as names of people, ships, organizations, country names, and subject names. They also include the known telex and fax numbers and Internet addresses of any individuals, businesses, organizations, and government offices that are targets. These are generally written as part of the message text and so are easily recognized by the Dictionary computers. The agencies also specify combinations of keywords to help sift out communications of interest. For example, they might search for diplomatic cables containing both the words "Santiago" and "aid," or cables containing the word "Santiago" but not "consul" (to avoid the masses of routine consular communications). It is these sets of words and numbers (and combinations), under a particular category, that get placed in the Dictionary computers. (Staff in the five agencies called Dictionary Managers enter and update the keyword search lists for each agency.) The whole system, devised by the NSA, has been adopted completely by the other agencies. The Dictionary computers search through all the incoming messages and, whenever they encounter one with any of the agencies' keywords, they select it. At the same time, the computer automatically notes technical details such as the time and place of interception on the piece of intercept so that analysts reading it, in whichever agency it is going to, know where it came from, and what it is. Finally, the computer writes the four-digit code (for the category with the keywords in that message) at the bottom of the message's text. This is important. It means that when all the intercepted messages end up together in the database at one of the agency headquarters, the messages on a particular subject can be located again. Later, when the analyst using the Dictionary system selects the four- digit code for the category he or she wants, the computer simply searches through all the messages in the database for the ones which have been tagged with that number. This system is very effective for controlling which agencies can get what from the global network because each agency only gets the intelligence out of the ECHELON system from its own numbers. It does not have any access to the raw intelligence coming out of the system to the other agencies. For example, although most of the GCSB's intelligence production is primarily to serve the UKUSA alliance, New Zealand does not have access to the whole ECHELON network. The access it does have is strictly controlled. A New Zealand intelligence officer explained: "The agencies can all apply for numbers on each other's Dictionaries. The hardest to deal with are the Americans. ... [There are] more hoops to jump through, unless it is in their interest, in which case they'll do it for you." There is only one agency which, by virtue of its size and role within the alliance, will have access to the full potential of the ECHELON system the agency that set it up. What is the system used for? Anyone listening to official "discussion" of intelligence could be forgiven for thinking that, since the end of the Cold War, the key targets of the massive UKUSA intelligence machine are terrorism, weapons proliferation, and economic intelligence. The idea that economic intelligence has become very important, in particular, has been carefully cultivated by intelligence agencies intent on preserving their post-Cold War budgets. It has become an article of faith in much discussion of intelligence. However, I have found no evidence that these are now the primary concerns of organizations such as NSA. QUICKER INTELLIGENCE, SAME MISSION: A different story emerges after examining very detailed information I have been given about the intelligence New Zealand collects for the UKUSA allies and detailed descriptions of what is in the yards-deep intelligence reports New Zealand receives from its four allies each week. There is quite a lot of intelligence collected about potential terrorists, and there is quite a lot of economic intelligence, notably intensive monitoring of all the countries participating in GATT negotiations. But by far, the main priorities of the intelligence alliance continue to be political and military intelligence to assist the larger allies to pursue their interests around the world. Anyone and anything the particular governments are concerned about can become a target. With capabilities so secret and so powerful, almost anything goes. For example, in June 1992, a group of current "highly placed intelligence operatives" from the British GCHQ spoke to the London Observer: "We feel we can no longer remain silent regarding that which we regard to be gross malpractice and negligence within the establishment in which we operate." They gave as examples GCHQ interception of three charitable organizations, including Amnesty International and Christian Aid. As the Observer reported: "At any time GCHQ is able to home in on their communications for a routine target request," the GCHQ source said. In the case of phone taps the procedure is known as Mantis. With telexes it is called Mayfly. By keying in a code relating to Third World aid, the source was able to demonstrate telex "fixes" on the three organizations. "It is then possible to key in a trigger word which enables us to home in on the telex communications whenever that word appears," he said. "And we can read a pre-determined number of characters either side of the keyword."12 Without actually naming it, this was a fairly precise description of how the ECHELON Dictionary system works. Again, what was not revealed in the publicity was that this is a UKUSA-wide system. The design of ECHELON means that the interception of these organizations could have occurred anywhere in the network, at any station where the GCHQ had requested that the four-digit code covering Third World aid be placed. Note that these GCHQ officers mentioned that the system was being used for telephone calls. In New Zealand, ECHELON is used only to intercept written communications: fax, e-mail, and telex. The reason, according to intelligence staff, is that the agency does not have the staff to analyze large quantities of telephone conversations. Mike Frost's expos of Canadian "embassy collection" operations described the NSA computers they used, called Oratory, that can "listen" to telephone calls and recognize when keywords are spoken. Just as we can recognize words spoken in all the different tones and accents we encounter, so too, according to Frost, can these computers. Telephone calls containing keywords are automatically extracted from the masses of other calls and recorded digitally on magnetic tapes for analysts back at agency headquarters. However, high volume voice recognition computers will be technically difficult to perfect, and my New Zealand-based sources could not confirm that this capability exists. But, if or when it is perfected, the implications would be immense. It would mean that the UKUSA agencies could use machines to search through all the international telephone calls in the world, in the same way that they do written messages. If this equipment exists for use in embassy collection, it will presumably be used in all the stations throughout the ECHELON network. It is yet to be confirmed how extensively telephone communications are being targeted by the ECHELON stations for the other agencies. The easiest pickings for the ECHELON system are the individuals, organizations, and governments that do not use encryption. In New Zealand's area, for example, it has proved especially useful against already vulnerable South Pacific nations which do not use any coding, even for government communications (all these communications of New Zealand's neighbors are supplied, unscreened, to its UKUSA allies). As a result of the revelations in my book, there is currently a project under way in the Pacific to promote and supply publicly available encryption software to vulnerable organizations such as democracy movements in countries with repressive governments. This is one practical way of curbing illegitimate uses of the ECHELON capabilities. One final comment. All the newspapers, commentators, and "well placed sources" told the public that New Zealand was cut off from US intelligence in the mid-1980s. That was entirely untrue. The intelligence supply to New Zealand did not stop, and instead, the decade since has been a period of increased integration of New Zealand into the US system. Virtually everything the equipment, manuals, ways of operating, jargon, codes, and so on, used in the GCSB continues to be imported entirely from the larger allies (in practice, usually the NSA). As with the Australian and Canadian agencies, most of the priorities continue to come from the US, too. The main thing that protects these agencies from change is their secrecy. On the day my book arrived in the book shops, without prior publicity, there was an all-day meeting of the intelligence bureaucrats in the prime minister's department trying to decide if they could prevent it from being distributed. They eventually concluded, sensibly, that the political costs were too high. It is understandable that they were so agitated. Throughout my research, I have faced official denials or governments refusing to comment on publicity about intelligence activities. Given the pervasive atmosphere of secrecy and stonewalling, it is always hard for the public to judge what is fact, what is speculation, and what is paranoia. Thus, in uncovering New Zealand's role in the NSA-led alliance, my aim was to provide so much detail about the operations the technical systems, the daily work of individual staff members, and even the rooms in which they work inside intelligence facilities that readers could feel confident that they were getting close to the truth. I hope the information leaked by intelligence staff in New Zealand about UKUSA and its systems such as ECHELON will help lead to change. CAQ SUBSCRIPTION INFORMATION: CAQ (CovertAction Quarterly) has won numerous awards for investigative journalism. In 1996, it won 4 of "Project Censored" top 25 awards for investigative reporting. CAQ is read around the world by investigative reporters, activists, scholars, intelligence buffs, news junkies, and anyone who wants to know the news and analysis behind the soundbites and headlines. Recommended by Noam Chomsky; targeted by the CIA. Each article in the 64-page magazine, which is in its 19th year of publication, is extensively footnoted and accompanied by photographs and graphics. For a single issue, send $6. A one year subscription: US $22; Canada/Mexico $27; Latin America/Europe $33; Other areas $35. A two year US subscription is $38 Please send check or money order in $US to: CAQ 1500 Massachusetts Ave. #732 Washington, DC 20005, USA Mail, phone or fax Mastercard or Visa with address info and expiration date Phone: 202-331-9763 Fax: 202-331-9751 E-mail: caq at igc.org CHECK OUT OUR WEB SITES: http://mediafilter.org/caq http://www.worldmedia.com/caq ------------------------------ From Adamsc at io-online.com Tue Dec 17 22:26:26 1996 From: Adamsc at io-online.com (Adamsc) Date: Tue, 17 Dec 1996 22:26:26 -0800 (PST) Subject: sorry for the spam! Message-ID: <19961218062304640.AAA192@gigante> On Sun, 15 Dec 1996 22:49:50 -0500 (EST), Michael H. Warfield wrote: > The individual is a little shit operating a windows system on >IP address 206.129.116.108 as of Sunday evening. While the messages Did you try the Ping-Of-Doom? # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From mdw at umich.edu Tue Dec 17 23:15:40 1996 From: mdw at umich.edu (Marcus Watts) Date: Tue, 17 Dec 1996 23:15:40 -0800 (PST) Subject: Army Cryptanalysis manual online In-Reply-To: <199612170634.BAA16798@quince.ifs.umich.edu> Message-ID: <199612180715.CAA21298@quince.ifs.umich.edu> Several people wrote to say (variously) that ghostscript could deal with PDF, and that xpdf could also do the same. In fact, I did compile a version of ghostscript 2.6.4, a long time back. Unfortunately, it doesn't support PDF. However, I did find and successfully build xpdf 0.6, and so I have now managed to view the PDF files, convert the thing into postscript, and to print the results. So, http://www.umich.edu/~umich/fm-34-40-2/ now has postscript, as well as PDF, and I also made .tar.gz files of each. The results I printed were certainly readable, but one caveat: the whole thing is designed to be printed on two-sided paper (& presumably bound), so some of the sections are supposed to start on the back side of the sheet from the previous section. -Marcus Watts UM ITD PD&D Umich Systems Group From dthorn at gte.net Wed Dec 18 00:38:42 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 18 Dec 1996 00:38:42 -0800 (PST) Subject: permanent invasion of privacy In-Reply-To: <01BBEC6B.95899C20@king1-23.cnw.com> Message-ID: <32B7AD14.59F@gte.net> blanc wrote: > From: Dale Thorn > It's noteworthy that not a single person on this list has looked at this > from the children's point of view, considering that there are *many* of > them who could use the extra help (albeit bad for parents). > There have been discussions about this; just not lately. The intent of > many on this list is to get away from a dependence on the generosity of > overruling governments. If a child can be helped ("empowered") by the uses > of encryption, then it is relevant to list discussion. Not lately? And why is that? How is an abused child going to be helped by encryption? > Empathy with children is not borne of government, but of a normal state of > mind. The ability to help abused individuals, whether young or old, is > not a capacity exclusive to government. That's just rhetoric. What normal state of mind? I understand the argument against "big government", but *coincidentally*, as government has gotten bigger over the last 50 years or so, children's lives have gotten much better. It was common to have neighbors in a city 40 years ago (I remember) who beat their kids so bad you could hear them several houses away. You don't hear that today. Coincidence? > If you go out to alt.philosophy.objectivism they'll be glad to discuss this > with you in detail. In other words, if it doesn't offer something for me, the selfish adult, I don't wanna hear it. You can't have just one side of the discussion, because there are too many people like me around to remind you that there is the other side too. From jamie at comet.net Wed Dec 18 00:43:45 1996 From: jamie at comet.net (jamie dyer) Date: Wed, 18 Dec 1996 00:43:45 -0800 (PST) Subject: Ping of Death? In-Reply-To: <01BBEC65.8DA20C00@bcdev.com> Message-ID: On Tue, 17 Dec 1996, Blake Coverett wrote: ->> Anyone heard of the Ping of Death, aka the Ping Bomb. It's a large chunk of ->> hostile code, disguised as a mere ping, that can lead to server rebooting. -> ->> Technology Assignment Editor, Wired News, http://www.wired.com/ ->> Producer, Packet, http://www.packet.com/ -> ->I read the two parts above and shake my head... ->A 'technology assignment editor' that has missed ->this story till now, and can't use a search engine ->to boot? ->-Blake (who should only look at the pictures) Aw heck, give the little fellers at Wired a break. It's awful time consuming being on the cutting edge. jamie ------------------------------------------------------------------------------ jamie at comet.net | Comet.Net | Send empty message | Charlottesville, Va. | to pgpkey at comet.net | (804)295-2407 | for pgp public key. | http://www.comet.net | "When buying and selling are controlled by legislation, the first things to be bought and sold are legislators" -P.J. O'Rourke. ------------------------------------------------------------------------------ From vipul at pobox.com Wed Dec 18 00:49:12 1996 From: vipul at pobox.com (Vipul Ved Prakash) Date: Wed, 18 Dec 1996 00:49:12 -0800 (PST) Subject: NSClean Message-ID: <199612181422.OAA00228@fountainhead.net> *** NSCLean, IECLean provide privacy for surfers Heightened awareness of cookies, user IDs, history files and the like has left some web users a little spooked about their favorite browser's ability to track their movements over the Internet. Surfers can erase Netscape's electronic trail with NSClean, available from AXXIS Corporation. For the full text story, see http://www.merc.com/stories/cgi/story.cgi?id=788417-312 AXXIS Corporation also released IEClean software which enables Microsoft Internet Explorer users to surf privately. For the full text story, see http://www.merc.com/stories/cgi/story.cgi?id=788418-28e -- Vipul Ved Prakash | - Electronic Security & Crypto vipul at pobox.com | - Internet & Intranets 91 11 2233328 | - Web Development & PERL 198 Madhuban IP Extension | - Linux & Open Systems Delhi, INDIA 110 092 | - (Networked) Multimedia From vipul at pobox.com Wed Dec 18 00:51:34 1996 From: vipul at pobox.com (Vipul Ved Prakash) Date: Wed, 18 Dec 1996 00:51:34 -0800 (PST) Subject: No computer access for criminals Message-ID: <199612181425.OAA00260@fountainhead.net> *** U.S. Parole Commission to restrict computer access The U.S. Parole Commission will restrict computer use by certain high-risk, convicted criminals who have been released from prison on parole, the Justice Department said Monday. It said the panel made the decision Dec. 4 after noting information was available on the Internet and computer online services involving offenses such as child molestation, hate crimes and illegal use of explosives. An official said, "We cannot ignore the possibility that such offenders may be tempted to use computer services to repeat their crimes." For the full text story, see http://www.merc.com/stories/cgi/story.cgi?id=792329-ccd -- Vipul Ved Prakash | - Electronic Security & Crypto vipul at pobox.com | - Internet & Intranets 91 11 2233328 | - Web Development & PERL 198 Madhuban IP Extension | - Linux & Open Systems Delhi, INDIA 110 092 | - (Networked) Multimedia From peabody at nym.alias.net Wed Dec 18 00:54:41 1996 From: peabody at nym.alias.net (Mr. Peabody) Date: Wed, 18 Dec 1996 00:54:41 -0800 (PST) Subject: Netscape binary identification Message-ID: <199612180854.DAA09387@anon.lcs.mit.edu> Hi folks, I've got a Netscape binary here that I need help identifying. Is it the domestic or international version, and which one is it? The md5sum is: e989f71f75a86f0eb3da61e9bf511b35 g32d301p.exe Thanks! -Peabody From toto at sk.sympatico.ca Wed Dec 18 01:14:02 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Wed, 18 Dec 1996 01:14:02 -0800 (PST) Subject: Pretty Lousy Privacy In-Reply-To: <1.5.4.32.19961217131004.006a82e4@pop.pipeline.com> Message-ID: <32B7D1F3.538A@sk.sympatico.ca> TOTO Enterprises is proud to announce the release of their latest product, PLP/Pretty Lousy Privacy. PLP allows the user to send messages purporting to be encrypted but, in fact, containing no encryption, whatsoever. This will allow God-and-everybody to read all of your 'secret' missives. Got something you promised not to tell anyone, but you just can't keep a secret? Use PLP, and claim astonishment that someone 'broke the code'. Feeling like a loser, because nobody reads your eMail? Use PLP and excite the imaginations of busybodies everywhere. Got competition for that job promotion? Send a nasty chain-letter about the boss using your competitor's name and PLP, and you can start breaking out the champagne the minute you hit Send. Work at the White House? No need to explain, just use PLP and those late-night meetings in underground parking garages will be a thing of the past. Impressed? Just listen to what Dr.Dimitri Vulis KOTM has to say about PLP: "Best encryption program going. You can bet your sweet ass that that murdering Armenian bastard, Ray Arachelian, didn't write it." Yes, the secret is out -- PLP/Pretty Lousy Programming is nothing you'd expect, and less, in the latest encryption technology. And the best part is, you can export PLP without a license. (We checked with the janitor at the Federal Building, and he thought it would be OK.) So start using PLP today, and let 'everyone' know about the cypherpunks secret plot against Dr.Dimitri Vulis KOTM. -- Reply to:toto at sk.sympatico.ca "There's only one two." From toto at sk.sympatico.ca Wed Dec 18 02:02:14 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Wed, 18 Dec 1996 02:02:14 -0800 (PST) Subject: WARNING: VIRUS: [Was: Re: Encryption to the poors] In-Reply-To: <3.0.32.19961217132851.00c9ee90@pop.firefly.net> Message-ID: <32B7D488.B6B@sk.sympatico.ca> Alexander Chislenko wrote: > The last message from Fuck at yourself.up contained a dirBomb > virus as an attachment; file name GREETS.COM > Make sure you don't execute it. Good idea. I made that mistake when I got eMail from ThisIs at A.Bomb. What could I have been thinking? -- Reply to:toto at sk.sympatico.ca "There's only one two." From toto at sk.sympatico.ca Wed Dec 18 02:02:17 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Wed, 18 Dec 1996 02:02:17 -0800 (PST) Subject: Test Only / Thanks In-Reply-To: <199612180421.UAA11164@toad.com> Message-ID: <32B7DB98.4E65@sk.sympatico.ca> Say Bob, Thanks for that MasterCard Number. I'm going to need some new clothes when I go for my parole hearing, and it'll sure help out. Are you using that new encryption technology, PLP/Pretty Lousy Privacy? Thanks, Toto -- Reply to:toto at sk.sympatico.ca "There's only one two." Bob. R. Roberts wrote: > > The following form contents were entered on 18th Dec 96 > Date = 18 Dec 96 04:18:56 > subject = Test only, sorry, NOISE, do not read > resulturl = http://www.netmart.com/steppingstones/thanks.html > uname = Bob. R. Roberts > email = bob at jail.sg > Address = 4625 E. Elm Drive > Apartment or suite = 14 > CITY = Chula Vista > STATE/PROVINCE = Oklahoma > country = USA > zip = 01238 > phone = 407-251-1701 > work phone = 407-352-1702 > FAX = 407-453-1703 > ship to name = Mary M. Roberts > ship to email = mary at aol.gov > ship toAddress = 14207 Broadway NE > ship to Apartment or suite = 600 > ship to CITY = Janesville > ship to STATE/PROVINCE = Texas > ship to country = USA > ship to zip = 95442 > Book = My Dinosaur Adventure > first name = Freddie > middle name = Jurgen > last name = Robertson > nickname = Goober > age = 6 > hometown = Hickville > gender = Boy > dedication = grow up, punk > book from = Gran & Grump > Date Book = 12/4/95 > Friend#1 = Muffy > Friend#2 = Scooter > Friend#3 = Slim > Child's Birthday = 2/1/91 > Baby's name = Grinder > Baby's gender = Boy > How did you hear? = E-Mail > Invitation # = none > Mastercard = on > call = on > credit card number = 251-4444-25713-591-3 > credit card name = Richard Q. Nickson > expiraion date = 8/22/98 From jwest at eskimo.com Wed Dec 18 03:10:04 1996 From: jwest at eskimo.com (John H West) Date: Wed, 18 Dec 1996 03:10:04 -0800 (PST) Subject: The virus I got... In-Reply-To: <19961218025949.23374.qmail@taz.nceye.net> Message-ID: <32B7D133.2E7C@eskimo.com> Bryan Reece wrote: > > There was an e-mail sent to the list that had attached to it a virus. Well > lucky me I got. It was a .com file that apparently turns your files into > directories. I can't boot into Win95 since it turned my HIMEM.SYS into a > directory. So, I seem to have fixed that, but now it says "access denied" > and then prompts me with C:\>. Did anyone else get it? Has anyone heard > or fixed this virus? > > Yes. It's a deadly mutation of the GOOD TIMES virus. > > (People actually go to the trouble of stripping off the leading crap > from the uuencoded part and then *run a program* from someone called > Fuck at yourself.up? Furrfu.) from CIAC, http://www-gsb.uchicago.edu/comp_svcs/hoax.html >From ciac-bulletin at cheetah.llnl.gov Wed Nov 20 22:14:26 1996 Date: Wed, 20 Nov 1996 20:12:41 -0800 (PST) Reply-To: crawford at eek.llnl.gov Originator: ciac-bulletin at cheetah.llnl.gov Sender: ciac-bulletin at cheetah.llnl.gov From: crawford at eek.llnl.gov (David Crawford) To: khopper at midway.uchicago.edu Subject: CIAC Bulletin H-05: Internet Hoaxes X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas Content-Length: 21794 -----BEGIN PGP SIGNED MESSAGE----- __________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Internet Hoaxes: PKZ300, Irina, Good Times, Deeyenda, Ghost November 20, 1996 15:00 GMT Number H-05 ______________________________________________________________________________ PROBLEM: This bulletin addresses the following hoaxes and erroneous warnings: PKZ300 Warning, Irina, Good Times, Deeyenda, and Ghost.exe PLATFORM: All, via e-mail DAMAGE: Time lost reading and responding to the messages SOLUTION: Pass unvalidated warnings only to your computer security department or incident response team. See below on how to recognize validated and unvalidated warnings and hoaxes. ______________________________________________________________________________ VULNERABILITY New hoaxes and warnings have appeared on the Internet and old ASSESSMENT: hoaxes are still being cirulated. ______________________________________________________________________________ Good Times Virus Hoax ===================== The "Good Times" virus warnings are a hoax. There is no virus by that name in existence today. These warnings have been circulating the Internet for years. The user community must become aware that it is unlikely that a virus can be constructed to behave in the manner ascribed in the "Good Times" virus warning. For more information related to this urban legend, reference CIAC Notes 95-09. http://ciac.llnl.gov/ciac/notes/Notes09.shtml john From perry at alpha.jpunix.com Wed Dec 18 03:49:08 1996 From: perry at alpha.jpunix.com (John A. Perry) Date: Wed, 18 Dec 1996 03:49:08 -0800 (PST) Subject: New type2.list/pubring.mix Message-ID: Hello Everyone, There is an updated type2.list/pubring.mix combination on jpunix.com. The update reflects the retirement of the jam remailer. The files are available by WWW from www.jpunix.com as well as by anonymous ftp from ftp.jpunix.com. Maybe jam ought to run a middleman? :) John Perry KG5RG perry at alpha.jpunix.com PGP-encrypted e-mail welcome! Amateur Radio Address: kg5rg at kg5rg.ampr.org WWW - http://www.jpunix.com PGP 2.62 key for perry at jpunix.com is on the keyservers. From perry at alpha.jpunix.com Wed Dec 18 03:56:02 1996 From: perry at alpha.jpunix.com (John A. Perry) Date: Wed, 18 Dec 1996 03:56:02 -0800 (PST) Subject: New type2.list/pubring.mix Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hello Everyone, There is an updated type2.list/pubring.mix combination on jpunix.com. The update reflects the retirement of the jam remailer. The files are available by WWW from www.jpunix.com as well as by anonymous ftp from ftp.jpunix.com. Maybe jam ought to run a middleman? :) ONE MORE TIME!! I didn't get enough coffee yet!! Oops. Here it is signed. John Perry KG5RG perry at alpha.jpunix.com PGP-encrypted e-mail welcome! Amateur Radio Address: kg5rg at kg5rg.ampr.org WWW - http://www.jpunix.com PGP 2.62 key for perry at jpunix.com is on the keyservers. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMrfbu1OTpEThrthvAQFchAQApJzyapWlVKf+SSyuckhgKKPnE7JWPxjy iMHZ+yCwBSA/dIC2cqH2kjwg8mZEARSeu4nnwZ8bfJQJLyphk9TFjB1aeUzcCvZf B694KttgMK+oT4unW2MSmRzub3OIddUSuFEB/G1V7gaxDepPWWNT3YlI3nuYI+HW 1MCp7YhSNko= =wKrB -----END PGP SIGNATURE----- From peter.allan at aeat.co.uk Wed Dec 18 05:27:54 1996 From: peter.allan at aeat.co.uk (Peter M Allan) Date: Wed, 18 Dec 1996 05:27:54 -0800 (PST) Subject: Sys Admin: call for papers Message-ID: <9612181328.AA09417@clare.risley.aeat.co.uk> Sys Admin magazine (mainly Unix, but with traces of NT integration creeping in) calls for papers in each issue on subjects chosen by the editors. I am sure there are people on this list capable of writing much of the June 1997 issue, and taking this opportunity to educate on the benfits of crypto. This is an extract from the Jan 1997 issue, page 91. We suggest that if you are interested in contributing, you first submit a proposal to us. If the proposal seems appropriate, we'll ask you to submit a manuscript. If the manuscript is accepted, we'll edit it, print it, and pay you for it. For more detailed information, request a copy of our Author Guidelines (we can fax, email or mail them to you). Please address requests for guidelines, proposals, and manuscripts to: Amber Ankerholz saletter at rdpub.com or saletter at mfi.com June 1997 Security Proposals due 3 Feb 1997 Manuscripts due 3 Mar 1997 Security basics - A review How to conduct a security audit Cryptography tools for the administrator Web security issues Firewalls - an update -- Peter Allan peter.allan at aeat.co.uk From jya at pipeline.com Wed Dec 18 05:41:45 1996 From: jya at pipeline.com (John Young) Date: Wed, 18 Dec 1996 05:41:45 -0800 (PST) Subject: MSNBC on Crypto End Run Message-ID: <1.5.4.32.19961218133809.006a8c98@pop.pipeline.com> http://www.msnbc.com/news/46551.asp "Scaling the encryption-policy wall: Companies make end run around U.S. restrictions on cryptography" A good report on why US companies are going overseas for strong crypto. With numerous crypto links. "It's a huge gaping hole in the efforts to control strong cryptography, and it's going to get bigger," says Douglas Barnes, vice president of Oakland, Calif.-based C2Net Software, a privately held company at the forefront of those circumventing the U.S. policy. ----- We've mirrored it at: http://jya.com/endrun.htm From dlv at bwalk.dm.com Wed Dec 18 06:42:01 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Dec 1996 06:42:01 -0800 (PST) Subject: The virus I got... In-Reply-To: <961218000243_34679065@emout12.mail.aol.com> Message-ID: AwakenToMe at aol.com writes: > Uh..... My question is WHO in gods name trusts a uuencoded file that small > especially from an address like that. Sounds like stupidity to me... Yes - unbelievable stupidity is one of the distinguishing features of the "cypher punks", together with ignorance and racism. And these idiots rant about not trusting signed apples. He he he. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From m5 at tivoli.com Wed Dec 18 07:10:22 1996 From: m5 at tivoli.com (Mike McNally) Date: Wed, 18 Dec 1996 07:10:22 -0800 (PST) Subject: NSClean In-Reply-To: <199612181422.OAA00228@fountainhead.net> Message-ID: <32B80925.5BB0@tivoli.com> Vipul Ved Prakash wrote: > > *** NSCLean, IECLean provide privacy for surfers > > Heightened awareness of cookies ... I see complaints about cookies all the time, and I just have to wonder why the fuss seems so relatively, well, unsophisticated, for lack of a better word. The cookie idea, in and of itself, is really a pretty good one and can provide some useful features. Things like auto-configuring web sites ("my Yahoo", though I don't know for sure how that works) can exploit the cookie capability to provide convenience. I just can't get worked up over it. The cookie issuer still doesn't really know who the visitor is, of course, unless the visitor explicitly hands over that information. "Naughty" uses of cookies for tracking sites visited might be objectionable, I suppose. It's easy enough to do selective editing of the cookie file of course (maybe this NSClean product can do that). One of the scary things might be that though cookies can be made hard to forge, it's clearly impossible for cookie issuers to ensure the cookies aren't stolen or deliberately distributed. If a site uses a "secure" cookie as a means of identifying the web visitor, there's certainly some risk if it then allows access to sensitive information. -- ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Mike McNally -- Egregiously Pointy -- Tivoli Systems, "IBM" -- Austin mailto:m5 at tivoli.com mailto:m101 at io.com http://www.io.com/~m101 ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ From junger at pdj2-ra.F-REMOTE.CWRU.Edu Wed Dec 18 07:24:09 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Wed, 18 Dec 1996 07:24:09 -0800 (PST) Subject: Computer Programs as Text Message-ID: <199612181521.KAA17456@pdj2-ra.F-REMOTE.CWRU.Edu> I wrote a little article on Understanding Computers and the Law for my class in Computers and the Law. The major theme of this article is the importance of distinguishing between computer programs as text and computer programs as functional processes. That theme is also a central issue in the suit that I am bringing to enjoin the enforcement of the cryptographic portions of the ITAR as they apply to software. I intend to expand the article and ultmately submit it for publication in a law journal but in the meantime I have posted an html version on my web server. The URL is . This draft need considerably more work on the last two sections (and I have to include the illustrations, which are a couple of pictures from Alice in Wonderland). But I am making it availabele in this pre-publication form because it may have some insights that some of you might find interesting and because I am interested in your reactions and insights. I especially would like to hear from real programmers who view their programs as ``works of authorship'' (and from those who don't). That is not only important as an academic matter; if we can get the courts to recognize that programs as written and communicated are texts much like other texts, it will be difficult to deny them the full protection of the first amendment. Ciao, Peter -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu URL: http://samsara.law.cwru.edu From dlv at bwalk.dm.com Wed Dec 18 07:24:29 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Dec 1996 07:24:29 -0800 (PST) Subject: Pretty Lousy Privacy In-Reply-To: <32B7D1F3.538A@sk.sympatico.ca> Message-ID: <1NZ5yD7w165w@bwalk.dm.com> Carl Johnson writes: > Just listen to what Dr.Dimitri Vulis KOTM has to say about PLP: > "Best encryption program going. You can bet your sweet ass that that murdering > Armenian bastard, Ray Arachelian, didn't write it." The genocide of 2,500,000 Moslems (mostly women and children) by Armenians during this century's "ethnic cleansings" alone is nothing to laugh about. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Wed Dec 18 07:24:41 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Dec 1996 07:24:41 -0800 (PST) Subject: WARNING: VIRUS: [Was: Re: Encryption to the poors] In-Reply-To: <32B7D488.B6B@sk.sympatico.ca> Message-ID: Carl Johnson writes: > Alexander Chislenko wrote: > > The last message from Fuck at yourself.up contained a dirBomb > > virus as an attachment; file name GREETS.COM > > Make sure you don't execute it. > > Good idea. > I made that mistake when I got eMail from ThisIs at A.Bomb. > What could I have been thinking? You were probably thinking that cryptography is "kewl" and that any juvenile computer nerd can use fancy phrases like "brute force attacks on one-time pads" without understanding what he's talking about and sound as "kewl" as Paul Bradley. Right? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From geeman at best.com Wed Dec 18 07:29:41 1996 From: geeman at best.com (geeman at best.com) Date: Wed, 18 Dec 1996 07:29:41 -0800 (PST) Subject: [NOT NOISE] Microsoft Crypto Service Provider API Message-ID: <3.0.32.19961218073206.006b691c@best.com> Microsoft had to agree to validate crypto binaries against a signature to make sure they weren't tampered with, in exchange for shipping crypto-with-a-hole. They will sign anything (theoretically) if it has the export papers and all. Or without, if you affadavit it is not for export. They do not themselves impose any restrictions on crypto strength. I'm not expressing political position here, just conveying facts .... At 01:13 AM 12/18/96 -0500, Marc Horowitz wrote: >roy at sendai.scytale.com (Roy M. Silvernail) writes: > >>> I just got my copy of the Microsoft Cryptographic Service Provider >>> Development Kit, Version 1.0. It appears to support only Windows NT. A >>> first glance reveals no built-in GAK (but I haven't examined it closely >>> yet!). > >You're right, you haven't looked at it closely. Although it doesn't >have Key Escrow, new cryptosystems can only be added if they are >signed by a private key held by Microsoft. Of course, Microsoft has >agreed with the State Dept. to sign only export-"strength" crypto. > > Marc > > From frissell at panix.com Wed Dec 18 07:37:47 1996 From: frissell at panix.com (Duncan Frissell) Date: Wed, 18 Dec 1996 07:37:47 -0800 (PST) Subject: Parolees Can't Possess Crypto Message-ID: <3.0.1.32.19961218104243.00720110@panix.com> The new federal parole guidelines that will ban some cons from the nets will also ban them from posessing crypto software which will also make virtually any computer use impossible. "Main Justice" does say that with the Klinton Admins plans for universal access counter this proposal since the cons will have access at schools, libraries, etc. (not to mention Internet Cafes). DCF From m5 at tivoli.com Wed Dec 18 08:07:09 1996 From: m5 at tivoli.com (Mike McNally) Date: Wed, 18 Dec 1996 08:07:09 -0800 (PST) Subject: Java DES cracker Message-ID: <32B813B7.199@tivoli.com> Metin Feridun wrote: > > Hi Mike, > > We had talked about using the Internet as a supercomputer last August. > Check out the following article in the January issue of JavaWorld: > > http://www.javaworld.com/javaworld/jw-01-1997/jw-01-dampp.html > > Regards, > > Metin -- ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Mike McNally -- Egregiously Pointy -- Tivoli Systems, "IBM" -- Austin mailto:m5 at tivoli.com mailto:m101 at io.com http://www.io.com/~m101 ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ From n.adao at student.iag.ucl.ac.be Wed Dec 18 08:11:51 1996 From: n.adao at student.iag.ucl.ac.be (ADAO-CRUZ Nuno) Date: Wed, 18 Dec 1996 08:11:51 -0800 (PST) Subject: virus from fuck@yourself.up Message-ID: <9612190009.AA22522@doyens2> I send an e-mail to fuck at yourself.up but i receive the message:host unknown. Could someone explain that to me please. P.S.: maybe I'm a beginner but I did't used the virus. You really must ve very stupid to unattach a .com file from a mail sent by "fuck at youself.up" --------------------------------------------------------- ADAO-CRUZ Nuno 11, rue du Paradis 1348 Louvain La Neuve ----BELGIUM--------- (010) 45 39 98 Business Student at the UCL University --------------------------------------------------------- From reece at taz.nceye.net Wed Dec 18 08:36:43 1996 From: reece at taz.nceye.net (reece at taz.nceye.net) Date: Wed, 18 Dec 1996 08:36:43 -0800 (PST) Subject: The virus I got... Message-ID: <19961218163640.9856.qmail@taz.nceye.net> From jwest at eskimo.com Wed Dec 18 11:10:10 1996 Delivered-To: reece at taz.nceye.net Date: Wed, 18 Dec 1996 03:10:43 -0800 From: John H West X-Mailer: Mozilla 3.0Gold (Win16; I) MIME-Version: 1.0 To: cypherpunks at toad.com, Bryan Reece , Vincent Padua Subject: Re: The virus I got... References: <19961218025949.23374.qmail at taz.nceye.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Bryan Reece wrote: > > There was an e-mail sent to the list that had attached to it a virus. Well > lucky me I got. It was a .com file that apparently turns your files into > directories. I can't boot into Win95 since it turned my HIMEM.SYS into a > directory. So, I seem to have fixed that, but now it says "access denied" > and then prompts me with C:\>. Did anyone else get it? Has anyone heard > or fixed this virus? > > Yes. It's a deadly mutation of the GOOD TIMES virus. > > (People actually go to the trouble of stripping off the leading crap > from the uuencoded part and then *run a program* from someone called > Fuck at yourself.up? Furrfu.) from CIAC, http://www-gsb.uchicago.edu/comp_svcs/hoax.html Seen it. Guess I should have either ended the GOOD TIMES sentence with `!!@!@##$!#$' or appended a `:)' or something. b `Jokes taken seriously' r From jtravis at alexander-pr.com Wed Dec 18 08:43:34 1996 From: jtravis at alexander-pr.com (Juliet Travis) Date: Wed, 18 Dec 1996 08:43:34 -0800 (PST) Subject: REMOVE Message-ID: From jlucas4 at capital.edu Wed Dec 18 09:31:24 1996 From: jlucas4 at capital.edu (Jesse Lucas) Date: Wed, 18 Dec 1996 09:31:24 -0800 (PST) Subject: The virus I got... Message-ID: <9612181728.AA09486@monoceros.capital.edu> Anyone keep a copy of that file? I deleted mine before I had a chance to save save it. Please send. jlucas4 at capital.edu From ericm at lne.com Wed Dec 18 09:35:18 1996 From: ericm at lne.com (Eric Murray) Date: Wed, 18 Dec 1996 09:35:18 -0800 (PST) Subject: NSClean In-Reply-To: <32B80925.5BB0@tivoli.com> Message-ID: <199612181733.JAA30032@slack.lne.com> Mike McNally writes: > I see complaints about cookies all the time, and I just have to > wonder why the fuss seems so relatively, well, unsophisticated, > for lack of a better word. Probably because cookies aren't explained well to the 'lay public'. > The cookie idea, in and of itself, is really a pretty good one and > can provide some useful features. Yep, it's a good alternative to stuffing a cookie in the URL and running everything through a CGI script. The objection I have with cookies are that they can be used to pass information between servers. And they're being used to track where browsers go (see http://www.doubleclick.com for an example, theyre not the only people doing this). > "Naughty" uses of cookies for tracking sites visited might be > objectionable, I suppose. It's easy enough to do selective > editing of the cookie file of course (maybe this NSClean product > can do that). Editing the cookie file doesn't have any effect while the browser is running. You could visit one Doubleclick-infested site and get one of their cookies then go to another infested site in the same session. A better method is to be able to selectively accept/send cookies from certain sites while blocking them from others. As it happens I've written a program that does that. See http://www.lne.com/ericm/cookie_jar. It's still got some bugs but it generally works ok. Note that you need access to a unix shell and perl to run it. It would be even better if browser writers added similar features to their browsers. My program is a kludge. > One of the scary things might be that though cookies can be made > hard to forge, it's clearly impossible for cookie issuers to > ensure the cookies aren't stolen or deliberately distributed. If > a site uses a "secure" cookie as a means of identifying the web > visitor, there's certainly some risk if it then allows access to > sensitive information. Servers in that position would encrypt the data sent in cookie, no? -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From unicorn at schloss.li Wed Dec 18 09:39:19 1996 From: unicorn at schloss.li (Black Unicorn) Date: Wed, 18 Dec 1996 09:39:19 -0800 (PST) Subject: [Contact Information] Message-ID: I'll be off the list for a time. I am going to be traveling where there are no net connections to be had so I am unsubscribing to keep the mail box to a sane level. E-mail will be held, but not read for some time. -- Forward complaints to : European Association of Envelope Manufactures Finger for Public Key Gutenbergstrasse 21;Postfach;CH-3001;Bern Vote Monarchist Switzerland From attila at primenet.com Wed Dec 18 09:39:43 1996 From: attila at primenet.com (attila at primenet.com) Date: Wed, 18 Dec 1996 09:39:43 -0800 (PST) Subject: Cypherpunks as Philosopher Kings [was permanent invasion of privacy] Message-ID: <199612181741.KAA25446@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- Currently, I am not sure what the charter of cypherpunks really stands for, if anything. As it stands, the list has a far more erudite group than the list it probably should be. certainly more privacy and social engineering issues resulting from the deprivation of privacy than code. I don't believe Cypherpunks was ever intended to be a technical forum; I was not on for the first few months so I missed the formative discussions of the elitist few, most of whom, other than founder tcmay, have left for greener pastures. In the beginning years, there was a substantial amount of crypto code, etc. passed around and argued. However, the few of us who do code, do not generate enough messages relating to code to warrant a list; therefore the passionate interests which travel as coders' baggage seem to explode and others, some technically competent and some not, join the list and the circus goes on. Frankly, I have hired and "mind-fucked" (pardon my french, for lack of a more descriptive expression) scores of hacker grade philosophers. That is exactly where it runs: they are philosophers first and creative coders second. As to their knowledge of philo- sophy, and the direction of their creative talents to a logical and usable conclusion, they score a fat zero as by and large they are geeks and idealistic social nerds. --hence the need for subtle background manipulation to make these philosopher-coders think your design is actually their great philosophic-coder design. Yes, and _never_ assign two of them to the same compartment: the code never works --absolutely will not share tasks. Common interface boundaries? No problem for their minds, but too creatively selfish to code associative modules. For that reason alone, I hold C++ in contempt: a black box that is _supposed_to_ to look for 'this' and give you 'that.' C++ is an ignorant managers ultimate wet dream: "reusable code containers for disposable programmers." For some reason, Bjorn elucidated a strenuous objection to my statement. For what it's worth, the above is my perception of cypherpunks: an interesting collection of philosopher kings, some of whom are putting their convictions to the means of thwarting the common enemy. It is no accident most subscribers, and certainly all the doers, are anti-government with a preference for social anarchy, the anarchy tempered by some level of realization that the mass of humanity can not govern itself in a society which is inherently evil. However, if the Libertarian Party can not field a better candidate than Harry Brown, anarchy, or a premature dictatorship, it will be. The US is in the last laugh of the oligarchy at this point in time. In <1.5.4.32.19961218084853.005de95c at popd.ix.netcom.com>, on 12/18/96 at 12:48 AM, stewarts at ix.netcom.com said: ::Attila wrote, :: symposium were Dr. Jack C. Westman of the University of :: Wisconsin-Madison, author of "Licensing Parents: Can We :: Prevent Child Abuse and Neglect?" and Professor David T. :: Lykken of the University of Minnesota, author of "The :: Antisocial Personalities." Westman and Lykken are the :: most prominent advocates of a system of parental :: licensure in which parents would have to be certified :: "competent" by the government before being permitted to :: raise a child. :: ::and blanc wrote :: Someone needs to remind this Senator Lykken what happened in Romania, :: when the beleaguered citizen-units finally took their 'noble', social :: engineering leader Ceausescu, put him up against a wall and :: shot him. :: I do not believe they gave him the benefit (?) of the wall. Ceausescu, like all "communist" dictators of this century, was just that: a dictator falsely claiming to be the 'Great Father' who will right all the wrongs, put too many chickens in each pot, and generally hold your hand while his local version of the Gestapo permanently eliminates dissent. It appears to works until the state has drained the natural and human resources of value, further accelerated by corruption and the increasing apathy of the people who no longer produce more than a subsistence living at best. ::Fortunately, Lykken appears to just be a professor, not a legislator, ::so he can spend your money but can't tell you what to do. ::He's obviously also a subject of his book...... out of curiosity I was poking around a bit; he apparently has legislative backers. I would be surprised if the bill made it out a subcommittee hearing. however, his theory melds nicely with the intentions of superbitch; there is no doubt in my perception of her '...Village' --superbitch is heading for the nursery of "Logan's Run" and the surrogate nanny super-machines. --35+ years ago the book? I did not see the movie which may or may not have been able to deal with the concept of enforced euthanasia at age 21. Super- bitch must have seen the movie too many times, or slept with the book in her early pubescent dreams. ::Before we go licensing parents, we ought to license people who ::want to be Big Brothers...... License them? Why license them before we hang them? ::[This didn't seem to be cypherpunks material any more...] Actually, it is: invasion of privacy; no secure communica- tions, and all the other falderol. - -- I'll get a life when it is proven and substantiated to be better than what I am currently experiencing. --attila -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMrgsD704kQrCC2kFAQH53gQAomp4242ItlDhZpLijYtsyrq/ZQNFRljs GRxBjNJeKX2FgId9B5LOg+nhSQ2WUI8m26km8Qlo2pnqjJVDa+aSCJg70ljHqBrT vDKBx/IHX9LeJGgFsjUBz//qJvclwt2Amk678/vm72c8yXF1nECc8d2JaFPDbrXB BC2r6AkTN9s= =sbYD -----END PGP SIGNATURE----- From elibrary at INFONAUTICS.COM Wed Dec 18 10:13:23 1996 From: elibrary at INFONAUTICS.COM (Electric Library) Date: Wed, 18 Dec 1996 10:13:23 -0800 (PST) Subject: Electric Library Gift Idea Message-ID: <199612181812.KAA25818@toad.com> ** Special Holiday offer to Electric Library Trial Users and Customers ** Purchase a 6 month gift subscription for only $39.95, save more than 30%!! -------------------------------------------------------------------------- Are you looking for the perfect last minute holiday gift? Now you can give an Electric Library Gift Subscription to the entire family, a friend or your favorite student! Why give one book or magazine when you can give thousands of full-text newspapers and magazines, extensive photo archives, complete encyclopedias, and more! This great cybergift includes 6 months of unlimited access to the most complete reference library online. Our special holiday offer is a terrific value, at only $39.95, over 30% off of the regular price! And, it is fully guaranteed. To give an Electric Library Gift Subscription online simply place your order and then print a stylish gift certificate - or - choose from our selection of electronic gift packages. Be the first to give a cybergift online! Preview the gift certificates and wrapping options by connecting to http://www.cardsandgifts.com. The online Gift Center is open around the clock (except from 4am-7am EST). The Electric Library Gift Subscription is a limited time offer and available for new subscriptions only. Please visit http://www.cardsandgifts.com for more information. From sunder at brainlink.com Wed Dec 18 10:16:16 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Wed, 18 Dec 1996 10:16:16 -0800 (PST) Subject: Securing ActiveX. In-Reply-To: <01BBEC70.68E48680@bcdev.com> Message-ID: On Tue, 17 Dec 1996, Blake Coverett wrote: > It's not a Java vs ActiveX thing for me at all. What is important is that > some of the applets I write can't function in a sandbox, they need access > to the disk and other resources for business reasons. For this type of > thing signed code without a sandbox is the only choice. Sure they can. Get a file system that honors security and limit that applet's access to certain directories only where the data it needs lives. Do not give it access to everything. A sandbox will allow this. > What I'd really like is the sort of thing Bill Frantz is describing on > another branch of this thread. Signed code and an administrator > defined policy that specified for a given signature exactly what > types of resources should be accessible. Anything from don't > execute and audit a security alarm to complete access to the > whole machine. Same difference whether you use the signature or some other thing to grant or revoke access to certain resources. Though if you use a signature as in the author who wrote it as opposed to something like a CRC which is unique for every control - then you are opening a wider hole than you want. With apps like that you want to set security perms for each application, not all applications that were written by Macrosoft. :) > > How many users know how to download the jdk and run the java vm locally? > > They don't need to. All they need to do is unzip the java classes into their > classpath and all of the normal restrictions on an applet are ignored. > Think it would be very hard to persuade a user to do just that in order > to play a kewl java game? More importantly it shows that even expert > users don't always know where the holes in the sandbox are. Fine - how many game users who how to unzip the java classes into their classpath? Question is of knowledge not of what action they will take. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From cme at cybercash.com Wed Dec 18 10:36:27 1996 From: cme at cybercash.com (Carl Ellison) Date: Wed, 18 Dec 1996 10:36:27 -0800 (PST) Subject: ITAR -> EAR; loss of First Amendment Rights. Message-ID: <3.0.32.19961218133324.009fad80@cybercash.com> -----BEGIN PGP SIGNED MESSAGE----- At 09:43 PM 12/14/96 -0500, Peter D. Junger wrote: >: I am not aware of any prior time when the government >: attempted to claim that printed material, freely >: available in bookstores and newsstands to US citizens, >: became contraband when sold or given to a non-citizen. > >A literal reading of the ITAR's provisions relating to cryptography >leads to exactly that result. And there have been strong suggestions >that that is the intended result in some of the statements made by >representatives of the State Department. > >If you are interested in this you might look into MIT's experiences >when they published the book with the PGP source code. Look back at the first few volumes of Cryptologia in which this debate was documented -- back in 1978 ff. The NSA under Adm. Inman tried to get crypto declared born classified, just like atomic weapons work. Congress told him NO. Perhaps it's time for Congress to speak again. You'd think these folks would take 'no' for an answer.... - Carl -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMrg46VQXJENzYr45AQEyKwP+NEErSUEv/nOQvN5C6sLLq2CxDR/YYEsp mUvwtNxUjXT6iL71hA/5Pn7n1tdRUipkOeUXx5OGoOJ4rtZ/USIEXtqogLsCjXHo OsECu1ytMT/d9MFkSjM3ARenVXE5u39Q4HBSJ+RGnU9mTbB7r2R4dYsjeTQF2rkG pKEVFxNFMio= =5cLt -----END PGP SIGNATURE----- +------------------------------------------------------------------+ |Carl M. Ellison cme at cybercash.com http://www.clark.net/pub/cme | |CyberCash, Inc. http://www.cybercash.com/ | |207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 | |Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 | +------------------------------------------------------------------+ From pjb at ny.ubs.com Wed Dec 18 10:38:04 1996 From: pjb at ny.ubs.com (pjb at ny.ubs.com) Date: Wed, 18 Dec 1996 10:38:04 -0800 (PST) Subject: pdf and ps files Message-ID: <199612181837.NAA00738@sherry.ny.ubs.com> does anyone know of any routines and/or scripts to extract text from .pdf or .pd files (acrobat or postscript, that is). crypto relavance, of course, i am trying to extract the gwbasic code from the army crypytanalysis manual that just appeared on the web. (-: cheers, -paul From tcmay at got.net Wed Dec 18 11:17:01 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 18 Dec 1996 11:17:01 -0800 (PST) Subject: Cypherpunks as Philosopher Kings In-Reply-To: <199612181741.KAA25446@infowest.com> Message-ID: My closing line of this post is "When Cypherpunks are viewed as "terrorists," we will have done our jobs." So, if this viewpoint offends you, delete this message now. If you don't understand the context of this point, you may be a newbie, or a "warez dood," and should probably delete this message and go back to asking for some new kewl viruses (perhaps on another, more suitable, forum). If you understand the context, but agree or disagree, then of course we can discuss it. At 4:36 PM +0000 12/18/96, attila at primenet.com wrote: > Currently, I am not sure what the charter of cypherpunks > really stands for, if anything. As it stands, the list has > a far more erudite group than the list it probably should be. > certainly more privacy and social engineering issues resulting > from the deprivation of privacy than code. The "charter" is mostly contained in the "welcome message" all subscribers receive. And further elaborations, as Attila of course knows (but maybe some others don't) are fleshed out in the essays we write, the material formerly at the csua/cypherpunks ftp site (I'm not sure it's still there, as it's been a long time since I looked), etc, I agree that "programming" per se was never the focus. Even in the early days, when the remailers were written by E. Hughes and H. Finney, there was essentially zero discussion of the details of the Perl and/or C code...which is not surprising, as the number of people conversant in Perl--and interested at the time the discussion happens--is usally a small number. Maybe 5 people on the list back then could've meaningfully spent time looking at the Perl code and discussing it. As I said, this is hardly surprising. Instead, a wider audience is reached by--and participates in--debates about the overall structure of remailers, the role of latency/accumulation, and so on. (I'm just picking remailers as an example.) Is this "coding"? In a sense, of course it is. And the design criteria overlap with politico-legal discussions, e.g., of the need for extra-jurisdictional remailers, the need for large numbers of them, the advisability of various types of remailer syntax, etc. Keeping with this particular example, not that the remailer operators have their own mailing list to discuss details of current remailer software, issues of blocking, etc. Add to this list other such lists, such as "pgp-dev" and the various crypto lists, and sci.crypt, and sci.crypt.research, and "coderpunks," and this is why I have very little sympathy when people chime in saying discussion of digital cash and crypto anarchy have "no place" on this list (Cypherpunks), that the list is "for coding." Nonsense. (Oh, and there's now Perry's new list. And filtered lists. And on and on.) What's making the list almost unreadable for me today are the noisy posts from newcomers ("doodz, like here are some warez!"), spammers ("make money fast"), insulters ("John Gilmore (fart) is a Sovok apparatchnik"), and unsubscribers {who can't spell and who never seem to read the instructions sent to them). > I don't believe Cypherpunks was ever intended to be a technical > forum; I was not on for the first few months so I missed the > formative discussions of the elitist few, most of whom, other than > founder tcmay, have left for greener pastures. Well, if the early list activists were Eric Hughes, Hugh Daniel, John Gilmore, and me, only Eric and I were heavy posters in the first months and years. John and Hugh were always low-volume, off doing other things, or not primarily interested in the debate on the mailing list. So, only Eric has moved off to other things. But so have a lot of folks....look at the active posters from the first year. Then the second year. And the third. And the fourth. Lots of changes in names. As expected. People say what they want to say, and hear the same points a bunch of times. And lots of list members have gotten crypto-related jobs...the list is very long. (I'm not claiming that they got the jobs because of our list, but it is interesting the extent to which list members have found work in crypto and security areas.) > For what it's worth, the above is my perception of cypherpunks: > an interesting collection of philosopher kings, some of whom are > putting their convictions to the means of thwarting the common > enemy. It is no accident most subscribers, and certainly all the > doers, are anti-government with a preference for social anarchy, > the anarchy tempered by some level of realization that the mass > of humanity can not govern itself in a society which is inherently > evil. However, if the Libertarian Party can not field a better > candidate than Harry Brown, anarchy, or a premature dictatorship, > it will be. The US is in the last laugh of the oligarchy at this > point in time. Being that I think _democracy_ is our number one problem, I'm not at all surprised that the Libertarian Party is foundering (and floundering, too :-}). Harry Browne, the best candidate ever (and I voted for the first LP candidate, John Hospers, in 1972--yes, 1972), got less of the vote this time around than the past several (weaker) candidates. Oh well. Not suprising. _Direct action_ is what it's all about. Undermining the state through the spread of espionage networks, through undermining faith in the tax system, through even more direct applications of the right tools at the right times. When Cypherpunks are called "terrorists," we will have done our jobs. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From gen2600 at aracnet.com Wed Dec 18 11:35:21 1996 From: gen2600 at aracnet.com (Genocide) Date: Wed, 18 Dec 1996 11:35:21 -0800 (PST) Subject: Ping of Death? In-Reply-To: <199612172317.PAA22019@slack.lne.com> Message-ID: On Tue, 17 Dec 1996, Eric Murray wrote: > > Anyone heard of the Ping of Death, aka the Ping Bomb. It's a large chunk of > > hostile code, disguised as a mere ping, that can lead to server rebooting. > > It would be quite a trick to get an OS to run code from inside > a ping packet. Are you sure this isn't the well-known giant ping packet bug? > Receiving one or more of those can cause some hosts to reboot. > I believe you are referring to the oversized ping packet... I've gotten a helluva lot of mail on this since I started up my web page on the topic. The summaries are presented there, but if you are really curious or want details I can forward on specific messages to you. It's at http://www.sophist.demon.co.uk/ping, but it *is* only covering the results of a ping, not the internals. (I'm thinking more from a "how-can-I-stop-it" point of view than a "why-does-it-happen"...) I just wanted to note that some of the diagnoses people are using to track this problem might be a bit shaky. For example, if you're not doing your diagnosis on the console or on a serial terminal, the machine might appear to be "hung" during the test when in fact you've simply blocked it from receiving network traffic. (Not that this isn't a problem, mind you.) I would also like to start a discussion on just what the vulnerability is vs. what systems are vulnerable. This may be quite well known (and some of it is inferred from previous messages), but I'd like to double check with people that may have definitive answers. Using snoop on Solaris 2.5, I watched a ``ping -l 65510'' from an NT 4.0 box. At first I thought maybe Microsoft was sending IP or ICMP packets with bad options, or field values. But, it appears there is nothing malformed with the packets other than they are too long (per RFC 791 - INTERNET PROTOCOL SPECIFICATION). ``ping -l 65510'' ==> ICMP datagram of 8 (ICMP hdr) + 65510 (data) = 65518 octets. Add to this the minium IP hdr of 20 octets and get we 65538 octets. This is 2 octets > maximum allowed IP datagram of 65536. The real problem appears to be that when a [vulnerable] host gets this huge ping datagram, it has to create a simular ping datagram to return to the sender. The return datagram must return the incoming ping datagram's data section as its own. So when the [vulnerable] host is assembling this huge datagram it does something like ``memcpy( assemble_buffer+20+8, ping_pkt->data, ping_pkt->data_len)'' over running the assemble_buffer which is a fixed value of 65536. On the systems that instantaneously reboot, we are just "fortunate" enough to have stomped on some important kernel data structure. Genocide Head of the Genocide2600 Group ============================================================================ **Coming soon! www.Genocide2600.com! ____________________ *---===| |===---* *---===| Genocide |===---* "You can be a king or a street *---===| 2600 |===---* sweeper, but everyone dances with the *---===|__________________|===---* Grim Reaper." Email: gen2600 at aracnet.com Web: http://www.aracnet.com/~gen2600 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ It is by caffeine alone that I set my mind in motion. It is by the Mountain Dew that the thoughts acquire speed, the lips acquire stains, the stains become a warning. It is by caffeine alone that I set my mind in motion. ================================================================================ From tcmay at got.net Wed Dec 18 11:43:46 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 18 Dec 1996 11:43:46 -0800 (PST) Subject: Parolees Can't Possess Crypto In-Reply-To: <3.0.1.32.19961218104243.00720110@panix.com> Message-ID: At 10:42 AM -0500 12/18/96, Duncan Frissell wrote: >The new federal parole guidelines that will ban some cons from the nets >will also ban them from posessing crypto software which will also make >virtually any computer use impossible. "Main Justice" does say that with >the Klinton Admins plans for universal access counter this proposal since >the cons will have access at schools, libraries, etc. (not to mention >Internet Cafes). And these sorts of attempted restrictions will lend further support for "Interenet Driver's Licenses," a la is-a-person credentials. Between setting age limits for sites on the Net, and ensuring that wimmin are not exposed to sexist sites, and keeping the ten million ex-cons and permanently paroled proles off the Net, citizen-units will have to be tracked constantly. (Oh, as to libraries and schools, there are already moves to tie access to possession of a library card, to stop the common practice of pranksters leaving the library Web terminal with bookmarks to various X-rated sites, or from leaving obscene/racist messages left on the screen. Doesn't stop the practices, but goes a long way to suppressing such things. I wouldn't be at all surprised to see the earliest cardreader gizmos (a la the new smartcards needed for the latest Clipper abominations) applied first to libraries and schools. Who could object to innocent children being protected by having to carry ID cards? Or bracelets? Or tatoos?) As to Internet Cafes, as various abuses are reported (think: death threats, obscene posts to "rec.arts.after-school," encounters in IRC chat rooms, etc.), there will be a clampdown on unrestricted use of such terminals. ID cards, cardreaders, citizen-unit tracking, etc. (One mechanism--lawyers can jump in--may be to have court precedents that the owner of a terminal or PC is responsible for messages emanating from his terminal. "I didn't send it" will not be an effective excuse. And to some extent this is as it should be, vis-a-vis our usual points about digital signatures and the need for carefully keeping one's personna secure.) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From gen2600 at aracnet.com Wed Dec 18 11:44:40 1996 From: gen2600 at aracnet.com (Genocide) Date: Wed, 18 Dec 1996 11:44:40 -0800 (PST) Subject: CERT Advisory CA-96.26 - Denial-of-Service Attack via ping (fwd) Message-ID: Ok, fine :) here is the CERT on the "Ping of Death" G/T -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT(sm) Advisory CA-96.26 Original issue date: December 18, 1996 Last revised: -- Topic: Denial-of-Service Attack via ping - ----------------------------------------------------------------------------- The CERT Coordination Center has received reports of a denial-of-service attack using large ICMP datagrams. Exploitation details involving this vulnerability have been widely distributed. The CERT/CC team recommends installing vendor patches as they become available. We will update this advisory as we receive additional information. Please check advisory files regularly for updates that relate to your site. - ----------------------------------------------------------------------------- I. Description The TCP/IP specification (the basis for many protocols used on the Internet) allows for a maximum packet size of up to 65536 octets (1 octet = 8 bits of data), containing a minimum of 20 octets of IP header information and 0 or more octets of optional information, with the rest of the packet being data. It is known that some systems will react in an unpredictable fashion when receiving oversized IP packets. Reports indicate a range of reactions including crashing, freezing, and rebooting. In particular, the reports received by the CERT Coordination Center indicate that Internet Control Message Protocol (ICMP) packets issued via the "ping" command have been used to trigger this behavior. ICMP is a subset of the TCP/IP suite of protocols that transmits error and control messages between systems. Two specific instances of the ICMP are the ICMP ECHO_REQUEST and ICMP ECHO_RESPONSE datagrams. These two instances can be used by a local host to determine whether a remote system is reachable via the network; this is commonly achieved using the "ping" command. Discussion in public forums has centered around the use of the "ping" command to construct oversized ICMP datagrams (which are encapsulated within an IP packet). Many ping implementations by default send ICMP datagrams consisting only of the 8 octets of ICMP header information but allow the user to specify a larger packet size if desired. You can read more information about this vulnerability on Mike Bremford's Web page. (Note that this is not a CERT/CC maintained page. We provide the URL here for your convenience.) http://www.sophist.demon.co.uk/ping/index.html II. Impact Systems receiving oversized ICMP datagrams may crash, freeze, or reboot, resulting in denial of service. III. Solution First, since crashing a router or firewall may be part of a larger, multistage attack scenario, we encourage you to inspect the running configuration of any such systems that have crashed to ensure that the configuration information is what you expect it to be. Then install a patch from your vendor. Below is a list of vendors who have provided information about patches for this problem. Details are in Appendix A of this advisory; we will update the appendix as we receive more information. If your vendor's name is not on this list, please contact the vendor directly. Berkeley Software Design, Inc. (BSDI) Computer Associates, Intl. (products for NCR) Cray Research Digital Equipment Corporation Free BSD, Inc. Hewlett-Packard Company IBM Corporation Linux Systems NEC Corporation Open Software Foundation (OSF) The Santa Cruz Operation, Inc. (SCO) Sun Microsystems, Inc. ........................................................................... Appendix A - Vendor Information Below is a list of the vendors who have provided information for this advisory. We will update this appendix as we receive additional information. If you do not see your vendor's name, please contact the vendor directly. Berkeley Software Design, Inc. (BSDI) ===================================== BSD/OS 2.1 is not vulnerable to this problem. It correctly handles large packets without any problems. Computer Associates, Intl. ========================== (products for NCR) Not vulnerable. Cray Research ============= Attempts to send oversized ICMP datagrams are rejected with appropriate error messages. We believe that oversized ICMP datagrams sent to Unicos systems will also be rejected without crashing. Digital Equipment Corporation ============================= MSG ID: SSRT0429 From DSNlink/DIA Database The following is important information concerning a potential denial of service issue which affects Digital UNIX Operating System, Digital UNIX MLS+, Firewall implementations, and Digital TCP/IP Services for OpenVMS AXP & VAX COMPONENT: System Security / Potential Denial of Service DIGITAL UNIX Version: 3.0, 3.0b, 3.2, 3.2c, 3.2de1, 3.2de2, 3.2f, 3.2g, 4.0, 4.0a DIGITAL UNIX MLS+ Version 3.1a DIGITAL TCP/IP Services for OpenVMS AXP & VAX Versions - 4.0, 4.1 DIGITAL ULTRIX Versions 4.3, 4.3a, 4.4, 4.5 DIGITAL Firewall for UNIX DIGITAL AltaVista Firewall for UNIX DIGITAL VAX/ELN For more information check the DSNlink/DIA Articles (keyword PING), or the URL http://www.service.digital.com/html/whats-new.html for the latest information. ADVISORY INFORMATION: Digital recently discovered a potential denial of service issue that may occur by remote systems exploiting a recently published problem while executing the 'ping' command. Solutions and initial communications began appearing in DSNlink/DIA FLASH/articles in late October, 1996. SEVERITY LEVEL: High. SOLUTION: Digital has reacted promptly to this reported problem and a complete set of patch kits are being prepared for all currently supported platforms. The Digital patches may be obtained from your local Digital support channel or from the URL listed above. Please refer to the applicable README notes information prior to the installation of patch kits on your system. DIGITAL EQUIPMENT CORPORATION Copyright (c) Digital Equipment Corporation, 1996, All Rights Reserved. Unpublished Rights Reserved Under The Copyright Laws Of The United States. Free BSD, Inc. ============== We have fixed the problem in 2.1.6 and -current. Hewlett-Packard Company ======================= For HP9000 Series 700 and 800 systems, apply the appropriate patch. See Hewlett-Packard Security Bulletin #000040 (HPSBUX9610-040) for further details. The bulletin is available from the HP SupportLine and ftp://info.cert.org/pub/vendors/hp/ Patch Name(Platform/OS) | Notes --------------------------+---------------------------------- PHNE_9027 (s700 9.01) : PHNE_7704 must first be installed PHNE_9028 (s700 9.03/5/7) : PHNE_7252 must first be installed PHNE_9030 (s700 10.00) : No patch dependencies PHNE_9032 (s700 10.01) : PHNE_8168 must first be installed PHNE_9034 (s700 10.10) : PHNE_8063 must first be installed PHNE_9036 (s700 10.20) : No patch dependencies --------------------------+---------------------------------- PHNE_8672 (s800 9.00) : PHNE_7197 must first be installed PHNE_9029 (s800 9.04) : PHNE_7317 must first be installed PHNE_9031 (s800 10.00) : No patch dependencies PHNE_9033 (s800 10.01) : PHNE_8169 must first be installed PHNE_9035 (s800 10.10) : PHNE_8064 must first be installed PHNE_9037 (s800 10.20) : No patch dependencies --------------------------+---------------------------------- For our MPE operating system, patches are in process. Watch for the issuance of our MPE security bulletin. IBM Corporation =============== See the appropriate release below to determine your action. AIX 3.2 ------- Apply the following fix to your system: APAR - IX59644 (PTF - U444227 U444232) To determine if you have this PTF on your system, run the following command: lslpp -lB U444227 U444232 AIX 4.1 ------- Apply the following fix to your system: APAR - IX59453 To determine if you have this APAR on your system, run the following command: instfix -ik IX59453 Or run the following command: lslpp -h bos.net.tcp.client Your version of bos.net.tcp.client should be 4.1.4.16 or later. AIX 4.2 ------- Apply the following fix to your system: APAR - IX61858 To determine if you have this APAR on your system, run the following command: instfix -ik IX61858 Or run the following command: lslpp -h bos.net.tcp.client Your version of bos.net.tcp.client should be 4.2.0.6 or later. IBM SNG Firewall ---------------- NOTE: The fixes in this section should ONLY be applied to systems running the IBM Internet Connection Secured Network Gateway (SNG) firewall software. They should be applied IN ADDITION TO the IBM AIX fixes listed in the previous section. IBM SNG V2.1 ------------ APAR - IR33376 PTF UR46673 IBM SNG V2.2 ------------ APAR - IR33484 PTF UR46641 To Order -------- APARs may be ordered using Electronic Fix Distribution (via FixDist) or from the IBM Support Center. For more information on FixDist, reference URL: http://service.software.ibm.com/aixsupport/ or send e-mail to aixserv at austin.ibm.com with a subject of "FixDist". IBM and AIX are registered trademarks of International Business Machines Corporation. Linux Systems ============= We recommend that you upgrade your Linux 1.3.x and 2.0.x kernels to Linux 2.0.27. This is available from all the main archive sites such as ftp://ftp.cs.helsinki.fi/pub/Software/Linux Users wishing to remain with an earlier kernel version may download a patch from http://www.uk.linux.org/big-ping-patch. This patch will work with 2.0.x kernel revisions but is untested with 1.3.x kernel revisions. Red Hat Linux has chosen to issue a 2.0.18 based release with the fix. Red Hat users should obtain this from ftp://ftp.redhat.com/pub/redhat/redhat-4.0/updates/i386/kernel-2.0.18-6.i386.rpm NEC Corporation =============== - -------------------------------------------------------------------------- OS Version Status - ------------------ ------------ ------------------------------------- EWS-UX/V(Rel4.0) R1.x - R6.x not vulnerable EWS-UX/V(Rel4.2) R7.x - R10.x not vulnerable EWS-UX/V(Rel4.2MP) R10.x not vulnerable UP-UX/V R1.x - R4.x not vulnerable UP-UX/V(Rel4.2MP) R5.x - R7.x not vulnerable UX/4800 R11.x not vulnerable - -------------------------------------------------------------------------- NCR ==== see Computer Associates, Intl. Open Software Foundation (OSF) ============================== OSF's OSF/1 R1.3.3 maintenance release includes a solution for this problem. The Santa Cruz Operation, Inc. (SCO) =================================== The following SCO products are known to be vulnerable: SCO OpenServer 5.0.0, 5.0.2 SCO Internet FastStart 1.0.0, 1.1.0 SCO Open Desktop 3.0 SCO TCP/IP 1.2.1 on SCO Unix System V/386 Release 3.2 Version 4.2 The symptoms encountered vary greatly and seem to be related to the type of network interface device being used. Support Level Supplement (SLS) OSS449 is being developed for use with the following releases: SCO OpenServer 5.0.0, 5.0.2 SCO Internet FastStart 1.0.0, 1.1.0. This SLS will be available in the near future. Watch the following URL for availability information of SLS OSS449: ftp://ftp.sco.COM/SLS/README Should more information become available for either SCO's OpenServer or UnixWare products, SCO will provide updated information for this advisory. Sun Microsystems, Inc. ====================== We are looking into this problem. ........................................................................... - ----------------------------------------------------------------------------- The CERT Coordination Center staff thanks AUSCERT, the Australian Computer Emergency Response Team, and DFN-CERT, the German team, for their contributions to this advisory, and we thank Mike Bremford for permission to cite the information he has made available to the community. - ----------------------------------------------------------------------------- If you believe that your system has been compromised, contact the CERT Coordination Center or your representative in the Forum of Incident Response and Security Teams (see ftp://info.cert.org/pub/FIRST/first-contacts). CERT/CC Contact Information - ---------------------------- Email cert at cert.org Phone +1 412-268-7090 (24-hour hotline) CERT personnel answer 8:30-5:00 p.m. EST(GMT-5) / EDT(GMT-4) and are on call for emergencies during other hours. Fax +1 412-268-6989 Postal address CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 USA Using encryption We strongly urge you to encrypt sensitive information sent by email. We can support a shared DES key or PGP. Contact the CERT/CC for more information. Location of CERT PGP key ftp://info.cert.org/pub/CERT_PGP.key Getting security information CERT publications and other security information are available from http://www.cert.org/ ftp://info.cert.org/pub/ CERT advisories and bulletins are also posted on the USENET newsgroup comp.security.announce To be added to our mailing list for advisories and bulletins, send your email address to cert-advisory-request at cert.org - --------------------------------------------------------------------------- Copyright 1996 Carnegie Mellon University This material may be reproduced and distributed without permission provided it is used for noncommercial purposes and the copyright statement is included. CERT is a service mark of Carnegie Mellon University. - --------------------------------------------------------------------------- This file: ftp://info.cert.org/pub/cert_advisories/CA-96.26.ping http://www.cert.org click on "CERT Advisories" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Revision history From gen2600 at aracnet.com Wed Dec 18 13:04:33 1996 From: gen2600 at aracnet.com (Genocide) Date: Wed, 18 Dec 1996 13:04:33 -0800 (PST) Subject: virus from fuck@yourself.up In-Reply-To: <9612190009.AA22522@doyens2> Message-ID: On Wed, 18 Dec 1996, ADAO-CRUZ Nuno wrote: > I send an e-mail to fuck at yourself.up but i receive the message:host > unknown. Could someone explain that to me please. Please...tell me you are kidding!? Genocide Head of the Genocide2600 Group ============================================================================ **Coming soon! www.Genocide2600.com! ____________________ *---===| |===---* *---===| Genocide |===---* "You can be a king or a street *---===| 2600 |===---* sweeper, but everyone dances with the *---===|__________________|===---* Grim Reaper." Email: gen2600 at aracnet.com Web: http://www.aracnet.com/~gen2600 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ It is by caffeine alone that I set my mind in motion. It is by the Mountain Dew that the thoughts acquire speed, the lips acquire stains, the stains become a warning. It is by caffeine alone that I set my mind in motion. ================================================================================ From cme at cybercash.com Wed Dec 18 13:12:20 1996 From: cme at cybercash.com (Carl Ellison) Date: Wed, 18 Dec 1996 13:12:20 -0800 (PST) Subject: [NOT NOISE] Microsoft Crypto Service Provider API Message-ID: <3.0.32.19961218160906.00c4efd8@cybercash.com> -----BEGIN PGP SIGNED MESSAGE----- At 01:13 AM 12/18/96 -0500, Marc Horowitz wrote: >You're right, you haven't looked at it closely. Although it doesn't >have Key Escrow, new cryptosystems can only be added if they are >signed by a private key held by Microsoft. Of course, Microsoft has >agreed with the State Dept. to sign only export-"strength" crypto. I should let Microsoft defend their own turf, but they told me they will sign anyone's CSP. Once the CSP is signed, Microsoft is off the export hook. It's now *your* problem to obey the export laws or keep your CSP inside the country. That's what's so brilliant about the MS CSP design. By getting them off the hook for enforcing export laws, they can write S/W to call the CSP and just plain ignore the export hassles. If you can't handle it yourself, delegate it! - Carl -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMrhda1QXJENzYr45AQH4CAP+Kv9cEqV3z1aRVTTdA4DcLyQSF0D59xip QUAJWXMZJomqX/qE4PduGG8OZbvgkmLfHwJrm6v1HbjndmLhbp9FnKHLT2i5IL1B ilkGGEvglc19SwprsGnjGYZRbjQRxbObQmr/Qc8R9Z5jWzAdpxsWM/vAXTvTkevT TIYnt7AvehA= =r+qm -----END PGP SIGNATURE----- +------------------------------------------------------------------+ |Carl M. Ellison cme at cybercash.com http://www.clark.net/pub/cme | |CyberCash, Inc. http://www.cybercash.com/ | |207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 | |Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 | +------------------------------------------------------------------+ From jya at pipeline.com Wed Dec 18 14:19:23 1996 From: jya at pipeline.com (John Young) Date: Wed, 18 Dec 1996 14:19:23 -0800 (PST) Subject: More on Van Eck Message-ID: <1.5.4.32.19961218221529.0068a48c@pop.pipeline.com> Steve Schear has provided a 1988 follow-up article on Van Eck's 1985 study of EMR snooping. It includes a letter by Van Eck explaining why he omitted certain information in the original article, and why his employer "classified" more sophisticated studies of "compromising emanation." We've put up HTML and PDF versions: http://jya.com/bits.htm (12 kb plus 2 images) http://jya.com/bits.pdf (85 kb) From tcmay at got.net Wed Dec 18 14:39:49 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 18 Dec 1996 14:39:49 -0800 (PST) Subject: Attention Journalists (was Re: TIS_sue) In-Reply-To: <1.5.4.32.19961217131004.006a82e4@pop.pipeline.com> Message-ID: At 11:08 AM -0600 12/17/96, Andrew Loewenstern wrote: >> In a development that may signal the beginning of the end >> of the long standing encryption export control controversy, >> TIS today announced that products using very strong >> cryptography with its RecoverKey technology have been approved >> for general purpose export control under new export >> regulations. > >For those journalists reading the list that aren't experts in cryptology: >if >someone outside of your control can recover the key, then it is NOT "very >strong" cryptography. Another piece of advice for journalists: stop saying the latest proposal "may signal the beginning of the end of the impasse..." and similar such puffery. We heard this about the Lotus 40+24 stupid idea a year or so ago, we heard this about the IBM key recovery thing a few months ago, we heard this about the H-P/Intel scheme a few weeks ago, and now we're hearing about it again with the latest revision of the TIS proposal. Journalists seem to be just rewriting the press releases of these companies, all of whom are building the technologies to sell out the remaining liberties of Americans. These corporations, and the journalist who tout their stories, are the modern equivalent of the German companies...you know the reference. ("The development of Zyklon-B may signal the beginning of the end of the long standing controversy regarding the Jewish problem.") --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From mrosen at peganet.com Wed Dec 18 14:50:11 1996 From: mrosen at peganet.com (Mark Rosen) Date: Wed, 18 Dec 1996 14:50:11 -0800 (PST) Subject: The virus I got... Message-ID: <199612182245.RAA07424@mercury.peganet.com> > There was an e-mail sent to the list that had attached to it a virus. Well > lucky me I got. It was a .com file that apparently turns your files into > directories. I can't boot into Win95 since it turned my HIMEM.SYS into a > directory. So, I seem to have fixed that, but now it says "access denied" > and then prompts me with C:\>. Did anyone else get it? Has anyone heard > or fixed this virus? Yes. FIrst of all, NEVER run any executable you recieve that is just attached to an e-mail message like that. Unfortunately, my stupid trackpad on my laptop slipped and I too ran the file. Your registry has been deleted and it looks like every file that was not hidden in the Windows directory (or at least a lot of them) have been renamed and made directories. I suspect the file information still exists but is messed up. You probably won't ever be able to get it back. First you need to remove all of the rogue directories (type dir /w/o/p at c:\windows\ and then rmdir everything in brackets that looks like it was a file - it'll have a '.' in its name). You can then reinstall Windows 95. All of your configuration will be lost, but at least you're up again. I'm posting this to the list if anyone else has also run this program, but if anyone has any more questions, please e-mail mrosen at peganet.com. Did anyone find out a real e-mail address from this guy. I'd like to uhhh... cyberbeat him. Oh, and as far as I know, no virus was installed, though you should check for one just for good measure. Mark Rosen FireSoft - http://www.geocities.com/SiliconValley/Pines/2690 Mark Eats AOL - http://www.geocities.com/TimesSquare/6660 From adam at homeport.org Wed Dec 18 17:24:08 1996 From: adam at homeport.org (Adam Shostack) Date: Wed, 18 Dec 1996 17:24:08 -0800 (PST) Subject: Earl Edwin Pitts, $224,000 Message-ID: <199612190120.UAA22811@homeport.org> http://www.cnn.com/US/9612/18/fbi.spy/index.html FBI agent spied for Soviet Union, Russia. "He also provided a stolen FBI handset to a telecommunications device used to transmit classified information," Too bad he didn't have access to the Clipper database. That would have helped us find its free market price. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From tangent at alt255.com Wed Dec 18 17:35:33 1996 From: tangent at alt255.com (Tangent) Date: Wed, 18 Dec 1996 17:35:33 -0800 (PST) Subject: Eudora PGP Plugin In-Reply-To: <199612182245.RAA07424@mercury.peganet.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Does anyone know of a good Eudora PGP Plugin, or something similar, for a Windows system? I've used Private Idaho before, but I'm looking for something slightly more integrated with Eudora. Any suggestions will be appreciated. - -- Tangent To get my PGP key, send a message with the subject "get-pgp-key". If it weren't for the last minute, nothing would ever get done. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBMribVN6mIIS6gBCxAQGUYAP9FqYHtJ7eqXI6K015ynEykieS3dIDZ1tO jYIIyyu0PHwfZv/z1ksKxTn2Kei3iNZpMDJD8EstIdHo1Ef2/1ix0TwlCvIpqtrt 9yJubUhOVDdrBFNfEYDcveU38l4PK+1Qf7gY/X9CXsdu31uQ1dMXE6Q6CHwhhypX Jsra2prICSE= =6Ji9 -----END PGP SIGNATURE----- From gnu at toad.com Wed Dec 18 17:53:21 1996 From: gnu at toad.com (John Gilmore) Date: Wed, 18 Dec 1996 17:53:21 -0800 (PST) Subject: EFF: Bernstein court declares crypto restrictions unconstitutional Message-ID: <199612190153.RAA08519@toad.com> COURT DECLARES CRYPTO RESTRICTIONS UNCONSTITUTIONAL Free Speech Trumps Clinton Wiretap Plan December 18, 1996 Electronic Frontier Foundation Contacts: Shari Steele, Staff Attorney 301/375-8856, ssteele at eff.org John Gilmore, Founding Board Member 415/221-6524, gnu at toad.com Cindy Cohn, McGlashan & Sarrail 415/341-2585, cindy at mcglashan.com San Francisco - On Monday, Judge Marilyn Hall Patel struck down Cold War export restrictions on the privacy technology called cryptography. Her decision knocks out a major part of the Clinton Administration's effort to force companies to build "wiretap-ready" computers, set-top boxes, telephones, and consumer electronics. The decision is a victory for free speech, academic freedom, and the prevention of crime. American scientists and engineers will now be free to collaborate with their peers in the United States and in other countries. This will enable them to build a new generation of tools for protecting the privacy and security of communications. The Clinton Administration has been using the export restrictions to goad companies into building wiretap-ready "key recovery" technology. In a November Executive Order, President Clinton offered limited administrative exemptions from these restrictions to companies which agree to undermine the privacy of their customers. Federal District Judge Patel's ruling knocks both the carrot and the stick out of Clinton's hand, because the restrictions were unconstitutional in the first place. The Cold War law and regulations at issue in the case prevented American researchers and companies from exporting cryptographic software and hardware. Export is normally thought of as the physical carrying of an object across a national border. However, the regulations define "export" to include simple publication in the U.S., as well as discussions with foreigners inside the U.S. They also define "software" to include printed English-language descriptions and diagrams, as well as the traditional machine-readable object code and human-readable source code. The secretive National Security Agency has built up an arcane web of complex and confusing laws, regulations, standards, and secret interpretations for years. These are used to force, persuade, or confuse individuals, companies, and government departments into making it easy for NSA to wiretap and decode all kinds of communications. Their tendrils reach deep into the White House, into numerous Federal agencies, and into the Congressional Intelligence Committees. In recent years this web is unraveling in the face of increasing visibility, vocal public disagreement with the spy agency's goals, commercial and political pressure, and judicial scrutiny. Civil libertarians have long argued that encryption should be widely deployed on the Internet and throughout society to protect privacy, prove the authenticity of transactions, and improve computer security. Industry has argued that the restrictions hobble them in building secure products, both for U.S. and worldwide use, risking America's current dominant position in computer technology. Government officials in the FBI and NSA argue that the technology is too dangerous to permit citizens to use it, because it provides privacy to criminals as well as ordinary citizens. "We're pleased that Judge Patel understands that our national security requires protecting our basic rights of free speech and privacy," said John Gilmore, co-founder of the Electronic Frontier Foundation, which backed the suit. "There's no sense in `burning the Constitution in order to save it'. The secretive bureaucrats who have restricted these rights for decades in the name of national security must come to a larger understanding of how to support and preserve our democracy." Reactions to the decision "This is a positive sign in the crypto wars -- the first rational statement concerning crypto policy to come out of any part of the government," said Jim Bidzos, President of RSA Data Security, one of the companies most affected by crypto policy. "It's nice to see that the executive branch does not get to decide whether we have the right of free speech," said Philip Zimmermann, Chairman of PGP, Inc. "It shows that my own common sense interpretation of the constitution was correct five years ago when I thought it was safe to publish my own software, PGP. If only US Customs had seen it that way." Mr. Zimmermann is a civil libertarian who was investigated by the government under these laws when he wrote and gave away a program for protecting the privacy of e-mail. His "Pretty Good Privacy" program is used by human rights activists worldwide to protect their workers and informants from torture and murder by their own countries' secret police. "Judge Patel's decision furthers our efforts to enable secure electronic commerce," said Asim Abdullah, executive director of CommerceNet. Jerry Berman, Executive Director of the Center for Democracy and Technology, a Washington-based Internet advocacy group, hailed the victory. "The Bernstein ruling illustrates that the Administration continues to embrace an encryption policy that is not only unwise, but also unconstitutional. We congratulate Dan Bernstein, the Electronic Frontier Foundation, and all of the supporters who made this victory for free speech and privacy on the Internet possible." "The ability to publish is required in any vibrant academic discipline," This ruling re-affirming our obvious academic right will help American researchers publish without worrying," said Bruce Schneier, author of the popular textbook _Applied Cryptography_, and a director of the International Association for Cryptologic Research, a professional organization of cryptographers. Kevin McCurley, President of the International Association for Cryptologic Research, said, "Basic research to further the understanding of fundamental notions in information should be welcomed by our society. The expression of such work is closely related to one of the fundamental values of our society, namely freedom of speech." Effect of the decision Judge Patel's decision today only legally applies to Prof. Bernstein. Other people and companies are still technically required to follow the export restrictions when speaking or publishing about cryptography, or when speaking or publishing cryptographic source code. However, the decision sends a strong signal that if the government tried to enforce these rules against other people, the courts are likely to strike them down again. Judge Patel has specifically not decided whether the export controls on object code (the executable form of computer programs which source code is automatically translated into) are constitutional. Existing export controls will continue to apply to runnable software products, such as Netscape's broswer, until another court case challenges that part of the restrictions. Background on the case The plaintiff in the case, Daniel J. Bernstein, Research Assistant Professor at the University of Illinois at Chicago, developed an "encryption algorithm" (a recipe or set of instructions) that he wanted to publish in printed journals as well as on the Internet. Bernstein sued the government, claiming that the government's requirements that he register as an arms dealer and seek government permission before publication was a violation of his First Amendment right of free speech. This is required by the Arms Export Control Act and its implementing regulations, the International Traffic in Arms Regulations. In the first phase of this litigation, the government argued that since Bernstein's ideas were expressed, in part, in computer language (source code), they were not protected by the First Amendment. On April 15, 1996, Judge Patel rejected that argument and held for the first time that computer source code is protected speech for purposes of the First Amendment. Details of Monday's Decision Judge Patel ruled that the Arms Export Control Act is an unconstitutional prior restraint on speech, because it requires Bernstein to submit his ideas about cryptography to the government for review, to register as an arms dealer, and to apply for and obtain from the government a license to publish his ideas. Using the Pentagon Papers case as precedent, she ruled that the government's "interest of national security alone does not justify a prior restraint." Under the Constitution, he is now free to publish his ideas without asking the government's permission first. Judge Patel also held that the government's required licensing procedure fails to provide adequate procedural safeguards. When the Government acts legally to suppress protected speech, it must reduce the chance of illegal censorship by the bureacrats involved. Her decision states, "Because the ITAR licensing scheme fails to provide for a time limit on the licensing decision, for prompt judicial review and for a duty on the part of the ODTC to go to court and defend a denial of a license, the ITAR licensing scheme as applied to Category XIII(b) acts as an unconstitutional prior restraint in violation of the First Amendment." She also ruled that the export controls restrict speech based on the content of the speech, not for any other reason. "Category XIII(b) is directed very specifically at applied scientific research and speech on the topic of encryption." The Government had argued that it restricts the speech because of its function, not its content. The judge also found that the ITAR is vague, because it does not adequately define how information that is available to the public "through fundamental research in science and engineering" is exempt from the export restrictions. "This subsection ... does not give people ... a reasonable opportunity to know what is prohibited." The failure to precisely define what objects and actions are being regulated creates confusion and a chilling effect. Bernstein has been unable to publish his encryption algorithm for over three years. Many other cryptographers and ordinary programmers have also been restrained from publishing because of the vagueness of the ITAR. Brian Behlendorf, a maintainer of the popular public domain "Apache" web server program, stated, "No cryptographic source code was ever distributed by the Apache project. Despite this, the Apache server code was deemed by the NSA to violate the ITAR." Judge Patel also adopted a narrower definition of the term "defense service" in order to save it from unconstitutional vagueness. The immediate effect of this decision is that Bernstein now is free to teach his January 13th cryptography class in his usual way. He can post his class materials on the Internet, and discuss the upcoming class's materials with other professors, without being held in violation of the ITAR. "I'm very pleased," Bernstein said. "Now I won't have to tell my students to burn their notebooks." ABOUT THE ATTORNEYS Lead counsel on the case is Cindy Cohn of the San Mateo law firm of McGlashan & Sarrail, who is offering her services pro bono. Major additional pro bono legal assistance is being provided by Lee Tien of Berkeley; M. Edward Ross of the San Francisco law firm of Steefel, Levitt & Weiss; James Wheaton and Elizabeth Pritzker of the First Amendment Project in Oakland; and Robert Corn-Revere of the Washington, DC, law firm of Hogan & Hartson. ABOUT THE ELECTRONIC FRONTIER FOUNDATION The Electronic Frontier Foundation (EFF) is a nonprofit civil liberties organization working in the public interest to protect privacy, free expression, and access to online resources and information. EFF is a primary sponsor of the Bernstein case. EFF helped to find Bernstein pro bono counsel, is a member of the Bernstein legal team, and helped collect members of the academic community and computer industry to support this case. Full text of the lawsuit and other paperwork filed in the case is available from EFF's online archives at http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/ The full text of Monday's decision will be posted there as soon as we scan it in. From gnu at toad.com Wed Dec 18 17:55:31 1996 From: gnu at toad.com (John Gilmore) Date: Wed, 18 Dec 1996 17:55:31 -0800 (PST) Subject: EFF: Bernstein court declares crypto restrictions unconstitutional Message-ID: <199612190155.RAA08591@toad.com> COURT DECLARES CRYPTO RESTRICTIONS UNCONSTITUTIONAL Free Speech Trumps Clinton Wiretap Plan December 18, 1996 Electronic Frontier Foundation Contacts: Shari Steele, Staff Attorney 301/375-8856, ssteele at eff.org John Gilmore, Founding Board Member 415/221-6524, gnu at toad.com Cindy Cohn, McGlashan & Sarrail 415/341-2585, cindy at mcglashan.com San Francisco - On Monday, Judge Marilyn Hall Patel struck down Cold War export restrictions on the privacy technology called cryptography. Her decision knocks out a major part of the Clinton Administration's effort to force companies to build "wiretap-ready" computers, set-top boxes, telephones, and consumer electronics. The decision is a victory for free speech, academic freedom, and the prevention of crime. American scientists and engineers will now be free to collaborate with their peers in the United States and in other countries. This will enable them to build a new generation of tools for protecting the privacy and security of communications. The Clinton Administration has been using the export restrictions to goad companies into building wiretap-ready "key recovery" technology. In a November Executive Order, President Clinton offered limited administrative exemptions from these restrictions to companies which agree to undermine the privacy of their customers. Federal District Judge Patel's ruling knocks both the carrot and the stick out of Clinton's hand, because the restrictions were unconstitutional in the first place. The Cold War law and regulations at issue in the case prevented American researchers and companies from exporting cryptographic software and hardware. Export is normally thought of as the physical carrying of an object across a national border. However, the regulations define "export" to include simple publication in the U.S., as well as discussions with foreigners inside the U.S. They also define "software" to include printed English-language descriptions and diagrams, as well as the traditional machine-readable object code and human-readable source code. The secretive National Security Agency has built up an arcane web of complex and confusing laws, regulations, standards, and secret interpretations for years. These are used to force, persuade, or confuse individuals, companies, and government departments into making it easy for NSA to wiretap and decode all kinds of communications. Their tendrils reach deep into the White House, into numerous Federal agencies, and into the Congressional Intelligence Committees. In recent years this web is unraveling in the face of increasing visibility, vocal public disagreement with the spy agency's goals, commercial and political pressure, and judicial scrutiny. Civil libertarians have long argued that encryption should be widely deployed on the Internet and throughout society to protect privacy, prove the authenticity of transactions, and improve computer security. Industry has argued that the restrictions hobble them in building secure products, both for U.S. and worldwide use, risking America's current dominant position in computer technology. Government officials in the FBI and NSA argue that the technology is too dangerous to permit citizens to use it, because it provides privacy to criminals as well as ordinary citizens. "We're pleased that Judge Patel understands that our national security requires protecting our basic rights of free speech and privacy," said John Gilmore, co-founder of the Electronic Frontier Foundation, which backed the suit. "There's no sense in `burning the Constitution in order to save it'. The secretive bureaucrats who have restricted these rights for decades in the name of national security must come to a larger understanding of how to support and preserve our democracy." Reactions to the decision "This is a positive sign in the crypto wars -- the first rational statement concerning crypto policy to come out of any part of the government," said Jim Bidzos, President of RSA Data Security, one of the companies most affected by crypto policy. "It's nice to see that the executive branch does not get to decide whether we have the right of free speech," said Philip Zimmermann, Chairman of PGP, Inc. "It shows that my own common sense interpretation of the constitution was correct five years ago when I thought it was safe to publish my own software, PGP. If only US Customs had seen it that way." Mr. Zimmermann is a civil libertarian who was investigated by the government under these laws when he wrote and gave away a program for protecting the privacy of e-mail. His "Pretty Good Privacy" program is used by human rights activists worldwide to protect their workers and informants from torture and murder by their own countries' secret police. "Judge Patel's decision furthers our efforts to enable secure electronic commerce," said Asim Abdullah, executive director of CommerceNet. Jerry Berman, Executive Director of the Center for Democracy and Technology, a Washington-based Internet advocacy group, hailed the victory. "The Bernstein ruling illustrates that the Administration continues to embrace an encryption policy that is not only unwise, but also unconstitutional. We congratulate Dan Bernstein, the Electronic Frontier Foundation, and all of the supporters who made this victory for free speech and privacy on the Internet possible." "The ability to publish is required in any vibrant academic discipline," This ruling re-affirming our obvious academic right will help American researchers publish without worrying," said Bruce Schneier, author of the popular textbook _Applied Cryptography_, and a director of the International Association for Cryptologic Research, a professional organization of cryptographers. Kevin McCurley, President of the International Association for Cryptologic Research, said, "Basic research to further the understanding of fundamental notions in information should be welcomed by our society. The expression of such work is closely related to one of the fundamental values of our society, namely freedom of speech." Effect of the decision Judge Patel's decision today only legally applies to Prof. Bernstein. Other people and companies are still technically required to follow the export restrictions when speaking or publishing about cryptography, or when speaking or publishing cryptographic source code. However, the decision sends a strong signal that if the government tried to enforce these rules against other people, the courts are likely to strike them down again. Judge Patel has specifically not decided whether the export controls on object code (the executable form of computer programs which source code is automatically translated into) are constitutional. Existing export controls will continue to apply to runnable software products, such as Netscape's broswer, until another court case challenges that part of the restrictions. Background on the case The plaintiff in the case, Daniel J. Bernstein, Research Assistant Professor at the University of Illinois at Chicago, developed an "encryption algorithm" (a recipe or set of instructions) that he wanted to publish in printed journals as well as on the Internet. Bernstein sued the government, claiming that the government's requirements that he register as an arms dealer and seek government permission before publication was a violation of his First Amendment right of free speech. This is required by the Arms Export Control Act and its implementing regulations, the International Traffic in Arms Regulations. In the first phase of this litigation, the government argued that since Bernstein's ideas were expressed, in part, in computer language (source code), they were not protected by the First Amendment. On April 15, 1996, Judge Patel rejected that argument and held for the first time that computer source code is protected speech for purposes of the First Amendment. Details of Monday's Decision Judge Patel ruled that the Arms Export Control Act is an unconstitutional prior restraint on speech, because it requires Bernstein to submit his ideas about cryptography to the government for review, to register as an arms dealer, and to apply for and obtain from the government a license to publish his ideas. Using the Pentagon Papers case as precedent, she ruled that the government's "interest of national security alone does not justify a prior restraint." Under the Constitution, he is now free to publish his ideas without asking the government's permission first. Judge Patel also held that the government's required licensing procedure fails to provide adequate procedural safeguards. When the Government acts legally to suppress protected speech, it must reduce the chance of illegal censorship by the bureacrats involved. Her decision states, "Because the ITAR licensing scheme fails to provide for a time limit on the licensing decision, for prompt judicial review and for a duty on the part of the ODTC to go to court and defend a denial of a license, the ITAR licensing scheme as applied to Category XIII(b) acts as an unconstitutional prior restraint in violation of the First Amendment." She also ruled that the export controls restrict speech based on the content of the speech, not for any other reason. "Category XIII(b) is directed very specifically at applied scientific research and speech on the topic of encryption." The Government had argued that it restricts the speech because of its function, not its content. The judge also found that the ITAR is vague, because it does not adequately define how information that is available to the public "through fundamental research in science and engineering" is exempt from the export restrictions. "This subsection ... does not give people ... a reasonable opportunity to know what is prohibited." The failure to precisely define what objects and actions are being regulated creates confusion and a chilling effect. Bernstein has been unable to publish his encryption algorithm for over three years. Many other cryptographers and ordinary programmers have also been restrained from publishing because of the vagueness of the ITAR. Brian Behlendorf, a maintainer of the popular public domain "Apache" web server program, stated, "No cryptographic source code was ever distributed by the Apache project. Despite this, the Apache server code was deemed by the NSA to violate the ITAR." Judge Patel also adopted a narrower definition of the term "defense service" in order to save it from unconstitutional vagueness. The immediate effect of this decision is that Bernstein now is free to teach his January 13th cryptography class in his usual way. He can post his class materials on the Internet, and discuss the upcoming class's materials with other professors, without being held in violation of the ITAR. "I'm very pleased," Bernstein said. "Now I won't have to tell my students to burn their notebooks." ABOUT THE ATTORNEYS Lead counsel on the case is Cindy Cohn of the San Mateo law firm of McGlashan & Sarrail, who is offering her services pro bono. Major additional pro bono legal assistance is being provided by Lee Tien of Berkeley; M. Edward Ross of the San Francisco law firm of Steefel, Levitt & Weiss; James Wheaton and Elizabeth Pritzker of the First Amendment Project in Oakland; and Robert Corn-Revere of the Washington, DC, law firm of Hogan & Hartson. ABOUT THE ELECTRONIC FRONTIER FOUNDATION The Electronic Frontier Foundation (EFF) is a nonprofit civil liberties organization working in the public interest to protect privacy, free expression, and access to online resources and information. EFF is a primary sponsor of the Bernstein case. EFF helped to find Bernstein pro bono counsel, is a member of the Bernstein legal team, and helped collect members of the academic community and computer industry to support this case. Full text of the lawsuit and other paperwork filed in the case is available from EFF's online archives at http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/ The full text of Monday's decision will be posted there as soon as we scan it in. From tcmay at got.net Wed Dec 18 18:00:20 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 18 Dec 1996 18:00:20 -0800 (PST) Subject: Earl Edwin Pitts, $224,000 In-Reply-To: <199612190120.UAA22811@homeport.org> Message-ID: At 8:20 PM -0500 12/18/96, Adam Shostack wrote: >http://www.cnn.com/US/9612/18/fbi.spy/index.html >FBI agent spied for Soviet Union, Russia. > >"He also provided a stolen FBI handset to a telecommunications device >used to transmit classified information," > >Too bad he didn't have access to the Clipper database. That would >have helped us find its free market price. ...and who's to say he didn't? Anyone who bought it--the Russians, for example--would hardly have been likely to publicize their purchase. (Maybe if _we_ purchased it, we'd publicize the purchase, but nearly anyone else would not.) According to tonight's news reports, he was in charge of counterintelligence against the Soviets and then the Russians in the New York area. This gave him considerable access to surveillance and crypto methods. Note also that James Kallstrom heads up the New York FBI office. (Maybe he knows some members of this list.) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From richieb at teleport.com Wed Dec 18 18:08:30 1996 From: richieb at teleport.com (Rich Burroughs) Date: Wed, 18 Dec 1996 18:08:30 -0800 (PST) Subject: Eudora PGP Plugin In-Reply-To: Message-ID: On Wed, 18 Dec 1996, Tangent wrote: > Does anyone know of a good Eudora PGP Plugin, or something similar, for a > Windows system? I've used Private Idaho before, but I'm looking for > something slightly more integrated with Eudora. > > Any suggestions will be appreciated. There is one, but I don't have the URL handy. Hopefullly someone will chime in with it. Personally, I can't wait to check out the Eudora support in PGPmail 4.5, the new, commercial version of the software from PGP Inc. Supposedly it has a special toolbar for Eudora users, plus some other GUI enhancements for 95 users, like encryption through Windows Explorer. It should be out sometime in January, and the price point had not been determined yet, AFAIK. You don't need a commercial version if you're not using it for business purposes, but I may pony up for a copy anyway if it turns out to be as cool as it sounds. Check www.pgp.com for more info... Rich _______________________________________________________________________ Rich Burroughs richieb at teleport.com http://www.teleport.com/~richieb/ See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon/ dec96 issue "cause for alarm" - http://www.teleport.com/~richieb/cause/ From wombat at mcfeely.bsfs.org Wed Dec 18 18:28:05 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Wed, 18 Dec 1996 18:28:05 -0800 (PST) Subject: "I've Always Wondered..." In-Reply-To: <19961210214400.24763.qmail@squirrel.owl.de> Message-ID: On 10 Dec 1996, Secret Squirrel wrote: > sue1968 at ix17.ix.netcom.com wrote to All: > > s> Hi, > > s> Please excuse this intrusion into your mailbox, but I would like to > s> tell you about something which will be of interest to you... > > Fat chance. > > Still, this brings up an interesting point: Considering the special > abilities of many of the principals here, is there something especially > tasty in store for those net predators who spam this list? > > I've always imagined something _very_ special happens to their accounts, > but I may just be a hopeless romantic, I dunno... > > If not, why not? > Even c'punks are busy at times. -r.w. From EALLENSMITH at ocelot.Rutgers.EDU Wed Dec 18 18:35:08 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Wed, 18 Dec 1996 18:35:08 -0800 (PST) Subject: Inflation-index bonds and private e-currency Message-ID: <01ID64VQ21UOAEL9VT@mbcl.rutgers.edu> From: IN%"rfiero at pophost.com" "Richard Fiero" 1-OCT-1996 04:50:07.73 >E. Allen Smith wrote: >> One of the attractions of privately-produced currencies is as a >> hedge against inflation; this development may be a competitor to this >> idea. On the other hand, this setup does have an unavailability in _time_ >> of the money (more so than other, equal-security bonds of the same duration), >> which may offset its greater spendability. >I don't get it. Why is this bond not saleable like any other? What >"privately-produced currencies" are a hedge against inflation? If >this bond is saleable like any other, why is the money unavailable? >What means "greater spendability?" Is this assumed to be yet another >government plot because it competes with other offerings and reduces >the cost of borrowing? The bond in question is salable... but its value is only guaranteed (to the extent that any government promise is guaranteed) when it comes due. Money supplies can be continuously adjusted by a private issue to keep a privately-produced currency's value stable. Privately-produced currencies, with a few (unfortunately minor) exceptions, are currently more of a free market economist idea than a reality; current governments are quite close on keeping their monetary powers (witness the protests in Europe against going the opposite way, to a common currency; also witness governmental attempts at keeping the free market from determining exchange rates). It is possible that private digital currencies will solve this problem, since they are much cheaper to produce than paper money is to print and can be traded privately much easier. There are likely to still be some legal problems with them, although A. selecting the proper country to base an issuer out of and B. not actually making avaliable through the issuer the reverse transaction - privately produced money to governmental money - only transactions for governmental money to privately produced money and privately produced money for services and/or goods may do the trick. Greater spendability refers to that when this bond is converted to government-backed dollars, most businesses will currently accept such dollars. This is unlikely to be the case for the first few years for a private currency, although an increased ease of exchange of a digital (as opposed to governmental paper) currency may make up for this difficulty. I doubt that most of the governmental types involved in making this decision know about privately produced currencies... but some may, and may have encouraged central bankers et al (and those who oppose Greenspan for his (quite admirable) opposition to inflation, like numerous politicians) to encourage this idea; assuming complete innocence of a particular motive on the part of any large organization is generally about as ignorant (and often stupid) as assuming complete guilt. Moreover, government competition with the private sector is rarely beneficial; in this particular area, I'd point out that it isn't reducing the cost of borrowing, it's increasing it - when lenders can lend to the government, they're _not_ lending to private businesses and others who can make far better use of the money. This factor, in a large part, is why most economists are in favor of a reduction in the government deficit. -Allen P.S. Sorry about the lateness of this reply, but I'm just getting around to some of my earlier mail. From jimbell at pacifier.com Wed Dec 18 18:54:23 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 18 Dec 1996 18:54:23 -0800 (PST) Subject: Earl Edwin Pitts, $224,000 Message-ID: <199612190254.SAA18254@mail.pacifier.com> At 06:06 PM 12/18/96 -0800, Timothy C. May wrote: >At 8:20 PM -0500 12/18/96, Adam Shostack wrote: >>http://www.cnn.com/US/9612/18/fbi.spy/index.html >>FBI agent spied for Soviet Union, Russia. >>Too bad he didn't have access to the Clipper database. That would >>have helped us find its free market price. > >...and who's to say he didn't? Anyone who bought it--the Russians, for >example--would hardly have been likely to publicize their purchase. > >(Maybe if _we_ purchased it, we'd publicize the purchase, but nearly anyone >else would not.) Or maybe he could just _claim_ to have sold the database. That'd work just as well, I think. Think how much trouble the gov't would have to go to do disprove him! Jim Bell jimbell at pacifier.com From wombat at mcfeely.bsfs.org Wed Dec 18 18:56:16 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Wed, 18 Dec 1996 18:56:16 -0800 (PST) Subject: WARNING: VIRUS: [Was: Re: Encryption to the poors] In-Reply-To: <32B7D488.B6B@sk.sympatico.ca> Message-ID: A virus? IMHO, a virus is in some way self replicating. This is a trojan horse, and anyone who would run a .com file from someone called fuck at yourself.up should contact me immediately as I have some prime commercial real estate for sale kinda near Brooklyn. -r.w. On Wed, 18 Dec 1996, Carl Johnson wrote: > Alexander Chislenko wrote: > > The last message from Fuck at yourself.up contained a dirBomb > > virus as an attachment; file name GREETS.COM > > Make sure you don't execute it. > > Good idea. > I made that mistake when I got eMail from ThisIs at A.Bomb. > What could I have been thinking? > -- > Reply to:toto at sk.sympatico.ca > "There's only one two." > > > From wbrown at julian.uwo.ca Wed Dec 18 19:00:16 1996 From: wbrown at julian.uwo.ca (Wes Brown) Date: Wed, 18 Dec 1996 19:00:16 -0800 (PST) Subject: [books for children's hospitals Message-ID: <199612190259.VAA24570@julian.uwo.ca> excellent idea ! Date: Thu, 12 Dec 1996 15:27:19 -0800 (PST) >From: Dave Kinchlea >To: all at ami.lhsc.on.ca, everyone at heartlab.rri.uwo.ca, family at kinch.ark.com, > friends at kinch.ark.com >Subject: [OFF-TOPIC] RE: (Fwd) Books for Children's Hospitals (fwd) > >I have verified myself that this is true, seems worth taking the time. >While I fully expect to get some junk mail because of sending off a >message, seems a small price to pay to provide a book to a child. > >cheers, kinch > >---------- Forwarded message ---------- >Date: Thu, 12 Dec 1996 10:56:49 -0800 >From: "James A. Tunnicliffe" >To: "'cypherpunks at toad.com'" , > "'pjb at ny.ubs.com'" >Subject: [OFF-TOPIC] RE: (Fwd) Books for Children's Hospitals > >>Paul writes: >>i know that this is WAY off topic, and that we never post off-topic mail >>here, >>but, this seems worthwhile, so please excuse, (maybe flames for off-topic >>posts >>will count ) >> >>cheers, >> -paul >>>"The Houghton-Mifflin publishing co. is giving books to children's >>>hospitals; how many books they give depends on how many emails they >>>receive from people around the world. for every 25 emails they receive, >>>they give one book--it seems like a great way to help a good cause. >>> >>>All that you have to do is email share at hmco.com. >>> >>>I hope that you can spare the seconds...and let your friends know. So far >>>they only have 3,401 messages...last year they reached 23,000. >>> >>>This seems like an easy and simple thing to do -- please take the time!" > >My "urban legend detector" pegged when I saw this, but it turns out >to be on the level. See http://www.hmco.com/hmco/trade/hmi/polar/ >for more info. > >Tunny >====================================================================== > James A. Tunnicliffe | WWWeb: http://www.inference.com/~tunny > Inference Corporation | PGP Fingerprint: CA 23 E2 F3 AC 2D 0C 77 > tunny at Inference.com | 36 07 D9 33 3D 32 53 9C >====================================================================== > > From dlv at bwalk.dm.com Wed Dec 18 19:10:21 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Dec 1996 19:10:21 -0800 (PST) Subject: virus from fuck@yourself.up In-Reply-To: Message-ID: Genocide writes: > On Wed, 18 Dec 1996, ADAO-CRUZ Nuno wrote: > > > I send an e-mail to fuck at yourself.up but i receive the message:host > > unknown. Could someone explain that to me please. > > Please...tell me you are kidding!? "Cypher punks" are that dumb? No kidding. He he he. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tcmay at got.net Wed Dec 18 19:33:48 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 18 Dec 1996 19:33:48 -0800 (PST) Subject: Houghton-Mifflin wants spam in exhange for publicity In-Reply-To: <199612190259.VAA24570@julian.uwo.ca> Message-ID: At 9:59 PM -0500 12/18/96, Wes Brown wrote: >excellent idea ! Date: Thu, 12 Dec 1996 15:27:19 -0800 (PST) >>From: Dave Kinchlea >>To: all at ami.lhsc.on.ca, everyone at heartlab.rri.uwo.ca, family at kinch.ark.com, >> friends at kinch.ark.com ..... [long message elided] ... Which part was the "excellent idea," falling for the spam of a commercial company or copying a long message and only adding the stupid "excellent idea" comment? Personally, when I got the Houghton-Mifflin spam message, I sent them 5 very large files in reply. Glad to hear others have helped also to crash their damned mail servers. Anybody who thinks they were "trying to save the children" needs to take a wake up pill, read some Mencken or Clemens, and get real. It was a standard marketing ploy. The books were no doubt bought from cronies, sent to illiterates in crack houses, and everyone is happy. Those who spam our mailing list with commerical advertisements deserve death. And if that can't (yet) be delivered conveniently, mail bombs. Fuck Houghton-Mifflin and all those who fell for the spam. (Interestingly, it appears that a movement is already building to continually bombard them with mail, each and every Xmas. Next year the "Craig Shergold Effect" will ensure that their site gets taken down again.) -- [This Bible excerpt awaiting review under the U.S. Communications Decency Act of 1996] And then Lot said, "I have some mighty fine young virgin daughters. Why don't you boys just come on in and fuck them right here in my house - I'll just watch!"....Later, up in the mountains, the younger daughter said: "Dad's getting old. I say we should fuck him before he's too old to fuck." So the two daughters got him drunk and screwed him all that night. Sure enough, Dad got them pregnant, and had an incestuous bastard son....Onan really hated the idea of doing his brother's wife and getting her pregnant while his brother got all the credit, so he pulled out before he came....Remember, it's not a good idea to have sex with your sister, your brother, your parents, your pet dog, or the farm animals, unless of course God tells you to. [excerpts from the Old Testament, Modern Vernacular Translation, TCM, 1996] From dlv at bwalk.dm.com Wed Dec 18 20:40:41 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 18 Dec 1996 20:40:41 -0800 (PST) Subject: Attention Journalists (was Re: TIS_sue) In-Reply-To: Message-ID: Jewhater "Timothy C. May" farted: > > ("The development of Zyklon-B may signal the beginning of the end of the > long standing controversy regarding the Jewish problem.") What this net needs is the final solution to the "cypher punk" problem. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From kozubik at shoelace.FirstLink.com Wed Dec 18 21:50:36 1996 From: kozubik at shoelace.FirstLink.com (John Kozubik) Date: Wed, 18 Dec 1996 21:50:36 -0800 (PST) Subject: Big Brother moves to Oregon In-Reply-To: <3.0.1.32.19961216204945.0113666c@mail.teleport.com> Message-ID: > > "Welcome to the New Global Village. You are Customer Number 6." > Who is number one? I am number six. ...I am not a number....I am a free man! (hideous laughter) From dthorn at gte.net Wed Dec 18 22:05:13 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 18 Dec 1996 22:05:13 -0800 (PST) Subject: Cypherpunks as Philosopher Kings [was permanent invasion of privacy] In-Reply-To: <199612181741.KAA25446@infowest.com> Message-ID: <32B8DADE.7C28@gte.net> attila at primenet.com wrote: > Currently, I am not sure what the charter of cypherpunks > really stands for, if anything. As it stands, the list has > a far more erudite group than the list it probably should be. > certainly more privacy and social engineering issues resulting > from the deprivation of privacy than code. I note that the cypherpunks subscriptions are down to 1262 as of 18 Dec., compared to 1299 on 30 Nov., 1353 on 04 Nov., and 1361 on 12 Oct. [snip] > However, if the Libertarian Party can not field a better candidate > than Harry Brown, anarchy, or a premature dictatorship, it will be. > The US is in the last laugh of the oligarchy at this point in time. Is there an assumption that we really have politics as usual, nowadays in the U.S.? Or could it be that there has been a fundamental change, where the leadership has been decapitated via assassinations, both literal and of character? [mo' snip] > out of curiosity I was poking around a bit; he apparently has > legislative backers. I would be surprised if the bill made it out > a subcommittee hearing. however, his theory melds nicely with the > intentions of superbitch; > ::Before we go licensing parents, we ought to license people who > ::want to be Big Brothers...... Out of curiosity, I asked around myself, beginning with some entrepreneurs who made it up the hard way. I expected the same as c-punks, i.e., "the hell with those bastards", etc. No such luck. The White Folk here in Orange County (those who are doing well, which is most of them) think this is a great idea. From unde0275 at frank.mtsu.edu Wed Dec 18 22:19:04 1996 From: unde0275 at frank.mtsu.edu (Internaut) Date: Wed, 18 Dec 1996 22:19:04 -0800 (PST) Subject: The virus I got... Message-ID: <01BBED42.25E4D9C0@s10-pm08.tnstate.campus.mci.net> From: Mark Rosen[SMTP:mrosen at peganet.com] Sent: Wednesday, December 18, 1996 04.37 PM >Oh, and as far as I know, no virus was installed, >though you should check for one just for good measure. There was one, though I don't remember what it's name was. Maby it was Monkey. I already deleted it. --Internaut From blancw at cnw.com Wed Dec 18 22:50:45 1996 From: blancw at cnw.com (blanc) Date: Wed, 18 Dec 1996 22:50:45 -0800 (PST) Subject: permanent invasion of privacy Message-ID: <01BBED36.461F64A0@king1-10.cnw.com> From: Dale Thorn, who hasn't a clue [on why the cpunks of late haven't discussed children's point of view]: Not lately? And why is that? Don't know, Dale. Would everyone please send a message to Dale, explaining why you haven't been discussing this? -- [on the possibility that abused children might be helped by the uses of encryption]: How is an abused child going to be helped by encryption? Why are you on this list, Dale? -- [on why, as I said, "empathy with children is not borne of government, but of a normal state of mind"]: That's just rhetoric. What normal state of mind? Takes one to know one, Dale. -- [on going out to alt.philosphy.objectivism to evoke detailed discussions of pertinence to his interest in benefitting from government programs]: In other words, if it doesn't offer something for me, the selfish adult, I don't wanna hear it. I'm not *obliged* to hear, it Dale. .. Blanc From dthorn at gte.net Wed Dec 18 22:51:30 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 18 Dec 1996 22:51:30 -0800 (PST) Subject: Echelon: The Global Surveillance System (fwd) In-Reply-To: Message-ID: <32B8E5BD.5E4E@gte.net> jamie dyer wrote: > Found this on another mailing list. > EXPOSING THE GLOBAL SURVEILLANCE SYSTEM > by Nicky Hager > IN THE LATE 1980S, IN A DECISION IT PROBABLY REGRETS, THE US PROMPTED > NEW ZEALAND TO JOIN A NEW AND HIGHLY SECRET GLOBAL INTELLIGENCE > SYSTEM. HAGER'S INVESTIGATION INTO IT AND HIS DISCOVERY OF THE ECHELON > DICTIONARY HAS REVEALED ONE OF THE WORLD'S BIGGEST, MOST CLOSELY HELD > INTELLIGENCE PROJECTS. THE SYSTEM ALLOWS SPY AGENCIES TO MONITOR MOST > OF THE WORLD'S TELEPHONE, E-MAIL, AND TELEX COMMUNICATIONS. Note that John Judge, political/conspiracy researcher, has described much or most of this material in detail in his papers and speeches, several years ago. The Opal File, also several years old, details the economic takeover of New Zealand area by various parties, along with the installment of satellites by Hughes Corp., ostensibly to search for oil and all that stuff. I don't have any really current Judge material, but if he's still alive, he's probably researching the use of non-Hertzian/directed/pulsed energy formats, or even cryptography of a fundamentally different nature than what is commonly discussed here. From sameer at c2.net Wed Dec 18 22:58:03 1996 From: sameer at c2.net (sameer) Date: Wed, 18 Dec 1996 22:58:03 -0800 (PST) Subject: C2NET ANNOUNCES STRONGHOLD 2.0, BUNDLED THAWTE CERTIFICATES Message-ID: <199612190657.WAA01162@laptop.c2.net> For Release: December 19, 1996 C2Net: Douglas Barnes, +1 510 986 8770, cman at c2.net UK Web: Dave Williams, +44 0113 222 0046, dwilliams at ukweb.com Thawte Consulting: Mark Shuttleworth, +27 21 975 4675, marks at thawte.com C2NET ANNOUNCES STRONGHOLD 2.0, BUNDLED THAWTE CERTIFICATES Oakland, CA -- C2Net Software, an Oakland-based security software company, announced today the beta release of Stronghold 2.0. Stronghold is currently the second most popular commercial webserver on the Unix platform, according to the Netcraft survey of webservers on the Internet. (see: http://www.netcraft.co.uk/survey/) Bundled With Thawte Certificates ================================= Additionally, C2Net and Thawte Consulting cc, a certificate authority based in South Africa, jointly announced a bundled product: a Stronghold webserver and a Thawte server certificate. The bundle will sell for $545; Stronghold alone lists at $495. Thawte's main competitor, Verisign, sells web server certificates for $290; similar certificates are $100 when purchased separately from Thawte. "We can now offer our customers the convenience of one-stop shopping when setting up a secure web site," said C2Net President Sameer Parekh. "Thawte is now poised to be a significant competitor to VeriSign, and we think that competition in this area is very healthy and will bring greater value to the entire Internet" Certificates are used for secure connections to authenticate the server to the client. People using Netscape and Microsoft browsers can connect to sites using both Thawte and VeriSign certificates because the "root certificates" for these companies come pre-loaded with the Netscape and Microsoft browsers. New Features in Version 2.0 =========================== Stronghold 2.0 is adding a number of new features users have been asking for. "We've redesigned the security interfaces and built on the new Apache 1.2 code base," commented Mark Cox, Stronghold product manager at UK Web. "Stronghold has had many productivity and performance enhancements and it is now fully compliant with the new HTTP/1.1 standard." The HTTP/1.1 standard is a significant update to HTTP/1.0, the protocol that governs how web browsers and web servers communicate. HTTP/1.1 brings many new features to the table, including improved content and language negotiation, improved persistent connections, and better recovery from interrupted transfers. (For more information on HTTP/1.1, see http://www.apacheweek.com/features/http11/) Stronghold 2.0b1 also incorporates a number of popular features from the Thawte webserver, Sioux, including more flexible directives for specifying security properties and improved certificate-based authentication. A subsequent beta version of Stronghold 2.0 will contain a full-fledged grapical configuration manager, based on the one in Sioux, as well as support for the latest version of the SSL protocol, known as SSLv3. Merged With Sioux ================= Along with the bundling agreement, Thawte and C2Net have merged their webserver products, Sioux and Stronghold. "This gives us a chance to focus more of our energy on our certificate business," said Mark Shuttleworth of Thawte Consulting. "By doing this, our two companies will be better able to compete in both the web server and certificate- issuing markets." Existing Sioux customers will be able to upgrade to the new version of Stronghold for $95. Upgrade Policy ============== Starting today, users who purchase Stronghold will be guaranteed a free upgrade to 2.0 when it gets out of beta testing. Other existing Stronghold users will probably need to pay a $95 upgrade fee, depending on when they purchased the product. Stronghold is developed outside of the United States, and is distributed within the US and Canada by C2Net (http://stronghold.c2.net/) and in the rest of the world by UK Web (http://stronghold.ukweb.com/). All versions of the product use uncompromised, full-strength cryptography. Background ========== C2Net (previously known as Community ConneXion, Inc.) is the leading provider of uncompromising security on the Internet. In addition to Stronghold (http://stronghold.c2.net/), C2Net also markets SafePassage Web Proxy (http://stronghold.ukweb.com/safepassage/), a product that allows users of popular web browsers to use full-strength cryptography worldwide. UK Web Limited is a leading Internet services company specialising in server technology, Internet security, business solutions and effective site design. They are the international distributors for both Stronghold and SafePassage products. Portions of Stronghold were developed by the Apache Group, and were taken with permission from the Apache Server http://www.apache.org/. Stronghold also includes software developed by Eric Young (eay at mincom.oz.au). Contacts ======== C2Net: Douglas Barnes, +1 510 986 8770, cman at c2.net UK Web: Dave Williams, +44 0113 222 0046, dwilliams at ukweb.com Thawte Consulting: Mark Shuttleworth, +27 21 975 4675, marks at thawte.com New with Stronghold v2.0b1 http://stronghold.c2.net/get/beta/ == Security In Stronghold 2.0b1 we've upgraded to the latest SSL and cryptography library, with a number of performance improvements, particularly in the DES implementation. The security/SSL architecture in Stronghold has been rewritten to take advantage of the Sioux source code base and the various features in Sioux. SSL client authentication has been improved. Regular expression-based matching of client certificate information to determine access control is possible. Stronghold now has an API for certificate to username mapping so that client certificates may be mapped to standard usernames. Session ID caching is now more robust. The sessiond is no longer needed, because the session ID cache is within the same address space as the server processes. == Ease of Use The Stronghold documentation has been revised and improved greatly since the last release. The 2.0b1 documentation is now three hundred pages long and will grow to include more extensive documentation for the final release. The documentation is available in both PostScript and HTML formats. The server has more command line options which provide information about the server. In particular, you can get a list of all the modules in the server or a full listing of all configuration directives that are supported by that binary. Compiling the server to add/remove new modules is also much easier. The Configure script automatically detects which operating system the server is running on and sets the compilation flags appropriately. Stronghold is now easier to install, with more verbose text during the install. Stronghold now comes with binaries for a number of useful management utilities, such as htpasswd, htdigest, and dbmmanage. == Functionality Stronghold is now compliant with HTTP/1.1, the latest in web protocol technology. Stronghold is the first commercial webserver to support HTTP/1.1. Stronghold 2.0b1 includes the lastest beta version of Apache (1.2b2), which includes a number of improvements, in addition to a large number of bugfixes. The server status page has been improved include additional information, including virtual hosts and client side certificates. The status page is also much more readable. Stronghold has a more fully-functional server-side includes mechanism, including the "eXtended Server Side Includes" SSI format. Stronghold provides server admins the ability to easily setup cookie-based user tracking so the admin can see what path through their site the users have been taking. It is now possible to restart the server and reload the configuration files without interrupting connections which are currently in progress. Stronghold is now compatible with the NCSA "Satisfy" directive for access control. CGI scripts are now "unbuffered". By unbuffering the CGI scripts it is possible to do things using normal CGI that were previously only possible using "nph". More information is available to ErrorDocument handlers about the cause of the error via the use of the ERROR_MSG environment variable. == New Bundled Modules Stronghold now bundles PHP, a very powerful language for dynamic content and database connectivity. PHP provides for database connectivity to mSQL, Postgres95, Solid, and mysql servers. Using PHP, Stronghold can now generate web pages on the fly using a very powerful C-like language for processing forms input, database queries, etc. Stronghold now bundles with SWISH/WWWWAIS search engine for indexing and searching through web sites. Stronghold now comes with the proxy module enable by default. The proxy module has also been significantly improved since the previous version. A full-featured URI rewriting language that allows server administrators to define rules for transforming URIs. Support for the DigiCash ecash protocol is now built into the server. Using this module it is possible to set up an ecash-accepting shop on the Internet without an actual account with an ecash-issuing bank. == Configurability It is now possible with Stronghold to configure the server such that user's CGI scripts are run under their own UID, with their own permissions, instead of the UID of the server, with the same permissions as the rest of the server or other CGI programs run by other users. Many directives now support regular expressions, so configuration options can be set based on regular expression matching criteria. The new container allows server adminstrators to set configuration options on a much finer basis, down to individual files in directories. Server administrators can now set environment variables based on which web browser the client is using. These environment variables can be used to deliver different web pages, or work around bugs in various different browsers. Configurable logging is now the default, and has been enhanced. It is now possible to create a number of different logfiles each with their own configurable logging format. It is also now possible to setup a virtual host which listens to more than one IP number, or more than one port. It is easier in Stronghold 2.0b1 to debug CGI scripts. The server administrator or CGI author can configure logfiles where CGI error messages and diagnostic information get stored. The entire server can protect itself from runaway CGI scripts by configuring in the resource limits for CGI that are now available in Stronghold. Server redirects are more configurable. The client can now be told whether or not a redirect is temporary, permanent, or if the requested object is completely gone. The "Options" directive is much more configurable. It's possible now using the "Options" directive to add and remove options from the current set of "Options" merely by prepending a '-' or '+' to the option name. There is now a configuration directive to set and remove HTTP headers. Using this directive various directories or various files can have custom headers attached if the server administrator wants to easily support some of the many HTTP extensions. The configuration file can include directives which are turned on or off conditionally depending on whether or not certain modules are compiled into the server. From Thanks at yourself.up Wed Dec 18 23:14:34 1996 From: Thanks at yourself.up (Thanks at yourself.up) Date: Wed, 18 Dec 1996 23:14:34 -0800 (PST) Subject: Thank you all for the help. Message-ID: <199612190712.XAA15415@telnor.net> RareTrip Mexico Baja California Norte Ensenada -I think, therefore i am.- <---Sorry you didn't do it The file you received was the HUSH Trojan, of course it was Encrypted using Cryptcom of Nowhere Man and ICE. So ITS NOT A VIRUS! I am not proud of what i did, but if i can get you to gain knowledge (NEVER RUN FILES ATTACHED TO AN EMAIL) i would do it no matter what. Dont say i didn't warn you (fuck at yourself.up) Hey guys! No hard feelings ok. Sorry. i feel bad. need a doctor. ******** You can email the next address: AVSECURE at HOTMAIL.COM ***************** From Thanks at yourself.up Wed Dec 18 23:14:38 1996 From: Thanks at yourself.up (Thanks at yourself.up) Date: Wed, 18 Dec 1996 23:14:38 -0800 (PST) Subject: Thank you all for the help. Message-ID: <199612190712.XAA15417@telnor.net> >To: cypherpunks at toad.com >From: Thanks at yourself.up >Subject: Thank you all for the help. > >RareTrip >Mexico Baja California Norte Ensenada >-I think, therefore i am.- <---Sorry you didn't do it > >The file you received was the HUSH Trojan, of course it was Encrypted using Cryptcom of Nowhere Man and ICE. So ITS NOT A VIRUS! >I am not proud of what i did, but if i can get you to gain knowledge (NEVER RUN FILES ATTACHED TO AN EMAIL) i would do it no matter what. >Dont say i didn't warn you (fuck at yourself.up) >Hey guys! No hard feelings ok. Sorry. i feel bad. need a doctor. > >******** You can email the next address: AVSECURE at HOTMAIL.COM ***************** > From Thanks at yourself.up Wed Dec 18 23:14:45 1996 From: Thanks at yourself.up (Thanks at yourself.up) Date: Wed, 18 Dec 1996 23:14:45 -0800 (PST) Subject: Thank you all for the help. Message-ID: <199612190712.XAA15419@telnor.net> >To: cypherpunks at toad.com >From: Thanks at yourself.up >Subject: Thank you all for the help. > >RareTrip >Mexico Baja California Norte Ensenada >-I think, therefore i am.- <---Sorry you didn't do it > >The file you received was the HUSH Trojan, of course it was Encrypted using Cryptcom of Nowhere Man and ICE. So ITS NOT A VIRUS! >I am not proud of what i did, but if i can get you to gain knowledge (NEVER RUN FILES ATTACHED TO AN EMAIL) i would do it no matter what. >Dont say i didn't warn you (fuck at yourself.up) >Hey guys! No hard feelings ok. Sorry. i feel bad. need a doctor. > >******** You can email the next address: AVSECURE at HOTMAIL.COM ***************** > From Thanks at yourself.up Wed Dec 18 23:14:52 1996 From: Thanks at yourself.up (Thanks at yourself.up) Date: Wed, 18 Dec 1996 23:14:52 -0800 (PST) Subject: Thank you all for the help. Message-ID: <199612190713.XAA15422@telnor.net> >To: cypherpunks at toad.com >From: Thanks at yourself.up >Subject: Thank you all for the help. > >RareTrip >Mexico Baja California Norte Ensenada >-I think, therefore i am.- <---Sorry you didn't do it > >The file you received was the HUSH Trojan, of course it was Encrypted using Cryptcom of Nowhere Man and ICE. So ITS NOT A VIRUS! >I am not proud of what i did, but if i can get you to gain knowledge (NEVER RUN FILES ATTACHED TO AN EMAIL) i would do it no matter what. >Dont say i didn't warn you (fuck at yourself.up) >Hey guys! No hard feelings ok. Sorry. i feel bad. need a doctor. > >******** You can email the next address: AVSECURE at HOTMAIL.COM ***************** > From Thanks at yourself.up Wed Dec 18 23:15:02 1996 From: Thanks at yourself.up (Thanks at yourself.up) Date: Wed, 18 Dec 1996 23:15:02 -0800 (PST) Subject: Thank you all for the help. Message-ID: <199612190713.XAA15424@telnor.net> >To: cypherpunks at toad.com >From: Thanks at yourself.up >Subject: Thank you all for the help. > >RareTrip >Mexico Baja California Norte Ensenada >-I think, therefore i am.- <---Sorry you didn't do it > >The file you received was the HUSH Trojan, of course it was Encrypted using Cryptcom of Nowhere Man and ICE. So ITS NOT A VIRUS! >I am not proud of what i did, but if i can get you to gain knowledge (NEVER RUN FILES ATTACHED TO AN EMAIL) i would do it no matter what. >Dont say i didn't warn you (fuck at yourself.up) >Hey guys! No hard feelings ok. Sorry. i feel bad. need a doctor. > >******** You can email the next address: AVSECURE at HOTMAIL.COM ***************** > From sorry at lame.guys Wed Dec 18 23:15:10 1996 From: sorry at lame.guys (sorry at lame.guys) Date: Wed, 18 Dec 1996 23:15:10 -0800 (PST) Subject: Info about FUCK@YOURSELF.UP Message-ID: <199612190713.XAA15427@telnor.net> Ok, you better sleep nicely cause i would never again Post nothing to this list. Sorry again. Sincerely *RareTrip* From stewarts at ix.netcom.com Thu Dec 19 00:27:08 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 19 Dec 1996 00:27:08 -0800 (PST) Subject: Password Keystroke Snarfer Programs Message-ID: <1.5.4.32.19961219082542.003d493c@popd.ix.netcom.com> Several articles on the PGP-users mailing list have discussed keystroke snarfers that unexpectedly grab and save keystrokes, including passwords, severely weakening any benefits from encryption. taoboy mentioned Mac programs FileGuard and HiddenOasis and the SpellCatcher spell-check program's Ghostwriter feature, which he'd noticed had stuck his password into a disk file; he suggests that Windows machines probably have similar surprises. From: patm at connix.com (Pat McCotter) > Which is why, every once in a while, I do a search of my entire disk for my > PGP pass phrase and various other passwords I use. [....] I do this with > Norton DiskEditor. I have to upgrade to do this on my Win95 machine which I > understand is much worse than Win3.x in this area. Be careful - PGP goes to a lot of effort to overwrite your passphrase when it's done using it; Norton or grep or other disk-crawlers are unlikely to do so, because that sort of paranoia's not part of their job, and simply typing in a command in a command window will often get it saved in a command history file. So your search for the passphrase on disk makes it _more_ likely that some program will stash it on your disk... You could work around this by using a complex passphrase and adding a distinctive word to the end, e.g. "mumblefrotz foobaroid zarquon FINDTHIS", which doesn't become much less secure if the FINDTHIS gets left on the disk from your "grepemall FINDTHIS c:" command. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list, please Cc: me on replies. Thanks.) From otaner at boun.edu.tr Thu Dec 19 03:31:15 1996 From: otaner at boun.edu.tr (SHARK) Date: Thu, 19 Dec 1996 03:31:15 -0800 (PST) Subject: Encryption ? Message-ID: I am a Mathematic student at Bosphorus University in Turkey. I am interested in both computer applications and mathematical base of encryption.Where can I find this kind of staff on internet. Is it necessary to have high level of mathematical background in order to deal with encryption?? By the way Is there any member of this list from Turkey? From jamie at comet.net Thu Dec 19 03:39:25 1996 From: jamie at comet.net (jamie dyer) Date: Thu, 19 Dec 1996 03:39:25 -0800 (PST) Subject: Mr. throw@yourself.up Message-ID: -----BEGIN PGP SIGNED MESSAGE----- He's some little turd at telnor.net. Probably rex at telnor.net Throw ftp://ftp.telnor.net/pub/firewall/downloaders.HTM into your favorite browser. The ftp server is world writable too. Fuckin' IRC scum. Oh yeah. Merry Christmas. jamie - ------------------------------------------------------------------------------ jamie at comet.net | Comet.Net | Send empty message | Charlottesville, Va. | to pgpkey at comet.net | (804)295-2407 | for pgp public key. | http://www.comet.net | "When buying and selling are controlled by legislation, the first things to be bought and sold are legislators" -P.J. O'Rourke. - ------------------------------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMrkpX/MDfTuunU79AQEeogf+Lq4bmq3klEUXHyMAozReqBJgX55AshYs SKh+dZUSEd4kXGM2zDbApLyO8htzxVlpMfcql8ra//9S55OqIOrI3EaVlm3MJ1jt q0oBLM93SNPUmExVAiR38LEybPi7m8qWpfPj6xQUrt20Jlh3FG1aZJJW0JxW1vHP QwsZCbp2QKifCYA+ej404HdsVjfPoC/IyTcZ/QTi5BOcXMLRbjkfLb3XuVjPfuiE 5wrqqVnXmQpGOp9Pd1yUHvGUYcxKIRBqx23IwaxcIpfONtWsDfTlZixLGZNVOjc8 SJmbOukE+KeOSJRElwrJFuWVTB+qtTyif9qksopmuj6vsCQpbrQ94g== =aDfS -----END PGP SIGNATURE----- From geeman at best.com Thu Dec 19 04:14:54 1996 From: geeman at best.com (geeman at best.com) Date: Thu, 19 Dec 1996 04:14:54 -0800 (PST) Subject: Proof that "cypher punks" have complete degenerated... In-Reply-To: Message-ID: <32B8C36E.23A9@best.com> It wasn't worth commenting on. Appending data after the ctrl-Z as stego? Not even worth a letter to the ed! Dr.Dimitri Vulis KOTM wrote: > > No one even commented on the latest Dr. Dobbs issue. > > --- > > Dr.Dimitri Vulis KOTM > Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From toto at sk.sympatico.ca Thu Dec 19 05:07:31 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Thu, 19 Dec 1996 05:07:31 -0800 (PST) Subject: Pretty Lousy Privacy In-Reply-To: <1.5.4.32.19961217131004.006a82e4@pop.pipeline.com> Message-ID: <32B94EE7.2593@sk.sympatico.ca> John H West wrote: > Are Dr DVT & Ray Arachelian the same pair who relentlessly > spammed the Net about three years ago re: what Turkey did > to the Armenians circa 1918 ?? John, Dr. DVT is the spammer. Ray Arachelian is a spammee. > PS: Will PLP be shareware or proprietary ? It will be improtietary. -- Reply to:toto at sk.sympatico.ca "There's only one two." From jya at pipeline.com Thu Dec 19 05:33:23 1996 From: jya at pipeline.com (John Young) Date: Thu, 19 Dec 1996 05:33:23 -0800 (PST) Subject: BUY_spy Message-ID: <1.5.4.32.19961219132943.006a613c@pop.pipeline.com> 12-18-96. "Special Chips Off-Load and Speed Encryption Transactions" Buy-spy GAK chips from IRE, Rainbow, Atalla, IBM. "Clinton administration opposed to encryption bills" "Goodlatte to resubmit encryption bill" Commerce Department has said it expects to issue rules implementing the new Clinton export policy by January 1, 1997. [NYT reports final rules are due out December 22.] "Method and apparatus for the secure communication of data" Patent: An auto-dialer suitable for use as a smart card capable of being acoustically coupled to a telephone and being reprogrammed in response to acoustic signals. A device for generating a set of tones encoded with data. "Enciphered file sharing method (Fujitsu)" Patent: An enciphered file sharing method adapted to an area distributed type data processing system. "EMD Encryptor; First 32-Bit desktop utility to provide multiple encryption capabilities for home and corporate computer users Largest encryption key size: 256-bit. ----- BUY_spy From Mullen.Patrick at mail.ndhm.gtegsc.com Thu Dec 19 07:05:26 1996 From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick) Date: Thu, 19 Dec 1996 07:05:26 -0800 (PST) Subject: The virus I got... Message-ID: You already had the Monkey (or whatever) virus. It was not included in the file distributed to the list. The file was a pure Trojan, not infector. PM _______________________________________________________________________________ From: Internaut on Thu, Dec 19, 1996 3:30 Subject: RE: The virus I got... From: Mark Rosen[SMTP:mrosen at peganet.com] Sent: Wednesday, December 18, 1996 04.37 PM >Oh, and as far as I know, no virus was installed, >though you should check for one just for good measure. There was one, though I don't remember what it's name was. Maby it was Monkey. I already deleted it. --Internaut From dlv at bwalk.dm.com Thu Dec 19 07:12:15 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Dec 1996 07:12:15 -0800 (PST) Subject: Cypherpunks as Philosopher Kings [was permanent invasion of privacy] In-Reply-To: <32B8DADE.7C28@gte.net> Message-ID: <8iu7yD1w165w@bwalk.dm.com> Dale Thorn writes: > I note that the cypherpunks subscriptions are down to 1262 as of 18 Dec., > compared to 1299 on 30 Nov., 1353 on 04 Nov., and 1361 on 12 Oct. Has John Gilmore (spit) been unsuscriving more people? What a jerk. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Thu Dec 19 07:13:59 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Dec 1996 07:13:59 -0800 (PST) Subject: Earl Edwin Pitts, $224,000 In-Reply-To: Message-ID: <06u7yD5w165w@bwalk.dm.com> "Timothy C. May" writes: > According to tonight's news reports, he was in charge of > counterintelligence against the Soviets and then the Russians in the New > York area. This gave him considerable access to surveillance and crypto > methods. Note also that James Kallstrom heads up the New York FBI office. > > (Maybe he knows some members of this list.) No shit! I just realized that I think I did meet this guy!!! --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Thu Dec 19 07:15:54 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Dec 1996 07:15:54 -0800 (PST) Subject: "I've Always Wondered..." In-Reply-To: Message-ID: Rabid Wombat writes: > On 10 Dec 1996, Secret Squirrel wrote: > > > > > Still, this brings up an interesting point: Considering the special > > abilities of many of the principals here, is there something especially > > tasty in store for those net predators who spam this list? > > > > I've always imagined something _very_ special happens to their accounts, > > but I may just be a hopeless romantic, I dunno... > > > > If not, why not? > > > > Even c'punks are busy at times. He he he. Clearly, "cypher punks" like Paul Bradley, Ray Arachalian, and Timmy May suffer from too having too much free time. Idle minds are the root of sexual perversion or some such. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Thu Dec 19 07:16:30 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Dec 1996 07:16:30 -0800 (PST) Subject: Earl Edwin Pitts, $224,000 In-Reply-To: <199612190254.SAA18254@mail.pacifier.com> Message-ID: jim bell writes: > >>http://www.cnn.com/US/9612/18/fbi.spy/index.html > >>FBI agent spied for Soviet Union, Russia. > > >>Too bad he didn't have access to the Clipper database. That would > >>have helped us find its free market price. > > > >...and who's to say he didn't? Anyone who bought it--the Russians, for > >example--would hardly have been likely to publicize their purchase. > > > >(Maybe if _we_ purchased it, we'd publicize the purchase, but nearly anyone > >else would not.) > > Or maybe he could just _claim_ to have sold the database. That'd work just > as well, I think. Think how much trouble the gov't would have to go to do > disprove him! Look at the hoops the Klinton administration jumps through to prove that flight TWA wasn't shot down by their missile. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dthorn at gte.net Thu Dec 19 07:36:57 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 19 Dec 1996 07:36:57 -0800 (PST) Subject: permanent invasion of privacy In-Reply-To: <01BBED36.461F64A0@king1-10.cnw.com> Message-ID: <32B96006.13B0@gte.net> blanc wrote: > From: Dale Thorn, who hasn't a clue > [on why the cpunks of late haven't discussed children's point of view]: > Not lately? And why is that? > Don't know, Dale. Would everyone please send a message to Dale, > explaining why you haven't been discussing this? If all you want to be is an asshole, why do you bother with me? Surely you could pick a more "respected" target, yes? Looks like you: 1. Don't have anything to do, and 2. Feel insecure, and 3. Feel inferior to me (wonder why), and 4. Don't have any real answers. > [on the possibility that abused children might be helped by the uses of > encryption]: How is an abused child going to be helped by encryption? > Why are you on this list, Dale? To get non-answers from ignorants like yourself, I guess. > [on why, as I said, "empathy with children is not borne of government, but > of a normal state of mind"]: > That's just rhetoric. What normal state of mind? > Takes one to know one, Dale. I hope you're saying that I'm not on the same wavelength as you and *certain* other c-punks. I feel better already. > [on going out to alt.philosphy.objectivism to evoke detailed discussions of > pertinence to his interest in benefitting from government programs]: > In other words, if it doesn't offer something for me, > the selfish adult, I don't wanna hear it. > I'm not *obliged* to hear, it Dale. Yeah, but you're obliged to partake one way or the other. Ya' know, you and a few other people whine a lot about government intrusion this or that (when you take your head out of the sand momentarily), but like selfish little children, you cover your ears when the news is unpleasant, like that's going to make a difference. Maybe if you got off your ass and did something worthwhile for society, things would really change for the better. But I won't hold my breath. From dthorn at gte.net Thu Dec 19 07:37:23 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 19 Dec 1996 07:37:23 -0800 (PST) Subject: Encryption ? In-Reply-To: Message-ID: <32B960E3.1E2E@gte.net> SHARK wrote: > > I am a Mathematic student at Bosphorus University in Turkey. > I am interested in both computer applications and mathematical base of > encryption.Where can I find this kind of staff on internet. > Is it necessary to have high level of mathematical background in order to > deal with encryption?? > > By the way Is there any member of this list from Turkey? There are a lot of NSA people here on cypherpunks, and they try very hard to control encryption, to make everyone think it is difficult, to discourage independent inquiry. That is the main reason they accuse people of being snakeoil vendors, to discourage people from inquiring about really new ideas, like some of my ideas for example. Just so you know.... From trei at process.com Thu Dec 19 07:53:27 1996 From: trei at process.com (Peter Trei) Date: Thu, 19 Dec 1996 07:53:27 -0800 (PST) Subject: !! Point 'n Crypt -- Win95 Privacy for Everyone !! Message-ID: <199612191553.HAA24151@toad.com> > From: Walt Armour > Subject: RE: !! Point 'n Crypt -- Win95 Privacy for Everyone !! > Security through obscurity is no security at all. > > As for PnC (actually, the scCryptoEngine beneath it), we get the 40 bits > from the 56 bits by nulling out the high nybble of every other byte. > > walt > > ---------- > From: Peter Trei[SMTP:trei at process.com] > Would you mind telling us just how you expand the 40 key to the 56 > bits needed for DES? (Security through obscurity has a bad rep on > this list). For many methods of doing so, 40bit DES is NOT > secure against a motivated individual's attack. > > Peter Trei > trei at process.com Thanks for being so forthcoming! There are methods for using 40 bit keys that are a lot better than this. My contention stands: 50 200MHz Pentiums *WILL* crack this overnight. A single 100 MHz Pentium will do it in a month. (This assumes a known plaintext attack in EBC or CBC mode). Not utterly trivial, but well within the means of a motivated individual. Peter Trei trei at process.com From dlv at bwalk.dm.com Thu Dec 19 08:11:15 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Dec 1996 08:11:15 -0800 (PST) Subject: Proof that "cypher punks" have complete degenerated... In-Reply-To: <32B8C36E.23A9@best.com> Message-ID: <0ay7yD9w165w@bwalk.dm.com> "geeman at best.com" writes: > It wasn't worth commenting on. The word "encryption" on the fucking front cover? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From richieb at teleport.com Thu Dec 19 08:13:52 1996 From: richieb at teleport.com (Rich Burroughs) Date: Thu, 19 Dec 1996 08:13:52 -0800 (PST) Subject: EFF: Bernstein court declares crypto restrictions unconstitutional Message-ID: <3.0.32.19961219081440.011367cc@mail.teleport.com> > COURT DECLARES CRYPTO RESTRICTIONS UNCONSTITUTIONAL > Free Speech Trumps Clinton Wiretap Plan > >December 18, 1996 [snip] This is the best news that I have heard in some time :) Congrats to John, EFF, Cindy Cohn, and the other counsel for Professor Bernstein. I am very much looking forward to seeing that decision... Rich ______________________________________________________________________ Rich Burroughs richieb at teleport.com http://www.teleport.com/~richieb U.S. State Censorship Page at - http://www.teleport.com/~richieb/state dec96 issue "cause for alarm" - http://www.teleport.com/~richieb/cause From ddt at pgp.com Thu Dec 19 09:07:32 1996 From: ddt at pgp.com (Dave Del Torto) Date: Thu, 19 Dec 1996 09:07:32 -0800 (PST) Subject: passphrase protection (was: Re: [PGP-USERS] Security LeakPrograms) In-Reply-To: <199612150251.SAA14543@m9.sprynet.com> Message-ID: In Reply to the Message wherein it was written: >I have just in the last few minutes realized how I need to bring attention >to the security level of my own computer or PGP means NOTHING in terms of >protection. Indeed, Floyd: the dirty little secret is that passphrase protection is a more serious weakness than almost any other factor. I don't just mean dictionary attacks: those are way too expensive if you can just grab a text stream saved to an invisible file on an unsuspecting user's net-accessible machine. The new generation of PGP software (3.x) includes several new prompts/enhancements to the passphrase entry process: perhaps subsequent releases could take those even further into the realm of system-level monitoring. >PZ writes in the manual about the inability to fully wipe, etc. >when using virtual memory but this problem I just encountered in security >goes beyond that, I believe. >I have been installing a Macintosh program, FileGuard, which adds several >levels of security. I knew about and had used the invisible extension >HiddenOasis that saves EVERY keystroke made on the machine. I started doing an informal survey of all key capture utilities (on all platforms) a couple of years back, but there were so few utilities publicly available back then, very few respondents came back at me with items to list. It occurred to me then that if there _were_ persons trying to grab passphrases from an individual's machine, it would be a significant advantage to have "invisible" keystroke monitors and for all knowledge of the existence of such utilities to remain a closely-guarded secret (from, say, the laptop of an FBI counter-intelligence instructor suspected of selling secrets to foreign agents for a few hundred thousand dollars, or something improbable like that). However, it's not the "good guys" we mainly need to be concerned with: there is a great deal of industrial espionage that needs some sunshine. The viability of personal privacy software in the marketplace is threatened if such utilities spread: as a responsible company protecting both the public's interest and our own company's survival, we need to plan for very sophisticated passphrase attacks and constantly educate users about this danger. That having been said, this invisible "HiddenOasis" item you mention is a new one to me: I'd like a copy to test in our lab and my interest in hearing about everyone's favorite keycapture utility is rekindled. Maybe my boss will let me devote, oh, about 0.73% of my time to this. ;) PGP's engineers have already spec'ed out some good defenses against subtle attacks like ion migration (memory burn-in), and with everyone's help (we can't watch every security leak, that's why we need you guys!), we can continue to work up defenses against such wee beasties. Any whistleblowers are also invited to drop a dime: my public key is widely available (even clickable) through the header URL above and we still have anonymous remailers in this country. Nudge-nudge, say no more, etc. [elided] >To my surprise as I set user priveledges with FileGuard, I saw a previously >unnoticed folder far from my root directory called, "Ghostwriter." This gives new meaning to the term "spook"... >I rummaged through it and many, most of the files therein (900k of files) >showed various passwords I had consdered absolutely uncompromised in >plaintext. It's quite a shocking feeling to realize what defaults are built into some popular commercial apps, isn't it? :/ You don't often see "insignificant" items like this get mentioned in any popular reviews either. It could be that even more users out there are ignorant of this issue than there are sysadmins who haven't read up on the SYN attack. >It turns out that the spell-check program, SpellCatcher [elided] created >these files which (from the manual), "For the Ghostwriter feature, Spell >Catcher saves a continuous stream of keystrokes to a text file inside the >SPEL CATCHER FOLDER." The manual does mention disabling Ghostwriter before >typing a "sensitive password." But offers no way to PERMANENTLY shut this >feature OFF. [elided] If confirmed, this is an absolutely unconscionable design flaw, IMHO. Anyone who has a specific comment (include URLs if possible), please mail me and put "passphrase protection" somewhere in the subject line. <"mailto:ddt at pgp.com?subject=passphrase protection"> I'll collect them, filter to our engineers where appropriate and eventually, when we have enough for a decent matrix, I'll either post a summary on our website or write up an informational RFC. dave ________________________________________________________________________ Dave Del Torto +1.415.524.6231 tel Manager, Strategic Technical Evangelism +1.415.631.0599 fax Pretty Good Privacy, Inc. http://www.pgp.com web -------------- next part -------------- A non-text attachment was scrubbed... Name: pgp00000.pgp Type: application/octet-stream Size: 324 bytes Desc: "PGP signature" URL: From ddt at pgp.com Thu Dec 19 09:07:42 1996 From: ddt at pgp.com (Dave Del Torto) Date: Thu, 19 Dec 1996 09:07:42 -0800 (PST) Subject: [PGP-USERS] Password Keystroke Snarfer Programs (passphraseprotection) In-Reply-To: <1.5.4.32.19961219082542.003d493c@popd.ix.netcom.com> Message-ID: At 12:25 am -0800 12/19/96, Bill Stewart wrote: >Several articles on the PGP-users mailing list have discussed >keystroke snarfers that unexpectedly grab and save keystrokes, >including passwords, severely weakening any benefits from encryption. [elided] >From: patm at connix.com (Pat McCotter) >>Which is why, every once in a while, I do a search of my entire disk [...] >>with Norton DiskEditor. [elided] > >Be careful - PGP goes to a lot of effort to overwrite your passphrase >when it's done using it; Norton or grep or other disk-crawlers are unlikely >to do so, because that sort of paranoia's not part of their job [elided] Indeed, and any malignant passphrase-snarfer is probably going to anticipate this counter-attack and scramble the text stream it saves invisibly so that disk sector searches will be unlikely to pop up your passphrase. We definitely need to build better defenses against this sort of thing. dave ________________________________________________________________________ Dave Del Torto +1.415.524.6231 tel Manager, Strategic Technical Evangelism +1.415.631.0599 fax Pretty Good Privacy, Inc. http://www.pgp.com web From vangelis at qnis.net Thu Dec 19 09:18:22 1996 From: vangelis at qnis.net (Vangelis) Date: Thu, 19 Dec 1996 09:18:22 -0800 (PST) Subject: Proof that "cypher punks" have complete degenerated... In-Reply-To: Message-ID: <32B97939.55C9@qnis.net> geeman at best.com wrote: > > Appending data after the ctrl-Z as stego? WHAT?! Hahahaha.. kill me now! -- Vangelis /\oo/\ Finger for public key. PGP KeyID 1024/A558B025 PGP Fingerprint AE E0 BE 68 EE 7B CF 04 02 97 02 86 F0 C7 69 25 Life is my religion, the world is my altar. From dlv at bwalk.dm.com Thu Dec 19 09:36:36 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Dec 1996 09:36:36 -0800 (PST) Subject: EFF: Bernstein court declares crypto restrictions unconstitutiona In-Reply-To: <199612190153.RAA08519@toad.com> Message-ID: I find it highly amusing how John "asshole censor" Gilmore claims credit for himself and his discredited EFF, as if they had anything to do with Patel's ruling. What a maroon. John Gilmore writes: > COURT DECLARES CRYPTO RESTRICTIONS UNCONSTITUTIONAL > Free Speech Trumps Clinton Wiretap Plan > > December 18, 1996 > > Electronic Frontier Foundation Contacts: > > Shari Steele, Staff Attorney > 301/375-8856, ssteele at eff.org > > John Gilmore, Founding Board Member > 415/221-6524, gnu at toad.com > > Cindy Cohn, McGlashan & Sarrail > 415/341-2585, cindy at mcglashan.com > > San Francisco - On Monday, Judge Marilyn Hall Patel struck down Cold War > export restrictions on the privacy technology called cryptography. Her > decision knocks out a major part of the Clinton Administration's > effort to force companies to build "wiretap-ready" computers, > set-top boxes, telephones, and consumer electronics. > > The decision is a victory for free speech, academic freedom, and the > prevention of crime. American scientists and engineers will now be > free to collaborate with their peers in the United States and in other > countries. This will enable them to build a new generation of tools > for protecting the privacy and security of communications. > > The Clinton Administration has been using the export restrictions to goad > companies into building wiretap-ready "key recovery" technology. In a > November Executive Order, President Clinton offered limited > administrative exemptions from these restrictions to companies which > agree to undermine the privacy of their customers. Federal District > Judge Patel's ruling knocks both the carrot and the stick out of > Clinton's hand, because the restrictions were unconstitutional in the > first place. > > The Cold War law and regulations at issue in the case prevented > American researchers and companies from exporting cryptographic > software and hardware. Export is normally thought of as the physical > carrying of an object across a national border. However, the > regulations define "export" to include simple publication in the U.S., > as well as discussions with foreigners inside the U.S. They also define > "software" to include printed English-language descriptions and > diagrams, as well as the traditional machine-readable object code and > human-readable source code. > > The secretive National Security Agency has built up an arcane web of > complex and confusing laws, regulations, standards, and secret > interpretations for years. These are used to force, persuade, or > confuse individuals, companies, and government departments into making > it easy for NSA to wiretap and decode all kinds of communications. > Their tendrils reach deep into the White House, into numerous Federal > agencies, and into the Congressional Intelligence Committees. In > recent years this web is unraveling in the face of increasing > visibility, vocal public disagreement with the spy agency's goals, > commercial and political pressure, and judicial scrutiny. > > Civil libertarians have long argued that encryption should be widely > deployed on the Internet and throughout society to protect privacy, > prove the authenticity of transactions, and improve computer security. > Industry has argued that the restrictions hobble them in building > secure products, both for U.S. and worldwide use, risking America's > current dominant position in computer technology. Government > officials in the FBI and NSA argue that the technology is too > dangerous to permit citizens to use it, because it provides privacy to > criminals as well as ordinary citizens. > > "We're pleased that Judge Patel understands that our national security > requires protecting our basic rights of free speech and privacy," said > John Gilmore, co-founder of the Electronic Frontier Foundation, which > backed the suit. "There's no sense in `burning the Constitution in > order to save it'. The secretive bureaucrats who have restricted these > rights for decades in the name of national security must come to a > larger understanding of how to support and preserve our democracy." > > Reactions to the decision > > "This is a positive sign in the crypto wars -- the first rational > statement concerning crypto policy to come out of any part of the > government," said Jim Bidzos, President of RSA Data Security, one of > the companies most affected by crypto policy. > > "It's nice to see that the executive branch does not get to decide > whether we have the right of free speech," said Philip Zimmermann, > Chairman of PGP, Inc. "It shows that my own common sense > interpretation of the constitution was correct five years ago when I > thought it was safe to publish my own software, PGP. If only US > Customs had seen it that way." Mr. Zimmermann is a civil libertarian > who was investigated by the government under these laws when he wrote > and gave away a program for protecting the privacy of e-mail. His > "Pretty Good Privacy" program is used by human rights activists > worldwide to protect their workers and informants from torture and > murder by their own countries' secret police. > > "Judge Patel's decision furthers our efforts to enable secure electronic > commerce," said Asim Abdullah, executive director of CommerceNet. > > Jerry Berman, Executive Director of the Center for Democracy and > Technology, a Washington-based Internet advocacy group, hailed the > victory. "The Bernstein ruling illustrates that the Administration > continues to embrace an encryption policy that is not only unwise, but > also unconstitutional. We congratulate Dan Bernstein, the Electronic > Frontier Foundation, and all of the supporters who made this victory > for free speech and privacy on the Internet possible." > > "The ability to publish is required in any vibrant academic discipline," > This ruling re-affirming our obvious academic right will help American > researchers publish without worrying," said Bruce Schneier, author of > the popular textbook _Applied Cryptography_, and a director of the > International Association for Cryptologic Research, a professional > organization of cryptographers. > > Kevin McCurley, President of the International Association for > Cryptologic Research, said, "Basic research to further the > understanding of fundamental notions in information should be welcomed > by our society. The expression of such work is closely related to one > of the fundamental values of our society, namely freedom of speech." > > Effect of the decision > > Judge Patel's decision today only legally applies to Prof. Bernstein. > Other people and companies are still technically required to follow > the export restrictions when speaking or publishing about > cryptography, or when speaking or publishing cryptographic source > code. However, the decision sends a strong signal that if the > government tried to enforce these rules against other people, the > courts are likely to strike them down again. > > Judge Patel has specifically not decided whether the export controls > on object code (the executable form of computer programs which source > code is automatically translated into) are constitutional. Existing > export controls will continue to apply to runnable software products, > such as Netscape's broswer, until another court case challenges that > part of the restrictions. > > Background on the case > > The plaintiff in the case, Daniel J. Bernstein, Research Assistant > Professor at the University of Illinois at Chicago, developed an > "encryption algorithm" (a recipe or set of instructions) that he > wanted to publish in printed journals as well as on the Internet. > Bernstein sued the government, claiming that the government's > requirements that he register as an arms dealer and seek government > permission before publication was a violation of his First Amendment > right of free speech. This is required by the Arms Export Control Act > and its implementing regulations, the International Traffic in Arms > Regulations. > > In the first phase of this litigation, the government argued that > since Bernstein's ideas were expressed, in part, in computer language > (source code), they were not protected by the First Amendment. On > April 15, 1996, Judge Patel rejected that argument and held for the > first time that computer source code is protected speech for purposes > of the First Amendment. > > Details of Monday's Decision > > Judge Patel ruled that the Arms Export Control Act is an > unconstitutional prior restraint on speech, because it requires > Bernstein to submit his ideas about cryptography to the government for > review, to register as an arms dealer, and to apply for and obtain from > the government a license to publish his ideas. Using the Pentagon > Papers case as precedent, she ruled that the government's "interest of > national security alone does not justify a prior restraint." Under the > Constitution, he is now free to publish his ideas without asking the > government's permission first. > > Judge Patel also held that the government's required licensing > procedure fails to provide adequate procedural safeguards. When the > Government acts legally to suppress protected speech, it must reduce > the chance of illegal censorship by the bureacrats involved. Her > decision states, "Because the ITAR licensing scheme fails to provide > for a time limit on the licensing decision, for prompt judicial review > and for a duty on the part of the ODTC to go to court and defend a > denial of a license, the ITAR licensing scheme as applied to Category > XIII(b) acts as an unconstitutional prior restraint in violation of the > First Amendment." > > She also ruled that the export controls restrict speech based on the > content of the speech, not for any other reason. "Category XIII(b) is > directed very specifically at applied scientific research and speech on > the topic of encryption." The Government had argued that it restricts > the speech because of its function, not its content. > > The judge also found that the ITAR is vague, because it does not > adequately define how information that is available to the public > "through fundamental research in science and engineering" is exempt > from the export restrictions. "This subsection ... does not give > people ... a reasonable opportunity to know what is prohibited." The > failure to precisely define what objects and actions are being > regulated creates confusion and a chilling effect. Bernstein has been > unable to publish his encryption algorithm for over three years. Many > other cryptographers and ordinary programmers have also been restrained > from publishing because of the vagueness of the ITAR. Brian > Behlendorf, a maintainer of the popular public domain "Apache" web > server program, stated, "No cryptographic source code was ever > distributed by the Apache project. Despite this, the Apache server > code was deemed by the NSA to violate the ITAR." Judge Patel also > adopted a narrower definition of the term "defense service" in order to > save it from unconstitutional vagueness. > > The immediate effect of this decision is that Bernstein now is free to > teach his January 13th cryptography class in his usual way. He can > post his class materials on the Internet, and discuss the upcoming > class's materials with other professors, without being held in > violation of the ITAR. "I'm very pleased," Bernstein said. "Now I > won't have to tell my students to burn their notebooks." > > > ABOUT THE ATTORNEYS > > Lead counsel on the case is Cindy Cohn of the San Mateo law firm of > McGlashan & Sarrail, who is offering her services pro bono. Major > additional pro bono legal assistance is being provided by Lee Tien of > Berkeley; M. Edward Ross of the San Francisco law firm of Steefel, > Levitt & Weiss; James Wheaton and Elizabeth Pritzker of the First > Amendment Project in Oakland; and Robert Corn-Revere of the > Washington, DC, law firm of Hogan & Hartson. > > > ABOUT THE ELECTRONIC FRONTIER FOUNDATION > > The Electronic Frontier Foundation (EFF) is a nonprofit civil > liberties organization working in the public interest to protect > privacy, free expression, and access to online resources and > information. EFF is a primary sponsor of the Bernstein case. EFF > helped to find Bernstein pro bono counsel, is a member of the > Bernstein legal team, and helped collect members of the academic > community and computer industry to support this case. > > Full text of the lawsuit and other paperwork filed in the case is > available from EFF's online archives at > > http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/Bernstein_case/ > > The full text of Monday's decision will be posted there as soon as > we scan it in. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From security at kinch.ark.com Thu Dec 19 09:50:52 1996 From: security at kinch.ark.com (Dave Kinchlea) Date: Thu, 19 Dec 1996 09:50:52 -0800 (PST) Subject: Houghton-Mifflin wants spam in exhange for publicity In-Reply-To: Message-ID: On Wed, 18 Dec 1996, Timothy C. May wrote: > > Which part was the "excellent idea," falling for the spam of a commercial > company or copying a long message and only adding the stupid "excellent > idea" comment? In defence of my sister, I do not know how she managed to add cypherpunks to her reply, I certainly didn't send it to the list, but she has used email for a total of 1 week to date -- shit happens and we all learn and make mistakes. As to your point, I disagree completely. While I am quite aware that I will get email spam because of sending a message to Houghton-Mifflin, it is worthwhile IMHO. I do believe that they will live up to their commitments and some kids will get books they otherwise wouldn't. I will/do agree that cypherpunks was an inappropriate place to send the spam to begin with. cheers, kinch From danalogi at videotron.net Thu Dec 19 10:43:30 1996 From: danalogi at videotron.net (Fred N.) Date: Thu, 19 Dec 1996 10:43:30 -0800 (PST) Subject: thread? Message-ID: <32bc8d7f.7574421@relais.videotron.net> can we read this thread as a newsgroup somehwre? or it's avaible only as remail? fred. From attila at primenet.com Thu Dec 19 10:51:01 1996 From: attila at primenet.com (attila at primenet.com) Date: Thu, 19 Dec 1996 10:51:01 -0800 (PST) Subject: Nuke the Whales! In-Reply-To: <32B96006.13B0@gte.net> Message-ID: <199612191853.LAA06104@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- blanc: you know, the last time one of them fuzzy weird colored things, you know, the kind which is always crawling around the edge of any gathering with stick signs and chanting, ...well, the other day one them things accidently crossed my sights, and my whole trigger hand went into an involuntary spasm. ...well, the judge he told me to take my medication and dismissed the charges. As I thanked the judge and reminded him of the meeting tonight, I remembered the fuzzy little thing's last words: "...Tax the Rich." ...you know, that fuzzy little thing really looked like that city slicker flatlander what up here last month --Dale or somethin' like it! I did not quite understand the significance of that, but I thought to myself: "oh, yeah, that's right: 'Nuke the Whales'." --just more words from attila == "Expecting the world to treat you fairly because you are a good person is a little like expecting the bull not to attack you because you are a vegetarian." --Dennis Wholey ------------------ original messsage ------------------------ In <32B96006.13B0 at gte.net>, on 12/19/96 at 07:32 AM, Dale Thorn said: ::blanc wrote: ::> From: Dale Thorn, who hasn't a clue ::> [on why the cpunks of late haven't discussed children's point of view]: > ::Not lately? And why is that? ::> Don't know, Dale. Would everyone please send a message to Dale, > ::explaining why you haven't been discussing this? ::If all you want to be is an asshole, why do you bother with me? ::Surely you could pick a more "respected" target, yes? ::Looks like you: ::1. Don't have anything to do, and ::2. Feel insecure, and ::3. Feel inferior to me (wonder why), and ::4. Don't have any real answers. ::> [on the possibility that abused children might be helped by the uses of > ::encryption]: How is an abused child going to be helped by encryption? ::> Why are you on this list, Dale? ::To get non-answers from ignorants like yourself, I guess. ::> [on why, as I said, "empathy with children is not borne of government, but ::> of a normal state of mind"]: ::> That's just rhetoric. What normal state of mind? ::> Takes one to know one, Dale. ::I hope you're saying that I'm not on the same wavelength as you and *certain* ::other c-punks. I feel better already. ::> [on going out to alt.philosphy.objectivism to evoke detailed discussions of ::> pertinence to his interest in benefitting from government programs]: > ::In other words, if it doesn't offer something for me, ::> the selfish adult, I don't wanna hear it. ::> I'm not *obliged* to hear, it Dale. ::Yeah, but you're obliged to partake one way or the other. ::Ya' know, you and a few other people whine a lot about government intrusion ::this or that (when you take your head out of the sand momentarily), but like ::selfish little children, you cover your ears when the news is unpleasant, ::like that's going to make a difference. ::Maybe if you got off your ass and did something worthwhile for society, ::things would really change for the better. But I won't hold my breath. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMrmOYr04kQrCC2kFAQFITAQAtPLtCDijDmgQUnmnbfr7nHs9C9u89v7G eiwddxrUiSaupIf9lqQiAt6x6jbuYE+ihTREnMXJypCiN/tPpPc72DVjEoJ3efxs 8T/jpgjPt1wyWfqFI76zxbyI7nXKCcpwVdX0eK0UniuxHb9MBRjsZxjRIc299QCI ZYNqmUbKHYQ= =LDSN -----END PGP SIGNATURE----- From camcc at abraxis.com Thu Dec 19 10:53:33 1996 From: camcc at abraxis.com (Alec) Date: Thu, 19 Dec 1996 10:53:33 -0800 (PST) Subject: Pretty Lousy Privacy Message-ID: <3.0.32.19961219135408.00695a98@smtp1.abraxis.com> At 06:19 AM 12/19/96 -0800, you wrote: :John H West wrote: :> Are Dr DVT & Ray Arachelian the same pair who relentlessly :> spammed the Net about three years ago. [snip] How soon can we expect Turkish and Armenian language modules for this beta? What is status vis-a-vis export? Thanks for the effort. Cordially, Alec PGP Fingerprint: Type bits/keyID Date User ID pub 1024/41207EE5 1996/04/08 Alec McCrackin Key fingerprint = 09 13 E1 CB B3 0C 88 D9 D7 D4 10 F0 06 7D DF 31 From sandfort at crl.com Thu Dec 19 11:40:51 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 19 Dec 1996 11:40:51 -0800 (PST) Subject: EFF: Bernstein court declares crypto restrictions unconstitutiona In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Dimi wrote: > ...John...Gilmore...What a maroon. The logicidal proto-sexual, Dimi, LIES again!!!!!!! John is sort of a pinkish off-white. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From blancw at microsoft.com Thu Dec 19 11:41:40 1996 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 19 Dec 1996 11:41:40 -0800 (PST) Subject: permanent invasion of privacy Message-ID: From: Dale Thorn Maybe if you got off your ass and did something worthwhile for society, things would really change for the better. But I won't hold my breath. ............................................................. Don't be so presumptious, Dale. I could be a secret cpunk NSA tentacleH^H^H^H^agent on the list trying to discourage people from pursuing certain ideas - like yours, for example. .. Blanc (LOL) > > From gnu at toad.com Thu Dec 19 11:57:00 1996 From: gnu at toad.com (John Gilmore) Date: Thu, 19 Dec 1996 11:57:00 -0800 (PST) Subject: Bernstein case in the White House press conference Message-ID: <199612191956.LAA27127@toad.com> "What do you mean? Of course the Emperor is wearing clothes!" John http://library.whitehouse.gov/Briefings.cgi?date=0&briefing=0 December 19, 1996 PRESS BRIEFING BY MIKE MCCURRY 1:37 P.M. EST THE WHITE HOUSE Office of the Press Secretary ______________________________________________________________ For Immediate Release December 19, 1996 PRESS BRIEFING BY MIKE MCCURRY The Briefing Room 1:37 P.M. EST MR. MCCURRY: I sit up here with no information to give, empty. Throw this thing away, this is useless. (Laughter.) I spent the whole morning running around, just like you guys do, running around trying to find somebody who knows something. And I found a whole lot of people who knew nothing. ...several pages deleted... Q Mike, the Post story on the encryption -- federal court decision on encryption software -- can you say what that does to the government's rule-making effort and its plans to -- MR. MCCURRY: I am told that folks at Justice are trying to figure that out. They're analyzing the opinion now and seeing what impact it has. The preliminary read that I've got from them is that it should not have any impact on it because of the way the case is structured and the opinion was drawn. But they're looking at it more carefully now. Q Mike, any comment on The New York Times report that the United States is cracking on war criminals in Bosnia? ....a page deleted... Q Thank you. MR. MCCURRY: Thank you, Helen. See you all tomorrow. Maybe we'll have some real news tomorrow for a change. (Laughter.) THE PRESS: Thank you. END 2:05 P.M. EST #289-12/19 From dlv at bwalk.dm.com Thu Dec 19 12:01:12 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Dec 1996 12:01:12 -0800 (PST) Subject: The virus I got... In-Reply-To: Message-ID: <3F97yD3w165w@bwalk.dm.com> "Mullen Patrick" writes: > You already had the Monkey (or whatever) virus. It was not included in the > file distributed to the list. The file was a pure Trojan, not infector. The distinction is too subtle for the jerks who call themselves "cypher punks". "I spilled coffe on my floppy disk. Is it now infected with a virus?" - Timmy May "Never use floppy disk for plate jobs if they contain sikrit data." - John Gilmore --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Thu Dec 19 12:01:56 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Dec 1996 12:01:56 -0800 (PST) Subject: EFF: Bernstein court declares crypto restrictions unconstitutiona In-Reply-To: Message-ID: Sandy Sandfort writes: > > > ...John...Gilmore...What a maroon. > > The logicidal proto-sexual, Dimi, LIES again!!!!!!! John is sort > of a pinkish off-white. Is John a real blonde? His beard looks very unnatural. Does he or doesn't he? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Thu Dec 19 12:02:01 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Dec 1996 12:02:01 -0800 (PST) Subject: permanent invasion of privacy In-Reply-To: <32B96006.13B0@gte.net> Message-ID: Dale Thorn writes: > blanc wrote: > > From: Dale Thorn, who hasn't a clue > > [on why the cpunks of late haven't discussed children's point of view]: > > Not lately? And why is that? > > > Don't know, Dale. Would everyone please send a message to Dale, > > explaining why you haven't been discussing this? > > If all you want to be is an asshole, why do you bother with me? > Surely you could pick a more "respected" target, yes? > Looks like you: > 1. Don't have anything to do, and > 2. Feel insecure, and > 3. Feel inferior to me (wonder why), and > 4. Don't have any real answers. Yes, Blanc is a typical ignorant "cypher punk". What a maroon. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Thu Dec 19 12:03:01 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Dec 1996 12:03:01 -0800 (PST) Subject: Encryption ? In-Reply-To: <32B960E3.1E2E@gte.net> Message-ID: <0587yD1w165w@bwalk.dm.com> Dale Thorn writes: > SHARK wrote: > > > > I am a Mathematic student at Bosphorus University in Turkey. > > I am interested in both computer applications and mathematical base of > > encryption.Where can I find this kind of staff on internet. > > Is it necessary to have high level of mathematical background in order to > > deal with encryption?? > > > > By the way Is there any member of this list from Turkey? > > There are a lot of NSA people here on cypherpunks, and they try very > hard to control encryption, to make everyone think it is difficult, to > discourage independent inquiry. > > That is the main reason they accuse people of being snakeoil vendors, > to discourage people from inquiring about really new ideas, like some > of my ideas for example. There's also at least one hate-crazed Armenian who wants to suppress all discussions of the genocide of 2,500,000 Turks, Kurds, and Sephardic Jews by his bloodthirsty compatriots. As for the hoodlums like Paul Bradley, who attack the crypto discussions on this list, I'm sure he's too stupid to work for the NSA. He's just an idiot. I used to work with one Armenian guy who used to work for the NSA and couldn't get crypto clearance because he was Armenian - that's right, because he had relatives back there. So he quit and went into business for himself. His wife was also Armenian, but she was able to work for the NSA for many years. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From ph at netcom.com Thu Dec 19 12:08:25 1996 From: ph at netcom.com (Peter Hendrickson) Date: Thu, 19 Dec 1996 12:08:25 -0800 (PST) Subject: Executing Encrypted Code Message-ID: At the last meeting references were made to processors which only execute encrypted code. Decryption occurs on chip. If each chip has a unique public/secret key pair, and executes authenticated code only, there are some interesting implications. Software piracy becomes difficult, if not impossible. Code is sold on a processor by processor basis. Code for a different physical processor cannot be decrypted or executed. Even if it is feasible to determine the secret key stored on the chip, software piracy is still hard because it is not possible to execute the code on another chip without authenticating it. One could execute the code on another architecture entirely using an emulator, but there would be a performance price paid. It wouldn't be worth the trouble for most software. The manufacturer of the encrypted-code processor would protect its instruction set using intellectual property law. Given the high price of a fab, it is entirely feasible to stop anybody from building a new architecture which can execute the code about as fast as the encrypting-code processor. Viruses are not feasible if the authentication is strong. Retrieval of the secret key is quite difficult. Since the results of the decryption never leave the chip, the recent attacks against smart cards do not work. (In the case of an error, the authentication fails and the code does not execute. No information has to leave the chip.) I would be interested to hear comments and corrections. Peter Hendrickson ph at netcom.com From ph at netcom.com Thu Dec 19 12:08:33 1996 From: ph at netcom.com (Peter Hendrickson) Date: Thu, 19 Dec 1996 12:08:33 -0800 (PST) Subject: Code+Data separation Message-ID: Allowing code and data to reside in the same areas of memory is a nice convenience, but it makes security harder to implement because it means code is modifiable and data can be created which just happens to do bad things if it is executed. Are there any modern processors which keep the code and data separated? Peter Hendrickson ph at netcom.com From dlv at bwalk.dm.com Thu Dec 19 12:10:41 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Dec 1996 12:10:41 -0800 (PST) Subject: "Cypher punks'" sexual preferences Message-ID: > Bruce Schneier writes: > > > John Gilmore just called me. > > Is Bruce gay? Bruce has a very strange look in his eyes. Perhaps he never has sex with anyone. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Thu Dec 19 12:29:35 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Dec 1996 12:29:35 -0800 (PST) Subject: We won the Bernstein case. In-Reply-To: Message-ID: Simon Spero writes: > On Wed, 18 Dec 1996, Bruce Schneier wrote: > > > John Gilmore just called me. There should be info on it on the EFF website > > real soon now. > > shehechianu vekiyemanu hevigianu lazman hazeh... No wonder Jewhater Timmy May (fart) is rapidly approaching apoplexy! Omeyn. There probably will be an orgy at the NYC punks meeting tonight, which I'm not going to attend, not being a queer "cypher punk". > So does this mean that anything can be exported as long as it's in source > code, or is object code covered as well? Try to find Judge Patel's district on the map. Hint: North California is covered, North Carolina (and North Dakota) ain't. > Simon > > --- > Queen's Own Cypherpunk Regiment / 82nd Chairborne - Gilmour's Irregulars Pathetic queens indeed. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From andrew_loewenstern at il.us.swissbank.com Thu Dec 19 12:57:08 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Thu, 19 Dec 1996 12:57:08 -0800 (PST) Subject: controlling web "cookies" In-Reply-To: <199612192013.PAA27064@homeport.org> Message-ID: <9612192102.AA00691@ch1d157nwk> [note, I have rerouted this thread from coderpunks to cypherpunks where it is more appropriate...] Adam Shostack writes: > Posting hacks like this, while fun, tells the bad guys > (in Washington) how we're going to bypass their next > bits of nonsense. > A number of cute hacks posted to cypherpunks after > Clipper II were defended against in Clipper III. So > don't post your cute hacks against systems until they're ok'd > by the government or deployed. Part of the reason past Clipper schemes haven't been deployed is because they had been shown not to work! I say if there are weak spots, keep punching holes in them. While Washington is spinning around trying to come up with a new-and-improved version, keep deploying good strong crypto and working the free-speech/civil-liberties angle in the courts. By the GAKers come up with a workable solution (which is probably impossible given the politics involved in global-GAK) it will be too late. andrew From mab at research.att.com Thu Dec 19 13:07:53 1996 From: mab at research.att.com (Matt Blaze) Date: Thu, 19 Dec 1996 13:07:53 -0800 (PST) Subject: "Cryptography Policy and the Information Economy" draft available Message-ID: <199612192111.QAA16788@nsa.research.att.com> I've got a new draft available of my critique of US cryptography policy and its impact on the future of the "information economy". It summarizes comments I made to a recent meeting of the Computer and Communications Industry Association, and is an updated version of testimony I gave to the Senate commerce committee earlier this year. Postscript is at ftp://ftp.research.att.com/dist/mab/policy.ps ASCII text is at ftp://ftp.research.att.com/dist/mab/policy.txt -matt From gnu at toad.com Thu Dec 19 13:12:54 1996 From: gnu at toad.com (John Gilmore) Date: Thu, 19 Dec 1996 13:12:54 -0800 (PST) Subject: Bernstein (export laws unconstitutional) decision update Message-ID: <199612192112.NAA28059@toad.com> The full text of the decision is available at: http:/www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/Legal/961206.decision It's still full of scannos, but we wanted to get it out to you-all ASAP. After further consultations with the attorneys, we are not sure whether the decision has nationwide impact or whether it is limited to the Northern District of California (which includes SF and Silicon Valley). Your Mileage May Vary -- check with your lawyer. I hear from reporters that the Administration plans to announce its reaction to the case this evening. John From isptv at access.digex.net Thu Dec 19 13:18:15 1996 From: isptv at access.digex.net (ISP-TV Main Contact) Date: Thu, 19 Dec 1996 13:18:15 -0800 (PST) Subject: Phil Zimmermann interviewed by Brock Meeks on ISP-TV Message-ID: <199612192127.QAA06360@access4.digex.net> *** ISP-TV Program Announcement: MEEKS UNFILTERED WITH PHIL ZIMMERMANN DECEMBER 25, 1996 Few men have influenced the face of public cryptography in this decade as much as Phil Zimmermann, creator of the PGP encryption software program and Chairman of the Board and Chief Technical Officer of the Pretty Good Privacy corporation. Public cryptography, however, is more than just clever software. It has become a battleground for individual privacy and the role of the government in having access to private communications. For three years, Zimmermann was the target of a criminal investigation by the US Customs Service, who assumed that United States munitions export laws were broken when PGP spread outside the US. The investigation was finally closed in January 1996, without any charges being filed. Far from being silenced, Zimmermann is now a respected voice for Netziens and privacy advocates, frequently called upon by the media and Congress for his views. Please join ISP-TV and "Meeks Unfiltered" on December 25, 1996, at 8 PM ET for a 30 minute interview between Brock N. Meeks, publisher of CyberWire Dispatch, and Phil Zimmermann. We'd like to call it our Christmas gift to the Net. This video interview can be viewed on the ISP-TV main CU-SeeMe reflector at IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at http://www.digex.net/isptv/members.html See URL http://www.digex.net/isptv for more information about the ISP-TV Network. To obtain Enhanced CU-SeeMe software, go to: http://goliath.wpine.com/cudownload.htm From azur at netcom.com Thu Dec 19 13:20:10 1996 From: azur at netcom.com (Steve Schear) Date: Thu, 19 Dec 1996 13:20:10 -0800 (PST) Subject: Code+Data separation Message-ID: >Allowing code and data to reside in the same areas of memory is >a nice convenience, but it makes security harder to implement >because it means code is modifiable and data can be created which >just happens to do bad things if it is executed. > >Are there any modern processors which keep the code and data separated? > >Peter Hendrickson >ph at netcom.com I believe those that follow a Harvard architecture do this. -- Steve From dlv at bwalk.dm.com Thu Dec 19 13:22:46 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Dec 1996 13:22:46 -0800 (PST) Subject: EFF: Bernstein court declares crypto restrictions unconstitutiona In-Reply-To: Message-ID: <62B8yD8w165w@bwalk.dm.com> jai at mantra.com (Dr. Jai Maharaj) writes: > On Thu, 19 Dec 96 11:37:58 EST, > in message , > dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) wrote: > > I find it highly amusing how John "asshole censor" > > Gilmore claims credit for himself and his discredited > > EFF, as if they had anything to do with Patel's > > ruling. > > What a maroon. > > John Gilmore writes: > > > >> COURT DECLARES CRYPTO RESTRICTIONS UNCONSTITUTIONAL > >> Free Speech Trumps Clinton Wiretap Plan > >> [...] > > Trying to steal glory from freedom martyr Zimmerman, I > see. The EFF were kicked out of, or their operation > severely reduced on CompuServe, was it not a few years > ago? The EFF lost whatever little credibility is had left when John "asshole censor" Gilmore (spit) admitted to content-based plug-pulling. What a jerk. P.S. I wonder if Bon Giovanni is an EFF supporter. He sounds like one - clueless and untruthful jerk, seeking to silence his mental superiors... --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From zerofaith at mail.geocities.com Thu Dec 19 14:01:40 1996 From: zerofaith at mail.geocities.com (Psionic Damage) Date: Thu, 19 Dec 1996 14:01:40 -0800 (PST) Subject: Mr. throw@yourself.up Message-ID: <199612192201.OAA13662@geocities.com> Try Pingin' his ass! Teach him a lesson. At 06:39 AM 12/19/96 -0500, you wrote: > > > > >
>Postage paid by:
> > > > >-----BEGIN PGP SIGNED MESSAGE----- > >He's some little turd at telnor.net. Probably >rex at telnor.net > Throw ftp://ftp.telnor.net/pub/firewall/downloaders.HTM >into your favorite browser. The ftp server is world writable too. > Fuckin' IRC scum. > Oh yeah. > Merry Christmas. > > >jamie >- ------------------------------------------------------------------------------ >jamie at comet.net | Comet.Net | Send empty message > | Charlottesville, Va. | to pgpkey at comet.net > | (804)295-2407 | for pgp public key. > | http://www.comet.net | >"When buying and selling are controlled by legislation, the first things >to be bought and sold are legislators" -P.J. O'Rourke. >- ------------------------------------------------------------------------------ > >-----BEGIN PGP SIGNATURE----- >Version: 2.6.2 > >iQEVAwUBMrkpX/MDfTuunU79AQEeogf+Lq4bmq3klEUXHyMAozReqBJgX55AshYs >SKh+dZUSEd4kXGM2zDbApLyO8htzxVlpMfcql8ra//9S55OqIOrI3EaVlm3MJ1jt >q0oBLM93SNPUmExVAiR38LEybPi7m8qWpfPj6xQUrt20Jlh3FG1aZJJW0JxW1vHP >QwsZCbp2QKifCYA+ej404HdsVjfPoC/IyTcZ/QTi5BOcXMLRbjkfLb3XuVjPfuiE >5wrqqVnXmQpGOp9Pd1yUHvGUYcxKIRBqx23IwaxcIpfONtWsDfTlZixLGZNVOjc8 >SJmbOukE+KeOSJRElwrJFuWVTB+qtTyif9qksopmuj6vsCQpbrQ94g== >=aDfS >-----END PGP SIGNATURE----- > > pSIONIC dAMAGE Zer0 Faith Inc. www.geocities.com/SiliconValley/Heights/2608 H/P/A/V/C ANTIVIRUS/COUNTERSECURITY "ONLY THE ELITE SURVIVE!" From rod at wired.com Thu Dec 19 15:11:08 1996 From: rod at wired.com (Roderick Simpson) Date: Thu, 19 Dec 1996 15:11:08 -0800 (PST) Subject: Ban spam outright? Message-ID: There is an interesting debate going on between Jamie Love and Scott Hazen Mueller over how to deal with the problem of email spam (does this constitute as one?) in Brain Tennis right now. Mueller would like to get rid of spam outright, while Love's organization is on the verge of recommending spam labeling legislation to the US Congress. Go to www.braintennis.com to take a look. Also, drop in to the open discussion area: http://www.braintennis.com/cgi-bin/interact/replies_all?msg.33709 Best, Rod R o d e r i c k S i m p s o n rod at wired.com A s s o c i a t e P r o d u c e r T h e H o t W i r e d N e t w o r k www.braintennis.com www.wiredsource.com From dagmar at edge.net Thu Dec 19 16:26:37 1996 From: dagmar at edge.net (Dagmar the Surreal) Date: Thu, 19 Dec 1996 16:26:37 -0800 (PST) Subject: Ahem... 'virus'? Message-ID: <3.0.32.19961219181215.006d68a8@edge.net> Let's get a few things straight here before we go any further... I field enough calls from the clooless at work trying to warn me about getting the 'Good Times Virus' in my email without having to worry about yet another meme floating around about email virii. 1. Can anyone show that the .com file replicates? It MUST reproduce itself to be called a virus last time I checked. It looks like a trojan horse to me. 2. How many of you people are using Microsloth Internet Mail? It was mentioned a LONG time ago (I think here, in fact) that there was a major mental lapse on the part of the programmers when designing it because single-clicking a piece of mail will view it, while DOUBLE-CLICKING the mail will execute it (and any attached files!). Most people double-click EVERYTHING in Windoze, and this is why it nailed so many people. I'm surprised I hadn't seen this done sooner. If you think it only got a few of the M$IM users, think again. I'll bet there's a LOT of them out there who are 'suffering in silence' because their computer is completely kaput, or sitting in a shop waiting for someone like me to wipe the hard drive and reinstall everything. Please, if there's going to be another damn meme about email virii, let it NOT be from a list I consider to be at least a LITTLE more enlightened than the hordes of AOL (l)users out there. ---------- Dagmar the Surreal (not actual size) "The Internet is Full. Go Away." -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzK50XQAAAEEAMoJsT9Rwbd28VUGhag2fOl+QrTnltqHrN2/7CBMy6kcnaba 8j3HIsNY6NzE/62iV67n6uCTlt6r3/ZosZL4RXYerH06bDOAfWZ6AYn6d0OO+vgi sghnFXiUfknU0h7A88R7z4uRRpZNkU0NXL/svZjrL+cOiMRnQUAqcwqI8ynFAAUR tCREYWdtYXIgdGhlIFN1cnJlYWwgPGRhZ21hckBlZGdlLm5ldD4= =34r7 -----END PGP PUBLIC KEY BLOCK----- From root at ace.cnl.com.au Thu Dec 19 16:35:30 1996 From: root at ace.cnl.com.au (System Administrator) Date: Thu, 19 Dec 1996 16:35:30 -0800 (PST) Subject: EFF: Bernstein court declares crypto restrictions unconstitutiona Message-ID: From jed at poisson.com Thu Dec 19 16:37:43 1996 From: jed at poisson.com (Jason Durbin) Date: Thu, 19 Dec 1996 16:37:43 -0800 (PST) Subject: "I've Always Wondered..." Message-ID: <3.0.1.32.19961219164104.0068de98@best.com> Dimitri Vulis KOTM (dlv at bwalk.dm.com) Thu, 19 Dec 96 09:50:27 EST wrote: Rabid Wombat writes: > On 10 Dec 1996, Secret Squirrel wrote: > > > Still, this brings up an interesting point: Considering the special > > > abilities of many of the principals here, is there something especially > > > tasty in store for those net predators who spam this list? > > > I've always imagined something _very_ special happens to their accounts, > > > but I may just be a hopeless romantic, I dunno... > > > If not, why not? > > Even c'punks are busy at times. > He he he. Clearly, "cypher punks" like Paul Bradley, Ray Arachalian, and > Timmy May suffer from too having too much free time. Idle minds are the > root of sexual perversion or some such. Regulars of the Cypherpunk mailing list would be well advised to pay no attention to Dimitri Vulis who is in the latter stages of dementia caused by the syphillus he contracted from his wife Marina. How sad. Of course, in his rare lucid moment, he lies just for fun. So, enjoy. :) jd From SChanyi at Rogers.Wave.ca Thu Dec 19 17:26:45 1996 From: SChanyi at Rogers.Wave.ca (Steven Chanyi) Date: Thu, 19 Dec 1996 17:26:45 -0800 (PST) Subject: Ahem... 'virus'? In-Reply-To: <3.0.32.19961219181215.006d68a8@edge.net> Message-ID: <199612200135.RAA09574@aphex.direct.ca> > Date: Thu, 19 Dec 1996 18:33:23 -0600 > To: cypherpunks at toad.com > From: Dagmar the Surreal > Subject: Ahem... 'virus'? > Let's get a few things straight here before we go any further... I field > enough calls from the clooless at work trying to warn me about getting... And you call them clueless?! One thing to keep in mind... the ignorant are usually aware of their ignorance, the stupid, well... >... 2. How many of you people are using Microsloth Internet Mail? It was > mentioned a LONG time ago (I think here, in fact) that there was a major > mental lapse on the part of the programmers when designing it because > single-clicking a piece of mail will view it, while DOUBLE-CLICKING the > mail will execute it (and any attached files!).... And just like the clueless ones who fall for "Good Times" memos, you've fallen for some misinformation yourself. Single clicks in MS Internet Mail allow you to view the contents in the preview window - without opening or executing any attachments, while double clicking opens the message in it's own window - again without opening or executing any attachments. Try it a couple of times and you'll see for yourself. Just because you "heard it on the internet" does not make it fact! >... their computer is completely kaput, or sitting in a shop waiting for > someone like me to wipe the hard drive and reinstall everything... What an absolutely horrifying thought!! > Dagmar the Surreal (not actual size) > "The Internet is Full. Go Away." To the former I suggest you change surreal to unreal, and as for the latter - you might consider taking your own advice. Steven :-) From root at bushing.plastic.crosslink.net Thu Dec 19 18:14:54 1996 From: root at bushing.plastic.crosslink.net (Ben Byer) Date: Thu, 19 Dec 1996 18:14:54 -0800 (PST) Subject: Executing Encrypted Code In-Reply-To: Message-ID: <199612200218.VAA00383@bushing.plastic.crosslink.net> -----BEGIN PGP SIGNED MESSAGE----- > > At the last meeting references were made to processors which only > execute encrypted code. Decryption occurs on chip. > > If each chip has a unique public/secret key pair, and executes > authenticated code only, there are some interesting implications. Let's see... What about this scenario: Alice gets a contraband copy of PGP 4.0 off the Internet. Since the public-key algorithm is publicized so that people can encrypt software to a chip, PGP 4.0 has the ability to encode/decode/generate keys for the chip. Alice generates a public key/private key pair 0x12345678, in software. Alice goes to www.microsoft.com and orders Office '99 online, and tells Microsoft "Hi, my name is Alice, my credit card number is 31426436136778 and my PGPentium's public key is 0x12345678." Microsoft unwittingly sends Alice a copy encrypted to 0x12345678, for which she has the private key to. Alice decrypts Office '99, and reencrypts it with public key of her PGPentium, as well as the keys f all her friends. Does the authentication defeat this? Our computers would only run software from Microsoft? Scary. - -- Ben Byer root at bushing.plastic.crosslink.net I am not a bushing -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMrn3V7D5/Q37XXHFAQFuVAMAg90hbta98fduPUdvneYYbfZe4v+9fsmc rSyYYStamC/mX8Mr2BRJVtNlOoWLkALhfPcnF0tKL5cVBTgufVlZRyJBc5KypkeZ q/hyIupaA4aETwALBlEdZ+3k1eOKiE6L =nGsN -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Thu Dec 19 18:25:06 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Dec 1996 18:25:06 -0800 (PST) Subject: Houghton-Mifflin wants spam in exhange for publicity In-Reply-To: Message-ID: <1kR8yD10w165w@bwalk.dm.com> Dave Kinchlea writes: > In defence of my sister, I do not know how she managed to add > cypherpunks to her reply, I certainly didn't send it to the list, but > she has used email for a total of 1 week to date -- shit happens and we > all learn and make mistakes. You've been porking your own sister? Man, you're SICK. > I will/do agree that cypherpunks was an inappropriate place to send the > spam to begin with. How about some GIFs? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From cme at cybercash.com Thu Dec 19 18:34:32 1996 From: cme at cybercash.com (Carl Ellison) Date: Thu, 19 Dec 1996 18:34:32 -0800 (PST) Subject: "Cryptography Policy and the Information Economy" draft available Message-ID: <3.0.32.19961219214823.00a62160@cybercash.com> -----BEGIN PGP SIGNED MESSAGE----- At 04:11 PM 12/19/96 -0500, Matt Blaze wrote: >I've got a new draft available of my critique of US cryptography >policy and its impact on the future of the "information economy". >It summarizes comments I made to a recent meeting of the Computer >and Communications Industry Association, and is an updated version >of testimony I gave to the Senate commerce committee earlier this >year. > >Postscript is at ftp://ftp.research.att.com/dist/mab/policy.ps >ASCII text is at ftp://ftp.research.att.com/dist/mab/policy.txt Matt, I liked your draft except for one thing. You never mentioned that the government has never established a legal right to access the cleartext of an encrypted communication or file. Perhaps the most severe flaw in the GAK proposals is that I as a citizen wish to attempt to keep secrets from the government and to force them to take me to court to get a judge to demand that I release those secrets -=- while their proposals are trying to prevent me from even attempting such. - Carl -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMrn+WlQXJENzYr45AQFrFgQAp2jfB3EOLJoOKHIpTne7D4cwL1KzPcRg VoELRWDGS1RkgK5cSgLl9ASWZ7TdcMRiQUbDPMoffMi3UWlfIpomdsHq+E4HE/U+ 6CS+cpUfw/eSwBYkotCfETMAHymknu/o06QYfBX0TQsN/2XOC52xXEd9Nb/8xjUW c4RETw8Os8A= =nkcy -----END PGP SIGNATURE----- +------------------------------------------------------------------+ |Carl M. Ellison cme at cybercash.com http://www.clark.net/pub/cme | |CyberCash, Inc. http://www.cybercash.com/ | |207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 | |Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 | +------------------------------------------------------------------+ From vangelis at qnis.net Thu Dec 19 18:58:39 1996 From: vangelis at qnis.net (Vangelis) Date: Thu, 19 Dec 1996 18:58:39 -0800 (PST) Subject: Code+Data separation In-Reply-To: Message-ID: <32B9F4F9.7174@qnis.net> Peter Hendrickson wrote: > Are there any modern processors which keep the code and data separated? I dunno about processors which make that distinction, but it can be done in software using page-protection features of the Intel CPU. Under DPMI for DOS and I would think somehow under Windows, the DATA segment can be specified as loading into a seperate page/selector from the code (Im a little hazy on the specifics), and that page then marked essentially as "read only". I think this was designed to make software more crash-resistant though, not hack-resistance. There's probably many ways to circumvent this (explicity changing the access to that page, tricking the VMM into swapping that page out to disk, then editting the swap file while it's out there, etc). -- Vangelis /\oo/\ Finger for public key. PGP KeyID 1024/A558B025 PGP Fingerprint AE E0 BE 68 EE 7B CF 04 02 97 02 86 F0 C7 69 25 Life is my religion, the world is my altar. From ph at netcom.com Thu Dec 19 19:15:07 1996 From: ph at netcom.com (Peter Hendrickson) Date: Thu, 19 Dec 1996 19:15:07 -0800 (PST) Subject: Executing Encrypted Code Message-ID: At 9:18 PM 12/19/1996, Ben Byer wrote: >> At the last meeting references were made to processors which only >> execute encrypted code. Decryption occurs on chip. >> >> If each chip has a unique public/secret key pair, and executes >> authenticated code only, there are some interesting implications. > Let's see... What about this scenario: > Alice gets a contraband copy of PGP 4.0 off the Internet. Since the > public-key algorithm is publicized so that people can encrypt software > to a chip, PGP 4.0 has the ability to encode/decode/generate keys for > the chip. Alice generates a public key/private key pair 0x12345678, > in software. Alice goes to www.microsoft.com and orders Office '99 > online, and tells Microsoft "Hi, my name is Alice, my credit card > number is 31426436136778 and my PGPentium's public key is 0x12345678." > Microsoft unwittingly sends Alice a copy encrypted to 0x12345678, for > which she has the private key to. Alice decrypts Office '99, and > reencrypts it with public key of her PGPentium, as well as the keys f > all her friends. The software vendor would be wise to check that the public key was legal. It would be a simple matter for the manufacturer to publicize all public keys that had been installed on chips. > Does the authentication defeat this? I'm sort of waving my hands around when I say "authentication". One approach is for the manufacturer to authenticate software submitted by approved vendors. The vendors are then tasked with encrypting it for the correct processor. > Our computers would only run software from Microsoft? Scary. There are all sorts of nifty deals that could be made. Microsoft could commission a special run of the processors which only run Microsoft approved software. Machines using these processors could be given away or sold at a steep discount. You could also timestamp the software so that it only runs for a given length of time. This will encourage people to upgrade regularly. ;-) The processors could also support metering. The processor could support some sort of API for the software to tell it how many computrons had been used and stop it from running after they run out. This means that light users or evaluators of software pay relatively low prices while heavy users pay high prices. This is a great deal for all concerned. Right now software vendors try to do this with clever deals, but it's crude at best. Peter Hendrickson ph at netcom.com From allyn at allyn.com Thu Dec 19 19:32:32 1996 From: allyn at allyn.com (Mark Allyn 206-860-9454) Date: Thu, 19 Dec 1996 19:32:32 -0800 (PST) Subject: "Cypher punks'" sexual preferences In-Reply-To: Message-ID: <199612200356.TAA25114@mark.allyn.com> I am gay. From stewarts at ix.netcom.com Thu Dec 19 19:46:34 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 19 Dec 1996 19:46:34 -0800 (PST) Subject: Credentials without Identity--Race Bits Message-ID: <1.5.4.32.19961220040241.003a6284@popd.ix.netcom.com> At 12:38 PM 12/11/96 -0800, "Timothy C. May" wrote: >Consider a "race credential" offered by some entity. .. >(Why some groups might want this is left as an exercise for the reader. >Perhaps a less-inflammatory example (to some of the sensitive amongst you) >might be that some women want to interact in "women only" forums--a clear >case of discrimination, no?--and may want a "gender bit" avaiable to >display as a credential.) I've already tried to subscribe to a forum (at the liberal Utne reader!) where I was rejected because they currently had more subscribers who identified themselves as "male" than as "female", and they wanted to maintain a balance. And certainly "US Citizens Only" sites are common - nationalism is just as ugly and stupid as racism, and far more likely to be enforced with ID requirements; I've heard that in less civilized parts of the world you're actually required to carry government-issued ID cards to walk down the street or fly on airplanes. Another problem is that "nationalist credentials" made hide other data, such as a race bit, a Jewish bit, a don't-ask-out-loud-don't-tell bit, a suspected-Commie bit, a check-FBI-files-first bit, etc. The subliminal channels in DSS are the best known method for doing this, but it's probably possible to do something similar even using blind signatures, especially if there are multiple keys or timestamp fields. For example, they could use different signature keys that are supposedly just "signed at the New York/LA/Langley/Holtsville/SF/DC office" or "signed 4/1/97 4:20pm". # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list, please Cc: me on replies. Thanks.) From tcmay at got.net Thu Dec 19 20:05:40 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 19 Dec 1996 20:05:40 -0800 (PST) Subject: Executing Encrypted Code In-Reply-To: Message-ID: At 7:34 PM -0800 12/19/96, Peter Hendrickson wrote: >You could also timestamp the software so that it only runs for a given >length of time. This will encourage people to upgrade regularly. ;-) Or to reset their clocks. Which is what many of us do when software is about to "expire." (The issue of enforcing "digital time delays" is an interesting one. Usually this necessitates some variant of "beacons," presumably on the Net, as the local clock can of course not be trusted or counted upon to be accurate. I wrote a couple of articles on this several years ago...I'll see if I can find them if there's interest.) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dlv at bwalk.dm.com Thu Dec 19 20:10:36 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 19 Dec 1996 20:10:36 -0800 (PST) Subject: "Cypher punks'" sexual preferences In-Reply-To: <199612200356.TAA25114@mark.allyn.com> Message-ID: Mark Allyn 206-860-9454 writes: > I am gay. Mazal Tov. So are John Gilmore and Jason Durbin. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From root at bushing.plastic.crosslink.net Thu Dec 19 20:12:38 1996 From: root at bushing.plastic.crosslink.net (Ben Byer) Date: Thu, 19 Dec 1996 20:12:38 -0800 (PST) Subject: Executing Encrypted Code In-Reply-To: Message-ID: <199612200416.XAA00687@bushing.plastic.crosslink.net> -----BEGIN PGP SIGNED MESSAGE----- > > At 9:18 PM 12/19/1996, Ben Byer wrote: > >> At the last meeting references were made to processors which only > >> execute encrypted code. Decryption occurs on chip. > >> > >> If each chip has a unique public/secret key pair, and executes > >> authenticated code only, there are some interesting implications. > > > Let's see... What about this scenario: > > > Alice gets a contraband copy of PGP 4.0 off the Internet. Since the > > public-key algorithm is publicized so that people can encrypt software > > to a chip, PGP 4.0 has the ability to encode/decode/generate keys for > > the chip. Alice generates a public key/private key pair 0x12345678, > > in software. Alice goes to www.microsoft.com and orders Office '99 > > online, and tells Microsoft "Hi, my name is Alice, my credit card > > number is 31426436136778 and my PGPentium's public key is 0x12345678." > > > Microsoft unwittingly sends Alice a copy encrypted to 0x12345678, for > > which she has the private key to. Alice decrypts Office '99, and > > reencrypts it with public key of her PGPentium, as well as the keys f > > all her friends. > > The software vendor would be wise to check that the public key was > legal. It would be a simple matter for the manufacturer to publicize > all public keys that had been installed on chips. The manufacturer is going to publish a list of ALL of the public keys? We're talking one key per chip, right? Isn't that an AWFUL lot of keys, like, in the millions range? Also... with a few million possible keys like this, all you need to do is to either guess or factor just one of them. > > Does the authentication defeat this? > > I'm sort of waving my hands around when I say "authentication". > > One approach is for the manufacturer to authenticate software submitted > by approved vendors. The vendors are then tasked with encrypting it > for the correct processor. I'm not sure the "approved" bit would go over too well... one idea would be to license the compiler writers, who would build the encryption into compilers. It's still not horribly great, but better. > > Our computers would only run software from Microsoft? Scary. > > There are all sorts of nifty deals that could be made. Microsoft > could commission a special run of the processors which only run > Microsoft approved software. Machines using these processors could > be given away or sold at a steep discount. Right; the only reason I could see people using this would be for economical reasons. > You could also timestamp the software so that it only runs for a given > length of time. This will encourage people to upgrade regularly. ;-) > The processors could also support metering. Right; once the user loses control of what he's running, then you can pretty much do anything you want as far as metering goes. ObGAK question: Would this be exportable? I mean, you could be encrypting god knows WHAT into those .exe's... Key escrow? How would they get the key?!? I can see the headlines, "Key Escrow Database Leaked to Pirate Firm"... :) - -- Ben Byer root at bushing.plastic.crosslink.net I am not a bushing -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMroTE7D5/Q37XXHFAQG6sgL8DnusDI/jqV3sn9U5ru2hhJPFxP1dZVpZ ohmJYteQdraD5/YfmvYNHFfslULB47Spx6ZTpT+xw512iMWJfyW5sN6NtejL6+CM 2BoX0SaRGxZrfVeRFAZAXMVx3/ak1LDk =HZOI -----END PGP SIGNATURE----- From ph at netcom.com Thu Dec 19 20:49:04 1996 From: ph at netcom.com (Peter Hendrickson) Date: Thu, 19 Dec 1996 20:49:04 -0800 (PST) Subject: Executing Encrypted Code Message-ID: At 8:31 PM 12/19/1996, Timothy C. May wrote: >At 7:34 PM -0800 12/19/96, Peter Hendrickson wrote: >> You could also timestamp the software so that it only runs for a given >> length of time. This will encourage people to upgrade regularly. ;-) > Or to reset their clocks. Which is what many of us do when software is > about to "expire." You are right that this only works in instances where the customer just needs a little prodding to get the upgrade and not in instances where the customer might put up with significant inconvenience to avoid it. However, why not use "beacons"? The clock could have a built-in timer that needs to be reset once a month from an authenticated source. This assumes the presence of net connectivity, but that's not a terrible assumption. Peter Hendrickson ph at netcom.com From tcmay at got.net Thu Dec 19 20:54:22 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 19 Dec 1996 20:54:22 -0800 (PST) Subject: Executing Encrypted Code In-Reply-To: Message-ID: At 9:08 PM -0800 12/19/96, Peter Hendrickson wrote: >At 8:31 PM 12/19/1996, Timothy C. May wrote: >>At 7:34 PM -0800 12/19/96, Peter Hendrickson wrote: >>> You could also timestamp the software so that it only runs for a given >>> length of time. This will encourage people to upgrade regularly. ;-) > >> Or to reset their clocks. Which is what many of us do when software is >> about to "expire." > >You are right that this only works in instances where the customer just >needs a little prodding to get the upgrade and not in instances where >the customer might put up with significant inconvenience to avoid it. > >However, why not use "beacons"? The clock could have a built-in timer >that needs to be reset once a month from an authenticated source. This >assumes the presence of net connectivity, but that's not a terrible >assumption. I mentioned "beacons" in the portion of my message you did not quote here. As for why they are not being used, they don't exist. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ph at netcom.com Thu Dec 19 21:13:07 1996 From: ph at netcom.com (Peter Hendrickson) Date: Thu, 19 Dec 1996 21:13:07 -0800 (PST) Subject: Executing Encrypted Code Message-ID: At 11:16 PM 12/19/1996, Ben Byer wrote: > The manufacturer is going to publish a list of ALL of the public keys? > We're talking one key per chip, right? Isn't that an AWFUL lot of > keys, like, in the millions range? Let's say each key is 2048 bits and there are 10 million processors. That's only 2.38 gigabytes, or under $1000. Easy enough to put on the Web or on a set of CD-ROMs. > Also... with a few million possible keys like this, all you need to do > is to either guess or factor just one of them. Yes, my working assumption is that factoring is very hard. >>> Does the authentication defeat this? >> I'm sort of waving my hands around when I say "authentication". >> One approach is for the manufacturer to authenticate software submitted >> by approved vendors. The vendors are then tasked with encrypting it >> for the correct processor. > I'm not sure the "approved" bit would go over too well... one idea > would be to license the compiler writers, who would build the > encryption into compilers. It's still not horribly great, but > better. You have to have the "approved" message so that you don't get viruses and to thwart piracy in case anybody did manage to get the secret key out of the chip. How well it goes over depends entirely on how much you pay for the software. >>> Our computers would only run software from Microsoft? Scary. >> There are all sorts of nifty deals that could be made. Microsoft >> could commission a special run of the processors which only run >> Microsoft approved software. Machines using these processors could >> be given away or sold at a steep discount. > Right; the only reason I could see people using this would be for > economical reasons. And one would expect piracy-proof software to be very inexpensive. Most people who pay for software have little sympathy for those who don't. >> You could also timestamp the software so that it only runs for a given >> length of time. This will encourage people to upgrade regularly. ;-) >> The processors could also support metering. > Right; once the user loses control of what he's running, then you can > pretty much do anything you want as far as metering goes. Right you are - see below. > ObGAK question: Would this be exportable? I mean, you could be > encrypting god knows WHAT into those .exe's... Key escrow? How would > they get the key?!? I can see the headlines, "Key Escrow Database > Leaked to Pirate Firm"... :) While I am certainly not a lawyer, and even the lawyers can't tell you what is legal to export, I would guess that Big Brother would be delighted with the manufacturers of this processor. It can't be used to encrypt communications, only to decrypt software. What is more, you could control the physical processors so that exportable processors accept a different authentication key. Then, the manufacturer of the processor can take care not to authenticate any privacy enhancing programs for the export version of the processor. Free speech and constitutional issues evaporate because the processors are physical devices and not expressions of ideas. Even "better", not very many organizations in the world can afford the fab lines to manufacture a state of the art processor. So, if the G-7 countries are brought onto the reservation, it would be feasible to forbid all free processors. Peter Hendrickson ph at netcom.com P.S. Did you hear? For Christmas Big Brother is raising the chocolate ration from 30g to 20g!!! From ph at netcom.com Thu Dec 19 21:18:19 1996 From: ph at netcom.com (Peter Hendrickson) Date: Thu, 19 Dec 1996 21:18:19 -0800 (PST) Subject: Executing Encrypted Code Message-ID: At 9:20 PM 12/19/1996, Timothy C. May wrote: >> However, why not use "beacons"? The clock could have a built-in timer >> that needs to be reset once a month from an authenticated source. This >> assumes the presence of net connectivity, but that's not a terrible >> assumption. > I mentioned "beacons" in the portion of my message you did not quote here. Gack! > As for why they are not being used, they don't exist. Here's how I would do it. When the processor wants to update its clock, it generates a random number and encrypts it for the trusted time source. The trusted time source decrypts its message to get the random number. It timestamps it, encrypts it, and sends it back. This means you can't replay old time messages to keep using your old software. Is it possible to have a little clock and rechargeable battery on a chip? If so, then this technique should be easy to use. If not, then the processor can count the number of cycles it runs and use that as an approximate means of deciding when to check the time. Or, it could demand a time update every time it is power cycled. Peter Hendrickson ph at netcom.com From accthelp at expedia.com Thu Dec 19 21:24:14 1996 From: accthelp at expedia.com (accthelp at expedia.com) Date: Thu, 19 Dec 1996 21:24:14 -0800 (PST) Subject: Expedia New Member Information Message-ID: <199612200540.FAA10746@mx1.expedia.com> Welcome to Microsoft Expedia Travel Services! Below is your new membership information. Please keep this confirmation mail as a record of your Member ID and Password. Your Member ID is: cypherpunks Your Password is: cypherpunks The Expedia Internet address is: http://expedia.msn.com/ Expedia is a free service. To use the Expedia Travel Agent, you will have to type your Member ID and Password on the Sign In page. Whether for business or pleasure, Microsoft Expedia makes it easy for you to plan and purchase travel arrangements that best meet your budget and personal preferences. Expedia is on the job 24 hours a day, 7 days a week. With a click of your mouse, you can: * Reserve and purchase airline tickets * Reserve hotel rooms * Reserve rental cars * Subscribe to Fare Tracker for the lowest airfares to your favorite destinations * Research over 300 destinations in the Expedia World Guide * Chart your course with over 200 city maps * Check out the world of adventure in the Mungo Park online magazine * Catch up on the latest travel news, weather and more We look forward to fulfilling all of your travel needs. Expedia Member Services Start your travel here. http://expedia.msn.com/ From dthorn at gte.net Thu Dec 19 21:44:05 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 19 Dec 1996 21:44:05 -0800 (PST) Subject: Proof that "cypher punks" have complete degenerated... In-Reply-To: Message-ID: <32B97685.69BA@gte.net> geeman at best.com wrote: > It wasn't worth commenting on. > Appending data after the ctrl-Z as stego? > Not even worth a letter to the ed! > Dr.Dimitri Vulis KOTM wrote: > > No one even commented on the latest Dr. Dobbs issue. After seeing the initial post, I ran out to get a copy, but they were all gone. I find it hard to believe that appending data to a file is considered stego, even by a commercial publication such as Dr. Dobb's. Can anyone confirm this? I wrote an article for them in 1991 (after they printed my PC Computer Manifesto), and at that time, the editor was really keen on filling in some of the blanks left by the usual rushes to new compilers etc. that leave everyone else ignored. So they started sending me books to review. After reviewing about six books, all negatively (the books were crap), they didn't send any more books, and wouldn't respond further. I guess at the time their philosophy was something like "Yes, we live in a world of crap, so, since we have to make a living with this crap, let's deny that it's crap so we can continue to sell the stuff", etc. Kinda like *certain* c-punks, who have nothing to say, so they blame myself or Dr. Vulis for interfering with their degenerate doings on the c-punks list. My experience with several such magazines is that when a new editor comes on board, he/she stirs things up and it's interesting for awhile, but then the graft kicks in and it all goes downhill. From Adamsc at io-online.com Thu Dec 19 21:44:13 1996 From: Adamsc at io-online.com (Adamsc) Date: Thu, 19 Dec 1996 21:44:13 -0800 (PST) Subject: Proof that "cypher punks" have complete degenerated... Message-ID: <19961220060046578.AAA84@gigante> On Thu, 19 Dec 1996 04:24:14 +0000, geeman at best.com wrote: >It wasn't worth commenting on. >Appending data after the ctrl-Z as stego? >Not even worth a letter to the ed! >> No one even commented on the latest Dr. Dobbs issue. I know - I was amazed that made it into the issue. It's almost amazing that someone would go to such effort to do this and miss all the [IMHO] easier ways. Simply astounding... # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From frantz at netcom.com Thu Dec 19 21:48:36 1996 From: frantz at netcom.com (Bill Frantz) Date: Thu, 19 Dec 1996 21:48:36 -0800 (PST) Subject: Code+Data separation In-Reply-To: Message-ID: At 12:08 PM -0800 12/19/96, Peter Hendrickson wrote: >Are there any modern processors which keep the code and data separated? Many modern processors keep separate L1 caches for code and data. Sparc architecture requires a special instruction to say, "I have just used data operations to change this part of the program." I assume that program fetchers and linkers must use this instruction. Keeping separate main memory makes program loading and in-memory dynamic linking hard. The linker's data is the processor's program. ------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA From frantz at netcom.com Thu Dec 19 21:48:42 1996 From: frantz at netcom.com (Bill Frantz) Date: Thu, 19 Dec 1996 21:48:42 -0800 (PST) Subject: Executing Encrypted Code In-Reply-To: Message-ID: At 12:08 PM -0800 12/19/96, Peter Hendrickson wrote: >If each chip has a unique public/secret key pair, and executes >authenticated code only, there are some interesting implications. > >Software piracy becomes difficult, if not impossible. Code is sold >on a processor by processor basis. Code for a different physical >processor cannot be decrypted or executed. This makes backup hard. That is the rock the routine copy protection hit up against. There were many, me included, who simply said, "If your product is copy protected then I will buy from your competitor." >Viruses are not feasible if the authentication is strong. So is user written code, public domain code etc. If there is an un-encrypted mode for that kind of code, then viruses again become possible. ------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA From dthorn at gte.net Thu Dec 19 22:09:06 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 19 Dec 1996 22:09:06 -0800 (PST) Subject: Nuke the Whales! In-Reply-To: <199612191853.LAA06104@infowest.com> Message-ID: <32BA31CE.7B64@gte.net> attila at primenet.com wrote: > blanc: > you know, the last time one of them fuzzy weird colored things, > you know, the kind which is always crawling around the edge of any > gathering with stick signs and chanting, ...well, the other day one > them things accidently crossed my sights, and my whole trigger hand > went into an involuntary spasm. > ...well, the judge he told me to take my medication and > dismissed the charges. As I thanked the judge and reminded him of > the meeting tonight, I remembered the fuzzy little thing's last > words: "...Tax the Rich." > ...you know, that fuzzy little thing really looked like that > city slicker flatlander what up here last month --Dale or somethin' > like it! I spent part of my growing up years in Leroy West Virginia, pop. about 15, give or take. I know about hillbillies, and I know about guns. If you had the impression I am a whiner, or that that defines me as a person, you're about as clueful as the other old farts who attack people they don't know anything about. Note I said if, in case you decide to repent sometime... By the way, did you think that part about people supporting licensing was pretty scary? You know, people who are pretty well off don't like to live in fear of gangs and stuff like that, and since those people who have most of the money also have most of the power, it seems to me they could pull it off. Now, you might be able to hide for a while if you're clever enough and lucky enough, but I think some of them rich folk gonna wanna trade some of their fear for some of yours, if you know what I mean, and I think you do. From svmcguir at syr.edu Thu Dec 19 22:27:26 1996 From: svmcguir at syr.edu (Scott V. McGuire) Date: Thu, 19 Dec 1996 22:27:26 -0800 (PST) Subject: Executing Encrypted Code In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 19 Dec 1996, Timothy C. May wrote: > At 7:34 PM -0800 12/19/96, Peter Hendrickson wrote: > > >You could also timestamp the software so that it only runs for a given > >length of time. This will encourage people to upgrade regularly. ;-) > > Or to reset their clocks. Which is what many of us do when software is > about to "expire." > > (The issue of enforcing "digital time delays" is an interesting one. > Usually this necessitates some variant of "beacons," presumably on the Net, > as the local clock can of course not be trusted or counted upon to be > accurate. I wrote a couple of articles on this several years ago...I'll see > if I can find them if there's interest.) > > --Tim May > > Just say "No" to "Big Brother Inside" > We got computers, we're tapping phone lines, I know that that ain't allowed. > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^1398269 | black markets, collapse of governments. > "National borders aren't even speed bumps on the information superhighway." > > > Just off the top of my head, the chips could come connected to a battery to maintain an internal clock and be configured to stop functioning if it is ever disconnected. Since the life expectancy of one generation of a cpu is so short now, limiting the life of a chip to that of a battery is not much of a problem. Also, if these are given away as was suggested, the fact that a dead battery would kill your computer is no big deal. <<<< NOTE CHANGE IN WHO'S BEING QUOTED >>>> On Thu, 19 Dec 1996, Peter Hendrickson Wrote: > ... stuff deleted ... > The manufacturer of the encrypted-code processor would protect its > instruction set using intellectual property law. Given the high > price of a fab, it is entirely feasible to stop anybody from building > a new architecture which can execute the code about as fast as > the encrypting-code processor. > It seems to me that this is where this scheme would be broken. Have intellectual property laws been (successfully) used in this way? And even if so, would they be enforced in all the countries where the chips might be fabricated? > > Peter Hendrickson > ph at netcom.com > - -------------------- Scott V. McGuire PGP key available at http://web.syr.edu/~svmcguir Key fingerprint = 86 B1 10 3F 4E 48 75 0E 96 9B 1E 52 8B B1 26 05 -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBMro1I97xoXfnt4lpAQHD9gQAo0rwSzXmo8Qu46auFGhcp6RaWDDwxHtS SZNoy2L3VVVECgNb+wuHSdHlPCdocK/sWzncmg4DSipa81r4cUK/8hIbvEJp+rRz qS6vs2VpxEMaTLUA+RS82Bc/c99b3AjGtjf55uYdgVIbGfH4Tnqc1yvzDcP03G// mVVQTga4lHA= =gXr8 -----END PGP SIGNATURE----- From ph at netcom.com Thu Dec 19 22:57:15 1996 From: ph at netcom.com (Peter Hendrickson) Date: Thu, 19 Dec 1996 22:57:15 -0800 (PST) Subject: Executing Encrypted Code Message-ID: At 9:52 PM 12/19/1996, Bill Frantz wrote: >At 12:08 PM -0800 12/19/96, Peter Hendrickson wrote: >> If each chip has a unique public/secret key pair, and executes >> authenticated code only, there are some interesting implications. >> Software piracy becomes difficult, if not impossible. Code is sold >> on a processor by processor basis. Code for a different physical >> processor cannot be decrypted or executed. > This makes backup hard. That is the rock the routine copy protection hit > up against. There were many, me included, who simply said, "If your > product is copy protected then I will buy from your competitor." No, you can backup just as much as many times as you like. The code isn't stored on the chip permanently, it is only decrypted there. There is a similar problem, though. If your processor dies you could lose your software library. There are ways to mitigate this. One is for the vendors to just trust people and reissue the code to a new processor. Of course, you track how often you have to do this. Or, you could turn in the broken processor and have the manufacturer certify that it was turned in to the software vendors and that a new version of the software should be generated. This might not be so important if you generally pay for metered software. >> Viruses are not feasible if the authentication is strong. > So is user written code, public domain code etc. If there is an > un-encrypted mode for that kind of code, then viruses again become > possible. User written code is harder to arrange, it is true. You might have a way to execute non-authenticated code but at a speed comparable to an emulator. Or, you might just have another computer for running your own code. Right now it is not uncommon for a software library to exceed the value of the machine. It might actually be economical to have two machines if one of them can support a rich software library which doesn't cost as much money because it can't be pirated. Free software is still possible to run at full speed, but it has to be authenticated. The free software writer just has to do whatever the software vendor had to do to get it okayed. This makes it harder to release free software, but the effort is still a small fraction of the work required to build a significant application. Getting it to execute for particular processors is easy. You could release a piece of software which takes code and encrypts it for your particular hunk of silicon. If you could offer otherwise free software for, say, $20 and know that everybody using it will pay, many people might consider that to be a great deal. Right now the mechanisms of moving the software are too expensive to really make it feasible for something under $20. Development might be a bit tricky, but there are workable solutions. The manufacturer could release special processors which have an additional authentication mechanism for software developers which is specific to each developer. They could authenticate code to run on their own machine, but not on anybody else's. This does make it possible for software developers to pirate software (if the can get a secret key), but if the number of development processors is low, this could be manageable. If the environment was well defined, you could conceivably develop in a high level language on one platform, but deploy for sale on the decrypting-processor platform. Peter Hendrickson ph at netcom.com From ph at netcom.com Thu Dec 19 23:21:24 1996 From: ph at netcom.com (Peter Hendrickson) Date: Thu, 19 Dec 1996 23:21:24 -0800 (PST) Subject: Executing Encrypted Code Message-ID: At 1:41 AM 12/20/1996, Scott V. McGuire wrote: >On Thu, 19 Dec 1996, Peter Hendrickson Wrote: >> The manufacturer of the encrypted-code processor would protect its >> instruction set using intellectual property law. Given the high >> price of a fab, it is entirely feasible to stop anybody from building >> a new architecture which can execute the code about as fast as >> the encrypting-code processor. > It seems to me that this is where this scheme would be broken. Have > intellectual property laws been (successfully) used in this way? I don't know, but I bet it would be possible to arrange if there was support for it. Or, maybe the instruction set itself remains a trade secret. Sure, it could leak out, but aren't there laws against industrial espionage? (If the instruction set was secret, the manufacturer might have to provide a compilation service.) > And even if so, would they be enforced in all the countries where the > chips might be fabricated? Yes, if the laws exist they would be easy to enforce. What does a state-of-the-art fab cost now? $5 billion? $10 billion? I was generous when I said "G-7". Which countries can really compete in this market? The U.S. and Japan, I believe. There is no reason to rule out extra-legal pressure, either. The USG appears to have played the policeman in supporting the DRAM market in an informal way. It would be very easy to have a chat with the Japanese government about the importance of stopping software piracy. Peter Hendrickson ph at netcom.com From dthorn at gte.net Thu Dec 19 23:35:28 1996 From: dthorn at gte.net (Dale Thorn) Date: Thu, 19 Dec 1996 23:35:28 -0800 (PST) Subject: "Cypher punks'" sexual preferences In-Reply-To: Message-ID: <32BA4609.3EE8@gte.net> Dr.Dimitri Vulis KOTM wrote: > Mark Allyn 206-860-9454 writes: > > I am gay. > Mazal Tov. So are John Gilmore and Jason Durbin. The problem with the "I am" portion of the above is it's not a whole lot more defining than "I am" a federal agent, or "I am" a religious zealot, or "I am" a cryptologist. If you're a "man" or a "woman", chances are most people will know that for sure, in person that is. But when a person says "I'm gay", how do you know it's true? Maybe they just wanna play gay, to get better acceptance on the c-punks list. Used to be, "gay" was something different, i.e., "The child who's born on the sabbath day, is bonnie and blithe, and good and gay". What have they done to my language.... From vangelis at pnis.net Fri Dec 20 01:26:27 1996 From: vangelis at pnis.net (Vangelis) Date: Fri, 20 Dec 1996 01:26:27 -0800 (PST) Subject: Credentials without Identity--Race Bits In-Reply-To: <1.5.4.32.19961220040241.003a6284@popd.ix.netcom.com> Message-ID: <32BA5ABE.64F2@pnis.net> Bill Stewart wrote: > I've heard that in less civilized parts of the world you're actually > required to carry government-issued ID cards to walk down the street > or fly on airplanes. Umm.. tried to get on a flight without having ID lately? Doesn't work - against policy. Anti-terrorism policy and all.. it's for your own safety, of course. -- Vangelis /\oo/\ Finger for public key. PGP KeyID 1024/A558B025 PGP Fingerprint AE E0 BE 68 EE 7B CF 04 02 97 02 86 F0 C7 69 25 Life is my religion, the world is my altar. From tcmay at got.net Fri Dec 20 11:04:38 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 20 Dec 1996 11:04:38 -0800 (PST) Subject: Ebonics Message-ID: In order to remain compliant with the new California law requiring increased use of "Ebonics," the new academic name for "Black English" (and known by honkey mofos as "ghetto jive"). Apparently the coloreds have had enough of "standard English" and its repression of their culture. To meet the requirements of this new law, 10% of my posts from now on will be written as best I can manage in the Ebonic language. Switching to Ebonics: De honks be chimin.' Code be fly! I's huffa be gots to be sizing, bitch. PGP 3 be dope, nuffin but bad! I be axing you if it be outa honkeyland or outa Afrika? Dat bitch Reno be sayin' it be 'legal be usin' dope 'warez. Day be hos. --a melanin-challenged honkey mofo Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dlv at bwalk.dm.com Fri Dec 20 11:05:30 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 20 Dec 1996 11:05:30 -0800 (PST) Subject: Proof that "cypher punks" have complete degenerated... In-Reply-To: <32B97685.69BA@gte.net> Message-ID: <3qm9yD15w165w@bwalk.dm.com> Dale Thorn writes: > geeman at best.com wrote: > > It wasn't worth commenting on. > > Appending data after the ctrl-Z as stego? > > Not even worth a letter to the ed! > > > Dr.Dimitri Vulis KOTM wrote: > > > No one even commented on the latest Dr. Dobbs issue. > > After seeing the initial post, I ran out to get a copy, but they were > all gone. I find it hard to believe that appending data to a file is > considered stego, even by a commercial publication such as Dr. Dobb's. > Can anyone confirm this? I agree that Dr.Dobb's ain't what it used to was (they mention that Bruce Scheneier is a contributing editor - a bad sign), but this issue was worth getting. 1. A very interesting interview with Eva Bozoki, chief scientist as Digital Secure Networks Technology. Among other fascinating stuff she complains about export controls. 2. "The RIPEMD-160 Cryptographic Hash Function" (with C source code). 3. A nice article explaining Reed-Solomon error correction, with nice-looking C source code. 4. An announcement of a free compression library (the article only discusses the APIs, not the internals). 5. A discussion on hooking system calls in WinNT, allowing a program to monitor system activity. 6. "Steganography for DOS programmers." Yes, it suggests putting data to be hidden after a ctrl-Z, which hardly qualifies as stego, IMO. Not a good article. 7. An article on extended MAPI 1.0 (I was looking for a place for crypto hooks), announcing some inetersting code. 8. A discussing of publishing databases on the internet, including payment systems. 9. A discussion if fractal-based compression (again, API's, not the guts). Other interesting stuff with no crypto-relevance. ... > I guess at the time their philosophy was something like "Yes, we live > in a world of crap, so, since we have to make a living with this crap, > let's deny that it's crap so we can continue to sell the stuff", etc. > Kinda like *certain* c-punks, who have nothing to say, so they blame > myself or Dr. Vulis for interfering with their degenerate doings on > the c-punks list. Byte magazine used to be very useful from the beginning to about '86, when it turned into another Ziff-Davis clone. I have most of the issues from that time filed somewhere. It's still relevant. I guess good publications don't survive in the free market environment. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From privsoft at ix.netcom.com Fri Dec 20 11:06:18 1996 From: privsoft at ix.netcom.com (Steve O) Date: Fri, 20 Dec 1996 11:06:18 -0800 (PST) Subject: Test files for encryption Message-ID: <1.5.4.16.19961220143414.3e4ffbb8@popd.ix.netcom.com> Can someone point me to any standard files that are used when testing encryption strength. Iie i'm looking for a gourp of files that may have been used by an agency or Internet group in the past that when encrypted were tested for byte frequency etc. as well as cryptoanalytic atacks. thanks in advance. steveo privsoft at ix.netcom.com From AwakenToMe at aol.com Fri Dec 20 11:36:13 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Fri, 20 Dec 1996 11:36:13 -0800 (PST) Subject: Executing Encrypted Code Message-ID: <961220133919_169266741@emout13.mail.aol.com> In a message dated 96-12-20 03:30:46 EST, you write: << > >You could also timestamp the software so that it only runs for a given > >length of time. This will encourage people to upgrade regularly. ;-) > >> If anyone thinks it is anything but trivial to track down a call for time/date and a comparison of the two.. and then overwrite the area with some nop's to make sure the address jumps come out the same.. your sadly mistaken =-} From dlv at bwalk.dm.com Fri Dec 20 11:36:19 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 20 Dec 1996 11:36:19 -0800 (PST) Subject: "Cypher punks'" sexual preferences In-Reply-To: <32BA4609.3EE8@gte.net> Message-ID: Dale Thorn writes: > Dr.Dimitri Vulis KOTM wrote: > > Mark Allyn 206-860-9454 writes: > > > I am gay. > > > Mazal Tov. So are John Gilmore and Jason Durbin. > > The problem with the "I am" portion of the above is it's not a whole lot > more defining than "I am" a federal agent, or "I am" a religious zealot, > or "I am" a cryptologist. > > If you're a "man" or a "woman", chances are most people will know that > for sure, in person that is. But when a person says "I'm gay", how do > you know it's true? Maybe they just wanna play gay, to get better > acceptance on the c-punks list. > > Used to be, "gay" was something different, i.e., "The child who's born > on the sabbath day, is bonnie and blithe, and good and gay". What have > they done to my language.... The soldarity displayed by the likes of A.Bostick, Jason Durbin (slothrop), and John Gilmore is truly remarkable. These people don't care what the commotion is all about: if one of their kind needs support, he'll get it in form of obscenities and spam directed at his "enemies". --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From frantz at netcom.com Fri Dec 20 11:38:14 1996 From: frantz at netcom.com (Bill Frantz) Date: Fri, 20 Dec 1996 11:38:14 -0800 (PST) Subject: Executing Encrypted Code In-Reply-To: Message-ID: At 11:16 PM -0800 12/19/96, Peter Hendrickson wrote: >At 9:52 PM 12/19/1996, Bill Frantz wrote: >>At 12:08 PM -0800 12/19/96, Peter Hendrickson wrote: >>> If each chip has a unique public/secret key pair, and executes >>> authenticated code only, there are some interesting implications. > >>> Software piracy becomes difficult, if not impossible. Code is sold >>> on a processor by processor basis. Code for a different physical >>> processor cannot be decrypted or executed. > >> This makes backup hard. That is the rock the routine copy protection hit >> up against. There were many, me included, who simply said, "If your >> product is copy protected then I will buy from your competitor." > >No, you can backup just as much as many times as you like. The code >isn't stored on the chip permanently, it is only decrypted there. > >There is a similar problem, though. If your processor dies you could >lose your software library. There are ways to mitigate this. One is >for the vendors to just trust people and reissue the code to a new >processor. Of course, you track how often you have to do this. > >Or, you could turn in the broken processor and have the manufacturer >certify that it was turned in to the software vendors and that >a new version of the software should be generated. I meant processor backup of course. When my processor breaks at 2AM and I need to get the report out by 8AM, I'm going to call the software support line and get help. Or the friendly hardware manufacturer is going to come right out and certify my processor is dead. Come on and get real. With most software vendors I can't even submit a bug report. Note that I am not saying there is a technical problem here. I do see big problems with infrastructure and marketing. The last time software companies tried to market copy protection, it failed in the market place. I predict that encyphered instruction streams will too, and for the same reasons. ------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA From jazzmin at ou.edu Fri Dec 20 11:38:49 1996 From: jazzmin at ou.edu (Jazzmin Belle Sommers) Date: Fri, 20 Dec 1996 11:38:49 -0800 (PST) Subject: Executing Encrypted Code Message-ID: <32bad01e16c5002@cliff.ou.edu> >>>> You could also timestamp the software so that it only runs for a given >>>> length of time. This will encourage people to upgrade regularly. ;-) >>> Or to reset their clocks. Which is what many of us do when software is >>> about to "expire." >>However, why not use "beacons"? chop chop chop I have been using some shareware that simply has a built-in counter. Once the counter runs out, you have to register. I would suppose that one could hack the code to find the counter, assuming you could decompile it (or wanted to). Personally I think this is a decent solution to the problem -- the counter on this particular software let you use it 50 times. That's adequate to determine whether you want to keep it or not. Of course, if you saved the .zip file to disk before you installed it, you could delete the copy and reinstall the .zip. But everyone knows this. Jazzmin Sommers From paul at fatmans.demon.co.uk Fri Dec 20 11:39:15 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Fri, 20 Dec 1996 11:39:15 -0800 (PST) Subject: Securing ActiveX. Message-ID: <851098860.921944.0@fatmans.demon.co.uk> > Armenians are murderous cowards. They killed over 2 million Moslems in > this century alone - mostly women and children. I note that along with this racist generalisation you decided to post the following rant: >As usual, Timmy May spouts racist, anti-Semitic shit. As usual, he has >no idea what he's talking about. So what else is new... As well as a number of other rants along those lines. There is little difference between over generalisations of the kind you made above and, for example, discriminating against someone on the basis of race, colour, religion etc. Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey" From tcmay at got.net Fri Dec 20 11:39:21 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 20 Dec 1996 11:39:21 -0800 (PST) Subject: Credentials without Identity--Race Bits In-Reply-To: <1.5.4.32.19961220040241.003a6284@popd.ix.netcom.com> Message-ID: At 1:22 AM -0800 12/20/96, Vangelis wrote: >Bill Stewart wrote: >> I've heard that in less civilized parts of the world you're actually >> required to carry government-issued ID cards to walk down the street >> or fly on airplanes. > >Umm.. tried to get on a flight without having ID lately? Doesn't work - >against policy. Anti-terrorism policy and all.. it's for your own >safety, of course. At the risk of undercutting Bill's facetiousness, this was of course precisely his point. (Note: To a lot of us, even seeing the English form "I've heard that in less civilized countries...." is almost a direct cue that a facetious (tongue in cheek, ironic, etc.) remark is about to follow.) I've heard that in less civilized countries, the same cues for irony may not be widely known. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From hal at rain.org Fri Dec 20 11:39:24 1996 From: hal at rain.org (Hal Finney) Date: Fri, 20 Dec 1996 11:39:24 -0800 (PST) Subject: Executing Encrypted Code Message-ID: <199612201543.HAA02076@crypt.hfinney.com> From: Ben Byer > [Quoting Peter Hendrickson:] > > The software vendor would be wise to check that the public key was > > legal. It would be a simple matter for the manufacturer to publicize > > all public keys that had been installed on chips. > > The manufacturer is going to publish a list of ALL of the public keys? > We're talking one key per chip, right? Isn't that an AWFUL lot of > keys, like, in the millions range? Probably an easier way would be for the chip manufacturer to issue a key certificate (signature) on the chip keys. Then it is a trivial matter for any software manufacturer to verify that a proferred chip key is legit; just check the cert. > > One approach is for the manufacturer to authenticate software submitted > > by approved vendors. The vendors are then tasked with encrypting it > > for the correct processor. > > I'm not sure the "approved" bit would go over too well... one idea > would be to license the compiler writers, who would build the > encryption into compilers. It's still not horribly great, but > better. Hey, it's a free world, right? Some people only run authenticated code from big companies; other people turn off the authentication bit in the CPU and can run any old thing they stumble across on the net. Everybody's happy. The first group doesn't have to worry about viruses, or at least they have somebody to sue if they see one, and the second group gets to run all the freeware and PD code they can today. > Right; the only reason I could see people using this would be for > economical reasons. Yes, I think this is a point often missed in these discussions. People say, why would I want a CPU which will limit the software I can run, something which will let a software maker give me a version of his program which will only run on my CPU and which I have no ability to share with others? What's in it for me? The answer presumably is that the software manufacturer will sell software with such limits for much less than he will sell unlimited software. That's because software piracy is such a major problem, and this way he can be protected against piracy from this copy of his program. So people with these CPU's can buy their software a lot cheaper. Now if you only use pirated software anyway, which you get for free, then obviously this is not much of an incentive. It is only for people who pay for their software. But that is a significant market. Of course the big downside is that the track record of tamper resistant hardware has not been too strong lately! If a system like this gets into widespread use and somebody finds out that shooting X-rays at the chip exposes its secret key, you've got a big problem. Hal From dthorn at gte.net Fri Dec 20 11:39:36 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 20 Dec 1996 11:39:36 -0800 (PST) Subject: Nuke the Whales! In-Reply-To: <199612201150.EAA01646@infowest.com> Message-ID: <32BAB239.BF1@gte.net> attila at primenet.com wrote: > Oh, come on, Dale. loosen up and recognize satire when you see it. > satire is a far cry from sarcasm, and although it may appear to > have a victim, it is more of a social comment in general. > good sarcasm can even tell stories which are bald faced lies and > still not be dishonest --caveat emptor. I enjoy the occasional moments of humor here, even when it doesn't show. Do you play poker well? One thing I like to do myself is switch sides and taunt the subscribers with "what's gonna happen when Hillary wins", and stuff of that nature. The part that's both hilarious (no pun intended) and very scary is that it really could happen. Enjoy your life while you still have the chance (hee hee). From jya at pipeline.com Fri Dec 20 11:39:41 1996 From: jya at pipeline.com (John Young) Date: Fri, 20 Dec 1996 11:39:41 -0800 (PST) Subject: Key Escrow Rule Message-ID: <1.5.4.32.19961220160831.006a4f7c@pop.pipeline.com> The Federal Register of December 13, 1996 has published "Licensing of Key Escrow Encryption Equipment and Software" This parallels the draft regulations for encryption export provided by Steptoe & Johnson on December 11 but sets provisions specifically for key escrow products. We've put it at: http://jya.com/ke121396.htm (39 kb) Here are excerpts from the opening: ----------------------------------------------------------------------- This interim final rule amends the Export Administration Regulations (EAR) by imposing national security controls on Key escrow information security (encryption) equipment and software transferred from the U.S. Munitions List to the Commerce Control List following a commodity jurisdiction determination by the Department of State. This interim final rule also amends the EAR to exclude key escrow items from the de minimis provisions for items exported from abroad and to exclude key escrow encryption software from mass market eligibility. Further, key escrow encryption software is subject to the EAR even when made publicly available. ... Once transferred, key escrow encryption items will be controlled for national security reasons. A license will be required from the Department of Commerce to all destinations, except Canada. This is an initial step in liberalizing the treatment of encryption exports. The Bureau of Export Administration is preparing regulations to further implement the Administration's encryption policies, which will be published in the Federal Register in the near future. ... From jya at pipeline.com Fri Dec 20 11:39:51 1996 From: jya at pipeline.com (John Young) Date: Fri, 20 Dec 1996 11:39:51 -0800 (PST) Subject: BXA Crypto Meeting Message-ID: <1.5.4.32.19961220162515.00681b90@pop.pipeline.com> Federal Register: December 12, 1996 ----------------------------------------------------------------------- Bureau of Export Administration Information Systems, Technical Advisory Committee; Notice of Partially Closed Meeting A meeting of the Information Systems Technical Advisory Committee will be held January 7 & 8, Room 1617M-2, in the Herbert C. Hoover Building, 14th Street between Constitution and Pennsylvania Avenues, NW., Washington, DC. This Committee advises the Office of the Assistant Secretary for Export Administration with respect to technical questions that affect the level of export controls applicable to information systems equipment and technology. January 7 General Session 9:00 a.m.-12:00 p.m. 1. Opening remarks by the Chairmen. 2. Presentation on Office of Exporter Services outreach program. 3. Update on status of Export Administration Regulations. 4. Public discussion on encryption issues. 5. Other comments or presentations by the public. Closed Session 6. Discussion of matters properly classified under Executive Order 12958, dealing with U.S. export control programs and strategic criteria related thereto. January 8 Closed Session 7. Discussion of matters properly classified under Executive Order 12958, dealing with U.S. export control programs and strategic criteria related thereto. The General Session of the meeting is open to the public and a limited number of seats will be available. To the extent time permits, members of the public may present oral statements to the Committee. Written statements may be submitted at any time before or after the meeting. However, to facilitate distribution of public presentation materials to the Committee members, the Committee suggests that public presentation materials or comments be forwarded at least one week before the meeting to the address listed below: Ms. Lee Ann Carpenter, TAC Unit/OAS/EA, Room 3886C, Bureau of Export Administration, U.S. Department of Commerce, Washington, DC 20230 Dated: December 6, 1996. From michael.tighe at Central.Sun.COM Fri Dec 20 11:39:53 1996 From: michael.tighe at Central.Sun.COM (Michael Tighe SUN IMP) Date: Fri, 20 Dec 1996 11:39:53 -0800 (PST) Subject: Bernstein (export laws unconstitutional) decision update In-Reply-To: <199612192112.NAA28059@toad.com> Message-ID: <199612201536.JAA15195@jeep.Central.Sun.COM> John Gilmore writes: >After further consultations with the attorneys, we are not sure >whether the decision has nationwide impact or whether it is limited >to the Northern District of California (which includes SF and Silicon >Valley). Your Mileage May Vary -- check with your lawyer. The decision itself says it only applies to Bernstein, and then only for source code. From nobody at huge.cajones.com Fri Dec 20 11:40:03 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Fri, 20 Dec 1996 11:40:03 -0800 (PST) Subject: Life with Dale Message-ID: <199612201454.GAA26329@mailmasher.com> :From: Dale Thorn :I spent part of my growing up years in Leroy West Virginia, pop. :about 15, give or take. I know about hillbillies, and I know about :guns. :If you had the impression I am a whiner, or that that defines me as a :person, you're about as clueful as the other old farts who attack :people they don't know anything about. Name one thing Dale has not experienced. From aaron at burn.ucsd.edu Fri Dec 20 11:40:23 1996 From: aaron at burn.ucsd.edu (Aaron) Date: Fri, 20 Dec 1996 11:40:23 -0800 (PST) Subject: Solidarity with Peruvian Guerrilla! Message-ID: ** See list of useful Web sites at end of this post! ** Companer at s, I am writing this while I am tired and should be asleep, since I think that this matter is too urgent to delay. I apologize for any careless formulations. By now, you all know that the Peruvian guerrilla group MRTA (Movimiento Revolucionario Tupac Amaru) has occupied the mansion of the Japanese ambassador in Lima and is holding several hundred prisoners. Unless you are in an unusual part of the world, you also have seen how the bourgeois media are discussing the matter as a problem of how to deal with 'terrorists.' For the working people and all the oppressed and exploited of the world, and for socialists, communists, and anarchists, the seizure of the ambassador's residence along with about 400 bourgeois dinner guests is a great accomplishment. It is a blow against the terrorism of the Peruvian state and its imperialist patrons! Those captured in the raid include many members of the Peruvian and international ruling elite, including the head of Peru's secret police! It will be politically very difficult for the Peruvian state to launch a military attack as a means of resolving the crisis, since that would create quite a few 'illustrious corpses' and lead to a falling out among bourgeois sectors.. (And it would be difficult to get the world's poor majority to join the bourgeoisie in mourning its dead!) It seems that there is already a falling out between Fujimori and the Japanese over Fujimori's refusal, so far, to negotiate. It is very important that the situation in Lima not be resolved in a way that can be seen as a victory for the bourgeoisie. It is our task to publicize who the real criminals are in Peru and to help wring concessions from the Peruvian dictatorship. In particular, we should demand the release of all political prisoners and prisoners of war from Peru's hideous torture-chamber prisons. In this context, let's not get involved in sectarian battles among the various factions of Peru's anti-government left. Whatever differences the groups have, and these are very serious, we must keep in mind that the Peruvian state and its imperialist backers (in Washington, Tokyo, London, Bonn, etc.) are the main enemy. All political prisoners must be released, whether of MRTA, the PCP (Shining Path) or neither. Thanks to the widespread publicity given to the events in Lima, many more people will be interested in what we have to say about Peru than normally would. Let's organize demonstrations at Peruvian Embassies, Consulates, airline offices, etc. Let's raise our voices in whatever forum may be available to defend the heroic guerrillas and to denounce the real terrorists. --In solidarity, --Aaron P.S. Plans are being made for a demonstration at the Peruvian Consulate in San Francisco, California -- probably on Monday, December 23. If you live in the area, please send me an e-mail message. Otherwise, do what you can in your area! SOME USEFUL WEB SITES: Web site on the current crisis: What Are The Goals Of Your Embassy Occupation? -- Interview With Norma Velazco, Representative Of The Tupac Amaru Revolutionary Movement (MRTA) In Peru: Partial list of hostages: MRTA's web site in Europe: Lima's best bourgeois newspaper (in Spanish): http://ekeko.rcp.net.pe/LaRepublica/ From adam at homeport.org Fri Dec 20 11:40:45 1996 From: adam at homeport.org (Adam Shostack) Date: Fri, 20 Dec 1996 11:40:45 -0800 (PST) Subject: Credentials without Identity--Race Bits In-Reply-To: <32BA5ABE.64F2@pnis.net> Message-ID: <199612201329.IAA00716@homeport.org> Vangelis wrote: | Bill Stewart wrote: | > I've heard that in less civilized parts of the world you're actually | > required to carry government-issued ID cards to walk down the street | > or fly on airplanes. | Umm.. tried to get on a flight without having ID lately? Doesn't work - | against policy. Anti-terrorism policy and all.. it's for your own | safety, of course. Yep. Sucseeded, twice. Once, having made jokes about smuggling cocaine. Given the poor state of FAA modelling of their threat, I'm not going to discuss the loopholes that I found, since the FAA will simply close them, without bothering to wonder about the security implications. I will note that you can't get on board with checked luggage, and also note that the rules are probably subject to a FOIA request. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From nobody at replay.com Fri Dec 20 11:40:48 1996 From: nobody at replay.com (Name Withheld by Request) Date: Fri, 20 Dec 1996 11:40:48 -0800 (PST) Subject: Dale defends free society from the NSApunks (was Re: Encryption ? Message-ID: <199612201325.OAA03035@basement.replay.com> I thought this was so funny I've saved it. Perhaps we could vote on the quality of Dale's ideas and arrive at an estimate of the proportion of NSA supporters on the list. THE AKOND OF SWAT :Date: Thu, 19 Dec 1996 07:36:03 -0800 :From: Dale Thorn :To: SHARK :Cc: cypherpunks at toad.com :Subject: Re: Encryption ? : :SHARK wrote: :> :> I am a Mathematic student at Bosphorus University in Turkey. :> I am interested in both computer applications and mathematical base of :> encryption.Where can I find this kind of staff on internet. :> Is it necessary to have high level of mathematical background in order to :> deal with encryption?? :> :> By the way Is there any member of this list from Turkey? : :There are a lot of NSA people here on cypherpunks, and they try very :hard to control encryption, to make everyone think it is difficult, to :discourage independent inquiry. : :That is the main reason they accuse people of being snakeoil vendors, :to discourage people from inquiring about really new ideas, like some :of my ideas for example. : :Just so you know.... From attila at primenet.com Fri Dec 20 11:42:28 1996 From: attila at primenet.com (attila at primenet.com) Date: Fri, 20 Dec 1996 11:42:28 -0800 (PST) Subject: Nuke the Whales! In-Reply-To: <32BA31CE.7B64@gte.net> Message-ID: <199612201150.EAA01646@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- Oh, come on, Dale. loosen up and recognize satire when you see it. satire is a far cry from sarcasm, and although it may appear to have a victim, it is more of a social comment in general. good sarcasm can even tell stories which are bald faced lies and still not be dishonest --caveat emptor. == I'll get a life when it is proven and substantiated to be better than what I am currently experiencing. --attila -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMrp8kr04kQrCC2kFAQHYVwP/QwNZCVr034lH/yuJqanEc4aGeoKbJOwh 73yKSyOTRUI0Fll5X8Q8mgHGdMbN9TJTke3zstYztSe5MY5vrJnGGIPWTIIkQmXn QYmNdNE4X0Ytaum32MEkbybi9VxmIZYEuD49dAAShKdQWMacWE6YnxAzKyYGi5Rp T1iaYRdcZo8= =p0Vu -----END PGP SIGNATURE----- From attila at primenet.com Fri Dec 20 11:42:38 1996 From: attila at primenet.com (attila at primenet.com) Date: Fri, 20 Dec 1996 11:42:38 -0800 (PST) Subject: some clarification of jurisdiction in Berstein (long) Message-ID: <199612201141.EAA01559@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- the question: ::I've seen two other reports (one from NBC) that say the ruling ::only covers the one federal district. ::Any lawyers want to clarify? The caveat: the following is a personal opinion and is not, in any way, to be considered either legal opinion or legal advice. Hire an attorney who specializes in these issues before you do anything rash which might qualify you for three hots and a cot. Basically, jurisdiction is all a question of who wants to honor whose decision until a higher level either affirms or rejects the lower court ruling (or sends it back w/o a full ruling but requiring a review of some part of the decision by the lower court). Generally speaking, the decision is valid for the Northern District of California, but a Federal district judge anywhere in the U.S. can make a concurring decision based on citing Judge Patel's decision that source code is protected under Amendment 1. In other words, the cite is valid anywhere, and can be used as the basis of a decision. Likewise, another district judge somewhere in the U.S. can issue a contrary ruling, still citing Judge Patel's ruling, but disagreeing with its tenants; or even ignore the decision and forge new ground. The basic rule of thumb is each federal judge is 'Judge Roy Bean, Law West of the Pecos' in his own courtroom, and able to virtually ignore even USSC rulings by claiming the action is not the same for some silly reason. He may be reversed on appeal... As for Judge Roy Bean, there have been a number who might qualify for the type in the Ninth Circuit who come to mind: Manny Real in LA, Hadder in LA, Foley in Vegas, and one in El Paso (whose name escapes me --maybe Peck), who was assassinated, probably by the drug trade, about 20 years ago. These are mavericks with a high percentage of cases reversed on appeal. Two of the four are of questionably diminished mental abilities, one was of questionable ethics, and one is just plain nuts --or at least off the wall (IMHO). I have not read the full Bernstein decision as yet, but I understand there are a fair number of unresolved issues such as binary objects. This again can spawn additional test cases, either by someone challenging the issue as Bernstein challenged the source code, which I consider was the correct decision as anyone can read source --understanding source code may be more difficult than reading a bad Russian translation of the nuances in Alice in Wonderland for some... (your mileage may vary...) Leaving government appeals out of the equation, if there are two or more district courts within an appeals circuit, whose fundamental opinion: 'source code is protected under Amendment 1 rights' do not agree, the obvious step is for the Ninth Circuit Court of Appeals, either by a 3 judge panel, or a full court review, to take jurisdiction and decide which of the two opinions suits their fancy. If a 3 judge panel does not give the decision expected, there is also a possible review by a full court on the motion of either party. Now, suppose the Ninth Circuit affirms Judge Patel. At that point every district court within the jurisdiction of the Ninth Circuit uses the Bernstein case as a given, an affirmed precedent; the rulings will reflect that unless some clever clown adds a twist and the judge falls for it. Again, setting aside appeals, there are multiple circuit appeal regions. None of these are bound by the Ninth Circuit decision, but it is a citation of importance. Now, if there are significantly different opinions in the appeal circuits, then the Supreme Court will decide whether they will accept the decisions for review, deciding which decision is valid; or the USSC can ignore it. Personally, I would publish anything regardless. I've had more than one go around with the simpletons. The first time the goons in gray trenchcoats shake you out of the rack in the early morning, there is a real adrenalin rush; after that it's: "Oh, shit, you guys again, who wants some coffee?" Whatever you do: keep your mouth shut; even teh previous thought is risky the assholes might charge you with attempted bribary of a Federal official. I have been quiet for 20 years; as you get older you get a lot more cranky, and less concerned with your welfare. You know: "strike another blow for Liberty, FUCK the CDA" and so on. Be a martyr; give your all for the cause. Eventually you end up in Springfield, Missouri, home for Federal Criminally Insane political victims. Larry Flynt (Hustler) managed to get away from the Feds who can hold an "insane" individual in their custody indefinitely: certifying him insane with one hand, while the other hand gives him a chemical lobotomy. Larry Flynt was sent to Springfield by a Federal Judge in LA for contempt of court --wearing an American flag as a diaper in his wheelchair (paraplegic). Unless you're a little crazy, I don't think I would start publishing source code yet. Oh, I expect it would be difficult for the Feds to get convictions with a strong precedent decision. But, keep in mind, federal judges are appointed on the basis of an ad in the local bar rag: 'wanted: middle aged person with failing law practice and good political connections.' A Federal judge is appointed for life; after age 65 they are able to choose cases which interest them; most of them seem to die on the bench (some would dispute they were ever alive on the bench). It's been said, "what do you call a lawyer with an IQ of 40?" "Your, Honour." If you wish to lay down the bait trail in the Northern California district, by all means, go ahead, but you might find yourself charged in a criminal action, and the government presenting a case that your charges are 'different' than the Bernstein case: Bernstein just wanted to publish an academic paper, you are charged with violation of the munitions act and maybe treason and espionage. And, always remember your opponent is a drug-crazed 800 lb gorilla with a mission: conviction. This case is the big one: Bernstein was the plaintiff, in a civil action. You will be the _defendant_, in a criminal action. I would not put a scenario like this past the DOJ scum; maybe multiple times to try and obtain results which match their corroded mental image of peace, prosperity, and union harmony. The DOJ is not interested in either justice or the Bill of Rights. Federal attorneys are striving for high conviction rates, like Vietnam body counts --and are enforcing the policies of the administration, not the courts, the constitution, or the people. If you managed to get here through the convoluted logic, I would be careful of how you loosen the floodgates. At this point we have made a statement which is a serious breach of their armor. We obviously need additional test cases to clarify the position, and the decision must ultimately be decided by the USSC. I would caution for another reason: if the Feds choose a preferred defendant who is flagrant, obnoxious, and on flaky ground; _they_ may have a good precedent, not us. Academic challenges are certainly among the best --a bit easier to make the point for education than for pornography. The next step IMHO, should be a challenge that object code is just a shipping container for the source code. == I'll get a life when it is proven and substantiated to be better than what I am currently experiencing. --attila -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMrp6r704kQrCC2kFAQHx/gP6AoTCk7gEIjylULrXJcTS+QnOtV8Ic5s1 R0iPC0q3/67z9kROekOGOGkD1SRD8umnrO5rb7NRgJDBpdSzt1Hlp+FWZlH1HgZQ HmR0FZ6QUy1JKC9QJrw0oNTCaful/u4UHTAQLi4R8sTSx1RM/uWfR4Lw4kMKSQ11 Xa6hPWcvNZE= =Of3t -----END PGP SIGNATURE----- From stewarts at ix.netcom.com Fri Dec 20 11:47:41 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 20 Dec 1996 11:47:41 -0800 (PST) Subject: FWD: PGP-fone Mailing List Archive Message-ID: <1.5.4.32.19961220173903.003a89e8@popd.ix.netcom.com> >Date: Fri, 20 Dec 1996 07:32:52 -0500 (EST) >From: "Fred B. Ringel" >To: pgp-fone at rivertown.net >cc: pgp-users list >Subject: Mailing List Archive >Hi all- > > Finally got around to doing something I had meant to do. I have set >up an HTML-ized version of the PGPfone Mailing List archives. It is >reachable off the PGP Fone Registry, but the exact URL is : > > http://pgp.rivertown.net/pgp-fone/archives > >Now any newcomers to the list will find it easier to catch up, or if you >need to look something up, the archives are indexed by date, author, >and subject/thread. Hope you find it useful. Until I figure out how to >update it automatically over an NFS mounted system, I will manually update >them at least once a week. > > I'm sending this to PGP-Users too so anyone interested in the >PGPfone list can get a taste of what is going on there. The PGPFone list is >up to almost 100 subscribers and growing (tell your friends!!) > > Fred >/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ >Fred B. Ringel -- Rivertown.Net Internet Access >Systems Administrator -- http://www.rivertown.net >and General Fixer Upper -- Voice/Fax/Support: +1.914.478.2885 > > > # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list, please Cc: me on replies. Thanks.) From toto at sk.sympatico.ca Fri Dec 20 11:50:27 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Fri, 20 Dec 1996 11:50:27 -0800 (PST) Subject: Pretty Lousy Privacy In-Reply-To: <3.0.32.19961219135408.00695a98@smtp1.abraxis.com> Message-ID: <32BA9300.1716@sk.sympatico.ca> Alec wrote: > How soon can we expect Turkish and Armenian language modules for this beta? Alec, All of our Turkish programmers are dead. All of our Armenian programmers' keyboards are screwed because of the blood dripping off of their fingers. Say, you don't think Dr. DVK could be onto something here, do you? (:>) -- Reply to:toto at sk.sympatico.ca "There's only one two." From ph at netcom.com Fri Dec 20 11:53:01 1996 From: ph at netcom.com (Peter Hendrickson) Date: Fri, 20 Dec 1996 11:53:01 -0800 (PST) Subject: Executing Encrypted Code Message-ID: At 9:42 AM 12/20/1996, Bill Frantz wrote: >At 11:16 PM -0800 12/19/96, Peter Hendrickson wrote: >> Or, you could turn in the broken processor and have the manufacturer >> certify that it was turned in to the software vendors and that >> a new version of the software should be generated. > I meant processor backup of course. When my processor breaks at 2AM and I > need to get the report out by 8AM, I'm going to call the software support > line and get help. If your processor dies you are SOL whether or not you have software. If it's worthwhile having a backup processor around, then you just have to spend a little more to have backup software, too. > Or the friendly hardware manufacturer is going to come > right out and certify my processor is dead. Come on and get real. With > most software vendors I can't even submit a bug report. If the reissuance of software is not possible (which I don't believe), it's an acceptable risk. Processors die far far less often than disks, and disks are getting pretty reliable. If the software companies can't get it together to reissue software, then it would certainly be easy to sell processor insurance to people who wanted it. This would allow them to replace their ~$10,000 software library. (You can buy theft insurance for roughly the same payoffs, so it's a feasible business. Theft is harder to verify and in my judgement occurs much more frequently than processor failure.) > Note that I am not saying there is a technical problem here. I do see big > problems with infrastructure and marketing. The last time software > companies tried to market copy protection, it failed in the market place. > I predict that encyphered instruction streams will too, and for the same > reasons. If the old copy protection just worked, it would have been widely accepted. Old copy protection had many problems. It didn't stop piracy. Sometimes it crashed your machine. Some schemes worked on some Intel machines but not on others. Backups were a problem. Etcetara. Peter Hendrickson ph at netcom.com From ravage at einstein.ssz.com Fri Dec 20 12:11:27 1996 From: ravage at einstein.ssz.com (Jim Choate) Date: Fri, 20 Dec 1996 12:11:27 -0800 (PST) Subject: Solidarity with Peruvian Guerrilla! (fwd) Message-ID: <199612202032.OAA06580@einstein> Hi all, MRTA is a bunch of terrorists, irrespective of whether the issues they are trying to deal with are legitimate. They have threatened to kill people if they don't get their way. This alone is enough for me to not support them. They also have taken their internal bitch outside their unhappy home and involved other nationalities. If they were my neighbors I would call the cops and if allowed on the jury I would give them the max. What I would suggest is that the Japanese take as many of the MRTA out as they possibly can. I support the Japanese. Screw the MRTA and the Peruvian government, little Hitlers are little Hitlers. Banzai! Jim Choate CyberTects Forwarded message: > From cypherpunks-errors at toad.com Fri Dec 20 14:21:00 1996 > Message-Id: > Mime-Version: 1.0 > Content-Type: text/plain; charset="us-ascii" > Date: Fri, 20 Dec 1996 06:16:20 -0800 > To: aaron at burn.ucsd.edu (All recipients) > From: aaron at burn.ucsd.edu (Aaron) > Subject: Solidarity with Peruvian Guerrilla! > Cc: nyt at blythe.org (nyxfer), seac+nafta at ecosys.drdr.virginia.edu, > bc05319 at binghamton.edu (TAZ), BAYLEFT at cmsa.Berkeley.EDU, > red-skinheads-l at eart.com, anarchy-list at cwi.nl, spg-l at xs4all.nl, > LABOR-L at YORKU.CA, a-infos at lglobal.com > Sender: owner-cypherpunks at toad.com > Precedence: bulk > > ** See list of useful Web sites at end of this post! ** > > Companer at s, > > I am writing this while I am tired and should be asleep, since I think that > this matter is too urgent to delay. I apologize for any careless > formulations. > > By now, you all know that the Peruvian guerrilla group MRTA (Movimiento > Revolucionario Tupac Amaru) has occupied the mansion of the Japanese > ambassador in Lima and is holding several hundred prisoners. Unless you are > in an unusual part of the world, you also have seen how the bourgeois media > are discussing the matter as a problem of how to deal with 'terrorists.' > > For the working people and all the oppressed and exploited of the world, > and for socialists, communists, and anarchists, the seizure of the > ambassador's residence along with about 400 bourgeois dinner guests is a > great accomplishment. It is a blow against the terrorism of the Peruvian > state and its imperialist patrons! Those captured in the raid include many > members of the Peruvian and international ruling elite, including the head > of Peru's secret police! It will be politically very difficult for the > Peruvian state to launch a military attack as a means of resolving the > crisis, since that would create quite a few 'illustrious corpses' and lead > to a falling out among bourgeois sectors.. (And it would be difficult to > get the world's poor majority to join the bourgeoisie in mourning its > dead!) It seems that there is already a falling out between Fujimori and > the Japanese over Fujimori's refusal, so far, to negotiate. > > It is very important that the situation in Lima not be resolved in a way > that can be seen as a victory for the bourgeoisie. It is our task to > publicize who the real criminals are in Peru and to help wring concessions > from the Peruvian dictatorship. In particular, we should demand the release > of all political prisoners and prisoners of war from Peru's hideous > torture-chamber prisons. In this context, let's not get involved in > sectarian battles among the various factions of Peru's anti-government > left. Whatever differences the groups have, and these are very serious, we > must keep in mind that the Peruvian state and its imperialist backers (in > Washington, Tokyo, London, Bonn, etc.) are the main enemy. All political > prisoners must be released, whether of MRTA, the PCP (Shining Path) or > neither. > > Thanks to the widespread publicity given to the events in Lima, many more > people will be interested in what we have to say about Peru than normally > would. Let's organize demonstrations at Peruvian Embassies, Consulates, > airline offices, etc. Let's raise our voices in whatever forum may be > available to defend the heroic guerrillas and to denounce the real > terrorists. > > --In solidarity, > --Aaron > > P.S. Plans are being made for a demonstration at the Peruvian Consulate in > San Francisco, California -- probably on Monday, December 23. If you live > in the area, please send me an e-mail message. Otherwise, do what you can > in your area! > > SOME USEFUL WEB SITES: > > Web site on the current crisis: > > > What Are The Goals Of Your Embassy Occupation? -- Interview With Norma > Velazco, Representative Of The Tupac Amaru Revolutionary Movement (MRTA) In > Peru: > > > Partial list of hostages: > > > MRTA's web site in Europe: > > > Lima's best bourgeois newspaper (in Spanish): > http://ekeko.rcp.net.pe/LaRepublica/ > > From ph at netcom.com Fri Dec 20 12:26:26 1996 From: ph at netcom.com (Peter Hendrickson) Date: Fri, 20 Dec 1996 12:26:26 -0800 (PST) Subject: Executing Encrypted Code Message-ID: At 7:43 AM 12/20/1996, Hal Finney wrote: >> The manufacturer is going to publish a list of ALL of the public keys? >> We're talking one key per chip, right? Isn't that an AWFUL lot of >> keys, like, in the millions range? > Probably an easier way would be for the chip manufacturer to issue a > key certificate (signature) on the chip keys. Then it is a trivial > matter for any software manufacturer to verify that a proferred chip > key is legit; just check the cert. Now why didn't I think of that! >>> One approach is for the manufacturer to authenticate software submitted >>> by approved vendors. The vendors are then tasked with encrypting it >>> for the correct processor. >> I'm not sure the "approved" bit would go over too well... one idea >> would be to license the compiler writers, who would build the >> encryption into compilers. It's still not horribly great, but >> better. > Hey, it's a free world, right? Some people only run authenticated > code from big companies; other people turn off the authentication > bit in the CPU and can run any old thing they stumble across on the net. > Everybody's happy. Maybe not everybody. My scheme would not let you turn off the authentication bit. That means that if somebody does find way to get at the secret key, they still can't run the code without doing something expensive with particular processors. Basically, this won't be worth the trouble. > The first group doesn't have to worry about viruses, > or at least they have somebody to sue if they see one, and the second > group gets to run all the freeware and PD code they can today. The second group would have to buy a different processor altogether, the way I proposed it. But, that does not seem unreasonable. One could even imagine systems which have a "free" processor and a decrypting processor. While they would have to have completely different instruction sets, they could be pin compatible. >> Right; the only reason I could see people using this would be for >> economical reasons. > Yes, I think this is a point often missed in these discussions. People > say, why would I want a CPU which will limit the software I can run, > something which will let a software maker give me a version of his > program which will only run on my CPU and which I have no ability to > share with others? What's in it for me? > The answer presumably is that the software manufacturer will sell software > with such limits for much less than he will sell unlimited software. That's > because software piracy is such a major problem, and this way he can be > protected against piracy from this copy of his program. So people with > these CPU's can buy their software a lot cheaper. I agree with all of this. Some people might be happier if they think of this as just another kind of agreement that people can make. Right now the software development agreement is weak because piracy is so easy. We rely a little bit on the law and a whole lot on the integrity of customers. Really, that isn't ideal. It would be nice if people could make strong agreements to write software. My judgement is that software piracy is less of a problem in the U.S. than it is elsewhere. My impression is that there are many other countries in the world where the whole "I should help pay for the development of this software because I am using it" idea just doesn't really show up on the screen. This processor would make it possible to sell software to the whole world without really worrying too much about how well each government enforces its laws or how ethical the people in foreign countries are. > Of course the big downside is that the track record of tamper resistant > hardware has not been too strong lately! If a system like this gets into > widespread use and somebody finds out that shooting X-rays at the chip > exposes its secret key, you've got a big problem. Processors are really only good for 3 years or so. The vendor is only betting that attacks won't become widespread in that time period. That is not a perfectly safe bet, but it isn't bad. The attacks can exist, but so long as they are expensive or hard to generalize to all processors, the software vendors are safe. Peter Hendrickson ph at netcom.com From rcgraves at disposable.com Fri Dec 20 12:27:44 1996 From: rcgraves at disposable.com (Rich Graves) Date: Fri, 20 Dec 1996 12:27:44 -0800 (PST) Subject: Flying on planes without ID In-Reply-To: <32BA5ABE.64F2@pnis.net> Message-ID: <199612202025.PAA25899@spirit.hks.net> -----BEGIN PGP SIGNED MESSAGE----- Vangelis wrote: > > Bill Stewart wrote: > > I've heard that in less civilized parts of the world you're actually > > required to carry government-issued ID cards to walk down the street > > or fly on airplanes. > > Umm.. tried to get on a flight without having ID lately? Doesn't work - > against policy. Anti-terrorism policy and all.. it's for your own > safety, of course. You beat me to it. Anyone have the current black-letter regulations? I'll have some time to kill over the holidays that might as well be used for civil disobedience. What's likely to happen to me if I refuse to show ID? Provide invalid ID, don't get caught, then publicize the fact? Provide invalid ID and get caught? Or, better: "My wallet was stolen. The only ID I have on me is my ACLU membership card and my PGP key. Can I still get on the plane?" I'm serious. Short domestic flight, no pressing appointments. This could be fun. - -rich - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMrr2LyoZzwIn1bdtAQFNVAGAsm79cKZ0T3DZQuV7l13w86WTIu0aVlyh 1JhPsiBCw0iw6+n6zsPzbawaRXR43X39 =BhS6 -----END PGP SIGNATURE----- From declan at well.com Fri Dec 20 12:55:14 1996 From: declan at well.com (Declan McCullagh) Date: Fri, 20 Dec 1996 12:55:14 -0800 (PST) Subject: The CyberSitter Diaper Change, from The Netly News Message-ID: [From this morning's Netly News. Check out the HTML version of the article at netlynews.com for links to the threatening letters, etc. --Declan] The Netly News http://netlynews.com/ December 20, 1996 The CyberSitter Diaper Change By Declan McCullagh (declan at well.com) Brian Milburn is angry. The president of Solid Oak Software, makers of the CyberSitter Net-filtering software, has seen his company's product come under heavy fire this year. Its offense? Critics say that CyberSitter has reached far beyond its mandate of porn-blocking and instead has censored innocuous, even invaluable web sites. I admit I'm one of its critics. In a CyberWire Dispatch that Brock Meeks and I published in July, we revealed that the censorware bans such places as the International Gay and Lesbian Human Rights Commission and the online home of the National Organization for Women. Our Dispatch showed the world -- or at least our readers -- that the makers of CyberSitter have a clear political agenda. The article prompted follow-ups in CyberTimes and the National Law Journal and an editorial in the Washington Post with an exchange of letters to the editor between a NOW executive and a representative of Focus on the Family, a conservative group that markets CyberSitter. To Milburn's mind, our act of revealing the truth about his company's product was, literally, criminal. In August, he told us that he had asked the U.S. Department of Justice to launch a criminal investigation into the publication of our article. He was particularly upset with one paragraph that included a fragment of his database demonstrating that CyberSitter expressly bans info about gay society and culture. He wrote: "Your willful reverse engineering and subsequent publishing of copyrighted source code is a clear violation of US Copyright law. While we would easily prevail in a civil court in seeking damages... we will seek felony criminal prosecution under 17 USCS sect 503(a) of the Copyright Act, and are preparing documentation to submit with the criminal complaint to FBI [sic]." Milburn was upset because CyberSitter's database is scrambled to prevent kiddies from grabbing addresses of porn sites from it. It's lightweight encryption, sure, but just enough to frustrate Junior. The scrambled database also allows Solid Oak to add and delete banned sites without the user's knowledge -- something that we believe is a dangerous practice. Now, I should point out here that neither I nor Brock did the actual decrypting; we had received a copy of the descrambled filter list from a confidential source. In any event, Dispatch's attorneys replied to Milburn, saying that the article was "protected by the full force of the First Amendment to the United States Constitution" and fell squarely within the copyright act's "fair use" provisions. We never heard back from him or the FBI. But that nastygram from Milburn wasn't his last. As criticism of CyberSitter becomes more intense, he's stepped up his counterattacks, threatening legal action, blocking critics' sites, or both. Take Bennett Haselton, a college student who cobbled together a site called Peacefire in August. This fall he started an anti-CyberSitter page that listed some of the more controversial actions of the software. Milburn complained. On December 6 he wrote to Haselton's Internet provider, Media3 Technologies, and tried to persuade them to give Peacefire the boot. His e-mail said: "One of your subscribers has made it his mission in life to defame our product as he appearantly [sic] has a problem with parents wishing to filter their children's access to the internet." Another charge was that Haselton had linked to a copy of our Dispatch. Solid Oak then added Peacefire and Media3 to its list of blocked sites. To Marc Kanter, Solid Oak's marketing director, it was necessary. "The site directly has links to areas that have our source code decoded on it.... There's no reason that our users should be able to go to sites that effectually inactivate our program," he said. Milburn also accused Haselton of reverse-engineering CyberSitter to get the text of its database -- that is, of being the confidential source for the CyberWire Dispatch. "Reverse engineering had to have been done in order to get the information, and we believe Mr. Haselton was the one who did it," Milburn wrote. Note to Millburn: Haselton wasn't our source. Then there's the case of Glen Roberts. His web page giving instructions on how to disable CyberSitter is now banned -- as is his Internet service provider. That's because CyberSitter differs from its competitors CyberPatrol and SurfWatch, which can restrict access by URL; instead, CyberSitter has to block access to the entire ripco.com domain. So what's my problem, really? If people don't want to use CyberSitter or other nanny apps, they don't have to. It's voluntary. It's effective. It protects children, and it sure is better than the Communications Decency Act. I have one major objection to all of the software filters currently on the market: Consumers have no way of knowing what's being blocked. Without knowing what's on the filter list, parents can't know what Junior will or won't be seeing. When reporters who try to reveal that information are faced with potential criminal investigations, the press's ability to shed light on these companies is threatened. Such programs also give parents near-complete control over what their children can and can't read. Traditionally, kids have been able to browse the stacks of a library away from parental supervision. But when the library is online, access can be completely controlled by censorware. Pity the closeted gay son of homophobic parents, prevented by CyberSitter from accessing soc.support.youth.lesbian-gay-bi. Finally, it's a kind of intellectual bait-and-switch. The "smut blockers" grab power by playing to porn, then they wield it to advance a right-wing, conservative agenda. Family values activists would never have been able to pass a law that blocks as many sites as CyberSitter does. Besides censoring alt.censorship, it also blocks dozens of ISPs and university sites such as well.com, zoom.com, anon.penet.fi, best.com, webpower.com, ftp.std.com, cts.com, gwis2.seas.gwu.edu, hss.cmu.edu, c2.org, echonyc.com and accounting.com. Now, sadly, some libraries are using it. Solid Oak claims 900,000 registered users. ### From drose at AZStarNet.com Fri Dec 20 13:15:29 1996 From: drose at AZStarNet.com (drose at AZStarNet.com) Date: Fri, 20 Dec 1996 13:15:29 -0800 (PST) Subject: Ebonics Message-ID: <199612202115.OAA11015@web.azstarnet.com> "Timothy C. May" wrote: >In order to remain compliant with the new California law requiring >increased use of "Ebonics," the new academic name for "Black English" (and >known by honkey mofos as "ghetto jive"). Apparently the coloreds have had >enough of "standard English" and its repression of their culture. To meet >the requirements of this new law, 10% of my posts from now on will be >written as best I can manage in the Ebonic language. ("Ebonics" elided) There's got to be a better way than Ebonizing manually. First there was the Canadianizer, eh, hoser? Then there was Zippy (www.metahtml.com/demos/zippy/), which is terrific for Willy/Freeh/Reno speeches. We really need an Ebonizer (TM)! BTW, Tim's not kidding about the Oakland, CA school system. Check your regular news source. From andrew_loewenstern at il.us.swissbank.com Fri Dec 20 13:19:32 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Fri, 20 Dec 1996 13:19:32 -0800 (PST) Subject: Executing Encrypted Code In-Reply-To: <199612201543.HAA02076@crypt.hfinney.com> Message-ID: <9612202119.AA00892@ch1d157nwk> Hal Finney writes: > The answer presumably is that the software manufacturer will > sell software with such limits for much less than he will sell > unlimited software. That's because software piracy is such > a major problem, and this way he can be protected against > piracy from this copy of his program. So people with these > CPU's can buy their software a lot cheaper. I believe this is a pipedream. As it stands now, virtually all of the software that requires special hardware dongles is ridiculously expensive, even compared to similar offerings from other companies. andrew From aaron at herringn.com Fri Dec 20 13:36:17 1996 From: aaron at herringn.com (aaron at herringn.com) Date: Fri, 20 Dec 1996 13:36:17 -0800 (PST) Subject: Credentials without Identity--Race Bits In-Reply-To: <1.5.4.32.19961220040241.003a6284@popd.ix.netcom.com> Message-ID: >Bill Stewart wrote: >> I've heard that in less civilized parts of the world you're actually >> required to carry government-issued ID cards to walk down the street >> or fly on airplanes. > >Umm.. tried to get on a flight without having ID lately? Doesn't work - >against policy. Anti-terrorism policy and all.. it's for your own >safety, of course. Flew down to LA recently with a firearm (checked, of course). Looking over the ticket later, I was mildly surprised to find "GUN" in a string of otherwise unintelligible text. Anyone know if this is they way it's been, or if this is YA "Anti-terrorism security measure"? Goes without saying that this data would most likely wind up as part of the "travel profiles" the gov't wants to compile. Could they be starting early? The carrier was Alaska Airlines, if it matters. As far as the photo-id went, they didn't copy any data off it or try to authenticate, just made sure it was my picture. From frantz at netcom.com Fri Dec 20 13:46:38 1996 From: frantz at netcom.com (Bill Frantz) Date: Fri, 20 Dec 1996 13:46:38 -0800 (PST) Subject: Executing Encrypted Code In-Reply-To: Message-ID: At 11:52 AM -0800 12/20/96, Peter Hendrickson wrote: >At 9:42 AM 12/20/1996, Bill Frantz wrote: >> I meant processor backup of course. When my processor breaks at 2AM and I >> need to get the report out by 8AM, I'm going to call the software support >> line and get help. > >If your processor dies you are SOL whether or not you have software. I have 3 Macs in the house. The places I work have rooms full of machines. >If it's worthwhile having a backup processor around, then you just have >to spend a little more to have backup software, too. I thought your model was cheap processors and expensive software. I.e.,. The cost of the software is greater than the cost of the hardware. Sounds like more than just "a little more". >If the old copy protection just worked, it would have been widely accepted. Again, there is a complex infrastructure which offers the customer no obvious benefit. I disagree that copy protection would have been widely accepted, even had it worked smoothly. In fact, this scheme can be characterized as a scheme to make copy protection work. (Slightly tangentially, when my wife was in China at the Women's Conference NGO meeting, someone walked off with a collection of copy protection dongles as souvenirs. The people who wanted to use the software were SOL.) ------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA From rcgraves at disposable.com Fri Dec 20 14:06:30 1996 From: rcgraves at disposable.com (Rich Graves) Date: Fri, 20 Dec 1996 14:06:30 -0800 (PST) Subject: Solidarity with Peruvian Guerrilla! In-Reply-To: Message-ID: <32BB0DA1.7305@disposable.com> Aaron wrote: > > P.S. Plans are being made for a demonstration at the Peruvian > Consulate in San Francisco, California -- probably on Monday, December > 23. If you live in the area, please send me an e-mail message. Done. This could be a real blast! -rich From pgut001 at cs.auckland.ac.nz Fri Dec 20 14:08:09 1996 From: pgut001 at cs.auckland.ac.nz (pgut001 at cs.auckland.ac.nz) Date: Fri, 20 Dec 1996 14:08:09 -0800 (PST) Subject: Van Eck articles Message-ID: <85111967606165@cs26.cs.auckland.ac.nz> >Looking for: > >"Protective Measures Against Compromising Electromagnetic Radiation Emitted by >Video Display Terminals" by Professor Erhard Moller, Aachen University, 1990 >(no source citation) I have a copy of the original German version of this, I can snail mail a copy if anyone wants to translate it. It has lots of graphs and diagrams which probably won't scan very well, and it will need translation before most of the people on the list can make any use of it. I know there are English versions floating around, but I've never seen one. BTW the work was done in the early '80's, not 1990. Peter. From zerofaith at mail.geocities.com Fri Dec 20 14:09:38 1996 From: zerofaith at mail.geocities.com (Psionic Damage) Date: Fri, 20 Dec 1996 14:09:38 -0800 (PST) Subject: nyetscape 3.x bug Message-ID: <199612202209.OAA11403@geocities.com> Has anybody noticed that netscape 3.x has a bug that brings the last page that I was on onto the next page that I go to, do I need to delete a history file or something, or does anybody have the answer to resolving this problem. Sincerely, PsiD pSIONIC dAMAGE Zer0 Faith Inc. www.geocities.com/SiliconValley/Heights/2608 H/P/A/V/C ANTIVIRUS/COUNTERSECURITY "ONLY THE ELITE SURVIVE!" From Kevin.L.Prigge-2 at tc.umn.edu Fri Dec 20 14:10:23 1996 From: Kevin.L.Prigge-2 at tc.umn.edu (Kevin L Prigge) Date: Fri, 20 Dec 1996 14:10:23 -0800 (PST) Subject: Ebonics In-Reply-To: <199612202115.OAA11015@web.azstarnet.com> Message-ID: <32bb0ec72e07002@noc.tc.umn.edu> drose at azstarnet.COM said: > "Timothy C. May" wrote: > > >In order to remain compliant with the new California law requiring > >increased use of "Ebonics," the new academic name for "Black English" (and > >known by honkey mofos as "ghetto jive"). Apparently the coloreds have had > >enough of "standard English" and its repression of their culture. To meet > >the requirements of this new law, 10% of my posts from now on will be > >written as best I can manage in the Ebonic language. > > ("Ebonics" elided) > > There's got to be a better way than Ebonizing manually. First there was the > Canadianizer, eh, hoser? Then there was Zippy > (www.metahtml.com/demos/zippy/), which is terrific for Willy/Freeh/Reno > speeches. We really need an Ebonizer (TM)! Sounds like Jive. Probably need to update it for the latest hip-hop lingo, but it's a nice filter. > > BTW, Tim's not kidding about the Oakland, CA school system. Check your > regular news source. > > > -- Kevin L. Prigge | Some mornings, it's just not worth Systems Software Programmer | chewing through the leather straps. Internet Enterprise - OIT | - Emo Phillips University of Minnesota | From rcgraves at disposable.com Fri Dec 20 14:11:26 1996 From: rcgraves at disposable.com (Rich Graves) Date: Fri, 20 Dec 1996 14:11:26 -0800 (PST) Subject: Dale defends free society from the NSApunks (was Re: Encryption ? In-Reply-To: <199612201325.OAA03035@basement.replay.com> Message-ID: <32BB0EC3.7830@disposable.com> Stop bashing Dale, you ADL/CFR/NSA thought police, you. -rich Name Withheld by Request wrote: > > I thought this was so funny I've saved it. > > Perhaps we could vote on the quality of Dale's ideas > and arrive at an estimate of the proportion of NSA supporters on the > list. > > THE AKOND OF SWAT > > :Date: Thu, 19 Dec 1996 07:36:03 -0800 > :From: Dale Thorn > :To: SHARK > :Cc: cypherpunks at toad.com > :Subject: Re: Encryption ? > : > :SHARK wrote: > :> > :> I am a Mathematic student at Bosphorus University in Turkey. > :> I am interested in both computer applications and mathematical > :> base of encryption.Where can I find this kind of staff on > :> internet. Is it necessary to have high level of mathematical > :> background in order to deal with encryption?? > :> > :> By the way Is there any member of this list from Turkey? > : > :There are a lot of NSA people here on cypherpunks, and they try > :very hard to control encryption, to make everyone think it is > :difficult, to discourage independent inquiry. > : > :That is the main reason they accuse people of being snakeoil > :vendors, to discourage people from inquiring about really new > :ideas, like some of my ideas for example. > : > :Just so you know.... From sameer at c2.net Fri Dec 20 14:17:47 1996 From: sameer at c2.net (sameer) Date: Fri, 20 Dec 1996 14:17:47 -0800 (PST) Subject: C2Net Party: January 24th Message-ID: <199612202218.OAA23181@blacklodge.c2.net> http://www.c2.net/party/ C2NET is having a party January 24th at 654 Mission St. San Francisco assorted snacks, a cash bar and live music by WEIRD BLINKING LIGHTS with dj accompaniment by DJ FLINT and DJ PINNIPED will be present for your enjoyment Festivities begin at 8PM We hope to see you there --- Directions: >From the West or North: Take Oak Street East. Turn left on Laguna. Turn right on Fell. Fell crosses Market and becomes 10th Street. Merge left within one block of Market. Turn left on Mission. >From the East: Take Hwy 80 West across the Bay Bridge. Take the first exit on the left (Harrison Street exit) Turn left on Harrison. Turn right on 3rd Street. Turn right on Mission. >From the South: Take Hwy 280 North. Follow 280 to its end at 4th & King Streets. Follow King Street to its end at 3rd Street. Turn left on 3rd. Turn right on Mission. >From BART: Take BART to the Montgomery station Walk south on New Montgomery Street Turn right on Mission. Parking: There is a commercial parking lot across the street on Mission and another one on the corner of 3rd and Mission. From andrew_loewenstern at il.us.swissbank.com Fri Dec 20 14:19:31 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Fri, 20 Dec 1996 14:19:31 -0800 (PST) Subject: Executing Encrypted Code In-Reply-To: Message-ID: <9612202217.AA00908@ch1d157nwk> I think this whole idea of encrypted software and processors is pretty poorly thought out. How do you handle an organization with a site license for 20,000 users of a piece of software? Do you issue 20,000 unique copies? Do you really think the lower price of the software is going to offset the cost of an organization to manage all those processor certificates? Site licensed software is already about as cheap as the companies are willing to sell it. How about the extra hard drive space you have to purchase because you can't just keep one copy on a server anymore? Think about what a nightmare it would be to update a piece of software on 20,000 machines simultaneously!! It's hard enough to do it now!! What happens if a software company goes out of business? You are then completely screwed when your processor dies or becomes obsolete. Around here we still run a few pieces of ancient hardware that were pretty pathetic back in 1988. The software on them is critical but won't run on anything else and there is no source code available. Believe me, nobody here would dare to make that mistake again!!! At least with our current situation if the hardware dies we would probably be able to find a replacement (and I'm sure there are some replacements waiting in the stock room...). But with your encrypted processor we couldn't even do that! It seems to me that this is yet another scheme that basically does nothing but seriously inconvenience the software user. Much like clipper, I believe this is a dog that won't hunt!! Perhaps instead of trying to find a way to force users into paying, software companies should concentrate on how offer more value and make their prices seem more attractive. Even with piracy, the software industry is far and away the most profitable of all!! andrew From jon at clearink.com Fri Dec 20 14:24:51 1996 From: jon at clearink.com (Yanni) Date: Fri, 20 Dec 1996 14:24:51 -0800 (PST) Subject: Ebonics In-Reply-To: <199612202115.OAA11015@web.azstarnet.com> Message-ID: <9612201424.AA39450@jon.clearink.com> On Fri, Dec 20, 1996 at 1:15:20 PM, drose at AZStarNet.com wrote: > There's got to be a better way than Ebonizing manually. First there was > the Canadianizer, eh, hoser? Then there was Zippy (www.metahtml.com/ demos/ > zippy/), which is terrific for Willy/Freeh/Reno speeches. We really need > an Ebonizer (TM)! > > BTW, Tim's not kidding about the Oakland, CA school system. Check your > regular news source. As you can see from the URL below, the Oakland Unified School District has already converted their homepage... http://www.somat.com/somat/jive.pl?filter=jive&url=http%3A%2F% 2Fousd.k12.ca.us%2F ;) Jive is an old old old filter...read one of the back issues of Tired about the fight between two hackers that is where it originated...I po'ted da damn slow mo-fo source (based in yacc/lex) t'a simple macintosh applicashun some while back... -jon Jon (no h) S. Stevens kid at latchkey.com ClearInk WebMagus http://www.clearink.com/ finger pgp at sparc.clearink.com for pgp pub key MultiHomie - MultiHoming for Mac WebServers http://www.clearink.com/fun_stuff/plugins/ The Internet Weather Report http://www.internetweather.com/ From ph at netcom.com Fri Dec 20 14:29:22 1996 From: ph at netcom.com (Peter Hendrickson) Date: Fri, 20 Dec 1996 14:29:22 -0800 (PST) Subject: Executing Encrypted Code Message-ID: At 3:19 PM 12/20/1996, Andrew Loewenstern wrote: >Hal Finney writes: >> The answer presumably is that the software manufacturer will >> sell software with such limits for much less than he will sell >> unlimited software. That's because software piracy is such >> a major problem, and this way he can be protected against >> piracy from this copy of his program. So people with these >> CPU's can buy their software a lot cheaper. > I believe this is a pipedream. As it stands now, virtually all of the > software that requires special hardware dongles is ridiculously expensive, > even compared to similar offerings from other companies. Why do you think this is? I don't understand why I would buy a more expensive package that required a dongle rather than a less expensive package which does not. This is mysterious. Peter Hendrickson ph at netcom.com From ph at netcom.com Fri Dec 20 14:31:15 1996 From: ph at netcom.com (Peter Hendrickson) Date: Fri, 20 Dec 1996 14:31:15 -0800 (PST) Subject: Executing Encrypted Code Message-ID: At 1:29 PM 12/20/1996, Bill Frantz wrote: >At 11:52 AM -0800 12/20/96, Peter Hendrickson wrote: >> If it's worthwhile having a backup processor around, then you just have >> to spend a little more to have backup software, too. > I thought your model was cheap processors and expensive software. I.e.,. > The cost of the software is greater than the cost of the hardware. Sounds > like more than just "a little more". There's no reason why one software package would cost more than the machine. I was assuming you didn't need your whole software library to finish the report. I would expect software prices to drop because everybody using the software would be paying for it. I would also expect more kinds of software to become available. At any rate, I just don't see this as a major problem. Does anybody know how often processors break down these days? My guess is that it is less common than getting into a car accident and much less common than all the other factors that make reports late. If companies started metering software, then this problem pretty much evaporates. >> If the old copy protection just worked, it would have been widely accepted. > Again, there is a complex infrastructure which offers the customer no > obvious benefit. The obvious benefit is that when you purchase software you don't have to pay for software development for the people who don't pay. Few people find this objectionable in principle. It is not out of the question for software vendors to sell two versions of the same software. One is the piracy-free version and the other is the copy-as-much-as-you-can version. I would expect the piracy-free version to be substantially cheaper. (Of course, it is not out of the question that piracy boosts sales by advertising the product. We haven't seen a good experiment for determining this.) > I disagree that copy protection would have been widely accepted, even had > it worked smoothly. In fact, this scheme can be characterized as a scheme > to make copy protection work. Your characterization is accurate. Ignoring the particulars of this scheme, it would certainly be neat if people could sell software without it being pirated. Peter Hendrickson ph at netcom.com From varange at crl.com Fri Dec 20 15:10:14 1996 From: varange at crl.com (Troy Varange) Date: Fri, 20 Dec 1996 15:10:14 -0800 (PST) Subject: Get All The Phrack Issues Message-ID: For a ton of (mis)information, read Phrack. Rather than downloading an issue at a time, get it all at: http://www.crl.com/~varange/maillists/phrack.zip 0d0a text formatted. If you have a lot of paper: unzip -c phrack > /dev/lp0 Or something like: pkunzip -c phrack > prn -- Cheers! From azur at netcom.com Fri Dec 20 15:25:29 1996 From: azur at netcom.com (Steve Schear) Date: Fri, 20 Dec 1996 15:25:29 -0800 (PST) Subject: Code+Data separation Message-ID: >At 12:08 PM -0800 12/19/96, Peter Hendrickson wrote: >>Are there any modern processors which keep the code and data separated? > A Harvard architecture is a common feature of signal processing chips. A number of japanese DSP chips (especailly for image processing) in the early 90's used this approach. I believe some earlier models in the TI 34000 series did also. Not sure about the current crop. -- Steve From andrew_loewenstern at il.us.swissbank.com Fri Dec 20 15:26:04 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Fri, 20 Dec 1996 15:26:04 -0800 (PST) Subject: Executing Encrypted Code In-Reply-To: Message-ID: <9612202325.AA00944@ch1d157nwk> Peter Hendrickson writes: > I would expect software prices to drop because everybody using > the software would be paying for it. I don't mean to sound rude or insult you personally, but this is utterly absurd. If everyone is paying for the software then the company would be making even MORE money. Only a fool would want to make less money!! If money wasn't important to these people they wouldn't be in the business of selling software in the first place! Aside from putting a gun to people's heads, the only thing that lowers prices is competition. > It is not out of the question for software vendors to sell > two versions of the same software. One is the piracy-free > version and the other is the copy-as-much-as-you-can version. > I would expect the piracy-free version to be substantially > cheaper. That would render the entire scheme pointless. It only takes _____ONE_____ copy of the software to get out for the whole world to pirate it. andrew From ph at netcom.com Fri Dec 20 15:26:21 1996 From: ph at netcom.com (Peter Hendrickson) Date: Fri, 20 Dec 1996 15:26:21 -0800 (PST) Subject: Executing Encrypted Code Message-ID: At 4:17 PM 12/20/1996, Andrew Loewenstern wrote: > I think this whole idea of encrypted software and processors is pretty >poorly > thought out. Thank you for this encouraging remark. > How do you handle an organization with a site license for 20,000 users of a > piece of software? Do you issue 20,000 unique copies? Yes, that would be necessary. It isn't hard to tell which executable goes with which processor. The software vendor could give away a database to do it. Or, the software vendor could put all the executables up on a web site. What's the big deal? > Do you really think the lower price of the software is going to offset > the cost of an organization to manage all those processor certificates? Yes, I do. (BTW, the software might be sold for the same price, but be better in other ways.) > Site licensed software is already about as cheap as the companies are willing > to sell it. In the current business environment. One reason site licenses are sold to companies is to make piracy less encouraging. It also solves a difficult bookkeeping problem: "How many copies are we running? Are we in compliance with the law?" Actually, site licenses don't always solve this problem, but they sort of do. We don't really know what pricing and terms would look like in a piracy-free environment, we can only guess. My guess is that preventing piracy makes more software available for better prices. If metering is feasible, it would work out very well because customers no longer have to take a chance on software and can easily explore all of the options they have. > How about the extra hard drive space you have to purchase because you can't > just keep one copy on a server anymore? Let's assume 10MB of executable code per package. A gigabyte costs about $200 now. That comes out to about $2 extra expense per software package. > Think about what a nightmare it would be to update a piece of software on > 20,000 machines simultaneously!! It's hard enough to do it now!! Whoever is doing the updating just needs to be able to quickly get the right copy. That's easy because each software module is self-identifying as is each processor. You just need to be able to go out on the Net to the software vendor or internally and ask some machine for the particular copy you need. > What happens if a software company goes out of business? You are then > completely screwed when your processor dies or becomes obsolete. This is true. Most people make their software buying decision based on what it can do now and for the next few years. I believe that is rational. > Around here we still run a few pieces of ancient hardware that were pretty > pathetic back in 1988. The software on them is critical but won't run on > anything else and there is no source code available. Believe me, nobody > here would dare to make that mistake again!!! At least with our current > situation if the hardware dies we would probably be able to find a > replacement (and I'm sure there are some replacements waiting in the stock > room...). But with your encrypted processor we couldn't even do that! Yes, it would definitely be harder to keep a code museum. People who plan on doing that are encouraged to choose another platform and software set. > It seems to me that this is yet another scheme that basically does nothing > but seriously inconvenience the software user. Much like clipper, I believe > this is a dog that won't hunt!! I find it interesting that you compare this scheme to Clipper. Judging from the tone ("!!!") of your post, there is something about my scheme which you find upsetting. People usually don't get annoyed by schemes which won't work. (Even dumb unworkable schemes are a breath of fresh air on this list right now.) What I think you really don't like about my scheme is that you think it might work and you fear various mandatory GAP proposals that could follow its wide acceptance. I would be interested to hear more about these concerns. > Perhaps instead of trying to find a way to force users into paying, software > companies should concentrate on how offer more value and make their prices > seem more attractive. These are not either/or propositions. If the decrypting processor increases the revenue of software companies, it means people can make more money providing better products to their customers. > Even with piracy, the software industry is far and away the most profitable > of all!! There is no such thing as "profitable enough." Peter Hendrickson ph at netcom.com From AwakenToMe at aol.com Fri Dec 20 15:31:45 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Fri, 20 Dec 1996 15:31:45 -0800 (PST) Subject: Executing Encrypted Code Message-ID: <961220182716_1955064746@emout02.mail.aol.com> In a message dated 96-12-20 16:43:37 EST, you write: << I would suppose that one could hack the code to find the counter, assuming you could decompile it (or wanted to). >> Nope. Just a good debugger (Softice... Borland..etc) And not to mention there's a billion disassemblers on the net From AwakenToMe at aol.com Fri Dec 20 15:33:22 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Fri, 20 Dec 1996 15:33:22 -0800 (PST) Subject: Flying on planes without ID Message-ID: <961220182506_841828005@emout17.mail.aol.com> In a message dated 96-12-20 17:23:29 EST, you write: << Anyone have the current black-letter regulations? I'll have some time to kill over the holidays that might as well be used for civil disobedience. What's likely to happen to me if I refuse to show ID? Provide invalid ID, don't get caught, then publicize the fact? Provide invalid ID and get caught? Or, better: "My wallet was stolen. The only ID I have on me is my ACLU membership card and my PGP key. Can I still get on the plane?" >> Well, something of the sort happened to me... I didn't have my ID on me. (Delta airlines..) and they _WOULD_NOT_ let me on the plane without the proper ID. I actually had lost my ID shortly before... Then... A different time at the airport.. American airlines told me that If I didn't have ID.. Id still be let on... just that the way they process my baggage would be different ( I imagine they would physically look through it... Adam From ph at netcom.com Fri Dec 20 15:58:14 1996 From: ph at netcom.com (Peter Hendrickson) Date: Fri, 20 Dec 1996 15:58:14 -0800 (PST) Subject: Executing Encrypted Code Message-ID: At 5:25 PM 12/20/1996, Andrew Loewenstern wrote: >Peter Hendrickson writes: >> I would expect software prices to drop because everybody using >> the software would be paying for it. > I don't mean to sound rude or insult you personally, but this is utterly > absurd. If everyone is paying for the software then the company would be > making even MORE money. Only a fool would want to make less money!! If >money > wasn't important to these people they wouldn't be in the business of selling > software in the first place! > Aside from putting a gun to people's heads, the only thing that lowers >prices > is competition. Yes, I was assuming a free market. Sorry if that was not clear. Not only would software companies face competition in the decrypting-processor market, but they also face competition with other packages running on other platforms. Presumably customers would need some sort of reason to use the decrypting-processor. Some companies may choose lower price. > Only a fool would want to make less money!! I agree completely! >> It is not out of the question for software vendors to sell >> two versions of the same software. One is the piracy-free >> version and the other is the copy-as-much-as-you-can version. >> I would expect the piracy-free version to be substantially >> cheaper. > That would render the entire scheme pointless. It only takes _____ONE_____ > copy of the software to get out for the whole world to pirate it. This was discussed a few posts back. Let's say you manage to get the secret key out of the decrypting-processor. That gives you the executable which could run on any decrypting-processor. Since it is not authenticated (*) you can't run it on another decrypting-processor. You can run it in emulation someplace else, but a heavy performance price is paid. If the leading edge processors are all decrypting-processors, a very heavy performance price is paid. If the instruction set is kept secret, even writing an emulator could become hard. (* I am being inconsistent, incidentally. At one point I said that software would be authenticated once, but I now realize that to prevent multiple uses it has to be authenticated for use on a particular processor, too.) Peter Hendrickson ph at netcom.com From azur at netcom.com Fri Dec 20 16:07:29 1996 From: azur at netcom.com (Steve Schear) Date: Fri, 20 Dec 1996 16:07:29 -0800 (PST) Subject: van Eck snooping Message-ID: I've done some experimentation in this area. It is not possible to use a VCR in a simplified manner anymore as all recent computer CRTs are no longer use a 60 Hz half-frame, interlaced, format. Reductions in radiated emissions, per FCC Part 15, since the earlt 80's have significantly raised the bar for remote monitoring (still possible though). -- Steve From aaron at herringn.com Fri Dec 20 16:46:04 1996 From: aaron at herringn.com (aaron at herringn.com) Date: Fri, 20 Dec 1996 16:46:04 -0800 (PST) Subject: Executing Encrypted Code In-Reply-To: Message-ID: >At 1:29 PM 12/20/1996, Bill Frantz wrote: >>At 11:52 AM -0800 12/20/96, Peter Hendrickson wrote: >>> If it's worthwhile having a backup processor around, then you just have >>> to spend a little more to have backup software, too. > >> I thought your model was cheap processors and expensive software. I.e.,. >> The cost of the software is greater than the cost of the hardware. Sounds >> like more than just "a little more". > >There's no reason why one software package would cost more than the >machine. I was assuming you didn't need your whole software library >to finish the report. > >I would expect software prices to drop because everybody using the software >would be paying for it. I would also expect more kinds of software to become >available. I doubt it- if everyone has no choice but to pay, why would software companies lower prices? What would happen is a) less pirated software floating around, and b) software companies make much more money. I don't see prices coming down. >At any rate, I just don't see this as a major problem. Does anybody >know how often processors break down these days? My guess is that >it is less common than getting into a car accident and much less common >than all the other factors that make reports late. It doesn't have to break. Example: Advertising agency, each designer's machine has at least $10k worth of software on it. We upgrade the machine, we have to spend another $10k to buy new software, or go through administrative hassle with the vendor to get 'new' copies of the software? Speaking from a Sysadmin's perspective, I wouldn't use one if you gave me the hardware for free. With this scheme, the programmers benefit, the end-users don't, and it's the end-users who have to buy into this for it to work. [snip] From drose at AZStarNet.com Fri Dec 20 17:39:58 1996 From: drose at AZStarNet.com (drose at AZStarNet.com) Date: Fri, 20 Dec 1996 17:39:58 -0800 (PST) Subject: Credentials without Identity--Race Bits Message-ID: <199612210139.SAA02134@web.azstarnet.com> aaron at herringn.com wrote: >Flew down to LA recently with a firearm (checked, of course). > >Looking over the ticket later, I was mildly surprised to find "GUN" in >a string of otherwise unintelligible text. This is a case of damned if you do, damned if you don't. The last time that I declared (as the legal notices at the check-in podium admonished me to do) a firearm in my luggage, my bag sported a large, chromium yellow GUN tag that also featured a graphic representation of a pistol (I guess for baggage handlers who can't read, or can't read English, and would still like to take advantage of one of the perks of their position). From attila at primenet.com Fri Dec 20 17:41:46 1996 From: attila at primenet.com (Attila T. Hun) Date: Fri, 20 Dec 1996 17:41:46 -0800 (PST) Subject: Life with Dale In-Reply-To: <199612201454.GAA26329@mailmasher.com> Message-ID: <199612210144.SAA25029@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- In <199612201454.GAA26329 at mailmasher.com>, on 12/20/96 at 06:54 AM, nobody at huge.cajones.com (Huge Cajones Remailer) said: ::>From: Dale Thorn ::>I spent part of my growing up years in Leroy West Virginia, pop. :about 15, ::>give or take. I know about hillbillies, and I know about guns. ::>If you had the impression I am a whiner, or that that defines me as a ::>person, you're about as clueful as the other old farts who attack people ::>they don't know anything about. ::Name one thing Dale has not experienced. == "When buying and selling are controlled by legislation, the first things to be bought and sold are legislators" --P.J. O'Rourke. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMrtAFb04kQrCC2kFAQHwdgP/XgRcqqSyHjBIeD3Qd6zpPynqlzWYogLb yxaiRpI80WdE+OvAjLNAMb+GOFET3lfdtDmfgGKEOpKK4oMWLFhojA4ZorDm6KXh 0o5qSqNThrg/8xpZGRRni1f363GIA8UWz6mCeUTGgS6FLFuvbheEmTYSS1wSnV9P H18Oq9i7M2U= =yiar -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Fri Dec 20 18:00:24 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 20 Dec 1996 18:00:24 -0800 (PST) Subject: Yiddish humor Message-ID: How do you call a "cypher punk" without AIDS? Gay gezund. How do you call a "cypher punk" with AIDS? Gay in drer. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Fri Dec 20 18:20:31 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 20 Dec 1996 18:20:31 -0800 (PST) Subject: Credentials without Identity--Race Bits In-Reply-To: Message-ID: <6gk0yD26w165w@bwalk.dm.com> "Timothy C. May" writes: > (Note: To a lot of us, even seeing the English form "I've heard that in > less civilized countries...." is almost a direct cue that a facetious > (tongue in cheek, ironic, etc.) remark is about to follow.) > > I've heard that in less civilized countries, the same cues for irony may > not be widely known. Why is the fascist United State of America considered a "civilized country"? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Fri Dec 20 18:22:14 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 20 Dec 1996 18:22:14 -0800 (PST) Subject: Credentials without Identity--Race Bits In-Reply-To: <32BA5ABE.64F2@pnis.net> Message-ID: Vangelis writes: > Bill Stewart wrote: > > I've heard that in less civilized parts of the world you're actually > > required to carry government-issued ID cards to walk down the street > > or fly on airplanes. > > Umm.. tried to get on a flight without having ID lately? Doesn't work - > against policy. Anti-terrorism policy and all.. it's for your own > safety, of course. It's funny that this particulae piece of fascist regulation was imposed by the Klintons after the TWA 800 crash. Now the most likely reasons for the crash are supposedly a mechanical failure or a U.S.missile - not any terrorists. But once the fascists gain some ground, they don't give it back. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Fri Dec 20 18:40:26 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 20 Dec 1996 18:40:26 -0800 (PST) Subject: Pretty Lousy Privacy In-Reply-To: <32BA9300.1716@sk.sympatico.ca> Message-ID: Carl Johnson writes: > Alec wrote: > > How soon can we expect Turkish and Armenian language modules for this beta? > > Alec, > All of our Turkish programmers are dead. All of our Armenian > programmers' > keyboards are screwed because of the blood dripping off of their fingers. You may well be right. Were any of the Azeri civilians murdered by Armenians in Khojaly computer programmers? Are any of their killers presently employed by Earthweb as associate network administrators? _Newsweek_ 16 March 1992 By Pascal Privat with Steve Le Vine in Moscow THE FACE OF A MASSACRE Azerbaijan was a charnel house again last week: a place of mourning refugees and dozens of mangled corpses dragged to a makeshift morgue behind the mosque. They were ordinary Azerbaijani men, women and children of Khojaly, a small village in war-torn Nagorno-Karabakh overrun by Armenian forces on Feb. 25-26. Many were killed at close range while trying to flee; some had their faces mutilated, others were scalped. While the victims' families mourned, Photo: `We will never forgive the Armenians': Azeri woman mourn a victim. _The New York Times_, Tuesday, March 3, 1992 MASSACRE BY ARMENIANS Agdam, Azerbaijan, March 2 (Reuters) - Fresh evidence emerged today of a massacre of civilians by Armenian militants in Nagorno-Karabakh, a predominantly Armenian enclave of Azerbaijan. Scalping Reported Azerbaijani officials and journalists who flew briefly to the region by helicopter brought back three dead children with the back of their heads blown off. They said shooting by Armenians has prevented them from retrieving more bodies. "Women and children have been scalped," said Assad Faradshev, an aide to Nagorno-Karabakh's Azerbaijani Governor. "When we began to pick up bodies, they began firing at us." The Azerbaijani militia chief in Agdam, Rashid Mamedov, said: "The bodies are lying there like flocks of sheep. Even the fascists did nothing like this." Truckloads of Bodies Near Agdam on the outskirts of Nagorno-Karabakh, a Reuters photographer, Frederique Lengaigne, said she had seen two trucks filled with Azerbaijani bodies. "In the first one I counted 35, and it looked as though there were as many in the second," she said. "Some had their head cut off, and many had been burned. They were all men, and a few had been wearing khaki uniforms." _The Sunday Times_ 1 March 1992 By Thomas Goltz, Agdam, Azerbaijan ARMENIAN SOLDIERS MASSACRE HUNDREDS OF FLEEING FAMILIES Survivors reported that Armenian soldiers shot and bayoneted more than 450 Azeris, many of them women and children. Hundreds, possibly thousands, were missing and feared dead. The attackers killed most of the soldiers and volunteers defending the women and children. They then turned their guns on the terrified refugees. The few survivors later described what happened: 'That's when the real slaughter began,' said Azer Hajiev, one of three soldiers to survive. 'The Armenians just shot and shot. And then they came in and started carving up people with their bayonets and knives.' 'They were shooting, shooting, shooting,' echoed Rasia Aslanova, who arrived in Agdam with other women and children who made their way through Armenian lines. She said her husband, Kayun, and a son-in-law were massacred in front of her. Her daughter was still missing. One boy who arrived in Agdam had an ear sliced off. The survivors said 2000 others, some of whom had fled separately, were still missing in the gruelling terrain; many could perish from their wounds or the cold. By late yesterday, 479 deaths had been registered at the morgue in Agdam's morgue, and 29 bodies had been buried in the cemetery. Of the seven corpses I saw awaiting burial, two were children and three were women, one shot through the chest at point blank range. Agdam hospital was a scene of carnage and terror. Doctors said they had 140 patients who escaped slaughter, most with bullet injuries or deep stab wounds. Nor were they safe in Agdam. On friday night rockets fell on the city which has a population of 150,000, destroying several buildings and killing one person. _The Times_ 2 March 1992 CORPSES LITTER HILLS IN KARABAKH (ANATOL LIEVEN COMES UNDER FIRE WHILE FLYING TO INVESTIGATE THE MASS KILLINGS OF REFUGEES BY ARMENIAN TROOPS) As we swooped low over the snow-covered hills of Nagorno-Karabagh we saw the scattered corpses. Apparently, the refugees had been shot down as they ran. An Azerbaijani film of the places we flew over, shown to journalists afterwards, showed DOZENS OF CORPSES lying in various parts of the hills. The Azerbaijanis claim that AS MANY AS 1000 have died in a MASS KILLING of AZERBAIJANIS fleeing from the town of Khodjaly, seized by Armenians last week. A further 4,000 are believed to be wounded, frozen to death or missing. The civilian helicopter's job was to land in the mountains and pick up bodies at sites of the mass killings. The civilian helicopter picked up four corpses, and it was during this and a previous mission that an Azerbaijani cameraman filmed the several dozen bodies on the hillsides. Back at the airfield in Agdam, we took a look at the bodies the civilian helicopter had picked up. Two old men a small girl were covered with blood, their limbs contorted by the cold and rigor mortis. They had been shot. _TIME_ March 16, 1992 By Jill SMOLOWE -Reported by Yuri ZARAKHOVICH/Moscow M A S S A C R E I N K H O J A L Y While the details are argued, this much is plain: something grim and unconscionable happened in the Azerbaijani town of Khojaly two weeks ago. So far, some 200 dead Azerbaijanis, many of them mutilated, have been transported out of the town tucked inside the Armenian-dominated enclave of Nagorno-Karabakh for burial in neighboring Azerbaijan. The total number of deaths - the Azerbaijanis claim 1,324 civilians have been slaughtered, most of them women and children - is unknown. Videotapes circulated by the Azerbaijanis include images of defaced civilians, some of them scalped, others shot in the head. _BBC1 Morning News at 07.37, Tuesday 3 March 1992_ BBC reporter was live on line and he claimed that he saw more than 100 bodies of Azeri men, women and children as well as a baby who are shot dead from their heads from a very short distance. _BBC1 Morning News at 08:12, Tuesday 3 March 1992_ Very disturbing picture has shown that many civilian corpses who were picked up from mountain. Reporter said he, cameraman and Western Journalists have seen more than 100 corpses, who are men, women, children, massacred by Armenians. They have been shot dead from their heads as close as 1 meter. Picture also has shown nearly ten bodies (mainly women and children) are shot dead from their heads. Azerbaijan claimed that more than 1000 civilians massacred by Armenian forces. _Channel 4 News at 19.00, Monday 2 March 1992_ 2 French journalists have seen 32 corpses of men, women and children in civilian clothes. Many of them shot dead from their heads as close as less than 1 meter. _Report from Karabakpress_ A merciless massacre of the civilian population of the small Azeri town of Khojali (Population 6000) in Karabagh, Azerbaijan, is reported to have taken place on the night of February 28 by the Soviet Armenian Army. Close to 1000 people are reported to have been massacred. Elderly and children were not spared. Many were badly beaten and shot at close range. A sense of rage and helplessness has overwhelmed the Azeri population in face of the well armed and equipped Armenian Army. The neighboring Azeri city of Aghdam outside of the Karabagh region has come under heavy Armenian artillery shelling. City hospital was hit and two pregnant women as well as a new born infant were killed. Azerbaijan is appealing to the international community to condemn such barbaric and ruthless attacks on its population and its sovereignty. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From svmcguir at syr.edu Fri Dec 20 18:41:42 1996 From: svmcguir at syr.edu (Scott V. McGuire) Date: Fri, 20 Dec 1996 18:41:42 -0800 (PST) Subject: Executing Encrypted Code In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 20 Dec 1996 aaron at herringn.com wrote: > >At 1:29 PM 12/20/1996, Bill Frantz wrote: ... stuff deleted ... > >I would expect software prices to drop because everybody using the software > >would be paying for it. I would also expect more kinds of software to become > >available. > > I doubt it- if everyone has no choice but to pay, why would software companies > lower prices? What would happen is a) less pirated software floating > around, and > b) software companies make much more money. I don't see prices coming down. > You should expect software companies to make more money and for prices to come down. Remember, there's not just one software company. This scheme would force some of the people who would copy software to buy it, increasing the profits to the software companies. So, why would the price come down? Well, because of the increased profit margin, there is now room for the price to come down, and since there is competition among software companies, at least one of them will lower prices for the advantage it will give them. The others will have to follow. > ... rest deleted ... > - -------------------- Scott V. McGuire PGP key available at http://web.syr.edu/~svmcguir Key fingerprint = 86 B1 10 3F 4E 48 75 0E 96 9B 1E 52 8B B1 26 05 -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBMrtORd7xoXfnt4lpAQFNkwP+PJ8qq267S15H51i8dGqBFZEp2SC13+Xo 4h95n2fsunSWK/hQbmEXF8wZXabDqqXqRbCYh0ZZZy5Xz74vNoI4HaKsArs+dTgW +Iu5EYM1cEK8Ncrr0o6kQSPiNproNZ944AuzD11X9vKMRAkxkxPD98XeBXn6SOFK EAgm6Z0d9Cg= =RiYt -----END PGP SIGNATURE----- From lucifer at dhp.com Fri Dec 20 18:50:29 1996 From: lucifer at dhp.com (Mixmaster) Date: Fri, 20 Dec 1996 18:50:29 -0800 (PST) Subject: Security hole in premail Message-ID: <199612210235.VAA03805@dhp.com> There's a pretty nasty bug in premail that allows any non-root to obtain the contents of the premail secrets file. This is a race condition that can be exploited because an indefinite amount of time can pass between the time that premail checks if the secrets file exists and when it tries to write to the file. It can be exploited as follows: attacker: $ umask 111 $ ln -s ~/premail-secrets-file /tmp/.premail-secrets.$< normal user: $ premail -login Remember to logout when done. Your premail passphrase, please: All the attacker has to do is execute "touch premail-secrets-file" between the time that the user is prompted for the passphrase and the time when the login is completed. $ ls -al premail-secrets-file -rw-rw-rw- 1 d00d nogroup 19 Dec 20 19:01 premail-secrets-file $ cat premail-secrets-file [contents of premail secrets file] This bug can be fixed in two ways. One way is to set the premail-secrets setting to some non-world-writable directory. The second way is to apply the following patch: *** premail.orig Fri Dec 20 18:46:01 1996 --- premail Fri Dec 20 18:55:54 1996 *************** *** 3574,3579 **** --- 3574,3582 ---- } for ($triesleft = 2; !$done && $triesleft; $triesleft--) { $pass = &getpass ($x); + if(!-O $ps) { + &error ("Secrets file exists and is owned by another user\n"); + } $status = &decrypt_secrets ($ps_pgp, $ps, $pass); if (!-s $ps) { unlink $ps; } $done = (!$status && -e $ps); From ph at netcom.com Fri Dec 20 19:06:38 1996 From: ph at netcom.com (Peter Hendrickson) Date: Fri, 20 Dec 1996 19:06:38 -0800 (PST) Subject: Instruction Sets which are tough to emulate Message-ID: I'm guessing there are a bunch of ways to make a processor hard to emulate. For instance, you can make the registers 65 bits wide. Can anybody think of some more? Peter Hendrickson ph at netcom.com From mjmiski at execpc.com Fri Dec 20 19:16:15 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Fri, 20 Dec 1996 19:16:15 -0800 (PST) Subject: Ebonics Message-ID: <3.0.32.19961220211505.006b95b0@mail.execpc.com> At 11:29 AM 12/20/96 -0800, Timothy C. May wrote: (snip) >De honks be chimin.' Code be fly! I's huffa be gots to be sizing, bitch. >PGP 3 be dope, nuffin but bad! > >I be axing you if it be outa honkeyland or outa Afrika? Dat bitch Reno be >sayin' it be 'legal be usin' dope 'warez. Day be hos. Jesus Tim. You're letting your lilly white show. -feeling-oppressed-by-every-law-in-existance-white-boy Matt From tcmay at got.net Fri Dec 20 19:46:39 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 20 Dec 1996 19:46:39 -0800 (PST) Subject: Credentials without Identity--Race Bits In-Reply-To: <199612210139.SAA02134@web.azstarnet.com> Message-ID: At 6:39 PM -0700 12/20/96, drose at AZStarNet.com wrote: >aaron at herringn.com wrote: > >>Flew down to LA recently with a firearm (checked, of course). >> >>Looking over the ticket later, I was mildly surprised to find "GUN" in >>a string of otherwise unintelligible text. > >This is a case of damned if you do, damned if you don't. The last time that >I declared (as the legal notices at the check-in podium admonished me to do) >a firearm in my luggage, my bag sported a large, chromium yellow GUN tag >that also featured a graphic representation of a pistol (I guess for baggage >handlers who can't read, or can't read English, and would still like to take >advantage of one of the perks of their position). And speaking of "damned if you do, damned if you don't," on a recent flight from San Diego to San Jose I answered a ticketwoman's questions honestly. She asked in a perfunctory manner if my bags had ever been out of my sight. I answered honestly, that, yes, they had, but only briefly. She immediately chirped up that my bags would have to be re-x-rayed. I followed her toward the security point. She then asked how it was they'd been out of my sight. I told her that the men's restroom had stalls that were far too tiny for one's baggage, and that I'd placed my bags outside. She frowned, and seemed confused by this. I averred that I had no idea if the women's restroom stalls were larger, or if women simply placed their bags in the filth behind the commode. She said nothing, but said "If we re-x-ray your bags, can you promise me you won't do this again?" I politely told her no, that the stalls were simply not large enough to accomodate carry-on luggage. Then, I added helpfully, "but you won't really know, will you, so what's the point?" She froze just as we were about to enter the escalator down to the security point, commanded me to remain in that spot, and went off to consult with her security co-workers. After about 10 minutes, she and another Southwest employee returned to where I was patiently standing, gave me a lecture on how the measures were designed for my own protection, handed me a boarding pass, and complimented me on my "honesty." (I suspect they had realized then, if not long before, that the "Have your bags left your sight?" question is ill-considered, given the design of restrooms, restaurants, etc., and that most people were simply lying to them.) As with most such situations, the laws don't catch the real terrorists. (On a personal note, the woman whose office was on the other side of my office, my last year or two at Intel, was killed when a PSA employee took a handgun on a PSA flight, entered the cockpit, shot the pilot and co-pilot, and caused the plane to plunge 35,000 feet into the hills near San Luis Obispo. Her name was Karen Fox. So much for asking passenger-units to lie about whether their bags ever left their sight for even a millisecond.) Last note: I once agreed to fill out an "anonymous poll" given to me by United Airlines as we awaited takeoff from Albuquerque, back in 1987. I expressed my opinion that Allegis, the parent corporation of United at that time, deserved to face financial ruin (I was pissed at the 2-hour delay on the ground). My "anonymous poll" was apparently not so anonymous. I was met in San Jose by four security heavies, who demanded to know what I "meant" by my comments. I pointed out that my comments, whatever they were, were promised to be "anonymous." They pressed me for an explanation and said I would be arrested by airport police on grounds of making a threat unless I explained. I yielded, and blathered about Allegis and its ill-founded policies and how I believed the stock market would reward its stupidity with a much lower share price, blah blah blah. They seemed to lack any basis for throwing me in jail, so they let me go. That was the last time I flew on United, by the way. (I'm sure that had my ticket had the indication "GUN" somewhere in the validation string, I'd've gotten even rougher attention. Citizen-units who express independent opinions and who carry guns are dangerous to the Order.) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dthorn at gte.net Fri Dec 20 19:53:10 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 20 Dec 1996 19:53:10 -0800 (PST) Subject: Life with Dale In-Reply-To: <199612210144.SAA25029@infowest.com> Message-ID: <32BB5ED3.4D1D@gte.net> Attila T. Hun wrote: > ::>From: Dale Thorn > ::>I spent part of my growing up years in Leroy West Virginia, pop. :about 15, > ::>give or take. I know about hillbillies, and I know about guns. > ::>If you had the impression I am a whiner, or that that defines me as a > ::>person, you're about as clueful as the other old farts who attack people > ::>they don't know anything about. > ::Name one thing Dale has not experienced. Amazing, isn't it? Or maybe I shoulda said "ain't". Ja' ever see the movie Joe Versus The Volcano? The perfect movie, IMO, although c-punks might not like that sort of thing. Anyway, the girl is telling Tom Hanks on the boat "My dad says most people go around all day in a fog (quote approximate), but the ones who are awake are in a constant state of amazement". Stick around. When you get off of the roller coaster, it's all over. From tcmay at got.net Fri Dec 20 19:55:24 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 20 Dec 1996 19:55:24 -0800 (PST) Subject: Ebonics In-Reply-To: <3.0.32.19961220211505.006b95b0@mail.execpc.com> Message-ID: At 9:15 PM -0600 12/20/96, Matthew J. Miszewski wrote: >Jesus Tim. You're letting your lilly white show. > >-feeling-oppressed-by-every-law-in-existance-white-boy Yeah, Matt, in a free society I wouldn't have to "speak Ebonics." (Personally, I interviewed several folks while I was at Intel who could not speak standard English. I recommended against their hiring, and they in fact did not get invites to be interviewed at the main facilities. So much for their jive talk habits.) Understand, I have nothing against the colored people speaking "Ebonics" to each other, or to anyone who'll listen. But I don't have to deal with this nonsense, nor do I have to hire them. (Until the People's Republic of Political Correctness demands that I "justify" why not speaking standard English is a "valid job requirement," and refuses to take my "Because I say it is" as a valid answer. Not surprisingly, the Clintonistas have decided to enter the Proposition 209 challenge on the side of the pro-discrimination side.) If I were designing a genocidal program to destroy the colored race, I would be pushing for Ebonics, for encouraging coloreds to study "Human Potential" and "African History" instead of math, science, and engineering, and pushing for hiring quotas. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dthorn at gte.net Fri Dec 20 19:56:47 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 20 Dec 1996 19:56:47 -0800 (PST) Subject: Life with Dale In-Reply-To: <199612210144.SAA25029@infowest.com> Message-ID: <32BB5FB1.5E0A@gte.net> Attila T. Hun wrote: [snippo] > ::Name one thing Dale has not experienced. P.S.: I haven't jumped out of a plane, or flown one yet, but I do have a picture of Jessica Dubroff on the wall over my desk. From AwakenToMe at aol.com Fri Dec 20 20:20:34 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Fri, 20 Dec 1996 20:20:34 -0800 (PST) Subject: Executing Encrypted Code Message-ID: <961220231956_575725076@emout17.mail.aol.com> In a message dated 96-12-20 19:54:09 EST, ph at netcom.com (Peter Hendrickson) writes: << > I believe this is a pipedream. As it stands now, virtually all of the > software that requires special hardware dongles is ridiculously expensive, > even compared to similar offerings from other companies. >> Well.... it seems to me that if the software is going to be so expensive.. that would THEN motivate to put dongles on.. seeing as these are the hardest to crack. From AwakenToMe at aol.com Fri Dec 20 20:26:22 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Fri, 20 Dec 1996 20:26:22 -0800 (PST) Subject: Executing Encrypted Code Message-ID: <961220232541_676355232@emout07.mail.aol.com> In a message dated 96-12-20 18:51:28 EST, you write: << How about the extra hard drive space you have to purchase because you can't just keep one copy on a server anymore? >> Well... considering most apps for client server (on the client machine) arent _huge_ (memory is so damn cheap anyway) Why on earth(forgive me if I am truly missing a point here) would you put all the copies on the server? From tcmay at got.net Fri Dec 20 20:39:45 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 20 Dec 1996 20:39:45 -0800 (PST) Subject: Life with Dale In-Reply-To: <199612210144.SAA25029@infowest.com> Message-ID: At 7:55 PM -0800 12/20/96, Dale Thorn wrote: >Attila T. Hun wrote: >[snippo] >> ::Name one thing Dale has not experienced. > >P.S.: I haven't jumped out of a plane, or flown one yet, but I do > have a picture of Jessica Dubroff on the wall over my desk. My stock broker worked with her pilot, who worked in the same brokerage office in Palo Alto. And, interestingly, the Cypherpunks had a big beach party between Pescadero (where Dubroff lived) and Half Moon Bay (where she flew out of) just a couple of days prior to her departure. (This was the beach party put together by Doug Barnes, last spring.) Her dingbat newage mother claimed that "Jessica is happier now." Yeah, what was left of her in the wreckage is happier now, rotting in a grave somewhere north of me. Dale probably has a picture of her above his desk to remind him of why he supports the "license to breed" proposal. (Not an altogether surprising sentiment, but one has to wonder just why Dale would be on a list such as this one, given his politics.) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From frantz at netcom.com Fri Dec 20 20:40:16 1996 From: frantz at netcom.com (Bill Frantz) Date: Fri, 20 Dec 1996 20:40:16 -0800 (PST) Subject: Credentials without Identity--Race Bits In-Reply-To: <32BA5ABE.64F2@pnis.net> Message-ID: At 5:28 AM -0800 12/20/96, Adam Shostack wrote: >Vangelis wrote: >| Bill Stewart wrote: >| > I've heard that in less civilized parts of the world you're actually >| > required to carry government-issued ID cards to walk down the street >| > or fly on airplanes. > >| Umm.. tried to get on a flight without having ID lately? Doesn't work - >| against policy. Anti-terrorism policy and all.. it's for your own >| safety, of course. > > Yep. Sucseeded, twice. Once, having made jokes about >smuggling cocaine. A question for agent Kallestrom (sp?): If TWA800 went down due to mechanical failure (a spark blowing up the fuselage fuel tank), do we get our freedoms back? ------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA From mycroft at actrix.gen.nz Fri Dec 20 21:11:00 1996 From: mycroft at actrix.gen.nz (Paul Foley) Date: Fri, 20 Dec 1996 21:11:00 -0800 (PST) Subject: Executing Encrypted Code In-Reply-To: Message-ID: <199612210358.QAA12208@mycroft.actrix.gen.nz> On Fri, 20 Dec 1996 14:28:49 -0800, Peter Hendrickson wrote: I would expect software prices to drop because everybody using the software would be paying for it. I would also expect more kinds of software to become available. What ever happened to charging what the market will bear? Why would they voluntarily drop their prices just because the software can't be pirated? -- Paul Foley --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- Cat, n.: Lapwarmer with built-in buzzer. From blancw at microsoft.com Fri Dec 20 21:11:16 1996 From: blancw at microsoft.com (Blanc Weber) Date: Fri, 20 Dec 1996 21:11:16 -0800 (PST) Subject: Life with Dale Message-ID: From: Timothy C. May [.....]what was left of her [is] rotting in a grave somewhere north of me. ....... [...] interestingly, the Cypherpunks had a big beach party between Pescadero (where Dubroff lived) and Half Moon Bay (where she flew out of) just a couple of days prior to her departure. (This was the beach party put together by Doug Barnes, last spring.) ....................................................... Coincidence? .. Blanc > > > > From dthorn at gte.net Fri Dec 20 21:12:15 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 20 Dec 1996 21:12:15 -0800 (PST) Subject: Dale defends free society from the NSApunks (was Re: Encryption ? In-Reply-To: <199612201325.OAA03035@basement.replay.com> Message-ID: <32BB7144.3A8A@gte.net> Rich Graves wrote: > Stop bashing Dale, you ADL/CFR/NSA thought police, you. > Name Withheld by Request wrote: > > I thought this was so funny I've saved it. > > Perhaps we could vote on the quality of Dale's ideas and arrive > > at an estimate of the proportion of NSA supporters on the list. Critical thinking is hard enough, then having to research and document your findings and get someone or someplace to distribute them, well, it's too hard for most folks. So most folks fall into these camps (or others perhaps): Those who accept the conventional wisdom, i.e., Oswald did it, or, Nurnberg was a real showdown, where the world got justice for the Nazi atrocities. Those who oppose the conventional wisdom with truly unsubstantiated conspiracy theories: Karen Silkwood was programmed to drive off the road by a psychotronic computer located in Brussels which uses satellites to send the beams of energy to the victims' brains. Doing the hard work is not only hard, but depressing when nobody reads it. Probably a lot of people find the IHR (formerly Carto) publications more interesting than the rather mindless crap put out by the ADL, to name an example. Telling people about the Holocaust ad nauseam here in 1996, which the L.A. Times for instance does a lot, doesn't accomplish what I believe is the stated objective, i.e., to prevent a reoccurence, not only against Jews, but against all so-called undesirables. Cypherpunks are not the only people who give plausible argument against interference in places like Bosnia, but the fact that they do, and that mass killings are still sanctioned for all sorts of erstwhile valid and/ or practical reasons, puts a serious challenge to the Holocaust promoters: What exactly are you trying to do? If Albert Einstein can promote the A-bomb to the President, knowing it will kill hundreds of thousands of erstwhile innocent people at a single burst, what is the point of continuing the propaganda? To finance more bombs so we can kill more Hitler supporters? Sadaam was compared to Hitler, but Ramsey Clark didn't buy it. Lots of people who made lots of money investing in Nazi Germany are still selling well in the U.S. Know any Jews who drive Fords? Read the Int'l Jew crap by Henry Himself. Look at the Godfather movie when Al Pacino is walking through the town in Sicily, and there are no men to be seen. He says "Where are all the men?", and the girl with him says "ALL DEAD - died in vendettas". From orbeck at istar.ca Fri Dec 20 22:14:24 1996 From: orbeck at istar.ca (Dalban) Date: Fri, 20 Dec 1996 22:14:24 -0800 (PST) Subject: Executing Encrypted Code Message-ID: <199612210614.BAA25984@istar.ca> Scott V. McGuire wrote: > You should expect software companies to make more money and for prices to > come down. Remember, there's not just one software company. This scheme > would force some of the people who would copy software to buy it, > increasing the profits to the software companies. So, why would the price > come down? Well, because of the increased profit margin, there is now > room for the price to come down, and since there is competition among > software companies, at least one of them will lower prices for the > advantage it will give them. The others will have to follow. And therefor I write: Of course that would be in a microsoft-less world where there wasn't one company who controlled huge market shares, who dominated the industry and who didn't have both government and 'big business' in their pocket. Microsoft is the great 'teflon corportation' able to shake off controversy after controversy regarding everything from hostile marketing strategies to product dumping. Since Microsoft already maintains a virtual monopoly I don't see how making the user pay will serve justice. In your world we'd have to pay for whatever inferiour product is handed to us... not only limiting our choice and freedom but making Microsoft that much more powerful. My two bits, take it or leave it. Dalban From stewarts at ix.netcom.com Fri Dec 20 22:47:28 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 20 Dec 1996 22:47:28 -0800 (PST) Subject: FWD: PGP-fone Mailing List Archive Message-ID: <1.5.4.32.19961221063434.003e18cc@popd.ix.netcom.com> >reachable off the PGP Fone Registry, but the exact URL is : > http://pgp.rivertown.net/pgp-fone/archives Actually seems to be http://pgp.rivertown.net/pgp-fone/archive/ # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list, please Cc: me on replies. Thanks.) From stewarts at ix.netcom.com Fri Dec 20 22:51:49 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 20 Dec 1996 22:51:49 -0800 (PST) Subject: Credentials without Identity--Race Bits Message-ID: <1.5.4.32.19961221065041.003d70c8@popd.ix.netcom.com> At 09:34 AM 12/20/96 -0800, Tim wrote: >At 1:22 AM -0800 12/20/96, Vangelis wrote: > >Umm.. tried to get on a flight without having ID lately? Doesn't work - > >against policy. Anti-terrorism policy and all.. it's for your own > >safety, of course. >At the risk of undercutting Bill's facetiousness, this was of course >precisely his point. Yeah. I've spent most of this year going around North America on airplanes a couple of times a month. Sometimes they insist on government ID, claiming (falsely) that it's a government regulation. Other times they insist on photo ID (probably correctly) claiming it's a government regulation (usually I fly electronic-ticket, which they ask for photo-ID for, and I don't mind that.) United is almost always satisfied with my employee-ID and the credit card I used to buy the ticket with, except that they don't bother telling curbside baggage-handlers that. And that's not even counting the "You must turn on your laptop" crap. And it's PRO-terrorism policy "Be afraid! Be very afraid!" It's just not something a civilized place would do. (Of course now that Ted "Accused Unabomber" Kaczynski is in jail, the Olympics are over and it's pretty obvious that TWA 800 exploded due to bad design//////////natural causes, they really _ought_ to either give our civil rights back or else find some other excuse for it, like "heavy Christmas traffic is an attractive target". But instead they've got announcements about "suspicious packages should be reported to security checkpoints immediately" and "cars parked in the Red Zone will be towed away and detonated".) At least they weren't doing most of this paranoia when I visited my sister earlier this summer, bringing a couple pounds of Silly Putty in my luggage as presents for her kids, packed near the alarm clock.... # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list, please Cc: me on replies. Thanks.) From roy at sendai.scytale.com Fri Dec 20 23:07:45 1996 From: roy at sendai.scytale.com (Roy M. Silvernail) Date: Fri, 20 Dec 1996 23:07:45 -0800 (PST) Subject: Credentials without Identity--Race Bits In-Reply-To: Message-ID: <961221.001131.4o2.rnr.w165w@sendai.scytale.com> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, aaron at herringn.com writes: > Flew down to LA recently with a firearm (checked, of course). > > Looking over the ticket later, I was mildly surprised to find "GUN" in > a string of otherwise unintelligible text. Probably a coincidence. The last time I flew with a checked gun was 1980. Back then, they just asked you to declare it. In fact, I forgot to declare it in Seattle, and in a fit of concience told a ticket agent. Whereupon I was given a most nifty tour of the bowels of Sea-Tac to show an agent that the piece wasn't loaded and that there was no ammo in the same bag. Ah, the good old days... > The carrier was Alaska Airlines, if it matters. I've flown tens of thousands of miles on Alaska Airlines... they were always very mellow about things other airlines seemed tense about. > As far as the photo-id went, they didn't copy any data off it or try to > authenticate, just made sure it was my picture. One more quick anecdote: Back in January, I happened to be "between picture id's" and needed to fly. I showed a 2 year expired Alaska driver license. The clerk had a tough time finding the DL number (I had to show him where it was), but didn't even notice the expiration date. He did copy the DL number into his terminal, though. - -- Roy M. Silvernail [ ] roy at scytale.com DNRC Minister Plenipotentiary of All Things Confusing, Software Division PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMruBQBvikii9febJAQGl+gP+LhOd+D6o+e8wwyLVncNuk7FMkbOjCxjF OS4ifNLCOwPrMnZySfGOinMdf+bmEzC1vdBjHmw0oqEr4A3P2uMZtayrj07Y2MBG phzc+HuNgXrs7I4qXP5WFq50ZJVQpS/4sPwlbND/oF5HwxWql/JwnOIuyTIwR/Rd HL4SBUoPWqU= =RnxJ -----END PGP SIGNATURE----- From mpd at netcom.com Fri Dec 20 23:10:22 1996 From: mpd at netcom.com (Mike Duvos) Date: Fri, 20 Dec 1996 23:10:22 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: <199612210710.XAA23943@netcom16.netcom.com> Tim May writes: > Yeah, Matt, in a free society I wouldn't have to "speak Ebonics." > If I were designing a genocidal program to destroy the colored race, I > would be pushing for Ebonics, for encouraging coloreds to study "Human > Potential" and "African History" instead of math, science, and engineering, > and pushing for hiring quotas. When I read Tim's original message on "Ebonics", I thought it was one of those witty parodies he occasionally comes up with. Then I turned on the NBC Nightly News, and lo and behold, "Ebonics" was one of the featured stories, replete with commentary by former New York mayor Ed Koch. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From deviant at pooh-corner.com Fri Dec 20 23:52:51 1996 From: deviant at pooh-corner.com (The Deviant) Date: Fri, 20 Dec 1996 23:52:51 -0800 (PST) Subject: Bernstein (export laws unconstitutional) decision update In-Reply-To: <199612201536.JAA15195@jeep.Central.Sun.COM> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 20 Dec 1996, Michael Tighe SUN IMP wrote: > John Gilmore writes: > > >After further consultations with the attorneys, we are not sure > >whether the decision has nationwide impact or whether it is limited > >to the Northern District of California (which includes SF and Silicon > >Valley). Your Mileage May Vary -- check with your lawyer. > > The decision itself says it only applies to Bernstein, and then only for > source code. > The fact that one judge says his ruling only applies to one person is irrelevant ; his decision can, and probably will, be used as precedent in other cases, which is the good that it really serves in the first place. More power to Mr. Bernstein and all, but in reality this case has almost nothing to do with him in particular. The real usefullness of this case is so that other judges can see that at least one judge believes that the law _can_ be wrong, even if only in specific cases. --Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 Illusion is the first of all pleasures. -- Voltaire -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMruXCjCdEh3oIPAVAQFaUQf+MBMdFxn51Sw2ERB0MNrlDTDspS3mAVlZ n1H50kNRjO6sgZjZPDZzG4iZmGc0seDTW18tqQSD0moDDlWBZSUemT3mGsJhp6MO aTpC93aflIXU+SuTjYsNbDU9PfSflPiqo/+2IIbNXgRpCWJ1+lyO09U8tW0iMPp+ u5yOLMkfnTvyDoJPpygsAY7SKpjJ6hYDg6RKifGrOuWML6F/0RzEJwvXAYBw264H 5NRvfNKue0Sa8WhfMTfqplcw8m2IkMj8PLsqTWEXOQv+xSxUU0iTVKrCCNjwM3zM tZnKwe0sBKpl2Mrne1jFR3ylun7adDpkyxJEhJhs2gFW1UZ6CYMJug== =syTX -----END PGP SIGNATURE----- From gbroiles at netbox.com Fri Dec 20 23:55:10 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Fri, 20 Dec 1996 23:55:10 -0800 (PST) Subject: Reflections on the Bernstein ruling Message-ID: <3.0.32.19961220234518.006a1ef4@law.uoregon.edu> (Please keep in mind that I'm not a lawyer yet, and that my comments are intended only as the reflections of an amateur and are intended as discussion fodder, not legal advice.) Folks seem to be very excited about Judge Patel's ruling in the Bernstein case - and with good reason. It was, for example, a first-page above-the-fold item in both of the Bay Area's legal newspapers today. Unfortunately, most of the media reports have done a poor job of interpreting the ruling, and it's easy to draw bad conclusions from erratic news reports about the case. The decision is available online thanks to the folks at EFF. I thought list members might appreciate a summary of the decision and its potential effects. 1. What the ruling said In brief, Judge Patel ruled that Category XIII(b) (the category which refers to cryptographic equipment/software) is unconstitutional because it functions as a prior restraint upon speech without providing important procedural safeguards which are required when a prior restraint scheme is put into place. She ruled that the "technical data" provision of the ITAR is also unconstitutional when it refers to technical data about Category XIII(b) items because of the lack of procedural safeguards. Mopping up other points raised by the suit, Judge Patel ruled that the term "defense article" as defined in 22 CFR 120.6 should be read to elide the phrase "or technical data"; and that when interpreted that way, the terms "defense article", "defense service", and "technical data" are not unconstitutionally vague. She also ruled that the term "export" is not unconstitutionally vague, and writes (in 'dicta', which is legalese for "offhand comment", e.g., without precedential value but interesting as a hint re what's going on in the judge's mind) that placing software on an "Internet site" which can be accessed from a foreign country is an export for ITAR purposes. She also ruled that the "fundamental research in science and engineering" (120.11(8)) and "general scientific, mathematical, or engineering principles" (120.10(5)) exceptions to the definition of "technical data" are void because they are too vague. As far as I can tell, they are thus no longer available to potential ITAR defendants. 2. What the ruling didn't say Judge Patel declined to address the merits of two of Bernstein's arguments: that cryptographic software is independently worthy of First Amendment protection as a tool which enables confidential speech and privacy, and that the ITAR scheme violates the Administrative Procedure Act. She also refused to grant Bernstein a preliminary injunction which would have prohibited the US Government from prosecuting him for teaching his class this spring, because her ruling means that his proposed activities are not (for now) illegal. The opinion also narrowly fails to say whether or not Category XIII(b) is content-based or content-neutral; but reaches its conclusion by pointing out that such a determination isn't necessary, because even if XIII(b) is content-neutral, it is still unconstitutional. (* My reading of the opinion diverges from the EFF's, as reported in their 12/17 press release, on this point. I think my interpretation is correct. YMMV.) 3. What the ruling means Some messages that I've seen have suggested that her ruling means that the ITAR does not apply to crypto of any kind; or that crypto can now be exported in, variously, the Ninth Circuit, or Northern California, or Berkeley. Strictly speaking, Judge Patel's ruling is not binding precedent in any court. The doctrine of "stare decisis", which says that courts should not disturb existing precedent, suggests that other district courts in the Northern District of California will follow Judge Patel's ruling, at least until the Ninth Circuit addresses the issue (in this case or a different one). But "stare decisis" is a policy statement, not law; and, as the decision in _Karn v. Dept of State_ makes clear (by ruling that the First Amendment does not prevent applying Category XIII(b) to source code), district courts around the country are free to disagree with each other and issue contradictory or incompatible opinions. (I'm interested in any analysis which would suggest that her ruling is binding on the ND CA courts for reasons other than stare decisis; I'm not aware of other grounds, but I don't know everything, either. Comments?) Further, Judge Patel's ruling yesterday is dependent upon her earlier ruling which held that source code is speech for First Amendment purposes. That ruling has not yet been reviewed at the appellate level, and is not uncontroversial nor universally accepted. If another court disagrees with that ruling, Judge Patel's otherwise convincing reasoning in this case (which says that the lack of procedural safeguards for this prior-restraint scheme is unconstitutional) is irrelevant - because without speech, the First Amendment (and its hostility to prior restraint) isn't applicable. It's also significant because her earlier ruling said that source code is speech - and her reasoning for reaching that result does not apply to object code or executables. It's also unclear that Judge Patel's ruling is enough to make export of crypto source legal by people/organizations located even in the Northern District of CA. Venue is proper, in an ITAR case, in any jurisdiction which the defense articles have moved through. (18 USC 3237(a); _US v. Durrani_ 659 F.Supp 1177, 1182 (D. Conn, 1987); an easy analogy is to the _US v. Thomas_ "Amateur Action" case, where Tennessee venue was proper for prosecution of California defendants who sent porn into Tennessee.) So it's at least arguable that the feds could simply bring an ITAR prosecution in another district, if exported crypto flowed through that district. (But I don't think they can do so against Dan Bernstein because of "res judicata", a doctrine which says that once two parties have fully litigated an issue, they cannot come back to the same court - or a different one - and ask to relitigate the same issue.) So while the ruling has considerable historical, cultural, and symbolic significance, it's dangerous to assume that it means that export restrictions on crypto are dead. -- Greg Broiles | US crypto export control policy in a nutshell: gbroiles at netbox.com | http://www.io.com/~gbroiles | Export jobs, not crypto. | From vangelis at qnis.net Fri Dec 20 23:58:39 1996 From: vangelis at qnis.net (Vangelis) Date: Fri, 20 Dec 1996 23:58:39 -0800 (PST) Subject: Credentials without Identity--Race Bits In-Reply-To: Message-ID: <32BB9372.78B0@qnis.net> Dr.Dimitri Vulis KOTM wrote: > > Umm.. tried to get on a flight without having ID lately? Doesn't work - > > against policy. Anti-terrorism policy and all.. it's for your own > > safety, of course. > > It's funny that this particulae piece of fascist regulation was imposed > by the Klintons after the TWA 800 crash. Now the most likely reasons for Um, not it wasn't. Not that I wouldn't put it past them, but I read a 1st-hand account of someone having this problem months before TWA 800 took a bath. -- Vangelis /\oo/\ Finger for public key. PGP KeyID 1024/A558B025 PGP Fingerprint AE E0 BE 68 EE 7B CF 04 02 97 02 86 F0 C7 69 25 Life is my religion, the world is my altar. From rcgraves at disposable.com Sat Dec 21 00:48:41 1996 From: rcgraves at disposable.com (Rich Graves) Date: Sat, 21 Dec 1996 00:48:41 -0800 (PST) Subject: Solidarity with Peruvian Guerrilla! In-Reply-To: Message-ID: <32BBA49E.247F@disposable.com> I said: > > Aaron wrote: > > > > P.S. Plans are being made for a demonstration at the Peruvian > > Consulate in San Francisco, California -- probably on Monday, > > December 23. If you live in the area, please send me an e-mail > > message. > > Done. > > This could be a real blast! In case Aaron isn't the only one who was confused, the above is called sarcasm. No pun unintended. But for what it's worth, I've been told that the fun runs from 4:30 to 6 PM. The address is 870 Market St., near Powell, in S.F. Unfortunately, I'll probably be headed out of town by then, but say hello for me. If you thought Dale was wacky, wait til you get a load of the senderistas. -rich From abbee at ritsec1.com.eg Sat Dec 21 02:44:07 1996 From: abbee at ritsec1.com.eg (ABB Electrical Engineering) Date: Sat, 21 Dec 1996 02:44:07 -0800 (PST) Subject: Your password for BARRON'S Online In-Reply-To: <199612171641.LAA29419@Online.Barrons.COM> Message-ID: Can anyone tell me please how to unsbscribe and not to receive such mail. Thanks From toto at sk.sympatico.ca Sat Dec 21 03:17:59 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Sat, 21 Dec 1996 03:17:59 -0800 (PST) Subject: Flying on planes without ID In-Reply-To: <32BA5ABE.64F2@pnis.net> Message-ID: <32BB9E87.2BBD@sk.sympatico.ca> Carl Johnson wrote: > > Rich Graves wrote: > > "My wallet was stolen. The only ID I have on me is my ACLU membership > > card and my PGP key. Can I still get on the plane?" > > Rich, > How about, "I have copies of the eMail I sent, as 'fuck at yourself.up, can I > still get on the plane?" > Let's hope that the security guard is a CypherPunk. Maybe he'll let him > 'off' the plane at 30,000 feet. > - > Reply to:toto at sk.sympatico.ca > "There's only one two." -- Reply to:toto at sk.sympatico.ca "There's only one two." From lucifer at dhp.com Sat Dec 21 04:12:58 1996 From: lucifer at dhp.com (Anonymous) Date: Sat, 21 Dec 1996 04:12:58 -0800 (PST) Subject: Dale defends free society from the NSApunks (was Re: Encryption ? Message-ID: <199612211212.HAA13448@dhp.com> :There are a lot of NSA people here on cypherpunks, and they try very :hard to control encryption, to make everyone think it is difficult, to :discourage independent inquiry. They don't have to discourage anything, we never talk about encryption here..... But thats the master plan, to bore them into leaving!! From toto at sk.sympatico.ca Sat Dec 21 05:32:42 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Sat, 21 Dec 1996 05:32:42 -0800 (PST) Subject: Slaughter In-Reply-To: Message-ID: <32BBF98E.4D51@sk.sympatico.ca> Dr.Dimitri Vulis KOTM wrote: > > CORPSES LITTER HILLS IN KARABAKH Dear Dr.DVK, Thank you for your lengthy list of articles on the human slaughter that continues on earth to this very day. It reminds me of watching the TV coverage of Desert Storm, as the news channels took great delight in replaying scenes of American flyers massacring retreating Iraquian troops who were beaten and bedraggled, merely trying to survive, and get home to their families. Basically, they were slaughtered so that the flyboys and their superiors at the Pentagon could test their new toys, and make sure that they worked. It was considered acceptable action, however, because these were the 'bad' guys. We 'know' that they were, because we were told so by the ten-second sound-bytes of the New World Order during the nightly news. So I listened as millions of Americans cheered the slaughter of defeated troops, who had thrown up the white flag and retreated, only to have us blow them away from out of the sky on their way back home with our wonderful hi-tech weapons. I listened as thousands of Americans, including the media, truly bought into the Pentagon sound-byte that tells us the world is a better place because we can slaughter the soldiers of less-developed countries 'from a distance', using technology, and not 'risk' precious American lives. Of course, missles don't take prisoners, so everyone we make war with has to die, now, don't they. Remember that this is the same Pentagon that built the InterNet. And the same Americans who cheered the slaughter of defeated troops will be lined up to cheer the slaughter of the misfits among us who are culled from the herd through the tracking of their activities and their communications on the InterGlobal communications system of the New World Order. While the vast majority may be enthralled with their pretty, shiny, new toy--the InterNet--and buy into the sound-bytes that portray it as an empowerer of the common man, there are others who have, since its inception, been warning of the 'dark side' of the InterNet. When the New World Order becomes a reality, the main difference between the next holocaust and the last one will be that the misfits and outcasts will have GameBoys to play with during their trip to Auschwitz. There is a quote I remember which struck me deeply when I heard it, but forgive me if it is not quite correct: "They came for the Jews, and I wasn't a Jew, so I didn't speak up. They came for the National Socialists, and I wasn't a National Socialist, so I didn't speak up. Then they came for me. "And nobody spoke up." I don't know Phil Zimmerman. I've never met him and I'd never heard of him, or of cryptography until the fledgling New World Order began their crusade to start culling out the misfits who stuck out glaringly from the common masses by trying to provide them protection from Big Brother and his goons. I didn't know Phil Zimmerman, but I knew his psyche and I knew his motivations. You might say that we went to different high-schools together. So I spoke up. Loudly (and anonymously). And by the time the sun came up the next morning, bleary-eyed and tired, I had a copy of PGP on my hard drive. I had a weapon of self-defence in my possesion that Phil Zimmerman shed his blood for, at the hands of the New Pharisees. You are free to rail night and day against cryptology and cypherpunks, and whoever else it pleases you to rail against, because this is America. But believe me, America is, and will be, a part of the New World Order. Phil Zimmerman's case was not an 'aberration' of 'what is', it was a foreshadowing of 'what is to come'. But there are others, with more foresight, who rail against the real threats to mankind, and to freedom, and they do quietly, and in secret, not wanting to share the fate of Phil Zimmerman and others, who had too high a profile for the New World Order to ignore. These people are not psychic, but they have the foresight to see the future in the shadows of the past, and they will tell you, man, woman, and child, "You will take my cryptography from me when you pry it from my cold, dead algorithms." So, Dr. DV K, rant and rave as much as pleases you, but be careful what you rave against, lest they come for you. And if you feel the net tightening around you, with the forces of the New World Order hovering over you, deeming that now 'you' are becoming a problem, then think about protecting yourself. Think about cryptography. Kindly, Toto p.s -- If you are going to quote 'news broadcasts' from the BBC, etc, then please don't quote the same 'bad syntax' in three consecutive news releases. i.e - "shot dead from their heads" It might give some people reason to wonder if you are authoring these 'news broadcasts' yourself. -- Reply to:toto at sk.sympatico.ca "There's only one two." From jya at pipeline.com Sat Dec 21 05:40:47 1996 From: jya at pipeline.com (John Young) Date: Sat, 21 Dec 1996 05:40:47 -0800 (PST) Subject: WIP_out Message-ID: <1.5.4.32.19961221133655.006abbc8@pop.pipeline.com> 12-21-96. NYP: "Global Agreement Reached To Widen Law On Copyright" On-Line Material: International law would specify that copyright protection includes the right to control the on-line distribution of copyrighted materials, as well as the right to prevent others from making unauthorized copies. "Fair use" -- the tradition of allowing individuals to make a limited number of copies for noncommercial purpose, or to use brief excerpts in news reports or artistic criticism -- would still apply in cyberspace. In a compromise meant to defuse one of the harshest criticisms of the treaty, negotiators agreed to delete language that would have treated even temporary copies of material downloaded from the Internet as possible violations of international copyright law. ----- WIP_out ---------- WIPO on the Web: http://www.wipo.org From pgut001 at cs.auckland.ac.nz Sat Dec 21 06:36:07 1996 From: pgut001 at cs.auckland.ac.nz (pgut001 at cs.auckland.ac.nz) Date: Sat, 21 Dec 1996 06:36:07 -0800 (PST) Subject: New Australian export regulations Message-ID: <85117896422931@cs26.cs.auckland.ac.nz> Australia's new export control regulations have just been posted to the net, you can get them from http://www.adfa.oz.au/DOD/al/iic/excontrl/excohome.htm (they're all Word 6.0 documents, I've been reading them with a binary file browser - blech). What makes them interesting is that most of the text is word for word identical to the Canadian regulations (which is sensible, since the Canadian ones are clear and easy to follow, unlike the US "We'll let you know when you've broken the law" FUD regulations). The only thing which is different is the section numbering, the mapping from Canadian to Australian section numbers appears to be: 10xy.y.z -> xY00?.Y.Z where y -> Y == 1 -> A, 2 -> B, etc and z -> Z == A -> 1, 2 -> B, etc, so that Canadian 1151.1.c becomes Australian 5A002.a.3 (this doesn't work in all cases, if there's no .n suffix on the Australian number then the .n part from the Canadian number becomes part of the main Australian number, eg 1071.5 -> 7A005. The text may not be taken straight from the Canadian one because some of the spelling mistakes in the Canadian one aren't present in the Austrlian one, or maybe it was prepared from a later version which had been spelling checked. For crypto software, you want cat_5.doc, equivalent to section 1150 of the Canadian regulations. Anyway, here's the good bit, in sou.doc, "GENERAL TECHNOLOGY NOTE (PART 1 - MUNITIONS LIST)" >3. Controls do not apply to "technology" "in the public domain", to "basic > scientific research" or to the minimum necessary information for patent > applications. Again, this is identical to the Canadian regulations. Since the Canadian government has already ruled that a whole variety of crypto software is exportable under this exception, it means that the same stuff (and equivalent software from Australia) should also be exportable, or at least that you've got a very good case for arguing with the Australian government if they decide it's not exportable. Then in definits.doc we again have the Canadian text: >"In the public domain" (GTN NTN GSN), as it applies herein, means >"technology" or "software" which has been made available without restrictions >upon its further dissemination (copyright restrictions do not remove >"technology" or "software" from being "in the public domain"). It's nice to have this stuff laid out at last, because it finally takes the Australian crypto controls out of a gray area and defines them so that stuff like SSLeay and my own cryptlib aren't restricted. Incidentally, there's also the cute: >1. The export of "technology" which is "required" for the "development", > "production" or "use" of items controlled in the Munitions List is > controlled according to the provisions in the Munitions List entries. > This "technology" remains under control even when applicable to any > uncontrolled item. This covers virtually any software development tool, and any kind of computer hardware, as well as natural neural networks and personal digital extensions (of the kind designed for keyboard data entry). I wonder if we'll see the regulations retroactively changed when someone in Canberra realizes what they've copied from the Canadian regs :-). Peter. From dlv at bwalk.dm.com Sat Dec 21 07:10:10 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Dec 1996 07:10:10 -0800 (PST) Subject: Your password for BARRON'S Online In-Reply-To: Message-ID: <2BJaZD31w165w@bwalk.dm.com> ABB Electrical Engineering writes: > Can anyone tell me please how to unsbscribe and not to receive such mail. What's ".eg"? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Dec 21 07:10:13 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Dec 1996 07:10:13 -0800 (PST) Subject: Instruction Sets which are tough to emulate In-Reply-To: Message-ID: ph at netcom.com (Peter Hendrickson) writes: > I'm guessing there are a bunch of ways to make a processor hard > to emulate. > > For instance, you can make the registers 65 bits wide. > > Can anybody think of some more? Why would 65 bit registers make the processor hard(er) to emulate? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Dec 21 07:10:18 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Dec 1996 07:10:18 -0800 (PST) Subject: Life with Dale In-Reply-To: Message-ID: "Timothy C. May" writes: > (Not an altogether surprising sentiment, but one has to wonder just why > Dale would be on a list such as this one, given his politics.) Has the asshole censor John Gilmore (spit) "unsuscripted" Dale yet? Does John Gilmore (spit) masturbate every time he "unsubsides" someone from his private mailing list for posting content he doesn't like? Does John Gilmore (spit) keep a bowl of condoms next to toad.com, or does he practice Unsafe Sex with himself? Inquiring minds want to know. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Dec 21 07:10:20 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Dec 1996 07:10:20 -0800 (PST) Subject: Credentials without Identity--Race Bits In-Reply-To: <32BB9372.78B0@qnis.net> Message-ID: Vangelis writes: > Dr.Dimitri Vulis KOTM wrote: > > > Umm.. tried to get on a flight without having ID lately? Doesn't work - > > > against policy. Anti-terrorism policy and all.. it's for your own > > > safety, of course. > > > > It's funny that this particulae piece of fascist regulation was imposed > > by the Klintons after the TWA 800 crash. Now the most likely reasons for > > Um, not it wasn't. Not that I wouldn't put it past them, but I read a > 1st-hand account of someone having this problem months before TWA 800 > took a bath. Yes it was. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Dec 21 07:10:21 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Dec 1996 07:10:21 -0800 (PST) Subject: "Cypher punks" are the laughing stock for the media In-Reply-To: <32BBF98E.4D51@sk.sympatico.ca> Message-ID: Carl Johnson writes: > Thank you for your lengthy list of articles on the human slaughter > that continues on earth to this very day. It reminds me of watching > the TV coverage of Desert Storm, as the news channels took great > delight in replaying scenes of American flyers massacring retreating > Iraquian troops who were beaten and bedraggled, merely trying to > survive, and get home to their families. I wish Iraqi people the best of luck in killing every American they can get their hands on. Three cheers for Saddam Hussein! > You are free to rail night and day against cryptology and cypherpunks, > and whoever else it pleases you to rail against, because this is America. You are sadly mistaken, child, or maybe you believe the lies Timmy May (fart) spread about me. I am a professional cryptographer. I believe that crypto technology should be freely availably to everyone, with no government controls, like any other technology (like compiler construction :-). I believe that the Internet should be available to everyone (and I've made a lot of enemies by helping connect certain parts of the world to the 'net somewhat sooner that they would have been without my participation). OTOH, "cypher punks" are a joke, a laughing stock for the media, who stand in the way of these goals. Re-read the list archives before speaking of things you do not understand. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From nobody at huge.cajones.com Sat Dec 21 07:14:09 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Sat, 21 Dec 1996 07:14:09 -0800 (PST) Subject: Dale defends free society from the NSApunks Message-ID: <199612211514.HAA26831@mailmasher.com> :Date: Fri, 20 Dec 1996 14:10:11 -0800 :From: Rich Graves :Stop bashing Dale, you ADL/CFR/NSA thought police, you. I can recognize sarcasm! You're on the list! Yes, THE list! Yours from NSA. From dlv at bwalk.dm.com Sat Dec 21 07:20:22 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Dec 1996 07:20:22 -0800 (PST) Subject: Dale defends free society from the NSApunks (was Re: Encryption ? In-Reply-To: <199612211212.HAA13448@dhp.com> Message-ID: <1wkaZD39w165w@bwalk.dm.com> lucifer at dhp.com (Anonymous) writes: > :There are a lot of NSA people here on cypherpunks, and they try very > :hard to control encryption, to make everyone think it is difficult, to > :discourage independent inquiry. > > They don't have to discourage anything, we never talk about encryption here.. > But thats the master plan, to bore them into leaving!! And those who don't leave voluntarily get "unsubscrived" by the censor asshole John Gilmore (spit) who doesn't like the content of their posts. I figured out what gives John Gilmore's beard its fake "blonde" color - the dried-up SEMEN. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From nobody at huge.cajones.com Sat Dec 21 07:31:36 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Sat, 21 Dec 1996 07:31:36 -0800 (PST) Subject: Credentials without Identity--Race Bits Message-ID: <199612211531.HAA29766@mailmasher.com> :From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) :Why is the fascist United State of America considered a "civilized :country"? It lets in the refuse of the earth to offer them the opportunity of a better life? With little guarantee thay will repay the offer? From dlv at bwalk.dm.com Sat Dec 21 08:10:18 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Dec 1996 08:10:18 -0800 (PST) Subject: Securing ActiveX. In-Reply-To: <851098860.921944.0@fatmans.demon.co.uk> Message-ID: <4JmaZD41w165w@bwalk.dm.com> paul at fatmans.demon.co.uk writes: > > Armenians are murderous cowards. They killed over 2 million Moslems in > > this century alone - mostly women and children. > > I note that along with this racist generalisation you decided to post the "Generalisation"? It's a historical fact that Armenians have murdered 2,500,000 Turks, Kurds, and Sephardic Jews in this century alone. ]_The Jewish Times_ June 21, 1990 ] ]_An appropriate analogy with the Jewish Holocaust might be the ] systematic extermination of the entire Muslim population of ] the independent republic of Armenia which consisted of at ] least 30-40 percent of the population of that republic. The ] memoirs of an Armenian army officer who participated in and ] eye-witnessed these atrocities was published in the U.S. in ] 1926 with the title 'Men Are Like That.' Other references abound._ ] ] Leonard Ramsden Hartill, _Men Are Like That_ The Bobbs-Merrill ] Company, Indianapolis (1926). ]_Memoirs of an Armenian officer who participated in the Armenian ] genocide of 2.5 million Muslim people_ ] ] ]_Foreword:_ ] ]_For example, we were camped one night in a half-ruined Tartar ] mosque, the most habitable building of a destroyed village, near ] the border of Persia and Russian Armenia. During the course of ] evening I asked Ohanus if he could tell me anything of the history ] of the village and the cause of its destruction. In his matter of ] fact way he replied, Yes, I assisted in its sack and destruction, ] and witnessed the slaying of those whose bones you saw to-day ] scattered among its ruins._ ] ]p. 218 (first and second paragraphs) ] ]_We Armenians did not spare the Muslims. If persisted in, the ] slaughtering of Tartars, the looting, and the rape and massacre ] of the helpless become commonplace actions expected and accepted ] as a matter of course. ] ] I have been on the scenes of massacres where the dead lay on the ] ground, in numbers, like the fallen leaves in a forest. Muslims ] had been as helpless and as defenseless as sheep. They had not died ] as soldiers die in the heat of battle, fired with ardor and courage, ] with weapons in their hands, and exchanging blow for blow. They had ] died as the helpless must, with their hearts and brains bursting ] with horror worse than death itself._ Next you'll say that Germans didn't kill 6 million Jews. (Of course, the Nizkor project now claims that Germans killed 12 million Jews. Isn't it remarkable how fast those pesky dead Jews can multiply? :-) > following rant: > > >As usual, Timmy May spouts racist, anti-Semitic shit. As usual, he has > >no idea what he's talking about. So what else is new... > > As well as a number of other rants along those lines. There is little > difference between over generalisations of the kind you made above > and, for example, discriminating against someone on the basis of > race, colour, religion etc. Interesting. Paul Bradley does not consider Timmy May's (fart) latest rants on "ebonics" and "colored race" to be racist? I think Timmy May hates blacks even more than he hates Jews. Let's quote Timmy's sick garbage on soc.culture.african.american and ask if they find it offensive and racist. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From geeman at best.com Sat Dec 21 08:54:30 1996 From: geeman at best.com (geeman at best.com) Date: Sat, 21 Dec 1996 08:54:30 -0800 (PST) Subject: Proof that "cypher punks" have complete degenerated... Message-ID: <3.0.32.19961220092344.0068c554@best.com> At 09:08 AM 12/19/96 -0800, you wrote: >geeman at best.com wrote: >> It wasn't worth commenting on. >> Appending data after the ctrl-Z as stego? >> Not even worth a letter to the ed! > >> Dr.Dimitri Vulis KOTM wrote: >> > No one even commented on the latest Dr. Dobbs issue. > >After seeing the initial post, I ran out to get a copy, but they were >all gone. I find it hard to believe that appending data to a file is >considered stego, even by a commercial publication such as Dr. Dobb's. >Can anyone confirm this? > Well, there it is, indeed. I couldn't friggin believe it, since I've written for them and usually the stuff's pretty good. A program to append data after a text file's ctrl-Z EOF byte. If you _really_ want it secure, crypt it with the compiler's PRNG. ;) From tcmay at got.net Sat Dec 21 09:04:03 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 21 Dec 1996 09:04:03 -0800 (PST) Subject: The Ebonic Plague In-Reply-To: Message-ID: At 11:10 PM -0800 12/20/96, Mike Duvos wrote: >When I read Tim's original message on "Ebonics", I thought it was one >of those witty parodies he occasionally comes up with. Thanks for the compliment! The "Ebonics" notion is too strange for my imagination to have come up with, though. >Then I turned on the NBC Nightly News, and lo and behold, "Ebonics" >was one of the featured stories, replete with commentary by former >New York mayor Ed Koch. Indeed, the Oakland, California school system is teaching children in a "bilingual" program of "standard English" and "Ebonics." At least Ebonics is simpler: I be, you be, he be, she be, we be, dey be, it be, etc. So, how long before a lawsuit is filed ("it be filed") demanding that election ballots be printed in Ebonics, along with those printed in Spanish, Mandarin, Cantonese, Vietnamese, Korean, Serbo-Croation, Blatislavan, Talegu, and the other 43 officially recognized languages? How long before it becomes a crime to "discriminate" (or, in Ebonics, "discimnate") against a person ("a peeples") who speaks Ebonics as his primary language? Democracy has run amok in this country. There is no hope for reforming at the ballot box, as democracy only makes things worse. Only a crypto reign of terror can purge this land of the scum. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dlv at bwalk.dm.com Sat Dec 21 09:10:10 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Dec 1996 09:10:10 -0800 (PST) Subject: "Cypher punks'" sexual preferences In-Reply-To: <199612200356.TAA25114@mark.allyn.com> Message-ID: Doctor: Do you know who gave you AIDS? "Cypher punk": I don't have eyes on the back of my head. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From janimmo at rigel.infonex.com Sat Dec 21 09:22:16 1996 From: janimmo at rigel.infonex.com (Jeffrey A Nimmo) Date: Sat, 21 Dec 1996 09:22:16 -0800 (PST) Subject: Slaughter In-Reply-To: <32BBF98E.4D51@sk.sympatico.ca> Message-ID: On Sat, 21 Dec 1996, Carl Johnson wrote: > "They came for the Jews, and I wasn't a Jew, so I didn't speak up. > They came for the National Socialists, and I wasn't a National Socialist, > so I didn't speak up. Then they came for me. > "And nobody spoke up." "They" came for the Jews AND the Nazis? Damn, they wanted to cover all the bases didn't they? From dthorn at gte.net Sat Dec 21 09:44:02 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 21 Dec 1996 09:44:02 -0800 (PST) Subject: Slaughter In-Reply-To: Message-ID: <32BC218C.1B92@gte.net> Carl Johnson wrote: > Dr.Dimitri Vulis KOTM wrote: > Dear Dr.DVK, > Thank you for your lengthy list of articles on the human slaughter[snippo] > There is a quote I remember which struck me deeply when I heard it, > but forgive me if it is not quite correct: > "They came for the Jews, and I wasn't a Jew, so I didn't speak up. > They came for the National Socialists, and I wasn't a National Socialist, > so I didn't speak up. Then they came for me. "And nobody spoke up." As I remember the quote, it ended something like "and they came for me, but there was nobody left to speak up". [mo' snip] > "You will take my cryptography from me when you pry it from my > cold, dead algorithms." Think about cryptography. We're all thinking about it. We just don't believe (naively) that just because someone issues code that was designed 20 years ago, and which the NSA can undoubtedly crack in a heartbeat, that that code can necessarily protect us against all comers. There is a difference between principle and fact. You have the principles exactly correct, but as to facts, you have to be eternally vigilant, i.e., don't get too comfortable with PGP et al. From dthorn at gte.net Sat Dec 21 09:56:18 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 21 Dec 1996 09:56:18 -0800 (PST) Subject: Life with Dale In-Reply-To: Message-ID: <32BC246D.67C6@gte.net> Dr.Dimitri Vulis KOTM wrote: > "Timothy C. May" writes: > > (Not an altogether surprising sentiment, but one has to wonder just why > > Dale would be on a list such as this one, given his politics.) [snip] A list such as this? I hung out with the radicals at Kent State in 1970, hobnobbed with KKK guys in S.E. Tennessee, spent time with the ultra- liberal crowd in the west L.A. area, and associated with Liberty Lobby (Carto, IHR) people for a while as well. You might be surprised at my politics, but then again, what is my politics? You can select/accumulate a point of view, but I'll wager that you can get a better understanding of people of all stripes if you spend time with them, rather than reading about them. Ideas are important, they're great to have and believe in, but don't let ideas lead you into supporting the great massacre machine of current-day politics. It's a fool's bet. Uncle Miltie said it best at the end of a 90-minute comedy special on PBS: "What's it all about? Life." (followed by an extremely funny quip about an uncle doing life in Sing-Sing). God bless Uncle Miltie. From mrosen at peganet.com Sat Dec 21 10:05:41 1996 From: mrosen at peganet.com (Mark Rosen) Date: Sat, 21 Dec 1996 10:05:41 -0800 (PST) Subject: Ebonics Message-ID: <199612211754.MAA04080@mercury.peganet.com> > Yeah, Matt, in a free society I wouldn't have to "speak Ebonics." > > (Personally, I interviewed several folks while I was at Intel who could not > speak standard English. I recommended against their hiring, and they in > fact did not get invites to be interviewed at the main facilities. So much > for their jive talk habits.) > > Understand, I have nothing against the colored people speaking "Ebonics" to > each other, or to anyone who'll listen. But I don't have to deal with this > nonsense, nor do I have to hire them. > > (Until the People's Republic of Political Correctness demands that I > "justify" why not speaking standard English is a "valid job requirement," > and refuses to take my "Because I say it is" as a valid answer. Not > surprisingly, the Clintonistas have decided to enter the Proposition 209 > challenge on the side of the pro-discrimination side.) > > If I were designing a genocidal program to destroy the colored race, I > would be pushing for Ebonics, for encouraging coloreds to study "Human > Potential" and "African History" instead of math, science, and engineering, > and pushing for hiring quotas. > There are several problems with your argument: * You are making glaring generalizations regarding all members of an ethnic body; you don't seem to realize that intellect is based not on color or how you talk but on your brain (which has the same color and other basic properties in all humans, I believe) * You are completely forgetting the other "non-English" group in America; the so-called White Trash or heavy Southern accents, which are violate just as many prissy and stuck up rules of grammar as Ebonics * You don't have to speak ebonics. You also don't have to speak with a Southern twang (or whatever the politically correct name for that is) I also think that you are forgetting about the human aspect of your discrimination. For a second, put yourself in the place of a really smart black guy applying for a job at Intel. He is overqualified for the job. You turn him down. Have you ever wondered what it does to a person to be turned down not on the basis of their moral character or intellect but by their skin? For someone to be told that they are stupid and are not competent to do this job? You don't realize that you are crushing _human_ lives, people who have feelings. If you would just put yourself in their place, you would realize the hurt that your are inflicting. Out of curiousity, do you refuse from hiring people with Southern Accents? Or people who have heavy "asian" accents? I'm very surprised that a smart person like you, who believes in the power of strong cryptography, one of the greatest equalizing forces in the world, actively discriminates against other people who don't look or talk like you. Mark Rosen FireSoft - http://www.geocities.com/SiliconValley/Pines/2690 Mark Eats AOL - http://www.geocities.com/TimesSquare/6660 From dthorn at gte.net Sat Dec 21 10:10:21 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 21 Dec 1996 10:10:21 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: <32BC27B3.7E2D@gte.net> Timothy C. May wrote: > At 9:15 PM -0600 12/20/96, Matthew J. Miszewski wrote: > >Jesus Tim. You're letting your lilly white show. > >-feeling-oppressed-by-every-law-in-existance-white-boy > Yeah, Matt, in a free society I wouldn't have to "speak Ebonics." The trouble with these f*&%^*&%^* do-gooder programs is that they miss the point. How are you going to teach anything using improvised dialect? It's just insane. When I was working at Olympic Sales in El Segundo in 1981, my manager was a very intelligent and very politically knowledgeable person. One day I responded to something he said, where I said "shit, bro'" followed by some jive talk like I've heard before, but couldn't really communicate in, since I didn't have the experience. To my surprise, he responded with some more jive talk, and we traded jive for a minute or so until I gave up. It's something I'll never forget - gives me a good laugh whenever I think about it. But seriously, they're gonna codify this? What bozos. From 3bmice at nym.alias.net Sat Dec 21 10:19:42 1996 From: 3bmice at nym.alias.net (Three Blind Mice) Date: Sat, 21 Dec 1996 10:19:42 -0800 (PST) Subject: Credentials without Identity--Race Bits Message-ID: <19961221181934.14966.qmail@anon.lcs.mit.edu> On Fri, 20 Dec 1996, Vangelis wrote: > Bill Stewart wrote: > > I've heard that in less civilized parts of the world you're actually > > required to carry government-issued ID cards to walk down the street > > or fly on airplanes. > > Umm.. tried to get on a flight without having ID lately? Doesn't work - > against policy. Anti-terrorism policy and all.. it's for your own > safety, of course. But my dear Vangelis, that's exactly what Bill is talking about. --3bmice From dthorn at gte.net Sat Dec 21 10:21:44 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 21 Dec 1996 10:21:44 -0800 (PST) Subject: Life with Dale In-Reply-To: <199612210144.SAA25029@infowest.com> Message-ID: <32BC2A60.5C63@gte.net> Timothy C. May wrote: > At 7:55 PM -0800 12/20/96, Dale Thorn wrote: > >Attila T. Hun wrote: [snippo] > Dale probably has a picture of her above his desk to remind him of > why he supports the "license to breed" proposal. I'm not into the breeding stuff, being that we had the requisite example from Europe circa the 1930's. That said, however, if society could "breed" a million more Jessicas, I would be delighted. Ya' know, guys, the world is half women, even though they're not on the c-punks list. Get in touch with them. They're fun people. From declan at eff.org Sat Dec 21 11:04:44 1996 From: declan at eff.org (Declan McCullagh) Date: Sat, 21 Dec 1996 11:04:44 -0800 (PST) Subject: The Ebonic Plague In-Reply-To: Message-ID: It was Hayek who wrote: "We have no intention, however, of making a fetish of democracy. It may well be true that our generation talks and thinks too much of democracy and too little of the values which it serves... Democracy is essentially a means, a utilitarian device for safeguarding internal peace and individual freedom. As such it is by no means infalliable or certain. Nor must we forget that there has often been much more cultural and spiritual freedom under an autocratic rule than under some democracies -- and it is at least conceivable that under the government of a very homogenous and doctrinare majority democractic government *might be as oppressive as the worst dictatorship.* [emphasis mine -DBM]." -Declan On Sat, 21 Dec 1996, Timothy C. May wrote: > > Democracy has run amok in this country. There is no hope for reforming at > the ballot box, as democracy only makes things worse. Only a crypto reign > of terror can purge this land of the scum. // declan at eff.org // I do not represent the EFF // declan at well.com // From markm at voicenet.com Sat Dec 21 11:58:53 1996 From: markm at voicenet.com (Mark M.) Date: Sat, 21 Dec 1996 11:58:53 -0800 (PST) Subject: Ebonics In-Reply-To: <199612211754.MAA04080@mercury.peganet.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 21 Dec 1996, Mark Rosen wrote: > There are several problems with your argument: > * You are making glaring generalizations regarding all members of an > ethnic body; you don't seem to realize that intellect is based not on color > or how you talk but on your brain (which has the same color and other basic > properties in all humans, I believe) That would be your generalization. Nowhere did anyone ever say that _all_ black people speak "Ebonics". I don't see why someone should hire someone if they can't even understand what that person is saying. Besides, I would suspect that a reasonably intelligent person would know how to speak correct English or at least make an attempt to do so. > * You are completely forgetting the other "non-English" group in America; > the so-called White Trash or heavy Southern accents, which are violate just > as many prissy and stuck up rules of grammar as Ebonics No mention was made of "White Trash". You're drawing an invalid conclusion. > * You don't have to speak ebonics. You also don't have to speak with a > Southern twang (or whatever the politically correct name for that is) One also shouldn't have to hire such people either. > I also think that you are forgetting about the human aspect of your > discrimination. For a second, put yourself in the place of a really smart > black guy applying for a job at Intel. He is overqualified for the job. You There is a logical correlation between intelligence and being able to follow English grammatical rules. > turn him down. Have you ever wondered what it does to a person to be turned > down not on the basis of their moral character or intellect but by their > skin? For someone to be told that they are stupid and are not competent to > do this job? You don't realize that you are crushing _human_ lives, people > who have feelings. If you would just put yourself in their place, you would > realize the hurt that your are inflicting. This has nothing to do with race. You are drawing another invalid conclusion. It has to do with dealing with people who will speak in a language that one can understand. English grammar is not simple, but an intelligent person would be able to at least grasp some of the basics of grammar and speak in a comprehensible language. > Out of curiousity, do you refuse from hiring people with Southern Accents? > Or people who have heavy "asian" accents? I'm very surprised that a smart > person like you, who believes in the power of strong cryptography, one of > the greatest equalizing forces in the world, actively discriminates against > other people who don't look or talk like you. Crypto will allow people to actively discriminate against whomever they wish. It will also allow those who would be discriminated against to protect information about themselves to prevent discrimination. I don't support discrimination based on race, but language is a completely different matter. P.S. Spelling and grammar flames will be ignored. Mark - -- finger -l for PGP key PGP encrypted mail prefered. 0xf9b22ba5 now revoked -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMrxCJyzIPc7jvyFpAQFm2gf/dqdYTicQskfQN2UVnBGs/BK5YD7+ylID gk25Ki5ccPq08VhGCcoMRifWiJB3vauX+0dbhAVu5wkEUW9n2hAgpK3r3nuFH7r2 MAvPmMlRb0ro4Kd2EKoUHiRL2jzeJd5ztmuVRkBJ9A6Sp74xxM1JmMZMIFSS042m GY4rMXpNL+Pg5u3DGLpXtFHJvber35tsEx1C5PTcLHhHnJF0bDCPE/i+wGM72kJ8 DpuVnnRHLT/vhm7nRoRIePvdXcYgkR5/1epQ9sefBn0eaQYCCqjtu26ASnhtPf6l RjWH8neB7vGUqf9yxOhLnKOdTK8tfuQzkbfizYoncdzsKFbd1NRdVQ== =F+mv -----END PGP SIGNATURE----- From mrosen at peganet.com Sat Dec 21 12:27:32 1996 From: mrosen at peganet.com (Mark Rosen) Date: Sat, 21 Dec 1996 12:27:32 -0800 (PST) Subject: Ebonics Message-ID: <199612212015.PAA09322@mercury.peganet.com> > > There are several problems with your argument: > > * You are making glaring generalizations regarding all members of an > > ethnic body; you don't seem to realize that intellect is based not on color > > or how you talk but on your brain (which has the same color and other basic > > properties in all humans, I believe) > > That would be your generalization. Nowhere did anyone ever say that _all_ > black people speak "Ebonics". I don't see why someone should hire someone if > they can't even understand what that person is saying. Besides, I would > suspect that a reasonably intelligent person would know how to speak correct > English or at least make an attempt to do so. Especially in the computer field, language is irrelevant; as long as someone can "speak" C++ or HTML, they're fine. > > * You are completely forgetting the other "non-English" group in America; > > the so-called White Trash or heavy Southern accents, which are violate just > > as many prissy and stuck up rules of grammar as Ebonics > > No mention was made of "White Trash". You're drawing an invalid conclusion. Yes, though your same discrimination rules apply to "White Trash." I want to see if your language discrimination applies only to black Ebonics or to the white Southern twang also. > > I also think that you are forgetting about the human aspect of your > > discrimination. For a second, put yourself in the place of a really smart > > black guy applying for a job at Intel. He is overqualified for the job. You > > There is a logical correlation between intelligence and being able to follow > English grammatical rules. Not really. America is an incredibly diverse place. There are parts of the country where correct English-speaking people are minorities; if you've grown up in one of these places, you'll speak the native dialect no matter how smart or stupid your are. > Crypto will allow people to actively discriminate against whomever they wish. > It will also allow those who would be discriminated against to protect > information about themselves to prevent discrimination. I don't support > discrimination based on race, but language is a completely different matter. Spoken language, which is what you're discriminating against is vastly different from typed language. Everyone types pretty much the same way but everyone speaks differently. People who speak in Ebonics or with a Southern twang often know the rules of grammar, as expressed in writing, but they do not speak "correctly" because they are not accustomed to doing so. > P.S. Spelling and grammar flames will be ignored. What?! How can you say this? According to your position, it is my right to flame you because, as a better grammarian and orthographer, I am more intelligent than you and you should know this. In fact, your viewpoint can be extrapolated to say that anyone who make a grammar or spelling mistake in any message should be thrown off the list becuase they are not intelligent. From blake at bcdev.com Sat Dec 21 12:56:28 1996 From: blake at bcdev.com (Blake Coverett) Date: Sat, 21 Dec 1996 12:56:28 -0800 (PST) Subject: Reflections on the Bernstein ruling Message-ID: <01BBEF57.7D139850@bcdev.com> Greg Broiles wrote: > In brief, Judge Patel ruled that Category XIII(b) (the category which > refers to cryptographic equipment/software) is unconstitutional because it > functions as a prior restraint upon speech without providing important > procedural safeguards which are required when a prior restraint scheme is > put into place. She ruled that the "technical data" provision of the ITAR > is also unconstitutional when it refers to technical data about Category > XIII(b) items because of the lack of procedural safeguards. I'm not even remotely a lawyer, but I have to disagree with the second sentence above. As I read it Judge Patel believes that the technical data provisions are also unconstitutional but can not rule that way because United States v. Edler, 579 F.2d 516 (9th Cir. 1978) is the law in the 9th circuit. The relevant quote is: While this court is inclined to agree, despite revisions to the ITAR since 1984 and especially in light of Freedman and FW/PBS, Edler remains the law of this Circuit and this court is bound by its holding.[13] Moreover, Edler was reaffirmed, albeit in cursory fashion, by the Ninth Circuit in 1989. United States v. Posey, 864 F.2d 1487, 1496 (9th Cir. 1989). If the Ninth-Circuit wants to reconsider those opinions it is free to do so, but that decision is theirs to make. Happily she does go on to say that because she has ruled that Category XIII(b) is unconstitutional that the technical data provisions for items relating to XIII(b) are unenforceable. regards, -Blake From omega at bigeasy.com Sat Dec 21 13:01:07 1996 From: omega at bigeasy.com (Omegaman) Date: Sat, 21 Dec 1996 13:01:07 -0800 (PST) Subject: Ebonics In-Reply-To: <199612211754.MAA04080@mercury.peganet.com> Message-ID: On Sat, 21 Dec 1996, Mark Rosen wrote: > * You are making glaring generalizations regarding all members of an > ethnic body; you don't seem to realize that intellect is based not on color > or how you talk but on your brain (which has the same color and other basic > properties in all humans, I believe) That's not what was said. He said he would not hire on the basis of a person's inability to speak the English language. That has nothing whatsoever to do with color. If you can't communicate with your co-workers, how can you expect to get any work done? > * You are completely forgetting the other "non-English" group in America; > the so-called White Trash or heavy Southern accents, which are violate just > as many prissy and stuck up rules of grammar as Ebonics (In my thickest Southern Accent) Fuck you. Speaking with an accent and speaking proper english are not mutually exclusive. Ebonics and like notions are an insult. > I also think that you are forgetting about the human aspect of your > discrimination. For a second, put yourself in the place of a really smart > black guy applying for a job at Intel. He is overqualified for the job. You > turn him down. Have you ever wondered what it does to a person to be turned > down not on the basis of their moral character or intellect but by their > skin? For someone to be told that they are stupid and are not competent to > do this job? You don't realize that you are crushing _human_ lives, people > who have feelings. If you would just put yourself in their place, you would > realize the hurt that your are inflicting. How did you get this out of the previous post? If the person is indeed overqualified, chances are he/she can and will speak English rather than (let's face it) slang in a job interview. > Out of curiousity, do you refuse from hiring people with Southern Accents? > Or people who have heavy "asian" accents? I'm very surprised that a smart > person like you, who believes in the power of strong cryptography, one of > the greatest equalizing forces in the world, actively discriminates against > other people who don't look or talk like you. As has been pointed out in the past, crypto and technology can also be used to enforce discriminatory practices. Take off your rosen colored glasses. Furthermore, there is a great difference between a heavy "asian" accent and ebonics. A person who struggles with the English language because it is not his native tongue, I respect. The notion that "black English" is a separate language is absurd. It is slang. me off to eat my grits and learn me sum perl. _______________________________________________________________ Omegaman PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send e-mail with "get key" in the "Subject:" field to get a copy of my public key _______________________________________________________________ From tcmay at got.net Sat Dec 21 13:13:03 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 21 Dec 1996 13:13:03 -0800 (PST) Subject: "the world is half women, even though they're not on the c-punkslist" In-Reply-To: <199612210144.SAA25029@infowest.com> Message-ID: At 10:20 AM -0800 12/21/96, Dale Thorn wrote: >Ya' know, guys, the world is half women, even though they're not on >the c-punks list. Get in touch with them. They're fun people. Ah, it's been a while since we had the "why aren't more women on the list?" discussion. Frankly, women are of course welcome. If the list interests them, they are welcome to subscribe. As it has always been. That so few women are subscribers, or remain subscribers, or attend Cypherpunks physical meetings....well, that's a larger issue involving familiar issues: - why are libertarian events so dominated by males? (in attendance, for example) - why do political extremist parties (Libertarian, Aryan Nations, JDL, KKK, Wobblies, etc.) tend to be more attractive to men in general? (While women are now well-integrated into the Democratic Party, and increasingly into the Republican Party, they are severely underrepresented in the various extremist and fringe parties noted above.) - why do men get a charge out of the thought of "seeing the walls come crashing down" as crypto methods undermine taxation, control of citizens, etc., while most women seem _disturbed_ by the implications? (I've explained crypto anarchy to many men and women over the past 6-8 years. I've seen the guy's get agitated, or bothered, but usually _interested_. I've seen eyes light up as they understand the likely implications of untraceable payments, anonymous communications, avoidance of Big Brother, etc. But with almost all women who've been exposed to this stuff, the reaction is negative, and one of disinterest. "Why would anyone want anarchy?" is a common question. Sociologists and psychologists could perhaps better explain why this is not a surprising reaction. I think it's why we seem to have at most a couple of active women subscribers at any given moment.) So, Dale, feel free to recruit more women to this and other lists. But don't presume from the traffic you see here--or from comments about the utter stupidity of little Jessica Dubroff, her pilot, her parents, and the complicitous news media--that we need a lecture on getting in touch with women. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dlv at bwalk.dm.com Sat Dec 21 13:20:29 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Dec 1996 13:20:29 -0800 (PST) Subject: Dale defends free society from the NSApunks (was Re: Encryption ? In-Reply-To: Message-ID: Graham-John Bullers writes: > Problem with sex? No, thank you, Graham. Stick you alt.2600.moderated (an even lamer forum than thew "cypher punks" mailing list, if you can imagine that). > > http://www.freenet.edmonton.ab.ca/~real/index.html > > : real at freenet.edmonton.ab.ca > Graham-John Bullers email > : ab756 at freenet.toronto.on.ca --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Dec 21 13:22:10 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Dec 1996 13:22:10 -0800 (PST) Subject: Slaughter In-Reply-To: Message-ID: Jeffrey A Nimmo writes: > On Sat, 21 Dec 1996, Carl Johnson wrote: > > > "They came for the Jews, and I wasn't a Jew, so I didn't speak up. > > They came for the National Socialists, and I wasn't a National Socialist, > > so I didn't speak up. Then they came for me. > > "And nobody spoke up." > > "They" came for the Jews AND the Nazis? Damn, they wanted to cover all > the bases didn't they? "They" being the "cypher punks", I presume? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Dec 21 14:00:21 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Dec 1996 14:00:21 -0800 (PST) Subject: Dale defends free society from the NSApunks In-Reply-To: <199612211514.HAA26831@mailmasher.com> Message-ID: nobody at huge.cajones.com (Huge Cajones Remailer) writes: > :Date: Fri, 20 Dec 1996 14:10:11 -0800 > :From: Rich Graves > > :Stop bashing Dale, you ADL/CFR/NSA thought police, you. > > I can recognize sarcasm! > > You're on the list! Yes, THE list! > > Yours from NSA. For those who don't know what kind of slimeball Rich Graves is: Rich Graves is a paranoid Jewhater who likes to harrass Jews by spamming inappropriate public forums with Holocaust flame bait. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Dec 21 14:02:01 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Dec 1996 14:02:01 -0800 (PST) Subject: Slaughter In-Reply-To: <32BC218C.1B92@gte.net> Message-ID: Dale Thorn writes: > > There is a quote I remember which struck me deeply when I heard it, > > but forgive me if it is not quite correct: > > "They came for the Jews, and I wasn't a Jew, so I didn't speak up. > > They came for the National Socialists, and I wasn't a National Socialist, > > so I didn't speak up. Then they came for me. "And nobody spoke up." Replacing trade unionists by national socialists? An interesting Freudian slip. > As I remember the quote, it ended something like "and they came for me, > but there was nobody left to speak up". > > [mo' snip] > > > "You will take my cryptography from me when you pry it from my > > cold, dead algorithms." Think about cryptography. > > We're all thinking about it. We just don't believe (naively) that just > because someone issues code that was designed 20 years ago, and which > the NSA can undoubtedly crack in a heartbeat, that that code can > necessarily protect us against all comers. > > There is a difference between principle and fact. You have the > principles exactly correct, but as to facts, you have to be eternally > vigilant, i.e., don't get too comfortable with PGP et al. The use of encryption in civilial life should as ubiquitous as it is in the military. The distance from weak crypto to strong crypto is much shorter than the distance from no crypto to some crypto deployed. Deployment of crypto takes a serious investment in the infrastructure (such as procedures and protocols for key distribution), but this investment can be recycled for the next, stronger, crypto. Instead of writing code, "cypher punks" verbally abuse anyone who's actually capable of writing code and proposing new programs and cryptoschemes to supplant or complement the short list of "cypher punks"-approved apps - recall Don Wood, literally drowned in obscenities by Paul Bradley. Instead of encouraging the deployment of crypto, "cypher punks" whine about the export controls - the circle jerk practices by the punks and their friends in USG designed to make each other feel important. But in reality neither punks nor the export controls are relevant. Copyright and libel laws are irrelevant on the Internet. Child porn is punishable hardeer than strong crypto, yet there are tons of it on Usenet. USG and other governments are irrelevant. So are the punks who battle them instead of deploying crypto. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From blancw at cnw.com Sat Dec 21 14:31:08 1996 From: blancw at cnw.com (blanc) Date: Sat, 21 Dec 1996 14:31:08 -0800 (PST) Subject: The Ebonic Plague Message-ID: <01BBEF4B.F9E5E740@king1-05.cnw.com> From: Timothy C. May Democracy has run amok in this country. There is no hope for reforming at the ballot box, as democracy only makes things worse. Only a crypto reign of terror can purge this land of the scum. ...................................................... Just how would this take shape in "real life" - what would constitute this reign of terror; how do you envision such an event in action? And which are the scum who would be purged? .. Blanc From chuck at nova1.net Sat Dec 21 14:59:30 1996 From: chuck at nova1.net (Chuck) Date: Sat, 21 Dec 1996 14:59:30 -0800 (PST) Subject: EBONIC.ORG Message-ID: <1.5.4.32.19961221215040.006cb3d4@mail.nova1.net> Lets stop complaining and do something to promote dialectic harmony. How about an online Ebonics/English dictionary? Yesterday, I acquired the domain for this purpose (ebonics.org and com were already assigned). In the spirit of inter-dialectic cooperation, I hereby offer it for use as an online dictionary. This is, of course, a time-consuming effort to both design and maintain, so offers of help will be greatly appreciated. It seems to me that a guestbook-type function might be the best way to allow interested parties to add words, their definitions and pronunciation guides to the dictionary. What do you think? We might want to consider an opportunity for illustrations too. It seems to me that many of the Ebonics expressions I've heard are emphasized through the use of gestures - often with multiple digits pointing in various directions. In order not to be seen as uncaring, I think it would be nice to ask the Oakland School District to help. After all, if anyone should know the dialect, it would be them. Of course, this will be an ongoing effort, considering that the dialect will change with each new malapropism spouted by some thirteen-year-old rap star with a learning disability. Lets be clear about this. It will certainly be in the best interest of every American citizen to understand Ebonics. Had this issue been raised prior to the last election, my guess is that we would have all heard Clinton campaigning in Ebonics. Without an understanding of Ebonics, or a translator, we might not have been able to understand him. Think of what we would have missed! And that's not all. Suppose that while stopped at a traffic light, an Ebonics speaker approaches your car to ask to borrow it. He says something on the order of "gheeowtdakamuthafucka!". You respond with "say what?". Bingo, what we got here is a failure to communicate. The next thing you know, you're shouting at each other. Pretty soon, shots are fired and a crowd gathers around your car. The car begins to rock, glass begins to break. You are arrested for leaving the scene of an accident and for violating the civil rights of the Ebonics speaker. All because you didn't take the time to understand his language. Having an unabridged Ebonics/English Dictionary available on the net could help to save untold numbers of people from having such an experience. I hope the site will be up in a week or so, in the meantime, you may communicate via the list or directly to me at . Remember, we be needin yo hep. From jya at pipeline.com Sat Dec 21 15:09:08 1996 From: jya at pipeline.com (John Young) Date: Sat, 21 Dec 1996 15:09:08 -0800 (PST) Subject: The Ebonic Plague Message-ID: <1.5.4.32.19961221230514.006bf3e4@pop.pipeline.com> From: Timothy C. May Democracy has run amok in this country. There is no hope for reforming at the ballot box, as democracy only makes things worse. Only a crypto reign of terror can purge this land of the scum. ...................................................... From: Blanc Just how would this take shape in "real life" - what would constitute this reign of terror; how do you envision such an event in action? And which are the scum who would be purged? ...................................................... Follow precedents of the anarchist tradition: Name a target, build a bomb, light a fuse, heave it, run like hell -- into manacles of the provocateur's payers, then to gallows. Wait a generation, repeat. From mjmiski at execpc.com Sat Dec 21 15:50:49 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Sat, 21 Dec 1996 15:50:49 -0800 (PST) Subject: Ebonics Message-ID: <3.0.32.19961221174943.006b95c0@mail.execpc.com> -----BEGIN PGP SIGNED MESSAGE----- At 08:01 PM 12/20/96 -0800, Timothy C. May wrote: >Yeah, Matt, in a free society I wouldn't have to "speak Ebonics." > Are you talking about the School Board requirements? Are you still in High School, Tim? ;-) I have never heard you speak of children, so you might have a valid complaint if you have them in public schools (although home schooling is still an option). [Tim's Critique of currently failing attempts at social justice elided] I realize you dont agree with the tactics of some black leaders in this country, but I dont understand why you have this need to cloak your arguments in such antagonizing language. You, of course, are free to do so, I just find it counter-productive albeit sometimes humourous. Matt -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMrx3kbpijqL8wiT1AQE8MgP/dQIEwHGQJK68+dXjTD1Tfpc+ll/cRw59 h8bidDczb0eTqcE9SliY+3D+0eUx4OcYOR3HsKcEQjFl5vgVpUeqaywpnh9clHBU QOLLqCpGw1plNzqjzZNc7e0SsCvVudpv93jDJdPInF/MHELxflhAJ32DRfIyt90Q ry0EvNMfAnc= =00J2 -----END PGP SIGNATURE----- From tcmay at got.net Sat Dec 21 15:54:07 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 21 Dec 1996 15:54:07 -0800 (PST) Subject: The Ebonic Plague In-Reply-To: <01BBEF4B.F9E5E740@king1-05.cnw.com> Message-ID: At 2:31 PM -0800 12/21/96, blanc wrote: >From: Timothy C. May > >Democracy has run amok in this country. There is no hope for reforming at >the ballot box, as democracy only makes things worse. Only a crypto reign >of terror can purge this land of the scum. >...................................................... > > >Just how would this take shape in "real life" - what would constitute this >reign of terror; how do you envision such an event in action? > >And which are the scum who would be purged? The answer is implicit in many of my hundreds of posts. As to the scum who need purging: welfare recipients, both personal and corporate, government employees at all levels, and so on. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Sat Dec 21 16:00:53 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 21 Dec 1996 16:00:53 -0800 (PST) Subject: Ebonics In-Reply-To: <3.0.32.19961221174943.006b95c0@mail.execpc.com> Message-ID: At 5:49 PM -0600 12/21/96, Matthew J. Miszewski wrote: >Are you talking about the School Board requirements? Are you still in High >School, Tim? ;-) I have never heard you speak of children, so you might >have a valid complaint if you have them in public schools (although home >schooling is still an option). The principle is of interest to even those without schoolaged children! Neither having schoolaged children nor living in the Oakland Public School System district is a necessary condition for commenting on the foolishness of "Ebonics" and other such scams. Only the most naive of commentators says things like "If your children were not cannibalized by Jeffrey Dahmer, why do you feel the need to comment on Dahmer?" (Sorry, Matthew, but I'm losing any remaining respect for your rhetorical skills. I used to think we just disagreed politically, now I see more is involved.) >I realize you dont agree with the tactics of some black leaders in this >country, but I dont understand why you have this need to cloak your >arguments in such antagonizing language. You, of course, are free to do >so, I just find it counter-productive albeit sometimes humourous. I was speaking of "Ebonics." That many "black leaders" support so transparent a scam and backward step is a separate issue, though, I confess, not an unexpected one. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From mjmiski at execpc.com Sat Dec 21 16:07:24 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Sat, 21 Dec 1996 16:07:24 -0800 (PST) Subject: Ebonics Message-ID: <3.0.32.19961221180621.006965f0@mail.execpc.com> -----BEGIN PGP SIGNED MESSAGE----- At 03:02 PM 12/21/96 -0500, Mark M. wrote: [snip] >There is a logical correlation between intelligence and being able to follow >English grammatical rules. Why is it that personal freedom, sometimes expressed by choice of dialect or language, seemingly has such arbitrary limits? Many on the list complain that they are subject to too many rules, and yet, seem to chime in on multi-linugual issues in this way. Crypto angle, here? Much of Ebonics has been based upon a need or desire to communicate in a private way. "5-0" was initiated as a way to communicate the presence of a police officer. Surely, we are not arguing against the development of a low-level way to scramble language. Or in fact, are you arguing that attempts to curtail the police should *not* be encouraged? This seems odd coming from some members of the list (Collapse of Governments and all) ;-). Matt -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMrx7eLpijqL8wiT1AQGfmAQAnwxX/ks/LmKIrvSZi1q7PfjlU3n+/rob 05JSMNl8Qg5sj7Xsd/mdxvVwIUWd3mzz3PCyr1CKSDNVsE9miSYwnIoWCRkxOzle dJUdEAACFX5csk/rpGMWTBpxyucmPfSugt9o6bikVWAP7Gh6YSIJobvQh6KvLMEQ XhZErmf1vHk= =azuR -----END PGP SIGNATURE----- From lucifer at dhp.com Sat Dec 21 16:14:41 1996 From: lucifer at dhp.com (Anonymous) Date: Sat, 21 Dec 1996 16:14:41 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: <199612220014.TAA18204@dhp.com> > The trouble with these f*&%^*&%^* do-gooder programs is that they > miss the point. How are you going to teach anything using improvised > dialect? It's just insane. Guys, I think you are missing the point. Even the people who approved this know the bilingual education stuff is a crock. It's just a way of getting more money for Oakland's impoverished public schools, so that they can do a better job of actually teaching these students proper English. No one is proposing teaching literature classes on Ebonic texts or anything like that. Now, you might argue that districts with low property tax revenues don't deserve public schools, or that those public schools should be openbly funded without playing strange games with bilingual education. However, there's no point in arguing they shouldn't teach Ebonic as no one intends to teach it. From minow at apple.com Sat Dec 21 16:20:32 1996 From: minow at apple.com (Martin Minow) Date: Sat, 21 Dec 1996 16:20:32 -0800 (PST) Subject: The Ebonic Plague In-Reply-To: <199612210710.XAA23943@netcom16.netcom.com> Message-ID: Two minor points: First, Ebonics (Black English) is grammatical, but its grammar differs from that of standard American English. Second, from what I heard on the news, Oakland wants to call it a separate language because they discovered that they got better results teaching standard English to Black students if they used secondary language techniques, as opposed to treating Black English constructions as "wrong" or "inferior." Martin Minow minow at apple.com From nelson at media.mit.edu Sat Dec 21 16:34:07 1996 From: nelson at media.mit.edu (Nelson Minar) Date: Sat, 21 Dec 1996 16:34:07 -0800 (PST) Subject: Running code on a machine you don't trust (was Re: Executing Encrypted Code) In-Reply-To: Message-ID: ph at netcom.com (Peter Hendrickson) writes: > At the last meeting references were made to processors which only > execute encrypted code. Decryption occurs on chip. > If each chip has a unique public/secret key pair, and executes > authenticated code only, there are some interesting implications. Yes, interesting indeed. It would also partially solve a problem I've been thinking about: how can I safely run code on a machine that I don't trust? I'm working on some mobile agent / distributed computation research. The basic model is that I send an agent to a server (say, a Java interpreter) running somewhere. A lot has been written about security, how to protect the server from malicious agents. But what about protecting agents from malicious servers? Possible threat models include servers that steal an agent's propietary code and data or servers that deliberately misexecute the agent's code. The latter threat model is under serious consideration with the distributed DES cracking project that's being designed now. The ultimate solution is trusted hardware on the server end. I think, for a variety of reasons, this is really unlikely to be widly deployed. But bringing the trusted hardware needed down to just a black-box CPU that decrypts on the fly is a neat idea. Other ideas include obfuscating code (protects against theft), splitting up your computation across multiple machines (spread the risk of theft), independently verify the results of remote comptuations (protects from spoofing), or build some reputation mechanism for servers (so bad guys are identified). None of these solutions is very satisfying. I suspect that really guaranteeing safety to mobile agents is impossible, or at least very difficult, without trusted hardware. But I'm not 100% sure. There are some interesting notes in Applied Crypto 2nd about performing computations on encrypted data (p.540). These algorithms seem to be of very limited application. Or are they? If anyone has any thoughts on this issue, I'd love to hear them. If you send to cypherpunks, please also mail me privately as I'm going offline for a few days.. From tcmay at got.net Sat Dec 21 16:54:53 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 21 Dec 1996 16:54:53 -0800 (PST) Subject: Ebonics In-Reply-To: <3.0.32.19961221180621.006965f0@mail.execpc.com> Message-ID: At 6:06 PM -0600 12/21/96, Matthew J. Miszewski wrote: >Why is it that personal freedom, sometimes expressed by choice of dialect >or language, seemingly has such arbitrary limits? Many on the list >complain that they are subject to too many rules, and yet, seem to chime in >on multi-linugual issues in this way. You're confusing issues. As with similar confusions about "right to work" (where the putative conflict is between Alice's right to hire whom she chooses and Bob's putative "right to a job"), the confusion lies in what one calls a right. No one is disputing the "right" of anyone to speak in any language he or she chooses. What the bulk of persons who have heard of the "Ebonics" story in the last few days are doing is ridiculing it, satirizing it, shaking their heads, and noting the backward steps it represents for so-called "peeples of color." Oh, and there's of course an undercurrent of "Why should taxpayers pay for "Ebonics"?," which is hardly surprising, given that we also complain about funding for lots of wasteful programs. Finally, a civil libertarian would understand that any person and any employer has the property right to not hire those he does not wish to hire. (I speak in terms of basic rights, however one thinks they derive, not current Kalifornia or Federal law, such as the Title VII nonsense or the various racial quotas.) In short, any person may speak in any language he or she wishes. I don't have to accomodate this person, either personally or in my business. As to _government publications_, I think this problem is solved by anarchy. Short of anarchy, I don't see how any government larger than a truly tiny core set can possibly pubish official documents, ballots, traffic signs, driver's license tests, and so on, in the several dozen languages that the basic brown types are now clamoring for. I say fuck 'em. >Crypto angle, here? Much of Ebonics has been based upon a need or desire >to communicate in a private way. "5-0" was initiated as a way to >communicate the presence of a police officer. Surely, we are not arguing >against the development of a low-level way to scramble language. Or in >fact, are you arguing that attempts to curtail the police should *not* be >encouraged? This seems odd coming from some members of the list (Collapse >of Governments and all) ;-). And just where did anyone in any of these posts call for outlawing any particular language, pidgin, slang, creole, jive, or invented lingo? Really, Matt, go back to Rhetoric 101 and learn how to argue. (Where is "Logos" these days?) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From foodie at netcom.com Sat Dec 21 17:04:56 1996 From: foodie at netcom.com (Jamie Lawrence) Date: Sat, 21 Dec 1996 17:04:56 -0800 (PST) Subject: Ebonics In-Reply-To: <3.0.32.19961221180621.006965f0@mail.execpc.com> Message-ID: Matt, Are you honestly arguing that a system of communication acknoledged and taught in a public school is satisfying a 'need or desire to communicate in a private way"? Or that Ebonics has anything to do with communicating in the presence of a police officer? Or that either of the above has anything to do with crypto? If so, then I think you've said more than enough. -j, who would like to note that nothing about my viewpoint on Ebonics has been stated in this message. At 6:06 PM -0600 on 12/21/96, Matthew J. Miszewski wrote: > Crypto angle, here? Much of Ebonics has been based upon a need or desire > to communicate in a private way. "5-0" was initiated as a way to > communicate the presence of a police officer. Surely, we are not arguing > against the development of a low-level way to scramble language. Or in > fact, are you arguing that attempts to curtail the police should *not* be > encouraged? This seems odd coming from some members of the list (Collapse > of Governments and all) ;-). > > Matt -- "I'm about to, or I am going to, die. Either expression is used." - Last words of Dominique Bouhours, Grammarian, 1702 ____________________________________________________________________ Jamie Lawrence foodie at netcom.com From frantz at netcom.com Sat Dec 21 17:11:48 1996 From: frantz at netcom.com (Bill Frantz) Date: Sat, 21 Dec 1996 17:11:48 -0800 (PST) Subject: Executing Encrypted Code In-Reply-To: <199612210614.BAA25984@istar.ca> Message-ID: Let me try to sketch a design for an Encrypted Code Computer (ECC). I will start with what has become the standard architecture for Personal Computers/Workstations. That is: (1) One or more CPU chips, each of which includes a RISC core, memory management, and L1 cache. (2) A L2 cache memory chip. (3) A main memory bus which either includes an I/O bus or, (4) A separate I/O bus. If we decrypt the code on the disk, we gain almost no piracy protection over current systems, so we must decrypt somewhere in the memory hierarchy. If we decrypt on the main memory bus, then it will be easy to add bus snooping hardware to catch the unencrypted program as it is accessed. While average computer user may not do this, the foreign pirates certainly will. Basically the same argument applies to decrypting in the L2 cache, since it will be easy to sample the signals between the L2 cache and the CPU. That leaves us with decrypting in the CPU. Most CPU chips have separate instruction and data L1 caches. If we assume separate caches for our system, it becomes logical to decrypt the code as we load it into the L1 cache. If we assume that we are using public key cryptography to protect the programs, where the CPU chip has the only copy of the secret key, then we have to solve the following problems: (1) We have to decrypt each code line in a few cycles or the system's performance will be much worse that a similar system without encryption. (2) We must decrypt cache lines accessed in a basically random manner. Point (1) means we probably want to encrypt the code with a symmetric cypher and then encrypt the symmetric key with the CPU's public key. There will need to be a way of telling the CPU, "Here's a new encrypted symmetric key for code." To avoid having to do a public key decryption on every process/program switch, the CPU will need a cache of symmetric keys, and the OS will have to tell it which key-cache entry to use at any point during execution of the program. There will have to be a way to automatically change the key when servicing an interrupt. Point (2) means we can't use any of the really good encryption modes, and are pretty much limited to ECB like modes. If we use straight ECB mode, then our program becomes subject to a number of cypher-text only attacks. If we can arrange our software system so code always executes at a constant virtual address we can reduce these attacks by salting the code cache blocks with the virtual address. However, constant virtual addresses make DLLs somewhat difficult. Given this design, we need a symmetric cypher which can be decrypted with a logic array shallower than about 100 gates (which works out to about 5 clock cycles). We are still going to pay a performance penalty because we are adding clocks to a critical performance path, but perhaps we can get Steve Jobs to sell it to the masses :-). We still have a major problem if we want a multiprocessor system. How do we migrate threads between processors? It seems that we need to have the same key on all processors (or license and keep in memory multiple copies of the code). If we allow the keys off-chip, then recovering them becomes much easier. If we keep them on-chip, then the CPU manufacturer needs to build CPU chips which share a secret key, with all the attendant inventory problems etc. (And, if I can move the CPU chips to different systems, then I can run a single key of the software on multiple systems.) ------------------------------------------------------------------------- Bill Frantz | I still read when I should | Periwinkle -- Consulting (408)356-8506 | be doing something else. | 16345 Englewood Ave. frantz at netcom.com | It's a vice. - R. Heinlein | Los Gatos, CA 95032, USA From markm at voicenet.com Sat Dec 21 17:26:42 1996 From: markm at voicenet.com (Mark M.) Date: Sat, 21 Dec 1996 17:26:42 -0800 (PST) Subject: Ebonics In-Reply-To: <3.0.32.19961221180621.006965f0@mail.execpc.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 21 Dec 1996, Matthew J. Miszewski wrote: > Why is it that personal freedom, sometimes expressed by choice of dialect > or language, seemingly has such arbitrary limits? Many on the list > complain that they are subject to too many rules, and yet, seem to chime in > on multi-linugual issues in this way. I never said that the government should force people to speak a certain language. You are missing the main point: How do you expect to communicate with an employee who can't speak any language that you can understand? It's not arbitrary at all. In fact, it's rather simple. Mark - -- finger -l for PGP key PGP encrypted mail prefered. 0xf9b22ba5 now revoked -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMryPECzIPc7jvyFpAQFLJwgAw2Y64kvmBQdVPQY4DUsf36iKEd2ZqgbU n+TCETMfG79hzJ1DgtvuLHhaOeKqQv2pLalLK6y//DVEllk/25f/iv+YQRb/RgD5 lpHw3CV8ZAgUk8563VK9V3x7sKv6D0wXYGdgUln9DnYnIYKebdhEWgDj19tuy96x j2FL0OGa0sLqx2lazaCATSLQtHqFARqGTKUTib0bpQj3Qougz929xmWjVhRTWVlD qFFI3QCy7g934uwk+LRhmVgOuCk4u3/Tg8ZAZYbPKT05Tibsbeazd7NnJnT0b3aG /0FrDKPDXQQo4wFY4Bd93jdp2kvXiHCggC5bQsazG9vvFM3igMBpwA== =ZG97 -----END PGP SIGNATURE----- From drose at AZStarNet.com Sat Dec 21 17:26:46 1996 From: drose at AZStarNet.com (drose at AZStarNet.com) Date: Sat, 21 Dec 1996 17:26:46 -0800 (PST) Subject: Ebonics Message-ID: <199612220126.SAA20072@web.azstarnet.com> Matthew J. Miszewski writes: >Why is it that personal freedom, sometimes expressed by choice of dialect >or language, seemingly has such arbitrary limits? Many on the list >complain that they are subject to too many rules, and yet, seem to chime in >on multi-linugual issues in this way. Mr. Miszewski: As an attorney, you may be acquainted with the concept of "reasonableness." I can certainly express my personal freedom by passing wind at home (subject only to the possibly vociferous objections of my family). Were I to fart in church or in a board meeting, that would be a horse of a different color, nicht wahr? From proff at suburbia.net Sat Dec 21 17:41:18 1996 From: proff at suburbia.net (proff at suburbia.net) Date: Sat, 21 Dec 1996 17:41:18 -0800 (PST) Subject: The Ebonic Plague In-Reply-To: Message-ID: <19961222014014.13259.qmail@suburbia.net> > >Just how would this take shape in "real life" - what would constitute this > >reign of terror; how do you envision such an event in action? > > > >And which are the scum who would be purged? > > The answer is implicit in many of my hundreds of posts. > > As to the scum who need purging: welfare recipients, both personal and > corporate, government employees at all levels, and so on. > > --Tim May Strange how you move closer to the mentality of Vulis every day. From tcmay at got.net Sat Dec 21 18:35:25 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 21 Dec 1996 18:35:25 -0800 (PST) Subject: Executing Encrypted Code In-Reply-To: <199612210614.BAA25984@istar.ca> Message-ID: At 5:14 PM -0800 12/21/96, Bill Frantz wrote: >Let me try to sketch a design for an Encrypted Code Computer (ECC). > >I will start with what has become the standard architecture for Personal >Computers/Workstations. That is: > >(1) One or more CPU chips, each of which includes a RISC core, memory >management, and L1 cache. >(2) A L2 cache memory chip. >(3) A main memory bus which either includes an I/O bus or, >(4) A separate I/O bus. A useful thing to bear in mind is that there already exists such an "Encrypted Code Computer," though it is not usually thought of that way. Namely, a satellite t.v. decoder (or set top box). Instead of taking in bits from a floppy disk or whatever and decrypting so as to allow the software to be run, it takes in bits from a satellite dish receiver, descrambles the data, and "executes" the resulting bitstream (in the most common case, displaying a t.v. picture). Whether the decryption or descrambling takes place on a specific chip or in a system comprised of several chips is almost immaterial, except for linear factors of complexity in defeating the copy protection/tamper resistance measures. (Notably, epoxy gunked over the PALs or microprocessors doing the "VideoCipher II" or "Hendrickson" unscrambling, or special measures at the chip level.) The issue of tamper-resistance in chips has come up half a dozen times on this list; the archives should have a bunch of longer articles on this, including mine. As it happens, I started Intel's lab which did electron beam testing of microprocessors, and worked on various aspects of the tamper-resistance issue. Basically, it's hard to stop a determined attacker. (The motivation for a satellite box attacker is more than one might think...it isn't just getting one set of channels for free, it's about making N instances of an account that's been paid for, so all of these N instances will look exactly like the box for which payments are carefully made so as to ensure continued coverage. This is called "cloning." I submit it's exactly analogous to defeating the Hendrickson-proposed copy protection scheme.) >That leaves us with decrypting in the CPU. Most CPU chips have separate >instruction and data L1 caches. If we assume separate caches for our >system, it becomes logical to decrypt the code as we load it into the L1 >cache. If we assume that we are using public key cryptography to protect >the programs, where the CPU chip has the only copy of the secret key, then >we have to solve the following problems: And don't forget that internal nodes of microproceessors can be "tapped" with an electron beam voltage contrast system. Some steps can make this much harder, but the principle is still that internal states are capturable. And of course the various "shake and bake" methods so much in the news lately. (Such methods originally developed for the satellite box cloners, interestingly enough.) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From blancw at cnw.com Sat Dec 21 19:07:53 1996 From: blancw at cnw.com (blanc) Date: Sat, 21 Dec 1996 19:07:53 -0800 (PST) Subject: some clarification of jurisdiction in Berstein (long) Message-ID: <01BBEF72.8B760B60@king1-05.cnw.com> From: attila The DOJ is not interested in either justice or the Bill of Rights. Federal attorneys are striving for high conviction rates, like Vietnam body counts --and are enforcing the policies of the administration, not the courts, the constitution, or the people. ........................................................... (I just read this message, even though Attila posted it this past Thursday.) I wanted to comment that it was a quite interesting post, because it deals with elements of courts and law which really baffle me - all the talk about which District Court stated this, and whether this will apply only in Northern California, and whether Judge Patel's ruling will be observed elsewhere or appealed to a higher court - I think to myself, sheesh, this is like being in a maze and trying to find the way out: If you go through this corridor, will you be on the straight path out, or is there perhaps a dead end around to the left of that edge up ahead, so maybe you should instead try going around that wall on the right? And how do you know how close you are to the exit? How do you know you aren't on a circuitous path going around & around, going nowhere? There are so many detailed decisions, so many objections, such meticulous, scrupulous study of every word & potential meaning therein, and all the judicious players appear so knowledgeable of what is or could not be valid, what is or could not be moral and therefore supportable, of which decision made by which judge on what year relating to what number on a document this all relates back to. It appears that there is a reason for the extreme concern for propriety and the extreme complexity in the assessment of it in a courtroom, in courtroom after level of courtroom. It appears that judges and lawyers and courts are deeply concerned about life proceeding in a moral way, and that they would play the role of catching it from degrading into corruption, affecting the quality of life in the US. Yet if the individual whose actions are in questions goes to jail, the atmosphere of intelligence or mental ability suddenly disappears, the delicacy towards morality and quality of behavior cuts off and there is no similar meticulous examination the institution wherein they are incarcerated, to continue ensuring that all processes there are aligned in the direction of goodness. Therefore what was it all for? If the quality of Truth and Morality is being saved from corruption by these Judges of Law, then why is one person's decision valid only in North California, but not as soon as one travels south (what's the boundary line for "North" California)? Or why does it "hold" in that state, but not anywhere else on the continent? I always think in the same terms used in the Constitution - about human nature and other such categories of thought. Not about where that human nature happens to be residing at any particular time, but what it is per se, and what is or is not right for it per se, regardless of whether it is in North or South Rhode Island. In terms of governmental roles, I'm aghast that they relate their judgements back to each other rather than back to principles. Because this means that, in the end, we are subordinate to the reasoning of some appointed individual, and subject to the lucidity of their mind at the particular moment that we come to their attention, as during a dispute regarding the publication of source code. We could never refer back to valid principles of thought or the Laws of Nature in determing what is right or what not to do, because overriding those considerations would be the calculations of some public overseer. I realize that not all lawyers & judges are this way, but it is still very unsettling to realize just how superficial is the 'honor' which accrues to them. Thanks for the elaboration on this, Attila. .. Blanc From dthorn at gte.net Sat Dec 21 19:34:56 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 21 Dec 1996 19:34:56 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: <32BCA854.5FF7@gte.net> Mark M. wrote: > On Sat, 21 Dec 1996, Mark Rosen wrote: > > There are several problems with your argument:[snippo] > > * You are completely forgetting the other "non-English" group in America; > > the so-called White Trash or heavy Southern accents, which are violate just > > as many prissy and stuck up rules of grammar as Ebonics > > * You don't have to speak ebonics. You also don't have to speak with a > > Southern twang (or whatever the politically correct name for that is) Just saying someone has a Southern "accent" is prejudicial and ignorant. It's true that anyone, Southern or otherwise, can slur words so they're not clear, but on averages, Southerners who speak clearly with their native inflections and pronunciations are easier to understand than your typical Yankees, whose speech is generally thin, nasal and rather pinched- sounding. People talked about hate in the South in the 1960's. What a crock. Apartheid, sure, no doubt about that. But hate, well, I grew up in the North and I lived for a few years in the deep South, and the people in the South don't hate like the Yankees do, on average. If you want to see how hate works, look how the big-media organizations have descended on Southern radio and TV and have been telling them that they speak wrongly, and that Southern "accents" are something to be ashamed of. There's a story about the Confederate officer who, following the War For Southern Independence (not a true Civil War BTW), walked up the steps of the veterans' club and saw a Union man sitting with a tin cup, looking absolutely miserable with all sorts of injuries, etc. The Southern man tossed a dollar into the cup, at which point the astonished Union soldier exclaimed "thank you, sir". The next week at the club, the same thing happened, and the soldier asked "Excuse me sir, but why would a Southern officer such as yourself be showing so much sympathy to a Union man like myself?" To which the Southern officer replied "Actually it's not that, it's just that you're the first Yankee I've seen that's been shot up to my specifications". From dthorn at gte.net Sat Dec 21 19:36:39 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 21 Dec 1996 19:36:39 -0800 (PST) Subject: "the world is half women, even though they're not on the c-punks list" In-Reply-To: <199612210144.SAA25029@infowest.com> Message-ID: <32BCAB5C.3682@gte.net> Timothy C. May wrote: > At 10:20 AM -0800 12/21/96, Dale Thorn wrote: > >Ya' know, guys, the world is half women, even though they're not on > >the c-punks list. Get in touch with them. They're fun people. > Ah, it's been a while since we had the "why aren't more women on the list?" > discussion. > Frankly, women are of course welcome. If the list interests them, they are > welcome to subscribe. As it has always been. > So, Dale, feel free to recruit more women to this and other lists. But > don't presume from the traffic you see here--or from comments about the > utter stupidity of little Jessica Dubroff, her pilot, her parents, and the > complicitous news media--that we need a lecture on getting in touch with > women. All of this is valid (for argument's sake) except "the stupidity of little Jessica". She was doing well for a 7-year-old, and I was quite proud of her. The morons who were flying that plane near weight capacity at lower altitudes should have been shot for that alone, never mind trying that at the altitude where they "bought the farm". What happened to Jessica because of the selfish, greedy adults who were involved actually gives weight to the parental licensing plan, yes? (Ouch) From jamie at comet.net Sat Dec 21 19:59:30 1996 From: jamie at comet.net (jamie dyer) Date: Sat, 21 Dec 1996 19:59:30 -0800 (PST) Subject: EBONIC.ORG In-Reply-To: <1.5.4.32.19961221215040.006cb3d4@mail.nova1.net> Message-ID: FITTYSEN = Four bits. Half a dollar. FLO = The thing a rug is laid upon. BODE = Can be a two-by-four or any other measure of lumber. DUNDUN = A statement of completion. "I dundun it." SAYLAY = A 24 hour store. Most neighborhoods have one. BITCH = Female companion. Wife. Mother. Whore. You. Me. Best Friend. jamie ------------------------------------------------------------------------------ jamie at comet.net | Comet.Net | Send empty message | Charlottesville, Va. | to pgpkey at comet.net | (804)295-2407 | for pgp public key. | http://www.comet.net | "When buying and selling are controlled by legislation, the first things to be bought and sold are legislators" -P.J. O'Rourke. ------------------------------------------------------------------------------ From jimbell at pacifier.com Sat Dec 21 20:02:16 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 21 Dec 1996 20:02:16 -0800 (PST) Subject: Credentials without Identity--Race Bits Message-ID: <199612220402.UAA16132@mail.pacifier.com> At 10:50 PM 12/20/96 -0800, Bill Stewart wrote: >At least they weren't doing most of this paranoia when I visited my >sister earlier this summer, bringing a couple pounds of Silly Putty >in my luggage as presents for her kids, packed near the alarm clock.... ># Thanks; Bill For years, Radio Shack has sold an indoor/outdoor thermometer with max/min temperature function. Going on a long trip and carrying a 5-pound loaf of cheese? Stick the outdoor thermo pickup in the cheese before you depart, to ensure that it wasn't exposed to damaging temperature excursions! I'm sure this looks wonderful on an X-ray. Jim Bell jimbell at pacifier.com From tcmay at got.net Sat Dec 21 20:25:46 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 21 Dec 1996 20:25:46 -0800 (PST) Subject: Untraceable Payments, Extortion, and Other Bad Things Message-ID: I've noticed a few references in the press, and maybe on this list, to the idea that because some bad things may be done with untraceable payments (true Chaumian digicash, not the watered down version offering only one-sided untraceability), that governments will "not allow" such untraceable payments. This won't work. So long as there is at least *one* such service, anywhere in the world.... I'll explain. A few definitions: "Bad things" are the uses to which strong crypto, anonymous systems, information markets, untraceable payments, etc., may be put to commit various crimes and dastardly acts. For example, untraceable payments for untraceable contract assassinations (thus removing the primary means by which such contractors are caught, the arrangements to begin with and the payments). Or, espionage in which the spy transfers information digitally via a "digital dead drop," eliminating the need for a physical contact point (an obvious vulnerability, as recent cases have shown) and also allowing efficient payment via untraceable funds transfers. And extortion. Extortion is an interesting example to focus on. "Pay $25,000 or the following action will occur." A bomb, a virus, release of secrets, etc. Blackmail is of course a form of extortion, as is kidnapping. The acts involving *physical* actions will of course be less affected by crypto advances than will purely information-domain acts, e.g., where secrets will be released unless a payment is made. Physical acts have a nexus of detection at the act itself, the kidnapping, the bomb-planting, etc. (Though often the original act is very hard to protect against, and traditionally it has been the payoff that has been the nexus for catching the perpetrator...with untraceable payments, kidnapping becomes less dangerous for the kidnapper, especially if he kills his victim...I surmise that new technology, such as cameras and wireless Net video calls will be used increasingly to provide the payer of a ransom increased assurance that the victim was still alive at the time the transfer was made...the video call could even go through remailers, if the frame rate was drastically reduced or if PipeNet comes into existence.) But I'll focus on simple extortion, with no complications of physical, meatspace actions. Pure cyberspace. "Untraceable payments" refer to payer- and payee-untraceable Chaum-style cash. Although for the discussions here of extortion, payee-untraceable (the person being paid would not be traceable is my sense of this term) digital cash would be sufficient; that the payment originated from XYZ Corporation or some account at the Bank of Albania would not stop the acts. Chaum has in recent years attempted (I have to presume) to take the "edge" of fully-intraceable digital cash by making it only partly untraceable. Many of us hypothesized that "mixes" (as in remailers) could be used to fully-untraceabalize (?) even partly-traceable systems. I recall Lucky Green, Hal Finney, and others in such discussions. "Banks" were proposed to do this. Recently, Ian Goldberg claims to have a system which formally accomplishes this. (Keep in mind my original claim, that all it takes is _one_ such system...) Now suppose that the U.S. Government formally and officially and with actual enforcement halts all such untraceable systems, at least in terms of U.S. banks, credit unions, local moneychangers, etc. Even halts all partly-untraceable systems, to head off the Goldberg Gambit. Does this stop extortion? Suppose there exists a supplier of fully-untraceable (or payee-untraceable at least) cash *somewhere* in the world. It could be a physical bank, a la the Bank of Albania, or it could be an underground payment system, a la the Mafia, the Tongs, the Triads, whatever. A reputation-reliant system which says "Present us with the proper set of numbers and we will provide money to the bearer, or follow instructions, and so on." (I'm informally describing the process of "redeeming" a digital bearer instrument, converting the set of numbers into some other form of specie, or item of value, whatever. Maybe gold, maybe dollars, maybe an entry into an account somewhere. The "untraceability," via the blinding operation, means that the bearer is not linked to the transaction made earlier, so there is not risk at the bank or Triad. I'm also not distinguishing between offline and online clearing here...my feeling for a long time has been that online clearing has many advantages, but I suspect it does not work too well in the extortion case described here, until something like PipeNet can be used as part of the process.) So, Ed the Extortionist tells Vic the Victim to please purchase $25,000 worth of Bank of Albania crypto-credits, by whatever means he has to (including, presumably, even flying to Albania, or using other funds transfer mechanisms, or perhaps even using crypto credits he had accumulated in other transactions.) Whatever, it is assumed that Vic _wants_ to make the transaction, just as with kidnap ransom demands. (Not "want" in the ultimate sense, but "want" in the sense of the local transaction. In extortion and kidnap cases, the victim of the extortion or the family of the kidnap victim may choose not to make the payment...I'm dealing with the more interesting case of where the payment is being made.) How Ed receives the funds without the bits being followed through cyberspace is of course an easy exercise for readers here. Anonymous remailers with reply-block capabilities, a la Mixmaster, or, my preference, posting in a public place, a la the Usenet or other widely-disseminated message pools. Ed takes the crypto credits and redeems them as he sees fit (after some unblinding stuff, of course). The redemption order is unlinkable to the extortion. (Modulo the usual issues: if Ed and Vic happened to be the _only_ users of such a system, then of course simple input-output mapping would finger Ed, as with such uses of remailer networks. Correlations are always a danger. Correlations in timing, in deposit size, etc. The usual fixes apply: more users, more bits sloshing around the network, time delays, etc. Offline clearing facillitates some of these measures. Ditto for breaking up the payment into N separate smaller-denomination transfers.) What could the U.S. do? If Vic the Victim is careful, and either flies to Europe or the Caribbean to make the arrangements, or uses various Cypherpunks-type communication methods, he should be able to wire money from a conventional account, or use real cash, and purchase the crypto credits from the Bank of Albania. Likewise, if Ed the Extortionist has freedom of travel or freedom to use various channels, he can cash in his crypto credits. This no matter what the U.S. does. So, even if "Mark Twain Bank" and "Bank of America," and, indeed, the rest of the U.S. banking establishment eschews untraceability, the presence of such services anywhere in the world is enough to make the act described workable. And that "anywhere in the world" can, as I mentioned earlier, encompass the various underground banking systems already widely in use (Tongs, Triads, chop marks, etc. in Asia, and presumably similar systems elsewhere). Or it could encompass fairly conventional banks which offer such untraceable routes for a premium. A $5,000 commission on top of the $25,000 transfer would make a lot of the world's banks sit up and take notice. And so long as they were not told what the fund transfer was all about--Vic is unlikely to gain anything by telling them--they have plausible deniability and moral comfort. Yes, this has all been obvious for a while. (The mapping of the scenario I describe to a specific digital cash system depends of course on the nature of the system, on cryptographic protocols, and so forth.) And I surmise that the U.S. Government must have realized this. And realized that only by _completely quashing_ all such untraceable payments systems can the goals of stopping such "bad uses" be met. Unfortunately for them, and unfortunately for the victims of such crimes, no such worldwide stoppage of all such systems seems possible, even with draconian police state measures. There are just too many interstices for the bits to hide. And too much economic incentive for some persons or banks to offer such funds transfer methods. Fortunately for the bulk of us, the likely number of deaths and economic losses from such crimes of kidnapping, extortion, and even murder for hire, is still likely to be vastly lower than the number of deaths caused by powerful central governments enriching themselves and their cronies with foreign wars. Not to mention the deaths in the Drug War, the lives wasted in other interferences in private behavior, etc. This is why I look forward to this Brave New World of fully untraceable communications and fully untraceable economic transactions. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From whgiii at amaranth.com Sat Dec 21 20:27:32 1996 From: whgiii at amaranth.com (William H. Geiger III) Date: Sat, 21 Dec 1996 20:27:32 -0800 (PST) Subject: Ebonics In-Reply-To: <3.0.32.19961221180621.006965f0@mail.execpc.com> Message-ID: <199612220425.WAA00122@mailhub.amaranth.com> -----BEGIN PGP SIGNED MESSAGE----- X-Folder: In <3.0.32.19961221180621.006965f0 at mail.execpc.com>, on 12/21/96 at 08:06 PM, "Matthew J. Miszewski" said: >Why is it that personal freedom, sometimes expressed by choice of dialect >or language, seemingly has such arbitrary limits? Many on the list >complain that they are subject to too many rules, and yet, seem to chime in >on multi-linugual issues in this way. Matt you seem to be missing the point. As far as I can tell no one cares how individuals or in what "language" individuals care to speak in. It is a compleetle different issue when you are talking about a government sponcered "second language". As with all things the government does this is just a trial balloon for bigger and "better" things. Tax forms in Afrolish, Voting Ballots in Afrolish, matter of fact all government documents in Afrolish. Anti-discrimination suits & laws because a perspective employee was turned down for a job on the basis that he can not speak English only Afrolish. If you look outside the political/economic spectrum you have the issues dealing with society as a whole. While I could write a thesis on this here are some basic question to ask: What are the effects of having a subset of a society with the following: - Speak a differnt language - Practice a different religion - Have a different work ethic - Have a different set of moral values - Have a different cultural background How will this group fair economically? How will this group fair politically? What are the effects of such a group violently refusing to integrate into the society as a whole? What historical presedents do you have to support your views? Historical Examples: - Programs against the Jews in Europe & Russia - Turks & Armanians - Greeks & Turks - Palistinians & Jews in Israel (20th Century) - -- - ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii at amaranth.com for PGP Key and other info - ----------------------------------------------------------- Tag-O-Matic: DOS=HIGH? I knew it was on something... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMrypJ49Co1n+aLhhAQFjhQP/YuZI/aPBWqD5h7Ns3K6CtkHJzJZem+TZ fn6tUUz6Dhoge59FPpWjjxy+jOZSAlBpVvRZWdQCMCEKdmYdj9sd9uHHbmHDwv4+ vYLkHUdx5UqHH7uMJ/JJj1aIuRjmywyo6BncBvi4PBI7e61I3zq86Ey4pigSdAmB LaxYbfNoX6c= =BTJx -----END PGP SIGNATURE----- From j at gangsta.com Sat Dec 21 20:30:41 1996 From: j at gangsta.com (j at gangsta.com) Date: Sat, 21 Dec 1996 20:30:41 -0800 (PST) Subject: No Subject Message-ID: <9612220424.AA12742@monoceros.capital.edu> Punks, Nawh nigga, yous don't want dem udder foo's to be able to read jo mail! What da hail?! Don'chew see it now? Dis's anutha foam of kryptografee! Da reason we be doin' dis shit is dat so dem basta'ds out dere who be wantin' in on ours konversayshun can't be gettin' in. See?! Now what foo' ass cracka muthafucka can be readin' dis shit at a decent clip? Shit! Can't none of 'em! De only problem is dat it be takin' too long to put in dees apo-straphees. If we gots rids ofs dems, dens we'ds haves a much easia' time of doin' dis shit. Why don't one you cleva' boyz come up wit some kinda editor dat crossreferences (oops, too many syllables) wit dat phat ass ebonics dikshunary at EBONIC.ORG? Den jus' give da dikshunary only to dose people who you be wantin' to read jo shit. Yeomsayn'? Hilary Clinton can't be readin' dis shit! Can't nobody else ova dere in D.C. Us niggas here in Compton been down wit dis phat ass kryptografee fo' a long ass time. How do you tink dat us gangstas is all still around? We be talkin' shit ev'y night on da co'na, but can't none da fuzz be translatin' so we's frees tos dos whateva' we's wantin's tos dos. Yo, jus' lemme quote my phat ass nigga dogg Method Man befo' I go: "I'm slammin' niggas like Shaqueel, dis shit is real, When it's time to eat a meal, I rob and steal, Cuz mom ain't givin' me shit, So for da bread an' butta I leave niggas in da gutta, Wherde 'the mutha, I'm dangerous, Crazia' den a bag o' fuckin' angel dust, When I bus' my gat, muthafuckas take dirt naps, I'm all dat, wit a dime sack and a payback!" Dag! Dat shit's phat, dogg. ************************************************************************** # Gangsta J # "Dead bodies pile up, an' it's plain to see, # # j at hardcore.gangsta.com # it's because o' me. I'm the girl killa, the # # Brownsville ghetto # throat slitta, the cunt rippa" - J # ************************************************************************** From omega at bigeasy.com Sat Dec 21 20:31:15 1996 From: omega at bigeasy.com (Omegaman) Date: Sat, 21 Dec 1996 20:31:15 -0800 (PST) Subject: Executing Encrypted Code In-Reply-To: Message-ID: On Fri, 20 Dec 1996, Peter Hendrickson wrote: > (Of course, it is not out of the question that piracy boosts sales by > advertising the product. We haven't seen a good experiment for > determining this.) There's this little game called "Doom" that was released for free a few years back. pay your $$$ and you got to continue the game. A couple hot shot programmers in Texas apparently made quite a bit of money off of this. Of course, the game was top-notch for its time > Your characterization is accurate. Ignoring the particulars of this > scheme, it would certainly be neat if people could sell software > without it being pirated. They can. Models such as the one above and free software provide one alternative. Companies make their money on a value added basis and from corporations willing to pay proper license fees. Placing the kind of limitations you are envisioning upon hardware would be ultimately harmful to the growth of an industry which has always relied on innovation from "amateurs" on the outside of commercial circles. Furthermore, quality free applications and shareware applications represent a challenge to commercial firms to produce better software that customers are willing to pay for. me _______________________________________________________________ Omegaman PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send e-mail with "get key" in the "Subject:" field to get a copy of my public key _______________________________________________________________ From tcmay at got.net Sat Dec 21 20:46:51 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 21 Dec 1996 20:46:51 -0800 (PST) Subject: "the world is half women, even though they're not on thec-punks list" In-Reply-To: <199612210144.SAA25029@infowest.com> Message-ID: At 7:30 PM -0800 12/21/96, Dale Thorn wrote: >All of this is valid (for argument's sake) except "the stupidity of >little Jessica". She was doing well for a 7-year-old, and I was >quite proud of her. The morons who were flying that plane near weight >capacity at lower altitudes should have been shot for that alone, never >mind trying that at the altitude where they "bought the farm". > >What happened to Jessica because of the selfish, greedy adults who were >involved actually gives weight to the parental licensing plan, yes? >(Ouch) Well, I of course don't hold an 8-year-old very responsible for making such a stupid decision. I was really talking about the stupidity of the entire "stunt," which is what it was, Her parents were pieces of newage, the news media were willing co-involvants (it's called "manufacturing the news"), and the pilot had little experience in icy conditions in thin air. Even in jest, parental licensing would have done little. Jessica's dingbat newage parents are just the type of granolaheads so favored in California as being nurturing, gender-role-bending parental-units. They would surely have received their Breeding Permit. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From lucifer at dhp.com Sat Dec 21 20:50:41 1996 From: lucifer at dhp.com (Mixmaster) Date: Sat, 21 Dec 1996 20:50:41 -0800 (PST) Subject: Security hole in premail Message-ID: <199612220408.XAA03397@dhp.com> On Fri, 20 Dec 1996, Mixmaster wrote: > *** premail.orig Fri Dec 20 18:46:01 1996 > --- premail Fri Dec 20 18:55:54 1996 > *************** > *** 3574,3579 **** > --- 3574,3582 ---- > } > for ($triesleft = 2; !$done && $triesleft; $triesleft--) { > $pass = &getpass ($x); > + if(!-O $ps) { > + &error ("Secrets file exists and is owned by another user\n"); > + } > $status = &decrypt_secrets ($ps_pgp, $ps, $pass); > if (!-s $ps) { unlink $ps; } > $done = (!$status && -e $ps); That patch doesn't work. It will always return an error. I have tested the following patch and it does work as intended: *** premail.orig Wed Oct 30 22:25:10 1996 --- premail Sat Dec 21 15:45:41 1996 *************** *** 3631,3636 **** --- 3631,3639 ---- $invoc .= ' > '.$ps; $invoc .= ' 2> '.$errfile; &pdv ("Invoking PGP as $invoc\n"); + if(-e $ps) { + &error ("Premail secrets file already exists\n"); + } $status = &open_pgp ($invoc, $pass, ''); $err = &read_and_delete ($errfile); &pdv ($err); Sorry about the previous mistake. From omega at bigeasy.com Sat Dec 21 20:57:39 1996 From: omega at bigeasy.com (Omegaman) Date: Sat, 21 Dec 1996 20:57:39 -0800 (PST) Subject: Ebonics In-Reply-To: <199612212122.QAA11642@mercury.peganet.com> Message-ID: On Sat, 21 Dec 1996, Mark Rosen wrote: > No. Speaking in Ebonics is the same as speaking with an accent. You can't > control their expression; you learned to speak with a Southern accent as a > child, while other people learned to speak with an Ebonic accent (?). By > condoning speaking in a Southern accent, you condone speaking in Ebonics. Whatever rational basis your arguments may have had were eradicated by the ludicrous logical conclusion drawn above. > I can't understand thick Southern accents. No matter how smart you are, > I'm not going to hire you because I can't understand you. How do you feel? Oh so sad. Let me make this clear, an accent is far different from grammatically incorrect speech. I can speak with grammatic perfection and a drawl so heavy it'll make your eyeballs hurt. (Of course, being from New Orleans, my normal accent is more like brooklyn than Nashville -- four years in Mississippi changed all that) > Replace the word Ebonics with "Southern accent" and "black English" with > "Southern twang" and you'll see how hypocritical you are. Also, why do you > make an exception for foriegn accents? They're just as difficult to > understand. And can still be spoken with proper grammar. I make an exception for foreign accents because we are dealing a completely separate language. Speakers of ebonics are certainly not bilingual in this sense (and neither am I). I don't see hypocrisy at all. I do see an apologist, pampering, paternal point of view, however. And we southern folk jes' don't abide that sorta thang. > Language is completely different from intellect. You can't control whether > you were taught, Ebonics, a Southern accent, or "normal" English. I wasn't "taught" a Southern accent. I absorbed it in daily conversation. I certainly wasn't taught a Southern dialect. I was taught the English language. I'll say it again...the notion that Ebonics exists as a separate language -- not derived as slang from standard English -- is absurd. me _______________________________________________________________ Omegaman PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send e-mail with "get key" in the "Subject:" field to get a copy of my public key _______________________________________________________________ From rcgraves at disposable.com Sat Dec 21 21:25:15 1996 From: rcgraves at disposable.com (Rich Graves) Date: Sat, 21 Dec 1996 21:25:15 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: <32BCC61C.112@disposable.com> Anonymous wrote: > > Now, you might argue that districts with low property tax revenues > don't deserve public schools, or that those public schools should be > openbly funded without playing strange games with bilingual education. > However, there's no point in arguing they shouldn't teach Ebonic as no > one intends to teach it. Of course there's a point! It's not based in fact, it's not honest, and it's not helpful, but there *is* a point. Call it "satire" or "straw man" depending on your general opinion of black people and "their" politics. -rich From solman at MIT.EDU Sat Dec 21 21:44:29 1996 From: solman at MIT.EDU (solman at MIT.EDU) Date: Sat, 21 Dec 1996 21:44:29 -0800 (PST) Subject: Running code on a machine you don't trust (was Re: Executing Encrypted Code) In-Reply-To: Message-ID: <9612220544.AA15781@ua.MIT.EDU> There are several algorithms I've seen that allow for blind execution of arbitrary code and verification of correctness given the usual cryptographic assumptions. Their problem is that they are absurdly inefficient. But their existence suggests the possibility of efficient algorithms (or at least a good paper deriving lower bounds on the complexity of such algorithms). JWS From attila at primenet.com Sat Dec 21 21:55:19 1996 From: attila at primenet.com (Attila T. Hun) Date: Sat, 21 Dec 1996 21:55:19 -0800 (PST) Subject: Life with Dale In-Reply-To: <199612201454.GAA26329@mailmasher.com> Message-ID: <199612220557.WAA00880@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- In <199612201454.GAA26329 at mailmasher.com>, on 12/20/96 at 06:54 AM, nobody at huge.cajones.com (Huge Cajones Remailer) said: ::>From: Dale Thorn ::>I spent part of my growing up years in Leroy West Virginia, pop. :about 15, ::>give or take. I know about hillbillies, and I know about guns. ::>If you had the impression I am a whiner, or that that defines me as a ::>person, you're about as clueful as the other old farts who attack people ::>they don't know anything about. ::Name one thing Dale has not experienced. LIFE? == Tyranny Insurance by Colt Manufacturing Co. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMrzM2L04kQrCC2kFAQH+fAQA06vGSZgkryR+DtBS/6CJq5vS6pB0Cjwx EAavs2fOLRxI1RYuIcrv5znqFXR65lkjUl9ZCKAzds4XOT8n8as+BfW8YB5Qa2Lp 8yYA6kaxHD8leyO4PfJ4CIS06nBlsjgeJHeUo5qUOJc1INGnCA9OlrodrgAjqBvB hanXjoQw+Jo= =ZgHt -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Sat Dec 21 22:00:19 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Dec 1996 22:00:19 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: "Timothy C. May" writes: > > (Where is "Logos" these days?) Jerking off at www.playgirl.com, like a true "cypher punk". --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Dec 21 22:00:29 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Dec 1996 22:00:29 -0800 (PST) Subject: The Ebonic Plague In-Reply-To: Message-ID: "Timothy C. May" writes: > As to the scum who need purging: welfare recipients, both personal and > corporate, government employees at all levels, and so on. Even Timmy May (fart) makes sense sometimes. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Dec 21 22:00:33 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Dec 1996 22:00:33 -0800 (PST) Subject: Ebonics In-Reply-To: <199612220126.SAA20072@web.azstarnet.com> Message-ID: drose at AZStarNet.com writes: > I can certainly express my personal freedom by passing wind at home (subject > only to the possibly vociferous objections of my family). > > Were I to fart in church or in a board meeting, that would be a horse of a > different color, nicht wahr? So what are they gonna do, arrest you for farting? I fart in Timmy May's general direction. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Dec 21 22:00:35 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Dec 1996 22:00:35 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: Omegaman writes: > On Sat, 21 Dec 1996, Mark Rosen wrote: > > > * You are making glaring generalizations regarding all members of an > > ethnic body; you don't seem to realize that intellect is based not on color > > or how you talk but on your brain (which has the same color and other basic > > properties in all humans, I believe) > > That's not what was said. He said he would not hire on the basis of a > person's inability to speak the English language. That has nothing > whatsoever to do with color. If you can't communicate with your > co-workers, how can you expect to get any work done? In this case you're right - ability to communicate is a bona fide occupational qualification. But he should be able to refuse to hire them if he doesn't like the color of their skin. Fuck the gubmint interference. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Dec 21 22:00:42 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Dec 1996 22:00:42 -0800 (PST) Subject: "the world is half women, even though they're not on the c-punks In-Reply-To: Message-ID: "Timothy C. May" writes: > At 10:20 AM -0800 12/21/96, Dale Thorn wrote: > > >Ya' know, guys, the world is half women, even though they're not on > >the c-punks list. Get in touch with them. They're fun people. > > Ah, it's been a while since we had the "why aren't more women on the list?" > discussion. > > Frankly, women are of course welcome. If the list interests them, they are > welcome to subscribe. As it has always been. > > That so few women are subscribers, or remain subscribers, or attend > Cypherpunks physical meetings....well, that's a larger issue involving > familiar issues: The women I've seen at DC Punks meetings were invariably ugly Lesbians (except one). > - why are libertarian events so dominated by males? (in attendance, for > example) Because women are too smart to buy into hypocritical "libertarian" bullshit. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From rcgraves at disposable.com Sat Dec 21 22:01:25 1996 From: rcgraves at disposable.com (Rich Graves) Date: Sat, 21 Dec 1996 22:01:25 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: <32BCCE8A.28EF@disposable.com> Timothy C. May wrote: > > At 5:49 PM -0600 12/21/96, Matthew J. Miszewski wrote: > > >I realize you dont agree with the tactics of some black leaders in > >this country, but I dont understand why you have this need to cloak > >your arguments in such antagonizing language. You, of course, are > >free to do so, I just find it counter-productive albeit sometimes > >humourous. > > I was speaking of "Ebonics." That many "black leaders" support so > transparent a scam and backward step is a separate issue, though, I > confess, not an unexpected one. No, folks, Tim doesn't generalize. Name one "black leader" who has endorsed anything like the straw man you're talking about. What we have here are a couple of kooks in charge of a politicized school board in Oakland. The word "ebonics" appears exactly zero times in Stanford's library catalog and exactly zero times in the indices of peer-reviewed academic journals to which I have access, including some very "PC" ones. DejaNews had exactly one instance of the word "ebonics" before this September, when someone in Oakland started making a fuss. The recommendations of the Oakland school board, which bear no resemblance to the nonsense spouted here, are no more representative of even the most politicized elements of black studies departments than certain Bible Belt public schools are of "white leaders." -rich From dlv at bwalk.dm.com Sat Dec 21 22:02:01 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Dec 1996 22:02:01 -0800 (PST) Subject: The Ebonic Plague In-Reply-To: <01BBEF4B.F9E5E740@king1-05.cnw.com> Message-ID: blanc writes: > And which are the scum who would be purged? The asshole "cypher punks" who don't put carriage returns in their e-mail, whether signed 'blanc' or sent via the anonymous remailers? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Dec 21 22:02:13 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Dec 1996 22:02:13 -0800 (PST) Subject: The Ebonic Plague In-Reply-To: <19961222014014.13259.qmail@suburbia.net> Message-ID: proff at suburbia.net writes: > > >Just how would this take shape in "real life" - what would constitute this > > >reign of terror; how do you envision such an event in action? > > > > > >And which are the scum who would be purged? > > > > The answer is implicit in many of my hundreds of posts. > > > > As to the scum who need purging: welfare recipients, both personal and > > corporate, government employees at all levels, and so on. > > > > --Tim May > > Strange how you move closer to the mentality of Vulis every day. If Timmy hadn't started attacking me, like an asshole that he is, I'd have had no problem with him and his views. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sat Dec 21 22:02:23 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 21 Dec 1996 22:02:23 -0800 (PST) Subject: Ebonics In-Reply-To: <199612212015.PAA09322@mercury.peganet.com> Message-ID: "Mark Rosen" writes: > someone if > > they can't even understand what that person is saying. Besides, I would > > suspect that a reasonably intelligent person would know how to speak > correct > > English or at least make an attempt to do so. > Especially in the computer field, language is irrelevant; as long as > someone can "speak" C++ or HTML, they're fine. You are clearly not in the computer field. Someone who can't document his or her program, or can't explain something to a colleague, can't do the job. Communication may be irrelevant to an assembly line workers, but it sure matters for computer people. > > Crypto will allow people to actively discriminate against whomever they > wish. > > It will also allow those who would be discriminated against to protect > > information about themselves to prevent discrimination. I don't support > > discrimination based on race, but language is a completely different > matter. > Spoken language, which is what you're discriminating against is vastly > different from typed language. Everyone types pretty much the same way but > everyone speaks differently. People who speak in Ebonics or with a Southern > twang often know the rules of grammar, as expressed in writing, but they do > not speak "correctly" because they are not accustomed to doing so. Once again I observe that "cypher punks" and "libertarians" are fucking statists. Yes, Timmy May is a racist asshole, but no, the fucking state should not stop him from discriminating in any way he wants to. If Timmy doesn't want to hire a good engineer because he doesn't like his accent, his looks, his smells, his sexual preferences, it's Timmy's right. Let Timmy punish himself by hiring the second best candidate and paying more. The free market works. Don't fuck with it. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From attila at primenet.com Sat Dec 21 22:26:33 1996 From: attila at primenet.com (Attila T. Hun) Date: Sat, 21 Dec 1996 22:26:33 -0800 (PST) Subject: Bernstein (export laws unconstitutional) decision update In-Reply-To: Message-ID: <199612220628.XAA01413@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- In , on 12/21/96 at 07:51 AM, The Deviant said: ::On Fri, 20 Dec 1996, Michael Tighe SUN IMP wrote: ::> John Gilmore writes: ::> ::> >After further consultations with the attorneys, we are not sure ::> >whether the decision has nationwide impact or whether it is limited ::> >to the Northern District of California (which includes SF and ::> >Silicon Valley). ::Your Mileage May Vary -- check with your lawyer. and where does the average hacker find a reliable attorney in these matters? more likely you will find the usual charlatan mouthpiece who will give it a whirl, be body-traded out, and still take your money. and that is just what is so special about pro bono attorneys: they have their soul on the line; and, even better, when the horsepower has the folks at Baker & Hostetler behind them (even if their head office is in Cleveland --my mother remembered Hostetler when he helped his father deliver milk door to door in East Cleveland (in the 1910s!))
::> ::> The decision itself says it only applies to Bernstein, and then only ::> for source code. ::> ::The fact that one judge says his ruling only applies to one person is ::irrelevant ; his decision can, and probably will, be used as precedent ::in other cases, which is the good that it really serves in the first ::place. More power to Mr. Bernstein and all, but in reality this case ::has almost nothing to do with him in particular. The real usefullness ::of this case is so that other judges can see that at least one judge ::believes that the law _can_ be wrong, even if only in specific cases. Absolutely! Given the concept I propounded a few days ago that each Federal District Judge is his own 'Judge Roy Bean, Law West of the Pecos," he still has reference to the decision; he can either use it as the basis of the decision in his court, or he can ignore. If the case has been to appeal and affirmed; and, Judge Roy is in the same appeals circuit, an adverse decision is not likely to stand. What's the point? PRECEDENCE! Bernstein (who hung on despite dealing with a mute point in his own case), the EFF, and all the pro bono attorneys who made the case successful are to be congratulated. We, if we love our freedom, owe all of the players a rather large debt of gratitude for blowing a hole in Fort Clinton. and, I will stand up and say "thank you!" any place I can. == Tyranny Insurance by Colt Manufacturing Co. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMrzUVr04kQrCC2kFAQHPsQQAwl4UWKtrUYhwF4GoPZTWZdYozRpgzr0N U20Mb4PmrgeeKzHfRV7CjJmbqsQX3AdM0ydn7KN8BcnKs5jhWqKQ+vPfjb/Vn56b 3woBhc6Lg0ERMpOPaBvRjpynsHzTjCarb24JEqP70UyEHvS2o7MBIZLbF2rsW9Xa txBdQz9+vIk= =09yf -----END PGP SIGNATURE----- From tcmay at got.net Sat Dec 21 22:35:35 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 21 Dec 1996 22:35:35 -0800 (PST) Subject: EBONIC.ORG In-Reply-To: <1.5.4.32.19961221215040.006cb3d4@mail.nova1.net> Message-ID: At 3:50 PM -0600 12/21/96, Chuck wrote: >I hope the site will be up in a week or so, in the meantime, you may >communicate via the list or directly to me at . Remember, >we be needin yo hep. It gotta a homey page? --Kool Mo Master Flash Tim From attila at primenet.com Sat Dec 21 22:50:50 1996 From: attila at primenet.com (Attila T. Hun) Date: Sat, 21 Dec 1996 22:50:50 -0800 (PST) Subject: Reflections on the Bernstein ruling In-Reply-To: <3.0.32.19961220234518.006a1ef4@law.uoregon.edu> Message-ID: <199612220653.XAA01816@infowest.com> a good review by Greg Broiles of the reasons, expressions of "faith and doubt," etc. on the part of Judge Patel, and further confirmation of my statements on the wide open plains of judicial discretion on the federal bench. Judge Patel is also to be commended for her courage of standing up to the pressure from the DOJ and the White House; I doubt she is high on their popularity chart... I think my comment on firing a shot which has breached Fort Clinton and the thanks we owe Bernstein and all the lawyers is about the bottom line --we have hit the target, but we have not killed the beast. It will take many more decisions, on a case by case basis, to fight the administration, and a few brave souls could be looking at three hots and a cot before it is over. have no doubt: Bubba has no intention of backing down. Free speech, and private communication over open public lines, removes the power of the government to intimidate the populace; and takes away the media's slanted exclusivity. Expect a wave of prosecutions as the DOJ goes for broke. --attila == Tyranny Insurance by Colt Manufacturing Co. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMrzaBr04kQrCC2kFAQG7ogQAuW2xTRiSY1CKixwzMr2O5TkT/P7OpNug 9Jb/mcQhc/b/JivaW6qWDQQiiVz1NZ0ueRWlAX3UJvJ70qv4uRmiOACCXYIkmgno vtZMDOgmMayICJrrtsve2vCVRna28St8tev8UvAenIIHcwYZILT7RhcgRXsESIsa gywlHvXYaAc= =tg0J -----END PGP SIGNATURE----- From gt at kdn0.attnet.or.jp Sun Dec 22 01:32:49 1996 From: gt at kdn0.attnet.or.jp (Gemini Thunder) Date: Sun, 22 Dec 1996 01:32:49 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: <32beff5f.307926014@kdn0.attnet.or.jp> Dale Thorn wrote: >There's a story about the Confederate officer who, following the War For >Southern Independence (not a true Civil War BTW), walked up the steps of >the veterans' club and saw a Union man sitting with a tin cup, looking >absolutely miserable with all sorts of injuries, etc. The Southern man >tossed a dollar into the cup, at which point the astonished Union soldier >exclaimed "thank you, sir". The next week at the club, the same thing >happened, and the soldier asked "Excuse me sir, but why would a Southern >officer such as yourself be showing so much sympathy to a Union man like >myself?" To which the Southern officer replied "Actually it's not that, >it's just that you're the first Yankee I've seen that's been shot up >to my specifications". A minor nit on an otherwise excellent post: I am of the understanding the proper name is "The War of Northern Aggression". :) From dthorn at gte.net Sun Dec 22 01:37:57 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 22 Dec 1996 01:37:57 -0800 (PST) Subject: Language (Was:Re: Ebonics) In-Reply-To: Message-ID: <32BCDD2C.2E0@gte.net> Jamie Lawrence wrote: > At 7:17 PM -0800 on 12/21/96, Dale Thorn wrote: > > > > Southern twang (or whatever the politically correct name for that is) > > Just saying someone has a Southern "accent" is prejudicial and ignorant. > Bullshit. > I was born and raised in Ohio. I went to middle and high school in > Tennessee. (This isn't a qualification, per se, for asserting what > I'm about to assert, as any trained ape could probably defensibly > argue. I state it only to demonstrate some first hand knowledge about > the topic I'm at hand. As my mother has drifted from speaking "Yankee > english" to "Rebel English" over the years, examples of which I have > on tape, I believe I can assert some knowledge on the matter.) Bullshit yourself. I was born and raised (mostly) in Ohio too. You didn't say what part of Tennessee, and there's a helluva difference between Memphis, Nashville, and Chattanooga. Just like you hear an *enormous* difference in dialect between Akron and (for example) Parkersburg, WVa, a mere 150 miles away. You talk about "standard" English in the U.S., as though the U.S. spoke *true* English. More bullshit. Be that as it may, the principal agents of the early United States (Presidents, etc.) were Virginians, hence Southerners. Sure, the barbarian hordes followed from Europe and settled into Northern manufacturing and so on, and from them you establish that that represents "standard" English? You would know, if you had read some of the suppressed history of the U.S., that barbarians who "speak Northern" have propagated tremendous amounts of disinformation, including setting up speaking exhibits of U.S. Presidents, where even the Southern Presidents "speak Northern or Midwestern", i.e. a ficticious history. If you read my complete post, you would note that I made a distinction between "twang" (i.e., slurring words) and "accent" (something that sounds "different" but is nonetheless clear), a distinction that you have not grasped. Next thing you'll say (probably) is that since the White Man killed off the Indians, then the Indians must have been the True Savages. Just like it says in the Declaration Of Independence (yeah, it says that). Now don't tell me that Thomas Jefferson was wrong, but you are right. Read more, talk less. [snip remainder] From dlv at bwalk.dm.com Sun Dec 22 04:13:40 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 22 Dec 1996 04:13:40 -0800 (PST) Subject: EBONIC.ORG In-Reply-To: Message-ID: jamie at comet.net (jamie dyer) writes: > FITTYSEN = Four bits. Half a dollar. > > FLO = The thing a rug is laid upon. > > BODE = Can be a two-by-four or any other measure of lumber. > > DUNDUN = A statement of completion. "I dundun it." > > SAYLAY = A 24 hour store. Most neighborhoods have one. > > BITCH = Female companion. Wife. Mother. Whore. You. Me. Best Friend. This is the most crypto-relevant article on this mailing list in MONTHS. Navajo talk? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From toto at sk.sympatico.ca Sun Dec 22 04:19:48 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Sun, 22 Dec 1996 04:19:48 -0800 (PST) Subject: Slaughter In-Reply-To: Message-ID: <32BD3731.33D3@sk.sympatico.ca> Dale Thorn wrote: > As I remember the quote, it ended something like "and they came for me, > but there was nobody left to speak up". Dale, Thanks, I love the quote but can't find it or it's source. Perhaps I can put it all together in bits and pieces. > We just don't believe (naively) that just > because someone issues code that was designed 20 years ago, and which > the NSA can undoubtedly crack in a heartbeat, that that code can > necessarily protect us against all comers. I don't thinkI'm very naieve about cryptography. I fully realize that the same goons that will crack you over the head for what you've written, will also be prone to cracking you over the head for 'not' being able to read what you have written. > There is a difference between principle and fact. You have the > principles exactly correct, but as to facts, you have to be eternally > vigilant, i.e., don't get too comfortable with PGP et al. Thanks for the advice. PGP serves me very well for most of my correspondences, but I add a little 'je ne sais quoi' to it for things I consider to be of more personal import. It's probably something that experienced crytptographers would laugh at, but just because I'm not a professional security-alarm designer doesn't mean I'm going to leave my housekey under the front door mat. -- Reply to:toto at sk.sympatico.ca "There's only one two." From toto at sk.sympatico.ca Sun Dec 22 05:16:11 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Sun, 22 Dec 1996 05:16:11 -0800 (PST) Subject: [Fwd: To unsbscribe, unscrivive, or ubsribibe] Message-ID: <32BD4434.1EE5@sk.sympatico.ca> -- Reply to:toto at sk.sympatico.ca "There's only one two." To: "Dr.Dimitri Vulis KOTM" Subject: To unsbscribe, unscrivive, or ubsribibe From: Carl Johnson Date: Sun, 22 Dec 1996 06:18:30 -0800 Organization: TOTO Enterprises References: <2BJaZD31w165w at bwalk.dm.com> ABB Electrical Engineering writes: > Can anyone tell me please how to unsbscribe and not to receive such mail. To unsbscibe, unscrivive, or ubsribibe, just send eMail to fuck at yourself.up. He will be happy to send you an executable program that will ensure that you will no longer get any mail from this conference. Glad I could be of assistance. -- Reply to:toto at sk.sympatico.ca "There's only one two." From dlv at bwalk.dm.com Sun Dec 22 06:10:29 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 22 Dec 1996 06:10:29 -0800 (PST) Subject: Dale defends free society from the NSApunks In-Reply-To: <32BCE254.3D82@sk.sympatico.ca> Message-ID: Carl Johnson writes: > Dr.Dimitri Vulis KOTM wrote: > > For those who don't know what kind of slimeball Rich Graves is: > > Rich Graves is a paranoid Jewhater who likes to harrass Jews by > > spamming inappropriate public forums with Holocaust flame bait. > > Dr. DM K, > Yes, but I'm sure that he has some bad qualities, too. Is "Gravesian" gay? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jya at pipeline.com Sun Dec 22 06:18:19 1996 From: jya at pipeline.com (John Young) Date: Sun, 22 Dec 1996 06:18:19 -0800 (PST) Subject: EMR Threat of RS-232 Cables Message-ID: <1.5.4.32.19961222141059.006a3cfc@pop.pipeline.com> Thanks to Steve Schear we've put a 1990 article on eavesdropping on RS-232 cable emanations which parallels van Eck's work on VDUs. "The Threat of Information Theft by Reception of Electromagnetic Radiation from RS-232 Cables" By Peter Smulders, Dept of EE, Eindhoven University of Technology Smulders notes that this type of emanation can disclose information, such as passwords, that does not appear on VDUs. And that cable shielding does not always prevent snooping. http://jya.com/rs232.pdf (367 kb) From aga at dhp.com Sun Dec 22 06:23:37 1996 From: aga at dhp.com (aga) Date: Sun, 22 Dec 1996 06:23:37 -0800 (PST) Subject: No Subject In-Reply-To: Message-ID: On Sun, 22 Dec 1996, Dr.Dimitri Vulis KOTM wrote: you honkies do not understand this, but this is what I grew up with. will you muthafuckin cyberpunks PLEASE learn to spell; the word is "NIGGAZ" > Apparently-To: cypherpunks at toad.com > Sender: owner-cypherpunks at toad.com > Precedence: bulk > > Punks, > > Nawh nigga, yous don't want dem udder foo's to be able to read jo > mail! What da hail?! Don'chew see it now? Dis's anutha foam of > kryptografee! > > Da reason we be doin' dis shit is dat so dem basta'ds out dere > who be wantin' in on ours konversayshun can't be gettin' in. > > See?! Now what foo' ass cracka muthafucka can be readin' dis > shit at a decent clip? Shit! Can't none of 'em! De only problem is dat > it be takin' too long to put in dees apo-straphees. If we gots rids ofs > dems, dens we'ds haves a much easia' time of doin' dis shit. > > Why don't one you cleva' boyz come up wit some kinda editor dat > crossreferences (oops, too many syllables) wit dat phat ass ebonics > dikshunary at EBONIC.ORG? Den jus' give da dikshunary only to dose > people who you be wantin' to read jo shit. > > Yeomsayn'? Hilary Clinton can't be readin' dis shit! Can't > nobody else ova dere in D.C. Us niggas here in Compton been down wit dis > phat ass kryptografee fo' a long ass time. How do you tink dat us > gangstas is all still around? We be talkin' shit ev'y night on da co'na, > but can't none da fuzz be translatin' so we's frees tos dos whateva' we's > wantin's tos dos. > > Yo, jus' lemme quote my phat ass nigga dogg Method Man befo' I go: > > "I'm slammin' niggas like Shaqueel, dis shit is real, > When it's time to eat a meal, I rob and steal, > Cuz mom ain't givin' me shit, > So for da bread an' butta I leave niggas in da gutta, > Wherde 'the mutha, I'm dangerous, > Crazia' den a bag o' fuckin' angel dust, > When I bus' my gat, muthafuckas take dirt naps, > I'm all dat, wit a dime sack and a payback!" > > Dag! Dat shit's phat, dogg. > > > > > > ************************************************************************** > # Gangsta J # "Dead bodies pile up, an' it's plain to see, # > # j at hardcore.gangsta.com # it's because o' me. I'm the girl killa, the # > # Brownsville ghetto # throat slitta, the cunt rippa" - J # > ************************************************************************** > this muthafucker has a sick sig. keep all fuckin replies to the mailing list ONLY. From aga at dhp.com Sun Dec 22 06:28:57 1996 From: aga at dhp.com (aga) Date: Sun, 22 Dec 1996 06:28:57 -0800 (PST) Subject: the word is "NIGGAZ" Message-ID: On Sun, 22 Dec 1996, Dr.Dimitri Vulis KOTM wrote: you honkies do not understand this, but this is what I grew up with. will you muthafuckin cyberpunks PLEASE learn to spell; the word is "NIGGAZ" > Apparently-To: cypherpunks at toad.com > Sender: owner-cypherpunks at toad.com > Precedence: bulk > > Punks, > > Nawh nigga, yous don't want dem udder foo's to be able to read jo > mail! What da hail?! Don'chew see it now? Dis's anutha foam of > kryptografee! > > Da reason we be doin' dis shit is dat so dem basta'ds out dere > who be wantin' in on ours konversayshun can't be gettin' in. > > See?! Now what foo' ass cracka muthafucka can be readin' dis > shit at a decent clip? Shit! Can't none of 'em! De only problem is dat > it be takin' too long to put in dees apo-straphees. If we gots rids ofs > dems, dens we'ds haves a much easia' time of doin' dis shit. > > Why don't one you cleva' boyz come up wit some kinda editor dat > crossreferences (oops, too many syllables) wit dat phat ass ebonics > dikshunary at EBONIC.ORG? Den jus' give da dikshunary only to dose > people who you be wantin' to read jo shit. > > Yeomsayn'? Hilary Clinton can't be readin' dis shit! Can't > nobody else ova dere in D.C. Us niggas here in Compton been down wit dis > phat ass kryptografee fo' a long ass time. How do you tink dat us > gangstas is all still around? We be talkin' shit ev'y night on da co'na, > but can't none da fuzz be translatin' so we's frees tos dos whateva' we's > wantin's tos dos. > > Yo, jus' lemme quote my phat ass nigga dogg Method Man befo' I go: > > "I'm slammin' niggas like Shaqueel, dis shit is real, > When it's time to eat a meal, I rob and steal, > Cuz mom ain't givin' me shit, > So for da bread an' butta I leave niggas in da gutta, > Wherde 'the mutha, I'm dangerous, > Crazia' den a bag o' fuckin' angel dust, > When I bus' my gat, muthafuckas take dirt naps, > I'm all dat, wit a dime sack and a payback!" > > Dag! Dat shit's phat, dogg. > > > > > > ************************************************************************** > # Gangsta J # "Dead bodies pile up, an' it's plain to see, # > # j at hardcore.gangsta.com # it's because o' me. I'm the girl killa, the # > # Brownsville ghetto # throat slitta, the cunt rippa" - J # > ************************************************************************** > this muthafucker has a sick sig. keep all fuckin replies to the mailing list ONLY. From camcc at abraxis.com Sun Dec 22 09:18:37 1996 From: camcc at abraxis.com (Alec) Date: Sun, 22 Dec 1996 09:18:37 -0800 (PST) Subject: Language (Was:Re: Ebonics) Message-ID: <3.0.32.19961222121921.006a2b84@smtp1.abraxis.com> At 11:03 PM 12/21/96 -0800, you wrote: :[snip] :If you read my complete post, you would note that I made a distinction :between "twang" (i.e., slurring words) Twang is _not_ slurring words; twang is speaking with a nasal accent. A good example is the principal's secretary in "Ferris Buhler's Day Off." Thanks, y'all. Cordially, Alec PGP Fingerprint: Type bits/keyID Date User ID pub 1024/41207EE5 1996/04/08 Alec McCrackin Key fingerprint = 09 13 E1 CB B3 0C 88 D9 D7 D4 10 F0 06 7D DF 31 From jya at pipeline.com Sun Dec 22 09:56:25 1996 From: jya at pipeline.com (John Young) Date: Sun, 22 Dec 1996 09:56:25 -0800 (PST) Subject: National Cryptologic School Press Message-ID: <1.5.4.32.19961222174909.006d94a4@pop.pipeline.com> A WaPo review today of a new book on military intelligence during the Civil War, cites the author's background in NSA and as director of the agency's National Cryptologic School Press. Are the publications of this press public? Anyone have an address? Access to a catalogue. Any other info? There's another, on-line, review of the book at: http://www.bookpage.com/9609bp/nonfiction/thesecretwarfortheunion.html From dthorn at gte.net Sun Dec 22 10:13:56 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 22 Dec 1996 10:13:56 -0800 (PST) Subject: Slaughter In-Reply-To: Message-ID: <32BD7A17.547@gte.net> Carl Johnson wrote: > Dale Thorn wrote: > Thanks, I love the quote but can't find it or it's source. Perhaps I > can put it all together in bits and pieces. As long as we're getting closer on that one, I thought I'd add my own twist on another famous (but obnoxious) quote: The standard version: God grant me the serenity to accept the things I cannot change; The courage to change the things I can; And the wisdom to know the difference. (quote not necessarily exact). My version: God grant me the wisdom to know the difference between right and wrong; The courage to support those who I feel are doing the right things, and to oppose those who are doing the wrong things; And the serenity to do so as peacefully as possible. BTW, when I bought my first Sinead O'Connor album (Lion & Cobra), I thought it was the best album ever recorded (apologies to James Brown), but then she released another album with the standard version quote (as above) leading off the first song, and I nearly barfed. > > There is a difference between principle and fact. You have the > > principles exactly correct, but as to facts, you have to be eternally > > vigilant, i.e., don't get too comfortable with PGP et al. > Thanks for the advice. PGP serves me very well for most of my correspondences, > but I add a little 'je ne sais quoi' to it for things I consider to be of more > personal import. It's probably something that experienced crytptographers would > laugh at, but just because I'm not a professional security-alarm designer doesn't > mean I'm going to leave my housekey under the front door mat. Everybody with computer experience has different levels of security for different applications/files etc.; I'm only suggesting that it would be nice when people discuss applications of PGP (as opposed to mere technical aspects of PGP), that they would include comments as to the expected level of security. I get the impression from posters that some of them consider their encryption under PGP to be absolutely unreadable by NSA et al. Which BTW may be possible under some circumstances, but which circum- stances probably don't apply in most cases. From dthorn at gte.net Sun Dec 22 10:24:33 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 22 Dec 1996 10:24:33 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: <32BD7C90.48D2@gte.net> Carl Johnson wrote: > > Dale Thorn wrote: > > the War For Southern Independence (not a true Civil War BTW) > Care to enlighten an unknowing Canuck as to why this is so? Pardon me for adding to list, but everyone really wants to know, yes? A true Civil War is two factions fighting for control of the same government or taxable land area. One could argue that the North and South were both fighting for control of the South, but that would be a specious argument. If the South had intended in their declarations of separation to free up the Northern states as well, then that would add weight to the argument. BTW, the fact that there were incursions into the North by the South is no more evidence of Civil War than Chechens incursing into Moscow. Also, the "provocation" at Ft. Sumter should no more be considered the South starting the war than, say, the Gulf of Tonkin incident starting the Vietnam war. From dthorn at gte.net Sun Dec 22 10:29:47 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 22 Dec 1996 10:29:47 -0800 (PST) Subject: DES implementation in C In-Reply-To: Message-ID: <32BD7DC4.745A@gte.net> Eric Young wrote: > On Fri, 20 Dec 1996, Peter Trei wrote: > > > So yet again my dislike of doing assember has been justified. One just > > > needs a good compiler and be willing to put in the correct C code :-). > > > While I know the asm is faster, the C compiler does a better job of > > > the chaining between the 16 inlined inner loops. [snippo] If you could produce a 100% 'C' version, with in-line provisions for replaceable 'C' or assembler functions, and insure that there is no significant performance loss for having this portability, then you could at least issue the 100% 'C' code for any machine or O/S. This would make a lot of people happy if the application has wide interest. Is this possible, even if it's more work? From dthorn at gte.net Sun Dec 22 10:50:54 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 22 Dec 1996 10:50:54 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: <32BD801E.127D@gte.net> Gemini Thunder wrote: > Dale Thorn wrote: > >There's a story about the Confederate officer who, following the War For > >Southern Independence (not a true Civil War BTW), walked up the steps of > >the veterans' club and saw a Union man sitting with a tin cup, looking > >absolutely miserable with all sorts of injuries, etc. The Southern man > >tossed a dollar into the cup, at which point the astonished Union soldier > >exclaimed "thank you, sir". The next week at the club, the same thing > >happened, and the soldier asked "Excuse me sir, but why would a Southern > >officer such as yourself be showing so much sympathy to a Union man like > >myself?" To which the Southern officer replied "Actually it's not that, > >it's just that you're the first Yankee I've seen that's been shot up > >to my specifications". > A minor nit on an otherwise excellent post: I am of the understanding > the proper name is "The War of Northern Aggression". :) Yes. We use both terms, and perhaps others as well. As to the Northern Aggression, the avalanche of propaganda after the war (and continuing with Ken Burns' disonfo on PBS TV) was intended to "persuade" the public that the South started the War, having "attacked" Ft. Sumter (their own property), and having had the temerity to withdraw from the Union (their right as free states), not to mention holding slaves (an act not made "illegal" until 1862, i.e., a year after the war started). From jimbell at pacifier.com Sun Dec 22 11:10:45 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 22 Dec 1996 11:10:45 -0800 (PST) Subject: Executing Encrypted Code Message-ID: <199612221910.LAA28887@mail.pacifier.com> At 06:41 PM 12/21/96 -0800, Timothy C. May wrote: >And don't forget that internal nodes of microproceessors can be "tapped" >with an electron beam voltage contrast system. Some steps can make this >much harder, but the principle is still that internal states are capturable. >--Tim May Within the last week or two, I read (somewhere?) of a new system to analyze chip behavior that utilized tiny amounts of light momentarily emitted from FET channels during switching. Jim Bell jimbell at pacifier.com From frantz at netcom.com Sun Dec 22 11:11:33 1996 From: frantz at netcom.com (Bill Frantz) Date: Sun, 22 Dec 1996 11:11:33 -0800 (PST) Subject: Reflections on the Bernstein ruling In-Reply-To: <3.0.32.19961220234518.006a1ef4@law.uoregon.edu> Message-ID: At 10:46 PM -0800 12/21/96, Attila T. Hun wrote: > have no doubt: Bubba has no intention of backing down. Free > speech, and private communication over open public lines, removes > the power of the government to intimidate the populace; and takes > away the media's slanted exclusivity. > It takes away a power J. Edger Hoover used very effectively. That is, the power to control Washington power brokers by tapping their lines and gathering dirt. While there are "institutional reforms" which have "eliminated these kinds of abuses", without at least a public audit which shows every use of FBI (etc.) wiretapping equipment, and a paper trail to back it up, we can not be sure. (This audit would require a separate escrow agency to keep the wiretap equipment and check it out to the FBI for use. It would also require that the equipment be complex enough that it can't be cobbled together with pieces from Radio Shack. Note that these restrictions are less severe than those Greg Broiles describes for convicted felons during parole.) ------------------------------------------------------------------------- Bill Frantz | Client in California, POP3 | Periwinkle -- Consulting (408)356-8506 | in Pittsburgh, Packets in | 16345 Englewood Ave. frantz at netcom.com | Pakistan. - me | Los Gatos, CA 95032, USA From foodie at netcom.com Sun Dec 22 11:20:03 1996 From: foodie at netcom.com (Jamie Lawrence) Date: Sun, 22 Dec 1996 11:20:03 -0800 (PST) Subject: Language (Was:Re: Ebonics) In-Reply-To: Message-ID: Dale again demonstrates his amazing tact and rhetorical skill by posting private mail and then debating only the portions of my message he doesn't reproduce, batting at straw men all the while. I should have known better than to even try. If anyone cares, I 'll send you my original message to Dale privately. This all is so far off topic (I was bored) and Dale is such a twit that it simply doesn't bear more discussion here. -j -- "I'm about to, or I am going to, die. Either expression is used." - Last words of Dominique Bouhours, Grammarian, 1702 ____________________________________________________________________ Jamie Lawrence foodie at netcom.com From tnh at ACM.ORG Sun Dec 22 11:36:41 1996 From: tnh at ACM.ORG (Timothy N. Hill) Date: Sun, 22 Dec 1996 11:36:41 -0800 (PST) Subject: Slaughter Message-ID: -----BEGIN PGP SIGNED MESSAGE----- According to Bartlett's, this is attributed to Martin Niemoeller (1892-1984): In Germany they came first for the Communists, and I didn't speak up because I wasn't a Communist. Then they came for the Jews, and I didn't speak up because I wasn't a Jew. Then they came for the trade unionists, and I didn't speak up because I wasn't a trade unionist. Then they came for the Catholics, and I didn't speak up because I was a Protestant. Then they came for me, and by that time no one was left to speak up. [John Bartlett, _Familiar Quotations_, ed. by Justin Kaplan (16th ed.; Boston: Little, Brown and Company; 1992), p. 684] - Tim -----BEGIN PGP SIGNATURE----- Version: 2.7.1 iQCVAwUBMr2NAy62DQeAyFc9AQH1TgP/RXoMa4e5Ub+u8H4vBYuRL+lPrefU02B1 qov3PSmAzyHu9tGYWuKG4vIVEZfpQe9Wi6OgJh7bLoAnFN3g+umd9CJ6psc7DC3p P3iEEwgaY+9zQ4oX3L9+79DEhlPFiH4RUbjEGOo31d1Rj3gOGRhNXPVdVCNA/tTf H3jbKL9yvpU= =qp1r -----END PGP SIGNATURE----- Timothy N. Hill Wellesley, Massachusetts +1 617 235-2902 PGP F058F75D 99C5122F 21C5BEF5 620C1D3C From tcmay at got.net Sun Dec 22 11:47:07 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 22 Dec 1996 11:47:07 -0800 (PST) Subject: The Ebolics Virus may be contained In-Reply-To: Message-ID: At 10:38 AM -0800 12/22/96, Dale Thorn wrote: >Gemini Thunder wrote: ... >> A minor nit on an otherwise excellent post: I am of the understanding >> the proper name is "The War of Northern Aggression". :) > >Yes. We use both terms, and perhaps others as well. As to the Northern >Aggression, the avalanche of propaganda after the war (and continuing ... And I recall from my history classes that the _official_ name of that war was "The War of the Rebellion," which of course comes closer to Dale's point about the war being about an attempted secession, which no serious scholar doubts it was about. (Another common name: The War Between the States. The "Civil War" is far and away the most common name, but is, as Dale notes, highly misleading. The winner gets to write the history books, though.) (Oh, it was "about" lots of things, things we all studied in high school. Cotten, tariffs, and the right not to have to teach children in Ebonics.) By the way, I'll be off the list for a while, for the usual seasonal reasaons. Ignore the usual Vulis remarks about how my silence means he has succeeded in driving me off the list, or that I'm in a tryst with Gilmore and Hughes. As to subjects discussed on the list, it's interesting that my very much "on-topic" post on extortion and untraceable payments, a very long post, has generated not a single response, while the "Ebonics" thread be cookin and jivin. I be dissed by dis shit. (Anyone who claims only crypto- or digicash-related sorts of posts are what the list should talk about should note the dynamics of these threads.) By the way, both Jesse Jackson and famed poetess Maya Angelou have denounced the Oakland School Board's adoption of "Ebonics" as shameful and a travesty. Jackson said black children should not be encouraged to speak "garbage." --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From lurker at mail.tcbi.com Sun Dec 22 12:17:40 1996 From: lurker at mail.tcbi.com (Lurker) Date: Sun, 22 Dec 1996 12:17:40 -0800 (PST) Subject: Off topic litter on Cyperpunks Message-ID: <3.0.32.19961222141617.006999b0@mail.tcbi.com> What has happened to cypherpunks? I joined this mailing list more recently than many others who recieve it, but most reacently it has gone downhill. The descriptions I have read (and I have read many) all state that this list is deadicated to the discussion of cryptography issues. Where the hell is the discussion about cryptography? Three fourths of the messages I have been recieving are off topic (Ebonics and "Slaughter"). If I wanted to read about current events and holocost I would have joined groups that were specified for discussion of those. From jld at osiris.com Sun Dec 22 12:40:14 1996 From: jld at osiris.com (Jean-Lou Dupont) Date: Sun, 22 Dec 1996 12:40:14 -0800 (PST) Subject: No Subject Message-ID: <199612222048.PAA10229@isis.osiris.com> unsuscribe jld at osiris.com From mgursk1 at umbc.edu Sun Dec 22 12:43:42 1996 From: mgursk1 at umbc.edu (Michael Gurski) Date: Sun, 22 Dec 1996 12:43:42 -0800 (PST) Subject: Legality of requiring credit cards? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- It's that wonderful season again, when all the assholes are out in force, and people feel obligated to purchase merchandise to give to each other. For various reasons, I don't believe in credit cards, and yet, trying to pay for something by personal check at the local Hecht's, they either *require* a credit card, or go through the Nazi check-warranty company Equifax. However, it doesn't stop there...only SOME departments seem to have this requirement (Electronics/Luggage not requiring). Is it legal to require credit cards? |\/|ike Gurski mgursk1 at umbc.edu http://www.gl.umbc.edu/~mgursk1/ finger/mail subject "send pgpkey"|"send index" Hail Eris! -><- O- |Member, 1024/39B5BADD PGP Keyprint=3493 A994 B159 48B7 1757 1E4E 6256 4570 | Team My opinions are mine alone, even if you should be sharing them. | OS/2 Senate Finance Committee Chair, SGA 1996-1997 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: I am not a number, I am a free man! iQCVAwUBMr2dZiKEMrE5tbrdAQGNEwQAjxsj387SAbEQnGr+8j0z12cWpREK/Y8U e5xCYMMwJ6J+rLip05nZ8uMHfY/anfGW5m2mMrvsVOggMh5Sv9Ljrw3u4uFl66B5 yU3iU3couXIZx5Dv1QhGdOSZPRpIo7wZGwCGtF4z9TM+cUzEUzA8LMDgavG8fY0D T+yrGuzhSzg= =aQ97 -----END PGP SIGNATURE----- From jlucas4 at capital.edu Sun Dec 22 13:00:25 1996 From: jlucas4 at capital.edu (Jesse Lucas) Date: Sun, 22 Dec 1996 13:00:25 -0800 (PST) Subject: the word is "NIGGAZ" Message-ID: <9612222057.AA14301@monoceros.capital.edu> Actually the word is "niggus." "Niggaz" is the white man's nasal rendition of this term. It can alos be spelt "niggas," but this form implies a different context. context. "Niggus" is used often within gangsta rap music in an effort to rhyme with difficult words when no other way can be found. "Niggas" would be referring to other black fellows in a friendly way. More or less. Gangsta J ************************************************************************** # Gangsta J # "Dead bodies pile up, an' it's plain to see, # # j at hardcore.gangsta.com # it's because o' me. I'm the girl killa, the # # Brownsville ghetto # throat slitta, the cunt rippa" - J # ************************************************************************** From mrosen at peganet.com Sun Dec 22 14:14:50 1996 From: mrosen at peganet.com (Mark Rosen) Date: Sun, 22 Dec 1996 14:14:50 -0800 (PST) Subject: Ebonics Message-ID: <199612222158.QAA10206@mercury.peganet.com> > Just saying someone has a Southern "accent" is prejudicial and ignorant. > It's true that anyone, Southern or otherwise, can slur words so they're > not clear, but on averages, Southerners who speak clearly with their > native inflections and pronunciations are easier to understand than your > typical Yankees, whose speech is generally thin, nasal and rather pinched- > sounding. Yeah. But I can't understand people with Southern Accents therefore I won't hire them. > People talked about hate in the South in the 1960's. What a crock. > Apartheid, sure, no doubt about that. But hate, well, I grew up in > the North and I lived for a few years in the deep South, and the people > in the South don't hate like the Yankees do, on average. Wow. You must read completely different history books than the rest of the world. > If you want to see how hate works, look how the big-media organizations > have descended on Southern radio and TV and have been telling them that > they speak wrongly, and that Southern "accents" are something to be > ashamed of. Damn the liberal media! (That was a sarcastic statement - do you know how right-wing that sounds). From mrosen at peganet.com Sun Dec 22 14:14:51 1996 From: mrosen at peganet.com (Mark Rosen) Date: Sun, 22 Dec 1996 14:14:51 -0800 (PST) Subject: Ebonics Message-ID: <199612222159.QAA10214@mercury.peganet.com> I would like to conclude this Ebonics issue. The main problem is understanding. Some people have bad accents, either Southern or Ebonic, both of which are often difficult to understand. I am not disputing the fact that everyone should learn a standard language, but I object to the racial undertones of the messages - that black people are stupider than white people, and gross ignorance of environmental conditions. Whatever. Mark Rosen FireSoft - http://www.geocities.com/SiliconValley/Pines/2690 Mark Eats AOL - http://www.geocities.com/TimesSquare/6660 From mrosen at peganet.com Sun Dec 22 14:14:57 1996 From: mrosen at peganet.com (Mark Rosen) Date: Sun, 22 Dec 1996 14:14:57 -0800 (PST) Subject: Ebonics Message-ID: <199612222158.QAA10211@mercury.peganet.com> > > No. Speaking in Ebonics is the same as speaking with an accent. You can't > > control their expression; you learned to speak with a Southern accent as a > > child, while other people learned to speak with an Ebonic accent (?). By > > condoning speaking in a Southern accent, you condone speaking in Ebonics. > > Whatever rational basis your arguments may have had were eradicated by the > ludicrous logical conclusion drawn above. Hehe. What I mean to say is that since both Ebonics and a Southern accent are learned during early childhood, you have no control over how you talk. You can't penalize someone for speaking the way they were taught. > > I can't understand thick Southern accents. No matter how smart you are, > > I'm not going to hire you because I can't understand you. How do you feel? > > Oh so sad. Let me make this clear, an accent is far different from > grammatically incorrect speech. I can speak with grammatic perfection and a > drawl so heavy it'll make your eyeballs hurt. Yeah. I thought the issue was understanding in the workplace; no matter how gramatically correct your are, I can't understand you and so I won't hire you. From mjmiski at execpc.com Sun Dec 22 14:19:29 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Sun, 22 Dec 1996 14:19:29 -0800 (PST) Subject: Ebonics Message-ID: <3.0.32.19961222161832.006c01fc@mail.execpc.com> -----BEGIN PGP SIGNED MESSAGE----- At 05:04 PM 12/21/96 -0800, Jamie Lawrence wrote: >Are you honestly arguing that a system of communication >acknoledged and taught in a public school is satisfying >a 'need or desire to communicate in a private way"? Actually I meant my tongue to be relatively firmly in cheek. However, some sub-cultures from which ebonics comes did have a need and desire to communicate quickly and privately. >Or that Ebonics has anything to do with communicating >in the presence of a police officer? Often times in some areas of this country, people distrust the police. They do form ways of communication that is not easily understood to avoid what they see as police interference. I am not defending use of communication privacy techniques in the name of the four-horsemen but... > >Or that either of the above has anything to do with crypto? > As Tim and others have said repeatedly, there is no on/off topic here. Want pure code goto coderpunks; want moderation goto cryptography. I am just trying to counter some of the statements made here. Sometimes people view cpunks as some sort of borg-like mind with no dissidents. I sometimes reply to let people know that might not be so... Matt -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCUAwUBMr2ztLpijqL8wiT1AQFZHAP43SqA3CGpt46zs8esSYNPvw3Iyf/No2y6 7yQ1ij2UN/jD2rFh8CPJE+MS59YOlXiItsBDQLZoGJRhWS/dVJ8LHkeMvZHwHD1l Yf01COkpB6K7HMj0pFjVvdpigbekWzGrTh5juIRg/xhkLhUqJJfN5eWlgif29Fnd EzgHGGBBQA== =QyMm -----END PGP SIGNATURE----- From mjmiski at execpc.com Sun Dec 22 14:30:07 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Sun, 22 Dec 1996 14:30:07 -0800 (PST) Subject: Ebonics Message-ID: <3.0.32.19961222162859.006c01fc@mail.execpc.com> -----BEGIN PGP SIGNED MESSAGE----- Sorry to quote so much, in this case it seemed necessary. At 04:07 PM 12/21/96 -0800, Timothy C. May wrote: >At 5:49 PM -0600 12/21/96, Matthew J. Miszewski wrote: > >>Are you talking about the School Board requirements? Are you still in High >>School, Tim? ;-) I have never heard you speak of children, so you might >>have a valid complaint if you have them in public schools (although home >>schooling is still an option). > >The principle is of interest to even those without schoolaged children! >Neither having schoolaged children nor living in the Oakland Public School >System district is a necessary condition for commenting on the foolishness >of "Ebonics" and other such scams. Only the most naive of commentators says >things like "If your children were not cannibalized by Jeffrey Dahmer, why >do you feel the need to comment on Dahmer?" > >(Sorry, Matthew, but I'm losing any remaining respect for your rhetorical >skills. I used to think we just disagreed politically, now I see more is >involved.) I apparently need to use those twirpy smiley faces more often (see above). I meant that to be funny which I guess it wasnt. One of your (Tim) prior posts clarifies much. That you hold out absolutely no hope for democracy actually lets me in on why you express yourself now like you do. My memory is that you werent always so clear in your expressions of disgust; this memory comes from several non-derogatory uses of the term "suits" when it came to cpunk political action in the past. I agree that democracy has myriads of flaws, but still hold out some hope for change. My comment about such inflaming language was of disappointment because Tim almost single-handedly helped me reconsider many of my traditional political thoughts. It is difficult sometimes to get past the anger in current posts (although I do understand and respect Tim's ability to be absolutely honest about his views which is refreshing.) Matt -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMr22JbpijqL8wiT1AQHbIQQAhX7pj5JqkG55pWkexxn5qRMmlhme44lo ZsHXsfVNWhon2gqPBUvQT7BDEXJvTiiPGcfaAYL5GZV5FqpDOnuvyEBUOWwCoajK oFBHTgHeLL90MRi+py+k5rtofz5wA68M9LDqnNlIsISeTeq9vefBbGmeNIq3mrnv d/eqocuU1aM= =A/LN -----END PGP SIGNATURE----- From mjmiski at execpc.com Sun Dec 22 14:49:23 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Sun, 22 Dec 1996 14:49:23 -0800 (PST) Subject: Ebonics Message-ID: <3.0.32.19961222164822.006c01fc@mail.execpc.com> >You're confusing issues. As with similar confusions about "right to work" >(where the putative conflict is between Alice's right to hire whom she >chooses and Bob's putative "right to a job"), the confusion lies in what >one calls a right. I assume you are talking about right-to-work labor laws, in which case, it does not refer to the above. It has to do with union-membership (which you more than likely similarly disagree with...) I agree that there is rampant abuse of the word/idea of "rights" in this country and around the world. I similarly think that many political disagreements can be boiled down to this problem. >And just where did anyone in any of these posts call for outlawing any >particular language, pidgin, slang, creole, jive, or invented lingo? I was actually joking, Tim. My original response was sent before I knew of the Oakland initiative. I do not hail from California, the land of Proposition XXX, and find some of them silly. You do advocate the unemployment of people who do utilize such a dialect/language. And I do fear that many people subscribe to your line of thinking. So I do respond to some of your posts earlier than I sometimes should to present a different point of view. >Really, Matt, go back to Rhetoric 101 and learn how to argue. That's a good argument. Do they teach that ad hominem stuff in that class? ;-) Matt From mjmiski at execpc.com Sun Dec 22 14:57:43 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Sun, 22 Dec 1996 14:57:43 -0800 (PST) Subject: Ebonics Message-ID: <3.0.32.19961222165645.006c01fc@mail.execpc.com> -----BEGIN PGP SIGNED MESSAGE----- At 08:30 PM 12/21/96 -0500, Mark M. wrote: >I never said that the government should force people to speak a certain >language. You are missing the main point: How do you expect to communicate >with an employee who can't speak any language that you can understand? It's >not arbitrary at all. In fact, it's rather simple. I have apparently been excrutiatingly unclear in my last post (tired folks should stay away from their terminals). I wasnt refrencing governmental action, but rather a flaw in some principles. I believe that the line of thought that we should all speak "proper" english leads to anti-libertarian results. What has been missing from my posts is the link to the chain of english-as-an-official-language regulation. Tim's argument for the ability to communicate is somewhat reasonable in an employment context (although it depends largely upon the employment). When it is couched in the terms of his post, it makes the link to the chain of reasoning above much easier to make. Matt -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMr28prpijqL8wiT1AQH70AP/TV7qcy3y26yeH+eNvm9MVBY0NfuBGokC uHS1NxpiIxl6NUTXIZTHKjlOd/pGM8JBgV6fp+7o+iruiJWBhE6mql+d/NAWjDiz RLJ8brwuy0sqG98GrwCKHjsc6Bf88v+DcxHxAs92uEqJ6aKeEuqXiITFwKrC9xjf euZxnLm0q6w= =OEgE -----END PGP SIGNATURE----- From vin at shore.net Sun Dec 22 15:04:11 1996 From: vin at shore.net (Vin McLellan) Date: Sun, 22 Dec 1996 15:04:11 -0800 (PST) Subject: Encryption ? In-Reply-To: Message-ID: <32BDBE40.6B4B@shore.net> Shark wrote: > I am a Mathematic student at Bosphorus University in Turkey. > I am interested in both computer applications and mathematical base of > encryption.Where can I find this kind of staff on internet. > Is it necessary to have high level of mathematical background in order to > deal with encryption?? No, you do not need a phd or the like to deal with the fundamental issues of access and implementation in cryptography, nor to appreciate the elegant logical structures of cryptographic protocols and designs. Yes, you do need sophisticated math skills to, say, evaluate the relative strength of cryptographic algorithms and protocols -- but few have those skills... and many more of us, nonetheless, have to make decisions. So we rely on the opinions of those we come to trust in these esoteric matters. I highly recommend two Finnish websites: and (AVS, at the first, has a great selection of pre-set web-searches which can refocus your query into categories which are particularly relevant to Europeans and non-Americans.) There are also treasure-laden FTP sites in Holland and the UK: among many valuable international sites. If your bent is toward applied crypto, see the COAST archive at: You might also want to visit the SDTI/RSA website for their FAQ and archive, and the Quadralay site ) will retrieve, among other treasures, a number of "introductions to cryptography" for beginners and others. When you narrow your interests, look for FAQs (frequently asked queston) files on a specific topic: for example, SSL, or SMIME, or S-HTTP) As you've doubtless noticed, the Internet as a whole is painfully US-centric (and some inhabitants of little virtual villages like C'punks are often so enamored with their own self-image that they refuse to be distracted by anything else;-) C'punks desperately needs someone with the wit of Nasser Hodin Hodja -- but I also think you caught a couple of guys on a "bad hair day" or something. Folks here are generally more responsive to people jumping the language and cross-cultural barriers. The Net as a whole is very open. There is a great willingness to share, help, and respond; even with "newbie" inquiries. Experts in the field regularly step in to nudge a discussion and, sometimes, even restate the basics. You'll do better if you do a little work one your own, and _then_ reach out and ask for further clarification or additional pointers. G�r� s�r�z, _Vin -- Vin McLellan +The Privacy Guild+ 53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548 <*><*><*><*><*><*><*><*><*> From asgaard at Cor.sos.sll.se Sun Dec 22 16:07:04 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Sun, 22 Dec 1996 16:07:04 -0800 (PST) Subject: The Ebolics Virus may be contained In-Reply-To: Message-ID: On Sun, 22 Dec 1996, Timothy C. May wrote: > By the way, both Jesse Jackson and famed poetess Maya Angelou have > denounced the Oakland School Board's adoption of "Ebonics" as shameful > and a travesty. Jackson said black children should not be encouraged to > speak "garbage." Isn't that what Farrakan (sp?) has been saying from the start of his political career? I thaught he was the Man nowadays (but I don't live in the US and could have gotten it backwards). Asgaard From dlv at bwalk.dm.com Sun Dec 22 16:20:11 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 22 Dec 1996 16:20:11 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: Message-ID: <1o5cZD11w165w@bwalk.dm.com> Michael Gurski writes: > It's that wonderful season again, when all the assholes are out in > force, and people feel obligated to purchase merchandise to give to > each other. So don't. It's another idiotic American custom that I don't follow. > For various reasons, I don't believe in credit cards, and > yet, trying to pay for something by personal check at the local > Hecht's, they either *require* a credit card, or go through the Nazi > check-warranty company Equifax. However, it doesn't stop there...only > SOME departments seem to have this requirement (Electronics/Luggage > not requiring). Is it legal to require credit cards? They're welcome not to accept checks if they don't want to. Why should the gubmint tell anyone whether it's "legal" to reject checks from potential crooks? "Cypher punks" and "libertarian" are such fucking statists. If you don't want to use a credit card, pay cash. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sun Dec 22 16:21:51 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 22 Dec 1996 16:21:51 -0800 (PST) Subject: The Ebolics Virus may be contained In-Reply-To: Message-ID: Timmy C. May farted: > By the way, I'll be off the list for a while, for the usual seasonal > reasaons. Ignore the usual Vulis remarks about how my silence means he has > succeeded in driving me off the list, or that I'm in a tryst with Gilmore > and Hughes. A romantic threesome? Anyway, good riddance. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From deviant at pooh-corner.com Sun Dec 22 16:25:34 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sun, 22 Dec 1996 16:25:34 -0800 (PST) Subject: Off topic litter on Cyperpunks In-Reply-To: <3.0.32.19961222141617.006999b0@mail.tcbi.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 22 Dec 1996, Lurker wrote: > What has happened to cypherpunks? I joined this mailing list more recently > than many others who recieve it, but most reacently it has gone downhill. > > The descriptions I have read (and I have read many) all state that this > list is deadicated to the discussion of cryptography issues. Where the > hell is the discussion about cryptography? > > Three fourths of the messages I have been recieving are off topic (Ebonics > and "Slaughter"). If I wanted to read about current events and holocost I > would have joined groups that were specified for discussion of those. > Hrmm.. actually.. Ebonics is more on topic than you realise. The Ebonics that they're teaching is really nothing more than a simple trnsposition cypher. --Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 "Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive." -- C. S. Lewis -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMr3RODCdEh3oIPAVAQHbuQf9Hlw9gKn44msVwuH7nnySPtjiKaOc/L5h 40YzNguhZD3jDHmQ9sC7gR+u+mo+X9IERJd05GUKKAYGIvqL0nlzEFSDRUSPPkno oy9D8JlH8DehM54+H2AJjgzm4Y9+fj+E8GENs4AZUgbInKjtv+nzBKpoWUEr2SIp EMSHEm5MHfLZbm0OX7o3xPE5x9wVuaOt6cSGJAOYsFW3faxhn5zRyq7w08DCU8gX 61Np62pqQgmGp/aUQAQxggNXTflGIWYNIf/Wsvq8B922k+j87nr3DYQYXCqYVKwy ORcOe7pxmjB77qAXdpxmBGt3E3VFS5UrhZ5XeMs6lzn7F+bAa5dm7Q== =0bc0 -----END PGP SIGNATURE----- From jimbell at pacifier.com Sun Dec 22 16:30:20 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 22 Dec 1996 16:30:20 -0800 (PST) Subject: Ebonics Message-ID: <199612230030.QAA18048@mail.pacifier.com> At 01:30 PM 12/22/96 -0500, Mark Rosen wrote: > Hehe. What I mean to say is that since both Ebonics and a Southern accent >are learned during early childhood, you have no control over how you talk. This is not true. The recent commentary and interviews I've seen on this subject make it clear that the people speaking "Ebonics" are quite capable of speaking in standard English, and do so when they find it, er, convenient. Jim Bell jimbell at pacifier.com From deviant at pooh-corner.com Sun Dec 22 16:31:12 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sun, 22 Dec 1996 16:31:12 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 22 Dec 1996, Michael Gurski wrote: > It's that wonderful season again, when all the assholes are out in > force, and people feel obligated to purchase merchandise to give to > each other. For various reasons, I don't believe in credit cards, and > yet, trying to pay for something by personal check at the local > Hecht's, they either *require* a credit card, or go through the Nazi > check-warranty company Equifax. However, it doesn't stop there...only > SOME departments seem to have this requirement (Electronics/Luggage > not requiring). Is it legal to require credit cards? The only real legality of requiring some form of payment is that if they take one form of federal reserve currency (eg the one dollar bill) they have to take any form of federal reserve currency (eg the penny). This means that when your parking ticket says you can't pay in change, you can still pay in change. Legally (according to CNN anyway, i've never bothered to actually go look it up) if you ofer to pay something in change, and they decline, you can give them one warning, and _assuming a debt is previously incurred (eg parking ticket, not new pants) you don't have to pay. Unfortunatly, they can decline cash/change completely, or decline checks, or decline credit cards. But if they take one dollar bills, go by the bank first and get it in pennies. Pay with that. --Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 "Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive." -- C. S. Lewis -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMr3SkTCdEh3oIPAVAQH6Lgf/SthkfxgY7R0iJltRFOmdLEpqOo5g0a5P mWCi1nUrHzEZha3ij+gntxIWCFRaY/1qLyk1RJgDHAiFa5gWQBULxy6jyTBm5Zcz NMXkd8VardL9AmjmJd3LccCx9VMHo8/YqZ/hQOJXFL4/QuwDyNLS+vbUmNKPPGzD d0ewCoQmgHxh2KpHYE1+O2jo/4yxRGr6Vl7jrE4HZ6GQ0U+YF7+WIf7mVP9gwZHw +XNRgdcT56iqtPhISPzq5NH/4djwisPNYat/ywW6u+HSfaFHhi+79mWOlprpEiK4 Vfa9iRdwTCkQuVTDJdbFuqnsQHGxBrgDsBUmFLH0WNT0CXCpECEgyg== =aMoc -----END PGP SIGNATURE----- From shamrock at netcom.com Sun Dec 22 17:08:30 1996 From: shamrock at netcom.com (Lucky Green) Date: Sun, 22 Dec 1996 17:08:30 -0800 (PST) Subject: Slaughter Message-ID: <3.0.32.19961222165943.006b21a8@netcom13.netcom.com> At 10:12 AM 12/22/96 -0800, Dale Thorn wrote: >Carl Johnson wrote: >> Dale Thorn wrote: > >> Thanks, I love the quote but can't find it or it's source. Perhaps I >> can put it all together in bits and pieces. > >As long as we're getting closer on that one, I thought I'd add my own >twist on another famous (but obnoxious) quote: > >The standard version: >God grant me the serenity to accept the things I cannot change; >The courage to change the things I can; >And the wisdom to know the difference. (quote not necessarily exact). > >My version: >God grant me the wisdom to know the difference between right and wrong; >The courage to support those who I feel are doing the right things, > and to oppose those who are doing the wrong things; >And the serenity to do so as peacefully as possible. Another, increasingly popular, variety of the AA "prayer" is: God grant me the serenity to accept the things I cannot change; The courage to change the things I can; And the firepower that makes the difference. -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://www.mersenne.org/prime.htm From dlv at bwalk.dm.com Sun Dec 22 18:20:19 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 22 Dec 1996 18:20:19 -0800 (PST) Subject: Off topic litter on Cyperpunks In-Reply-To: <3.0.32.19961222141617.006999b0@mail.tcbi.com> Message-ID: "Lurker" writes: > What has happened to cypherpunks? I joined this mailing list more recently > than many others who recieve it, but most reacently it has gone downhill. > > The descriptions I have read (and I have read many) all state that this > list is deadicated to the discussion of cryptography issues. Where the > hell is the discussion about cryptography? This private mailing list belongs to the asshole censor John Gilmore (spit). Anyone who foolishly tries to discuss cryptography (like Don Woods) gets flamed to hell by the likes of Paul "brute force attack one one-time pad" Bradley. You wanna talk cryptography, go to sci.crypt, an unmoderated Usenet newsgroup. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sun Dec 22 18:21:03 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 22 Dec 1996 18:21:03 -0800 (PST) Subject: Untraceable Payments, Extortion, and Other Bad Things In-Reply-To: Message-ID: See what jerk tcmay(fart) is: he sends crypto discussions to the "cypher punks" mailing list, where crypto is off-topic now. "Timothy C. May" writes: > I've noticed a few references in the press, and maybe on this list, to the > idea that because some bad things may be done with untraceable payments > (true Chaumian digicash, not the watered down version offering only > one-sided untraceability), that governments will "not allow" such > untraceable payments. Fuck the gubmint. Fuck the patent law. Patent law, copyright law, libel law - none of that shit has any relevance in the cyberspace. Do I understand right that David Chaum no longer runs ecash? Then I see no ethical reason not to implement his original ideas with full anonymity *NOW*. ... > "Untraceable payments" refer to payer- and payee-untraceable Chaum-style > cash. Although for the discussions here of extortion, payee-untraceable > (the person being paid would not be traceable is my sense of this term) > digital cash would be sufficient; that the payment originated from XYZ > Corporation or some account at the Bank of Albania would not stop the acts. > > Chaum has in recent years attempted (I have to presume) to take the "edge" > of fully-intraceable digital cash by making it only partly untraceable. > Many of us hypothesized that "mixes" (as in remailers) could be used to > fully-untraceabalize (?) even partly-traceable systems. I recall Lucky > Green, Hal Finney, and others in such discussions. "Banks" were proposed to > do this. Recently, Ian Goldberg claims to have a system which formally > accomplishes this. So instead of shooting your stupid mouth, issue some ecash and promise to exchange it for real US$ upon bearer's demand. Do you have the balls for it? > Suppose there exists a supplier of fully-untraceable (or payee-untraceable > at least) cash *somewhere* in the world. It could be a physical bank, a la > the Bank of Albania, or it could be an underground payment system, a la the > Mafia, the Tongs, the Triads, whatever. A reputation-reliant system which > says "Present us with the proper set of numbers and we will provide money > to the bearer, or follow instructions, and so on." (I'm informally > describing the process of "redeeming" a digital bearer instrument, > converting the set of numbers into some other form of specie, or item of > value, whatever. Maybe gold, maybe dollars, maybe an entry into an account > somewhere. The "untraceability," via the blinding operation, means that the > bearer is not linked to the transaction made earlier, so there is not risk > at the bank or Triad. I'm also not distinguishing between offline and > online clearing here...my feeling for a long time has been that online > clearing has many advantages, but I suspect it does not work too well in > the extortion case described here, until something like PipeNet can be used > as part of the process.) Translation: you don't have the balls to do this yourself. See, "cypher punks" can only while and flame, and they don't have the guts to issue ecash and to say: this token will be exchanged for $1 by Lucky Green; and that token will be exchanged for $10 by Hall Filly. > This is why I look forward to this Brave New World of fully untraceable > communications and fully untraceable economic transactions. But you don't have the balls to bring it any closer, you airbag parasite. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sun Dec 22 18:30:13 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 22 Dec 1996 18:30:13 -0800 (PST) Subject: Ebonics In-Reply-To: <3.0.32.19961222161832.006c01fc@mail.execpc.com> Message-ID: "Matthew J. Miszewski" writes: > just trying to counter some of the statements made here. Sometimes people > view cpunks as some sort of borg-like mind with no dissidents. "Cypher punks" is a private mailing list owned by the asshole censor John Gilmore who unsubscribes whoever dares post something John doesn't like. His mailing list is a laughing stock for the media. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From 70023.3247 at compuserve.com Sun Dec 22 18:50:39 1996 From: 70023.3247 at compuserve.com (James Bugden) Date: Sun, 22 Dec 1996 18:50:39 -0800 (PST) Subject: The Ebonic Plague Message-ID: <961223024816_70023.3247_CHU91-1@CompuServe.COM> blancw at cnw.com wrote: >From: Timothy C. May > >Democracy has run amok in this country. There is no hope for reforming >at the ballot box, as democracy only makes things worse. Only a crypto >reign of terror can purge this land of the scum. >...................................................... > >Just how would this take shape in "real life" - what would constitute this >reign of terror; how do you envision such an event in action? > >And which are the scum who would be purged? > >Blanc Scum - you know - it's like crap - it's the stuff that floats to the top. Or is that the cream? Sucks Syntax! Anarchy Rules! Merry Christmas! James jbugden at alis.com "pride and selfishness, when combined with mental power, never want for a theory to justify them-and when men oppress their fellow-men, the oppressor ever finds, in the character of the oppressed, a full justification for his oppression." Frederick Douglass, 1854 From kwit at iap.net.au Sun Dec 22 18:53:00 1996 From: kwit at iap.net.au (kwit at iap.net.au) Date: Sun, 22 Dec 1996 18:53:00 -0800 (PST) Subject: unsuscribe kwit@iap.net.au Message-ID: <32BDF37F.D63@iap.net.au> unsuscribe kwit at iap.net.au From dthorn at gte.net Sun Dec 22 19:06:11 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 22 Dec 1996 19:06:11 -0800 (PST) Subject: Language (Was:Re: Ebonics) In-Reply-To: <3.0.32.19961222121921.006a2b84@smtp1.abraxis.com> Message-ID: <32BDF6D5.3D16@gte.net> Alec wrote: > :If you read my complete post, you would note that I made a distinction > :between "twang" (i.e., slurring words) > Twang is _not_ slurring words; twang is speaking with a nasal accent. A > good example is the principal's secretary in "Ferris Buhler's Day Off." This is very interesting. I've seen and heard examples that show Yankee dialect to be more nasal, and you're saying twang is nasal. Must be a Yankee trying to sound "twangy". BTW, the "accents" in a lot of Hollywood movies are really atrocious to native ears. P.S. A person whose name I forgot wrote a book called "Southern by the Grace of God", in which he tells of going to New York and really enjoying hearing native accents in Brooklyn, etc. He explains that since Big Media is trying so desperately (examples available) to wipe out native accents/dialects, speech is becoming rather bland all over, and he found the local accents in N.Y. to be a refreshing change from the bland stuff, even though his personal preference was Southern. Oklahoma, as I recall. From dthorn at gte.net Sun Dec 22 19:09:07 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 22 Dec 1996 19:09:07 -0800 (PST) Subject: The Ebolics Virus may be contained In-Reply-To: Message-ID: <32BDF779.2846@gte.net> Asgaard wrote: > On Sun, 22 Dec 1996, Timothy C. May wrote: > > By the way, both Jesse Jackson and famed poetess Maya Angelou have > > denounced the Oakland School Board's adoption of "Ebonics" as shameful > > and a travesty. Jackson said black children should not be encouraged to > > speak "garbage." If I remember correctly, the head of the NAACP a few years ago said (in response to having to say 7 syllables instead of 1, i.e., African- American instead of Black), "we were better off when it was just plain Colored". (Quote approximate). From jimbell at pacifier.com Sun Dec 22 19:32:53 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 22 Dec 1996 19:32:53 -0800 (PST) Subject: [NOT NOISE] Microsoft Crypto Service Provider API Message-ID: <199612230332.TAA29587@mail.pacifier.com> At 07:36 AM 12/18/96 -0800, geeman at best.com wrote: > >Microsoft had to agree to validate crypto binaries against >a signature to make sure they weren't tampered with, in >exchange for shipping crypto-with-a-hole. They will >sign anything (theoretically) if it has the export >papers and all. Or without, if you affadavit it is not >for export. > >They do not themselves impose any restrictions on crypto >strength. >I'm not expressing political position here, just conveying facts .... What if the software involved was IMPORTED? Moreover, is legal to export just the signature? Jim Bell jimbell at pacifier.com From dlv at bwalk.dm.com Sun Dec 22 20:20:10 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 22 Dec 1996 20:20:10 -0800 (PST) Subject: Slaughter In-Reply-To: <3.0.32.19961222165943.006b21a8@netcom13.netcom.com> Message-ID: Lucky Green writes: > And the firepower that makes the difference. A Mac luser rants about firepower? He he he. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sun Dec 22 20:20:17 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 22 Dec 1996 20:20:17 -0800 (PST) Subject: Ebonics In-Reply-To: <199612230030.QAA18048@mail.pacifier.com> Message-ID: <8wFDZD22w165w@bwalk.dm.com> jim bell writes: > At 01:30 PM 12/22/96 -0500, Mark Rosen wrote: > > Hehe. What I mean to say is that since both Ebonics and a Southern accent > >are learned during early childhood, you have no control over how you talk. > > This is not true. The recent commentary and interviews I've seen on this > subject make it clear that the people speaking "Ebonics" are quite capable > of speaking in standard English, and do so when they find it, er, convenient. How does this tie into assassination politics? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From gimonca at skypoint.com Sun Dec 22 21:23:03 1996 From: gimonca at skypoint.com (Charles Gimon) Date: Sun, 22 Dec 1996 21:23:03 -0800 (PST) Subject: Legality of requiring credit cards? (fwd) Message-ID: Forwarded message: > Date: Sun, 22 Dec 1996 15:43:28 -0500 (EST) > From: Michael Gurski > Subject: Legality of requiring credit cards? > > It's that wonderful season again, when all the assholes are out in > force, and people feel obligated to purchase merchandise to give to > each other. For various reasons, I don't believe in credit cards, and > yet, trying to pay for something by personal check at the local > Hecht's, they either *require* a credit card, or go through the Nazi > check-warranty company Equifax. > Equifax does business by tracking reputations, as do all credit reporting companies. That's how a free market handles bad checks. From dthorn at gte.net Sun Dec 22 21:57:40 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 22 Dec 1996 21:57:40 -0800 (PST) Subject: Off topic litter on Cyperpunks In-Reply-To: <3.0.32.19961222141617.006999b0@mail.tcbi.com> Message-ID: <32BE1EF6.3A57@gte.net> Lurker wrote: > What has happened to cypherpunks? I joined this mailing list more recently > than many others who recieve it, but most reacently it has gone downhill. > The descriptions I have read (and I have read many) all state that this > list is deadicated to the discussion of cryptography issues. Where the > hell is the discussion about cryptography? > Three fourths of the messages I have been recieving are off topic (Ebonics > and "Slaughter"). If I wanted to read about current events and holocost I > would have joined groups that were specified for discussion of those. Now Lurker, you can go read a discussion of Indo-European culture or South American sheep grazing on any news group, and if the info posted there doesn't conflict with any current government interests such as restricting crypto, then sure, the discussion will be plain and out in the open for all to see (and who cares anyway, right?). But you didn't really expect to come here and just get handed the most interesting technical data on a subject that *does* concern the NSA et al rather deeply, and not have to do any work? It's there, but it's going to take patience and some reading between the lines. Consider yourself lucky that you can suscribe to such a list as this, while such a freedom still exists. From dthorn at gte.net Sun Dec 22 22:13:27 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 22 Dec 1996 22:13:27 -0800 (PST) Subject: Ebonics In-Reply-To: <199612222158.QAA10206@mercury.peganet.com> Message-ID: <32BE22B0.584B@gte.net> Mark Rosen wrote: > > Just saying someone has a Southern "accent" is prejudicial and ignorant. > > It's true that anyone, Southern or otherwise, can slur words so they're > > not clear, but on averages, Southerners who speak clearly with their > > native inflections and pronunciations are easier to understand than your > > typical Yankees, whose speech is generally thin, nasal and rather > > pinched-sounding. > Yeah. But I can't understand people with Southern Accents therefore I > won't hire them. Then let me speak a language that you, Mark Rosen, can understand: Oswald did it alone. George Lincoln Rockwell really *didn't* run all of his new prospects through the FBI. Sirhan Sirhan worked alone. Money grows on trees. And best of all, in the immortal words of Noam (asshole) Chomsky: "I can see *no* forces who would have wanted Kennedy dead". (And not a single y'all in the bunch). > > People talked about hate in the South in the 1960's. What a crock. > > Apartheid, sure, no doubt about that. But hate, well, I grew up in > > the North and I lived for a few years in the deep South, and the people > > in the South don't hate like the Yankees do, on average. > Wow. You must read completely different history books than the rest of > the world. Not the rest of the world, Mark. People outside of the U.S. are pretty hip. It's guys like you who promote the popular ignorance here. Did you know, Mark, that many of the top important people of the world got together outside of Toronto a few months ago for their annual meeting of world-importance discussions, and the American press thought it was not worth reporting on? The Canadian press reported on it. Maybe those Canadians just don't have any respect for privacy, or maybe they are all stupid, or (gag!) maybe they are all in cahoots with that nefarious Neo-Nazi Willis Carto!! > > If you want to see how hate works, look how the big-media organizations > > have descended on Southern radio and TV and have been telling them that > > they speak wrongly, and that Southern "accents" are something to be > > ashamed of. > Damn the liberal media! (That was a sarcastic statement - do you know how > right-wing that sounds). Gosh, Mark. All we really need to go on here in the U.S. is our first impressions of things. No need to be suspicious about government maybe wanting to *rule* us or anything like that, no need to worry that guys like John J. McCloy, Henry Ford, and the Rockefellers would even *think* to use the Nurnberg trials as a (gasp!) spy laundry, where the number executed was what, 5 or 10? Sleep well, Mark. Nothing to be concerned about. Everything you read in the papers is true! P.S. You'll note above I was describing actual experience, which you addressed as "reading history books". From vznuri at netcom.com Sun Dec 22 22:17:36 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Sun, 22 Dec 1996 22:17:36 -0800 (PST) Subject: Untraceable Payments, Extortion, and Other Bad Things In-Reply-To: Message-ID: <199612230617.WAA04103@netcom6.netcom.com> poor timmy laments that no one responded to his latest gedanken masterpiece. I am very pleased to be the one to relieve him of his loneliness. Timmy writes: >Fortunately for the bulk of us, the likely number of deaths and economic >losses from such crimes of kidnapping, extortion, and even murder for hire, >is still likely to be vastly lower than the number of deaths caused by >powerful central governments enriching themselves and their cronies with >foreign wars. Not to mention the deaths in the Drug War, the lives wasted >in other interferences in private behavior, etc. imho, it's a very warped kind of mind that insinuates some evil is no big deal because greater evils exist in the world. it's an argument I see often among the libertarians around here. "what's the big deal about murder? govt's do it all the time. everyone should be able to murder anyone if govt's do it. why, the right to murder people is an inalienable right!!". of course the arguments are never made in this language-- the fun is spotting it in the rhetoric. >This is why I look forward to this Brave New World of fully untraceable >communications and fully untraceable economic transactions. ah, an even more warped mind that not merely condones it but "looks forward to it" careful, timmy, your slime is showing!! (it would be fun to debate you publicly some day on your true beliefs, but alas, you never bite. oh well, I stay amused well enough..) From dthorn at gte.net Sun Dec 22 22:26:15 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 22 Dec 1996 22:26:15 -0800 (PST) Subject: Ebonics In-Reply-To: <199612222159.QAA10214@mercury.peganet.com> Message-ID: <32BE25B0.76B6@gte.net> Mark Rosen wrote: > I would like to conclude this Ebonics issue. The main problem is > understanding. Some people have bad accents, either Southern or Ebonic, > both of which are often difficult to understand. I am not disputing the > fact that everyone should learn a standard language, but I object to the > racial undertones of the messages - that black people are stupider than > white people, and gross ignorance of environmental conditions. Whatever. 1. What do you mean conclude? For whom? 2. Rather than hypothesize a "standard" language, the language evolves and generates the standard. Just relax and enjoy it. 3. Black people are/are not stupider than what? Mark, you should go live in the deep South for awhile, and become part of it, and watch the outsiders come in and tell your friends and neighbors on the TV, on radio, and in in-person seminars that they speak "wrongly" and should lose their Southern "accents", as though they were something to be ashamed of. Mark, you need to learn simple logic. Instead of saying "...are often difficult to understand", you should say "...are often difficult for *me* to understand". You see, Mark, I could understand you in speech I am sure, and I can also understand the Southern speech by-and-large, but it's you who seems to have the limitations. Now you want to force people who don't talk like you to talk like you, otherwise you won't deal with them. What a petty, narrow-minded person you must be, and how sad. From jazzmin at ou.edu Sun Dec 22 22:46:09 1996 From: jazzmin at ou.edu (Jazzmin Belle Sommers) Date: Sun, 22 Dec 1996 22:46:09 -0800 (PST) Subject: "the world is half women..." Message-ID: <32be2aa4043b004@cliff.ou.edu> >Dale Thorn and Tim May mutually blundered: >>Ya' know, guys, the world is half women, even though they're not on >>the c-punks list. Get in touch with them. They're fun people. >Ah, it's been a while since we had the "why aren't more women on the list?" >discussion. Frankly, women are of course welcome. If the list interests them, they are >welcome to subscribe. As it has always been. Oh, THANK YOU SO MUCH for discussing us in the third person. Guess what. There ARE women on the list (myself being one of them). (I thought that the men/women ratio was more like 46/54.) >That so few women are subscribers, or remain subscribers, or attend >Cypherpunks physical meetings....well, that's a larger issue involving >familiar issues: (chop -- those issues being libertarianism and other political nonsequiters.) (FYI: I'm a political science major and the secretary of the OU College Libertarians, neener neener.) >(I've explained crypto anarchy to many men and women over the past 6-8 >years. I've seen the guy's get agitated, or bothered, but usually >_interested_. I've seen eyes light up as they understand the likely >implications of untraceable payments, anonymous communications, avoidance >of Big Brother, etc. (CHOP CHOP) I think it's why we seem to have at most a couple of active women subscribers at any given moment.) This particular woman says that it's sooooo tiresome to wade through a lot of posturing and (even worse) the "me-toos" wherein people quote the entire post and then say, oh, yeah, I agree with that also. It's soooo easy to quit even reading the threads and just delete the whole thing. SUBTLE HINT MODE ON (Ah, so what do you propose, then, Miss Smartypants?) (AHEM! It's my brain that's smart, you lecher!) I'm on other lists and I've noticed that when they go to digest form much of the me-too-ness drops out. Is it that important to get 100 emails a day, if 80% of it is crap? Now, this part might sound more "womanish" -- it's nice to get an idea of the people posting, and have PRIVATE conversations. Most people don't care to see blanc and dale bash it out over fifteen posts. It's junk mail littering our in boxes! It's TASTELESS! ...furthermore, it's not cool. [Rabid soapboxing about what is and isn't cool omitted.] >So, Dale, feel free to recruit more women to this and other lists. But >don't presume from the traffic you see here--or from comments about the >utter stupidity of little Jessica Dubroff, her pilot, her parents, and the >complicitous news media--that we need a lecture on getting in touch with >women. Oh, yes you do. Consider yourself lectured. Stick to the topics, or stray on a RELATED subject. Jess Dubroff ISN'T. Complicitous news media IS. ENOUGH! No followup posts! Take my advice and smoke it! Er, wait. That doesn't sound right. And for those of you who are just WAITING to flame me, don't bother. I'm not a feminazi, not an "uppity woman", just a chick who'll {spontaneous hot-tempered threats deleted upon second thought}. Email privately if you care to respond. Jazz Sommers From lucifer at dhp.com Sun Dec 22 22:57:01 1996 From: lucifer at dhp.com (Anonymous) Date: Sun, 22 Dec 1996 22:57:01 -0800 (PST) Subject: Certified primes Message-ID: <199612230656.BAA18584@dhp.com> Timmy `C' May is a certified sexual pervert who wears women's underwear. \\\ (0 0) _ooO_(_)_Ooo____ Timmy `C' May From mrosen at peganet.com Sun Dec 22 22:57:11 1996 From: mrosen at peganet.com (Mark Rosen) Date: Sun, 22 Dec 1996 22:57:11 -0800 (PST) Subject: Ebonics Message-ID: <199612230641.BAA13632@mercury.peganet.com> > 1. What do you mean conclude? For whom? I mean conclude. For me. I am the authority on all. I am just personally a little sick of this Ebonics thing, as we have obviously irreconcilable positions. I tried to take a concilliatory position with which all would agree. It has little to do with cryptography and is a stretch even for this generally weird mailing list. > 2. Rather than hypothesize a "standard" language, the language evolves > and generates the standard. Just relax and enjoy it. No. I'm right and you're wrong. Face it. :-) > 3. Black people are/are not stupider than what? Mark, you should go > live in the deep South for awhile, and become part of it, and > watch the outsiders come in and tell your friends and neighbors on > the TV, on radio, and in in-person seminars that they speak "wrongly" > and should lose their Southern "accents", as though they were something > to be ashamed of. > > Mark, you need to learn simple logic. Instead of saying "...are often > difficult to understand", you should say "...are often difficult for > *me* to understand". I personally have no problem understanding Southern accents. Other people have stated that they have problems understanding Ebonics, so I was just playing devil's advocate and taking another, conflicting position. I sense that one of the reasons why *some* people are so disgusted with Ebonics is that only black people speak it. I am just responding to those racist sentiments (Ahem. Timothy May) and trying to present a white example of muddled speech. Also, the entire issue of clarity of speech is relative and *will* be different for each person, another thing many people are ignoring. > You see, Mark, I could understand you in speech I am sure, and I can > also understand the Southern speech by-and-large, but it's you who > seems to have the limitations. Now you want to force people who don't > talk like you to talk like you, otherwise you won't deal with them. > > What a petty, narrow-minded person you must be, and how sad. Again, I was being devil's advocate and imitating other people's distaste with Ebonics. Your rather biting comments describe their narrow mindedness. From geeman at best.com Sun Dec 22 23:09:44 1996 From: geeman at best.com (geeman at best.com) Date: Sun, 22 Dec 1996 23:09:44 -0800 (PST) Subject: [NOT NOISE] Microsoft Crypto Service Provider API Message-ID: <3.0.32.19961222232041.0069e518@best.com> Software that is imported becomes subject to ITAR with respect to re-exportation, of course (but of course IANALetc.) If you can't demonstrate to MSFT that you are playing by the rules --such that you have the proper export papers for your code if you plan to export it, for example-- they won't sign, even if developed outside US. So: you develop a CSP outside US ... you have to IMPORT it to get it signed. It becomes subject at that point to ITAR export regs. Unless you demonstrate that you fulfull those requirements, no signature. So there's no relief by looking at just exporting the signature. ? At 07:21 PM 12/22/96 -0800, you wrote: >At 07:36 AM 12/18/96 -0800, geeman at best.com wrote: >> >>Microsoft had to agree to validate crypto binaries against >>a signature to make sure they weren't tampered with, in >>exchange for shipping crypto-with-a-hole. They will >>sign anything (theoretically) if it has the export >>papers and all. Or without, if you affadavit it is not >>for export. >> >>They do not themselves impose any restrictions on crypto >>strength. >>I'm not expressing political position here, just conveying facts .... > >What if the software involved was IMPORTED? Moreover, is legal to export >just the signature? > >Jim Bell >jimbell at pacifier.com > > From toto at sk.sympatico.ca Sun Dec 22 23:38:42 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Sun, 22 Dec 1996 23:38:42 -0800 (PST) Subject: Elboa, Elbonics, Donner & Blitzen In-Reply-To: Message-ID: <32BE4027.330A@sk.sympatico.ca> Timothy C. May wrote: > By the way, I'll be off the list for a while, for the usual seasonal > reasaons. I'm in a tryst with Gilmore and Hughes, extortion and untraceable payments, cookin and jivin--shameful "garbage." > --Tim May Tim, While your message came through somewhat garbled, it made it clear that the holiday season there in big city has lost its original innocence. Damn, and I'm stuck here in butt-fuck Saskatchewan (no pun intended). Toto From toto at sk.sympatico.ca Sun Dec 22 23:56:41 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Sun, 22 Dec 1996 23:56:41 -0800 (PST) Subject: The Ebonic Plague In-Reply-To: <961223024816_70023.3247_CHU91-1@CompuServe.COM> Message-ID: <32BE56F0.1B55@sk.sympatico.ca> James Bugden wrote: > Scum - you know - it's like crap - it's the stuff that floats to the top. > Or is that the cream? Life is like a bowl of chili. If you don't stir it every now and again, all of the scum rises to the top. (From the kitchen wall at Xalapeno Charlie's, Austin, TX, circa 1982) From rwright at adnetsol.com Mon Dec 23 00:01:11 1996 From: rwright at adnetsol.com (Ross Wright) Date: Mon, 23 Dec 1996 00:01:11 -0800 (PST) Subject: Mr. May's Posts. Other Things. Message-ID: <199612230801.AAA24862@adnetsol.adnetsol.com> On or About 21 Dec 96 at 10:36, Dr.Dimitri Vulis KOTM wrote: > Interesting. Paul Bradley does not consider Timmy May's (fart) > latest rants on "ebonics" and "colored race" to be racist? I think > Timmy May hates blacks even more than he hates Jews. Let's quote > Timmy's sick garbage on soc.culture.african.american and ask if they > find it offensive and racist. > Yes, Dr., this latest tripe that has spewed forth from Tim's keyboard reeks of bigotry. And all this time I felt you may have been too hard on him. This latest rant of his has made me reconsider your rough treatment of Mr. May. I kinda think he deserves a slapping right now. I find Mr. Mays comments quite racist and are quite off topic for this list. I would much rather talk about what rights I have to do bulk, targeted e-mailings! Or the fame of "The Spam King" I saw him on a TV show called The Web on the SciFi channel. This guy is a great example of the old adage that there is no such thing as bad publicity. Just my two cents. It's been too long since I last posted, but I was compelled to post about this racist crap. I went to an inner-city school in South Gate, California and found it better to be friendly with anyone who would be my friend, despite the color of their skin. I went into the US Military and that idea was reinforced there. So I hate to hear people who are unwilling to find humanity behind a darker color skin. That just pisses me off! Ross =-=-=-=-=-=- Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From Erase56 at aol.com Mon Dec 23 01:23:53 1996 From: Erase56 at aol.com (Erase56 at aol.com) Date: Mon, 23 Dec 1996 01:23:53 -0800 (PST) Subject: Super Crypto Message-ID: <961223042314_404470627@emout11.mail.aol.com> Can someone help me on finding a program with super crypto. E-mail me back at Erase56 at aol.com with the program attatched or e-mail me on where can I find it. On the internet of where ever. Thanks. From attila at primenet.com Mon Dec 23 03:04:42 1996 From: attila at primenet.com (Attila T. Hun) Date: Mon, 23 Dec 1996 03:04:42 -0800 (PST) Subject: Slaughter In-Reply-To: <3.0.32.19961222165943.006b21a8@netcom13.netcom.com> Message-ID: <199612231107.EAA01210@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- I just summarize grace and serenity to: Lord grant me the serenity to accept the things I cannot change. The courage to change the things I can. And the wisdom to hide the bodies of the people I had to kill because they pissed me off. --attila Intimidation is just another form of communication. ====== previous post ====== ::>The standard version: ::>God grant me the serenity to accept the things I cannot change; ::>The courage to change the things I can; ::>And the wisdom to know the difference. (quote not necessarily exact). > ::>My version: ::>God grant me the wisdom to know the difference between right and wrong; ::>The courage to support those who I feel are doing the right things, ::>and to oppose those who are doing the wrong things; ::>And the serenity to do so as peacefully as possible. ::Another, increasingly popular, variety of the AA "prayer" is: ::God grant me the serenity to accept the things I cannot change; ::The courage to change the things I can; ::And the firepower that makes the difference. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMr5m/b04kQrCC2kFAQGszwP/ZzRVYeaHdwkIlK7u9x/YwI0UXVvRvfn3 MABhE2eFjnRtOwL3mzG7E7xefcFa5w4S+hSjme+BKFvrIZ3D8mbmDHbLmUkbt/n6 qkY4Gf1w05jR/SAOcE3dNoGMOZWCPGfnBVnYJ0A3M46PDGG84XYywzGxibQAy123 obidctR+3XY= =jrJy -----END PGP SIGNATURE----- From aga at dhp.com Mon Dec 23 03:34:17 1996 From: aga at dhp.com (aga) Date: Mon, 23 Dec 1996 03:34:17 -0800 (PST) Subject: the word is "NIGGAZ" In-Reply-To: Message-ID: On Sun, 22 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > >From cypherpunks-errors at toad.com Sun Dec 22 18:36:40 1996 > To: cypherpunks at toad.com > Subject: Re: the word is "NIGGAZ" > Sender: owner-cypherpunks at toad.com > Precedence: bulk > > > Actually the word is "niggus." "Niggaz" is the white man's nasal rendition > of this term. Nope, that is from the black man. In JET Magazine, they say "NIGGAZ," and they are the nationwide authority on the black subculture. If you do not read JET, you do not know anything about the blacks, unless you live next to them like we do in the city here. "Soul Brothers" hate "niggers," because a "nigger" is defined as somebody who: 1) lies, 2) cheats, 3) steals, 4) stinks, or 5) fucks with your woman. There are good blacks and bad niggers, good jews and bad kikes good dagos and bad wops good gay boys and bad faggots good ladies and bad cunts good and bad of all kind... From mark at unicorn.com Mon Dec 23 03:44:48 1996 From: mark at unicorn.com (Mark Grant) Date: Mon, 23 Dec 1996 03:44:48 -0800 (PST) Subject: Privtool 0.87 Message-ID: I've finally released a new version of Privtool -- my PGP-aware X-windows mailreader for Linux, SunOS, FreeBSD and Solaris. Version 0.86 is available on utopia.hacktic.nl in the incoming directory (and possibly elsewhere) and I'll be uploading 0.87 shortly. For more details and screenshots see http://www.c2.org/~mark/privtool/privtool.html. Mark -----BEGIN PGP SIGNED MESSAGE----- Privtool Beta Release 0.87 -------------------------- Privtool ("Privacy Tool") is intended to be a PGP-aware replacement for the standard Sun Workstation mailtool program, with a similar user interface and automagick support for PGP-signing and PGP-encryption. Just to make things clear, I have written this program from scratch, it is *not* a modified mailtool (and I'd hope that the Sun program code is much cleaner than mine 8-) !). When the program starts up, it displays a list of messages in your mailbox, along with flags to indicate whether messages are signed or encrypted, and if they have had their signatures verified or have been decrypted. When you double click on a message, it will be decrypted (requesting your passphrase if neccesary), and/or will have the signature checked, and the decrypted message will be displayed in the top part of the display window, with signature information in the bottom part. The mail header is not displayed, but can be read by pressing the 'Header' button to display the header window. In addition, the program has support for encrypted mailing list feeds, and if the decrypted message includes another standard-format message it will replace the original message and be fed back into the display processing chain. When composing a message or replying to one, the compose window has several check-boxes, including one for signature, and one for encryption. If these are selected, then the message will be automatically encrypted and/or signed (requesting your passphrase when neccesary) before it is sent. You may also select a 'Remail' box, which will use the Mixmaster anonymous remailer client program to send the message through one or more remailers. Being an Beta release, there are a number of bugs and unimplemented features. Known Bugs: None reported. Unimplmented features: When you save changes to the mail file, it throws away the signature verification and decrypted messages, so that the next time you view a message it has to be verified or decrypted again. Currently if you send encrypted mail to multiple recipients, all must have valid encrpytion keys otherwise you will have to send the message decrypted. Also, the message will be sent encrypted to all users, not just the one who is receiving each copy. Code should be more modular to assist with ports to Xt, Motif (under way), Mac, Windows, etc. I may port it to C++ in the near future. Not very well documented! Encrypted messages are saved to mail files in encrypted form. There is currently no option to save messages in decrypted form. No support for anonymous return addresses. Not very well tested on Solaris 2.x, or SunOS. No support for attachments (either Sun, uuencode or MIME). Changes for 0.87: Added support for signature files. Solaris patches for 0.86 from Glenn Trigg -- as usual a few bugs crept in because I couldn't test it on all operating systems. Added Vincent Cojot's (coyote at step.polymtl.ca) new icons for Linux. Some versions of Unix are set up to have mail programs setgid mail, and give write access to /usr/spool/mail only to mail and root. This caused hangs when saving changes. I've now incorporated changes which allow Linux to run privtool setgid mail, and these should work on FreeBSD. Fixed a number of compile-time warnings. Only display the compose window *after* it's been filled with data. This should prevent the time-consuming scrolling update which used to occur. Allow the user to specify the organization in their header. Changes for 0.86: Optionally use /dev/audio to supplement the random number generation code. Anders Baekgaard fixed a few bugs that sneaked in at the last minute, updating the header window, parsing dates, compose window layout, and SEGV when tabbing between fields on the compose window. Gregory Margo (gmargo at newton.vip.best.com) provided multiple display windows. Tony Gialluca (tony at hgc.edu) made some of the compose window buttons work. Fixed some file descriptor leaks in pgplib.c. On Linux we now read the contents of a number of files under /proc, and use these as an additional source of random data (e.g. /proc/interrupts, /proc/meminfo). Added 'Reseed Random' menu option, which will reseed the random number generator at any time. If possible this will come from the audio device and/or the /proc files. Added FreeBSD patch from Stuart Arnold (sja at epo.e-mail.com). See README.FREEBSD for more information. No longer destroy compose windows when you select 'Done'! Graphical properties window added. I've lost the address of the person who did the original work, so if it was you then please contact me! This was expanded and incorporated into 0.86 by Scott Cannon (rscott at silver.cal.sdl.usu.edu). Fixed memory corruption in pgplib.c. Limited support for secret keys on floppy disks. Allow users to specify their domain name and reply-to: header lines. Privtool can be compiled to either use PGP Tools, or to fork off a copy of PGP whenever it is needed. There are also a number of different security level options for the passphrase, varying from 'read it from PGPPASS and keep it in memory' to 'request it every time and delete it as soon as possible', via 'request it when neccesary and delete it if it's not used for a while'. I've now patched PGP Tools for Linux. The code is available on utopia.hacktic.nl as pgptools.linux.1.0.tar.gz. See the README file for information on compiling the code, and the user.doc file for user documentation (the little that currently exists). You should also ensure that you read the security concerns section in user.doc before using the program. Mark Grant (mark at unicorn.com) -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBMr0+o1VvaTo9kEQVAQEfiQf6A1ZKDVijf/65NXDTVvsMw9G3nmjqNK4F mrIJiyoWr3KX66SbC6nSfWKtpjjZFi2R0633BGNA2kVqCpyk5F5UXTZMAXYzVhP6 f9drmWOsThdh07vpVuK2W96W/cpPh3m+Jhzp2pDpUWN0MNgX6ZmNsJzoSng8DmK9 YTERh93ZQ7rrBM6mMsz6ASEzpcu5grH0teAQdbvWHYEguwDn2K2hn1oTcuVXw74C UFDmx5I86Flfk0nfahldefHO5aSI4fSe+bs7vrZdIRVK60YSxw1dIFYv89bGJAQZ AfZxchmbMVtTBgI4/B1Lziqr/EJ1QI9+FH+LA7XQSmSWm0QFi5Rz9A== =6g9Z -----END PGP SIGNATURE----- "[Hollywood's] way is so slow and expensive that you'll find yourself falling asleep on the set and forgetting to say 'action'." - Robert Rodriguez, 'The Ten Minute Film School' |-----------------------------------------------------------------------| |Mark Grant M.A., U.L.C. EMAIL: mark at unicorn.com | |WWW: http://www.c2.org/~mark MAILBOT: bot at unicorn.com | |-----------------------------------------------------------------------| From edgarswank at juno.com Mon Dec 23 04:38:20 1996 From: edgarswank at juno.com (Edgar W Swank) Date: Mon, 23 Dec 1996 04:38:20 -0800 (PST) Subject: Blowfish Performance Message-ID: <19961223.043602.2974.1.edgarswank@juno.com> -----BEGIN PGP SIGNED MESSAGE----- David Stoler recently commented: >I ftp'd the Blowfish implementation from ftp.ox.ac.uk and ran some >benchmarks. > >Encryption and decryption are faster than the fastest DES implementation >I've found, but the key expansion (subkey generation) is slow. > >On a 100 Mhz PowerPC I get the following results: > >Key expansion: >350 keys per second = 3.33 milliseconds per key > >Encryption/Decryption: >190,000 8 byte blocks per second = 5.26 microseconds per block > >This is 40% faster (encryption/decryption) than the best DES I have. > >Questions: >... >3. Is there a way to improve key expansion performance for applications >that change keys frequently? (Other than caching expanded keys...) Actually this (slow key expansion) is a feature. It limits the speed of a brute-force attack, since each new key to be tried must be expanded. What applications need to change keys more than once a second? I'd also be interested in comparisons of Blowfish to IDEA. Edgar W. Swank (preferred) Edgar W. Swank Edgar W. Swank Home Page: http://members.tripod.com/~EdgarS/index.html -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMr4fSt4nNf3ah8DHAQHycwP7BWTgyHVVZrtEhlMQKmSFFQGcMKqxaa5V y7D0OSVGTuddkwFDsVR7Qt3YGV0q3sMWbXFbicn2R/25rBbFNzA8d2rdgIxJVEzZ 0uKb1xdWkVR7GLIlQDciQW/zdQxdXjkiQ9sVbUJtPwYzUdZt6us3Izac1FZ4fKAX mvlqa4yWG58= =Tmc6 -----END PGP SIGNATURE----- From jya at pipeline.com Mon Dec 23 05:41:03 1996 From: jya at pipeline.com (John Young) Date: Mon, 23 Dec 1996 05:41:03 -0800 (PST) Subject: HIH_and Message-ID: <1.5.4.32.19961223133712.0068f4c0@pop.pipeline.com> 12-21-96: "In Encryption Politics, Some Good News for Bankers" "Everyone knows that DES is not enough," said Perry Metzger. This dispute places the banking and financial services community squarely in opposition to government intelligence agencies with which it has historically worked hand in hand on security matters. "The Feds won't realize export controls don't work even after the dried, strangled corpse of the U.S. security software industry is laid before the Congress," Mr. Metzger said. "They will leave the manacles on the corpse long after it is obvious that the body isn't going anywhere." "Central Banks' Task Force Sees No Need for Alarm" While the security architectures of most electronic money systems share many design features, a wide range of options is available to product developers in terms of specific chip-card security measures, cryptographic algorithms, key lengths, and transaction monitoring. "SPA Voices Concerns Over Clinton Encryption Policy" In a letter last week to Vice President Al Gore, SPA raised several concerns that the software industry has with the administration's interim rules on encryption policy. "NSA/ On The Costs of Anonymity" "How to Make a Mint: The Cryptography of Anonymous Electronic Cash" has been making the rounds of the electronic money community. It raises security and law enforcement concerns about anonymous systems designed like Digicash Inc.'s Ecash. ----- HIH_and (25 kb) From jeffb at issl.atl.hp.com Mon Dec 23 05:44:37 1996 From: jeffb at issl.atl.hp.com (Jeff Barber) Date: Mon, 23 Dec 1996 05:44:37 -0800 (PST) Subject: Ebonics In-Reply-To: <3.0.32.19961222164822.006c01fc@mail.execpc.com> Message-ID: <199612231355.IAA15284@jafar.issl.atl.hp.com> Matthew J. Miszewski writes (directed to Tim May): > You do advocate the unemployment of people who do utilize such a > dialect/language. I've never seen Tim "advocate the unemployment" of anyone or any group. He has merely argued that an employer should be free *not* to hire an individual for any reason whatsoever. Such a reason might include his/her language/dialect, appearance, race, gender, religion or any other (arbitrary-to-an-outsider) criterion. This is a standard libertarian position and shouldn't be too difficult to grasp. -- Jeff From BJORN2LUZE at prodigy.com Mon Dec 23 06:21:18 1996 From: BJORN2LUZE at prodigy.com (NATHAN MALLAMACE) Date: Mon, 23 Dec 1996 06:21:18 -0800 (PST) Subject: MERRY CHRISTMAS Message-ID: <199612231403.JAA03570@mime4.prodigy.com> cypherpunks at toad.com I am getting into the HOLIDAY SPIRIT with MY WEB PAGE: http://pages. prodigy.com/VT/hackersguide Enjoy! Fifthnail From dlv at bwalk.dm.com Mon Dec 23 06:52:28 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 23 Dec 1996 06:52:28 -0800 (PST) Subject: Mr. May's Posts. Other Things. In-Reply-To: <199612230801.AAA24862@adnetsol.adnetsol.com> Message-ID: > On or About 21 Dec 96 at 10:36, Dr.Dimitri Vulis KOTM wrote: > > > Interesting. Paul Bradley does not consider Timmy May's (fart) > > latest rants on "ebonics" and "colored race" to be racist? I think > > Timmy May hates blacks even more than he hates Jews. Let's quote > > Timmy's sick garbage on soc.culture.african.american and ask if they > > find it offensive and racist. > > Yes, Dr., this latest tripe that has spewed forth from Tim's keyboard > reeks of bigotry. And all this time I felt you may have been too > hard on him. This latest rant of his has made me reconsider your I do *not* have a hard-on for Mr. May. Perhaps Mr. Gilmore does. > rough treatment of Mr. May. I kinda think he deserves a slapping > right now. Timmy deserves a spanking, but he'd probably enjoy it. > I find Mr. Mays comments quite racist and are quite off topic for > this list. Cryptography is off-topic for this list. Anything else is on-topic. :-) Thank you for your comments, --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From raph at CS.Berkeley.EDU Mon Dec 23 06:53:00 1996 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 23 Dec 1996 06:53:00 -0800 (PST) Subject: List of reliable remailers Message-ID: <199612231450.GAA00504@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail. For more information, see: http://www.c2.org/~raph/premail.html For the PGP public keys of the remailers, finger pgpkeys at kiwi.cs.berkeley.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"extropia"} = " cpunk pgp special"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord ?"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{'alpha'} = ' alpha pgp'; $remailer{'nymrod'} = ' alpha pgp'; $remailer{"lead"} = " cpunk mix pgp hash latent cut ek"; $remailer{"exon"} = " cpunk pgp hash latent cut ek"; $remailer{"haystack"} = " cpunk mix pgp hash latent cut ek"; $remailer{"lucifer"} = " cpunk mix pgp hash latent cut ek"; $remailer{"jam"} = " cpunk mix pgp hash latent cut ek"; $remailer{"winsock"} = " cpunk pgp pgponly hash cut ksub reord"; $remailer{'nym'} = ' newnym pgp'; $remailer{"balls"} = " cpunk pgp hash latent cut ek"; $remailer{"squirrel"} = " cpunk mix pgp pgponly hash latent cut ek"; $remailer{"middle"} = " cpunk mix pgp hash middle latent cut ek reord ?"; $remailer{'cyber'} = ' alpha pgp'; $remailer{"dustbin"} = " cpunk pgp hash latent cut ek mix reord middle ?"; $remailer{'weasel'} = ' newnym pgp'; $remailer{"death"} = " cpunk pgp hash latent post"; $remailer{"reno"} = " cpunk mix pgp hash middle latent cut ek reord ?"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. remailer at crynwr.com is _not_ a remailer. There is no remailer at relay.com. Groups of remailers sharing a machine or operator: (cyber mix) (weasel squirrel) The alpha and nymrod nymservers are down due to abuse. However, you can use the nym or weasel (newnym style) nymservers. The cyber nymserver is quite reliable for outgoing mail (which is what's measured here), but is exhibiting serious reliability problems for incoming mail. The squirrel and winsock remailers accept PGP encrypted mail only. 403 Permission denied errors have been caused by a flaky disk on the Berkeley WWW server. This seems to be fixed now. The penet remailer is closed. Last update: Mon 23 Dec 96 6:49:12 PST remailer email address history latency uptime ----------------------------------------------------------------------- extropia remail at miron.vip.best.com ._____.- 60:10:34 95.00% mix mixmaster at remail.obscura.com ++*.-*++- 5:25:14 71.83% dustbin dustman at athensnet.com ++..++--+ 2:13:28 67.50% nym config at nym.alias.net *#+..+### 1:20:12 67.08% cyber alias at alias.cyberpass.net **+**+* * 33:27 67.01% replay remailer at replay.com +*+- +++- 33:30 66.29% reno middleman at cyberpass.net --------- 2:26:15 65.86% exon remailer at remailer.nl.com ##* * **+ 3:12 65.36% middle middleman at jpunix.com -------- 2:43:49 65.05% balls remailer at huge.cajones.com ********* 12:37 64.91% haystack haystack at holy.cow.net *-++*#** 5:07 64.87% lucifer lucifer at dhp.com +++++++++ 34:36 64.70% winsock winsock at rigel.cyberpass.net -..----- 5:29:44 63.62% weasel config at weasel.owl.de ++ +-++- 1:29:46 57.96% squirrel mix at squirrel.owl.de ++++-+++ 1:27:45 57.55% History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From dlv at bwalk.dm.com Mon Dec 23 07:01:44 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 23 Dec 1996 07:01:44 -0800 (PST) Subject: Untraceable Payments, Extortion, and Other Bad Things In-Reply-To: <199612230617.WAA04103@netcom6.netcom.com> Message-ID: "Vladimir Z. Nuri" writes: > poor timmy laments that no one responded to his latest > gedanken masterpiece. I am very pleased to be the one to > relieve him of his loneliness. I think Timmy mentioned something about a tryst with Gilmore (spit). Is that why the coward has quiesced posting his tripe to this list? Would it be more appropriate to put (swallow) rather than (spit) after Gilmore's name? How much proeteins, fats, carbohydrates, and vitamines are contained in an average human ejaculation? What about farm animals'? Timmy (fart) and John (swallow) can tell us a lot about this subject. > Timmy writes: > >Fortunately for the bulk of us, the likely number of deaths and economic > >losses from such crimes of kidnapping, extortion, and even murder for hire, > >is still likely to be vastly lower than the number of deaths caused by > >powerful central governments enriching themselves and their cronies with > >foreign wars. Not to mention the deaths in the Drug War, the lives wasted > >in other interferences in private behavior, etc. > > imho, it's a very warped kind of mind that insinuates some evil is no > big deal because greater evils exist in the world. Yes, Timmy May is one sick motherfucker. > it's an argument I see often among the libertarians > around here. "what's the big deal > about murder? govt's do it all the time. everyone should be able to > murder anyone if govt's do it. why, the right to > murder people is an inalienable right!!". of course the arguments > are never made in this language-- the fun is spotting it in the > rhetoric. Of course Timmy May is a coward. Despite his boasting about his assault weapons collection, he probably doesn't have the balls to ice a mouse caught in a mousetrap. Timmy is probably so femme, he wails like a banshee and asks whoever he sleeps with that day to take the mouse out. > >This is why I look forward to this Brave New World of fully untraceable > >communications and fully untraceable economic transactions. > > ah, an even more warped mind that not merely condones it but > "looks forward to it" > > careful, timmy, your slime is showing!! It's been showing for a while. Timmy May has been exposed on this list as a coward, a liar, a racist, and an all-around scumbag. > (it would be fun to debate you publicly some day on your true beliefs, but > alas, you never bite. oh well, I stay amused well enough..) Like I said, Timmy May is a coward. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From omega at bigeasy.com Mon Dec 23 07:30:35 1996 From: omega at bigeasy.com (Omegaman) Date: Mon, 23 Dec 1996 07:30:35 -0800 (PST) Subject: Untraceable Payments, Extortion, and Other Bad Things In-Reply-To: Message-ID: <199612231530.JAA04229@bigeasy.bigeasy.com> > imho, it's a very warped kind of mind that insinuates some evil is > no big deal because greater evils exist in the world. It's a matter of perspective and a weighing of consequences. Are you trying to so that all evils are inherently equal? > it's an argument I see often among the libertarians > around here. "what's the big deal > about murder? govt's do it all the time. everyone should be able to > murder anyone if govt's do it. why, the right to murder people is an > inalienable right!!". of course the arguments are never made in this > language-- the fun is spotting it in the rhetoric. I often see arguments on this list where people happily build irrelevant straw men and pound them into a pulp. What's more amazing is that they're not doing it deliberately; they simply miss the point. You see whatever you expect to see. > >This is why I look forward to this Brave New World of fully > >untraceable communications and fully untraceable economic > >transactions. > > ah, an even more warped mind that not merely condones it but > "looks forward to it" > > careful, timmy, your slime is showing!! Careful vladdy, your detweiler is showing. I thought the message was a pretty clear statement of opinion. ie. the deconstruction of democracy is a good thing and cryptoanarchy will a enable a more just society. (Some would argue more brutal as well, but I think that the level of brutatlity in society would change little from it's current levels.) So cut the crap and go ahead and argue for or against that thesis. (by the way. Conveniently enough Tim May has put his ideas on the web in quite a bit of detail. Just put "cyphernomicon" in your favorite web search engine) -------------------------------------------------------------- Omegaman PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send a message with the text "get key" in the "Subject:" field to get a copy of my public key. -------------------------------------------------------------- From omega at bigeasy.com Mon Dec 23 07:32:19 1996 From: omega at bigeasy.com (Omegaman) Date: Mon, 23 Dec 1996 07:32:19 -0800 (PST) Subject: Ebonics In-Reply-To: <199612222158.QAA10211@mercury.peganet.com> Message-ID: <199612231530.JAA04232@bigeasy.bigeasy.com> > > from grammatically incorrect speech. I can speak with grammatic > > perfection and a > > drawl so heavy it'll make your eyeballs hurt. > Yeah. I thought the issue was understanding in the workplace; no > matter > how gramatically correct your are, I can't understand you and so I > won't hire you. Re-read what I said carefully. I "*can* speak"... I can also speak more clearly. The same holds true, for speakers of "ebonics." and it is an insult to their intelligence to imply that they cannot or cannot easily learn to. yeehaw. me -------------------------------------------------------------- Omegaman PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send a message with the text "get key" in the "Subject:" field to get a copy of my public key. -------------------------------------------------------------- From bdolan at USIT.NET Mon Dec 23 07:39:19 1996 From: bdolan at USIT.NET (Brad Dolan) Date: Mon, 23 Dec 1996 07:39:19 -0800 (PST) Subject: ~digicash at Shell Message-ID: Shell is now marketing a stored-value card in $25, $50, and $100 face denominations. The $100 card retails for $94 right now. I'm not sure if that discount will be a long-term thing or if it's just to get people hooked. Anyway, the card can be purchased anonymously for cash and can be used to buy anything at Shell. I like to use the automated pay-at-the-pump gizmos to save time but I don't like to leave a digital footprint behind on my credit card statement for Louis' Legions to peruse, so I think the stored-value card is a step forward for privacy. Anybody know if these cards are useable overseas? bd From mgursk1 at umbc.edu Mon Dec 23 08:14:10 1996 From: mgursk1 at umbc.edu (Michael Gurski) Date: Mon, 23 Dec 1996 08:14:10 -0800 (PST) Subject: Legality of requiring credit cards? (fwd) In-Reply-To: Message-ID: On Sun, 22 Dec 1996, Charles Gimon wrote: > Equifax does business by tracking reputations, as do all credit > reporting companies. That's how a free market handles bad checks. Yes, and if I'd *ever* written a bad check, it would be a different story. The weasel there basically said that because I'd made purchases there in the past few days, they tried to contact my bank on a Sunday afternoon.... (No, I don't get it either) But that still doesn't answer whether or not a credit card can be requested when paying by check. -- |\/|ike Gurski mgursk1 at umbc.edu http://www.gl.umbc.edu/~mgursk1/ finger/mail subject "send pgpkey"|"send index" Hail Eris! -><- O- |Member, 1024/39B5BADD PGP Keyprint=3493 A994 B159 48B7 1757 1E4E 6256 4570 | Team My opinions are mine alone, even if you should be sharing them. | OS/2 Senate Finance Committee Chair, SGA 1996-1997 From dlv at bwalk.dm.com Mon Dec 23 08:31:21 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 23 Dec 1996 08:31:21 -0800 (PST) Subject: Privtool 0.87 In-Reply-To: Message-ID: Mark Grant writes: > > I've finally released a new version of Privtool -- my PGP-aware X-windows > mailreader for Linux, SunOS, FreeBSD and Solaris. Version 0.86 is > available on utopia.hacktic.nl in the incoming directory (and possibly > elsewhere) and I'll be uploading 0.87 shortly. For more details and > screenshots see http://www.c2.org/~mark/privtool/privtool.html. "Cypher punks" don't write code. Hence Mark is not a "cypher punk". That's the kind of software we need. How about a PGP aware client for Windows 95 and NT that would talk to POP3 and SMTP servers? Sort of like a drop-in replacement for the mail programs that come with Netscape and MS IE. By the way, the mailtool that comes with SunOS is really lame. Take a look at Z-mail (if it's still around - I understand the company that used to market it got bought by some homos who totally screwed it up). --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From sunder at brainlink.com Mon Dec 23 09:07:42 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Mon, 23 Dec 1996 09:07:42 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: On Sun, 22 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > "Matthew J. Miszewski" writes: > > just trying to counter some of the statements made here. Sometimes people > > view cpunks as some sort of borg-like mind with no dissidents. > > "Cypher punks" is a private mailing list owned by the asshole censor John > Gilmore who unsubscribes whoever dares post something John doesn't like. QED, he must REALLY like you since you're obviously still here; either that, or you're full of shit as usual. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From dthorn at gte.net Mon Dec 23 09:27:33 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 23 Dec 1996 09:27:33 -0800 (PST) Subject: Ebonics In-Reply-To: <8wFDZD22w165w@bwalk.dm.com> Message-ID: <32BEB23B.20B8@gte.net> Dr.Dimitri Vulis KOTM wrote: > jim bell writes: > > At 01:30 PM 12/22/96 -0500, Mark Rosen wrote: > > >Hehe. What I mean to say is that since both Ebonics and a Southern accent > > >are learned during early childhood, you have no control over how you talk. > > This is not true. The recent commentary and interviews I've seen on this > > subject make it clear that the people speaking "Ebonics" are quite capable > > of speaking in standard English, and do so when they find it, er, convenient. > How does this tie into assassination politics? Some of the postings here about people making a non-hire list because of their speech "accent" is reminiscent of other forms of targeting. I thought AP was more oriented toward selection based on behavior, although in some people's poisoned minds, another person's speech patterns/accents could be interpreted as behavior. Don't you suppose that when some of the party-line-liberal (brainwashed) persons (esp. from the Northeast or the Bay Area) hear a person speaking in an authentic Southern "accent", that they often feel a twinge of fear, as though someone from the KKK or whatever has just entered their immediate surroundings? I know that sounds kind of silly, but people do have those knee-jerk reactions to certain visual and auditory clues, particularly when they've been bombarded by big media with all those stereotypical images over the years. From nobody at huge.cajones.com Mon Dec 23 09:35:53 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Mon, 23 Dec 1996 09:35:53 -0800 (PST) Subject: the word is "NIGGAZ" Message-ID: <199612231735.JAA11308@mailmasher.com> From: jlucas4 at capital.edu (Jesse Lucas) >Actually the word is "niggus." >"Niggas" would be referring to other black fellows in a friendly way. > >More or less. > >Gangsta J Where does "coons" fit into this oh so intellectual discussion? Is this one of Dale's? Down Home From lucifer at dhp.com Mon Dec 23 10:00:57 1996 From: lucifer at dhp.com (Anonymous) Date: Mon, 23 Dec 1996 10:00:57 -0800 (PST) Subject: Certified primes Message-ID: <199612231800.NAA23124@dhp.com> From: lucifer at dhp.com (Anonymous) >Timmy `C' May is a certified sexual pervert who wears women's >underwear. Pardon, what does one have to do with the other? And who really gives a rat's ass anyway? Where is Logos now that we need him? From usura at replay.com Mon Dec 23 10:01:23 1996 From: usura at replay.com (Alex de Joode) Date: Mon, 23 Dec 1996 10:01:23 -0800 (PST) Subject: Privtool 0.87 Message-ID: <199612231800.TAA07537@basement.replay.com> Mark Grant sez: : I've finally released a new version of Privtool -- my PGP-aware X-windows : mailreader for Linux, SunOS, FreeBSD and Solaris. Version 0.86 is : available on utopia.hacktic.nl in the incoming directory (and possibly : elsewhere) and I'll be uploading 0.87 shortly. For more details and : screenshots see http://www.c2.org/~mark/privtool/privtool.html. : Mark It is available from: (utopia.hacktic.nl = ftp.replay.com) ftp.replay.com/pub/replay/pub/pgp/utils/privtool/ ftp.replay.com/pub/replay/pub/pgp/utils/pgptools/ bEST Regards, -- Alex de Joode http://www.replay.com/people/adejoode I have a linux emulator for Win95: it's called "loadlin" ... *g* From marc at cygnus.com Mon Dec 23 10:03:12 1996 From: marc at cygnus.com (Marc Horowitz) Date: Mon, 23 Dec 1996 10:03:12 -0800 (PST) Subject: Reflections on the Bernstein ruling In-Reply-To: <3.0.32.19961220234518.006a1ef4@law.uoregon.edu> Message-ID: Greg Broiles writes: >> (Please keep in mind that I'm not a lawyer yet, and that my comments are >> intended only as the reflections of an amateur and are intended as >> discussion fodder, not legal advice.) I'm not one either. >> It's also unclear that Judge Patel's ruling is enough to make export of >> crypto source legal by people/organizations located even in the Northern >> District of CA. Venue is proper, in an ITAR case, in any jurisdiction which >> the defense articles have moved through. (18 USC 3237(a); _US v. Durrani_ >> 659 F.Supp 1177, 1182 (D. Conn, 1987); an easy analogy is to the _US v. >> Thomas_ "Amateur Action" case, where Tennessee venue was proper for >> prosecution of California defendants who sent porn into Tennessee.) So it's >> at least arguable that the feds could simply bring an ITAR prosecution in >> another district, if exported crypto flowed through that district. (But I >> don't think they can do so against Dan Bernstein because of "res judicata", >> a doctrine which says that once two parties have fully litigated an issue, >> they cannot come back to the same court - or a different one - and ask to >> relitigate the same issue.) It happens to be the case that the Northern District of California borders on the Pacific Ocean, and includes (at least) two airports with direct flights to more crypto-friendly jurisdictions to the west. I do not know if there are any satellite or oceanic cables similarly situated, but I wouldn't be surprised. Of course, the significance of this is between you and your lawyer. Marc From dlv at bwalk.dm.com Mon Dec 23 10:26:38 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 23 Dec 1996 10:26:38 -0800 (PST) Subject: Ebonics In-Reply-To: <32BEB23B.20B8@gte.net> Message-ID: Dale Thorn writes: > Don't you suppose that when some of the party-line-liberal (brainwashed) > persons (esp. from the Northeast or the Bay Area) hear a person speaking > in an authentic Southern "accent", that they often feel a twinge of fear, > as though someone from the KKK or whatever has just entered their immediate > surroundings? I know that sounds kind of silly, but people do have those > knee-jerk reactions to certain visual and auditory clues, particularly > when they've been bombarded by big media with all those stereotypical > images over the years. Americans in general are extremely xenophobic and react very negatively to anyone with a "foreign" accent. A few weeks ago I visited rural Massachussetts. The people there are extremely hostile even to Americans who don't speak with their particular regional accent. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Mon Dec 23 10:26:46 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 23 Dec 1996 10:26:46 -0800 (PST) Subject: Ebonics In-Reply-To: <199612231355.IAA15284@jafar.issl.atl.hp.com> Message-ID: Jeff Barber writes: > Matthew J. Miszewski writes (directed to Tim May): > > You do advocate the unemployment of people who do utilize such a > > dialect/language. > > I've never seen Tim "advocate the unemployment" of anyone or any group. > He has merely argued that an employer should be free *not* to hire an > individual for any reason whatsoever. Such a reason might include his/her > language/dialect, appearance, race, gender, religion or any other > (arbitrary-to-an-outsider) criterion. No, that's what I said. Get your attributions straight. > This is a standard libertarian > position and shouldn't be too difficult to grasp. Bullshit. "Libertarians" are fucking statists who whine on this list about "illegal discrimination" and the need for the gubmint to enforce the "right to work". --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Mon Dec 23 10:29:43 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 23 Dec 1996 10:29:43 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: Ray Arachelian writes: > On Sun, 22 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > > > "Matthew J. Miszewski" writes: > > > just trying to counter some of the statements made here. Sometimes peopl > > > view cpunks as some sort of borg-like mind with no dissidents. > > > > "Cypher punks" is a private mailing list owned by the asshole censor John > > Gilmore who unsubscribes whoever dares post something John doesn't like. > > QED, he must REALLY like you since you're obviously still here; either > that, or you're full of shit as usual. I'm sure Earthnet must be *very* embarrassed about having hired such a lying twit for ssociate network manager. For those who haven't gotten the story straight, or are confused by the lies being spread by the various genocidal Armenian maniacs (like Dale seemed to be at one point), I'll reiterate: John Gilmore unsubscribed me from this mailing list (in a very rude manner) and I am not allowed to resubscribe. I am not subscribed to this mailing list. John Gilmore announced on this mailing list that he did it because he didn't like the content of my submissions. He repeated this to Declan McCullough. Later, when he realized how badly his censorship reflected on him and his EFF, he had Timmy May post another lie, claiming that I was kicked off this list for posting too much, and defending Gilmore's content-based censorship. Ray Arachelian obviously lies again when he claims that I'm "obviously still here". But what else could be expected from an Armenian. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From alan at ctrl-alt-del.com Mon Dec 23 10:41:30 1996 From: alan at ctrl-alt-del.com (Alan Olsen) Date: Mon, 23 Dec 1996 10:41:30 -0800 (PST) Subject: Ebonics Message-ID: <3.0.1.32.19961223104039.012b6340@mail.teleport.com> At 09:32 AM 12/23/96 +0000, Omegaman wrote: >> > from grammatically incorrect speech. I can speak with grammatic >> > perfection and a >> > drawl so heavy it'll make your eyeballs hurt. >> Yeah. I thought the issue was understanding in the workplace; no >> matter >> how gramatically correct your are, I can't understand you and so I >> won't hire you. > > >Re-read what I said carefully. I "*can* speak"... I can also speak >more clearly. The same holds true, for speakers of "ebonics." >and it is an insult to their intelligence to imply that they cannot >or cannot easily learn to. I am waiting for the "language police" to get ahold of Ebonics. I can just see inner city kids being told that they are not slurring their vowels properly or any other of a thousand obscure rules of language. Maybe the best way to kill a subculture's language is to codify it, regiment it, and then force it to be taught in the schools. What the hell this has to do with crypto, I have no idea... --- | "Spam is the Devil's toothpaste!" - stuart at teleport.com | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.ctrl-alt-del.com/~alan/ |alan at ctrl-alt-del.com| From dlv at bwalk.dm.com Mon Dec 23 11:11:56 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 23 Dec 1996 11:11:56 -0800 (PST) Subject: Untraceable Payments, Extortion, and Other Bad Things In-Reply-To: <199612231530.JAA04229@bigeasy.bigeasy.com> Message-ID: "Omegaman" writes: > > > > ah, an even more warped mind that not merely condones it but > > "looks forward to it" > > > > careful, timmy, your slime is showing!! > > Careful vladdy, your detweiler is showing. LD not only knows more about crypto than any "cypher punk", he also has way more balls than you, anonymous coward. > (by the way. Conveniently enough Tim May has put his ideas on the > web in quite a bit of detail. Just put "cyphernomicon" in your > favorite web search engine) Waste of disk space. Don't bother. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From nobody at huge.cajones.com Mon Dec 23 11:21:51 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Mon, 23 Dec 1996 11:21:51 -0800 (PST) Subject: One-time pads Message-ID: <199612231921.LAA31197@mailmasher.com> Timmy C. Mayo studied yoga back-streching exercises for five years so he could blow himself (nobody else will). /o)\ Timmy C. Mayo \(o/ From aba at dcs.ex.ac.uk Mon Dec 23 12:07:17 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Mon, 23 Dec 1996 12:07:17 -0800 (PST) Subject: clipper plans 4 sale (was Re: Earl Edwin Pitts, $224,000) In-Reply-To: Message-ID: <199612170946.JAA00429@server.test.net> In Ross Anderson's paper `Tamper Resistance - a Cautionary Note' (see http://www.cl.cam.ac.uk/~rja14/), there is a reference to the clipper chip having already been reverse engineered: Anderson writes: "We are reliably informed that at least one U.S. chipmaker reverse engineered the Clipper chip shortly after its launch." Heart warming :-) Adam -- print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0 -----BEGIN PGP SIGNED MESSAGE----- Mike Gurski asks: > But that still doesn't answer whether or not a credit card can be > requested when paying by check. I believe it can be. Until a few years ago, it was common to request a credit card AND TO RECORD THE NUMBER ON THE CHECK. Legislation was enacted (this might have been just in California, I'm not sure) to prevent them from recording the number, but I believe it specifically allowed them to continue to ask to see that you have a card (they shouldn't need to see the number, so I believe you are within your rights to, say, obscure it with your thumb). Of course, they are (and should not be) under any obligation to accept your check in the first place, so I would think the ID they request would be up to them. Tunny ====================================================================== James A. Tunnicliffe | WWWeb: http://www.inference.com/~tunny Inference Corporation | PGP Fingerprint: CA 23 E2 F3 AC 2D 0C 77 tunny at Inference.com | 36 07 D9 33 3D 32 53 9C ====================================================================== -----BEGIN PGP SIGNATURE----- Version: 4.0 Business Edition Comment: which I won in the PGP raffle at Cypherpunks 12/96... iQEVAgUBMr7n+/AmQsmyRPddAQFFGAf9EHlEKf4k3wuGfIQKV7ZKxHtgMwZi3MWf yzADHsHlLDo7c3fN4qPoMMsXh0odO5JDGjXKg+zJ+LhcuKaPjfe4mzHwYOxDD8fJ JxG6Gex1l9iNSOfqDIgrk+29DR5noMnpdBUwTkznBlm35y32ucxC1Spc/G8zqwdJ cyl/6oCuGAY+xvgHi30dnNHX1b+KcqihESm6huSQJkDMVb1ctp84aEzP894iHrnl aq4Kt8H174lj4ke0fwEaPT2SmGpnXLn+I9xw4sYlhCzMfMz3VEMIZCfmVDWI5OgM R1ktJJs9KM5jXSBA/fSZoRdD9FogwNSiaMEkQ1IRYA4EAQqJd8hOpw== =9xWW -----END PGP SIGNATURE----- From jya at pipeline.com Mon Dec 23 12:20:36 1996 From: jya at pipeline.com (John Young) Date: Mon, 23 Dec 1996 12:20:36 -0800 (PST) Subject: Papers Galore Message-ID: <1.5.4.32.19961223201639.0068a180@pop.pipeline.com> The NSA-hosted National Information Systems Security Conference, held in October, 1996, has made a wide range of papers available (in PDF format), and listed in: http://csrc.nist.gov/nissc/1996/papers/NISSC/toc.pdf (110kb) One panel's papers eye all-optical networks and security, including optical encryption, which NSA appears to be leading: http://csrc.nist.gov/nissc/1996/papers/NISSC/paper236/ Many others -- long and short, informative and fatuous -- address sizzling and old-grease sec issues -- techie, lawless, bad-hair-brained. Several archists cry cyber crime and plead for vigilance for on-line anarcho-ebonics: "Industrial Espionage Today and Information Wars Tomorrow." "Rise of the Mobile State: Organized Crime in the 21st Century." "Ethical and Responsible Behavior for Children to Senior Citizens in the Information Age." "Monitoring Your Employees: How Much Can You Do and What Should You Do When You Uncover Wrongdoing?" Despite such blow, there's much other solid reading. Take a nap while the PDFs glaciate in. From sunder at brainlink.com Mon Dec 23 13:21:18 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Mon, 23 Dec 1996 13:21:18 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: On Mon, 23 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > John Gilmore unsubscribed me from this mailing list (in a very rude manner) > and I am not allowed to resubscribe. I am not subscribed to this mailing list. Funny, you post messages here, you read messages from here, IMHO, you haven't been unscumscribed. > Ray Arachelian obviously lies again when he claims that I'm "obviously > still here". But what else could be expected from an Armenian. Right, when caught in a lie, point to the other guy, claim he's lying and say "What else could be expected from an Armenian." Wheeee. Sure Vileus, whatever turns you on. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From nobody at nowhere.com Mon Dec 23 13:27:39 1996 From: nobody at nowhere.com (sbase) Date: Mon, 23 Dec 1996 13:27:39 -0800 (PST) Subject: Privtool 0.87 Message-ID: <199612232125.QAA08176@looney.actwin.com> > From: Dr.Dimitri Vulis KOTM > To: cypherpunks at toad.com > That's the kind of software we need. How about a PGP aware client for > Windows 95 and NT that would talk to POP3 and SMTP servers? Sort of > like a drop-in replacement for the mail programs that come with Netscape > and MS IE. Try here: http://www.eskimo.com/~joelm/pi.html From mjmiski at execpc.com Mon Dec 23 13:28:38 1996 From: mjmiski at execpc.com (Matthew J. Miszewski) Date: Mon, 23 Dec 1996 13:28:38 -0800 (PST) Subject: Ebonics Message-ID: <3.0.32.19961223152042.006b5024@mail.execpc.com> -----BEGIN PGP SIGNED MESSAGE----- At 08:55 AM 12/23/96 -0500, Jeff Barber wrote: >I've never seen Tim "advocate the unemployment" of anyone or any group. Funny, did he stutter when he said he regularly *practiced* such discrimination at Intel? (Such discrimination being based upon Title VII's dispirate impact scenario, a law that Tim and others disregard as is their civic, as in civil disobedience, duty.) I guess he was unclear when he stated "Fuck 'em" in a follow up post. Tim is an anarchist (and I do not mean that in any derogatory way). He not only advocates, but he practices what he preaches. >He has merely argued that an employer should be free *not* to hire an >individual for any reason whatsoever. Such a reason might include his/her >language/dialect, appearance, race, gender, religion or any other >(arbitrary-to-an-outsider) criterion. This is a standard libertarian >position and shouldn't be too difficult to grasp. I think Tim's position was that if people couldnt communicate with him or his supervisors he would not recommend their hire. He had not stated as you did above, although I do not doubt it is his belief. > >-- Jeff > P.S. I have posted to rebut several political points made on the list only to show that some of us on the list do not agree with certain viewpoints. As Tim has pointed out, it has caused an innordinant amount of flame bait and our signal is getting lost. I do accept responsibility for setting some of the fires but will now attempt to reply only to highly-crypto-relevant material on the list. Apparently folks get too excited when others disagree with them. Matt -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMr73pbpijqL8wiT1AQHLQwP/U5jakb7Ed3Sm2GpxsbNYol549jitBpOX SI9D+cROf1jX2zz0iA6mXgwv/w9ywK5oranR7PMW7q5KB4yfy+rJQXhOLe/7Sbgp wEMu39iZ0pFgg1yjJlFS+X1kCOjC2AkniNrb5fyW/Ifk+R7iT/8a+hNN8R8rObdA RIDVj9xp5Jw= =iUqA -----END PGP SIGNATURE----- From wb8foz at wauug.erols.com Mon Dec 23 14:41:22 1996 From: wb8foz at wauug.erols.com (David Lesher / hated by RBOC's in 5 states) Date: Mon, 23 Dec 1996 14:41:22 -0800 (PST) Subject: Legality of requiring credit cards? (fwd) In-Reply-To: Message-ID: <199612232241.RAA16138@wauug.erols.com> They won't take cash, at a department store, AT CHRISTMAS? -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From azur at netcom.com Mon Dec 23 16:59:35 1996 From: azur at netcom.com (Steve Schear) Date: Mon, 23 Dec 1996 16:59:35 -0800 (PST) Subject: Legality of requiring credit cards? Message-ID: Merchants are free to adopt most any non-descrimatory policy insofar as transactions are concerned. If you want hassle-free shopping use legal tender (except for rentals, where a CC is most welcome). -Steve >-----BEGIN PGP SIGNED MESSAGE----- > >It's that wonderful season again, when all the assholes are out in >force, and people feel obligated to purchase merchandise to give to >each other. For various reasons, I don't believe in credit cards, and >yet, trying to pay for something by personal check at the local >Hecht's, they either *require* a credit card, or go through the Nazi >check-warranty company Equifax. However, it doesn't stop there...only >SOME departments seem to have this requirement (Electronics/Luggage >not requiring). Is it legal to require credit cards? > >|\/|ike Gurski mgursk1 at umbc.edu http://www.gl.umbc.edu/~mgursk1/ >finger/mail subject "send pgpkey"|"send index" Hail Eris! -><- O- |Member, >1024/39B5BADD PGP Keyprint=3493 A994 B159 48B7 1757 1E4E 6256 4570 | Team >My opinions are mine alone, even if you should be sharing them. | OS/2 > Senate Finance Committee Chair, SGA 1996-1997 > >-----BEGIN PGP SIGNATURE----- >Version: 2.6.2 >Comment: I am not a number, I am a free man! > >iQCVAwUBMr2dZiKEMrE5tbrdAQGNEwQAjxsj387SAbEQnGr+8j0z12cWpREK/Y8U >e5xCYMMwJ6J+rLip05nZ8uMHfY/anfGW5m2mMrvsVOggMh5Sv9Ljrw3u4uFl66B5 >yU3iU3couXIZx5Dv1QhGdOSZPRpIo7wZGwCGtF4z9TM+cUzEUzA8LMDgavG8fY0D >T+yrGuzhSzg= >=aQ97 >-----END PGP SIGNATURE----- From dthorn at gte.net Mon Dec 23 17:14:48 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 23 Dec 1996 17:14:48 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: <32BF2E0C.303D@gte.net> Ray Arachelian wrote: > On Mon, 23 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > > John Gilmore unsubscribed me from this mailing list (in a very rude manner) > > and I am not allowed to resubscribe. I am not subscribed to this mailing list. > Funny, you post messages here, you read messages from here, IMHO, you > haven't been unscumscribed. Dr. Vulis has in fact been forcibly unsubscribed. He's on my "who cypherpunks" list as of 12 Oct 1996, but does not appear as of 04 Nov, 30 Nov, and 18 Dec, when I last asked for a list. The fact that he still reads the list and does posts only adds to the arguments against censorship, specifically John Gilmore's censorship. (This has got to be embarrassing for Gilmore, hee hee. I'll bet he practices keeping a straight face in front of a mirror, in case anyone brings it up in person.) If, as has been said, assassination is the ultimate form of censorship, then Dr. Vulis has been shot, stoned, beat on, and cement-booted, but he still lives and is a thorn (no pun intended) in the side of would- be censors on the Internet. From moroni at scranton.com Mon Dec 23 17:44:39 1996 From: moroni at scranton.com (Moroni) Date: Mon, 23 Dec 1996 17:44:39 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: Message-ID: I am glad that someone has raised this issue. Two things for myself. Years ago I had both a checking account and a Visa card. i did not want the interest on my Visa so I asked the clerk at Lechter's to take my check with the drivers licensce and they said I had to show a credit card. Then the bitch wrote my whole life's hiustory on the check. The dirver's licensce number, my home phone number , other stuff and all the information contained on the credit card(incidentally some inluding I think Lechter's want at least 6 months left on the card.), I hit the roof . They had enough information for anyone of the dozens of bank,store or business people to really do a job on my life. I just walked out . Then they refused me another time because there wasn't enough months left and eventually wouldn't let me use the card at all because it had expired(though I and my ID hadn't). Scenario number two was recently at the Software Etc store in Scranton ,Pa where much to my consternation I found that the store had written my date of birth on the check. And there is a cute younger guy there that I like to talk shop to. SHIT.).I think that this stuff has really gotten out of hand. Maybe , the answer to all our problems is to draft a privacy bill in varous forms and stages and each member of the list submit it to his or her representative,congressman or senator. That is something that can legally be done and it is practical. I say stages because what we want will never pass the first time in its entirety BUT we could conceiveably get something started. Anybody interested email me personally as I am willing and albe to do a share of the work. I will be unavailable from late Christmas eve until at least the 31 December . I will be at the cuervocon at the FT.Brown Hotel (Holiday Inn side) for the conference that Friday and Saturday(see Cuervocon page). Thanks in Advance Jappy Jolidays Deirdre A. Greene xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx x No success can compensate for failure in the home. x x x xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx From moroni at scranton.com Mon Dec 23 17:50:22 1996 From: moroni at scranton.com (Moroni) Date: Mon, 23 Dec 1996 17:50:22 -0800 (PST) Subject: Legality of requiring credit cards? (fwd) In-Reply-To: Message-ID: I can't see how it is legal to allow credit card agencies. Where is the legality if the individual doesn't want to be included in its data bases? There is no voluntaryness on the part of the major part of the population.Has anyone ever questioned the legality of the existence of these credit reporting agencies. On Sun, 22 Dec 1996, Charles Gimon wrote: > Date: Sun, 22 Dec 1996 23:22:54 -0600 (CST) > From: Charles Gimon > To: cypherpunks at toad.com > Subject: Legality of requiring credit cards? (fwd) > > Forwarded message: > > Date: Sun, 22 Dec 1996 15:43:28 -0500 (EST) > > From: Michael Gurski > > Subject: Legality of requiring credit cards? > > > > It's that wonderful season again, when all the assholes are out in > > force, and people feel obligated to purchase merchandise to give to > > each other. For various reasons, I don't believe in credit cards, and > > yet, trying to pay for something by personal check at the local > > Hecht's, they either *require* a credit card, or go through the Nazi > > check-warranty company Equifax. > > > > Equifax does business by tracking reputations, as do all credit > reporting companies. That's how a free market handles bad checks. > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx x No success can compensate for failure in the home. x x x xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx From mpd at netcom.com Mon Dec 23 18:13:12 1996 From: mpd at netcom.com (Mike Duvos) Date: Mon, 23 Dec 1996 18:13:12 -0800 (PST) Subject: Ebonics In-Reply-To: <32BF2E0C.303D@gte.net> Message-ID: <199612240213.SAA22150@netcom7.netcom.com> Dale Thorn writes: > Dr. Vulis has in fact been forcibly unsubscribed. He's on my "who > cypherpunks" list as of 12 Oct 1996, but does not appear as of > 04 Nov, 30 Nov, and 18 Dec, when I last asked for a list. > The fact that he still reads the list and does posts only adds to the > arguments against censorship, specifically John Gilmore's censorship. > (This has got to be embarrassing for Gilmore, hee hee. I'll bet he > practices keeping a straight face in front of a mirror, in case anyone > brings it up in person.) The list is archived on the Web in real time, and you don't have to be a subscriber to post to it. I have participated in the list during periods when I was not "suscrived" with little noticable loss in functionality. Facts, which, if known to Gilmore, would have prevented him from making a public ass of himself. Heck, we never unsubscribed Detweiler, and he was certainly consuming orders of magnitude more bandwidth than the good doctor ever has, regardless of what one may think of the S/N ratio. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From jimbell at pacifier.com Mon Dec 23 18:27:08 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 23 Dec 1996 18:27:08 -0800 (PST) Subject: [NOT NOISE] Microsoft Crypto Service Provider API Message-ID: <199612240226.SAA25202@mail.pacifier.com> At 11:21 PM 12/22/96 -0800, geeman at best.com wrote: > >Software that is imported becomes subject to ITAR with respect to >re-exportation, of course (but of course IANALetc.) > >If you can't demonstrate to MSFT that you are >playing by the rules --such that you have the proper export papers >for your code if you plan to export it, for example-- they won't sign, >even if developed outside US. Except that it isn't clear that there are any enforceable "rules," particularly after the Patel decision. >So: you develop a CSP outside US ... you have to IMPORT it to get it signed. >It becomes subject at that point to ITAR export regs. Unless you demonstrate >that you fulfull those requirements, no signature. So there's no relief by >looking at just exporting the signature. You've stated a position, but you haven't supported it. It's the position you might expect the government to take, given its past behavior, but it isn't yet clear that this is the case. Even if, arguably, once-imported software becomes subject to ITAR, it is by no means clear that a "signature" is in any way controlled by ITAR. After all, looked at generously, the "signature" might simply be a plaque or paper certificate, saying "this is wonderful software!" Remember, no matter how long that signature it, it might just happen to be the same string as a compressed bit of data from some other source, etc. The signature might be 16 bits long, for all we know. In short, the "you can't export signatures" is simply more steps removed from the "you can't export crypto software." We have yet to see anybody attempt to enforce this. Jim Bell jimbell at pacifier.com From norm at netcom.com Mon Dec 23 19:16:45 1996 From: norm at netcom.com (Norman Hardy) Date: Mon, 23 Dec 1996 19:16:45 -0800 (PST) Subject: [PGP-USERS] Password Keystroke Snarfer Programs (passphrase protection) In-Reply-To: <1.5.4.32.19961219082542.003d493c@popd.ix.netcom.com> Message-ID: At 8:45 AM -0800 12/19/96, Dave Del Torto wrote: >At 12:25 am -0800 12/19/96, Bill Stewart wrote: .... >> >>Be careful - PGP goes to a lot of effort to overwrite your passphrase >>when it's done using it; Norton or grep or other disk-crawlers are unlikely >>to do so, because that sort of paranoia's not part of their job [elided] > >Indeed, and any malignant passphrase-snarfer is probably going to >anticipate this counter-attack and scramble the text stream it saves >invisibly so that disk sector searches will be unlikely to pop up your >passphrase. We definitely need to build better defenses against this sort >of thing. > The only way I know to solve this problem is to get a real operating system. This excludes the Mac, DOS and its descendents. First the kernel must be designed to prevent programs from installing themselves wherever they wish. (Gasp, even useful prrograms!) Second they must not be encumbered with piles of tools written by people with no sense of security. Such tools are often installed with more authority than they should require. There is a Unix system call that displays the most recent command that any user has typed. This call is used by the ps command to describe the origin of a task. Perhaps NT is new enough that it hasn't gathered all of these holes. I don't use NT so I wouldn't know. From jimbell at pacifier.com Mon Dec 23 19:26:28 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 23 Dec 1996 19:26:28 -0800 (PST) Subject: Untraceable Payments, Extortion, and Other Bad Things Message-ID: <199612240326.TAA29712@mail.pacifier.com> At 10:17 PM 12/22/96 -0800, Vladimir Z. Nuri wrote: >Timmy writes: >>Fortunately for the bulk of us, the likely number of deaths and economic >>losses from such crimes of kidnapping, extortion, and even murder for hire, >>is still likely to be vastly lower than the number of deaths caused by >>powerful central governments enriching themselves and their cronies with >>foreign wars. Not to mention the deaths in the Drug War, the lives wasted >>in other interferences in private behavior, etc. > >imho, it's a very warped kind of mind that insinuates some evil is no >big deal because greater evils exist in the world. You obviously (deliberately?) are misrepresenting May's comment above. It isn't that some kinds of evil are "no big deal": It's that quantiatively, refusing to accept a solution that would prevent, say, 100 deaths, simply because it would cause _one_ DIFFERENT death is foolish and misguided. If you feel inclined to deny this, consider the reverse situation: Would you approve of the saving of one life if it cost 100 lives? (all things being equal.) While most people would feel uncomfortable being asked to make decisions of this kind, that does not mean that one outcome is not identifiably better than another. Jim Bell jimbell at pacifier.com From rkluge at nunic.nu.edu Mon Dec 23 19:47:12 1996 From: rkluge at nunic.nu.edu (bobbi) Date: Mon, 23 Dec 1996 19:47:12 -0800 (PST) Subject: domestic laws/policies Message-ID: hello: I have been following the controversy regarding cryptographic software for some time now, and I am hoping that someone on the list could clarify a point for me: If I wanted to develop software that employs cryptography, or a new cryptographic algorithm, strictly for domestic use and sale, does this algorithm have to be registered with any domestic agency? There is a great deal of information on Gak, and the controversy surrounding it, but as of yet I have not been able to find out this type of information. thanks jg From dlv at bwalk.dm.com Mon Dec 23 19:50:12 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 23 Dec 1996 19:50:12 -0800 (PST) Subject: Ebonics In-Reply-To: <3.0.32.19961223152042.006b5024@mail.execpc.com> Message-ID: "Matthew J. Miszewski" writes: > At 08:55 AM 12/23/96 -0500, Jeff Barber wrote: > >I've never seen Tim "advocate the unemployment" of anyone or any group. > > Funny, did he stutter when he said he regularly *practiced* such > discrimination at Intel? (Such discrimination being based upon Title VII's So, don't buy Intel. AMD's MMX processor supposedly runs circles around Intel. > dispirate impact scenario, a law that Tim and others disregard as is their > civic, as in civil disobedience, duty.) I guess he was unclear when he > stated "Fuck 'em" in a follow up post. Tim is an anarchist (and I do not > mean that in any derogatory way). He not only advocates, but he practices > what he preaches. No - Timmy is a "libertarian" (aka a fucking statist). --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Mon Dec 23 19:50:18 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 23 Dec 1996 19:50:18 -0800 (PST) Subject: Both John Gilmore and Ray Arachelian are liars In-Reply-To: Message-ID: Ray Arachelian writes: > On Mon, 23 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > > > John Gilmore unsubscribed me from this mailing list (in a very rude manner) > > and I am not allowed to resubscribe. I am not subscribed to this mailing li > > Funny, you post messages here, you read messages from here, IMHO, you > haven't been unscumscribed. Now you're calling John Gilmore a liar, because he admitted pulling my plug: ]Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id CAA17866 for cypherpunks-outgoing; Sat, 2 Nov 1996 02:13:32 -0800 (PST) ]Received: from localhost (localhost [127.0.0.1]) by toad.com (8.7.5/8.7.3) with SMTP id CAA17861; Sat, 2 Nov 1996 02:13:26 -0800 (PST) ]Message-Id: <199611021013.CAA17861 at toad.com> ]X-Authentication-Warning: toad.com: Host localhost [127.0.0.1] didn't use HELO protocol ]To: cypherpunks at toad.com, gnu at toad.com ]Subject: Dr. Vulis is not on cypherpunks any more ]Date: Sat, 02 Nov 1996 02:13:26 -0800 ]From: John Gilmore ]Sender: owner-cypherpunks at toad.com ]Precedence: bulk ] ]As stated by Dr. Vulis, he is no longer on the cypherpunks mailing ]list, and indeed majordomo at toad.com HAS been instructed to ignore his ]requests to resubscribe. ] ]I removed him, on my own initiative. I got tired of asking him to ]stop stirring up flames. When he posted a message saying that we'd ]have to use technical means to stop him from flaming the list, I said, ]"OK". ] ]Tim May was not involved. ] ]I've met Dr. Vulis in person. He seemed like a reasonable guy. I ]treated him that way for months, despite his inability to control ]himself on the list. When he ultimately declined to control his ]outbursts after numerous personal requests, I removed him. ] ]The cypherpunks list is for discussions centered around cryptography. ]I'm sure there are several mailing lists where ethnic cleansing ]discussions would be welcome. There are probably even mailing lists ]which encourage people to fire off their best inflammatory messages. ]If there aren't, Dr Vulis could start one. I don't sponsor any. ] ]Cypherpunks, please resist your own temptation to bait him (or anyone ]else). The best defense a mailing list has against flames is to ]simply ignore them. When they don't provoke an emotional response, ]they don't accomplish the poster's goal, and the poster eventually ]wanders off in search of more naive pastures. ] ] John Gilmore ] Note that John clearly unsubscribed me because he didn't like the contents of my messages. Later Timmy May claimed that it had something to do with the size of my submissions (another lie). --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jim at santafe.arch.columbia.edu Mon Dec 23 20:15:53 1996 From: jim at santafe.arch.columbia.edu (Jim Wise) Date: Mon, 23 Dec 1996 20:15:53 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: On Sat, 21 Dec 1996, Timothy C. May wrote: > _government publications_, I think this problem is solved by anarchy. Short > of anarchy, I don't see how any government larger than a truly tiny core > set can possibly pubish official documents, ballots, traffic signs, > driver's license tests, and so on, in the several dozen languages that the > basic brown types are now clamoring for. But Tim, you've just hit on the perfect solution! How 'bout each year the CPunks lobby for another language to be protected? When no law can be passed without being first translated into over 1000 languages, lawmaking will be impossible, and our work will be done. Seriously, though, most of the discussion of the Ebonics issue on this list has been based on a dangerous misconception. At no point has _anyone_ suggested that courses be taught in Ebonics, that Ebonics be taught as a language, or that all faculty be fluent in Ebonics. What _has_ happened is that Ebonics has been added to the list of languages which some students are coming into the school program speaking better than they speak English. Ebonics just goes alongside Spanish, several dialects of Chinese, and a number of other languages whose native speakers may get help from the school district in learning English. I think this approach is foolishness, as it stigmatizes and seperates a group who are not already cut off from the rest of the community, unlike speakers of other designated languages. (Unlike Laotian or Spanish, a `native speaker' of Ebonics can understand `standard' english). This is a far cry from the `mandataed speaking of Ebonics' which CPunks seem so up in arms about. No such program exists or has existed. At any rate, as someone already pointed out, the main reason for the designation of Ebonics as a language is that it overnight doubled the number of students whom Oakland can count towards federal matching funds for ESL... -- Jim Wise jim at santafe.arch.columbia.edu http://www.arch.columbia.edu/~jim * Finger for PGP public key * From blake at bcdev.com Mon Dec 23 20:19:13 1996 From: blake at bcdev.com (Blake Coverett) Date: Mon, 23 Dec 1996 20:19:13 -0800 (PST) Subject: [NOT NOISE] Microsoft Crypto Service Provider API Message-ID: <01BBF127.ACD7C120@bcdev.com> jim bell wrote: > Even if, arguably, once-imported software becomes subject to ITAR, it is by > no means clear that a "signature" is in any way controlled by ITAR. After > all, looked at generously, the "signature" might simply be a plaque or paper > certificate, saying "this is wonderful software!" The signature in question (on a Win32 Crypto Service Provider) is embedded in the executable. Certainly I could rip it out and inject it into an unsigned but otherwise identical copy outside the U.S., but that is obviously not going to be legal under ITAR. ITAR is wrong and should be abolished, but that sort of weasling isn't going to make something legal under the current laws. --- More interesting would be the OS patch that allows an unsigned (or signed by someone other than MS) CSP to be loaded... Hmm, logically the patch must be built in and only need to be switched on as it would be too annoying to debug a CSP if you needed to get it signed every time you built a new version. Microsoft's Authenticode system had such a patch at one time for just that purpose, and all it required was a registry setting. regards, -Blake (off to grep around inside some binaries) From die at pig.die.com Mon Dec 23 20:50:44 1996 From: die at pig.die.com (Dave Emery) Date: Mon, 23 Dec 1996 20:50:44 -0800 (PST) Subject: Lack of security of police Mobile Data Terminals (MDTs) Message-ID: <9612240450.AA24404@pig.die.com> Some months ago I posted an article to cypherpunks commenting on how easy it is to intercept the supposedly secret traffic on the Motorola mobile data terminals used by many police forces to access criminal history and other sensitive information. This data is not seriously encrypted (or encrypted at all in most systems) and illustrates the kind of security by obscurity that some people would like to see continue as the only protection for such information as it is broadcast to the world on open radio channels. Apparently someone saw my comments or had similar thoughts and today I found the following article posted to alt.radio.scanner. I do not know who the author is, and I did not write the article myself - but I think the article may interest some members of the list as it illustrates what civilian cryptography would be like if the NSA had its way... Dave Emery N1PRE die at die.com DIE Consulting Weston Mass. ----------------------- Begin quoted article ---------------------- >From lord at heaven.com Mon Dec 23 23:11:43 EST 1996 Article: 44420 of alt.radio.scanner Xref: world alt.radio.scanner:44420 Path: world!blanket.mitre.org!news.tufts.edu!www.nntp.primenet.com!nntp.primenet.com!howland.erols.net!newsfeed.internetmci.com!news.ro.com!news From: lord Newsgroups: alt.radio.scanner Subject: MDT stuff Date: Mon, 23 Dec 1996 16:04:39 -0600 Organization: screw Lines: 765 Message-ID: <32BF01F6.2742 at heaven.com> Reply-To: lord at heaven.com NNTP-Posting-Host: ts2p5.ro.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; name="Mdt.txt" Content-Transfer-Encoding: 7bit X-Mailer: Mozilla 3.0 (Win95; I) Content-Disposition: inline; filename="Mdt.txt" Greetings one and all, Have you ever lusted to decode Mobile Data Terminal (MDT) tranmissions? Have you ever wanted to see the same NCIC and motor vehicle information that law enforcement officers see? Have you ever wanted to see what officers send to each other over "private" channels? And all this with an interface you can build with only a few dollars worth of parts from your local radio shack? If so this posting might be your rendevous with destiny. The tail end of this posting includes the source code of a program that decodes and displays MDT messages. It stores roughly 30k of messages in a buffer and then writes the whole buffer to a file called "data.dat" before terminating. The program may be interrupted at any time by pressing any key (don't use control-c) at which point it writes the partially filled buffer to "data.dat". This program only works for systems built by Motorola using the MDC4800 tranmission protocol. This accounts for a large fraction of public service MDT systems as well other private systems. The existence of this program is ample evidence that Motorola has misrepresented its MDT systems when it marketed them as a secure means of communcications. The interested reader will soon discover that these systems do not use any form of encryption. Security concerns instead have been dealt with by using a code. "And what might this code be called?" asks the reader. The code turns out to be plain ASCII. What follows is a brief description of how the program and the MDC4800 protocol work. If you don't understand something go to your local library and check out a telecommunications theory book. 1. The raw transmission rate is 4800 baud. The program's interrupt service routine simply keeps track of the time between transitions. If you're receiving a perfect signal this will be some multiple of 1/4800 seconds which would then give you how many bits were high or low. Since this is not the best of all possible worlds the program instead does the following: transitions are used to synchronize a bit clock. One only samples whenever this clock is in the middle of the bit to produce the raw data stream. This greatly reduces jitter effects. 2. Whenever a tranmitter keys up the MDC4800 protocol calls for bit synchronization (a sequence of 1010101010101010....). In the program this will result in receive bit clock synchronization. There is no need to specifically look for the bit sync. 3. Look for frame synchronization in raw bit stream so that data frames can be broken apart. Frame synchronization consists of a 40 bit sequence : 0000011100001001001010100100010001101111. If this sequence is detected (or 35 out of 40 bits match up in the program) the system is idling and the next 112 bit data block is ignored by the program. If the inverted frame sync is detected one immediately knows that 112 bit data blocks will follow. 4. Receive the 112 bit data block and undo the bit interleave. This means that one must reorder the bits in the following sequence : {0,16, 32,48,64,80,96,1,17,33,49,65,81,97,2,18,34,...} if the orignal sequence were received as {0,1,2,3,4,5,6,7,8,...}. 5. Check the convolutional error correcting code and count the number of errors. The error correcting code is rate 1/2 which means we will be left with 56 data bytes. The encoder is constructed so that the output consists of the original data bits interspersed with error correcting code. The generating polynomial used is : 1 + X^-1 + X^-5 + X^-6 Whenever an error is detected a counter is incremented. An attempt is made to correct some errors by finding the syndrome and looking for the bogus bit. 6. Keep receiving 112 bit data blocks until either a new frame sync is found or two consecutive data blocks have an unacceptably large number of errors. 7. Each data block consists of six data bytes; the last 8 bits are status bits that are simply ignored. The program shows the data in two columns - hexadecimal and ASCII. This data is kept in a buffer and is written to the file "data.dat" when the program terminates. 8. What the program doesn't do: As a further check on the data there can be CRC checks. This varies from protocol to protocol so this program does not implement the CRC checks. Nonetheless, it is a relatively trivial matter to find the generating polynomial. The addresses, block counts, and message ID numbers are also quite easy to deduce. As you can see, there is no encryption. The bit interleave and the error correcting coding are there solely to insure the integrity of the ASCII data. Since any moron could have figured this stuff out from scratch one could argue that MDTs do not use "...modulation parameters intentionally witheld from the public". Therefore the Electronic Communications Privacy Act may not prohibit receiving MDT tranmissions. However, consult your attorney to make sure. The total disregard for security will no doubt annoy countless Motorola customers who were assured that their MDT systems were secure. Since Federal law states that NCIC information must be encrypted your local law enforcement agency might be forced to spend millions of dollars to upgrade to a secure MDT system - much to the delight of Motorola and its stockholders. Cynics might conclude that the release of a program like this is timed to coincide with the market saturation of existing MDT systems. Also, this program is completely free and it had better stay that way. What's to prevent you from adapting this into a kit and selling it >from classified ads in the back of Nuts and Volts? Nothing. But take a look at Motorola's patents sometime. You'll notice that this program does things that are covered by a shitload of patents. So any attempt to take financial advantage of this situtation will result in utter misery. Please keep the following in mind: this program only works with the first serial port (COM1). If your mouse or modem is there too bad. If you don't like this rewrite the program. ------------------------------------------------------------------------ What equipment do I need? RADIO SCANNER: A scanner that can receive 850-869 MHz. For those of you who don't know, this is the band where most business and public service trunked radio systems can be found along with the mobile data terminal transmissions. Chances are excellent that if your local authorities have a motorola trunked radio system and mobile data terminals that this is the frequency band in use. Very rarely will one find mobile data terminals in other frequency bands. Now for the fun part - your scanner should probably be modified to allow you to tap off directly from the discriminator output. If you wait until the signal has gone through the radio's internal audio filtering the waveform will likely be too heavily distorted to be decoded. This is exactly the same problem that our friends who like to decode pager transmissions run into - some of them have claimed they can only decode 512 baud pager messages using the earphone output of their scanner. These mobile data terminal messages are 4800 baud so I don't think you have a snowball's chance in hell without using the discriminator output. If you don't know where to begin modifying your scanner you might want to ask those who monitor pagers how to get the discriminator output for your particular radio. COMPUTER/SCANNER INTERFACE Those of you who have already built your interface for decoding pager messages should be able to use that interface without any further ado. For those starting from scratch - you might want to check out packages intended for pager decoding such as PD203 and the interfaces they describe. The following excerpt gives an example of a decoder that should work just fine (lifted out of the PD203 POCSAG pager decoder shareware documentation): > > 0.1 uF |\ +12v > ---||-----------------------|- \| > AF IN | |741 \ > ---- | | /--------------------- Data Out > | \ ------|+ /| | CTS (pin 5/8) > | / 100K | |/-12v | or DSR (pin 6/6) > | \ | | > GND / ----/\/\/\---- GND ------ GND (pin 7/5) > | | 100K > | \ N.B. Pin Numbers for com port are > GND / given as x/y, where x is for a 25 > \ 10K way, y for a 9 way. > / > | > GND > > The above circuit is a Schmitt Trigger, having thresholds of about +/- 1v. > If such a large threshold is not required, eg for a discriminator output, > then the level of positive feedback may be reduced by either reducing the > value of the 10K resistor or by increasing the value of the 100K feedback > resistor. > > The +/- 12v for the op-amp can be derived from unused signals on the COM > port (gives more like +/- 10v but works fine !):- > > > TxD (2/3) --------------|<-------------------------------------- -12v > | | > RTS (4/7) --------------|<-------- GND - - > | | _ + 10uF > --------->|------- - - | > Diodes 1N4148 | - + 10uF GND > | | > DTR (20/4) ------------->|-------------------------------------- +12v > If I were building this circuit I would strongly suggest tying the non-inverting (+) input of the op-amp to ground since you are working directly with the discriminator output and don't need a Schmitt trigger. All these parts or equivalents are easily available (even at your local Radio Shack which stocks the finest collection of components that have failed the manufacturer's quality control checks and supported by a sales staff that's always got the wrong answers to your questions). Also: DO NOT use the RI (ring indicator) as an input to the computer. ------------------------------------------------------------------------- How do I check things? As a first step, I would get a package such as PD203 and use it to decode a few pages. If you can get that working you know that that your interface circuit is functioning correctly. If you are in a reasonably sized town you might be part of the ardis network. The ardis network is a nationwide commercial mobile data terminal network where one can send/receive E-mail messages from one's portable computer. It has been exclusively assigned the frequency of 855.8375 MHz. Therefore, if you can hear digital bursts on this frequency you are basically guarranteed that these are MDC4800 type messages. You should be able to get stuff popping up on your screen although a lot of the messages will not be plain english. If your interface works but you can't seem to get any messages on the screen for a channel you know is a Motorola MDT system then it might be possible that your scanner/interface is putting out data with the polarity reversed. To check for this run the program with a command line arguement. When it runs you should an initial "Polarity reversed" message and hopefully then things will work out for you. Other than that: if this program doesn't work pester someone else who has got it working. Don't bother pestering the author(s) of this posting; the shit(s) aka "she/he/it (s)" are afraid of a thousand lawyers from Motorola descending like fleas to infest their pubic hair and accordingly have decided to remain forever anonymous. No doubt someone on the usenet who sees this post will know what to do with this program and also hopefully rewrite into a more user friendly form. When you do please don't forget to release the source code. ------------------------------------------------------------------------- Future projects/nightmares you might want to think about: Certain MDT systems embed formatting information in the text in the form of ESC plus [ plus a few more bytes. Someone might want to decode these on the fly and format the output so it looks exactly the same way as the user sees it. Make it so that this program works with com ports other than COM1. Make it user friendly? Enlarge the data buffer from the current 30k. Give the output data file an unique name each time the program is run instead of "data.dat". How about sorting through the past traffic so that you only see traffic to a specified user? The program does not cut data blocks off in the display but it might add an extra one or two (which will display as all zeroes). Someone might want to make all those zeroes be shown as blanks instead. Write some real instructions. Now the more ambitous stuff: Are you half-way competent with RF engineering? Then listen in to the tranmissions from the mobile units back to the base station. That way you get everyone's password and user IDs as they log on to the MDT system. By this point you will no doubt have been able to figure out all of the appropriate communications protocols so you should think about getting your own transmitter up and running along with the necessary program modifications so that you can transmit MDT messages. The required transmitter can be very simple - for example, those masocists who want to start from scratch might want to special order an appropriate crystal (pulling the frequency with the computer's tranmit signal), building a frequency multiplier chain, and adding a one watt RF amplifier to top it all off (see the appropriate ARRL publications for more information on radio techniques). Now you can log in and look at the criminal records and motor vehicle information on anybody you can think of. Find out what your neigbors are hiding. Find out who that asshole was that cut you off downtown. Find out where your former girl/boy friend is trying to hide from you. And on and on... Those with simpler tastes might want to simply transmit at the base station's frequency to any nearby MDT terminal - now you too can dispatch your local law enforcement agencies at the touch of your fingers!!! See your tax dollars at work tearing apart every seam of your neighbor's house. Or create strife and dissension in your local law enforcement agency as more and more officers come out of the closet using their MDTs trying to pick up fellow officers. There are municipalities that have put GPS receivers on all of their vehicles. Should it happen that the information is sent back over one of these networks you could have your computer give you a real-time map showing the position of every vehicle and how far away they are from you. Extend your knowledge to other data networks. Here you will want to look at the RAM mobile data network. It uses the MOBITEX protocol which is really easy to find information on. Since it is an 8 kilobaud GMSK signal there is a decent chance that you can use the interface described here. This transmission mode demmands much more from your equipment than MDT tranmissions. At the very least you must be much more careful to make sure you have adequate low frequency response. Despite this it is possible to receive and decode MOBITEX transmissions with a simple op-amp circuit! This just goes to show you what drivelling bullshit RAM's homepage is filled with - they explain in great detail how hackers will never be able to intercept user's radio tranmissions (incidentally explaining how to decode their tranmissions). The necessary program will be the proverbial exercise left for the reader. For better performance buy a dedicated MOBITEX modem chip and hook it up to your computer. ----------------------------------------------------------------------- A few words about the program: Remember - you must have your decoder hooked up to COM1. The RTS line will be positive and the DTR line negative but if you built the decoder with a bridge rectifier you really don't have to worry about their polarity. Stop the program by punching any key; don't use control-c or control-break! If you must reverse polarity run the program with any command line arguement (example: type in "mdt x" at the command line if your program is mdt.exe). You should then see the "Polarity Reversed." message pop up and hopefully things will then work. As far as compiling this - save the latter portion of this posting (the program listing) and feed it to a C compiler. Pretty much any C compiler from Borland should work. If you (Heaven Forbid) use a Microsoft C compiler you might need to rename some calls such as outport. Follow any special instructions for programs using their own interrupt service routines. This program is not object oriented. It also does not want anything whatsoever to do with Windows. Please don't even think about running this program under Windows. Finally, here it is: Good Luck and may God be with you! ---------------------- C u t H e r e ! ! ! -------------------------- /* start of program listing */ #include #include #include #include /* Purpose of program: receive messages using the Motorola MDC4800 */ /* protocol and show them on the screen */ /* */ /* WARNING TO ALL : This program is free. Please distribute and modify*/ /* this program. I only request that you always include the source */ /* code so that others may also learn and add improvements. The */ /* status of this program at the time of the original release is : */ /* it doesn't have much in the way of a user interface or options but */ /* it should work if you follow the procedure in the text file. Don't */ /* expect any sort of support (you get what you pay for - nothing in */ /* this case). Finally, here's a special message to all of you who */ /* might have the urge to try to make money with this information: */ /* I know where you live. I will shave your pets and pour rubbing */ /* alcohol all over them (unless said pet happens to be a Rottweiler).*/ /* I will have sex with your wife while you off at work; on the rare */ /* occasions when you have sex with your wife she will in the throes */ /* of passion cry not your name but mine. I will sell drugs to the */ /* demented spawn you refer to as your children. And if that's not */ /* enough for you let a thousand lawyers from motorola descend on you */ /* and pound your fat rear end so far into the ground that it finally */ /* sees daylight again somewhere in Australia. */ /* */ /* */ /* General tidbits (a few of those "Why were things done this way */ /* questions). */ /* 1. Why is captured data kept in an array and only written to a */ /* disk file at the very end? Because disk access seems unreliable */ /* when so much time is taken up by the background interrupt service */ /* routine. */ /* 2. Why is the array storing this so small? Because yours truly was */ /* too damn lazy to use a pointer and allocate a huge chunk of memory.*/ /* (Hint for those of you who would like to improve this. */ /*--------------------------------------------------------------------*/ /* global variables */ int lc=0; char fob[30000];/* output buffer for captured data to be sent to disk */ int foblen=29900; int fobp=0; /* pointer to current position in array fob */ char ob[1000]; /* output buffer for packet before being sent to screen */ int obp=0; /* pointer to current position in array ob */ static unsigned int buflen= 15000; /* length of data buffer */ static volatile unsigned int cpstn = 0; /* current position in buffer */ static unsigned int fdata[15001] ; /* frequency data array */ void interrupt (*oldfuncc) (); /* vector to old com port interrupt */ /**********************************************************************/ /* this is serial com port interrupt */ /* we assume here that it only gets called when one of the status */ /* lines on the serial port changes (that's all you have hooked up). */ /* All this handler does is read the system timer (which increments */ /* every 840 nanoseconds) and stores it in the fdata array. The MSB */ /* is set to indicate whether the status line is zero. In this way */ /* the fdata array is continuously updated with the appropriate the */ /* length and polarity of each data pulse for further processing by */ /* the main program. */ void interrupt com1int() { static unsigned int d1,d2,ltick,tick,dtick; /* the system timer is a 16 bit counter whose value counts down */ /* from 65535 to zero and repeats ad nauseum. For those who really */ /* care, every time the count reaches zero the system timer */ /* interrupt is called (remember that thing that gets called every */ /* 55 milliseconds and does housekeeping such as checking the */ /* keyboard. */ outportb (0x43, 0x00); /* latch counter until we read it */ d1 = inportb (0x40); /* get low count */ d2 = inportb (0x40); /* get high count */ /* get difference between current, last counter reading */ tick = (d2 << 8) + d1; dtick = ltick - tick; ltick = tick; if ((inportb(0x3fe) & 0xF0) > 0) dtick = dtick ^ 0x8000; else dtick = dtick & 0x3fff; fdata[cpstn] = dtick; /* put freq in fdata array */ cpstn ++; /* increment data buffer pointer */ if (cpstn>buflen) cpstn=0; /* make sure cpstn doesnt leave array */ d1 = inportb (0x03fa); /* clear IIR */ d1 = inportb (0x03fd); /* clear LSR */ d1 = inportb (0x03fe); /* clear MSR */ d1 = inportb (0x03f8); /* clear RX */ outportb (0x20, 0x20); /* this is the END OF INTERRUPT SIGNAL */ /* "... that's all folks!!!!" */ } void set8250 () /* sets up the 8250 UART */ { static unsigned int t; outportb (0x03fb, 0x00); /* set IER on 0x03f9 */ outportb (0x03f9, 0x08); /* enable MODEM STATUS INTERRUPT */ outportb (0x03fc, 0x0a); /* push up RTS, DOWN DTR */ t = inportb(0x03fd); /* clear LSR */ t = inportb(0x03f8); /* clear RX */ t = inportb(0x03fe); /* clear MSR */ t = inportb(0x03fa); /* clear IID */ t = inportb(0x03fa); /* clear IID - again to make sure */ } void set8253() /* set up the 8253 timer chip */ { /* NOTE: ctr zero, the one we are using*/ /* is incremented every 840nSec, is */ /* main system time keeper for dos */ outportb (0x43, 0x34); /* set ctr 0 to mode 2, binary */ outportb (0x40, 0x00); /* this gives us the max count */ outportb (0x40, 0x00); } /****************************************************************/ int pork(int l) { static int s=0,sl=0x0000,t1,asp=0,ll,k,v,b,tap,synd=0,nsy; static char line[200]; /* array used to format 112 bit data chunks */ static int lc=0; /* pointer to position in array line */ if (l == -1) { /* printf (" %2i\n",asp); */ sl = 0x0000; s = 0; synd = 0; if ((asp <12) && (lc > 50)) { ll = 12 - asp; for (ll=0; ll<6; ll++) { v = 0; for (k=7; k>=0; k--) { b = line[ (ll<<3) +k ]; v = v << 1; if ( b == 49) v++; } ob[obp] = (char) v; if (obp < 999) obp++; } } lc = 0; tap = asp; asp = 0; return(tap); } else { s++; if (s==1) { line[lc] = (char) l; lc++; } /* update sliding buffer */ sl = sl << 1; sl = sl & 0x7fff; if (l == 49) sl++; if (s >1) { s = 0; if ((sl & 0x2000) > 0) t1 = 1; else t1 = 0; if ((sl & 0x0800) > 0) t1^=1; if ((sl & 0x0020) > 0) t1^=1; if ((sl & 0x0002) > 0) t1^=1; if ((sl & 0x0001) > 0) t1^=1; /* attempt to identify, correct certain erroneous bits */ synd = synd << 1; if (t1 == 0) { asp++; synd++; } nsy = 0; if ( (synd & 0x0001) > 0) nsy++; if ( (synd & 0x0004) > 0) nsy++; if ( (synd & 0x0020) > 0) nsy++; if ( (synd & 0x0040) > 0) nsy++; if ( nsy >= 3) /* assume bit is correctable */ { printf ("*"); synd = synd ^ 0x65; line[lc - 7] ^= 0x01; /**********************************************/ } } } return(0); } void shob() { int i1,i2,j1,j2,k1; /* update file output buffer */ i1 = obp / 18; if ( (obp-(i1*18)) > 0) i1++; fob[fobp] = (char) (i1 & 0xff); if (fobp < 29999) fobp++; for (i2 = obp; i2<=(obp+20); i2++) ob[i2] = 0; for (j1 = 0; j1 < i1; j1++) { for (j2 = 0; j2 < 18; j2++) { k1 = j2 + (j1*18); printf("%02X ", ob[k1] & 0xff); fob[fobp] = (char) (ob[k1] & 0xff); if (fobp < 29999) fobp++; } printf (" "); for (j2 = 0; j2 < 18; j2++) { k1 = j2 + (j1*18); if (ob[k1] >=32) printf("%c",ob[k1]); else printf("."); } printf("\n"); } obp=0; printf("BUFFER: %3i percent full\n",(int)(fobp/299.0)); } /**********************************************************************/ /* frame_sync */ /**********************************************************************/ /* this routine recieves the raw bit stream and tries to decode it */ /* the first step is frame synchronization - a particular 40 bit */ /* long sequence indicates the start of each data frame. Data frames */ /* are always 112 bits long. After each 112 bit chunk this routine */ /* tries to see if the message is finished (assumption - it's finished*/ /* if the 40 bit frame sync sequence is detected right after the end */ /* of the 112 bit data chunk). This routine also goes back to hunting */ /* for the frame sync when the routine processing the 112 bit data */ /* chunk decides there are too many errors (transmitter stopped or */ /* bit detection routine skipped or gained an extra bit). */ /* */ /* inputs are fed to this routine one bit at a time */ /* input : 48 - bit is a zero */ /* 49 - bit is a 1 */ void frame_sync(char gin) { static unsigned int s1=0,s2=0,s3=0,nm,j,t1,t2,t3,ns=0,st=0,n,m,l,chu=0,eef=0; static char ta[200]; if (st == 1) { ta[ns] = gin; ns++; if (ns >= 112) /* process 112 bit chunk */ { chu++; ns = 0; for (n= 0; n<16; n++) { for (m=0; m<7; m++) { l = n + (m<<4); pork(ta[l]); } } if (pork(-1) > 20) eef++; else eef=0; if (eef > 1) /* if two consecutive excess error chunks - bye */ { st = 0; shob(); eef = 0; } /* else eef = 0; */ } } /* s1,s2,s3 represent a 40 bit long buffer */ s1 = (s1 << 1) & 0xff; if ((s2 & 0x8000) > 0) s1++; s2 = (s2 << 1); if ((s3 & 0x8000) > 0) s2++; s3 = (s3 << 1); if (gin == 49) s3++; /* xor with 40 bit long sync word */ t1 = s1 ^ 0x0007; t2 = s2 ^ 0x092A; t3 = s3 ^ 0x446F; /* find how many bits match up */ /* currently : the frame sync indicates system id / idling / whatever */ /* inverted frame sync indicates message follows */ nm = 0; for (j=0; j<16; j++) { if (t1 & 1) nm++; if (t2 & 1) nm++; if (t3 & 1) nm++; t1 = t1 >> 1; t2 = t2 >> 1; t3 = t3 >> 1; } if (nm < 5) { st = 1; ns = 0; } else if (nm > 35) { if (st==1) { shob(); } st = 0; ns = 0; } } void main (int argc) { unsigned int n,i=0,j,k,l,cw1=49,cw0=48; FILE *out; char s=48; double pl,dt,exc=0.0,clk=0.0,xct; if (argc > 1) { printf ("Reverse Polarity.\n"); cw1 = 48; cw0 = 49; } /* dt is the number of expected clock ticks per bit */ dt = 1.0/(4800.0*838.8e-9); oldfuncc = getvect(0x0c); /* save COM1 Vector */ setvect (0x0c, com1int); /* Capture COM1 vector */ n = inportb (0x21); /* enable IRQ4 interrupt */ outportb(0x21, n & 0xef); set8253(); /* set up 8253 timer chip */ set8250(); /* set up 8250 UART */ while ((kbhit() == 0) && (fobp<29900)) { if (i != cpstn) { if ( ( fdata[i] & 0x8000) != 0) s = cw1; else s = cw0; /* add in new number of cycles to clock */ clk += (fdata[i] & 0x7fff); xct = exc + 0.5 * dt; /* exc is current boundary */ while ( clk >= xct ) { frame_sync(s); clk = clk - dt; } /* clk now holds new boundary position. update exc slowly... */ /* 0.005 sucks; 0.02 better; 0.06 mayber even better; 0.05 seems pretty good */ exc = exc + 0.020*(clk - exc); i++; if( i >buflen) i = 0; } } outportb (0x21, n); /* disable IRQ4 interrupt */ setvect (0x0c, oldfuncc); /* restore old COM1 Vector */ /* save captured data to disk file */ i = 0; out = fopen("data.dat","wt"); if (out == NULL) { printf ("couldn't open output file.\n"); exit(1); } i = 0; while ( (i < fobp) && (i < 29800)) { j = ((int)fob[i] & 0xff); i++; for (k=0; k=32) fprintf(out,"%c",n); else fprintf(out,"."); } fprintf(out,"\n"); } fprintf(out,"\n"); } fclose(out); } /* end of program listing */ From pclow at extol.com.my Mon Dec 23 21:40:28 1996 From: pclow at extol.com.my (pclow) Date: Mon, 23 Dec 1996 21:40:28 -0800 (PST) Subject: Certified primes Message-ID: <96Dec24.215013gmt+0800.21916@portal.extol.com.my> So? Are you jealous? >Timmy `C' May is a certified sexual pervert who wears women's >underwear. From jimbell at pacifier.com Mon Dec 23 22:33:22 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 23 Dec 1996 22:33:22 -0800 (PST) Subject: [NOT NOISE] Microsoft Crypto Service Provider API Message-ID: <199612240632.WAA13453@mail.pacifier.com> At 11:18 PM 12/23/96 -0500, Blake Coverett wrote: >jim bell wrote: >> Even if, arguably, once-imported software becomes subject to ITAR, it is by >> no means clear that a "signature" is in any way controlled by ITAR. After >> all, looked at generously, the "signature" might simply be a plaque or paper >> certificate, saying "this is wonderful software!" > >The signature in question (on a Win32 Crypto Service Provider) is embedded >in the executable. Certainly I could rip it out and inject it into an unsigned >but otherwise identical copy outside the U.S., but that is obviously not >going to be legal under ITAR. Who says "that is obviously not going to be legal under ITAR"? Personal computers themselves are devices which can do encryption, given appropriate software, and yet export of such devices goes on every day. Operating systems are capable of calling programs like PGP, and yet they are exported every day. (This is by no means a trivial issue. If I were to ask you, "Would you rather somebody give you a $1000 computer and FAIL to give you a copy of good encryption software (which is also available, free, on the 'net), or give you the software and FAIL to give you the $1000 computer, I think most people would happily choose the former, knowing that they can easily remedy the former's drawbacks.) Remember, the only reason "signatures" have any significance is if somebody else writes a program which looks for that signature before deciding whether to run a program. If the "signature" involved simply says "Hi there!" (or is sufficiently short as to be easily reverse-engineerable), presumably the fault lies with somebody else, NOT the person who just happens to export 128 bits of value suspiciously identical to a value appended to a domestic copy of the program. >ITAR is wrong and should be abolished, but that sort of weasling isn't >going to make something legal under the current laws. It isn't necessary to "make something legal." Ostensibly, under our legal system, activities are legal unless there is a law to make them illegal. (some would include regulations in this... I don't believe that constitutionally, "regulations" are enforceable against non-government people or corporations.) I believe we should fight to decrease the envelope of what the government tries to force us/keep us from doing. If I had proposed, 10 years ago, that programs be signed (whether or not they had anything to do with crypto), that would have been legally irrelevant under ITAR. I argue that the fact that a program exists, somewhere out there, that looks at the signature before running a program, that cannot per se make the signature non-exportable. (Otherwise, if NO program existed with those characteristics of being able to run that software, presumably that software could be exported freely because it was totally non-functional.) If anything, if the government doesn't want crypto to leave the US, that's their row to hoe and they're gonna fail. Giving ANYONE authority to export a program (or OS, or computer) simply because it first checks a signature, should not be interpreted as to put the onus on everyone else to ensure that the signatures are "legal." Otherwise, it could have been just as effectively argued that once PGP 1.0 had been written, any PC-clone ever built automatically because a device potentially capable of encryption, and thus the government would (arguably) be entitled to prohibit its export. Since the US government hasn't insisted that every computer being exported since 1991 be incapable of running good crypto (example: PGP) presumably that is a valid precedent that merely enabling good crypto does not constitute some sort of automatic ban. A signature enables crypto no more than a CPU or operating system does. I say all this, not because I believe the government CAN'T do this, or WON'T do this, but because there is no precedent (that I know of) restricting the export of small pieces of data. They aren't crypto programs, or anywhere close. The only nexus of restriction is presumably crypto programs, and signatures aren't that! Jim Bell jimbell at pacifier.com From nobody at huge.cajones.com Mon Dec 23 23:17:23 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Mon, 23 Dec 1996 23:17:23 -0800 (PST) Subject: Zero-knowledge interactive proofs Message-ID: <199612240717.XAA30847@mailmasher.com> Timmy C. Mayo prefers to have sex with little kids because his own penis is like that of a three-year-old. \ o/\_ Timmy C. Mayo <\__,\ '\, | From admin at veracruz.net Mon Dec 23 23:30:45 1996 From: admin at veracruz.net (Adam Breaux) Date: Mon, 23 Dec 1996 23:30:45 -0800 (PST) Subject: Encryption Algorithms Message-ID: <19961224073216350.AAA253@monalisa> Is there a good source on the net for implemented C/C++ routines such as a DES algorithm? I am a programmer in need of some fairly secure encryption routine. Any help would be greatly appreciated. Thanks AdamX --- Adam Breaux admin at veracruz.net http://www.veracruz.net {Corporate Page } http://www.abyss.com {Extracurricular} http://www.iso-america.com {In Search Of...} "Violence is a cruel world doing what it does best...break the habit...BE NICE" --- me. From grafolog at netcom.com Tue Dec 24 00:13:03 1996 From: grafolog at netcom.com (jonathon) Date: Tue, 24 Dec 1996 00:13:03 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: Message-ID: On Mon, 23 Dec 1996, Steve Schear wrote: > If you want hassle-free shopping use legal tender (except for rentals> Not always true. Go shopping with a wad of $100.00 bills. Most stores don't accept them, regardless of the amount of purchase, without additional ID. Try buying a new car, paying for it with $100.00 bills. You might enjoy filling out the paperwork that is required to do so. From toto at sk.sympatico.ca Tue Dec 24 01:57:51 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Tue, 24 Dec 1996 01:57:51 -0800 (PST) Subject: Unsubscribing Dr. Vulius In-Reply-To: Message-ID: <32BFC56B.2E91@sk.sympatico.ca> > ]To: cypherpunks at toad.com, gnu at toad.com > ]Subject: Dr. Vulis is not on cypherpunks any more > ]From: John Gilmore > ]As stated by Dr. Vulis, he is no longer on the cypherpunks mailing > ]list, and indeed majordomo at toad.com HAS been instructed to ignore his > ]requests to resubscribe. > ] > ]The cypherpunks list is for discussions centered around cryptography. I agree totally. My friends in Berkeley agree that cryptography discussions should stick to more relevant topics, like Ebonics. We had a lively debate, over tea and crumpets, the other day, and decided that it was well worth sorting through pages and pages of 'crackers' making fun of 'niggah tok' in order to find out that crack dealers are using 'street cryptography.' As well, there were some enlightening posts re: Ebonics syntax; clarifying the proper use of 'dis' and 'dat'. Some in our group were of the mind that Dr.VD K's occasional rants in regard to mass slaughter were a timely reminder of the end result of individuals, groups, or governments being able to 'classify' us into categories that can be marked for 'deletion'. But they were mostly 'domestic' tea-drinkers, anyway, so their views are really of little importance. The majority were happy that you marked Dr. DV K for 'deletion'. Our topic of discussion tomorrow will be, "Censorship / The 'Final Solution' to Dr. DV K, Or Just 'Attack Cryptography'?" There are those of the mind that censorship is comparable to distributing 'bogus' copies of a person's Public Key, and scrambling their Private Key, effectively denying them any communication with society. However, these people are, once again, the 'domestic' tea- drinkers. I am sure that your actions in regard to Dr. Vulius will be a strong message to other CypherPunks that they had better toe-the-line, or else. Perhaps it would also be useful to go through the CypherPunk archives and send personal warnings to those on the list who appear to have encouraged him in the past. If their postings leave their attitude unclear in your mind, then you might want to check their 'web history' and find out what sites they have been visiting, to confirm whether or not they are of an 'acceptable' frame of mind. Sincerely, Toto From bart at netcom.com Tue Dec 24 01:58:39 1996 From: bart at netcom.com (Harry Bartholomew) Date: Tue, 24 Dec 1996 01:58:39 -0800 (PST) Subject: Papers Galore, address correction Message-ID: <199612240958.BAA10235@netcom23.netcom.com> Forwarded message: > Date: Mon, 23 Dec 1996 15:16:39 -0500 > To: cypherpunks at toad.com > From: John Young > Subject: Papers Galore > > The NSA-hosted National Information Systems Security > Conference, held in October, 1996, has made a wide > range of papers available (in PDF format), and listed in: > > http://csrc.nist.gov/nissc/1996/papers/NISSC/toc.pdf (110kb) > ^^^^^ should be NISSC96 Happy Holidays b From toto at sk.sympatico.ca Tue Dec 24 03:31:52 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Tue, 24 Dec 1996 03:31:52 -0800 (PST) Subject: Pretty Lousy Privacy In-Reply-To: <3.0.32.19961223213942.006982e8@smtp1.abraxis.com> Message-ID: <32BFD547.3A1A@sk.sympatico.ca> Alec wrote: > I have not been sucessful producing my fingerprint with PLP though I > am certain it has been installed correctly. > > What does one look like? I mean, how will I know I have a > fingerprint; oh, you know! Alec, There is an Example below: -----BEGIN PLP SIGNATURE----- Version: 1.0 gamma Enter Full Name: Carl Johnson Enter Password: minimumsecurity Enter Residence Address: 709 Security Place, ButtFuck, Saskatchewan Does Your Home Contain Valuables: Yes When Do You Start Your Vacation: Feb. 9th How Long Will You Be Away: Two weeks -----END PLP SIGNATURE----- Hope this has been of help. Toto From toto at sk.sympatico.ca Tue Dec 24 03:31:52 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Tue, 24 Dec 1996 03:31:52 -0800 (PST) Subject: that cyber holiday card... In-Reply-To: <199612231821.NAA22877@hamp.hampshire.edu> Message-ID: <32BFD92E.1283@sk.sympatico.ca> Gary Raynes wrote: > > Teri Zuckerman wrote: > > > > To whomever sent that electronic card... I fwd. it to a friend of mine, and > > now it's wrecking his hard drive! please respond... > > > > -Teri > > Wow! I'm sorry. I did check it for a virus with 2 different anti-virus > programs before I sent it to anyone. > I'll see what I can find out about it and get back to you . > Has anyone else had any problems like that? > Gary R. From toto at sk.sympatico.ca Tue Dec 24 03:33:35 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Tue, 24 Dec 1996 03:33:35 -0800 (PST) Subject: The LIST In-Reply-To: <199612230801.AAA24862@adnetsol.adnetsol.com> Message-ID: <32BFD210.146C@sk.sympatico.ca> Ross Wright wrote: > > Yes, Dr., this latest tripe that has spewed forth from Tim's keyboard > reeks of bigotry. And all this time I felt you may have been too > hard on him. This latest rant of his has made me reconsider your > rough treatment of Mr. May. I kinda think he deserves a slapping > right now. Supporting Dr. DV K, are we? OK, pal, now your on the LIST, too. From adam at homeport.org Tue Dec 24 04:28:13 1996 From: adam at homeport.org (Adam Shostack) Date: Tue, 24 Dec 1996 04:28:13 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: Message-ID: <199612241223.HAA14556@homeport.org> jonathon wrote: | On Mon, 23 Dec 1996, Steve Schear wrote: | | > If you want hassle-free shopping use legal tender (except for rentals> | | Not always true. | | Go shopping with a wad of $100.00 bills. Most stores don't | accept them, regardless of the amount of purchase, without | additional ID. Did they require statist ID? (Speaking of which, is a state university student ID considered 'government issued?' How about a faculty or staff ID card?) Adam "Never had a problem paying with hundreds either. Maybe its my 'You will need to get your manager' attitude." -- "It is seldom that liberty of any kind is lost all at once." -Hume From jya at pipeline.com Tue Dec 24 05:47:41 1996 From: jya at pipeline.com (John Young) Date: Tue, 24 Dec 1996 05:47:41 -0800 (PST) Subject: MOD_ify Message-ID: <1.5.4.32.19961224134346.006c9c20@pop.pipeline.com> 12-23-96: "White House Seeks Input on Electronic Commerce Policy" "A Framework for Global Electronic Commerce," will be available at: http://www.whitehouse.gov . The draft report does not address in detail the Administration's policy on encryption. "Vendors coalesce on encryption" An analyst said he expects the vendors "to get pretty inventive" in circumventing rules, such as by reregistering their headquarters in Bermuda if the regulations are perceived as unworkable. "Expert warns of lax security on Web" Dan Farmer, citing his just-completed study, says up to two-thirds of certain Web sites, including reputable institutions like banks and the media, are vulnerable to hacker attacks. "ITAA Airs Concerns on Encryption Regs" ITAA asked President Clinton to intervene to modify the draft regulations before they go into effect in any form. ----- MOD_ify From jeffb at issl.atl.hp.com Tue Dec 24 05:54:28 1996 From: jeffb at issl.atl.hp.com (Jeff Barber) Date: Tue, 24 Dec 1996 05:54:28 -0800 (PST) Subject: Ebonics In-Reply-To: <3.0.32.19961223152042.006b5024@mail.execpc.com> Message-ID: <199612241405.JAA16350@jafar.issl.atl.hp.com> Matthew J. Miszewski writes: > At 08:55 AM 12/23/96 -0500, Jeff Barber wrote: > >I've never seen Tim "advocate the unemployment" of anyone or any group. > > Funny, did he stutter when he said he regularly *practiced* such > discrimination at Intel? Matt, buy a dictionary. "Practicing discrimination" is not the same as "advocating unemployment". I guess when I decline to hire you as my lawyer, I'll be "advocating your unemployment?" -- Jeff From blake at bcdev.com Tue Dec 24 06:09:21 1996 From: blake at bcdev.com (Blake Coverett) Date: Tue, 24 Dec 1996 06:09:21 -0800 (PST) Subject: Legality of requiring credit cards? Message-ID: <01BBF17A.1E08ADD0@bcdev.com> jonathon wrote: > Go shopping with a wad of $100.00 bills. Most stores don't > accept them, regardless of the amount of purchase, without > additional ID. I bought a new PC a few months ago with just shy of $7K worth of $100 bills. No one even blinked. regards, -Blake (cash is good) From paul at fatmans.demon.co.uk Tue Dec 24 07:49:41 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Tue, 24 Dec 1996 07:49:41 -0800 (PST) Subject: Armenians (was Securing ActiveX) Message-ID: <851441030.96376.0@fatmans.demon.co.uk> > "Generalisation"? It's a historical fact that Armenians have murdered > 2,500,000 Turks, Kurds, and Sephardic Jews in this century alone. Yes it was, you stated that "Armenians are murderous cowards", whether that is true in the majority of cases I am not well qualified to comment but to make a statement to the effect that an entire class of people are genocidal because a number (even a majority) of them are seems to me a sweeping generalisation. > Interesting. Paul Bradley does not consider Timmy May's (fart) latest rants > on "ebonics" and "colored race" to be racist? I think Timmy May hates > blacks even more than he hates Jews. Let's quote Timmy's sick garbage on > soc.culture.african.american and ask if they find it offensive and racist. My point was not that you had no right to be racist, you have every right to discriminate against someone on the basis of their colour, religion etc... my point was you are standing on very thin ice when you flame someone for being racist then post racist comments yourself. Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey" From TOPALOVICH at terraglyph.com Tue Dec 24 07:55:36 1996 From: TOPALOVICH at terraglyph.com (Mike Topalovich) Date: Tue, 24 Dec 1996 07:55:36 -0800 (PST) Subject: Legality of requiring credit cards? Message-ID: > > Not always true. > > Go shopping with a wad of $100.00 bills. Most stores don't > accept them, regardless of the amount of purchase, without > additional ID. > > Try buying a new car, paying for it with $100.00 bills. > You might enjoy filling out the paperwork that is required > to do so. > It's not necessarily because you are paying with $100 bills. The IRS requires banks and other businesses to report all cash transactions exceeding $10,000 by means of a Currency Transaction Report (CTR). This is a way for the IRS to track money laundering. There happens to be two lines on the form asking for the number of $50 and $100 bills, but those lines are optional. Mike topalovich at terraglyph.com > From rwright at adnetsol.com Tue Dec 24 08:07:48 1996 From: rwright at adnetsol.com (Ross Wright) Date: Tue, 24 Dec 1996 08:07:48 -0800 (PST) Subject: The LIST Message-ID: <199612241607.IAA01879@adnetsol.adnetsol.com> On or About 24 Dec 96 at 4:52, Carl Johnson wrote: > Ross Wright wrote: > > > > Yes, Dr., this latest tripe that has spewed forth from Tim's > > keyboard reeks of bigotry. And all this time I felt you may have > > been too hard on him. This latest rant of his has made me > > reconsider your rough treatment of Mr. May. I kinda think he > > deserves a slapping right now. > > Supporting Dr. DV K, are we? > OK, pal, now your on the LIST, too. Not the first "LIST" I've been "put" on. Ross =-=-=-=-=-=- Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From dlv at bwalk.dm.com Tue Dec 24 08:10:43 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 24 Dec 1996 08:10:43 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: Message-ID: Moroni writes: ... > Maybe , the answer to all our problems is to draft a privacy bill in > varous forms and stages and each member of the list submit it to his or > her representative,congressman or senator. That is something that can > legally be done and it is practical. I say stages because what we want > will never pass the first time in its entirety BUT we could conceiveably > get something started. ... Fucking statists! But if you do, take a look at the privacy laws in Europe, they go much farther than the laws here. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Dec 24 08:10:52 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 24 Dec 1996 08:10:52 -0800 (PST) Subject: Ebonics In-Reply-To: <199612240213.SAA22150@netcom7.netcom.com> Message-ID: While on the subject of Yebonics: The following funny (what else) article just showed up in my rec.humor.funny: ]From: feuer at netcom.com (Ted Feuerbach) ]Newsgroups: rec.humor.funny ]Subject: Ebonics: Other New Dialects ]Keywords: topical, smirk, stereotypes ]Message-ID: ]Date: Tue, 24 Dec 96 3:20:01 EST ]Lines: 26 ]Approved: funny-request at clari.net ] ]With the Oakland (California) School District accepting Ebonics ](Black English) as a Second Language, I decided that speakers of ]other dialects will want theirs too. ] ]People from: West Virginia - Hillbonics ] ] Jamaica - Mononics ] ] Scotland - Hootmononics ] ] The Southwest - Hisponics ] ] Texas - JoeBonics ] ] Extreme North - Eh?onics ] ] ]The whole concept: Moronics ] ]-- ]Selected by Jim Griffith. MAIL your joke to funny at clari.net. ]The "executive moderator" is Brad Templeton. ] ]Please! No copyrighted stuff. Also no "mouse balls," dyslexic agnostics, ]Clinton/Yeltsin/Gates meets God, or "OJ will walk" jokes. For the full ]submission guidelines, see http://comedy.clari.net/rhf/ --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Dec 24 08:12:57 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 24 Dec 1996 08:12:57 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: <8q3FZD49w165w@bwalk.dm.com> Jim Wise writes: > What _has_ happened is that Ebonics has been added to the list of languages > which some students are coming into the school program speaking better than > they speak English. Ebonics just goes alongside Spanish, several dialects > of Chinese, and a number of other languages whose native speakers may get > help from the school district in learning English. In NYC you see occasional signs in severely corrupted French, which is supposed to represent the dialect spoken by the inhabitants of Haiti, many of whom actually strive to speak "correct" French, or at least to spell it "correctly". (Note the quotes - I have no respect for the academy or any other authority that presumes to decide what's "correct"). > I think this approach is foolishness, as it stigmatizes and seperates a > group who are not already cut off from the rest of the community, unlike > speakers of other designated languages. (Unlike Laotian or Spanish, a > `native speaker' of Ebonics can understand `standard' english). This is > a far cry from the `mandataed speaking of Ebonics' which CPunks seem so > up in arms about. No such program exists or has existed. Maybe "Yebonics" (this sounds better in Russian - I'll let Igor translate) is a step in the right direction to allow the English language to continue its natural development and to become more like Chinese. I work sometimes with folks from the Carribean who are well-educated but choose to speak the dialect and frankly I find it more logical. Or maybe I just like these guys and my perception is skewed. "I be, we be, you be, he/she/it be, they be" - good. "I go, he go" - good. "I done go" instead of "I went" - good. "Keyboard belong me" instead of "My keyboard" - good. The last one is actually not Black English, but the Pigin English spoken in papua-new guinea. > At any rate, as someone already pointed out, the main reason for the > designation of Ebonics as a language is that it overnight doubled the > number of students whom Oakland can count towards federal matching funds > for ESL... In NYC a student with a Spanish surname will be forcibly put in ESL even if neither s/he nor the parents speak a word of Spanish, or want to. It brings more money to the school. (That's only in public schools, of course). Expect black kids to be forced to stidy "ebonics" whether they want to or not, while white kids will study something useful. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From bdavis at thepoint.net Tue Dec 24 08:16:10 1996 From: bdavis at thepoint.net (Brian Davis) Date: Tue, 24 Dec 1996 08:16:10 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: <01BBF17A.1E08ADD0@bcdev.com> Message-ID: On Tue, 24 Dec 1996, Blake Coverett wrote: > jonathon wrote: > > Go shopping with a wad of $100.00 bills. Most stores don't > > accept them, regardless of the amount of purchase, without > > additional ID. > > I bought a new PC a few months ago with just shy of $7K worth of > $100 bills. No one even blinked. > > regards, > -Blake (cash is good) > Remember that if you go over 10K, the recipient is supposed to file a form 8300 with the IRS .... EBD From sunder at brainlink.com Tue Dec 24 08:42:19 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Tue, 24 Dec 1996 08:42:19 -0800 (PST) Subject: Both John Gilmore and Ray Arachelian are liars In-Reply-To: Message-ID: On Mon, 23 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > Ray Arachelian writes: > > > On Mon, 23 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > > > > > John Gilmore unsubscribed me from this mailing list (in a very rude manner) > > > and I am not allowed to resubscribe. I am not subscribed to this mailing li > > > > Funny, you post messages here, you read messages from here, IMHO, you > > haven't been unscumscribed. > > Now you're calling John Gilmore a liar, because he admitted pulling my plug: <... deletia...> Right, I agree that you have been removed from majordomo's list of "subscribers" however you haven't been removed in as much as you can still read the list and in as much as you can post messages. So what is the difference were you subscribed? Were you subscribed you could also post and read messages. Now that you are unsubscribed, you can also post and read messages. What's the difference? Whatever Mr. Gilmore did made no differece. You still read. You still post. If he wanted to totally remove you, you wouldn't be able to post at all. Yet, you still do. The rumors of your forced unsubscription are clearly greatly exaturated. > Note that John clearly unsubscribed me because he didn't like the contents > of my messages. Later Timmy May claimed that it had something to do with the > size of my submissions (another lie). And yet, you post to cypherpunks at toad.com, and you read messages from cypherpunks at toad.com. QED: You're still here. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From sunder at brainlink.com Tue Dec 24 08:48:31 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Tue, 24 Dec 1996 08:48:31 -0800 (PST) Subject: Ebonics In-Reply-To: <32BF2E0C.303D@gte.net> Message-ID: On Mon, 23 Dec 1996, Dale Thorn wrote: > Dr. Vulis has in fact been forcibly unsubscribed. He's on my "who > cypherpunks" list as of 12 Oct 1996, but does not appear as of > 04 Nov, 30 Nov, and 18 Dec, when I last asked for a list. As far as majordomo is concerned, - yes. However, there are those who subscribe invisible and therefore wouldn't show up when you say "who cypherpunks" to majordomo at toad.com. > The fact that he still reads the list and does posts only adds to the > arguments against censorship, specifically John Gilmore's censorship. > (This has got to be embarrassing for Gilmore, hee hee. I'll bet he > practices keeping a straight face in front of a mirror, in case anyone > brings it up in person.) I will not argue on John's reaction since I do not know him, nor have I met him, however, the fact that Vulis posts and reads cypherpunks means he's still here. > If, as has been said, assassination is the ultimate form of censorship, > then Dr. Vulis has been shot, stoned, beat on, and cement-booted, but > he still lives and is a thorn (no pun intended) in the side of would- > be censors on the Internet. If he had been ultimatly censored, shot, stoned, beat on, and cement-booted, he certainly wouldn't be able to post. He's still here. So the above is bullshit. It's not a question that he found a way to read from and post to the cypherpunks list. He hasn't been prevented from doing so, therefore his unsubscription hasn't been enforced, so he's still here. If before he was unsubscribed he was able to post messages and read messages, and now that he's unsubscribed he's able to post messages and read messages, what's the difference to the rest of us on the list? As far as we can see, he's still subscribed. Never mind that he gets his messages from usenet or elsewhere, he's still here. There is NO difference to the rest of cypherpunks. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From adam at homeport.org Tue Dec 24 08:50:02 1996 From: adam at homeport.org (Adam Shostack) Date: Tue, 24 Dec 1996 08:50:02 -0800 (PST) Subject: MCIP? Message-ID: <199612241646.LAA15417@homeport.org> I have on an old account being closed, most of the traffic from the Mac Crypto Interface Project mailing list. Does anyone want them? -- "It is seldom that liberty of any kind is lost all at once." -Hume From markm at voicenet.com Tue Dec 24 08:51:48 1996 From: markm at voicenet.com (Mark M.) Date: Tue, 24 Dec 1996 08:51:48 -0800 (PST) Subject: Encryption Algorithms In-Reply-To: <19961224073216350.AAA253@monalisa> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 24 Dec 1996, Adam Breaux wrote: > Is there a good source on the net for implemented C/C++ routines such > as a DES algorithm? I am a programmer in need of some fairly secure > encryption routine. Any help would be greatly appreciated. SSLeay is a very complete encryption library. It's at ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL. There are several other packages available on the usual crypto sites. Mark - -- finger -l for PGP key PGP encrypted mail prefered. 0xf9b22ba5 now revoked -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMsAKHSzIPc7jvyFpAQEGVAf/Sv0SnXPevi8xCB6mf6UH1QP+hDaz3lSi 00SUZo3xnvrcD8uREsATSWQ/8Prn4LPtRaCZfPBjd3Cc7t7woyvsXnsdj9kjA2G9 qtmv1vBAmRfdzZrc5dzyqIqkMmE/bA8g3TYC7wypoJvWpikHuO2wTSOTcQjIdnu+ DXTIUXAYlZIvtqY+FA/vU9hYxQ6h3BJiGySdN2j7x8BF3A0StCZGiNZzh4UidcpS 8uuO9u/gvs5yNZT0/naRU6TCAitA1VzSiNNJCrniXCeM+54sANdXy36lfxNLm9E9 CVnNfHCgHWHdFFX7HzHz+Rm/nBFMQvfgjQr6PPwlY8pJE0oPSeYUwQ== =wgeQ -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Tue Dec 24 08:52:10 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 24 Dec 1996 08:52:10 -0800 (PST) Subject: Ebonics In-Reply-To: <199612241405.JAA16350@jafar.issl.atl.hp.com> Message-ID: <799FZD60w165w@bwalk.dm.com> Jeff Barber writes: > Matthew J. Miszewski writes: > > > At 08:55 AM 12/23/96 -0500, Jeff Barber wrote: > > >I've never seen Tim "advocate the unemployment" of anyone or any group. > > > > Funny, did he stutter when he said he regularly *practiced* such > > discrimination at Intel? > > Matt, buy a dictionary. "Practicing discrimination" is not the same > as "advocating unemployment". > > I guess when I decline to hire you as my lawyer, I'll be "advocating your > unemployment?" Suppose you want to hire a C coder and practice discrimination against the candidates who don't know any C. Do you advocate their unemployment? Do you even care, as long as you don't have to pay their salary? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dthorn at gte.net Tue Dec 24 08:58:24 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 24 Dec 1996 08:58:24 -0800 (PST) Subject: Unsubscribing Dr. Vulius In-Reply-To: Message-ID: <32C00B59.7FD1@gte.net> Carl Johnson wrote: > > ]To: cypherpunks at toad.com, gnu at toad.com > > ]Subject: Dr. Vulis is not on cypherpunks any more > > ]From: John Gilmore > > ]As stated by Dr. Vulis, he is no longer on the cypherpunks mailing > > ]list, and indeed majordomo at toad.com HAS been instructed to ignore his > > ]requests to resubscribe. > > ]The cypherpunks list is for discussions centered around cryptography. > I agree totally. My friends in Berkeley agree that cryptography > discussions should stick to more relevant topics, like Ebonics.[snip] > Our topic of discussion tomorrow will be, "Censorship / The 'Final > Solution' to Dr. DV K, Or Just 'Attack Cryptography'?" > I am sure that your actions in regard to Dr. Vulius will be a strong > message to other CypherPunks that they had better toe-the-line, or else.[snip] Be careful, Carl. The last guy ("George the Greek") on the list who dared show this much audacity/humor has disappeared. I hope he's safe wherever he is, but then again, I wouldn't hold my breath. After all, this is a crypto list, and there are all those NSA spooks watching everything we do.... From nobody at huge.cajones.com Tue Dec 24 09:13:23 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Tue, 24 Dec 1996 09:13:23 -0800 (PST) Subject: Zero-knowledge interactive proofs Message-ID: <199612241713.JAA29543@mailmasher.com> Does anyone else wonder how the good Dr. comes by such intimate knowledge of Tim May's physical characteristics and personal behaviour? I have some ideas, but I am too tasteful to share them. From dthorn at gte.net Tue Dec 24 09:15:17 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 24 Dec 1996 09:15:17 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: <199612241223.HAA14556@homeport.org> Message-ID: <32C00F42.6A95@gte.net> Adam Shostack wrote: > jonathon wrote: > | On Mon, 23 Dec 1996, Steve Schear wrote: > | > If you want hassle-free shopping use legal tender (except for rentals> > | Not always true. Go shopping with a wad of $100.00 bills. > | Most stores don't accept them, regardless of the amount of purchase, > | without additional ID. > Did they require statist ID? (Speaking of which, is a state university > student ID considered 'government issued?' How about a faculty or staff ID card?) > "Never had a problem paying with hundreds either. Maybe its my 'You > will need to get your manager' attitude." It's been my experience in the L.A. area as well as elsewhere in the U.S. that stores will take hundreds if the purchase is a significant fraction of a $100 bill, or more than $100. I've also found that restaurants, for example, will nearly always take a $100 if the check is over $20, and some will take it when the check is less than $20. Common sense is the key, i.e., if the tab is $101, and you give them two $100 bills, expecting $99 change, expect some static. In spite of the brainwashed multitudes' attitudes about carrying cash, and standing like beggars in an ATM line where muggers are prowling nearby, the L.A. authorities actually urge(!) people to carry a few hundred dollars at least in case of earthquake or other emergency. Recently when I was in my bank drawing out some cash and getting change (in a way that I suppose customers don't normally do), the teller made a snide remark about my habits, so I raised my voice and said "Remember the adage 'possession is 9/10 of the law?', well, when you possess my money it's really your money, and I don't like that. I'm withdrawing my money, OK?" That was the one and only time they made any remarks. From toto at sk.sympatico.ca Tue Dec 24 09:20:27 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Tue, 24 Dec 1996 09:20:27 -0800 (PST) Subject: [Fwd: usenet censorship] Message-ID: <32C0262C.1BDE@sk.sympatico.ca> Subject: usenet censorship From: Hootman Date: Tue, 24 Dec 1996 10:16:54 -0500 Newsgroups: news.newusers.questions Organization: LiveNet, Inc. Reply-To: lewis at cyberstreet.com Does anyone know of a server that allows uncensored news groups, mine censors all alt. groups. From dlv at bwalk.dm.com Tue Dec 24 09:22:14 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 24 Dec 1996 09:22:14 -0800 (PST) Subject: Both John Gilmore and Ray Arachelian are liars In-Reply-To: Message-ID: Ray Arachelian writes: > Right, I agree that you have been removed from majordomo's list of > "subscribers" however you haven't been removed in as much as you can > still read the list and in as much as you can post messages. Is that what you had in mind when you repeatedly asked John Gilmore to remove me from his mailing list, Ray? You made both of you look like real assholes. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Dec 24 09:24:03 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 24 Dec 1996 09:24:03 -0800 (PST) Subject: The LIST In-Reply-To: <32BFD210.146C@sk.sympatico.ca> Message-ID: Carl Johnson writes: > Ross Wright wrote: > > > > Yes, Dr., this latest tripe that has spewed forth from Tim's keyboard > > reeks of bigotry. And all this time I felt you may have been too > > hard on him. This latest rant of his has made me reconsider your > > rough treatment of Mr. May. I kinda think he deserves a slapping > > right now. > > Supporting Dr. DV K, are we? Uh-oh - Ross, good buddy, we've been outed. > OK, pal, now your on the LIST, too. Do you mean Timmy May's "don't hire" list? ]Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id PAA22273 for cypherpunks-outgoing; Thu, 7 Nov 1996 15:56:53 -0800 (PST) ]Received: from you.got.net (root at scir-gotnet.znet.net [207.167.86.126]) by toad.com (8.7.5/8.7.3) with ESMTP id PAA22268 for ; Thu, 7 Nov 1996 15:56:27 -0800 (PST) ]Received: from [207.167.93.63] (tcmay.got.net [207.167.93.63]) by you.got.net (8.7.5/8.7.3) with ESMTP id PAA09096 for ; Thu, 7 Nov 1996 15:49:39 -0800 ]X-Sender: tcmay at mail.got.net ]Message-Id: ]In-Reply-To: <2.2.32.19961107221247.0069347c at smtp1.abraxis.com> ]Mime-Version: 1.0 ]Content-Type: text/plain; charset="us-ascii" ]Date: Thu, 7 Nov 1996 16:00:23 -0800 ]To: cypherpunks at toad.com ]From: "Timothy C. May" ]Subject: Vulis now on the "Don't Hire" list ]Sender: owner-cypherpunks at toad.com ]Precedence: bulk ] ]At 5:12 PM -0500 11/7/96, Alec wrote: ] ]>:This opens up the potential, for example, for Tim May to sue the operator of ]>:the Cypherpunks mailing list now for posts from users (even anonymous ones) ]>:which defame or otherwise liable his character, reputation, or ability to ]>:pursue income in his chosen field. ]> ]>PLEASE, let's not drag poor Tim into this. Hasn't he suffered enough?! ]>This does not follow even from the tortured logic above. ] ]And, indeed, it is not likely to be who suffers in the job market as a ]result of Dr. Vulis' rants and raves and generally insane postings; my ]situation is secure, but I understand that Vulis has joined L. Dettweiler ]on the "List of Unemployables" passed around Silicon Valley. ] ]I strongly doubt many computer companies in the Silicon Valley will be ]willing to hire him or his consulting service as his antics have received ]publicity. ] ]He may have his "NetScum" list and Web page, but it's his name on the list ]of folks not to hire. ] ]--Tim May ] ]"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM ]that the National Security Agency would try to twist their technology." ][NYT, 1996-10-02] ]We got computers, we're tapping phone lines, I know that that ain't allowed. ]---------:---------:---------:---------:---------:---------:---------:---- ]Timothy C. May | Crypto Anarchy: encryption, digital money, ]tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero ]W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, ]Higher Power: 2^1,257,787-1 | black markets, collapse of governments. ]"National borders aren't even speed bumps on the information superhighway." ] ] ] ] I wonder if companies other than John Gilmore's "Cygnus Support" honors Timmy May's list of unemployables. Of course, the way to get hired by Cygnus is to give a blow job to John Gilmore while wearing a red ribbon on your scrotum. By the way, the Net.Scum site that Timmy whines about is currently up at: http://www.fileita.it/webitalia/netscum http://www.lrcser.it/netscum Check it out - several prominent "cypher punks" are described. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Dec 24 09:31:04 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 24 Dec 1996 09:31:04 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: Ray Arachelian writes: > If before he was unsubscribed he was able to post messages and read > messages, and now that he's unsubscribed he's able to post messages and > read messages, what's the difference to the rest of us on the list? As > far as we can see, he's still subscribed. Never mind that he gets his > messages from usenet or elsewhere, he's still here. There is NO > difference to the rest of cypherpunks. Your English isn't so good, Ray... I am not a "cypher punk", so you shouldn't speak of "the rest of" "cypher punks". If John's punitive action in response to my speech makes no difference to you, then why did you ask him to do it, and why did you commend him afterwards? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dthorn at gte.net Tue Dec 24 09:33:15 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 24 Dec 1996 09:33:15 -0800 (PST) Subject: Lack of security of police Mobile Data Terminals (MDTs) In-Reply-To: <9612240450.AA24404@pig.die.com> Message-ID: <32C01377.11CF@gte.net> Dave Emery wrote: > Some months ago I posted an article to cypherpunks commenting > on how easy it is to intercept the supposedly secret traffic on > the Motorola mobile data terminals used by many police forces to access > criminal history and other sensitive information. This data is > not seriously encrypted (or encrypted at all in most systems) and > illustrates the kind of security by obscurity that some people would > like to see continue as the only protection for such information as > it is broadcast to the world on open radio channels. You've raised a point that is similar to the issues raised in FOIA requests. Is the reason I can't get certain documents because the govt. is hiding something, or is it because they have to protect "sources and methods"? Now I understand the dispute on "methods", but sources are often real people, whose identity may have to be protected. My question then, if police go 100% to secure transmissions, is that a good thing for the public? To be totally locked out of the ability to monitor the police? Of course, since I have an AOR AR-8000, with even the forbidden cellular aliased out to the 1400 mhz area, I can intercept anything and decode it (some problems with frequency-hopping on cellular and some trunked frequencies), if there are no unusual security methods used. >From my experience so far, most of the public needs to worry about: 1. Doing business on cellular and other portable phones, where pirates are busy snooping. 2. Using a "security" company to watch your house when you're gone, since they generally talk openly on common scanner frequencies. From real at freenet.edmonton.ab.ca Tue Dec 24 09:36:59 1996 From: real at freenet.edmonton.ab.ca (Graham-John Bullers) Date: Tue, 24 Dec 1996 09:36:59 -0800 (PST) Subject: Zero-knowledge interactive proofs In-Reply-To: <199612240717.XAA30847@mailmasher.com> Message-ID: http://www.freenet.edmonton.ab.ca/~real/index.html : real at freenet.edmonton.ab.ca Graham-John Bullers email : ab756 at freenet.toronto.on.ca On Mon, 23 Dec 1996, Huge Cajones Remailer wrote: > Timmy C. Mayo prefers to have sex with little > kids because his own penis is like that of a > three-year-old. > > \ > o/\_ Timmy C. Mayo > <\__,\ > '\, | > From security at kinch.ark.com Tue Dec 24 09:45:45 1996 From: security at kinch.ark.com (Dave Kinchlea) Date: Tue, 24 Dec 1996 09:45:45 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: <01BBF17A.1E08ADD0@bcdev.com> Message-ID: I think this is yet another difference between Canada and the USofA, I too have used $100 bills to pay for things quite often. The only time there has been a problem is when the amount of the purchase is less than $20.00 (and then its only because few stores keep that much change around). Isn't the problem a result of the War On Drugs? cheers, kinch From markm at voicenet.com Tue Dec 24 09:55:36 1996 From: markm at voicenet.com (Mark M.) Date: Tue, 24 Dec 1996 09:55:36 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 24 Dec 1996, Ray Arachelian wrote: > > If, as has been said, assassination is the ultimate form of censorship, > > then Dr. Vulis has been shot, stoned, beat on, and cement-booted, but > > he still lives and is a thorn (no pun intended) in the side of would- > > be censors on the Internet. > > If he had been ultimatly censored, shot, stoned, beat on, and > cement-booted, he certainly wouldn't be able to post. He's still here. > So the above is bullshit. It's extremely trivial to prevent someone from posting to a mailing list. The fact that John Gilmore has not done this probably means that he doesn't want to rather than an inability to do the above. > It's not a question that he found a way to read from and post to the > cypherpunks list. He hasn't been prevented from doing so, therefore his > unsubscription hasn't been enforced, so he's still here. Anyone can read cypherpunks and there's not much anyone can do to prevent someone from receiving list traffic. However, this doesn't really matter. An ISP that pulls the plug on a spammer doesn't try to prevent that person from reading or posting to that newsgroup. That person won't be able to do it using the ISP's resources. Mark - -- finger -l for PGP key PGP encrypted mail prefered. 0xf9b22ba5 now revoked -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMsAZzCzIPc7jvyFpAQGZcggAgDP3Tz9tmMEe0zuvFzTLKiQZ8nlYPxby 8HlqoUSbgNpy31b8JvLvT7Ir8C3xn7WL4/E1S3AnV1s/TMojM+KCxT/iwC8ZDeh1 7Cyx3BVdp/fUSQxQs6fRnS/bLAlkbntbnJzMQEEBmVmX5nn8ACB9RY3u04Fd8els JoWXpNPdIUPYo61MHXQbSiHws/6O3yRDlJsQr8rokINjslazBbA+1DPTJfgPu4si ffXDtUEjEHC+MyHzvA0ablhLc9TL5R5Vc5DL6dhQNfRP8ow9EggUcG0EuHupefcC Q09FIWKYwv0P1oPwIGUGY3lJEPQadw45lrXjs7/KnGKfhvGR/eNjRg== =4KOs -----END PGP SIGNATURE----- From rwright at adnetsol.com Tue Dec 24 10:21:41 1996 From: rwright at adnetsol.com (Ross Wright) Date: Tue, 24 Dec 1996 10:21:41 -0800 (PST) Subject: The LIST Message-ID: <199612241821.KAA04522@adnetsol.adnetsol.com> On or About 24 Dec 96 at 11:52, Dr.Dimitri Vulis KOTM wrote: > Carl Johnson writes: > > > Ross Wright wrote: > > > > > > Yes, Dr., this latest tripe that has spewed forth from Tim's > > > keyboard reeks of bigotry. And all this time I felt you may > > > have been too hard on him. This latest rant of his has made me > > > reconsider your rough treatment of Mr. May. I kinda think he > > > deserves a slapping right now. > > > > Supporting Dr. DV K, are we? On or About 24 Dec 96 at 11:52, Dr.Dimitri Vulis KOTM wrote: > > Uh-oh - Ross, good buddy, we've been outed. Yes, my tolerance of humanity has been brought to the forefront! I can only hope it only goes as far as the "punks" on this list. It would not look good for a salesman like myself to be known as a tolerant person. > > > OK, pal, now your on the LIST, too. > > Do you mean Timmy May's "don't hire" list? Oh, I think this is a much bigger "LIST". I think the men with sunglasses and shiny black shoes are gonna show up soon... Just cause I am paranoid doesn't mean that they aren't out to get me. Ross =-=-=-=-=-=- Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From ericm at lne.com Tue Dec 24 10:49:43 1996 From: ericm at lne.com (Eric Murray) Date: Tue, 24 Dec 1996 10:49:43 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: <199612241847.KAA24854@slack.lne.com> Mark M. writes: > >It's extremely trivial to prevent someone from posting to a mailing list. The >fact that John Gilmore has not done this probably means that he doesn't want to > rather than an inability to do the above. Short of 1) moderating the list or 2) restricting new subscriptions to the list, it's almost impossible to prevent someone from posting to a mailing list. As soon as you "block" posts from one address, the determined poster can sign up from another address. All it takes is paying money to a few ISPs, or changing his AOL userid. The determined poster could even grab a subscriber list from the lists's mailserver, and send his message to each member individually. -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From dlv at bwalk.dm.com Tue Dec 24 10:50:43 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 24 Dec 1996 10:50:43 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: Message-ID: <94egZD72w165w@bwalk.dm.com> Mike Topalovich writes: > It's not necessarily because you are paying with $100 bills. The IRS > requires banks and other businesses to report all cash transactions > exceeding $10,000 by means of a Currency Transaction Report (CTR). This > is a way for the IRS to track money laundering. There happens to be two > lines on the form asking for the number of $50 and $100 bills, but those > lines are optional. They're supposed to report "suspicious" cash transactions under 10K too. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Dec 24 10:50:46 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 24 Dec 1996 10:50:46 -0800 (PST) Subject: The LIST In-Reply-To: <199612241821.KAA04522@adnetsol.adnetsol.com> Message-ID: <9qegZD71w165w@bwalk.dm.com> "Ross Wright" writes: > On or About 24 Dec 96 at 11:52, Dr.Dimitri Vulis KOTM wrote: > > > Carl Johnson writes: > > > > > Ross Wright wrote: > > > > > > > > Yes, Dr., this latest tripe that has spewed forth from Tim's > > > > keyboard reeks of bigotry. And all this time I felt you may > > > > have been too hard on him. This latest rant of his has made me > > > > reconsider your rough treatment of Mr. May. I kinda think he > > > > deserves a slapping right now. > > > > > > Supporting Dr. DV K, are we? > > On or About 24 Dec 96 at 11:52, Dr.Dimitri Vulis KOTM wrote: > > > > > Uh-oh - Ross, good buddy, we've been outed. > > Yes, my tolerance of humanity has been brought to the forefront! I > can only hope it only goes as far as the "punks" on this list. It > would not look good for a salesman like myself to be known as a > tolerant person. Ross, let's write a good Usenet spambot. The ones out there suck because they go through newsgroups alphabetically and post the same crap all at once. Then they get detected and cancelled by assholes like Chris Lewis. A good spambot would cover all unmoderated newsgroups, look for traffic, pretend to follow up on postings from actual people, say something on-topic, and post your message, but vary it randomly, so it's almost never the same. I think we can make a pretty good program. "Cypher punks" don't write code, but we do. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From blake at bcdev.com Tue Dec 24 11:32:37 1996 From: blake at bcdev.com (Blake Coverett) Date: Tue, 24 Dec 1996 11:32:37 -0800 (PST) Subject: Legality of requiring credit cards? Message-ID: <01BBF1A7.45E1F7D0@bcdev.com> > > I bought a new PC a few months ago with just shy of $7K worth of > > $100 bills. No one even blinked. > > > > regards, > > -Blake (cash is good) > > > Remember that if you go over 10K, the recipient is supposed to file a > form 8300 with the IRS .... I was vaguely aware of this regulation (it's been discussed here in the past) but actually I'm from north of the border. Does anyone know if there is are similar regulations in Canada? regards, -Blake From blake at bcdev.com Tue Dec 24 11:49:50 1996 From: blake at bcdev.com (Blake Coverett) Date: Tue, 24 Dec 1996 11:49:50 -0800 (PST) Subject: Democracy, yeah right. Message-ID: <01BBF1A9.AF9D0190@bcdev.com> The War on Some Drugs stikes again Challenging it it court would be too much work and not likely to succeed so why not just throw some doctors in jail and scare the rest off. >From AP via MSNBC: � � NEW YORK - The federal government has acknowledged plans to prosecute doctors who prescribe marijuana and other illegal drugs to seriously ill people under new laws approved by voters in California and Arizona, The New York Times reported Monday. � � � � Authorities plan to prosecute some doctors who help supply such drugs to patients and strip their prescription licenses, officials told the paper. Voters in Arizona and California last month approved measures that relax restrictions on the medical use of some illegal drugs. � � � � The plan to move against doctors follows the Justice Department's decision not to challenge the new state laws in court. Federal officials also plan to launch a public-relations campaign to remind Americans of the dangers of illegal drugs. So remind me again, what exactly is the moral difference between Prozac and THC? regards, -Blake From dthorn at gte.net Tue Dec 24 11:54:36 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 24 Dec 1996 11:54:36 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: <32C033F3.4849@gte.net> Ray Arachelian wrote: > On Mon, 23 Dec 1996, Dale Thorn wrote: > > Dr. Vulis has in fact been forcibly unsubscribed. He's on my "who > > cypherpunks" list as of 12 Oct 1996, but does not appear as of > > 04 Nov, 30 Nov, and 18 Dec, when I last asked for a list. > As far as majordomo is concerned, - yes. However, there are those who > subscribe invisible and therefore wouldn't show up when you say "who > cypherpunks" to majordomo at toad.com. I subscribed to this list at the recommendation of someone else, and at the time it was my first experience on the "new" Internet, i.e., browsers and such (three years ago when I got on and off it was numeric menus only as far as I know). It's interesting to me how many ways there are to do things, and how many ways there are to get around them. For example, there must have been more than one way Gilmore could have dealt with Dimitri (he chose the worst), and there must have been several ways Dimitri could get around the ban (he chose a very easy methodology, apparently, which sure makes me wonder what Gilmore was trying to do). > It's not a question that he found a way to read from and post to the > cypherpunks list. He hasn't been prevented from doing so, therefore his > unsubscription hasn't been enforced, so he's still here. Hasn't been enforced? Are you saying that Gilmore is trying to tell us: "Hi, I'm John Gilmore. I'm cutting Dr. Vulis off the list, but actually, I'm not cutting him off. Hee hee." (April Fools, or something like that). I can handle the humor, if that's what you're getting at. > If before he was unsubscribed he was able to post messages and read > messages, and now that he's unsubscribed he's able to post messages and > read messages, what's the difference to the rest of us on the list? As > far as we can see, he's still subscribed. Never mind that he gets his > messages from usenet or elsewhere, he's still here. There is NO > difference to the rest of cypherpunks. Well, if there was *no* difference, why was there so much traffic on it? I dare say that that thread was the biggest (and most divisive) of all time. From frantz at netcom.com Tue Dec 24 12:00:25 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 24 Dec 1996 12:00:25 -0800 (PST) Subject: domestic laws/policies In-Reply-To: Message-ID: At 7:49 PM -0800 12/23/96, bobbi wrote: >If I wanted to develop software that employs cryptography, or a >new cryptographic algorithm, strictly for domestic use and sale, does this >algorithm have to be registered with any domestic agency? If your algorithm is only for domestic use, then there are no restrictions and no need to register. However, if even a single copy is illegally exported, and even if there is no evidence that you helped in its export, then you may experience a situation similar to Phill Zimmerman's where the government persecuted him until the statue of limitations ran out. However judge Patell's decision, if it is applied to you, may make the export of an academic or even source code description of your algorithm legal. YMMV. IMHO, the bottom line is that if you publish in this area you are stepping onto a battle ground. If you don't want any risk of getting shot at, the only safe place is not publishing/selling. If you do publish or sell, and take reasonable precautions to stay within the law, you are fairly safe, but government harassment can not be ruled out. ------------------------------------------------------------------------- Bill Frantz | Client in California, POP3 | Periwinkle -- Consulting (408)356-8506 | in Pittsburgh, Packets in | 16345 Englewood Ave. frantz at netcom.com | Pakistan. - me | Los Gatos, CA 95032, USA From dthorn at gte.net Tue Dec 24 12:04:21 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 24 Dec 1996 12:04:21 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: Message-ID: <32C036F3.24D6@gte.net> Brian Davis wrote: > On Tue, 24 Dec 1996, Blake Coverett wrote: > > jonathon wrote: > > > Go shopping with a wad of $100.00 bills. Most stores don't > > > accept them, regardless of the amount of purchase, without > > > additional ID. > > I bought a new PC a few months ago with just shy of $7K worth of > > $100 bills. No one even blinked. > Remember that if you go over 10K, the recipient is supposed to file a > form 8300 with the IRS .... Make sure that, unless you don't mind the FBI putting an extra monitor on you, you don't *ever* transact $10k or more at one time, or on one purchase in smaller increments over a relatively short period of time. I know this because one of our customers in Encino was tagged this way in 1983. What was really hilarious was that they brought the equipment in for us to have a look at, since we were experts on HP proprietary gear and they weren't. (Or we were a lot cheaper than HP corp.) From frantz at netcom.com Tue Dec 24 12:05:22 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 24 Dec 1996 12:05:22 -0800 (PST) Subject: [PGP-USERS] Password Keystroke Snarfer Programs (passphrase protection) In-Reply-To: Message-ID: At 6:45 PM -0800 12/23/96, Norman Hardy wrote: >... Second >they must not be encumbered with piles of tools written by people with >no sense of security. Such tools are often installed with more authority >than they should require. There is a Unix system call that displays the >most recent command that any user has typed. This call is used by the >ps command to describe the origin of a task. > >Perhaps NT is new enough that it hasn't gathered all of these holes. >I don't use NT so I wouldn't know. NT 4.0 has a similar tool. ------------------------------------------------------------------------- Bill Frantz | Client in California, POP3 | Periwinkle -- Consulting (408)356-8506 | in Pittsburgh, Packets in | 16345 Englewood Ave. frantz at netcom.com | Pakistan. - me | Los Gatos, CA 95032, USA From mixmaster at remail.obscura.com Tue Dec 24 12:06:39 1996 From: mixmaster at remail.obscura.com (Mixmaster) Date: Tue, 24 Dec 1996 12:06:39 -0800 (PST) Subject: Hash functions Message-ID: <199612241927.LAA12625@sirius.infonex.com> Tim C. May uses an Adolf Hitler action figure as a dildo. \|/ (*,*) Tim C. May _m_-_m_ From jfricker at vertexgroup.com Tue Dec 24 12:11:08 1996 From: jfricker at vertexgroup.com (John Fricker) Date: Tue, 24 Dec 1996 12:11:08 -0800 (PST) Subject: Encryption Algorithms Message-ID: <19961224201047358.AAA219@dev.vertexgroup.com> I've got some comments on this and pointers at http://www.program.com/resources/crypto.html and /source/crypto/index.html (If any cypherpunks still give a shit about crypto I would appreciate any pointers to additional crypto resources on the net.) >Adam Breaux (admin at veracruz.net) said >Is there a good source on the net for implemented C/C++ routines such >as a DES algorithm? I am a programmer in need of some fairly secure >encryption routine. Any help would be greatly appreciated. > >Thanks >AdamX >--- >Adam Breaux >admin at veracruz.net >http://www.veracruz.net {Corporate Page } >http://www.abyss.com {Extracurricular} >http://www.iso-america.com {In Search Of...} > >"Violence is a cruel world doing what it >does best...break the habit...BE NICE" --- me. >End of quote --j -------------------------------------------------------------------- | John Fricker (jfricker at vertexgroup.com) | -random notes- | My PGP public key is available by sending | me email with subject "send pgp key". | www.Program.com is a good programmer web site. -------------------------------------------------------------------- From roy at sendai.scytale.com Tue Dec 24 12:12:09 1996 From: roy at sendai.scytale.com (Roy M. Silvernail) Date: Tue, 24 Dec 1996 12:12:09 -0800 (PST) Subject: [NOT NOISE] Microsoft Crypto Service Provider API In-Reply-To: <01BBF127.ACD7C120@bcdev.com> Message-ID: <961224.113652.8U1.rnr.w165w@sendai.scytale.com> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, blake at bcdev.com writes of the MS CSPAPI and signatures: > More interesting would be the OS patch that allows an unsigned > (or signed by someone other than MS) CSP to be loaded... Agreed. > Hmm, logically the patch must be built in and only need to be > switched on as it would be too annoying to debug a CSP if you > needed to get it signed every time you built a new version. Not quite. The API comes with a program SIGN.EXE that will create a "debugging signature" for your CSP, and a new ADVAPI32.DLL, described as a "Modified advapi32.dll to load providers that are signed with sign.exe." So the patch point is a bit more accessable than inside the kernel. Maybe the "Modified advapi32.dll" should find its way offshore? > Microsoft's Authenticode system had such a patch at one time > for just that purpose, and all it required was a registry setting. Interestingly enough, CSP signatures are held in the registry instead of the binary, necessitating some install procedure for a given CSP. Not to start rumors, but NT 4.0 does use threads to watch some registry entries that control the version (workstation/server). Not much of a stretch to imagine a thread that tracks (reports?) changes to HKEY_LOCAL_MACHINE SOFTWARE Microsoft Cryptography Defaults Provider ... - -- Roy M. Silvernail [ ] roy at scytale.com DNRC Minister Plenipotentiary of All Things Confusing, Software Division PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMsAbhhvikii9febJAQEQwAQAuasIE2nEXiLlukBTRWoOFgdJa4jZh/MF Ql0OxvKXbpKzFodE+O56An7ulH/tkfmXUd9E6xVtO6Z/AcrqN284ZPJmcbsR5cYB KBhcHAc4JbFlUxpSu8iTM5B4seMwQrl9PmxN43q7GDq07NSbKZYkQ7ljwcTnULoQ 9I5gjyirmTc= =J0eC -----END PGP SIGNATURE----- From vznuri at netcom.com Tue Dec 24 12:19:36 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Tue, 24 Dec 1996 12:19:36 -0800 (PST) Subject: Untraceable Payments, Extortion, and Other Bad Things In-Reply-To: <199612240326.TAA29712@mail.pacifier.com> Message-ID: <199612242019.MAA18186@netcom18.netcom.com> >You obviously (deliberately?) are misrepresenting May's comment above. It >isn't that some kinds of evil are "no big deal": It's that quantiatively, >refusing to accept a solution that would prevent, say, 100 deaths, simply >because it would cause _one_ DIFFERENT death is foolish and misguided. > >If you feel inclined to deny this, consider the reverse situation: Would >you approve of the saving of one life if it cost 100 lives? (all things >being equal.) While most people would feel uncomfortable being asked to >make decisions of this kind, that does not mean that one outcome is not >identifiably better than another. *I* am misrepresenting Timmy's statement? please explain to me how anonymous extortion and kidnapping/ransom (what Timmy was talking about) saves lives along the lines of the above reasoning... From vznuri at netcom.com Tue Dec 24 12:26:18 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Tue, 24 Dec 1996 12:26:18 -0800 (PST) Subject: clipper plans 4 sale (was Re: Earl Edwin Pitts, $224,000) In-Reply-To: <199612170946.JAA00429@server.test.net> Message-ID: <199612242026.MAA18998@netcom18.netcom.com> > >In Ross Anderson's paper `Tamper Resistance - a Cautionary Note' (see >http://www.cl.cam.ac.uk/~rja14/), there is a reference to the clipper >chip having already been reverse engineered: > >Anderson writes: "We are reliably informed that at least one >U.S. chipmaker reverse engineered the Clipper chip shortly after its >launch." that's really big news. what does this company plan to do with it? note that reverse engineering would give the following benefits: 1. knowledge of the skipjack algorithm. supposedly the NSA based a lot of security on it being secret-- they consider it so powerful that no one should be able to use it for their own purposes. however I wonder how much security they tried to invest in this scheme. the #1 rule of crypto, of course, is to always assume your adversary can get your algorithm. 2. given knowledge of the algorithm, people could use it for their own purposes, or to make compatible clipper chips that don't use key escrow. of course, it would be interesting to see the govt response to this reverse engineering. new laws? fines? imprisonment? frankly, it would be fun to see them squirm like this. CYPHERPUNKS-- this would be another big front page NYT article and *severe* blow to the spook establishment if someone PUBLISHED this algorithm in cyberspace.... just noting the obvious and not encouraging anything ILLEGAL here, heh heh, From bdavis at thepoint.net Tue Dec 24 12:29:42 1996 From: bdavis at thepoint.net (Brian Davis) Date: Tue, 24 Dec 1996 12:29:42 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: <32C036F3.24D6@gte.net> Message-ID: On Tue, 24 Dec 1996, Dale Thorn wrote: > Brian Davis wrote: > > On Tue, 24 Dec 1996, Blake Coverett wrote: > > > jonathon wrote: > > > > Go shopping with a wad of $100.00 bills. Most stores don't > > > > accept them, regardless of the amount of purchase, without > > > > additional ID. > > > > I bought a new PC a few months ago with just shy of $7K worth of > > > $100 bills. No one even blinked. > > > Remember that if you go over 10K, the recipient is supposed to file a > > form 8300 with the IRS .... > > Make sure that, unless you don't mind the FBI putting an extra monitor > on you, you don't *ever* transact $10k or more at one time, or on one > purchase in smaller increments over a relatively short period of time. Be especially carefully of structuring a $10,000+ transaction into smaller transactions in an attempt to circumvent the reporting requirements. Doing so ("structuring a transaction") is a felony. I was involved in reviewing a matter for possible prosecution in my former life. Guy wins big football pool (season long) -- total of $27,000. He calls an *leaves a message* that he wants 3 $9,000 checks. He gets them, goes to branch 1 of bank x and cashes one. Then to branch 2 and cashes another. Then back to branch 1 for the third. The bank, as required, filed a Report of Suspcious Transaction. Fortunately for him, the IRS-CID agents jumped the gun and alerted him to the investigation (by interviewing him) before he filed his taxes for that year. He then knew enough to report the income and pay the taxes. We settled the matter by having the money forfeited and having a civil monetary penalty assessment against him under the Bank Secrecy Act (the first such penalty against an individual ever). He got credit on the civil assessment for the money forfeited, so all he lost was his $27,000 in winnings. Had he been better at it, he never would've been caught, IMNSHO. EBD > I know this because one of our customers in Encino was tagged this way > in 1983. What was really hilarious was that they brought the equipment > in for us to have a look at, since we were experts on HP proprietary > gear and they weren't. (Or we were a lot cheaper than HP corp.) > > From dlv at bwalk.dm.com Tue Dec 24 12:30:26 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 24 Dec 1996 12:30:26 -0800 (PST) Subject: MCIP? In-Reply-To: <199612241646.LAA15417@homeport.org> Message-ID: Adam Shostack writes: > I have on an old account being closed, most of the traffic from the > Mac Crypto Interface Project mailing list. > > Does anyone want them? If it's worth it, put them up for FTP somewhere. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Dec 24 12:32:14 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 24 Dec 1996 12:32:14 -0800 (PST) Subject: [Fwd: usenet censorship] In-Reply-To: <32C0262C.1BDE@sk.sympatico.ca> Message-ID: <5HJgZD76w165w@bwalk.dm.com> > Does anyone know of a server that allows uncensored news groups, mine > censors all alt. groups. Check out alt.net. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From vznuri at netcom.com Tue Dec 24 12:38:25 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Tue, 24 Dec 1996 12:38:25 -0800 (PST) Subject: Untraceable Payments, Extortion, and Other Bad Things In-Reply-To: <199612231530.JAA04229@bigeasy.bigeasy.com> Message-ID: <199612242038.MAA20079@netcom18.netcom.com> [timmy paraphrase] >I thought the message was a pretty clear statement of opinion. ie. >the deconstruction of democracy is a good thing and cryptoanarchy >will a enable a more just society. (Some would argue more brutal as >well, but I think that the level of brutatlity in society would >change little from it's current levels.) wow, what a ringing endorsement for cryptoanarchy, and quite Mayesque in its style. CRYPTOANARCHY!!! GO FOR IT!! IT PROBABLY WON'T BE ANY MORE BRUTAL THAN THE WORLD IS ALREADY!!! >So cut the crap and go ahead and argue for or against that thesis. the cryptoanarchy thesis IS crap. everyone with a few brain cells to rub together is capable of seeing through this machiavellian dystopian trash masquerading as a rational political philosophy. anyone heard of "memes"? cryptoanarchy is a virus of weak minds without any defense mechanisms. the cpunk list is the principal vector.. >(by the way. Conveniently enough Tim May has put his ideas on the >web in quite a bit of detail. Just put "cyphernomicon" in your >favorite web search engine) gosh, thanks for the tip, Omegaman, hadn't heard anything about that-- I'll be sure to check that out. I certainly wouldn't want to prejudge Mr. May's complex thesis, my profuse apologies if I misunderstood any of the parts about extortion, kidnapping, tax evasion, anonymous assassinations, etc. From frantz at netcom.com Tue Dec 24 12:48:56 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 24 Dec 1996 12:48:56 -0800 (PST) Subject: Democracy, yeah right. In-Reply-To: <01BBF1A9.AF9D0190@bcdev.com> Message-ID: At 11:49 AM -0800 12/24/96, Blake Coverett quoted: >>From AP via MSNBC: > > NEW YORK - The federal government has acknowledged > plans to prosecute doctors who prescribe marijuana and other > illegal drugs to seriously ill people under new laws approved by > voters in California and Arizona, The New York Times reported > Monday. It is truly amazing what public servants will do to protect their jobs. BTW - The largest single contributor, as of the last report required before the election, to the California No on Medical Marijuana Initiative campaign was the California Narcotics Officers Association. - San Jose Mercury News ------------------------------------------------------------------------- Bill Frantz | Client in California, POP3 | Periwinkle -- Consulting (408)356-8506 | in Pittsburgh, Packets in | 16345 Englewood Ave. frantz at netcom.com | Pakistan. - me | Los Gatos, CA 95032, USA From sunder at brainlink.com Tue Dec 24 12:58:46 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Tue, 24 Dec 1996 12:58:46 -0800 (PST) Subject: Ebonics In-Reply-To: Message-ID: On Tue, 24 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > Your English isn't so good, Ray... I am not a "cypher punk", so you > shouldn't speak of "the rest of" "cypher punks". Then why do you continue posting here? If you aren't a cypherpunk, go away. > If John's punitive action in response to my speech makes no difference to you, > then why did you ask him to do it, and why did you commend him afterwards? I'm only disappointed that you are still here, that's all. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From dthorn at gte.net Tue Dec 24 13:05:36 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 24 Dec 1996 13:05:36 -0800 (PST) Subject: Both John Gilmore and Ray Arachelian are liars In-Reply-To: Message-ID: <32C043C2.20E5@gte.net> Ray Arachelian wrote: > On Mon, 23 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > > Ray Arachelian writes: > > > On Mon, 23 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > > > > John Gilmore unsubscribed me from this mailing list (in a very rude manner) > > > > and I am not allowed to resubscribe. I am not subscribed to this mailing li > And yet, you post to cypherpunks at toad.com, and you read messages from > cypherpunks at toad.com. QED: You're still here. This must be what is called a nonsequitur. He can *always* be here, one way or another. That was never the point. From markm at voicenet.com Tue Dec 24 13:10:34 1996 From: markm at voicenet.com (Mark M.) Date: Tue, 24 Dec 1996 13:10:34 -0800 (PST) Subject: Democracy, yeah right. In-Reply-To: <01BBF1A9.AF9D0190@bcdev.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 24 Dec 1996, Blake Coverett wrote: > The War on Some Drugs stikes again > > Challenging it it court would be too much work and not > likely to succeed so why not just throw some doctors > in jail and scare the rest off. > > >From AP via MSNBC: > > � � NEW YORK - The federal government has acknowledged > plans to prosecute doctors who prescribe marijuana and other > illegal drugs to seriously ill people under new laws approved by > voters in California and Arizona, The New York Times reported > Monday. > � � � � Authorities plan to prosecute some doctors who help > supply such drugs to patients and strip their prescription > licenses, officials told the paper. Voters in Arizona and > California last month approved measures that relax restrictions > on the medical use of some illegal drugs. > � � � � The plan to move against doctors follows the Justice > Department's decision not to challenge the new state laws > in court. Federal officials also plan to launch a public-relations > campaign to remind Americans of the dangers of illegal drugs. > > So remind me again, what exactly is the moral difference > between Prozac and THC? Marijuana isn't the only drug that doctors are reluctant to prescribe for fear of losing their medical licenses. There is a list of legal drugs that most doctors would never prescribe. The DEA wasn't able to put a ban on those drugs, so they just send a bunch of armed thugs to harass any doctor who prescribes them. As for the difference between Prozac and THC, I really don't know. Marijuana is a Schedule I drug, meaning that it is dangerous and has no medical value. Methamphetamine is a Schedule II drug, meaning that it has medical value and can be prescribed. It doesn't make any sense to me either. As for the public-relations campaign, the government is just going to drag a bunch of old, flawed medical experiments that supposedly prove that marijauna is dangerous. Most of these experiments were conducted by Gabriel Nahas. Meanwhile, the experiment done at the University of Virginia that shows that marijuana has tumor-preventing properties will never be mentioned. The FDA immediately pulled the funding for this study when they discovered the results and has banned all further medical experiments involving marijuana. Nor will any mention be made of The LaGuardia Report. Crypto relevance is very minimal, other than the fact that pseudonymous signatures would solve the problem of doctors being persecuted. This does show how the government might go about banning crypto. Launch a "public relations campaign" and start seizing FTP servers that make crypto available a la Sundevil. Finding loopholes to harass people without having togo through due process is a very good tactic for undermining democracy. Mark - -- finger -l for PGP key PGP encrypted mail prefered. 0xf9b22ba5 now revoked -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMsBHRSzIPc7jvyFpAQEL6AgAyLH8nPo15oJji4SLgI0jDB/4bHcw23nz Hfy8tOCdP2eg7YPKdyVPMM/+Xo0UbBYZLPtTcw8vKs0RNNNKEotGi82MrR9SeSyw 3U2NFe/Ghz8Cdg+Wr1xC5kw7tgrjoK237piHeAMQCH54McrAQuWFX0N29Iu94DXQ tDdvnquEMV0wyUpbnfQPFgue5PqsJeXSyvvoyUTbEb8Az7UBI+LgkWOG6tq/zjDz oWcDrCAXLZgqkG/Bj8lwaZb/Zp/IRvqESAt/ssich39+9c6MqS7wIB9JfaQrMu77 TM0v5uc+294h/pqqCy8mwVkptP7Ms6CaGweP5kdUUgcvlAIhVbXMiA== =MchN -----END PGP SIGNATURE----- From sunder at brainlink.com Tue Dec 24 13:12:19 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Tue, 24 Dec 1996 13:12:19 -0800 (PST) Subject: Both John Gilmore and Ray Arachelian are liars In-Reply-To: <32C043C2.20E5@gte.net> Message-ID: On Tue, 24 Dec 1996, Dale Thorn wrote: > This must be what is called a nonsequitur. He can *always* be here, > one way or another. That was never the point. It is my point. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From adam at homeport.org Tue Dec 24 13:24:01 1996 From: adam at homeport.org (Adam Shostack) Date: Tue, 24 Dec 1996 13:24:01 -0800 (PST) Subject: clipper plans 4 sale (was Re: Earl Edwin Pitts, $224,000) In-Reply-To: <199612242026.MAA18998@netcom18.netcom.com> Message-ID: <199612242119.QAA16490@homeport.org> Vladimir Z. Nuri wrote: | CYPHERPUNKS-- this would be another big front page NYT article and | *severe* blow to the spook establishment if someone PUBLISHED this | algorithm in cyberspace.... just noting the obvious and not | encouraging anything ILLEGAL here, heh heh, I disagree. I think publishing Skipjack would be counterproductive. Right now, we're shooting to make the ITARs irrelevant by saying things like 'IDEA is Swiss, and when we can't export it from the US. What does that do to competitiveness?' We can't make that claim about Skipjack. Skipjack is an NSA designed cipher which the agency probably expects will be publicised. But would they ever admit to it? Heck no. When its published, expect screams of bloody murder by the four horsemen. Many people will believe it. Its easy to construct the case that the ITARs, as they apply to things in the public domain, thing implemented outside the US, things designed outside the US, are just silly. Its much harder to make that argument about Skipjack, especially as you can't legally export the chips. Adam PS: The current (year end double issue) of the Economist is quite an enjoyable read. Crypto relevance? The decipherment of Mayan hieroglyphics, some on commerce on the net. But mostly I just found it a very enjoyable read. -- "It is seldom that liberty of any kind is lost all at once." -Hume From rwright at adnetsol.com Tue Dec 24 13:33:57 1996 From: rwright at adnetsol.com (Ross Wright) Date: Tue, 24 Dec 1996 13:33:57 -0800 (PST) Subject: Let's write a good Usenet spambot Message-ID: <199612242133.NAA08613@adnetsol.adnetsol.com> On or About 24 Dec 96 at 13:33, Dr.Dimitri Vulis KOTM wrote: > > Ross, let's write a good Usenet spambot. The ones out there suck > because they go through newsgroups alphabetically and post the same > crap all at once. Then they get detected and cancelled by assholes > like Chris Lewis. Yeah, those assholes are getting in the way of my first amendment right to spam the fuck out of anyone and everyone I fucking want to!!!! My hero, Larry Flint, says "The price of freedom of speech is tolerance of other people's views.: So everyone can Fucking tolerate as much spam as a spamming robot can be told to spew!!! > > A good spambot would cover all unmoderated newsgroups, look for > traffic, pretend to follow up on postings from actual people, say > something on-topic, and post your message, but vary it randomly, so > it's almost never the same. Dr., this is a stroke of genius!! I think we should start on this immediately! No one would even know it was spam, or a spamming robot!!! > > I think we can make a pretty good program. "Cypher punks" don't > write code, but we do. Fuck them if they can't take a joke!!! Let's write some code! I am cc:ing this to a couple others who helped me write the "link following" web-robot I am currently using! Let's get on this usenet thing NOW!!!! Ross =-=-=-=-=-=- Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From dlv at bwalk.dm.com Tue Dec 24 13:50:21 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 24 Dec 1996 13:50:21 -0800 (PST) Subject: Unsubscribing Dr. Vulius In-Reply-To: <32C00B59.7FD1@gte.net> Message-ID: <15mgZD80w165w@bwalk.dm.com> Dale Thorn writes: > this is a crypto list, and there are all those NSA spooks watching > everything we do.... Watching and laughing, no doubt. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Dec 24 14:06:35 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 24 Dec 1996 14:06:35 -0800 (PST) Subject: Ebonics In-Reply-To: <199612241847.KAA24854@slack.lne.com> Message-ID: <1LNgZD82w165w@bwalk.dm.com> Eric Murray writes: > The determined poster could even grab a subscriber list from the lists's > mailserver, and send his message to each member individually. I can't quite do that either because majordomo at toad.com has been instructed to silently ignore *all* requests from me, including "who". --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From slothrop at poisson.com Tue Dec 24 15:26:09 1996 From: slothrop at poisson.com (J Durbin) Date: Tue, 24 Dec 1996 15:26:09 -0800 (PST) Subject: [Fwd: usenet censorship] In-Reply-To: <5HJgZD76w165w@bwalk.dm.com> Message-ID: <32e664c7.81338663@smtp.best.com> On Tue, 24 Dec 96 15:16:27 EST, Dimitri Vulis (dlv at bwalk.dm.com) wrote: >> Does anyone know of a server that allows uncensored news groups, mine >> censors all alt. groups. > >Check out alt.net. >From http://www.alt.net : Altopia Corporation "We do news." Altopia Corporation provides Usenet news and email services to individuals and organizations. At this time we are not taking any more customers until we have had a chance to refine our offerings. Please check back at this site periodically for details of future offerings. If you have any questions, please send email to info at alt.net. Last Modified: 961213 ----------------------- What exactly does F-K mailing list contributor and alt.net admin Chris Caputo mean by "refine our offerings"? jd -- Fight spam: http://www.vix.com/spam jason durbin slothrop at poisson.com Stop Reading Here <--- From slothrop at poisson.com Tue Dec 24 15:37:42 1996 From: slothrop at poisson.com (J Durbin) Date: Tue, 24 Dec 1996 15:37:42 -0800 (PST) Subject: Untraceable Payments, Extortion, and Other Bad Things In-Reply-To: <199612242019.MAA18186@netcom18.netcom.com> Message-ID: <32e76742.81973946@smtp.best.com> On Tue, 24 Dec 96 12:19:22 -0800, you wrote: >>You obviously (deliberately?) are misrepresenting May's comment above. It >>isn't that some kinds of evil are "no big deal": It's that quantiatively, >>refusing to accept a solution that would prevent, say, 100 deaths, simply >>because it would cause _one_ DIFFERENT death is foolish and misguided. >> >>If you feel inclined to deny this, consider the reverse situation: Would >>you approve of the saving of one life if it cost 100 lives? (all things >>being equal.) While most people would feel uncomfortable being asked to >>make decisions of this kind, that does not mean that one outcome is not >>identifiably better than another. > >*I* am misrepresenting Timmy's statement? >please explain to me how anonymous extortion and kidnapping/ransom (what >Timmy was talking about) saves lives along the lines of the above >reasoning... {netcom18:1} last vznuri vznuri ttyp7 den-co-pm15.netc Tue Dec 24 12:15 - 13:24 (01:09) vznuri ttyp4 den-co-pm6.netco Fri Dec 20 16:10 - 16:11 (00:00) Nu, what is Nuri's relationship to Colin james III and Dimi Vulis, both of whom have implicated their adversaries with an italian porno site? jd -- Fight spam: http://www.vix.com/spam jason durbin slothrop at poisson.com Stop Reading Here <--- From slothrop at poisson.com Tue Dec 24 15:37:52 1996 From: slothrop at poisson.com (J Durbin) Date: Tue, 24 Dec 1996 15:37:52 -0800 (PST) Subject: clipper plans 4 sale (was Re: Earl Edwin Pitts, $224,000) In-Reply-To: <199612242026.MAA18998@netcom18.netcom.com> Message-ID: <32e868b5.82344652@smtp.best.com> On Tue, 24 Dec 96 12:26:02 -0800, vladimir z nuri wrote: >CYPHERPUNKS-- this would be another big front page NYT article and >*severe* blow to the spook establishment if someone PUBLISHED this >algorithm in cyberspace.... just noting the obvious and not >encouraging anything ILLEGAL here, heh heh, What do you think about Eiffel? jd -- Fight spam: http://www.vix.com/spam jason durbin slothrop at poisson.com Stop Reading Here <--- From omega at bigeasy.com Tue Dec 24 15:39:18 1996 From: omega at bigeasy.com (Omegaman) Date: Tue, 24 Dec 1996 15:39:18 -0800 (PST) Subject: Untraceable Payments, Extortion, and Other Bad Things In-Reply-To: <199612242038.MAA20079@netcom18.netcom.com> Message-ID: On Tue, 24 Dec 1996, Vladimir Z. Nuri wrote: > >I thought the message was a pretty clear statement of opinion. ie. > >the deconstruction of democracy is a good thing and cryptoanarchy > >will a enable a more just society. (Some would argue more brutal as > >well, but I think that the level of brutatlity in society would > >change little from it's current levels.) > > wow, what a ringing endorsement for cryptoanarchy, and quite Mayesque > in its style. You're not very good with context, I see. The above statement neither endorses nor condemns the notion of cryptoanarchy. You claim that you want to debate Tim on the issue but that he won't put the issues on the table. It's all right there for you to attack or support. Here: THESIS:The deconstruction of democracy enabled by the inevitable genesis of cryptoanarchy will result in a more just (fair?) society. Go for it. Please start a relevant and interesting debate. But quit whining that Tim May won't challenge your brilliant mind. Pick a point and dissect whether it's accurate or flawed. > CRYPTOANARCHY!!! GO FOR IT!! IT PROBABLY WON'T BE ANY MORE > BRUTAL THAN THE WORLD IS ALREADY!!! Brutality amongst human beings has little to do with what type of government (or lack thereof) we have established. Nor is brutality inevitable amongst human beings; governments have little or no affect on how individuals think and behave. > the cryptoanarchy thesis IS crap. everyone with a few brain cells to rub > together is capable of seeing through this machiavellian dystopian trash > masquerading as a rational political philosophy. > > anyone heard of "memes"? cryptoanarchy is a virus of weak minds without > any defense mechanisms. the cpunk list is the principal vector.. Great. But you said you wanted to debate the fundamental points raised by May. > Mr. May's complex thesis, my profuse apologies if I misunderstood any > of the parts about extortion, kidnapping, tax evasion, anonymous > assassinations, etc. O.K. The point in the original message was that these things are inevitable if only one anonymous payment system is established. 1) Do you agree that these things are an inevitable consequence of anonymous untraceable payment systems? 2) Do you agree then that all it would take is just one? Or could one alone be stopped or controlled? how? 3) How can these bad things be prevented with an anonymous untraceable payment system? Pick any or all points and make your case. _______________________________________________________________ Omegaman PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send e-mail with "get key" in the "Subject:" field to get a copy of my public key _______________________________________________________________ From rkluge at nunic.nu.edu Tue Dec 24 16:00:21 1996 From: rkluge at nunic.nu.edu (bobbi) Date: Tue, 24 Dec 1996 16:00:21 -0800 (PST) Subject: domestic laws/policies In-Reply-To: Message-ID: My understanding goes with along with your statements. I got asked a question the other day and that person emphatically stated you "must" register the algorithm with the NSA(for domestic use). I was not aware of this even for exporting software that has cryptographic capability. If you export software do you have to "register" the algorithm? Or maybe I should ask - are there any situations where you do have to register the algorithm? For export I'm only aware that the strength of the algoritm has to be equal to or less than 40-bit DES. I think he was getting confused with GAK. bobbi kluge voice: 619.945.6248 rkluge at nunic.nu.edu fax: 619.945.6397 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #!/bin/perl -sp0777i Message-ID: At 4:02 PM -0800 12/24/96, bobbi wrote: >I got asked a question the other day and that person emphatically stated >you "must" register the algorithm with the NSA(for domestic use). >I was not aware of this even for exporting software that has cryptographic >capability. If you export software do you have to "register" the >algorithm? Or maybe I should ask - are there any situations where you do >have to register the algorithm? For export I'm only aware that the >strength of the algoritm has to be equal to or less than 40-bit DES. You have to describe the algorithm as part of getting an export license, or commodity jurisdiction. Since this description must be in sufficient detail so a reader can implement the algorithm, this description might properly be described as "registration". ------------------------------------------------------------------------- Bill Frantz | Client in California, POP3 | Periwinkle -- Consulting (408)356-8506 | in Pittsburgh, Packets in | 16345 Englewood Ave. frantz at netcom.com | Pakistan. - me | Los Gatos, CA 95032, USA From rkluge at nunic.nu.edu Tue Dec 24 16:44:30 1996 From: rkluge at nunic.nu.edu (bobbi) Date: Tue, 24 Dec 1996 16:44:30 -0800 (PST) Subject: domestic laws/policies In-Reply-To: Message-ID: Thank you. That is pretty clear. bobbi kluge voice: 619.945.6248 rkluge at nunic.nu.edu fax: 619.945.6397 From nobody at replay.com Tue Dec 24 16:46:07 1996 From: nobody at replay.com (Anonymous) Date: Tue, 24 Dec 1996 16:46:07 -0800 (PST) Subject: Anarcho Noel Message-ID: <199612250041.BAA28984@basement.replay.com> Noam Chomsky on Anarchism, Marxism & Hope for the Future Noam Chomsky is widely known for his critique of U.S foreign policy, and for his work as a linguist. Less well known is his ongoing support for libertarian socialist objectives. In a special interview done for Red and Black Revolution, Chomsky gives his views on anarchism and marxism, and the prospects for socialism now. The interview was conducted in May 1995 by Kevin Doyle. RBR: First off, Noam, for quite a time now you've been an advocate for the anarchist idea. Many people are familiar with the introduction you wrote in 1970 to Daniel Guerin's Anarchism, but more recently, for instance in the film Manufacturing Consent, you took the opportunity to highlight again the potential of anarchism and the anarchist idea. What is it that attracts you to anarchism? CHOMSKY: I was attracted to anarchism as a young teenager, as soon as I began to think about the world beyond a pretty narrow range, and haven't seen much reason to revise those early attitudes since. I think it only makes sense to seek out and identify structures of authority, hierarchy, and domination in every aspect of life, and to challenge them; unless a justification for them can be given, they are illegitimate, and should be dismantled, to increase the scope of human freedom. That includes political power, ownership and management, relations among men and women, parents and children, our control over the fate of future generations (the basic moral imperative behind the environmental movement, in my view), and much else. Naturally this means a challenge to the huge institutions of coercion and control: the state, the unaccountable private tyrannies that control most of the domestic and international economy, and so on. But not only these. That is what I have always understood to be the essence of anarchism: the conviction that the burden of proof has to be placed on authority, and that it should be dismantled if that burden cannot be met. Sometimes the burden can be met. If I'm taking a walk with my grandchildren and they dart out into a busy street, I will use not only authority but also physical coercion to stop them. The act should be challenged, but I think it can readily meet the challenge. And there are other cases; life is a complex affair, we understand very little about humans and society, and grand pronouncements are generally more a source of harm than of benefit. But the perspective is a valid one, I think, and can lead us quite a long way. Beyond such generalities, we begin to look at cases, which is where the questions of human interest and concern arise. RBR: It's true to say that your ideas and critique are now more widely known than ever before. It should also be said that your views are widely respected. How do you think your support for anarchism is received in this context? In particular, I'm interested in the response you receive from people who are getting interested in politics for the first time and who may, perhaps, have come across your views. Are such people surprised by your support for anarchism? Are they interested? CHOMSKY: The general intellectual culture, as you know, associates 'anarchism' with chaos, violence, bombs, disruption, and so on. So people are often surprised when I speak positively of anarchism and identify myself with leading traditions within it. But my impression is that among the general public, the basic ideas seem reasonable when the clouds are cleared away. Of course, when we turn to specific matters - say, the nature of families, or how an economy would work in a society that is more free and just - questions and controversy arise. But that is as it should be. Physics can't really explain how water flows from the tap in your sink. When we turn to vastly more complex questions of human significance, understanding is very thin, and there is plenty of room for disagreement, experimentation, both intellectual and real-life exploration of possibilities, to help us learn more. RBR: Perhaps, more than any other idea, anarchism has suffered from the problem of misrepresentation. Anarchism can mean many things to many people. Do you often find yourself having to explain what it is that you mean by anarchism? Does the misrepresentation of anarchism bother you? CHOMSKY: All misrepresentation is a nuisance. Much of it can be traced back to structures of power that have an interest in preventing understanding, for pretty obvious reasons. It's well to recall David Hume's Principles of Government. He expressed surprise that people ever submitted to their rulers. He concluded that since Force is always on the side of the governed, the governors have nothing to support them but opinion. 'Tis therefore, on opinion only that government is founded; and this maxim extends to the most despotic and most military governments, as well as to the most free and most popular. Hume was very astute - and incidentally, hardly a libertarian by the standards of the day. He surely underestimates the efficacy of force, but his observation seems to me basically correct, and important, particularly in the more free societies, where the art of controlling opinion is therefore far more refined. Misrepresentation and other forms of befuddlement are a natural concomitant. So does misrepresentation bother me? Sure, but so does rotten weather. It will exist as long as concentrations of power engender a kind of commissar class to defend them. Since they are usually not very bright, or are bright enough to know that they'd better avoid the arena of fact and argument, they'll turn to misrepresentation, vilification, and other devices that are available to those who know that they'll be protected by the various means available to the powerful. We should understand why all this occurs, and unravel it as best we can. That's part of the project of liberation - of ourselves and others, or more reasonably, of people working together to achieve these aims. Sounds simple-minded, and it is. But I have yet to find much commentary on human life and society that is not simple-minded, when absurdity and self-serving posturing are cleared away. RBR: How about in more established left-wing circles, where one might expect to find greater familiarity with what anarchism actually stands for? Do you encounter any surprise here at your views and support for anarchism? CHOMSKY: If I understand what you mean by established left-wing circles, there is not too much surprise about my views on anarchism, because very little is known about my views on anything. These are not the circles I deal with. You'll rarely find a reference to anything I say or write. That's not completely true of course. Thus in the US (but less commonly in the UK or elsewhere), you'd find some familiarity with what I do in certain of the more critical and independent sectors of what might be called established left-wing circles, and I have personal friends and associates scattered here and there. But have a look at the books and journals, and you'll see what I mean. I don't expect what I write and say to be any more welcome in these circles than in the faculty club or editorial board room - again, with exceptions. The question arises only marginally, so much so that it's hard to answer. RBR: A number of people have noted that you use the term 'libertarian socialist' in the same context as you use the word 'anarchism'. Do you see these terms as essentially similar? Is anarchism a type of socialism to you? The description has been used before that anarchism is equivalent to socialism with freedom. Would you agree with this basic equation? CHOMSKY: The introduction to Guerin's book that you mentioned opens with a quote from an anarchist sympathiser a century ago, who says that anarchism has a broad back, and endures anything. One major element has been what has traditionally been called 'libertarian socialism'. I've tried to explain there and elsewhere what I mean by that, stressing that it's hardly original; I'm taking the ideas from leading figures in the anarchist movement whom I quote, and who rather consistently describe themselves as socialists, while harshly condemning the 'new class' of radical intellectuals who seek to attain state power in the course of popular struggle and to become the vicious Red bureaucracy of which Bakunin warned; what's often called 'socialism'. I rather agree with Rudolf Rocker's perception that these (quite central) tendencies in anarchism draw from the best of Enlightenment and classical liberal thought, well beyond what he described. In fact, as I've tried to show they contrast sharply with Marxist-Leninist doctrine and practice, the 'libertarian' doctrines that are fashionable in the US and UK particularly, and other contemporary ideologies, all of which seem to me to reduce to advocacy of one or another form of illegitimate authority, quite often real tyranny. The Spanish Revolution RBR: In the past, when you have spoken about anarchism, you have often emphasised the example of the Spanish Revolution. For you there would seem to be two aspects to this example. On the one hand, the experience of the Spanish Revolution is, you say, a good example of 'anarchism in action'. On the other, you have also stressed that the Spanish revolution is a good example of what workers can achieve through their own efforts using participatory democracy. Are these two aspects - anarchism in action and participatory democracy - one and the same thing for you? Is anarchism a philosophy for people's power? CHOMSKY: I'm reluctant to use fancy polysyllables like philosophy to refer to what seems ordinary common sense. And I'm also uncomfortable with slogans. The achievements of Spanish workers and peasants, before the revolution was crushed, were impressive in many ways. The term 'participatory democracy' is a more recent one, which developed in a different context, but there surely are points of similarity. I'm sorry if this seems evasive. It is, but that's because I don't think either the concept of anarchism or of participatory democracy is clear enough to be able to answer the question whether they are the same. RBR: One of the main achievements of the Spanish Revolution was the degree of grassroots democracy established. In terms of people, it is estimated that over 3 million were involved. Rural and urban production was managed by workers themselves. Is it a coincidence to your mind that anarchists, known for their advocacy of individual freedom, succeeded in this area of collective administration? CHOMSKY: No coincidence at all. The tendencies in anarchism that I've always found most persuasive seek a highly organised society, integrating many different kinds of structures (workplace, community, and manifold other forms of voluntary association), but controlled by participants, not by those in a position to give orders (except, again, when authority can be justified, as is sometimes the case, in specific contingencies). Democracy RBR: Anarchists often expend a great deal of effort at building up grassroots democracy. Indeed they are often accused of taking democracy to extremes. Yet, despite this, many anarchists would not readily identify democracy as a central component of anarchist philosophy. Anarchists often describe their politics as being about 'socialism' or being about 'the individual'- they are less likely to say that anarchism is about democracy. Would you agree that democratic ideas are a central feature of anarchism? CHOMSKY: Criticism of 'democracy' among anarchists has often been criticism of parliamentary democracy, as it has arisen within societies with deeply repressive features. Take the US, which has been as free as any, since its origins. American democracy was founded on the principle, stressed by James Madison in the Constitutional Convention in 1787, that the primary function of government is to protect the minority of the opulent from the majority. Thus he warned that in England, the only quasi-democratic model of the day, if the general population were allowed a say in public affairs, they would implement agrarian reform or other atrocities, and that the American system must be carefully crafted to avoid such crimes against the rights of property, which must be defended (in fact, must prevail). Parliamentary democracy within this framework does merit sharp criticism by genuine libertarians, and I've left out many other features that are hardly subtle - slavery, to mention just one, or the wage slavery that was bitterly condemned by working people who had never heard of anarchism or communism right through the 19th century, and beyond. Leninism RBR: The importance of grassroots democracy to any meaningful change in society would seem to be self evident. Yet the left has been ambiguous about this in the past. I'm speaking generally, of social democracy, but also of Bolshevism - traditions on the left that would seem to have more in common with elitist thinking than with strict democratic practice. Lenin, to use a well-known example, was sceptical that workers could develop anything more than trade union consciousness- by which, I assume, he meant that workers could not see far beyond their immediate predicament. Similarly, the Fabian socialist, Beatrice Webb, who was very influential in the Labour Party in England, had the view that workers were only interested in horse racing odds! Where does this elitism originate and what is it doing on the left? CHOMSKY: I'm afraid it's hard for me to answer this. If the left is understood to include 'Bolshevism,' then I would flatly dissociate myself from the left. Lenin was one of the greatest enemies of socialism, in my opinion, for reasons I've discussed. The idea that workers are only interested in horse-racing is an absurdity that cannot withstand even a superficial look at labour history or the lively and independent working class press that flourished in many places, including the manufacturing towns of New England not many miles from where I'm writing - not to speak of the inspiring record of the courageous struggles of persecuted and oppressed people throughout history, until this very moment. Take the most miserable corner of this hemisphere, Haiti, regarded by the European conquerors as a paradise and the source of no small part of Europe's wealth, now devastated, perhaps beyond recovery. In the past few years, under conditions so miserable that few people in the rich countries can imagine them, peasants and slum-dwellers constructed a popular democratic movement based on grassroots organisations that surpasses just about anything I know of elsewhere; only deeply committed commissars could fail to collapse with ridicule when they hear the solemn pronouncements of American intellectuals and political leaders about how the US has to teach Haitians the lessons of democracy. Their achievements were so substantial and frightening to the powerful that they had to be subjected to yet another dose of vicious terror, with considerably more US support than is publicly acknowledged, and they still have not surrendered. Are they interested only in horse-racing? I'd suggest some lines I've occasionally quoted from Rousseau: when I see multitudes of entirely naked savages scorn European voluptuousness and endure hunger, fire, the sword, and death to preserve only their independence, I feel that it does not behoove slaves to reason about freedom. RBR: Speaking generally again, your own work - Deterring Democracy, Necessary Illusions, etc. - has dealt consistently with the role and prevalence of elitist ideas in societies such as our own. You have argued that within 'Western' (or parliamentary) democracy there is a deep antagonism to any real role or input from the mass of people, lest it threaten the uneven distribution in wealth which favours the rich. Your work is quite convincing here, but, this aside, some have been shocked by your assertions. For instance, you compare the politics of President John F. Kennedy with Lenin, more or less equating the two. This, I might add, has shocked supporters of both camps! Can you elaborate a little on the validity of the comparison? CHOMSKY: I haven't actually equated the doctrines of the liberal intellectuals of the Kennedy administration with Leninists, but I have noted striking points of similarity - rather as predicted by Bakunin a century earlier in his perceptive commentary on the new class. For example, I quoted passages from McNamara on the need to enhance managerial control if we are to be truly free, and about how the undermanagement that is the real threat to democracy is an assault against reason itself. Change a few words in these passages, and we have standard Leninist doctrine. I've argued that the roots are rather deep, in both cases. Without further clarification about what people find shocking, I can't comment further. The comparisons are specific, and I think both proper and properly qualified. If not, that's an error, and I'd be interested to be enlightened about it. Marxism RBR: Specifically, Leninism refers to a form of marxism that developed with V.I. Lenin. Are you implicitly distinguishing the works of Marx from the particular criticism you have of Lenin when you use the term 'Leninism'? Do you see a continuity between Marx's views and Lenin's later practices? CHOMSKY: Bakunin's warnings about the Red bureaucracy that would institute the worst of all despotic governments were long before Lenin, and were directed against the followers of Mr. Marx. There were, in fact, followers of many different kinds; Pannekoek, Luxembourg, Mattick and others are very far from Lenin, and their views often converge with elements of anarcho-syndicalism. Korsch and others wrote sympathetically of the anarchist revolution in Spain, in fact. There are continuities from Marx to Lenin, but there are also continuities to Marxists who were harshly critical of Lenin and Bolshevism. Teodor Shanin's work in the past years on Marx's later attitudes towards peasant revolution is also relevant here. I'm far from being a Marx scholar, and wouldn't venture any serious judgement on which of these continuities reflects the 'real Marx,' if there even can be an answer to that question. RBR: Recently, we obtained a copy of your own Notes On Anarchism (re-published last year by Discussion Bulletin in the USA). In this you mention the views of the early Marx, in particular his development of the idea of alienation under capitalism. Do you generally agree with this division in Marx's life and work - a young, more libertarian socialist but, in later years, a firm authoritarian? CHOMSKY: The early Marx draws extensively from the milieu in which he lived, and one finds many similarities to the thinking that animated classical liberalism, aspects of the Enlightenment and French and German Romanticism. Again, I'm not enough of a Marx scholar to pretend to an authoritative judgement. My impression, for what it is worth, is that the early Marx was very much a figure of the late Enlightenment, and the later Marx was a highly authoritarian activist, and a critical analyst of capitalism, who had little to say about socialist alternatives. But those are impressions. RBR: From my understanding, the core part of your overall view is informed by your concept of human nature. In the past the idea of human nature was seen, perhaps, as something regressive, even limiting. For instance, the unchanging aspect of human nature is often used as an argument for why things can't be changed fundamentally in the direction of anarchism. You take a different view? Why? CHOMSKY: The core part of anyone's point of view is some concept of human nature, however it may be remote from awareness or lack articulation. At least, that is true of people who consider themselves moral agents, not monsters. Monsters aside, whether a person who advocates reform or revolution, or stability or return to earlier stages, or simply cultivating one's own garden, takes stand on the grounds that it is 'good for people.' But that judgement is based on some conception of human nature, which a reasonable person will try to make as clear as possible, if only so that it can be evaluated. So in this respect I'm no different from anyone else. You're right that human nature has been seen as something 'regressive,' but that must be the result of profound confusion. Is my granddaughter no different from a rock, a salamander, a chicken, a monkey? A person who dismisses this absurdity as absurd recognises that there is a distinctive human nature. We are left only with the question of what it is - a highly nontrivial and fascinating question, with enormous scientific interest and human significance. We know a fair amount about certain aspects of it - not those of major human significance. Beyond that, we are left with our hopes and wishes, intuitions and speculations. There is nothing regressive about the fact that a human embryo is so constrained that it does not grow wings, or that its visual system cannot function in the manner of an insect, or that it lacks the homing instinct of pigeons. The same factors that constrain the organism's development also enable it to attain a rich, complex, and highly articulated structure, similar in fundamental ways to conspecifics, with rich and remarkable capacities. An organism that lacked such determinative intrinsic structure, which of course radically limits the paths of development, would be some kind of amoeboid creature, to be pitied (even if it could survive somehow). The scope and limits of development are logically related. Take language, one of the few distinctive human capacities about which much is known. We have very strong reasons to believe that all possible human languages are very similar; a Martian scientist observing humans might conclude that there is just a single language, with minor variants. The reason is that the particular aspect of human nature that underlies the growth of language allows very restricted options. Is this limiting? Of course. Is it liberating? Also of course. It is these very restrictions that make it possible for a rich and intricate system of expression of thought to develop in similar ways on the basis of very rudimentary, scattered, and varied experience. What about the matter of biologically-determined human differences? That these exist is surely true, and a cause for joy, not fear or regret. Life among clones would not be worth living, and a sane person will only rejoice that others have abilities that they do not share. That should be elementary. What is commonly believed about these matters is strange indeed, in my opinion. Is human nature, whatever it is, conducive to the development of anarchist forms of life or a barrier to them? We do not know enough to answer, one way or the other. These are matters for experimentation and discovery, not empty pronouncements. The future RBR: To begin finishing off, I'd like to ask you briefly about some current issues on the left. I don't know if the situation is similar in the USA but here, with the fall of the Soviet Union, a certain demoralisation has set in on the left. It isn't so much that people were dear supporters of what existed in the Soviet Union, but rather it's a general feeling that with the demise of the Soviet Union the idea of socialism has also been dragged down. Have you come across this type of demoralisation? What's your response to it? CHOMSKY: My response to the end of Soviet tyranny was similar to my reaction to the defeat of Hitler and Mussolini. In all cases, it is a victory for the human spirit. It should have been particularly welcome to socialists, since a great enemy of socialism had at last collapsed. Like you, I was intrigued to see how people - including people who had considered themselves anti-Stalinist and anti-Leninist - were demoralised by the collapse of the tyranny. What it reveals is that they were more deeply committed to Leninism than they believed. There are, however, other reasons to be concerned about the elimination of this brutal and tyrannical system, which was as much socialist as it was democratic (recall that it claimed to be both, and that the latter claim was ridiculed in the West, while the former was eagerly accepted, as a weapon against socialism - one of the many examples of the service of Western intellectuals to power). One reason has to do with the nature of the Cold War. In my view, it was in significant measure a special case of the 'North-South conflict,' to use the current euphemism for Europe's conquest of much of the world. Eastern Europe had been the original 'third world,' and the Cold War from 1917 had no slight resemblance to the reaction of attempts by other parts of the third world to pursue an independent course, though in this case differences of scale gave the conflict a life of its own. For this reason, it was only reasonable to expect the region to return pretty much to its earlier status: parts of the West, like the Czech Republic or Western Poland, could be expected to rejoin it, while others revert to the traditional service role, the ex-Nomenklatura becoming the standard third world elite (with the approval of Western state-corporate power, which generally prefers them to alternatives). That was not a pretty prospect, and it has led to immense suffering. Another reason for concern has to do with the matter of deterrence and non-alignment. Grotesque as the Soviet empire was, its very existence offered a certain space for non-alignment, and for perfectly cynical reasons, it sometimes provided assistance to victims of Western attack. Those options are gone, and the South is suffering the consequences. A third reason has to do with what the business press calls the pampered Western workers with their luxurious lifestyles. With much of Eastern Europe returning to the fold, owners and managers have powerful new weapons against the working classes and the poor at home. GM and VW can not only transfer production to Mexico and Brazil (or at least threaten to, which often amounts to the same thing), but also to Poland and Hungary, where they can find skilled and trained workers at a fraction of the cost. They are gloating about it, understandably, given the guiding values. We can learn a lot about what the Cold War (or any other conflict) was about by looking at who is cheering and who is unhappy after it ends. By that criterion, the victors in the Cold War include Western elites and the ex-Nomenklatura, now rich beyond their wildest dreams, and the losers include a substantial part of the population of the East along with working people and the poor in the West, as well as popular sectors in the South that have sought an independent path. Such ideas tend to arouse near hysteria among Western intellectuals, when they can even perceive them, which is rare. That's easy to show. It's also understandable. The observations are correct, and subversive of power and privilege; hence hysteria. In general, the reactions of an honest person to the end of the Cold War will be more complex than just pleasure over the collapse of a brutal tyranny, and prevailing reactions are suffused with extreme hypocrisy, in my opinion. Capitalism RBR: In many ways the left today finds itself back at its original starting point in the last century. Like then, it now faces a form of capitalism that is in the ascendancy. There would seem to be greater 'consensus' today, more than at any other time in history, that capitalism is the only valid form of economic organisation possible, this despite the fact that wealth inequality is widening. Against this backdrop, one could argue that the left is unsure of how to go forward. How do you look at the current period? Is it a question of 'back to basics'? Should the effort now be towards bringing out the libertarian tradition in socialism and towards stressing democratic ideas? CHOMSKY: This is mostly propaganda, in my opinion. What is called 'capitalism' is basically a system of corporate mercantilism, with huge and largely unaccountable private tyrannies exercising vast control over the economy, political systems, and social and cultural life, operating in close co-operation with powerful states that intervene massively in the domestic economy and international society. That is dramatically true of the United States, contrary to much illusion. The rich and privileged are no more willing to face market discipline than they have been in the past, though they consider it just fine for the general population. Merely to cite a few illustrations, the Reagan administration, which revelled in free market rhetoric, also boasted to the business community that it was the most protectionist in post-war US history - actually more than all others combined. Newt Gingrich, who leads the current crusade, represents a superrich district that receives more federal subsidies than any other suburban region in the country, outside of the federal system itself. The 'conservatives' who are calling for an end to school lunches for hungry children are also demanding an increase in the budget for the Pentagon, which was established in the late 1940s in its current form because - as the business press was kind enough to tell us - high tech industry cannot survive in a pure, competitive, unsubsidized, 'free enterprise' economy, and the government must be its saviour. Without the saviour, Gingrich's constituents would be poor working people (if they were lucky). There would be no computers, electronics generally, aviation industry, metallurgy, automation, etc., etc., right down the list. Anarchists, of all people, should not be taken in by these traditional frauds. More than ever, libertarian socialist ideas are relevant, and the population is very much open to them. Despite a huge mass of corporate propaganda, outside of educated circles, people still maintain pretty much their traditional attitudes. In the US, for example, more than 80% of the population regard the economic system as inherently unfair and the political system as a fraud, which serves the special interests, not the people. Overwhelming majorities think working people have too little voice in public affairs (the same is true in England), that the government has the responsibility of assisting people in need, that spending for education and health should take precedence over budget-cutting and tax cuts, that the current Republican proposals that are sailing through Congress benefit the rich and harm the general population, and so on. Intellectuals may tell a different story, but it's not all that difficult to find out the facts. RBR: To a point anarchist ideas have been vindicated by the collapse of the Soviet Union - the predictions of Bakunin have proven to be correct. Do you think that anarchists should take heart from this general development and from the perceptiveness of Bakunin's analysis? Should anarchists look to the period ahead with greater confidence in their ideas and history? CHOMSKY: I think - at least hope - that the answer is implicit in the above. I think the current era has ominous portent, and signs of great hope. Which result ensues depends on what we make of the opportunities. RBR: Lastly, Noam, a different sort of question. We have a pint of Guinness on order for you here. When are you going to come and drink it? CHOMSKY: Keep the Guinness ready. I hope it won't be too long. Less jocularly, I'd be there tomorrow if we could. We (my wife came along with me, unusual for these constant trips) had a marvellous time in Ireland, and would love to come back. Why don't we? Won't bore you with the sordid details, but demands are extraordinary, and mounting - a reflection of the conditions I've been trying to describe. -- From spyking at thecodex.com Tue Dec 24 17:46:45 1996 From: spyking at thecodex.com (SpyKing) Date: Tue, 24 Dec 1996 17:46:45 -0800 (PST) Subject: The Surveillance List... Message-ID: <9612250027.AA23205@yod.mne.com> Interested in joining a FREE moderated list to discuss surveillance and counter-surveillance technology? This list is for professionals and those interested in the business... Join the "Surveillance List" today... We'll cover such topics as: Audio surveillance technology... Video surveillance technology... Methods of eavesdropping... TSCM... Electronic countermeasures... Trade Shows... Equipment... What works... What doesn't... Equipment... Where to get the best deals... Who the players are... To join the "Surveillance List" please send an E-Mail with the words "Surveillance List" in the "subject" field. Please include you name and e-mail address in the body of message... with a little background info... We urge subscribers to "Get Involved" and make this list a viable forum for the exchange of information and ideas... Don't be a LURKER... If you've got a question, ask it... (there is no such thing as a dumb question...) If you've got info to share, share it... ************************************************************************** List Postings to: 6886 at mne.net ************************************************************************** Subscribe to: 6886 at mne.net In the subject field type: subscribe-surveillance list ************************************************************************** Unsubscribe to: 6886 at mne.net In the subject field type: unsubscribe-surveillance list ************************************************************************** ...The Simple Rules of the Surveillance List... The Surveillance List Owners may Reject or Edit any posts that are: 1.) Unrelated to Eavesdropping, Surveillance or Privacy technology... 2.) Flames or Negative posts... 3.) E-Signatures that are considered excessive... 4.) Advertisements not directly related to the list topics... 5.) Attached Files... 6.) Oversized Posts... **************************************************************************** This publication is copyrighted and is protected by U.S. and International copyright law. The information transmitted on this list may not be reproduced, reposted or forwarded to any non-list member without expressed written permission of the List Owner. Violation of U.S. copyright law is a criminal and civil offense... **************************************************************************** The Surveillance List is moderated by SpyKing at thecodex.com Copyright 1996, Codex Publishing Inc., All Rights Reserved... **************************************************************************** ************************************************************************* The Codex Surveillance & Privacy News - http://www.thecodex.com Home of the most comprehensive compilation of search & tools On the Net - Over 6000 FREE searches... "We don't spy on you... but we DO keep an eye on those that do..." ************************************************************************* From jimbell at pacifier.com Tue Dec 24 18:06:16 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 24 Dec 1996 18:06:16 -0800 (PST) Subject: Legality of requiring credit cards? Message-ID: <199612250205.SAA17605@mail.pacifier.com> At 03:29 PM 12/24/96 -0500, Brian Davis wrote: >On Tue, 24 Dec 1996, Dale Thorn wrote: > >Be especially carefully of structuring a $10,000+ transaction into >smaller transactions in an attempt to circumvent the reporting >requirements. Doing so ("structuring a transaction") is a felony. > >I was involved in reviewing a matter for possible prosecution in my >former life. Guy wins big football pool (season long) -- total of >$27,000. He calls an *leaves a message* that he wants 3 $9,000 checks. >He gets them, goes to branch 1 of bank x and cashes one. Then to branch 2 >and cashes another. Then back to branch 1 for the third. > >The bank, as required, filed a Report of Suspcious Transaction. >Fortunately for him, the IRS-CID agents jumped the gun and alerted him to >the investigation (by interviewing him) before he filed his taxes for >that year. He then knew enough to report the income and pay the taxes. > >We settled the matter by having the money forfeited and having a civil >monetary penalty assessment against him under the Bank Secrecy Act (the >first such penalty against an individual ever). He got credit on the >civil assessment for the money forfeited, so all he lost was his $27,000 >in winnings. > >Had he been better at it, he never would've been caught, IMNSHO. Actually, this kind of stunt fully justifies whatever level of lethal punishment that the public will one day direct at these thugs. Look at what you just said, paraphrased by me: "Man wins $27,000. He will eventually be required to report and pay taxes on the amount, but not quite yet. Stupid I/R/S people alert him BEFORE he files his taxes. He reports the payment, as is ostensibly legally required. He paid the taxes owed. Period." THEN you said, "we settled the matter." Huh? What, exactly, was there to "settle"? Remember, you just said that the stupid I/R/S agents ALERTED him, right? Well, if they do stupid things they ought to be punished for them, right?!? One of the consequences of showing your hand early is that any potential opponent can adjust his behavior to AVOID getting caught doing something wrong. Since this man's obligations were in the future, he was alerted to fulfill them. (this is quite analogous to cops driving around in marked cars. Presumably, they will occasionally be seen by a person planning a crime, who may be deterred from his intent temporarily or permanently.) Don't try to claim that the act of receiving the money in portions evidenced intent to commit a crime, because reporting and paying the taxes made that possibility moot. At best, you might claim that had he COULD HAVE carried it through to illegality, analogous to the possibility that if a person picks up an object in a store, he MIGHT head for the exit without paying, or go to the cash register to pay. Store detectives, wisely, know that they must wait for a shoplifter to leave the store BEFORE closing in. I say again: It is PRECISELY this kind of outrageous behavior that results in revolutions, assassinations, and other incidents. The hostage-taking currently going on in Peru has captured Peruvian government officials who heretofore, felt safe abusing THEIR citizenry the same way you once felt safe abusing yours. Tell me, would you have felt abused if during your previous employment you'd been taken hostage similarly? Jim Bell jimbell at pacifier.com From bal at martigny.ai.mit.edu Tue Dec 24 18:39:42 1996 From: bal at martigny.ai.mit.edu (Brian A. LaMacchia) Date: Tue, 24 Dec 1996 18:39:42 -0800 (PST) Subject: Legality of requiring credit cards? Message-ID: <3.0.32.19961224213904.0073acc0@martigny.ai.mit.edu> At 05:54 PM 12/24/96 -0800, jim bell wrote: >"Man wins $27,000. He will eventually be required to report and pay taxes >on the amount, but not quite yet. Stupid I/R/S people alert him BEFORE he >files his taxes. He reports the payment, as is ostensibly legally required. > He paid the taxes owed. Period." > >THEN you said, "we settled the matter." Huh? What, exactly, was there to >"settle"? Why, of course, the fact that the guy attempted to structure the transaction to evade the reporting requirements in the first place. 31 U.S.C. 5324(a). Structuring (or attempting to structure) a financial transaction to evade the reporting requirements is a violation of this subsection, and 31 U.S.C. 5322(a) says that a willful violation is a five-year felony. Oh, and willful violation while violating another U.S. law is a ten-year felony until 5322(b). I'd suspect the guy was looking at a 5322(b) charge (with "transmission of wagering information in interstate commerce" as the "other U.S. law" being violated), but IANAL and I don't know the case law. EBD: Please correct me if I'm wrong. Oh, and did you go after the guy who wrote the three $9K checks for conspiracy or aiding-and-abetting? --bal From blancw at cnw.com Tue Dec 24 19:03:52 1996 From: blancw at cnw.com (blanc) Date: Tue, 24 Dec 1996 19:03:52 -0800 (PST) Subject: Untraceable Payments, Extortion, and Other Bad Things Message-ID: <01BBF1CD.95B0C400@king1-11.cnw.com> From: Vlad the Conqueror anyone heard of "memes"? cryptoanarchy is a virus of weak minds without any defense mechanisms. the cpunk list is the principal vector.. ..................................................... So, Nuri-logical, are you one of those NSA tentacles on the list, discouraging people from following certain ideas - like Tim's, for example? Are you feeling a bit in-Timmy-dated by the possibility of a crypto reign of terror; do you feel a bit like you're part of that stuff floating at the top about to be skimmed off? What do you think would be a good antidote for this cryptoanarchy virus? How do you imagine that it might be introduced into the Brave New World of anarchocapitalism; how could it effectively counter the growth of libertarian ideals, which you despise? Tim sort of evaded my question by asserting that the methods of which he spoke were implicit in his writings. I hope you don't claim the same, but are more blatant and explicit about your ideas to the contrary (though typically you are blatant, although not necessarily explicit). .. Blanc From azur at netcom.com Tue Dec 24 19:16:44 1996 From: azur at netcom.com (Steve Schear) Date: Tue, 24 Dec 1996 19:16:44 -0800 (PST) Subject: Hooked on Ebonics Message-ID: Now that the new Afrocentric Ebonic language is officially recognized, we have a lot of work to do. Having textbooks published in English and Hip Hop is going to be daunting. New educational tapes, "Hooked on Ebonics" will have to be produced. Answers to test questions will have to be analyzed and converted, and an entire new dictionary will need to be established. You know what I'm sayin'? In some ways life will get much simpler. No longer will we be burdened with the cumbersome task of searching our minds for the proper adjective, pronoun, or participle. An expletive invoking another's mother will be the only adjective, pronoun, or metaphor in the new Ebonics dictionary. Bernard Shaw and Alan Keyes could get rid of that bothersome eloquence and perfect diction and rap it back Black, lay it on me bro. I'm curious about the "N word." Will that be allowed? I do hear it a lot in movies centered around life in the ethnic neighborhoods of L.A. or Oakland. The reason I ask is because where I work you'll be severely fired if you toss out the "N word." We'll need to have clarification. It would be kind of strange to have an official language that only one ethnic group is allowed to use. Maybe if we could get Texaconics declared an official language of the corporate elite we could give those guys at Texaco their jobs back. Ross Perot could say, "You people" with impunity. As a matter of fact we can have an official language for however you want to talk. Bigotonics, Stupidonics, Stoneronics, Skatersonics, Preppyonics and last but not least, I can't get a decent job anywhere in the world because I was educated in the Oakland School Districtonics. From jimbell at pacifier.com Tue Dec 24 19:29:21 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 24 Dec 1996 19:29:21 -0800 (PST) Subject: Legality of requiring credit cards? Message-ID: <199612250329.TAA21067@mail.pacifier.com> At 09:39 PM 12/24/96 -0500, Brian A. LaMacchia wrote: >At 05:54 PM 12/24/96 -0800, jim bell wrote: >>"Man wins $27,000. He will eventually be required to report and pay taxes >>on the amount, but not quite yet. Stupid I/R/S people alert him BEFORE he >>files his taxes. He reports the payment, as is ostensibly legally required. >> He paid the taxes owed. Period." >> >>THEN you said, "we settled the matter." Huh? What, exactly, was there to >>"settle"? > >Why, of course, the fact that the guy attempted to structure the >transaction to evade the reporting requirements in the first place. 31 >U.S.C. 5324(a). Who says? He eventually reported it within the legally-defined time. The evidence of intent to COMPLY with the law is far stronger than the evidence of the opposite. >Structuring (or attempting to structure) a financial >transaction to evade the reporting requirements is a violation of this >subsection, and 31 U.S.C. 5322(a) says that a willful violation is a >five-year felony. Again, he clearly DID NOT "evade the reporting requirement." Brian Davis admitted this. (Whether he ever intended to do this is sheer speculation on the part of anyone else. We'll never know; as Davis pointed out, the IRS screwed up.) Even if the standard of evidence was as low as "preponderance of evidence" (which it, of course, is not in a criminal case) he SHOULD have won. By waiting until the return was filed and the tax was paid, the IRS was allowing him to resolve whatever ambiguity remained. Actually, if there were any justice, he should have been able to sue the bank for reporting him and NOT INFORMING HIM of that fact. (I presume the law requires the bank to report suspicious transactions. I also presume that the law _doesn't_ prohibit the bank from telling the customer that it will have to report that transaction.) The bank, presumably being experts in the matter, recognizes that lay individuals can't be expected to be experts in specialized areas, and should be considered obligated to warn customers away from suspicious-looking transactions. I'm sure the REAL LAWYERS (tm) on this list will be able to cite examples of where experts of all kinds were sued by non-experts for failing to warn them of unexpected dangers that could have been averted had the appropriate advice been given promptly. Jim Bell jimbell at pacifier.com From bal at martigny.ai.mit.edu Tue Dec 24 21:12:44 1996 From: bal at martigny.ai.mit.edu (Brian A. LaMacchia) Date: Tue, 24 Dec 1996 21:12:44 -0800 (PST) Subject: Legality of requiring credit cards? Message-ID: <3.0.32.19961225001207.00cde89c@martigny.ai.mit.edu> At 07:17 PM 12/24/96 -0800, jim bell wrote: >At 09:39 PM 12/24/96 -0500, Brian A. LaMacchia wrote: >>Why, of course, the fact that the guy attempted to structure the >>transaction to evade the reporting requirements in the first place. 31 >>U.S.C. 5324(a). > >Who says? He eventually reported it within the legally-defined time. The >evidence of intent to COMPLY with the law is far stronger than the evidence >of the opposite. Bzzt, wrong answer, thanks for playing. "Reporting" here doesn't mean "report the income to the IRS on your tax return." It refers to the report the bank is required to file by law on every transaction in excess of $10,000. If the guy didn't report the $27K as gambling winnings on his 1040 then he'd be guilty of tax evasion in addition to the structuring charges, but that's an independent issue. Go read 31 U.S.C. 5324 (http://www.law.cornell.edu/uscode/). >Again, he clearly DID NOT "evade the reporting requirement." Brian Davis >admitted this. (Whether he ever intended to do this is sheer speculation on >the part of anyone else. We'll never know; as Davis pointed out, the IRS >screwed up.) Even if the standard of evidence was as low as "preponderance >of evidence" (which it, of course, is not in a criminal case) he SHOULD have >won. By waiting until the return was filed and the tax was paid, the IRS >was allowing him to resolve whatever ambiguity remained. Of course he attempted to evade: three checks, deposits the first in bank 1, the second in bank 2, and the third in bank 1 again. Trying to not cause either bank to file the form that says "we just got a deposit in excess of $10K." That's structuring to evade. Welcome to Allenwood. --bal From jimbell at pacifier.com Tue Dec 24 21:28:28 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 24 Dec 1996 21:28:28 -0800 (PST) Subject: clipper plans 4 sale Message-ID: <199612250528.VAA26570@mail.pacifier.com> At 04:18 PM 12/24/96 -0500, Adam Shostack wrote: > Many people will believe it. Its easy to construct the case >that the ITARs, as they apply to things in the public domain, thing >implemented outside the US, things designed outside the US, are just >silly. Its much harder to make that argument about Skipjack, >especially as you can't legally export the chips. When Clipper was first proposed, in April of 1993, as I recall one of the government-types promoting it claimed that it would be exportable "except to terrorist-sponsoring countries like Libya." This made me laugh: It seemed to me that if Clipper codes were kept and available to the US government, you'd expect that they'd WANT Libya to get those phones! In fact, they'd air-drop them in the thousands, right? After all, this would make other countries more dependant on the US for cooperation, and they'd be more pliable as a result, right? Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Tue Dec 24 21:28:32 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 24 Dec 1996 21:28:32 -0800 (PST) Subject: Reflections on the Bernstein ruling Message-ID: <199612250528.VAA26575@mail.pacifier.com> At 01:01 PM 12/23/96 -0500, Marc Horowitz wrote: >Greg Broiles writes: >>> It's also unclear that Judge Patel's ruling is enough to make export of >>> crypto source legal by people/organizations located even in the Northern >>> District of CA. Venue is proper, in an ITAR case, in any jurisdiction which >>> the defense articles have moved through. (18 USC 3237(a); _US v. Durrani_ >>> 659 F.Supp 1177, 1182 (D. Conn, 1987); an easy analogy is to the _US v. >>> Thomas_ "Amateur Action" case, where Tennessee venue was proper for >>> prosecution of California defendants who sent porn into Tennessee.) So it's >>> at least arguable that the feds could simply bring an ITAR prosecution in >>> another district, if exported crypto flowed through that district. (But I >>> don't think they can do so against Dan Bernstein because of "res judicata", >>> a doctrine which says that once two parties have fully litigated an issue, >>> they cannot come back to the same court - or a different one - and ask to >>> relitigate the same issue.) > >It happens to be the case that the Northern District of California >borders on the Pacific Ocean, and includes (at least) two airports >with direct flights to more crypto-friendly jurisdictions to the west. >I do not know if there are any satellite or oceanic cables similarly >situated, but I wouldn't be surprised. In law, there's a concept known as "mens rea," or "guilty mind." (A Real Lawyer (tm) should be able to explain this to CP) Presumably, if the legal system followed its own rules, it would be impossible to have a "guilty mind" about exporting crypto subsequent to the Patel ruling, until such time as that ruling was specifically overturned. After all, the lay public is not expected to be experts here, and if a judge (!) says that crypto export regulations are a violation of the US Constitution, we should be entitled to believe her and to believe that we're entitled to disobey the (unconstitutional) law with a clear conscience. Further, IMO, It shouldn't even matter if contrary legal decisions exist, as long as they are not directly above that court so as to overrule Judge Patel. Our consciences can still be clear: If courts can't, themselves, agree, presumably we aren't obligated to second-guess which one is correct and which one is not. However, a REAL LAWYER would also have to tell you that the system doesn't obey its own rules! Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Tue Dec 24 21:47:27 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 24 Dec 1996 21:47:27 -0800 (PST) Subject: Legality of requiring credit cards? Message-ID: <199612250547.VAA27540@mail.pacifier.com> At 12:12 AM 12/25/96 -0500, Brian A. LaMacchia wrote: >At 07:17 PM 12/24/96 -0800, jim bell wrote: >>At 09:39 PM 12/24/96 -0500, Brian A. LaMacchia wrote: >>>Why, of course, the fact that the guy attempted to structure the >>>transaction to evade the reporting requirements in the first place. 31 >>>U.S.C. 5324(a). >> >>Who says? He eventually reported it within the legally-defined time. The >>evidence of intent to COMPLY with the law is far stronger than the evidence >>of the opposite. > >Bzzt, wrong answer, thanks for playing. "Reporting" here doesn't mean >"report the income to the IRS on your tax return." It refers to the report >the bank is required to file by law on every transaction in excess of >$10,000. Bzzt, wrong answer! By definition, if the report was filed as a consequence of the transaction, then the transaction was reported IN FACT and the person didn't evade it! (whether he wanted to evade it is, of course, pure speculation on your part. It is, obviously, questionable whether the government can make a person's mere _desires_ criminal.) Let's suppose, hypothetically, that there is a rule which states "If anybody comes in and does three separate $9,000 transactions, they get reported." In that case, anybody who does those transactions is already aware that doing them does NOT "evade the reporting requirements." Okay, maybe no such explicit rule exists. However, can you prove that anyone really believes that he is "evading reporting requirements"? Having read of this incident, it is quite obvious that the government doesn't obey its own rules and doesn't limit itself to logic and reasonable positions. It is also obvious that banks can't be trusted to follow reliable rules. Once aware of this, how can you show that a person really thought he was getting away with anything? (which is, after all, an essential element of the crime of "structuring", I suppose.) Gotcha! Catch-22 situation. Jim Bell jimbell at pacifier.com From ccaputo at alt.net Tue Dec 24 22:04:19 1996 From: ccaputo at alt.net (Chris Caputo) Date: Tue, 24 Dec 1996 22:04:19 -0800 (PST) Subject: [Fwd: usenet censorship] In-Reply-To: <32e664c7.81338663@smtp.best.com> Message-ID: We mean that we are coming up with a new pricing scheme that will allow us to more accurately match revenue with expenses. Chris Caputo President, Altopia Corporation On Tue, 24 Dec 1996, J Durbin wrote: > What exactly does F-K mailing list contributor and alt.net admin Chris > Caputo mean by "refine our offerings"? From bal at martigny.ai.mit.edu Tue Dec 24 22:32:02 1996 From: bal at martigny.ai.mit.edu (Brian A. LaMacchia) Date: Tue, 24 Dec 1996 22:32:02 -0800 (PST) Subject: Legality of requiring credit cards? Message-ID: <3.0.32.19961225013128.00cfb688@martigny.ai.mit.edu> At 09:35 PM 12/24/96 -0800, jim bell wrote: >At 12:12 AM 12/25/96 -0500, Brian A. LaMacchia wrote: >>Bzzt, wrong answer, thanks for playing. "Reporting" here doesn't mean >>"report the income to the IRS on your tax return." It refers to the report >>the bank is required to file by law on every transaction in excess of >>$10,000. > >Bzzt, wrong answer! By definition, if the report was filed as a consequence of >the transaction, then the transaction was reported IN FACT and the person didn't >evade it! (whether he wanted to evade it is, of course, pure speculation on your >part. It is, obviously, questionable whether the government can make a person's >mere _desires_ criminal.) Please, Jim, *go read the law*. Do it now, before you even think about replying to this message, else you'll say something else stupid and irrelevant. Look, I'll even give you the complete, specific URL for the section of the U.S. Code in question; all you have to do is cut-and-paste it into your favorite Web browser: http://www.law.cornell.edu/uscode/31/5324.html See in clause (1) where it says, "cause or attempt to cause a domestic financial institution to fail to file a report required under section 5313(a)"? See the words "attempt to cause"? Now go back to EBD's original post. See where he said "Report of Suspicious Transaction"? See the errors in your argument above? Good. Your homework assignment is to go read _Ratzlaf v. US_, 510 U.S. 135, 114 S.Ct. 655, and summarize for the list. --bal From gimonca at skypoint.com Tue Dec 24 22:57:20 1996 From: gimonca at skypoint.com (Charles Gimon) Date: Tue, 24 Dec 1996 22:57:20 -0800 (PST) Subject: Legality of requiring credit cards? (fwd) Message-ID: Forwarded message: > Date: Mon, 23 Dec 1996 11:14:00 -0500 (EST) > From: Michael Gurski > Subject: Re: Legality of requiring credit cards? (fwd) > > Yes, and if I'd *ever* written a bad check, it would be a different > story. The weasel there basically said that because I'd made > purchases there in the past few days, they tried to contact my bank on > a Sunday afternoon.... (No, I don't get it either) > > But that still doesn't answer whether or not a credit card can be > requested when paying by check. > They can do whatever the hell they want. Whether it makes any difference to the store's bottom line is another question. What some places will do is call the card number down to the credit offices, who will run an authorization (*not a charge) for one dollar on that card number, figuring that if the Visa/MC system won't even authorize a dollar, they'd better not take the check. Personally, I don't think the process helps much. It's all a part of Corporate Cover-Your-Own-Ass Culture. "Yes, the check bounced, but we followed the procedures in the employee manual!" "We're committed to taking definite steps to fight shrinkage!" People on the list could probably come up with much better ways to authenticate a reputation. Until then, for personal checks, you can call any bank in the U.S., ask for bookkeeping, and ask them if there are funds in the bank to cover the check you're holding. Any bank should give you a yes or no on this. Some banks, like the First Banks here in Minnesota, will do this through their automated telephone banking services, 24 hours. Now, for the rest of you who are calling for the government, of all people, to protect your privacy, please......take that personal check, picture ID and MasterCard, go down to the after-Christmas sales, and buy a clue. --CG From blancw at cnw.com Wed Dec 25 00:10:54 1996 From: blancw at cnw.com (blanc) Date: Wed, 25 Dec 1996 00:10:54 -0800 (PST) Subject: MerryMerry, and All That Message-ID: <01BBF1F8.817F2F00@king1-26.cnw.com> {} |||| *(X)* `'*(X)* `~'~*(X)* `'x'~'x'~*(X)* (X)'*x~`x`~`x`~x\ /x'~'*(X)'*x`~`x`~`x`~x\ ((O'^'^'^'^'^M*(X)e'R"r%y^^'^'^'^'^O)) *(((^^^^'~'C\h"r,i%s*(X)'T*m&aS'~'~'^^^^^)))* {((<^^^^^^^^="c*y^P+h'eR*(X)*Pu#n`K"s^^^^^^^^^^^>))} *(((^^^'&"T"i`m$m^Y_&_*(X)*L.D,+T'oo!^^^)))* ((O'~'~'~'~'~'~'~'~'~'*(X)*'~'~'~'O)) `'`'*(X)*"~"x"~"x"~"x*(X)*'`` `'`'*(X)*"x"~"x"~"x"~"`` ``*(X)*"x"~"x"~"`` ``*(X)*x"x~"`` `*(X)*x"`` *(X)* *|||* "^" V .. Blanc From camcc at abraxis.com Wed Dec 25 07:40:33 1996 From: camcc at abraxis.com (Alec) Date: Wed, 25 Dec 1996 07:40:33 -0800 (PST) Subject: Bubbaonics [Ebonics] Message-ID: <3.0.32.19961225104048.00690320@smtp1.abraxis.com> A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 206 bytes Desc: not available URL: From dlv at bwalk.dm.com Wed Dec 25 08:10:21 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 25 Dec 1996 08:10:21 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: <3.0.32.19961225013128.00cfb688@martigny.ai.mit.edu> Message-ID: <8X2HZD96w165w@bwalk.dm.com> Fuck Christmas... "Brian A. LaMacchia" writes: > See in clause (1) where it says, "cause or attempt to cause a domestic > financial institution to fail to file a report required under section > 5313(a)"? See the words "attempt to cause"? Now go back to EBD's original > post. See where he said "Report of Suspicious Transaction"? See the > errors in your argument above? Good. Here's a somewhat related post I saw on alt.revenge: ]From: dastuart at mail.entrsft.com ]Newsgroups: alt.revenge ]Subject: Re: Car salesmen and dealerships ]Message-ID: ]Date: Tue, 24 Dec 96 07:23:20 GMT ... ] I remember once, my ex had a problem with a furniture store in ]Fayetteville, NC as they were rude to her on the phone and hung up, she called ]the manager to complain and he was just as rude. ] ] Wellllllllll.... that didn't set too well with her so she (& I) went down ]the next day to make her monthly payment. She was so upset, that she decided to ]pay the last three payments and get rid of them permanently. The previous day ]she withdrew the money from the bank, @ $120.00 ($40.00 per payment). ] ] We walked in the store that FRIDAY at 5:15 (they close at 5:30) she went ]ahead of me to the back of the store where they receive pymnts and announced ]that she was totally pi**ed with the attitude of the employees (explained what ]had happened) and that she wanted to pay them off and would not do business ]with them anymore. She asked for and got the finally pay off as I walked ]towards her and placed the money on the counter. ] ] As I did..... (did I mention that the $120.00 was in UNROLLED PENNIES ?) ]all hell broke lose, the cashier said that they had to be rolled. Rhonda told ]her that she would not and as a matter of fact she spent an hour unrolling ]them. (it took that long because as we did, we replaced the "wheaties" with ]regular pennies) and asked her if she was refusing payment. ] ] She called the manager on the phone and came back smugly and said , no we ]are not refusing payment, we are refusing the form of payment, Rhonda said, ]regardless of the 'form' it is US currency and legal. Not a check which you ]have the option to accept or not. ] ] She again called the manager and he came back there. Going through this ]again with him, Rhonda said, Now I ask you one more time, regardless of the ]form of payment, this is it, will you accept it or not? If not, then I will ]consider my debt paid in full. ] ] Finally he agreed to accept it. She told him that she thought that there ]was exactly $120.00 there but wanted him to count it to make sure, because she ]didn't want to short change his company and if there was a penny extra was ]damned if they were going to get it. She went on with him for another round, ]finally he agreed, that they would count it and she could pick up her receipt ]tomorrow. ] ] Tomorrow, hell no, I come 25 miles to pay this off and I am not going home ]without a receipt. The bottom line is that they wanted to get home, and didn't ]want to mess with this. ] ] She stated that her debt was considered "PAID IN FULL" and that if they ]wanted to sue her that they could take her to small claims court, and if they ]did, she would appeal the decision if it were not in her favor to a higher ]court (which in NC is Superior) and of course she wanted a trial by jury so ]that at least twelve people would hear the story about their company but not to ]try to put anything damaging in her credit file because she had a press release ]to send to her paper and the one in Fayetteville and would sue them for ]defamation of character (and a few other things). ] ] We walked out of the store and went home and had to roll the pennies. The ]only thing that we heard from them was a flier in the mail @ 2 weeks later when ]they were having a preferred customer sale. (obviously the fliers were sent out ]before they took our name off of their mailing list. ] ]stuart ] I wonder if something in U.S.C. say that if you try to pull this trick on a U.S.G. agency, you're guilty of "unlawful structuring" or some such shit. Personally, Jim Bell is an asshole, but he's right about many things. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Wed Dec 25 09:00:10 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 25 Dec 1996 09:00:10 -0800 (PST) Subject: Ebonics In-Reply-To: <199612230641.BAA13632@mercury.peganet.com> Message-ID: I don't see what the fuck Yebonics has to do with crypto, but another Yebonics joke showed up in my rec.humor.funny: ]From: mklein at voicenet.com (Michael Klein) ]Newsgroups: rec.humor.funny ]Subject: Ebonics ]Keywords: topical, chuckle, racial stereotypes ]Message-ID: ]Date: Tue, 24 Dec 96 12:20:03 EST ]Lines: 13 ]Approved: funny-request at clari.net ] ]Knock knock. ]Who's there? ]I.B. ]I.B. who? ]I.B. bilingual. ] ]-- ]Selected by Jim Griffith. MAIL your joke to funny at clari.net. ]Attribute the joke's source if at all possible. A Daemon will auto-reply. ] ]Remember: PLEASE spell check and proofread your jokes. You think I have ]time to hand-correct everybody's postings? For the full submission guidelines, ]see http://comedy.clari.net/rhf/ --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From vipul at pobox.com Wed Dec 25 09:24:04 1996 From: vipul at pobox.com (Vipul Ved Prakash) Date: Wed, 25 Dec 1996 09:24:04 -0800 (PST) Subject: Iranian clergic attacks Internet as 'poison' to the masses (fwd) Message-ID: <199612252246.WAA00230@fountainhead.net> *** Iranian clergic attacks Internet as 'poison' to the masses A senior Iranian cleric called Friday for restricting Internet access because the global computer network fed "poison" to the masses. Ayatollah Ahmad Jannati said the Internet should be restricted to research and scientific centers and he criticized "unalert and uncalculating" officials who allowed unrestricted access. He said the Internet "poisoned thought, morale and attitude" and "was much worse than food poisoning since 100 doctors put together could not cure such a case in a short time." For the full text story, see http://www.merc.com/stories/cgi/story.cgi?id=836683-59b -- Vipul Ved Prakash | - Electronic Security & Crypto vipul at pobox.com | - Internet & Intranets 91 11 2233328 | - Web Development & PERL 198 Madhuban IP Extension | - Linux & Open Systems Delhi, INDIA 110 092 | - (Networked) Multimedia From nobody at huge.cajones.com Wed Dec 25 10:32:47 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Wed, 25 Dec 1996 10:32:47 -0800 (PST) Subject: [URGENT] Meet-in-the-middle attack Message-ID: <199612251832.KAA03358@mailmasher.com> Here, Tim C. Maya descends into total inanity. He should have a cold shower and/or a Turkish coffee. _ / ' | /><\ Tim C. Maya //[ `' ]\\ From toto at sk.sympatico.ca Wed Dec 25 10:35:07 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Wed, 25 Dec 1996 10:35:07 -0800 (PST) Subject: Snarfer Programs In-Reply-To: Message-ID: <32C1763A.5843@sk.sympatico.ca> Are the Password Keystroke Snarfer programs anything like the Password Keystroke Snipe Programs? Some Cypherpunks told me they'd explain the Snipe Programs to me if I bought a case of beer, but I lost them on the way to their secret meeting place in the woods, and I had to walk home. Gee, they were sure nice guys, though. Toto From toto at sk.sympatico.ca Wed Dec 25 10:36:52 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Wed, 25 Dec 1996 10:36:52 -0800 (PST) Subject: [Fwd: usenet censorship] In-Reply-To: Message-ID: <32C1735E.25F8@sk.sympatico.ca> Chris Caputo wrote: > > We mean that we are coming up with a new pricing scheme that will allow > us to more accurately match revenue with expenses. Chris, In non-pressrelease language does this mean: a. Making a profit. b. Trying to at least break even. c. Trying not to lose your ass. d. Hiring a dyslexic pot-head as Chief Financial Officer was a big mistake. Just Wondering, Toto From adam at homeport.org Wed Dec 25 11:10:39 1996 From: adam at homeport.org (Adam Shostack) Date: Wed, 25 Dec 1996 11:10:39 -0800 (PST) Subject: Encryption Algorithms In-Reply-To: <19961224201047358.AAA219@dev.vertexgroup.com> Message-ID: <199612251907.OAA18540@homeport.org> I maintain a list of crypto libraries at www.homeport.org/~adam/crypto Adam John Fricker wrote: | I've got some comments on this and pointers at | http://www.program.com/resources/crypto.html and /source/crypto/index.html | | (If any cypherpunks still give a shit about crypto I would appreciate any | pointers to additional crypto resources on the net.) | | >Adam Breaux (admin at veracruz.net) said | | >Is there a good source on the net for implemented C/C++ routines such | >as a DES algorithm? I am a programmer in need of some fairly secure | >encryption routine. Any help would be greatly appreciated. | > | >Thanks | >AdamX | >--- | >Adam Breaux | >admin at veracruz.net | >http://www.veracruz.net {Corporate Page } | >http://www.abyss.com {Extracurricular} | >http://www.iso-america.com {In Search Of...} | > | >"Violence is a cruel world doing what it | >does best...break the habit...BE NICE" --- me. | >End of quote | | --j | -------------------------------------------------------------------- | | John Fricker (jfricker at vertexgroup.com) | | -random notes- | | My PGP public key is available by sending | | me email with subject "send pgp key". | | www.Program.com is a good programmer web site. | -------------------------------------------------------------------- | -- "It is seldom that liberty of any kind is lost all at once." -Hume From toto at sk.sympatico.ca Wed Dec 25 11:14:25 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Wed, 25 Dec 1996 11:14:25 -0800 (PST) Subject: The 'Thot Police' Message-ID: <32C18AA0.578E@sk.sympatico.ca> The best defence against the Thot Police is to say something intelligent, and make your break for it while they are scratching their head, and saying, "Huh?" From toto at sk.sympatico.ca Wed Dec 25 11:14:36 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Wed, 25 Dec 1996 11:14:36 -0800 (PST) Subject: Thank You, CypherPunks Message-ID: <32C19022.7A11@sk.sympatico.ca> I don't care if conference does contain the weirdest bunch of bozos it has ever been my misfortune to encounter. Thank you, each and every one, for not posting 58,287,489 messages saying "Merry Xmas", "Happy Holidays", and "Season's Greetings". All I want for 'Xmas' is for just 'one' of these 58,287,489 people to give me a 500 Gigabyte hard drive to store all these Xmas greeting messages on. Toto From vznuri at netcom.com Wed Dec 25 11:16:43 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 25 Dec 1996 11:16:43 -0800 (PST) Subject: clipper plans 4 sale (was Re: Earl Edwin Pitts, $224,000) In-Reply-To: <199612242119.QAA16490@homeport.org> Message-ID: <199612251916.LAA17341@netcom13.netcom.com> [publish skipjack] > > Right now, we're shooting to make the ITARs irrelevant by >saying things like 'IDEA is Swiss, and when we can't export it from >the US. What does that do to competitiveness?' We can't make that >claim about Skipjack. Skipjack is an NSA designed cipher which the >agency probably expects will be publicised. they spent millions of dollars to hide the encryption on the chip-- using state-of-the-art technology from what I understand. it would have been far cheaper not to have done this. also, the chip manufacturer was under very high security. so, seems like exactly the opposite to me-- they don't want it to be publicized. in fact when it was first released there was some verbiage in the documents about how the chip design would be used to prevent such an amazingly powerful algorithm from getting into private hands without "appropriate safeguards". so I don't buy your theory. publishing skipjack would be a very, very significant cpunk victory. recall that DES was slightly redesigned by the NSA, and about 20 years later it was discovered it was done to possibly make it less vulnerable to "differential cryptoanalysis". 20 years later! that suggests that the NSA may be up to 20 years ahead of public/academic crypto research, at least at that point. anyway, my point is that if skipjack was published, similar insights into what the NSA is thinking would be available. can you point to an algorithm other than DES officially sanctioned by NSA? skipjack is even better, it was *built* by them, and apparently to be highly secure. the insights available to private researchers after studying the algorithm would be very significant imho. it would be a snapshot made very recently of what the nsa considers a state-of-the-art encryption algorithm. especially useful considering that DES is about to die and people are looking for alternatives. note that many people suspect Skipjack is very similar to the DES in that it is built out of Sboxes and Pboxes. so in that sense the basic design is probably not all that different. it would be disappointing if it wasn't different from DES in some interesting way. I doubt this would be the case. From ericm at lne.com Wed Dec 25 11:22:37 1996 From: ericm at lne.com (Eric Murray) Date: Wed, 25 Dec 1996 11:22:37 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: <3.0.32.19961225013128.00cfb688@martigny.ai.mit.edu> Message-ID: <199612251920.LAA31394@slack.lne.com> Brian A. LaMacchia writes: > > At 09:35 PM 12/24/96 -0800, jim bell wrote: > >Bzzt, wrong answer! By definition, if the report was filed as a > consequence of >the transaction, then the transaction was reported IN FACT > and the person didn't >evade it! (whether he wanted to evade it is, of > course, pure speculation on your >part. It is, obviously, questionable > whether the government can make a person's >mere _desires_ criminal.) > > Please, Jim, *go read the law*. Do it now, before you even think about > replying to this message, else you'll say something else stupid and > irrelevant. Look, I'll even give you the complete, specific URL for the > section of the U.S. Code in question; all you have to do is cut-and-paste > it into your favorite Web browser: > > http://www.law.cornell.edu/uscode/31/5324.html It appears that Jim's 100% wrong- they omit the 'Suspicious Transaction' report in the list of reports that the gambler was busted for trying to avoid: Section 5324: (a) Domestic Coin and Currency Transactions. - No person shall for the purpose of evading the reporting requirements of section 5313(a), section 5325, or the regulations issued thereunder or section 5325 or regulations prescribed under such section 5325 (FOOTNOTE 1) with respect to such transaction - (FOOTNOTE 1) So in original. See 1992 Amendment note below. (1) cause or attempt to cause a domestic financial institution to fail to file a report required under section 5313(a), section 5325, or the regulations issued thereunder or section 5325 or regulations prescribed under such section 5325; (FOOTNOTE 1) (2) cause or attempt to cause a domestic financial institution to file a report required under section 5313(a), section 5325, or the regulations issued thereunder or section 5325 or regulations prescribed under such section 5325 (FOOTNOTE 1) that contains a material omission or misstatement of fact; or (3) structure or assist in structuring, or attempt to structure or assist in structuring, any transaction with one or more domestic financial institutions. Section 5313 is the 'normal' reporting section, Section 5318(g) is "suspicious" transactions (note that it wasn't listed in 5324 above): (g) Reporting of Suspicious Transactions. - (1) In general. - The Secretary may require any financial institution, and any director, officer, employee, or agent of any financial institution, to report any suspicious transaction relevant to a possible violation of law or regulation. (2) Notification prohibited. - A financial institution, and a director, officer, employee, or agent of any financial institution, who voluntarily reports a suspicious transaction, or that reports a suspicious transaction pursuant to this section or any other authority, may not notify any person involved in the transaction that the transaction has been reported. This is really scary to someone like me who doesn't often read laws. They're required to report "suspicious" transactions (with the definition of "suspicious" left completely wide open) and they're not allowed to tell you that you have been reported. This sounds like police-state tactics, not something that would happen in a free and open society. It's also interesting to note that section 5313(a) similarly does not define what is to be reported. Is this defined elsewhere, or can it be changed at any time by the Secretary of the Treasury? Reading section 5324, it sounds (to me, a layman) that there has to be some intent to evade the reporting requirements. Does this mean that prosecutors would have to prove intent? Does simply getting checks for $9000 prove intent? I sure hope not as I have recently received a couple checks for consulting work that have just happened to be slightly under ten grand. -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From adam at homeport.org Wed Dec 25 11:42:18 1996 From: adam at homeport.org (Adam Shostack) Date: Wed, 25 Dec 1996 11:42:18 -0800 (PST) Subject: clipper plans 4 sale (was Re: Earl Edwin Pitts, $224,000) In-Reply-To: <199612251916.LAA17341@netcom13.netcom.com> Message-ID: <199612251938.OAA18612@homeport.org> Vladimir Z. Nuri wrote: | [publish skipjack] | > Right now, we're shooting to make the ITARs irrelevant by | >saying things like 'IDEA is Swiss, and when we can't export it from | >the US. What does that do to competitiveness?' We can't make that | >claim about Skipjack. Skipjack is an NSA designed cipher which the | >agency probably expects will be publicised. | | they spent millions of dollars to hide the encryption on the chip-- | using state-of-the-art technology from what I understand. it would have | been far cheaper not to have done this. also, the | chip manufacturer was under very high security. | | so, seems like exactly | the opposite to me-- they don't want it to be publicized. in fact | when it was first released there was some verbiage in the documents | about how the chip design would be used to prevent such an amazingly | powerful algorithm from getting into private hands without | "appropriate safeguards". so I don't buy your theory. I said expects, not wants. The NSA knows that Skipjack is a fat target, and probably, despite efforts at hardening it, a soft target as well. So they took steps to make it tough, but probably expect that those efforts will fail. | publishing skipjack would be a very, very significant cpunk victory. | recall that DES was slightly redesigned by the NSA, and about 20 | years later it was discovered it was done to possibly make it | less vulnerable to "differential cryptoanalysis". 20 years later! | that suggests that the NSA may be up to 20 years ahead of public/academic | crypto research, at least at that point. Bruce Schneier gave a talk 2 years ago at the Crypto rump session where he talked about 'Open Source Skipjack.' The talk notes may be on the web. | anyway, my point is that if skipjack was published, similar insights | into what the NSA is thinking would be available. can you point to I know that. I honestly don't think it would be a sufficient propaganda victory to break through the 'tamper-resistant' housing and reverse engineer the algorithim to make it worth the loss of respect for 'revealing national security codes.' The big losers would be the smartcard folks. Its not clear to me that 'cypherpunks' would get more positive PR than negative. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From toto at sk.sympatico.ca Wed Dec 25 12:02:44 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Wed, 25 Dec 1996 12:02:44 -0800 (PST) Subject: Reflections on the Bernstein ruling In-Reply-To: <199612250528.VAA26575@mail.pacifier.com> Message-ID: <32C1A102.6738@sk.sympatico.ca> jim bell wrote: > Presumably, if the legal system followed its own rules... Presumably, if pigs could fly... From toto at sk.sympatico.ca Wed Dec 25 12:04:32 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Wed, 25 Dec 1996 12:04:32 -0800 (PST) Subject: Canuckonics In-Reply-To: Message-ID: <32C1A156.30CD@sk.sympatico.ca> The Complete Canuckonics Dicionary (c) 1997, Pearl Harbor Productions Syntax Translation ------ ----------- eh? huh? Toto "Pearl Harbor Computers, Ltd." "We Don't Eat Dogs" From dlv at bwalk.dm.com Wed Dec 25 14:20:11 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 25 Dec 1996 14:20:11 -0800 (PST) Subject: Gubmint-sponsored online gambling Message-ID: <78iiZD104w165w@bwalk.dm.com> In about 2 weeks Off-track Betting Corporation (the quasi-state agency in NYS that's in charge of horse betting) is planning to open a Web site where gamblers will be able to place bets. One will have to fork over real $$ to OTB before being able to bet it on the Web site. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From BJORN2LUZE at prodigy.com Wed Dec 25 14:26:17 1996 From: BJORN2LUZE at prodigy.com (NATHAN MALLAMACE) Date: Wed, 25 Dec 1996 14:26:17 -0800 (PST) Subject: Internet Message Message-ID: <199612252203.RAB23812@mime4.prodigy.com> Sorry I wasn't able obtain the original SUBJECT here. Through-out the moral existance of the internet I find no reason to stop the comunications. There are factors like no AT&T, MCI, or SPRINT (those dime-a-minute rates are baffling). GOOD. Then there are more ideas exchanged. This can be a PLUS for businesses that are RETAILERS (in the long run). The internet can be used to UNITE the world with a single language. The internet can be used to share ideas, learn, and a good place to visit when you are feeling down. Now if you believe anything I said, than the idea that the iternet brings is UNITY. Isn't it strange that within the last 3 years, (taken from a local news channel) people have agreed that the U.S. is moving in a positive direction? Not really, within these last three years is the exact time the internet had become most publicly available. With PRODIGY, AOL, and COMPUSERVE making it happen. Who is the original credit due to? Tell me. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- my favorite site: http://pages.prodigy.com/VT/hackersguide on the internet today. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- --Nathan From dlv at bwalk.dm.com Wed Dec 25 15:00:25 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 25 Dec 1996 15:00:25 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: <199612251920.LAA31394@slack.lne.com> Message-ID: Eric Murray writes: > This is really scary to someone like me who doesn't often read > laws. They're required to report "suspicious" transactions > (with the definition of "suspicious" left completely wide open) > and they're not allowed to tell you that you have been reported. > This sounds like police-state tactics, not something that would > happen in a free and open society. Yes - that's what the U.S. is. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From attila at primenet.com Wed Dec 25 15:28:25 1996 From: attila at primenet.com (Attila T. Hun) Date: Wed, 25 Dec 1996 15:28:25 -0800 (PST) Subject: ABSOLUTE BUNK [was Internet Message] In-Reply-To: <199612252203.RAB23812@mime4.prodigy.com> Message-ID: <199612252327.QAA23667@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- every now and then, the southern end of a northbound horse, with the creative writing talents of a recent graduate of the State School for the Mentally Deficient, backs into town. his favourite site: http://pages.prodigy.com/VT/hackersguide somebody ought to tell the poor soul on a horse with no name he aimlessly backed into town lacking the ability to aim. the moniker tells it all: BJORN2LUZE the origin confirms it: @prodigy.com is MALLAMACE an abbreviated anagram for 'malicious mace?' but, then again, maybe he sounds intelligent on Prodigy.... shilling for the apocalypse == Lord grant me the serenity to accept the things I cannot change. The courage to change the things I can. And the wisdom to hide the bodies of the people I had to kill because they pissed me off. --attila -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMsG38L04kQrCC2kFAQFmwAQAg2R4CNgsMnZP/hkoo9XH+cojHbQRmrSl OXZ7xu13MdzeI4/HQoowRkr+Jm9xkgDAHn6mjrel8Xm5cIM1g/eFpXDpbb+WVhqD bFg6TtUq/tC4i7gaRjAzDPqA1xqLftmWOouJRDfsq/iqEMNki8bhg2B6xnjNdBm+ sq2WWkRj66k= =vGcI -----END PGP SIGNATURE----- ====== original ====== on 12/25/96 at 05:03 PM, (NATHAN MALLAMACE) said: :: Sorry I wasn't able obtain the original SUBJECT here. :: Through-out the moral existance of the internet I find ::no reason to stop the comunications. There are factors like ::no AT&T, MCI, or SPRINT (those dime-a-minute rates are ::baffling). GOOD. Then there are more ideas exchanged. This ::can be a PLUS for businesses that are RETAILERS (in the long ::run). The internet can be used to UNITE the world with a ::single language. The internet can be used to share ideas, ::learn, and a good place to visit when you are feeling down. :: Now if you believe anything I said, than the idea that ::the iternet brings is UNITY. Isn't it strange that within ::the last 3 years, (taken from a local news channel) people ::have agreed that the U.S. is moving in a positive direction? ::Not really, within these last three years is the exact time ::the internet had become most publicly available. With ::PRODIGY, AOL, and COMPUSERVE making it happen. Who is the ::original credit due to? ::Tell me. ::-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ::my favorite site: ::http://pages.prodigy.com/VT/hackersguide ::on the internet today. ::-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- :: --Nathan ============ Whew, it's the END of forward ============ From toto at sk.sympatico.ca Wed Dec 25 15:33:29 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Wed, 25 Dec 1996 15:33:29 -0800 (PST) Subject: Iranian clergic attacks Internet as 'poison' to the masses (fwd) In-Reply-To: <199612252246.WAA00230@fountainhead.net> Message-ID: <32C1A5EF.4305@sk.sympatico.ca> Vipul Ved Prakash wrote: > > *** Iranian clergic attacks Internet as 'poison' to the masses So does Pat Robertson. Must be a 'spiritual' thing. From toto at sk.sympatico.ca Wed Dec 25 15:58:32 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Wed, 25 Dec 1996 15:58:32 -0800 (PST) Subject: Encryption Algorithms In-Reply-To: <199612251907.OAA18540@homeport.org> Message-ID: <32C1D894.378@sk.sympatico.ca> Adam Shostack wrote: > (If any cypherpunks still give a shit about crypto I would appreciate >any pointers to additional crypto resources on the net.) Crypto? Get off the CypherPunks Ebonics forum, you asshole. From ccaputo at alt.net Wed Dec 25 16:55:21 1996 From: ccaputo at alt.net (Chris Caputo) Date: Wed, 25 Dec 1996 16:55:21 -0800 (PST) Subject: [Fwd: usenet censorship] In-Reply-To: <32C1735E.25F8@sk.sympatico.ca> Message-ID: Sorry about the press-release'ish language - twas not my intention. I would say (b), with happy customers and (a) being the goal. The service we provide incurs significant expenses, mainly because of the bandwidth involved, and we just need to make sure the cost of these expenses is being recovered in a fair way, before we grow any more. Chris Caputo President, Altopia Corporation On Wed, 25 Dec 1996, Carl Johnson wrote: > Chris Caputo wrote: > > We mean that we are coming up with a new pricing scheme that will > > allow us to more accurately match revenue with expenses. > > Chris, > In non-pressrelease language does this mean: > a. Making a profit. > b. Trying to at least break even. > c. Trying not to lose your ass. > d. Hiring a dyslexic pot-head as Chief Financial Officer was a big > mistake. > > Just Wondering, > Toto From health711 at cyberpromo.com Wed Dec 25 17:51:58 1996 From: health711 at cyberpromo.com (health711 at cyberpromo.com) Date: Wed, 25 Dec 1996 17:51:58 -0800 (PST) Subject: booklet-bus-97 Message-ID: Fuck_You_Nerds, I just thought I would write you a short note,to tell you about a free booklet I discovered.I ordered and I can not believe the fun and money I am making.All you need to do is send them a self addressed stamped envelope to homebusiness 870 market street #450 San Francisco,Calif. 94102.Find it out for yourself.Available in 34 countries warmest regards & Happy Holidays Ellen From dthorn at gte.net Wed Dec 25 17:52:10 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 25 Dec 1996 17:52:10 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: <199612250205.SAA17605@mail.pacifier.com> Message-ID: <32C0995F.6569@gte.net> jim bell wrote: > At 03:29 PM 12/24/96 -0500, Brian Davis wrote: > >On Tue, 24 Dec 1996, Dale Thorn wrote: > >Be especially carefully of structuring a $10,000+ transaction into > >smaller transactions in an attempt to circumvent the reporting > >requirements. Doing so ("structuring a transaction") is a felony. > Actually, this kind of stunt fully justifies whatever level of lethal > punishment that the public will one day direct at these thugs. Look at > what you just said, paraphrased by me: [snip] I was surprised at this "settlement" thing. I'd sure like to get more detail on that. A pointer would be *most* appreciated. From varange at crl.com Wed Dec 25 17:54:58 1996 From: varange at crl.com (Troy Varange) Date: Wed, 25 Dec 1996 17:54:58 -0800 (PST) Subject: Cash - Covenience and privacy over the threat of being mugged In-Reply-To: <$m2n5850-.Pine.OS2.3.95.961222151556.7261A-100000@klinzhai.nanticoke.net> Message-ID: > It's that wonderful season again, when all the assholes > are out in force, and people feel obligated to purchase > merchandise to give to each other. For various reasons, > I don't believe in credit cards, and yet, trying to pay for > something by personal check at the local Hecht's, they either > *require* a credit card, or go through the Nazi check-warranty > company Equifax. Why not just carry sufficient cash for your purchasing needs? Irrational fear of muggers I guess is the primary reason not to carry around, say, $500.00 cash. But if you were mugged for that much, wouldn't you feel worse about the mugging itself than the actual loss of the money? I doubt the mere carrying of greater amounts of cash makes someone more likely to be mugged than someone carrying nothing. So it boils down to whether you think it's better to use the inconvenience and invasion of privacy of credit cards and/or checks and getting them stolen over convenience and privacy of cash and getting an anonymous $500.00 cash stolen. (You also can *sign* your cash to help trace thefts. I used to do this when hanging around disreputable charactors. Hell, drug dealers will accept your money if you wrote down his identification and "Crack Bill of Sale" in magic marker on every bill.) > Is it legal to require credit cards? Yes. BTW, my uncle was mugged at Provo Park for thirty five cents and my front windshield of my car was smashed in for the fifty cents in open view between the passenger seats. You know those ancient mono AM only radios that are almost always broken down in old cars? Yep, had a window smashed and the worthless radio stolen. In another vehicle that was even shittier looking I never locked the doors and nothing was ever stolen; the radio and cassette player actually worked! Merry bloody crassmus. -- Cheers! From dlv at bwalk.dm.com Wed Dec 25 18:40:10 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 25 Dec 1996 18:40:10 -0800 (PST) Subject: Encryption Algorithms In-Reply-To: <32C1D894.378@sk.sympatico.ca> Message-ID: Carl Johnson writes: > Adam Shostack wrote: > > (If any cypherpunks still give a shit about crypto I would > appreciate > >any pointers to additional crypto resources on the net.) > > Crypto? > Get off the CypherPunks Ebonics forum, you asshole. Someone dares discuss crypto??? Cease and desist, or you'll be unsubscrived by John Gilmore and placed on Timmy May's "do not hire" list. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dthorn at gte.net Wed Dec 25 19:03:25 1996 From: dthorn at gte.net (Dale Thorn) Date: Wed, 25 Dec 1996 19:03:25 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: <199612250205.SAA17605@mail.pacifier.com> Message-ID: <32C1EAA4.1EBA@gte.net> jim bell wrote: > At 03:29 PM 12/24/96 -0500, Brian Davis wrote: > >On Tue, 24 Dec 1996, Dale Thorn wrote: [snip] In one of these posts there was a reference to large amounts of small change (specifically pennies) being legal tender... When my dad ran a bread truck in the 1950's, a mafia character who had a bad day paid him $20 or so in pennies, and my dad said he took it with little argument. However, I have heard from a few places years ago that pennies over a certain quantity may be refused as not legal tender. There were posts here which suggested that cash of any kind may not have to be accepted under certain conditions. I wish this was clearer, or I could know for sure if these were gray areas, at least in certain jurisdictions.... From blake at bcdev.com Wed Dec 25 20:18:04 1996 From: blake at bcdev.com (Blake Coverett) Date: Wed, 25 Dec 1996 20:18:04 -0800 (PST) Subject: [NOT NOISE] Microsoft Crypto Service Provider API Message-ID: <01BBF2B9.DBC67AB0@bcdev.com> > Not quite. The API comes with a program SIGN.EXE that will create a > "debugging signature" for your CSP, and a new ADVAPI32.DLL, described as > a "Modified advapi32.dll to load providers that are signed with > sign.exe." So the patch point is a bit more accessable than inside the > kernel. Maybe the "Modified advapi32.dll" should find its way offshore? Even better than exporting the hacked advapi32.dll, compare the it with the original one. I'd bet good money that the only difference is the contents of the RC_DATA/#102 resource attached to the image. (It's useful to note that the advapi32.dll from versions of NT before CryptoAPI doesn't have any RC_DATA resources.) And to think MS was good enough to provide an UpdateResource API that I haven't yet had a good reason to use. > Interestingly enough, CSP signatures are held in the registry instead of > the binary, necessitating some install procedure for a given CSP. Not > to start rumors, but NT 4.0 does use threads to watch some registry > entries that control the version (workstation/server). Not much of a > stretch to imagine a thread that tracks (reports?) changes to Nope, a little experimentation shows you can change those entries while the system is running to your hearts contents. Try temporarily renaming the signature key of the base provider. regards, -Blake From corbeau at corbeau.seanet.com Wed Dec 25 20:20:30 1996 From: corbeau at corbeau.seanet.com (Peter) Date: Wed, 25 Dec 1996 20:20:30 -0800 (PST) Subject: Legality of requiring credit cards? (fwd) Message-ID: <3.0.32.19961224215351.00af0034@pop.seanet.com> At 08:51 PM 12/23/96 -0500, you wrote: > Equifax does business by tracking reputations, as do all credit > reporting companies. That's how a free market handles bad checks. Even worse is an outfit called Telecheck. All they do is see if you have a listed telephone number. Since I do not give out my telephone number, and it is unlisted, an autobody shop refused to accept my check, and I ended up having to use a credit card. The idiot teller refused to call the bank to check my balance. What does a listed telephone number have to do with ability to pay? From dlv at bwalk.dm.com Wed Dec 25 20:40:13 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 25 Dec 1996 20:40:13 -0800 (PST) Subject: Vandalism in New York City Message-ID: Xmas day vandals overturned 75 headstones in the Calvary Cemetry in Long Island City, near the residence of Earthweb's associate network administator Ray "Arsenic" Arachelian. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From bdavis at thepoint.net Wed Dec 25 21:21:47 1996 From: bdavis at thepoint.net (Brian Davis) Date: Wed, 25 Dec 1996 21:21:47 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: <3.0.32.19961224213904.0073acc0@martigny.ai.mit.edu> Message-ID: On Tue, 24 Dec 1996, Brian A. LaMacchia wrote: > At 05:54 PM 12/24/96 -0800, jim bell wrote: > >"Man wins $27,000. He will eventually be required to report and pay taxes > >on the amount, but not quite yet. Stupid I/R/S people alert him BEFORE he > >files his taxes. He reports the payment, as is ostensibly legally required. > > He paid the taxes owed. Period." > > > >THEN you said, "we settled the matter." Huh? What, exactly, was there to > >"settle"? > > Why, of course, the fact that the guy attempted to structure the > transaction to evade the reporting requirements in the first place. 31 > U.S.C. 5324(a). Structuring (or attempting to structure) a financial > transaction to evade the reporting requirements is a violation of this > subsection, and 31 U.S.C. 5322(a) says that a willful violation is a > five-year felony. Oh, and willful violation while violating another U.S. > law is a ten-year felony until 5322(b). I'd suspect the guy was looking at > a 5322(b) charge (with "transmission of wagering information in interstate > commerce" as the "other U.S. law" being violated), but IANAL and I don't > know the case law. > > EBD: Please correct me if I'm wrong. Oh, and did you go after the guy who > wrote the three $9K checks for conspiracy or aiding-and-abetting? > > --bal Your answer looks pretty good to me (although I must admit I didn't pull the statute once I saw that you replied to Bell's post). Except that we didn't consider a 5322(b) charge for various reasons. The reason which we were unhappy with our IRS agents is that structuring is hard to sell to a jury in a vacuum. If you can explain the reason for the structuring by, for example, adding a tax charge, the structuring charge is much easier to understand as something that is "wrong" within our system of laws. In other words, he committed the crime but it would have been more difficult to prove BRD at trial than if the IRS hadn't messed up. The target, who is a lawyer, wanted to resolve the matter without a trial if possible to avoid risking incarceration and loss of his law license. Remember, Jim, he AGREED to the disposition. While represented by one of the best criminal defense lawyers in our jurisdiction (since deceased). Since that case, the Supreme Court has made it more difficult to succeed in such prosecutions by toughening the knowledge requirement. That would not have help the gambling attorney, because he had previously been involved in transactions where CTRs were filed and knew of the regs. EBD From jimbell at pacifier.com Wed Dec 25 21:25:24 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 25 Dec 1996 21:25:24 -0800 (PST) Subject: Reflections on the Bernstein ruling Message-ID: <199612260525.VAA20766@mail.pacifier.com> At 11:57 PM 12/20/96 -0800, Greg Broiles wrote: > >(Please keep in mind that I'm not a lawyer yet, and that my comments are >intended only as the reflections of an amateur and are intended as >discussion fodder, not legal advice.) > >Folks seem to be very excited about Judge Patel's ruling in the Bernstein >case - and with good reason. It was, for example, a first-page >above-the-fold item in both of the Bay Area's legal newspapers today. >Unfortunately, most of the media reports have done a poor job of >interpreting the ruling, and it's easy to draw bad conclusions from erratic >news reports about the case. The decision is available online > >thanks to the folks at EFF. I thought list members might appreciate a >summary of the decision and its potential effects. Please comment on my (layman's) proposal that no "mens rea" ("guilty mind") can be attributed to a person who is relying on a not-yet-overturned judicial decision. In other words, if a person has a genuine belief that what he's doing has been upheld by the Patel ruling, he cannot be claimed to have had "mens rea." (I am presuming, here, that before he does anything, he "clears it" with a lawyer who assures him that what he's planning is at least covered in the Patel decision as being okay. I understand, of course, that "mens rea" may be irrelevant in CIVIL REGULATORY issues, but not in CRIMINAL ones.) >1. What the ruling said >In brief, Judge Patel ruled that Category XIII(b) (the category which >refers to cryptographic equipment/software) is unconstitutional because it >functions as a prior restraint upon speech without providing important >procedural safeguards which are required when a prior restraint scheme is >put into place. She ruled that the "technical data" provision of the ITAR >is also unconstitutional when it refers to technical data about Category >XIII(b) items because of the lack of procedural safeguards. > >Mopping up other points raised by the suit, Judge Patel ruled that the term >"defense article" as defined in 22 CFR 120.6 should be read to elide the >phrase "or technical data"; and that when interpreted that way, the terms >"defense article", "defense service", and "technical data" are not >unconstitutionally vague. She also ruled that the term "export" is not >unconstitutionally vague, and writes (in 'dicta', which is legalese for >"offhand comment", e.g., without precedential value but interesting as a >hint re what's going on in the judge's mind) that placing software on an >"Internet site" which can be accessed from a foreign country is an export >for ITAR purposes. What about leaving a floppy on a sidewalk in Des Moines, Iowa, which might be picked up by a wandering foreign tourist who happened nearby? Sheesh, these judges are real idiots, even when they accidently are coming to (mostly) the right conclusion. However, if being "on the Internet" is automatically presumed to be an export, why can't we program using remote-control editors which might, someday, be available on the Internet? (maybe they already are; somewhat analogous to the old timesharing computers of yore. If the underlying files were kept overseas, modified by specific editing commands sent to a remote system, presumably Patel's dicta would suggest that those files were never "exported" per se. They were formed and kept overseas, INTENTIONALLY, to avoid the later necessity of exporting them had they been kept in the US.) This would be an modifed and automated version of the way versions of PGP later than 1.0 were supposed to have been developed: Actual coding was done overseas, based on suggestions and comments from other countries. (including, presumably, the US.) Yes, realize that pessimism overtakes me here. "The system" never wants to admit a contradiction. I would argue, however, that whereever the system wishes to draw the line and call everything outside the line "an export," that decision should be considered binding on the government even when such a conclusion leads to unexpected and undesireable consequences. (for the government, at least...) >She also ruled that the "fundamental research in science and engineering" >(120.11(8)) and "general scientific, mathematical, or engineering >principles" (120.10(5)) exceptions to the definition of "technical data" >are void because they are too vague. As far as I can tell, they are thus no >longer available to potential ITAR defendants. Wouldn't it be more accurate to say that they are no longer considered precisely defined exceptions, NOT that the exceptions no longer exist? It seems to me that if the "burden of non-ambiguity" falls on those writing the regulations, failure to eliminate ambiguity would have to be resolved in favor of tolerating actions that fall into the grey area. For example, if a law was passed that said, "pornographic writing is illegal," and the SC later determined that "pornographic" was ambiguously defined, what they WOULDN'T do is to make ALL writing illegal! (which would, obviously, be an over-broad restriction, in an of itself.) Otherwise, what would on the surface appear to be a overturning of a law would actually be a _broadening_ of it. >It's also unclear that Judge Patel's ruling is enough to make export of >crypto source legal by people/organizations located even in the Northern >District of CA. Venue is proper, in an ITAR case, in any jurisdiction which >the defense articles have moved through. (18 USC 3237(a); _US v. Durrani_ >659 F.Supp 1177, 1182 (D. Conn, 1987); an easy analogy is to the _US v. >Thomas_ "Amateur Action" case, where Tennessee venue was proper for >prosecution of California defendants who sent porn into Tennessee.) So it's >at least arguable that the feds could simply bring an ITAR prosecution in >another district, if exported crypto flowed through that district. But again, deal with the mens rea issue. If Patel said, "It's okay to export this software because the regulation is invalid," and you do so relying on this ruling, wouldn't any subsequent (criminal) prosecution both have to prove you did it, and ALSO prove that you were being unreasonable in relying on the ruling? (Are rulings of illegality somehow more "reasonable" than rulings of legality?) I'm not suggesting that her decision can't be overturned in the future; I'm suggesting that until it is overturned, each member the public is entitled to act in reliance on it, perhaps at least the ones in her jurisdiction. >So while the ruling has considerable historical, cultural, and symbolic >significance, it's dangerous to assume that it means that export >restrictions on crypto are dead. However, wouldn't it be a good idea to take advantage of what is at least a temporary decision? If I were a large corporation, having just developed an excellent design for a crypto telephone, I might want to export it NOW, which is in effect taking advantage of a temporary loosening of restrictions. Jim Bell jimbell at pacifier.com From bdavis at thepoint.net Wed Dec 25 21:26:49 1996 From: bdavis at thepoint.net (Brian Davis) Date: Wed, 25 Dec 1996 21:26:49 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: <3.0.32.19961224213904.0073acc0@martigny.ai.mit.edu> Message-ID: On Tue, 24 Dec 1996, Brian A. LaMacchia wrote: > EBD: Please correct me if I'm wrong. Oh, and did you go after the guy who > wrote the three $9K checks for conspiracy or aiding-and-abetting? > > --bal No. The person who wrote the checks was a secretary for the guy in California who ran the pool. While we could've asserted jurisdiction and prosecuted her, we didn't because she had no idea why the winner wanted it done that way (3 $9k checks) and satisfactorily answered the question put to her. The lawyer lied big time, when initially interviewed, which is in itself a crime. And most of the members of the relevant section of our office had to recuse themselves, because they play basketball with the guy. EBD From bdavis at thepoint.net Wed Dec 25 21:31:35 1996 From: bdavis at thepoint.net (Brian Davis) Date: Wed, 25 Dec 1996 21:31:35 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: <199612250329.TAA21067@mail.pacifier.com> Message-ID: On Tue, 24 Dec 1996, jim bell wrote: > At 09:39 PM 12/24/96 -0500, Brian A. LaMacchia wrote: > >At 05:54 PM 12/24/96 -0800, jim bell wrote: > >>"Man wins $27,000. He will eventually be required to report and pay taxes > >>on the amount, but not quite yet. Stupid I/R/S people alert him BEFORE he > >>files his taxes. He reports the payment, as is ostensibly legally required. > >> He paid the taxes owed. Period." > >> > >>THEN you said, "we settled the matter." Huh? What, exactly, was there to > >>"settle"? > > > >Why, of course, the fact that the guy attempted to structure the > >transaction to evade the reporting requirements in the first place. 31 > >U.S.C. 5324(a). > > Who says? He eventually reported it within the legally-defined time. The > evidence of intent to COMPLY with the law is far stronger than the evidence > of the opposite. > > > >Structuring (or attempting to structure) a financial > >transaction to evade the reporting requirements is a violation of this > >subsection, and 31 U.S.C. 5322(a) says that a willful violation is a > >five-year felony. > > Again, he clearly DID NOT "evade the reporting requirement." Brian Davis > admitted this. (Whether he ever intended to do this is sheer speculation on > the part of anyone else. We'll never know; as Davis pointed out, the IRS > screwed up.) Even if the standard of evidence was as low as "preponderance > of evidence" (which it, of course, is not in a criminal case) he SHOULD have > won. By waiting until the return was filed and the tax was paid, the IRS > was allowing him to resolve whatever ambiguity remained. You misunderstand what the statute intends. The violation is for attempting to evade *the bank's* requirement to report certain transactions (i.e. >$10K). He structured the transaction in an effort to keep the bank from complying with the law. > Actually, if there were any justice, he should have been able to sue the > bank for reporting him and NOT INFORMING HIM of that fact. (I presume the > law requires the bank to report suspicious transactions. I also presume > that the law _doesn't_ prohibit the bank from telling the customer that it > will have to report that transaction.) The bank, presumably being experts > in the matter, recognizes that lay individuals can't be expected to be experts > in specialized areas, and should be considered obligated to warn customers > away from suspicious-looking transactions. I'm sure the REAL LAWYERS (tm) > on this list will be able to cite examples of where experts of all kinds > were sued by non-experts for failing to warn them of unexpected dangers that > could have been averted had the appropriate advice been given promptly. > So you want the bank to be your nanny? The guy is a lawyer and had previously been involved in transactions in which such reports had been filed. What is your explanation for the three 3 $9k check request? EBD > > > > Jim Bell > jimbell at pacifier.com > From bdavis at thepoint.net Wed Dec 25 21:44:31 1996 From: bdavis at thepoint.net (Brian Davis) Date: Wed, 25 Dec 1996 21:44:31 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: <199612250547.VAA27540@mail.pacifier.com> Message-ID: On Tue, 24 Dec 1996, jim bell wrote: > At 12:12 AM 12/25/96 -0500, Brian A. LaMacchia wrote: > >At 07:17 PM 12/24/96 -0800, jim bell wrote: > >>At 09:39 PM 12/24/96 -0500, Brian A. LaMacchia wrote: > >>>Why, of course, the fact that the guy attempted to structure the > >>>transaction to evade the reporting requirements in the first place. 31 > >>>U.S.C. 5324(a). > >> > >>Who says? He eventually reported it within the legally-defined time. The > >>evidence of intent to COMPLY with the law is far stronger than the evidence > >>of the opposite. > > > >Bzzt, wrong answer, thanks for playing. "Reporting" here doesn't mean > >"report the income to the IRS on your tax return." It refers to the report > >the bank is required to file by law on every transaction in excess of > >$10,000. > > > Bzzt, wrong answer! By definition, if the report was filed as a consequence of the transaction, then the transaction was reported IN FACT and the The transactions were reported as suspicious transactions. There could have been a reasonable explanation for them, but there wasn't. When interviewed by the offending IRS agents, the target's story was ludicrous. One part consisted of alleging that the first bank didn't have enough $100 bills to cash all three checks. Whoooooops. The bank keeps vault records, which I subpoenaed for the day in question. Guess what they showed. > person didn't evade it! (whether he wanted to evade it is, of course, > pure speculation on your part. It is, obviously, questionable whether > the government can make a person's mere _desires_ criminal.) > > Let's suppose, hypothetically, that there is a rule which states "If > anybody comes in and does three separate $9,000 transactions, they get > reported." In that case, anybody who does those transactions is already > aware that doing them does NOT "evade the reporting requirements." > > Okay, maybe no such explicit rule exists. However, can you prove that > anyone really believes that he is "evading reporting requirements"? No, but he wasn't going to be charged with evading reporting requirements, but rather with structuring a financial transaction *in an attempt* to avoid reporting requirements. > Having read of this incident, it is quite obvious that the government > doesn't obey its own rules and doesn't limit itself to logic and > reasonable positions. It is also obvious that banks can't be trusted to > follow reliable rules. Once aware of this, how can you show that a > person really thought he was getting away with anything? (which is, > after all, an essential element of the crime of "structuring", I suppose.) > > Gotcha! Catch-22 situation. > Hardly. Juries are permitted to draw reasonable inferences from the facts before them -- the instructions about how the checks were to be cut, the three bank routine (along with what he said to the tellers at the branch that remember the transaction), and what he told the IRS when they interview him. In addition to being stupid by going to branches of the same bank on the same day, he was stupid (and arrogant) by not exercising his right to keep his mouth shut when the IRS knocked at his door ... and then by lying to them. EBD > > > > Jim Bell > jimbell at pacifier.com > From bdavis at thepoint.net Wed Dec 25 21:58:35 1996 From: bdavis at thepoint.net (Brian Davis) Date: Wed, 25 Dec 1996 21:58:35 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: <199612251920.LAA31394@slack.lne.com> Message-ID: On Wed, 25 Dec 1996, Eric Murray wrote: > .... > > This is really scary to someone like me who doesn't often read > laws. They're required to report "suspicious" transactions > (with the definition of "suspicious" left completely wide open) > and they're not allowed to tell you that you have been reported. > This sounds like police-state tactics, not something that would > happen in a free and open society. > > It's also interesting to note that section 5313(a) similarly does > not define what is to be reported. Is this defined elsewhere, or > can it be changed at any time by the Secretary of the Treasury? > > Reading section 5324, it sounds (to me, a layman) that there has to > be some intent to evade the reporting requirements. Does this mean > that prosecutors would have to prove intent? Does simply getting > checks for $9000 prove intent? I sure hope not as I have recently received > a couple checks for consulting work that have just happened to be > slightly under ten grand. U.S.v. Ratzlaff, the case I whose name I was trying to remember, but couldn't and which Brian LaMacchia mentioned in a post, should give you much comfort. I think Jim is going to report to the list on the case, so I won't go into any details. EBD > > -- > Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm > PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF > From bdavis at thepoint.net Wed Dec 25 22:07:41 1996 From: bdavis at thepoint.net (Brian Davis) Date: Wed, 25 Dec 1996 22:07:41 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: <32C0995F.6569@gte.net> Message-ID: On Tue, 24 Dec 1996, Dale Thorn wrote: > jim bell wrote: > > At 03:29 PM 12/24/96 -0500, Brian Davis wrote: > > >On Tue, 24 Dec 1996, Dale Thorn wrote: > > >Be especially carefully of structuring a $10,000+ transaction into > > >smaller transactions in an attempt to circumvent the reporting > > >requirements. Doing so ("structuring a transaction") is a felony. > > > Actually, this kind of stunt fully justifies whatever level of lethal > > punishment that the public will one day direct at these thugs. Look at > > what you just said, paraphrased by me: > > [snip] > > I was surprised at this "settlement" thing. I'd sure like to get more > detail on that. A pointer would be *most* appreciated. > > There is no case published if that's what you are seeking. The local paper ran a short article about the forfeiture. And the Treasury Department issued a national press release on the first civil monetary penalty levied against an individual for a violation of the Bank Secrecy Act. The decision on how to resolve it was the result of prosecutorial discretion. EBD From Adamsc at io-online.com Wed Dec 25 22:09:54 1996 From: Adamsc at io-online.com (Adamsc) Date: Wed, 25 Dec 1996 22:09:54 -0800 (PST) Subject: [NOT NOISE] Microsoft Crypto Service Provider API Message-ID: <19961226060647781.AAA212@localhost> On Wed, 25 Dec 1996 23:17:53 -0500, Blake Coverett wrote: >And to think MS was good enough to provide an UpdateResource >API that I haven't yet had a good reason to use. Right thoughtful of them, wasn't it..? >> Interestingly enough, CSP signatures are held in the registry instead of >> the binary, necessitating some install procedure for a given CSP. Not >> to start rumors, but NT 4.0 does use threads to watch some registry >> entries that control the version (workstation/server). Not much of a >> stretch to imagine a thread that tracks (reports?) changes to > >Nope, a little experimentation shows you can change those entries >while the system is running to your hearts contents. Try temporarily >renaming the signature key of the base provider. Now, yes. However I wonder how quickly a service pack would be released to extend the monitor garbage... # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From jimbell at pacifier.com Wed Dec 25 23:00:42 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 25 Dec 1996 23:00:42 -0800 (PST) Subject: Legality of requiring credit cards? Message-ID: <199612260700.XAA25095@mail.pacifier.com> At 11:20 AM 12/25/96 -0800, Eric Murray wrote: >Brian A. LaMacchia writes: >> >> At 09:35 PM 12/24/96 -0800, jim bell wrote: >> >Bzzt, wrong answer! By definition, if the report was filed as a >> consequence of >the transaction, then the transaction was reported IN FACT >> and the person didn't >evade it! (whether he wanted to evade it is, of >> course, pure speculation on your >part. It is, obviously, questionable >> whether the government can make a person's >mere _desires_ criminal.) >> >> Please, Jim, *go read the law*. Do it now, before you even think about >> replying to this message, else you'll say something else stupid and >> irrelevant. Look, I'll even give you the complete, specific URL for the >> section of the U.S. Code in question; all you have to do is cut-and-paste >> it into your favorite Web browser: >> >> http://www.law.cornell.edu/uscode/31/5324.html > >It appears that Jim's 100% wrong- they omit the 'Suspicious >Transaction' report in the list of reports that the gambler was >busted for trying to avoid: Well, I agree that I was "shooting from the hip" on my statement that the government doesn't prohibit informing the victim (and yes, such people are indeed properly called "victims") that a report was made (see below). Imagine that, Jim Bell OVERestimating the ethics of the government! That'll teach me a lesson. > > >Section 5324: > >(a) Domestic Coin and Currency Transactions. - No person shall for the >purpose of evading the reporting requirements of section 5313(a), > section 5325, or the regulations issued thereunder or section 5325 > or regulations prescribed under such section 5325 (FOOTNOTE 1) > with respect to such transaction - > > (FOOTNOTE 1) So in original. See 1992 Amendment note below. > (1) cause or attempt to cause a domestic financial institution > to fail to file a report required under section 5313(a), > section 5325, or the regulations issued thereunder or > section 5325 or regulations prescribed under such section > 5325; (FOOTNOTE 1) > (2) cause or attempt to cause a domestic financial > institution to file a report required under section 5313(a), > section 5325, or the regulations issued thereunder or > section 5325 or regulations prescribed under such section > 5325 (FOOTNOTE 1) that contains a material omission or > misstatement of fact; or > (3) structure or assist in > structuring, or attempt to structure or assist in > structuring, any transaction with one or more domestic > financial institutions. Notice that they don't define what would constitute an "attempt to cause a domestic financial institution to fail to file a report..." Since from the story told, it is obvious that there is no hard-and-fast rule on reporting, it should be equally obvious that there is no sure-fire way to prevent a report. As such, equally so, there is no object way to tell (other than, say, a direct statement by somebody) that a person's actions were intended to avoid a report. >Section 5313 is the 'normal' reporting section, Section 5318(g) >is "suspicious" transactions (note that it wasn't listed in 5324 above): > >(g) Reporting of Suspicious Transactions. - > (1) In general. - The Secretary may require any financial > institution, and any director, officer, employee, or agent > of any financial institution, to report any suspicious > transaction relevant to a possible violation of law or > regulation. > > (2) Notification prohibited. - A financial > institution, and a director, officer, employee, or agent of > any financial institution, who voluntarily reports a > suspicious transaction, or that reports a suspicious > transaction pursuant to this section or any other authority, > may not notify any person involved in the transaction that > the transaction has been reported. > > >This is really scary to someone like me who doesn't often read >laws. They're required to report "suspicious" transactions >(with the definition of "suspicious" left completely wide open) >and they're not allowed to tell you that you have been reported. >This sounds like police-state tactics, not something that would >happen in a free and open society. Given that the 1st amendment to the US Constitution supposedly is intended to guarantee freedom of speech, any prior restraint on speech must be presumed to be unconstitutional unless proved to be constitutional. Since under the circumstances described there is no known crime or ongoing investigation, such a prohibition on speech doesn't even rise to the level of hypothetical "obstruction of justice" which is occasionally brought up as a phony justification for such bans. Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Wed Dec 25 23:01:55 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 25 Dec 1996 23:01:55 -0800 (PST) Subject: Legality of requiring credit cards? Message-ID: <199612260701.XAA25145@mail.pacifier.com> At 12:31 AM 12/26/96 -0500, Brian Davis wrote: >On Tue, 24 Dec 1996, jim bell wrote: >> Again, he clearly DID NOT "evade the reporting requirement." Brian Davis >> admitted this. (Whether he ever intended to do this is sheer speculation on >> the part of anyone else. We'll never know; as Davis pointed out, the IRS >> screwed up.) Even if the standard of evidence was as low as "preponderance >> of evidence" (which it, of course, is not in a criminal case) he SHOULD have >> won. By waiting until the return was filed and the tax was paid, the IRS >> was allowing him to resolve whatever ambiguity remained. > >You misunderstand what the statute intends. The violation is for >attempting to evade *the bank's* requirement to report certain >transactions (i.e. >$10K). He structured the transaction in an effort to >keep the bank from complying with the law. You just admitted that the bank was ready, willing, and able to report the tranactions without regard to whether they fit within some specific, fixed standard. That being the case, and presuming somebody was aware enough of the practices to realize this (which the lawyer presumably was), then there's no evidence that doing what the lawyer did would "keep the bank from complying with the law." (How, exactly, was the lawyer to know whether or not any particular action would actually achieve the result you claimed he wanted?) >> Actually, if there were any justice, he should have been able to sue the >> bank for reporting him and NOT INFORMING HIM of that fact. (I presume the >> law requires the bank to report suspicious transactions. I also presume >> that the law _doesn't_ prohibit the bank from telling the customer that it >> will have to report that transaction.) Apparently, I presumed wrong. The thugs are even more thuggish than I had imagined. Whether or not any such prohibition is constitutional is another issue, however. The fact that anybody would attempt to write such a restriction into law says a lot about them, however! >>The bank, presumably being experts >> in the matter, recognizes that lay individuals can't be expected to be experts >> in specialized areas, and should be considered obligated to warn customers >> away from suspicious-looking transactions. I'm sure the REAL LAWYERS (tm) >> on this list will be able to cite examples of where experts of all kinds >> were sued by non-experts for failing to warn them of unexpected dangers that >> could have been averted had the appropriate advice been given promptly. >> >So you want the bank to be your nanny? I would argue that if the bank can be forced to help the government enforce the law, the bank should also become liable for damage done as a consequence of complying with such requirements. While it's a different area, within the last few years a decision was made (SC?) that companies which had made Agent Orange for the US Government during Vietnam can be held liable (without recourse against the government, apparently) for the damages caused ex-servicemen for selling dioxin-tained Agent Orange to the government, but manufactured totally according to government specifications. (and used only outside the US, under government direction, by government agents, in an entirely different legal jurisdiction, to boot!) Seemingly, doing something at the behest of government does not immunize one. > The guy is a lawyer and had >previously been involved in transactions in which such reports had been >filed. What is your explanation for the three 3 $9k check request? I have none. But then again, I don't have to. Unless "guilty until proven innocent" has been adopted as a standard of proof in American courts. Do you know something we don't? BTW, gambling pools like this are supposed to be illegal, aren't they? Isn't it odd when government seems to stop enforcing laws unless it's profitable to do so? Jim Bell jimbell at pacifier.com From mixmaster at remail.obscura.com Thu Dec 26 00:51:19 1996 From: mixmaster at remail.obscura.com (Mixmaster) Date: Thu, 26 Dec 1996 00:51:19 -0800 (PST) Subject: Elliptic curves Message-ID: <199612260811.AAA03540@sirius.infonex.com> Tim C[unt] May styles his facial hair to look more like pubic hair. o o --/-- <~\ Tim C[unt] May __\ _/\ \ / From pandemic at hotmail.com Thu Dec 26 01:25:06 1996 From: pandemic at hotmail.com (some days weren't there at all) Date: Thu, 26 Dec 1996 01:25:06 -0800 (PST) Subject: Distributed data havens? Message-ID: <32C1D34A.B13@hotmail.com> Is anything new on the distributed data haven front? Many apologies if I'm retreading scorched earth, but I've been out of touch with the world for the past, oh, twelve weeks. In particular, it would be interesting to know if * there are any lists currently extant relating to datahavens (I've changed e-mail addresses and can't recall the subscription address for dh-l) * anyone has created working or in-progress code to play with. Doesn't have to be "distributed", supported, or documented particularly well. * there are archives of relevant papers or talks avaliable. I've found a few archives for cryptography and stego, but nothing specific just yet (unless you count the discussions of anon remailers). Anyone still interested? --------------------- "Deities do not fall ten floors to the basement" - Willis/PKD pandemic at hotmail.com please contact for PGP public key. http://www.skylink.net/~bigdaddy From FiFtHnAiL.c0m at strydr.com Thu Dec 26 02:26:10 1996 From: FiFtHnAiL.c0m at strydr.com (FiFtHnAiL.c0m at strydr.com) Date: Thu, 26 Dec 1996 02:26:10 -0800 (PST) Subject: A Postcard! Message-ID: <199612261026.KAA07009@gollum.strydr.com> ======================================================== You have a postcard from FiFtHnAiL.c0m. (fifthnail at hotmail.com To retrieve this postcard point your web browser at http://postcards.stryder.com Your password is LIJKBCRT and must be typed in exactly Your postcard will be reserved for you for about two weeks Sincerely, the folks at Stryder Communications, Inc. From fygrave at freenet.bishkek.su Thu Dec 26 02:51:25 1996 From: fygrave at freenet.bishkek.su (Fyodor Yarochkin) Date: Thu, 26 Dec 1996 02:51:25 -0800 (PST) Subject: Unix Passwd In-Reply-To: <32C18AA0.578E@sk.sympatico.ca> Message-ID: Anyone has any success in breaking this? -f From toto at sk.sympatico.ca Thu Dec 26 03:22:36 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Thu, 26 Dec 1996 03:22:36 -0800 (PST) Subject: She's In The Money In-Reply-To: Message-ID: <32C274BE.7571@sk.sympatico.ca> health711 at cyberpromo.com wrote: > I just thought I would write you a short > note,to tell you about a free booklet I > discovered.I ordered and I can not believe > the fun and money I am making.All you need > to do is send them a self addressed stamped > envelope to homebusiness 870 market street #450 > Ellen Now she gets to relax at home, on her back, wait for strangers to ring the doorbell, and just rake in the cash. And the sex is great! My 'ex' used to have her own home business, but she got busted. From toto at sk.sympatico.ca Thu Dec 26 03:22:47 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Thu, 26 Dec 1996 03:22:47 -0800 (PST) Subject: Reflections on the Bernstein ruling In-Reply-To: <199612260525.VAA20766@mail.pacifier.com> Message-ID: <32C27B88.558@sk.sympatico.ca> jim bell wrote: > > However, if being "on the Internet" is automatically presumed to be an > export, why can't we program using remote-control editors which might, > someday, be available on the Internet? If I wanted to export an unexportable program, I would put it on my machine as 'happyface.zip', and then make sure that god-and-everybody spread the word that it was available under that title. I don't believe there is a prosecutor alive that can convince a jury of twelve mostly non-technically oriented people that someone should be put in prison for not knowing the content of every single non-text file on their machine. From toto at sk.sympatico.ca Thu Dec 26 05:01:46 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Thu, 26 Dec 1996 05:01:46 -0800 (PST) Subject: [Fwd: Returned mail: User unknown] Message-ID: <32C291D9.5998@sk.sympatico.ca> An embedded message was scrubbed... From: unknown sender Subject: no subject Date: no date Size: 939 URL: From iang at cs.berkeley.edu Thu Dec 26 06:32:24 1996 From: iang at cs.berkeley.edu (Ian Goldberg) Date: Thu, 26 Dec 1996 06:32:24 -0800 (PST) Subject: Credentials without Identity--Race Bits In-Reply-To: <1.5.4.32.19961221065041.003d70c8@popd.ix.netcom.com> Message-ID: <59u28s$d9m@abraham.cs.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- In article <1.5.4.32.19961221065041.003d70c8 at popd.ix.netcom.com>, Bill Stewart wrote: >And that's not even counting the "You must turn on your laptop" crap. I just took my first flight with a laptop (USair), and, having heard stories like the above, was wondering how "on" the laptop would have to be (past the powerup password check? I hope they're not expecting Windoze...). My laptop was in my backpack, which I had oriented so that the large face of the laptop was vertical. It thus presented a very small cross section to their X-ray machine, and they didn't even ask me about it. - Ian -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMsKMVkZRiTErSPb1AQFukgP/R7QUsLM0SaRKdvCCm0bsjwxXUOqUPwsK gfnEcMY+sO6crSq/vzNsK986aI7rJMjNC2rUHQqJAIAouSO7q3G/MjDSMCFjYIVs qi2AtXBw5/KV9eV/tKcrBXRjMlDOj2pitXEVIZVqNGONIxp6Vf/EyRlKKoH7E1Yt Wr7V2MwClSc= =UfKP -----END PGP SIGNATURE----- From toto at sk.sympatico.ca Thu Dec 26 06:42:04 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Thu, 26 Dec 1996 06:42:04 -0800 (PST) Subject: Unix Passwd In-Reply-To: Message-ID: <32C2AAB9.57A9@sk.sympatico.ca> Fyodor Yarochkin wrote: > > Anyone has any success in breaking this? > -f I was visiting a business running SCO Xenix, and they were all aflutter over the fact that their 'root' password was fucked, and they couldn't perform any System Administration tasks. I took their SCO installation disks, used the 'find' command to find the 'passwd' file, and piped it to the editor. I blanked out the password for 'root' and rebooted the system. When logging on as root, it prompted them for a new 'root' password. By the way, do you know why a 'Back Door' is so named? It's because when someone comes in through it, and wreaks havoc, you wake up with a sore asshole. Toto "The King of Country Porno" "The World's Foremost Computer Expert" "World's Greatest Fisherman" ...and a damn good lay. From iang at cs.berkeley.edu Thu Dec 26 07:32:58 1996 From: iang at cs.berkeley.edu (Ian Goldberg) Date: Thu, 26 Dec 1996 07:32:58 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: <01BBF1A7.45E1F7D0@bcdev.com> Message-ID: <59u5ql$dfi@abraham.cs.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- In article <01BBF1A7.45E1F7D0 at bcdev.com>, Blake Coverett wrote: >I was vaguely aware of this regulation (it's been discussed here in the >past) but actually I'm from north of the border. Does anyone know if >there is are similar regulations in Canada? Well, I just came from Casino Niagara (Ontario side), and the cashiers' windows all have a sign saying that the law requires them to check ID for cash transactions of $1000 (not $10000) or more. I don't know if this is a general rule, or if it's just a rule for casinos. - Ian -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMsKakUZRiTErSPb1AQGNGQP/Uax1/w3TeaJMJFUnV+3hw5HJ22Mlk+MT H1nxewzGTUq3ryY9qiOHauPjwalRd2h7XapeyXuxb+2JSLYL5eVJ7pGCPm8F2nnZ +E39+eC8XtY/8HnbRloRASHG0B1xQ04jE4kEHsfv1xhwFr6cikwWJUNeOH0udG/V DtN6V9UI9dY= =s4bM -----END PGP SIGNATURE----- From ericm at lne.com Thu Dec 26 07:58:11 1996 From: ericm at lne.com (Eric Murray) Date: Thu, 26 Dec 1996 07:58:11 -0800 (PST) Subject: Unix Passwd In-Reply-To: Message-ID: <199612261556.HAA05096@slack.lne.com> Fyodor Yarochkin writes: > > > Anyone has any success in breaking this? > -f Many people have tried breaking the cipher, I have not heard of anyone being successful. There is however a number of programs that attempt a brute-force of passwords, the best is called 'crack' and is written by Alec Muffet. He's just announced a new release (see below). Crack is commonly used by system administrators to check users passwords for easily-cracked passwords (since it's one of the first things that a hacker breaking into your system might try, the sysadmin can get users to change 'Crack'able passwords before they're hacked). Crack uses a set of word dictionaries that you supply, and rules to use to permute each word (add a '1' on the end, capitalize the first character, etc). for more attempts. It also included a re-written version of the crypt algorithim that's faster than what comes in many UNIXes. Reply-To: Alec Muffett Sender: Bugtraq List Subject: ANNOUNCE: Crack v5.0a available... X-To: bugtraq at fc.net To: Multiple recipients of list BUGTRAQ Eschewing the media-friendly hype which surrounded the release of SATAN some time ago (Hi Dan!) and bemused by the fact that some of the code he wrote years ago has since crept into the Linux-based operating system of the machine he is composing this message on (as a standard part of the authentication libraries, no less) - the author is pleased to announce the release of: Crack v5.0a - The Password Cracker Crack v6.0 - The Minimalist Password Cracker Crack v7.0 - The Brute-Forcing Password Cracker available from: http://www.users.dircon.co.uk/~crypto/ (just like a London bus, you wait ages and then three turn up at once) In the expectation that some kind soul will be good enough to retrieve copies and place them up for FTP at various well-connected mirror sites (the sundry CERTs, COAST, et al), the MD5 checksum for the first distribution is: 6511dca525b7b921ea09eca855cc58f2 - but please be patient if you *do* suffer problems downloading; it's not like Crack is a new piece of technology, so you shouldn't panic about upgrading. NOTE: Discussion of issues relating to running this version of Crack should be directed to the newsgroup "comp.security.unix" - mention "Crack5" in the subject line. - alec ------------------------------------------------------------------ New features. * Complete restructuring - uses less memory * Ships with Eric Young's "libdes" as standard * API for ease of integration with arbitrary crypt() functions * API for ease of integration with arbitrary passwd file format * Considerably better gecos-field checking * More powerful rule sets * Ability to read dictionaries generated by external commands * Better recovery mechanisms for jobs interrupted by crashes * Easier to control (eg: to put to sleep during working hours) * Bundled with Crack6 (minimalist password cracker) * Bundled with Crack7 (brute force password cracker) * Tested on Solaris, Linux, FreeBSD, NetBSD, OSF and Ultrix -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From toto at sk.sympatico.ca Thu Dec 26 08:42:50 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Thu, 26 Dec 1996 08:42:50 -0800 (PST) Subject: Fuck Xmas In-Reply-To: <32C291D9.5998@sk.sympatico.ca> Message-ID: <32C2C013.6F8B@sk.sympatico.ca> It's five in the morning, I'm almost out of Scotch, but I finally figured out what to do with the 58 million Xmas Greetings I got from various conferences. I'm going to save them, and send them, each and every one, to the conferences they came from---in July. If they are spam 'then', they are spam 'now'. Spam-be-spam. (Bop-shoo-bop) From attila at primenet.com Thu Dec 26 08:43:40 1996 From: attila at primenet.com (Attila T. Hun) Date: Thu, 26 Dec 1996 08:43:40 -0800 (PST) Subject: freedom is only relative Message-ID: <199612261644.JAA09233@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- on 12/26/96 at 04:34 AM, Carl Johnson said: ::Attila T. Hun wrote: ::> is MALLAMACE an abbreviated anagram for 'malicious mace?' :: Yes. Other abbreviated anagrams are: ::A :: C :: and :: F :: (I am thankful that I live in America, where I am free to use ::the above abbreviated anagrams without fear of censorship.) as to lack of fear of censorship; ask the woman in Chicago, approached by Clinton to shake her hand --she refused and said he was criminal murderer. Took 'em a week or so to get her and husband even out of jail the first time, and I think the charges are still going around in federal court. through all this: Bubba a) got obscene, and b) threw a tempter tantrum. think Hillary will protect your civil rights in her Global Village? Keep in mind, it's on record, Hillary's Bill of Rights is the same as the UN Bill of Rights, which just happens to be the same as the Bill of Rights in the current Chinese constitution: the UN's "International Covenant on Civil and Political Rights" (ICCR): Aricle 18 states that "everyone shall have the right to freedom of thought, conscience and religion" but specifies that "freedom to manifest one's religions or beliefs may be subject only to such limitations as are prescribed by law and necessary..." sounds more like Bubba's attitude as expressed by Janet Reno and Jamie Gorlick. maybe the Chinese took their model from the UN? As Communist China prepares to digest Hong Kong in July, it is moving quickly to suppress dissenting voices in the media. Asian correspondent David Aikman reports that Red China's Foreign Minister, Qian Qichen, has forbidden future commemorations in Hong Kong of the 1989 Tiananmen Square massacre. When Hong Kong residents protested this decree, foreign ministry spokesman Shen Guofang sought to placate them with the following assurance: "Hong Kong people will have full freedom of expression, but all freedoms must be within the limits allowed by law." George Orwell was not late, just not recognized. == Tyranny Insurance by Colt Manufacturing Co. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMsKpuL04kQrCC2kFAQGAbQP9FJmqIzipPGJ+fN/MuwQLqN6ZJODOkuP/ BDC8HjZ03BwOC91f1tR5TXGEstjwpGL9dxn+SrfpNDFrQNgnJNIbKSDNQasZtUCl 8OpkmFqrH/ALOrERxcTuc9VNLlCEL+IsKjK/pRsXWAIi7VV3uIrXTzorcQX/3d8I M9WNk0rBbvA= =WT+U -----END PGP SIGNATURE----- From markm at voicenet.com Thu Dec 26 09:19:36 1996 From: markm at voicenet.com (Mark M.) Date: Thu, 26 Dec 1996 09:19:36 -0800 (PST) Subject: Distributed data havens? In-Reply-To: <32C1D34A.B13@hotmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 26 Dec 1996, some days weren't there at all wrote: > Is anything new on the distributed data haven front? Many apologies if > I'm retreading scorched earth, but I've been out of touch with the world > for the past, oh, twelve weeks. In particular, it would be interesting > to know if Ross Anderson's "Eternity Service" paper is about distributed data havens. It's available at ftp.cl.cam.ac.uk/users/rja14/eternity.ps.Z . Mark - -- finger -l for PGP key PGP encrypted mail prefered. 0xf9b22ba5 now revoked -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMsK0eCzIPc7jvyFpAQHi4QgAiWU82sHUj5GqnFFtVdgd7gYF9u5QMsKU Ru0+WA94KNBryDYhLVEeTXE1IPKsdyIpG+oKIfyfcmoFqpLayuaRf1IztS0SBSBg mvW5waCG8/9XrWogfm+duOBy9KAl1BUInihrUEyn4ZnSpi7RfnK8UgcfwRQNEWeV eYxnBQT6dBTvoZiW3FLFDLVyjrkr2bJ8SloifCFZn4Mov1iXaJihp991jcnq3ERq BEMhIwtkQgzaFwbdK6Cax4hKC/eWkiMYLG2B/ixQDcXsoxVykpYOfneEBXIJz2r1 181Z+BKSPmKR66UtMxBZUoj5VkEKS37YLHB9XanUbFV/O8e+OmjKNA== =w7tt -----END PGP SIGNATURE----- From YukYukYo69 at aol.com Thu Dec 26 10:00:03 1996 From: YukYukYo69 at aol.com (YukYukYo69 at aol.com) Date: Thu, 26 Dec 1996 10:00:03 -0800 (PST) Subject: Remember Canseco..... Message-ID: <961226125240_1788821896@emout16.mail.aol.com> In a message dated 96-12-26 02:38:52 EST, you write: << >Raffik: > >Obviously you don't remember the days of the immaturity of Canseco. The only >reason why they traded him was becuase he was the only cancer to a clubhouse >that was overachieving and headed for the playoffs, not to mention they could >get a sutible replacment for him in the field as well as a couple more arms >for the stretch run. This is, of course, laughable. Canseco was dealt for 1.2 years of Witt, .2 years of Russell, and .2 years of Sierra. Sierra's collapse was completely predictable, and if you care to call me on that, check your local news archive. >> .2 years is called a stretch run! That's what the whole deal was done for. Yeah, maybe the trade wasn't the best ever, considering only a World Series title was going to be the mark on whether or not it was a good deal, but the bottom line is that he made the chance on the trade. Alderson regrets making the deal? Maybe so, but I was glad to see him take that chance on a team that for sure wasn't going to beat the Jays with Canseco. I'll admit, resigning Sierra was wrong. The only reason it happened is becuase it did come on the eve of the Bonds signing and Alderson felt the heat to be competitive in the Bay Area. And it doesn't sound like anything's gonna bring you back. I'm not here saying Canseco's presence is going to be an asset to the team. And I'm still trying to figure out, are you pro or anti Canseco? Gary YukYukYo69 at aol.com From elbee at crl.com Thu Dec 26 10:00:39 1996 From: elbee at crl.com (Lilian Bartholo) Date: Thu, 26 Dec 1996 10:00:39 -0800 (PST) Subject: Remember Canseco..... Message-ID: I only remember the days when Jose gave the A's 730 rbis in 7.5 years. Excitement and charisma at the plate and a slew of good deeds that the press never talked about. The only "cancer" in the clubhouse that I'm glad is now gone was TLR and his chosen few clan. If TLR thought Jose was so bad, then why did he call him during the offseason last year and asked him if he would play first base for him in St. Louis? Maybe he just wanted to have him around so he could use him as a distraction and as a scape-goat when things turned sour with the team. Lil From TOPALOVICH at terraglyph.com Thu Dec 26 10:03:17 1996 From: TOPALOVICH at terraglyph.com (Mike Topalovich) Date: Thu, 26 Dec 1996 10:03:17 -0800 (PST) Subject: Legality of requiring credit cards? Message-ID: >True. But when I was a wetback bank teller making $6.50 an hour, I didn't >fill out any forms I didn't have to. Come to think of it, you have to fill >out a CTR when you purchase a bank check or money order for only $3,000 or >more in cash. I forgot about that. > >Just a side note to show how effective these CTRs have to be...when I worked >at a bank many moons ago, we would receive calls from the IRS pertaining to >CTRs that we had filled out 8 or 9 months before...I would find that very >encouraging if I were laundering money on a temporary basis. You get the >money moved, skip town, and you still have a good 6 month head start before >the IRS even has a notion to catch on. > >Mike > >---------- >From: dlv at bwalk.dm.com[SMTP:dlv at bwalk.dm.com] >Sent: Tuesday, December 24, 1996 12:41 PM >To: cypherpunks at toad.com >Subject: RE: Legality of requiring credit cards? > >Mike Topalovich writes: >> It's not necessarily because you are paying with $100 bills. The IRS >> requires banks and other businesses to report all cash transactions >> exceeding $10,000 by means of a Currency Transaction Report (CTR). This >> is a way for the IRS to track money laundering. There happens to be two >> lines on the form asking for the number of $50 and $100 bills, but those >> lines are optional. > >They're supposed to report "suspicious" cash transactions under 10K too. > >--- > >Dr.Dimitri Vulis KOTM >Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps > > From TOPALOVICH at terraglyph.com Thu Dec 26 10:04:14 1996 From: TOPALOVICH at terraglyph.com (Mike Topalovich) Date: Thu, 26 Dec 1996 10:04:14 -0800 (PST) Subject: Legality of requiring credit cards? Message-ID: > >This isn't to start any arguments, it's just an FYI...I noticed that when I >worked for a bank, many banks would only allow other banks to call to verify >funds. What this meant was, I'd have customers calling me who in turn had >customers who were growing *very* impatient because they had written a >personal check, who had to wait for the clerk to call to verify funds, spend >10 minutes on hold for bookkeeping only to find that the bank they were >calling only allows other banks to verify funds, who then had to wait for the >clerk to call the company's bank to call the other bank to sit on hold >another 10 minutes for bookkeeping only to have the bookkeeper try to weasel >his/her way out of doing any work by disputing the fact that you worked for a >bank, blah, blah, blah. > >What's the point? Maybe some of us don't want to have to go into debt just >to buy groceries, and don't want to carry buttloads of cash on us all of the >time. With banks charging ridiculous fees to keep *your* money in a checking >account, where's the big incentive? > >I say we go back to a barter system > >Mike > > >---------- >From: gimonca at skypoint.com[SMTP:gimonca at skypoint.com] >Sent: Wednesday, December 25, 1996 12:57 AM >To: cypherpunks at toad.com >Subject: Re: Legality of requiring credit cards? (fwd) > >People on the list could probably come up with much better ways to >authenticate a reputation. Until then, for personal checks, you can >call any bank in the U.S., ask for bookkeeping, and ask them if there >are funds in the bank to cover the check you're holding. Any bank >should give you a yes or no on this. Some banks, like the First Banks >here in Minnesota, will do this through their automated telephone >banking services, 24 hours. > > > From tsimmons at auspex.com Thu Dec 26 10:07:29 1996 From: tsimmons at auspex.com (Tim Simmons) Date: Thu, 26 Dec 1996 10:07:29 -0800 (PST) Subject: Scalpers (SJPD does crack down) Message-ID: <199612261753.JAA14757@auspex.auspex.com> A >for $60 (face = $69, and I would have taken anything over $50 without a >haggle), about 5 minutes before game time, on the far side of Guadalupe >Expressway (e.g. @ Almaden Blvd.), which the Arena-patrolling uniformed >officers have repeatedly said is "outside the no-vending zone"... >>> > >Correct me if I'm wrong. Did the Police arrest you because you were selling >em or because you were in a no vending zone? If they did arrest you for >selling them, why'd they areest you for selling them under face value? In >other parts of the country it's a crime to sell them above face value, but >not below. According to my contact in the ticket office it is NOT illegal to re-sell tickets, even if you are selling them ABOVE face value. San Jose Box office makes a legal business out of this practice. It is only illegal to sell them within a certain proximity of the venue. You must have been within the "no vending zone" if you were outside of the zone, you should be able to get the charges dismissed. Tim S. Manufacturing Engineering x 2162 From sunder at brainlink.com Thu Dec 26 10:10:16 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Thu, 26 Dec 1996 10:10:16 -0800 (PST) Subject: Unsubscribing Dr. Vulius In-Reply-To: <15mgZD80w165w@bwalk.dm.com> Message-ID: On Tue, 24 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > Dale Thorn writes: > > > this is a crypto list, and there are all those NSA spooks watching > > everything we do.... > > Watching and laughing, no doubt. And paying you to cause FUD, no doubt. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From khawley at silenus.com Thu Dec 26 10:18:42 1996 From: khawley at silenus.com (Kenneth J. Hawley) Date: Thu, 26 Dec 1996 10:18:42 -0800 (PST) Subject: Papers Galore Message-ID: <3.0.32.19961226131952.0068e674@mail.silenus.com> >From: bart at netcom.com (Harry Bartholomew) >Subject: Papers Galore, address correction >To: cypherpunks at toad.com >Date: Tue, 24 Dec 1996 01:58:31 -0800 (PST) >Sender: owner-cypherpunks at toad.com >Forwarded message: > >> Date: Mon, 23 Dec 1996 15:16:39 -0500 >> To: cypherpunks at toad.com >> From: John Young >> Subject: Papers Galore >> >> The NSA-hosted National Information Systems Security >> Conference, held in October, 1996, has made a wide >> range of papers available (in PDF format), and listed in: >> >> http://csrc.nist.gov/nissc/1996/papers/NISSC/toc.pdf (110kb) >> ^^^^^ > > should be NISSC96 Actually the correct URL is: http://csrc.nist.gov/nissc/1996/papers/NISSC96/ followed by: toc.pdf and many others. The URL will give you an FTP-style file list. -- Kenneth J. Hawley (616)372-5774 Principal khawley at silenus.com Silenus Group, Inc. Detroit - Atlanta - Kalamazoo From nobody at replay.com Thu Dec 26 10:19:59 1996 From: nobody at replay.com (Anonymous) Date: Thu, 26 Dec 1996 10:19:59 -0800 (PST) Subject: Diffie-Hellman Message-ID: <199612261819.TAA25920@basement.replay.com> The only `culture' Timmy May possesses is that cultivated from his foreskin scrapings. )))) )) OO Timmy May 6 (_) `____c From howard at ultracominc.com Thu Dec 26 10:34:58 1996 From: howard at ultracominc.com (Howard Strachman) Date: Thu, 26 Dec 1996 10:34:58 -0800 (PST) Subject: FS- Sharks Tkts- Front Row (2nd Deck) Jan 13 Message-ID: <1.5.4.32.19961226182040.00692258@best.com> I've got two seats in section 226, row 1 available for sale for Jan 13. Face value=$43 each. Howard Strachman Tel: 408-863-0801 Ultracom Communications, Inc. Fax: 408-863-0363 21580 Stevens Creek Blvd Email:howard at ultracominc.com Cupertino, CA 95014 Web: http://www.ultracominc.com From anne.greene at xilinx.com Thu Dec 26 10:42:40 1996 From: anne.greene at xilinx.com (Anne Greene) Date: Thu, 26 Dec 1996 10:42:40 -0800 (PST) Subject: FS-Jan 7 Row 1 Sec 211 Message-ID: Subject: Time: 10:34 AM OFFICE MEMO FS:Jan 7 Row 1 Sec 211 Date: 12/26/96 I have two seats, on the rim, end that sharks shoot on twice for the Jan. 7th Buffalo game. Sec 211, Row 1, seats 1 & 2 $86 for the pair (face value) Email me at: anne.greene at xilinx.com or call 408-879-6716 Happy Boxing day, Anne From jya at pipeline.com Thu Dec 26 10:50:09 1996 From: jya at pipeline.com (John Young) Date: Thu, 26 Dec 1996 10:50:09 -0800 (PST) Subject: Papers Galore Message-ID: <1.5.4.32.19961226184606.006b9030@pop.pipeline.com> Thanks to Harry and Kenneth for correcting the URL for the NISSC96 papers. We've converted the toc.pdf to HTML for easy scanning of the impressive list of papers and panels: http://jya.com/nissc96.htm Now who's going hyper-link the TOC to the files? Ease the scrooge download torture? From CAREYNO at msg.pacbell.com Thu Dec 26 10:52:18 1996 From: CAREYNO at msg.pacbell.com (Reynolds, Cathy A (careyno)) Date: Thu, 26 Dec 1996 10:52:18 -0800 (PST) Subject: For Sale for 12/26! Message-ID: Hi All, A friend has a change in plans and can't make the game tonight. Sorry for the late notice. Section 116 Row 18& 19 (right behind the other) They are great seats! Please page Nick on 510-810-4835 if you are interested. Cathy From kkays at sun.iwu.edu Thu Dec 26 10:58:08 1996 From: kkays at sun.iwu.edu (Karmy T. Kays) Date: Thu, 26 Dec 1996 10:58:08 -0800 (PST) Subject: Game tonight Message-ID: <199612261835.MAA22617@sun.iwu.edu> Is the game against the Blues tonight going to be on tv or on real audio tonight? I would really like to see or hear it. From listproc at plaidworks.com Thu Dec 26 11:08:35 1996 From: listproc at plaidworks.com (listproc at plaidworks.com) Date: Thu, 26 Dec 1996 11:08:35 -0800 (PST) Subject: WHICH Message-ID: <199612261909.LAA27991@plaidworks.com> cypherpunks at toad.com: You are subscribed to the following lists; if none appear, you are not subscribed to any: MINORS MINORS-SCORES IHL BAY-AREA-HOCKEY ROLLER-HOCKEY-INTL WOMEN-IN-HOCKEY GIANTS GIANTS-TICKETS BASEBALL-CHAT SHARKS SHARKS-TICKETS SHARKS-CHAT HOCKEY-CHAT DALLAS-STARS LA-KINGS ONLINE-DRIVE PIT-PENGUINS MAPLE-LEAFS OTT-SENATORS PHX-COYOTES BHAWKS-L COL-AVALANCHE HOCKEY-COACHES HOCKEY-REFEREES CAL-FLAMES OAK-ATHLETICS HOCKEY-PLAYERS From daemon at plaidworks.com Thu Dec 26 11:08:47 1996 From: daemon at plaidworks.com (daemon at plaidworks.com) Date: Thu, 26 Dec 1996 11:08:47 -0800 (PST) Subject: the file you requested Message-ID: <199612261909.LAA28001@plaidworks.com> Introduction to the Oakland Athletics Mailing List Last update December 15, 1996 This file is available at any time by e-mailing to or by FTP as +++IMPORTANT+++ We ask that all users read this document and look at the charter for what is acceptable use of this mailing list. We also ask that if you haven't done so, send e-mail to . That file contains the general rules we administer this list under, as well as hints that we've found help people write e-mail messages which are easier to understand and help the mailing lists function smoothly. Everyone using these lists is expected to abide by the rules in these files. We don't consider ignorance of the rules an excuse for unacceptable behavior. Please work with us to make this a fun, interesting and educational place to be. +++IMPORTANT+++ Administrative messages sent to the mailing lists will have a subject that begins with "Admin:". Please read these messages, as they have important information about the state of the lists and systems and changes that might affect how you use it. If you want to find out what else is available on this server, browse or send e-mail to . It will return a document listing all of our services. We have written a tutorial on using the listproc mail server. You can get a copy of that by sending e-mail to . ============ Table of Contents ============ 1) The Oakland Athletics Mailing List 2) Who to contact for help and advice 3) Subscription Info: Important Mail Server Commands 4) Sending Messages to the mailing lists 5) Charter: What's Acceptable/What's not 6) How to find the World Wide Web Home Page, Frequently Asked Questions (FAQ), and FTP archives ============ 1) The Oakland Athletics Mailing Lists ============ The "Oakland Athletics" mailing list is for general discussion of issues and topics pertaining to the baseball team, it's farm system, the organization, and other related things. We are not affiliated with the Oakland Athletics in any way. Please see the charters below for detailed descriptions of what is and is not acceptable material for these lists. There are other mailing lists available as well. Please send e-mail to to get a listing of their names, topics, and subscription information. ============ 2) Who to contact for help and advice ============ The List Mom (or Sysops) for these lists are: Chuq Von Rospach (e-mail: ) Mailing List problems: Please try to follow the directions. If you can't make things work, drop us a note and we'll be happy to help. Try us second, though: we're your helpers, not your baby-sitters. The time we spend doing administrative things is time we can't spend creating better services for you. ============ 3) Subscription Info: Important Mail Server commands ============ To subscribe or unsubscribe to a mailing list, you should use the WWW subscription site at . If you don't have WWW access (get it!), you must send an e-mail command to the address . Leave the subject line blank or put a nonsense word in it -- do not put Listproc commands in the subject, or Listproc will reject the message. For complete details on using listproc, get the listproc tutorial mentioned above. Here are the listproc commands to subscribe to these mailing lists: SUBSCRIBE oak-athletics your real name goes here Here are the commands to unsubscribe from these mailing lists: UNSUBSCRIBE oak-athletics If you want to switch a list to digest mode, use these commands: SET oak-athletics MAIL DIGEST If you want to switch a list from digest mode, use these commands: SET oak-athletics MAIL ACK Remember, all listproc commands go to , not the main mailing list. You can put more than one command in an e-mail message. Please note that if your e-mail messages contain signatures, listproc will attempt to read them as commands and return an error to you. This can be ignored if you also get the confirmation back on the earlier commands. You should get a confirmation e-mail or error warning for EVERY command you send to listproc. If you didn't, something went wrong. Try it again, and if it still doesn't work, contact for help. ============ 4) Sending messages to the mailing lists ============ To post to the mailing lists, send mail to the appropriate list address: You must be a subscriber to the list to post to it. Listproc (the mail server we use) is very picky about your address: it will not recognize you as a subscriber except from the account where you sent the SUBSCRIBE command from. ============ 5) Charter: What's Acceptable, What's Not ============ There is a file of general rules and guidelines that we ask users to abide by on these mailing lists. If you haven't done so send e-mail to to get this list and please read it. We don't consider ignorance of the rules an excuse for unacceptable behavior. Please work with us to make this a fun, interesting and educational place to be. The "Oakland Athletics" mailing list is for general discussion of issues and topics pertaining to the baseball team, it's farm system, the organization, and other related things. +++ Acceptable uses: 1) Information about the Oakland Athletics baseball club, it's minor league farm system, management, and organization. 2) S.F. Oakland Athletics Collectibles and Merchandise information. Please don't try to buy or sell stuff on the list, though. It's not a classified ad or a swap meet. 3) Schedule information, box scores, team status, and transaction reports. 4) Road Trips and group get-togethers. A way for out-of-towners to find out what's happening when they visit, and for the locals to meet their like-minded on-line fans. 5) Tickets for sale (and wanted). Scalping is not allowed, however. Please see the note on this in the manners at plaidworks.com document. 6) Anything else of interest about the Oakland Athletics. The oak-athletics list should be used for things specific to the Oakland Athletics, primarily on-field issues. Anything that shifts away from that towards more general baseball discussions or any organizational discussions that don't involve the team specifically should be put on baseball-chat. One thing these lists are NOT for: this is not a place for the discussion of rotisserie or fantasy baseball. Please do not come in here looking for data on players you've drafted for a roto league, but otherwise have no clue who they are. There are plenty of places for that. This is for people who enjoy baseball as baseball. Think of this as a sports bar, where we can all sit down with a drink of our choice and discuss the game of our choice. Those who become too rowdy, too drunk, too obnoxious or abusive will be shown the door. Everyone else is welcome -- so drink in moderation, and act like an adult. That's all we ask. ============ 6) How to find the Home Page, Frequently Asked Questions (FAQ) ============ This document is: If you aren't sure how to access the World Wide Web or FTP from your site, please ask your local administrators for advice, since it varies for different organizations and types of computers. If you can't get help locally, drop private e-mail to one of the List Moms, and we'll do what we can do to get you started. The FTP archive is in the directory <~ftp/list-archives/oak-athletics/>. All messages to the list are archived in the "message.archives" folder in the subdirectory with the same name as the list you're looking for. If you have WWW access, there will be a searchable database of the message real soon now. ---- end of oak-athletics.INTRO ---- From sharks-tickets at plaidworks.com Thu Dec 26 11:13:16 1996 From: sharks-tickets at plaidworks.com (sharks-tickets at plaidworks.com) Date: Thu, 26 Dec 1996 11:13:16 -0800 (PST) Subject: Error Condition Re: Message-ID: <199612261911.LAA28032@plaidworks.com> The mail server has identified an administrative command in your message. DO NOT SEND ADMINISTRATIVE COMMANDS TO THE LIST. All server commands should be sent to listproc at plaidworks.com. If you did not intend to send an administrative command, then you'll need to rewrite your message to avoid the command words UNSUBSCRIBE that are causing listproc to trap your message. For help, send email to address info at plaidworks.com ------------------------------------------------------------------------------- unsubscribe From sharks-chat at plaidworks.com Thu Dec 26 11:13:41 1996 From: sharks-chat at plaidworks.com (sharks-chat at plaidworks.com) Date: Thu, 26 Dec 1996 11:13:41 -0800 (PST) Subject: Error Condition Re: Message-ID: <199612261910.LAA28019@plaidworks.com> The mail server has identified an administrative command in your message. DO NOT SEND ADMINISTRATIVE COMMANDS TO THE LIST. All server commands should be sent to listproc at plaidworks.com. If you did not intend to send an administrative command, then you'll need to rewrite your message to avoid the command words UNSUBSCRIBE that are causing listproc to trap your message. For help, send email to address info at plaidworks.com ------------------------------------------------------------------------------- unsubscribe From daemon at plaidworks.com Thu Dec 26 11:25:46 1996 From: daemon at plaidworks.com (daemon at plaidworks.com) Date: Thu, 26 Dec 1996 11:25:46 -0800 (PST) Subject: the file you requested Message-ID: <199612261926.LAA28478@plaidworks.com> Introduction to the Sharks Mailing Lists Version 2.0 Last update August 25, 1996 This file is available at any time by e-mailing to or by FTP as +++IMPORTANT+++ We ask that all users read this document and look at the charter for what is acceptable use of this mailing list. We also ask that if you haven't done so, send e-mail to . That file contains the general rules we administer this list under, as well as hints that we've found help people write e-mail messages which are easier to understand and help the mailing lists function smoothly. Everyone using these lists is expected to abide by the rules in these files. We don't consider ignorance of the rules an excuse for unacceptable behavior. Please work with us to make this a fun, interesting and educational place to be. +++IMPORTANT+++ Administrative messages sent to the mailing lists will have a subject that begins with "Admin:". Please read these messages, as they have important information about the state of the lists and systems and changes that might affect how you use it. If you want to find out what else is available on this server, send e-mail to . It will return a document listing all of our services. We have written a tutorial on using the listproc mail server. You can get a copy of that by sending e-mail to . ============ Table of Contents ============ 1) The Sharks Family of Mailing Lists 2) Who to contact for help and advice 3) Subscription Info: Important Mail Server Commands 4) Sending Messages to the mailing lists 5) Charter: What's Acceptable/What's not 6) How to find the World Wide Web Home Page, Frequently Asked Questions (FAQ), and FTP archives ============ 1) The Sharks Family of Lists ============ The following sharks-related lists are available on plaidworks.com: sharks: This list is for discussion of on-ice related things ONLY. Players, games, that sort of thing. It should relate to the game of hockey and the San Jose Sharks in some way, or it belongs on one of the other lists. sharks-chat: This list is for discussion of the off-ice related aspects of the Sharks: arena, organizational issues, complaints about ticket prices or the cost of beer. Anything having to do with the San Jose Sharks club OTHER than the team itself and what they do goes here. In general, if it is about the TEAM, put it in Sharks. If it is about the organization, put it in Sharks-Chat. If you aren't sure, put it in Sharks-Chat or ask one of the List Moms for advice. sharks-tickets: For the sale and purchase of tickets to Sharks games by the users of our mailing list. No dealers or brokers, and sales during the regular season must be at no more than face value. Please see the charters below for detailed descriptions of what is and is not acceptable material for these lists. There are other mailing lists available as well. Please send e-mail to to get a listing of their names, topics, and subscription information. ============ 2) Who to contact for help and advice ============ The List Moms (or Sysops) for these lists are: Chuq Von Rospach (e-mail: ) Laurie Sefton (e-mail: ) Mailing List problems: Please try to follow the directions. If you can't make things work, drop us a note and we'll be happy to help. Try us second, though: we're your helpers, not your baby-sitters. The time we spend doing administrative things is time we can't spend creating better services for you. ============ 3) Subscription Info: Important Mail Server commands ============ To subscribe or unsubscribe to a mailing list, you must send an e-mail command to the address . Leave the subject line blank or put a nonsense word in it -- do not put Listproc commands in the subject, or Listproc will reject the message. For complete details on using listproc, get the listproc tutorial mentioned above. Here are the listproc commands to subscribe to these mailing lists: SUBSCRIBE sharks your real name goes here SUBSCRIBE sharks-chat your real name goes here SUBSCRIBE sharks-tickets your real name goes here Here are the commands to unsubscribe from these mailing lists: UNSUBSCRIBE sharks UNSUBSCRIBE sharks-chat UNSUBSCRIBE sharks-tickets If you want to switch a list to digest mode, use these commands: SET sharks MAIL DIGEST SET sharks-chat MAIL DIGEST SET sharks-tickets MAIL DIGEST If you want to switch a list from digest mode, use these commands: SET sharks MAIL ACK SET sharks-chat MAIL ACK SET sharks-tickets MAIL ACK Remember, all listproc commands go to , not the main mailing list. You can put more than one command in an e-mail message. Please note that if your e-mail messages contain signatures, listproc will attempt to read them as commands and return an error to you. This can be ignored if you also get the confirmation back on the earlier commands. You should get a confirmation e-mail or error warning for EVERY command you send to listproc. If you didn't, something went wrong. Try it again, and if it still doesn't work, contact for help. ============ 4) Sending messages to the mailing lists ============ To post to the mailing lists, send mail to the appropriate list address: You must be a subscriber to the list to post to it. Listproc (the mail server we use) is very picky about your address: it will not recognize you as a subscriber except from the account where you sent the SUBSCRIBE command from. ============ 5) Charter: What's Acceptable, What's Not ============ There is a file of general rules and guidelines that we ask users to abide by on these mailing lists. If you haven't done so send e-mail to to get this list and please read it. We don't consider ignorance of the rules an excuse for unacceptable behavior. Please work with us to make this a fun, interesting and educational place to be. Sharks: This list is for discussion of on-ice related things ONLY. Players, games, that sort of thing. It should relate to the game of hockey and the San Jose Sharks in some way, or it belongs on one of the other lists. Sharks-Chat: This list is for discussion of the off-ice related aspects of the Sharks: arena, organizational issues, complaints about ticket prices or the cost of beer. Anything having to do with the San Jose Sharks club OTHER than the team itself and what they do goes here. In general, if it is about the TEAM, put it in Sharks. If it is about the organization, put it in Sharks-Chat. If you aren't sure, put it in Sharks-Chat or ask one of the List Moms for advice. Sharks-Tickets: the place to buy and sell tickets. Please do not put ticket requests on any of the other lists. The groundrules: no commercial services may use the list. Tickets may be sold ONLY for face value. There is no scalping on the list. Period. For the playoffs, we relax this rule in the following way: tickets may be sold but prices may not be listed in the messages. Keep the transaction private. Anyone found violating this, or found selling tickets above face value during the regular season, may be kicked off the list permanently. This is a service to our readers, not a source of income. ============ 6) How to find the Home Page, Frequently Asked Questions (FAQ) ============ The World Wide Web home page for these mailing lists is: The World Wide Web pages are all written and maintained by Mike Lamar . If you have questions or comments on them, please contact Mike. This document is: If you aren't sure how to access the World Wide Web or FTP from your site, please ask your local administrators for advice, since it varies for different organizations and types of computers. If you can't get help locally, drop private e-mail to one of the List Moms, and we'll do what we can do to get you started. The FTP archive is in the directory <~ftp/hockey/nhl/sharks/>. All messages to the list are archived in the "message.archives" folder in the subdirectory with the same name as the list you're looking for. If you have WWW access, there will be a searchable database of the message real soon now. If you have no access via FTP, these files can be accessed through listproc. e-mail for instructions. Note that because this is a very lightly used function and time intensive for the List Mom, it's rarely up to date. Consider it a last resort. ---- end of sharks.INTRO ---- From daemon at plaidworks.com Thu Dec 26 11:27:51 1996 From: daemon at plaidworks.com (daemon at plaidworks.com) Date: Thu, 26 Dec 1996 11:27:51 -0800 (PST) Subject: the file you requested Message-ID: <199612261928.LAA28498@plaidworks.com> Introduction to the Sharks Mailing Lists Version 2.0 Last update August 25, 1996 This file is available at any time by e-mailing to or by FTP as +++IMPORTANT+++ We ask that all users read this document and look at the charter for what is acceptable use of this mailing list. We also ask that if you haven't done so, send e-mail to . That file contains the general rules we administer this list under, as well as hints that we've found help people write e-mail messages which are easier to understand and help the mailing lists function smoothly. Everyone using these lists is expected to abide by the rules in these files. We don't consider ignorance of the rules an excuse for unacceptable behavior. Please work with us to make this a fun, interesting and educational place to be. +++IMPORTANT+++ Administrative messages sent to the mailing lists will have a subject that begins with "Admin:". Please read these messages, as they have important information about the state of the lists and systems and changes that might affect how you use it. If you want to find out what else is available on this server, send e-mail to . It will return a document listing all of our services. We have written a tutorial on using the listproc mail server. You can get a copy of that by sending e-mail to . ============ Table of Contents ============ 1) The Sharks Family of Mailing Lists 2) Who to contact for help and advice 3) Subscription Info: Important Mail Server Commands 4) Sending Messages to the mailing lists 5) Charter: What's Acceptable/What's not 6) How to find the World Wide Web Home Page, Frequently Asked Questions (FAQ), and FTP archives ============ 1) The Sharks Family of Lists ============ The following sharks-related lists are available on plaidworks.com: sharks: This list is for discussion of on-ice related things ONLY. Players, games, that sort of thing. It should relate to the game of hockey and the San Jose Sharks in some way, or it belongs on one of the other lists. sharks-chat: This list is for discussion of the off-ice related aspects of the Sharks: arena, organizational issues, complaints about ticket prices or the cost of beer. Anything having to do with the San Jose Sharks club OTHER than the team itself and what they do goes here. In general, if it is about the TEAM, put it in Sharks. If it is about the organization, put it in Sharks-Chat. If you aren't sure, put it in Sharks-Chat or ask one of the List Moms for advice. sharks-tickets: For the sale and purchase of tickets to Sharks games by the users of our mailing list. No dealers or brokers, and sales during the regular season must be at no more than face value. Please see the charters below for detailed descriptions of what is and is not acceptable material for these lists. There are other mailing lists available as well. Please send e-mail to to get a listing of their names, topics, and subscription information. ============ 2) Who to contact for help and advice ============ The List Moms (or Sysops) for these lists are: Chuq Von Rospach (e-mail: ) Laurie Sefton (e-mail: ) Mailing List problems: Please try to follow the directions. If you can't make things work, drop us a note and we'll be happy to help. Try us second, though: we're your helpers, not your baby-sitters. The time we spend doing administrative things is time we can't spend creating better services for you. ============ 3) Subscription Info: Important Mail Server commands ============ To subscribe or unsubscribe to a mailing list, you must send an e-mail command to the address . Leave the subject line blank or put a nonsense word in it -- do not put Listproc commands in the subject, or Listproc will reject the message. For complete details on using listproc, get the listproc tutorial mentioned above. Here are the listproc commands to subscribe to these mailing lists: SUBSCRIBE sharks your real name goes here SUBSCRIBE sharks-chat your real name goes here SUBSCRIBE sharks-tickets your real name goes here Here are the commands to unsubscribe from these mailing lists: UNSUBSCRIBE sharks UNSUBSCRIBE sharks-chat UNSUBSCRIBE sharks-tickets If you want to switch a list to digest mode, use these commands: SET sharks MAIL DIGEST SET sharks-chat MAIL DIGEST SET sharks-tickets MAIL DIGEST If you want to switch a list from digest mode, use these commands: SET sharks MAIL ACK SET sharks-chat MAIL ACK SET sharks-tickets MAIL ACK Remember, all listproc commands go to , not the main mailing list. You can put more than one command in an e-mail message. Please note that if your e-mail messages contain signatures, listproc will attempt to read them as commands and return an error to you. This can be ignored if you also get the confirmation back on the earlier commands. You should get a confirmation e-mail or error warning for EVERY command you send to listproc. If you didn't, something went wrong. Try it again, and if it still doesn't work, contact for help. ============ 4) Sending messages to the mailing lists ============ To post to the mailing lists, send mail to the appropriate list address: You must be a subscriber to the list to post to it. Listproc (the mail server we use) is very picky about your address: it will not recognize you as a subscriber except from the account where you sent the SUBSCRIBE command from. ============ 5) Charter: What's Acceptable, What's Not ============ There is a file of general rules and guidelines that we ask users to abide by on these mailing lists. If you haven't done so send e-mail to to get this list and please read it. We don't consider ignorance of the rules an excuse for unacceptable behavior. Please work with us to make this a fun, interesting and educational place to be. Sharks: This list is for discussion of on-ice related things ONLY. Players, games, that sort of thing. It should relate to the game of hockey and the San Jose Sharks in some way, or it belongs on one of the other lists. Sharks-Chat: This list is for discussion of the off-ice related aspects of the Sharks: arena, organizational issues, complaints about ticket prices or the cost of beer. Anything having to do with the San Jose Sharks club OTHER than the team itself and what they do goes here. In general, if it is about the TEAM, put it in Sharks. If it is about the organization, put it in Sharks-Chat. If you aren't sure, put it in Sharks-Chat or ask one of the List Moms for advice. Sharks-Tickets: the place to buy and sell tickets. Please do not put ticket requests on any of the other lists. The groundrules: no commercial services may use the list. Tickets may be sold ONLY for face value. There is no scalping on the list. Period. For the playoffs, we relax this rule in the following way: tickets may be sold but prices may not be listed in the messages. Keep the transaction private. Anyone found violating this, or found selling tickets above face value during the regular season, may be kicked off the list permanently. This is a service to our readers, not a source of income. ============ 6) How to find the Home Page, Frequently Asked Questions (FAQ) ============ The World Wide Web home page for these mailing lists is: The World Wide Web pages are all written and maintained by Mike Lamar . If you have questions or comments on them, please contact Mike. This document is: If you aren't sure how to access the World Wide Web or FTP from your site, please ask your local administrators for advice, since it varies for different organizations and types of computers. If you can't get help locally, drop private e-mail to one of the List Moms, and we'll do what we can do to get you started. The FTP archive is in the directory <~ftp/hockey/nhl/sharks/>. All messages to the list are archived in the "message.archives" folder in the subdirectory with the same name as the list you're looking for. If you have WWW access, there will be a searchable database of the message real soon now. If you have no access via FTP, these files can be accessed through listproc. e-mail for instructions. Note that because this is a very lightly used function and time intensive for the List Mom, it's rarely up to date. Consider it a last resort. ---- end of sharks.INTRO ---- From listproc at plaidworks.com Thu Dec 26 11:42:08 1996 From: listproc at plaidworks.com (listproc at plaidworks.com) Date: Thu, 26 Dec 1996 11:42:08 -0800 (PST) Subject: Error Condition Re: Invalid request Message-ID: <199612261942.LAA28764@plaidworks.com> =============== Mail Daemon Command Error =============== The line that caused the error was: >UNSUBSCRIBE BASEBALL-CHAT SATAN CYPHERPUNKS at TOAD.COM: You are not subscribed to baseball-chat at plaidworks.com ==================== For more help, send e-mail to or browse to use our new World Wide Web interface. ==================== Any list commands after the point of error are ignored. If you put a 'signature' on your email, that will cause an error. This can be ignored if you received confirmation of your other commands. ========== Mail Daemon Command Summary ========== The syntax for the most common commands is: (if you aren't sure, get help from the above help sources) SUBSCRIBE listname your name goes here UNSUBSCRIBE listname To turn on DIGEST mode, use: SET listname MAIL DIGEST To turn off DIGEST mode, use: SET listname MAIL ACK ========== If you need more help ========== If you can't make it work, send e-mail to and we'll help you out. From master at internexus.net Thu Dec 26 11:46:35 1996 From: master at internexus.net (Laszlo Vecsey) Date: Thu, 26 Dec 1996 11:46:35 -0800 (PST) Subject: Unix Passwd In-Reply-To: <199612261556.HAA05096@slack.lne.com> Message-ID: On Thu, 26 Dec 1996, Eric Murray wrote: > Fyodor Yarochkin writes: > > > > > > Anyone has any success in breaking this? > > -f > > Many people have tried breaking the cipher, I have not heard > of anyone being successful. > > There is however a number of programs that attempt a brute-force > of passwords, the best is called 'crack' and is written by Alec Muffet. >From Applied Cryptography (2nd edition) I got the impression that it has been cracked. Do a netsearch for "Crypt Breakers Workbench", its a freeware program that attempts to do just that. - Lester From ericm at lne.com Thu Dec 26 11:50:28 1996 From: ericm at lne.com (Eric Murray) Date: Thu, 26 Dec 1996 11:50:28 -0800 (PST) Subject: WHICH In-Reply-To: <199612261909.LAA27991@plaidworks.com> Message-ID: <199612261949.LAA07264@slack.lne.com> listproc at plaidworks.com writes: > > cypherpunks at toad.com: You are subscribed to the following lists; > if none appear, you are not subscribed to any: > MINORS > MINORS-SCORES > IHL > BAY-AREA-HOCKEY > ROLLER-HOCKEY-INTL > WOMEN-IN-HOCKEY > GIANTS > GIANTS-TICKETS > BASEBALL-CHAT > SHARKS > SHARKS-TICKETS > SHARKS-CHAT > HOCKEY-CHAT > DALLAS-STARS > LA-KINGS > ONLINE-DRIVE > PIT-PENGUINS > MAPLE-LEAFS > OTT-SENATORS > PHX-COYOTES > BHAWKS-L > COL-AVALANCHE > HOCKEY-COACHES > HOCKEY-REFEREES > CAL-FLAMES > OAK-ATHLETICS > HOCKEY-PLAYERS I've submitted a request to unsubscribe cypherpunks from these lists. I have also notified the operator of plaidworks.com of the problem. While I think that his web-based list-subscription tools is neat, it's obvious that the potential for abuse is large. What solutions are there for protecting us from assholes like the one who signed cypherpunks up to all these lists? Maybe soon all lists will require some form of digital ID from new subscribers? -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From ericm at lne.com Thu Dec 26 11:52:50 1996 From: ericm at lne.com (Eric Murray) Date: Thu, 26 Dec 1996 11:52:50 -0800 (PST) Subject: Unix Passwd (fwd) Message-ID: <199612261952.LAA07314@slack.lne.com> Laszlo Vecsey writes: > On Thu, 26 Dec 1996, Eric Murray wrote: > > > Fyodor Yarochkin writes: > > > > > > > > > Anyone has any success in breaking this? > > > -f > > > > Many people have tried breaking the cipher, I have not heard > > of anyone being successful. > > > > There is however a number of programs that attempt a brute-force > > of passwords, the best is called 'crack' and is written by Alec Muffet. > > >From Applied Cryptography (2nd edition) I got the impression that it has > been cracked. Do a netsearch for "Crypt Breakers Workbench", its a > freeware program that attempts to do just that. Different crypt. That's crypt(1), a modification of the Enigma algorithim. UNIX passwords use crypt(3), a modified DES. Yea, the names are confusing. -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From martin at mrrl.lut.ac.uk Thu Dec 26 12:16:14 1996 From: martin at mrrl.lut.ac.uk (Martin Hamilton) Date: Thu, 26 Dec 1996 12:16:14 -0800 (PST) Subject: ssh + GNU win32 = !!! Message-ID: <199612262014.UAA06180@gizmo.lut.ac.uk> There's a first stab at that Win32 port of ssh that I've been promising up for FTP at: It's not pretty, but it does just about work - though cf. the list of caveats in the README. I'll have a go at making this more of a clean port and less of a quick hack after the New Year :-) In the meantime, consider this: the Cygnus port of the GNU developers tools will let you build DLLs. And it's free, of course... Should make building PGP as a DLL a reasonable proposition, methinks - for more info. Merry Xmas! Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: pgp00001.pgp Type: application/octet-stream Size: 285 bytes Desc: "PGP signature" URL: From listproc at plaidworks.com Thu Dec 26 12:56:20 1996 From: listproc at plaidworks.com (listproc at plaidworks.com) Date: Thu, 26 Dec 1996 12:56:20 -0800 (PST) Subject: Error Condition Re: Invalid request Message-ID: <199612262056.MAA00677@plaidworks.com> =============== Mail Daemon Command Error =============== The line that caused the error was: >UNSUBSCRIBE BASEBALL-CHAT CYPHERPUNKS at TOAD.COM CYPHERPUNKS at TOAD.COM: You are not subscribed to baseball-chat at plaidworks.com ==================== For more help, send e-mail to or browse to use our new World Wide Web interface. ==================== Any list commands after the point of error are ignored. If you put a 'signature' on your email, that will cause an error. This can be ignored if you received confirmation of your other commands. ========== Mail Daemon Command Summary ========== The syntax for the most common commands is: (if you aren't sure, get help from the above help sources) SUBSCRIBE listname your name goes here UNSUBSCRIBE listname To turn on DIGEST mode, use: SET listname MAIL DIGEST To turn off DIGEST mode, use: SET listname MAIL ACK ========== If you need more help ========== If you can't make it work, send e-mail to and we'll help you out. From shamrock at netcom.com Thu Dec 26 12:58:51 1996 From: shamrock at netcom.com (Lucky Green) Date: Thu, 26 Dec 1996 12:58:51 -0800 (PST) Subject: Credentials without Identity--Race Bits Message-ID: <3.0.32.19961226125016.006bb764@netcom13.netcom.com> At 06:31 AM 12/26/96 -0800, Ian Goldberg wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >In article <1.5.4.32.19961221065041.003d70c8 at popd.ix.netcom.com>, >Bill Stewart wrote: >>And that's not even counting the "You must turn on your laptop" crap. > >I just took my first flight with a laptop (USair), and, having heard >stories like the above, was wondering how "on" the laptop would have to >be (past the powerup password check? I hope they're not expecting >Windoze...). In my frequent travels by plane, airport security never wanted to see more than the memory check. [How much of the insides of a laptop could be removed to get a memory count display? I'd guess most of it.] -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://www.mersenne.org/prime.htm From listproc at plaidworks.com Thu Dec 26 13:07:53 1996 From: listproc at plaidworks.com (listproc at plaidworks.com) Date: Thu, 26 Dec 1996 13:07:53 -0800 (PST) Subject: Error Condition Re: Invalid request Message-ID: <199612262108.NAA00995@plaidworks.com> =============== Mail Daemon Command Error =============== The line that caused the error was: >UNSUBSCRIBE BASEBALL-CHAT CYPHERPUNKS CYPHERPUNKS at TOAD.COM: You are not subscribed to baseball-chat at plaidworks.com ==================== For more help, send e-mail to or browse to use our new World Wide Web interface. ==================== Any list commands after the point of error are ignored. If you put a 'signature' on your email, that will cause an error. This can be ignored if you received confirmation of your other commands. ========== Mail Daemon Command Summary ========== The syntax for the most common commands is: (if you aren't sure, get help from the above help sources) SUBSCRIBE listname your name goes here UNSUBSCRIBE listname To turn on DIGEST mode, use: SET listname MAIL DIGEST To turn off DIGEST mode, use: SET listname MAIL ACK ========== If you need more help ========== If you can't make it work, send e-mail to and we'll help you out. From listproc at plaidworks.com Thu Dec 26 13:30:46 1996 From: listproc at plaidworks.com (listproc at plaidworks.com) Date: Thu, 26 Dec 1996 13:30:46 -0800 (PST) Subject: No requests found Message-ID: <199612262131.NAA01639@plaidworks.com> No requests found in your message. Requests should be included in the body of the mail message. From abostick at netcom.com Thu Dec 26 13:44:09 1996 From: abostick at netcom.com (Alan Bostick) Date: Thu, 26 Dec 1996 13:44:09 -0800 (PST) Subject: Please take down your instant mailbomb Web page immediately Message-ID: Jesus Christ, Chuq, are you incompetent at *everything* you set your hand to? Your plaidworks.com ListAdmin Web page (http://www.plaidworks.com/ListAdmin/) is an open invitation to troublemakers to mailbomb. Gee, maybe I should root around plaidworks and see if I can find other security holes. Wouldn't it be fun if I could find a way to stuff the Nebula ballot box . . . ? ;-) If you wish to respond to this, please do it from another site than plaidworks.com, as I am immediately telling procmail to bounce all mail originating from that site: # # #Toss email from rogue sites # # # # Plaidworks # :0 * ^(From|To|Received|Message-ID):.*plaidworks\.com.* { EXITCODE = 67 :0 /dev/null } * ^(From|To|Recieved|Message-ID):.*207.167.80.66 { EXITCODE = 67 :0 /dev/null } > Return-Path: > Received: from toad.com (toad.com [140.174.2.1]) by mail6.netcom.com (8.6.13/Netcom) > id MAA17062; Thu, 26 Dec 1996 12:02:55 -0800 > Received: (from majordom at localhost) by toad.com (8.7.5/8.7.3) id LAA24977 for cypherpunks-outgoing; Thu, 26 Dec 1996 11:08:35 -0800 (PST) > Received: from plaidworks.com (plaidworks.com [207.167.80.66]) by toad.com (8.7.5/8.7.3) with SMTP id LAA24972 for ; Thu, 26 Dec 1996 11:08:31 -0800 (PST) > From: listproc at plaidworks.com > Received: from ([127.0.0.1]) by plaidworks.com (8.6.9/A/UX 3.1) with SMTP id LAA27991 for ; Thu, 26 Dec 1996 11:09:13 -0800 > Date: Thu, 26 Dec 1996 11:09:13 -0800 > Message-Id: <199612261909.LAA27991 at plaidworks.com> > Reply-To: listproc at plaidworks.com > To: cypherpunks at toad.com > Subject: WHICH > X-Listprocessor-Version: 6.0 -- ListProcessor by Anastasios Kotsikonas > X-Comment: Boston University ListProcessor > Sender: owner-cypherpunks at toad.com > Precedence: bulk > X-Newsgroups: alt.security.cypherpunks > > cypherpunks at toad.com: You are subscribed to the following lists; > if none appear, you are not subscribed to any: > MINORS > MINORS-SCORES > IHL > BAY-AREA-HOCKEY > ROLLER-HOCKEY-INTL > WOMEN-IN-HOCKEY > GIANTS > GIANTS-TICKETS > BASEBALL-CHAT > SHARKS > SHARKS-TICKETS > SHARKS-CHAT > HOCKEY-CHAT > DALLAS-STARS > LA-KINGS > ONLINE-DRIVE > PIT-PENGUINS > MAPLE-LEAFS > OTT-SENATORS > PHX-COYOTES > BHAWKS-L > COL-AVALANCHE > HOCKEY-COACHES > HOCKEY-REFEREES > CAL-FLAMES > OAK-ATHLETICS > HOCKEY-PLAYERS > > -- Alan Bostick | I'm not cheating; I'm *winning*! mailto:abostick at netcom.com | Emma Michael Notkin news:alt.grelb | http://www.alumni.caltech.edu/~abostick From listproc at plaidworks.com Thu Dec 26 14:12:44 1996 From: listproc at plaidworks.com (listproc at plaidworks.com) Date: Thu, 26 Dec 1996 14:12:44 -0800 (PST) Subject: Error Condition Re: Invalid request Message-ID: <199612262213.OAA02591@plaidworks.com> =============== Mail Daemon Command Error =============== The line that caused the error was: >UNSUBSCRIBE OAK-ATHLETICS CYPHERPUNKS at TOAD.COM: You are not subscribed to oak-athletics at plaidworks.com ==================== For more help, send e-mail to or browse to use our new World Wide Web interface. ==================== Any list commands after the point of error are ignored. If you put a 'signature' on your email, that will cause an error. This can be ignored if you received confirmation of your other commands. ========== Mail Daemon Command Summary ========== The syntax for the most common commands is: (if you aren't sure, get help from the above help sources) SUBSCRIBE listname your name goes here UNSUBSCRIBE listname To turn on DIGEST mode, use: SET listname MAIL DIGEST To turn off DIGEST mode, use: SET listname MAIL ACK ========== If you need more help ========== If you can't make it work, send e-mail to and we'll help you out. From listproc at plaidworks.com Thu Dec 26 14:14:04 1996 From: listproc at plaidworks.com (listproc at plaidworks.com) Date: Thu, 26 Dec 1996 14:14:04 -0800 (PST) Subject: Error Condition Re: Invalid request Message-ID: <199612262214.OAA02618@plaidworks.com> =============== Mail Daemon Command Error =============== The line that caused the error was: >UNSUBSCRIBE SHARKS CYPHERPUNKS at TOAD.COM: You are not subscribed to sharks at plaidworks.com ==================== For more help, send e-mail to or browse to use our new World Wide Web interface. ==================== Any list commands after the point of error are ignored. If you put a 'signature' on your email, that will cause an error. This can be ignored if you received confirmation of your other commands. ========== Mail Daemon Command Summary ========== The syntax for the most common commands is: (if you aren't sure, get help from the above help sources) SUBSCRIBE listname your name goes here UNSUBSCRIBE listname To turn on DIGEST mode, use: SET listname MAIL DIGEST To turn off DIGEST mode, use: SET listname MAIL ACK ========== If you need more help ========== If you can't make it work, send e-mail to and we'll help you out. From listproc at plaidworks.com Thu Dec 26 14:14:34 1996 From: listproc at plaidworks.com (listproc at plaidworks.com) Date: Thu, 26 Dec 1996 14:14:34 -0800 (PST) Subject: Error Condition Re: Invalid request Message-ID: <199612262215.OAA02645@plaidworks.com> =============== Mail Daemon Command Error =============== The line that caused the error was: >UNSUBSCRIBE SHARKS-CHAT CYPHERPUNKS at TOAD.COM: You are not subscribed to sharks-chat at plaidworks.com ==================== For more help, send e-mail to or browse to use our new World Wide Web interface. ==================== Any list commands after the point of error are ignored. If you put a 'signature' on your email, that will cause an error. This can be ignored if you received confirmation of your other commands. ========== Mail Daemon Command Summary ========== The syntax for the most common commands is: (if you aren't sure, get help from the above help sources) SUBSCRIBE listname your name goes here UNSUBSCRIBE listname To turn on DIGEST mode, use: SET listname MAIL DIGEST To turn off DIGEST mode, use: SET listname MAIL ACK ========== If you need more help ========== If you can't make it work, send e-mail to and we'll help you out. From listproc at plaidworks.com Thu Dec 26 14:14:50 1996 From: listproc at plaidworks.com (listproc at plaidworks.com) Date: Thu, 26 Dec 1996 14:14:50 -0800 (PST) Subject: Error Condition Re: Invalid request Message-ID: <199612262215.OAA02672@plaidworks.com> =============== Mail Daemon Command Error =============== The line that caused the error was: >UNSUBSCRIBE SHARKS-TICKETS CYPHERPUNKS at TOAD.COM: You are not subscribed to sharks-tickets at plaidworks.com ==================== For more help, send e-mail to or browse to use our new World Wide Web interface. ==================== Any list commands after the point of error are ignored. If you put a 'signature' on your email, that will cause an error. This can be ignored if you received confirmation of your other commands. ========== Mail Daemon Command Summary ========== The syntax for the most common commands is: (if you aren't sure, get help from the above help sources) SUBSCRIBE listname your name goes here UNSUBSCRIBE listname To turn on DIGEST mode, use: SET listname MAIL DIGEST To turn off DIGEST mode, use: SET listname MAIL ACK ========== If you need more help ========== If you can't make it work, send e-mail to and we'll help you out. From MAILER-DAEMON at Alpha.remcan.ca Thu Dec 26 14:19:34 1996 From: MAILER-DAEMON at Alpha.remcan.ca (Mail Delivery Subsystem) Date: Thu, 26 Dec 1996 14:19:34 -0800 (PST) Subject: Returned mail: User unknown Message-ID: <199612262113.QAA12979@Alpha.remcan.ca> The original message was received at Thu, 26 Dec 1996 16:13:49 -0500 from Dial50.Solutions.Net [204.112.6.160] ----- The following addresses had delivery problems ----- (unrecoverable error) ----- Transcript of session follows ----- ... while talking to plaidworks.com: >>> RCPT To: <<< 550 ... User unknown 550 ... User unknown ----- Original message follows ----- Received: from shawn by Alpha.remcan.ca via SMTP (940816.SGI.8.6.9/940406.SGI.AUTO) for id QAA12978; Thu, 26 Dec 1996 16:13:49 -0500 Return-Path: From: cypherpunks at toad.com Message-Id: <3.0.32.19961226161931.009c09f0 at toad.com> X-Sender: cypherpunks at toad.com (Unverified) X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Thu, 26 Dec 1996 16:19:34 -0600 To: istproc at plaidworks.com Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" UNSUBSCRIBE MINORS UNSUBSCRIBE MINORS-SCORES UNSUBSCRIBE IHL UNSUBSCRIBE BAY-AREA-HOCKEY UNSUBSCRIBE ROLLER-HOCKEY-INTL UNSUBSCRIBE WOMEN-IN-HOCKEY UNSUBSCRIBE GIANTS UNSUBSCRIBE GIANTS-TICKETS UNSUBSCRIBE BASEBALL-CHAT UNSUBSCRIBE SHARKS UNSUBSCRIBE SHARKS-TICKETS UNSUBSCRIBE SHARKS-CHAT UNSUBSCRIBE HOCKEY-CHAT UNSUBSCRIBE DALLAS-STARS UNSUBSCRIBE LA-KINGS UNSUBSCRIBE ONLINE-DRIVE UNSUBSCRIBE PIT-PENGUINS UNSUBSCRIBE MAPLE-LEAFS UNSUBSCRIBE OTT-SENATORS UNSUBSCRIBE PHX-COYOTES UNSUBSCRIBE BHAWKS-L UNSUBSCRIBE COL-AVALANCHE UNSUBSCRIBE HOCKEY-COACHES UNSUBSCRIBE HOCKEY-REFEREES UNSUBSCRIBE CAL-FLAMES UNSUBSCRIBE OAK-ATHLETICS UNSUBSCRIBE HOCKEY-PLAYERS From bdavis at thepoint.net Thu Dec 26 14:25:15 1996 From: bdavis at thepoint.net (Brian Davis) Date: Thu, 26 Dec 1996 14:25:15 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: <199612260701.XAA25145@mail.pacifier.com> Message-ID: On Wed, 25 Dec 1996, jim bell wrote: > At 12:31 AM 12/26/96 -0500, Brian Davis wrote: > > I would argue that if the bank can be forced to help the government enforce > the law, the bank should also become liable for damage done as a consequence > of complying with such requirements. While it's a different area, within > the last few years a decision was made (SC?) that companies which had made > Agent Orange for the US Government during Vietnam can be held liable > (without recourse against the government, apparently) for the damages caused > ex-servicemen for selling dioxin-tained Agent Orange to the government, but > manufactured totally according to government specifications. (and used only > outside the US, under government direction, by government agents, in an > entirely different legal jurisdiction, to boot!) Seemingly, doing > something at the behest of government does not immunize one. The fact that a bank complied with a federal regulation governing the bank is not similar to a business selling a defective product. > > > > > The guy is a lawyer and had > >previously been involved in transactions in which such reports had been > >filed. What is your explanation for the three 3 $9k check request? > > I have none. But then again, I don't have to. Unless "guilty until proven > innocent" has been adopted as a standard of proof in American courts. Do > you know something we don't? Apparently I do. And that is that juries can draw inferences and that lawyers can call attention to possible inferences. His lawyer could argue "no harm, no foul" and the prosecutor could argue that he intended to violate the statute, but got caught. The jury would've then decided the issue, with the government bearing the burden of proof BRD. > BTW, gambling pools like this are supposed to be illegal, aren't they? > Isn't it odd when government seems to stop enforcing laws unless it's > profitable to do so? And the State of California was free to prosecute him. Most crimes are state crimes only; some have both state and federal aspects; others are solely federal crimes. EBD > Jim Bell > jimbell at pacifier.com > From troubled at mailmasher.com Thu Dec 26 14:34:18 1996 From: troubled at mailmasher.com (troubled at mailmasher.com) Date: Thu, 26 Dec 1996 14:34:18 -0800 (PST) Subject: confidential banking? Message-ID: <199612262234.OAA21169@mailmasher.com> I saw a posting on alt.privacy a couple of days ago from 100022.1345 at compuserve.com (Mark Mage) advertising the availability of what he called "the safest kind of bank account legally available", something called "an anonymous 'Sparbuch'" account in Austria. He said "The anonymous account is a bearer's account without a name or, alternatively, may be made out in whatever pseudonym you choose (as long as it is not obscene or otherwise illegal)." I'm not at all familiar with Austrian banking law or this type of account. Would someone tell me if this is worth checking into further? 'Mark Mage' says these accounts usually cost $200 - $400 to set up, but he's asking "considerably less". From troubled at mailmasher.com Thu Dec 26 14:34:38 1996 From: troubled at mailmasher.com (troubled at mailmasher.com) Date: Thu, 26 Dec 1996 14:34:38 -0800 (PST) Subject: confidential banking? Message-ID: <199612262234.OAA21192@mailmasher.com> I saw a posting on alt.privacy a couple of days ago from 100022.1345 at compuserve.com (Mark Mage) advertising the availability of what he called "the safest kind of bank account legally available", something called "an anonymous 'Sparbuch'" account in Austria. He said "The anonymous account is a bearer's account without a name or, alternatively, may be made out in whatever pseudonym you choose (as long as it is not obscene or otherwise illegal)." I'm not at all familiar with Austrian banking law or this type of account. Would someone tell me if this is worth checking into further? 'Mark Mage' says these accounts usually cost $200 - $400 to set up, but he's asking "considerably less". From troubled at mailmasher.com Thu Dec 26 14:35:32 1996 From: troubled at mailmasher.com (troubled at mailmasher.com) Date: Thu, 26 Dec 1996 14:35:32 -0800 (PST) Subject: confidential banking? Message-ID: <199612262235.OAA21415@mailmasher.com> I saw a posting on alt.privacy a couple of days ago from 100022.1345 at compuserve.com (Mark Mage) advertising the availability of what he called "the safest kind of bank account legally available", something called "an anonymous 'Sparbuch'" account in Austria. He said "The anonymous account is a bearer's account without a name or, alternatively, may be made out in whatever pseudonym you choose (as long as it is not obscene or otherwise illegal)." I'm not at all familiar with Austrian banking law or this type of account. Would someone tell me if this is worth checking into further? 'Mark Mage' says these accounts usually cost $200 - $400 to set up, but he's asking "considerably less". troubled at mailmasher.com From dlv at bwalk.dm.com Thu Dec 26 14:41:43 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 26 Dec 1996 14:41:43 -0800 (PST) Subject: Fan mail from cocksucker John Gilmore and his friends In-Reply-To: <3.0.16.19961226093417.506f2fb4@pop.netaddress.com> Message-ID: I suspect that most of the cretins who shill for Timmy May and don't otherwise say anything are actually his tenticles. (He has no testicles.) >Received: (qmail 2304 invoked by uid 0); 26 Dec 1996 14:41:12 -0000 >Received: from stm-ct7-09.ix.netcom.com (205.184.161.41) by netaddress.usa.net via mtad (2.0) on Thu Dec 26 07:41:10 1996 (-700) >Message-Id: <3.0.16.19961226093417.506f2fb4 at pop.netaddress.com> >X-Sender: iverson at pop.netaddress.com >X-Mailer: Windows Eudora Pro Version 3.0 (16) >Date: Thu, 26 Dec 1996 09:35:12 -0500 >To: dlv at bwalk.dm.com >From: Casey Iverson >Subject: A new beginning >Mime-Version: 1.0 >Content-Type: text/plain; charset="us-ascii" > >At 12:11 AM 12/26/96 -0800, the asshole russian mutant, who thinks we >don't know he is posting this shit anonymously, spewed out: > >>Tim C[unt] May styles his facial hair to look more like pubic hair. > >Just remember dick brain, what goes around, comes around. > >*Your* time is near. > From alexc at firefly.net Thu Dec 26 14:48:58 1996 From: alexc at firefly.net (Alexander Chislenko) Date: Thu, 26 Dec 1996 14:48:58 -0800 (PST) Subject: IDEA: "Site Cloaking" Technology Message-ID: <3.0.32.19961226175522.00a01230@pop.firefly.net> Anybody would care to comment on this? At 11:43 AM 12/26/96 -0800, Chris Hind wrote on the Extropian list: >A few weeks ago, I came up with this idea for a new technique I like to >call "Site Cloaking". It's possible to create a Perl CGI script that would >grab a file or webpage from another site & display it for the user without >telling the user the original location like a proxy. This way you could put >a CGI script on your website with links to country-specific censored texts >or webpages and not tell anyone the site locations so that they can't shut >them down. A person could put up a so-called subversive webpage in that >specific country and tell this proxy the address and thus protect the site >without giving out it's real address forcing the ISPs in that country to >scan ALL WEBPAGES on their servers making the process more difficult. You >could put up any so-called subversive and censored information on your >webpage and people could access them without getting shutdown because only >the CGI script would know where the source site is and you could even >cipher the script's site list so even the owner of the proxy website can't >locate the sites. You could then have a website or even a web search tool >where you'd load all these sites into and acquire even more sites because >you'd be offering protection and the sites would stay up indefinately. If >the FEDS get pissed, simply wipe the file and the list is gone but the >sites remain. > >A person I talked to over IRC claimed that a CGI Perl script such as this >isn't all that difficult to do but I myself have zero experience in >programming Perl. Perhaps someone on this list who can program in Perl can >try it? > >"Some people dream about worthy accomplishments while others stay > awake and do them." > >----------------------------------------------------------------------- >Chris Hind (chind at juno.com) Upward, Outward, ACTION! >NeoReality (Personal) http://www.geocities.com/CapeCanaveral/6810/ >Ethereal Outlook (Extropian) >http://www.geocities.com/CapeCanaveral/6810/outlook.htm > > This seems complimentary to anonymous browsing (e.g., www.anonymizer.com). I doubt that ciphering the site list can assure that the site can't be found, as somebody could match incoming and outgoing requests. A chain of "Anonymous Rewebbers" / Recloakers could help here. An important thing here would be to make sure that the search engines can still find the sites. Other difficulties would be caching and getting credits for ads. Do you think it's worth doing? --------------------------------------------------------------------------- Alexander Chislenko Home page: Firefly Website recommendations: ---> "Firefly" --------------------------------------------------------------------------- From Fuji4 at ix.netcom.com Thu Dec 26 15:13:50 1996 From: Fuji4 at ix.netcom.com (Fuji4 at ix.netcom.com) Date: Thu, 26 Dec 1996 15:13:50 -0800 (PST) Subject: Earn Extra Income Message-ID: <199612262312.PAA27812@dfw-ix4.ix.netcom.com> Fuck_You_Nerds, EARN EXTRA INCOME NOW!!!!! WORK AT HOME REFER ONLY - NO SELLING $500.-$1000 PER REFERRAL NOT MLM OUR PRODUCT "CHANGEMASTERS" A COMPREHENSIVE PROGRAM CONSISTING OF: Audiocassette and life-changing information in text and workbook form (3 segments), serving as a roadmap, blue- print and a scientific model to achieve rapid, reliable predictable and permanent results necessary to succeed in life. Particular focus is given to strategies and solutions sought for by the entrepreneur or someone wishing to start down the road to financial success, as well as those people who simply wish to be more productive and enhance their value in the workplace. Includes a weekly "live forum" hosted by a consultant who is there to give you valuable insight and direction regarding this program and income opportunity or to advise you on your own business and success building. This forum is via a national teleconference. FOR MORE EXCITING INFORMATION, E-MAIL FUJI4 at IX.NETCOM.COM From sunshine at kcii.com Thu Dec 26 15:19:26 1996 From: sunshine at kcii.com (sunshine at kcii.com) Date: Thu, 26 Dec 1996 15:19:26 -0800 (PST) Subject: Create Prospects Daily! Watch Your Business Explode! Message-ID: <199612262331.SAA04391@server.kcii.com> Fuck_You_Nerds, I thought this might interest you. DON'T PAY ANYBODY FOR E-MAIL NAMES!! You can extract your own with our software. No matter what you are marketing, you need prospects. Our system can allow you to reach all the prospecst you can handle. And even more exciting is you don't have to BUY addresses, our software extracts them from anywhere on the internet!! I presently have over 400 responses in my mail folder, and every few minutes or sooner I receive more responses. Find out why we are all so excited about our results. Send a blank e-mail to star-yvonnegarcia-netcontact at nicers.com and you will have the information sent to you. NO PROSPECTS = NO SALES!! Have a great day, Yvonne Garcia P.S. Also FREE ELECTRONIC MARKETING TRAINING AND SUPPORT GROUP AVAILABLE. AND FREE AUTORESPONDERS! This is YOUR KEY to successful Internet Marketing! From varange at crl.com Thu Dec 26 15:40:36 1996 From: varange at crl.com (Troy Varange) Date: Thu, 26 Dec 1996 15:40:36 -0800 (PST) Subject: Vandalism in New York City In-Reply-To: <$m2n2805-.sTZiZD110w165w@bwalk.dm.com> Message-ID: > Xmas day vandals overturned 75 headstones in the Calvary > Cemetry in Long Island City, near the residence of Earthweb's > associate network administator Ray "Arsenic" Arachelian. So? New York City is so culturally ugly vandalism can only improve it. -- Cheers! From gen2600 at aracnet.com Thu Dec 26 15:42:20 1996 From: gen2600 at aracnet.com (Genocide) Date: Thu, 26 Dec 1996 15:42:20 -0800 (PST) Subject: Unix Passwd In-Reply-To: Message-ID: Mygod, please tell me you are saying this as a joke... On Thu, 26 Dec 1996, Fyodor Yarochkin wrote: > > Anyone has any success in breaking this? > -f > Genocide Head of the Genocide2600 Group ============================================================================ **Coming soon! www.Genocide2600.com! ____________________ *---===| |===---* *---===| Genocide |===---* "You can be a king or a street *---===| 2600 |===---* sweeper, but everyone dances with the *---===|__________________|===---* Grim Reaper." Email: gen2600 at aracnet.com Web: http://www.aracnet.com/~gen2600 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ It is by caffeine alone that I set my mind in motion. It is by the Mountain Dew that the thoughts acquire speed, the lips acquire stains, the stains become a warning. It is by caffeine alone that I set my mind in motion. ================================================================================ From robroy at flinet.com Thu Dec 26 16:06:04 1996 From: robroy at flinet.com (robroy at flinet.com) Date: Thu, 26 Dec 1996 16:06:04 -0800 (PST) Subject: Repair " YOUR OWN " Credit ! Message-ID: <199612270006.TAA21092@shell.flinet.com> CREDIT REBUILDING OF AMERICA * REBUILD YOUR OWN CREDIT* PLEASE FORGIVE THIS E-MAIL INTRUSION BUT IF YOU CAN USE THIS SERVICE? PLEASE KEEP READING!! Have you ever been turned down after you applied for a credit card, department store card, or a gas credit card, or that new car you have wanted? The reason was probably because of something the creditor found on your credit report. Thousands of people are denied credit every day because of something that appears on their credit report that is not correct , OR they would like removed from their credit report for good!! There are many companies out there that can remove tems on your credit report but want to charge you any where from $300.00 to $1,000.00 . BE CAREFUL, most of these companies can�t do anything to repair your credit that you can�t do yourself with my �CREDIT REPAIR PACKET�. Once I found out just how the " BIG " companies were doing this, I put all the information down on a simple twelve step process. ** DO IT YOURSELF ** why pay their high prices to repair your credit, when you can do it yourself for only $19.95 plus 2.95 for S&H. I spent over two years to perfect this process, and if followed to the letter, it will work!!! HAVE the new car you want, the credit cards you want. You don�t have to wait SEVEN to TEN_YEARS for these items to be taken off your credit reprot. DO IT YOUR SELF!! and feel GOOD AGAIN!! Just send your check or money orker to: Robert C. Roy, Jr. P.O. Box 1052 Delray Beach, Fl. 33447-1052 I will send you by return mail the complete twelve step packet so you can get started RIGHT NOW!! SEND NOW!! due to the unbelievable responce for this packet the introductory price of $19.95 (+) $2.95 S&H, will not last long! HAVE A �GREAT DAY�! & THANK YOU FOR YOUR TIME AND ORDER!! Timing is everything... I'm making $2000+ per week in MLM after only 4 weeks. I'll train you how. Be 1st in your area. Call live conference call Mondays 9pm Eastern Time: 1-800-000-0000. If you like what you hear and are serious about making money call Sandy 000-000-0000, or email you at youraddress.com From sunder at brainlink.com Thu Dec 26 16:31:38 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Thu, 26 Dec 1996 16:31:38 -0800 (PST) Subject: Vandalism in New York City In-Reply-To: Message-ID: On Wed, 25 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > Xmas day vandals overturned 75 headstones in the Calvary Cemetry in Long > Island City, near the residence of Earthweb's associate network administator > Ray "Arsenic" Arachelian. Oh, I see you've been busy over the Christmas holiday. Lemme guess, you were bored or sending anonymous spams about Tim and needed some physical excercise for once, so you left your 67-67 Burns Street #4K, Forest Hills NY 11375 (718) 261-6839 apartment to work out? Or perhaps you were looking for a hot date? Wheee... =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From sunder at brainlink.com Thu Dec 26 16:50:06 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Thu, 26 Dec 1996 16:50:06 -0800 (PST) Subject: Vulis strikes again? Message-ID: wheee, looks like KOTM subscribed us to a shitload of mailing lists... Having fun Herr Doktor? =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= ---------- Forwarded message ---------- Date: Thu, 26 Dec 1996 11:13:57 -0800 From: sharks-chat at plaidworks.com To: cypherpunks at toad.com Cc: list-errors at plaidworks.com Subject: Error Condition Re: The mail server has identified an administrative command in your message. DO NOT SEND ADMINISTRATIVE COMMANDS TO THE LIST. All server commands should be sent to listproc at plaidworks.com. If you did not intend to send an administrative command, then you'll need to rewrite your message to avoid the command words UNSUBSCRIBE that are causing listproc to trap your message. For help, send email to address info at plaidworks.com ------------------------------------------------------------------------------- unsubscribe From toto at sk.sympatico.ca Thu Dec 26 16:56:14 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Thu, 26 Dec 1996 16:56:14 -0800 (PST) Subject: [Fwd: F*$%K plaidworks.com] Message-ID: <32C33B0D.7E86@sk.sympatico.ca> An embedded message was scrubbed... From: unknown sender Subject: no subject Date: no date Size: 696 URL: From jya at pipeline.com Thu Dec 26 17:15:57 1996 From: jya at pipeline.com (John Young) Date: Thu, 26 Dec 1996 17:15:57 -0800 (PST) Subject: RUL_let Message-ID: <1.5.4.32.19961227011159.006ccc98@pop.pipeline.com> 12-24-96. "New encryption export rules probably won't be issued until early next week" Rules probably won't be issued until just a day or 2 before they go into effect on January 1, officials said Monday. Greg Simon said section of rules requiring detailed business plans from encryption companies is likely to be changed. [Markoff wrote last week the rules were due out December 22; any sightings?] ----- RUL_let (3 kb) From jimbell at pacifier.com Thu Dec 26 17:30:13 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 26 Dec 1996 17:30:13 -0800 (PST) Subject: Legality of requiring credit cards? Message-ID: <199612270130.RAA14252@mail.pacifier.com> At 05:24 PM 12/26/96 -0500, Brian Davis wrote: > >On Wed, 25 Dec 1996, jim bell wrote: > >> At 12:31 AM 12/26/96 -0500, Brian Davis wrote: >> >> I would argue that if the bank can be forced to help the government enforce >> the law, the bank should also become liable for damage done as a consequence >> of complying with such requirements. While it's a different area, within >> the last few years a decision was made (SC?) that companies which had made >> Agent Orange for the US Government during Vietnam can be held liable >> (without recourse against the government, apparently) for the damages caused >> ex-servicemen for selling dioxin-tained Agent Orange to the government, but >> manufactured totally according to government specifications. (and used only >> outside the US, under government direction, by government agents, in an >> entirely different legal jurisdiction, to boot!) Seemingly, doing >> something at the behest of government does not immunize one. > >The fact that a bank complied with a federal regulation governing the >bank is not similar to a business selling a defective product. Wrong. They're not _identical_, but on the other hand it is indeed similar in many respects. Remember, "complying with a federal regulation" is actually a misleading statement: If _any_ leeway is allowed in how to "comply," the organization involved is, presumably, liable for the exercise of that freedom. Or, at least, they should be if the rules were followed. While admittedly this is an off-the-wall example, if a bank reported these transactions by sending them by car driven by a license-free 16-year old, and he lost control and killed a dozen people in a crowd, the fact that the bank "was complying with a federal regulation" wouldn't save them from hefty liability. Jim Bell jimbell at pacifier.com From sandfort at crl.com Thu Dec 26 18:11:32 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 26 Dec 1996 18:11:32 -0800 (PST) Subject: confidential banking? In-Reply-To: <199612262234.OAA21192@mailmasher.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Thu, 26 Dec 1996 troubled at mailmasher.com wrote: > I saw a posting on alt.privacy a couple of days ago from > 100022.1345 at compuserve.com (Mark Mage) advertising the > availability of what he called "the safest kind of bank > account legally available", something called "an anonymous > 'Sparbuch'" account in Austria. > ... > I'm not at all familiar with Austrian banking law or this type > of account. Would someone tell me if this is worth checking > into further? 'Mark Mage' says these accounts usually cost > $200 - $400 to set up, but he's asking "considerably less". The trouble with sparbuchs is that they are legally available only to Austrians. The answer to this given by promoters is that since no ID can be required of Austrians and the passbook is in essence a bearer instrument, the law cannot be enforced. As far as I can tell, though, one would really need to handle one's business through an Austrian to keep from having to answer embarrassing questions. In addition, I personally would not do business with Mark Mage. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From shamrock at netcom.com Thu Dec 26 18:27:55 1996 From: shamrock at netcom.com (Lucky Green) Date: Thu, 26 Dec 1996 18:27:55 -0800 (PST) Subject: RUL_let Message-ID: <3.0.32.19961226182821.006b625c@netcom13.netcom.com> At 08:11 PM 12/26/96 -0500, John Young wrote: >12-24-96. > >"New encryption export rules probably won't be issued until early >next week" > > Rules probably won't be issued until just a day or 2 before they > go into effect on January 1, officials said Monday. Good move on part of the USG. It will keep public discussion to a minimum. -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://www.mersenne.org/prime.htm From jlucas4 at capital.edu Thu Dec 26 20:15:12 1996 From: jlucas4 at capital.edu (Jesse Lucas) Date: Thu, 26 Dec 1996 20:15:12 -0800 (PST) Subject: UNIX talk and write source... Message-ID: <9612270417.AA06960@gemini.capital.edu> Fellows, Anyone know if and where the source code for UNIX talk and write (or the equivalent Linux) commands are to be found? Anyone have any terminal to terminal communication code that they've written that they wouldn't mind parting with? Jay oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo o )\ _. - ._.) = Jesse Lucas - jlucas4 at capital.edu o 1 /. `- ' ( `--' : http://www.geocites.com/collegepark/7332 1 1 `- , ) - > ) \ : "I cut off their heads and, like heaps of grain,1 o (.' \) (.' -. = I piled them up." - Assyrian Ruler o oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo From troubled at mailmasher.com Thu Dec 26 20:20:29 1996 From: troubled at mailmasher.com (troubled at mailmasher.com) Date: Thu, 26 Dec 1996 20:20:29 -0800 (PST) Subject: multiplicity Message-ID: <199612270420.UAA10292@mailmasher.com> Just great! The first message I send to this mailing list and somehow multiple copies of it get posted. I honestly don't know how it happened, but I'll try to be very careful in the future and watch for anything I might have carelessly done which could have caused this. Please accept humble newbie apologies. From markm at voicenet.com Thu Dec 26 20:44:32 1996 From: markm at voicenet.com (Mark M.) Date: Thu, 26 Dec 1996 20:44:32 -0800 (PST) Subject: IDEA: "Site Cloaking" Technology In-Reply-To: <3.0.32.19961226175522.00a01230@pop.firefly.net> Message-ID: On Thu, 26 Dec 1996, Alexander Chislenko wrote: > This seems complimentary to anonymous browsing (e.g., www.anonymizer.com). > I doubt that ciphering the site list can assure that the site can't > be found, as somebody could match incoming and outgoing requests. > A chain of "Anonymous Rewebbers" / Recloakers could help here. > An important thing here would be to make sure that the search engines can > still find the sites. Other difficulties would be caching and getting > credits for ads. > > Do you think it's worth doing? This sounds a lot like Ray Cromwell's program, "decense". It's more or less the web equivalent of the penet remailer. It is possible to attack even if requests and responses are encrypted with traffic analysis. The main objective of such a system would be to make it very difficult to match a "real" URL with the "anonymous" one, but not virtually impossible. Encrypting the site list won't help because the key would have to be stored somewhere on the system. Many web servers have a security hole in them where the source code for a CGI script can be requested instead of actually executing the script. It's not a good idea to assume that the executable will not be readable by anyone. Decense is available at http://www.clark.net/pub/rjc/decense.html Mark -- finger -l for PGP key PGP encrypted mail prefered. 0xf9b22ba5 now revoked From cypherpunks at toad.com Thu Dec 26 21:02:22 1996 From: cypherpunks at toad.com (Shit F. Brains) Date: Thu, 26 Dec 1996 21:02:22 -0800 (PST) Subject: Shit F. Brains In-Reply-To: <32C37289.3C13@toad.com> Message-ID: <32C37456.46E4@toad.com> Shit F. Brains wrote: > > You don't say! From bdolan at USIT.NET Thu Dec 26 21:15:59 1996 From: bdolan at USIT.NET (Brad Dolan) Date: Thu, 26 Dec 1996 21:15:59 -0800 (PST) Subject: RUL_let In-Reply-To: <3.0.32.19961226182821.006b625c@netcom13.netcom.com> Message-ID: On Thu, 26 Dec 1996, Lucky Green wrote: > At 08:11 PM 12/26/96 -0500, John Young wrote: > > > >"New encryption export rules probably won't be issued until early > >next week" > > > > Rules probably won't be issued until just a day or 2 before they > > go into effect on January 1, officials said Monday. > > Good move on part of the USG. It will keep public discussion to a minimum. > An acquaintance of mine moved here from Germany after the war. She says that, from her family's perspective, the first clear sign that things were seriously going to hell was that Hitler and his friends started issuing proclamations, effective almost immediately, dictating something else you could or could not do. Later, the proclamations were made during the night and were effective instantly. fwiw. bd From vznuri at netcom.com Thu Dec 26 21:19:23 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Thu, 26 Dec 1996 21:19:23 -0800 (PST) Subject: cryptoanarchy In-Reply-To: Message-ID: <199612270519.VAA24202@netcom11.netcom.com> omegaman taunts me to rant about cryptoanarchy. frankly I find it tiresome given its originator repeatedly refuses to answer point-blank questions about key aspects of it. lacking this, I fail to take it seriously, given nobody else has a similar idea. >THESIS:The deconstruction of democracy enabled by the inevitable genesis of >cryptoanarchy will result in a more just (fair?) society. actually TCM tends to avoid talking about the demise of democracy to avoid spilling his real opinions on it, namely that it is a pile of crap that has corrupted civilization. this from someone who likes to wrap himself in the constitution when the issue is free speech or something else like that. >Brutality amongst human beings has little to do with what type of >government (or lack thereof) we have established. bzzzzzzt, history readily denies this. Nor is brutality >inevitable amongst human beings; governments have little or no affect on how >individuals think and behave. bzzzzzt, history readily denies this. but again it is amusing to see the patently incorrect assertions that cryptoanarchists embrace and flout. >1) Do you agree that these things are an inevitable consequence of anonymous >untraceable payment systems? murder, assassination, kidnapping, they all already exist. I am dubious that the existence of anonymous payments will change much in this area. I don't think it will become any more prevalent. what TCM seems to imply in much of his writing, but fails to outrightly assert because he's such a weasel, is that the world would be a *better*place* with all these things, which I vehemently reject. >2) Do you agree then that all it would take is just one? Or could one alone >be stopped or controlled? how? it is not so much the point that these things can happen, that I am debating, but that they are inevitable and even something to look forward to that I think mark TCM as a wacko. >3) How can these bad things be prevented with an anonymous untraceable >payment system? terrorism has existed for centuries, and will continue to exist. it cannot be prevented, in a sense, and in another way, it can be minimized. it's not a black or white issue as feebleminded people would like to portray it as. I'm in favor of anonymous cash, but I am also in favor of social/legal mechanisms to minimize its subversive impact. note that "not dealing with kidnappers or terrorists" is one such approach that does not involve police. consider this: the cash is normally anonymous, but the govt would have the ability to "tag" it in special circumstances, such as the way stolen money from banks may explode red ink over the culprit. the fact that cpunks would totally reject any such reasonable compromise I find highly repellent. From dlv at bwalk.dm.com Thu Dec 26 21:30:28 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 26 Dec 1996 21:30:28 -0800 (PST) Subject: Ray Arachelian's typical Armenian spam and sabotage Message-ID: Someone should unsubscrive -- apparently Ray's tentacle that sends whatever it receives back to "cypher punks" (spit). --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From cypherpunks at toad.com Thu Dec 26 21:40:41 1996 From: cypherpunks at toad.com (Shit F. Brains) Date: Thu, 26 Dec 1996 21:40:41 -0800 (PST) Subject: Mark Mage is a Thief In-Reply-To: <199612262235.OAA21415@mailmasher.com> Message-ID: <32C37D57.2AE4@toad.com> troubled at mailmasher.com wrote: > > I saw a posting on alt.privacy a couple of days ago from > 100222.1435 at compuserve.com (Mark Mage) advertising the > availability of what he called "the safest kind of bank > account legally available", something called "an anonymous > 'Sparbuch'" account in Austria. Dear Troubled, The guy's a fucking thief, from what I've heard. It seems the FBI is looking for him for a nasty number he pulled on some retired people, ripping off their life savings. He seems to have the IRS after him, as well. I'd steer clear of him. He's bad news. SFB From zachb at netcom.com Thu Dec 26 22:00:40 1996 From: zachb at netcom.com (Z.B.) Date: Thu, 26 Dec 1996 22:00:40 -0800 (PST) Subject: Vulis strikes again? In-Reply-To: Message-ID: On Thu, 26 Dec 1996, Ray Arachelian wrote: > wheee, looks like KOTM subscribed us to a shitload of mailing lists... > Having fun Herr Doktor? > Not only that, but he's probably posting those messages that begin with Fuck_You_Nerds...those appear regularly on alt.revenge, where he is a semi-frequent poster. Zach Babayco zachb at netcom.com <-------finger for PGP public key If you need to know how to set up a mail filter or defend against emailbombs, send me a message with the words "get helpfile" (without the " marks) in the SUBJECT: header, *NOT THE BODY OF THE MESSAGE!* I have several useful FAQs and documents available. From Jessica_Jewett at efcom.wolfe.net Thu Dec 26 22:34:49 1996 From: Jessica_Jewett at efcom.wolfe.net (Jessica Jewett) Date: Thu, 26 Dec 1996 22:34:49 -0800 (PST) Subject: Ignore: S*P*A*M Bait Message-ID: <428584959.13635319@efcom.uucp> Fuck_You_Nerds,cypherpunks at toad.com,Internet writes: Why are you reading this? Are you a spammer? STOP the messages! They're annoying! ~Jessica a.k.a Phoebe~ From bubba at eunuchs.com Thu Dec 26 22:39:40 1996 From: bubba at eunuchs.com (Bubba Rom Dos) Date: Thu, 26 Dec 1996 22:39:40 -0800 (PST) Subject: Uncle Rob is going to Jail! In-Reply-To: <199612270006.TAA21092@shell.flinet.com> Message-ID: <32C38A4A.4253@eunuchs.com> robroy at flinet.com wrote: > Subject: > Repair " YOUR OWN " Credit ! > From: > robroy at flinet.com > To: > pamelabrd.aol.com > Cc: samantha at aol.com,junepolk at aol.com,maryphil at aol.com, > mariette at aol.com,phylisjc at aol.com > > Dear Little Girl, > My name is Uncle Rob. I have a big, fat, juicy cock. > Would you like to suck on Uncle Rob's dick? > Write me, soon. > Uncle Rob Dear 'Uncle Rob', I don't know what kind of sick pervert you are, but I have contacted my service provider, and they are contacting 'your' service provider, as well as the FBI and the FCC. Don't bother replying to this email, as my service provider is blocking all of your mailings, forthwith, to this service. They will be seeing to it that filth purveyors such as yourself are banished from the WWW. You Sick Bastard, BRD From bubba at eunuchs.com Thu Dec 26 23:10:13 1996 From: bubba at eunuchs.com (Bubba Rom Dos) Date: Thu, 26 Dec 1996 23:10:13 -0800 (PST) Subject: [Fwd: Re: ANIMAL SEX] Message-ID: <32C39246.510B@eunuchs.com> An embedded message was scrubbed... From: unknown sender Subject: no subject Date: no date Size: 1254 URL: From jwest at eskimo.com Thu Dec 26 23:31:52 1996 From: jwest at eskimo.com (John H West) Date: Thu, 26 Dec 1996 23:31:52 -0800 (PST) Subject: Repair " YOUR OWN " Credit ! In-Reply-To: <199612270006.TAA21092@shell.flinet.com> Message-ID: <32C37B93.5DCD@eskimo.com> Good folks who already have too much to read: I encourage that everyone who gets spam like that which follows forward the original message BACK TO THE SENDER (several times) demanding to know "what the hell does this have to do with cryptology, spammer ??" attached to the * end * of their quoted text. Hopefully, the response that they receive will be "overwhelming" :) If (s)he has to search through every message looking for "good replies," then they may be less inclined to solicit for such a voluminous response in the future. john seattle -- robroy at flinet.com wrote: > > CREDIT REBUILDING OF AMERICA > * REBUILD YOUR OWN CREDIT* > > PLEASE FORGIVE THIS E-MAIL INTRUSION BUT IF YOU CAN USE THIS SERVICE? PLEASE KEEP > READING!! > > Have you ever been turned down after you applied for a credit card, > department store card, or a gas credit card, or that new car you have > wanted? > The reason was probably because of something the creditor found on > your credit report. > Thousands of people are denied credit every day because of something that > appears on their credit report that is not correct , OR they would like > removed from their credit report for good!! > There are many companies out there that can remove tems on your credit > report but want to charge you any where from $300.00 to $1,000.00 . > BE CAREFUL, most of these companies can�t do anything > to repair your credit that you can�t do yourself with my > �CREDIT REPAIR PACKET�. > Once I found out just how the " BIG " companies were doing this, > I put all the information down on a simple twelve step process. > ** DO IT YOURSELF ** why pay their high prices to repair your > credit, when you can do it yourself for only $19.95 plus 2.95 for S&H. > I spent over two years to perfect this process, and if followed to the > letter, it will work!!! > HAVE the new car you want, the credit cards you want. > You don�t have to wait SEVEN to TEN_YEARS for these items to be > taken off your credit reprot. > DO IT YOUR SELF!! and feel GOOD AGAIN!! > Just send your check or money orker to: > > Robert C. Roy, Jr. > P.O. Box 1052 > Delray Beach, Fl. 33447-1052 > > I will send you by return mail the complete twelve step packet so you > can get started RIGHT NOW!! > SEND NOW!! due to the unbelievable responce for this packet > the introductory price of $19.95 (+) $2.95 S&H, will not last long! > HAVE A �GREAT DAY�! & > THANK YOU FOR YOUR TIME AND ORDER!! > Timing is everything... I'm making $2000+ per week > in MLM after only 4 weeks. I'll train you how. > Be 1st in your area. Call live conference call > Mondays 9pm Eastern Time: 1-800-000-0000. > > If you like what you hear and are serious about making > money call Sandy 000-000-0000, or email you at youraddress.com -- /************************************************/ /***** DARE: To Keep the CIA off Drugs *****/ /************************************************/ From zerofaith at geocities.com Thu Dec 26 23:42:16 1996 From: zerofaith at geocities.com (pSIONIC dAMAGE) Date: Thu, 26 Dec 1996 23:42:16 -0800 (PST) Subject: UNIX talk and write source... Message-ID: <199612270741.XAA28483@geocities.com> I can check and let you know, I just got linux 4 christmas. w/source, mostly. > >----------geoboundary > > > > >Fellows, > > Anyone know if and where the source code for UNIX talk and write (or the >equivalent Linux) commands are to be found? Anyone have any terminal to >terminal communication code that they've written that they wouldn't mind >parting with? > > Jay > >oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo >o )\ _. - ._.) = Jesse Lucas - jlucas4 at capital.edu o >1 /. `- ' ( `--' : http://www.geocites.com/collegepark/7332 1 >1 `- , ) - > ) \ : "I cut off their heads and, like heaps of grain,1 >o (.' \) (.' -. = I piled them up." - Assyrian Ruler o >oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo > >----------geoboundary-- > pSIONIC dAMAGE Zer0 Faith Inc. www.geocities.com/SiliconValley/Heights/2608 H/P/A/V/C ANTIVIRUS/COUNTERSECURITY "ONLY THE ELITE SURVIVE!" From haystack at cow.net Thu Dec 26 23:47:19 1996 From: haystack at cow.net (Bovine Remailer) Date: Thu, 26 Dec 1996 23:47:19 -0800 (PST) Subject: Skipjack cipher deciphered Message-ID: <9612270731.AA10007@cow.net> Provided without proof: Skipjack is an elliptic curve cipher. -Anonymous From admin at veracruz.net Fri Dec 27 00:04:31 1996 From: admin at veracruz.net (Adam Breaux) Date: Fri, 27 Dec 1996 00:04:31 -0800 (PST) Subject: (Fwd) Re: Bad Idea Message-ID: <19961227080555694.AAA268@monalisa> Good News Folks!! ----- As far as I can tell, cypherpunks wasn't subscribed to anything. What happened instead was someone started forging email in the name of the list's submission address to various of my mailbots, which simply send an informational e-mail back. If they HAD spammed it onto a list, it'd be easier,b ecause I have some anti-spamming stuff in place, plus full logging on where requests come from. I haven't had that on the mailbots before now, because nobody's done this before that i know of. Guess I'm spending the next few days closing this loophole... Sorry for the inconvenience. I'll clean this up as soon as I can, or at least get logging in place to see where it's coming from, because honestly, this one's a tough one to fix without just shutting down the services. And frankly, if someone's starting to use mailbots to spam, lists are in big trouble, because there are zillions of those out there. Most systems, for instance, have "info at xxxxx" addresses, all of which would do exactly what my mailbots are doing. chuq At 5:23 PM -0800 12/26/96, admin at veracruz.net wrote: >This service is a bad idea...it has been used to e-mail bomb the >mailing list cypherpunks at toad.com. There was no verification message >to make sure we wanted to be on this service. Please make an effort to >correct this immediately. > > >-- >This record generated from address: "206.205.234.41". >This record generated at "6:22:00 PM" on "Thursday, December 26, 1996". > >The browser is "Mozilla/3.01 (Win95; I)" browser. >The referrer was >"http://www.plaidworks.com/NetForms.acgi$/ListAdmin/submit.fdml". -- Chuq Von Rospach (chuq at solutions.apple.com) Software Gnome Apple Server Marketing Webmaster Plaidworks Consulting (chuqui at plaidworks.com) ( +-+ The home for Hockey on the net) I got no name or number/ I just hand out the lumber. But if I get a chance to play/ I'm going to show 'em. -- Stick Boy (The Hanson Brothers, SUDDEN DEATH) --- Adam Breaux admin at veracruz.net http://www.veracruz.net {Corporate Page } http://www.abyss.com {Extracurricular} http://www.iso-america.com {In Search Of...} "Violence is a cruel world doing what it does best...break the habit...BE NICE" --- me. From fygrave at freenet.bishkek.su Fri Dec 27 00:11:17 1996 From: fygrave at freenet.bishkek.su (Fyodor Yarochkin) Date: Fri, 27 Dec 1996 00:11:17 -0800 (PST) Subject: UNIX talk and write source... In-Reply-To: <9612270417.AA06960@gemini.capital.edu> Message-ID: On Thu, 26 Dec 1996, Jesse Lucas wrote: > Anyone know if and where the source code for UNIX talk and write (or the > equivalent Linux) commands are to be found? Anyone have any terminal to > terminal communication code that they've written that they wouldn't mind > parting with? yes.. I met the same problem.. Itried to find out where is passwd and login sources.. and as CD mark says, all the sources i could find on the cd.. but suddenly i didn't..:( any advices? From fygrave at freenet.bishkek.su Fri Dec 27 00:21:37 1996 From: fygrave at freenet.bishkek.su (Fyodor Yarochkin) Date: Fri, 27 Dec 1996 00:21:37 -0800 (PST) Subject: Error Condition Re: Invalid request In-Reply-To: <199612262213.OAA02591@plaidworks.com> Message-ID: what the f$%^#$$# shit.. I can not get?.. did some Crazy Idiot subscirbed cypherpunks to those Sport-Crappy lists? today morning i found a handred of stupid sport related ml.. anyone can explain me wuzzup? Thank you for your attention,... On Thu, 26 Dec 1996 listproc at plaidworks.com wrote: > Date: Thu, 26 Dec 1996 14:13:18 -0800 > From: listproc at plaidworks.com > To: cypherpunks at toad.com > Cc: list-errors at plaidworks.com > Subject: Error Condition Re: Invalid request > From peggyhn at isp-inter.net Fri Dec 27 02:38:15 1996 From: peggyhn at isp-inter.net (peggyhn at isp-inter.net) Date: Fri, 27 Dec 1996 02:38:15 -0800 (PST) Subject: Want Your Biz To EXPLODE In 1997? Message-ID: <19961227102324767.AKE64@ppjzako> Fuck_You_Nerds, Hello and Happy Holidays! I thought you might be interested in some information to help you build your business to new heights!! It will sure help 1997 to be the VERY best yet!! I love to bulk email, and I was using Floodgate. I just loved it! Then I came across something brand new that has Floodgate put to shame! This software will almost eliminate "flames" by using personalization in the email address, (no more "suppressed" list), putting in their first and/or last name, reminding you when to follow up, extracts addresses from AOL without even having to belong to AOL, plus so much more! They are even having a HOLIDAY SALE! $100 off regular price until Jan. 5th. So this is a GREAT time to try out the free demo and see what you think! For further information, just reply back and ask for "NO FLAME" Info! I will let you know where you can download the demo and try it for FREE!! I don't sell this, I just think it's the most awesome online marketing tool I have ever seen! Also, FYI, the seller offers people who have purchased Net Contact a $165 referal fee, so if you are concerned about money, you can get a free auto-responder and use it to pay for Net Contact!! ( You will also receive FREE training and support!! This is found NO where else!!) For instant information, email: star-peggyhendricks-netcontact at nicers.com Happy Holidays!! Peggy Hendricks P.S. Remember the HOLIDAY SALE! It will be over January 5th! From bubba at eunuchs.com Fri Dec 27 02:41:27 1996 From: bubba at eunuchs.com (Bubba Rom Dos) Date: Fri, 27 Dec 1996 02:41:27 -0800 (PST) Subject: Netcom.com is RACIST In-Reply-To: <199612262312.PAA27812@dfw-ix4.ix.netcom.com> Message-ID: <32C3C34C.7C45@eunuchs.com> Fuji4 at ix.netcom.com wrote: > EARN EXTRA INCOME NOW!!!!! WORK AT HOME > REFER ONLY - NO SELLING $500.-$1000 PER REFERRAL > > NIGGERS, KIKES, WOPS, SPICS, AND OTHER 'POND SCUM' > NEED NOT APPLY! > NETCOM.COM'S NEW ETHNIC CLEANSING POLICIES FORBID > EXTENDING THIS OFFERING TO THE 'SLAVE' RACES. > FOR MORE EXCITING INFORMATION, E-MAIL FUJI4 at IX.NETCOM.COM Dear Fuji4, It seems that I can't cruise a conference anywhere, without seeing the above message emblazoned everywhere. Thanks to your efforts, I am sure that your service provider, netcom.com, will gain much recognition for their new ethnic cleansing policy. I am sure that they will be very thankful to you for your efforts on getting the word out on their behalf. -- Bubba Rom Dos "He who shits on the Road, will me flies upon his return." From fygrave at freenet.bishkek.su Fri Dec 27 04:19:05 1996 From: fygrave at freenet.bishkek.su (Fyodor Yarochkin) Date: Fri, 27 Dec 1996 04:19:05 -0800 (PST) Subject: The Fast to Encrypt Decrypt.... Message-ID: Hey.. By the way anyone can advice me the Encryption/Decryption Algorythm, which would give chip. text with different size, related to solt value or something.. i mean some function like size_of_Encrypted_file=H(solt)? PS: better if it 'd be reversed algorythm.. From dlv at bwalk.dm.com Fri Dec 27 04:24:38 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 27 Dec 1996 04:24:38 -0800 (PST) Subject: Mark Mage is a Thief In-Reply-To: <32C37D57.2AE4@toad.com> Message-ID: <1H7kZD124w165w@bwalk.dm.com> "Shit F. Brains" writes: .about Mark Mage] > The guy's a fucking thief, from what I've heard. > It seems the FBI is looking for him for a nasty number he > pulled on some retired people, ripping off their life savings. > He seems to have the IRS after him, as well. > I'd steer clear of him. He's bad news. In my opinion, just because the FBI and the IRS don't like someone, s/he ain't necessarily a bad person. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From toto at sk.sympatico.ca Fri Dec 27 04:28:59 1996 From: toto at sk.sympatico.ca (Toto) Date: Fri, 27 Dec 1996 04:28:59 -0800 (PST) Subject: Fyodor / Re: SPAM from plaidworks.com In-Reply-To: Message-ID: <32C3DC4F.BD3@sk.sympatico.ca> Fyodor Yarochkin wrote: > > what the f$%^#$$# shit.. I can not get?.. did some Crazy Idiot >subscirbed cypherpunks to those Sport-Crappy lists? > anyone can explain me wuzzup? Fyodor, The webmaster and postmaster at plaidworks.com are lonely and want you to send them eMail. They love it when people talk dirty, so they're hoping that when you Reply to their postings, you will change the Subject heading to contain words like COCKSUCKER, FUCK, CUNT, etc. > > From: listproc at plaidworks.com > > Subject: Error Condition Re: Invalid request The listproc at plaidworks.com in the Mail To: box when you Reply to the message needs to be changed. listproc is just a mailing daemon that plaidworks.com uses to reply automatically. You need to change the Mail To: address box to read either: postmaster at plaidworks.com or: webmaster at plaidworks.com (or put one of them in the Mail To: box, and the other address in the Cc: box) And don't forget to put FUCKING IDIOTS in the Subject: box. Toto From toto at sk.sympatico.ca Fri Dec 27 04:59:19 1996 From: toto at sk.sympatico.ca (Toto) Date: Fri, 27 Dec 1996 04:59:19 -0800 (PST) Subject: CypherSpamming In-Reply-To: <199612270006.TAA21092@shell.flinet.com> Message-ID: <32C3E47A.2917@sk.sympatico.ca> John H West wrote: > I encourage that everyone who gets spam like that which follows > forward the original message BACK TO THE SENDER (several times) John, I'm going to sit down and write a couple dozen 'generic' response letters of varying descriptions and lengths, leading these people on as if I'm interested in their tripe, but ending with a message that tells them to 'piss off', in various forms. I will keep them in a handy directory for 'replying' to their spamessages. The greater the number of letters, and the more varied they are, then the more these fucks will have to spend their time and energy sorting through them. So if any CypherPunks wish to contribute to my SpamReply Database of 'Interested in your offer....FUCKHEAD!' offerings, send them to me by email. When I get it all set up, I'll make it available to any CypherPunk who wants to use them. I think if the CypherPunks all spent just a few days replying to these spamessages thirty or forty times apiece, that they would soon find other waters to cast their bread upon. Toto From toto at sk.sympatico.ca Fri Dec 27 05:25:32 1996 From: toto at sk.sympatico.ca (Toto) Date: Fri, 27 Dec 1996 05:25:32 -0800 (PST) Subject: CypherRevenge In-Reply-To: <19961227080555694.AAA268@monalisa> Message-ID: <32C3EA75.1754@sk.sympatico.ca> Adam Breaux wrote: > And frankly, if someone's starting to use mailbots to spam, lists are > in big trouble, because there are zillions of those out there. Most > systems, for instance, have "info at xxxxx" addresses, all of which would > do exactly what my mailbots are doing. Well, I certainly hope that nobody uses this information to subscribe others to a zillion lists. Especially not the authors of such classics as, "EASY MONEY!!!", "MAKE $$$ AT HOME", etc. I would hate for these people to be too busy to send me "IMPORTANT INFORMATION ABOUT HOW 'YOU' CAN MAKE $$$ AT HOME, LICKING YOUR OWN DICK!!!" Toto p.s. - for a limited time--offer open to CypherPunks only--anyone who sends me $20.00 will receive my special 'Secret Magic Chant', which effectively blocks unwanted eMail. (This offer includes a clear Title to a bridge in the New York City area--absolutely free!) From toto at sk.sympatico.ca Fri Dec 27 05:27:14 1996 From: toto at sk.sympatico.ca (Toto) Date: Fri, 27 Dec 1996 05:27:14 -0800 (PST) Subject: (Fwd) Re: Bad Idea In-Reply-To: <19961227080555694.AAA268@monalisa> Message-ID: <32C3E828.608B@sk.sympatico.ca> Adam Breaux wrote: > As far as I can tell, cypherpunks wasn't subscribed to anything. What > happened instead was someone started forging email in the name of the > list's submission address to various of my mailbots, which simply send > an informational e-mail back. If cypherpunks wasn't subscribed to anything, then why did I get 50 million messages about sports in my mailbox? From rah at shipwright.com Fri Dec 27 06:24:52 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 27 Dec 1996 06:24:52 -0800 (PST) Subject: Forged addresses Message-ID: --- begin forwarded text Date: Fri, 27 Dec 1996 00:01:40 -0800 From: Chuq Von Rospach Subject: Re: Forged addresses To: listmom-talk at skyweyr.com Mime-Version: 1.0 Precedence: Bulk Reply-To: listmom-talk at skyweyr.com At 8:55 PM -0800 12/25/96, Joshua D. Baer wrote: >Do you mean that new subscribers will not be allowed to post until they get >personal "approval" from the listmaster? What lists would you implement >this on? I'd be worried about scaring new people off... it might make >people afraid to post. Actually, a two-level beast. *All* lists become moderated. Every posting that's not from a validated moderator therefore goes to the moderator for approval. If someone on the list wants to post without delays, they can become moderated, thereby becoming a "moderator". Users don't have to -- but put up with posting delays until the moderator comes into the loop. It's somewhat more work for me as moderator. It's a significantly reduced noise level for the list. It forces a positive acceptance of the list rules before someone can post to the list, so this "stupidity by ignorance" goes away -- it also stops the subscribe-and-spam hit and runs, of which I've been nailed by two this month (those are new. Spammers traditionally haven't been smart enough to subscribe, so the non-subscriber limitation has nuked them. These two subscribed, then one set up an auto-bot on his address to respond to every bloody message on the lists with his ad -- to the list. 90 messages later... The other guy just subscribed and started blatting. Both, once I had chats with their postmasters and webmasters, found themselves no longer with email or web addresses, but...) It has, literally, gotten to the point where I can no longer assume that someone can: a) type in their email address correctly. b) read instructions. c) follow instructions. d) behave. so I'm having to revamp my systems to protect them from this new class(es) of internet user. The days of laissez-faire administration are dead. The braindead, the novice blunderer and the spammer have killed them. Sad but true. So to cut out the Spammers and the folks who have no clue what their email is, my systems will be going to the confirmation-reply-before-subscribe setup. The bogus addresses will bounce before subscription, and the spammers will only be able to send them single pieces of e-mail, not sign them up. It's *more* hassle for end-users and reduces ease of use, but sometimes, you have to make things a little tougher for the good of everyone. You can make things too easy, and unfortunately, things are too easy for the spammers, so everyone has to suffer a little bit to put THOSE idiots back in the sewer (while I was gone, there was a major spam attack using plaidworks, to the tune of about 25 addresses. Fairly sophisticated in some ways, but mostly, they knew when I wasn't looking and got around my traps. We're backtracking them as we speak, but in one case, they seem to have broken into a machine to send the spam attack, so it'll be tough...) And to cut out the babblers and other idiots who don't believe they need to behave, be polite, follow rules or whatever, I'm going to make all lists moderated, and then extend moderation priviledges to the "trusted" set of users. That's one way of pulling this off without having to rewrite the list servers, as long as they support multiple moderators. Oh, and on the topic of spammers, here's a warning: some of the spammers seem to have a new, amusing hack: they're forging email aimed at MAILBOTS (like info at plaidworks.com -- and doesn't just about *every* site have at least one mailbot these days?) such that the bot responds to the person being spammed. This one's fairly noxious, because there's no subscription or anything, and generally no address validation (how can you validate addresses coming to a mailbot? Um, you can't, basically), and I don't know about you, but I don't log mailbot requests. Well, I will starting tomorrow... Anyway -- if you have mailbots, be aware that people might be starting to use them as attacks, also. It requires more work from them, given that mailbots only send one message per incoming, but if you can build a script that sends mail to 1,000 sites and their info@ address, I'm not sure the person being spammed will realize that it could have been *worse*. And suggestions on how to continue to make mailbots available AND make them reasonably safe encouraged. Logging incoming so you can backtrack headers and try to nail the spammer is at least one way to keep it relatively honest, but I'd rather stop it than patch it together again. That gets tired... -- Chuq Von Rospach (chuq at solutions.apple.com) Software Gnome Apple Server Marketing Webmaster Plaidworks Consulting (chuqui at plaidworks.com) ( +-+ The home for Hockey on the net) I got no name or number/ I just hand out the lumber. But if I get a chance to play/ I'm going to show 'em. -- Stick Boy (The Hanson Brothers, SUDDEN DEATH) --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com), Philodox, e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/ From rah at shipwright.com Fri Dec 27 06:26:39 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 27 Dec 1996 06:26:39 -0800 (PST) Subject: Forged addresses Message-ID: --- begin forwarded text Date: Fri, 27 Dec 1996 00:24:51 -0800 From: Chuq Von Rospach Subject: Re: Forged addresses To: listmom-talk at skyweyr.com Mime-Version: 1.0 Precedence: Bulk Reply-To: listmom-talk at skyweyr.com At 12:53 PM -0800 12/26/96, Kass Johns wrote: >I only joined this listserv a few days ago, and suddenly, I got (on >Christmas Eve), about 25 (assumed) bogus subscribers. I had never had any >bogus ones before. well, *that* sounds familiar. Same time, same size... do any of these sites sound familiar? isp-inter.net? softcell.net? superhot.com? mid-night.com? strutyourstuff.com? I'll bet they do... A lot of what got spammed onto my sites were various forms of internet commerce (superhot.com is net-porn-chat or some such, at least two of the others are unsolicited email houses. strutyourstuff is a pretty noxious one, from what little I saw of what they're doing. A pox on all their houses, so to speak, but don't do it with my server, dammit...) But that wasn't it. Someone got mad at the cypherpunks, and spammed their list. And for some godawful reason, the webcrawler admin lists. Someone -- possibly two someones -- were making some interesting political statements.... This christmas eve spam was pretty well planned. It seems to have been exceptionally widespread, aimed at some segments of the internet certain high-and-righteous types find unacceptable, and issued at a time when it was pretty much guaranteed nobody was watching the servers too closely. And it seems pretty widespread in the number of servers hooked into the spam. >My thought is, is there someone who >is lurking among this group who just lies in wait for new folks to >subscribe and add their list to their sick little spamming game? Well, if I were trying to build lists of places to send spam mail from, this is one place I'd watch. That's why, if you don't mind, I won't go into details about my anti-spamming traps in public here. Except in generalities. I've learned to just assume that they're watching. Of course, with any luck they'll figure out I have full logging of the information needed to catch spammers, too, and not take chances with me, because I don't take prisoners... Oh, heck. Gotta run. As I type, the cyberpromo folks are trying to log onto my lists again and setting off my alarms. Oh, before I go, a note on those folks. Make sure that under no circumstances you allow any addresses from: cyberpromo.com cybercastle.com onto your lists. These are folks that will happily sign onto your lists, suck the addresses of people posting to your lists, and add them to their cyberspam mass mailings. These are also the folks AOL's been fighting in court. No ethics, and don't even bother trying to talk to them. Just keep them out. They may be using a third domain these days, but I've caught them sneaking onto lists from various accounts in both domains. Just lock the entire puppy out. That way, they can't spam your lists, and can't suck your lists out and spam them away from your server. You *do* have subscriber lists kept private on your server, right? Nobody can get them, right? -- Chuq Von Rospach (chuq at solutions.apple.com) Software Gnome Apple Server Marketing Webmaster Plaidworks Consulting (chuqui at plaidworks.com) ( +-+ The home for Hockey on the net) I got no name or number/ I just hand out the lumber. But if I get a chance to play/ I'm going to show 'em. -- Stick Boy (The Hanson Brothers, SUDDEN DEATH) --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com), Philodox, e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/ From dlv at bwalk.dm.com Fri Dec 27 07:21:22 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 27 Dec 1996 07:21:22 -0800 (PST) Subject: Vulis strikes again? In-Reply-To: Message-ID: <39oLZD125w165w@bwalk.dm.com> "Z.B." writes: > On Thu, 26 Dec 1996, Ray Arachelian wrote: > > > wheee, looks like KOTM subscribed us to a shitload of mailing lists... > > Having fun Herr Doktor? > > > Not only that, but he's probably posting those messages that begin with > Fuck_You_Nerds...those appear regularly on alt.revenge, where he is a > semi-frequent poster. Of course, idiot "cypher punks" Zach and Ray are lying again, as usual. Of course, cocksucker John Gilmore is an even bigger lying idiot. From jya at pipeline.com Fri Dec 27 08:07:35 1996 From: jya at pipeline.com (John Young) Date: Fri, 27 Dec 1996 08:07:35 -0800 (PST) Subject: SSN_sii Message-ID: <1.5.4.32.19961227160333.0068f5cc@pop.pipeline.com> [Thanks to RF.] Federal Register: December 26, 1996 [Pages 68044-68045]: The Federal Reserve Board solicits comment concerning the public availability and use of social security numbers and other sensitive identifying information about consumers. The FRB, and the FTC, is to conduct a study to determine the availability to the public of sensitive identifying information about consumers, the possibility that such information could be used for financial fraud, and the potential for fraud or risk of loss, if any, to insured depository institutions. Testimony at a recent FTC hearing highlighted how easy it is to obtain identifying information about a consumer and to use that information to fraudulently receive credit in the consumer's name, a practice often referred to as "identity theft." ----- SSN_ssi (9 kb) Or, access the Federal Register at: http://www.access.gpo.gov/su_docs/aces/aces140.html From dlv at bwalk.dm.com Fri Dec 27 08:30:29 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 27 Dec 1996 08:30:29 -0800 (PST) Subject: Fyodor / Re: SPAM from plaidworks.com In-Reply-To: <32C3DC4F.BD3@sk.sympatico.ca> Message-ID: Toto writes: > Fyodor Yarochkin wrote: > > > > what the f$%^#$$# shit.. I can not get?.. did some Crazy Idiot >subscirbed > > anyone can explain me wuzzup? > > Fyodor, > The webmaster and postmaster at plaidworks.com are lonely and > want you to send them eMail. They're innocent people being framed by the SDPA terrorist. Please forward all unsolicited spam to . --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Fri Dec 27 08:40:39 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 27 Dec 1996 08:40:39 -0800 (PST) Subject: (Fwd) Re: Bad Idea In-Reply-To: <32C3E828.608B@sk.sympatico.ca> Message-ID: <8FsLZD130w165w@bwalk.dm.com> Toto writes: > Adam Breaux wrote: > > As far as I can tell, cypherpunks wasn't subscribed to anything. What > > happened instead was someone started forging email in the name of the > > list's submission address to various of my mailbots, which simply send > > an informational e-mail back. > > If cypherpunks wasn't subscribed to anything, then why did I get > 50 million messages about sports in my mailbox? Because Ray Arachelian is an inept forger and a liar. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From omega at bigeasy.com Fri Dec 27 08:41:34 1996 From: omega at bigeasy.com (Omegaman) Date: Fri, 27 Dec 1996 08:41:34 -0800 (PST) Subject: cryptoanarchy In-Reply-To: Message-ID: <199612271638.KAA03014@bigeasy.bigeasy.com> > >Brutality amongst human beings has little to do with what type of > >government (or lack thereof) we have established. > > bzzzzzzt, history readily denies this. > > Nor is brutality > >inevitable amongst human beings; governments have little or no > >affect on how individuals think and behave. > > bzzzzzt, history readily denies this. but again it is amusing to see > the patently incorrect assertions that cryptoanarchists embrace and > flout. > > >1) Do you agree that these things are an inevitable consequence of > >anonymous untraceable payment systems? > > murder, assassination, kidnapping, they all already exist. Exactly my point. I believe interactions between individuals have far more to do with our (dis)inclinations towards brutal behavior that governments do. Governments have little influence over human attitudes. > I am > dubious that the existence of anonymous payments will change much in > this area. I don't think it will become any more prevalent. what TCM I agree, actually. I don't see an increase in these types of crimes because of the existence of anonymous payment methods. What TCM and others have argued is that getting away with these crimes will be much easier due to anonymous payment schemes. I would argue that anonymous payment protocols are not necessarily any easier for the foolish criminal to fuck up than current methods of payment for, ahem, services rendered. Only if untraceable anonymous digital cash becomes a ubiquitous (and easy-to-utilize) standard will such crimes be more difficult to catch. (TCMay says only one such system is necessary. I disagree and will get back to this point in a later message) > seems to imply in much of his writing, but fails to outrightly > assert because he's such a weasel, is that the world would be a > *better*place* with all these things, which I vehemently reject. I think you're reading a little more into it than is there, but that's your perogative. > I'm in favor of anonymous cash, but > I am also in favor of social/legal mechanisms to minimize its > subversive impact. note that "not dealing with kidnappers or > terrorists" is one such approach that does not involve police. I'm not in favor of legal mechanisms. I think social mechanisms are all but inevitable. (more on this later) I don't think it's necessary or even desirable to build in orwellian schemes. The government's desire to limit untracability has far more to do with taxation than the four horsemen scenario. Yes, I've heard of memes. me -------------------------------------------------------------- Omegaman PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send a message with the text "get key" in the "Subject:" field to get a copy of my public key. -------------------------------------------------------------- From sunder at brainlink.com Fri Dec 27 09:25:57 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Fri, 27 Dec 1996 09:25:57 -0800 (PST) Subject: Ray Arachelian's typical Armenian spam and sabotage In-Reply-To: Message-ID: On Fri, 27 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > Someone should unsubscrive -- apparently Ray's > tentacle that sends whatever it receives back to "cypher punks" (spit). #whois wireless.net The Buaas Corporation (WIRELESS2-DOM) 10044 Adams Ave. Suite 108 Huntington Beach, CA 92646 US Domain Name: WIRELESS.NET Administrative Contact, Technical Contact, Zone Contact, Billing Contact: Buaas, Robert A (RAB4) buaas at WIRELESS.NET 714-968-0070 (FAX) +1-714-968-6781 Record last updated on 11-Nov-96. Record created on 14-Jun-94. Domain servers in listed order: WIRELESS.WDC.NET 204.140.136.28 NS1.KWIK.NET 206.186.235.1 The InterNIC Registration Services Host contains ONLY Internet Information (Networks, ASN's, Domains, and POC's). Please use the whois server at nic.ddn.mil for MILNET Information. Seeing how this is in California - it must be one of your friends Vulis, or one of your tentacles. You've a long history of spamming the list with this type of sillyness. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From sunder at brainlink.com Fri Dec 27 09:28:44 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Fri, 27 Dec 1996 09:28:44 -0800 (PST) Subject: Fan mail from cocksucker John Gilmore and his friends In-Reply-To: Message-ID: Vulis, you're repeating yourself, your last two spams showed up twice on each message. Maybe your 2 bit gramaphone record player brain broke. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From markm at voicenet.com Fri Dec 27 09:59:57 1996 From: markm at voicenet.com (Mark M.) Date: Fri, 27 Dec 1996 09:59:57 -0800 (PST) Subject: UNIX talk and write source... In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 27 Dec 1996, Fyodor Yarochkin wrote: > yes.. I met the same problem.. Itried to find out where is passwd and > login sources.. and as CD mark says, all the sources i could find on the cd.. > but suddenly i didn't..:( > any advices? Write and talk are part of BSD. The source is at unix.hensa.ac.uk/mirrors/FreeBSD/FreeBSD-current/src/usr.bin/ . Mark -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMsQPCSzIPc7jvyFpAQGw7AgAliExJXXCc7FbOeg8zVf5EK88rQ02N4e4 a+b38JT5OI7TfgyijCw7oZ2MB2pLOEAT3FaylyEAKDIkExCJK/Su3QVSfPA6HFM3 axhQks6u+5Yiyl4dxgIs8NkfJkQa1/8TdcrtCP8uDvHT6esnWvk78SAW/B3k80dT 0I/vNEqOZBrzBPcntijNh02AqkuQJRV2aNJsEpjf0BJ4SyFoqmnKwXCfSseuDzpl oDxzp7yqg6UNwYwXObnyPBzz3ysK8CGuilFfGdORZpiS/R7hjRVJnnjp55eSGYLe 50Jjr/97N6Y74TMaFZJS0zJlBLwZWGvsLxVJD0y/K9Q0cRLO7106fQ== =hJ0j -----END PGP SIGNATURE----- From rsampson at microsyssolutions.com Fri Dec 27 10:34:39 1996 From: rsampson at microsyssolutions.com (rsampson at microsyssolutions.com) Date: Fri, 27 Dec 1996 10:34:39 -0800 (PST) Subject: For your information Message-ID: Hi, After seeing some of your newsgroup postings, I may have something that will interest you. If you're not interested, just delete this message. This will be the only message you will receive. $$$ GET ATTENTION FOR YOUR PRODUCT OR MESSAGE $$$ It's an application called Ready-Aim-Fire for Windows 95. It will connect to your news server, download the Email addresses of all the people posting messages to that group (or groups), and Email your message to all those addresses. Ready-Aim-Fire will get your product or message out of the crowd and into your customers' hands. Ready-Aim-Fire will deliver your message right to their door, so to speak. If you post a message to a business oriented newsgroup it's stuck right in the middle of hundreds of others. A prospective customer may look in once in a while, or only once, and you'll miss him. With Ready-Aim-Fire you can focus on the persons in the group who are most interested in the subject. That is, the people who post the messages. The great part is the price! It's only $39.95. If you would like more information send an email to: info at microsyssolutions.com or visit our web site at: http://www.microsyssolutions.com/raf Thanks, Ron Sampson rsampson at microsyssolutions.com Ready Aim Fire! Marketing Director From jya at pipeline.com Fri Dec 27 10:51:18 1996 From: jya at pipeline.com (John Young) Date: Fri, 27 Dec 1996 10:51:18 -0800 (PST) Subject: CN Leads US Message-ID: <1.5.4.32.19961227184644.006a36bc@pop.pipeline.com> 12-27-96. WaPo snippet: China said it plans to strengthen its already strict controls over the Internet. The China Consumers Daily, an official newspaper, mentioned the planned tighter controls in a report on a recent conference in Beijing, but did not provide details. Earlier this year, China required Internet users to register with police and warned that laws against pronography, social disturbances and breaches of state security apply online. [Whole story.] ----- Sounds like US policy foretold, boiling the frog. The Administration's current CN policy must include a secret GAK-product sharing deal, to parallel those with OECD and the world's big-bit-fearful. Behold the burgeoning, slobbering, Key Recovery Alliance: billions of targets to be tracked, keys shared with authorities who give out the contracts, profits ka-chinged (low pun). Gerstner says he can't believe the money IBM's going to make off sweet deals to control the Internet -- just like the old days before the anarchistic start-ups got uppity and out-foxed the old-money-archists. From alan at ctrl-alt-del.com Fri Dec 27 11:39:30 1996 From: alan at ctrl-alt-del.com (Alan Olsen) Date: Fri, 27 Dec 1996 11:39:30 -0800 (PST) Subject: UNIX talk and write source... Message-ID: <3.0.1.32.19961227113321.014c3630@mail.teleport.com> At 11:17 PM 12/26/96 -0500, Jesse Lucas wrote: > >Fellows, > > Anyone know if and where the source code for UNIX talk and write (or the >equivalent Linux) commands are to be found? Anyone have any terminal to >terminal communication code that they've written that they wouldn't mind >parting with? Check out http://www.gnu.org/ . They have source for all sorts of fun stuff. What you are looking for is in their "inetutils" package. (Or in BSD44. It is listed twice.) You also might check out some of the larger source mirrors for Linux, like ftp.cdrom.com. --- | "Spam is the Devil's toothpaste!" - stuart at teleport.com | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.ctrl-alt-del.com/~alan/ |alan at ctrl-alt-del.com| From toto at sk.sympatico.ca Fri Dec 27 12:33:39 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Fri, 27 Dec 1996 12:33:39 -0800 (PST) Subject: CypherRevenge In-Reply-To: <19961227175000751.AAA253@monalisa> Message-ID: <32C44F16.602F@sk.sympatico.ca> Adam Breaux wrote: > Berating me does no > good. I simply went about this in the way that is most effective. I > asked the admin to correct this loophole in his system. Adam, I have no idea how you are connected to plaidworks.com, but the one previous post I have seen of yours indicates that you do not have your head up your butt. As for Chuq, however, I have little sympathy. I find it amazing that a web site of that magnitude has 'loopholes' that are a ten-year old hacker's dream. Then he has the audacity to email my Postmaster, claiming that 'returning' his mail is 'spamming'? Which Subject: heading bothered him the most, the one that said, "If you act like an idiot, we'll treat you like one?" (this is a quote from plaidworks.com's home-page). Chuq's 'loophole' resulting in his mailsite spamming people with Tourette Syndrome, like myself, are not his biggest problem. Whatever kindegarten child hacked his system to spam the CyberPunks conference, is not his biggest problem. In my estimation, the Evil One roaming his system freely (who is rumored to have originated the 'Ping of Death'), is probably his biggest problem. The fact that some of plaidworks.com's 'postmaster' and 'webmaster' mail is being routed directly to me, is probably a close second. If I receive further mail routed from plaidworks.com, I will continue to return it. However, if anyone wishes to inquire 'nicely' in regard to plaidworks.com's 'hidden' problems, I would be happy to reply. Sincerely, Toto > If you disagree with my methods, I suggest that you email me directly > instead of cluttering an already busy list with more junk-mail. > > Thanks > Adam Breaux > > > Adam Breaux wrote: > > > > > And frankly, if someone's starting to use mailbots to spam, lists are > > > in big trouble, because there are zillions of those out there. Most > > > systems, for instance, have "info at xxxxx" addresses, all of which would > > > do exactly what my mailbots are doing. > > > > Well, I certainly hope that nobody uses this information to subscribe > > others to a zillion lists. Especially not the authors of such classics > > as, "EASY MONEY!!!", "MAKE $$$ AT HOME", etc. > > I would hate for these people to be too busy to send me "IMPORTANT > > INFORMATION ABOUT HOW 'YOU' CAN MAKE $$$ AT HOME, LICKING YOUR OWN > > DICK!!!" > > > > Toto > > p.s. - for a limited time--offer open to CypherPunks only--anyone > > who sends me $20.00 will receive my special 'Secret Magic Chant', > > which effectively blocks unwanted eMail. > > (This offer includes a clear Title to a bridge in the New York > > City area--absolutely free!) > > > > > --- > Adam Breaux > admin at veracruz.net > http://www.veracruz.net {Corporate Page } > http://www.abyss.com {Extracurricular} > http://www.iso-america.com {In Search Of...} > > "Violence is a cruel world doing what it > does best...break the habit...BE NICE" --- me. From shamrock at netcom.com Fri Dec 27 12:39:55 1996 From: shamrock at netcom.com (Lucky Green) Date: Fri, 27 Dec 1996 12:39:55 -0800 (PST) Subject: OECD resolution? Message-ID: <3.0.32.19961227124047.006a4fc8@netcom13.netcom.com> Now that the OECD meeting is over, does anybody have a final version of their resolution? As opposed to the draft versions available on the net? Thanks, -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://www.mersenne.org/prime.htm From toto at sk.sympatico.ca Fri Dec 27 13:01:02 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Fri, 27 Dec 1996 13:01:02 -0800 (PST) Subject: Forged addresses In-Reply-To: Message-ID: <32C453F0.159C@sk.sympatico.ca> > From: Chuq Von Rospach > Well, if I were trying to build lists of places to send spam mail from, > this is one place I'd watch. That's why, if you don't mind, I won't go > into details about my anti-spamming traps in public here. Except in > generalities. I've learned to just assume that they're watching. Of > course, with any luck they'll figure out I have full logging of the > information needed to catch spammers, too, and not take chances with > me, because I don't take prisoners... An informative post for the most part, but the above is a crock of shit. The best that this dweeb can do is to write 'my' postmaster, accusing me of 'spamming' him because I 'return' his own mail to him. He has a psycho roaming behind the scenes in his system, and he has enough time to email people whining about people hitting the 'reply' button when they get his spam. His time would be better served fixing his system so that ten-year old kids can't hack it. Toto From antia at leftbank.com Fri Dec 27 13:03:09 1996 From: antia at leftbank.com (Bob Antia) Date: Fri, 27 Dec 1996 13:03:09 -0800 (PST) Subject: "Deeyenda" E-MAil virus alert!!!!!! Message-ID: <199612271654.LAA21263@zax.leftbank.com> I will not go into a rant about the technical impossibilities of such a virus, I'll just forward this pice of information on, hoping that it will get read and filed, to be used as future reference. This is a hoax. These hoaxes are becoming so prevalent that the CIAC put out a bulletin about such hoaxes. Here is the bulletin: __________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Internet Hoaxes: PKZ300, Irina, Good Times, Deeyenda, Ghost November 20, 1996 15:00 GMT Number H-05 ______________________________________________________________________________ PROBLEM: This bulletin addresses the following hoaxes and erroneous warnings: PKZ300 Warning, Irina, Good Times, Deeyenda, and Ghost.exe PLATFORM: All, via e-mail DAMAGE: Time lost reading and responding to the messages SOLUTION: Pass unvalidated warnings only to your computer security department or incident response team. See below on how to recognize validated and unvalidated warnings and hoaxes. ______________________________________________________________________________ VULNERABILITY New hoaxes and warnings have appeared on the Internet and old ASSESSMENT: hoaxes are still being cirulated. ______________________________________________________________________________ Introduction ============ The Internet is constantly being flooded with information about computer viruses and Trojans. However, interspersed among real virus notices are computer virus hoaxes. While these hoaxes do not infect systems, they are still time consuming and costly to handle. At CIAC, we find that we are spending much more time de-bunking hoaxes than handling real virus incidents. This advisory addresses the most recent warnings that have appeared on the Internet and are being circulated throughout world today. We will also address the history behind virus hoaxes, how to identify a hoax, and what to do if you think a message is or is not a hoax. Users are requested to please not spread unconfirmed warnings about viruses and Trojans. If you receive an unvalidated warning, don't pass it to all your friends, pass it to your computer security manager to validate first. Validated warnings from the incident response teams and antivirus vendors have valid return addresses and are usually PGP signed with the organization's key. PKZ300 Warning ============== The PKZ300 Trojan is a real Trojan program, but the initial warning about it was released over a year ago. For information pertaining to PKZ300 Trojan reference CIAC Notes issue 95-10, that was released in June of 1995. http://ciac.llnl.gov/ciac/notes/Notes10.shtml The warning itself, on the other hand, is gaining urban legend status. There has been an extremely limited number of sightings of this Trojan and those appeared over a year ago. Even though the Trojan warning is real, the repeated circulation of the warning is a nuisance. Individuals who need the current release of PKZIP should visit the PKWARE web page at http://www.pkware.com. CIAC recommends that you DO NOT recirculate the warning about this particular Trojan. Irina Virus Hoax ================ The "Irina" virus warnings are a hoax. The former head of an electronic publishing company circulated the warning to create publicity for a new interactive book by the same name. The publishing company has apologized for the publicity stunt that backfired and panicked Internet users worldwide. The original warning claimed to be from a Professor Edward Pridedaux of the College of Slavic Studies in London; there is no such person or college. However, London's School of Slavonic and East European Studies has been inundated with calls. This poorly thought-out publicity stunt was highly irresponsible. For more information pertaining to this hoax, reference the UK Daily Telegraph at http://www.telegraph.co.uk. Good Times Virus Hoax ===================== The "Good Times" virus warnings are a hoax. There is no virus by that name in existence today. These warnings have been circulating the Internet for years. The user community must become aware that it is unlikely that a virus can be constructed to behave in the manner ascribed in the "Good Times" virus warning. For more information related to this urban legend, reference CIAC Notes 95-09. http://ciac.llnl.gov/ciac/notes/Notes09.shtml Deeyenda Virus Hoax =================== The "Deeyenda" virus warnings are a hoax. CIAC has received inqueries regarding the validity of the Deeyenda virus. The warnings are very similar to those for Good Times, stating that the FCC issued a warning about it, and that it is self activating and can destroy the contents of a machine just by being downloaded. Users should note that the FCC does not and will not issue virus or Trojan warnings. It is not their job to do so. As of this date, there are no known viruses with the name Deeyenda in existence. For a virus to spread, it must be executed. Reading a mail message does not execute the mail message. Trojans and viruses have been found as executable attachments to mail messages, but they must be extracted and executed to do any harm. CIAC still affirms that reading E-mail, using typical mail agents, can not activate malicious code delivered in or with the message. Ghost.exe Warning ================= The Ghost.exe program was originally distributed as a free screen saver containing some advertising information for the author's company (Access Softek). The program opens a window that shows a Halloween background with ghosts flying around the screen. On any Friday the 13th, the program window title changes and the ghosts fly off the window and around the screen. Someone apparently got worried and sent a message indicating that this might be a Trojan. The warning grew until the it said that Ghost.exe was a Trojan that would destroy your hard drive and the developers got a lot of nasty phone calls (their names and phone numbers were in the About box of the program.) A simple phone call to the number listed in the program would have stopped this warning from being sent out. The original ghost.exe program is just cute; it does not do anything damaging. Note that this does not mean that ghost could not be infected with a virus that does do damage, so the normal antivirus procedure of scanning it before running it should be followed. History of Virus Hoaxes ======================= Since 1988, computer virus hoaxes have been circulating the Internet. In October of that year, according to Ferbrache ("A pathology of Computer Viruses" Springer, London, 1992) one of the first virus hoaxes was the 2400 baud modem virus: SUBJ: Really Nasty Virus AREA: GENERAL (1) I've just discovered probably the world's worst computer virus yet. I had just finished a late night session of BBS'ing and file treading when I exited Telix 3 and attempted to run pkxarc to unarc the software I had downloaded. Next thing I knew my hard disk was seeking all over and it was apparently writing random sectors. Thank god for strong coffee and a recent backup. Everything was back to normal, so I called the BBS again and downloaded a file. When I went to use ddir to list the directory, my hard disk was getting trashed again. I tried Procomm Plus TD and also PC Talk 3. Same results every time. Something was up so I hooked up to my test equipment and different modems (I do research and development for a local computer telecommunications company and have an in-house lab at my disposal). After another hour of corrupted hard drives I found what I think is the world's worst computer virus yet. The virus distributes itself on the modem sub- carrier present in all 2400 baud and up modems. The sub-carrier is used for ROM and register debugging purposes only, and otherwise serves no othr (sp) purpose. The virus sets a bit pattern in one of the internal modem registers, but it seemed to screw up the other registers on my USR. A modem that has been "infected" with this virus will then transmit the virus to other modems that use a subcarrier (I suppose those who use 300 and 1200 baud modems should be immune). The virus then attaches itself to all binary incoming data and infects the host computer's hard disk. The only way to get rid of this virus is to completely reset all the modem registers by hand, but I haven't found a way to vaccinate a modem against the virus, but there is the possibility of building a subcarrier filter. I am calling on a 1200 baud modem to enter this message, and have advised the sysops of the two other boards (names withheld). I don't know how this virus originated, but I'm sure it is the work of someone in the computer telecommunications field such as myself. Probably the best thing to do now is to stick to 1200 baud until we figure this thing out. Mike RoChenle This bogus virus description spawned a humorous alert by Robert Morris III : Date: 11-31-88 (24:60) Number: 32769 To: ALL Refer#: NONE From: ROBERT MORRIS III Read: (N/A) Subj: VIRUS ALERT Status: PUBLIC MESSAGE Warning: There's a new virus on the loose that's worse than anything I've seen before! It gets in through the power line, riding on the powerline 60 Hz subcarrier. It works by changing the serial port pinouts, and by reversing the direction one's disks spin. Over 300,000 systems have been hit by it here in Murphy, West Dakota alone! And that's just in the last 12 minutes. It attacks DOS, Unix, TOPS-20, Apple-II, VMS, MVS, Multics, Mac, RSX-11, ITS, TRS-80, and VHS systems. To prevent the spresd of the worm: 1) Don't use the powerline. 2) Don't use batteries either, since there are rumors that this virus has invaded most major battery plants and is infecting the positive poles of the batteries. (You might try hooking up just the negative pole.) 3) Don't upload or download files. 4) Don't store files on floppy disks or hard disks. 5) Don't read messages. Not even this one! 6) Don't use serial ports, modems, or phone lines. 7) Don't use keyboards, screens, or printers. 8) Don't use switches, CPUs, memories, microprocessors, or mainframes. 9) Don't use electric lights, electric or gas heat or airconditioning, running water, writing, fire, clothing or the wheel. I'm sure if we are all careful to follow these 9 easy steps, this virus can be eradicated, and the precious electronic flui9ds of our computers can be kept pure. ---RTM III Since that time virus hoaxes have flooded the Internet.With thousands of viruses worldwide, virus paranoia in the community has risen to an extremely high level. It is this paranoia that fuels virus hoaxes. A good example of this behavior is the "Good Times" virus hoax which started in 1994 and is still circulating the Internet today. Instead of spreading from one computer to another by itself, Good Times relies on people to pass it along. How to Identify a Hoax ====================== There are several methods to identify virus hoaxes, but first consider what makes a successful hoax on the Internet. There are two known factors that make a successful virus hoax, they are: (1) technical sounding language, and (2) credibility by association. If the warning uses the proper technical jargon, most individuals, including technologically savy individuals, tend to believe the warning is real. For example, the Good Times hoax says that "...if the program is not stopped, the computer's processor will be placed in an nth-complexity infinite binary loop which can severely damage the processor...". The first time you read this, it sounds like it might be something real. With a little research, you find that there is no such thing as an nth-complexity infinite binary loop and that processors are designed to run loops for weeks at a time without damage. When we say credibility by association we are referring to whom sent the warning. If the janitor at a large technological organization sends a warning to someone outside of that organization, people on the outside tend to believe the warning because the company should know about those things. Even though the person sending the warning may not have a clue what he is talking about, the prestigue of the company backs the warning, making it appear real. If a manager at the company sends the warning, the message is doubly backed by the company's and the manager's reputations. Individuals should also be especially alert if the warning urges you to pass it on to your friends. This should raise a red flag that the warning may be a hoax. Another flag to watch for is when the warning indicates that it is a Federal Communication Commission (FCC) warning. According to the FCC, they have not and never will disseminate warnings on viruses. It is not part of their job. CIAC recommends that you DO NOT circulate virus warnings without first checking with an authoritative source. Authoritative sources are your computer system security administrator or a computer incident advisory team. Real warnings about viruses and other network problems are issued by different response teams (CIAC, CERT, ASSIST, NASIRC, etc.) and are digitally signed by the sending team using PGP. If you download a warning from a teams web site or validate the PGP signature, you can usually be assured that the warning is real. Warnings without the name of the person sending the original notice, or warnings with names, addresses and phone numbers that do not actually exist are probably hoaxes. What to Do When You Receive a Warning ===================================== Upon receiving a warning, you should examine its PGP signature to see that it is from a real response team or antivirus organization. To do so, you will need a copy of the PGP software and the public signature of the team that sent the message. The CIAC signature is available from the CIAC web server at: http://ciac.llnl.gov If there is no PGP signature, see if the warning includes the name of the person submitting the original warning. Contact that person to see if he/she really wrote the warning and if he/she really touched the virus. If he/she is passing on a rumor or if the address of the person does not exist or if there is any questions about theauthenticity or the warning, do not circulate it to others. Instead, send the warning to your computer security manager or incident response team and let them validate it. When in doubt, do not send it out to the world. Your computer security managers and the incident response teams teams have experts who try to stay current on viruses and their warnings. In addition, most anti-virus companies have a web page containing information about most known viruses and hoaxes. You can also call or check the web site of the company that produces the product that is supposed to contain the virus. Checking the PKWARE site for the current releases of PKZip would stop the circulation of the warning about PKZ300 since there is no released version 3 of PKZip. Another useful web site is the "Computer Virus Myths home page" (http://www.kumite.com/myths/) which contains descriptions of several known hoaxes. In most cases, common sense would eliminate Internet hoaxes. - ----------------------------------------------------------------------------- CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 510-422-8193 FAX: +1 510-423-8002 STU-III: +1 510-423-2604 E-mail: ciac at llnl.gov For emergencies and off-hour assistance, DOE, DOE contractor sites, and the NIH may contact CIAC 24-hours a day. During off hours (5PM - 8AM PST), call the CIAC voice number 510-422-8193 and leave a message, or call 800-759-7243 (800-SKY-PAGE) to send a Sky Page. CIAC has two Sky Page PIN numbers, the primary PIN number, 8550070, is for the CIAC duty person, and the secondary PIN number, 8550074 is for the CIAC Project Leader. Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://ciac.llnl.gov/ Anonymous FTP: ciac.llnl.gov (128.115.19.53) Modem access: +1 (510) 423-4753 (28.8K baud) +1 (510) 423-3331 (28.8K baud) CIAC has several self-subscribing mailing lists for electronic publications: 1. CIAC-BULLETIN for Advisories, highest priority - time critical information and Bulletins, important computer security information; 2. CIAC-NOTES for Notes, a collection of computer security articles; 3. SPI-ANNOUNCE for official news about Security Profile Inspector (SPI) software updates, new features, distribution and availability; 4. SPI-NOTES, for discussion of problems and solutions regarding the use of SPI products. Our mailing lists are managed by a public domain software package called ListProcessor, which ignores E-mail header subject lines. To subscribe (add yourself) to one of our mailing lists, send the following request as the E-mail message body, substituting CIAC-BULLETIN, CIAC-NOTES, SPI-ANNOUNCE or SPI-NOTES for list-name and valid information for LastName FirstName and PhoneNumber when sending E-mail to ciac-listproc at llnl.gov: subscribe list-name LastName, FirstName PhoneNumber e.g., subscribe ciac-notes OHara, Scarlett W. 404-555-1212 x36 You will receive an acknowledgment containing address, initial PIN, and information on how to change either of them, cancel your subscription, or get help. PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained by sending email to docserver at first.org with an empty subject line and a message body containing the line: send first-contacts. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) G-43: Vulnerabilities in Sendmail G-44: SCO Unix Vulnerability G-45: Vulnerability in HP VUE G-46: Vulnerabilities in Transarc DCE and DFS G-47: Unix FLEXlm Vulnerabilities G-48: TCP SYN Flooding and IP Spoofing Attacks H-01: Vulnerabilities in bash H-02: SUN's TCP SYN Flooding Solutions H-03: HP-UX_suid_Vulnerabilities H-04: HP-UX Ping Vulnerability RECENT CIAC NOTES ISSUED (Previous Notes available from CIAC) Notes 07 - 3/29/95 A comprehensive review of SATAN Notes 08 - 4/4/95 A Courtney update Notes 09 - 4/24/95 More on the "Good Times" virus urban legend Notes 10 - 6/16/95 PKZ300B Trojan, Logdaemon/FreeBSD, vulnerability in S/Key, EBOLA Virus Hoax, and Caibua Virus Notes 11 - 7/31/95 Virus Update, Hats Off to Administrators, America On-Line Virus Scare, SPI 3.2.2 Released, The Die_Hard Virus Notes 12 - 9/12/95 Securely configuring Public Telnet Services, X Windows, beta release of Merlin, Microsoft Word Macro Viruses, Allegations of Inappropriate Data Collection in Win95 Notes 96-01 - 3/18/96 Java and JavaScript Vulnerabilities, FIRST Conference Announcement, Security and Web Search Engines, Microsoft Word Macro Virus Update -b Bob Antia antia at leftbank.com The Left Bank Operation, Inc. http://www.leftbank.com TCP/IP Internetworking LAN/WAN/NT/UNIX Admin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To unsubscribe from this list, send a letter to: Majordomo at ai.mit.edu In the body of the message, write: unsubscribe dcsb Or, to subscribe, write: subscribe dcsb If you have questions, write to me at Owner-DCSB at ai.mit.edu From tpk at sensorsys.com Fri Dec 27 13:04:14 1996 From: tpk at sensorsys.com (tedk) Date: Fri, 27 Dec 1996 13:04:14 -0800 (PST) Subject: "Deeyenda" E-MAil virus alert!!!!!! Message-ID: <1.5.4.32.19961227150154.00716578@pop.tiac.net> To: ALL From: Ted Kochanski Re: "Deeyenda" E-MAIL Virus ALERT #: 2456 S0/CompuServe Mail [MAIL] 20-Dec-96 20:23 EST Sb: Virus Alert Fm: Art Ellingsen > INTERNET:artell at ix.netcom.com To: Robert M. Avallone [70733,1707] Dear ALL: I apologize if I happen to send this two you more than once. If so it was not intentional. I received this warning from a reliable software vendor and thought I would pass it on to you and wish you a Merry Christmas too. **********************VIRUS ALERT************************************ VERY IMPORTANT INFORMATION, PLEASE READ! There is a computer virus that is being sent across the Internet. If you receive an E-Mail message with the subject line "Deeyenda", DO NOT read the message, DELETE it immediately! Some miscreant is sending E-Mail under the title "Deeyenda" nationwide, if you get anything like this DON'T DOWNLOAD THE FILE! It has a virus that rewrites your hard drive, obliterates anything on it. Please be careful and forward this E-Mail to anyone you care about. Please read the message below. FCC WARNING!!!!! -----DEEYENDA PLAGUES INTERNET The Internet community has again been plagued by another computer virus. This message is being spread throughout the Internet, including USENET posting, E-MAIL, and other Internet activities. The reason for all the attention is because of the nature of this virus and the potential security risk it makes. Instead of a destructive Trojan virus (like most viruses!), this virus referred to as Deeyenda Maddick, performs a comprehensive search on your computer, looking for valuable information, such as E-Mail and login passwords, credit cards, personal inf., etc. The Deeyenda virus also has the capability to stay memory resident while running a host of applications and operation systems, such as Windows 3.11 and Windows 95. What this means to Internet users is that when a login and password are send to the server, this virus can copy this information and SEND IT OUT TO UN UNKNOWN ADDRESS (varies). The reason for this warning is because the Deeyenda virus is virtually undetectable. Once attacked your computer will be unsecured. Although it can attack any O/S this virus is most likely to attack those users viewing Java enhanced Web Pages (Netscape 2.0+ and Microsoft Internet Explorer 3.0+ which are running under Windows 95). Researchers at Princeton University have found this virus on a number of World Wide Web pages and fear its spread. Please pass this on, for we must alert the general public of the security risks. Steven Chevalier Vice President Distribution VersaNet International ******************************** Art Ted *************************************************************************** Ted Kochanski, Ph.D. Sensors Signals Systems --- "Systematic Solutions to Complex Problems" http://www.sensorsys.com e-mail tpk at sensorsys.com phone (617) 861-6167 fax 861-0476 11 Aerial St., Lexington, MA 02173 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To unsubscribe from this list, send a letter to: Majordomo at ai.mit.edu In the body of the message, write: unsubscribe dcsb Or, to subscribe, write: subscribe dcsb If you have questions, write to me at Owner-DCSB at ai.mit.edu From slothrop at poisson.com Fri Dec 27 13:05:42 1996 From: slothrop at poisson.com (J Durbin) Date: Fri, 27 Dec 1996 13:05:42 -0800 (PST) Subject: Vulis strikes again? In-Reply-To: <39oLZD125w165w@bwalk.dm.com> Message-ID: <32c538ec.4294799@smtp.best.com> On Fri, 27 Dec 96 10:08:37 EST, you wrote: >"Z.B." writes: > >> On Thu, 26 Dec 1996, Ray Arachelian wrote: >> >> > wheee, looks like KOTM subscribed us to a shitload of mailing lists... >> > Having fun Herr Doktor? >> > >> Not only that, but he's probably posting those messages that begin with >> Fuck_You_Nerds...those appear regularly on alt.revenge, where he is a >> semi-frequent poster. > >Of course, idiot "cypher punks" Zach and Ray are lying again, as usual. > >Of course, cocksucker John Gilmore is an even bigger lying idiot. There sure are a lot of innocent "coincidences" following Vulis around. Poor fellow, to have a reputation of years and years of "coincidental" vandalism besmirching his name. jd -- Fight spam: http://www.vix.com/spam jason durbin slothrop at poisson.com Stop Reading Here <--- From esj at harvee.billerica.ma.us Fri Dec 27 13:06:07 1996 From: esj at harvee.billerica.ma.us (Eric S. Johansson) Date: Fri, 27 Dec 1996 13:06:07 -0800 (PST) Subject: "Deeyenda" E-MAil virus alert!!!!!! Message-ID: <199612271751.MAA23997@harvee.billerica.ma.us> On 12/27/96 12:30 PM, tedk (tpk at sensorsys.com) writes > To: ALL > >From: Ted Kochanski > >Re: "Deeyenda" E-MAIL Virus ALERT > >#: 2456 S0/CompuServe Mail [MAIL] > 20-Dec-96 20:23 EST > Sb: Virus Alert > Fm: Art Ellingsen > INTERNET:artell at ix.netcom.com > To: Robert M. Avallone [70733,1707] whoops, you been caught hook, line and urban legend :-) check cert alerts for email viruses and how they are closely related to the loch ness monster --- eric Eric S. Johansson ka1eec esj at harvee.billerica.ma.us This message was composed almost entirely by DragonDictate. k9 wisdom as translated by DD: "look homeward wrong aroma" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To unsubscribe from this list, send a letter to: Majordomo at ai.mit.edu In the body of the message, write: unsubscribe dcsb Or, to subscribe, write: subscribe dcsb If you have questions, write to me at Owner-DCSB at ai.mit.edu From toto at sk.sympatico.ca Fri Dec 27 13:53:22 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Fri, 27 Dec 1996 13:53:22 -0800 (PST) Subject: Forged addresses In-Reply-To: Message-ID: <32C460FA.4470@sk.sympatico.ca> > From: Chuq Von Rospach > Subject: Re: Forged addresses > It's somewhat more work for me as moderator. It's a significantly > reduced noise level for the list. The way it should have been in the first place? > The days of laissez-faire administration are dead. The braindead, > the novice blunderer and the spammer have killed them. Not to mention laissez-faire administrators. > So to cut out the Spammers and the folks who have no clue what their > email is, my systems will be going to the > confirmation-reply-before-subscribe setup. The way it should have been in the first place? > Fairly sophisticated in > some ways, but mostly, they knew when I wasn't looking and got around > my traps. I think maybe 'limped' around your traps would be a better description. (It might have been blind quadraplegics) > in one case, they seem to have broken into a machine to send the spam attack, so it'll be tough...) Does this not 'ring a bell' that suggests how 'they' know when you're "not looking?" (Buy a clue!) > I'm going to make all lists moderated, and then extend moderation > priviledges to the "trusted" set of users. So that I won't get 1,000 spammed messages from your list? What a brilliant idea, setting up your system so that any idiot with a Commodore 64 and 256k of ram can't use your system to spam the world. > I don't log mailbot requests. Well, I will starting tomorrow... Like you should have from the beginning? > And suggestions on how to continue to make mailbots available AND make > them reasonably safe encouraged. The mailbot problems are 'warts'. I think you need to check for 'cancer'. Toto From toto at sk.sympatico.ca Fri Dec 27 14:27:23 1996 From: toto at sk.sympatico.ca (Carl Johnson) Date: Fri, 27 Dec 1996 14:27:23 -0800 (PST) Subject: [Fwd: Re: Repair " YOUR OWN " Credit !] Message-ID: <32C46326.56CD@sk.sympatico.ca> An embedded message was scrubbed... From: unknown sender Subject: no subject Date: no date Size: 3304 URL: From sunder at brainlink.com Fri Dec 27 14:32:13 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Fri, 27 Dec 1996 14:32:13 -0800 (PST) Subject: (Fwd) Re: Bad Idea In-Reply-To: <8FsLZD130w165w@bwalk.dm.com> Message-ID: On Fri, 27 Dec 1996, Dr. Spam Dimi Vulis (spit) wrote: > Toto writes: > > > Adam Breaux wrote: > > > As far as I can tell, cypherpunks wasn't subscribed to anything. What > > > happened instead was someone started forging email in the name of the > > > list's submission address to various of my mailbots, which simply send > > > an informational e-mail back. > > > > If cypherpunks wasn't subscribed to anything, then why did I get > > 50 million messages about sports in my mailbox? > > Because Ray Arachelian is an inept forger and a liar. Because Vulis you are full of shit as usual. You are of the old school of do something bad and blame it on others. Sorry, that shit doesn't fly. Tell us Vulis, just how much does the NSA pay for your services to cause mayhem here? =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From sunder at brainlink.com Fri Dec 27 14:34:34 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Fri, 27 Dec 1996 14:34:34 -0800 (PST) Subject: Vulis strikes again? In-Reply-To: <39oLZD125w165w@bwalk.dm.com> Message-ID: On Fri, 27 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > Of course, idiot "cypher punks" Zach and Ray are lying again, as usual. Let's see - since you came here, you posted many huge spams about various things, all of a sudden after your tiff with Tim, we started getting daily warnings about Tim May, followed more recently by daily warnings with ASCII art - in a recent message you responded to the question of ASCII art and thus proved your implication, the list has been getting much advertisement spam that starts wtih Fuck You Spams, and even more recently the list has been conveniently subscribed to several other lists, and now there is loop on the list caused by you. I've been on this list since '93. You've been here since what? early 96? You're the first and only person to be kicked off the list officially - even Detweiler left by his own accord. Patterns are very obvious. So tell us Vileus, how much does the NSA pay you to cause mayhem on this list? You certainly have lots of time on your hands, so when you aren't masturbating to your own posts, you're typing away more spams. So what's the pay check of an NSA scumbag who does what you do for a living? =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From chuqui at plaidworks.com Fri Dec 27 15:26:37 1996 From: chuqui at plaidworks.com (Chuq Von Rospach) Date: Fri, 27 Dec 1996 15:26:37 -0800 (PST) Subject: CypherRevenge In-Reply-To: <19961227175000751.AAA253@monalisa> Message-ID: At 2:35 PM -0800 12/27/96, Carl Johnson wrote: > Then he has the audacity to email my Postmaster, claiming that 'returning' >his mail is 'spamming'? Which Subject: heading bothered him the most, the >one that said, "If you act like an idiot, we'll treat you like one?" (this >is a quote from plaidworks.com's home-page). No, Carl, it was when you started spamming people that I accused you of spamming. Or are you saying that the dozen or so spams (aimed primarily at me and my site) that magically appeared today from *.sk.sympatico.ca IP addresses at the same time as your latest set of abusive return mail is a coincidence? My loopholes aren't as large as you thought they were. They led quite clearly back to you on this one. chuq -- Chuq Von Rospach (chuq at solutions.apple.com) Software Gnome Apple Server Marketing Webmaster Plaidworks Consulting (chuqui at plaidworks.com) ( +-+ The home for Hockey on the net) I got no name or number/ I just hand out the lumber. But if I get a chance to play/ I'm going to show 'em. -- Stick Boy (The Hanson Brothers, SUDDEN DEATH) From dlv at bwalk.dm.com Fri Dec 27 16:00:32 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 27 Dec 1996 16:00:32 -0800 (PST) Subject: Ray Arachelian's typical Armenian spam and sabotage In-Reply-To: Message-ID: <01cmZD131w165w@bwalk.dm.com> Ray Arachelian writes: > On Fri, 27 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > > > Someone should unsubscrive -- apparently Ray's > > tentacle that sends whatever it receives back to "cypher punks" (spit). ... > > Seeing how this is in California - it must be one of your friends Vulis, > or one of your tentacles. Ray "Arsenic" Arachelian is lying again, as usual. California is a hotbed of ASALA/SDPA terrorirm. Please auto-forward all spam to Ray's employers: jack at earthweb.com murray at earthweb.com nova at earthweb.com --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From mpd at netcom.com Fri Dec 27 16:23:02 1996 From: mpd at netcom.com (Mike Duvos) Date: Fri, 27 Dec 1996 16:23:02 -0800 (PST) Subject: Vulis strikes again? In-Reply-To: Message-ID: <199612280022.QAA15873@netcom10.netcom.com> Ray Arachelian writes: > So tell us Vileus, how much does the NSA pay you to cause mayhem on this > list? You certainly have lots of time on your hands, so when you aren't > masturbating to your own posts, you're typing away more spams. So what's > the pay check of an NSA scumbag who does what you do for a living? So now we are being attacked not only by the good doctor, but by the NSA as well? Do they perhaps covet our advanced "Ebonics" technology? The NSA will waste its time trying to disrupt the Cypherpunks list when winged monkeys fly out of my posterior. It's not like the people at the NSA don't have real work to do. Let's try not to look foolish and paranoid at the same time. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From ygarcia at gte.net Fri Dec 27 16:37:20 1996 From: ygarcia at gte.net (ygarcia at gte.net) Date: Fri, 27 Dec 1996 16:37:20 -0800 (PST) Subject: Create all the Prospects You Want! Software on Sale! Message-ID: <199612280049.TAA00825@server.kcii.com> Suck_My_Big_Juicy_Cock, I thought this might interest you. DON'T PAY ANYBODY FOR E-MAIL NAMES!! You can extract your own with our software. No matter what you are marketing, you need prospects. Our system can allow you to reach all the prospecst you can handle. And even more exciting is you don't have to BUY addresses, our software extracts them from anywhere on the internet!! I presently have over 400 responses in my mail folder, and every few minutes or sooner I receive more responses. Find out why we are all so excited about our results. Send a blank e-mail to star-yvonnegarcia-netcontact at nicers.com and you will have the information sent to you. NO PROSPECTS = NO SALES!! Have a great day, Yvonne Garcia P.S. Also FREE ELECTRONIC MARKETING TRAINING AND SUPPORT GROUP AVAILABLE. AND FREE AUTORESPONDERS! This is YOUR KEY to successful Internet Marketing! From dlv at bwalk.dm.com Fri Dec 27 16:50:26 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 27 Dec 1996 16:50:26 -0800 (PST) Subject: Counting the lies in Ray Arachelian's spam In-Reply-To: Message-ID: Ray Arachelian writes: > On Fri, 27 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > > > Of course, idiot "cypher punks" Zach and Ray are lying again, as usual. > > Let's see - since you came here, you posted many huge spams about various > things, all of a sudden after your tiff with Tim, we started getting Lie #1. > daily warnings about Tim May, followed more recently by daily warnings Lie #2 Lie #3 > with ASCII art - in a recent message you responded to the question of Lie #4 > ASCII art and thus proved your implication, the list has been getting Lie #5 > much advertisement spam that starts wtih Fuck You Spams, and even more has nothing to do with me > recently the list has been conveniently subscribed to several other > lists, and now there is loop on the list caused by you. Lie #6 > I've been on this list since '93. You've been here since what? early > 96? You're the first and only person to be kicked off the list Lie #7 probably a lie > officially - even Detweiler left by his own accord. Patterns are very > obvious. Lie #8 > So tell us Vileus, how much does the NSA pay you to cause mayhem on this Lie #9 > list? You certainly have lots of time on your hands, so when you aren't Lie #10 > masturbating to your own posts, you're typing away more spams. So what's Lie #11 Lie #12 > the pay check of an NSA scumbag who does what you do for a living? What's the paycheck of the Earthweb scumbag who spams for a living? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jimbell at pacifier.com Fri Dec 27 17:02:43 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 27 Dec 1996 17:02:43 -0800 (PST) Subject: RUL_let Message-ID: <199612280102.RAA25495@mail.pacifier.com> At 12:15 AM 12/27/96 -0500, Brad Dolan wrote: >On Thu, 26 Dec 1996, Lucky Green wrote: > >> At 08:11 PM 12/26/96 -0500, John Young wrote: >> > >> >"New encryption export rules probably won't be issued until early >> >next week" >> > >> > Rules probably won't be issued until just a day or 2 before they >> > go into effect on January 1, officials said Monday. >> >> Good move on part of the USG. It will keep public discussion to a minimum. >> > >An acquaintance of mine moved here from Germany after the war. >She says that, from her family's perspective, the first clear sign >that things were seriously going to hell was that Hitler and his >friends started issuing proclamations, effective almost immediately, >dictating something else you could or could not do. Later, the >proclamations were made during the night and were effective instantly. Sounds like "government regulations" today, doesn't it! Jim Bell jimbell at pacifier.com From zerofaith at geocities.com Fri Dec 27 17:43:13 1996 From: zerofaith at geocities.com (pSIONIC dAMAGE) Date: Fri, 27 Dec 1996 17:43:13 -0800 (PST) Subject: interesting Message-ID: <199612280142.RAA29840@geocities.com> does anyone remember 2001: A Space Odyssey? Remember the computer's name. HAL Then Think about the letter that follows each in the alphabet. Arthur Clarke said it was just a coincidence... Hmm. pSIONIC dAMAGE Zer0 Faith Inc. www.geocities.com/SiliconValley/Heights/2608 H/P/A/V/C ANTIVIRUS/COUNTERSECURITY "ONLY THE ELITE SURVIVE!" From kalliste at aci.net Fri Dec 27 18:04:12 1996 From: kalliste at aci.net (J. Orlin Grabbe) Date: Fri, 27 Dec 1996 18:04:12 -0800 (PST) Subject: New Crypto Export Rules Monday Message-ID: <32C47DE7.6AD8@aci.net> 27-DEC-1996 18:59 U.S. export encryption rules to be published Monday By Aaron Pressman WASHINGTON, Dec 27 (Reuter) - The Commerce Department will issue final rules on Dec. 30 to implement its new policy on export of computer encoding products, but the proposal is unlikely to mollify the software industry and privacy advocates who objected to a draft version. Some changes were made in the final rules, available Friday at a government printing office, from the earlier draft. But the bulk of the proposal remains the same, including portions strongly criticized by the software industry that applied to real-time communications. Commerce undersecretary William Reinsch had said two weeks ago that the draft rules would be modestly revised, but warned that some objections could not be addressed. Under the previous rules dating from the Cold war, the administration severely limited the export of products containing encryption, programs that use mathematical formulas to scramble information and render it unreadable without a password or software "key." In the past, products could be exported using "keys" as long as 40 digital bits, a string of forty ones and zeros. But as the speed of computers has grown, 40-bit keys have become easy to crack and longer keys have come into general use. At the same time, with the growth of the Internet and online commerce, demand for encryption-capable products is growing worldwide. Coded messages can keep a business' e-mail confidential or protect a consumer's credit card number sent on the Internet. The Commerce Department rules were intended as a compromise, allowing U.S. companies to compete in the encryption market while protecting the interests of law enforcement officials. The policy relies on so-called key recovery features which allow government officials to decode encrypted messages when acting under proper legal authority. Under the policy to be issued Monday, products containing key recovery features will be eligible for export after a one-time review. Software firms had hoped the key recovery exception would only apply to stored data, like a document on a hard drive. But the final rules, like the draft rules, also require key recovery for real-time data transamission such as coded phone calls. Non-key recovery software with keys of up to 56 bits will be exportable under six-month, renewable licenses until the end of 1998, but only if the manufacturer commits to producing software with key recovery by then. Some companies had complained that the government was asking for too much information about their future plans, but the final rules still require submission of detailed plans and committments. All other encryption products, such as state-of-the art 128-bit software without key recovery features, would continue to be treated as munitions. Such products include ordinary e-mail programs and even the recently introduced set-top box for surfing the Internet with a television. The rules deleted a draft provision allowing keys to be stored with a recovery agent located outside of the United States. The final rules also made clear that an applicant's public support of the administration's policy would not be a factor in export license decisions. Rather, helping build the necessary infrastructure would be a factor, the final rules said. A criteria listed as "public support for a key management infrastructure," was changed to "or other support for the key management infrastructure." http://www.aci.net/kalliste/ From azur at netcom.com Fri Dec 27 18:18:36 1996 From: azur at netcom.com (Steve Schear) Date: Fri, 27 Dec 1996 18:18:36 -0800 (PST) Subject: RUL_let Message-ID: >Jim Bell wrote: >>On Thu, 26 Dec 1996, Lucky Green wrote: >> >>> At 08:11 PM 12/26/96 -0500, John Young wrote: >>> > >>> >"New encryption export rules probably won't be issued until early >>> >next week" >>> > >>> > Rules probably won't be issued until just a day or 2 before they >>> > go into effect on January 1, officials said Monday. >>> >>> Good move on part of the USG. It will keep public discussion to a minimum. >>> >> >>An acquaintance of mine moved here from Germany after the war. >>She says that, from her family's perspective, the first clear sign >>that things were seriously going to hell was that Hitler and his >>friends started issuing proclamations, effective almost immediately, >>dictating something else you could or could not do. Later, the >>proclamations were made during the night and were effective instantly. > > >Sounds like "government regulations" today, doesn't it! Or the bogus vote taken recently in Korea's legislature when the ruling party held a "secret" vote in the early morning hours (so the opposition parties would be present) to pass contentious labor laws. -- Steve From rah at shipwright.com Fri Dec 27 18:27:46 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 27 Dec 1996 18:27:46 -0800 (PST) Subject: FYI Unamailer Message-ID: --- begin forwarded text Date: Fri, 27 Dec 1996 06:33:04 +0000 From: Alastair Sweeny Subject: FYI Unamailer To: listmom-talk at skyweyr.com Mime-Version: 1.0 Precedence: Bulk Reply-To: listmom-talk at skyweyr.com Date: Thu Dec 26 18:33:49 1996 From: brock at well.com ("Brock N. Meeks") Subject: CWD--Unamailer Strikes on Christmas To: cwd-l at cyberwerks.com Reply-To: brock at well.com CyberWire Dispatch / Copyright (c)1996/ December 26, 1996 / Jacking in from the "Spam in the Stocking" Port: Unamailer Delivers Christmas Grief by Lewis Z. Koch Special to CyberWire Dispatch "johnny xchaotic," also known as the "Unamailer," is back, and twenty-one individuals -- many of whom are deeply involved in the Internet ---journalists, the heads of computer companies such as Mircrosoft, politicians, and religious figures -- received a "denial of service" Christmas present they wished they didn't have. johnny, and possible friends of johnny, effectively halted these individuals' ability to send and receive E-mail, a denial of service attack which may take days to restore. Among those hit were prominent journalists including magazine columnist joel snyder, because, in xchaotic's words,"your last article in 'Internet World' places all the blame of my actions on an innocent person." Also hit was the magazine's editor Michael Neubarth because of his failure to "apologize" for what were termed journalistic errors.'' Political figures, such as former Presidential candidate Pat Buchanan and U.S. Senate wannabe David Duke, also were targets. Religious figures such as Pat Robertson and Billy Graham were subject to e-mail bombings, as were members of the Church of Scientology and members of the KKK. Mircosoft's Billl Gates, several people from the cable channel MTV also were among those apparently attacked. Others hit include Carolyn Meinel who operates a "Happy Hacker" mailing list, the Klu Klux Klan, MTV and the Nazi party. All told, 21 individuals were hit, some, like Gates for the second time. This is the second time in six months that the work of one or more individuals has exploited relatively simple vulnerabilities in Internet e-mail lists. The first attack, in August, targeted more than 40 individuals, including Bill Clinton and Newt Gingrich and brought a torrent of complaints from the people who found their names sent as subscribers to some 3,000 E- mail lists. By comparison to the Christmas attack, even that relatively modest attack sent enough e-mail to the targeted recipients that it effectively halted their computers' ability to process the messages. This attack is estimated to involve 10,139 listservs groups, 3 times greater than the one that took place in the summer, also at xchaotic's instigation. If each mailing list in this attack sent the targeted individuals just a modest 10 letters to the subscribers' computer those individuals would receive more than 100,000 messages. If each listing system sent 100 messages -- and many do -- then the total messages could tally 1,000,000. Once again, johnny xchaotic has offered an "open letter," given to this reporter before it was scheduled to be posted throughout the Internet, as a way to explain the reasons behind the attack. He also taunted the FBI, telling the agency not to "waste tax dollars trying to track me" because "there are a lot more dangerous people out there you should be concentrating on." (The complete letter will be released shortly to the Net by johnny.) The open letter, and the information outlining the e-mail blast, were give to this reporter as the "attack" was concluding. The attack began the evening of December 24 just before midnight and took four hours, eight minutes and twenty-nine seconds. "They [listserv-based mailing lists] could stop this kind of attack tomorrow," one source close to johnny said, "if they only took the simplest of precautions --like authentication." Authentication is a means by which the listing system, instead of agreeing to the ''subscription'' and then automatically forwarding tens or hundreds of letters to the subscriber, would first ask if the person really wanted to subscribe. This ''verification'' could come as an electronic mail message to the subscriber asking for confirmation. If this process had been in place, someone subject to an E-mail denial of service attack would only receive one letter from each list-- that one being the authentication confirmation query -- do you really want this E-mail -- before sending on 10 or 100 messages. "They're either too lazy or too dumb to do that -- so they have to pay a price," this source said, indicating that the attacks would continue until the administrators "get it right," indicating that johnny and his friends want to pressure administrators into authentication. In these kinds of instances, individuals who have been hit wind up quickly canceling their e-mail accounts, thus passing the responsibility for canceling the "subscription" back to the list administrator. Many suspect the authentication-confirmation process is viewed by listserv systems administrators as an inconvenience and confusing to the subscriber and so, they just avoid it. The attack, however, may be a violation of federal law, punishable by up to five years in prison, or $250,000.00 in fines or both. While there are techniques for tracing this kind of attack when there is advance warning, knowledgeable sources say that this kind of attack is very difficult to trace once the attack has occurred. johnny xchaotic has been labeled a 'Net terrorist,' which, according to some, debases the meaning of the word "terrorism." No one knows who johnny is. He was misidentified earlier by Internet Underground magazine as a well known hacker who calls himself "se7en." This identification proved false. One person close to "johnny xchaotic" said the FBI and Secret Service had been contacted about the illegality of this kind of hack but said they had no interest in this kind of "Net" attack. "We have bigger fish to fry," was the response from law enforcement officials, according to this person. This attitude was confirmed by a former federal prosecutor who said the few federal investigators who understood computers and the Internet were stretched thin in their attempts to apprehend serious cyber-criminals, or to pursue high profile but relatively unimportant cases against hackers such as Kevin Mitnick. There has been a tendency on the part of law enforcement and the media to grossly overestimate the monetary damage caused by hackers. "johnny" and those close to him made it clear that there would be a continuation of these kinds of email "denial of service" attacks. These same sources say those few Federal investigators with the Secret Service and the FBI who are computer literate and savvy about hacking are stretched thin in attempts to solve serious multimillion dollar computer crimes, the vast majority of which are committed by insiders against the companies they work for. It is far easier, these sources say, to track down, arrest and jail 16-year-old hackers who brag about their exploits to friends and fellow hackers than to track down a true professional computer cracker on assignment from one company to search and steal the files of a competitor company. While it may take up to three years to investigate and prosecute one important computer thievery case, teenage hackers can be arrested every few months, thus improving the "stats" by which the FBI and other agencies make their mark and their budgets. This repeated E-mail denial of service attack will be sure to reignite the debate about the "moral" issues surrounding hackers and hacking. What may be ignored -- again --is the failure to rectify the problem after the first attack back in August. Immediately following the first E-mail bombing attack, the Computer Emergency Response Team (CERT) was quick to tell the media that while they had no "solution," they had "hopes" they would be able to "limit the impact" of these kinds of attacks. Today's three-fold attack showed that a six month period of study "hoping to limit the impact" has been futile. Vital communications do not appear to have been slowed down. The attack is a major "inconvenience" to be sure. Others argue that "complacency" is the only true victim of this attack. The temporary inconvenience caused by a few days loss of E-mail privileges might seem to pale in significance with those who were killed and maimed by the terrorists' bombing of the Federal Building, in Oklahoma City, or at the World Trade Center in New York, or in Atlanta at the 96 Olympics, or those who opened packages from the Unibomber and were killed. Prominent government officials like U.S. Deputy Attorney General Jamie Gorelick have called for the development of the equivalent of a "Manhattan project" to stop hackers, though the specifics of what kind of "bomb" Gorelick would develop and on whom she would drop "the bomb" are vague. Unsafe at Any Modem Speed On December 16, a computer attack against WebCom knocked out more than 3,000 Web sites for 40 hours, curtailing Website shopping. The attack --a "SYN-flood" -- sent as many as 200 messages a second against the WebCom host computer. This was the same kind of attack that brought down the popular New York Internet provider Panix for more than a week in September. While Seattle computer security consultant Joel McNamara is sympathetic toward WebCom's users problems, he allows less leeway to the company. "The SYN-flood denial of service attack has been known for months, and there are a variety of solutions for addressing it," McNamara said, "I d be curious as to what, if any, security measures WebCom, a large provider, had in place to deal with a well-known SYN-flood attack. If I couldn't conduct business for 40 hours, I'd have some serious questions to ask." McNamara believes a great deal of the responsibility for the success of these kinds of known attacks rests on the shoulders of managers and systems administrators who do not fully "understand the implications of poor security practices. While the industry hasn't seen this happen yet, it's just a matter of time before a customer files a lawsuit against a service provider because of damages caused by ineffective security," he predicts. FBI agents have been undergoing some education in computer related crimes, but sources say the educated ones are few in number and burdened by too many cases. On the other hand, the FBI has singled out small but prominent hackers for arrest and prosecution, hoping the jailing of these individuals who are well-known to the Net would be a deterrent to other younger people considering hacking. The recent adolescent-like hacking of the Department of Justice Web site seems to indicate that hackers aren't all that deterred. There are other indications that Web page hacks are going to become more political, and perhaps even more dangerous than in the past. The recent hack of the Kriegsman Furs company Web page by animal rights activists indicates one new, sophisticated path. In this attack, the hackers left a manifesto, as well as links to animals rights sites throughout the Web. How easy was it to do? "Security for the site was extremely weak," says McNamara, "The commonly known PHF exploit was likely used to retrieve a system file, which contained a series of easy to crack passwords." Presto, chango. Pro-fur into anti-fur. "It's too easy to pass the blame off on hackers," McNamara says. Like the keys in the car or in the front door, "maintaining an insecure site is just an invitation to problems." Those who were responsible for today's denial of service attack were careful to repeatedly point out to this reporter how "unsophisticated" their attack was and how easily it could have been avoided if the list managers had only taken minimal precautions. "It's kind of like buying new locks and getting an alarm system after everything in the house is stolen. Sure it will probably prevent it from happening again, but if you took the precautions in the first place, the damn thing wouldn't have occurred," he concludes. -------------------- Lew Koch can be reached at: lzkoch at mcs.net --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com), Philodox, e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/ From rah at shipwright.com Fri Dec 27 18:28:32 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 27 Dec 1996 18:28:32 -0800 (PST) Subject: Forged addresses Message-ID: --- begin forwarded text Date: Fri, 27 Dec 1996 15:46:18 -0800 From: Chuq Von Rospach Subject: Re: Forged addresses To: listmom-talk at skyweyr.com Mime-Version: 1.0 Precedence: Bulk Reply-To: listmom-talk at skyweyr.com At 2:20 AM -0800 12/27/96, Joshua D. Baer wrote: >What I was concerned about was when I was sending a message with a From >adress of shaddar+ at cmu.edu but a Sender of josh at grinch.res.cmu.edu and with >an outgoing mail server of skyweyr.com. I think from your later comments >that this would still be OK, wouldn't it? Hmm. (rubbing forehead. God, it's been a long 24 hours...). Hmm. My gut feel is the answer is "maybe". If someone's attempting to post a message to a list, I'd have no trouble accepting it if either the From or Sender matches a known subscriber. That'd be reasonable. I'm not particularly worried about the mail server in that case. If we end up with someone forging mail in someone else's name, we deal with it when it happens and can probably backtrack or otherwise limit it. If they're trying to subscribe to a list, I have a problem with this, because the person admits they're subscribing an address not from who they say they are. I'd want validation of this in some way before trusting it. This is where the mailback subscription verifiction starts becoming moreimportant. Once a person has verified they want on the list, I can relax a lot more about hard-core validation. It's verifying the address being subscribed wants to be subscribed that's the nasty piece. I spent most of last night cleaning up after the spammers, and a good chunk of this morning. I also rewrote my cgi's to close a bunch of the loophole and add a few toys to see if they'd trip, and a couple of hours, the spammer did, so I now know where he's coming from and how they're doing it (he's spoofing through the ANONYMIZER on top of everything else...) -- and left a little reminder there, so he now knows I know. Heh. And I'm in process of closing the loopholes further. Not what I'd planned on doing, but obviously, it can't wait any longer. It's not that they can't be closed to a great degree, only that until this last round, it wasn't really needed. One idiot screwing it up for a lot of folks... -- Chuq Von Rospach (chuq at solutions.apple.com) Software Gnome Apple Server Marketing Webmaster Plaidworks Consulting (chuqui at plaidworks.com) ( +-+ The home for Hockey on the net) I got no name or number/ I just hand out the lumber. But if I get a chance to play/ I'm going to show 'em. -- Stick Boy (The Hanson Brothers, SUDDEN DEATH) --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com), Philodox, e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/ From sl at pobox.com Fri Dec 27 18:40:25 1996 From: sl at pobox.com (Steve Lovett) Date: Fri, 27 Dec 1996 18:40:25 -0800 (PST) Subject: multiplicity In-Reply-To: <199612270420.UAA10292@mailmasher.com> Message-ID: On Thu, 26 Dec 1996 troubled at mailmasher.com wrote: > Just great! The first message I send to this mailing list > and somehow multiple copies of it get posted. > > I honestly don't know how it happened, but I'll try to be > very careful in the future and watch for anything I might > have carelessly done which could have caused this. My guess is that someone has looped mailing list subscriptions - see the Received headers on your message for example: >Received: from uhf.wdc.net (uhf.wdc.net [198.147.74.44]) by toad.com (8.7.5/8.7.3) with ESMTP id XAA15048 for ; Thu, 26 Dec 1996 23:47:01 -0800 (PST) >Received: from toad.com (toad.com [140.174.2.1]) by uhf.wdc.net (8.8.4/8.6.12) with ESMTP id CAA25800 for ; Fri, 27 Dec 1996 02:54:13 -0500 (EST) This gets repeated several times in some messages. Steve From jimbell at pacifier.com Fri Dec 27 19:26:17 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 27 Dec 1996 19:26:17 -0800 (PST) Subject: cryptoanarchy Message-ID: <199612280325.TAA05468@mail.pacifier.com> At 09:18 PM 12/26/96 -0800, Vladimir Z. Nuri wrote: >omegaman taunts me to rant about cryptoanarchy. frankly I find >it tiresome given its originator repeatedly refuses to answer >point-blank questions about key aspects of it. maybe you just don't like the answers? > lacking this, I >fail to take it seriously, given nobody else has a similar idea. You must be kidding. Jim Bell jimbell at pacifier.com From rah at shipwright.com Fri Dec 27 20:11:38 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 27 Dec 1996 20:11:38 -0800 (PST) Subject: Mo' Better Mail Shenanegans? Message-ID: crypto at uhf.wireless.net was subscribed to dcsb at ai.mit.edu, and seems to be directly zinging messages, sans any identification as forwarded material, straight off of dcsb to cypherpunks at toad.com. I went in and killed this address from dcsb, but I don't know how long that's going to last. I forwarded a story to cypherpunks a while ago from Netly News about a rash of denial of service attacks that're happening on email accounts around the net. It looks like cypherpunks is part of that attack, and it looks like crypto at uhf.wireless.net may be involved. Or not. Anyway, I'll send a copy of the Netly article to dcsb in another message, for everyone's entertainment on dcsb. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com), Philodox, e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/ From fygrave at freenet.bishkek.su Fri Dec 27 20:47:21 1996 From: fygrave at freenet.bishkek.su (Fyodor Yarochkin) Date: Fri, 27 Dec 1996 20:47:21 -0800 (PST) Subject: Mark Mage is a Thief In-Reply-To: <32C37D57.2AE4@toad.com> Message-ID: On Thu, 26 Dec 1996, Shit F. Brains wrote: > Dear Troubled, > The guy's a fucking thief, from what I've heard. > It seems the FBI is looking for him for a nasty number he > pulled on some retired people, ripping off their life savings. > He seems to have the IRS IRS? Wazzzat? > after him, as well. > I'd steer clear of him. He's bad news. re you sure>?:) -X----- Fyodor --- fygrave at freenet.bishkek.su --------------------------X-- From fygrave at freenet.bishkek.su Fri Dec 27 21:06:23 1996 From: fygrave at freenet.bishkek.su (Fyodor Yarochkin) Date: Fri, 27 Dec 1996 21:06:23 -0800 (PST) Subject: Mark Mage is a Thief In-Reply-To: <1H7kZD124w165w@bwalk.dm.com> Message-ID: > > In my opinion, just because the FBI and the IRS don't like someone, > s/he ain't necessarily a bad person. agreed... and even more some persons, whom FuckBI doesn't like, are nice ones.. *g* -f From fygrave at freenet.bishkek.su Fri Dec 27 21:23:41 1996 From: fygrave at freenet.bishkek.su (Fyodor Yarochkin) Date: Fri, 27 Dec 1996 21:23:41 -0800 (PST) Subject: Fyodor / Re: SPAM from plaidworks.com In-Reply-To: Message-ID: > > They're innocent people being framed by the SDPA terrorist. > Please forward all unsolicited spam to . terrorist.. how cool;)))))))))))))))))))))).. anyone wanna teach me this?:) From dlv at bwalk.dm.com Fri Dec 27 21:50:26 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 27 Dec 1996 21:50:26 -0800 (PST) Subject: Vulis strikes again? In-Reply-To: <199612280022.QAA15873@netcom10.netcom.com> Message-ID: mpd at netcom.com (Mike Duvos) writes: > Let's try not to look foolish and paranoid at the same time. It's hard for "cypher punks" like Ray Arachelian and cocksucker John Gilmore, given that they're both. I hope the media people on this mailing list are having a good laugh. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Fri Dec 27 21:52:03 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 27 Dec 1996 21:52:03 -0800 (PST) Subject: interesting In-Reply-To: <199612280142.RAA29840@geocities.com> Message-ID: pSIONIC dAMAGE writes: > does anyone remember 2001: A Space Odyssey? Remember the computer's name. > HAL > Then Think about the letter that follows each in the alphabet. Arthur Clarke > said it was just a coincidence... Microsoft claims that WinNT (WNT) is a successor to VMS. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From azur at netcom.com Fri Dec 27 21:53:25 1996 From: azur at netcom.com (Steve Schear) Date: Fri, 27 Dec 1996 21:53:25 -0800 (PST) Subject: Airline travel ID, was: Credentials without Identity--Race Bits Message-ID: >>Bill Stewart wrote: >> I've heard that in less civilized parts of the world you're actually >> required to carry government-issued ID cards to walk down the street >> or fly on airplanes. > >Umm.. tried to get on a flight without having ID lately? Doesn't work - >against policy. Anti-terrorism policy and all.. it's for your own >safety, of course. >-- >Vangelis /\oo/\ Ever wonder whether the airport counter people know a valid ID from a phoney (or a Law Enforcement ID for that matter)? Take my word for it, they don't. Just scan your current ID, change the name/address fields output on your handy-dandy dye-sublimation printer and laminate with a kit from Price-Costco. If you pay for your ticket in cash be prepared for a search of your carry-on luggage. -- Steve From dlv at bwalk.dm.com Fri Dec 27 22:00:28 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 27 Dec 1996 22:00:28 -0800 (PST) Subject: Fyodor / Re: SPAM from plaidworks.com In-Reply-To: Message-ID: Fyodor Yarochkin writes: > > > > They're innocent people being framed by the SDPA terrorist. > > Please forward all unsolicited spam to . > terrorist.. how cool;)))))))))))))))))))))).. anyone wanna teach me this?:) Being in Pishkek, Kyghyzstan, you're probably well aware of the Nazi-like atrocities perpetrated by the Armenian criminals engaged in "ethnic cleansing" of the occupied Azerbaijani territory. You may also be aware of ASALA/SDPA, the terrorist Armenian organization that specializes in assassinating Turkish diplomats and civilians. I think the FBI should look very seriously at the connection between ASALA terrorists and the "cypher punks" gang. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Fri Dec 27 22:00:29 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 27 Dec 1996 22:00:29 -0800 (PST) Subject: multiplicity In-Reply-To: Message-ID: Steve Lovett writes: > My guess is that someone has looped mailing list subscriptions - see the > Received headers on your message for example: > > >Received: from uhf.wdc.net (uhf.wdc.net [198.147.74.44]) by toad.com > (8.7.5/8.7.3) with ESMTP id XAA15048 for ; Thu, 26 > Dec 1996 23:47:01 -0800 (PST) > >Received: from toad.com (toad.com [140.174.2.1]) by uhf.wdc.net > (8.8.4/8.6.12) with ESMTP id CAA25800 for ; > Fri, 27 Dec 1996 02:54:13 -0500 (EST) That "somebody" might very well be the lying Armenian terrorist Ray Arachelian from Earthweb LLC. You can use procmail or a similar program to auto-forward all the spam with wdc.net in the Received headers to Ray's employers: jack at earthweb.com, murray at earthweb.com, and nova at earthweb.com. Cocksucker John Gilmore is a paranoid asshole. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From gnu at toad.com Sun Dec 29 03:02:31 1996 From: gnu at toad.com (John Gilmore) Date: Sun, 29 Dec 1996 03:02:31 -0800 (PST) Subject: Cypherpunks list spam, down, etc. Message-ID: <199612291102.DAA25369@toad.com> Toad.com filled itself up with email due to the spam attack in the last few days. While I was on holiday, Hugh took down the list to stop the mail loop and restore some sanity. It worked. He left it in a slightly broken state which I'm working to clean up. If you sent something useful to the list during that time and received a bounce message, see if your posting comes through by Monday morning. I'll be excavating and forwarding the posts that I can find. If I miss yours, please re-send it (once)! John Gilmore [continuing to contribute work, in order that you-all may use or abuse the resulting forum] From jya at pipeline.com Sun Dec 29 03:46:51 1996 From: jya at pipeline.com (John Young) Date: Sun, 29 Dec 1996 03:46:51 -0800 (PST) Subject: Crypto Rules (Resend) Message-ID: <1.5.4.32.19961229114246.0068bae0@pop.pipeline.com> Federal Register: December 30, 1996: Page 68572-68587 Bureau of Export Administration Encryption Items Transferred From the U.S. Munitions List to the Commerce Control List Summary: This interim rule amends the Export Administration Regulations (EAR) by exercising jurisdiction over, and imposing new combined national security and foreign policy controls on, certain encryption items that were on the United States Munitions List, consistent with Executive Order 13026 and pursuant to the Presidential Memorandum of that date, both issued by President Clinton on November 15, 1996. ----- For full document: http://jya.com/bxa123096.txt (111K) ---------- Federal Register: December 30, 1996: Page 68633 Amendment to the International Traffic In Arms Regulations Department of State. Action: Final rule. Summary: This rule amends the International Traffic in Arms Regulations by removing from the U.S. Munitions List (USML), for transfer to the Department of Commerce's Commerce Control List (CCL), all cryptographic items except those specifically designed, developed, configured, adapted, or modified for military applications (including command, control and intelligence applications). ----- For full document: http://jya.com/itar123096.txt (6K) ----- Or for both, the Federal Register: http://www.access.gpo.gov/su_docs/aces/aces140.html Enter search term: "munitions" From jya at pipeline.com Sun Dec 29 03:48:58 1996 From: jya at pipeline.com (John Young) Date: Sun, 29 Dec 1996 03:48:58 -0800 (PST) Subject: Electronic Surveillance (Resend) Message-ID: <1.5.4.32.19961229114455.006985b0@pop.pipeline.com> We've prepared a list of 122 documents on electronic surveillance selected from the late Office of Technology Assessment's impressive online archive, 1972-96, with links for downloading: http://jya.com/esnoop.htm The selection traces the ascendancy of information technology over a 25-year period, paralleled by governmental surveillance technology. A full listing of the nearly 800 publications of the OTA archives is at: http://jya.com/otapub.htm From admin at veracruz.net Sun Dec 29 03:51:32 1996 From: admin at veracruz.net (Adam Breaux) Date: Sun, 29 Dec 1996 03:51:32 -0800 (PST) Subject: With my deepest regards.... Message-ID: <19961228093152972.AAA292@monalisa> I am withdrawing from this list. Not because of the volume of email...that I can deal with...but what I cannot deal with is the volume of garbage and egotistical ranting that seems so prevalent in what should for all sakes and purposes be a discussion of cyphering and security. Apparently the name of this list is designed to mislead...because of all the posts, a grand total of 5% proved worth reading at all. Thank you and good day. --- Adam Breaux admin at veracruz.net http://www.veracruz.net {Corporate Page } http://www.abyss.com {Extracurricular} http://www.iso-america.com {In Search Of...} "Violence is a cruel world doing what it does best...break the habit...BE NICE" --- me. From rah at shipwright.com Sun Dec 29 03:54:33 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 29 Dec 1996 03:54:33 -0800 (PST) Subject: Advanced cryptography course Message-ID: --- begin forwarded text Date: Sat, 28 Dec 1996 12:24:41 -0500 (EST) From: Christof Paar To: DCSB Subject: Advanced cryptography course MIME-Version: 1.0 Sender: bounce-dcsb at ai.mit.edu Precedence: bulk Reply-To: Christof Paar This is an announcment for an advanced cryptography course in the greater Boston area: Here comes the syllabus for the course EE 589R, Advanced Topics in Cryptography and Data Security. The first class will be held on Monday, January 20, at Worcester Polytechnic Institute. The course is a continuation of EE 578/CS 578, Cryptography and Data Security. It will provide a deeper insight into several areas of cryptology which are of great practical and theoretical importance. The three main areas treated are: Detailed analysis and implementation of public key algorithms, advanced protocols, and modern attacks against cryptographic schemes. We will address many topics which are usually only treated in the research literature. Please feel free to get in touch with me any time if you have further questions about the course. Regards, Christof Paar **************************************************************************** Christof Paar http://ee.wpi.edu/People/faculty/cxp.html Assistant Professor email: christof at ece.wpi.edu ECE Department phone: (508) 831 5061 Worcester Polytechnic Institute fax: (508) 831 5491 100 Institute Road Worcester, MA 01609, USA *************************************************************************** EE 579R, ADVANCED TOPICS IN CRYPTOGRAPHY AND DATA SECURITY Spring `97 WPI, Monday 5:30-8:30 SYLLABUS Week 1 Efficient implementation of RSA: The Chinese Remainder Theorem. Week 2 Efficient implementation of public-key systems over finite fields: Galois fields theory. Week 3 Implementation of Galois field arithmetic. Week 4 Efficient arithmetic with long numbers: Montgomery and Karatsuba-Ofman algorithm. Week 5 Efficient exponentiation algorithms. Week 6 Attacks against the discrete logarithms: Shank's algorithm and Pollard's-rho method. Week 7 Midterm Exam Week 8 Attacks against the discrete logarithms: Index calculus method. Week 9 Attacks against block ciphers: Differential cryptanalysis. Week 10 Block ciphers from arithmetic operations: IDEA. Week 11 Secret sharing and threshold schemes. Week 12 Zero knowledge identification schemes. Week 13 Selected topics, depending on class interest. Week 14 Final Exam. TEXTBOOK Menezes, van Oorschot, Vanstone: Handbook of Applied Cryptography. CRC Press, October 96, ISBN 0-8493-8523-7, $80 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To unsubscribe from this list, send a letter to: Majordomo at ai.mit.edu In the body of the message, write: unsubscribe dcsb Or, to subscribe, write: subscribe dcsb If you have questions, write to me at Owner-DCSB at ai.mit.edu --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com), Philodox, e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/ From jimbell at pacifier.com Sun Dec 29 03:56:36 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 29 Dec 1996 03:56:36 -0800 (PST) Subject: Access fees idea dropped for ISPs? Message-ID: <199612281857.KAA13027@mail.pacifier.com> >Date: Sat, 28 Dec 1996 02:35:29 -0500 (EST) >From: "James M. Cobb" >To: jcobb at ahcbsd1.ovnet.com >Subject: DAVID AWAKES! 12 28 96 > > Friend, > > 12 27 96 San Francisco Examiner distributes a newsstory > headlined: > > INTERNET SERVICE COMPANIES WIN VICTORY > WHEN FEDS DROP ACCESS FEES > > > The story reports: > > The FCC is in the process of making sweeping changes > to connection, or access, fees that could result in > a huge drop in phone rates for residential and busi- > ness customers. > > > The FCC's counsel for new technology, Kevin Werbach, says > that as part of that process: > > "The commission raised the specific question of wheth- > er [ISPs] should pay access charges.... [The FCC] ten- > tatively concluded that the answer is 'no'." > > > That tentative conclusion tallies with FCC past practice: > > In 1983, the FCC exempted Internet providers from pay- > ing the same kind of per-minute access charges that > long-distance companies pay to connect to local cus- > tomers. > > > The story reports the Internet Access Coalition has: > > ...assiduously pressed the FCC for weeks to ensure > that Internet users have access to a low, flat month- > ly rate. > > > Who are some of these IAC good guys? > > ...Intel, Apple Computer, Netscape Communications, A- > merica Online, IBM, AT&T, Digital Equipment and Compaq > Computer.... > > > The story reports that the FCC connection-fees process: > > ...to trim the $23.4 billion in annual fees that long- > distance carriers pay local phone companies...is expec- > ted to be formally approved in the spring following > public hearings. > > > We'll see what happens when the tentatives roll around! > > The tentatives? > > This latest FCC decision and the PROMISE of "a low, flat > monthly rate" --maybe even for end-users. > > > > Cordially, > > Jim > > > > NOTE. The newsstory's URL: > > http://www.nando.net/newsroom/ntn/info/122796 > /info3_20620.html > > > Wire services contributed to the Examiner's story. > > This critical essay was composed 12 27 96. > Jim Bell jimbell at pacifier.com From azur at netcom.com Sun Dec 29 03:57:04 1996 From: azur at netcom.com (Steve Schear) Date: Sun, 29 Dec 1996 03:57:04 -0800 (PST) Subject: Limiting copyright Message-ID: GENERAL The US Constitution empowers Congress to pass laws "to promote progress of science and [the] useful arts." Congress has chosen to accomplish this constitutional goal by granting authors a limited set of exclusive rights in their works. The founding fathers wanted, through copyright, to encourage the useful arts and thereby offer to the public the fruits of these artists. Copyright protects all original works of authorship, including such things as personal letters and corporate memoranda, from the moment they are first fixed in a tangible form. About 50,000 U.S. books go out-of-print each year. The lack of continuous availability of these works runs counter to the implicit balance sought by the founding fathers between the needs of the public and copyright holders. In the past copyright holders could reasonably maintain that economics prohibited keeping works in print, with practical, economic and ubiquitous on-line means, this is no longer a barrier. This being so, why should copyrights on "significant" works (e.g., written one's with length's greater than 20,000 words) which have been commercialized continue when the public cannot gain ready access to copy of same? This logic follows from the use-it-or-lose-it concept of trademarks. Changes are need to ensure the public that such "significant" commercialized copyright works are continuously available. Under this recommendation the works must remain available from the copyright holder or their licensee, specialty resellers (e.g., hard to find book locators) wouldn't count, but electronic publication would. If a copyright holder fails to keep a work continuously available, then after a brief interval (e.g., six months) the copyright would lapse. SOME DETAILS Reversion Often, the owner of copyright (the author) is different from the owner of the privilege to publish of a book or item. This privilege is assigned by a contract between an author and publisher, mediated by an agent and editor. Once signed, the author has little influence on the decision to keep a book in print (unless they are big-time authors, like Danielle Steele or Stephen King.) Furthermore, changes in editors, editorial direction, management, ownership, etc., can affect decisions on whether or not to support a book, keep it in print, etc., none of which the average author can influence. Usually, contracts between authors and publishers have rights reversions clauses, returning all rights to the author, once a book goes out-of-print. However, publishers have come up with a new term "out-of-stock-indefinitely" which fundamentally means "out-of-print" but doesn't trigger reversion of rights. Therefore, a part of the provision might ban author-publisher contract clauses with these reversion changes. This would be similar to music copyrights/contract law which limit a composers right to sign over more than a certain percentage of their interest in a work to the publisher. Revision An author may sometimes seek to remove a work from circulation, perhaps the work becomes embarrassing or dated and needs to be revised. So, another part of the provision might allow the author to irrevocably place the copyright for a work to be withdrawn in a state of "limbo" such that no one (including the author) could publish the work until the author's death (or the copyright's normal expiration date). Copyright for revised works would permit the author to replace one work with another by relinquishing the copyright for the former work (which cannot be republished until the copyright's normal expiration date.) -- Steve From dws at gonif.com Sun Dec 29 03:57:37 1996 From: dws at gonif.com (Dennis S.) Date: Sun, 29 Dec 1996 03:57:37 -0800 (PST) Subject: Au Revoir to Yahoo's reverse telephone number lookup service Message-ID: <32C5D3F0.6691BBB7@gonif.com> Below is a letter I recently sent to Yahoo regarding the discontinuation of their reverse telephone number lookup service. [ http://www.yahoo.com/docs/info/people_faq.html#numbers ] Dear Yahoo: When I saw your reverse-number lookup had disappeared, I was surprised, and over the past several days have grown angry about it. I wouldn't even be able to say I was angry at Yahoo, it would be nice for Yahoo to show backbone, but that is definitely something "above and beyond" what could be expected of a company such as yours, I am an admin and I certainly know what it feels like when a user puts up a controversial web page (or spams, or whatever). The thing that really angers me is that large corporations and institutions, and upper class people already have access to not just reverse lookup capability for listed numbers, but for unlisted numbers as well. I can get a CD-ROM for the type of service you were selling from a store for $100 or so, and unlike yours, can use it to easily created junk mailing lists etc. And for more money I can get access to people's unlisted numbers from on-line services and other sources, plus a lot more information. I should point out here that your service was useful to me for non-"nefarious" purposes. For example, I often have phone numbers written on scraps of paper with no indication as to who/what the number is. I suppose my co-workers and I should always write down the name of everyone we're calling back over it, even if it isn't necessary at that moment, but such is life. Reverse lookup helped decode these numbers, mysterious numbers on my phone bill, and so forth. I can understand the people who wander onto your page and dislike the fact that people can get their name and address from their telephone number. But that is _not_ the issue, because corporations and people who can afford to pay $300 for "Tickle Me Elmo" already has access to that information, and even more which is not even in the public domain. The issue is that this information is being taken away from people who can not afford it. What's wrong with giving the average lower/middle class person access to that information? Well, obviously a lot to some people. With all the hubbub over whether or not naked girls will be displayed on our screens, at least in the U.S., the more dull background maneuvers - the shutdown of anon.penet.fi, the continued mess of encryption export, CyberSitter's secret censorship of political content etc., forever creep forward. When all is said and done, you were simply giving less privileged individuals access to powerful information. Well, these types of letters can run on fairly long, I've tried to keep it as brief as possible while still containing my points. As I said in the beginning, I do not really blame Yahoo for this, I think some people must have been too flustered in getting the access to power which had previously been unknown to them, and blamed their confusion and fear of it on Y(ah)ou. You might even say the effort was valiant to begin with. I wish I had the resources to purchase a reverse database quarterly in order to give it away free (or maybe even ad-sponsored, how else would I pay it?) on the web, plus the costs of web hosting, possible legal costs etc., but alas, I do not. I forget what the title of John Markoff's article on the closing of Stallman's free account base at ai.mit.edu, so I'll just say Au Revoir reverse lookup, I wish I could say I'm waiting for your return, but I suspect I shall be seeing more incidents like yours in the future. Dennis Sheil dennis at gonif.com http://www.gonif.com From jazzmin at ou.edu Sun Dec 29 03:58:07 1996 From: jazzmin at ou.edu (Jazzmin Belle Sommers) Date: Sun, 29 Dec 1996 03:58:07 -0800 (PST) Subject: ssn hack Message-ID: <32c5d3216ed5002@cliff.ou.edu> heh. This was so simple, it still confounds me. I was asked for my social security number whilst writing a check last night (my driver license doesn't have it on there). I just said, "oh, I don't have one, I'm not a citizen." She bought it! I got asked where I belonged to, so I said Germany (not actually a lie, it's my heritage). Next time I think I'll say Belgium. What's that itty bitty country between France and Spain? Angorra? Yeah. That's it. I still find that the best line of defense regarding privacy is a complete second identity. Does anyone know how to apply for proper papers (taxpayer ID#, checking account, picture ID of some sort) for a second identity? As far as I know, it is not illegal to have one, as long as it is not used for fraud. I'm an artist, yeah, that's it. What, you really think someone's actual name is Jazzmin Belle Sommers? Get outta town! Jazz From ichudov at algebra.com Sun Dec 29 03:58:23 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 29 Dec 1996 03:58:23 -0800 (PST) Subject: Java compilation Message-ID: <199612290343.VAA15069@manifold.algebra.com> hi there was a discussion on this mailing list on whether java to native code compilers are available now. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ todd at cs.arizona.edu Todd A. Proebsting at University of Arizona CS Department, SUBJECT "Toba," A Robust Java-to-C Translation System New Beta Release of Toba for Linux! URL http://www.cs.arizona.edu/sumatra/toba/ DESCRIPTION "Toba" translates Java bytecodes to C. After being compiled, the generated routines link with Toba's run-time system, which includes a complete garbage collector, threads interface (Solaris version only), and core Java API. Toba translates applications (e.g., javac), not applets. Toba-translated applications typically run 3-5 times faster than those interpreted by Sun's JDK 1.0.2. Toba's API does not currently include AWT or dynamic linking. The Solaris version of Toba has thread support; the Linux version does not. (Thread support is not needed for many popular Java applications like javac.) PLATFORM Solaris, Linux BODY Our freely-available distribution includes source code for all of Toba---we encourage outside porting efforts. Toba (the translator) is written in Java. The run-time system is in C. Toba uses the freely- available Boehm-Weiser garbage collector. The Solaris version uses the native Solaris threads package. (We have not used any of Sun's source code--in any way--to develop Toba. Toba source code is free of all of Sun's licensing restrictions.) While this is a beta distribution, Toba appears robust. Because of their significantly improved performance, we run Toba-compiled versions of javac (and Toba itself) exclusively for development purposes and have done so for the last four months. For more information please visit our website, http://www.cs.arizona.edu/sumatra/toba/ Or, simply fetch our distribution and enjoy running your java applications many times faster: ftp://ftp.cs.arizona.edu/sumatra/toba/toba.tar.Z Toba is part of the larger, on-going "Sumatra" research project at the Department of Computer Science of The University of Arizona. The Sumatra project explores the issues surrounding efficient execution of mobile code. For more information about the Sumatra Project, visit our website, http://www.cs.arizona.edu/sumatra/ Members of the Sumatra Project: Todd A. Proebsting (project leader) John H. Hartman Gregg M. Townsend Patrick Bridges Tim Newsham Scott A. Watterson - Igor. From shamrock at netcom.com Sun Dec 29 04:04:54 1996 From: shamrock at netcom.com (Lucky Green) Date: Sun, 29 Dec 1996 04:04:54 -0800 (PST) Subject: New crypto regs outlaw financing non-US development Message-ID: <3.0.32.19961228225731.006b3080@netcom13.netcom.com> As you know, the President has transferred most crypto from State to Commerce. We were all waiting in anticipation for the text of new regulations to take effect on 12/30/96. Not because we thought that the new regs will be more favorable to industry and the individual (we know better), but so we could assess the damage. I will try to give a brief look at some interesting provisions in the new regs. I assume the reader is familiar with the carrot and stick (export of single DES and key escrow) provision of the new regs. IANAL. This post refers to the text of the regulations available at http://jya.com/bxa123096.txt and http://jya.com/itar123096.txt The above URL's mirror [Federal Register: December 30, 1996 (Volume 61, Number 251)], also available via http://www.access.gpo.gov/su_docs/aces/aces140.html First the good news: the export controls mentioned in the draft of the regs on any kind of data security software, regardless if it uses crypto or not did not carry into the final version. Now to the rest of the news. >equests for one-time review of recoverable >products which allow government officials to obtain, under proper legal >authority and without the cooperation or knowledge of the user, the >plaintext of the encrypted data and communications will also receive >favorable consideration. The GAK provisions require that the keys are made available without knowledge of the user. This disqualifies some of the suggested key recovery schemes alerting the user to the fact that keys are being requested. >A >printed book or other printed material setting forth encryption source >code is not itself subject to the EAR (see Sec. 734.3(b)(2)). However, >notwithstanding Sec. 734.3(b)(2), encryption source code in electronic >form or media (e.g., computer diskette or CD ROM) remains subject to >the EAR (see Sec. 734.3(b)(3)). The administration continues to review >whether and to what extent scannable encryption source or object code >in printed form should be subject to the EAR and reserves the option to >impose export controls on such software for national security and >foreign policy reasons. Printed source can still be exported. Source printed in special OCR fonts will eventually be banned. Finally, to the big one: >Sec. 736.2 General prohibitions and determination of applicability. > >* * * * * > (7) General Prohibition Seven--Support of Certain Activities by >U.S. persons--(i) Support of Proliferation Activities (U.S. Person >Proliferation Activity). If you are a U.S. Person as that term is >defined in Sec. 744.6(c) of the EAR, you may not engage in any >activities prohibited by Sec. 744.6 (a) or (b) of the EAR which >prohibits the performance, without a license from BXA, of certain >financing, contracting, service, support, transportation, freight >forwarding, or employment that you know will assist in certain >proliferation activities described further in part 744 of the EAR. >There are no License Exceptions to this General Prohibition Seven in >part 740 of the EAR unless specifically authorized in that part. IMHO, this closes the door on the foreign contracting loophole used by C2 and others. It is now illegal for US persons to finance or contract out overseas crypto development, since doing so will obviously assist in proliferation. While not unexpected (I offered a bet on Cypherpunks that this would happen. Nobody took the bet.), this provision sets a dangerous precedence. The technical assistance prohibitions of the past have been transformed into general prohibitions against "financing, contracting, service, support, transportation, freight forwarding, or employment". Again, IANAL. -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://www.mersenne.org/prime.htm From jya at pipeline.com Sun Dec 29 04:04:58 1996 From: jya at pipeline.com (John Young) Date: Sun, 29 Dec 1996 04:04:58 -0800 (PST) Subject: CAVE Dig Out Message-ID: <1.5.4.32.19961229120053.00691fa4@pop.pipeline.com> I just re-read John Perry Barlow's 1992 article, "Decrypting the Puzzle Palace," and was knocked over by his attack on TIA's TR45.3 committee and the CAVE algorithm. If you've not seen it lately (and Whit Diffie's comments on CAVE), I've put it at: http://jya.com/puzzle.htm Inspired by this and John Gilmore's similar attack on TIA and the TR45.3 gang in a message to me, I've put notices on my Web site that I will provide the CAVE algorithm to anyone who asks (and the TR45.3 document): http://jya.com/cave.htm Analysis of it will determine whether CAVE is as deliberately NSA-crippled as Gilmore, Barlow and Diffie claim, and that the TIA and the TR45.3 "wannabe spooks" committee cravenly caved (but, hey, it's never too late to dig out). Thanks to those who upbraded me for caving too. Digging now. From toto at sk.sympatico.ca Sun Dec 29 04:36:39 1996 From: toto at sk.sympatico.ca (Toto) Date: Sun, 29 Dec 1996 04:36:39 -0800 (PST) Subject: Test Only/6:37 AM Message-ID: <32C6824E.33E2@sk.sympatico.ca> From frissell at panix.com Sun Dec 29 05:58:58 1996 From: frissell at panix.com (Duncan Frissell) Date: Sun, 29 Dec 1996 05:58:58 -0800 (PST) Subject: ssn hack Message-ID: <3.0.1.32.19691231190000.00689794@panix.com> At 08:10 PM 12/28/96 -0600, Jazzmin Belle Sommers wrote: >heh. > >This was so simple, it still confounds me. > >I was asked for my social security number whilst writing a check last night >(my driver license doesn't have it on there). I just said, "oh, I don't >have one, I'm not a citizen." > >She bought it! I got asked where I belonged to, so I said Germany (not >actually a lie, it's my heritage). Next time I think I'll say Belgium. Those with straight American accents might like to claim to be Canadians. DCF From dlv at bwalk.dm.com Sun Dec 29 06:00:10 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 29 Dec 1996 06:00:10 -0800 (PST) Subject: Cypherpunks list spam, down, etc. In-Reply-To: <199612291102.DAA25369@toad.com> Message-ID: <73aPZD12w165w@bwalk.dm.com> Up early, ain't he... John Gilmore writes: > John Gilmore > [continuing to contribute work, in order that you-all may use > or abuse the resulting forum] I suppose John's hard work moderating, pulling plugs, suppressind dissent, and shilling for the NSA, is appreciated by his fellow "cypher punk" cocksuckers. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jmr at shopmiami.com Sun Dec 29 08:10:51 1996 From: jmr at shopmiami.com (Jim Ray) Date: Sun, 29 Dec 1996 08:10:51 -0800 (PST) Subject: WinSock temporarily going down Message-ID: <199612291610.LAA58498@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: remailer-operators at c2.net, cypherpunks at toad.com, jgrasty at gate.net Date: Sun Dec 29 11:10:08 1996 Due to a glitch that could potentially open the way to serious abuse of the remailer, the WinSock remailer is temporarily ceasing operation. We will return to seminormal operation when Joey returns to town, probably in a day or two. My apologies if this inconveniences anyone. JMR WinSock admins Regards, Jim Ray DNRC Minister of Encryption Advocacy "In local news, the city of Miami discovered that it was $68 million short and was forced to seriously consider cutting back such municipal operations as the City Hall Drive-Thru Bribe Window." -- Dave Barry, 12/29/96 PGP id.A7D63DA9 98 1F 39 BA 93 86 B4 F5 57 52 64 0E DA BA 2C 71 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEPAwUBMsaX5jUhsGSn1j2pAQHAcQfQxWeTzFsNBnzK3582Tz4Yopq4zzsTL4E2 BIYs0ipNDE9lXxx3ITpHswHJh6W5ueMFrUshGmu7dvkA/NVyib3RxMGZTQi6v3Wt qBb+89Q6pUJOi9PRC9cuBdHJ+jIP962klkGZ5ir19VWzQ2+R6tel7oMq0zlIJap1 U6bw0xQbxf9hg3RayFvISw0u0xWsHbj0d1oDhE7flihR/8CKAqgmRwtn/1h24EJY Tpxou04PWVgvDkuciIlYbEgyHtRA/qQj6BSTpa/uL8BfYYvhQ60ZZYDpStnN0FRo 6v92BW7ESvhDg9A3re6KHraMPWFkM8Yt2EO4NLw8ShE2Hg== =diu+ -----END PGP SIGNATURE----- From adam at homeport.org Sun Dec 29 08:24:02 1996 From: adam at homeport.org (Adam Shostack) Date: Sun, 29 Dec 1996 08:24:02 -0800 (PST) Subject: www.af.mil Message-ID: <199612291621.LAA00620@homeport.org> Has been, um, revised. You can learn all about gov't corruption here. Learn the secrets that they don't know want you to know. Well not really, I don't have time for that. -- "It is seldom that liberty of any kind is lost all at once." -Hume From ichudov at algebra.com Sun Dec 29 08:32:20 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 29 Dec 1996 08:32:20 -0800 (PST) Subject: ssn hack In-Reply-To: <32c5d3216ed5002@cliff.ou.edu> Message-ID: <199612291624.KAA19081@manifold.algebra.com> Jazzmin Belle Sommers wrote: > This was so simple, it still confounds me. > > I was asked for my social security number whilst writing a check last night > (my driver license doesn't have it on there). I just said, "oh, I don't > have one, I'm not a citizen." > > She bought it! I got asked where I belonged to, so I said Germany (not > actually a lie, it's my heritage). Next time I think I'll say Belgium. > What's that itty bitty country between France and Spain? Angorra? Yeah. > That's it. In a similar situation, I once simply refused to give it out: I said that according to law I do not have to tell it. That was it. - Igor. From aga at dhp.com Sun Dec 29 09:01:44 1996 From: aga at dhp.com (aga) Date: Sun, 29 Dec 1996 09:01:44 -0800 (PST) Subject: John Gilmore, 58, dead of AIDS In-Reply-To: <199612291445.JAA29174@dhp.com> Message-ID: On Sun, 29 Dec 1996, Anonymous wrote: > John Gilmore died of AIDS today in his San Francisco bathhouse, Toad Hall. > He was 58. > Is this true, or just some bullshit? From jlucas4 at capital.edu Sun Dec 29 10:54:12 1996 From: jlucas4 at capital.edu (Jesse Lucas) Date: Sun, 29 Dec 1996 10:54:12 -0800 (PST) Subject: anon.penet.fi... Message-ID: <9612291841.AA00673@athena.capital.edu> Can anyone tell me the story of the demise of penet.fi? I came on the scene right after it shutdown and never got to use the service, or see the site. oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo o )\ _. - ._.) = Jesse Lucas - jlucas4 at capital.edu o 1 /. `- ' ( `--' : http://www.geocites.com/collegepark/7332 1 1 `- , ) - > ) \ : "I cut off their heads and, like heaps of grain,1 o (.' \) (.' -. = I piled them up." - Assyrian Ruler o oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo oo1oo From tcmay at got.net Sun Dec 29 10:54:45 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 29 Dec 1996 10:54:45 -0800 (PST) Subject: "Structuring" of Communications a Felony? In-Reply-To: <3.0.32.19961228225731.006b3080@netcom13.netcom.com> Message-ID: At 10:57 PM -0800 12/28/96, Lucky Green wrote: >IMHO, this closes the door on the foreign contracting loophole used by C2 >and others. It is now illegal for US persons to finance or contract out >overseas crypto development, since doing so will obviously assist in >proliferation. While not unexpected (I offered a bet on Cypherpunks that >this would happen. Nobody took the bet.), this provision sets a dangerous >precedence. The technical assistance prohibitions of the past have been >transformed into general prohibitions against "financing, contracting, >service, support, transportation, freight forwarding, or employment". > >Again, IANAL. Nor am I, but I have a "prediction" to make in the spirit of Lucky's types of predictions of doom. I predict that we will see within two years a law making it illegal to "structure communications" with the intent to avoid traceability, accountability, etc. This would be along the lines of the laws making it illegal to "structure" financial transactions with the (apparent) intent to avoid or evade certain laws about reporting of income, reporting of transactions, etc. As I was wading through the 500 accumulated Cypherpunks messages upon my return, and after I discarded hundreds of spam and loop messages, and all of the Vulisgrams--and about 50 others my filter kicked into the trash--I was struck by the discussion by our former Federal prosecutor, Brian Davis, about a "structuring" case he personally handled--the gambling lawyer ("IANAL--not") who arranged to receive his winnings as three separate $9000 checks. He paid all of his taxes, perhaps because he was alerted to the invwestigation, but he nevertheless paid them. And yet, as Brian notes, he forfeited the $27,000 in income. (Brian has noted that the guy voluntarily agreed to this outcome, to avoid a court battle. The effect is that he lost his income for the crime of structuring transactions, not for evading taxes.) How long before the U.S. Code declares "attempting to obscure or hide the origin of a communication" to be a felony? That would rule out orninary mail without return adresses, but I think there are ample signs we're already moving toward this situation (packages that could be bombs putatively require ID, talk of the Postal Service handling the citizen-unit authentication/signature system, etc.). While this would not stop all uses of remailers, sendmail-type hacks a la Port 25 obfuscation, and so on, it would give the Feds a powerful tool in the suppression of remailer networks. "The operator of Anonymizer.com failed to file adequate "Reports of Suspicious Communications" with the Internet Regulatory Commission. He has agreed to settle the case by forfeiting his machines, his office furniture, and $225,000 in alleged profits from past uses of his remailer service." The various lawyers on this list may point out flaws in my prediction. Please do! And there are still workarounds to such laws. But I think the use of such regulations to "get" those the government wants "got" is a time-honored strategy in our modern state. As Whit Diffie notes, the War on Drugs certainly did not stop drug use, but it most assuredly caused _corporations_ to be pressed into service as de facto drug policy enforcers. (How, you ask? The threat of forfeiture of corporation-owned properties if drugs were ever found on them. And the loss of government business if urine samples were not taken regularly. "Just say no" posters up in the company cafeterias.) Similar restrictions on cryptography--including the "suspicious communications" reporting item discussed here--will have a similar effect: casual or "underground" users will of course not be directly affected, but corporate or institutional users will find their institutions are actings as the cops. The large corporations will dare not use "rogue" crypto, for fear of being hit with tax evasion or SEC or FTC charges (think about it--that undecodable communication using remailer networks could have been about price-fixing, or collusion). And companies offering anonymizing services, like the old business model of Community Connexion (C2), will likely be hit with the "structuring" rules. This will force strong, unescrowed crypto to the margins, to the underground. Exactly the desired intent, of course. You heard it here. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From silly at ugcs.caltech.edu Sun Dec 29 11:07:26 1996 From: silly at ugcs.caltech.edu (me) Date: Sun, 29 Dec 1996 11:07:26 -0800 (PST) Subject: Crypto Rules In-Reply-To: Message-ID: <5a6fgr$k2c@gap.cco.caltech.edu> John Young writes: >Federal Register: December 30, 1996: >Page 68572-68587 >Bureau of Export Administration > >Encryption Items Transferred From the U.S. Munitions List >to the Commerce Control List >... >Note to paragraphs (b)(2) and (b)(3) of this section: A printed >book or other printed material setting forth encryption source code >is not itself subject to the EAR (see Sec. 734.3(b)(2)). However, >notwithstanding Sec. 734.3(b)(2), encryption source code in >electronic form or media (e.g., computer diskette or CD ROM) remains >subject to the EAR (see Sec. 734.3(b)(3)). >... It's curious that they're still making this distinction. I've got to wonder, if push came to shove, how they'd differentiate between, say, a book and a TeX document of the same book, on a CD. Unfortunately, the person testing this may go to prison for a long time. I saw no mention of prison time or fines for breaking these provisions -- I can only assume that the teeth are buried in other Commerce regulations. Does anyone know offhand what penalties are involved? Also, the choice of the Commerce Department to play gatekeeper is an interesting one, tactically. Is the addition of a few "or import" clauses likely? "One small step..." as they say. (me) From multi at manybiz.com Sun Dec 29 11:37:05 1996 From: multi at manybiz.com (multi at manybiz.com) Date: Sun, 29 Dec 1996 11:37:05 -0800 (PST) Subject: Happy New Year!!! Message-ID: <199612291811.NAA17265@server1.iop.com> Hi, Please do not flame me, or respond with anger. If you want your name removed, send a *blank* email with the word REMOVE in the subject field and you will be permanantly removed from my mailing list. ***************************************************************************** Hello friend, as a fellow opportunity seeker, I recently came accross a brand new FREE Downline Club that I feel I must share with you. Its name is the "Auto-Compounder" and we have a state of the art management team dedicated to insure that everyone who gets involved will succeed. I'm offering you a FREE instantaneous Web Page, FREE enrollment, and FREE information to help you get started in promoting your business. In a few weeks, when you have a large downline, you will have the option to enter an MLM program along with your downline. This will insure you that you will make money right from the start. Since all this is FREE, you have nothing to lose but the time it takes to go to my web page and fill out the online application. Take a look at it now so you don't waste any time. In the first month of existence, there have been several thousand people join the program and there will be thousands more to come. Act now so you don't miss out on this incredible opportunity. Getting in a program like this near the top can bring you much prosperity and financial success. Thanks, Tom http://www.alliedsystems.com/compounder/TH07746.html From teralee at hotmail.com Sun Dec 29 11:37:50 1996 From: teralee at hotmail.com (teralee at hotmail.com) Date: Sun, 29 Dec 1996 11:37:50 -0800 (PST) Subject: New Web Site - Pass It On Message-ID: There is a new web site for people going to college and needing financial aid. The site has downloadable software for electronic filing of the FAFSA for free. There is even software for increasing your financial aid eligibility. Check it out and pass this message on if you or someone you know is going to apply for financial aid and attend college in the United States. http://www.procps.com From dthorn at gte.net Sun Dec 29 11:39:30 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 29 Dec 1996 11:39:30 -0800 (PST) Subject: With my deepest regards.... In-Reply-To: <19961228093152972.AAA292@monalisa> Message-ID: <32C6AECC.20D3@gte.net> Adam Breaux wrote: > I am withdrawing from this list. Not because of the volume of > email...that I can deal with...but what I cannot deal with is the > volume of garbage and egotistical ranting that seems so prevalent in > what should for all sakes and purposes be a discussion of cyphering > and security. Apparently the name of this list is designed to > mislead...because of all the posts, a grand total of 5% proved worth > reading at all. Note to cypherpunks: This guy complains about the problem, but he *is* the problem. *He* wants to tell us *he's* leaving. Talk about ego- tistical ranting! What a hypocrite. BTW, 5% is a pretty good percentage in my book. From mixmaster at remail.obscura.com Sun Dec 29 11:54:50 1996 From: mixmaster at remail.obscura.com (Mixmaster) Date: Sun, 29 Dec 1996 11:54:50 -0800 (PST) Subject: [ADMINISTRATIVIUM] PGP Message-ID: <199612291930.LAA11740@sirius.infonex.com> The arrival of warm weather is heralded by the pig shit (or whatever kind of shit Intel swines have for brains) getting soft in Tim C. May's mini-cranium and the resulting green slime seeping through his cocaine- and syphilis- damaged nose and onto his keyboard. )_( [@ @] Tim C. May |/ \| \O/ From perry at piermont.com Sun Dec 29 11:56:25 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 29 Dec 1996 11:56:25 -0800 (PST) Subject: John Gilmore, 58, dead of AIDS In-Reply-To: Message-ID: <199612291956.OAA26388@jekyll.piermont.com> aga writes: > On Sun, 29 Dec 1996, Anonymous wrote: > > > John Gilmore died of AIDS today in his San Francisco bathhouse, Toad Hall. > > He was 58. > > > > Is this true, or just some bullshit? Its bullshit from the usual sources. Perry From azur at netcom.com Sun Dec 29 12:22:57 1996 From: azur at netcom.com (Steve Schear) Date: Sun, 29 Dec 1996 12:22:57 -0800 (PST) Subject: FCC Access Charge Proceeding Message-ID: >Date: Sun, 29 Dec 1996 10:19:56 -0600 >Reply-To: telecomreg at relay.doit.wisc.edu >Originator: telecomreg at relay.doit.wisc.edu >Sender: telecomreg at relay.doit.wisc.edu >Precedence: bulk >From: NJF >To: Multiple recipients of list >Subject: FCC Access Charge Proceeding >X-Comment: Requests (UNSUBSCRIBE/HELP) to: listserver at relay.doit.wisc.edu >MIME-Version: 1.0 >Status: U > > I have placed on our Web site at: > > http://www.commlaw.com/pepper/Memos/InfoLaw/access.html > >an analysis of the FCC's Notice of Inquiry on whether ISPs should be >required to pay access charges. We also have available the full text of >the NOI (long) for downloading in Word and WordPerfect formats. > > This is an extremely important proceeding for anyone doing business >online. If the RBOCs get their way, the cost of connecting to the Net >could go through the roof. Pepper & Corazzini is preparing to file >comments and reply comments on behalf of interested parties. This will >be a very time-consuming effort as we anticipate voluminous comments to >be filed by a large number of companies. We are prepared to file joint >comments and replies on behalf of companies supporting the present >policy of exempting ISPs from access charges. This will enable a large >number of firms to participate at a nominal cost. Please contact me if >you are interested. And please feel free to circulate this to any list >that may be relevant. > >Neal J. Friedman >Telecommunications and Information Law >Pepper & Corazzini, L.L.P. >1776 K St., N.W. >Washington, DC 20006 >njf at commlaw.com >Voice: 202-296-0600 Fax: 202-296-0600 >Web Site: http://www.commlaw.com >> > From dlv at bwalk.dm.com Sun Dec 29 13:00:12 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 29 Dec 1996 13:00:12 -0800 (PST) Subject: With my deepest regards.... In-Reply-To: <19961228093152972.AAA292@monalisa> Message-ID: admin at veracruz.net (Adam Breaux) writes: > I am withdrawing from this list. Good riddance, and an unhappy new year to all "cypher punks". --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From blake at bcdev.com Sun Dec 29 13:20:02 1996 From: blake at bcdev.com (Blake Coverett) Date: Sun, 29 Dec 1996 13:20:02 -0800 (PST) Subject: Random ITAR violations Message-ID: <01BBF5A4.147DA1C0@bcdev.com> I was looking through the current rfc index for something else a few minutes ago when I noticed rfc2040 from the end of October. Machine readable C code for several modes of RC5. From azur at netcom.com Sun Dec 29 13:33:36 1996 From: azur at netcom.com (Steve Schear) Date: Sun, 29 Dec 1996 13:33:36 -0800 (PST) Subject: "Structuring" of Communications a Felony? Message-ID: >At 10:57 PM -0800 12/28/96, Lucky Green wrote: > >>IMHO, this closes the door on the foreign contracting loophole used by C2 >>and others. It is now illegal for US persons to finance or contract out >>overseas crypto development, since doing so will obviously assist in >>proliferation. While not unexpected (I offered a bet on Cypherpunks that >>this would happen. Nobody took the bet.), this provision sets a dangerous >>precedence. The technical assistance prohibitions of the past have been >>transformed into general prohibitions against "financing, contracting, >>service, support, transportation, freight forwarding, or employment". >> >>Again, IANAL. > >Nor am I, but I have a "prediction" to make in the spirit of Lucky's types >of predictions of doom. > >I predict that we will see within two years a law making it illegal to >"structure communications" with the intent to avoid traceability, >accountability, etc. > >This would be along the lines of the laws making it illegal to "structure" >financial transactions with the (apparent) intent to avoid or evade certain >laws about reporting of income, reporting of transactions, etc. > [snip] > >How long before the U.S. Code declares "attempting to obscure or hide the >origin of a communication" to be a felony? That would rule out orninary >mail without return adresses, but I think there are ample signs we're >already moving toward this situation (packages that could be bombs >putatively require ID, talk of the Postal Service handling the citizen-unit >authentication/signature system, etc.). > [snip] >You heard it here. > >--Tim May Tim, I think that this is highly unlikely. The SC has ruled repeatedly that anonymous speech is a foundation of American politics (e.g., the Federalist Papers). Care to make this prediction a bet? -- Steve From tcmay at got.net Sun Dec 29 14:01:50 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 29 Dec 1996 14:01:50 -0800 (PST) Subject: "Structuring" of Communications a Felony? In-Reply-To: Message-ID: At 1:35 PM -0800 12/29/96, Steve Schear wrote: >Tim, I think that this is highly unlikely. The SC has ruled repeatedly >that anonymous speech is a foundation of American politics (e.g., the >Federalist Papers). > >Care to make this prediction a bet? Unlike Sandy, I'm not a great believer in multi-year bets as an epistemological tool.... As to the "anonymous speech" rulings, I mainly know of the 1956 Georgia case, in which the Supremes struck down a law requiring that leaflets handed out have a name attached. I don't know of more recent rulings, especially ones related to the Internet. (Why this is important is that the Supreme Court has often differentiated between types of speech. For example, ask a liquor or tobacco company if it has "freedom of speech." Ask those who put labels on their products if they have freedom of speech--the Federal Trade Commission, Food and Drug Administration, etc., declare what may not be said, what must be said, etc. First Amendment scholars are of course well aware that the First is not treated as an absolute.) If origin-labelling is unconstitutional, as Steve claims, then on what basis can the U.S. Postal Service require identification for packages over one pound? Surely what is inside the package may be considered "speech" (by those interested in pushing the point). And there are many other situations where anonymity is no longer allowed, where once it was. The gambling example Brian Davis brought up is an example: for the purposes of tax collection, regulation of gambling, etc., winners of nontrivial amounts must identify themselves. (This example shows that various governmental practices--tax collection, regulation of substances, regulation of markets, etc.--can be used to trump what were once considered to be basic freedoms...the freedom to spend money anonymously, the freedom to travel anonymously, the freedom to not have tax collectors enter one's house and inspect one's papers, and so on, are no longer considered to be freedoms.) As to how such regulations about origin-labeling might develop, here are several points: 1. A sharp increase in spamming, mass mailing, threatening letters, etc....sort of like the "denial of service" and spamming/looping attacks seen here on Cypherpunks, and being seen widely on the Net. This will increase pressure to "do something about it." A Senator Exon type person will introduce legislation to require e-mail be labelled. 2. As the Four Horsemen ride, as death threats are delivered anonymously (as has already happened), further calls will be made for requiring I.D. of packets. At the least, remailer services will be required to "escrow" the identities of senders. (The Church of Scientology is a situation to consider...they were able to force Julf to reveal a pseudonym-true name mapping, and I expect more such cases...Europe will probably evolve quickly to a system where pseudonyms will be permitted, providing an "identity escrow" data base is inspectable by law enforcement and interested parties in legal cases.) Such identity escrow in remailer networks would of course put an end to chaining of remailers. 3. Civil libertarians will wail and will cite the 1956 Supreme Court case about leafletting. Lawyers on the other side will point out that all that is being affected is _mail_, not anonymous speech in public fora (though restrictions on that may be tried, too). That is, that the _content_ of a package, a la the Postal Service I.D. situation, is not at issue, only the valid identification of point of origin. 4. A couple of court rulings could devastate remailers. For example, holding remailers liable, criminally and civilly, for the content of messages they deliver. Without an origin address, the remailer could be assumed to have originated the message. (This has long been an issue, implicit in my "everyone a remailer" thesis of a few years back. Anyone could send any message, and simply claim "I didn't write it...I'm just a remailer.") In closing, I think the Supreme Court will, when it eventually agrees to hear a relevant case, will differentiate between protected anonymous speech in public forums and the labelling of sealed packages, sealed letters, and sealed e-mail. They will argue along the lines of saying that the labelling law is for the protection of society and not for tracking down dissidents. The effect will of course be the same, but this will be the fig leaf which allows them to uphold such laws. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From roland at internetfleamarket.com Sun Dec 29 14:09:00 1996 From: roland at internetfleamarket.com (roland at internetfleamarket.com) Date: Sun, 29 Dec 1996 14:09:00 -0800 (PST) Subject: VIB Message-ID: <199612292208.OAA03107@toad.com> Fuck_God_Up_The_Ass, This is a VIB (Very Important Bookmark)! The Internet Fleamarket is available now to all Internet users locally, nationwide and worldwide. Sell what you don't need, offer your service and reach out to all. Or just visit us! http://internetfleamarket.com . Happy New Year! From daw at cs.berkeley.edu Sun Dec 29 14:15:43 1996 From: daw at cs.berkeley.edu (David Wagner) Date: Sun, 29 Dec 1996 14:15:43 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: Message-ID: <5a6qc8$54r@joseph.cs.berkeley.edu> In article <199612241223.HAA14556 at homeport.org>, Adam Shostack wrote: > (Speaking of which, is a state > university student ID considered 'government issued?' How about a > faculty or staff ID card?) Well, when I fly they ask for 'government issued' picture ID, and I present my UC Berkeley student ID for inspection. They usually grumble at me, but I grumble back, and in the end they've always accepted it. Try it sometime. (And yes, my student ID is probably eminently forgable -- it looks very ragged and unprofessional.) P.S. At JFK I had a guy tell me that they preferred to see my social security card! I was completely surprised, since it has no picture, and (I think) says 'this card not to be used for identification purposes' at the bottom. Anyone know anything about this? From ichudov at algebra.com Sun Dec 29 14:35:44 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 29 Dec 1996 14:35:44 -0800 (PST) Subject: cypherpunks suggestion Message-ID: <199612292022.OAA20370@manifold.algebra.com> John -- Just got back after vacation... It is my understanding that cpunks list has been attacked by several clever tricks. I have a couple of suggestions on how to improve protection of this list: # Use the following recipe in .procmailrc for cypherpunks (or majordomo) # account: :0 * ^TOcypherpunks * !^X-Loop: * !^FROM_MAILER * !^FROM_DAEMON * !^X-Mailing-List: { # get rid of duplicates :0 Wh: msgid.lock | formail -D 65524 msgid.cache # add X-Loop:, etc :0 fhw | formail -I "X-Loop: cypherpunks at toad.com" \ -I "X-Mailing-List: cypherpunks at toad.com" \ -I "Precedence: list" \ -I "Errors-To: cypherpunks-errors at toad.com" # this recipe finally passes the submission to majordomo :0 | majordomo .... } The rest is not really anything for cypherpunks, and should go to /dev/null. - Igor. From tcmay at got.net Sun Dec 29 15:04:27 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 29 Dec 1996 15:04:27 -0800 (PST) Subject: "Structuring" of Communications a Felony? In-Reply-To: Message-ID: Another point about "anonymous speech" and its legal protections (a la the 1956 Georgia leafletting case), consider a similar "basic right": the right to move freely and anonymously. Well, it turns out that in the U.S. this right is thwarted by income tax laws. Not to mention driver's license laws, Social Security laws, etc. (Yes, as Duncan and others are fond of pointing out, there are ways to avoid some of these laws. I won't recap them here. But these are often difficult to bypass, at least for those not constantly watching every action they take, and may be felonies in some cases. Loompanics and Paladin sell various books on creating new identities, etc.) For example, while citizen-units in the United States are free to move to new locales without permission and without registration, unlike in some countries, the tax collector expects a valid home (or at least mailing) address on tax returns. (Use of a tax preparer is one workaround, though the tax preparer probably is required by some law or another to know the "true domicile" of a client...left as an exercise as to whether this is ever enforced.) My point is not to attack the notion of taxation, but to note that tax collection often involves by necessity (for our current approach) strong invasions of privacy...no different from when the King's Tax Collector roamed around one's farm and household looking for things to tax. Harry Browne makes this point eloquently in his new book, "Why Government Doesn't Work." I believe the various rumblings about regulation of digital cash and electronic mail will turn out to be enacted with this kind of justification. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From omega at bigeasy.com Sun Dec 29 15:12:45 1996 From: omega at bigeasy.com (Omegaman) Date: Sun, 29 Dec 1996 15:12:45 -0800 (PST) Subject: Untraceable Payments, Extortion, and Other Bad Things In-Reply-To: Message-ID: On Sat, 21 Dec 1996, Timothy C. May wrote: I can conceive of some ways in which only one untraceable anonymous payment system could be controlled or halted if the aforementioned "bad things" occurred. > be released unless a payment is made. Physical acts have a nexus of > detection at the act itself, the kidnapping, the bomb-planting, etc. (...) > "Untraceable payments" refer to payer- and payee-untraceable Chaum-style > cash. Although for the discussions here of extortion, payee-untraceable > (the person being paid would not be traceable is my sense of this term) > digital cash would be sufficient; that the payment originated from XYZ > Corporation or some account at the Bank of Albania would not stop the acts. Indeed. But criminals are often a stupid and foolish lot. Many will be caught at the "nexus" of physical action due to their own ineptitude. I can envision several such instances occurring where it is publicized that these were contract (killings,extortions,kidnappings) in which the individual was to be paid in Bank of Albani digital cash. This publicity and subsequent public outrage result in many corporations and institutions seizing the moral high ground (and a little good publicity which could result in more revenue, of course) and advocating/enforcing a ban on usage of bank of Albania digital bux. The motivation of some of the corporations and banks is their investment in their own competing forms of digital cash. The Government is motivated to support these anti-albanian actions for all the obvious reasons. The motivations of the exposing journalists are left as an exercise to the reader. > How Ed receives the funds without the bits being followed through > cyberspace is of course an easy exercise for readers here. Anonymous > remailers with reply-block capabilities, a la Mixmaster, or, my preference, > posting in a public place, a la the Usenet or other widely-disseminated > message pools. All protocols which have to be carefully followed by the Ed. (He might use a cutout or two to further muddy the link between him and vic.) > Ed takes the crypto credits and redeems them as he sees fit (after some > unblinding stuff, of course). The redemption order is unlinkable to the > extortion. True, but if Bank of Albania digital cash is not accepted as a method of payment, what good does this do Ed? No one will change them because they are largely worthless. > So, even if "Mark Twain Bank" and "Bank of America," and, indeed, the rest > of the U.S. banking establishment eschews untraceability, the presence of > such services anywhere in the world is enough to make the act described > workable. And that "anywhere in the world" can, as I mentioned earlier, > encompass the various underground banking systems already widely in use > (Tongs, Triads, chop marks, etc. in Asia, and presumably similar systems > elsewhere). Or it could encompass fairly conventional banks which offer Not familiar with these systems... > such untraceable routes for a premium. A $5,000 commission on top of the > $25,000 transfer would make a lot of the world's banks sit up and take > notice. And so long as they were not told what the fund transfer was all > about--Vic is unlikely to gain anything by telling them--they have > plausible deniability and moral comfort. > And I surmise that the U.S. Government must have realized this. And > realized that only by _completely quashing_ all such untraceable payments > systems can the goals of stopping such "bad uses" be met. Not to mention the loss of tax revenue.... > Unfortunately for them, and unfortunately for the victims of such crimes, > no such worldwide stoppage of all such systems seems possible, even with > draconian police state measures. There are just too many interstices for > the bits to hide. And too much economic incentive for some persons or banks > to offer such funds transfer methods. Of course not. But unless untraceable digital cash becomes a ubiquitous and widely used form, it will not be useful for these "bad things" (or any other purpose As always, the key is deployment of an untraceable, anonymouse form of digital cash now. Wide usage is part of the key to legitimization. Right now the government is frantically attempting to marginalize the idea of fully untraceable digicash with all sorts of four-horsemen publicity. If everybody's already using it, they'll be far less likely to switch to a new digicash-escrow alternative. _______________________________________________________________ Omegaman PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send e-mail with "get key" in the "Subject:" field to get a copy of my public key _______________________________________________________________ From tcmay at got.net Sun Dec 29 15:13:31 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 29 Dec 1996 15:13:31 -0800 (PST) Subject: Internal Passports In-Reply-To: Message-ID: At 2:12 PM -0800 12/29/96, David Wagner wrote: >In article <199612241223.HAA14556 at homeport.org>, >Adam Shostack wrote: >> (Speaking of which, is a state >> university student ID considered 'government issued?' How about a >> faculty or staff ID card?) > >Well, when I fly they ask for 'government issued' picture ID, and >I present my UC Berkeley student ID for inspection. They usually >grumble at me, but I grumble back, and in the end they've always >accepted it. Try it sometime. (And yes, my student ID is probably >eminently forgable -- it looks very ragged and unprofessional.) > >P.S. At JFK I had a guy tell me that they preferred to see my >social security card! I was completely surprised, since it has no >picture, and (I think) says 'this card not to be used for identification >purposes' at the bottom. Anyone know anything about this? My SS card, issued in 1969 (and which I still have, surprisingly enough), says this. Someone said recently here on the list that this line was dropped in more recent years. I've never once, in 29 years, been asked to show my little ragged card, and I only have it because I kept it stored with my passport. (No employer ever asked to see it; I haven't been employed for more than 10 years, so I can't say anything about recent policies in the wake of the "immigration crisis.") The current hysteria about "identification" probably does nothing to stop real terrorists...if there's one thing they can easily afford, it's realistic-looking ID cards, in any flavor and in any number. What I think this means is a move toward a national ID card, replacing the confusing (to airlines, to government agents, etc.) mishmash of state driver's licenses, student ID cards, etc. After all, if someone doesn't drive, and has no passport, just what _is_ there "government issued" picture ID supposed to be, if not a national ID card? Or, as we like to say, an "internal passport." Or as the Christian Right likes to say, "the mark of the Beast." Big Brother's SS number: 666-42-0000. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From starr at lakes.ring.com Sun Dec 29 15:19:25 1996 From: starr at lakes.ring.com (starr at lakes.ring.com) Date: Sun, 29 Dec 1996 15:19:25 -0800 (PST) Subject: Do you need the MOST powerful way to advertise? Message-ID: <199612292319.PAA04561@toad.com> cypherpunks at toad.com, Hi, saw you posting online and was wondering if you market products/services using your computer and would like to learn how to do so QUITE a bit better than what you are already doing? If so, just say the words (words=MORE ORDERS) and I'll email a free, helpful file that could mean the online marketing difference between scintillating success and frustrating failure. OR! to get this profitable information free RIGHT NOW! INSTANTLY! send an email to star-conniestarr-netcontact at nicers.com (just put this in the to: field) and a free, complete information package will be emailed to you automatically in less than ONE MINUTE! ACT NOW! Sincerely, Connie Starr ps: don't forget the address to send for free information has one r in the first star and two r's in the second starr From tcmay at got.net Sun Dec 29 15:31:52 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 29 Dec 1996 15:31:52 -0800 (PST) Subject: Untraceable Payments, Extortion, and Other Bad Things In-Reply-To: Message-ID: By the way, I was gone last week, and missed some of the follow-ups to this thread. I did notice in Omegaman's replies that he was replying to Detwweiler's wailings about "Timmy." (What's with Detweiler and Vulis both being so hung up on such a nickname? If it makes them feel they're winning converts, let them call me "Timmy." Jeesh.) At 6:21 PM -0600 12/29/96, Omegaman wrote: >But criminals are often a stupid and foolish lot. Many will be caught at >the "nexus" of physical action due to their own ineptitude. I can envision >several such instances occurring where it is publicized that these were >contract (killings,extortions,kidnappings) in which the individual was to be >paid in Bank of Albani digital cash. Sure, but my interest is in the possible, not the dumb mistakes of dumb people. That some criminals will screw up and reveal their identities is no different from the similar possibility that some people will mess up in using remailers; doesn't alter the interesting properties of remailer networks. >This publicity and subsequent public outrage result in many corporations and >institutions seizing the moral high ground (and a little good publicity >which could result in more revenue, of course) and advocating/enforcing a >ban on usage of bank of Albania digital bux. Perhaps. But I note that various "outrages" associated with use of Swiss banks--Jewish gold deposits, banana republic deposits, tax avoidance, etc.--have not exactly driven Swiss and similar banks out of existence. Greed is a powerful lubricant. And there are of course various ways to make the traffic less obvious. >> Ed takes the crypto credits and redeems them as he sees fit (after some >> unblinding stuff, of course). The redemption order is unlinkable to the >> extortion. > >True, but if Bank of Albania digital cash is not accepted as a method of >payment, what good does this do Ed? No one will change them because they >are largely worthless. Ed can of course redeem his Bank of Albania digibux at the Bank of Albania, if worst came to worst and somehow the Bank of Albania was "frozen out" of the banking community (see below for why this is effectively impossible). Go to Tiraz, present the digibux numbers, take payment in paper dollars, gold coins, whatever. And, more importantly, the "doubly untraceable" nature of true Chaumian e-cash means that the Bank of Albania _cannot_ be frozen out of the banking system (assuming other banks are also issuing Chaumian cash). Any mechanism that would allow the Bank of Botswana, for example, to "know" that the Bank of Albania was buying untraceable Botswanabux would of course mean the Botswanabux were not untraceable! Once Bank of Albania can buy such untraceable currency, they can pay Ed off in them. Or variants of this. (The similarity of a network of Chaumian digicash banks to a network of remailers is obvious...indeed, Chaum's work on "digital mixes" preceeded his work on digital cash, 1981 vs. 1985.) ... >Of course not. But unless untraceable digital cash becomes a ubiquitous and >widely used form, it will not be useful for these "bad things" (or any other >purpose > >As always, the key is deployment of an untraceable, anonymouse form of >digital cash now. Wide usage is part of the key to legitimization. Right >now the government is frantically attempting to marginalize the idea of >fully untraceable digicash with all sorts of four-horsemen publicity. > >If everybody's already using it, they'll be far less likely to switch to a >new digicash-escrow alternative. Well, I agree with all of these points. They want deployment halted, or at least slowed. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From rah at shipwright.com Sun Dec 29 15:34:07 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 29 Dec 1996 15:34:07 -0800 (PST) Subject: DCSB: Applying PGP To Digital Commerce Message-ID: -----BEGIN PGP SIGNED MESSAGE----- The Digital Commerce Society of Boston Presents Rodney Thayer Sable Technology Corporation "Applying PGP To Digital Commerce" Tuesday, January 7, 1997 12 - 2 PM The Downtown Harvard Club of Boston One Federal Street, Boston, MA Rodney Thayer has 20 years experience in the software development business. For the past 10 years he has been designing, implementing, deploying, and troubleshooting networking software. He currently is the Principal of a consulting firm based in Newton, Massachusetts where he is involved in the implementation of communications products for a variety of customers, including software vendors, major end-user organizations, and several governmental organizations both foreign and domestic. He also writes and lectures on the deployment, troubleshooting, and implementation of data communications networks. Mr. Thayer will talk about how PGP can be used in the business world today, for exchange of information, digitally identifying documents, and other commerce applications. In this presentation, we will discuss the application of PGP, including mechanics, the cryptographic and legal issues, and the infrastructure requirements for it's use. The state of the art in digital message encryption is now at the point where it has become practical to use encrypted and digitally signed email for digital commerce. Recently, one scheme, PGP, has emerged from the realm of the cyberpunk as a legitimate tool for business. Commercial products are now available that support PGP encryption in electronic mail and for documents and digital storage. PGP is no longer a cult tool for computer junkies and cyberpunks. It is a legitimate, sound cryptographic technology that can be used, today, for digital commerce. As an increasingly crypto-aware business community searches for solutions, the question of how to use message encryption tools such as PGP becomes germaine to the business community. This meeting of the Digital Commerce Society of Boston will be held on Tuesday, January 7, 1997 from 12pm - 2pm at the Downtown Branch of the Harvard Club of Boston, One Federal Street. The price for lunch is $27.50. This price includes lunch, room rental, and the speaker's lunch. ;-). The Harvard Club *does* have dress code: jackets and ties for men, and "appropriate business attire" for women. We will attempt to record this meeting and put it on the web in RealAudio format at some future date We need to receive a company check, or money order, (or, if we *really* know you, a personal check) payable to "The Harvard Club of Boston", by Saturday, January 4, or you won't be on the list for lunch. Checks payable to anyone else but The Harvard Club of Boston will have to be sent back. Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston, Massachusetts, 02131. Again, they *must* be made payable to "The Harvard Club of Boston". If anyone has questions, or has a problem with these arrangements (We've had to work with glacial A/P departments more than once, for instance), please let us know via e-mail, and we'll see if we can work something out. Planned speakers for DCSB are: February David Kaufman 1996 in Review / Predictions for 1997 March TBA April Stewart Baker Encryption Policy and Digital Commerce We are actively searching for future speakers. If you are in Boston on the first Tuesday of the month, and you would like to make a presentation to the Society, please send e-mail to the DCSB Program Commmittee, care of Robert Hettinga, rah at shipwright.com . For more information about the Digital Commerce Society of Boston, send "info dcsb" in the body of a message to majordomo at ai.mit.edu . If you want to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a message to majordomo at ai.mit.edu . Looking forward to seeing you there! Cheers, Robert Hettinga Moderator, The Digital Commerce Society of Boston -----BEGIN PGP SIGNATURE----- Version: SafeMail� 1.0b6 e32 iQCVAwUBMsb+IvgyLN8bw6ZVAQEhRgP/b5Q5u83gIUAqJYPHp6J/BxKUrFjy/fYH J4EqvEvjKrdWE0jcwE34ISf+qUmBS+rZZRYVMsQ8jiVa/uF8TwNNTEEe5kMUPpne UtKvuJOEosFURwGfR4OLoYu1NsqPNuzAD40dwfQDQGVcmTqNlivhikZByE4MTNVz bUlII450N/8= =IS1x -----END PGP SIGNATURE----- ----------------- Robert Hettinga (rah at shipwright.com), Philodox, e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/ From rah at shipwright.com Sun Dec 29 15:38:29 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 29 Dec 1996 15:38:29 -0800 (PST) Subject: Internal Passports In-Reply-To: <5a6qc8$54r@joseph.cs.berkeley.edu> Message-ID: At 6:20 pm -0500 12/29/96, Timothy C. May wrote: >What I think this means is a move toward a national ID card, replacing the >confusing (to airlines, to government agents, etc.) mishmash of state >driver's licenses, student ID cards, etc. "I've found that they issue a national ID card, it's time to leave..." Lazarus Long, "Time Enough For Love", by Robert A. Heinlein Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com), Philodox, e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/ From azur at netcom.com Sun Dec 29 16:03:27 1996 From: azur at netcom.com (Steve Schear) Date: Sun, 29 Dec 1996 16:03:27 -0800 (PST) Subject: New crypto regs outlaw financing non-US development Message-ID: > Lucky Green writes: [snip] >Finally, to the big one: >>Sec. 736.2 General prohibitions and determination of applicability. >> >>* * * * * >> (7) General Prohibition Seven--Support of Certain Activities by >>U.S. persons--(i) Support of Proliferation Activities (U.S. Person >>Proliferation Activity). If you are a U.S. Person as that term is >>defined in Sec. 744.6(c) of the EAR, you may not engage in any >>activities prohibited by Sec. 744.6 (a) or (b) of the EAR which >>prohibits the performance, without a license from BXA, of certain >>financing, contracting, service, support, transportation, freight >>forwarding, or employment that you know will assist in certain >>proliferation activities described further in part 744 of the EAR. >>There are no License Exceptions to this General Prohibition Seven in >>part 740 of the EAR unless specifically authorized in that part. > >IMHO, this closes the door on the foreign contracting loophole used by C2 >and others. It is now illegal for US persons to finance or contract out >overseas crypto development, since doing so will obviously assist in >proliferation. While not unexpected (I offered a bet on Cypherpunks that >this would happen. Nobody took the bet.), this provision sets a dangerous >precedence. The technical assistance prohibitions of the past have been >transformed into general prohibitions against "financing, contracting, >service, support, transportation, freight forwarding, or employment". > >Again, IANAL. > If they have not already done so, those currently doing work for/with C2 can form an off-shore company to manage and develop the crypto work. This off-shore company can then sell shares (private/public) to citizens and companies (both foreign and domestic) and use the proceeds to develop the software. Some of the investors (e.g., C2) could be offered the opportunity to become distributors and support the products in their respective countries. I doubt the Executive order can be interpreted to mean U.S. citizens cannot purchase stocks of foreign companies engaged in crypto. There are many companies (e.g., NEC, Siemans, Philips, ect.) which engage in development of crypto equipment which would not be exportable if they were produced in the U.S. Can the gov't deny us the right to invest in these and other offshore companies? Since those working for C2 are already doing so offshore (e.g., Australia and England, I believe) these parties would only need to separately incorporate an entity to conduct that portion of their current business now under contract to C2. --Steve From sameer at c2.net Sun Dec 29 16:28:39 1996 From: sameer at c2.net (sameer) Date: Sun, 29 Dec 1996 16:28:39 -0800 (PST) Subject: Internal Passports In-Reply-To: Message-ID: <199612300048.QAA28467@gabber.c2.net> > I've never once, in 29 years, been asked to show my little ragged card, and > I only have it because I kept it stored with my passport. (No employer ever > asked to see it; I haven't been employed for more than 10 years, so I can't > say anything about recent policies in the wake of the "immigration crisis.") These days you can show a passport in leui of a social security card. (I showed my"current employer" my SS card because I kept forgetting to bring my poassport in to work. What an odd concept, proving to my employer that I had a right to wrk in the US... apparently the law is that you have a $10k fine if you *dont have the paperwork* -- it doen't matter if all your employees are legal.) > > The current hysteria about "identification" probably does nothing to stop > real terrorists...if there's one thing they can easily afford, it's > realistic-looking ID cards, in any flavor and in any number. > > What I think this means is a move toward a national ID card, replacing the > confusing (to airlines, to government agents, etc.) mishmash of state > driver's licenses, student ID cards, etc. After all, if someone doesn't > drive, and has no passport, just what _is_ there "government issued" > picture ID supposed to be, if not a national ID card? Or, as we like to > say, an "internal passport." > > Or as the Christian Right likes to say, "the mark of the Beast." Big > Brother's SS number: 666-42-0000. > > --Tim May > > > > Just say "No" to "Big Brother Inside" > We got computers, we're tapping phone lines, I know that that ain't allowed. > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^1398269 | black markets, collapse of governments. > "National borders aren't even speed bumps on the information superhighway." > > > > -- Sameer Parekh Voice: 510-986-8770 President FAX: 510-986-8777 C2Net C2Net is having a party: http://www.c2.net/party/ http://www.c2.net/ sameer at c2.net From tcmay at got.net Sun Dec 29 16:57:08 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 29 Dec 1996 16:57:08 -0800 (PST) Subject: Internal Passports In-Reply-To: Message-ID: At 4:48 PM -0800 12/29/96, sameer wrote: >> I've never once, in 29 years, been asked to show my little ragged card, and >> I only have it because I kept it stored with my passport. (No employer ever >> asked to see it; I haven't been employed for more than 10 years, so I can't >> say anything about recent policies in the wake of the "immigration crisis.") > > These days you can show a passport in leui of a social >security card. (I showed my"current employer" my SS card because I >kept forgetting to bring my poassport in to work. What an odd concept, >proving to my employer that I had a right to wrk in the >US... apparently the law is that you have a $10k fine if you *dont >have the paperwork* -- it doen't matter if all your employees are >legal.) Indeed, the similarities with the "structuring" example (of financial deposits, even one's own money!!!) are frightening. If prosecutors wanted to "make an example" of someone, they could. (This is part of a much larger issue: the vast array of laws, which nearly all of us violate in various ways on various days. When there are so many laws that one is almost inevitably a felon is, to me, the very definition of a "terror state.") Brian Davis, our former federal prosecutor, seems a reasonable enough fellow, and I'm fairly certain that he would not have sought an indictment for a "small fry" who failed to ask for the proper SS card, but it's sobering to think that a business could be shut down or massively fined for such a thing. (I was advised in a local newsgroup that asking Hispanic-looking job applicants more questions about their U.S. status than one asks of Aryan-looking job applicants is ipso facto a serious, serious crime. So, what does the white applicant who has no "proof" of his U.S. residency--no passport, no birth certificate, no official card, just his "whiteness" and his flawless English--do when confronted with such a question? Just supplying an SS number is apparently not enough. By the way, a question for Brian (if he happens to see this): Suppose I take $27,000 I've had stuffed under my mattress...already taxed, blah blah blah. In other words, no chance of it being "illicit" or "unreported." That is, a situation like our gambler friend (he reported the income), except even more clearly a case where the money is outright owned (by traditional Western notions of ownership, i.e., cash sitting in a safe deposit box, or under a mattress, etc. So, I go to three banks and deposit $9,000 in each, for whatever reasons. Do I face forfeiture of my money? If so, I'll joing Jim Bell in his advocacy of solving this problem in a more drastic way. (Question: How many "small fry" have faced this kind of forfeiture for committing the "crime" of making two or more deposits, thus appearing to fit the "structuring profile"?) On the forfeiture issue, I'm more and more convinced "deal making" is a basic evil in our judicial system. While the argument is valid that it reduces courtroom crowding (and maybe prison crowding), it also makes things too easy for the government side to file serious charges and then "bargain" for a compromise. "Civil forfeiture" is a Damoclean sword hanging over the heads of citizens. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From gt at kdn0.attnet.or.jp Sun Dec 29 17:06:55 1996 From: gt at kdn0.attnet.or.jp (Gemini Thunder) Date: Sun, 29 Dec 1996 17:06:55 -0800 (PST) Subject: New crypto regulations Message-ID: <32cc13c3.83442324@kdn0.attnet.or.jp> Concerning the new crypto regulations: " Note to paragraphs (b)(2) and (b)(3) of this section: A printed book or other printed material setting forth encryption source code is not itself subject to the EAR (see Sec. 734.3(b)(2)). However, notwithstanding Sec. 734.3(b)(2), encryption source code in electronic form or media (e.g., computer diskette or CD ROM) remains subject to the EAR (see Sec. 734.3(b)(3))." This is a big question for me. How does the fact that the same exact information, when stored on magnetic media, cause it to lose its freedom of press protection? Has magnetic media never been tested in court for freedom of press applicability? What are the laws that outline the differences between magnetic media and printed media? Specifically, the one(s) that permit the non-protection of magnetic media? Does this mean that if a journal published an article on some strong non-key escrow encryption algorithm that included source code, it could not later offer that same article on a CD-ROM collection? or provide that same source code online? From tcmay at got.net Sun Dec 29 17:08:25 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 29 Dec 1996 17:08:25 -0800 (PST) Subject: New crypto regs outlaw financing non-US development In-Reply-To: <3.0.32.19961228225731.006b3080@netcom13.netcom.com> Message-ID: This fascist move by the U.S. government is a huge threat to our liberty. It may be time to simply give up on communicating with these assholes and give them the treatment they have earned. At 10:57 PM -0800 12/28/96, Lucky Green wrote: >Finally, to the big one: And this a very big one indeed. Not only does it probably put organizations like C2 out of business, at least in terms of supporting the development of things like the South African and British Web products, but it also may mean the *Cypherpunks list itself*, and some of its members, are ipso facto in violation of this "giving comfort to the enemy" (to paraphrase) language! >>Sec. 736.2 General prohibitions and determination of applicability. >> >>* * * * * >> (7) General Prohibition Seven--Support of Certain Activities by >>U.S. persons--(i) Support of Proliferation Activities (U.S. Person >>Proliferation Activity). If you are a U.S. Person as that term is >>defined in Sec. 744.6(c) of the EAR, you may not engage in any >>activities prohibited by Sec. 744.6 (a) or (b) of the EAR which >>prohibits the performance, without a license from BXA, of certain >>financing, contracting, service, support, transportation, freight >>forwarding, or employment that you know will assist in certain >>proliferation activities described further in part 744 of the EAR. >>There are no License Exceptions to this General Prohibition Seven in >>part 740 of the EAR unless specifically authorized in that part. This may mean, subject to the usual legal system review (a scapegoat is targetted, a court case is filed, several years of Zimmermann limbo follow, etc.), that members of this list may be construed to be engaging in "certain financing, contracting, service, support, transportation, freight forwarding, or employment that you know will assist in certain proliferation activities described further in part 744 of the EAR." Certainly "support" and "service" of these products. Is giving a user advice on "Stronghold" now to be a felony? How about PGP, which certainly has not received export approval? And so on. This very list advocates violation of the ITARs in various ways (I speak of "the list" as a person in the sense of the consensus of the list...there may not be unanimity, but the consensus of the vocal members of the list is obvious). It may be time for us to go underground. It may be time to take much, much, much, much more extreme steps. This fascism is unacceptable. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jya at pipeline.com Sun Dec 29 17:09:40 1996 From: jya at pipeline.com (John Young) Date: Sun, 29 Dec 1996 17:09:40 -0800 (PST) Subject: Cryptanalysis Trainer Message-ID: <1.5.4.32.19961230010535.0069aee0@pop.pipeline.com> We've transcribed from PDF to ASCII the cryptanalysis program in Appendix F of the US Army's Field Manual FM 34-40-2, Basic Cryptanalysis, September, 1990. http://jya.com/appf.htm Manual quote: "This program gives the capability to encipher and decipher messages in monoalphabetic and polyalphabetic substitution systems, produce a variety of statistical data about the encrypted messages, and print the results or save them to disk. Because of its limited purpose, the program does not support on-screen analysis. The printed results can be used off-line to aid in analysis, however. The program should be particularly useful in preparing examples and exercises for training cryptanalytic techniques." From drose at AZStarNet.com Sun Dec 29 17:10:12 1996 From: drose at AZStarNet.com (drose at AZStarNet.com) Date: Sun, 29 Dec 1996 17:10:12 -0800 (PST) Subject: Internal Passports Message-ID: <199612300109.SAA13864@web.azstarnet.com> Bob Hettinga wrote: >At 6:20 pm -0500 12/29/96, Timothy C. May wrote: >>What I think this means is a move toward a national ID card, replacing the >>confusing (to airlines, to government agents, etc.) mishmash of state >>driver's licenses, student ID cards, etc. > >"I've found that they issue a national ID card, it's time to leave..." > Lazarus Long, "Time Enough For Love", by Robert A. Heinlein "After Austria and Germany, Switzerland is my favourite country. I have spent the past 40 winters and 10 summers there. I love the place because it's clean, beautiful, very conservative and its people mind their own business." Taki, in today's _Sunday Times_(London). From sandfort at crl.com Sun Dec 29 17:12:01 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sun, 29 Dec 1996 17:12:01 -0800 (PST) Subject: "Structuring" of Communications a Felony? In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Sun, 29 Dec 1996, Timothy C. May wrote: > Unlike Sandy, I'm not a great believer in multi-year bets as an > epistemological tool.... Tim has misstated my belief. I do think that short- or long-term bets fulfill a purpose, but it is not an epistemological one. (Tim, are you thinking of Robin or Nick?) The purpose it serves is to make pontificators more cautious in the pontifications. It's easy to gas on about subjects in which you have no economic stake; we all do that at times. The possiblity of financial loss or reward, however, encourages temperance. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From jt at freenix.fr Sun Dec 29 17:14:49 1996 From: jt at freenix.fr (--Jerome Thorel--) Date: Sun, 29 Dec 1996 17:14:49 -0800 (PST) Subject: lambda 2.13 - Parental control abuses and Crypto leaks Message-ID: lambda 2.13 contents ... * Parental control abuses * Crypto Soap Opera : new leaked documents in France and at the OECD * Short-circuits : - U2's hacked: Big Lie in Cyberspace - Serbia's fight for democracy reach digital age - Radikal censorship (sorry for langage mistakes, the text has not been reviewed by an English third party) * * * * * Peacefire vs Cybersitter Parental control abuses * * * * * An insider quarrel between blocking-software CyberSitter and one of the Web site blocked has emerged recently. A US youth association against Net censorship, Peacefire (wwww.peacefire.org), claimed on December 7 : "Sometime today or yesterday, CYBERsitter put www.Peacefire.org on its list of blocked sites. Next time users of the program update their "filter file", they will see our web page blocked along with Playboy.com, Penthouse.com etc. (not to mention NOW.org, Members.GNN.com, and C2.org). Apparently, the company president read our page about CYBERsitter at: http://www.peacefire.org/censorware/CYBERsitter.html and didn't like it." Solid Oak Software (www.solidoak.com), owner of the blocking program, claims Peacefire put online some advices or tips to abort CyberSitter efficiency for teenagers; claimed one time of "copyright infringements"; and decided to urge Peacefire's IAP to block its account. Remember that these softwares were designed to allow parents to control their child's access to the Internet. "Parental control", as it is called, was suppose to give ways for parents to self-censor Internet content. But when people trust the technology and give too much faith to black-listed sites maintained by other individuals' moral standards, parents don't really keep on their "parental control" anymore. They even fail to tackle their own responsability towards their childs. On December 27 the CPSR (www.cpsr.org) wrote a protest letter to Solid Oak. Abstracts: "Your own description of your product provides a fairly concise description of CYBERSitter's restrictions: "any site that focuses on topics such as adult or issues, illegal activities, bigotry, racism, drugs or pornography". Using this list", the CPSR went on, "any determined individuals with web browsers might easily build a profile of sites that are blocked by CYBERSitter. Several members of our group dowloaded your demo, and quickly verified that your software completely or partially blocks access to sites such as the National Organization of Women (http://www.now.org), and the Yahoo search engine (http://www.yahoo.com). Since CYBERSitter's behavior can be easily categorized, Peacefire's publishing of a list of blocked sites does not justify blocking Peacefire's site, or any similar unsavory activities. ... By blocking sites that focus on topics such as [sex] and drug use, SolidOak may filter potentially educational materials regarding AIDS and drug abuse prevention." As Haselton wrote later, "Most letters to the president, Brian Milburn, at bmilburn at solidoak.com, or to their support staff at support at solidoak.com, are now being bounced with the message, "this account has been configured to reject all messages on this topic..." i would guess that their mail software at those accounts is rejecting all messages with the word "Peacefire" in the subject line, so remember to leave it out if you decide to write to them about this. (And thanks for your support if you do!)" P.S.- The European Commission has submitted draft guidelines to member States concerning the Internet's content regulations. They were quite reserved about the real efficacy of content control specifications like PICS, but nonetheless approved it: http://www.echo.lu/best_use/best_use.html * * * * * French Crypto Sop Opera : other leaked documents * * * * * If you're an encryption addict and fluent in French, jump to the document published by Planete Internet magazine : http://www.planete-internet.com/crypto/decret It is a draft decree prepared by the SCSSI, the security agency, which draws a preliminary picture of future French "trusted third party" agencies (TTPs), or "key recovery agents". A brief summary of what the French electronic notary will look like: The government - The SCSSI * Will say which encryption product will be concerned; all crypto systems will be OK if a key recovery scheme is scheduled; (PGP and the like are not on the list of "approved" products); * Will decide which firm is OK to become a TTP; but no justification will be needed for negative requests; The TTP, "le notaire" * All commercial firms or entities (SA, SARL, consortiums...) will be concerned; * But all its members, CEOs or associates must be "French": like the majority of its finantial assets; * Will be submitted to "professionnal secret" and obliged to keep third party encryption keys away from illegal wiretapping activities; The (commercial) user * Will be obliged to use authorised encryption products; * Will engage itself to fully cooperate with the TTP; The (basic) user * Even if the sheme will not be mandatory, using encryption without the backing of a TTP will be considered illegal; * Huge finantial and logistical procedures will discourage NGO's, small companies and the citizen to protect legally its electronic communications. The new and fully complete policy is scheduled in France in the comming weeks. * * * * * PS - Leaked document from the OECD's crypto hearings Australians cryptographers at http://www.ozemail.com.au/~firstpr/crypto/oecd_dr2.htm published the draft paper that were on the agenda of the Dec. 16-20 closed-door meeting in Paris, revealing the broad and detailed policy toward an international cooperation for "lawfull access" to encrypted communications. * * * Short-circuits * * * U2 hacked? Big Lie in Cyberspace --------------- You surely read numerous stories about the U2 rock band that were "robbed" in Cyberspace by hackers that traveled through cables of a digital camera that broadcasted on the Internet views of their Dublin studio. Hackers put 2 new songs online from a site in Hungary, the story went on. Strange hacking, hey??! The story, which broke in the London's Sunday Times on November 17 (follomed by a naive Le Monde in Paris) was just dope -- a fake, phoney and bull story. Read, for example, what a fan from the Nederland says -> www.universal.nl/users/mirrorbal/u2.htm Number 1 : he told the real story to the Times which didn't even publish a word of it. What's the story? A videotape with 45 sec abstracts from both songs were released by Island Records-Hungary in November (it was the scheduled date for U2's upcomming album, but now scheduled in March!). And a guy simply put a microphone besides his TV and put the digital stuff online. Where's the hack? The Hungarian explains also the story, but didn't erase the songs from his server: w3.datanet.hu/~karpati/ Serbia's fight for democracy reach digital age --------------- Read David S. Bennahum's last MEME bulletin about Serbia's democratric fight: http://www.reach.com/matrix/. Bennahum spent one week in Belgrade and met democrats willign to create cyber-rights organisations like the EPIC or the CDT. Follow their fight daily on the Internet : http://eurasianews.com/erc/serbopp1.htm Radikal censorship --------------- A magazine banned in Germany, the leftist Radikal, available online in the Nederlands, was the target of German policemen on Dec. 11. After failing to urge Nederlands authorities to block the Web site last September, German police decided to act as usually, with the help of their Dutch counterpart and raided a house in Vaals. It turns out that they acted to block Radikal at the source : its paper version. Read the news on: http://www.xs4all.nl/~tank/radikal http://www.xs4all.nl/~felipe/germany.html * * * * lambda 2.13 - www.freenix.fr/netizen * * * * Jerome Thorel =-= Journaliste / Reporter =-= Paris, France lambda bulletin =-= Planete Internet Editor From tcmay at got.net Sun Dec 29 17:35:02 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 29 Dec 1996 17:35:02 -0800 (PST) Subject: Betting and Truth In-Reply-To: Message-ID: At 5:07 PM -0800 12/29/96, Sandy Sandfort wrote: >On Sun, 29 Dec 1996, Timothy C. May wrote: > >> Unlike Sandy, I'm not a great believer in multi-year bets as an >> epistemological tool.... > >Tim has misstated my belief. I do think that short- or long-term >bets fulfill a purpose, but it is not an epistemological one. >(Tim, are you thinking of Robin or Nick?) The purpose it serves >is to make pontificators more cautious in the pontifications. >It's easy to gas on about subjects in which you have no economic >stake; we all do that at times. The possiblity of financial loss >or reward, however, encourages temperance. Robin and Nick have even more faith in bets as a tool, but Sandy has, at least on our list, been more of a user of such bets. My problem has always been that they rarely work...in fact, of the last N such bets which were offered (e.g., by Sandy) I can't recall a single one which was ever even accepted, let alone which was settled. (And I recall "bets" offered to Phill Hallam-Baker, Dimitri Vulis, etc.) So, the thesis that pontifications are lessened is wiped out by the fact that no such bets have ever, in my memory, been accepted. If anything, those challenged to "put their money where their mouth is" almost uniformly write _more_, not less. While I accept the basic prinicple (and my income depends to a large extent on my investments, which is surely an example of putting my money where my mouth is, to a large extent), I question the usefullness in forums like ours. For obvious reasons. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Sun Dec 29 18:09:34 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 29 Dec 1996 18:09:34 -0800 (PST) Subject: Internal Passports In-Reply-To: <199612300109.SAA13864@web.azstarnet.com> Message-ID: At 6:09 PM -0700 12/29/96, drose at AZStarNet.com wrote: >"After Austria and Germany, Switzerland is my favourite country. I have >spent the past 40 winters and 10 summers there. I love the place because >it's clean, beautiful, very conservative and its people mind their own >business." > Taki, in today's _Sunday Times_(London). Yes, the same Germany that is restricting Internet access, that proposed to jail Compuserve executives for allowing banned material on the Net, and that has laws making various opinions illegal (specifically, the opinion that the Holocaust never happened as the official version declares, or that Aryans are superior to non-Aryans, etc.). I enjoy all three countries, as a tourist, but I strongly doubt the "its people mind their own business" characterization, even for Switzerland alone (and certainly not for Germany). --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From solman at MIT.EDU Sun Dec 29 18:38:06 1996 From: solman at MIT.EDU (solman at MIT.EDU) Date: Sun, 29 Dec 1996 18:38:06 -0800 (PST) Subject: New crypto regulations In-Reply-To: <32cc13c3.83442324@kdn0.attnet.or.jp> Message-ID: <9612300237.AA17923@ua.MIT.EDU> |> Concerning the new crypto regulations: |> " Note to paragraphs (b)(2) and (b)(3) of this section: A printed |> book or other printed material setting forth encryption source code |> is not itself subject to the EAR (see Sec. 734.3(b)(2)). However, |> notwithstanding Sec. 734.3(b)(2), encryption source code in |> electronic form or media (e.g., computer diskette or CD ROM) remains |> subject to the EAR (see Sec. 734.3(b)(3))." |> This is a big question for me. How does the fact that the same exact |> information, when stored on magnetic media, cause it to lose its |> freedom of press protection? All media, all forms of expression are protected by the first amendment. It's just that this protection is not absolute. If the government wants to curtail freedom of speach it has to demonstrate a compelling interest and further demonstrate that the means used are narrowly tailored to achieve that compelling interest in the least restricitve manner possible. Both have to be demonstrated to the courts' satisfaction, a task quite different from (and, methinks, easier than) demonstrating this to our own satisfaction. These regulations explicitly say that you can transport printed information including source code out of the country. No prior approval of any sort is required. These regulations do not prohibit communication that requires source code to be effective. The government's claim is that in the interests of national security, export of cryptography must be prevented. By limiting the policy's applicability to media which are in, or can easily be converted to, electronic form, the government has narrowly tailored this component of the policy to prevent crytographic source code from appearing in foreign computers without preventing the communication of that source code. Cheers, Jason W. Solinsky From sandfort at crl.com Sun Dec 29 18:40:04 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sun, 29 Dec 1996 18:40:04 -0800 (PST) Subject: Betting and Truth In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Sun, 29 Dec 1996, Timothy C. May wrote: > Robin and Nick have even more faith in bets as a tool, but Sandy has, at > least on our list, been more of a user of such bets. > > My problem has always been that they rarely work...in fact, of the last N > such bets which were offered (e.g., by Sandy) I can't recall a single one > which was ever even accepted, let alone which was settled. (And I recall > "bets" offered to Phill Hallam-Baker, Dimitri Vulis, etc.) Tim's error is assuming that the offer of the bet did not "work" merely because the bet was not taken. All the bets I offered achieved effects I intended. (Exercise for the student, and all that.) S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From alan at ctrl-alt-del.com Sun Dec 29 18:59:32 1996 From: alan at ctrl-alt-del.com (Alan Olsen) Date: Sun, 29 Dec 1996 18:59:32 -0800 (PST) Subject: Cryptanalysis Trainer Message-ID: <3.0.1.32.19961229185755.0101c6b0@mail.teleport.com> At 08:05 PM 12/29/96 -0500, John Young wrote: >We've transcribed from PDF to ASCII the cryptanalysis >program in Appendix F of the US Army's Field Manual >FM 34-40-2, Basic Cryptanalysis, September, 1990. > > http://jya.com/appf.htm Why does it not surprise me that the code is in BASIC... BTW, the link to the PDF does not work. Seems the CGI they use to feed the pdf files is broken. (Or someone paniced and pulled it in a manner that broke the CGI. Would not be the first time...) --- | If you're not part of the solution, You're part of the precipitate. | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.ctrl-alt-del.com/~alan/ |alan at ctrl-alt-del.com| From nobody at squirrel.owl.de Sun Dec 29 19:33:44 1996 From: nobody at squirrel.owl.de (Secret Squirrel) Date: Sun, 29 Dec 1996 19:33:44 -0800 (PST) Subject: HOW TO HACK www.pgp.com -- stupid CGI script xploit Message-ID: <19961230033149.11419.qmail@squirrel.owl.de> Go to www.pgp.com Go To "Keyserver" Go To "Query" In the search window, type `whoami` (note the back quotes). Watch for result. How stupid. Seems to be a common problem of cgi scripts. like the one in norway... xaxaxa From dthorn at gte.net Sun Dec 29 19:33:55 1996 From: dthorn at gte.net (Dale Thorn) Date: Sun, 29 Dec 1996 19:33:55 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: Message-ID: <32C737C9.6760@gte.net> David Wagner wrote: > Adam Shostack wrote: > > (Speaking of which, is a state university student ID considered > > 'government issued?' How about a faculty or staff ID card?) > Well, when I fly they ask for 'government issued' picture ID, and > I present my UC Berkeley student ID for inspection. They usually > grumble at me, but I grumble back, and in the end they've always > accepted it. Try it sometime. (And yes, my student ID is probably > eminently forgable -- it looks very ragged and unprofessional.) > P.S. At JFK I had a guy tell me that they preferred to see my > social security card! I was completely surprised, since it has no > picture, and (I think) says 'this card not to be used for identification > purposes' at the bottom. Anyone know anything about this? This is really weird. Maybe the person asking for SS cards is just clueless, or from somewhere outside the U.S. I haven't seen my SS card since 1965, shortly after it was issued. I did three years in the U.S. military without the card (although the military switched from RA and US numbers to only SS numbers circa 1967-1969), and nobody has ever insisted I have one, although I've seen a reference maybe once every few years about the need to have one. Real-world humans lose cards all the time, hence the need to implant people with ID chips as soon as the chips are secure enough to use as guaranteed permanent and unique ID. Not my first choice, of course. Several (or most) states threaten their drivers in the license literature that if they're caught driving without possession of the license (even though the person so caught has a valid license somewhere), they can be jailed as a criminal. If there are any cases where this has been tested, I'd like to hear about them. From wb8foz at wauug.erols.com Sun Dec 29 19:38:45 1996 From: wb8foz at wauug.erols.com (David Lesher / hated by RBOC's in 5 states) Date: Sun, 29 Dec 1996 19:38:45 -0800 (PST) Subject: New crypto regulations In-Reply-To: <32cc13c3.83442324@kdn0.attnet.or.jp> Message-ID: <199612300338.WAA00940@wauug.erols.com> Gemini Thunder sez: > > This is a big question for me. How does the fact that the same exact > information, when stored on magnetic media, cause it to lose its > freedom of press protection? You must understand that the USG faces a VERY big hurtle in attempting to ban the book. Books have a history; one as old as the Founding Fathers, older than the country and the Constitution, of being protected. In fact, this extends to other printed material; i.e newspapers. They tried and failed to get "prior restraint" in the Pentagon Papers case. But in their quest to sandbag an already submerged dike, they hope they can draw a line at magnetic media. It's untested, IMHO likely to fail, but it's a hell of a lot better than trying to ban books. They'd get laughed out of court. -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From drose at AZStarNet.com Sun Dec 29 19:38:49 1996 From: drose at AZStarNet.com (drose at AZStarNet.com) Date: Sun, 29 Dec 1996 19:38:49 -0800 (PST) Subject: Internal Passports Message-ID: <199612300338.UAA23011@web.azstarnet.com> Tim May wrote: >At 6:09 PM -0700 12/29/96, drose at AZStarNet.com wrote: > >>"After Austria and Germany, Switzerland is my favourite country. I have >>spent the past 40 winters and 10 summers there. I love the place because >>it's clean, beautiful, very conservative and its people mind their own >>business." >> Taki, in today's _Sunday Times_(London). > >Yes, the same Germany that is restricting Internet access, that proposed to >jail Compuserve executives for allowing banned material on the Net, and >that has laws making various opinions illegal (specifically, the opinion >that the Holocaust never happened as the official version declares, or that >Aryans are superior to non-Aryans, etc.). > >I enjoy all three countries, as a tourist, but I strongly doubt the "its >people mind their own business" characterization, even for Switzerland >alone (and certainly not for Germany). Woops. Guess that I should elided the "After Austria and Germany" clause. Ob C-punks issues, I recall that Remo Pini, one of the Swiss on the list, was preparing a CD-ROM crypto compilation disc. He hasn't posted in some time, so perhaps the authorities have decided that such a project was in fact "their business." Seriously, I hope that Remo is able to give some information on the state of the current Swiss crypto regs. From nobody at huge.cajones.com Sun Dec 29 21:02:57 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Sun, 29 Dec 1996 21:02:57 -0800 (PST) Subject: Export proposal In-Reply-To: <32cc13c3.83442324@kdn0.attnet.or.jp> Message-ID: <199612300502.VAA08094@mailmasher.com> > " Note to paragraphs (b)(2) and (b)(3) of this section: A printed > book or other printed material setting forth encryption source code > is not itself subject to the EAR (see Sec. 734.3(b)(2)). However, > notwithstanding Sec. 734.3(b)(2), encryption source code in > electronic form or media (e.g., computer diskette or CD ROM) remains > subject to the EAR (see Sec. 734.3(b)(3))." What this means is that the government is afraid that a ban on printed material would be considerably more difficult to uphold in court. It's far easier for them to argue that a floppy disk is a mechinism presenting a clear and present danger than it would be to argue the same for a book. So why don't we take this debate where the Government least wants to fight it--the realm of printed matter. Someone should start a crypto export business that takes crypto source code, prints it, and mails it overseas where someone else scans the source code and deliveres it in electronic form to a recipient. We could some important crypto source code (for example some of the IPv6 IPsec stuff being developed domestically), print it, export it (legally), scan it, and then distribute it overseas. If we repeat this process enough, it will first cause a lot of useful crypto software to be exported legally from the US. Then, when the govenrment wants to stop this, they will be forced to place a prior restraint on publication of printed technical pamphlets, which is exactly the restriction they don't want to be stuck defending. From deviant at pooh-corner.com Sun Dec 29 21:27:07 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sun, 29 Dec 1996 21:27:07 -0800 (PST) Subject: Legality of requiring credit cards? In-Reply-To: <32C737C9.6760@gte.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 29 Dec 1996, Dale Thorn wrote: > David Wagner wrote: [...] > Several (or most) states threaten their drivers in the license literature > that if they're caught driving without possession of the license (even > though the person so caught has a valid license somewhere), they can be > jailed as a criminal. If there are any cases where this has been tested, > I'd like to hear about them. I've heard about such cases, and in fact North Carolina (where I am) "requires" all drivers to have their card on their person while driving. A friend of mine was pulled without his, and they gave him 30 days to produce it, and finally agreed just to look it up on the computer when he produced 2 other valid forms of ID. But then again, in North Carolina the family Bible is a valid form of ID (as well as a completed work _application_, and other odities). --Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 They seem to have learned the habit of cowering before authority even when not actually threatened. How very nice for authority. I decided not to learn this particular lesson. -- Richard Stallman -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMsdSYDCdEh3oIPAVAQEP+Af7BHDT43r700Q1lb2Ioc2RjfS9+eDIxtLn f+bhWqsk3YpIpCVenYHr23PzSvnHBIztHpNMM0HEsFRZOHzQjuQ9QSEOzBgehmon P4wJURbQIH4lIpcH4VQUFfHuU/yT5ZPaSGrNvXYnEIyZFRyvu5XnZyynKes344/v TmQ7Wj5KIiYtmp7AJ+QIEJuCeGVJaSNbjj2ibmMyHf3tyhk7nQjtiWmGSYx0Dq8H 6hKrRLI4QzqKnsAYwrWFO9MZBXQGgLm5CGZAVgexr73AtfcTJyBLio+kaFQBws7e VkPtZzCo3o+jGbu5XLt4TJoLgr5BMIL6cxDGmbCko9ALzzYfMixJJA== =/IRS -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Sun Dec 29 22:00:21 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 29 Dec 1996 22:00:21 -0800 (PST) Subject: New crypto regs outlaw financing non-US development In-Reply-To: Message-ID: <6eHqZD21w165w@bwalk.dm.com> "Timothy C. May" writes: > This fascist move by the U.S. government is a huge threat to our liberty. > It may be time to simply give up on communicating with these assholes and > give them the treatment they have earned. I said it recently on another forum: U.S. today reminds me not of Nazi Germany (which would have existed for hundreds of years if it hadn't foolishly attacked more neighbors than it could fight at the same time), but of the former Soviet Union under late Brezhnev, Chernenko, and Andropov. Nothing needs to be done; just wait for it to collapse and try not to get hit by the falling debris. :-) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sun Dec 29 22:00:21 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 29 Dec 1996 22:00:21 -0800 (PST) Subject: Untraceable Payments, Extortion, and Other Bad Things In-Reply-To: Message-ID: Timmy May farts: > By the way, I was gone last week, and missed some of the follow-ups to this > thread. I did notice in Omegaman's replies that he was replying to > Detwweiler's wailings about "Timmy." (What's with Detweiler and Vulis both > being so hung up on such a nickname? If it makes them feel they're winning > converts, let them call me "Timmy." Jeesh.) Tiny Timmy's use of the word "hung" indicates that he has a very small penis. Does the pedophile cocksucker John Gilmore perfer small penises in his mouth? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From sameer at c2.net Sun Dec 29 22:03:57 1996 From: sameer at c2.net (sameer) Date: Sun, 29 Dec 1996 22:03:57 -0800 (PST) Subject: Export proposal In-Reply-To: <199612300502.VAA08094@mailmasher.com> Message-ID: <199612300624.WAA01557@gabber.c2.net> > > We could some important crypto source code (for example some of the > IPv6 IPsec stuff being developed domestically), print it, export it > (legally), scan it, and then distribute it overseas. If we repeat > this process enough, it will first cause a lot of useful crypto > software to be exported legally from the US. PGP, Inc. is already exporting their source in this fashion. > > Then, when the govenrment wants to stop this, they will be forced to > place a prior restraint on publication of printed technical pamphlets, > which is exactly the restriction they don't want to be stuck > defending. > Stewart Baker has been quoted as saying that banned "easily scanned printed texts" isn't far away. (Rebecca Vesely's Wired News article) "National Security is the root password to the Constitution." -- I've forgotten who said this. We are now just one step away from non-GAK crypto being illegal in the US. -- Sameer Parekh Voice: 510-986-8770 President FAX: 510-986-8777 C2Net C2Net is having a party: http://www.c2.net/party/ http://www.c2.net/ sameer at c2.net From 80160 at data.iq-internet.com Sun Dec 29 22:46:40 1996 From: 80160 at data.iq-internet.com (IQ Mailer) Date: Sun, 29 Dec 1996 22:46:40 -0800 (PST) Subject: PROTECT YOUR FAMILY Message-ID: <199612300652.XAA28455@data.iq-internet.com> *+*+ This message is provided under the strict C.A.R.E. Code of Ethics. (Conscientious Advertising through Responsible E-mail). You can view the code at: iq-internet.com/care.html PROTECT YOUR FAMILY My LIFECARD does exactly that. You or any member of your famil will have instant worldwide access to a wide range of potentially life saving medical and personal information in case of an emergency. SAFETY SECURITY PEACE OF MIND MYLIFECARD was the first TRUE medical emergency information card and is STILL the state of the art. You spend THOUSANDS of dollars a year to protect your family's health. You owe it to your family to spend a few pennies a day for MYLIFECARD. DON'T DELAY!!!!! FOR MORE INFORMATION: Type in the word INFORMATION in the body of your message and hit reply. *+*+ To REMOVE your name from our list *+*+ reply with NO MAIL in the subject line. From svmcguir at syr.edu Sun Dec 29 23:38:36 1996 From: svmcguir at syr.edu (Scott V. McGuire) Date: Sun, 29 Dec 1996 23:38:36 -0800 (PST) Subject: "Structuring" of Communications a Felony? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 29 Dec 1996, Timothy C. May wrote: > At 1:35 PM -0800 12/29/96, Steve Schear wrote: > ... snip ... > As to the "anonymous speech" rulings, I mainly know of the 1956 Georgia > case, in which the Supremes struck down a law requiring that leaflets > handed out have a name attached. I don't know of more recent rulings, > especially ones related to the Internet. > > (Why this is important is that the Supreme Court has often differentiated > between types of speech. For example, ask a liquor or tobacco company if it > has "freedom of speech." Ask those who put labels on their products if they > have freedom of speech--the Federal Trade Commission, Food and Drug > Administration, etc., declare what may not be said, what must be said, etc. > First Amendment scholars are of course well aware that the First is not > treated as an absolute.) > > If origin-labelling is unconstitutional, as Steve claims, then on what > basis can the U.S. Postal Service require identification for packages over > one pound? Surely what is inside the package may be considered "speech" (by > those interested in pushing the point). > Unless the regulations apply to UPS, FED-EX etc., I don't see how the two situations are comparable. The government refusing to deliver packages (via the USPS) unless certain conditions are met is not the same as saying no one may deliver unless those conditions are met. Now, passing email from its source, through several remailers and to its destination does not involve any government agency. The government may still try to control it, but they can't justify it by analogy to labeling of normal mail (which they are involved in delivering). > ... snip ... > As to how such regulations about origin-labeling might develop, here are > several points: > ... snip ... > 3. Civil libertarians will wail and will cite the 1956 Supreme Court case > about leafletting. Lawyers on the other side will point out that all that > is being affected is _mail_, not anonymous speech in public fora (though > restrictions on that may be tried, too). That is, that the _content_ of a > package, a la the Postal Service I.D. situation, is not at issue, only the > valid identification of point of origin. > And the civil libertarians ought to reply that email is like _mail_ in name only. > ... more snip .... > --Tim May > > > > > > Just say "No" to "Big Brother Inside" > We got computers, we're tapping phone lines, I know that that ain't allowed. > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^1398269 | black markets, collapse of governments. > "National borders aren't even speed bumps on the information superhighway." > > > - -------------------- Scott V. McGuire PGP key available at http://web.syr.edu/~svmcguir Key fingerprint = 86 B1 10 3F 4E 48 75 0E 96 9B 1E 52 8B B1 26 05 -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBMQ3Kdt7xoXfnt4lpAQFCDwP/T95pprHGaq/KkFXe4YT1yBLIo5HL8po4 f20LIRJmP45Pp5x3zp/SSW8wOd+9DsQxkvNau7jOJrk0a4jmaqI/uzgbjkefIjwg nAzEiQmnIC7wWeiTP0SsZrcdt34sVkwHERmu2nvttd3y5VAfS+rIb716dsnuGtWF TY/geMGRrd8= =RK96 -----END PGP SIGNATURE----- From tcmay at got.net Mon Dec 30 00:00:30 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 30 Dec 1996 00:00:30 -0800 (PST) Subject: Export proposal In-Reply-To: <32cc13c3.83442324@kdn0.attnet.or.jp> Message-ID: At 9:02 PM -0800 12/29/96, Huge Cajones Remailer wrote: >What this means is that the government is afraid that a ban on printed >material would be considerably more difficult to uphold in court. >It's far easier for them to argue that a floppy disk is a mechinism >presenting a clear and present danger than it would be to argue the >same for a book. > >So why don't we take this debate where the Government least wants to >fight it--the realm of printed matter. Someone should start a crypto >export business that takes crypto source code, prints it, and mails it >overseas where someone else scans the source code and deliveres it in >electronic form to a recipient. Ah, but the clause which says: >> (7) General Prohibition Seven--Support of Certain Activities by >>U.S. persons--(i) Support of Proliferation Activities (U.S. Person >>Proliferation Activity). If you are a U.S. Person as that term is >>defined in Sec. 744.6(c) of the EAR, you may not engage in any >>activities prohibited by Sec. 744.6 (a) or (b) of the EAR which >>prohibits the performance, without a license from BXA, of certain >>financing, contracting, service, support, transportation, freight >>forwarding, or employment that you know will assist in certain >>proliferation activities described further in part 744 of the EAR. would appear to make such a "conspiracy" itself a crime, regardless of First Amendment issues. This is why this new law is so pernicious: it declares a broad class of behaviors (contracting, support, financing, etc.) to be criminal acts. And "prior restraint" isn't even really needed...all they have to do is to prosecute those who provide aid and comfort to the enemy, _after_ the publication, and the effect will be to suppress further such publications of code. (Note of course that the government does not practice prior restraint as a means of stopping spies and traitors, generally. Nor are such acts of treason or espionage protected on First Amendment grounds....I see no reason to expect that publication of crypto code would be treated much differently, should this new crypto law be upheld.) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From attila at primenet.com Mon Dec 30 00:36:19 1996 From: attila at primenet.com (Attila T. Hun) Date: Mon, 30 Dec 1996 00:36:19 -0800 (PST) Subject: Just another government fuckover: New crypto regulations Message-ID: <199612300837.BAA02719@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- books are and have been protected prior to the US Constitution. one can presume books with crypto source code would be protected accordingly; one Federal judge (Patel in SF) has ruled source code is protected under freedom of speech and therefore can be published; yet another judge in the Washington area has ruled it is not. There is no question the feds will appeal Patel's ruling in the Ninth Circuit (known to be pro rights in general, but difficult to predict). eventually it will go to the US Supreme Court. my personal opinion is the Supreme Court will rule against it using a rationale that the actual source code sections of a book can be classified as can any other intellectual property under the National Security Act. Secondly, they will not consider that form of speech an inalienable right. I had my rounds with the bastards years ago, no fucking humour whatsoever, and prone to use the IRS to enforce what the courts could not afford to enforce due to the requirements of disclosure in the courtroom at the time (which have since been plugged); and if that does not work, set you up for financial fraud, fraud by wire, or dope. Today dope is the perfect charge; it has been whipped into a frenzy by the feds and their CIA infiltrated media. let me assure any doubters the real extent of terror which the spooks can apply. the US Government has not been a legal government for years; it is a private club which can be bought, and its services sold to the highest bidder. It is a collection of whores who are part of a cabal of the very rich and powerful; it is totally unaccountable to the public it represents. Waco, Ruby Ridge, and the bombing of their own federal building in Oklahoma City in order to scare Joe Couch Potato into giving up personal freedoms for security are perfect examples of a government drunk on it owns powers. Just like Oswald, they have a perfect patsy with the defendants in OKC. P.J. O'Rourke states it correctly: "And the Clinton administration launched an attack on people in Texas because those people were religious nuts with guns. Hell, this country was founded by religious nuts with guns." O'Rourke also said: "Giving money and power to the government is like giving whiskey and car keys to teenaged boys" and there is no better example than the cocaine stoned, reckless mentality of Bill Clinton. an important fact to keep in mind in US judicial review: few of the judges can be relied on 1) to resist pressure from the Feds and 2) to take the rights of the people seriously and as 'inalienable rights.' this may sound pessimistic and cynical, but the courts have been sliding, in some cases rather quickly, to a position that echoes the UN Bill of Rights: the UN's "International Covenant on Civil and Political Rights" (ICCR): Article 18 states that "everyone shall have the right to freedom of thought, conscience and religion" but specifies that "freedom to manifest one's religions or beliefs may be subject only to such limitations as are prescribed by law and necessary..." in other words, I do not think we will see the feds permit the use of books to export cryptography. this almost becomes irrelevant outside the academic world in the provisions of the regs which effectively block hardware or software products and in effect seem to cut off the loophole of US companies funding overseas operations and importing the results, etc. the new regs basically ban it all ways. and the new regs are not the supposedly improved and friendly versions promised --they are draconian. books are an intellectual 'solution' to the problem. the real problem is the hardware. in order to negate governments and their virtually stated intentions of blocking our inalienable freedoms, particularly freedom of speach, we must be able to distribute universal crypto worldwide, and be able to improve it as the shadow governments of the various spook shows improve their ability to break our code. this last round on the ITARs blew out distribution. asking visitors to your web sites if they are U.S. citizens is not going to be sufficient for Bubba's goons: Janet Reno and Jamie Gorlich. the only real solution is guerilla warfare; anonymous distribution; overseas' establishment of clearing houses for updates and source code. freedom of information is just that simple; there are no compromises. Patrick Henry said: "Give me Liberty or Give me Death." publish, publish, and civil disobedience. Patrick Henry used handbills. knowledge is knowledge --get it in the public domain, and in the public's hands even if you must go door to door like a fuller brush salesman... but your product is free and it is for their freedom. don't waste your time getting out the vote; get out there and fight. contribute. if you do not have the balls to do it, you are not for freedom. the only natural cure for corrupt government is bright sunshine. and a rope. == Tyranny Insurance by Colt Manufacturing Co. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMsd+nb04kQrCC2kFAQGxVQP5AUM06j8anB3MLUzMUe8WjOqhVwPjSd7d RhaGyrRwAdSpU1CPSYNX9+zsTnaJtgsN0rQYLrbKQD1eKDPKAQlnz5vJ6SAVhRwi nNF2e4Pj/wD7SVBwHFmjsaOpWmNx9+ON++/EZNbs3c3nH/2n7tiC7eJJcte+apNE G3lwdSSxXhU= =MD+E -----END PGP SIGNATURE----- From shamrock at netcom.com Mon Dec 30 01:09:33 1996 From: shamrock at netcom.com (Lucky Green) Date: Mon, 30 Dec 1996 01:09:33 -0800 (PST) Subject: Export proposal Message-ID: <3.0.32.19961230010938.006bca68@netcom13.netcom.com> At 10:24 PM 12/29/96 -0800, sameer wrote: [...] > Stewart Baker has been quoted as saying that banned "easily >scanned printed texts" isn't far away. (Rebecca Vesely's Wired News >article) The language of the new regulations supports this view. It seems to me that the USG wanted to ban easily scannable text, but wasn't sure how to best define "easily scannable". This is a property that is difficult to define. Once they come up with a workable definition, expect the regs to be amended. >We are now just one step away from non-GAK crypto being >illegal in the US. As Michael Froomkin has noted, this will require an act of Congress. I expect the administration to send a pro-GAK bill to Congress in 1997. -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://www.mersenne.org/prime.htm From grafolog at netcom.com Mon Dec 30 01:24:59 1996 From: grafolog at netcom.com (jonathon) Date: Mon, 30 Dec 1996 01:24:59 -0800 (PST) Subject: Internal Passports In-Reply-To: Message-ID: On Sun, 29 Dec 1996, Robert Hettinga wrote: > "I've found that they issue a national ID card, it's time to leave..." So which countries don't issue a national ID card? I'm assuming that list will be far shorter than those that do issue a national ID card. xan jonathon grafolog at netcom.com *********************************************************** Note: a bad procmail recipe deleted all e-mail sent to me, except for spam, between 14.36 H 12-26-96 Zulu and 4.09 H 12-28-96 Zulu. So it you sent me e-mail, and didn't get an expected reply, that's why. Please resend your e-mail. The recipe has been fixed. From amp at pobox.com Mon Dec 30 03:21:37 1996 From: amp at pobox.com (amp at pobox.com) Date: Mon, 30 Dec 1996 03:21:37 -0800 (PST) Subject: "Structuring" of Communications a Felony? In-Reply-To: Message-ID: > As to the "anonymous speech" rulings, I mainly know of the 1956 Georgia > case, in which the Supremes struck down a law requiring that leaflets > handed out have a name attached. I don't know of more recent rulings, > especially ones related to the Internet. > > (Why this is important is that the Supreme Court has often differentiated > between types of speech. For example, ask a liquor or tobacco company if it > has "freedom of speech." Ask those who put labels on their products if they > have freedom of speech--the Federal Trade Commission, Food and Drug > Administration, etc., declare what may not be said, what must be said, etc. > First Amendment scholars are of course well aware that the First is not > treated as an absolute.) =snip= you might want to check out ... McINTYRE, executor of ESTATE OF McINTYRE, DECEASED v. OHIO ELECTIONS COMMISSION certiorari to the supreme court of ohio No. 93-986. Argued October 12, 1994-Decided April 19, 1995 which can be found at ftp://ftp.cwru.edu/hermes/ascii/93-986.ZS.filt --- syllabus ftp://ftp.cwru.edu/hermes/ascii/93-986.ZO.filt --- opinion ftp://ftp.cwru.edu/hermes/ascii/93-986.ZC.filt --- concurring ftp://ftp.cwru.edu/hermes/ascii/93-986.ZC1.filt --- concurring ftp://ftp.cwru.edu/hermes/ascii/93-986.ZD.filt --- dissenting a snippet from the synopsis... After petitioner's decedent distributed leaflets purporting to express the views of ``CONCERNED PARENTS AND TAX PAYERS'' oppos- ing a proposed school tax levy, she was fined by respondent for violating 3599.09(A) of the Ohio Code, which prohibits the distribu- tion of campaign literature that does not contain the name and address of the person or campaign official issuing the literature. The Court of Common Pleas reversed, but the Ohio Court of Ap- peals reinstated the fine. In affirming, the State Supreme Court held that the burdens 3599.09(A) imposed on voters' First Amend- ment rights were ``reasonable'' and ``nondiscriminatory'' and therefore valid. Declaring that 3599.09(A) is intended to identify persons who distribute campaign materials containing fraud, libel, or false advertising and to provide voters with a mechanism for evaluating such materials, the court distinguished Talley v. California, 362 U. S. 60, in which this Court invalidated an ordinance prohibiting all anonymous leafletting. ------------------------ Name: amp E-mail: amp at pobox.com Date: 12/30/96 Time: 05:11:23 Visit http://www.public-action.com/SkyWriter/WacoMuseum EARTH FIRST! We'll strip mine the other planets later. ------------------------ From frissell at panix.com Mon Dec 30 03:32:45 1996 From: frissell at panix.com (Duncan Frissell) Date: Mon, 30 Dec 1996 03:32:45 -0800 (PST) Subject: "Structuring" of Communications a Felony? Message-ID: <3.0.1.32.19961230063201.00bc5b0c@panix.com> At 03:11 PM 12/29/96 -0800, Timothy C. May wrote: > >For example, while citizen-units in the United States are free to move to >new locales without permission and without registration, unlike in some >countries, the tax collector expects a valid home (or at least mailing) >address on tax returns. There is no requirement that you list a home address just as there is no requirement that you have a home. A mailing address anywhere on earth is sufficient for tax purposes. The form *says* home address but no one's done any time for not putting one on the form (right Brian). Proving that you had another home than the one listed on the date you filled out the form is beyond the capability of even the federal government. The instructions even say "use P.O. Box only if the Post Office doesn't deliver mail to your home" but don't say anything about mail receiving services and so forth. If you know how, you can even wander into most rural post offices and get a P.O. box in an area that doesn't have home delivery without living in the vicinity or proving it. Addresses are much too slippery things to control very well with the US model. DCF From frissell at panix.com Mon Dec 30 03:33:07 1996 From: frissell at panix.com (Duncan Frissell) Date: Mon, 30 Dec 1996 03:33:07 -0800 (PST) Subject: "Structuring" of Communications a Felony? Message-ID: <3.0.1.32.19961230062451.00bbb6b4@panix.com> At 02:08 PM 12/29/96 -0800, Timothy C. May wrote: >As to the "anonymous speech" rulings, I mainly know of the 1956 Georgia >case, in which the Supremes struck down a law requiring that leaflets >handed out have a name attached. I don't know of more recent rulings, >especially ones related to the Internet. This was upheld by another recent case involving an anonymous pamphlet from an Ohio woman. >If origin-labelling is unconstitutional, as Steve claims, then on what >basis can the U.S. Postal Service require identification for packages over >one pound? Surely what is inside the package may be considered "speech" (by >those interested in pushing the point). The new rule doesn't require that ID be presented at the Post Office. You just have to present the package in person and fill out a form. They could try and require ID later, of course. >And there are many other situations where anonymity is no longer allowed, >where once it was. The gambling example Brian Davis brought up is an >example: for the purposes of tax collection, regulation of gambling, etc., >winners of nontrivial amounts must identify themselves. They have to identify themselves they don't have to present identification (an important distinction). Brian also pointed out that the guy could have avoided the problem if he'd been smarter. >1. A sharp increase in spamming, mass mailing, threatening letters, >etc....sort of like the "denial of service" and spamming/looping attacks >seen here on Cypherpunks, and being seen widely on the Net. This will >increase pressure to "do something about it." A Senator Exon type person >will introduce legislation to require e-mail be labelled. If they have yet to successfully mandate positive ID for bank or credit accounts, how can they expect to successfully mandate positive ID for something as ephemeral as an Email account? >In closing, I think the Supreme Court will, when it eventually agrees to >hear a relevant case, will differentiate between protected anonymous speech >in public forums and the labelling of sealed packages, sealed letters, and >sealed e-mail. They will argue along the lines of saying that the labelling >law is for the protection of society and not for tracking down dissidents. >The effect will of course be the same, but this will be the fig leaf which >allows them to uphold such laws. Though they have not done so over the several centuries we've had anonymous postal mail. DCF From pavelk at dator3.anet.cz Mon Dec 30 04:01:30 1996 From: pavelk at dator3.anet.cz (Pavel Korensky) Date: Mon, 30 Dec 1996 04:01:30 -0800 (PST) Subject: IDEA ecryption algorithm in 8 bits ? Message-ID: <199612301202.NAA00276@zenith.dator3.anet.cz> Hello, I hope that this mail will find his way to the mailling list. I have one question. For one small embedded application, I need some encryption algorithm which can be easily implemented in 8 bit microcontroller with 38 bytes of RAM and 1KB of ROM. I tried to modify the IDEA algorithm to 8 bit operations - all multiplications modulo 257, subkey length 52 bytes, block size 4 bytes. Simply, all operations are converted from 16/32 bits to 8/16 bits. Because I am no professional cryptographer, I would like to ask you, if there is some major problem with this modified algorithm. Something what makes the 8 bit variant completely useless ? Is it possible to use this encryption algorithm ? I know that this variant will be far less secure than IDEA itself, but I don't need so strong encryption. The amount of data for encryption will be small, approx. 16 - 32 bytes. Thank you for every information. Best regards and PF 1997 Pavel Korensky -- **************************************************************************** * Pavel Korensky (pavelk at dator3.anet.cz) * * DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic * * PGP key fingerprint: 00 65 5A B3 70 20 F1 54 D3 B3 E4 3E F8 A3 5E 7C * **************************************************************************** From m5 at tivoli.com Mon Dec 30 04:25:22 1996 From: m5 at tivoli.com (Mike McNally) Date: Mon, 30 Dec 1996 04:25:22 -0800 (PST) Subject: New crypto regulations In-Reply-To: <9612300237.AA17923@ua.MIT.EDU> Message-ID: <32C7B497.8C2@tivoli.com> solman at MIT.EDU wrote: > > The government's claim is that in the interests of national security, > export of cryptography must be prevented. By limiting the policy's > applicability to media which are in, or can easily be converted to, > electronic form ... Does anybody seriously believe that nbody writing these policies has an understanding of OCR software? An on-line form of code printed in a book is just a quick trip to a scanner away. They know that. -- ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Mike McNally -- Egregiously Pointy -- Tivoli Systems, "IBM" -- Austin mailto:m5 at tivoli.com mailto:m101 at io.com http://www.io.com/~m101 ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ From lurker at mail.tcbi.com Mon Dec 30 04:40:57 1996 From: lurker at mail.tcbi.com (Lurker) Date: Mon, 30 Dec 1996 04:40:57 -0800 (PST) Subject: ssn hack Message-ID: <3.0.32.19961229161745.0068f300@mail.tcbi.com> At 08:10 PM 12/28/96 -0600, Jazzmin Belle Sommers wrote: > >I still find that the best line of defense regarding privacy is a complete >second identity. Does anyone know how to apply for proper papers (taxpayer >ID#, checking account, picture ID of some sort) for a second identity? As >far as I know, it is not illegal to have one, as long as it is not used for >fraud. I'm an artist, yeah, that's it. > I'm not sure that you can go through such a procedure to attain a legal "alias"; but on the other hand why the hell would you want to? Think about it, if you will paper work with an institutions to attain an alias you would have to give them in formation about you identity. Short of commiting fraud by giving false informaiton do you think that you have really gain any privacy? Anyone can still find out who you are. From nobody at huge.cajones.com Mon Dec 30 05:00:26 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Mon, 30 Dec 1996 05:00:26 -0800 (PST) Subject: Legality of ...? More Dale Message-ID: <199612301300.FAA29520@mailmasher.com> On Tue, 24 Dec 1996, Dale Thorn wrote: >When my dad ran a bread truck in the 1950's, a mafia character who >had a bad day paid him $20 or so in pennies, and my dad said he took >it with little argument. Dale, you must serve some purpose in my life. Perhaps it is to teach me humility. I strive to understand your purpose. From swedoc at swedoc.se Mon Dec 30 05:09:12 1996 From: swedoc at swedoc.se (swedoc at swedoc.se) Date: Mon, 30 Dec 1996 05:09:12 -0800 (PST) Subject: JOIN NOW! Message-ID: <199612301300.OAA18385@tomei.algonet.se> /////////////////////////////////////////////////////////////////////////////// If you wish to be removed from our future mailings, please reply with the subject "Remove" and this software will automatically block you from future mailings. ////////////////////////////////////////////////////////////////////////////// DEAR SIRS, NEW WEBSITE TO BE LAUNCHED - THE SWEDOC GROUP - GLOBAL MARKET-PLACE (24 HOURS A DAY 7 DAYS A WEEK!) * PROPERTIES * PROJECTS * INVESTMENT OPPORTUNITIES * FINANCIAL CONSULTANCY SERVICES WE ARE LOOKING FOR AFFILIATED INTERNATIONAL CONSULTANTS!!! EXCELLENT OPPORTUNITY!!! 50% COMMISSION!!! TOGETHER WE WILL BECOME THE PREMIER NETWORK!!! ________________________________________________________________________ EMAIL US FOR "AFFILIATED INTERNATIONAL CONSULTANTS" APPLICATION FORM: swedoc at swedoc.se ________________________________________________________________________ LENDING AND FUNDING FACILITY AVAILABLE. EMAIL US FOR FURTHER INFO.: swedoc at swedoc.se ________________________________________________________________________ COME VISIT US NOW!!! http://www.swedoc.se ________________________________________________________________________ THANK YOU FOR YOUR ATTENTION. -- _________________________ The SWEDOC Group Engelbrektsgatan 28 S-411 37 Gothenburg Sweden Email: swedoc at swedoc.se http://www.swedoc.se _________________________ From jya at pipeline.com Mon Dec 30 05:15:44 1996 From: jya at pipeline.com (John Young) Date: Mon, 30 Dec 1996 05:15:44 -0800 (PST) Subject: LAW_dno Message-ID: <1.5.4.32.19961230131133.006a8234@pop.pipeline.com> 12-29-96. "Cybercash at risk/Money laws lacking" The laws that govern digital money are unclear, partly because governments have failed to revise finance rules to include the online realm explicitly. However, the feds want to be able to trace funds in some way in order to guard against online money laundering. Although no one wants interference from the government, some clear statements from lawmakers might help. ----- LAW_dno (10K) From dlv at bwalk.dm.com Mon Dec 30 06:12:03 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 30 Dec 1996 06:12:03 -0800 (PST) Subject: Just another government fuckover: New crypto regulations In-Reply-To: <199612300837.BAA02719@infowest.com> Message-ID: <9m4qZD23w165w@bwalk.dm.com> "Attila T. Hun" writes: > books are and have been protected prior to the US Constitution. "Protected" in what sense? Copyright in a fairly recent invention. > the US Government has not been a legal government for years; it > is a private club which can be bought, and its services sold to the > highest bidder. It is a collection of whores who are part of a > cabal of the very rich and powerful; it is totally unaccountable > to the public it represents. Waco, Ruby Ridge, and the bombing of > their own federal building in Oklahoma City in order to scare Joe > Couch Potato into giving up personal freedoms for security are > perfect examples of a government drunk on it owns powers. Just like > Oswald, they have a perfect patsy with the defendants in OKC. Like I said the other day, the similarities with the USSR under the last few years of Brezhnev's life are striking. > books are an intellectual 'solution' to the problem. the real > problem is the hardware. in order to negate governments and their > virtually stated intentions of blocking our inalienable freedoms, > particularly freedom of speach, we must be able to distribute > universal crypto worldwide, and be able to improve it as the shadow > governments of the various spook shows improve their ability to > break our code. Yes, but the impotent "cypher punks" can't write or distribute code. They can only flame and rant and pull plugs. > if you do not have the balls to do it, you are not for freedom. If you are a "cypher punk", you are not for freedom. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From skeeve at skeeve.net Mon Dec 30 06:21:42 1996 From: skeeve at skeeve.net (Skeeve Stevens) Date: Mon, 30 Dec 1996 06:21:42 -0800 (PST) Subject: USAF Hack mirror Message-ID: <199612301421.BAA13352@myinternet.net> Another hack mirror up.... http://www.skeeve.net/usaf/ so far I have: Central Intelligence Agency - http://www.skeeve.net/cia/ US Department of Justice - http://www.skeeve.net/doj/ Kreigman Furs - http://www.skeeve.net/kriegsman/ US Air Force - http://www.skeeve.net/usaf/ we these people never learn... put your webserver on CDrom today ;) anyone else know of any other mirrors... i heard www.nasa.gov recently got done.. anyone have a mirror i can add to the collection? --------------------------------------------------------------------- | Skeeve Stevens - MyInternet personal.url: http://www.skeeve.net/ | | email://skeeve at skeeve.net/ work.url: http://www.myinternet.net/ | | phone://612.9869.3334/ mobile://0414.SKEEVE/ [753-383] | --------------------------------------------------------------------- From raph at CS.Berkeley.EDU Mon Dec 30 06:53:02 1996 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 30 Dec 1996 06:53:02 -0800 (PST) Subject: List of reliable remailers Message-ID: <199612301450.GAA05211@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail. For more information, see: http://www.c2.org/~raph/premail.html For the PGP public keys of the remailers, finger pgpkeys at kiwi.cs.berkeley.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"extropia"} = " cpunk pgp special"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord ?"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{'alpha'} = ' alpha pgp'; $remailer{'nymrod'} = ' alpha pgp'; $remailer{"lead"} = " cpunk mix pgp hash latent cut ek"; $remailer{"exon"} = " cpunk pgp hash latent cut ek"; $remailer{"haystack"} = " cpunk mix pgp hash latent cut ek"; $remailer{"lucifer"} = " cpunk mix pgp hash latent cut ek"; $remailer{"jam"} = " cpunk mix pgp hash latent cut ek"; $remailer{"winsock"} = " cpunk pgp pgponly hash cut ksub reord"; $remailer{'nym'} = ' newnym pgp'; $remailer{"balls"} = " cpunk pgp hash latent cut ek"; $remailer{"squirrel"} = " cpunk mix pgp pgponly hash latent cut ek"; $remailer{"middle"} = " cpunk mix pgp hash middle latent cut ek reord ?"; $remailer{'cyber'} = ' alpha pgp'; $remailer{"dustbin"} = " cpunk pgp hash latent cut ek mix reord middle ?"; $remailer{'weasel'} = ' newnym pgp'; $remailer{"death"} = " cpunk pgp hash latent post"; $remailer{"reno"} = " cpunk mix pgp hash middle latent cut ek reord ?"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. remailer at crynwr.com is _not_ a remailer. There is no remailer at relay.com. Groups of remailers sharing a machine or operator: (cyber mix) (weasel squirrel) The alpha and nymrod nymservers are down due to abuse. However, you can use the nym or weasel (newnym style) nymservers. The cyber nymserver is quite reliable for outgoing mail (which is what's measured here), but is exhibiting serious reliability problems for incoming mail. The squirrel and winsock remailers accept PGP encrypted mail only. 403 Permission denied errors have been caused by a flaky disk on the Berkeley WWW server. This seems to be fixed now. The penet remailer is closed. Last update: Mon 30 Dec 96 6:48:57 PST remailer email address history latency uptime ----------------------------------------------------------------------- haystack haystack at holy.cow.net +#*#+#+ 1:44 99.99% weasel config at weasel.owl.de +++++++ 1:06:00 99.99% lucifer lucifer at dhp.com +++++++ 33:39 99.98% mix mixmaster at remail.obscura.com -++++++ 1:11:39 99.98% nym config at nym.alias.net *##*### :19 99.97% reno middleman at cyberpass.net ------+ 1:37:49 99.97% squirrel mix at squirrel.owl.de ++++++ 1:06:32 99.96% middle middleman at jpunix.com ------ 2:20:53 99.86% dustbin dustman at athensnet.com _ .-*+* 17:45:40 99.70% balls remailer at huge.cajones.com **** +* 8:06 99.55% cyber alias at alias.cyberpass.net * **+* 29:35 99.50% exon remailer at remailer.nl.com *##** * 1:02 99.43% replay remailer at replay.com * -** + 1:13:13 98.96% extropia remail at miron.vip.best.com --- - 7:19:53 95.17% winsock winsock at rigel.cyberpass.net .-.- - 10:43:57 91.13% History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From junger at pdj2-ra.F-REMOTE.CWRU.Edu Mon Dec 30 07:20:29 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Mon, 30 Dec 1996 07:20:29 -0800 (PST) Subject: New crypto regulations In-Reply-To: <32cc13c3.83442324@kdn0.attnet.or.jp> Message-ID: <199612301517.KAA01543@pdj2-ra.F-REMOTE.CWRU.Edu> Gemini Thunder writes: : How does the fact that the same exact : information, when stored on magnetic media, cause it to lose its : freedom of press protection? : : Has magnetic media never been tested in court for freedom of press : applicability? What are the laws that outline the differences between : magnetic media and printed media? Specifically, the one(s) that : permit the non-protection of magnetic media? With the exception of the Karn case, which says little that is clear on this exact subject, there is, in so far as I know, no law on the subject. : Does this mean that if a journal published an article on some strong : non-key escrow encryption algorithm that included source code, it : could not later offer that same article on a CD-ROM collection? or : provide that same source code online? That is exactly what the new regulations seem to provide. An interesting question is what is the status of all those issues of Byte and Dr. Dobb's that do have cryptopraphic source code and that are currently available on the net. Or are there any such articles? These issues directly affect my case seeking to strike down the ITAR restrictions, which will be amended shortly to also challenge these new regulations. One of the things that I want to do is publish a law review article that includes cryptographic software (in the form of source code). These now regulations will allow the printed version of the journal containing to be published without the law review or myself having to get a license, but today almost all law review articles are mirrored on the internet in the Lexis and Westlaw databases and many also appear on their author's world wide web pages. So I would be very interested if anyone could give me examples of computer journal articles that are already on the net and that contain source code of any sort, and especially those that contain cryptographic source code. Thanks. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH EMAIL: junger at samsara.law.cwru.edu URL: http://samsara.law.cwru.edu NOTE: junger at pdj2-ra.f-remote.cwru.edu will soon cease to exist From WlkngOwl at unix.asb.com Mon Dec 30 07:23:08 1996 From: WlkngOwl at unix.asb.com (Robert Rothenburg 'Walking-Owl') Date: Mon, 30 Dec 1996 07:23:08 -0800 (PST) Subject: [Quasi-RFC] RNG_DEVICE Standard Message-ID: <199612301528.KAA15638@unix.asb.com> The URL below has a proposal/ideas for an RNG_DEVICE standard: http://www.asb.com/usr/wlkngowl/rng_std.htm Comments and suggestions would be appreciated. (This isn't an official RFC.) Please feel free to forward this message to interested parties. Rob ----- "The word to kill ain't dirty | Robert Rothenburg (WlkngOwl at unix.asb.com) I used it in the last line | http://www.asb.com/usr/wlkngowl/ but use a short word for lovin' | Se habla PGP: Reply with the subject and dad you wind up doin' time." | 'send pgp-key' for my public key. From omega at bigeasy.com Mon Dec 30 08:05:20 1996 From: omega at bigeasy.com (Omegaman) Date: Mon, 30 Dec 1996 08:05:20 -0800 (PST) Subject: Untraceable Payments, Extortion, and Other Bad Things In-Reply-To: Message-ID: On Sun, 29 Dec 1996, Timothy C. May wrote: > > Sure, but my interest is in the possible, not the dumb mistakes of dumb > people. That some criminals will screw up and reveal their identities is no > different from the similar possibility that some people will mess up in > using remailers; doesn't alter the interesting properties of remailer > networks. Of course it doesn't. But remailer networks are at a formative stage where bad publicity (& disinformation) carries a lot more weight. Think in terms of remailer networks and digicash having "reputation capital" and you'll see where I'm coming from. Both the sensational nature of "THE NET" and the efficiency of the net to spread information far & wide rapidly compound the power of a carefully crafted publicity campaign > Perhaps. But I note that various "outrages" associated with use of Swiss > banks--Jewish gold deposits, banana republic deposits, tax avoidance, > etc.--have not exactly driven Swiss and similar banks out of existence. > Greed is a powerful lubricant. And there are of course various ways to make > the traffic less obvious. All of the above are well established in corporate circles. Furthermore, they're not widely used (relatively speaking, of course) or widely accessible. > And, more importantly, the "doubly untraceable" nature of true Chaumian > e-cash means that the Bank of Albania _cannot_ be frozen out of the banking > system (assuming other banks are also issuing Chaumian cash). Any mechanism > that would allow the Bank of Botswana, for example, to "know" that the Bank > of Albania was buying untraceable Botswanabux would of course mean the > Botswanabux were not untraceable! Once Bank of Albania can buy such > untraceable currency, they can pay Ed off in them. Or variants of this. > (The similarity of a network of Chaumian digicash banks to a network of > remailers is obvious...indeed, Chaum's work on "digital mixes" preceeded > his work on digital cash, 1981 vs. 1985.) Yes. But we were talking about one only "doubly untraceable" Chaumian digicash system. I feel that if such systems don't see wide and common usage, they will fade away in favor off "singly untraceable" and like systems. (or be pushed out, such as in the example we played with above). One rogue bank, therefore, can be frozen out if others are not using Chaumian cash. One possibly and likely scenario is that partially untraceable Chaumian style cash will begin to be widely used. Once others using fully untraceable systems come into play, the pot is muddied a bit. (I guess I need to re-read some of the recent releases about partially untracable Chaumian cash to explore the possibilities represented.) Happy New Year, all. _______________________________________________________________ Omegaman PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send e-mail with "get key" in the "Subject:" field to get a copy of my public key _______________________________________________________________ From dthorn at gte.net Mon Dec 30 08:35:55 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 30 Dec 1996 08:35:55 -0800 (PST) Subject: "Structuring" of Communications a Felony? In-Reply-To: Message-ID: <32C7EE6C.72D1@gte.net> amp at pobox.com wrote: > > As to the "anonymous speech" rulings, I mainly know of the 1956 Georgia > > case, in which the Supremes struck down a law requiring that leaflets > > handed out have a name attached. I don't know of more recent rulings, > > especially ones related to the Internet. > > (Why this is important is that the Supreme Court has often differentiated > > between types of speech. For example, ask a liquor or tobacco company if it > > has "freedom of speech." Ask those who put labels on their products if they > > have freedom of speech--the Federal Trade Commission, Food and Drug > > Administration, etc., declare what may not be said, what must be said, etc. > > First Amendment scholars are of course well aware that the First is not > > treated as an absolute.) So how would the courts prosecute if me and (n) number of other persons distribute separate pieces of a "binary", i.e., encrypted or otherwise? There has been some prior discussion here of splitting files in creative ways then sending the pieces through multiple channels (and at different times?).... Would the courts then insist that every data transmission I ever make would have to be proved to be meaningful (viewable) text, or in the case of a binary, have a court-approved checksum? Is there a presumption that only NSA will be able to forge the checksums, to get around this problem (for themselves)? From dthorn at gte.net Mon Dec 30 08:41:45 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 30 Dec 1996 08:41:45 -0800 (PST) Subject: Just another government fuckover: New crypto regulations In-Reply-To: <199612300837.BAA02719@infowest.com> Message-ID: <32C7F074.3FA3@gte.net> Attila T. Hun wrote: > books are and have been protected prior to the US Constitution. > one can presume books with crypto source code would be protected > accordingly; one Federal judge (Patel in SF) has ruled source code > is protected under freedom of speech and therefore can be published; > yet another judge in the Washington area has ruled it is not. There > is no question the feds will appeal Patel's ruling in the Ninth > Circuit (known to be pro rights in general, but difficult to > predict). eventually it will go to the US Supreme Court. [snip] In the late 1970's (I think), Victor Marchetti (formerly of CIA) wrote The CIA and the Cult of Intelligence (title approx.), and the CIA was allowed by the courts to censor portions of the book. As I remember, those portions were released later in a new edition, primarily because the blacked-out parts were not in fact big-time secrets, but simply embarrassments for the agency. Is this a representative case? From sunder at brainlink.com Mon Dec 30 08:56:32 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Mon, 30 Dec 1996 08:56:32 -0800 (PST) Subject: Counting the lies in Vulis' spam In-Reply-To: Message-ID: Vulis, the archives speak for themselves. Lie all you want, anyone with half a brain can do a net search on the word vulis and see the lying crud you've posted all over the net. It's that simple. Translation (since you are clueless) "Nice try NSA mole, but try harder next time." Maybe you need to take some propaganda lessons from your NSA masters, it appears you are perhaps rusty in such techniques. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From dthorn at gte.net Mon Dec 30 08:57:22 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 30 Dec 1996 08:57:22 -0800 (PST) Subject: Export proposal In-Reply-To: <32cc13c3.83442324@kdn0.attnet.or.jp> Message-ID: <32C7F422.5C7F@gte.net> Huge Cajones Remailer wrote: > > " Note to paragraphs (b)(2) and (b)(3) of this section: A printed > > book or other printed material setting forth encryption source code > > is not itself subject to the EAR (see Sec. 734.3(b)(2)). However, > > notwithstanding Sec. 734.3(b)(2), encryption source code in > > electronic form or media (e.g., computer diskette or CD ROM) remains > > subject to the EAR (see Sec. 734.3(b)(3))." > What this means is that the government is afraid that a ban on printed > material would be considerably more difficult to uphold in court. > It's far easier for them to argue that a floppy disk is a mechinism > presenting a clear and present danger than it would be to argue the > same for a book. What about a fax? That has to make things more complicated, yes? From sunder at brainlink.com Mon Dec 30 09:00:08 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Mon, 30 Dec 1996 09:00:08 -0800 (PST) Subject: Tired of VuliSpams? Message-ID: It's simple, if you are tired of this turd's posts, just send a message to PSI. here's all the relevant info. Don't bother sending complaints to postmaster at dm.com, vulis owns that domain so he is the postmaster of it. However, to quote the last PSI guy I spoke to: "If he continues, it becomes contractual" In other words, Vulis gets to find himself without a provider. Thanks. sundernet1# whois dm.com D&M Consulting Services (DM-DOM) 67-67 Burns Street Forest Hills, NY 11375 Domain Name: DM.COM Administrative Contact: Administration, PSINet Domain (PDA4) psinet-domain-admin at PSI.COM ^^^^^^^^^^^^^^^^^^^^^^^^^^^ (703) 904-4100 Technical Contact, Zone Contact: Network Information and Support Center (PSI-NISC) hostinfo at psi.com (518) 283-8860 Billing Contact: Andrews, Ken (KA16) domain-fee-contact at PSI.COM ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 703-904-4100 Record last updated on 31-Oct-96. Record created on 19-Jun-91. Domain servers in listed order: NS.PSI.NET 192.33.4.10 NS2.PSI.NET 38.8.50.2 The InterNIC Registration Services Host contains ONLY Internet Information (Networks, ASN's, Domains, and POC's). Please use the whois server at nic.ddn.mil for MILNET Information. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From dthorn at gte.net Mon Dec 30 09:03:49 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 30 Dec 1996 09:03:49 -0800 (PST) Subject: Legality of ...? More Dale In-Reply-To: <199612301300.FAA29520@mailmasher.com> Message-ID: <32C7F5A5.58D7@gte.net> Huge Cajones Remailer wrote: > On Tue, 24 Dec 1996, Dale Thorn wrote: > >When my dad ran a bread truck in the 1950's, a mafia character who > >had a bad day paid him $20 or so in pennies, and my dad said he took > >it with little argum > Dale, you must serve some purpose in my life. Perhaps it is to teach me humility. > I strive to understand your purpose. Why is this so difficult? The subject was legal tender, and I cited two examples (real examples, no less) of controversy. I also asked for relevant comments. Is this comment supposed to be relevant? To repeat: Certain credible sources have stated that pennies are not necessarily legal tender in certain amounts, for ordinary transactions, say, buying groceries. The amount I heard was in the range of 25 cents or thereabouts. To my knowledge, this was not resolved, perhaps due to the "spam attack". From dthorn at gte.net Mon Dec 30 09:18:08 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 30 Dec 1996 09:18:08 -0800 (PST) Subject: ssn hack In-Reply-To: <3.0.32.19961229161745.0068f300@mail.tcbi.com> Message-ID: <32C7F8FF.6A40@gte.net> Lurker wrote: > At 08:10 PM 12/28/96 -0600, Jazzmin Belle Sommers wrote: > >I still find that the best line of defense regarding privacy is a complete > >second identity. Does anyone know how to apply for proper papers (taxpayer > >ID#, checking account, picture ID of some sort) for a second identity? As > >far as I know, it is not illegal to have one, as long as it is not used for > >fraud. I'm an artist, yeah, that's it. > I'm not sure that you can go through such a procedure to attain a legal > "alias"; but on the other hand why the hell would you want to? This may be true if the second identity runs concurrently with the first, but if you really need a new identity, such as govt. provides in the "witness protection" programs, get some of the books through the "underground" mailorder distributors. Books such as The Heavy Duty New Identity, or How To Disappear And Never Be Found. I can provide the names of the mailorder companies if you wish. The books average $15 to $30, and I can't vouch for the content. For cross referencing and verification, you could also purchase the antithesis types, i.e., How To Find Anybody (etc.) by Ted Gunderson et al. From banisar at epic.org Mon Dec 30 09:27:28 1996 From: banisar at epic.org (Dave Banisar) Date: Mon, 30 Dec 1996 09:27:28 -0800 (PST) Subject: New crypto regs online Message-ID: Hola, The new regs for crypto exports are available at: http://www.epic.org/crypto/export_controls/interim_regs_12_96.html Dave ========================================================================= David Banisar (Banisar at epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * HTTP://www.epic.org Washington, DC 20003 PGP Key: http://www.epic.org/staff/banisar/key.html ========================================================================= From AwakenToMe at aol.com Mon Dec 30 09:55:52 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Mon, 30 Dec 1996 09:55:52 -0800 (PST) Subject: ssn hack Message-ID: <961230125459_271074053@emout12.mail.aol.com> In a message dated 96-12-29 08:35:47 EST, jazzmin at ou.edu (Jazzmin Belle Sommers) writes: << She bought it! I got asked where I belonged to, so I said Germany (not actually a lie, it's my heritage). Next time I think I'll say Belgium. What's that itty bitty country between France and Spain? Angorra? Yeah. That's it.>> That sure isn't a hack.... maybe Im not seeing the advantages of it.. as compared to just saying 'I dont give it out..etc..' << What, you really think someone's actual name is Jazzmin Belle Sommers? Get outta town! >> Nahhhhh ya spelled it WAY differently and Angora is wrong. From hal at rain.org Mon Dec 30 09:59:31 1996 From: hal at rain.org (Hal Finney) Date: Mon, 30 Dec 1996 09:59:31 -0800 (PST) Subject: New crypto regulations Message-ID: <199612301757.JAA00424@crypt.hfinney.com> From: Mike McNally > solman at MIT.EDU wrote: > > The government's claim is that in the interests of national security, > > export of cryptography must be prevented. By limiting the policy's > > applicability to media which are in, or can easily be converted to, > > electronic form ... > > Does anybody seriously believe that nbody writing these policies has > an understanding of OCR software? An on-line form of code printed > in a book is just a quick trip to a scanner away. They know that. The regs, as Lucky pointed out, do hint at restrictions on OCR fonts in the future. However this is obviously doomed since as OCR technology advances the distinction between OCR and non-OCR fonts will vanish. I imagine that a special purpose character recognition engine could be built to work on any known, monospaced font, as is typically used for source code. In this light, the explicit exemption for printed materials is really quite welcome. It has never been 100% clear that a book of source code is exportable. Yes, we've had some favorable court cases recently but none of these have been fully resolved. Rumors were posted here that the NSA came very close to trying to stop the export of the original PGP source code book from MIT Press (and supposedly arranged for MIT to be punished later for its audacity). Having all sides agree that crypto source code can be exported in printed form is an important step in the right direction. We can still contest the issue of restrictions on machine readable exports. In an era where electronic publishing is becoming as important as paper publishing for expressing ideas, we can continue to push to extend the exemption to machine-readable images of the pages of the book, and later to actual source files. Hal From AwakenToMe at aol.com Mon Dec 30 10:01:17 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Mon, 30 Dec 1996 10:01:17 -0800 (PST) Subject: With my deepest regards.... Message-ID: <961230130027_1156000499@emout15.mail.aol.com> In a message dated 96-12-29 16:00:50 EST, dthorn at gte.net (Dale Thorn) writes: << Adam Breaux wrote: > I am withdrawing from this list. Not because of the volume of > email...that I can deal with...but what I cannot deal with is the > volume of garbage and egotistical ranting that seems so prevalent in > what should for all sakes and purposes be a discussion of cyphering > and security. Apparently the name of this list is designed to > mislead...because of all the posts, a grand total of 5% proved worth > reading at all. Note to cypherpunks: This guy complains about the problem, but he *is* the problem. *He* wants to tell us *he's* leaving. Talk about ego- tistical ranting! What a hypocrite. BTW, 5% is a pretty good percentage in my book. >> Since I never said I dont contribute to the problem.. I think Ill point out... that in a reverse notion...He isn't the problem. What you replied back is the problem. I DONT see this list (the other 95%) filled with people saying that they dont like the list. So..since he isnt the other 95% (maybe >0.5% complain) and you with a useless post... are (is) the porblem. I know this post back doesn''t 'help' but I think it brings to light problems with a list that exists for a purpose. Think of it as a democracy on a list. It exists for a reason.. and the people support THAT existence. From tcmay at got.net Mon Dec 30 10:24:42 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 30 Dec 1996 10:24:42 -0800 (PST) Subject: OCR and Machine Readable Text In-Reply-To: <9612300237.AA17923@ua.MIT.EDU> Message-ID: At 6:24 AM -0600 12/30/96, Mike McNally wrote: >solman at MIT.EDU wrote: >> >> The government's claim is that in the interests of national security, >> export of cryptography must be prevented. By limiting the policy's >> applicability to media which are in, or can easily be converted to, >> electronic form ... > >Does anybody seriously believe that nbody writing these policies has >an understanding of OCR software? An on-line form of code printed >in a book is just a quick trip to a scanner away. They know that. And not only is OCR able these days to handle general fonts easily enough, but almost all printed code is in fixed-width fonts, i.e., non-proportional fonts. This makes OCR easy. (I'm no longer a heavy duty OCR inputter, but I used to get nearly 100% accuracy even on things like Times Roman proportional fonts...Courier and other fixed fonts were child's play.) But there's an even bigger issue: human inputting of text is _cheap_, especially in various Third World nations which have a thriving industry doing this. (For example, various credict card companies ship their paper copies of credit trasnsactions to warehouses of people in places like Barbados for manual keying in of data.) For just the amount of money we've spent (in our consulting fees) on discussing just this issue of OCRing, the entire content of the MIT PGP source code book AND Schneier's AC could have been manually inputted by Barbadans or Botswanas, or probably even by Europeans. Of course, there are vastly easier and cheaper routes, such as just sending the stuff directly, but this makes the point that there is no difference between text and machine readable text. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From sameer at c2.net Mon Dec 30 10:48:07 1996 From: sameer at c2.net (sameer) Date: Mon, 30 Dec 1996 10:48:07 -0800 (PST) Subject: Export proposal In-Reply-To: <3.0.32.19961230010938.006bca68@netcom13.netcom.com> Message-ID: <199612301907.LAA05263@gabber.c2.net> > As Michael Froomkin has noted, this will require an act of Congress. I > expect the administration to send a pro-GAK bill to Congress in 1997. That's a good estimate. I think we can expect it to pass in 98 or 99. This gives us a little over a year to make crypto ubiquitous. That's not much time. Now we have a deadline. -- Sameer Parekh Voice: 510-986-8770 President FAX: 510-986-8777 C2Net C2Net is having a party: http://www.c2.net/party/ http://www.c2.net/ sameer at c2.net From shamrock at netcom.com Mon Dec 30 11:01:22 1996 From: shamrock at netcom.com (Lucky Green) Date: Mon, 30 Dec 1996 11:01:22 -0800 (PST) Subject: Export proposal Message-ID: <3.0.32.19961230105806.006ac5c4@netcom13.netcom.com> At 08:56 AM 12/30/96 -0800, Dale Thorn wrote: >What about a fax? That has to make things more complicated, yes? A fax is transmission in electronic form. Clearly banned under the regulations. -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://www.mersenne.org/prime.htm From omega at bigeasy.com Mon Dec 30 11:18:44 1996 From: omega at bigeasy.com (Omegaman) Date: Mon, 30 Dec 1996 11:18:44 -0800 (PST) Subject: New crypto regs outlaw financing non-US development In-Reply-To: Message-ID: On Sun, 29 Dec 1996, Steve Schear wrote: > I doubt the Executive order can be interpreted to mean U.S. citizens cannot > purchase stocks of foreign companies engaged in crypto. There are many > companies (e.g., NEC, Siemans, Philips, ect.) which engage in development > of crypto equipment which would not be exportable if they were produced in > the U.S. Can the gov't deny us the right to invest in these and other > offshore companies? You doubt but are you sure? Potential investors are unsure as well. The executive order has a "chilling effect" on such investments, and could affect their actual stock value. The idea strikes me as an attempt to slow strong crypto development so U.S.-sponsored escrow alternatives can be put into wide deployment. It may also be a "trial-balloon" to see if the USG can get away with deny individuals and corporations the right to invest in "non-approved" technologies. The current administration is hell-bent on imposing any limitations it can. All this makes me wonder why there is any doubt that this country has devolved into a near police-state. Compromise away your rights and you get what you deserve. _______________________________________________________________ Omegaman PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send e-mail with "get key" in the "Subject:" field to get a copy of my public key _______________________________________________________________ From nobody at huge.cajones.com Mon Dec 30 11:24:08 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Mon, 30 Dec 1996 11:24:08 -0800 (PST) Subject: [STEGO] BBN Message-ID: <199612301923.LAA05700@mailmasher.com> Timothy May has been fired from Intel for stealing office supplies. ( )( )________ Timothy May /00 \ _ O_\\--mm---mm /_______) From wb8foz at wauug.erols.com Mon Dec 30 11:59:32 1996 From: wb8foz at wauug.erols.com (David Lesher / hated by RBOC's in 5 states) Date: Mon, 30 Dec 1996 11:59:32 -0800 (PST) Subject: Just another government fuckover: New crypto regulations In-Reply-To: <32C7F074.3FA3@gte.net> Message-ID: <199612301959.OAA04800@wauug.erols.com> Dale Thorn sez: > > In the late 1970's (I think), Victor Marchetti (formerly of CIA) wrote > The CIA and the Cult of Intelligence (title approx.), and the CIA was > allowed by the courts to censor portions of the book. > > As I remember, those portions were released later in a new edition, > primarily because the blacked-out parts were not in fact big-time > secrets, but simply embarrassments for the agency. > > Is this a representative case? I doubt it. When first granted access to classified, you must sign a civil contract not to publish anything without clearing same. That restricts your actions. But if you are writing a book, and the New York Times learns details by other than you telling them [To use a favorite of this group; one I scoff at as it's made to "look easy" -- let's say the NYT used Tempest techniques..], then can the USG go after the NYT and engage prior restraint? No, in my understanding. I hedge cuz this came about as a result of Phillip Agee [sp] but I do not recall exactly when. -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From shamrock at netcom.com Mon Dec 30 12:06:07 1996 From: shamrock at netcom.com (Lucky Green) Date: Mon, 30 Dec 1996 12:06:07 -0800 (PST) Subject: New crypto regulations Message-ID: <3.0.32.19961230120642.006ac9ec@netcom13.netcom.com> At 09:57 AM 12/30/96 -0800, Hal Finney wrote: >The regs, as Lucky pointed out, do hint at restrictions on OCR fonts in >the future. However this is obviously doomed since as OCR technology >advances the distinction between OCR and non-OCR fonts will vanish. >I imagine that a special purpose character recognition engine could be >built to work on any known, monospaced font, as is typically used for >source code. It seems to me that the authors of the regulations have come to the same conclusion. Which is why the ban on scannable text is not in the current version of the regs. But the regulators want to see scannable source banned that much is clear. At the same time, they do not want to run up against the wide ranging protections printed speech enjoys. I expect the solution ultimately employed to use a method similar to what is currently used in color copiers and digital audio mastering equipment. Normal color copiers will copy just about all colors except the particular shade of green used in US currency. Consumer digital audio recording equipment makes use of copy protection features. Only hideously expensive "professional" equipment has the copy protection turned off. We might see something similar for printed source and OCR programs. Printed source will have to be printed in a specific font. A font that OCR programs are required to not recognize. OCR programs that do recognize this specific font will of course be export controlled. -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://www.mersenne.org/prime.htm From dthorn at gte.net Mon Dec 30 12:14:13 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 30 Dec 1996 12:14:13 -0800 (PST) Subject: With my deepest regards.... In-Reply-To: <961230130027_1156000499@emout15.mail.aol.com> Message-ID: <32C82238.1E6D@gte.net> AwakenToMe at aol.com wrote: > Adam Breaux wrote: > > I am withdrawing from this list. Not because of the volume of > > email...that I can deal with...but what I cannot deal with is the > > volume of garbage and egotistical ranting[snippo] > Note to cypherpunks: This guy complains about the problem, but he *is* > the problem. *He* wants to tell us *he's* leaving. Talk about ego- > tistical ranting! What a hypocrite. > Since I never said I dont contribute to the problem.. I think Ill point > out... that in a reverse notion...He isn't the problem. What you replied > back is the problem. Argumentum ad nauseam. The point is, Adam (I think) wanted to tell us he's leaving. Well, who gives a shit, anyway? Instead of ranting against me, tell the cypherpunks why they should care that this particular individual is "leaving the list". From wb8foz at wauug.erols.com Mon Dec 30 12:30:42 1996 From: wb8foz at wauug.erols.com (David Lesher / hated by RBOC's in 5 states) Date: Mon, 30 Dec 1996 12:30:42 -0800 (PST) Subject: New crypto regulations In-Reply-To: <199612301757.JAA00424@crypt.hfinney.com> Message-ID: <199612302030.PAA05013@wauug.erols.com> Hal Finney sez: > > In this light, the explicit exemption for printed materials is really > quite welcome. It has never been 100% clear that a book of source code > is exportable. Yes, we've had some favorable court cases recently but > none of these have been fully resolved. Rumors were posted here that > the NSA came very close to trying to stop the export of the original PGP > source code book from MIT Press (and supposedly arranged for MIT to be > punished later for its audacity). My uncharitable side says that is because they wanted to stay as far away from cries of "book-banning" as they could. If nothing else, IN THAT NARROW CASE, reason prevailed over fervor. And I caution against thinking in terms of "NSA did" in favor of "Under FBI pressure, NSA did" just to remind ourselves where the real battle lies..... -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From tcmay at got.net Mon Dec 30 12:40:45 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 30 Dec 1996 12:40:45 -0800 (PST) Subject: New crypto regs outlaw financing non-US development In-Reply-To: Message-ID: At 2:27 PM -0600 12/30/96, Omegaman wrote: >On Sun, 29 Dec 1996, Steve Schear wrote: > >> I doubt the Executive order can be interpreted to mean U.S. citizens cannot >> purchase stocks of foreign companies engaged in crypto. There are many >> companies (e.g., NEC, Siemans, Philips, ect.) which engage in development >> of crypto equipment which would not be exportable if they were produced in >> the U.S. Can the gov't deny us the right to invest in these and other >> offshore companies? > >You doubt but are you sure? Potential investors are unsure as well. The >executive order has a "chilling effect" on such investments, and could >affect their actual stock value. And I think that a prosecutor who _wished_ to make an example of someone could use the new regs to indeed go after someone who made an "investment" in the stock of a foreign company! An investment is clearly exactly what the regs mention. Now, obviously, all prosecutions have _costs_, and prosecution of someone for buying $10,000 worth of stock in a large European or Japanese company doing frowned-upon crypto work would be unlikely...unless that person was Phil Zimmermann or someone else the feds want zapped. But many investments are for much larger amounts...if someone invests $200K in the stock of a company doing frowned upon work, the government might well decide to prosecute. That the regs clearly give them the authority to prosecute is the key. The essence of a terror state is that one never knows when the hammer will fall. This "FUD" (aka "random reinforcement") keeps the sheeple in line. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From markm at voicenet.com Mon Dec 30 12:55:21 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 30 Dec 1996 12:55:21 -0800 (PST) Subject: Untraceable Payments, Extortion, and Other Bad Things In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 30 Dec 1996, Omegaman wrote: > Yes. But we were talking about one only "doubly untraceable" Chaumian > digicash system. I feel that if such systems don't see wide and common > usage, they will fade away in favor off "singly untraceable" and like > systems. (or be pushed out, such as in the example we played with above). > > One rogue bank, therefore, can be frozen out if others are not using > Chaumian cash. I don't see how one bank offering fully anonymous digital cash could be "frozen out." Partially untracable cash systems may be much more popular, but as long as the fully anonymous system receives enough money to stay in business, there would be little risk of fading away. A bank offering fully anonymous digital cash could be used for tax evasion, extortion, and money laundering. These crimes usually involve large sums of money, so this would keep the bank in business. Mark -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMsgtDyzIPc7jvyFpAQGZKAf8DvR1uWWCV5iTcj23YdxNC/Bg5e6+AFYw buzMoNsHNdpu/LKBMIdr03vLbuOGIDDo+FobHtzVoqss2CExm2mHqlWJWChNO19M 8/M+JGj3RlXVbzKLaXyeTNQtVf9MqUdrxGaT00caggKglzO8w0ghoazbuGZ6nHhy k2sKB1ghKF+9kJc7yCVMRtimZeCOl+veZjwK/SO3FgrhZD/hnJ0ArLBBF5gfPvOH 451mqcP+1Uy790+Y/+JzHPPAMhX7G7E8QotlHQm21b1nlSRN/eBnbtZwWXdCwf/C MVYcs1q3nYoQF844RPo0L61hlsxhveYUTSyDtyF2I/KErobyunsz+g== =2Ueo -----END PGP SIGNATURE----- From tcmay at got.net Mon Dec 30 13:51:45 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 30 Dec 1996 13:51:45 -0800 (PST) Subject: New crypto regulations In-Reply-To: <3.0.32.19961230120642.006ac9ec@netcom13.netcom.com> Message-ID: At 12:07 PM -0800 12/30/96, Lucky Green wrote: >I expect the solution ultimately employed to use a method similar to what >is currently used in color copiers and digital audio mastering equipment. >Normal color copiers will copy just about all colors except the particular >shade of green used in US currency. Consumer digital audio recording >equipment makes use of copy protection features. Only hideously expensive >"professional" equipment has the copy protection turned off. > >We might see something similar for printed source and OCR programs. Printed >source will have to be printed in a specific font. A font that OCR programs >are required to not recognize. OCR programs that do recognize this specific >font will of course be export controlled. I doubt this. This would be too absurd even for the feds...a special font to be used in books? As I said, hand-entry of text and code is already very cheap....and any code fragments desired to be exported can be trivially taken out in any of the zillions of floppies and disks crossing the borders each day, or the Net of course (stego, hidden, remailed, whatever). The whole book thing is an oddity...no meaningful crypto is going to be helped or hindered by the book exception. What _could_ conceivably happen is that export of some code fragment could be given plausible deniability that an export violation occurred by having a paper version distributed widely. "Honest...we didn't send PGP 3.0 to Europe! Someone must've OCRed or manually typed in the code we published in "PGP 3--The Text."" This strategem would work even if the feds mandated some special non-OCRable font (which I doubt could exist...if humans can read the font, so can trainable OCR programs, which of course don't rely on having libraries of particular fonts). --Tim May --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From attila at primenet.com Mon Dec 30 14:00:15 1996 From: attila at primenet.com (Attila T. Hun) Date: Mon, 30 Dec 1996 14:00:15 -0800 (PST) Subject: Betting and Truth In-Reply-To: Message-ID: <199612302200.PAA19543@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- In , on 12/29/96 at 06:33 PM, Sandy Sandfort said: ::Tim's error is assuming that the offer of the bet did not "work" merely ::because the bet was not taken. All the bets I offered achieved effects I ::intended. (Exercise for the student, and all that.) subtle as always, Sandy? mind control, cypherpunk style. == I'll get a life when it is proven and substantiated to be better than what I am currently experiencing. --attila -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMsg6/704kQrCC2kFAQFuJgP/X/xLJnrnan1BN0kWFotO/cSjj/IcbJHs gNVSEcy+TI1/7zqu1u8fIrfWwYXmLQUhAuqFyFGw4fh7S8Mt5oHTuF7KgS4LO1gQ Ny6md/VxoNrLpsaKjZaxRNd6MDDlQuivk4e0PdMbFjj9I6j1T2EWITCENvypDD/9 o2tMXubXk+g= =UN7P -----END PGP SIGNATURE----- From eb at comsec.com Mon Dec 30 14:13:50 1996 From: eb at comsec.com (Eric Blossom) Date: Mon, 30 Dec 1996 14:13:50 -0800 (PST) Subject: ~digicash at Shell In-Reply-To: Message-ID: <199612302148.NAA23846@comsec.com> > Shell is now marketing a stored-value card in $25, $50, and $100 face > denominations. The $100 card retails for $94 right now. I'm not sure if > that discount will be a long-term thing or if it's just to get people > hooked. Anyway, the card can be purchased anonymously for cash and can be > used to buy anything at Shell. I like to use the automated > pay-at-the-pump gizmos to save time but I don't like to leave a digital > footprint behind on my credit card statement for Louis' Legions to peruse, > so I think the stored-value card is a step forward for privacy. Is this a "stored value smart card", or something like most US phone cards, where the "account number" is used to debit a centrally maintained account? From drink at aa.net Mon Dec 30 14:20:28 1996 From: drink at aa.net (! Drive) Date: Mon, 30 Dec 1996 14:20:28 -0800 (PST) Subject: So secure no technology avail in the world capable of breaking it Message-ID: <3.0.32.19691231160000.0069b4a4@aa.net> >From Risks 18.70... Date: 20 Dec 96 15:13:17 EST From: Andrew Weir <100637.616 at CompuServe.COM> Subject: ATM gangsters Much British media panic has been devoted to the recent conviction of an "ATM gang" of high ambition. A collection of high-grade villains with impeccable pedigrees in robbery, gangsterism and drugs dealing over 30 years compelled a software expert who was in prison for attacking his wife and child to help them in their enterprise. The man revealed his role to a prison chaplain and subsequently acted as an undercover informer on his release. [...] Code-breaking gangsters? But could they have got that far? Newspaper reports failed to emphasise the all-important question as to whether the encrypted information could be decoded. Defence counsel were scathing about the possibilities and called experts to testify that it was effectively impossible. One of the defence barristers said: "The basic method was fatally flawed ... because the encryption system used by the banks is so secure that no current technology available in the world, not even the combined expertise of the world's leading scientists, is capable of breaking it." The judge appeared to accept this, with a proviso. Addressing the defendants, he said in sentencing them: "It was not possible for you, with the equipment and expertise then at your disposal, to carry out this fraud to a successful conclusion. There is, in particular, no evidence that the cards recovered by the police would then work or that the codes had then been broken. However, beyond that I'm not prepared to go. I do not believe it is necessary to go further but for the avoidance of doubt I make it clear that it would, in my judgment, be irresponsible and wrong on the basis of the information before me to accept any additional assurances along the lines that this is a fraud that no one could ever commit." Lawyers being what they are, the judge could not exclude the possibility that the decryption was possible, even though the remoteness of that possibility does not seem to have struck home, particularly when it is considered that the gang's only computer expert was working against them. The gang's expert claimed no expertise in cryptography and yet said in evidence that there had been a successful decryption dry run. This was not corroborated elsewhere, and the judge did not accept it. [...] http://catless.ncl.ac.uk/Risks From tcmay at got.net Mon Dec 30 14:31:36 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 30 Dec 1996 14:31:36 -0800 (PST) Subject: Untraceable Payments, Extortion, and Other Bad Things In-Reply-To: Message-ID: At 3:59 PM -0500 12/30/96, Mark M. wrote: >On Mon, 30 Dec 1996, Omegaman wrote: >> One rogue bank, therefore, can be frozen out if others are not using >> Chaumian cash. > >I don't see how one bank offering fully anonymous digital cash could be >"frozen out." Partially untracable cash systems may be much more popular, but >as long as the fully anonymous system receives enough money to stay in >business, there would be little risk of fading away. A bank offering fully >anonymous digital cash could be used for tax evasion, extortion, and money >laundering. These crimes usually involve large sums of money, so this would >keep the bank in business. Precisely my sentiment. And as I said in my main response to Omegaman's points, all Ed the Extortionist has to do is cash in his digibux at the bank; at worst this involves a trip to the physical site of the bank. (Yes, he may be photographed by the bank, etc., but the payments are untraceable, meaning, unlinkable. All the bank knows is that Ed is redeeming $100,000 worth of digibux, and taking his payment in dollars, or gold, or whatever. I grant you that having only fully untraceable digital cash issuer is far from ideal, for various reasons. But I was addressing the point Omegaman made that having only one such bank would mean it would or could be driven out of business by other banks...I disagree.) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From bdolan at USIT.NET Mon Dec 30 14:32:18 1996 From: bdolan at USIT.NET (Brad Dolan) Date: Mon, 30 Dec 1996 14:32:18 -0800 (PST) Subject: ~digicash at Shell In-Reply-To: <199612302148.NAA23846@comsec.com> Message-ID: On Mon, 30 Dec 1996, Eric Blossom wrote: > > Shell is now marketing a stored-value card in $25, $50, and $100 face > > denominations. The $100 card retails for $94 right now. I'm not sure if > > that discount will be a long-term thing or if it's just to get people > > hooked. Anyway, the card can be purchased anonymously for cash and can be > > used to buy anything at Shell. I like to use the automated > > pay-at-the-pump gizmos to save time but I don't like to leave a digital > > footprint behind on my credit card statement for Louis' Legions to peruse, > > so I think the stored-value card is a step forward for privacy. > > Is this a "stored value smart card", or something like most US phone > cards, where the "account number" is used to debit a centrally > maintained account? It appears to be mag-stripe "dumb card," which is used to debit a centrally mantained but anonymous pre-paid account. bd > > From haystack at cow.net Mon Dec 30 15:10:53 1996 From: haystack at cow.net (Bovine Remailer) Date: Mon, 30 Dec 1996 15:10:53 -0800 (PST) Subject: No Subject Message-ID: <9612302254.AA00731@cow.net> At 5:15 PM 12/29/1996, Timothy C. May wrote: >This fascist move by the U.S. government is a huge threat to our liberty. >It may be time to simply give up on communicating with these assholes and >give them the treatment they have earned. > ... >And this a very big one indeed. Not only does it probably put organizations >like C2 out of business, at least in terms of supporting the development of >things like the South African and British Web products, but it also may >mean the *Cypherpunks list itself*, and some of its members, are ipso facto >in violation of this "giving comfort to the enemy" (to paraphrase) language! > ... >This very list advocates violation of the ITARs in various ways (I speak of >"the list" as a person in the sense of the consensus of the list...there >may not be unanimity, but the consensus of the vocal members of the list is >obvious). > > >It may be time for us to go underground. It may be time to take much, much, >much, much more extreme steps. This fascism is unacceptable. While Tim May has had many many great ideas, this is not one of them. To paraphrase Joseph Stalin: Tim, how many divisions do you have? The cypherpunks have virtually no force at all. If the battle is moved to that arena, the cypherpunks (and everybody else) lose big time. If the cypherpunks manage to pull off some sort of "extreme step", those who aren't shot while resisting arrest will go to prison. Worst of all, most people will applaud the action. "Extreme steps" legitimize the radical proposals of the Clipper crowd. While I wouldn't go so far as to say "I feel your pain", I am sympathetic with the frustration you must feel when your own government is the greatest threat to all that it is right and decent. But, "extreme steps" are the wrong approach and play right into the hands of the defense establishment. It saves them the trouble of implementing a "strategy of tension." The right approach is to continually reiterate that the cypherpunks are mainstream and fairly conservative. Many of us like the "bad boy" image, but most of what has been proposed is very solidly rooted in American traditions. If the ITAR regulations can be amended to make discussions on this list a "conspiracy", then they are very likely unconstitutional. Article I, Section I, "All legislative powers herein granted shall be vested in a congress of the United States..." Pretty unambiguous. We should not underestimate the broad public support for private communications which exists in the United States. Even people who are unfamiliar with the issue are shocked when they learn that the U.S. government is trying to gain access to all communications. The only people who want GAK are in the government. There is no constituency in the population which wants it, and quite a few that do not. The more publicly the issue is discussed and the more actively we scrutinize the lies and deceptions of the U.S. government, the more successful we will be. The GAK crowd have not been honest or forthright in their public statements on their plans. We must reiterate this again and again and again. If they cannot be honest about their proposed policy, how can we trust them to hold the keys? Obviously, we cannot. This will be obvious to most Americans, and even some reporters. Red Rackham From shamrock at netcom.com Mon Dec 30 15:14:10 1996 From: shamrock at netcom.com (Lucky Green) Date: Mon, 30 Dec 1996 15:14:10 -0800 (PST) Subject: Crypto reg clarification from Commerce Department Message-ID: <3.0.32.19961230151451.006aafd0@netcom13.netcom.com> I just got of the phone with Bruce Kutz, Export Policy Analyst, Office of Strategic Trade and Foreign Policy Controls. (202) 482-0092. He seems to be the contact person for the new regs. I pointed Mr. Kutz to the section that alarmed me: Sec. 736.2 General prohibitions and determination of applicability. * * * * * (7) General Prohibition Seven--Support of Certain Activities by U.S. persons--(i) Support of Proliferation Activities (U.S. Person Proliferation Activity). If you are a U.S. Person as that term is defined in Sec. 744.6(c) of the EAR, you may not engage in any activities prohibited by Sec. 744.6 (a) or (b) of the EAR which prohibits the performance, without a license from BXA, of certain financing, contracting, service, support, transportation, freight forwarding, or employment that you know will assist in certain proliferation activities described further in part 744 of the EAR. There are no License Exceptions to this General Prohibition Seven in part 740 of the EAR unless specifically authorized in that part. Mr. Kutz seemed surprised. Apparently he had not been aware that this section was included in the new crypto regs. He then assured me that 1. Proliferation in the context of this paragraph applies only to proliferation of a) nuclear (bomb) technology b) missile technology He read to me EAR Sec. 744.6 (a) or (b), which are referred to in the paragraph in question. Sec. 744.6 (a) or (b) seems to support this view. However, he did not explain to me why the paragraph was included in the crypto export regulations when it only applies to nukes and missiles. 2. The Department of Commerce has no intention of banning the financing and contracting of non-US crypto development. 3. Technical assistance to non-US parties requires a license. Mr. Kutz encouraged me to make use of the public comment period and ask Commerce to clarify the section. Public comments will be accepted until February 13, 1997. [Public comment is requested only after the new regs took effect...] I received the impression that Mr. Kutz genuinely believes that the section in question does not apply to crypto. If I was concerned about potentially violating the regulations, I would try to get a written statement from Commerce that Mr. Kutz's view is indeed correct. As always, IANAL. -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://www.mersenne.org/prime.htm From solman at MIT.EDU Mon Dec 30 15:33:32 1996 From: solman at MIT.EDU (solman at MIT.EDU) Date: Mon, 30 Dec 1996 15:33:32 -0800 (PST) Subject: New crypto regulations In-Reply-To: <32C7B497.8C2@tivoli.com> Message-ID: <9612302333.AA21323@ua.MIT.EDU> |> Does anybody seriously believe that nbody writing these policies has |> an understanding of OCR software? An on-line form of code printed |> in a book is just a quick trip to a scanner away. They know that. It has been stated, if not here then elsewhere, that the government intends to update the recently released policy by also prohibiting the printing of source code in special OCR fonts. If true, this would corroborate my assertion as to the reason for the government's explicity exemption of printed media. JWS From mark at hercules.reno.nv.us Mon Dec 30 15:50:45 1996 From: mark at hercules.reno.nv.us (Mark Johnson) Date: Mon, 30 Dec 1996 15:50:45 -0800 (PST) Subject: New crypto regulations In-Reply-To: <199612301757.JAA00424@crypt.hfinney.com> Message-ID: <32C85647.389F@hercules.reno.nv.us> Hal Finney wrote: > > From: Mike McNally > > solman at MIT.EDU wrote: > > > The government's claim is that in the interests of national security, > > > export of cryptography must be prevented. By limiting the policy's > > > applicability to media which are in, or can easily be converted to, > > > electronic form ... > > > > Does anybody seriously believe that nbody writing these policies has > > an understanding of OCR software? An on-line form of code printed > > in a book is just a quick trip to a scanner away. They know that. > > The regs, as Lucky pointed out, do hint at restrictions on OCR fonts in > the future. However this is obviously doomed since as OCR technology > advances the distinction between OCR and non-OCR fonts will vanish. > I imagine that a special purpose character recognition engine could be > built to work on any known, monospaced font, as is typically used for > source code. > > In this light, the explicit exemption for printed materials is really > quite welcome. It has never been 100% clear that a book of source code > is exportable. Yes, we've had some favorable court cases recently but > none of these have been fully resolved. Rumors were posted here that > the NSA came very close to trying to stop the export of the original PGP > source code book from MIT Press (and supposedly arranged for MIT to be > punished later for its audacity). > > Having all sides agree that crypto source code can be exported in printed > form is an important step in the right direction. We can still contest > the issue of restrictions on machine readable exports. In an era where > electronic publishing is becoming as important as paper publishing for > expressing ideas, we can continue to push to extend the exemption to > machine-readable images of the pages of the book, and later to actual > source files. > > Hal To hell with it, lets just send it over a modem and claim its Analog not electronic transfer. If MA-Bell (or sibling) wants to change it from Analog to Digital for overseas transfer then THEY can go after MA-Bell. Then if we can't do that then we would not even be allowed to discuss cryptography (code) verbally as it all gets transformed to electrons now anyway. Can we discuss cryptography code verbally(using sound waves)? What is the difference between me reading(using sound waves) code line by line to John Doe versus having my computer(using sound waves) communicating to John Does's computer,Tape Recorder(high quality), or his well atuned ear which understands MODEMese (or was that MODEMonics)? Oh well, it was a good 20 second(or was that 2 second) thought, but I don't think it'll hold up in court :) Is anyone geting tired of Uncle Sam (or is that Uncle BAN)taking away the freedoms that we have fought so hard for, and are trying to give to all these third world countries such as Bosnia(Oh hell did I mention something about politcs, Oops)? -- Mark Johnson Network Project Manager St. Mary's Regional Med Ctr mark at hercules.reno.nv.us From mark at hercules.reno.nv.us Mon Dec 30 15:51:59 1996 From: mark at hercules.reno.nv.us (Mark Johnson) Date: Mon, 30 Dec 1996 15:51:59 -0800 (PST) Subject: Export proposal In-Reply-To: <3.0.32.19961230105806.006ac5c4@netcom13.netcom.com> Message-ID: <32C8572E.6404@hercules.reno.nv.us> Lucky Green wrote: > > At 08:56 AM 12/30/96 -0800, Dale Thorn wrote: > >What about a fax? That has to make things more complicated, yes? > > A fax is transmission in electronic form. Clearly banned under the > regulations. > > -- Lucky Green PGP encrypted mail preferred > Make your mark in the history of mathematics. Use the spare cycles of > your PC/PPC/UNIX box to help find a new prime. > http://www.mersenne.org/prime.htm Is it, or is it ANALOG? -- Mark Johnson Network Project Manager St. Mary's Regional Med Ctr mark at hercules.reno.nv.us From dthorn at gte.net Mon Dec 30 16:25:43 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 30 Dec 1996 16:25:43 -0800 (PST) Subject: Export proposal In-Reply-To: <3.0.32.19961230105806.006ac5c4@netcom13.netcom.com> Message-ID: <32C85D32.3B07@gte.net> Mark Johnson wrote: > Lucky Green wrote: > > At 08:56 AM 12/30/96 -0800, Dale Thorn wrote: > > >What about a fax? That has to make things more complicated, yes? > > A fax is transmission in electronic form. Clearly banned under the > > regulations. > Is it, or is it ANALOG? Part of the reason for the question is because faxes can be sent and received with no commitment to paper. I sort-of understand the focus on "books" and other hard copy re: freedom of speech, but it seemed to me the fax issue could be one point in a congressperson's mind in favor of the notion that the line between paper and electronic/media has been forever blurred (or erased). Just a thought. From rwright at adnetsol.com Mon Dec 30 16:25:44 1996 From: rwright at adnetsol.com (Ross Wright) Date: Mon, 30 Dec 1996 16:25:44 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. Message-ID: <199612310025.QAA11547@adnetsol.adnetsol.com> This is the message I got in response to my post regarding Mr. May's offensive, racist, and bigoted post about ebonics. I have made overtures towards peace and tried to explain that I thought that the Doctor's verbal slapping was not as bad as it seemed, maybe even he deserved it!. He refuses to answer. He's just a pussy, I guess. Like's to make terroristic threats. To Nam vets, yet. Ballsy, Tim! Maybe the Doctor is not to far from wrong. I would rather have discussed this with you in private e-mail, or over a few beers, but you refuse to answer my e-mail. Received: from you.got.net (root at scir-gotnet.znet.net [207.167.86.126]) by adnetsol.adnetsol.com (8.6.12/8.6.6) with ESMTP id UAA29906 for ; Fri, 27 Dec 1996 20:25:14 -0800 Received: from [207.167.93.63] (tcmay.got.net [207.167.93.63]) by you.got.net (8.8.3/8.8.3) with ESMTP id UAA13732 for ; Fri, 27 Dec 1996 20:17:45 -0800 X-Real-To: X-Sender: tcmay at mail.got.net Message-Id: In-Reply-To: <199612230801.AAA24862 at adnetsol.adnetsol.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 27 Dec 1996 20:32:00 -0800 To: "Ross Wright" From: "Timothy C. May" Subject: Re: Mr. May's Posts. Other Things. X-PMFLAGS: 35127424 0 ------- Forwarded Message Follows ------- Date: Fri, 27 Dec 1996 20:32:00 -0800 To: "Ross Wright" From: "Timothy C. May" Subject: Re: Mr. May's Posts. Other Things. At 12:09 AM -0800 12/23/96, Ross Wright wrote: >hard on him. This latest rant of his has made me reconsider your >rough treatment of Mr. May. I kinda think he deserves a slapping >right now. Go ahead with your "slapping." Of course, I'd treat a "slapping" as an assault. I'd love to put a clip of hollowpoints through your chest. Your place or mine? Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------: ---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ravage at einstein.ssz.com Mon Dec 30 17:02:27 1996 From: ravage at einstein.ssz.com (Jim Choate) Date: Mon, 30 Dec 1996 17:02:27 -0800 (PST) Subject: New crypto regulations (fwd) Message-ID: <199612310101.TAA22964@einstein> Hi all, Forwarded message: > Date: Mon, 30 Dec 1996 15:57:28 -0800 > From: Mark Johnson > > To hell with it, lets just send it over a modem and claim its Analog not > electronic transfer. If MA-Bell (or sibling) wants to change it from > Analog to Digital for overseas transfer then THEY can go after MA-Bell. > Then if we can't do that then we would not even be allowed to discuss > cryptography (code) verbally as it all gets transformed to electrons now > anyway. The distinction between analog and digital is a technicality and not a distinction I want my civil liberties hanging from. An analog signal is just a digital signal with a word length greater than the resolution of the machine. Also one can claim that because electricity is carried by distinct charges it is digital. Counter this is that the charges themselves can take on multiplicity of ranges. A digital signal is just a analog signal of on and off, direct current one might say that is simply turned on and off. Ad nausium... > What is the difference between me reading(using sound waves) code line > by line to John Doe versus having my computer(using sound waves) > communicating to John Does's computer,Tape Recorder(high quality), or > his well atuned ear which understands MODEMese (or was that MODEMonics)? Realisticaly nothing. The real discussion going on here, broken into a multiplicity of special interests pov's, is whether we as individuals have a right to communicate to each other and exactly under what conditions that communication can be monitored, manipulated, prohibited, etc. Balancing the theory behind democracy and multiplicity of views versus the prohibition of various types of acts, distinct and class(ical), which pose threats to individuals, groups, and potentialy national interests is the point... If looked at rationaly, saying I can tell you something if written in a particular code, alphabetic and artistic issues at point, on a certain type of material is ok while if I transfer the identical information using some other code and media it is not is looney tunes. The 'control' types would like us to believe that media is the real issue here, not what is actualy being said. A point easily confused by somebody who doesn't know what the word(s) mean. A very popular view, and not one I consider 'bad', is that we should err on the side of safety. This means that we don't change the status quo too fast. Not necessarily because we like the results being measured in human misery but because while we might relieve their misery in the short term we might 'unbalance' the political situation. History is rife with the results of such periods. However, I balance this with the realisation that once it is clear something needs to be done it is better to go ahead and commit to the results even though we recognise a priori that some results may not necessarily be to our liking. We just have to deal with them when we figure out which ones they are. The trick between these two is to find a 'litmus test' which will provide an observer some sort of measure of their position between the two (or more) positions. Jim Choate ravage at ssz.com From jya at pipeline.com Mon Dec 30 17:07:32 1996 From: jya at pipeline.com (John Young) Date: Mon, 30 Dec 1996 17:07:32 -0800 (PST) Subject: Crypto reg clarification from Commerce Department Message-ID: <1.5.4.32.19961231010158.006d9ce8@pop.pipeline.com> Lucky Green wrote: >I just got of the phone with Bruce Kutz, Export Policy Analyst, Office of >Strategic Trade and Foreign Policy Controls. (202) 482-0092. He seems to be >the contact person for the new regs. Well done, Lucky. This is what's needed to kick off a lot of commentary during the next 45-days. Backed by research, to be sure. The outpouring of such commentary on the full EAR from May 1995 to March 1996 shaped the final document, and that process is an excellent case study for how to affect the final form of the latest crypto regs. It's worth perusing the full EAR in the Federal Register: March 25, 1996 (Volume 61, Number 58), Pages 12713 et seq. for 325 pages (well over a 2.5MB -- it's also on our site, see URL below). Here's the portion of the EAR that Lucky and Kutz discussed: [Page 12805] Sec. 744.6 Restrictions on certain activities of U.S. persons. (a) General prohibitions--(1) Activities related to exports. (i) No U.S. person as defined in paragraph (c) of this section may, without a license from BXA, export, reexport, or transfer to or in any country other country, any item where that person knows that such item: (A) Will be used in the design, development, production, or use of nuclear explosive devices in or by a country listed in Country Group D:2 (see Supplement No. 1 to part 740 of the EAR). (B) Will be used in the design, development, production, or use of missiles in or by a country listed in Country Group D:4 (see Supplement No. 1 to part 740 of the EAR); or (C) Will be used in the design, development, production, stockpiling, or use of chemical or biological weapons in or by a country listed in Country Group D:3 (see Supplement No. 1 to part 740 of the EAR). (ii) No U.S. person shall, without a license from BXA, knowingly support an export, reexport, or transfer that does not have a license as required by this section. Support means any action, including financing, transportation, and freight forwarding, by which a person facilitates an export, reexport, or transfer without being the actual exporter or reexporter. (2) Other activities unrelated to exports. No U.S. person shall, without a license from BXA: (i) Perform any contract, service, or employment that the U.S. person knows will directly assist in the design, development, production, or use of missiles in or by a country listed in Country Group D:4 (see Supplement No. 1 to part 740 of the EAR); or (ii) Perform any contract, service, or employment that the U.S. person knows directly will directly assist in the design, development, production, stockpiling, or use of chemical or biological weapons in or by a country listed in Country Group D:3 (see Supplement No. 1 to part 740 of the EAR). (3) Whole plant requirement. No U.S. person shall, without a license from BXA, participate in the design, construction, export, or reexport of a whole plant to make chemical weapons precursors identified in ECCN 1C350, in countries other than those listed in Country Group A:3 (Australia Group) (See Supplement No. 1 to part 740 of the EAR). (b) Additional prohibitions on U.S. persons informed by BXA. BXA may inform U.S. persons, either individually or through amendment to the EAR, that a license is required because an activity could involve the types of participation and support described in paragraph (a) of this section anywhere in the world. Specific notice is to be given only by, or at the direction of, the Deputy Assistant Secretary for Export Administration. When such notice is provided orally, it will be followed by a written notice within two working days signed by the Deputy Assistant Secretary for Export Administration. However, the absence of any such notification does not excuse the exporter from compliance with the license requirements of paragraph (a) of this section. (c) Definition of U.S. person. For purposes of this section, the term U.S. person includes: (1) Any individual who is a citizen of the United States, a permanent resident alien of the United States, or a protected individual as defined by 8 U.S.C. 1324b(a)(3); (2) Any juridical person organized under the laws of the United States or any jurisdiction within the United States, including foreign branches; and (3) Any person in the United States. (d) Exceptions. No License Exceptions apply to the prohibitions described in paragraphs (a) and (b) of this section. (e) License review standards. Applications to engage in activities otherwise prohibited by this section will be denied if the activities would make a material contribution to the design, development, production, stockpiling, or use of chemical or biological weapons, or of missiles. ----- The EAR covers all kinds of exports, so encryption and cryptography provisions are found by searching. The Federal Register published it in seven 50 page chunks, and is available at: http://www.access.gpo.gov/su_docs/aces/aces140.html Enter the search term: "Page 12713" (with quotes; repeat six times in sequence). We've combined the seven parts for searching: http://jya.com/ear032596.txt (2,570K) From blancw at microsoft.com Mon Dec 30 17:38:45 1996 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 30 Dec 1996 17:38:45 -0800 (PST) Subject: Crypto reg clarification from Commerce Department Message-ID: These make more sense with the following modifications to the clarification: (c) Definition of U.S. person. For purposes of this section, the term U.S. person includes: (1) Any retard who is a citizen of the United States, a permanent resident alien from Planet X, or a protected person formerly-known-as-criminal as defined by 8 U.S.C. 1324b(a)(3); (2) Any juridical organization under surveillance by the United States or any jurisdiction within the United States, including foreign branches; and (3) Any Borgs in the United States. .. Blanc From mrwilhe at odin.cmp.ilstu.edu Mon Dec 30 17:38:56 1996 From: mrwilhe at odin.cmp.ilstu.edu (mrwilhe at odin.cmp.ilstu.edu) Date: Mon, 30 Dec 1996 17:38:56 -0800 (PST) Subject: what is a law if it cant be enforced? Message-ID: <1.5.4.32.19961231014301.008f0e3c@odin.cmp.ilstu.edu> can our gov possibly enforce this crypto law? --esp over the net? I think what happend is the dod released the net (arpanet/Internet) to the people without looking at the implications that could arise. The people now control the net and not the gov--and they don't like it! anyway our government is ruled by the people for the people--so we should not have any kind of special laws--ones that only apply to the net and not the rest of the world, after all we have a thing called free speech! fsh From usura at berserk.com Mon Dec 30 17:39:38 1996 From: usura at berserk.com (Alex de Joode) Date: Mon, 30 Dec 1996 17:39:38 -0800 (PST) Subject: CAVE Message-ID: <199612310244.DAA03138@asylum.berserk.com> CAVE is available at URL: http://www.replay.com/mirror/cave/ Enjoy, -AJ- From blancw at microsoft.com Mon Dec 30 18:03:53 1996 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 30 Dec 1996 18:03:53 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. Message-ID: From: Ross Wright This is the message I got in response to my post regarding Mr. May's offensive, racist, and bigoted post about ebonics. I have made overtures towards peace and tried to explain that I thought that the Doctor's verbal slapping was not as bad as it seemed, maybe even he deserved it!. He refuses to answer. He's just a pussy, I guess. Like's to make terroristic threats. To Nam vets, yet. Ballsy, Tim! ....................................................... You have to understand - Tim is from California. In some areas of the country showing someone your middle finger is the universal hand signal for "shoot me". If you are carrying a gun and give such a hand signal you likely to be held at fault if the shooting does start. If you choose to carry, you will be held to a higher standard of behavior than those that don't. -Greg Hamilton- Self Defense Instructor Nov. 19, 1995 .. Blanc From haystack at cow.net Mon Dec 30 18:06:03 1996 From: haystack at cow.net (Bovine Remailer) Date: Mon, 30 Dec 1996 18:06:03 -0800 (PST) Subject: None Message-ID: <9612310149.AA02729@cow.net> At 1:41 AM 12/25/1996, Anonymous wrote that Noam Chomsky said: >More than ever, libertarian socialist ideas are relevant, and the >population is very much open to them. Despite a huge mass of corporate >propaganda, outside of educated circles, people still maintain pretty much >their traditional attitudes. In the US, for example, more than 80% of the >population regard the economic system as inherently unfair and the >political system as a fraud, which serves the special interests, not the >people. Overwhelming majorities think working people have too little voice >in public affairs (the same is true in England), that the government has >the responsibility of assisting people in need, that spending for education >and health should take precedence over budget-cutting and tax cuts, that >the current Republican proposals that are sailing through Congress benefit >the rich and harm the general population, and so on. Intellectuals may tell >a different story, but it's not all that difficult to find out the facts. Can anybody explain in what way Chomsky is an anarchist or a libertarian? Opposition to some government schemes but not others makes a Republican or a Democrat, not an anarchist or libertarian. Chomsky is a smart man. What's he up to? Sir Galahad From BJORN2LUZE at prodigy.com Mon Dec 30 18:16:23 1996 From: BJORN2LUZE at prodigy.com (NATHAN MALLAMACE) Date: Mon, 30 Dec 1996 18:16:23 -0800 (PST) Subject: US AIRFORCE SITE HACKED Message-ID: <199612310157.UAA15792@mime4.prodigy.com> It is true, so many government sites have been hacked! The FBI home page was replaced with SATANIC stuff. A picture of the upside down cross as a background and various other changes regarding SATAN. i think it's funny, but hey it's our own goverment. I wonder how often they check their sites. BTW, my friends site - http://pages.prodigy.com/VT/hackersguide has a link to the FBI's MOST WANTED LIST. See if you are there! From haystack at cow.net Mon Dec 30 18:24:52 1996 From: haystack at cow.net (Bovine Remailer) Date: Mon, 30 Dec 1996 18:24:52 -0800 (PST) Subject: No Subject Message-ID: <9612310208.AA03047@cow.net> Parents who send their children to government operated schools should read this: http://www.fni.com/heritage/nov96/Exams.html From jimbell at pacifier.com Mon Dec 30 18:29:25 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 30 Dec 1996 18:29:25 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. Message-ID: <199612310229.SAA21087@mail.pacifier.com> At 04:33 PM 12/30/96 -0800, Ross Wright wrote: >This is the message I got in response to my post regarding Mr. May's >offensive, racist, and bigoted post about ebonics. His comments were not "offensive, racist, and bigoted." They were funny, intentionally so. The whole "Ebonics" issue is a hilarious example of political-correctness gone mad. Interestingly, Jesse Jackson tried to make it look like the blacks were the victims, the ones most offended by the actions of the Oakland schools people. Embarrassed, maybe, victims no. (A friend of mine greatly prefers the term, "Niglish." I try hard to not be so...coarse.) Jim Bell jimbell at pacifier.com From dlv at bwalk.dm.com Mon Dec 30 18:30:18 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 30 Dec 1996 18:30:18 -0800 (PST) Subject: Responsibility Message-ID: <1B5RZD28w165w@bwalk.dm.com> Mike Duvos writes: >Brent E. Turvey (bturvey at connix.com) wrote: > >: This NG is not a certified twelve-step program operating under >: anonymity. This is not even a group of people in recovery operating >: under any kind of professional guidance at all. It is in essence a >: PUBLIC FORUM on a given topic. There are no secrets, and no reasonable >: expectation of privacy. There is also no necessitation for legal >: confidance. > >This has been discussed before. Most people are aware of how Usenet >works, and people who don't want their posts linked to their real >life identities can post anonymously. > >: It's also unmoderated. Anyone can look in at any time that they want and >: review any posts current and past that they see fit thanks to the good >: people at Dejanews. And anyone can post whatever they want. > >Yup. > >: However there are a number of individuals engaged in exploitative >: behaviors with the survivors here and other places on the net. Any >: therapist or other certified mental health professional can give you a >: better and more complete definition of "exploitative behaviors" than I >: could do here. > >Changing our tune a bit, aren't we Brent? The infamous list was >advertised as a list of predatory offenders and abusers. Now it >seems to be just a list of people whose Usenet interactions with >others you choose to characterize as "exploitative." > >: It is mainly for the reason of professional ethics and responsibility >: that I posted the list of people to be careful of earlier this month. >: Incumbent in that responsibility is my desire to offer potential victims >: a survival tool. > >Quite frankly, Brent, you offering the survivors in this newsgroup a >"survival tool" is much like a person on fire offering a gathering of >penguins an ice cube. The patrons of this newsgroup are Past Masters >of survival. You, on the other hand, are a master only of sticking >your foot into one bodily opening, while simultaneously sticking your >head up another. > >: By posting that list, I made it totally available to not >: only the frequent and infrequent subscribers to aar, to explore on their >: own as they see fit, but to the law enforcement agencies who now monitor >: usenet as well. > >Who, I am sure, are laughing hysterically at all of this. Please >continue to pee on your chances of ever doing this professionally >at every opportunity. > >: No strict personal agenda; only a professional one. No personal attacks. >: Just observations of behavior. > >Goodness Brent, do you really think we need you to observe peoples >behavior for us? Most of us who have been around the Net since the >clever little protocols were designed by the engineers, and who can >even remember events like "The Great Renaming", and the origins of >Kibo, are fairly astute judges of human behavior. We have seen >all sides of every imaginable issue argued from every conceivable >perspective, and we know the names of all the major players and >where they stand on each one. > >: -- >: Brent E. Turvey, MSc Forensic Science >: bturvey at connix.com >: http://www.connix.com/~bturvey/profile.html > >Anyone want to join me in nominating Mr. Turvey for the coveted "KOTM" >degree? I think... > > Brent E. Turvey, MSc Forensic Science, KOTM Usenet > >has a very nice ring to it. He's definitely goofier than Drs. Grubor >and Vulis. I also suggest you visit his unintentionally funny writings >on autoerotic asphyxiation on the Web. Brent is a man of many talents. :) > >-- > Mike Duvos $ PGP 2.6 Public Key available $ > mpd at netcom.com $ via Finger. $ > Is Brent as goofy as the ASALA terrorist (about to be fired by Earthweb for net-abuse), or even goofier? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From adam at homeport.org Mon Dec 30 18:51:04 1996 From: adam at homeport.org (Adam Shostack) Date: Mon, 30 Dec 1996 18:51:04 -0800 (PST) Subject: Building PGP on Freebsd? Message-ID: <199612310247.VAA06642@homeport.org> I get this message at the end, for building with the netbsd or the 386bsd config file. I know theres a simple tweak, can someone remind me what it is? Thanks, Adam gcc -o pgp pgp.o crypto.o keymgmt.o fileio.o mdfile.o more.o armor.o mpilib.o mpiio.o genprime.o rsagen.o random.o idea.o passwd.o md5.o system.o language.o getopt.o keyadd.o config.o keymaint.o charset.o randpool.o noise.o zbits.o zdeflate.o zfile_io.o zglobals.o zinflate.o zip.o zipup.o ztrees.o zunzip.o rsaglue2.o _80386.o _zmatch.o ../rsaref/install/unix/rsaref.a rsaglue2.o: Definition of symbol `_NN_ModExp' (multiply defined) -- "It is seldom that liberty of any kind is lost all at once." -Hume From rwright at adnetsol.com Mon Dec 30 19:04:44 1996 From: rwright at adnetsol.com (Ross Wright) Date: Mon, 30 Dec 1996 19:04:44 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. Message-ID: <199612310304.TAA16366@adnetsol.adnetsol.com> On or About 30 Dec 96 at 18:16, jim bell wrote: > At 04:33 PM 12/30/96 -0800, Ross Wright wrote: > >This is the message I got in response to my post regarding Mr. > >May's offensive, racist, and bigoted post about ebonics. > > > His comments were not "offensive, racist, and bigoted." They were Be that as it may, it is still no call for threats of gunplay! That is NOT funny. I take such things very seriously. =-=-=-=-=-=- Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From rwright at adnetsol.com Mon Dec 30 19:12:40 1996 From: rwright at adnetsol.com (Ross Wright) Date: Mon, 30 Dec 1996 19:12:40 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. Message-ID: <199612310312.TAA16542@adnetsol.adnetsol.com> On or About 30 Dec 96 at 19:12, Ross Wright wrote: > On or About 30 Dec 96 at 18:16, jim bell wrote: > > > At 04:33 PM 12/30/96 -0800, Ross Wright wrote: > > >This is the message I got in response to my post regarding Mr. > > >May's offensive, racist, and bigoted post about ebonics. > > > > > > His comments were not "offensive, racist, and bigoted." They were > > Be that as it may, it is still no call for threats of gunplay! That > is NOT funny. I take such things very seriously. Funny, yeah real funny. In other words: I'll popa cap in the motherfuckers ass just for him thinkin he gonna draw down on me! It just makes me more and more pissed off! I gotta have a cuppa coffe, and calm down! Ross From rwright at adnetsol.com Mon Dec 30 19:24:59 1996 From: rwright at adnetsol.com (Ross Wright) Date: Mon, 30 Dec 1996 19:24:59 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. Message-ID: <199612310325.TAA16845@adnetsol.adnetsol.com> On or About 30 Dec 96 at 18:03, Blanc Weber wrote: > You have to understand - Tim is from California. > If you choose to carry, you will be held to a higher standard of > behavior > than those that don't. Yes, part of that "higher standard" is to keep your fucking mouth shut about that piece in your sholder holster. Those that brag that they are packing and won't hesitate to use it are usually those that freeze under fire or snap at the workplace. A true shooter shut's the fuck up and if needs be, let's the weapon do the talking when the time is right. That mutually assured destruction shit only works for governments. In this day and age you better think EVERYONE'S packing, and if you shoot your mouth off about your little pea shooter you just make yourself a target for the first shot fired. Ross =-=-=-=-=-=- Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From declan at well.com Mon Dec 30 19:28:23 1996 From: declan at well.com (Declan McCullagh) Date: Mon, 30 Dec 1996 19:28:23 -0800 (PST) Subject: Crypto reg clarification from Commerce Department Message-ID: I believe that Kutz is speaking the truth. Keep in mind the paragraph with which you're concerned is not the meat of what's being amended. That lies in the next line, Section 736.2(b)(7)(ii), which reads: You may not, without a license from BXA, provide certain technical assistance to foreign persons with respect to encryption items, as described in Sec. 744.9 of the EAR. "Technical assistance" is still troubling, but not as much as investment would be. Assistance is aimed at training, and the regulations somewhat exempt classroom discussions. Of course, the uncertainty and the potential chilling effects are good reasons to continue with the court challenges. -Declan --- > I just got of the phone with Bruce Kutz, Export Policy Analyst, Office of > Strategic Trade and Foreign Policy Controls. (202) 482-0092. He seems to be > the contact person for the new regs. > > I pointed Mr. Kutz to the section that alarmed me: > > Sec. 736.2 General prohibitions and determination of applicability. > > * * * * * > > (7) General Prohibition Seven--Support of Certain Activities by > U.S. persons--(i) Support of Proliferation Activities (U.S. Person > Proliferation Activity). If you are a U.S. Person as that term is > defined in Sec. 744.6(c) of the EAR, you may not engage in any > activities prohibited by Sec. 744.6 (a) or (b) of the EAR which > prohibits the performance, without a license from BXA, of certain > financing, contracting, service, support, transportation, freight > forwarding, or employment that you know will assist in certain > proliferation activities described further in part 744 of the EAR. > There are no License Exceptions to this General Prohibition Seven in > part 740 of the EAR unless specifically authorized in that part. > > Mr. Kutz seemed surprised. Apparently he had not been aware that this > section was included in the new crypto regs. He then assured me that > > 1. Proliferation in the context of this paragraph applies only to > proliferation of > a) nuclear (bomb) technology > b) missile technology > > He read to me EAR Sec. 744.6 (a) or (b), which are referred to in the > paragraph in question. Sec. 744.6 (a) or (b) seems to support this view. > However, he did not explain to me why the paragraph was included in the > crypto export regulations when it only applies to nukes and missiles. > > 2. The Department of Commerce has no intention of banning the financing and > contracting of non-US crypto development. > > 3. Technical assistance to non-US parties requires a license. > > Mr. Kutz encouraged me to make use of the public comment period and ask > Commerce to clarify the section. Public comments will be accepted until > February 13, 1997. [Public comment is requested only after the new regs > took effect...] > > I received the impression that Mr. Kutz genuinely believes that the section > in question does not apply to crypto. If I was concerned about potentially > violating the regulations, I would try to get a written statement from > Commerce that Mr. Kutz's view is indeed correct. As always, IANAL. > > > > -- Lucky Green PGP encrypted mail preferred > Make your mark in the history of mathematics. Use the spare cycles of > your PC/PPC/UNIX box to help find a new prime. > http://www.mersenne.org/prime.htm > > > From rwright at adnetsol.com Mon Dec 30 19:37:43 1996 From: rwright at adnetsol.com (Ross Wright) Date: Mon, 30 Dec 1996 19:37:43 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. Message-ID: <199612310337.TAA17118@adnetsol.adnetsol.com> On or About 30 Dec 96 at 20:29, Graham-John Bullers wrote: > You mean we cannot choose to be RACIST BIGOTS shame on you. Sure you can, I got no problem with open disscussions of views. Any views! But a private threat of gunplay, that you have no right to! > > http://www.free > net.edmonton.ab.ca/~real/index.html > > : > real at freenet.edmonton.ab.c > a > Graham-John Bullers email > : > ab756 at freenet.toronto.on.c > a > > Of course, I'd treat a "slapping" as an assault. I'd love to put a > > clip of hollowpoints through your chest. > > > > Your place or mine? > > > > ---- Timothy C. May | Crypto Anarchy: encryption, > > digital =-=-=-=-=-=- Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From secure at access.usa.net Mon Dec 30 19:39:08 1996 From: secure at access.usa.net (secure at access.usa.net) Date: Mon, 30 Dec 1996 19:39:08 -0800 (PST) Subject: Happy New Year Message-ID: <199612310315.UAA09244@earth.usa.net> Dear Friend, If you are interested in increasing your income by using your personal contacts, Please Consider this... Make up to $400.00 per deal by giving away security systems Secure America Highlights 1. It only cost $45 to become a distributor and for that you receive a black glove leather brief case with everything you need to get started; forms, full color brochures, and a video tape telling you about the company, its product and marketing plan. 2. The company offers 100% financing to those buying the product- they have four institutions and can finance most everyone. If your prospective customer gets turned down, then with a small down payment, the company will finance them - IN OTHER WORDS, - ALMOST NO TURN DOWNS! Each source, including the "company carried' contracts, will be reported to TRW; thus helping people, who have bad or no credit, gain the good credit they deserve. 3. The customer receives the system for FREE when they agree to a $29.95 per month-four year monitoring agreement, which is standard cost for a 2-way voice monitoring. They need to agree to either a debit from their checking account or credit card each month. 4. You as the distributor receive a commission of up to $400 - once the buyer is approved and financed. The company pays commission weekly. The commission is paid even before the buyer makes their first payment. And this is important. There are never any charge backs! 5. You, as the distributor can sign up others distributors and receive bonuses of $120 to $320 per sale from distributors under you. The marketing plan offers a very attractive bonus plan. By signing up one new distributor, who does the same within a month, and this pattern continues with each new person only bringing one new distributor, there would be more than 4,000 distributors in your organization at the end of a year. Keep in mind that you only brought in one person each month. If each person in your organization sold only one system per month, your income would be more than $800,000 the first year! What if your organization only did 1/3 of that? Would you be excited? 6. You can set up businesses who can give these away as premiums to their customers, Carpet dealers, appliance dealers, auto dealers, real estate offices, home improvement companies, just to name a few, can give their customers a certificate for a free system upon activation of a four year monitoring contract. The certificate will have your name on it and all they have to do is contact you for the system. You get them approved and get the commission - It's that simple! If you want, you can pay the business a referral fee of say $25, $50, or $100 or even better yet sign them up as a distributor and get continuing overrides and bonuses on them. 7. No Installation worries on your part. The system is wireless, needs no professional installer and comes with an installation video that walks the customer through the installation process. Installation will take about 20-30 minutes. 8. You can market to both home owners and renters - in fact, nobody is going after the rental market at this time. Think about it, do renters want any less protection than homeowners? What a gold mine! When someone moves, they take their security system with them and set it up, with our nationwide monitoring company, at their new location (keep in mind that the system is hooked up to the customers' regular phone line). 9. No Inventory. You do not have to buy anything or make a huge investments in products just to store them in your garage. Once you sign someone up for a system, you turn the paperwork into the company, they process the application (usually within 48 hours), and ship the system to the customer - no deliver or installation hassles for you! 10. No Accounting. The company keeps track of everything for you and give you a computer printout of your sales and organizational activity each month. 11. The Need. September 17, 1996 U.S. Justice Department statistics show that last year burglaries, theft, and theft of motor vehicles were 288 per 1,000 households and yet only 15% of the homes in America have security systems. We can offer monitored protection and peace of mind for only $1 a day and save 10-20% on home insurance premiums. 12. The Equipment. TWO-WAY VOICE systems let the monitoring company listen throughout the home (after alarm activation) for burglaries, medical, or emergency needs, or fire department help. In fact more and more cities are starting to charge non two-way system owners for false alarms. 13. The Company. Secure America has spent more than two years in developing this state of the art equipment system, marketing plan, and available $100 million in financing. This is a one of a king company - no inventory to stock - no huge investments - no money up from the buyer - weekly payment of sales bonuses - and there is NO Competition for this type of system at this price. 14. The Opportunity. What a great feeling! We get to Give Away a system that can do so much for family safety and peace of mind. And whether you would like to make an extra $300 a month or have visions of grandeur, this program can satisfy your needs. The financial bottom line... There will be many millionaires made through Secure America in the next few years. ________________________________________________ Product Package Information: 3000M Gardsman Alarm System - Monitoring Fee $24.95/Month Main Unit(3000M) X1 Motion Sensors X2 Magnetic Sensors X2 Keychain Remote controls X1 Strobe light Siren X1 Window Decals X2 Commission-$200 5000M Gardsman Alarm System - Monitoring Fee $29.95/Month Main Unit(5000M) X1 Motion Sensors X2 Magnetic Sensors X2 Keychain Remote controls X2 Strobe light Siren X1 Window Decals X4 Lawn Sign X1 Commission-$300 For an application, Please Email me your fax number or Mailing address and phone number. Look forward to hearing from you or call our Fax on Demand 1 703-736-1600 Doc#280 From AwakenToMe at aol.com Mon Dec 30 19:39:49 1996 From: AwakenToMe at aol.com (AwakenToMe at aol.com) Date: Mon, 30 Dec 1996 19:39:49 -0800 (PST) Subject: With my deepest regards.... Message-ID: <961230223902_1156080622@emout14.mail.aol.com> In a message dated 96-12-30 17:46:12 EST, you write: << AwakenToMe at aol.com wrote: > Adam Breaux wrote: > > I am withdrawing from this list. Not because of the volume of > > email...that I can deal with...but what I cannot deal with is the > > volume of garbage and egotistical ranting[snippo] > Note to cypherpunks: This guy complains about the problem, but he *is* > the problem. *He* wants to tell us *he's* leaving. Talk about ego- > tistical ranting! What a hypocrite. > Since I never said I dont contribute to the problem.. I think Ill point > out... that in a reverse notion...He isn't the problem. What you replied > back is the problem. Argumentum ad nauseam. The point is, Adam (I think) wanted to tell us he's leaving. Well, who gives a shit, anyway? Instead of ranting against me, tell the cypherpunks why they should care that this particular individual is "leaving the list". >> he did: =-} <> From rah at shipwright.com Mon Dec 30 19:41:00 1996 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 30 Dec 1996 19:41:00 -0800 (PST) Subject: None In-Reply-To: <9612310149.AA02729@cow.net> Message-ID: At 8:49 pm -0500 12/30/96, Bovine Remailer wrote: >Chomsky is a smart man. What's he up to? "consent manufacturing" ;-). Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com), Philodox, e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/ From haystack at cow.net Mon Dec 30 19:43:38 1996 From: haystack at cow.net (Bovine Remailer) Date: Mon, 30 Dec 1996 19:43:38 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. Message-ID: <9612310327.AA03836@cow.net> Some peckerhead soiled my mailbox with: >This is the message I got in response to my post regarding Mr. May's >offensive, racist, and bigoted post about ebonics. I have made >overtures towards peace and tried to explain that I thought that the >Doctor's verbal slapping was not as bad as it seemed, maybe even he >deserved it!. He refuses to answer. He's just a pussy, I guess. >Like's to make terroristic threats. To Nam vets, yet. Ballsy, Tim! Thank you for playing, Mr. Grubor. Please pick up your consolation prize at the door marked "Out." And stop passing Dimbulb the mailing list messages -- you know it makes the tumors in his head kick in. >I would rather have discussed this with you in private e-mail, or >over a few beers, but you refuse to answer my e-mail. Maybe he has you filtered, as the rest of us will now. *plonk* (I'd prob'ly buy him the hollowpoints, btw.) From jgrasty at gate.net Mon Dec 30 19:44:34 1996 From: jgrasty at gate.net (Joey Grasty) Date: Mon, 30 Dec 1996 19:44:34 -0800 (PST) Subject: WinSock Remailer Now Operating Normally Message-ID: <199612310344.WAA27556@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Y'all: The WinSock Remailer, operating at winsock at rigel.cyberpass.net, is back up and operating normally. Regards, Joey Grasty Jim Ray WinSock Remailer Operators -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMsh/qw6sYKeTQAOtAQEXnwL7B53vpSeyb7PbR+g+X7PK1KsEG9sqr1ws Uf9tymq7fJNGHmDl/+7V7asL/i0hmZPLm/XiIniMyutfXCGFWGNQ8kYAvlarq2yp t3wSKo/TJkgIZERaziAa5gTD77mQcnXT =VrpC -----END PGP SIGNATURE----- From mpd at netcom.com Mon Dec 30 19:50:58 1996 From: mpd at netcom.com (Mike Duvos) Date: Mon, 30 Dec 1996 19:50:58 -0800 (PST) Subject: Responsibility In-Reply-To: <1B5RZD28w165w@bwalk.dm.com> Message-ID: <199612310350.TAA29631@netcom7.netcom.com> Dr. Vulis, KOTM, writes: > Is Brent as goofy as the ASALA terrorist (about to be fired by Earthweb > for net-abuse), or even goofier? Kibo-izing the news spool again Dr. Vulis? -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From sandfort at crl.com Mon Dec 30 19:55:09 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 30 Dec 1996 19:55:09 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. In-Reply-To: <199612310304.TAA16366@adnetsol.adnetsol.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Mon, 30 Dec 1996, Ross Wright wrote: > Be that as it may, it is still no call for threats of gunplay! That > is NOT funny. I take such things very seriously. So let me see if I've got this right. Threatening to slap someone is okay, but threatening to defend one's self from such an attack is not okay? Interesting. I guess the old saying still applies, "the essence of humor is WHOSE ox is being gored." S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From omega at bigeasy.com Mon Dec 30 20:17:28 1996 From: omega at bigeasy.com (Omegaman) Date: Mon, 30 Dec 1996 20:17:28 -0800 (PST) Subject: OCR and Machine Readable Text In-Reply-To: Message-ID: On Mon, 30 Dec 1996, Timothy C. May wrote: > Of course, there are vastly easier and cheaper routes, such as just sending > the stuff directly, but this makes the point that there is no difference > between text and machine readable text. Someone else mentioned it, but consider...sending faxes of the printed text. Or scanning in a document to fax format and attaching the fax document to an outgoing e-mail. How would putting up a fax document for FTP be considered? (Much less PDF and/or Postscript) The line is so shaky, it's non-existent. The whole thing is so absurd and the intent so clear. Lucky has predicted that a pro-GAK bill will be introduced into Congress within the New Year. Considering the language in this latest executive order, anyone have any insights into how this bill might be worded and the provisions it might contain? The biggest question: will GAK be mandated for import as well as export? (What are the current regs on import of munitions, anyway?) _______________________________________________________________ Omegaman PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send e-mail with "get key" in the "Subject:" field to get a copy of my public key _______________________________________________________________ From rwright at adnetsol.com Mon Dec 30 20:34:11 1996 From: rwright at adnetsol.com (Ross Wright) Date: Mon, 30 Dec 1996 20:34:11 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. Message-ID: <199612310434.UAA18356@adnetsol.adnetsol.com> On or About 30 Dec 96 at 19:52, Sandy Sandfort wrote: > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > SANDY SANDFORT > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > > C'punks, > > On Mon, 30 Dec 1996, Ross Wright wrote: > > > Be that as it may, it is still no call for threats of gunplay! > > That is NOT funny. I take such things very seriously. > > So let me see if I've got this right. Threatening to slap > someone is okay, I said "he deserves a slapping". I never volunteered to carry that out. And, furthermore, I meant a verbal slapping, something akin to what is already happening with the good Doctor's attacks. Sorry about the metaphor. God damn, must I overstate the obvious? What pissed me off is: After I received this letter I sent several olive branches. No reply. No discussion. Just leave it with his weapon drawn? On my open and empty hand!? That's not me. > but threatening to defend one's self from such an > attack is not okay? Interesting. I guess the old saying still > applies, "the essence of humor is WHOSE ox is being gored." > > > S a n d y =-=-=-=-=-=- Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From markm at voicenet.com Mon Dec 30 20:45:51 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 30 Dec 1996 20:45:51 -0800 (PST) Subject: Building PGP on Freebsd? In-Reply-To: <199612310247.VAA06642@homeport.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 30 Dec 1996, Adam Shostack wrote: > I get this message at the end, for building with the netbsd or the > 386bsd config file. I know theres a simple tweak, can someone remind > me what it is? > > Thanks, > > Adam > > > > gcc -o pgp pgp.o crypto.o keymgmt.o fileio.o mdfile.o more.o armor.o > mpilib.o mpiio.o genprime.o rsagen.o random.o idea.o passwd.o md5.o > system.o language.o getopt.o keyadd.o config.o keymaint.o charset.o > randpool.o noise.o zbits.o zdeflate.o zfile_io.o zglobals.o > zinflate.o zip.o zipup.o ztrees.o zunzip.o rsaglue2.o _80386.o > _zmatch.o ../rsaref/install/unix/rsaref.a > rsaglue2.o: Definition of symbol `_NN_ModExp' (multiply defined) You can either comment out the function "NN_ModExp" in the file nn.c in rsaref or not define "USEMPILIB". Mark -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMsibJCzIPc7jvyFpAQE7Mgf/R7JvLkAZ7+lOn4FAjsGa8qtzgt114pYG 9xNXIavZzti43fGvZa0jRjXO1honm/gKMrQ9IlZZdIrRISpdJSeuqNrKewD1WCsK HFoohgxqch0BZgBQkxMG62XXuAK+v1B7ZDMIyipiUY4zuOtN0KVlpd3M0ZVT6GD7 L545XHlLDaOnH1He+CH+CPGM/ZeyDAlUo/vb0T8eue1ewqNemS1V/T03O2z8VgX3 kq2dznn/pNL7pLnymPPdB03iRFLKFg7MjYeW2/VuGAMy2j0adlWsDqaE18J48A9u 6Z/1pEcT05A3cXET3GB2nfGhaTx+MOnEJQ/rl6ZJ6gSEmmEnD/5kiA== =DTM+ -----END PGP SIGNATURE----- From ichudov at algebra.com Mon Dec 30 20:54:44 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 30 Dec 1996 20:54:44 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. In-Reply-To: <199612310229.SAA21087@mail.pacifier.com> Message-ID: <199612310449.WAA01761@manifold.algebra.com> jim bell wrote: > > At 04:33 PM 12/30/96 -0800, Ross Wright wrote: > >This is the message I got in response to my post regarding Mr. May's > >offensive, racist, and bigoted post about ebonics. > > His comments were not "offensive, racist, and bigoted." They were funny, > intentionally so. The whole "Ebonics" issue is a hilarious example of > political-correctness gone mad. Interestingly, Jesse Jackson tried to make it > look like the blacks were the victims, the ones most offended by the actions > of the Oakland schools people. Embarrassed, maybe, victims no. > In fact, along with Ebonic, another language, Sovonic, was discovered. It is described in great detail in article 199612300340.VAA00555 at manifold.algebra.com and subsequent intensive discussion. Please help Sovonic gain equal recognition with Ebonic. - Igor. From dlv at bwalk.dm.com Mon Dec 30 21:11:50 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 30 Dec 1996 21:11:50 -0800 (PST) Subject: Crypto reg clarification from Commerce Department In-Reply-To: Message-ID: Blanc Weber writes: > These make more sense with the following modifications to the > clarification: > > (c) Definition of U.S. person. For purposes of this section, the > term U.S. person includes: > (1) Any retard who is a citizen of the United States, a > permanent resident alien from Planet X, or a protected person > formerly-known-as-criminal as defined by 8 U.S.C. 1324b(a)(3); > (2) Any juridical organization under surveillance by the United > States or any jurisdiction within the United States, including foreign > branches; and > (3) Any Borgs in the United States. Dandruff-covered lying Armenian scum are NOT U.S. persons. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From ichudov at algebra.com Mon Dec 30 21:14:54 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 30 Dec 1996 21:14:54 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. In-Reply-To: <199612310325.TAA16845@adnetsol.adnetsol.com> Message-ID: <199612310512.XAA01985@manifold.algebra.com> Ross Wright wrote: > > On or About 30 Dec 96 at 18:03, Blanc Weber wrote: > > > You have to understand - Tim is from California. > > If you choose to carry, you will be held to a higher standard of > > behavior > > than those that don't. > > Yes, part of that "higher standard" is to keep your fucking mouth > shut about that piece in your sholder holster. Those that brag that > they are packing and won't hesitate to use it are usually those that > freeze under fire or snap at the workplace. > > A true shooter shut's the fuck up and if needs be, let's the weapon > do the talking when the time is right. I think that legally, if someone who is simply slapped in the face and is feeling no danger to his life (ie, if the slap is sort of theatrical and it is obvious) shoots the slapper, he may be charged with some sort of crime. I would appreciate if lawyers on this list commented on whether shooting is or is not appropriate in this case. - Igor. From rvrcp at ocsnet.net Mon Dec 30 21:15:04 1996 From: rvrcp at ocsnet.net (rvrcp at ocsnet.net) Date: Mon, 30 Dec 1996 21:15:04 -0800 (PST) Subject: Have You Read the Book? Message-ID: ----------------------------------------------------------------------------------------------------------------- The book is called "How to MAKE AMERICA STRONG & WEALTHY ONE PERSON AT A TIME" There is over THREE MILLION copies in print. AND it is Free. The book contains information on how you can become DEBT-FREE in a very short time (on the money that you are making today), and how to easily make more money (thus becoming DEBT-FREE faster) working in your spare time, if you choose to do so. Get your free copy today, so when someone asks you, "Have you read the Book?", you can say, "I was going to ask you the same question!" This book will affect your life whether you read it or not. For more information, call 1-608-375-3130 ext 156900 for a recorded message. ---OR--- E-mail me your Postal Address at rvrcp at ocsnet.net. Call or write today. There is no obligation. But I am betting that you will see the great opportunities that this book contains. ------------------------------------------------------------------------------------- If you wish to be removed from this and all future mailing list, simply send me a message requesting removal. Thank you very much for a little of your valuable time. Ray 8->> From tcmay at got.net Mon Dec 30 21:25:23 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 30 Dec 1996 21:25:23 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. In-Reply-To: <9612310327.AA03836@cow.net> Message-ID: At 10:27 PM -0500 12/30/96, Bovine Remailer wrote: >Some peckerhead soiled my mailbox with: > >>This is the message I got in response to my post regarding Mr. May's >>offensive, racist, and bigoted post about ebonics. I have made >>overtures towards peace and tried to explain that I thought that the >>Doctor's verbal slapping was not as bad as it seemed, maybe even he >>deserved it!. He refuses to answer. He's just a pussy, I guess. >>Like's to make terroristic threats. To Nam vets, yet. Ballsy, Tim! > >Thank you for playing, Mr. Grubor. Please pick up your consolation prize at >the door marked "Out." And stop passing Dimbulb the mailing list messages -- >you know it makes the tumors in his head kick in. > >>I would rather have discussed this with you in private e-mail, or >>over a few beers, but you refuse to answer my e-mail. > >Maybe he has you filtered, as the rest of us will now. > >*plonk* Indeed, I added "Ross Wright" to my Eudora filter file after his "slap you around" message several days ago, so I was mercifully spared from reading whatever he sent to me (as he claims today). After seeing the messsages from you, Blanc, and Sandy, who are _not_ filtered, I checked my Trash folder before emptying it and saw Wright's posting of my private mail to him. His claim to "slap me around" means I'll treat him as a hostile agent. As to why he got *plonked*, this is the price people pay for writing such things as "maybe we need to slap him around." I have more than 20 in my filter file now, though many of these are of people who are no longer spewing on the CP list, for whatever reasons. Oh, and posting private mail is not considered acceptable behavior. >(I'd prob'ly buy him the hollowpoints, btw.) Thanks, but I'm well-stocked on Golden Sabers, and even some Black Talons (though they were overrated, from studies I've seen). --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dthorn at gte.net Mon Dec 30 21:26:15 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 30 Dec 1996 21:26:15 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. In-Reply-To: Message-ID: <32C8A396.1B03@gte.net> Blanc Weber wrote: > From: Ross Wright > This is the message I got in response to my post regarding Mr. May's > offensive, racist, and bigoted post about ebonics. I have made > overtures towards peace and tried to explain that I thought that the > Doctor's verbal slapping was not as bad as it seemed, maybe even he > deserved it!. He refuses to answer. He's just a pussy, I guess. > Like's to make terroristic threats. To Nam vets, yet. Ballsy, Tim! > You have to understand - Tim is from California. > In some areas of the country showing someone your middle finger is the > universal hand signal for "shoot me". If you are carrying a gun and > give such a hand signal you likely to be held at fault if the shooting does > start. If you choose to carry, you will be held to a higher standard of > behavior than those that don't. This is why you gotta make sure the son-of-a-bitch is stone cold dead. The number of shots, shooting distance, front or back, and whether the bozo had a gun, you should be able to work out with an attorney later, as long as you keep your mouth shut until then. From nobody at replay.com Mon Dec 30 21:28:05 1996 From: nobody at replay.com (Anonymous) Date: Mon, 30 Dec 1996 21:28:05 -0800 (PST) Subject: premail. Message-ID: <199612310527.GAA12868@basement.replay.com> A scenario: 1) The spooks put a bug (named Eve) on the link between kiwi.cs.berkeley.edu and the Internet. Whenever kiwi.cs.berkeley.edu sents out the pubring.pgp Eve intercepts it and replaces it with a file of the spooks' choosing. This file will selectively replace the public pgp keys of some of the remailers (say exon) in pubring.pgp with keys to which the spooks know the private key. 2) A similar bug is put on the link between the exon remailer and the internet. All email to exon is intercepted, and if found to be encrypted with the spooks' PGP key, it is decrypted, saved, re-encrypted with exon's real PGP key and sent on. It is only a scenario. I am still using premail to send this. From dthorn at gte.net Mon Dec 30 21:47:36 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 30 Dec 1996 21:47:36 -0800 (PST) Subject: None In-Reply-To: <9612310149.AA02729@cow.net> Message-ID: <32C8A89E.6EEB@gte.net> Bovine Remailer wrote: > At 1:41 AM 12/25/1996, Anonymous wrote that Noam Chomsky said: > >More than ever, libertarian socialist ideas are relevant, and the > >population is very much open to them. Despite a huge mass of corporate > >propaganda, outside of educated circles, people still maintain pretty much > >their traditional attitudes. In the US, for example, more than 80% of the > >population regard the economic system as inherently unfair and the > >political system as a fraud, which serves the special interests, not the [snip] > Can anybody explain in what way Chomsky is an anarchist or a > libertarian? Opposition to some government schemes but not others > makes a Republican or a Democrat, not an anarchist or libertarian. There is something called a Rosetta Stone, i.e. a key to unlock the mysteries. In Chomsky's milieu, it's the JFK assassination. In Chomsky's words, "I can see no forces who would have wanted Kennedy dead" (quote approximate). Chomsky is funded by the military (I forget which branch, Navy perhaps). Since Kennedy, in the best opinion, was executed by the military, it kinda makes sense.... From tcmay at got.net Mon Dec 30 21:49:07 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 30 Dec 1996 21:49:07 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. In-Reply-To: <199612310304.TAA16366@adnetsol.adnetsol.com> Message-ID: At 7:52 PM -0800 12/30/96, Sandy Sandfort wrote: >On Mon, 30 Dec 1996, Ross Wright wrote: > >> Be that as it may, it is still no call for threats of gunplay! That >> is NOT funny. I take such things very seriously. > >So let me see if I've got this right. Threatening to slap >someone is okay, but threatening to defend one's self from such >an attack is not okay? Interesting. I guess the old saying >still applies, "the essence of humor is WHOSE ox is being gored." As I said, I have been filtering Ross Wright, along with about 20 other such twits. I learned of his posting of my private mail to him from the responses such as this one (and by Blanc, and one via a remailer). Wright needs to learn some manners. As for my _threatening_ him, he's welcome to contact his local police department if he feels I was being "unfair" by responding to his threat to me by saying I'd blow him away if he tried it. As for me, if he carries through on his threat to "slap me around," I'll welcome the chance to defend myself using the tools at my disposal. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dthorn at gte.net Mon Dec 30 22:12:28 1996 From: dthorn at gte.net (Dale Thorn) Date: Mon, 30 Dec 1996 22:12:28 -0800 (PST) Subject: US AIRFORCE SITE HACKED In-Reply-To: <199612310157.UAA15792@mime4.prodigy.com> Message-ID: <32C8AE6F.3D89@gte.net> NATHAN MALLAMACE wrote: > It is true, so many government sites have been hacked! > The FBI home page was replaced with SATANIC stuff. A picture > of the upside down cross as a background and various other > changes regarding SATAN. > i think it's funny, but hey it's our own goverment. I wonder > how often they check their sites. BTW, my friends site - > http://pages.prodigy.com/VT/hackersguide has a link to the > FBI's MOST WANTED LIST. See if you are there! Just in case you start to feel sympathetic towards the government, the upside-down cross is *not* the premier symbol of real satanic worship. I got it from the horse's mouth, so to speak: The most supreme symbol of satanic worship is an upside-down five-pointed star (symbolizing the goat's head) with a circle around it. User's of this symbol include: Freemasons (on city signboards, bumper stickers, etc.) for one, and the U.S. Congressional Medal of Honor for another. These are *serious* people, so tread carefully. From rwright at adnetsol.com Mon Dec 30 22:20:27 1996 From: rwright at adnetsol.com (Ross Wright) Date: Mon, 30 Dec 1996 22:20:27 -0800 (PST) Subject: If He Doesn't Like Me Message-ID: <199612310620.WAA20583@adnetsol.adnetsol.com> On or About 30 Dec 96 at 21:32, Timothy C. May wrote: > > Indeed, I added "Ross Wright" to my Eudora filter file after his > "slap you around" message several days ago, so I was mercifully > spared from reading > > > As to why he got *plonked*, this is the price people pay for writing > such things as "maybe we need to slap him around." I have more than > 20 in my > > Oh, and posting private mail is not considered acceptable behavior. > What's next? If Timmy doesn't like what I write will I be kicked off like the Doctor? Wow! From Timmy's trash bin to Kook of the Month FAME!!!!! What more could I ask for? Fuck You, Too, Timmy! But I refuse to censor my own input, so I'll still have to see your fucking stuff. ShitHead. Hostile Agent! How come it took over a year to get this far? Ross (Proud to be in Timmy's Filter File) Wright =-=-=-=-=-=- Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From sandfort at crl.com Mon Dec 30 22:25:06 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 30 Dec 1996 22:25:06 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. In-Reply-To: <199612310434.UAA18356@adnetsol.adnetsol.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Mon, 30 Dec 1996, Ross Wright wrote: > I said "he deserves a slapping". I never volunteered to carry that > out. And, furthermore, I meant a verbal slapping, something akin to > what is already happening with the good Doctor's attacks. And Tim never threatened Ross. He merely posited an "if, than" response to a hypothetical assault. If Ross does no slapping, Tim won't shoot him. QED. No reason to get bent out of shape. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From 93865 at net.122 Mon Dec 30 22:31:08 1996 From: 93865 at net.122 (93865 at net.122) Date: Mon, 30 Dec 1996 22:31:08 -0800 (PST) Subject: [[[ NEW ! Computer Based Business. ]]] Message-ID: <19961231062532.AAA13772@Compaq> DO NOT PRESS REPLY. Send all inquiries, and remove request to http://business.atcon.com/parker/PSM/Tony/tonypsm.htm From rwright at adnetsol.com Mon Dec 30 22:36:57 1996 From: rwright at adnetsol.com (Ross Wright) Date: Mon, 30 Dec 1996 22:36:57 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. Message-ID: <199612310637.WAA20954@adnetsol.adnetsol.com> On or About 30 Dec 96 at 22:24, Sandy Sandfort wrote: > And Tim never threatened Ross. He merely posited an "if, than" > response to a hypothetical assault. If Ross does no slapping, Tim > won't shoot him. QED. No reason to get bent out of shape. Thanks. You are correct. I'm done with this thread. Tim *Plonked* me, not shot me. And now back to you, Dr. V.... Ross =-=-=-=-=-=- Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From blancw at microsoft.com Mon Dec 30 22:39:36 1996 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 30 Dec 1996 22:39:36 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. Message-ID: From: Ross Wright Yes, part of that "higher standard" is to keep your fucking mouth shut about that piece in your sholder holster. Those that brag that they are packing and won't hesitate to use it are usually those that freeze under fire or snap at the workplace. ............................................................. Discussing self-defense equipment to carry... Student: "How about earplugs?" Instructor: "We've thought about that as an intimidation tool. Some guy is hassling you on the street and you start putting your ear plugs in. The guy says, 'What are you doing?' You say, 'It looks like I'm going to be doing some shooting here pretty soon and I don't want to hurt my ears.'" -Greg Hamilton- Self Defense Instructor Nov. 19, 1995 In cyberspace, elimination is accomplished with "delete" keys and "kill files", right? (L.Detweiler used to complain about how many cyberdeaths he had experienced.) Outta sight, outta mind... .. Blanc From jimbell at pacifier.com Mon Dec 30 22:45:43 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 30 Dec 1996 22:45:43 -0800 (PST) Subject: "Structuring" of Communications a Felony? Message-ID: <199612310645.WAA12065@mail.pacifier.com> At 01:35 PM 12/29/96 -0800, Steve Schear wrote: >>I predict that we will see within two years a law making it illegal to >>"structure communications" with the intent to avoid traceability, >>accountability, etc. >> >>This would be along the lines of the laws making it illegal to "structure" >>financial transactions with the (apparent) intent to avoid or evade certain >>laws about reporting of income, reporting of transactions, etc. >> >>How long before the U.S. Code declares "attempting to obscure or hide the >>origin of a communication" to be a felony? That would rule out orninary >>mail without return adresses, but I think there are ample signs we're >>already moving toward this situation (packages that could be bombs >>putatively require ID, talk of the Postal Service handling the citizen-unit >>authentication/signature system, etc.). >>--Tim May > >Tim, I think that this is highly unlikely. The SC has ruled repeatedly >that anonymous speech is a foundation of American politics (e.g., the >Federalist Papers). >-- Steve When Senator Leahy's first crypto bill was proposed early this year, at first glance it appeared to help our cause. Many people around here at least gave it lukewarm support. However, it contained a section making (quote approximate) "use of encryption to thwart an investigation" a crime. I pointed out, quite loudly, that any encrypting anonymous remailer could be considered practically automatically guilty of this. In fact, the feds could simply start a sham "investigation," perhaps assisted by a phony message sent by a confederate through the remailer, and then declare that their investigation had been "thwarted." Whether such an interpretation would fly was, obviously, a question, but by the time the SC had issued its ruling the remailer's hardware would have been siezed collecting dust in some Fed warehouse for 2-3 years. Jim Bell jimbell at pacifier.com From mclow at owl.csusm.edu Mon Dec 30 22:55:08 1996 From: mclow at owl.csusm.edu (Marshall Clow) Date: Mon, 30 Dec 1996 22:55:08 -0800 (PST) Subject: LAW_dno Message-ID: In the 12-29-96. Computerworld: >>>> Karen Epper, an analyst at Forrester Research, Inc. in Cambridge, Mass., said electronic commerce companies should do more legal research than that. "Joe Programmer could create a new currency system," Epper said. "But if it's not supported by regulators, what do you have?" <<<< And there you have it. If it's not regulated by the government, it's no good. P.S This was not an isolated quote, this was the central point of the article. -- Marshall Marshall Clow Aladdin Systems Warning: Objects in calendar are closer than they appear. From frantz at netcom.com Mon Dec 30 22:58:35 1996 From: frantz at netcom.com (Bill Frantz) Date: Mon, 30 Dec 1996 22:58:35 -0800 (PST) Subject: New crypto regs outlaw financing non-US development In-Reply-To: <3.0.32.19961228225731.006b3080@netcom13.netcom.com> Message-ID: At 5:15 PM -0800 12/29/96, Timothy C. May wrote: >This very list advocates violation of the ITARs in various ways (I speak of >"the list" as a person in the sense of the consensus of the list...there >may not be unanimity, but the consensus of the vocal members of the list is >obvious). Gee, I always thought that people on this list only advocated changing the ITAR thru legal means. The fact that strong crypto is widely available outside the USA is merely supporting evidence for this view. :-) It's nice to see some signal back instead of just the noise sent during the Christmas attack on the list. Thanks to all of you who provided the signal. ------------------------------------------------------------------------- Bill Frantz | Client in California, POP3 | Periwinkle -- Consulting (408)356-8506 | in Pittsburgh, Packets in | 16345 Englewood Ave. frantz at netcom.com | Pakistan. - me | Los Gatos, CA 95032, USA From attila at primenet.com Mon Dec 30 22:59:15 1996 From: attila at primenet.com (Attila T. Hun) Date: Mon, 30 Dec 1996 22:59:15 -0800 (PST) Subject: Just another government fuckover: New crypto regulations In-Reply-To: <9m4qZD23w165w@bwalk.dm.com> Message-ID: <199612310700.XAA06518@infowest.com> From: Attila T. Hun X-Return: attila X-Originator: attila X-SecurityType: None X-SecurityCode: None X-KeyID: 1024/C20B6905 X-KeyNo: 23 D0 FA 7F 6A 8F 60 66 BC AF AE 56 98 C0 D7 B0 X-PGPKey: strip spaces and colon from key ; -----BEGIN PGP PUBLIC KEY BLOCK----- ; Version: 2.6 ; ; mQCNAy5vBesAAAEEAN8cl6vHXrKZ9lFfZDgfyJRr3HidW77Uio7F25QF6QXca5z/ ; AS3ZrWsa0CjF2nwrqmyb1E5no7dFB+70ZfK8233r7ykVkWRojT+0K71lnUZO4cjG ; +d19/ehXkDpkH3iHU7Uyo4ZdXLiI6uoFDS7ilzx8PCKcgvfq7b04kQrCC2kFAAUX ; tAZhdHRpbGE= ; =cpDk ; -----END PGP PUBLIC KEY BLOCK----- X-Comments: writer is solely irresponsible for his loose tongue ; Free Cyberspace is our Democracy. Fuck your CDA. ; Free Information is our Freedom. Fuck your WIPO, too. Errors-To: null at primenet.com Priority: Normal Owner: Attila T. Hun Sender: Attila T. Hun Sent-By: Attila T. Hun Return-receipt-to: Attila T. Hun Reply-to: Attila T. Hun Organization: Home for retired unrepented, degenerate hackers Date: Mon, 30 Dec 96 19:52:02 +0000 To: cypherpunks Cc: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Subject: Re: Just another government fuckover: New crypto regulations In-Reply-To: <9m4qZD23w165w at bwalk.dm.com> Bcc: furballs -----BEGIN PGP SIGNED MESSAGE----- In <9m4qZD23w165w at bwalk.dm.com>, on 12/30/96 at 08:07 AM, dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) said: ::"Attila T. Hun" writes: ::> books are and have been protected prior to the US Constitution. ::"Protected" in what sense? Copyright in a fairly recent invention. free speech, which is what we are talking about. supposedly absolute freedom of speech in America was in the Articles of Confederation and was a major point of the Declaration of Independence. free speach was an "intention" of the Magna Carta. ::> the US Government has not been a legal government for years; it ::>is a private club which can be bought, and its services sold to the ::>highest bidder. It is a collection of whores who are part of a cabal ::>of the very rich and powerful; it is totally unaccountable to the ::>public it represents. Waco, Ruby Ridge, and the bombing of their ::>own federal building in Oklahoma City in order to scare Joe Couch ::>Potato into giving up personal freedoms for security are perfect ::>examples of a government drunk on it owns powers. Just like Oswald, ::>they have a perfect patsy with the defendants in OKC. ::Like I said the other day, the similarities with the USSR under the ::last few years of Brezhnev's life are striking. just a little bit too close, is it not? The Kremlin then, and the Kremlin of Yeltsin also suffer the same malady: the personal expression of power. Gorbi will be remembered in history as not a great statesmen as he was initially hailed in the West, but as the 'great concessionaire,' giving Russia's "imperial" power away. Russia never had a communist government, it was a dictatorship somewhat tempered by the power of the apparati (which under Stalin was a joke); it just so happened they practiced the art of the commune in collective farming --except they stole the bulk of the communes' production. Any concept of the commune ownership was fantasy. but the bottom line with Brezhnev was the "drunk with power" of each of the petty fiefdoms. Old Joe and Beria is a perfect example, except Joe took care of his problem promptly to prove the rule that 'thou shall not covet thy boss...'. compare today in Russia: Lebed is a prime example. Even under Brezhnev he would have walked the one way tunnel. Fact is, it appears Lebed has been closer to the mark than the rest of the pompous fools; but that certainly has not helped if one considers Lebed would need to assume absolute power in order to clear the errant course of the Russian ship of state --absolute power corrupts absolutely. the US has two or three power factors depending on your point of view. The visible US government with a totally corrupt and depiscable asshole at the helm --a sublimely and malignantly corrupt man installed as a puppet gone drunk on his cocaine power pack; he thinks he has shaken his masters and his battle is to control the CIA and the rest of the hidden spook show. Even his loyal puppy, John Deutsch, was unable to control the CIA, let alone the rest of the apparati. The lame duck cabinet is more impotent than the last, who almost to a man jumped as rats from a sinking ship. His thrust for power is masked in rhetoric of "for the good of the country" or "to protect the country from the evils of private speech which might be criminal or subversive" that we may all be free. Is it coincidence free speech is the cornerstone of democracy? So who does control the real apparati? check behind the silent curtains of the dark drawing rooms; check behind the facade of US Department of State postings since WWII, and compare names with events and the social register and the rolls of Harvard, Yale, and Princeton; check the bunkers at Fort Meade and other places; check the shadows and the denials; particularly check the denials. don't wast your time with the myriad of 'culprits' starting with the Bilderbergers, the CFR, the TLA, the Bavarian Illuminati, etc. they are just drinking clubs of the power hungry united only by a common greed. greed and absolute power as America careens into history and disenfranchisement. is there then still a third force? speculation? fact! avengers? too little, too late? hunted to the status of endangered species or even to extinction? sacrificial lambs or goats for the alter of the temples of the doomed? or saviours? ::> books are an intellectual 'solution' to the problem. the real ::>problem is the hardware. in order to negate governments and their ::>virtually stated intentions of blocking our inalienable freedoms, ::>particularly freedom of speach, we must be able to distribute ::>universal crypto worldwide, and be able to improve it as the shadow ::>governments of the various spook shows improve their ability to ::>break our code. ::Yes, but the impotent "cypher punks" can't write or distribute code. ::They can only flame and rant and pull plugs. Ah, dimitri, my quasi-friend, my quasi-enemy, that is the question, is it not? Can cypherpunks write code? Some like to argue, and still can and do write code. Others only pontificate; and others lurk for the false rush of the ephemeral or fantastical power. dimitri, you've never been a lurker in your life; then why do you participate in cypherpunks if they are, to a [wo]man, nothing but wankers? (I guess that works for the gentle sex, too. no? ). Ah, dimitri, you're secret is out. you are here to harangue! ::> if you do not have the balls to do it, you are not for freedom. ::If you are a "cypher punk", you are not for freedom. No, no, no, dimitri. Cypherpunks are absolute in their demands for freedom. Most are making the choice to demand freedom while they play in the band and the Titanic sinks. Shall their last song be "God Bless America" or "Nearer my Lord to Thee" --it's all the same is it not? They, and the rest of the complacent Americans, will go down with the ship (as will the fighters without support). Talk is cheap, dimitri. Let's see a little action. == Lord grant me the serenity to accept the things I cannot change. The courage to change the things I can. And the wisdom to hide the bodies of the people I had to kill because they pissed me off. --attila -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMsi5Kb04kQrCC2kFAQHTTgQAuoUu6efW5029X6N3LdvoBwQf3VAXQnLr hW8cR0HxFBJTCx59RjwxgkPxYFFEth83MR1dGL4jNOYTcjMAZt4IEKMPMa5mcjD4 nvw3oKYmBIbqmhC15Wem9kRd2XIutt3wQdYdTyhLRnj4Qrcl4wk0ioThvy14lMSa T0hYUePgUWM= =jiJa -----END PGP SIGNATURE----- From frantz at netcom.com Mon Dec 30 23:01:00 1996 From: frantz at netcom.com (Bill Frantz) Date: Mon, 30 Dec 1996 23:01:00 -0800 (PST) Subject: Hardening lists against spam attacks Message-ID: The Christmas attack against this list shows the need to develop lists which are resistant to attacks. If cyberspace is to become the town square of the next century, we need to be able to discourage brown shirts attacks on political gatherings. If lists are to be a major part of the political life of the community, then they must be resistant to attacks from knowledgeable, well financed attackers, not just the shits who were the most recent perps. There are several principles which should be observed: (1) Since attacks are based on sending to the list, receiving the list should remain substantially unchanged. (2) Spam attacks should be throttled at the source, so they do not act as a denial of service attack on the list server. Here is a sketch of a protocol which attempts to achieve these goals: (1) All messages sent to the list must be encrypted with the list's public key. This requirement is primarily to protect the posting token (see below). However, it alone will probably reduce the problem. Certainly it will eliminate the effectiveness of the "subscribe the list to some other list" attacks. (2) In order to post to the list, the poster must have a valid posting token. These tokens are available, in limited number, anonymously. Tokens remain valid unless canceled for abuse. However, if too many posts are received with a given token, TCP performance on sockets using that token may become arbitrarily slow (or the circuit may be dropped). (3) In order to limit the number of posting tokens, the list server will only issue a few per day. The lucky few who get them, everyone who asks under normal circumstances, may be determined by an algorithm designed to limit token collection by future attackers. (This area is where this proposal needs work!) ------------------------------------------------------------------------- Bill Frantz | Client in California, POP3 | Periwinkle -- Consulting (408)356-8506 | in Pittsburgh, Packets in | 16345 Englewood Ave. frantz at netcom.com | Pakistan. - me | Los Gatos, CA 95032, USA From dlv at bwalk.dm.com Mon Dec 30 23:10:33 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 30 Dec 1996 23:10:33 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. In-Reply-To: Message-ID: <4ZcsZD38w165w@bwalk.dm.com> Blanc Weber writes: > > You have to understand - Tim is from California. And Ray Arachelian is a dandruff-covered Armenian louse larva. Is that an excuse for their bad manners? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From ichudov at algebra.com Mon Dec 30 23:22:40 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 30 Dec 1996 23:22:40 -0800 (PST) Subject: premail. Message-ID: <199612310718.BAA02863@manifold.algebra.com> Anonymous wrote: > > A scenario: > > 1) The spooks put a bug (named Eve) on the link between > kiwi.cs.berkeley.edu and the Internet. > > Whenever kiwi.cs.berkeley.edu sents out the pubring.pgp Eve intercepts > it and replaces it with a file of the spooks' choosing. This file will > selectively replace the public pgp keys of some of the remailers (say exon) > in pubring.pgp with keys to which the spooks know the private key. > > 2) A similar bug is put on the link between the exon remailer and the > internet. All email to exon is intercepted, and if found to be encrypted > with the spooks' PGP key, it is decrypted, saved, re-encrypted with exon's > real PGP key and sent on. > > It is only a scenario. I am still using premail to send this. > A good scenario. A truly paranoid premail users should verify who signed the remailer keys. If you trust the signators and they signed the keys, you are "safe". Just do pgp -kvv some at remailer.com and see what comes up. Maybe remailer operators should asks someone reputable to sign their remailers' keys so that the users can easily verify the signatures. - Igor. From dthorn at gte.net Tue Dec 31 00:19:48 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 31 Dec 1996 00:19:48 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. In-Reply-To: <199612310512.XAA01985@manifold.algebra.com> Message-ID: <32C8CB9D.3064@gte.net> Igor Chudov @ home wrote: > Ross Wright wrote: > > On or About 30 Dec 96 at 18:03, Blanc Weber wrote: > > Yes, part of that "higher standard" is to keep your fucking mouth > > shut about that piece in your sholder holster. Those that brag that > > they are packing and won't hesitate to use it are usually those that > > freeze under fire or snap at the workplace. > > A true shooter shut's the fuck up and if needs be, let's the weapon > > do the talking when the time is right. > I think that legally, if someone who is simply slapped in the face and > is feeling no danger to his life (ie, if the slap is sort of theatrical > and it is obvious) shoots the slapper, he may be charged with some sort > of crime. I would appreciate if lawyers on this list commented on > whether shooting is or is not appropriate in this case. Forget the law. If you don't plea-bargain, you have to face the jury. What's the jury gonna do? Depends on a mixture of their own knowledge and feelings, and whatever instructions the judge gives them. 1. Your state of mind re: defending yourself will influence the jury. 2. The judge's instruction as to necessary force will influence them. (Understand that your situation is not the same as a police officer) 3. The jury's decision about whether your actions were appropriate, based on what they think your options or rights were. Juries do not, in my memory, let people off the hook when they shoot a person who is suspected, say, of raping their child, as the woman did in (the Bay area?) a couple years ago. OTOH, juries do sometimes allow pretty amazing extenuations. The case in Meigs County Tenn. circa 1986-87, when the man in the bar was being harrassed by acquaintances - he went out to his truck, got some guns, and came back in and blasted two or three guys. He got off clean. From ichudov at algebra.com Tue Dec 31 00:27:53 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Tue, 31 Dec 1996 00:27:53 -0800 (PST) Subject: If He Doesn't Like Me In-Reply-To: <199612310620.WAA20583@adnetsol.adnetsol.com> Message-ID: <199612310745.BAA03060@manifold.algebra.com> gentlemen, why don't you relax: 1) I bet that if Ross slapped Tim, he would not shoot Ross 2) I bet that Ross will not slap Tim, regardless of 1) 3) It is often easy to make a judgment about people, and hard for other people to change others' judgment 4) it follows from 3) that flamewars are useless Ross Wright wrote: > > On or About 30 Dec 96 at 21:32, Timothy C. May wrote: > > > > > Indeed, I added "Ross Wright" to my Eudora filter file after his > > "slap you around" message several days ago, so I was mercifully > > spared from reading > > > > > > As to why he got *plonked*, this is the price people pay for writing > > such things as "maybe we need to slap him around." I have more than > > 20 in my > > > > Oh, and posting private mail is not considered acceptable behavior. > > > > What's next? If Timmy doesn't like what I write will I be kicked off > like the Doctor? Wow! From Timmy's trash bin to Kook of the Month > FAME!!!!! What more could I ask for? Fuck You, Too, Timmy! But I > refuse to censor my own input, so I'll still have to see your fucking > stuff. ShitHead. Hostile Agent! > > How come it took over a year to get this far? > > Ross (Proud to be in Timmy's Filter File) Wright > > =-=-=-=-=-=- > Ross Wright > King Media: Bulk Sales of Software Media and Duplication Services > http://www.slip.net/~cdr/kingmedia > Voice: 415-206-9906 > - Igor. From tcmay at got.net Tue Dec 31 00:30:58 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 31 Dec 1996 00:30:58 -0800 (PST) Subject: If He Doesn't Like Me In-Reply-To: <199612310620.WAA20583@adnetsol.adnetsol.com> Message-ID: At 1:45 AM -0600 12/31/96, Igor Chudov @ home wrote: >gentlemen, why don't you relax: Igor, such advice to "why don't you relax" is unwanted. I did not post my mail to Ross Wright, while he has posted not only my private mail to him, but has also written half a dozen other of us his " Fuck You, Too, Timmy! " messages (I'm now looking at this creep's stuff before emptying my trash, to see what this twit is up to). Your message is the equivalent of that brain-damaged ebonite's "Why can't we all just get along?" --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ichudov at algebra.com Tue Dec 31 00:40:00 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Tue, 31 Dec 1996 00:40:00 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: Message-ID: <199612310833.CAA03527@manifold.algebra.com> Bill Frantz wrote: > > (3) In order to limit the number of posting tokens, the list server will > only issue a few per day. The lucky few who get them, everyone who asks > under normal circumstances, may be determined by an algorithm designed to > limit token collection by future attackers. (This area is where this > proposal needs work!) > Send a number of unique tokens to each subscriber each day. Enforce a rule that only posts with valid current tokens may be accepted. The number of tokens should initially be very small (say, one per day) and then should be quickly increased to a sufficient number, like 10 or 20, as the subscriber shows a record of using tokens properly (as defined by acceptable content rules). A database is kept as to who was issued which tokens. If tokens are used improperly (to post off-topic materials) the offending subscriber is denied any further tokens. The problem of this scheme is (besides its cost) that anonymous users will not be truly anonymous. - Igor. From ark at paranoid.convey.ru Tue Dec 31 01:25:03 1996 From: ark at paranoid.convey.ru (ArkanoiD) Date: Tue, 31 Dec 1996 01:25:03 -0800 (PST) Subject: Happy New Year In-Reply-To: <199612310315.UAA09244@earth.usa.net> Message-ID: <199612310923.MAA14016@paranoid.convey.ru> nuqneH, > > Dear Friend, > > If you are interested in increasing your income by using your personal > contacts, Please Consider this... Make up to $400.00 per deal by > giving away security systems > [some d-ds.] Hmm. I do not like MLM. Seems to be smth like selling air for me. -- _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! From gnu at toad.com Tue Dec 31 01:28:28 1996 From: gnu at toad.com (John Gilmore) Date: Tue, 31 Dec 1996 01:28:28 -0800 (PST) Subject: Professor Asks for Constitutional Review of New Encryption Regs Message-ID: <199612310928.BAA00890@toad.com> [Thanks to all the local c'punks for your support of this court case! If we do end up asking for a temporary restraining order, there'll probably be another hearing soon. I'll give you as much notice as I have. --gnu] PROFESSOR ASKS FOR CONSTITUTIONAL REVIEW OF NEW ENCRYPTION REGS "Shell Game" Attempts to Continue Unconstitutional Rules December 30, 1996 Electronic Frontier Foundation Contacts: Shari Steele, Staff Attorney +1 301 375 8856, ssteele at eff.org John Gilmore, Founding Board Member +1 415 221 6524, gnu at toad.com Cindy Cohn, McGlashan & Sarrail +1 415 341 2585, cindy at mcglashan.com San Francisco - Laywers for Professor Dan Bernstein today asked the Government to delay enforcement of new encryption restrictions until they can be reviewed by a court for Constitutionality. The new regulations contain the same features struck down earlier this month by Judge Marilyn Hall Patel. "The government apparently decided to ignore Judge Patel's findings.", said Cindy Cohn, lead attorney in the case. "Instead of listening to Judge Patel's analysis and attempting to fix the regulations, they simply issued new ones with the same problems. We are giving them a a chance to fix this before we bring the issue up in court." President Clinton ordered on November 15 that the regulations be moved from the State Department to the Commerce Department. Judge Patel's decision of December 6 (released December 16th) struck down the State Department regulations as a "paradigm of standardless discretion" that required Americans to get licenses from the government to publish information and software about encryption. Over Christmas, the Clinton Administration published its new Commerce Department regulations, containing all the same problems, and put them into immediate effect today. The new regulations once again put Professor Bernstein at risk of prosecution for teaching a class on encryption and publishing his class materials on the Internet. His class begins on January 13 at the University of Illinois at Chicago. Professor Bernstein's letter of today proposes that the Government agree to delay enforcement of the new regulations while Judge Patel reviews them for Constitutionality. Failing that, Professor Bernstein will ask the court for a temporary restraining order to block their enforcement. "The government is forcing us to go back to Judge Patel again to have the new regulations declared facially unconstitutional." said Ms. Cohn. "This time we believe that a nationwide injunction against their enforcement is merited." "The new encryption rules are a pointless shell game," said John Gilmore, co-founder of the Electronic Frontier Foundation, which backed the suit. "Industry and Congress had asked that the draconian State Department regulations be eliminated in favor of existing, reasonable, Commerce Department regulations. Judge Patel invalidated the State Department regulations because they were draconian. Rather than address the concerns of either, President Clinton moved the draconian regulations into the Commerce Department -- and made them tougher in the process. It's his political decision whether to ignore and anger industry leaders, but he can't ignore a federal district court judge." Civil libertarians have long argued that encryption should be widely deployed on the Internet and throughout society to protect privacy, prove the authenticity of transactions, and improve computer security. Industry has argued that the restrictions hobble them in building secure products, both for U.S. and worldwide use, risking America's current dominant position in computer and communications technology. Government officials in the FBI and NSA argue that the technology is too dangerous to permit citizens to use it, because it provides privacy to criminals as well as ordinary citizens. Background on the case The plaintiff in the case, Daniel J. Bernstein, Research Assistant Professor at the University of Illinois at Chicago, developed an "encryption algorithm" (a recipe or set of instructions) that he wanted to publish in printed journals as well as on the Internet. Bernstein sued the government, claiming that the government's requirements that he register as an arms dealer and seek government permission before publication was a violation of his First Amendment right of free speech. This was required by the Arms Export Control Act and its implementing regulations, the International Traffic in Arms Regulations. The new regulations have the same effect, using the International Emergency Economic Powers Act, the Export Administration Regulations, and a "state of national emergency" that President Clinton declared in 1994 and has re-declared annually. In the first phase of this litigation, the government argued that since Bernstein's ideas were expressed, in part, in computer language (source code), they were not protected by the First Amendment. On April 15, 1996, Judge Patel rejected that argument and held for the first time that computer source code is protected speech for purposes of the First Amendment. On December 6, Judge Patel ruled that the Arms Export Control Act is a prior restraint on speech, because it requires Bernstein to apply for and obtain from the government a license to publish his ideas. Using the Pentagon Papers case as precedent, she ruled that the government's "interest of national security alone does not justify a prior restraint." Judge Patel also held that the government's required licensing procedure fails to provide adequate procedural safeguards. When the Government acts legally to suppress protected speech, it must reduce the chance of illegal censorship by the bureacrats involved -- in this case, the State Department's Office of Defense Trade Controls (ODTC). Her decision states, "Because the ITAR licensing scheme fails to provide for a time limit on the licensing decision, for prompt judicial review and for a duty on the part of the ODTC to go to court and defend a denial of a license, the ITAR licensing scheme as applied to Category XIII(b) acts as an unconstitutional prior restraint in violation of the First Amendment." She also ruled that the export controls restrict speech based on the content of the speech, not for any other reason. "Category XIII(b) is directed very specifically at applied scientific research and speech on the topic of encryption." The new regulations continue to insist that the Government is regulating the speech because of its function, not its content. The judge also found that the ITAR is vague, because it does not adequately define how information that is available to the public "through fundamental research in science and engineering" is exempt from the export restrictions. "This subsection ... does not give people ... a reasonable opportunity to know what is prohibited." Judge Patel also adopted a narrower definition of the term "defense article" in order to save it from unconstitutional vagueness. ABOUT THE ATTORNEYS Lead counsel on the case is Cindy Cohn of the San Mateo law firm of McGlashan & Sarrail, who is offering her services pro bono. Major additional pro bono legal assistance is being provided by Lee Tien of Berkeley; M. Edward Ross of the San Francisco law firm of Steefel, Levitt & Weiss; James Wheaton and Elizabeth Pritzker of the First Amendment Project in Oakland; and Robert Corn-Revere, Julia Kogan, and Jeremy Miller of the Washington, DC, law firm of Hogan & Hartson. ABOUT THE ELECTRONIC FRONTIER FOUNDATION The Electronic Frontier Foundation (EFF) is a nonprofit civil liberties organization working in the public interest to protect privacy, free expression, and access to online resources and information. EFF is a primary sponsor of the Bernstein case. EFF helped to find Bernstein pro bono counsel, is a member of the Bernstein legal team, and helped collect members of the academic community and computer industry to support this case. Full text of the lawsuit and other paperwork filed in the case is available from EFF's online archives at: http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case/ The full text of today's letter from Professor Bernstein to the Government, and proposed stipulation, are at: http://www.eff.org/pub/Privacy/ITAR_export/ Bernstein_case/Legal/961230.letter http://www.eff.org/pub/Privacy/ITAR_export/ Bernstein_case/Legal/961230_proposed.stipulation The new Commerce Department Export Administration Regulations are available at: http://www.eff.org/pub/Privacy/ITAR_export/961230_commerce.regs From toto at sk.sympatico.ca Tue Dec 31 02:38:54 1996 From: toto at sk.sympatico.ca (Toto) Date: Tue, 31 Dec 1996 02:38:54 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. In-Reply-To: Message-ID: <32C90630.4C4D@sk.sympatico.ca> Sandy Sandfort wrote: > So let me see if I've got this right. Threatening to slap > someone is okay, but threatening to defend one's self from such > an attack is not okay? Interesting. I guess the old saying > still applies, "the essence of humor is WHOSE ox is being gored." Ha, ha--ouch! From toto at sk.sympatico.ca Tue Dec 31 02:40:23 1996 From: toto at sk.sympatico.ca (Toto) Date: Tue, 31 Dec 1996 02:40:23 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. In-Reply-To: <199612310337.TAA17118@adnetsol.adnetsol.com> Message-ID: <32C9047D.45EE@sk.sympatico.ca> Ross Wright wrote: > But a private threat of gunplay, that you have no right to! "People have a right to do to you anything that you can't stop them from doing." Harry Browne, 'How I Found Freedom in an Unfree World.' From gt at kdn0.attnet.or.jp Tue Dec 31 02:44:10 1996 From: gt at kdn0.attnet.or.jp (Gemini Thunder) Date: Tue, 31 Dec 1996 02:44:10 -0800 (PST) Subject: New crypto regulations In-Reply-To: <32cc13c3.83442324@kdn0.attnet.or.jp> Message-ID: <32ccea78.74565326@kdn0.attnet.or.jp> gt at kdn0.attnet.or.jp (Gemini Thunder) wrote: >Has magnetic media never been tested in court for freedom of press >applicability? What are the laws that outline the differences between >magnetic media and printed media? Specifically, the one(s) that >permit the non-protection of magnetic media? I have been thinking on this. The government obviously does not want strong crypto in the hands of the public. I see no reason why they will stop at the current legislation. >From the present point I can see 2 alternatives: (1) The ban on crypto source is extended to printed media. (2) The ban on crypto source in magnetic media is tested in court and struck down as a violation of freedom of press/speech. I still have enough faith to believe that (1) is unlikely. What are the odds on (2)? (I can't imagine it being upheld) What are other alternatives? (I am of the opinon that the "non-OCR-able" font scheme is unlikely.) Also, what qualifies as "encryption" here? Basic implementation of an algorithm? Full-blown programs? Hash functions? Steganography (with/without additional encryption)? Data after a CTRL-Z? (Sorry, couldn't help it) From toto at sk.sympatico.ca Tue Dec 31 03:49:35 1996 From: toto at sk.sympatico.ca (Toto) Date: Tue, 31 Dec 1996 03:49:35 -0800 (PST) Subject: [[[ NEW ! Computer Based Business. ]]] In-Reply-To: <19961231062532.AAA13772@Compaq> Message-ID: <32C90D53.1907@sk.sympatico.ca> 93865 at net.122 wrote: > DO NOT PRESS REPLY. Send all inquiries, and remove request to > http://business.atcon.com/parker/PSM/Tony/tonypsm.htm This is, by far, the politest spam I have yet received. But Fuck Off, anyway. From toto at sk.sympatico.ca Tue Dec 31 03:51:19 1996 From: toto at sk.sympatico.ca (Toto) Date: Tue, 31 Dec 1996 03:51:19 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: Message-ID: <32C91A54.2FCE@sk.sympatico.ca> This is the first posting I have seen (someone unSCUMscribed me a few days ago) which addresses the need for having defences in place against spamming attacks. The fact is, the InterNet is a global neighborhood, and everyone will be affected by the security or non-security of their neighbors. Since the Web is currently seen as the new 'gold rush', every Tom, Dick and Harry who wants to capitalize on it will be putting up web sites, with their concern being focused much more on increasing their piece of the pie, than on being good neighbors. So sports lists are going to make it easy-as-pie for 10,000 Laker's fans named Bubba to subscribe to their list and, as a result, make it also as easy-as-pie for people to take advantage of their come-one- come-all policy in order to engage in the sport of spamming. While there are many good list operators who take reasonable precautions against abuse of their system, they are often still left open to abuse coming from the system of less concerned list operators. It would seem to me that part of the solution would be to have in place a monitoring system which would reflect a sudden increase in email coming in from new (or current) sources. Then the source of any excessive increase could be put on 'hold' until the system operator has a chance to check on the validity of the reason behind the sudden increase. (20 messages from Bubba is an inconvenience, but 500 messages is a royal pain-in-the-ass) As for 'mailbots', I think that any solutions to the potential abuse will only be a 'stopping action', at best. My view is that the machines are starting to make their play towards taking over, and that we will eventually be doomed to be their slaves, and not the other way around. Toto Bill Frantz wrote: > > The Christmas attack against this list shows the need to develop lists > which are resistant to attacks. If cyberspace is to become the town square > of the next century, we need to be able to discourage brown shirts attacks > on political gatherings. If lists are to be a major part of the political > life of the community, then they must be resistant to attacks from > knowledgeable, well financed attackers, not just the shits who were the > most recent perps. > > There are several principles which should be observed: > > (1) Since attacks are based on sending to the list, receiving the list > should remain substantially unchanged. > > (2) Spam attacks should be throttled at the source, so they do not act as a > denial of service attack on the list server. > > Here is a sketch of a protocol which attempts to achieve these goals: > > (1) All messages sent to the list must be encrypted with the list's public > key. This requirement is primarily to protect the posting token (see > below). However, it alone will probably reduce the problem. Certainly it > will eliminate the effectiveness of the "subscribe the list to some other > list" attacks. > > (2) In order to post to the list, the poster must have a valid posting > token. These tokens are available, in limited number, anonymously. Tokens > remain valid unless canceled for abuse. However, if too many posts are > received with a given token, TCP performance on sockets using that token > may become arbitrarily slow (or the circuit may be dropped). > > (3) In order to limit the number of posting tokens, the list server will > only issue a few per day. The lucky few who get them, everyone who asks > under normal circumstances, may be determined by an algorithm designed to > limit token collection by future attackers. (This area is where this > proposal needs work!) > > -------------------------------------------------------------------------> Bill Frantz | Client in California, POP3 | Periwinkle -- Consulting > (408)356-8506 | in Pittsburgh, Packets in | 16345 Englewood Ave. > frantz at netcom.com | Pakistan. - me | Los Gatos, CA 95032, USA From toto at sk.sympatico.ca Tue Dec 31 03:53:04 1996 From: toto at sk.sympatico.ca (Toto) Date: Tue, 31 Dec 1996 03:53:04 -0800 (PST) Subject: "Structuring" of Communications a Felony? In-Reply-To: <199612310645.WAA12065@mail.pacifier.com> Message-ID: <32C90C18.6944@sk.sympatico.ca> jim bell wrote: > In fact, the feds > could simply start a sham "investigation," perhaps assisted by a phony > message sent by a confederate through the remailer, and then declare that > their investigation had been "thwarted." Thank heaven that our government would never do anything like this. (and that Santa Clause is real) From haystack at cow.net Tue Dec 31 03:59:45 1996 From: haystack at cow.net (Bovine Remailer) Date: Tue, 31 Dec 1996 03:59:45 -0800 (PST) Subject: Constitutionality of new regs. Message-ID: <9612311143.AA08693@cow.net> One issue which I haven't seen anybody address is the provision to make export licenses easier to obtain for those companies which show a credible business plan that supports GAK. 1) Isn't this showing favouritism in an administrative decision to people who support the government's political agenda. 2) If the export of a certain encryption `item' is inimical to `National Security', isn't the harm to the `National Security' the same regardless of whether the exporter plans to produce GAK products in the future or not? Based on these two points shouldn't this aspect of the regulations considered as being `arbitrary' and hence unconstitutional. A further thought. If you obtain an export license by showing the government a business plan that supports GAK, but then do not follow your business plan, how will the goverment `get' you? From toto at sk.sympatico.ca Tue Dec 31 05:06:57 1996 From: toto at sk.sympatico.ca (Toto) Date: Tue, 31 Dec 1996 05:06:57 -0800 (PST) Subject: Just another government fuckover: New crypto regulations In-Reply-To: <199612310700.XAA06518@infowest.com> Message-ID: <32C9288C.22E9@sk.sympatico.ca> Attila T. Hun wrote: > > Russia never had a communist government, it was a dictatorship > somewhat tempered by the power of the apparati (which under Stalin > was a joke); it just so happened they practiced the art of the > commune in collective farming --except they stole the bulk of the > communes' production. Any concept of the commune ownership was > fantasy. In Canada, farmers purportedly own their own land, but are required by law to sell their grain only through the (collective) Canadian Wheat Board. Right now, farmers are fighting this policy, and being jailed for attempting to sell their grain themselves, on the open market. Why is it that governments always seem to be so self-congratulatory about allowing the citizens to be 'free' to do those things that the government 'allows' them to do? It is so comforting to know that I am 'free' to decide what color of sand they put in the Vaseline. (I prefer black, myself) Toto From toto at sk.sympatico.ca Tue Dec 31 05:06:57 1996 From: toto at sk.sympatico.ca (Toto) Date: Tue, 31 Dec 1996 05:06:57 -0800 (PST) Subject: Just another government fuckover: New crypto regulations In-Reply-To: <199612310700.XAA06518@infowest.com> Message-ID: <32C92C74.7CC@sk.sympatico.ca> Attila T. Hun wrote: > ::If you are a "cypher punk", you are not for freedom. > > No, no, no, dimitri. Cypherpunks are absolute in their demands > for freedom. Most are making the choice to demand freedom while > they play in the band and the Titanic sinks. One also needs to keep in mind that, contrary to the great gun-packing debate going on in the conference, not everyone is so quick to vocalize whether or not they are 'packing'. It's similar to asking your opponent in a poker-game what he's 'holding' when it's showdown time. Would you really trust his or her answer, no matter what it was? To me, the only real answer, in either situation, is a 'shrug'. You've got to pay to play. I don't know if fuck at yourself.up had any problems as a result of his escapade, but if he did, I would suspect there is a good chance that they were caused by one of the more soft-spoken people on the forum. I've bounced a lot of wild-frontier bars in my time, and it has been my experience that it is a truism that, "The quiet ones are the guys you don't want to mess with." Toto From jya at pipeline.com Tue Dec 31 05:17:29 1996 From: jya at pipeline.com (John Young) Date: Tue, 31 Dec 1996 05:17:29 -0800 (PST) Subject: Shell Game News Message-ID: <1.5.4.32.19961231131318.0069d390@pop.pipeline.com> Online reports on the new crypto regs. MSNBC features Bernstein's challenge, with multiple sidebars. http://www.msnbc.com/news/49260.asp http://usatoday.com/news/washdc/ncs20.htm (AP brief) From toto at sk.sympatico.ca Tue Dec 31 05:28:08 1996 From: toto at sk.sympatico.ca (Toto) Date: Tue, 31 Dec 1996 05:28:08 -0800 (PST) Subject: If He Doesn't Like Me In-Reply-To: <199612310620.WAA20583@adnetsol.adnetsol.com> Message-ID: <32C92F84.1E32@sk.sympatico.ca> Timothy C. May wrote: > > Your message is the equivalent of that brain-damaged ebonite's "Why can't > we all just get along?" Tim, Have you 'coined a phrase' here? Perhaps future generations, reading of the exploits of the 'Ebonites', will recognize your contribution to the language. Toto From toto at sk.sympatico.ca Tue Dec 31 05:29:49 1996 From: toto at sk.sympatico.ca (Toto) Date: Tue, 31 Dec 1996 05:29:49 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: <199612310833.CAA03527@manifold.algebra.com> Message-ID: <32C92E6B.F02@sk.sympatico.ca> Igor Chudov @ home wrote: > If tokens are used improperly (to post off-topic materials) the > offending subscriber is denied any further tokens. I'm sure that the NSA would be more than happy to take responsibility for deciding which posts are off-topic. From mozart at asianet.net.hk Tue Dec 31 05:54:07 1996 From: mozart at asianet.net.hk (mozart at asianet.net.hk) Date: Tue, 31 Dec 1996 05:54:07 -0800 (PST) Subject: Musical Instruments WELCOME TO INTERNET'S BEST FULL LINE MUSIC STORE Message-ID: <199612311325.VAA22954@s1.asianet.net.hk> We supply worldwide the EXACT SAME musical instruments & accessories that one can purchase from the local importers, wholesalers, stores, and teachers, BUT FOR LESS! 100% SATISFACTION GUARANTEED! We stock US$ millions in all types of musical instruments and accessories from more 3,000 manufacturers. Orders may be placed in any quantity mix, and shipped directly to you. No minimum orders! For DETAILS, mailto:mozart at asianet.net.hk a BLANK message ONLY and type "INFO" in the SUBJECT HEADER. We sincerely apologize if this is an unwanted e-mail. Please hit REPLY and type "REMOVE" in the SUBJECT area and SEND to be removed from this list. _ _ _ _ / \ -A ll brands/models |\___ALAMO__|_|_|_(__MUSIC LTD._//\ \ -L argest selection |/----//---[!|!|!]-----\\-------\\/ / -A ll credit cards [| (L|O|W|E|S|T) |] \_/ -M ost traffic site \\=(P|R|I|C|E|S)=// -O ne-Stop Cyber Shop \\__|*|*|*|____// [_]_[_] From rah at shipwright.com Tue Dec 31 06:23:21 1996 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 31 Dec 1996 06:23:21 -0800 (PST) Subject: LAW_dno In-Reply-To: Message-ID: At 1:56 am -0500 12/31/96, Marshall Clow wrote: >In the 12-29-96. Computerworld: >>>>> > Karen Epper, an analyst at Forrester Research, Inc. in Cambridge, Mass., > said electronic commerce companies should do more legal research than > that. > > "Joe Programmer could create a new currency system," Epper said. "But if > it's not supported by regulators, what do you have?" ><<<< > >And there you have it. >If it's not regulated by the government, it's no good. > >P.S This was not an isolated quote, this was the central point of the article. Fortunately, such "points" are about to go the way of the devine right of kings, the unquestioned authority of the church, and, of course, rendering unto Ceasar. ;-). See you all in Anguilla... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com), Philodox, e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/ FC97: Anguilla, anyone? http://offshore.com.ai/fc97/ From adam at homeport.org Tue Dec 31 06:46:47 1996 From: adam at homeport.org (Adam Shostack) Date: Tue, 31 Dec 1996 06:46:47 -0800 (PST) Subject: Building PGP on Freebsd? In-Reply-To: Message-ID: <199612311443.JAA08589@homeport.org> Thanks! Commenting out USEMPILIB worked fine. We now return you to your regularly scheduled flammage. Adam Mark M. wrote: -- Start of PGP signed section. | On Mon, 30 Dec 1996, Adam Shostack wrote: | | > I get this message at the end, for building with the netbsd or the | > 386bsd config file. I know theres a simple tweak, can someone remind | > me what it is? | > | > Thanks, | > | > Adam | > | > | > | > gcc -o pgp pgp.o crypto.o keymgmt.o fileio.o mdfile.o more.o armor.o | > mpilib.o mpiio.o genprime.o rsagen.o random.o idea.o passwd.o md5.o | > system.o language.o getopt.o keyadd.o config.o keymaint.o charset.o | > randpool.o noise.o zbits.o zdeflate.o zfile_io.o zglobals.o | > zinflate.o zip.o zipup.o ztrees.o zunzip.o rsaglue2.o _80386.o | > _zmatch.o ../rsaref/install/unix/rsaref.a | > rsaglue2.o: Definition of symbol `_NN_ModExp' (multiply defined) | | You can either comment out the function "NN_ModExp" in the file nn.c in rsaref | or not define "USEMPILIB". | | | Mark -- End of PGP signed section. -- "It is seldom that liberty of any kind is lost all at once." -Hume From dlv at bwalk.dm.com Tue Dec 31 07:00:12 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 31 Dec 1996 07:00:12 -0800 (PST) Subject: (Fwd) Re: Mr. May's Posts. Other Things. In-Reply-To: <199612310312.TAA16542@adnetsol.adnetsol.com> Message-ID: "Ross Wright" writes: > > I gotta have a cuppa coffe, and calm down! > Have some Turkish coffee - fuck the Armenians. Happy New Year, --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From sandfort at crl.com Tue Dec 31 07:10:05 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 31 Dec 1996 07:10:05 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: <199612310833.CAA03527@manifold.algebra.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Tue, 31 Dec 1996 ichudov at algebra.com wrote: > Send a number of unique tokens to each subscriber each day... > ... > A database is kept as to who was issued which tokens. > > If tokens are used improperly (to post off-topic materials) the > offending subscriber is denied any further tokens. > > The problem of this scheme is (besides its cost) that anonymous users > will not be truly anonymous. There is a simple solution to keeping anonymous posters anonymous under this or any similar scheme. Volunteers could act as "gateways" for anonymous posts. Self-selected list members could announce that they would forward anonymous posts using one of their own tokens for the purpose. (In the alternative, the gateway volunteers could be given extra tokens solely for that purpose.) The gateway volunteers would be a firewall against flames and spam attacks, but would be a conduit for substantive anonymous posts. If gateway volunteers allowed inappropriate flames and spams through, they would have *their* tokens reduced. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From haystack at cow.net Tue Dec 31 07:53:09 1996 From: haystack at cow.net (Bovine Remailer) Date: Tue, 31 Dec 1996 07:53:09 -0800 (PST) Subject: No Subject Message-ID: <9612311536.AA11070@cow.net> Criminal, criminal, who's the criminal... WSJ, December 30, 1996: Obscure Treasury Unit Helps DEA Uncover Scheme >From the beginning, it was The Case That Didn't Add Up. It started with a woman in St. Louis who wanted to pay Federal Express $38 to ship a package supposedly containing a $2 paperback book to Los Angeles. The company called the local Drug Enforcement Administration office. [Thanks, FedEx assholes!] Ralph Moore, a DEA agent, got a search warrant, [Seems like pretty flimsy grounds for a warrant to me.] opened the package and found $10,000 in cash. [So?] He checked his records: The woman was on welfare. He searched her house and found a new car, $25,000 stuffed into a coat pocket and papers showing the woman owned seven buildings. "Follow the money" is supposedly an axiom for federal investigators, but in November 1994 Mr. Moore was discovering how tough that is to do in drug cases where suspects are rich and financially savvy. So who was Mr. Moore going to call? He noticed a DEA memo about an obscure unit of the Treasury Department, the Financial Crimes Enforcement Network. [Dum-da-dum!] The St. Louis case became a prime example of how Fincen, the nation's smallest intelligence agency, brings the latest in high-tech firepower to the never-ending battle against money-laundering schemes. The agency, created in April 1990, uses a staff of 200 analysts and agents to offer state- of-the-art computer tracking and analysis to state and federal agents and prosecutors, giving them more time to work the cases from the street. The DEA's Mr. Moore desperately needed the help. The woman who had mailed the package had a boyfriend who made $20,000 a year working for an electric company. The agent found he had more than 30 different accounts in one bank. Bank records showed hundreds of thousands of dollars flowing through them in patterns that never repeated themselves. Enter James Petrakis, a graying, 47-year-old Fincen investigator, who flew out from Washington. Mr. Petrakis designed a computer program for the case that could follow the money as it flowed through companies -- some phony, some real -- and through people who transferred ownership of some 30 pieces of local real estate that seemed to be involved. There were gaps in the digital portrait that emerged, but the general outlines were stunning: Mr. Moore had uncovered a family-run drug- distribution business that appeared to have stashed between $5 million and $7 million in various investments and purchases in St. Louis banks. Because the business also trafficked in guns, the Treasury Department's Bureau of Alcohol, Tax and Firearms was working on the case, too. Robert Nosbisch, the top bureau agent, agreed that tracking the money was going to be key. "The objective in a case like this is to get anyone who has a significant role into jail and take all of their assets," he says. ^^^^^^^^^^^^^^^^^^^^^^^^ [What do you do when the highwaymen wear badges?] Mr. Moore's chief suspect, a short, hot-tempered man named William Y. Jones, "was too good," he recalls. Mr. Jones had a way of anticipating the federal agent's moves. "It was almost like a chess game. As I would move a piece, he would move a piece," the agent adds. There were other odd things. Although Mr. Jones was 43 (in 1995), his credit records and other personal history only went back to 1985. Before that, he had no records. Mr. Jones's biggest drug moves usually happened on government holidays, when the DEA and ATF staffs were slim. Mr. Moore had a theory: Mr. Jones was probably a federal informant, a man who had worked with federal agents in drug cases before. [More like a graduate of the Federal Witness Protection Program, I'd say. Seems odd that they want to ID us down to the last gnat's eyebrow while making up IDs for their buddies.] "We needed to become unorthodox," Mr. Moore recalls. When wiretaps led them to a $1 million stash of Mr. Jones's cocaine in a car, they seized the drugs and the car, too. Later they heard Mr. Jones say on his tapped cellular phone that federal agents didn't steal cars. One of his drug partners, Mr. Jones concluded, must have double-crossed him. [So now they'll just steal stuff from you and not even notify you that it has been confiscated. Amazing!] From tmcghan at gill-simpson.com Tue Dec 31 08:00:58 1996 From: tmcghan at gill-simpson.com (tmcghan at gill-simpson.com) Date: Tue, 31 Dec 1996 08:00:58 -0800 (PST) Subject: Hardening lists against spam attacks Message-ID: <199612311600.LAA21931@mail.bcpl.lib.md.us> Toto wrote: > {snip} the source of any excessive increase could be put on 'hold' > until the system operator has a chance to check on the validity > Bill Frantz wrote: > > > > The Christmas attack against this list shows the need to develop lists > > which are resistant to attacks. ...and how long has Usenet had 'moderated' newsgroups? ( only as long as there have been individuals with the time and patience to screen the volume of input, and exercise thoughtful discretion in selecting the 'worthy' postings.) How smart an 'automatic' filter can clever folks design? for(;;) { ECM; ECCM; } Thomas M. McGhan tmcghan at gill-simpson.com http://www.gill-simpson.com voice: (410) 467-3335 fax: (410) 235-6961 pagenet: (410) 716-1342 cellular: (410) 241-9113 ICBM: 39.395N 76.469W From aga at dhp.com Tue Dec 31 08:04:49 1996 From: aga at dhp.com (aga) Date: Tue, 31 Dec 1996 08:04:49 -0800 (PST) Subject: Tim May wants to Kill people! In-Reply-To: Message-ID: This is a very sick Tim May who says he would love to kill this guy with a ">clip of hollowpoints through your chest." On Tue, 31 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > >Message-Id: <199612310025.QAA11547 at adnetsol.adnetsol.com> > >Comments: Authenticated sender is > >From: "Ross Wright" > >Organization: King Media and RW Marketing > >To: cypherpunks at toad.com > >Date: Mon, 30 Dec 1996 16:33:41 -0800 > >Mime-Version: 1.0 > >Content-Type: text/plain; charset=US-ASCII > >Content-Transfer-Encoding: 7BIT > >Subject: (Fwd) Re: Mr. May's Posts. Other Things. > >Priority: normal > >X-Mailer: Pegasus Mail for Win32 (v2.42) > >Sender: owner-cypherpunks at toad.com > >Precedence: bulk > > > >This is the message I got in response to my post regarding Mr. May's > >offensive, racist, and bigoted post about ebonics. I have made > >overtures towards peace and tried to explain that I thought that the > >Doctor's verbal slapping was not as bad as it seemed, maybe even he > >deserved it!. He refuses to answer. He's just a pussy, I guess. > >Like's to make terroristic threats. To Nam vets, yet. Ballsy, Tim! > > > >Maybe the Doctor is not to far from wrong. > > > >I would rather have discussed this with you in private e-mail, or > >over a few beers, but you refuse to answer my e-mail. > > > >Received: from you.got.net (root at scir-gotnet.znet.net > >[207.167.86.126]) by adnetsol.adnetsol.com (8.6.12/8.6.6) with ESMTP > >id UAA29906 for ; Fri, 27 Dec 1996 20:25:14 > >-0800 Received: from [207.167.93.63] (tcmay.got.net [207.167.93.63]) > >by you.got.net (8.8.3/8.8.3) with ESMTP id UAA13732 for > >; Fri, 27 Dec 1996 20:17:45 -0800 X-Real-To: > > X-Sender: tcmay at mail.got.net Message-Id: > > In-Reply-To: > ><199612230801.AAA24862 at adnetsol.adnetsol.com> Mime-Version: 1.0 > >Content-Type: text/plain; charset="us-ascii" Date: Fri, 27 Dec 1996 > >20:32:00 -0800 To: "Ross Wright" From: "Timothy > >C. May" Subject: Re: Mr. May's Posts. Other Things. > >X-PMFLAGS: 35127424 0 > > > >------- Forwarded Message Follows ------- > >Date: Fri, 27 Dec 1996 20:32:00 -0800 > >To: "Ross Wright" > >From: "Timothy C. May" > >Subject: Re: Mr. May's Posts. Other Things. > > > >At 12:09 AM -0800 12/23/96, Ross Wright wrote: > > > >>hard on him. This latest rant of his has made me reconsider your > >>rough treatment of Mr. May. I kinda think he deserves a slapping > >>right now. > > > >Go ahead with your "slapping." > > > >Of course, I'd treat a "slapping" as an assault. I'd love to put a > >clip of hollowpoints through your chest. > > > >Your place or mine? > > > >Just say "No" to "Big Brother Inside" > >We got computers, we're tapping phone lines, I know that that ain't > >allowed. > >---------:---------:---------:---------:---------:---------:---------: > >---- Timothy C. May | Crypto Anarchy: encryption, digital > >money, tcmay at got.net 408-728-0152 | anonymous networks, digital > >pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, > >information markets, Higher Power: 2^1398269 | black markets, > >collapse of governments. "National borders aren't even speed bumps on > >the information superhighway." > > > > > > > > > > > From jbugden at smtplink.alis.ca Tue Dec 31 08:11:54 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Tue, 31 Dec 1996 08:11:54 -0800 (PST) Subject: Iranian clergic attacks Internet as 'poison' to the m... Message-ID: <9611318520.AA852059472@smtplink.alis.ca> Subject: RE: Iranian clergic attacks Internet as 'poison' to the masses ( vipul at pobox.com wrote: >*** Iranian clergic attacks Internet as 'poison' to the masses >A senior Iranian cleric called Friday for restricting Internet access >because the global computer network fed "poison" to the masses. I have seen this article elsewhere, and the sentiment is not as nefarious as it sounds. You may know that many Arabic and Persian countries have a heavy exposure to French. In this case, the confusion arises due to the similarity between the English "poison" and the French "poisson" which means fish. Restated, the problem is that the Internet is feeding "fish" to the masses in the form of information, hence the masses are not feeding themselves. A similar English adage is: Give a man a fish and he'll eat for a day. Teach a man to fish and he'll eat for the rest of his life. As the mullah implies, we need to help people to increase their critical thinking skills, rather than passively accept what others tell them via the Internet. Start now. James From markm at voicenet.com Tue Dec 31 08:14:55 1996 From: markm at voicenet.com (Mark M.) Date: Tue, 31 Dec 1996 08:14:55 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: <199612310833.CAA03527@manifold.algebra.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 31 Dec 1996, Igor Chudov @ home wrote: > Send a number of unique tokens to each subscriber each day. Enforce a > rule that only posts with valid current tokens may be accepted. The > number of tokens should initially be very small (say, one per day) and > then should be quickly increased to a sufficient number, like 10 or 20, > as the subscriber shows a record of using tokens properly (as defined by > acceptable content rules). > > A database is kept as to who was issued which tokens. > > If tokens are used improperly (to post off-topic materials) the > offending subscriber is denied any further tokens. > > The problem of this scheme is (besides its cost) that anonymous users > will not be truly anonymous. I think this problem can be solved by blind signing the tokens. A user generates a random number, multiplies it by the blinding factor, then sending it to a token server which would append a timestamp and sign the blinded token. All signature requests should be signed with a PGP key. The server response would be encrypted with the user's public key. A person's PGP key would be sent along with the subscription request and then saved by the list software. The token would be included in a user's list submission, removed, and saved by the list software to detect any duplicates. The server would issue a limited number of tokens to each public key registered with it. If two signed requests come from the same email address in the same day signed with different keys, only the tokens in the first request should be signed. The only problem with this scheme is the inconvenience of having to register a public key with the server before posting. Someone with many different email addresses could generate a public key for each address to get more tokens. The only way to prevent this is to control list subscriptions. Mark -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMsk8uCzIPc7jvyFpAQHFvAgAoogQTxQH74MbtDUSQgfkbwDRIJ1rXaXQ zqf4D+JyRcpFXUv0cKuUoLGFTkTKdhtGrIBfqhZJvC/n/fWOV0DHIO4asNZWqtEa NFIsWPyJqrOceCPfTLv4wft9X8aMybu6nOy/B6/NHr+Lw2p5TsfFbms4pHvrE5zt daZ7zpPkI8l1qDI1I0XUaF6vBOGl3nJtg4NewCagpB8mZulT6wmetoe5NHmrTYEA OI+UhgCWZSUJTJ2kC+liBmCwZ7+Z1JW39rOpLP6Y4Eo/o8mGErePKFK3ZbTVvfV8 5KyZn7HTxwmoTkEkRt0lOLpqU3afXJVdca9McCBoSklwveMoNwOmEQ== =pvLP -----END PGP SIGNATURE----- From blancw at microsoft.com Tue Dec 31 09:30:18 1996 From: blancw at microsoft.com (Blanc Weber) Date: Tue, 31 Dec 1996 09:30:18 -0800 (PST) Subject: Just another government fuckover: New crypto regulations Message-ID: From: Toto Why is it that governments always seem to be so self-congratulatory about allowing the citizens to be 'free' to do those things that the government 'allows' them to do? ..................................................... Not to start a thread specifically on government bashing, but Toto' statement is so on-target about the kind of attitude which emanates from what regulators say and do. It is their underlying assumption that only they have the moral discernment to determine the parameters of propriety; which makes them think that no 'underling' has the right of self-determination. It can be seen in statements they make such as as: "there are no provisions in Super Legislation Bill 200A.666.b.32xy.450z for individual exemptions from voluntary contribution". (well, excuse Me! ) So this means that an individual can feel "free" to act only when these people feel magnanimously generous enough to allow it. No reference to Reason or Logic in the way things work in Reality, only that an action is inhibited or allowed "because this piece of paper says so". Therefore from their perspective and their re-definition of "person", Human Motivation derives its validity solely from their "provisions" for it. All other determining factors are Prohibited by Law. How can you argue with that? .. Blanc > From dthorn at gte.net Tue Dec 31 09:31:59 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 31 Dec 1996 09:31:59 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: Message-ID: <32C94D58.3CBB@gte.net> Bill Frantz wrote: > The Christmas attack against this list shows the need to develop lists > which are resistant to attacks. If cyberspace is to become the town square > of the next century, we need to be able to discourage brown shirts attacks > on political gatherings. If lists are to be a major part of the political > life of the community, then they must be resistant to attacks from > knowledgeable, well financed attackers, not just the shits who were the > most recent perps. [snip] > All messages sent to the list must be encrypted with the list's public key. So in order to post here, I hafta install and run PGP? Well, people were looking for the perfect formula to deny service to guys like me, and guess what? You found it! I will *not* install and run PGP. From Ryan.Russell at sybase.com Tue Dec 31 09:33:40 1996 From: Ryan.Russell at sybase.com (Ryan Russell/SYBASE) Date: Tue, 31 Dec 1996 09:33:40 -0800 (PST) Subject: what is a law if it cant be enforced? Message-ID: <199612311732.JAA27497@notesgw2.sybase.com> As long as it can be selectivley enforced, that's all they need. Ryan ---------- Previous Message ---------- To: cypherpunks cc: From: mrwilhe @ odin.cmp.ilstu.edu @ smtp Date: 12/30/96 07:43:01 PM Subject: what is a law if it cant be enforced? can our gov possibly enforce this crypto law? --esp over the net? I think what happend is the dod released the net (arpanet/Internet) to the people without looking at the implications that could arise. The people now control the net and not the gov--and they don't like it! anyway our government is ruled by the people for the people--so we should not have any kind of special laws--ones that only apply to the net and not the rest of the world, after all we have a thing called free speech! fsh From jguarnie at ix7.ix.netcom.com Tue Dec 31 09:33:46 1996 From: jguarnie at ix7.ix.netcom.com (jguarnie at ix7.ix.netcom.com) Date: Tue, 31 Dec 1996 09:33:46 -0800 (PST) Subject: Thermojetic Herbal BreakThrough!!! Message-ID: <199612292025.MAA28652@dfw-ix11.ix.netcom.com> ******SORRY FOR THE INTRUSION THIS IS A ONE TIME MESSAGE***** ********YOU WILL NOT BE CONTACTED AGAIN******** !!!!!!!!!! THERMOJETICS HERBAL BREAKTHROUGH !!!!!!!!!! ** FINALLY AN ALL NATURAL DIET/NUTRITIONAL PROGRAM ** **100% GUARANTEED TO WORK ** A Major breakthrough was the discovery and the use of some very special herbs. "THERMOJETICS" Contains twenty-one different herbs from around the world including important chinese herbs and herbs from the Amazon Rain Forest. Each herb is specially chosen to work in harmony with the others to creat a powerful yet perfectly balanced product. Herbs are nature's nutritional bounty. They are rich sources of vitamins minerals,fiber, and related nutrients essential for good health... Yes Lose Up To 30 lbs In 30 days, 100% guarantee programs start at $29.95 plus Shipping & Handling {30 DAY SUPPLY APROX.} LOSE 2 to 6 POUNDS A WEEK!!!! The Herbalife program does not use Drugs, Medications, Hormones or other Synthetic agents to promote weight loss.{Non Addicting} INCREASE YOUR METABOLISM WHILE DECREASING YOUR APPETITE!!! Our program is nutritionally complete so individuals can loss weight safely and effectively, and just as important keep the weight off..../ "Liquid Protein" diets, which use nutritionally unbalanced protein-based drinks, or starvation diets, which reduce calories so low [less than 500 Calories daily] that people literally starve to lose weight,are both extremely unhealthy and have less than 20% long-term success. Save Money & Time While Dieting Why join other weight loss clubs,or expensive diet programs where they charge you each time you vist or a monthly fee "plus" the cost of their products,or use an inadequate store bought drink or other diet plan....OUR PROGRAM WORKS !!! 100% GUARANTEED. you have nothing to lose except those extra pounds....and you don't have to interrupt your busy lifestyle, no office or club meetings to attend no need to go to the store for more diet products {we ship directly to you, usually within 48hrs..} Programs are aproximately a thirty day supply of product.Usually the money you save on your grocery bill while dieting more than pays for the programs.... Over 16 Years Of Healthy, Fit & Content Customers... Dr.Recommended...Absolutely. Herbalife has a Medical and Sientific Advisory Board that tests and researches Herbalifes products and continually monitors reports of results sent by customers and distributors. In addition, many physicians and other health professionals in all parts of the world use Herbalife both in their personal lives and in their practices. WHAT IS HERBALIFE??? Herbalife is a scientifically formulated, herbal-based,calorie-reduced nutrition program. The Herbalife program has been used for weight control and health enhancement since 1980, by not hundreds but "literlly MILLIONS" of individuals around the world. WHO SENT YOU THIS MESSAGE:? We Are Janice And Anthony Guarnieri { NATURALLY YOU } and are Independent Distributors of the Herbalife Company Whose Products are only available soley through their independent distributors such as Ourselfs. We are actual Real Life People who have followed this program and proven it does work....WANT MORE INFORMATION ABOUT US,HERBALIFE,& THESE NUTRITIONAL/DIET PROGRAMS Check "NATURALLY YOU" Out On The Web: http://guarnieri.com/naturaly.htm There you can find out way more information then we can tell you in this letter, & Link to the "Herbalife Home Page" to find out more about Herbalife.and meet us personaly at our own Page if you like. *** NATURALLY YOU WEIGHT LOSS PROGRAMS *** #1 START NOW PROGRAM $29.95 plus S & H Comes with both the Green & Beige Thermojetics tablets. {21 natural herbs,three natural anti virals [natures infection fighters],contains "valerian root" a natural calmer. All natural tablets you take,twice daily usually at 10 am and 3 pm {three green & 1 beige tablets}they nourish your body's metabolism while supressing your appetite..gives a full feeling before finishing the meal helps produce a more desirable energy balance in the body so excess fat mat be reduced.} #2 FAST PROGRAM $49.90 plus S & H Comes with the Green & Beige Thermojetics tablets, and also Cell Activator capsules"THERMO BOOSTER" taken with the green & beige speeds up the process of Thermos by increasing the absorption rate. Cell Activator "reactivates"the process, making your nutrients much better utilized by your body.Helps your body absorb more from the foods you take in so you need less intake of foods to satisfy your body's nutritional needs....Add this to your program & watch how your results TAKE OFF!{usually take two cell activator capsules with the green & beige tablets} #3 FASTER PROGRAM $69.85 plus S & H Comes with the Green,& Beige Thermojetics tablets,The Cell Activator capsules & the Yellow Thermojetics tablets.... Keep the "THERMO" effect going for 24 hours! Made to take at night and before you goto bed. Lose weight while you sleep! Non-stimulating effect. From Citrin [Garcinia] and Chromium AN ESSENTIAL MINERAL THAT HELPS REGULATES BLOOD SUGAR. Some Herbologists claim it retards the ability of the hormon that allows us to store fat...{usually take 1 tablet in the evening, & 1 tablet before going to bed} #4 FASTEST PROGRAM $89.85 plus S & H Comes with the Green,Beige,& Yellow Thermojetics tablets,The Cell Activator capsules...& The FORMULA 1-MEAL REPLACEMENT SHAKE "New and Improved!"Tastes incredible! Our original weight-loss program, reformulated to contain Aminogen. Uses the same patented enzyme system. derived from plants to help breakdown and better assimilate protein, Very high in nutrients. Provides up to 1,500 calories worth of vitamins, minerals, proteins and carbohydrates, but does so in just 80 calories with less than one gram of fat! Also high in fiber and contains all essential aminio acids. HAS NO REFINED SUGAR. Available in Dutch Chocolate, Wild Berry, French Vanilla, and Tropical Fruit. ----------------------------------------------------------------- What you are actually doing with these programs is not only losing weight,but replacing your everyday processed,artificial,imitated, presevetived,foods available today, with all natural Herbal foods, proteins,vitamins,minerals,carbohydrates,& nutrients, Herbalife products are not intended to be a cure for disease,but when the body receives ALL nutrition in the CORRECT BALANCE at the celluar level,it is absolutely amazing what happens to all bodily functions! Naturally you 29850 Lorraine Warren, Michigan. 48093 810-751-2226 810-751-2226 fax --------------------------------------------------------------- We Are Independent Distributor For The Herbalife Company ---------------------------------------------------------------- ***Please Print This Form Out Before Entering Your Information*** Naturally You Ordering Form:>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Please Enter The Following Information: _____________________________ E-Mail Address /_____________________________/ ...So we can get back in touch with you. NAME:____________________________________________________________ ADDRESS__________________________________________________________ SPACE,APT# ADDRESS_______________________________________________ CITY, STATE,PROV. COUNTRY________________________________________ ZIP CODE:________________________ ------------------------------------------------------------------- PLEASE PUT A " X " IN THE BOX NEXT TO THE DIET PROGRAM YOU WISH TO ORDER: { all programs are a 30 day aprox. supply of product } START NOW PROGRAM $35.95___ QUANTITY___ FAST PROGRAM $55.90___ QUANTITY___ FASTER PROGRAM $75.85___ QUANTITY___ FASTEST PROGRAM $95.85___ QUANTITY___ [Formula 1-shake Flavor:] Dutch Chocolate____,French Vanilla____, [Choose one flavor]per program. Wild Berry____,Tropical Fruit____. { All Prices Include The Shipping & handling Fee } ----------------------------------------------------------------- *ALL PROGRAMS COME WITH:"The herbalife Good health Through Intelligent Nutrition Catalog"{contains information about all herbalifes products and how and why they help you}. *A Thermojetics Energy Guide *Recipes For The Meal Replacement Shakes *"Themo Tips"Instructions For Getting The Maximum Benefits Out Of These Programs. *Assorted Testimonials About Herbalife Products *A FREE GIFT!! ***100% MONEY BACK GUARANTEE!!!*** *Personal instructions about your individual program you have chosen. !!ATTENTION ORDER SOON SO YOU CAN RECEIVE AND FILL OUT THE HERBALIFE FREE HAWAII VACATION ENTRY FORM:{must be mailed back to us at Naturally You by January 7th to make the january 15th drawing date.} ------------------------------------------------------------------ PAYMENT METHOD:Please Indicate Which Method Of Payment You Wish To Use:{all orders shipped ground parcel post} [with the exception of out of U.S.A.orders:} place a " x " in the apropriat box. C.O.D. SHIPPED DIRECTLY TO YOU___ {we pay the c.o.d.charge you only pay the S&H fee} CHECK, OR MONEY ORDER U.S. FUNDS ONLY___ CHARGE CARD: VISA, MASTER CARD OR NOVUS/DISCOVER___ {Sorry we are "only" able to take charge orders live over the phone, for security reasons we only take charge card orders "live": Please E-Mail your Request & You Will Be Given A Phone # To Call Collect [no charge to you] To Charge Your Order} **INDIVIDUAL PRODUCTS ARE AVAILABLE ON REQUEST** Please send individual request to naturaly at guarnieri.com, or to our address below with method of payment..Thank You ---------------------------------------------------------------- Please Print Then Fill Out This Form & Send It To The Address Below With Your Order & Method Of Payment: TO: ORDERING DEPT. C/0 NATURALLY YOU 29850 LORRAINE BLVD WARREN, MI. 48093 Thank You And Happy Holidays, From all Of Us At Naturally You P.S It was brought to our attention that some customers wanted to Mix & Match their orders No Problem use our Reorder Form off the Web Page At {http://guarnieri.com/reorder.htm}or E-mail Your personal requsts...."We Aim To Please" Thank You.... {EXAMPLE: You Want The #1 program & The Meal Replacement Shake} --------------------------------------------------------------- E-Mail us at: naturallyyou at guarnieri.com To Return To Naturally You's Home Page http://guarnieri.com/naturaly.htm From sunder at brainlink.com Tue Dec 31 09:38:23 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Tue, 31 Dec 1996 09:38:23 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: Message-ID: On Tue, 31 Dec 1996, Sandy Sandfort wrote: > There is a simple solution to keeping anonymous posters anonymous > under this or any similar scheme. Volunteers could act as > "gateways" for anonymous posts. Self-selected list members could > announce that they would forward anonymous posts using one of > their own tokens for the purpose. (In the alternative, the > gateway volunteers could be given extra tokens solely for that > purpose.) > > The gateway volunteers would be a firewall against flames and > spam attacks, but would be a conduit for substantive anonymous > posts. If gateway volunteers allowed inappropriate flames and > spams through, they would have *their* tokens reduced. Only problem is that the Vulis^H^H^H^H^Hspammer could still mail flood the gateway dudes. The gateway dudes should be ready for such attacks and should be able to handle them. Such a flood could result in a denyal of post since if you flood someone with ten thousand random spams, then the posts worth delivering will get lost among those. So the gateway dudes should be competent enough to deal with this sort of thing. I wouldn't mind running such a gateway if it will fly and I have the time since I already provide this sort of filtering anyway. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From abostick at netcom.com Tue Dec 31 09:43:37 1996 From: abostick at netcom.com (Alan Bostick) Date: Tue, 31 Dec 1996 09:43:37 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: <199612310833.CAA03527@manifold.algebra.com> Message-ID: On Tue, 31 Dec 1996 ichudov at algebra.com wrote: > Send a number of unique tokens to each subscriber each day. Enforce a > rule that only posts with valid current tokens may be accepted. The > number of tokens should initially be very small (say, one per day) and > then should be quickly increased to a sufficient number, like 10 or 20, > as the subscriber shows a record of using tokens properly (as defined by > acceptable content rules). > > A database is kept as to who was issued which tokens. > > If tokens are used improperly (to post off-topic materials) the > offending subscriber is denied any further tokens. > > The problem of this scheme is (besides its cost) that anonymous users > will not be truly anonymous. This scheme wouldn't necessarily map True Names to tokens; merely list subscriptions. If an account at a nymserver were to subscribe, there would be no way to identify the account holder. The real problem is that there could be a lot of subscriptions from a site like nymserver.bwalk.com . . . . Alan Bostick | I'm not cheating; I'm *winning*! mailto:abostick at netcom.com | Emma Michael Notkin news:alt.grelb | http://www.alumni.caltech.edu/~abostick From dthorn at gte.net Tue Dec 31 09:46:33 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 31 Dec 1996 09:46:33 -0800 (PST) Subject: New crypto regulations In-Reply-To: <32cc13c3.83442324@kdn0.attnet.or.jp> Message-ID: <32C95126.1CA9@gte.net> Gemini Thunder wrote: > gt at kdn0.attnet.or.jp (Gemini Thunder) wrote: > >Has magnetic media never been tested in court for freedom of press > >applicability? What are the laws that outline the differences between > >magnetic media and printed media? Specifically, the one(s) that > >permit the non-protection of magnetic media?[snippo] > Also, what qualifies as "encryption" here? Basic implementation of > an algorithm? Full-blown programs? Hash functions? Steganography > (with/without additional encryption)? Data after a CTRL-Z? (Sorry, > couldn't help it) Actually, on MS-DOS computers (UNIX too?), the data following end-of- file is real enough, even when the file header *doesn't* recognize it. Paste a few of these together, and presto-stego, there you are. From dthorn at gte.net Tue Dec 31 09:56:42 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 31 Dec 1996 09:56:42 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: <199612310833.CAA03527@manifold.algebra.com> Message-ID: <32C95389.287B@gte.net> Igor Chudov @ home wrote: > Bill Frantz wrote: > > (3) In order to limit the number of posting tokens, the list server will > > only issue a few per day. The lucky few who get them, everyone who asks > > under normal circumstances, may be determined by an algorithm designed to > > limit token collection by future attackers. (This area is where this > > proposal needs work!)[snip] > Send a number of unique tokens to each subscriber each day. Enforce a > rule that only posts with valid current tokens may be accepted. The > number of tokens should initially be very small (say, one per day) and > then should be quickly increased to a sufficient number, like 10 or 20, > as the subscriber shows a record of using tokens properly (as defined by > acceptable content rules).[snip] Why not have any list deal with a heirarchy of security, so that: n-number of posters will use the highest level of security m-number will use a lower level of security k-number will send plain text Flags can be assigned for various purposes: What level of encoding I send my messages with What level I can receive Restrictions on delivery of my messages according to a table maintained by the list managers From sunder at brainlink.com Tue Dec 31 10:11:03 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Tue, 31 Dec 1996 10:11:03 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: <199612310833.CAA03527@manifold.algebra.com> Message-ID: On Tue, 31 Dec 1996 ichudov at algebra.com wrote: > The problem of this scheme is (besides its cost) that anonymous users > will not be truly anonymous. Not only that, but what's the stop the anon users from claiming to be OTHER anon users and requesting tokens. Say have one true user (Vulis) create 10 zillion tentacles and request 10 zillion tokens, one from each tentacle and then use them all to post spam? Human review of posts is likely the only way. Sure, some things can be filtered out, you can look for messages that are less than 1K in size and have the words "Timmy" "Mayonaise" "Maya" and various other derogatory terms nearby and reject them pronto, but that will only have Vulis change the spelling of those words slightly each day and have them show up on the list anyway. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From hal at htp.hpl.hp.com Tue Dec 31 10:11:15 1996 From: hal at htp.hpl.hp.com (Hal Abelson) Date: Tue, 31 Dec 1996 10:11:15 -0800 (PST) Subject: constitutionlity of mandatory GAK Message-ID: Given the current discussion of possibile GAK legislation, you may want to check out the session from last March's Computers, Freedom, and Privacy Conference on outlawing non-escrowed encryption. We invented a manadatory GAK law "Cryptography Control Act of 1995" and debated its constitutionality in a mock "Supreme Court" hearing before a panel of real fedreral judges. The briefs and the oral arguments (available on the Web in RealAudio format) are an excellent source on questions of whether mandatory GAK would be constitutional. The text of the web page is attached below. The actual page has links an extensive set of documents. By the way, watch for the announcement for CFP97, which will be held March 11-14 in Burlingame, CA. -- Hal Abelson ****************************** Text from the Web page: http://swissnet.ai.mit.edu/~switz/cfp96/plenary-court.html CFP96 Plenary Session Before the Court: Can the US Government Criminalize Unauthorized Encryption? Presented on Thursday, March 28, 1:30-3:30 PM * Report on the session from the CFP96 Newsletter * Recording of the oral arguments (in RealAudio format) Advocates for the Government: Mark Rasch Mark Jackowski Advocates for the Defense: Andrew Good Phil Dubois Federal Judges: Hon. Sandra Lynch Hon. Susan Bucklew Hon. William Castagna Hon. Nancy Gertner Hon. William C. Young Shadow Panel: Judith McMorrow Charles Nesson Maureen O'Rourke Majority Opinion: Michael Froomkin Dissenting Opinion: Christine Axsmith Bench memo: Alyssa Harvey Brief writers (appellant): Jeffrey Hermes Chris Kelly Brief writers (respondent): Bob Kluge Dan Zelenko Scott Faga Organizer: Andrew Grosso Looming over the controversies surrounding the Digital Telephony Legislation, the Clipper Chip proposal, and the criminal investigation of PGP, is the shadow of perhaps the most critical issue of them all: Will Americans be prohibited from ensuring the privacy of their communications, including preserving those communications against government intrusion? Will strong, non-escrowed encryption be outlawed, and those who use it subjected to criminal prosecution? CFP96, in co-sponsorship with the American Bar Association, Criminal Justice Section, presented a moot Court highlighting this question. The format was that of a Supreme Court argument, where former federal prosecutors argued against noted civil liberties lawyers before a panel of five federal judges. A second panel, comprised of regional law school professors, served as a shadow court and rendered a written judgment on the case. The issue being tested was whether an individual, who has successfully used outlawed encryption to hide his conversations while the target of a criminal investigation, can be prosecuted and convicted for use of unauthorized encryption under the (fictional) "Cryptography Control Act of 1995". The background for this session assumed that the defendant's conviction was upheld 2-1 in an appeals court decision, whose majority opinion and dissenting opinion set forth the central Constitutonal arguments for upholding, or overturning, the prohibition of unauthorized encryption. At the CFP session, the Court reviewed the decision and the shadow court overturned it, rendering a majority opinion and a concurring opinion. Documents available The appeals decision * Overview * Opinion for the Court filed by Circuit Judge Mitchell. * Concurring statement filed by Circuit Judge Froomkin. * Dissent filed by Circuit Judge Axsmith. The review before the Court * Brief for the Appellant * Brief for the Respondent * Bench memo * Recording of the oral arguments (in RealAudio format) * Majority Opinion by Justices McMorrow and O'Rourke * Concurring Opinion by Justice Nesson Session participants Arguing on behalf of the government were former federal prosecutor Mark Rasch, and Mark Jackowski, Assistant US Attorney from Tampa, Florida. Mr. Rasch is a former Trial Attorney with the Department of Justice Fraud Section, in Washington, D.C, where he prosecuted the Robert T. Morris case. Mr. Rasch (Mark_Rasch at cpqm.saic.com) is currently Legal Counsel for the S.A.I.C. Corporation, headquartered in Reston, Virginia, specializing in computer security matters. Mr. Jackowski became an AUSA in 1984, and concentrated in prosecuting very complex narcotic importation organizations. He tried the BCCI case, a six month trial which took place in Tampa in 1990. He also indicted Panama's General Noriega. He is currently with the Independent Counsel's Office investigating HUD Secretary Henry Cisneros. Representing the defendant were two prominent attorneys in the area of cyber liberties, Andrew Good (agood at world.std.com / (617) 523-5933) and Phil Dubois (dubois at dubois.com / (303) 444-3885). Andrew Good of Silverglate & Good specializes in criminal defense and civil liberties law. He is currently a member of the ABA Task Force on Technology and Law Enforcement, and was co-counsel for David LaMacchia and for Steve Jackson Games, Inc. Mr. Dubois is a solo practitioner in Denver Colorado; among his clients is Phil Zimmermann, author of PGP. The panel judging the arguments was comprised of federal appellate and district court judges: * The Honorable Sandra Lynch serves on the United States Court of Appeals for the First Circuit, and sits in Boston, Massachusetts. She was appointed to the bench by President Clinton. * The Honorable Susan Bucklew is a United States District Court Judge for the Middle District of Florida, sitting in Tampa. She was appointed to the bench in 1994 after having served a Circuit Court Judge for the State of Florida. * The Honorable William J. Castagna is a Senior District Court Judge U.S. District Court Judge for the Middle District of Florida, sitting in Tampa. He was appointed ot the bench in 1979. * The Honorable Nancy Gertner is a United States District Judge for the District of Massachusetts, in Boston, Massachusetts. She was appointed by President Clinton. * The Honorable William C. Younga is United States District Judge for the District of Massachusetts, in Boston, Massachusetts. He also serves as an adjunct professor at Harvard Law School. A second panel, made up of regional law school professors, served as a shadow court and rendered a judgment on the case. * Judith McMorrow (McMorrow at hermes.bc.edu) is Associate Professor of Law at Boston College. She has served as a law clerk for the former Chief Judge of the United States Supreme Court, Warren Burger. She earned her J.D. from the University of Notre Dame Law School, and has a B.A. from Kalamazoo University. * Maureen O'Rourke (MO1 at acs.bu.edu) is Associate Professor of Law at Boston University. She holds Bachelors' degree in accounting and computer science from Marist College, and a J.D. from Yale Law School. * Charles Nesson is Professor of Law at Harvard Law School. Contact: nesson at hulaw1.harvard.edu / 617 495-4609 * The shadow court rendered a Majority Opinion and a Concurring Opinion. Michael Froomkin (Appeals Court Majority Opinion) is an Associate Professor of Law at the University of Miami, in Florida, a position he has held since 1992. He has served as a law clerk for both the Hon. Steven F. Williams of the U.S. Court of Appeals for the D.C. Circuit, and Chief Judge John F. Grady, of the U.S. District Court for the Northern District of Illinois. He earned his law degree from Yale University, holds a M.Phil. degree from Cambridge University, and earned a B.A. from Yale with a double major of economics and history. Among his recent writings is, "The Metaphor is the Key: Cryptography, the Clipper Chip and the Constitution", which was published in 1995 in the University of Pennsylvania Law Review. Contact: Froomkin at law.miami.edu / (305) 284-4285 Christine Axsmith (Appeals Court Dissenting Opinion) is a Computer Security Consultant with the Orkand Corporation, in Washington, D.C., and is currently assigned to the Office of Consular Affairs of the United States State Department. She received her J.D. from Catholic University, and holds a B.S. Degree in Computer Science from Drexel University. Contact: axsmith at dockmaster.ncsc.mil Alysssa Harvey (Bench memo) is a student at Georgetown University Law School. Jeffrey Hermes and Chris Kelly (Brief for the Appellant) are students at Harvard Law School. The brief for the Government was prepared by Bob Kluge and Dan Zelenko (American Univeristy School of Law) and Scott Faga (George Mason University School of Law). Andrew Grosso (Organizer) is currently in private practice in Washington, D.C. From 1983 to 1994, he served as an Assistant U.S. Attorney in Tampa, Florida, and Boston, Massachusetts. He earned his J.D. from the University of Notre Dame Law School, and holds M.S. degrees from Rensselaer Polytechnic Institute in both physics and computer science. Contact: agrosso at acm.org / (202) 663-9041 From tcmay at got.net Tue Dec 31 10:24:50 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 31 Dec 1996 10:24:50 -0800 (PST) Subject: FinCEN, and WitSec are criminal agencies In-Reply-To: <9612311536.AA11070@cow.net> Message-ID: Thanks to the anonymous poster of this WSJ article, "Obscure Treasury Unit Helps DEA Uncover Scheme," I've added a name to the thread, which the remailed post did not have. At 10:36 AM -0500 12/31/96, Bovine Remailer wrote: >WSJ, December 30, 1996: Obscure Treasury Unit Helps DEA Uncover Scheme >The St. Louis case became a prime example of how Fincen, the nation's >smallest intelligence agency, brings the latest in high-tech firepower to >the never-ending battle against money-laundering schemes. The agency, >created in April 1990, uses a staff of 200 analysts and agents to offer state- >of-the-art computer tracking and analysis to state and federal agents and >prosecutors, giving them more time to work the cases from the street. FinCEN is a very intriguing agency, one which we've talked about several times on this list. (I first vaguely heard of it in 1990 or '91, but there was little press about it for a long time. An early issue of "Wired" carried a comprehensive article on it, sometime late in '93.) FinCEN is a multi-agency task force sort of thing, located in the Northern Virginia complex of surveillance agencies, credit reporting agencies (hardly a coincidence that TRW Credit, Transunion, and Equifax have major offices within a few miles of FinCEN, the National Reconnaissance Organization, CIA, etc.), etc. If you want to know who's likely to be pushing for limits on encryption of financial transactions, look no further than FinCEN. >Enter James Petrakis, a graying, 47-year-old Fincen investigator, who flew >out from Washington. Mr. Petrakis designed a computer program for the case >that could follow the money as it flowed through companies -- some phony, >some real -- and through people who transferred ownership of some 30 pieces >of local real estate that seemed to be involved. EPIC, the El Paso Information Center, was orginally focussed on DEA types of narco-surveillance, and developed several programs for sniffing the aether for evidence that citizen-units were engaging in trade which the CIA had granted itself a monopoly on. >Because the business also trafficked in guns, the Treasury Department's >Bureau of Alcohol, Tax and Firearms was working on the case, too. Robert >Nosbisch, the top bureau agent, agreed that tracking the money was going to >be key. "The objective in a case like this is to get anyone who has a >significant role into jail and take all of their assets," he says. > ^^^^^^^^^^^^^^^^^^^^^^^^ > > [What do you do when the highwaymen wear badges?] > Civil forfeiture is of course becoming a favored way of stealing assets without actually having to go to court. In many cases, charges are dropped, but the assets are not returned....the victim is forced to try to sue to get the assets back. This is the modern version of governments and kings issueing "letters of marque and reprisal," i.e., authorizing privateers to act as "pirates," keeping a cut of what they grab. (Sir Francis Drake being an historical example.) >There were other odd things. Although Mr. Jones was 43 (in 1995), his >credit records and other personal history only went back to 1985. Before >that, >he had no records. Mr. Jones's biggest drug moves usually happened on >government holidays, when the DEA and ATF staffs were slim. Mr. Moore had a >theory: Mr. Jones was probably a federal informant, a man who had worked with >federal agents in drug cases before. > > [More like a graduate of the Federal Witness Protection Program, I'd say. > Seems odd that they want to ID us down to the last gnat's eyebrow while > making up IDs for their buddies.] Indeed, this is likely. As with the guy who blew away his stock broker in 1987 in Florida...turned out he had been set up with a phony I.D. and falsified credit history (courtesy of Equifax, Transunion, TRW complicity, one has to presume) and given a million dollars of spending money. This is the "Witness Security Program," run by the U.S. Marshall's Service. Can a person sue WitSec, or TRW Credit, etc., for falsifying such records? (The credit reporting agencies immediately can spot the "ghosts" who suddenly pop into existence, as when WitSec clients and spies are given cover identities...this is a reason for the cozy relationship and the "classified" status of many credit agency projects. Think about it.) Someday the records of those 60,000 folks in the WitSec program will be "liberated" and placed anonymously on the Net for the perusal of their neighbors, their former Mafia families, and so on. I can't wait. Of course, about 15,000 of them will likely be killed in short order. I also can't wait for that. FinCen, WitSec, etc. are examples of fundamentally criminal agencies, and the bigwigs in each probably have already earned severe punishment when their misdeeds become more fully apparent. I don't advocate blowing up their buildings, a la OKC, but I certainly understand the sentiment. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ph at netcom.com Tue Dec 31 10:25:52 1996 From: ph at netcom.com (Peter Hendrickson) Date: Tue, 31 Dec 1996 10:25:52 -0800 (PST) Subject: Hardening lists against spam attacks Message-ID: At 10:58 PM 12/30/1996, Bill Frantz wrote: > The Christmas attack against this list shows the need to develop lists > which are resistant to attacks. If cyberspace is to become the town square > of the next century, we need to be able to discourage brown shirts attacks > on political gatherings. If lists are to be a major part of the political > life of the community, then they must be resistant to attacks from > knowledgeable, well financed attackers, not just the shits who were the > most recent perps. > [Fine posting token proposal deleted.] The easiest and fastest solution is to set up toad.com to charge a dollar per message. (Proceeds to be spent by John Gilmore as he sees fit.) We can then leverage off the existing e-cash infrastructure which already provides blinding software for free on all major platforms. What I like about this scheme is that well-financed attackers will be welcomed. A spam attack just means that John can buy more sushi! (I volunteer to modify majordomo to accept e-cash if there is enough interest in this proposal.) Peter Hendrickson ph at netcom.com From ph at netcom.com Tue Dec 31 10:26:06 1996 From: ph at netcom.com (Peter Hendrickson) Date: Tue, 31 Dec 1996 10:26:06 -0800 (PST) Subject: Hardening lists against spam attacks Message-ID: At 7:04 AM 12/31/1996, Sandy Sandfort wrote: > There is a simple solution to keeping anonymous posters anonymous > under this or any similar scheme. Volunteers could act as > "gateways" for anonymous posts. Self-selected list members could > announce that they would forward anonymous posts using one of > their own tokens for the purpose. (In the alternative, the > gateway volunteers could be given extra tokens solely for that > purpose.) Would this expose the posters to liability? Unlike an anonymous remailer, they are deciding what to post. In the case of software, criminal liability result. Peter Hendrickson ph at netcom.com From dlv at bwalk.dm.com Tue Dec 31 10:31:08 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 31 Dec 1996 10:31:08 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: <32C92E6B.F02@sk.sympatico.ca> Message-ID: Toto writes: > Igor Chudov @ home wrote: > > > If tokens are used improperly (to post off-topic materials) the > > offending subscriber is denied any further tokens. > > I'm sure that the NSA would be more than happy to take responsibility > for deciding which posts are off-topic. Cocksucker John Gilmore is an NSA shill who decides what's "off-topic" and unsubscrives whomever Arachelian at ASALA doesn't like. What an asshole. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Dec 31 10:31:29 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 31 Dec 1996 10:31:29 -0800 (PST) Subject: Just another government fuckover: New crypto regulations In-Reply-To: <32C92C74.7CC@sk.sympatico.ca> Message-ID: Toto writes: > I don't know if fuck at yourself.up had any problems as a result of his > escapade, but if he did, I would suspect there is a good chance that > they were caused by one of the more soft-spoken people on the forum. I doubt it. "Cypher punks" are 100% impotent. Did you hear the one about the woman who complained that her husband was 300% impotent? He used to be 100% impotent, then he broke his finger and bit his tongue. > I've bounced a lot of wild-frontier bars in my time, and it has > been my experience that it is a truism that, > "The quiet ones are the guys you don't want to mess with." Homos played an important role in Hitler's rise to power. Here too, the head cocksucker John Gilmore is pretty quiet - he just pulls the plugs while his brown shirts (Ray Arachelian &co) do all the yelling and screaming and lying. No wonder Armenians were Hitler's most eager supporters. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jbugden at smtplink.alis.ca Tue Dec 31 10:32:05 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Tue, 31 Dec 1996 10:32:05 -0800 (PST) Subject: Booms, busts and cranks Message-ID: <9611318520.AA852067912@smtplink.alis.ca> by Terence Corcoran "ONCE again the holidays and other sources of good cheer, including a growing economy and rising stock markets, have been wrecked by the annual Maclean's/CBC News poll. In this annual national survey, the majority of Canadians express generally sensible views on most issues--less government isn't so bad, a bigger role for the private sector is good, debt reduction hasn't gone far enough, private health care is acceptable, as are multiracial immigration ... ... "An accompanying Maclean's story on the looming expansion of the private sector is mostly an anti-business report that chastises companies for layoffs and mean-spirited bottom-line thinking. The problem, it claims, is the failure to hold companies responsible for anything other than maximizing shareholder value, a popular theme among statists who have run out of state. http://web.theglobeandmail.com/web/cgi-bin/ DisplayPage?SITE=web&KEY=961231.ROBColumn.RCORC From dlv at bwalk.dm.com Tue Dec 31 10:32:55 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 31 Dec 1996 10:32:55 -0800 (PST) Subject: If He Doesn't Like Me In-Reply-To: <32C92F84.1E32@sk.sympatico.ca> Message-ID: <219sZD42w165w@bwalk.dm.com> Toto writes: > Timothy C. May wrote: > > > > Your message is the equivalent of that brain-damaged ebonite's "Why can't > > we all just get along?" > > Tim, > Have you 'coined a phrase' here? > Perhaps future generations, reading of the exploits of the 'Ebonites', > will recognize your contribution to the language. Have you seen _Mars Attacks_ where Jack Nicholson, playing the president, says just that? have you noticed that a lot of recent popular movies either portray the U.S.G. as a bunch of crooks and criminals, or make fun of killing them all (e.g. Mars Attacks). This would have been unthinkable 20 years ago. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Dec 31 10:34:38 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 31 Dec 1996 10:34:38 -0800 (PST) Subject: Responsibility In-Reply-To: <199612310350.TAA29631@netcom7.netcom.com> Message-ID: mpd at netcom.com (Mike Duvos) writes: > Dr. Vulis, KOTM, writes: > > > Is Brent as goofy as the ASALA terrorist (about to be fired by Earthweb > > for net-abuse), or even goofier? > > Kibo-izing the news spool again Dr. Vulis? I'm not as good as my friend Serdar Argic, but I'm getting better. FUCK THE ARMENIANS. P.S. I've been talking to a rich friend of mine who contributes a lot of money to the Museum of Natural History, a major client of Earthweb, about Ray Arachelian's libel and net-abuse. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From snow at smoke.suba.com Tue Dec 31 10:44:19 1996 From: snow at smoke.suba.com (snow) Date: Tue, 31 Dec 1996 10:44:19 -0800 (PST) Subject: Internal Passports In-Reply-To: Message-ID: <199612311859.MAA01032@smoke.suba.com> Mr. May wrote: > My SS card, issued in 1969 (and which I still have, surprisingly enough), > says this. Someone said recently here on the list that this line was > dropped in more recent years. I had to have mine replaced recently, and that line is no longer _anywhere_ on the card. Did they change the laws regarding the use of your SSN as ID, or are most people just ignoring it? Petro, Christopher C. petro at suba.com snow at smoke.suba.com From snow at smoke.suba.com Tue Dec 31 10:45:55 1996 From: snow at smoke.suba.com (snow) Date: Tue, 31 Dec 1996 10:45:55 -0800 (PST) Subject: Internal Passports In-Reply-To: Message-ID: <199612311900.NAA01050@smoke.suba.com> Mr. Hettinga wrote: > At 6:20 pm -0500 12/29/96, Timothy C. May wrote: > >What I think this means is a move toward a national ID card, replacing the > >confusing (to airlines, to government agents, etc.) mishmash of state > >driver's licenses, student ID cards, etc. > > "I've found that they issue a national ID card, it's time to leave..." > Lazarus Long, "Time Enough For Love", by Robert A. Heinlein > Yeah, but where are we going to go? Petro, Christopher C. petro at suba.com snow at smoke.suba.com From tcmay at got.net Tue Dec 31 10:47:04 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 31 Dec 1996 10:47:04 -0800 (PST) Subject: Extremism in the defense of liberty is no vice In-Reply-To: <9612302254.AA00731@cow.net> Message-ID: At 5:54 PM -0500 12/30/96, Bovine Remailer (Red Rackham, apparently) wrote: >At 5:15 PM 12/29/1996, Timothy C. May wrote: >>It may be time for us to go underground. It may be time to take much, much, >>much, much more extreme steps. This fascism is unacceptable. > >While Tim May has had many many great ideas, this is not one of them. > >To paraphrase Joseph Stalin: Tim, how many divisions do you have? I'd say remailers have been a pretty powerful weapon in our arsenal, as have been offshore sites, the "anarchy" of the Net in general, and, of course, PGP and other such programs. The government clearly views strong cryptography as a weapon, as a munition. More on this later. >The cypherpunks have virtually no force at all. If the battle is >moved to that arena, the cypherpunks (and everybody else) lose big >time. If the cypherpunks manage to pull off some sort of "extreme >step", those who aren't shot while resisting arrest will go to prison. >Worst of all, most people will applaud the action. "Extreme steps" >legitimize the radical proposals of the Clipper crowd. I gave up on trying to "appear reasonable" long ago. Take it or leave it. "Extreme step" doesn't mean doing anything that is traceable to a particular person, and certainly doesn't mean doing militia-type things to physical buildings or the criminals who work in them. Rather, pushing for things like violating the ITARs, which we do. (Bill Frantz noted, tongue in cheek I think, that Cypherpunks do not adovacate breaking such laws. Well, this is of course absurd. Our whole focus on steganography, on remailers, on carrying CD-ROMs out of the country, etc., is basically advocating various circumventions of USG laws.) Gilmore's SWAN (getting machine-to-machine links widely encrypted) is another "extreme step." As to our "reasonableness," I make little effort to hide the fact that I support strong cryptography because it means that the plague of democracy and "mob rule" can be turned back...I view crypto anarchy as an elitist development, one which the ubermensch will appreciate, but the masses will recoil in horror from. Fuck the herd. >The right approach is to continually reiterate that the cypherpunks >are mainstream and fairly conservative. Many of us like the "bad boy" >image, but most of what has been proposed is very solidly rooted in >American traditions. But most of the active voices here are simply *not* "mainstream" and "conservative" (except in some senses). >If the ITAR regulations can be amended to make discussions on this >list a "conspiracy", then they are very likely unconstitutional. >Article I, Section I, "All legislative powers herein granted shall be >vested in a congress of the United States..." Careful, Red! Would it make you happier with the ITARs if Congress passes a law enacting the regs? It won't make me any happier. >We should not underestimate the broad public support for private >communications which exists in the United States. Even people who are >unfamiliar with the issue are shocked when they learn that the U.S. >government is trying to gain access to all communications. I agree. But there are plenty of forums (fora) for "reasonableness" (some would say namby-pambyness). EFF is one such "reasonable" forum. Our focus is more radical. We are effectively a cyber-militia, fulfilling Jefferson's recommendation that a revolution happen every 20 years. (Funny, there hasn't been one in more than 200 years. Jefferson would likely be shocked. And the Founders who revolted over comparatively miniscule tax rates imposed by the King, would surely be stunned by the 50% or more in taxes paid by many or even most taxpayers. And the laws of all sorts.) >The only people who want GAK are in the government. There is no >constituency in the population which wants it, and quite a few that do >not. The more publicly the issue is discussed and the more actively >we scrutinize the lies and deceptions of the U.S. government, the >more successful we will be. >Red Rackham I'll continue to be radical in my views. Nothing wrong with extremism in the defense of liberty, as some wise men said. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From rcgraves at disposable.com Tue Dec 31 10:49:19 1996 From: rcgraves at disposable.com (Rich Graves) Date: Tue, 31 Dec 1996 10:49:19 -0800 (PST) Subject: premail. In-Reply-To: <199612310718.BAA02863@manifold.algebra.com> Message-ID: <32C95FC7.2461@disposable.com> Igor Chudov @ home wrote: [Anonymous's remailer key spoofing attack] > A good scenario. A truly paranoid premail users should verify who > signed the remailer keys. Unfortunately, in far too many cases, the answer has been "nobody." This is something I've whined about before. -rich From tcmay at got.net Tue Dec 31 11:01:08 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 31 Dec 1996 11:01:08 -0800 (PST) Subject: Internal Passports In-Reply-To: Message-ID: At 12:59 PM -0600 12/31/96, snow wrote: >Mr. May wrote: >> My SS card, issued in 1969 (and which I still have, surprisingly enough), >> says this. Someone said recently here on the list that this line was >> dropped in more recent years. > > I had to have mine replaced recently, and that line is no longer >_anywhere_ on the card. > > Did they change the laws regarding the use of your SSN as ID, or >are most people just ignoring it? > At the bottom of my SS card are these exact words: "FOR SOCIAL SECURITY AND TAX PURPOSES--NOT FOR IDENTIFICATION" When I had to renew my California Driver's License, I was asked for my SS number...a new requirement. I pointed out that the SS number is not for identification. The clerk gave me a blank look and said I would not get a driver's license without an SS number. I gave in, preferring to fight other battles. (And I would surely lose this battle, probably even if I spend tons of money on mounting a legal challenge.) There have been several reports cited here recently about changes in the SS laws to make the SS number more of an ID number. (It already is, of course, for taxes, for employers, for credit, for driver's licenses, for student ID, etc.) And concerns about "identity theft" when such a simple thing as an SS number is the key to so many records, rights, etc. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From iang at cs.berkeley.edu Tue Dec 31 11:05:28 1996 From: iang at cs.berkeley.edu (Ian Goldberg) Date: Tue, 31 Dec 1996 11:05:28 -0800 (PST) Subject: Unix Passwd In-Reply-To: <199612261556.HAA05096@slack.lne.com> Message-ID: <5abo51$d9v@abraham.cs.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- In article , Laszlo Vecsey wrote: >From Applied Cryptography (2nd edition) I got the impression that it has >been cracked. Do a netsearch for "Crypt Breakers Workbench", its a >freeware program that attempts to do just that. Please note the difference between crypt(3), the C library call used to hash passwords, and crypt(1), the user program that encrypts files. The former is based on DES, and has not been broken (unless someone from the NSA wants to speak up now). The latter is based on the Enigma machine, and is the one that "Crypt Breakers Workbench" attacks. - Ian -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMslj2kZRiTErSPb1AQGLyQQAqzq6bWByz48dJq+hnJs+jLCqJQ+1hfI6 zZgURqMYvpFwSq4eIiHr1ukNAKP7Vrr0eHSAFalkPDn1Ii/YueY/SRRE+8oFXIho C+bJVnXpOBpjitHYpskSuGY4F5FmJrzn8U8vmlhes6viqNq00OmQANoJ0Gr+OUY4 VSHcKXwYMT4= =Anex -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Tue Dec 31 11:22:08 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 31 Dec 1996 11:22:08 -0800 (PST) Subject: Just another government fuckover: New crypto regulations In-Reply-To: <199612310700.XAA06518@infowest.com> Message-ID: "Attila T. Hun" writes: > ::Yes, but the impotent "cypher punks" can't write or distribute code. > ::They can only flame and rant and pull plugs. > > Ah, dimitri, my quasi-friend, my quasi-enemy, that is the Here you mindlessly repeat Ray Arachelian's lies. Have you no mind of your own? Why am I your "enemy"? Why do you think you're important enough for me to give a fuck? > question, is it not? Can cypherpunks write code? Some like to > argue, and still can and do write code. Others only pontificate; > and others lurk for the false rush of the ephemeral or fantastical > power. "Cypher punks" write stupid racist flames and postmaster complaints, not code. > dimitri, you've never been a lurker in your life; then why do > you participate in cypherpunks if they are, to a [wo]man, nothing > but wankers? (I guess that works for the gentle sex, too. no? ). > > Ah, dimitri, you're secret is out. you are here to harangue! I am not "here" - I've been unsubscribed by the head censor, cocksucker John Gilmore at the request of Ray Arachelian and Timmy May. They're "here" to harrass and to flame and they don't want followups from the victims of their harrassment. > ::> if you do not have the balls to do it, you are not for freedom. > > ::If you are a "cypher punk", you are not for freedom. > > No, no, no, dimitri. Cypherpunks are absolute in their demands > for freedom. Most are making the choice to demand freedom while Freedom for whom, or from whom? I have no great despect for Abraham "I freed who?" Lincoln, but I like the quote from him: "Those who deny freedom to others deserve it not for themselves." > they play in the band and the Titanic sinks. Shall their last song > be "God Bless America" or "Nearer my Lord to Thee" --it's all the Some folks on this mailing list remind me of hardcore communists that believe that orthodix marxism works, and everyone who tried and failed to implement it, was perverting marx's ideas. U.S.constitution was an instrument of class warfare. > same is it not? They, and the rest of the complacent Americans, > will go down with the ship (as will the fighters without support). > > Talk is cheap, dimitri. Let's see a little action. Yes, let's see some more "dissidents" unsubscribed! Let's see some more mailbombs and postmaster complaints! Let's see punitive action in response to speech! That's all "cypher punks" are good for. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From aba at dcs.ex.ac.uk Tue Dec 31 11:24:04 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Tue, 31 Dec 1996 11:24:04 -0800 (PST) Subject: "Structuring" of Communications a Felony? In-Reply-To: <32C7EE6C.72D1@gte.net> Message-ID: <199612261239.MAA00376@server.test.net> > So how would the courts prosecute if me and (n) number of other > persons distribute separate pieces of a "binary", i.e., encrypted or > otherwise? You could always try it out, and find out :-) Take a look at: http://www.dcs.ex.ac.uk/~aba/export/ several people have used this .sig in the past. (Returns you the next 3 lines of uuencoded PGP.EXE, sample below). Perhaps future structuring of information regs will add new meaning to this. Adam -- A protest of the unconsitutional ITAR, a chunk of PGP.EXE: ------------------- PGP.ZIP part [001/713] ------------------ M4$L#!!0````(`">9ZQX3(*,_DG8!`-JF`P`'````4$=0+D581>S;=UQ3U__X M\9M!$E8,TT at PJ$10$1=*41%WW`KX$=Q[M5KK`&R%(HH+(T.M"S>NME8K=31N M:A$[K+5(K:O5BE405ZE:1"3?UTW`:K_]\/G\?O_^?CX>3^_-S;GGO,^\`^@W ------------------------------------------------------------- for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/ From sandfort at crl.com Tue Dec 31 11:31:08 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 31 Dec 1996 11:31:08 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Tue, 31 Dec 1996, Peter Hendrickson wrote: > At 7:04 AM 12/31/1996, Sandy Sandfort wrote: > > There is a simple solution to keeping anonymous posters anonymous > > under this or any similar scheme. Volunteers could act as > > "gateways" for anonymous posts. Self-selected list members could > > announce that they would forward anonymous posts using one of > > their own tokens for the purpose. (In the alternative, the > > gateway volunteers could be given extra tokens solely for that > > purpose.) > > Would this expose the posters to liability? Unlike an anonymous > remailer, they are deciding what to post. Probably yes. This is where the gateway volunteer's discretion would come into play. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From shamrock at netcom.com Tue Dec 31 11:46:45 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 31 Dec 1996 11:46:45 -0800 (PST) Subject: Hardening lists against spam attacks Message-ID: <3.0.32.19961231114736.006bd3a0@netcom13.netcom.com> At 10:25 AM 12/31/96 -0800, Peter Hendrickson wrote: >The easiest and fastest solution is to set up toad.com to charge a >dollar per message. (Proceeds to be spent by John Gilmore as he >sees fit.) > >We can then leverage off the existing e-cash infrastructure which >already provides blinding software for free on all major platforms. I am not sure that this proposal would work. Some of the spammers on this list are rather dedicated. They might gladly pay a dollar per message. -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://www.mersenne.org/prime.htm From nobody at zifi.genetics.utah.edu Tue Dec 31 11:49:43 1996 From: nobody at zifi.genetics.utah.edu (Anonymous) Date: Tue, 31 Dec 1996 11:49:43 -0800 (PST) Subject: [IMPORTANT] ElGamal Message-ID: <199612311949.MAA06907@zifi.genetics.utah.edu> Tim Mayonnaise's abysmal grammar, atrocious spelling and feeble responses clearly identify him as a product of the American education system. \0/ \0/\ \ / / \0/ \0/ \0/\ \ / /\0/ \0/ Tim Mayonnaise | / /) | (\ | | / /) | (\ \ | / \__/\__/0\__/0\__/0\__/ \__/ \__/\__/0\__/0\__/0\__/\__/ \ From dlv at bwalk.dm.com Tue Dec 31 12:22:44 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 31 Dec 1996 12:22:44 -0800 (PST) Subject: Iranian clergic attacks Internet as 'poison' to the m... In-Reply-To: <9611318520.AA852059472@smtplink.alis.ca> Message-ID: jbugden at smtplink.alis.ca writes: > Subject: RE: Iranian clergic attacks Internet as 'poison' to the masses ( > > vipul at pobox.com wrote: > >*** Iranian clergic attacks Internet as 'poison' to the masses > > >A senior Iranian cleric called Friday for restricting Internet access > >because the global computer network fed "poison" to the masses. > > I have seen this article elsewhere, and the sentiment is not as nefarious a= > s it > sounds. You may know that many Arabic and Persian countries have a heavy > exposure to French. In this case, the confusion arises due to the similarity > between the English "poison" and the French "poisson" which means fish. > > Restated, the problem is that the Internet is feeding "fish" to the masses = > in > the form of information, hence the masses are not feeding themselves. > > A similar English adage is: Give a man a fish and he'll eat for a day. Teac= > h a > man to fish and he'll eat for the rest of his life. > > As the mullah implies, we need to help people to increase their critical > thinking skills, rather than passively accept what others tell them via the > Internet. > > Start now. > > James > Fish is good for the brain. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From hal at rain.org Tue Dec 31 12:34:27 1996 From: hal at rain.org (Hal Finney) Date: Tue, 31 Dec 1996 12:34:27 -0800 (PST) Subject: Hardening lists against spam attacks Message-ID: <199612312032.MAA04214@crypt.hfinney.com> From: "Mark M." > On Tue, 31 Dec 1996, Igor Chudov @ home wrote: > > > Send a number of unique tokens to each subscriber each day. > [...] > > If tokens are used improperly (to post off-topic materials) the > > offending subscriber is denied any further tokens. > > > > The problem of this scheme is (besides its cost) that anonymous users > > will not be truly anonymous. > > I think this problem can be solved by blind signing the tokens. A user > generates a random number, multiplies it by the blinding factor, then sending > it to a token server which would append a timestamp and sign the blinded > token. All signature requests should be signed with a PGP key. The server > response would be encrypted with the user's public key. A person's PGP key > would be sent along with the subscription request and then saved by the list > software. This is an interesting idea, however it will be possible for someone with a respectable public persona to continue getting tokens indefinately for posting abusive anonymous messages. There is no way to link the anonymous tokens with the ones which were issued to good subscribers. An alternative is to give each subscriber only a small, fixed number of blinded tokens which he will use for the lifetime of his subscription to the list. When someone posts anonymously, they use up one of their tokens. Then, if the message was not abusive, a new blinded token is created, encrypted with the public key of the good-guy anonymous poster, and broadcast to subscribers. This way good anonymous posters will get to keep posting, while abusive ones will shortly run out of anonymous posting tokens. The big problem with schemes like this is the difficulty of defining "good" posts in an acceptable way. Some list members are hard-line freedom-of-speechers and don't want to see any limitations on list postings. Others would probably classify 80% of the messages on the list at times as grounds for termination of posting privileges. Everyone will have their own thresholds. There is also the administrative problem of who will judge the posts. This could take a large commitment of time. I'm sure many of us have gotten behind in our list reading from time to time and it can be intimidating to return from a trip to find hundreds of messages waiting. Imagine how it would be if you were supposed to be reading them and looking for bad messages. We might also want to consider the paradoxical possibility that if we remove the junk, the list will die! At least now we are constantly reminded that the cypherpunks list exists. Other lists like the cryptography and coderpunks can sometimes go for quite a while without any posts at all. On CP you have the sense of a dynamic community where you can hope for a response to your posts, more so than on a list which is silent for days at a time. Hal From moma at nym.alias.net Tue Dec 31 12:50:05 1996 From: moma at nym.alias.net (Big Moma) Date: Tue, 31 Dec 1996 12:50:05 -0800 (PST) Subject: premail. In-Reply-To: <199612310718.BAA02863@manifold.algebra.com> Message-ID: <19961231204939.16032.qmail@anon.lcs.mit.edu> ichudov at algebra.com (Igor Chudov @ home) wrote: > Anonymous wrote: > > > > A scenario: > > > > 1) The spooks put a bug (named Eve) on the link between > > kiwi.cs.berkeley.edu and the Internet. > > ...... > > A good scenario. A truly paranoid premail users should verify who signed > the remailer keys. If you trust the signators and they signed the keys, > you are "safe". Just do pgp -kvv some at remailer.com and see what comes up. > > Maybe remailer operators should asks someone reputable to sign their > remailers' keys so that the users can easily verify the signatures. Yes, that is one part of it. Another part is that Raph should include a public PGP key in the premail program and then sign both the remailer-list and the pubring at kiwi.cs.berkeley.edu with it. The public key included in premail should be 1) Used to sign the premail distribution itself. 2) Emailed to various mailing lists such as cypherpunks and also mirrored at various internet sites, so it cannot be spoofed by spooks. From zachb at netcom.com Tue Dec 31 13:02:16 1996 From: zachb at netcom.com (Z.B.) Date: Tue, 31 Dec 1996 13:02:16 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: <32C94D58.3CBB@gte.net> Message-ID: On Tue, 31 Dec 1996, Dale Thorn wrote: > Bill Frantz wrote: > > The Christmas attack against this list shows the need to develop lists > > which are resistant to attacks. If cyberspace is to become the town square > > of the next century, we need to be able to discourage brown shirts attacks > > on political gatherings. If lists are to be a major part of the political > > life of the community, then they must be resistant to attacks from > > knowledgeable, well financed attackers, not just the shits who were the > > most recent perps. > > [snip] > > > All messages sent to the list must be encrypted with the list's public key. > > So in order to post here, I hafta install and run PGP? Well, people > were looking for the perfect formula to deny service to guys like me, > and guess what? You found it! I will *not* install and run PGP. > I agree with Dale here...requiring PGP in order to post would probably deter low-level, idiot spammers, but it would also keep those people off the list who, for one reason or another, don't like/want/use PGP. Also, what about people who post to and read the list from someplace other than their home computer, like school or work? I have access to this account from my college, but I'm sure not going to leave my keys lying around my account just so I can post to a mailing list. Zach Babayco zachb at netcom.com <-------finger for PGP public key If you need to know how to set up a mail filter or defend against emailbombs, send me a message with the words "get helpfile" (without the " marks) in the SUBJECT: header, *NOT THE BODY OF THE MESSAGE!* I have several useful FAQs and documents available. From ph at netcom.com Tue Dec 31 13:04:55 1996 From: ph at netcom.com (Peter Hendrickson) Date: Tue, 31 Dec 1996 13:04:55 -0800 (PST) Subject: Hardening lists against spam attacks Message-ID: At 11:47 AM 12/31/1996, Lucky Green wrote: >At 10:25 AM 12/31/96 -0800, Peter Hendrickson wrote: >> The easiest and fastest solution is to set up toad.com to charge a >> dollar per message. (Proceeds to be spent by John Gilmore as he >> sees fit.) >> We can then leverage off the existing e-cash infrastructure which >> already provides blinding software for free on all major platforms. > I am not sure that this proposal would work. Some of the spammers on this > list are rather dedicated. They might gladly pay a dollar per message. Let's try it and see how it goes. If it doesn't work, we can try a more complicated scheme. (I volunteer to modify Majordomo to make this happen. We could have this feature in the near future.) I think we should understand that two features are being discussed. One is protecting the list from spam attacks. By this I mean attacks where somebody sends very large numbers of messages to the list and brings the mail server to its knees. Charging a dollar a message solves this problem - just buy more hardware with the proceeds. If The Enemy wishes to finance the cypherpunks list - more power to him. The other feature is filtering. I do not need anybody to filter my mail. I am quite capable of doing it myself, thank you. If somebody wants to set up a tokened filter scheme, that is great, but let's see it implemented as an added header to the cypherpunks messages. Then people can filter on it if they want, but it should be their choice. Anybody who cannot set up such a filter, or find somebody who can set up such a filter for them, or cannot find somebody who will forward only filtered messages to them, is too helpless to be a cypherpunk. I have seen a lot of complaints about "too much noise". That is not a problem. The problem is too little signal. I can extract the signal - unless it isn't there. I propose that we spend the money on food for the monthly meeting. Peter Hendrickson ph at netcom.com From sunder at brainlink.com Tue Dec 31 13:05:10 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Tue, 31 Dec 1996 13:05:10 -0800 (PST) Subject: Responsibility In-Reply-To: Message-ID: On Tue, 31 Dec 1996, Dr.Dimitri Vulis KOTM wrote: > I'm not as good as my friend Serdar Argic, but I'm getting better. > > FUCK THE ARMENIANS. > > P.S. I've been talking to a rich friend of mine who contributes a lot of > money to the Museum of Natural History, a major client of Earthweb, about > Ray Arachelian's libel and net-abuse. OOh, maybe I should forward all your posts to your rich friend of yours just so this rich friend of yours who contributes to the Museum of Natural History will see what a racist and homophobe you truly are. As for your "Fuck the Armenians" comment, that speaks for itself, I needn't comment on it. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder at sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com ========================= From iang at cs.berkeley.edu Tue Dec 31 13:05:32 1996 From: iang at cs.berkeley.edu (Ian Goldberg) Date: Tue, 31 Dec 1996 13:05:32 -0800 (PST) Subject: New crypto regs outlaw financing non-US development In-Reply-To: <3.0.32.19961228225731.006b3080@netcom13.netcom.com> Message-ID: <5abv68$e12@abraham.cs.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- In article <3.0.32.19961228225731.006b3080 at netcom13.netcom.com>, Lucky Green wrote: >First the good news: the export controls mentioned in the draft of the regs >on any kind of data security software, regardless if it uses crypto or not >did not carry into the final version. But it _specifically_ restricts virus-checkers (and, also, it would seem, backup programs, but that could be stretching it): ECCN 5D002.c.3: # ``Software'' designed or modified to protect against malicious # computer damage, e.g., viruses - Ian "_not_ a U.S. Person" -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMsl//0ZRiTErSPb1AQH3UgP/a9usiLoJbIpn1XNzSvqDftGPxeuoHO00 WRlaYxm4xIsADedp8xheTQB+cl0gjb10HLwBJ5FUGdbzZkGTEbsW9RQe7OX2t4vB /6t75K+N6le7A/uJN0oNkmNz+5v5JaaDcsmjOHADzHsGEUFkN3JhRa7YUz83PVOk zAAyHoSECNs= =aLLo -----END PGP SIGNATURE----- From adam at homeport.org Tue Dec 31 13:23:23 1996 From: adam at homeport.org (Adam Shostack) Date: Tue, 31 Dec 1996 13:23:23 -0800 (PST) Subject: Zippy, anonymously Message-ID: <199612312119.QAA09894@homeport.org> http://www.metahtml.com/apps/zippy/welcome.mhtml Let Zippy provide you with web service. Chaining through the anonymizer works, too. :) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From dlv at bwalk.dm.com Tue Dec 31 13:53:26 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 31 Dec 1996 13:53:26 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: Message-ID: Alan Bostick writes: > On Tue, 31 Dec 1996 ichudov at algebra.com wrote: > > > Send a number of unique tokens to each subscriber each day. Enforce a > > rule that only posts with valid current tokens may be accepted. The > > number of tokens should initially be very small (say, one per day) and > > then should be quickly increased to a sufficient number, like 10 or 20, > > as the subscriber shows a record of using tokens properly (as defined by > > acceptable content rules). > > > > A database is kept as to who was issued which tokens. > > > > If tokens are used improperly (to post off-topic materials) the > > offending subscriber is denied any further tokens. > > > > The problem of this scheme is (besides its cost) that anonymous users > > will not be truly anonymous. > > This scheme wouldn't necessarily map True Names to tokens; merely > list subscriptions. If an account at a nymserver were to subscribe, > there would be no way to identify the account holder. > > The real problem is that there could be a lot of subscriptions > from a site like nymserver.bwalk.com . . . . Dr. Grubor has proposed that homosexuals be required to identify themselves in e-mail headers. What about banning people who identify themselves as homosexuals (or fraudulently fail to identify themselves)? By the way, how come it's mostly homos like Bostick who contribute to censorship threads? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tcmay at got.net Tue Dec 31 13:59:17 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 31 Dec 1996 13:59:17 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: <3.0.32.19961231114736.006bd3a0@netcom13.netcom.com> Message-ID: At 11:47 AM -0800 12/31/96, Lucky Green wrote: >At 10:25 AM 12/31/96 -0800, Peter Hendrickson wrote: >>The easiest and fastest solution is to set up toad.com to charge a >>dollar per message. (Proceeds to be spent by John Gilmore as he >>sees fit.) >> >>We can then leverage off the existing e-cash infrastructure which >>already provides blinding software for free on all major platforms. > >I am not sure that this proposal would work. Some of the spammers on this >list are rather dedicated. They might gladly pay a dollar per message. I'm a skeptic in general, and am particularly skeptical of schemes to charge money, to meter usage, to distribute "posting tokens," and so forth. Dedicated posters--and I will not make an artificial distinction between cross-posters, insulters, essay writers, and "me-too"ers--will of course pay the $1 to post a message. (For example, the "save big money now!" spammers would probably willingly pay $1 to "reach" 1000 subscribers.) On the other hand, students and misers will probably just drop off the list completely. Is this a good outcome? I'm not against _market_ solutions, but such artificially-imposed solutions as mandating a fee, or token, usually result in distorted markets. (Needless to say, if John Gilmore _chooses_ to impose a posting fee, this is his right. Caveat poster.) And why, exactly, is a _posting_ fee a good idea? When I write an essay, either a short comment like this one or one of my much longer essays on some topic, I am contributing my _time_....in fact, I should be _charging_ money, not _paying_ money! (I'm joking, of course, as the infrastructure and habit is lacking...people simply will not set up digital cash systems to pay, say, 10 cents for an article...this has been proven time and time again. Whether it changes over time is unknown, but for now it's a moribund idea.) And there do exist market-based solutions, at least to the S/N problem: the various filtered lists, notably that of Eric Blossom, Ray Arachelian, and maybe others. And anybody is free to establish their own such list. Those who want their list delivered in encrypted form (for whatever strange reason) can contract for such a server....I think this even existed for a brief time. Ditto for anyone who wants _only_ the dandruff-covered missives from Vulis. And so forth. The temptation to try to think out solutions to spam problems is strong...I watched (and participated in) discussions of this consume the Extropians list for several months...ratings systems for posters, a fee to join the list, tribunals for politeness offenders, and other "private justice" systems. Not a bad idea to discuss such things, but I concluded that most of the efforts were either futile or counterproductive. I know others disagree, and they can speak up. (I haven't been on the Extropians list since early '94, and I don't see much traffic copying that list, or referring to that list...is it still operational?) Stopping "unwanted mail" from going to the main list--which is of course a completely different kettle of fish from offering filtered lists--has really only two main solutions: 1. Moderation by a human reader. 2. Posting only allowed by subscribed readers, with manual approval of subscription requests. Both have problems. Nobody I know of has time or interest in approving posts, and this would significantly delay discussions, and probably kill them (which may or may not be a good thing, depending on your point of view). Nor do I know of anyone I would want deciding if my essays were "appropriate." I've watched a lot of moderated lists turn into the private fiefdoms of the all-powerful moderators. (On the other hand, the RISKs forum is a roaring success, for various reasons. The focus on reports of security, safety, and computer bug-related incidents is perhaps a major reason. Peter Neumann's dedication--and SRI affiliation, which condones him spending his time on this, I think--is another.) And as many have noted, allowing only subscribers to post eliminates anonymous posters, except by the clever workaround of having subscribers pass on the anonymous posts. That idea has merit, but also has drawbacks. For myself, I just make liberal use of filters and am quick on the "D" key to delete posts that have no interest for me. Even with 100 messages a day, the 60-70 that make it past my filters can be disposed of in less than half an hour, including downloading time and spending a few seconds on each deciding whether to discard it, keep it around for later viewing, keeping it around for a reply, etc. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From rwright at adnetsol.com Tue Dec 31 14:01:00 1996 From: rwright at adnetsol.com (Ross Wright) Date: Tue, 31 Dec 1996 14:01:00 -0800 (PST) Subject: Just another government fuckover: New crypto regulation Message-ID: <199612312200.OAA08131@adnetsol.adnetsol.com> On or About 31 Dec 96 at 13:56, Dr.Dimitri Vulis KOTM wrote: > > "Cypher punks" write stupid racist flames and postmaster complaints, > not code. Yes, and they are sad that ebonics IS NOT going to be a course taught in school. I spoke with a source at the Oakland School District who said they would not allow papers to be turned in written in ebonics. It is just an effort for educators to better understand how their students may communicate. So everyone who liked Tim May's fake sarcasm are now sad that they made fools of themselves. > > > I am not "here" - I've been unsubscribed by the head censor, > cocksucker John Gilmore at the request of Ray Arachelian and Timmy > May. They're "here" to harrass and to flame and they don't want > followups from the victims of their harrassment. You are correct, there Doctor! Just look at what just happened to me. > > > Freedom for whom, or from whom? I have no great despect for Abraham > "I freed who?" Lincoln, but I like the quote from him: "Those who > deny freedom to others deserve it not for themselves." > Some folks on this mailing list remind me of hardcore communists > that believe that orthodix marxism works, and everyone who tried and > failed to implement it, was perverting marx's ideas. > U.S.constitution was an instrument of class warfare. > > Yes, let's see some more "dissidents" unsubscribed! Let's see some > more mailbombs and postmaster complaints! Let's see punitive action > in response to speech! That's all "cypher punks" are good for. > Yes, Yes, Yes! =-=-=-=-=-=- Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From cman at c2.net Tue Dec 31 14:07:33 1996 From: cman at c2.net (Douglas Barnes) Date: Tue, 31 Dec 1996 14:07:33 -0800 (PST) Subject: Hardening lists against spam attacks Message-ID: <2.2.32.19961231220441.00cb4358@gabber.c2.net> The problem with payment schemes like this is that they're hard to rationalize (as Lucky points out here). A direct mail piece (via snail mail) can easily cost the sender more than a dollar when all costs are taken into account. This does not seem to have appreciably slowed down junk mailers IRL. Spam to a large mailing list has a multiplicative effect (although it's also easier to throw out and/or ignore.) Certainly if someone had a real product, it would be worth anywhere from $1 to $25 to post an advertisement to a sizeable mailing list. On the other hand, a blanket charge would serve as a disincentive to people who make valuable contributions, unless it were a completely negligible cost, in which case the advertisers would have no problem coughing up the money. There's a serious imbalance between how annoying spam is and how much we're willing to pay to post (most of us would like to see them charged to the point where they wouldn't do it at all.) Possibly a system of charging for non-list-members? Sort of a closed list with a way for outside posters to contribute if they really wanted to? In general it seems very difficult to balance the various aspects of maintaining a lively discussion, fostering a sense of community, allowing anonymous postings, and keeping the whole thing simple enough to actually implement. The best approach I can think of for dealing with a lot of this crap is to a) ignore outright spam, b) do not feed the energy creatures (the people on the list who thrive on conflict.) and c) instead of responding to noise, contribute to signal. I've been on the verge of responding to certain posters over the last few months, and I've realized before I've hit the "send" key that I'd be giving them just what they want -- attention -- while further degrading the signal to noise ratio. At 11:47 AM 12/31/96 -0800, you wrote: >At 10:25 AM 12/31/96 -0800, Peter Hendrickson wrote: >>The easiest and fastest solution is to set up toad.com to charge a >>dollar per message. (Proceeds to be spent by John Gilmore as he >>sees fit.) >> >>We can then leverage off the existing e-cash infrastructure which >>already provides blinding software for free on all major platforms. > >I am not sure that this proposal would work. Some of the spammers on this >list are rather dedicated. They might gladly pay a dollar per message. > > > >-- Lucky Green PGP encrypted mail preferred > Make your mark in the history of mathematics. Use the spare cycles of > your PC/PPC/UNIX box to help find a new prime. > http://www.mersenne.org/prime.htm > From tcmay at got.net Tue Dec 31 14:16:13 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 31 Dec 1996 14:16:13 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: <199612312032.MAA04214@crypt.hfinney.com> Message-ID: At 12:32 PM -0800 12/31/96, Hal Finney wrote: >We might also want to consider the paradoxical possibility that if we >remove the junk, the list will die! At least now we are constantly >reminded that the cypherpunks list exists. Other lists like the >cryptography and coderpunks can sometimes go for quite a while without >any posts at all. On CP you have the sense of a dynamic community where >you can hope for a response to your posts, more so than on a list which >is silent for days at a time. A very good point. This is what I meant in my last message by saying that moderated lists can become "moribund." I've seen a bunch of nominally "quality" lists simply die the death of inactivity because the volume was so low. Cypherpunks is like a crowded coffee house, or bar, with people having various conversations, sometimes shouting, and with debate raging. It's easier to filter out things I don't want to hear than it is to _induce_ things I _do_ want to hear! And as I said in my last message, even with 100 messages a day, this is easily manageable with filtering tools and a quick hand on the "delete" key. Massive spam attacks, or denial of service attacks, such as we have seen several times in the last year or so, are more problematic than mere "off-topic" or "not what I wanted to read" posts. Solutions to this would be nice, but I'm not holding my breath. (It seems to me that majordomo could be hacked to either recognize subscriptions with some indication of "list" in the name, and not allow the list to be subscribed to other lists. Not that this would always work (as "cypherpunks at toad.com" so clearly shows).) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From snow at smoke.suba.com Tue Dec 31 14:20:28 1996 From: snow at smoke.suba.com (snow) Date: Tue, 31 Dec 1996 14:20:28 -0800 (PST) Subject: New crypto regulations In-Reply-To: Message-ID: <199612312235.QAA00478@smoke.suba.com> Mr. May said: > At 12:07 PM -0800 12/30/96, Lucky Green wrote: > Net of course (stego, hidden, remailed, whatever). > > The whole book thing is an oddity...no meaningful crypto is going to be > helped or hindered by the book exception. I disagree. The thing about exporting crypto code in book for is that it allows budding anarc^h^h^h^h^h cryptographers and crypto-programmers specific examples of algorythm implementation. It allows people outside the US to learn about and write good crypto. I, for one, don't care _where_ the code gets written, as long as I can get it, and use it. France, Libya, Russia, or Albania, it doesn't matter WHERE the keyboard is, with the internet it is all 30 or 40 hops away. Of course, that is the problem. Soon we will see the banning of IMPORT of strong crypto. These people are either very stupid, or very bright. Either way, they are not on friendly terms with freedom. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From ph at netcom.com Tue Dec 31 14:23:25 1996 From: ph at netcom.com (Peter Hendrickson) Date: Tue, 31 Dec 1996 14:23:25 -0800 (PST) Subject: Hardening lists against spam attacks Message-ID: At 1:01 PM 12/31/1996, Z.B. wrote: >On Tue, 31 Dec 1996, Dale Thorn wrote: >> ...I will *not* install and run PGP. > I agree with Dale here...requiring PGP in order to post would probably > deter low-level, idiot spammers, but it would also keep those people off > the list who, for one reason or another, don't like/want/use PGP. People who don't like using PGP, or can't use it, or won't use it, do not belong on this list. > Also, what about people who post to and read the list from someplace other > than their home computer, like school or work? I have access to this account > from my college, but I'm sure not going to leave my keys lying around > my account just so I can post to a mailing list. Easy. Keep a copy of PGP there and a copy of the list public key. It's okay to leave public keys lying around. I might add that this is not "just a mailing list." It is the Cypherpunks mailing list. It's worth a little trouble. If you don't agree, find a list which is. Peter Hendrickson ph at netcom.com From tcmay at got.net Tue Dec 31 14:24:50 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 31 Dec 1996 14:24:50 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: Message-ID: At 1:04 PM -0800 12/31/96, Peter Hendrickson wrote: >At 11:47 AM 12/31/1996, Lucky Green wrote: >>At 10:25 AM 12/31/96 -0800, Peter Hendrickson wrote: >>> The easiest and fastest solution is to set up toad.com to charge a >>> dollar per message. (Proceeds to be spent by John Gilmore as he >>> sees fit.) > >>> We can then leverage off the existing e-cash infrastructure which >>> already provides blinding software for free on all major platforms. > >> I am not sure that this proposal would work. Some of the spammers on this >> list are rather dedicated. They might gladly pay a dollar per message. > >Let's try it and see how it goes. If it doesn't work, we can try >a more complicated scheme. (I volunteer to modify Majordomo to >make this happen. We could have this feature in the near future.) "Let's try it and see how it goes" is often a dangerous step. It could kill the list as we know it; exactly what fraction of current subscribers do you think will arrange for digital cash accounts, will arrange their mailing software to use this, will bother with PGP, etc.? Now maybe this is a Good Thing, to drive out the slackers and those without good tools integrating PGP into their mailers, etc., but maybe it is not a Good Thing . It seems to me that one should not lightly just say "Let's try it and see what happens!" >I have seen a lot of complaints about "too much noise". That is >not a problem. The problem is too little signal. I can extract >the signal - unless it isn't there. My sentiments exactly. But I fail to see how collecting a dollar per post, or whatever the fee is ultimately set at, increases the number of good posts (not the percentage, the S/N, the _number_, which is what we both agree is the important thing). Explanation? --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From snow at smoke.suba.com Tue Dec 31 14:51:19 1996 From: snow at smoke.suba.com (snow) Date: Tue, 31 Dec 1996 14:51:19 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: <32C94D58.3CBB@gte.net> Message-ID: <199612312306.RAA00569@smoke.suba.com> A non-text attachment was scrubbed... Name: not available Type: application/x-pgp-message Size: 26 bytes Desc: not available URL: From drose at AZStarNet.com Tue Dec 31 15:13:28 1996 From: drose at AZStarNet.com (drose at AZStarNet.com) Date: Tue, 31 Dec 1996 15:13:28 -0800 (PST) Subject: Ebonite Notes from All Over Message-ID: <199612312313.QAA09275@web.azstarnet.com> 1. J. Jackson apparently now finds "ebonics" to be a "Goot Thang"(SM): _S.F. Examiner_ reporter Venise (sic) Wagner headlines in the paper's Web site today that "Jackson backs Oakland 'ebonics.' Rights leader switches position after hearing about program in detail." Says Jackson: "The first message the came out was that the district was going to make black language equitable (sic) as another language. That is not the idea." Is Mr. Jackson speaking in Ebonics? 2. From "A Brief History of Plastics": "Ebonite (TM) is produced by heating natural rubber with about 10% by weight of sulpher. This is about five time more sulpher than would be used in conventional vulcanisation. The material is hard, black and tough and bears a striking resemblance to the hardwood, ebony--hence its name. The main use for ebonite in the early 1800s was in piano keys." 3. Although Ebonite International sponsors the Professional Bowling Association's "Ebonite Classic" tournament, the Official ABC/WIBC Ruling on Ball Cleaners, as at 9/12/96, has ruled that their 1-and-2-Step Reactive Resin Ball Cleaners "cannot be used during ABC/WIBC sanctioned competition because it would be in violation of Rule 19." But take heart: the American Bowling Conference Equipment Specifications Department has decided that "these products are allowed before or after league and/or tournament sessions." 4. What's the difference between a bowling ball and a black woman? If you're really, really hungry, you can always eat the bowling ball. N.B. I personally find #4 above to be racist, sick, and not very "funny" at all. From snow at smoke.suba.com Tue Dec 31 15:28:55 1996 From: snow at smoke.suba.com (snow) Date: Tue, 31 Dec 1996 15:28:55 -0800 (PST) Subject: Internal Passports In-Reply-To: Message-ID: <199612312343.RAA00759@smoke.suba.com> > At 12:59 PM -0600 12/31/96, snow wrote: > >Mr. May wrote: > >> My SS card, issued in 1969 (and which I still have, surprisingly enough), > >> says this. Someone said recently here on the list that this line was > >> dropped in more recent years. > > I had to have mine replaced recently, and that line is no longer > >_anywhere_ on the card. > > Did they change the laws regarding the use of your SSN as ID, or > >are most people just ignoring it? > > At the bottom of my SS card are these exact words: > "FOR SOCIAL SECURITY AND TAX PURPOSES--NOT FOR IDENTIFICATION" My original had that, the replacement doesn't. If you, or anyone else would like to see a scan of it, I can have it up in about 30 seconds. Number obscured of course (not that it is hard to find it other places). > > When I had to renew my California Driver's License, I was asked for my SS > number...a new requirement. I pointed out that the SS number is not for > identification. The clerk gave me a blank look and said I would not get a > driver's license without an SS number. I gave in, preferring to fight other > battles. > (And I would surely lose this battle, probably even if I spend tons of > money on mounting a legal challenge.) In Illinois, you merely have to request they not put it on the card, supposedly in Missouri you don't have to have in put on the card if you have a "religious objection", but I'd bet if you bitch loud enough at the DMV office, you can get out of it. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From ph at netcom.com Tue Dec 31 15:51:53 1996 From: ph at netcom.com (Peter Hendrickson) Date: Tue, 31 Dec 1996 15:51:53 -0800 (PST) Subject: Anonymous Post Control Message-ID: It's hard to filter anonymous posters. I want to see what a few of them have to say so I can't filter on the remailers. If anonymous posters PGP sign their posts, it is still hard to filter using a lame filter software such as that which comes to Eudora. It would be nice if toad.com would verify signatures and insert a header into the messages with the PGP User Id of every poster. Then it would be very easy for many people to filter the messages using widely available off-the-shelf mail software. (I volunteer to adapt majordomo for this task if it seems like a good idea.) Peter Hendrickson ph at netcom.com From ph at netcom.com Tue Dec 31 15:51:57 1996 From: ph at netcom.com (Peter Hendrickson) Date: Tue, 31 Dec 1996 15:51:57 -0800 (PST) Subject: Hardening lists against spam attacks Message-ID: At 2:04 PM 12/31/1996, Douglas Barnes wrote: > The problem with payment schemes like this is that they're hard > to rationalize (as Lucky points out here). > A direct mail piece (via snail mail) can easily cost the sender > more than a dollar when all costs are taken into account. This > does not seem to have appreciably slowed down junk mailers IRL. > Spam to a large mailing list has a multiplicative effect (although > it's also easier to throw out and/or ignore.) Certainly if someone > had a real product, it would be worth anywhere from $1 to $25 to > post an advertisement to a sizeable mailing list. > On the other hand, a blanket charge would serve as a disincentive > to people who make valuable contributions, unless it were a > completely negligible cost, in which case the advertisers would > have no problem coughing up the money. There's a serious imbalance > between how annoying spam is and how much we're willing to pay > to post (most of us would like to see them charged to the point > where they wouldn't do it at all.) It won't be worthwhile for a year or two for spam artists to go to the trouble of figuring out how to do this. I'm not sure I have a good solution to this problem in the long term, however. If our custom was to send money to people who make good posts, then you could imagine the fee being quite high, say $20, since most of the money will be made back. Voila! We have a wonderful feedback system for how much contribution we have made. People who want to make sure that they are putting in at least as much as they take out can make a little rule for themselves: I won't take money out of my cypherpunks e-cash account. I will only send it to other people for their good posts. In effect, this is a fully distributed tokening system without the choke point of a single token administrator. > In general it seems very difficult to balance the various aspects > of maintaining a lively discussion, fostering a sense of community, > allowing anonymous postings, and keeping the whole thing simple > enough to actually implement. I agree that we should keep it sweet and simple. That's one nice aspect of the e-cash scheme. All the software is already out there, except (maybe) the majordomo part which I have volunteered to do. Keep in mind that if the list brings in, say, $1000/month that buys a lot of food. I have to think that this will liven up the monthly meetings and create many positive and lasting relationships. > I've been on the verge of responding to certain posters over the last > few months, and I've realized before I've hit the "send" key that > I'd be giving them just what they want -- attention -- while further > degrading the signal to noise ratio. This is exactly the sort of process which is facilitated by paying a dollar. In your case it won't make a difference, but most people will find their presence on the list becomes much more responsible when they have to put up a buck. Peter Hendrickson ph at netcom.com From ph at netcom.com Tue Dec 31 15:53:36 1996 From: ph at netcom.com (Peter Hendrickson) Date: Tue, 31 Dec 1996 15:53:36 -0800 (PST) Subject: Hardening lists against spam attacks Message-ID: At 2:32 PM 12/31/1996, Timothy C. May wrote: >At 1:04 PM -0800 12/31/96, Peter Hendrickson wrote: >>At 11:47 AM 12/31/1996, Lucky Green wrote: >>>At 10:25 AM 12/31/96 -0800, Peter Hendrickson wrote: >>>> The easiest and fastest solution is to set up toad.com to charge a >>>> dollar per message. (Proceeds to be spent by John Gilmore as he >>>> sees fit.) >>>> We can then leverage off the existing e-cash infrastructure which >>>> already provides blinding software for free on all major platforms. >>> I am not sure that this proposal would work. Some of the spammers on this >>> list are rather dedicated. They might gladly pay a dollar per message. >> Let's try it and see how it goes. If it doesn't work, we can try >> a more complicated scheme. (I volunteer to modify Majordomo to >> make this happen. We could have this feature in the near future.) > "Let's try it and see how it goes" is often a dangerous step. It could kill > the list as we know it; exactly what fraction of current subscribers do you > think will arrange for digital cash accounts, will arrange their mailing > software to use this, will bother with PGP, etc.? It's not always bad to take a few chances. I've noticed that there is a lot of negativity in the cypherpunks scene. (I am not without sin in this department. ;-) It would be more exciting to try out a few ideas. I would much rather be trying lots of things and throwing out the bad ones. This should lead to better technology. This not only benefits the cypherpunks list, it benefits everybody using the Net, which is (I think) one of our goals. It short circuits poorly intentioned authoritarian schemes to dictate what may or may not be sent to a mailing list. (For example, people often propose to make spam illegal. Most readers of this list will recognize the camel's nose.) > Now maybe this is a Good Thing, to drive out the slackers and those without > good tools integrating PGP into their mailers, etc., but maybe it is not a > Good Thing. It could be a mistake, but I think the only way we will find out is to try it. Unlike the interesting token scheme, this is easy to deploy and it doesn't provide an insurmountable barrier to dissent. You can still put up a dollar to say "This is a drag! Let's get rid of it!" But if your token gets pulled by an abusive token administrator, it's harder to get the word out. (Not impossible, though.) Keep in mind that the worst case is that people will have to ask their e-cash endowed friends for a few ASCII tokens to prepend to their posts to the list. That is not very tough to arrange. >> I have seen a lot of complaints about "too much noise". That is >> not a problem. The problem is too little signal. I can extract >> the signal - unless it isn't there. > My sentiments exactly. But I fail to see how collecting a dollar per post, > or whatever the fee is ultimately set at, increases the number of good > posts (not the percentage, the S/N, the _number_, which is what we both > agree is the important thing). > Explanation? One thing it does for sure is to eliminate attacks where somebody sends thousands of messages to toad.com and overloads its capacity to forward them. It also means that bigger faster hardware can be purchased if the load gets too high, or to compensate somebody to wrangle majordomo. I suspect it will also promote high quality posting. Certainly, "me too" posts and "unsubscrive" posts will be greatly attenuated. And, people who post reams of drivel and invective can only do so at the expense of financing the monthly cypherpunks food bash. This doesn't mean they will stop, but it does mean that we can chown down on hundreds of pounds of guacamole at their expense. As for other people, I think if it isn't worth a dollar to you to post a message, it probably isn't worth it for the rest of us to read it. Without any real evidence, my feeling is that if somebody has to pay a dollar to post a message, they will give it more thought and write it more carefully. This is sort of like expecting children to use proper grammar, forms, and excellent handwriting in preparing a report. The result is that greater care and thought is devoted to the ideas in the report itself. I don't believe that people making valuable contributions have any trouble at all coughing up a dollar to do so. Very few people post more than 10 messages a month. $10/month isn't much of a burden. If this does turn out to be a problem, when readers see a post they like they should send the person a buck to encourage more good work. This is a very effective way of saying "I really enjoyed what you had to say." And, nothing stops frequent posters from asking for money on the list to continue their fine work. In a sense, this is a fully abstracted version of the token scheme. Peter Hendrickson ph at netcom.com From JohnnyDaven at aol.com Tue Dec 31 15:58:46 1996 From: JohnnyDaven at aol.com (Johnny Davenport) Date: Tue, 31 Dec 1996 15:58:46 -0800 (PST) Subject: Would you be interested in this? Message-ID: <32c99f3a.107893882@smtp.a001.sprintmail.com> Our mutual friend, JamesB at aol.com said this might be something you would be interested in. You can save a substantial amount of money on your next Florida Vacation and receive an adult pass to Universal Studios. If you are interested please visit the web page at: http://www.o-c-s.com/getaway Or for more information via Auto Responder, send an E-Mail message to: getaway at o-c-s.com Best wishes, John From nobody at squirrel.owl.de Tue Dec 31 16:47:11 1996 From: nobody at squirrel.owl.de (Secret Squirrel) Date: Tue, 31 Dec 1996 16:47:11 -0800 (PST) Subject: Hardening lists against spam attacks Message-ID: <19970101003304.25550.qmail@squirrel.owl.de> On Tue, 31 Dec 1996, Hal Finney wrote: > An alternative is to give each subscriber only a small, fixed number of > blinded tokens which he will use for the lifetime of his subscription > to the list. When someone posts anonymously, they use up one of their > tokens. Then, if the message was not abusive, a new blinded token is > created, encrypted with the public key of the good-guy anonymous poster, > and broadcast to subscribers. This way good anonymous posters will get > to keep posting, while abusive ones will shortly run out of anonymous > posting tokens. Oops, ran out of tokens.... UNSUBSCRIBE cypherpunks SUBSCRIBE cypherpunks Lance OK now I'm ready to post more crap! From dlv at bwalk.dm.com Tue Dec 31 17:00:42 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 31 Dec 1996 17:00:42 -0800 (PST) Subject: Extremism in the defense of liberty is no vice In-Reply-To: Message-ID: "Timothy C. May" writes: > > I'll continue to be radical in my views. Nothing wrong with extremism in > the defense of liberty, as some wise men said. Of course, "cypher punks" are opposed to liberty. Have you noticed that the only crypto-relevant thread in weeks is about protocols to stop free speech? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Dec 31 17:02:24 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 31 Dec 1996 17:02:24 -0800 (PST) Subject: Just another government fuckover: New crypto regulation In-Reply-To: <199612312200.OAA08131@adnetsol.adnetsol.com> Message-ID: "Ross Wright" writes: > On or About 31 Dec 96 at 13:56, Dr.Dimitri Vulis KOTM wrote: > > > "Cypher punks" write stupid racist flames and postmaster complaints, > > not code. > > Yes, and they are sad that ebonics IS NOT going to be a course taught > in school. I spoke with a source at the Oakland School District who > said they would not allow papers to be turned in written in ebonics. > It is just an effort for educators to better understand how their > students may communicate. So everyone who liked Tim May's > fake sarcasm are now sad that they made fools of themselves. Lying assholes like Ray Arachelian have no sense of shame, or they would have committed mass suicide a long time ago. Can Tim May play Jim Jones and lead his flock? > > I am not "here" - I've been unsubscribed by the head censor, > > cocksucker John Gilmore at the request of Ray Arachelian and Timmy > > May. They're "here" to harrass and to flame and they don't want > > followups from the victims of their harrassment. > > You are correct, there Doctor! Just look at what just happened to > me. It's indicative that most of the "cypher punks" who contribute to the only crypto-relevant thread on this mailing list in weeks - rather lame protocols for limiting free speech - are homosexuals. They want a forum where they can lie and forge and flame and libel (as Ray Arachelian does now), and where there victims will be prevented from responding. No wonder Ray Arachelian has already accused me of "homophobia", a sufficient reason for the cocksucker John Gilmore to unsubscribe me, even though I said nothing about Ray's sexual perversions. > > Yes, let's see some more "dissidents" unsubscribed! Let's see some > > more mailbombs and postmaster complaints! Let's see punitive action > > in response to speech! That's all "cypher punks" are good for. > > Yes, Yes, Yes! Pathetic impotent liars. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Dec 31 17:10:13 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 31 Dec 1996 17:10:13 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: <199612312032.MAA04214@crypt.hfinney.com> Message-ID: Hal Finney writes: > > We might also want to consider the paradoxical possibility that if we > remove the junk, the list will die! At least now we are constantly > reminded that the cypherpunks list exists. It "exists" as a laughing stock for the media and the NSA. It has no credibility, thanks to cocksucker John Gilmore's content-based plug-pulling and censorship. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From factnet at rmii.com Tue Dec 31 17:31:41 1996 From: factnet at rmii.com (factnet at rmii.com) Date: Tue, 31 Dec 1996 17:31:41 -0800 (PST) Subject: Who is the first new web page of 1997?! Message-ID: <3.0.32.19961231174254.0090ed20@rmi.net> Announcing the healthy birth of a bouncing new web page on January 1, 1997 at 12:00 a.m.: FACTNet International Digest, a non-profit Internet digest, news service, library, dialogue center, and archive dedicated to the promotion and defense of global free thought, free speech, and privacy rights. Please come visit and help spin the guest counter at: ********************************** ** http://www.factnet.org ** ********************************** If you would like to subscribe to our free FACTNews newsletter and you cannot access the web, or your browser does not support forms, send e-mail to: facnet at rmii.com With a subject line that reads: subscribe-FACTNews =========================================== Happy New Year from the FACTNet staff! From dlv at bwalk.dm.com Tue Dec 31 17:50:07 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 31 Dec 1996 17:50:07 -0800 (PST) Subject: Ebonite Notes from All Over In-Reply-To: <199612312313.QAA09275@web.azstarnet.com> Message-ID: drose at AZStarNet.com writes: > > 4. What's the difference between a bowling ball and a black woman? If > you're really, really hungry, you can always eat the bowling ball. So, what else can you expect from a "cypher punk"... That's the kind of traffic cocksucker John Gilmore likes. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From shamrock at netcom.com Tue Dec 31 18:09:09 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 31 Dec 1996 18:09:09 -0800 (PST) Subject: Just another government fuckover: New crypto regulation Message-ID: <3.0.32.19961231180942.0069e978@netcom13.netcom.com> At 02:08 PM 12/31/96 -0800, Ross Wright wrote: >On or About 31 Dec 96 at 13:56, Dr.Dimitri Vulis KOTM wrote: > >> >> "Cypher punks" write stupid racist flames and postmaster complaints, >> not code. > >Yes, and they are sad that ebonics IS NOT going to be a course taught >in school. I spoke with a source at the Oakland School District who >said they would not allow papers to be turned in written in ebonics. >It is just an effort for educators to better understand how their >students may communicate. So everyone who liked Tim May's >fake sarcasm are now sad that they made fools of themselves. I suggest you read the written resolution of the Oakland school board, rather than listen to the spin control the district was forced to use after their idiotic plan blew up in their face. The resolution finds that "ebonics is the primary language" of a majority of students in the district. The resolutions then requires teachers to "provide instructions to students in their primary language". The school board mandates in writing that at least some classes be taught in Ebonics (ghetto slang). -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://www.mersenne.org/prime.htm From shamrock at netcom.com Tue Dec 31 18:10:50 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 31 Dec 1996 18:10:50 -0800 (PST) Subject: New crypto regs outlaw financing non-US development Message-ID: <3.0.32.19961231175932.006ab0e8@netcom13.netcom.com> At 01:05 PM 12/31/96 -0800, Ian Goldberg wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >In article <3.0.32.19961228225731.006b3080 at netcom13.netcom.com>, >Lucky Green wrote: >>First the good news: the export controls mentioned in the draft of the regs >>on any kind of data security software, regardless if it uses crypto or not >>did not carry into the final version. > >But it _specifically_ restricts virus-checkers (and, also, it would seem, >backup programs, but that could be stretching it): > >ECCN 5D002.c.3: ># ``Software'' designed or modified to protect against malicious ># computer damage, e.g., viruses My mistake. I overlooked this paragraph. I thought it had not made it into the final version. Virus checkers, programs like Tripwire, and all firewall products are export controlled under the new regs. Regardless if the program uses crypto or not. -- Lucky Green PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://www.mersenne.org/prime.htm From jorge at mailloop.com Tue Dec 31 18:13:45 1996 From: jorge at mailloop.com (Jorge Hernandez) Date: Tue, 31 Dec 1996 18:13:45 -0800 (PST) Subject: Bulk Mailing Software Message-ID: <199701010213.VAA00550@alberta.sallynet.com> Mailloop is bulk mailing software that will revolutionize how people advertise on the internet. See what all the fuss is about: http://www.mailloop.com From factnet at rmii.com Tue Dec 31 18:17:01 1996 From: factnet at rmii.com (factnet at rmii.com) Date: Tue, 31 Dec 1996 18:17:01 -0800 (PST) Subject: Who is the first new web page of 1997?! Message-ID: <3.0.32.19961231184434.0094f5f0@rmi.net> Announcing the healthy birth of a bouncing new web page on January 1, 1997 at 12:00 a.m.: FACTNet International Digest, a non-profit Internet digest, news service, library, dialogue center, and archive dedicated to the promotion and defense of global free thought, free speech, and privacy rights. Please come visit and help spin the guest counter at: ********************************** ** http://www.factnet.org ** ********************************** If you would like to subscribe to our free FACTNews newsletter and you cannot access the web, or your browser does not support forms, send e-mail to: facnet at rmii.com With a subject line that reads: subscribe-FACTNews =========================================== Happy New Year from the FACTNet staff! From dthorn at gte.net Tue Dec 31 18:25:16 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 31 Dec 1996 18:25:16 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: Message-ID: <32C9CAAE.497B@gte.net> Peter Hendrickson wrote: > At 1:01 PM 12/31/1996, Z.B. wrote: > >On Tue, 31 Dec 1996, Dale Thorn wrote: > >> ...I will *not* install and run PGP. > People who don't like using PGP, or can't use it, or won't use it, > do not belong on this list. So who died and made you the king? From dthorn at gte.net Tue Dec 31 18:34:36 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 31 Dec 1996 18:34:36 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: <199612312306.RAA00569@smoke.suba.com> Message-ID: <32C9CCEF.71A0@gte.net> snow wrote: > The Thorn wrote: > > Bill Frantz wrote: > > > All messages sent to the list must be encrypted with the list's public key. > > So in order to post here, I hafta install and run PGP? Well, people > > were looking for the perfect formula to deny service to guys like me, > > and guess what? You found it! I will *not* install and run PGP. > Why not? There are acceptable email interfaces for just about every > platform out there (pgp-elm, Eudora hooks, Private Idaho etc), and it > really isn't _that_ much of a hassle to do. I should clarify: I won't use it if I don't have to, and I could make a list of reasons if need be. I think the requirement to use PGP could be an excellent way to shake off a lot of subscribers/posters, many of whom heavy users of the list would like to see go away anyway. All I'm really pointing up is the exclusion of a class of subscribers. From frantz at netcom.com Tue Dec 31 18:41:29 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 31 Dec 1996 18:41:29 -0800 (PST) Subject: premail. In-Reply-To: <199612310527.GAA12868@basement.replay.com> Message-ID: At 9:27 PM -0800 12/30/96, Anonymous wrote: >A scenario: > >1) The spooks put a bug (named Eve) on the link between >kiwi.cs.berkeley.edu and the Internet. > > Whenever kiwi.cs.berkeley.edu sents out the pubring.pgp Eve intercepts >it and replaces it with a file of the spooks' choosing. This file will >selectively replace the public pgp keys of some of the remailers (say exon) >in pubring.pgp with keys to which the spooks know the private key. (1) Protection against this scenario is what the signatures on the key are for. (2) Nomenclature quibble: It would have to be Mallory, not Eve. Eve can only listen. Mallory is a lot more dangerous because he can alter/delete/insert messages as well as listen. ------------------------------------------------------------------------- Bill Frantz | Client in California, POP3 | Periwinkle -- Consulting (408)356-8506 | in Pittsburgh, Packets in | 16345 Englewood Ave. frantz at netcom.com | Pakistan. - me | Los Gatos, CA 95032, USA From jya at pipeline.com Tue Dec 31 18:44:41 1996 From: jya at pipeline.com (John Young) Date: Tue, 31 Dec 1996 18:44:41 -0800 (PST) Subject: RCMP on InfoSec Message-ID: <1.5.4.32.19970101024042.0070c464@pop.pipeline.com> The Mounties have put out an impressive document on comprehensive security for information technology: encryption and TEMPEST, construction standards and secure rooms, hardware and software, management and personnel: Technical Security Standard for Information Technology Royal Canadian Mounted Police August 1995 Part One (Chapters 1-4) http://jya.com/rcmp1.htm (71K, plus graphics) Part Two (Chapters 5-8) http://jya.com/rcmp2.htm (81K, plus graphics) From snow at smoke.suba.com Tue Dec 31 19:04:24 1996 From: snow at smoke.suba.com (snow) Date: Tue, 31 Dec 1996 19:04:24 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: Message-ID: <199701010319.VAA00222@smoke.suba.com> Babayco wrote: > I agree with Dale here...requiring PGP in order to post would probably > deter low-level, idiot spammers, but it would also keep those people off > the list who, for one reason or another, don't like/want/use PGP. Also, This is cypherpunks, if we can't be bothered to use crypto software, then how can we tell others they should? > what about people who post to and read the list from someplace other than > their home computer, like school or work? I have access to this account > from my college, but I'm sure not going to leave my keys lying around > my account just so I can post to a mailing list. Seperate key for that account/mailing list. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From attila at primenet.com Tue Dec 31 19:28:44 1996 From: attila at primenet.com (Attila T. Hun) Date: Tue, 31 Dec 1996 19:28:44 -0800 (PST) Subject: LAW_dno In-Reply-To: Message-ID: <199701010329.UAA05604@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- on 12/31/96 at 09:03 AM, Robert Hettinga said: ::Fortunately, such "points" are about to go the way of the devine ::right of Kings, the unquestioned authority of the church, and, of ::course, rendering unto Ceasar. ;-). ::See you all in Anguilla... don't plan on buying a return trip-tic and don't forget to pay your expatriate taxes before you leave. --attila == "When buying and selling are controlled by legislation, the first things to be bought and sold are legislators" --P.J. O'Rourke. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMslyaL04kQrCC2kFAQFysQQAnYE6imj9Auw+vT7ZGuJTQxaOS6CWLKx4 32NfRCwY+7ul1ED3JmXfzbWWEtY4N7YngyU9Vdl4Mr/3XyEcTWI1+bqxEWj4pSSH zaw40rxb0n+8lrNTJSbNceMcskmSiGgd4IPbEZL7I1FlasqDLMOZnqoLBNPdcYIj nEtcpV68Zf8= =Rjbo -----END PGP SIGNATURE----- From woody at hi.net Tue Dec 31 20:07:21 1996 From: woody at hi.net (Howard W Campbell) Date: Tue, 31 Dec 1996 20:07:21 -0800 (PST) Subject: FinCEN reports from GAO Message-ID: <32C9E269.FFC@hi.net> A GAO report to congress "MONEY LAUNDERING- Progress Report on Treasury's Financial Crimes Enforcement Network"(GAO/GGD-94-30) is available by snail mail free of charge for the first copy. All one needs to do is cut-and-paste the form below and send it to the address provided. The report gives a general overview complete with a few details describing methodologies. Of particular interest is the "Source Database" which "is designed to facilitate coordiation and cooperation among agencies that might be investigating the same suspects. The database serves as a central repository for information on suspects requested from FinCEN as well as ..." No doubt this will be part of the FAA/Airlines/Law enforcement data matching scheme when it is eventually implemented. The second report(GAO/GGD -95-156) supposedly details changes that the FinCEN people have suggested as needed improvements in the reporting system. I just recently requested the second report and haven't read it. Aloha, Woody email to : orders at gao.gov just fill out the name and address sections _______________________________________________________________________________________ Customer ID Number*: (* If using ID#, you ONLY need to provide your name) (**See FAQ Section 2.1 - Customer ID#'s - for details.) First Name: Last Name: Organization/Division/Office: Building: Room #: Street Address: City: State: Zip: Country (if not USA): ---- DOCUMENT/REPORT NUMBERS For example: HEHS-95-58 (You do not need to include leading "GAO/") DATE* Report #1:GAO/GGD-94-30 Report #2:GAO/GGD -95-156 Report #3: Report #4: Report #5: >>>CUT HERE<<< From dlv at bwalk.dm.com Tue Dec 31 20:10:15 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 31 Dec 1996 20:10:15 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: Message-ID: "Timothy C. May" writes: > (Needless to say, if John Gilmore _chooses_ to impose a posting fee, this > is his right. Caveat poster.) The stupid cocksucker, asshole censor John Gilmore has already so thoroughly destroyed his credibility with his content-based censorship and plug-pulling, that almost nothing can damage it any further. John Gilmore is a proven liar, a censor, and an outright jerk. (Mark: He also has bad table manners.) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From markm at voicenet.com Tue Dec 31 20:29:31 1996 From: markm at voicenet.com (Mark M.) Date: Tue, 31 Dec 1996 20:29:31 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: <199612312032.MAA04214@crypt.hfinney.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 31 Dec 1996, Hal Finney wrote: > This is an interesting idea, however it will be possible for someone with > a respectable public persona to continue getting tokens indefinately for > posting abusive anonymous messages. There is no way to link the anonymous > tokens with the ones which were issued to good subscribers. If the number of tokens given to each subscriber per day is limited (5 to 7 is probably reasonable), then this will limit the amount of abusive anonymous messages posted. This scheme might not prevent people from anonymously posting abusive messages, but it will prevent spam. Limiting the number of abusive anonymous messages one can post is an interesting idea, but this only allows pseudonymity and not anonymity. The pseudonymity-anonymity issue seems to be a trade-off between more privacy and less noise. Mark -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMsnpCSzIPc7jvyFpAQFovggAhOFPeHaj/huH/kQUSI7FViH8TrUOH3X1 c3Ux5ZjiBPyO0dknI2crLhDZuBYf5dVH0K6rR5D5vXMsNn6+0p8Ec4w5HXouHN6K zP6sUnntcFXFuddOblit8R4LGCZbmaW+7WZBp4h+UfBsN1Xg/iP156VrwFy7eBve MXhyoROwDpRq8ENceqA9CvgyXtbjb5xBJVnB8rj+y5qc0kQH4mFZZZBRX+sgXHdI 6XdI7R1Thoy8ZXa+LQV+imOe68lykPYaV1rKkqC91Ne7kjMGh09qOPseVWl2RAqe 8dacmuneryrsEr8MMXJPAyOqSSrTpKEIHF//MmL+IkRePd1nv4zaAg== =ckjR -----END PGP SIGNATURE----- From dthorn at gte.net Tue Dec 31 21:24:00 1996 From: dthorn at gte.net (Dale Thorn) Date: Tue, 31 Dec 1996 21:24:00 -0800 (PST) Subject: Extremism in the defense of liberty is no vice In-Reply-To: Message-ID: <32C9F4A4.6394@gte.net> Dr.Dimitri Vulis KOTM wrote: > "Timothy C. May" writes: > > I'll continue to be radical in my views. Nothing wrong with extremism in > > the defense of liberty, as some wise men said. > Of course, "cypher punks" are opposed to liberty. Have you noticed that the > only crypto-relevant thread in weeks is about protocols to stop free speech? Could it be that most "serious" list subscribers are "security people"? And who are the people in the U.S. who are most abusive of individual rights and freedoms? Voila. Hence the heavy emphasis on preventing this and that.... From alan at ctrl-alt-del.com Tue Dec 31 21:27:11 1996 From: alan at ctrl-alt-del.com (Alan Olsen) Date: Tue, 31 Dec 1996 21:27:11 -0800 (PST) Subject: Zippy, anonymously Message-ID: <3.0.1.32.19961231212403.01244230@mail.teleport.com> At 04:18 PM 12/31/96 -0500, Adam Shostack wrote: >http://www.metahtml.com/apps/zippy/welcome.mhtml > >Let Zippy provide you with web service. Chaining through the >anonymizer works, too. :) A suggested page is: http://www.metahtml.com/apps/zippy/zippy.mhtml/http://www.nsa.gov:8080/dirnsa/ Pretty damn funny! (At least the version I got...) --- | If you're not part of the solution, You're part of the precipitate. | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.ctrl-alt-del.com/~alan/ |alan at ctrl-alt-del.com| From svmcguir at syr.edu Tue Dec 31 21:42:13 1996 From: svmcguir at syr.edu (Scott V. McGuire) Date: Tue, 31 Dec 1996 21:42:13 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: <199612312306.RAA00569@smoke.suba.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 31 Dec 1996, snow wrote: [NON-Text Body part not included] That message said: >-----BEGIN PGP SIGNED MESSAGE----- > >The Thorn wrote: >> Bill Frantz wrote: >> > All messages sent to the list must be encrypted with the list's >public key. >> >> So in order to post here, I hafta install and run PGP? Well, people >> were looking for the perfect formula to deny service to guys like me, >> and guess what? You found it! I will *not* install and run PGP. > > Why not? There are acceptable email interfaces for just about every >platform out there (pgp-elm, Eudora hooks, Private Idaho etc), and it >really isn't _that_ much of a hassle to do. > > It isn't enough to _write_ the code, or even to talk about it, you >have >to USE it as well. > > >Petro, Christopher C. >petro at suba.com >snow at smoke.suba.com > >-----BEGIN PGP SIGNATURE----- >Version: 2.6.3i >Charset: noconv > >iQCVAwUBMsmcRPee0/pvOCipAQH0fQP/aUpiKWhsR5l7IYKOHQ0KbW6haFee0IYB >PS191z1Mb/yVdqlbVCoQrqIAMCNTnWWMsLzwJDwczFrNcCO/Gn9T+jD3Vcv3D9Jx >mkXLSGBJUXW4/JosUJWHHh3yJFL0dYFveGPkkM4LUpe9waVdAbhUcXX7zbleK+Fs >mXMRLOqhHf4= >=uAlw >-----END PGP SIGNATURE----- I am using one of those email interfaces (premail + pine) and had trouble reading your last message. I had to save the PGP attachement to a file. To quote it, I had to read it in from a file. No big deal, and if I changed software I could probably make it automatic. I suspect most people on the list have yet to set up any software of this type. So if I, already using such software, had a little trouble with one message, how much trouble would others have? Then if the entire list were encrypted? I suspect the list would lose a lot of subscribers. - -------------------- Scott V. McGuire PGP key available at http://web.syr.edu/~svmcguir Key fingerprint = 86 B1 10 3F 4E 48 75 0E 96 9B 1E 52 8B B1 26 05 -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBMsn4/d7xoXfnt4lpAQGVjgQAtBUbc4+1NJza4Dkpb5e5iH8oqkimPN1y L2OBkEwczlOmibGGQXju24jcubqbj5a+yl9GvmpA5kqoWvgMPSMWhHy0dya0nuZ5 f+9k1MqIBJzcC92GK3YM0e2kTL5GW8w+6FKgg7qNh5Tj3pSIq6o94pjNt05CO5qG O9dz0HNaOl0= =8CFz -----END PGP SIGNATURE----- From attila at primenet.com Tue Dec 31 22:40:50 1996 From: attila at primenet.com (Attila T. Hun) Date: Tue, 31 Dec 1996 22:40:50 -0800 (PST) Subject: Fed's blew it this time. In-Reply-To: <219sZD42w165w@bwalk.dm.com> Message-ID: <199701010641.XAA09965@infowest.com> -----BEGIN PGP SIGNED MESSAGE----- In <219sZD42w165w at bwalk.dm.com>, on 12/31/96 at 11:59 AM, dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) said: ::> Timothy C. May wrote: ::> > ::> > Your message is the equivalent of that brain-damaged ebonite's ::> > "Why can't we all just get along?" ::> ::> Tim, ::> Have you 'coined a phrase' here? ::> Perhaps future generations, reading of the exploits of the ::> 'Ebonites', will recognize your contribution to the language. ::> Have you seen _Mars Attacks_ where Jack Nicholson, playing the ::> president, says just that? ::have you noticed that a lot of recent popular movies either portray ::the U.S.G. as a bunch of crooks and criminals, or make fun of killing ::them all (e.g. Mars Attacks). This would have been unthinkable 20 ::years ago. 20 years ago, the Vietnam protests were just dying down. the movie industry which has been one of the more vocal anti-war centers (except in making violent war movies which make money) was still somewhat respectful of the USG. Other than the liberals who give Bubba a birthday party --probably more for their own publicity (except Barbra), most everybody is getting fed up with the government and beginning to realize the USG not only over governs, but the public is also beginning to understand the usurpation of power, and the basic unconstitutionality of the regulatory agencies. Utah is as good an example as any; they have never been Fed supportive (even if it was Republican), but the church mandate is to support the government --however, they are quickly swinging to a large majority which not only does not like the Federal government, but who are also actively stating the government is illegal-- and the church is silent. The other Intermountain states have been just plain independent minded, but tolerated the Feds. Not any more. Idaho and eastern Washington are not a safe place for the Feds. Montana makes no bones about it; Wyoming, Colorado, and New Mexico are vocal. And AZ is as pissed as they come over the MJ pronouncement "--what do you mean the Feds are telling us our vote is worthless and our States' Rights don't mean pig shit." Nobody particularly cares about the MJ, it's the pure and simple emphasis on States' Rights and the Voters' Rights to self-determination and the 10th Amendment. Analysis of California attitudes is even more revealing; the statement the DEA would pull prescription permits from doctors prescribing maryjane in AZ and CA has stirred a firestorm which will only get larger. The people spoke and the Feds said: "Fuck You!" The question then is, how long before the Eastern whimps and liberal tit suckers wake up and realize they too are about to lose the option of being liberal tit suckers? Of all things, MJ may be the last straw (going up in smoke ); now, if the press will get off their sensationalism on the CDA and talk about what it is we are really fighting --free speech as a whole, Thomas Jefferson might wake up one day soon and say: "Alright! but it took you stupid bastards more than the 20 years to have a little revolution to teach Washington who the government serves!" Maybe Bubba needs a little more cocaine so he gets "brave" enough to call in UN troops to quell a riot... then WE watch the fun. Some of you sissies might even lift your hardware and watch your first melon explode. After the first one, it's easy. For the first time a civilized nation has full gun registration! Our streets will be safer, our police more efficient, and the world will follow our lead in the future. --Adolf Hitler (1935) Is Adolf's future here again? 46. The U.S. government declares a ban on the possession, sale, transportation, and transfer of all non-sporting firearms. ...Consider the following statement: I would fire upon U.S. citizens who refuse or resist confiscation of firearms banned by the U.S. government. --The USMC Combat Arms Survey The same survey had questions of obeying commands from UN officers, and obeying commands from UN officers on US territory, and against US citizens. Anybody who wants a copy of the whole survey, send me email. This was not somebody's master thesis; on some special operations bases it was given by a major, others a light bird, etc. all SEALS and USMC spec-op groups were given the "test" --the younger men were >85% compliant; the reuppers and lifers were real low on compliance (~15%). Our PC and revisionist history has built the generation they want: functionally illiterate "world-oriented" cannon fodder. stop your incessent nattering and do something constructive. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: Encrypted with 2.6.3i. Requires 2.6 or later. iQCVAwUBMsoGSb04kQrCC2kFAQFxkgP/SYfgRg2wMlCYoEmV4qmgdoKcC16ZfM1f 8fwZGw2zyDo+6HLWPJER4CmvKLHHD8jL5PJ5igbTguJ9590EaipQ2XN3ZKtaTEQ8 NBmXuf96Mla4BH11kkaAnQoQ7UHVNAwb1VXZFgsfujGe/fUfzYdwF/nvHQeC7Jjh Rx9BC9XFcGY= =IS/k -----END PGP SIGNATURE----- From Success at midlex.com Tue Dec 31 22:59:54 1996 From: Success at midlex.com (Donald) Date: Tue, 31 Dec 1996 22:59:54 -0800 (PST) Subject: test Message-ID: <199701010658.WAA22719@lithuania.it.earthlink.net> All Aboard!! The CD EXPRESS!! One time $50 US purchase Can earn you $500 a day !! World Wide Opportunity! - CD's/CD Rom network - Everyone Loves music - Never have to Purchase another CD - Explosive New Home-Based Business - Debt Free Company The Excitement Has Begun !! Position Yourself NOW! Call: Bill Marple (9am-9pm EST US) Phone: 704-846-8299 Reference Number: INTERNET From bigdaddy at shell.skylink.net Tue Dec 31 23:17:19 1996 From: bigdaddy at shell.skylink.net (David Molnar) Date: Tue, 31 Dec 1996 23:17:19 -0800 (PST) Subject: Hardening lists against spam attacks In-Reply-To: <199701010319.VAA00222@smoke.suba.com> Message-ID: On Tue, 31 Dec 1996, snow wrote: > Babayco wrote: > This is cypherpunks, if we can't be bothered to use crypto software, > then how can we tell others they should? Do you think there is a difference between encouragement and dogma? Sorry. I apologize for my emotional involvement; I find this issue annoying, mainly because it will affect me directly. > > > what about people who post to and read the list from someplace other than > > their home computer, like school or work? I have access to this account > > from my college, but I'm sure not going to leave my keys lying around > > my account just so I can post to a mailing list. > > Seperate key for that account/mailing list. What about those without persistent storage? Many computer labs in schools and libraries choose to install security software of some sort. This causes their machines to behave in odd ways, insofar as they find and delete all foreign data. A variant of the same quirk prevents one from recognizing any but a select set of applications, no matter where they are placed. Netscape is one of these apps. PGP is not. My only access to e-mail, during much of the year, is through just such a lab. As a result, I am in the unenviable position of using hotmail.com and mailmasher.com for most of my correspondence. Even if it were possible to install PGP on these machines, there is no provision as yet for the kind of integration possible with, say, Eudora, PIdaho, or pine. Special client software might ameliorate the problem, but will not be installed without much administrative hand-wringing. I am fortunate enough to have my own computer. I can create messages there w/PGP and then bring them to a networked computer for sending. My chances of doing so are about equal to the chance that UNLV will win the Rose Bowl next year. The simple fact is that I am lazy. I respond to messages on cypherpunks spontaneously, as I see topics of interest (and this is one of 'em!). Rather than somehow forcing me to spend more "thought" and "energy" in my posts, these kinds of measures will create frustration and disillusionment, _ESPECIALLY_ when things fail to interface correctly and cause my messages to bounce. I have no patience for such arbitrary criteria. Making message delivery harder will not magically cause me to spend more time on the actual composition. It will simply take time away from the next message. I try to spend a fair amount of time on each post already...why should I be penalized for attempting to contribute? In any case, what bogeyman are we worried about, anyway? Pseudonyms? This list is already full of 'em. That's nothing new. Forged messages? If you trust anything you read on the Internet...well.. Privacy? It's a public mailing list, and one which I have long respected for its tradition of openness and inclusion. Sorry about the ranting, but as I noted above, my own ox is being gored here. :-) -David Molnar