From pstira at escape.com Sun Sep 1 00:53:28 1996 From: pstira at escape.com (pstira at escape.com) Date: Sun, 1 Sep 1996 15:53:28 +0800 Subject: WARNING vIRuS! In-Reply-To: <199608311621.LAA20992@netnet1.netnet.net> Message-ID: On Sat, 31 Aug 1996, kickboxer wrote: > 99.9% of > virus scanners and other antivirus programs will not recognize it > scan all images upon download! duh From alano at teleport.com Sun Sep 1 01:35:20 1996 From: alano at teleport.com (Alan Olsen) Date: Sun, 1 Sep 1996 16:35:20 +0800 Subject: WARNING vIRuS! Message-ID: <3.0b11.32.19960831234035.00b1f6cc@mail.teleport.com> At 11:21 AM 8/31/96 -0500, kickboxer ingnoring the "clueserver refused by host" messages wrote: > There is a new and VERY dangerous virus called the HAZ-MAT virus! >it fucks up the sectors on your hd, and really messes up the partition >tables. It does this once a week, picking a random time to do it. 99.9% of >virus scanners and other antivirus programs will not recognize it, for it is >a totally new strain, using a never before seen code.... Be warned! The >HAZ-MAT virus usually resides in JPG, and GIF files... once the files are >viewed, the virus takes effect. >scan all images upon download! This is the clueless kind of crap I expect pitched to AOL users and upper level management. GIF and JPEGs contain *NO* executable code. You cannot get viruses from them. You obviously have no clue as to what the hell you are talking about. The only way that you could obtain the effects described above is with Black Magic and/or Voodoo. (And not even then.) I remember a similar hoax going around about 3-4 years ago about viruses in image files. I guess nothing on the net is ever forgotten entirely. Especially the urban legends and bullshit. --- | "Remember: You can't have BSDM without BSD." - alan at ctrl-alt-del.com | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.teleport.com/~alano/ | alano at teleport.com | From furballs at netcom.com Sun Sep 1 01:37:50 1996 From: furballs at netcom.com (Paul S. Penrod) Date: Sun, 1 Sep 1996 16:37:50 +0800 Subject: WARNING vIRuS! In-Reply-To: Message-ID: On Sat, 31 Aug 1996, Mark M. wrote: > On Sat, 31 Aug 1996, Paul S. Penrod wrote: > > > Binary launches are the way they do it, and the way a virus spreads, > > unless you get caught up with autoexecuting Word and Excel macros. > > > > I have yet to see *any* truly data propogating viruses. > > Would you count the fingerd exploit used in the Internet Worm as a data > propogating virus? If a poorly written mail program doesn't do bounds > checking, it could conceivably allow for a Good Times-like virus. However, > highly unlikely, since mail programs are too diverse and it would be very > doubtful that a brain-dead mail program would become very widespread. I would > be much more worried about other non-email programs that fail to do bounds > checking (like Netscape v1.1). > > -- Mark > No, I wouldn't consider the fingerd exploit a data propogated virus in the same sense as data embedded in a purely passive activity (viewing an image file) which somehow launches a vicious nasty on your disk. However, you do bring up an interesting point in that example. Netscape and programs of that ilk, IMO, yield antoher exploitable pathway into a system, should someone figure a method to shove a jam into the doorway to keep the door open long enough to allow a renegade proc to be started and executed outside the control of the local operator. ...Paul From mpd at netcom.com Sun Sep 1 02:29:10 1996 From: mpd at netcom.com (Mike Duvos) Date: Sun, 1 Sep 1996 17:29:10 +0800 Subject: ^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿WARNING^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿^¿ vIRuS! In-Reply-To: <3.0b11.32.19960831234035.00b1f6cc@mail.teleport.com> Message-ID: <199609010741.AAA25267@netcom8.netcom.com> Alan Olsen writes: > This is the clueless kind of crap I expect pitched to AOL users and > upperlevel management. > GIF and JPEGs contain *NO* executable code. You cannot get viruses > from them. You obviously have no clue as to what the hell you are > talking about. > The only way that you could obtain the effects described above is > with Black Magic and/or Voodoo. (And not even then.) I don't want to restart the jpg-virus flame war again, and this particular story is likely completely bogus, but I should point out that most complicated software, including jpeg viewers, has undiscovered bugs lurking about. It is also not particularly difficult to find a garbage input file for most sloppily written programs which bombs the program into branching into one of its data buffers. Indeed, it wasn't so long ago that you could get httpd to put crap on its own stack by feeding it an excessively long URL. So I would certainly not be surprised if someone managed to construct a .jpg file which would do nasty things to ones machine if loaded with a specific viewer, and give an error message when loaded by other software. If the viewer was a widely used one, and the .jpg was posted on Usenet with an alluring title, one could probably do quite a bit of damage before people got wise. Not a virus in the traditional sense, but a fairly common way to attack complicated operating systems and applications. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From strix at rust.net Sun Sep 1 02:51:54 1996 From: strix at rust.net (Jennifer Mansfield-Jones) Date: Sun, 1 Sep 1996 17:51:54 +0800 Subject: Dr. Vulis is a test, right? [was RE: Desubscribe] In-Reply-To: <2.2.32.19960830224855.00355560@labg30> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 30 Aug 1996, John Deters wrote: > So, my original question is: is there really a Dr. Dmitri Vulis (KOTM) > somewhere? Or is he just some made-up straw man, created by Tim May, John > Gilmore and Eric Hughes for their personal amusement, and to add a spot of There is somebody by this name in the field: the City University of New York granted a PhD to one Dimitri Vulis in 1995. The dissertation title was "Collective encryption: Cryptosystems based on the commutator collection process for certain free products". As to whether the existence of someone with any given name has any bearing on the identity of any participant in cypherpunks, well, this list has discussed that general topic before... regards, `=-`=-`=-`=- -='-='-='-=' Jennifer Mansfield-Jones http://www.rust.net/~strix/strix.html strix at rust.net PGP key ------^ Never try to outstubborn a cat. (R.A.H.) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMijdakxVmNNM34OxAQE98gP9HrRQPCSFYkenAWZB9lriBYu5zA0PCLXs 5Z/3NijVdrT2sHeMawDumYwuk+l9xgIUObmB8c2njGLLrZmZERSyWzbUPI5PRWp2 KvPNA1G1F6SBwedcO9cW342dgwZadpjU5zdxkPvTLDO9cHqNrf5hk8yQp3RlUj3v iOsef3tQ85s= =VJmp -----END PGP SIGNATURE----- From paul at fatmans.demon.co.uk Sun Sep 1 05:13:50 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Sun, 1 Sep 1996 20:13:50 +0800 Subject: Desubscribe Message-ID: <841572883.28748.0@fatmans.demon.co.uk> > Whoever uses the term "spam" in derogatory manner, opposes free > speech and deserves to be caned. Whoever uses the term "spam" in a non-derogratory manor is an arsehole and deserves to be shipped to sweden where they shall be made into cheese by nuns. Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From paul at fatmans.demon.co.uk Sun Sep 1 05:26:23 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Sun, 1 Sep 1996 20:26:23 +0800 Subject: Encryption Message-ID: <841572886.28792.0@fatmans.demon.co.uk> > Algorithm: Select bit-groups of random length from the file until the file is > completely processed. Shuffle the bits in each group randomly and > save each group back to the file. Repeat if needed using different > key-strings for each successive encryption, for increased security. You pay no attention whatsoever to key distribution, the fact that this is just a form of permutation and no substitution is used, also how do you account for the fact that the user`s random number source may not be strong, even recognized rng`s like the keyboard latency routines in pgp grind to a halt when faced with a hardware perculiarity like a keyboard buffer etc... Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From farber at central.cis.upenn.edu Sun Sep 1 05:53:04 1996 From: farber at central.cis.upenn.edu (Dave Farber) Date: Sun, 1 Sep 1996 20:53:04 +0800 Subject: Esther Dyson on Remailers Message-ID: <3.0b11.32.19960901065251.00715d08@linc.cis.upenn.edu> EFF does not, to my knowledge, (and I am a Board Member) have an organizational view on this issue. There are a lot of different views and each member of EFF has their own view that they can and will state as private people. The tendency of the Press to label people with organizations affiliation ship gives the impression of organizational views. For example I certainly don't speak for the University of Pennsylvania when I say thing to the newspapers. Dave http://macpond.cis.upenn.edu From stewarts at ix.netcom.com Sun Sep 1 06:02:53 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Sun, 1 Sep 1996 21:02:53 +0800 Subject: Pseudonym server: Jenaer Anonymous Service Message-ID: <199609011109.EAA24157@toad.com> Jenaer Anonymous Service looks like a high-security pseudonym server. You can send outgoing mail to email or newsgroups. It accepts encrypted email addressed to anon-hexkeyid at as-node.jena.thur.de, where hexkeyid is the keyid for a PGP key you send it; it doesn't store any information about the owner of the key. To pick up your mail, you send it an encrypted message with the keyid and a Reply-To: header, and it sends you your mail by mixmaster. It's a bit less user-friendly than some servers, since you not only need PGP, but you need to pick up your mail rather than having it arrive directly. But in return, it's pretty secure, since you can only get caught if the remailer or its operator are compromised when you request a delivery. I haven't yet checked if how flexible it is about the location of Reply-To: in the headers, since some mailers make it difficult to paste that in. The public key for the server is signed by Lutz.Donnerhacke at Jena.Thur.De, which is in turn signed by 0x3B7F286D, which MIT thinks is an unknown signator... The help message has a policy against illegal activity, flamewars, and binary files, and says people can be blacklisted for abuse. Because you don't get your reply email until you ask to pick it up, it does seem easy to abuse; complaints, flames, and mailbombs won't reach you if you don't ask for them. I hope the operator doesn't mind the workload of managing the remailer - it looks like a good service, and with Julf's remailer shut down, we need more nymservers. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # Reassign Authority! From erehwon at c2.net Sun Sep 1 06:22:09 1996 From: erehwon at c2.net (William Knowles) Date: Sun, 1 Sep 1996 21:22:09 +0800 Subject: The Three Horsemen??? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- It seems most everywhere I turn, either on the Internet or on television there is some reference to the Four Horseman of the Infocalypse, -Terrorists, Pedophiles, Drug Dealers and Money Launderers, But no real hard evidence. But since the story broke in the Observer I have been trying to remember where I heard of Toby Tyler before, I belive it was on a television show on the Discovery Channel that Tim May was in, and recently I found this about Mr. Tyler in the Clari. newsgroups reporting on the child sex trade. == One professional cybercop is Toby Tyler, who surfs the Net from his computer terminal in the San Bernadino (Calif.) County Sheriff's Department. He searches for scams, sources of child porn, and deceptions designed to entrap children. Five investigators in his department are busy full-time investigating child sexual exploitation - much of it flowing from pedophiles trying to set up meetings with children by computer. The Internet is a ``two-edged sword'' for child pornographers, Deputy Tyler says. On the one hand, he says, it seems to have damaged the profitability of pornographers who sell their wares via dial-up computer ``bulletin board.'' There is so much free stuff on the Internet - why would anyone pay? == Wouldn't the Observer article about anon.penet.fi transmitting 75 to 90% of the child porn on the Internet lead you to belive that since it has been shut down that all Internet child porn will pretty much dry up? I Wonder if its now the Three Horsemen of the Infocalypse? William Knowles erehwon at c2.net -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMimNkQURbnwsNLz5AQEncgQAonfr7b67BZfLOjJxnS8GzlZ3RSoGYBMT 07uacF3sIkH9vyXVnG3O4BKbptb28dPBm1OoN7dufTyu7WxEi91sQNcY++MUmwhO vRR+yWcSWTAeOb1AwDZFXxRLdFCJHbshb6M6P4ECa2VA6ONGH/lTgy/dZS6Zk1Nb vD7jCUw8k2s= =jRGc -----END PGP SIGNATURE----- -- William Knowles PGP mail welcome & prefered / KeyID 1024/2C34BCF9 PGP Fingerprint 55 0C 78 3C C9 C4 44 DE 5A 3C B4 60 9C 00 FB BD Finger for public key -- Vote for Harry Browne in November -- http://www.HarryBrowne96.org From dlv at bwalk.dm.com Sun Sep 1 06:31:35 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 1 Sep 1996 21:31:35 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: Senile tcmay at got.net (Timothy C. May) (fart) rants: > (* I find it Orwellian that being "polite" is taken to mean not saying > anything controversial. It was impolite for Salman Rushdie to write "The > Satanic Verses," is was impolite for people to mention Karla Homulka in > talk.politics.canada, it was impolite to point out that the prime minister > of India drinks a glass of his own urine every day, it was impolite to > refer to Bill Clinton's dalliances with Paula Jones, and so on. Paula Jones is a virtuous woman. Her boss, Bill Clinton, pulled down his pants and ordered her to kiss his erect penis. She refused and was fired. I think it's factually incorrect to describe this sexual harrassment as "dalliances", but we already know that senile Tim May (fart) never lets any facts get in the way of his agenda. It may be impolite to fart in senile Tim May's (fart) general direction, but we do. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sun Sep 1 06:32:03 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 1 Sep 1996 21:32:03 +0800 Subject: Code Review Guidelines (draft) In-Reply-To: <199608312040.PAA20696@manifold.algebra.com> Message-ID: <1kkkTD37w165w@bwalk.dm.com> ichudov at algebra.com (Igor Chudov @ home) writes: > pOL at BILA PARNQ Q, > oKAZALSQ BEZ HUQ. > nA HUQ MNE BEZ HUQ, > kOGDA S HUEM DO HUQ? dEWKI W GOSTI PRIGLA[ALI, dA Q W GOSTI NE PO[EL - pIDVA^I[KO NA MNE RWANYJ, dA HUI[KO NEBOLX{OJ. Decrypt this, Midwestern swines. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From patrickbc at juno.com Sun Sep 1 07:44:36 1996 From: patrickbc at juno.com (patrick b cummings) Date: Sun, 1 Sep 1996 22:44:36 +0800 Subject: hackers texts Message-ID: <19960831.074413.9510.3.patrickbc@juno.com> If any of you hackers out their have wrote any texts for beginning hackers or know of any please send them to me at patrickc at juno.com thank you P. cummings Patrickbc at juno.com From patrickbc at juno.com Sun Sep 1 07:50:23 1996 From: patrickbc at juno.com (patrick b cummings) Date: Sun, 1 Sep 1996 22:50:23 +0800 Subject: hackerlist Message-ID: <19960831.074413.9510.2.patrickbc@juno.com> I am planning to make a list of hackers and would appreciatte it if you would e-mail me with the following information. handle e-mail city,state url whether or not you would like to recieve the list when finished thanks for your help P. Cummings Patrickbc at juno.com From bygg at sunet.se Sun Sep 1 09:38:39 1996 From: bygg at sunet.se (Johnny Eriksson) Date: Mon, 2 Sep 1996 00:38:39 +0800 Subject: Desubscribe Message-ID: > Whoever uses the term "spam" in a non-derogratory manor is an > arsehole and deserves to be shipped to sweden where they shall be > made into cheese by nuns. No thanks, we do not want them. --Johnny "A government that fears its citizens -- should" From proff at suburbia.net Sun Sep 1 09:47:56 1996 From: proff at suburbia.net (Julian Assange) Date: Mon, 2 Sep 1996 00:47:56 +0800 Subject: hackerlist In-Reply-To: <19960831.074413.9510.2.patrickbc@juno.com> Message-ID: <199609011450.AAA22573@suburbia.net> > I am planning to make a list of hackers and would appreciatte it if you > would e-mail me with the following information. > handle > e-mail > city,state > url > whether or not you would like to recieve the list when finished > thanks for your help > P. Cummings > Patrickbc at juno.com Are you on this list of morons? -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+ From ichudov at algebra.com Sun Sep 1 10:05:27 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 2 Sep 1996 01:05:27 +0800 Subject: Moscowchannel.com hack In-Reply-To: Message-ID: <199609011509.KAA26254@manifold.algebra.com> snow wrote: > > On Sat, 31 Aug 1996, Joel McNamara wrote: > > > Not really crypto, but related to the DOJ hack in a way. > > > > Moscow Channel is a pretty slick, Russian news/commentary page. Their Web > > site was hacked and altered by someone who didn't seem to like Russians all > > Just a matter of time before some builds a dedicated Satan type tool that > > scans for HTTP server holes or messed up file permissions to make locating > > potential victims easy. > Write your web site to a CD-ROM and hard-code the base directory into the > webserver. A hacker who has root can forcibly unmount the cdrom and mount another directory on that node. Not a good solution. - Igor. From paul at fatmans.demon.co.uk Sun Sep 1 10:23:30 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Mon, 2 Sep 1996 01:23:30 +0800 Subject: anon.penet.fi: URGENT REQUEST Message-ID: <841590548.16439.0@fatmans.demon.co.uk> FAO: ALL CYPHERPUNKS & COMMUNITY LIST READERS I wish to gauge the response on something here: Following the closure of the anon.penet.fi remailer: If I can get enough funding to cover all expenses (I am a student and cannot unfortunately contribute much myself) I will install lines and hardware at my premises and run the equivalent to the anon.penet.fi remailer. I don`t know what the response to this will be, I need approximately 5000 UK pounds to set up such an operation (Yes, a leased line really does cost that much in the UK) and then a monthly income of around 3000 UK pounds. The service, I propose, would be free to the users, and maintained my by voluntary donation, no access restriction would be placed on non-paying users. Please send me mail at paul at fatmans.demon.co.uk with the subject as ANON.PENET.FI SERVER and the message body an ammount in UK pounds or dollars (approximate ammounts are OK) so I can guage the response. NO MONEY WILL BE TAKEN AT THE PRESENT TIME. As I said, I just want to see what teh response is like and to see if it would be possible, I also would be unable to set it up until I had some solid commintment from the people giving the money, I expect a large response to this and a measly one to the real appeal for hard cash if it goes ahead! - anyway, mail me and i`ll report the response back soon... Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From bdurham at metronet.com Sun Sep 1 10:34:07 1996 From: bdurham at metronet.com (Brian Durham) Date: Mon, 2 Sep 1996 01:34:07 +0800 Subject: hackers texts In-Reply-To: <19960831.074413.9510.3.patrickbc@juno.com> Message-ID: <3229ADAB.7FD5@metronet.com> Again, you may want to do a web search with Yahoo (www.yahoo.com) or hotbot (www.hotbot.com) or whatever. There is loads of good info out there and pointers to ftp sites ... you just need to do a little bit of legwork to find it all. (Along with being creative when asked for keywords by the search engines) Brian bdurham at metronet.com From angelos at gradin.cis.upenn.edu Sun Sep 1 11:02:24 1996 From: angelos at gradin.cis.upenn.edu (Angelos D. Keromytis) Date: Mon, 2 Sep 1996 02:02:24 +0800 Subject: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd) In-Reply-To: Message-ID: <199609011605.MAA26536@gradin.cis.upenn.edu> -----BEGIN PGP SIGNED MESSAGE----- In message , Alan Horowitz writ es: > >The problem is, from my experience at Roosevelt Roads, the Navy never >conducts live fire exercises without declaring the area of operation >strictly off limits to non-military aircraft. Also, the 747 would have >shown up WITH ITS TRANSPONDER DATA on the screens on an Aegis ship, so why >would they fire? And, I didn't think that a P3 pilot would fly around in This has happened before; an Aegis ship in the Persian Gulf shot down an Iranian Airlines (or whatever it's called) aircraft; i'm not sure how many died in that incident (i think about 70 - can very well be wrong). The US just "apologized" for the mistake AFAIK. - -Angelos PS. This happened 8-10 years ago if i recall well. -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBMim0Lr0pBjh2h1kFAQF8AwP8CHSR3sz4tWUbulIWyYgpULLJHtFD3Wag KQx7t+nWyt78TWvZzsFwgGhD295+Ki3PTUGPlWHqO1p0SftReHXuNqOqYXY6EI1p S7eSrrML2YbUTlJ7GLgPCwYEwaeHuyFUNRHoIwmFBLjDnlJZRhKYhhomw5k7EKvl mwU6daPDCiY= =u9kk -----END PGP SIGNATURE----- From jamesd at echeque.com Sun Sep 1 11:02:55 1996 From: jamesd at echeque.com (James A. Donald) Date: Mon, 2 Sep 1996 02:02:55 +0800 Subject: anon.penet.fi: URGENT REQUEST Message-ID: <199609011608.JAA22545@dns1.noc.best.net> At 03:09 PM 9/1/96 +0000, paul at fatmans.demon.co.uk wrote: > I don`t know what the response to this will be, I need approximately > 5000 UK pounds to set up such an operation (Yes, a leased line really > does cost that much in the UK) and then a monthly income of around > 3000 UK pounds. A little greedy. Other people have set up a multitude of remailers for substantially less. We now need remailers, preferably many, many small remailers rather than one big remailer, that is as easy to reply to as alt.penet.fi, but which gives substantially better security, that is to say the reply address can map to a remailer chain, instead of being constrained to map to a regular address as the penet.fi remailer did. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jya at pipeline.com Sun Sep 1 11:07:17 1996 From: jya at pipeline.com (John Young) Date: Mon, 2 Sep 1996 02:07:17 +0800 Subject: Beta Scam Message-ID: <199609011609.QAA18242@pipe6.t2.usa.pipeline.com> http://www.economist.com/issue/31-08-96/wb1.html Beware Geeks bearing gifts The Internet is well known as a pioneer when it comes to technology. Less noticed is its role on the cutting edge of management fashion. Nowadays, it is fashionable for firms to "outsource" product development to just about everybody. Leading Internet firms have developed this method a stage further: they have found an outside supplier so keen to tender his services that he is sometimes willing to pay for the privilege. The name of this fool? The consumer. [More on beta-scamming at the URL.] From jamesd at echeque.com Sun Sep 1 11:12:03 1996 From: jamesd at echeque.com (James A. Donald) Date: Mon, 2 Sep 1996 02:12:03 +0800 Subject: Desubscribe Message-ID: <199609011607.JAA22532@dns1.noc.best.net> > > deserves to be shipped to sweden where they shall be > > made into cheese by nuns. At 04:40 PM 9/1/96 DST, Johnny Eriksson wrote:> > No thanks, we do not want them. You are Swedish? I heard on talk.politics.guns somebody say that in Sweden they had banned knives with a sharp point at the end, and were going to ban sharp knives altogether. I think he was just engaging in hyperbole, that he really meant that gun control in Sweden was unreasonably strict, but on reflection I am not sure. What is the story? --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From ichudov at algebra.com Sun Sep 1 11:29:52 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 2 Sep 1996 02:29:52 +0800 Subject: Bob Dole on Drugs Message-ID: <199609011633.LAA30982@manifold.algebra.com> http://allpolitics.com/news/9608/31/radio.addresses/ ... snip ... Dole, who returned to Washington for Labor Day weekend, also pledged to use the White House as a bully pulpit to promote the "moral message" against drugs and to criticize what he called the entertainment industry's glamorization of drug use. On Sunday, he is to address the convention of the National Guard Association of the United States during which he's expected to propose that the military be enlisted to assist in a renewed war on drugs. From agt387465 at blackhel.fbi.gov Sun Sep 1 11:39:15 1996 From: agt387465 at blackhel.fbi.gov (David Pfeiffer 387465) Date: Mon, 2 Sep 1996 02:39:15 +0800 Subject: Hacker list information Message-ID: Patrick: I am interested in a copy of your mailing list. Thank you. David Pfeiffer From bdavis at thepoint.net Sun Sep 1 11:50:24 1996 From: bdavis at thepoint.net (Brian Davis) Date: Mon, 2 Sep 1996 02:50:24 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: On Sat, 31 Aug 1996, Timothy C. May wrote: > To be blunt, if Singapore wants to stop me from discussing the dictator Yew > and his feeble son, they can't. Except by pulling the plugs on forums in > which my posts are carried. I consider this a Good Thing (that politicians > in Country A generally have no power to tell citizen-units in Country B > what they can say and what they can't). Unless they adopt "Assassination Protection [of the "ignorant" masses]!! And they won't use remailers ... EBD > > --Tim May > > > -- > [This Bible excerpt awaiting review under the U.S. Communications Decency > Act of 1996] > And then Lot said, "I have some mighty fine young virgin daughters. Why > don't you boys just come on in and fuck them right here in my house - I'll > just watch!"....Later, up in the mountains, the younger daughter said: > "Dad's getting old. I say we should fuck him before he's too old to fuck." > So the two daughters got him drunk and screwed him all that night. Sure > enough, Dad got them pregnant, and had an incestuous bastard son....Onan > really hated the idea of doing his brother's wife and getting her pregnant > while his brother got all the credit, so he pulled out before he > came....Remember, it's not a good idea to have sex with your sister, your > brother, your parents, your pet dog, or the farm animals, unless of course > God tells you to. [excerpts from the Old Testament, Modern Vernacular > Translation, TCM, 1996] > > > From jk at stallion.ee Sun Sep 1 11:56:04 1996 From: jk at stallion.ee (=?ISO-8859-1?Q?J=FCri_Kaljundi?=) Date: Mon, 2 Sep 1996 02:56:04 +0800 Subject: anon.penet.fi: URGENT REQUEST In-Reply-To: <841590548.16439.0@fatmans.demon.co.uk> Message-ID: Sun, 1 Sep 1996 paul at fatmans.demon.co.uk wrote: > I don`t know what the response to this will be, I need approximately > 5000 UK pounds to set up such an operation (Yes, a leased line really > does cost that much in the UK) and then a monthly income of around > 3000 UK pounds. I remember the load on anon.penet.fi was something like 7500 messages daily. As for connection, you will need 64kbps line or even less in case you compress the messages. The machine could be either an older Sun Sparc or a PC running free Unix (Linux/FreeBSD/...) Here in Estonia 64kbps costs between 400-600 USD per month, machine would be something like 1000-2000 USD. Still I believe someone setting up a remailer should do so for free, from their own or company resources. The best way would be every ISP to set up their own remailers and nym servers. J�ri Kaljundi AS Stallion jk at stallion.ee From ichudov at algebra.com Sun Sep 1 12:12:07 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 2 Sep 1996 03:12:07 +0800 Subject: Moscowchannel.com hack In-Reply-To: <199609011723.NAA00697@nrk.com> Message-ID: <199609011722.MAA31289@manifold.algebra.com> David Lesher wrote: > > Igor Chudov @ home sez: > > > > > Write your web site to a CD-ROM and hard-code the base directory into the > > > webserver. > > > > A hacker who has root can forcibly unmount the cdrom and mount another > > directory on that node. Not a good solution. > > Real hard disks such as RL02's & RK07's have WRITE DISABLE > switches.... > You can't mount the whole Unix read-only, so there will always be a place to put the hacked web page, and then mount that place over DocumentRoot. - Igor. From wb8foz at nrk.com Sun Sep 1 12:16:50 1996 From: wb8foz at nrk.com (David Lesher) Date: Mon, 2 Sep 1996 03:16:50 +0800 Subject: Moscowchannel.com hack In-Reply-To: <199609011509.KAA26254@manifold.algebra.com> Message-ID: <199609011723.NAA00697@nrk.com> Igor Chudov @ home sez: > > > Write your web site to a CD-ROM and hard-code the base directory into the > > webserver. > > A hacker who has root can forcibly unmount the cdrom and mount another > directory on that node. Not a good solution. Real hard disks such as RL02's & RK07's have WRITE DISABLE switches.... -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From ichudov at algebra.com Sun Sep 1 12:22:56 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 2 Sep 1996 03:22:56 +0800 Subject: It is good that anon.penet.fi has been closed! Message-ID: <199609011733.MAA31382@manifold.algebra.com> Yes, subject says it all. anon.penet.fi was a whole lot worse than cypherpunks remailers. It provided clueless users with no real security, because it stored return addresses and did not use chaining and encryption. Maybe closing of anon.penet.fi will spur real interest from the unwashed alt.sex.* masses to the truly secure remailers. - Igor. From frissell at panix.com Sun Sep 1 12:43:47 1996 From: frissell at panix.com (Duncan Frissell) Date: Mon, 2 Sep 1996 03:43:47 +0800 Subject: Esther Dyson on Remailers Message-ID: <2.2.32.19960901173906.00730cd8@panix.com> At 06:52 AM 9/1/96 -0400, Dave Farber wrote: >EFF does not, to my knowledge, (and I am a Board Member) have an >organizational view on this issue. There are a lot of different views and >each member of EFF has their own view that they can and will state as >private people. The tendency of the Press to label people with organizations >affiliation ship gives the impression of organizational views. For example I >certainly don't speak for the University of Pennsylvania when I say thing to >the newspapers. > >Dave > At CFP in '95 in SF, Esther expressed the view that there was a place on the Net for an anonymous ghetto (my words not hers) where people could be anonymous but that most of the net would involve traceability of transactions so that people could be held accountable and that businesses and individuals would want to know who they were dealing with for payment and accountability reasons. I am not stating her position well I'm sure but it was clear that she thought that non-anonymity would be the rule not because it was mandated but just because Net actors would want it that way. A short quote would not allow anyone to understand her full position. If she believes that anonymity would be rejected voluntarily for practical reasons then that is just a prediction of a market not a conclusion. Most on this list would have no objection to making a prediction though we might disagree with it. Just as Esther predicted that the net would end copyright, we might predict that the net combined with immediate settlement payment systems might reduce if not eliminate the need for "positive ID." DCF From markm at voicenet.com Sun Sep 1 13:19:20 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 2 Sep 1996 04:19:20 +0800 Subject: Moscowchannel.com hack In-Reply-To: <199609011509.KAA26254@manifold.algebra.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 1 Sep 1996, Igor Chudov @ home wrote: > snow wrote: > > > > On Sat, 31 Aug 1996, Joel McNamara wrote: > > > > > Not really crypto, but related to the DOJ hack in a way. > > > > > > Moscow Channel is a pretty slick, Russian news/commentary page. Their Web > > > site was hacked and altered by someone who didn't seem to like Russians all > > > Just a matter of time before some builds a dedicated Satan type tool that > > > scans for HTTP server holes or messed up file permissions to make locating > > > potential victims easy. > > Write your web site to a CD-ROM and hard-code the base directory into the > > webserver. > > A hacker who has root can forcibly unmount the cdrom and mount another > directory on that node. Not a good solution. As soon as the sysadmin finds out, said directory can be unmounted and CD-ROM device can be remounted. Besides, if someone manages to get root access on any machine, the sysadmin of that machine is basically screwed anyway. It's much better than having to back up the web page on a tape and having to restore the data when it is altered. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMinT7yzIPc7jvyFpAQHe7AgAuRNtTXZeLkuXo0CFoJOgrI+EEfHOKUsI 9KoRm+aesqNOvFpxPcHiE2QypMDjgjFqGozsT+Qb48W82Yt0p10PdqGtq1Ais+M0 b8gwLbnUPY8tnRFL49TqZIvAHl2kyo/7pxViTrXfNtBe+rSA+9FZHPBJgtHzWy2X LIOQ9P6NPMmdlKuaeZQ3oF1esbvlHInsYOgGTJN0DZQR8ivFyXZ3MA0XjXvnF2pl 4lUDfgUN+BAQzhW56o0cgBnGYetujNJYVAQkzUwCIs2sfxS1Sex305vqfmFHUVkY HACMhuoVXYZXuF+5NCjfhHsnjEiYgeMczGTZDlwOCbIFTxCc8/t6tQ== =oxki -----END PGP SIGNATURE----- From bdavis at thepoint.net Sun Sep 1 13:25:32 1996 From: bdavis at thepoint.net (Brian Davis) Date: Mon, 2 Sep 1996 04:25:32 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: > Brad Dolan wrote: > Isn't that mostly an American thing? > > bd But we've taught them so much .... bd2 > On Sun, 1 Sep 1996, Brian Davis wrote: > > > On Sat, 31 Aug 1996, Timothy C. May wrote: > > > > > To be blunt, if Singapore wants to stop me from discussing the dictator Yew > > > and his feeble son, they can't. Except by pulling the plugs on forums in > > > which my posts are carried. I consider this a Good Thing (that politicians > > > in Country A generally have no power to tell citizen-units in Country B > > > what they can say and what they can't). > > > > > > Unless they adopt "Assassination Protection [of the "ignorant" masses]!! > > > > And they won't use remailers ... > > > > EBD > > > > > > > > --Tim May > > > > > > > > > -- > > > [This Bible excerpt awaiting review under the U.S. Communications Decency > > > Act of 1996] > > > And then Lot said, "I have some mighty fine young virgin daughters. Why > > > don't you boys just come on in and fuck them right here in my house - I'll > > > just watch!"....Later, up in the mountains, the younger daughter said: > > > "Dad's getting old. I say we should fuck him before he's too old to fuck." > > > So the two daughters got him drunk and screwed him all that night. Sure > > > enough, Dad got them pregnant, and had an incestuous bastard son....Onan > > > really hated the idea of doing his brother's wife and getting her pregnant > > > while his brother got all the credit, so he pulled out before he > > > came....Remember, it's not a good idea to have sex with your sister, your > > > brother, your parents, your pet dog, or the farm animals, unless of course > > > God tells you to. [excerpts from the Old Testament, Modern Vernacular > > > Translation, TCM, 1996] > > > > > > > > > > > > From bdolan at use.usit.net Sun Sep 1 13:33:00 1996 From: bdolan at use.usit.net (Brad Dolan) Date: Mon, 2 Sep 1996 04:33:00 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: Isn't that mostly an American thing? bd On Sun, 1 Sep 1996, Brian Davis wrote: > On Sat, 31 Aug 1996, Timothy C. May wrote: > > > To be blunt, if Singapore wants to stop me from discussing the dictator Yew > > and his feeble son, they can't. Except by pulling the plugs on forums in > > which my posts are carried. I consider this a Good Thing (that politicians > > in Country A generally have no power to tell citizen-units in Country B > > what they can say and what they can't). > > > Unless they adopt "Assassination Protection [of the "ignorant" masses]!! > > And they won't use remailers ... > > EBD > > > > > --Tim May > > > > > > -- > > [This Bible excerpt awaiting review under the U.S. Communications Decency > > Act of 1996] > > And then Lot said, "I have some mighty fine young virgin daughters. Why > > don't you boys just come on in and fuck them right here in my house - I'll > > just watch!"....Later, up in the mountains, the younger daughter said: > > "Dad's getting old. I say we should fuck him before he's too old to fuck." > > So the two daughters got him drunk and screwed him all that night. Sure > > enough, Dad got them pregnant, and had an incestuous bastard son....Onan > > really hated the idea of doing his brother's wife and getting her pregnant > > while his brother got all the credit, so he pulled out before he > > came....Remember, it's not a good idea to have sex with your sister, your > > brother, your parents, your pet dog, or the farm animals, unless of course > > God tells you to. [excerpts from the Old Testament, Modern Vernacular > > Translation, TCM, 1996] > > > > > > > From tcmay at got.net Sun Sep 1 13:34:02 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 2 Sep 1996 04:34:02 +0800 Subject: Conservation Laws, Money, Engines, and Ontology Message-ID: Keywords: agoric systems, computational ecologies, resource auctioning, Mark Miller, K. Eric Drexler, Bernardo Huberman, contracts, distributed trust, metered usage, software objects, software ICs, superdistribution, Brad Cox, emergent order. In physics there are various conservation laws: conservation of energy, mass, charge, and whatnot. You all know about this... Conservation of mass says that mass is neither created nor destroyed. (For smart aleck quibblers, conservation of mass-energy.) How does this relate to our issues? "Abuse of Resources": Mail loops, infinite loops, spamming, overloads of networks, and congestion in general are cases where "unrealistic" models of costs are implemented in software. In the real physical world, infinite loops don't occur (at least not in the sense seen with mail loops, as a relevant example.) Conservation laws are related to the "cost model" of the universe. Real physical objects have costs, or ontological status, or presence.... (Please don't read too much into this point...I mean to be suggestive, not literal.) There are no "memory leaks" in the universe which suddenly fill it up with stuff, no perpetual motion machines, no creation and destruction of objects. Cyberspace Ontologies: There are several things which need to be done to make the cyberspatial world more like the spatial world: * payment for CPU cycles consumed (via contractual, permission-based access: "If you want access to this machine, here are the terms and conditions.") * metering mechanisms, such as e-stamps for e-mail (essentially a special case of the first point, where a machine says "I'll pass on your message if you pay me to.") * digital contracts, agreements on usage and payment (resource auctioning, or the "smart contracts" that Nick Szabo has written about) (you can all think of additional examples....) Cryptographic protocols have their uses here, but there are also some other measures which bear looking into. In the LISP community, for example, work has been done on "engines," which are building blocks that are "fueled up" with "CPU fuel" and allowed to run for some amount of CPU cycles. Thus, one could put an engine into a process and it would run for some number of ticks, then stop. (I'm sure there are Unix-level tools which do similar things, in terms of giving a spawned process so many ticks of the clock. The "engines" concept is somewhat more semantically clean, in that it's pushed down into the "ontology" of the thing being simulated or run, and is not at the "God level" (to use a non-technical term!).) Now, certainly I support the right of any person or machine to run programs freely and without charge, to pass on e-mail free of charge, to run remailers for no charge, to accept spam mail without complaint, and so on. What I'm suggesting is that many of the problems being seen with overuse of resources, spam, congestion, and denial of service are really due to a poor model of resource allocation. Unix and other modern operating systems offer various tools for helping to constrain such problems, but, I submit, better methods are needed. (Especially when multiple machines, networks, and even anonymous sites are part of the overall system....clearly the constraints must be managed locally, and via "contract," as part of a computational ecology, and not as a hierarchical, top down Unix-type operating system.) Economics is about the "allocation of scarce resources." Many of the existing models being used treat various scarce resources as _free_. Then, when the inevitable problems occur, calls for top-down regulation are heard (e.g., the frequent calls for illegalization of "unwanted mail"). In my view, building a consistent, distributed, "conservative" system is what Cypherpunks need to be thinking about. (I used the term "conservative" in the physics sense. A system in which various conservation laws are obeyed.) As I said before, this should not be compelled, but voluntary. However, those who give their resources away for free (choosing not to adopt a conservative ontology, in other words) should be in no position to complain or run to the government for top-down regulation because there freely-given resources are being overused or "abused" (in their thinking). And closely related to this whole issue--and something I've written about extensively--is the issue of "building walls in cyberspace." In the real world, persistent structures are build out of real materials, resulting in castles, forts, skyscrapers, bridges, houses, highways, etc. These objects have persistence, have controllable access (gates, doors, locks,...), and have "structural integrity." Cryptographic and distributed trust protocols are about the only means I can think of for constructing the equivalents in cyberspace. (And to a large extent, this is already happening: the Net and the Web have structure which cannot be demolished casually, or by top-down orders from any single national leader. Millions of machines, linked in various ways and implementing various protocols and "terms of service" with users and other machines....an early version of the "conservative" system I think we'll someday see.) Well, this gives the flavor of my points. I haven't rigorously argued all of the points, but the Cypherpunks forum is for presenting informal arguments. Thoughts? --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From attila at primenet.com Sun Sep 1 13:43:58 1996 From: attila at primenet.com (attila) Date: Mon, 2 Sep 1996 04:43:58 +0800 Subject: WARNING vIRuS! Message-ID: <199609011900.NAA07748@InfoWest.COM> kickboxer is full of shit --or trolling. since when can a jpeg or gif file viewer execute anything --nothing starts automatically, in any operating system. that is expecting a jump call of some sort. we haven't yet fallen into the impending insecure abyss of MS objects. to have a piece of code embedded execute, a "start-up" program would need to be previously passed to the target machine which literally scanned all memory for the startup sequence in the foreign material --and translate it. on unix, the code would need to be sophisticated enough to remove itself from the process table --even in sleep modes. and, in any system, the startup sequence must be readable, and therefore traceable by anti-virus routines. now that kickboxed has baited the hook for trolling, what new wet dream will we have for rebuttals?!? On Sat, 31 Aug 1996, kickboxer wrote: > There is a new and VERY dangerous virus called the HAZ-MAT virus! > it fucks up the sectors on your hd, and really messes up the partition > tables. It does this once a week, picking a random time to do it. 99.9% of > virus scanners and other antivirus programs will not recognize it, for it is > a totally new strain, using a never before seen code.... Be warned! The > HAZ-MAT virus usually resides in JPG, and GIF files... once the files are > viewed, the virus takes effect. > scan all images upon download! > > > -- you can fool all of the people some of the time, you can fool some of the people all the time, but you can not fool all the people all the time. --Lincoln? cc: Paul Penrod From ichudov at algebra.com Sun Sep 1 14:18:17 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 2 Sep 1996 05:18:17 +0800 Subject: anon.penet.fi: URGENT REQUEST In-Reply-To: Message-ID: <199609011922.OAA31806@manifold.algebra.com> =?ISO-8859-1?Q?J=FCri_Kaljundi?= wrote: > Sun, 1 Sep 1996 paul at fatmans.demon.co.uk wrote: > > > I don`t know what the response to this will be, I need approximately=20 > > 5000 UK pounds to set up such an operation (Yes, a leased line really=20 > > does cost that much in the UK) and then a monthly income of around=20 > > 3000 UK pounds. > > I remember the load on anon.penet.fi was something like 7500 messages > daily. As for connection, you will need 64kbps line or even less in case > you compress the messages. The machine could be either an older Sun Sparc > or a PC running free Unix (Linux/FreeBSD/...) A couple of notes: 7500 messages/day is not the accurate measure of the load of anon.penet.fi. Remember that each messages had to 1) come in 2) be processed 3) be sent out 4) trigger a confirmation sent to the submitter It is not the same as a user simply receiving 7500 messages/day. If we suppose that each message creates 10KB of IP traffic, it gives us 75MB/day. 75mb/day is less than 1KB per second. It can be handled by a simple 28.8KBPS PPP connection which will still half the capacity to grow twice. A second dedicated phone line and a second modem can be added later. I suspect that UUCP as opposed to IP connection will work better, because UUCP gives us a unidirectional flow of data, which is much more efficient than modems switching direction of the transport for almost each IP packet. I suggest the following configuration: a IBM 486 PC with 16MB of RAM and 28.8 modem, running qmail instead of sendmail and Linux, on a dedicated 28.8 PPP line. The cheapest used VGA display from the nearby waste dump will work just fine. Estimated cost: $700-1000 for the system, $50-100/month for the connection, and 3 hours per day to deal with mailbombing from disgruntled usenet kooks like the right reverend colin james iii (puke). - Igor. From crichardson at earthlink.net Sun Sep 1 14:23:55 1996 From: crichardson at earthlink.net (Conner Richardson) Date: Mon, 2 Sep 1996 05:23:55 +0800 Subject: hackers texts Message-ID: I working on a WWW page for people who want to recieve text articles on hacking/phreaking/etc. It's not very extensive now, but were working on it. Point your browswer to: http://home.earthlink.net/~crichardson/omega.html Also on this page are some files, as well as some other misc indexes. All feedback is apprechiated. -flux From farber at central.cis.upenn.edu Sun Sep 1 14:27:23 1996 From: farber at central.cis.upenn.edu (Dave Farber) Date: Mon, 2 Sep 1996 05:27:23 +0800 Subject: Esther Dyson on Remailers Message-ID: <3.0b11.32.19960901153719.006f4b00@linc.cis.upenn.edu> Just for record, Esther's position is NOT necessarily EFFs. At 01:39 PM 9/1/96 -0400, Duncan Frissell wrote: >At 06:52 AM 9/1/96 -0400, Dave Farber wrote: >>EFF does not, to my knowledge, (and I am a Board Member) have an >>organizational view on this issue. There are a lot of different views and >>each member of EFF has their own view that they can and will state as >>private people. The tendency of the Press to label people with organizations >>affiliation ship gives the impression of organizational views. For example I >>certainly don't speak for the University of Pennsylvania when I say thing to >>the newspapers. >> >>Dave >> > > >At CFP in '95 in SF, Esther expressed the view that there was a place on the >Net for an anonymous ghetto (my words not hers) where people could be >anonymous but that most of the net would involve traceability of >transactions so that people could be held accountable and that businesses >and individuals would want to know who they were dealing with for payment >and accountability reasons. > >I am not stating her position well I'm sure but it was clear that she >thought that non-anonymity would be the rule not because it was mandated but >just because Net actors would want it that way. A short quote would not >allow anyone to understand her full position. > >If she believes that anonymity would be rejected voluntarily for practical >reasons then that is just a prediction of a market not a conclusion. Most >on this list would have no objection to making a prediction though we might >disagree with it. > >Just as Esther predicted that the net would end copyright, we might predict >that the net combined with immediate settlement payment systems might reduce >if not eliminate the need for "positive ID." > >DCF > > > From qut at netcom.com Sun Sep 1 14:31:07 1996 From: qut at netcom.com (Dave Harman OBC) Date: Mon, 2 Sep 1996 05:31:07 +0800 Subject: anon.penet.fi: URGENT REQUEST In-Reply-To: <841590548.16439.0@fatmans.demon.co.uk> Message-ID: <199609011943.MAA08988@netcom3.netcom.com> ! I wish to gauge the response on something here: ! ! Following the closure of the anon.penet.fi remailer: ! ! If I can get enough funding to cover all expenses (I am a student and ! cannot unfortunately contribute much myself) I will install lines and ! hardware at my premises and run the equivalent to the anon.penet.fi ! remailer. ! ! I don`t know what the response to this will be, I need approximately ! 5000 UK pounds to set up such an operation (Yes, a leased line really ! does cost that much in the UK) and then a monthly income of around ! 3000 UK pounds. No way, dude. You can run even an unrestricted T1 here for quite a bit less than �3000. All you need though, is a flat rate dedicated 28,800 modem connection, which has a monthly fee of about �50-100, but we're a little spoiled in the Bay Area. Whatever the fees are there, you could put up something pretty cool as a free server, and perhaps also figure out a way to sell the excess bandwidth at a profit. Whatever you do, stick to one of the unices like linux. Our brief experiences with trying to make Windows 3.0 and Win95 useful convinced us that nothing good can come from Micro$oft. We're planning on starting a modem server as soon as we can get our hardware BS problems sorted out. We'll try installing the cypher punk goodies like Mixmaster. We're planning on a 100% open server that can be telnet 'ed into so we can be open to suggestions to improve security and solicit advice. From porsche at themall.net Sun Sep 1 14:43:44 1996 From: porsche at themall.net (Herbert Feran) Date: Mon, 2 Sep 1996 05:43:44 +0800 Subject: FW: get me off of this list!!!!! Message-ID: --- On Sun, 1 Sep 96 12:41:21 PDT Herbert Feran wrote: I need to be taken off of this list but I can't remeber the code to desubscribe. Can anyone tell me what the code is? ------------------------------------- Name: Herbert Feran E-mail: Herbert Feran Date: 9/1/96 Time: 12:41:21 PM This message was sent by Chameleon ------------------------------------- -----------------End of Original Message----------------- ------------------------------------- Name: Herbert Feran E-mail: Herbert Feran Date: 9/1/96 Time: 12:48:19 PM This message was sent by Chameleon ------------------------------------- From qut at netcom.com Sun Sep 1 15:02:23 1996 From: qut at netcom.com (Dave Harman OBC) Date: Mon, 2 Sep 1996 06:02:23 +0800 Subject: Bob Dole is on Drugs In-Reply-To: <199609011633.LAA30982@manifold.algebra.com> Message-ID: <199609012004.NAA11397@netcom3.netcom.com> ! http://allpolitics.com/news/9608/31/radio.addresses/ ! ! ... snip ... ! ! Dole, who returned to Washington for Labor Day ! weekend, also pledged to use the White House as a ! bully pulpit to promote the "moral message" ! against drugs and to criticize what he called the ! entertainment industry's glamorization of drug use. ! ! On Sunday, he is to address the convention of the ! National Guard Association of the United States ! during which he's expected to propose that the ! military be enlisted to assist in a renewed war on ! drugs. So why didn't you support Pat Buchanan for president, the ONLY candidate to support even a partial legalization of marijuana? Speaking of legalizing drugs, wouldn't it be a good tactic to demand the absolute legalization of ALL drugs? The compromise eventually to follow would be a vast improvement over the status quo. I'm voting Libertarian, and thinking of registering as such, even though I can't stand their capitalist economics, they stand by allowing people to organize and speak out against the very ideals that allowed them to do such. Our government is so corrupt, swinging a figurative axe against it could very well lead to improvement. From matthew at itconsult.co.uk Sun Sep 1 15:18:06 1996 From: matthew at itconsult.co.uk (Matthew Richardson) Date: Mon, 2 Sep 1996 06:18:06 +0800 Subject: anon.penet.fi: URGENT REQUEST In-Reply-To: <841590548.16439.0@fatmans.demon.co.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > I don`t know what the response to this will be, I need approximately > 5000 UK pounds to set up such an operation (Yes, a leased line really > does cost that much in the UK) and then a monthly income of around > 3000 UK pounds. I have looked into UK line costs recently and I suspect that the suggested costs do sound perhaps a little high. Although the set up cost is probably OK, I would suggest that the running costs (assuming that these comprise the circuit charge and payment to an ISP) could be less that half that quoted. What you have been quoted may well depend on who you have spoken to. Best wishes, Matthew -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAgUBMinwBAKwLwcHEv69AQHoGgQAllNK8eXKM6SsNmlnGBmriCklhfI9RZzC GlgtWvTvzsN5j/qoBpWwN4K+fn+HfLScPjQ0rIB50sPTG3E53i4GDsUcTHIQEYKP aNaaiS6ZQKtu2VCBzyyrM5UBoAqronLbBjl3U9C0UDQZ0jdaCUpVWM5qSZikGYTO 5GAWvbp5oq0= =6ZDW -----END PGP SIGNATURE----- From jamesd at echeque.com Sun Sep 1 15:23:48 1996 From: jamesd at echeque.com (James A. Donald) Date: Mon, 2 Sep 1996 06:23:48 +0800 Subject: Sen. Leahy's "impeccable cyberspace credentials" Message-ID: <199609012034.NAA11901@dns1.noc.best.net> At 06:11 PM 8/31/96 EDT, patrick b cummings wrote: > I agree with what you are saying but not all polititions are that bad. > You make it sound as if their are no politisions are for freedom of the > net. So who is the exception? --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From markm at voicenet.com Sun Sep 1 15:26:49 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 2 Sep 1996 06:26:49 +0800 Subject: It is good that anon.penet.fi has been closed! In-Reply-To: <199609011733.MAA31382@manifold.algebra.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 1 Sep 1996, Igor Chudov @ home wrote: > Yes, subject says it all. anon.penet.fi was a whole lot worse than > cypherpunks remailers. It provided clueless users with no real security, > because it stored return addresses and did not use chaining and > encryption. It also provided anonymity to many people who needed it. I think that many people who need anonymity will probably just learn faking mail and news headers. Many people just don't want to deal with cpunk remailers. OTOH, I agree that this might actually force many people with Penet addresses to learn about more secure remailers. In this way, the closing of anon.penet.fi could be looked upon as a Good Thing. However, as long as there is no easy way for Windoze and Mac users to use secure remailers, users will sooner resort to fake-mailing then learning how to use cpunk remailers. People that need a pseudonym address to use on various support groups can get them from other, equally insecure, remailers. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMinwTizIPc7jvyFpAQFpGAf/ZGEXRU7MuROtatlHoAIdaJfIiwig1oDr fwlNjRe7f1ze8dwUuh74nWFt/ofPtjwSUtpCa1xDgTptPPhzr1I6beOdjwONlUzf MVif+wnzyIp27V/DCjebAMxQc2avmYKM6mwcOKfzFwG0cfvf/walJrjmADR9K0oe EXqi7mJzY1rI08Dsw8aHXNj8maDy9pRTSz9O9e0qZTdFlQtFyVNM6PSfAnKR9e1L ebQ5Yx4qNkgkfhDZgacKNv2inkyuD1LsyQneiCIZ0obhhRL7ORU63wGgYlvqc3gx Ux8sK2mMo6kr2dvA07nRyLzl3w9vm6efrFJeZC94fjdBYxluFg6/ag== =+Qm6 -----END PGP SIGNATURE----- From drose at AZStarNet.com Sun Sep 1 15:52:18 1996 From: drose at AZStarNet.com (David M. Rose) Date: Mon, 2 Sep 1996 06:52:18 +0800 Subject: FW: get me off of this list!!!!! Message-ID: <199609012102.OAA01685@web.azstarnet.com> >--- On Sun, 1 Sep 96 12:41:21 PDT Herbert Feran > wrote: >I need to be taken off of this list but I can't remeber the code > >to desubscribe. Can anyone tell me what the code is? >------------------------------------- What's the frequency Herbert? Help, I've fallen and I can't remeber the code. Hint: Try consulting "The Codebreakers." From qut at netcom.com Sun Sep 1 15:52:29 1996 From: qut at netcom.com (Dave Harman OBC) Date: Mon, 2 Sep 1996 06:52:29 +0800 Subject: anon.penet.fi: URGENT REQUEST In-Reply-To: <199609011922.OAA31806@manifold.algebra.com> Message-ID: <199609012058.NAA16695@netcom3.netcom.com> ! =?ISO-8859-1?Q?J=FCri_Kaljundi?= wrote: ! > Sun, 1 Sep 1996 paul at fatmans.demon.co.uk wrote: ! > ! > > I don`t know what the response to this will be, I need approximately ! > > 5000 UK pounds to set up such an operation (Yes, a leased line really ! > > does cost that much in the UK) and then a monthly income of around ! > > 3000 UK pounds. ! > ! > I remember the load on anon.penet.fi was something like 7500 messages ! > daily. As for connection, you will need 64kbps line or even less in case ! > you compress the messages. The machine could be either an older Sun Sparc ! > or a PC running free Unix (Linux/FreeBSD/...) ! ! A couple of notes: 7500 messages/day is not the accurate measure of ! the load of anon.penet.fi. Remember that each messages had to ! ! 1) come in ! 2) be processed ! 3) be sent out ! 4) trigger a confirmation sent to the submitter There's plenty of room for a hacker to improve the Kleinpaste derived server, such as eliminating confirmations unless there's an error. Queing should help a great deal. ! It is not the same as a user simply receiving 7500 messages/day. ! ! If we suppose that each message creates 10KB of IP traffic, it gives us ! 75MB/day. 75mb/day is less than 1KB per second. It can be handled by a ! simple 28.8KBPS PPP connection which will still half the capacity to grow ! twice. A second dedicated phone line and a second modem can be added ! later. ! ! I suspect that UUCP as opposed to IP connection will work better, ! because UUCP gives us a unidirectional flow of data, which is much more ! efficient than modems switching direction of the transport for almost ! each IP packet. The server can que the mail for a hour or so before sending it out all at once. ! I suggest the following configuration: a IBM 486 PC with 16MB of ! RAM and 28.8 modem, running qmail instead of sendmail and Linux, How is qmail better than sendmail? The default BSD sendmail since 8.00+ has automated ident requests built in. It can easily be compiled without that default option, for greater efficiency. ! on a dedicated 28.8 PPP line. The cheapest used VGA display from ! the nearby waste dump will work just fine. Hell, any monitor should work! I'm curious about how to go about acquiring one of those huge 100+ x 100+ charactor terminals that linux supports. Is it practical, cheap and readable? ! Estimated cost: $700-1000 for the system, $50-100/month for the ! connection, and 3 hours per day to deal with mailbombing from ln -s /dev/null /usr/postmaster ln -s /dev/null /usr/abuse That should filter the mail quite nicely! :-> BTW, do y'all have a favourite Bay Area store for used or otherwise affordable unice fond equiption? Such as used Sparcs or Alphas? Legal copies of commercial unice software along with the equipment? Thanks. From ichudov at algebra.com Sun Sep 1 16:38:52 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 2 Sep 1996 07:38:52 +0800 Subject: Moscowchannel.com hack In-Reply-To: Message-ID: <199609012149.QAA00600@manifold.algebra.com> Mark M. wrote: > > A hacker who has root can forcibly unmount the cdrom and mount another > > directory on that node. Not a good solution. > > As soon as the sysadmin finds out, said directory can be unmounted and CD-ROM > device can be remounted. Besides, if someone manages to get root access on any > machine, the sysadmin of that machine is basically screwed anyway. It's much > better than having to back up the web page on a tape and having to restore the > data when it is altered. It depends on the ratio R = (frequency of legit Web page changes) / (frequency of breakins * cost of a breakin). The lower is R, the more what you say makes sense. I suspect that in the real world R is rather high. - Igor. From qut at netcom.com Sun Sep 1 16:42:13 1996 From: qut at netcom.com (Dave Harman OBC) Date: Mon, 2 Sep 1996 07:42:13 +0800 Subject: It is good that anon.penet.fi has been closed! In-Reply-To: <199609011733.MAA31382@manifold.algebra.com> Message-ID: <199609012143.OAA20934@netcom3.netcom.com> ! Yes, subject says it all. anon.penet.fi was a whole lot worse than ! cypherpunks remailers. It provided clueless users with no real security, ! because it stored return addresses and did not use chaining and ! encryption. ! ! Maybe closing of anon.penet.fi will spur real interest from the unwashed ! alt.sex.* masses to the truly secure remailers. There has to be more crypto anonymizing aliasing remailers and with easier interfaces. Closing the Kleinpaste derived server will help put the pressure of demand to start better remailer systems. There's not enough capacity and reliability with the servers extant. There should be thousands of full featured remailers. We'll help out as soon as we can get the hardware problems we have figured out and provided there's understandably configurable linux networking software out there. Would it be a good idea to have a 100% open server that anyone can telnet in and copy all the e-mail data? If the chaining crypto remailers are reliable, there's no reason why not, except the risk of clock cycle cryptanalysis. There should be an easy way of preventing those attacks, if not, the data can be read accessable only after the {de|en}cryption. This openness should go a long way in protection so far as liability is concerned. In other words, if Big Brother can force his way into your privacy, why not little brother? From edyson at edventure.com Sun Sep 1 17:04:19 1996 From: edyson at edventure.com (Esther Dyson) Date: Mon, 2 Sep 1996 08:04:19 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi Message-ID: <19960901220323595.AAA208@Esther.edventure.com> Before going into the merits of this, let me make two points: One I specifically asked the reporter (Amy Harmon) to quote me as an individual, not as a spokesperson for the EFF. (It was Amy Harmon, and the only address I have for her bounces, but as you can imagine I would like to get in touch with her! Anyone know it?) These are my personal views; EFF has no formal policy on this yet -- precisely because it's a complex issue. Now, speaking personally: I believe there are trade-offs -- which is what I told the LA Times. I assume I was quoted accurately (although the word "enforce" is awkward), but out of context. Anonymity can be dangerous -- as can traceability, especially in/by repressive regimes. Therefore I would favor allowing anonymity -- with some form of traceability only under terms considerably stronger than what are generally required for a wiretap. Anyone who seriously needs anonymity because of a repressive government is likely to use a foreign (outside whatever jurisdiction he fears) server, so that this is not a matter of "local" laws. The tracer would have to pass through what I hope would be tighter hoops than we have now. Please note that this is not the same as the right to *private* conversations and the use of encryption; this is the issue of being accountable for what you publish in public. My assumption is that there will be a wide variety of Net communities with different rules/regulations/attitudes towards anonymity that would apply ex some kind of international sanctions; I think that's appropriate. Yes, I'm aware of the complexities, and of the possibilities for miscarriages of justice. The world isn't yet the way I want it to be. But I wanted to respond reasonably promptly. BTW, I would welcome a chance to read the whole article (or at least a *little* more of the context, under fair use). Speaking for myself, only (and publicly), Esther Dyson At 06:40 AM 9/1/96 -0400, Dave Farber wrote: >>Posted-Date: Sun, 1 Sep 1996 14:59:53 +1000 (EST) >>Date: Sun, 1 Sep 1996 14:59:53 +1000 (EST) >>From: Charles Senescall >>To: cypherpunks at toad.com >>Cc: declan at well.com >>Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi >>Sender: owner-cypherpunks at toad.com >> >>On Sat, 31 Aug 1996, Declan McCullagh wrote: >> >>> The attached article was reposted to fight-censorship with the permission >>> of the Los Angeles Times, which ran it on the front page today. >>[snip] >>> Note Esther Dyson's comments: >>> >>> "The damage that can be done by anonymity is far bigger" than in >>> any other medium, said Esther Dyson, chairwoman of the Electronic >>> Frontier Foundation. "In the end, you need to be able to get at >>> somebody's identity to enforce accountability, and the question is how >>> do you also enforce freedom of speech and freedom from prosecution for >>> unpopular opinions." >> >>Is this _really_ the EFF policy on anonymopus remailers?? >> >>I will check with our local version of the EFF and see what they have to say. >> >>If the EFF is not for anonymity it needs to be publicised. Perhaps the >>EFF has been in bed with the political pigs too long. *OINK* >> >>-- >> .////. .// Charles Senescall apache at quux.apana.org.au >> o:::::::::/// Fuck TEL$TRA >>>::::::::::\\\ Finger me for PGP PUBKEY Brisbane AUSTRALIA >> '\\\\\' \\ >> >> >> >> > > Esther Dyson Always make new mistakes! EDventure Holdings 1 (212) 924-8800 1 (212) 924-0240 fax 104 Fifth Avenue New York, NY 10011 USA www.edventure.com High-Tech Forum in Lisbon, October 27-29, 1996 PC Forum in Tucson, Arizona, March 23-26, 1997 From rishab at dxm.org Sun Sep 1 17:07:20 1996 From: rishab at dxm.org (Rishab Aiyer Ghosh) Date: Mon, 2 Sep 1996 08:07:20 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: <1.5.4.32.19960831063502.0033b25c@giasdl01.vsnl.net.in> Message-ID: <199609012218.PAA13546@nic.cerf.net> Arun Mehta wrote: > and India will be too: the law here holds the ISPs responsible > for ensuring that nothing objectionable and obscene is carried by > them, and what simpler way to comply than to FWIW: "There is no need to licence content providers; Internet service providers are not responsible for illegal content." R K Takkar, Indian Telecom Secretary (at the time of interview); see http://dxm.org/techonomist/news/ndp1.html for more. > Ideally, I should be able to > send via pgp and anonymous remailer a request for a page, which would soon > come beamed down unencrypted via satellite. No more waiting hours > for the latest version of Netscape to download (!) you'll only have to wait hours for your anonymous-remailer-web-to-e-mail gateway, EVERY time you want a page. In one of my Electric Dreams columns, "Censorship is bad for business," (archived here and there on the Web) I wrote that governments will eventually see sense and stop censorship, if they're interested in making their countries rich. Singapore in every other field of work has shown its interest in deregulation; I would expect them to do so on the Net as well, when it becomes clear that there's rather more to it than porn and subversion. In the meanwhile, there's not much point trying to "help" them, apart from providing moral support. Incidentally, do the cypherpunk archives in Singapore, which always come out first in my AltaVista searches, not contain a trace of officially disliked content? In this month's First Monday, due out tomorrow, Andreas Harsono - a banned Indonesian journalist who reports from Jakarta through the Internet for various foreign publications - writes on censorship in S-E Asia, and how some countries, like Indonesia, are _more_ relaxed in their treatment of on-line media than the press. Best, Rishab ps. I don't read the list regularly, so reply by mail if you want a response. First Monday - The Peer-Reviewed Journal on the Internet http://www.firstmonday.dk/ Munksgaard International Publishers, Copenhagen International Editor - Rishab Aiyer Ghosh (rishab at dxm.org) Pager +91 11 9622 162187; Fax +91 11 2209608 or 2426453 or 2224058 A4/204 Ekta Vihar, 9 Indraprastha Extn, New Delhi 110092 INDIA From ichudov at algebra.com Sun Sep 1 17:11:15 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 2 Sep 1996 08:11:15 +0800 Subject: It is good that anon.penet.fi has been closed! In-Reply-To: Message-ID: <199609012217.RAA00801@manifold.algebra.com> Mark M. wrote: > On Sun, 1 Sep 1996, Igor Chudov @ home wrote: > > Yes, subject says it all. anon.penet.fi was a whole lot worse than > > cypherpunks remailers. It provided clueless users with no real security, > > It also provided anonymity to many people who needed it. I think that many > people who need anonymity will probably just learn faking mail and news > headers. Many people just don't want to deal with cpunk remailers. OTOH, I > agree that this might actually force many people with Penet addresses to learn > about more secure remailers. In this way, the closing of anon.penet.fi could > be looked upon as a Good Thing. However, as long as there is no easy way for > Windoze and Mac users to use secure remailers, users will sooner resort to > fake-mailing then learning how to use cpunk remailers. People that need a > pseudonym address to use on various support groups can get them from other, > equally insecure, remailers. I believe that Private Idaho is a cypherpunks remailer client for Windows. - Igor. From jseng at pobox.org.sg Sun Sep 1 18:21:59 1996 From: jseng at pobox.org.sg (James Seng) Date: Mon, 2 Sep 1996 09:21:59 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: On Sat, 31 Aug 1996, Timothy C. May wrote: > The point is to make clear to them that the Usenet and similar Web sites > are global in nature, not subject to censorship without a very high local > cost. If discussions of Lee Kwan Yew's dynasty are considered illegal, then > Singaporans will have to choose not to carry the various newsgroups into > which *I* post such messages! Just let to add my comment in regard to this unforuntate discusssion. To understand the sitution better, you should not impose America idealogy and perspection on how things to be done to Singapore. Singapore maybe young but there are certain culture too. Most importantly, the move to censor certain WWW site actually comes as a relieve to many people, especially parents who worried about the bad influence of it. We can go into the same discussion about whose responsibilty it is but before you do that, please bear in mind that this is Singapore. As an example of what i mean, few years back, when they introduced R rating movies uncensored in Singapore for people above 18, it cause a surge in soft-porn movie to be screened. There is a general dissatifaction among the people and the government was force to shift the age limit to 21. And then later revised the R rating to R(A), where A stands for artistic which rules out soft-porn. It may be surprising but many people (in Singapore) do welcome censorship sad to say. In addition, you need to see the method of censorship deployed in Singapore. For press media like papers and magazine, it is done in a passive manner. They _do not_ read every issue of every magazine available in Singapore. They only do so when there is enough complains. For example, the incident of "Wired" banning due to the article "Disney with a Death Penalty" was prompted by complains by the public before action is done. (This is related to me by some frens of mine working in the ministry who is directly involved in the incident). Similarly, they are deploying the same method to WWW. One more point. They know it is impossible to censor everything. It is possible for me to order Wired directly from US. But still they do it. To quote, "We are doing it for the sake of doing it. The intention is to make it difficult to access to such information although we know it is impossible to prevent all." (I may missed some words but the idea is that). I have a long argument with this person, telling him that despite what they have done, i could still access to those stuff which they ban. his reasoning is "how many people can do it? 10%? 5%? That's fine with us. If the people really wans it, they can get it". In actual fact, the move to put all people on proxy was not a surprise to many of us. The first time i know of such an intention was in Aug 95, which is one year back. They _have_ been doing studies and testing since then. The ISPs have been well informed and have been doing their own testing too since then. I am writting this based on an experience in Singapore for more than 12 yrs (Yes, i am not a Singaporean). if you wish to rebuke the points which i mention above, please feel free to do so but do so in the context wrt Singapore culture. Do not impose the general idealogy and culture within your country into your argument. (Oh yea, dont give me the "Bull shit! This fren of mine so-and-so have said that ....". We talking about general idealogy of the people, not of a single person) Lastly, do _not_ misunderstood that i support the censorship. I never do and never will. Nor do i really feels that what they doing are right. There are some people like me who disapproved the moves but the voice is really too small to make a difference...yet. > To be blunt, if Singapore wants to stop me from discussing the dictator Yew > and his feeble son, they can't. Except by pulling the plugs on forums in > which my posts are carried. I consider this a Good Thing (that politicians > in Country A generally have no power to tell citizen-units in Country B > what they can say and what they can't). Now, what makes you think that citizen of Country A has the power or rights to tell politicians of Country B what to do and what they cannot do? Just wondering. ps: Sorry for the off-topic discussion. -James Seng From charlee at netnet.net Sun Sep 1 18:22:43 1996 From: charlee at netnet.net (kickboxer) Date: Mon, 2 Sep 1996 09:22:43 +0800 Subject: HAZ-MAT virus Message-ID: <199609012319.SAA18515@netnet1.netnet.net> I do not know how it is run by the JPG and GIF files, but I do know that the code somehow loads into the image viewer itself..I am not sure how it works, just that it is very destructive.. I had it destroy my 486 (using Lview Pro) Oh, well, ENOUGH already. if you have something to say that is related to "image files cant execute a virus" please do not. there are too many spams with those ideas out now From patrickbc at juno.com Sun Sep 1 18:22:46 1996 From: patrickbc at juno.com (patrick b cummings) Date: Mon, 2 Sep 1996 09:22:46 +0800 Subject: No Subject Message-ID: <19960831.181353.9134.9.patrickbc@juno.com> need more hackers for the list please send following info to me handle e-mail address P.O. Box url type of hacking you do From EALLENSMITH at ocelot.Rutgers.EDU Sun Sep 1 18:22:48 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Mon, 2 Sep 1996 09:22:48 +0800 Subject: "Security risks" vs. "credit risks" Message-ID: <01I8Z52F4F5S9JDHU2@mbcl.rutgers.edu> According to the WaP article, the database in question would be _required_ by the federal government... thus removing any voluntary aspect of it, so long as you want to fly on a plane. I have had the thought that it might be possible for an air cargo business to have as a stock benefit a guarantee that, for payment of any extra costs, any stockholder could ride on one of their planes. I don't know how the laws on the subject are worded, but I believe that a lot of restrictions are removed for planes other than standard passenger airlines. This might be a way to fly anonymously - Chaumian "is-a-stockholder" credidentials might be usable to arrange it (the local library's copy of Applied Cryptography is checked out, so I don't know for sure) anonymously. -Allen From dlv at bwalk.dm.com Sun Sep 1 18:29:30 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 2 Sep 1996 09:29:30 +0800 Subject: Sen. Leahy's "impeccable cyberspace credentials" In-Reply-To: <19960830.170609.9758.0.patrickbc@juno.com> Message-ID: patrickbc at juno.com (patrick b cummings) writes: > jimbell, > I agree with what you are saying but not all polititions are that bad. > You make it sound as if their are no politisions are for freedom of the > net. But of course - all politicians are scum. No decent person would want to be a politician. Anyone who's willing to become a politician is scum. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From MAILER-DAEMON at mqg-smtp3.usmc.mil Sun Sep 1 19:02:16 1996 From: MAILER-DAEMON at mqg-smtp3.usmc.mil (MAILER-DAEMON at mqg-smtp3.usmc.mil) Date: Mon, 2 Sep 1996 10:02:16 +0800 Subject: Undeliverable Message Message-ID: To: Cc: Subject: Re: It is good that anon.penet.fi has been closed! Message not delivered to recipients below. Press F1 for help with VNM error codes. VNM3043: BANYAN SERVER at MAG26@2DMAW NEW RIVER VNM3043 -- MAILBOX IS FULL The message cannot be delivered because the recipient's mailbox contains the maximum number of messages, as set by the system administrator. The recipient must delete some messages before any other messages can be delivered. The maximum message limit for a user's mailbox is 10,000. The default message limit is 1000 messages. Administrators can set message limits using the Mailbox Settings function available in the Manage User menu (MUSER). When a user's mailbox reaches the limit, the user must delete some of the messages before the mailbox can accept any more incoming messages. UNDEFINED-----BEGIN PGP SIGNED MESSAGE----- On Sun, 1 Sep 1996, Igor Chudov @ home wrote: > Yes, subject says it all. anon.penet.fi was a whole lot worse than > cypherpunks remailers. It provided clueless users with no real security, > because it stored return addresses and did not use chaining and > encryption. It also provided anonymity to many people who needed it. I think that many people who need anonymity will probably just learn faking mail and news headers. Many people just don't want to deal with cpunk remailers. OTOH, I agree that this might actually force many people with Penet addresses to learn about more secure remailers. In this way, the closing of anon.penet.fi could be looked upon as a Good Thing. However, as long as there is no easy way for Windoze and Mac users to use secure remailers, users will sooner resort to fake-mailing then learning how to use cpunk remailers. People that need a pseudonym address to use on various support groups can get them from other, equally insecure, remailers. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMinwTizIPc7jvyFpAQFpGAf/ZGEXRU7MuROtatlHoAIdaJfIiwig1oDr fwlNjRe7f1ze8dwUuh74nWFt/ofPtjwSUtpCa1xDgTptPPhzr1I6beOdjwONlUzf MVif+wnzyIp27V/DCjebAMxQc2avmYKM6mwcOKfzFwG0cfvf/walJrjmADR9K0oe EXqi7mJzY1rI08Dsw8aHXNj8maDy9pRTSz9O9e0qZTdFlQtFyVNM6PSfAnKR9e1L ebQ5Yx4qNkgkfhDZgacKNv2inkyuD1LsyQneiCIZ0obhhRL7ORU63wGgYlvqc3gx Ux8sK2mMo6kr2dvA07nRyLzl3w9vm6efrFJeZC94fjdBYxluFg6/ag== =+Qm6 -----END PGP SIGNATURE----- From jburrell at crl.com Sun Sep 1 19:19:04 1996 From: jburrell at crl.com (Jason Burrell) Date: Mon, 2 Sep 1996 10:19:04 +0800 Subject: anon.penet.fi: URGENT REQUEST Message-ID: <199609020012.UAA12054@spirit.hks.net> -----BEGIN PGP SIGNED MESSAGE----- > ! on a dedicated 28.8 PPP line. The cheapest used VGA display from > ! the nearby waste dump will work just fine. > > Hell, any monitor should work! I'm curious about how to go about > acquiring one of those huge 100+ x 100+ charactor terminals that linux > supports. Is it practical, cheap and readable? If you mean something like a 132x60 character terminal, you can get a utility from Sunsite called SVGATextMode which will do that for you on a standard VGA monitor, provided you have a graphics card which supports such a mode. I have an STB Nitro 2MB ISA card, and am running a 132x60 mode on a 14 inch monitor. > ln -s /dev/null /usr/postmaster > ln -s /dev/null /usr/abuse I think you mean /usr/spool/mail/postmaster, but I could be wrong. ;) > That should filter the mail quite nicely! :-> Indeed. :) - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMiombioZzwIn1bdtAQFDUQF/drCreJbjZxyLz2rMirboSzv77W/dW/9Q k1BMBvpx9+5R39MP+bUHEJQ65UhDskV6 =Eacf -----END PGP SIGNATURE----- From bf578 at scn.org Sun Sep 1 19:27:10 1996 From: bf578 at scn.org (SCN User) Date: Mon, 2 Sep 1996 10:27:10 +0800 Subject: FW: get me off of this list!!!!! Message-ID: <199609020042.RAA12094@scn.org> > >>> wrote: >>>I need to be taken off of this list but I can't remeber the code >>> >>>to desubscribe. Can anyone tell me what the code is? >>>------------------------------------- >> >>What's the frequency Herbert? >> >>Help, I've fallen and I can't remeber the code. >> >>Hint: Try consulting "The Codebreakers." > >I guess he deleted that all important message he got when he > duhscribed. > >it went something like this... >Welcome to the cypherpunks mailing list! > >[...] >If you ever want to remove yourself from this mailing list, > >[...] >(and wanting to get off the list is never an emergency) > >[...] >Do not mail to the whole list asking to be removed. It's rude. > >[...] > -- ------------------------------------------ There are no facts, only interpretations. I always wanted to be somebody, but I should have been more specific. From furballs at netcom.com Sun Sep 1 19:41:29 1996 From: furballs at netcom.com (Paul S. Penrod) Date: Mon, 2 Sep 1996 10:41:29 +0800 Subject: HAZ-MAT virus In-Reply-To: <199609012319.SAA18515@netnet1.netnet.net> Message-ID: First, the HAZ-MAT is a polymorphic virus. It is not run by any data file (GIF, JPG or otherwise). Second. I had a private message sentto me from someone who suffered at the hands of this virus and described the effects. From the description it indicates the use of a possible boot or hidden sector residency with low level ATA-3 command capability to zap IDE drives. This is nothing new, or magical. Third. The HAZ-MAT virus has been documented to have been transported via a rogue copy of EudoraPro in zip format, plus one other EXE (non-image application). This is not spam, just facts... On Sun, 1 Sep 1996, kickboxer wrote: > I do not know how it is run by the JPG and GIF files, but I do know that the > code somehow loads into the image viewer itself..I am not sure how it works, > just that it is very destructive.. I had it destroy my 486 (using Lview Pro) > Oh, well, ENOUGH already. if you have something to say that is related to > "image files cant execute a virus" please do not. there are too many spams > with those ideas out now > > > From patrickbc at juno.com Sun Sep 1 19:42:20 1996 From: patrickbc at juno.com (patrick b cummings) Date: Mon, 2 Sep 1996 10:42:20 +0800 Subject: No Subject Message-ID: <19960831.193316.9134.18.patrickbc@juno.com> what do you know about hackers From angelos at gradin.cis.upenn.edu Sun Sep 1 19:50:32 1996 From: angelos at gradin.cis.upenn.edu (Angelos D. Keromytis) Date: Mon, 2 Sep 1996 10:50:32 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: <19960901220323595.AAA208@Esther.edventure.com> Message-ID: <199609020051.UAA14557@gradin.cis.upenn.edu> -----BEGIN PGP SIGNED MESSAGE----- In message <19960901220323595.AAA208 at Esther.edventure.com>, Esther Dyson writes : >Now, speaking personally: I believe there are trade-offs -- which is what I >told the LA Times. I assume I was quoted accurately (although the word >"enforce" is awkward), but out of context. Anonymity can be dangerous -- >as can traceability, especially in/by repressive regimes. Therefore I would >favor allowing anonymity -- with some form of traceability only under terms >considerably stronger than what are generally required for a wiretap. >Anyone who seriously needs anonymity because of a repressive government is >likely to use a foreign (outside whatever jurisdiction he fears) server, so >that this is not a matter of "local" laws. The tracer would have to pass >through what I hope would be tighter hoops than we have now. > Just a small parenthesis at this point: traceability can be dangerous even in non-repressive regimes; there is information about oneself which, although far from illegal or "top secret", is not exactly for the whole world to know; this sort of information includes, but is not limited to, financial transactions, product preferences, habbits, hobbies etc. My feeling is that it's better to devise ways to prevent a digital crime (for lack of better term) than try to find and punish the culprit(s). Of course, this applies to SOME services (i don't expect anonymous contracts to become very popular), for which anonymity makes sense. But the infrastructure has to be there, IMNSHO. Just my $0.02 (+tax). - -Angelos PS. An interesting thing to consider is whether traceability in a service should be inherent to it or enforced by policy. -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCUAwUBMiovkL0pBjh2h1kFAQEt4wP4iBUomLacEjyTkrwme+0OjQnVcd+/Lok0 2l1tnNed/CgvgF5gHRoylWPK42HmmQ6vzWqsdihrTR9YWy/eQIT1W6VHoD/b0pBD aG7pXhy39aAHaMItIS8+3THcWhkcVLVEU/xk8nTyfm325OC7G9O25/EoRu80wr/N mtezdUBRUw== =Z5U4 -----END PGP SIGNATURE----- From drose at AZStarNet.com Sun Sep 1 19:53:03 1996 From: drose at AZStarNet.com (David M. Rose) Date: Mon, 2 Sep 1996 10:53:03 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi Message-ID: <199609020056.RAA15989@web.azstarnet.com> Dear Ms. Dyson: As a result of my knowing something of your work and additionally having viewed your highly impressive performance on Bill Buckley's CDA debate program, I used to think a great deal of you. And, as a matter of fact, I suppose that I still do. I am frankly troubled, however, by my _impression_ of your beliefs in the abovereferenced matter. Perhaps I have misunderstood your recent post to Cypherpunks; indeed, I am certain that all will be elucidated after you have had an opportunity to review more fully the article in question. I look forward to reading your further thoughts. Sincerely, -David M. Rose From alanh at infi.net Sun Sep 1 20:01:31 1996 From: alanh at infi.net (Alan Horowitz) Date: Mon, 2 Sep 1996 11:01:31 +0800 Subject: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd) In-Reply-To: <199609011605.MAA26536@gradin.cis.upenn.edu> Message-ID: The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone. If my memory serves, the Iranian jetliner had its squawker turned off, or broken. The officer in charge in the CIC had about ten seconds to decide if he was about to be locked-on by a missle. And no real information to make the decision with. From tcmay at got.net Sun Sep 1 20:09:30 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 2 Sep 1996 11:09:30 +0800 Subject: PLEASE Nuke Singapore Back into the Stone Age Message-ID: At 11:06 PM 9/1/96, James Seng wrote: >To understand the sitution better, you should not impose America >idealogy and perspection on how things to be done to Singapore. Singapore >maybe young but there are certain culture too. Who says this has anything to do with "American ideology"? The Usenet is propagated around the world. All we are saying is that honest commentary on the corruption of Lee Kwan Yew (and his billion dollars in Australian and European banks) will be reported on the Usenet. This is not "imposing American ideology" on anyone. Singapore, being the dynastic dictatorship that it is, may decide to block access all newsgroups which discuss Yew's tyranny, or pornography, or pro-Malay sentiment, or anything else banned in the Benevolent Republic of Singapore. This will be their choice, to ban access by citizen-units to Evil Thoughts. It is not an issue of "imposing American ideology" on the helpless in Singapore, any more than a book or magazine is "imposing" an ideology. It sounds to me, James, that you need to get out of Singapore and visit a country where free speech and free ability to read material is not treated as "imposed foreign ideologies." (I think you also need to look up what "imposed" means. The "Wired" magazine banned in Singapore is not something that is ever "imposed" on others....anyone is free to simply not read the magazine!) >is Singapore. As an example of what i mean, few years back, when they >introduced R rating movies uncensored in Singapore for people above 18, >it cause a surge in soft-porn movie to be screened. There is a general So? Your point being? After all, nobody is forcing _you_ to go watch these R-rated movies. You are free to not watch if you find them offensive. In a free society this is how things work. I think you'll find this mailing list anathema to your apparent ideology. ... >Singapore culture. Do not impose the general idealogy and culture within >your country into your argument. (Oh yea, dont give me the "Bull shit! ... >Now, what makes you think that citizen of Country A has the power or >rights to tell politicians of Country B what to do and what they cannot do? >Just wondering. Again, you really need to look up the meaning of "impose" more carefully. By posting a comment about how Singapore sucks, or how Lee Kwan Yew raped his country and deposited his profits in Australian and European banks, just what am I "imposing" on Singaporans or anyone else? I think you have little understanding of how the global Internet works. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From minow at apple.com Sun Sep 1 20:11:50 1996 From: minow at apple.com (Martin Minow) Date: Mon, 2 Sep 1996 11:11:50 +0800 Subject: Desubscribe In-Reply-To: <199609011607.JAA22532@dns1.noc.best.net> Message-ID: "James A. Donald" , writes: >I heard on talk.politics.guns somebody say that in Sweden they >had banned knives with a sharp point at the end, and were going >to ban sharp knives altogether. I think he was just engaging in >hyperbole, that he really meant that gun control in Sweden was >unreasonably strict, but on reflection I am not sure. > In a survey conducted in Sweden a few years ago, 50% of Swedish households had access to guns (generally military service weapons and sporting shotguns). Guns are, however, licensed and regulated, and seldom used in crimes. Licenses for "personal protection" are almost unobtainable. At least one military officer was court martialed when his service revolver was stolen from his automobile. The most significant "mass murderer" crimes in Sweden (one last year and one in the 1970's) were caused by people who used their legally-obtained military weapons. Martin Minow (ex-resident of Sweden) minow at apple.com From patrickbc at juno.com Sun Sep 1 20:22:30 1996 From: patrickbc at juno.com (patrick b cummings) Date: Mon, 2 Sep 1996 11:22:30 +0800 Subject: No Subject Message-ID: <19960831.201554.9134.24.patrickbc@juno.com> Please send me information on hacking bbs Hackmaster-p Patrickbc at juno.com From ichudov at algebra.com Sun Sep 1 20:24:03 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 2 Sep 1996 11:24:03 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: <199609020116.UAA01684@manifold.algebra.com> James Seng wrote: > > On Sat, 31 Aug 1996, Timothy C. May wrote: > > The point is to make clear to them that the Usenet and similar Web sites > > are global in nature, not subject to censorship without a very high local > > cost. If discussions of Lee Kwan Yew's dynasty are considered illegal, then > > Singaporans will have to choose not to carry the various newsgroups into > > which *I* post such messages! > > Just let to add my comment in regard to this unforuntate discusssion. > > To understand the sitution better, you should not impose America > idealogy and perspection on how things to be done to Singapore. Singapore > maybe young but there are certain culture too. > > Most importantly, the move to censor certain WWW site actually comes as a > relieve to many people, especially parents who worried about the bad > influence of it. We can go into the same discussion about whose > responsibilty it is but before you do that, please bear in mind that this > is Singapore. America is much less different from Singapore in that respect than you might think. igor From angelos at gradin.cis.upenn.edu Sun Sep 1 20:25:38 1996 From: angelos at gradin.cis.upenn.edu (Angelos D. Keromytis) Date: Mon, 2 Sep 1996 11:25:38 +0800 Subject: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd) In-Reply-To: Message-ID: <199609020111.VAA15203@gradin.cis.upenn.edu> -----BEGIN PGP SIGNED MESSAGE----- In message , Alan Horow itz writes: >The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone. > >If my memory serves, the Iranian jetliner had its squawker turned off, or >broken. The officer in charge in the CIC had about ten seconds to decide >if he was about to be locked-on by a missle. And no real information to >make the decision with. There's still the possibility that something malfunctioned (but not fatal - otherwise - for the plane). I'm not saying it's what happened, but it's a distant possibility. - -Angelos -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBMio0Kr0pBjh2h1kFAQEHHgQAnRl8UhCE+VMQc522VK5wM1onihgI0TMg 6O5tE+b7VRjuT71X8NabxTcoHqs2bePmTbcof62lAJfS61cZNfCuiEO+Pl7Xg/pg bqcLtwB8BJqAIluFt9s5kAXK2MxHJrZYDKc1ORkH0C4BqkRuYN09zNYuZ1+YegH6 TfYXEnNKC9s= =BjDI -----END PGP SIGNATURE----- From adam at homeport.org Sun Sep 1 20:35:19 1996 From: adam at homeport.org (Adam Shostack) Date: Mon, 2 Sep 1996 11:35:19 +0800 Subject: Conservation Laws, Money, Engines, and Ontology In-Reply-To: Message-ID: <199609020218.VAA25795@homeport.org> Tim raises some interesting points, I'd like to focus in on one small section, that of controlling what software runs on a machine. I have no issue with a user choosing the software that runs, but lets consider the Microsoft CAPI model. In it, there is control over what runs, but it exists at the vendor level. This is moving away from the personal computer, and back to the timeshare model, where control over what you run is partially in the hands of the vendor. Giving up this control of your computer is a step in a dangerous direction. However, creating 'execution kernels' with cryptographic authentication and resource controls is something that would be very useful in a number of places. Tim's selling of CPU cycles, stamps and the like dovetails with something I wrote last December (www.homeport.org/~adam/java.html) on the need for granular controls in Java execution. So, I'm in agreement that we need resource allocation controls, and I want to stress the need for those controls to be configured by the owner of the computer, not the author of an operating system, or by government policies. When they buy me a computer, they can decide what runs on it. Adam Timothy C. May wrote: | Now, certainly I support the right of any person or machine to run programs | freely and without charge, to pass on e-mail free of charge, to run | remailers for no charge, to accept spam mail without complaint, and so on. | | What I'm suggesting is that many of the problems being seen with overuse of | resources, spam, congestion, and denial of service are really due to a poor | model of resource allocation. Unix and other modern operating systems offer | various tools for helping to constrain such problems, but, I submit, better | methods are needed. -- "It is seldom that liberty of any kind is lost all at once." -Hume From ses at tipper.oit.unc.edu Sun Sep 1 21:45:14 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Mon, 2 Sep 1996 12:45:14 +0800 Subject: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd) In-Reply-To: Message-ID: On Sun, 1 Sep 1996, Alan Horowitz wrote: > The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone. > > If my memory serves, the Iranian jetliner had its squawker turned off, or > broken. The officer in charge in the CIC had about ten seconds to decide > if he was about to be locked-on by a missle. And no real information to I think it was actually a combination of a design flaw in the user interface for the control system combined with a human error that led to the radar officer confusing the airbus with an (F4?) a hundred miles away that he'd previously clicked on. ----- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From amehta at giasdl01.vsnl.net.in Sun Sep 1 21:48:55 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Mon, 2 Sep 1996 12:48:55 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age Message-ID: <1.5.4.32.19960902014136.002fc4b4@giasdl01.vsnl.net.in> At 10:35 31/08/96 -0700, Timothy C. May wrote: > If discussions of Lee Kwan Yew's dynasty are considered illegal, then >Singaporans will have to choose not to carry the various newsgroups into >which *I* post such messages! How long do you propose to carry on doing that? Soon, the others in the newsgroups will be asking you very impolitely to stop, just as you would if someone kept on and on posting such stuff to cypherpunks. >At 6:35 AM 8/31/96, Arun Mehta wrote: >>Then again, inappropriate postings are the bane of the Internet: the consensus >>on which the Net functions relies heavily on people not posting >>inappropriately. >This works imperfectly, as all long-time surfers of the Usenet will attest! True, but Usenet only functions because it works most of the time. To the extent we subvert this consensus, we damage Usenet, make it less useful. It shouldn't happen that in trying to save or spread Usenet, we have to destroy it... >And _never_ has it involved determinations of "inappropriate" by >_governments_! There I'm with you -- I'm merely suggesting that you find a way to protest Singapore's actions in a manner that would be less objectionable to most Internet users, in Singapore and outside. >The point of being sometimes "impolite" (*) is to "force their hand." I never said anything about politeness -- the appropriateness I was talking about was in the context of what the people posting to a discussion group consider proper material for them to receive, not what the government of Singapore thinks. In any case, I think we may be slightly going off track as far as the current Singapore problem is concerned. They are blocking access to certain web sites from mid September -- Usenet isn't part of the current discussion, far as I know. Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From tcmay at got.net Sun Sep 1 22:23:28 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 2 Sep 1996 13:23:28 +0800 Subject: American Imperialism, Firing Squads, and the Vincennes Shootdown Message-ID: At 1:03 AM 9/2/96, Alan Horowitz wrote: >The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone. > >If my memory serves, the Iranian jetliner had its squawker turned off, or >broken. The officer in charge in the CIC had about ten seconds to decide >if he was about to be locked-on by a missle. And no real information to >make the decision with. The U.S.S. Vincennes shot down an Iranian commercial airliner that was in its normal and well-known flight path out of Bandar Abbas. That the U.S. felt it was in a "war zone" was due to American imperialistic sentiments that say the U.S. can and should send its police forces to distant parts of the globe, even inside the Persian Gulf, no more than a few dozen miles from Iranian shores. (And the godless Jew Persians had the audacity to patrol its shorelines with gunboats! Jeesh. I'm sure the U.S. would not send the Coast Guard out to investigate or harass foreign warships cruising inside Chesapeake Bay, San Francisco Bay, or other coastal bays and inlets.) As to the "squawker" being turned off, this is not my recollection of the case (though it was nearly a decade ago, so memories fade...). (I just did an Alta Vista search to refresh my memory. Found this choice description: " Anderson's job in "Air Alley," the row of operators who handled air warfare, was to identify any air traffic within range of the ship. He told the Aegis system to query the incoming plane: Identify, Friend or Foe? By standard practice, all planes carry a transponder that automatically answers the IFF query with Mode 1 or 2 (military), or Mode 3 (civilian). Anderson got a Mode 3. "Commair" (commercial airliner), he figured. He reached beside his console for the navy's listing of commercial flights over the gulf. But as he scanned the schedule, he missed Flight 655. Apparently, in the darkness of the CIC, its arc lights flickering every time the Vincennes's five-inch gun fired off another round at the hapless Iranian gunboats, he was confused by the gulf's four different time zones." [http://www.waite.adelaide.edu.au/~aranjbar/Ali/pol/4] So, the Iranian jet's IFF module _was_ working...the U.S. ship just missed it. Fact is, the U.S. shot down a commercial airliner which was in its normal flight path! One can imagine the repercussions if TWA 800 was similarly shot down as it followed its ordinary flight path. The U.S. demanded sanctions against the Soviets in '83 for shooting down a Korean airliner which had strayed (maybe) deep into Soviet airspace and which refused to acknowledge several radio messages. Though I am no apologist for the Soviets, which event was the more egregious? That the U.S. demanded actions against the Sovs, but pooh-poohed and whitewashed the Iranian airliner shootdown, is evidence of imperialistic hypocrisy. That the U.S. demands trials for alleged terrorists while having no trial for Captain Rogers is further evidence of hypocrisy. (A military court martial and a firing squad for those found guilty might have sent a more consistent message.) Make no mistake about it: I cannot support the sending of American gunboats to the backyards of other countries merely for perceived notions about American rights to their oil. Hopefully, as crypto anarchy spreads, imperialism such as this will be undermined, destabilized, and ultimately be defeated. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From markm at voicenet.com Sun Sep 1 22:32:32 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 2 Sep 1996 13:32:32 +0800 Subject: It is good that anon.penet.fi has been closed! In-Reply-To: <199609012217.RAA00801@manifold.algebra.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 1 Sep 1996, Igor Chudov @ home wrote: > I believe that Private Idaho is a cypherpunks remailer client for Windows. True. But it is a seperate program from email clients which means that anyone wanting to use Private Idaho has to download it, install it, and learn how to use it in conjunction with one's email program. Most people who may have a need for anonymity have probably never heard of PGP or Private Idaho. I think that until remailer functions are actually built into the programs that people use, remailer use will be rare. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMipNqizIPc7jvyFpAQFy0Qf+LbMgy3PBJ+ipGbxblKbjEm09aiziLEpD p7JCudf6TrBUdF+2PwTdxK/sOCITE9lTwbycAgeCvEYNUJEbsR3a6ix5fxbQuF8p Y9/tEbLVESUz0/+UthVnBasbFsCOzHV+ztlIRIk8SEEJKxsu8cNRZqcjaAqH5Q1A dmBKZ9KGQWPNuc5oLfqahyzroa8kAG59HSDm+ntV9fwduKNi8wSV6WFmA2s9pnZa +yRRXmSm4PkWVXgNdQCosTTcD1enSIBcH2WAQu1jpDZbbs6+6v1KvdPa5+WOvTs3 kpBfFBlsmVkWJS63ouqDb7yihoq/qZvhyE2Fske8uVYh9M5Ffn9AKg== =md6D -----END PGP SIGNATURE----- From frogfarm at yakko.cs.wmich.edu Sun Sep 1 22:36:10 1996 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Mon, 2 Sep 1996 13:36:10 +0800 Subject: It is good that anon.penet.fi has been closed! In-Reply-To: Message-ID: <199609020313.XAA04501@yakko.cs.wmich.edu> > headers. Many people just don't want to deal with cpunk remailers. OTOH, I > agree that this might actually force many people with Penet addresses to learn > about more secure remailers. In this way, the closing of anon.penet.fi could > be looked upon as a Good Thing. However, as long as there is no easy way for > Windoze and Mac users to use secure remailers, users will sooner resort to > fake-mailing then learning how to use cpunk remailers. People that need a > pseudonym address to use on various support groups can get them from other, > equally insecure, remailers. I've put up a list of remailer front ends, sorted by platform, at http://yakko.cs.wmich.edu/~frogfarm/free/crypt.html#private I welcome all additions. Right now, I have links to Private Idaho (Windows), Yet Another NewsWatcher (Mac), and PGPMR/2 for OS/2 (requires MailReader/2). Nym servers and cpunk remailers are poised to take off, if those who wish to use them are capable of learning. The rest of us can either try to teach 'em in a non-condescending manner, or continue to work on front end utilities. -- http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information "We think people like seeing somebody in a uniform on the porch." -US Postal spokeswoman, quoted in AP 1/27/96. I don't know about you, but the only folks I know who'd enjoy seeing someone in uniform on their porch are leathermen... From tcmay at got.net Sun Sep 1 22:43:55 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 2 Sep 1996 13:43:55 +0800 Subject: Let's Nuke Singapore Back into the Stone Age Message-ID: At 1:41 AM 9/2/96, Arun Mehta wrote: >At 10:35 31/08/96 -0700, Timothy C. May wrote: > >> If discussions of Lee Kwan Yew's dynasty are considered illegal, then >>Singaporans will have to choose not to carry the various newsgroups into >>which *I* post such messages! > >How long do you propose to carry on doing that? Soon, the others >in the newsgroups will be asking you very impolitely to stop, >just as you would if someone kept on and on posting such stuff to cypherpunks. Actually, we already have several examples of how this worked, including some cases I was directly involved in. During the Teale-Homulka trial in Canada, many of us (me, too) posted numerous articles about it to the various *.canada newsgroups, such as soc.culture.canada. Canada had the choice of instructing all ISPs to halt the *.canada newsgroups. There were no real complaints that I recall about messages being "off-topic," as they clearly were very much on-topic. (Not that a few complaints have ever stopped me. While I don't spam newsgroups with auto-generated spam, I figure any article I take the time to actually write and that deals with the newsgroup involved, by my own standards, is fair game. My ISP can cancel my account if he feels I have spammed newsgroups in some way.) My proposal is not to post anti-Singapore screeds to comp.lang.java or the like, but to post them to various groups Singaporans and their neighbors might read. If Singapore wishes to disconnect itself from soc.culture.singapore, this is there choice. Then, the attack can spread to various other groups Singaporans might want to read.... (I call this a _good_ use of "info-terrorism.") ... >True, but Usenet only functions because it works most of the >time. To the extent we subvert this consensus, we damage Usenet, >make it less useful. It shouldn't happen that in trying to save >or spread Usenet, we have to destroy it... Posting the Homulka stuff did not kill the Usenet. Posting the autopsy photos of Nicole Brown Simpson did not kill the Usenet. Posting the innards of RSA Data Security algorithms did not kill the Usenet. If Canker and Sludgewell spam cannot kill the Usenet, if "Make Money Fast" noise cannot kill the Usenet, and if "Babes will fuck 4 U" posts cannot kill the Usenet, then surely some informative posts about the fascist Yew posted to various newsgroups of relevance to Singaporans and Asians will not kill the Usenet! >>And _never_ has it involved determinations of "inappropriate" by >>_governments_! > >There I'm with you -- I'm merely suggesting that you find a way >to protest Singapore's actions in a manner that would be less >objectionable to most Internet users, in Singapore and outside. Why? What is "objectionable" about exposing the truth about Lee Kwan Yew, his feeble son, and their dynasty? What is "objectionable" about teaching them how to use Web proxies, remailers, and other tools of liberty? If the citizens find this stuff objectionable, they can simply not read the stuff! As with books, movies, and magazines. What could be more natural than this? But of course it is the _rulers_ of these Asian kingdoms and satrapies which want the distribution of certain thoughts controlled and denied to their serfs and citizen-units. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From markm at voicenet.com Sun Sep 1 22:45:52 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 2 Sep 1996 13:45:52 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 2 Sep 1996, James Seng wrote: > Now, what makes you think that citizen of Country A has the power or > rights to tell politicians of Country B what to do and what they cannot do? > Just wondering. I have every right as a citizen of country A to tell politicians of country B what they should or shouldn't do. This isn't about American Ideology; it's about natural rights. Politicians of country B can refuse to listen to me or attempt to prevent my corrupt ideas from polluting the minds of its citizens, but they won't succeed very well with the latter. Of course, politicians may be satisfied with making sure that only the most determined citizens will be able to access information they don't want citizens to access, but as technology progresses, it will become much more difficult to prevent this information from spreading to the masses. > > ps: Sorry for the off-topic discussion. Cpunks is certainly not the best place to be discussing free speech. However, the link between free speech and the spread of cryptographic technology is too close to completely overlook. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMipSASzIPc7jvyFpAQFYyAgAuy7FvTpGHqYHi9zw3FMiea2tLnYVWPU6 D6VrGvN5NxRtTE8yW3eKrc1iU/0jQIVxHtUhHcodbPfvGqEtwuZKKbbknNj5GmzS pmhcYPguXDwlXL4m3IjxEvhPg7GZ7tjbhXlPK7ADu0EHxvjwesAcrKyCPddu0i9U e83bo3Q4vBT75WPVpSI1i6jJmC7ql4s3GZVvP2Qf6hzvu9fwSKbAra0ZLBFVKf25 WKwNK2eTVBcQOYytwXOQmdSV/hgFB/Y2T6+PHgnAjaDVeX3WqUuxggk6DpBY2V8g bORwsuZyweJviVZIOjbLx6RDeNJQWWSjUCojHvJyKzqffg23Fi8bAw== =+23m -----END PGP SIGNATURE----- From enzo at ima.com Sun Sep 1 23:02:33 1996 From: enzo at ima.com (Enzo Michelangeli) Date: Mon, 2 Sep 1996 14:02:33 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: <199609020116.UAA01684@manifold.algebra.com> Message-ID: On Sun, 1 Sep 1996 ichudov at algebra.com wrote: > James Seng wrote: > > > > On Sat, 31 Aug 1996, Timothy C. May wrote: > > > The point is to make clear to them that the Usenet and similar Web sites > > > are global in nature, not subject to censorship without a very high local > > > cost. If discussions of Lee Kwan Yew's dynasty are considered illegal, then > > > Singaporans will have to choose not to carry the various newsgroups into > > > which *I* post such messages! > > > > Just let to add my comment in regard to this unforuntate discusssion. > > > > To understand the sitution better, you should not impose America > > idealogy and perspection on how things to be done to Singapore. Singapore > > maybe young but there are certain culture too. > > > > Most importantly, the move to censor certain WWW site actually comes as a > > relieve to many people, especially parents who worried about the bad > > influence of it. We can go into the same discussion about whose > > responsibilty it is but before you do that, please bear in mind that this > > is Singapore. > > America is much less different from Singapore in that respect than > you might think. Actually, it is. I've been living in South-East Asia for almost one decade now, and I can tell you that most citizen are more socially conservative than their governments. A few years ago, the Singapore government had to backtrack from a very timid relaxation of rules on soft-porn movies due to the negative reactions from the public. In Singapore, the problem is compounded by the need of preserving good relationships with the even more conservative Malay minority, whose stances have strong backing by the two large neighbours, Malaysia and Indonesia (the case I mentioned had prompted accusations to the government, by members of the opposition Workers Party, of planning the "corruption of the Islamic youth"). Of course, one may argue that the racial, social and religious relations are better handled the American way. That, however, is a controversial issue, and adopting confrontational cowboy attitudes is not going to make the social evolution any faster. Besides, I don't think that the Singapore government can really believe to be able of blocking access to anything on the net: a while ago I had the occasion of talking with some medium rank officers, and they sounded fully aware of the Internet technology and its implications - and willing to take the plunge. IMHO, the present measures represent more a gesture of appeasement to concerned social conservatives, not differently from the CDA in the US, than an attempt to control the flow of information. Enzo From stewarts at ix.netcom.com Sun Sep 1 23:05:56 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 2 Sep 1996 14:05:56 +0800 Subject: Moscowchannel.com hack Message-ID: <199609020357.UAA18140@toad.com> At 01:23 PM 9/1/96 -0400, David Lesher wrote: >> > Write your web site to a CD-ROM and hard-code the base directory into the >> > webserver. >> A hacker who has root can forcibly unmount the cdrom and mount another >> directory on that node. Not a good solution. >Real hard disks such as RL02's & RK07's have WRITE DISABLE >switches.... Many modern SCSI drives have them also, though you may need to connect a switch to the appropriate jumpers. In Hugh Daniel's copious spare time, he's been working on hacking *bsd Unix to cope with a write-protected root drive (you mainly need to set up the swap partition and anything that needs writing in on a separate drive and build lots and lots of symlinks for random logfiles.) RM05s also let you connect them to two computers, though it was a really bad idea to tell both computers to mount them as writeable, since they'd scribble over the superblocks. (This was more useful before Ethernets became widely supported, since you could blaze away at full MASSBUS and/or disk speed instead of 19.2kbps UUCP.) You can play the same games with SCSI today, if you're careful. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # Reassign Authority! From nobody at replay.com Sun Sep 1 23:11:03 1996 From: nobody at replay.com (Anonymous) Date: Mon, 2 Sep 1996 14:11:03 +0800 Subject: [NOISE] Re: FLT 800: From the Rumor Mill... Message-ID: <199609020352.FAA29463@basement.replay.com> "Angelos D. Keromytis" writes: >This has happened before; an Aegis ship in the Persian Gulf shot down >an Iranian Airlines (or whatever it's called) aircraft; i'm not sure >how many died in that incident (i think about 70 - can very well be >wrong). The US just "apologized" for the mistake AFAIK. >- -Angelos Well, not quite the same situation. IIRC, the Iranian aircraft refused to respond to challenges. The captain of the Vincennes added that to the info that the Aegis system was giving him, and decided the aircraft was a threat. Turn a key, push a button, and so long, Airbus. (There was also some discussion about whether the Airbus had military IFF gear aboard that may have led the captain to think it was a warplane, but I don't remember if anything came of it.) The Iranian Airbus was also flying out of what was essentially "hostile" airspace. Despite the massive number of "terrorists" who live here -- at least according to the popular press -- I don't think the Navy has taken the step of declaring CONUS to be a hostile territory. :-) Feel free to correct my memory if I'm wrong. From dlv at bwalk.dm.com Sun Sep 1 23:13:19 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 2 Sep 1996 14:13:19 +0800 Subject: Desubscribe In-Reply-To: <199609011607.JAA22532@dns1.noc.best.net> Message-ID: <4wsLTD44w165w@bwalk.dm.com> "James A. Donald" writes: > > > deserves to be shipped to sweden where they shall be > > > made into cheese by nuns. > > At 04:40 PM 9/1/96 DST, Johnny Eriksson wrote:> > > No thanks, we do not want them. > > You are Swedish? > > I heard on talk.politics.guns somebody say that in Sweden they > had banned knives with a sharp point at the end, and were going > to ban sharp knives altogether. I think he was just engaging in > hyperbole, that he really meant that gun control in Sweden was > unreasonably strict, but on reflection I am not sure. I heard from a reliable source that the Swedish bikini team opposes GAK. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jimbell at pacifier.com Sun Sep 1 23:16:09 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 2 Sep 1996 14:16:09 +0800 Subject: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd) Message-ID: <199609020358.UAA05172@mail.pacifier.com> At 10:15 PM 9/1/96 -0400, Simon Spero wrote: >On Sun, 1 Sep 1996, Alan Horowitz wrote: > >> The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone. >> >> If my memory serves, the Iranian jetliner had its squawker turned off, or >> broken. The officer in charge in the CIC had about ten seconds to decide >> if he was about to be locked-on by a missle. And no real information to > >I think it was actually a combination of a design flaw in the user >interface for the control system combined with a human error that led to >the radar officer confusing the airbus with an (F4?) a hundred miles away >that he'd previously clicked on. Isn't there just the tiniest bit of a double-standard here? If the ship was supposedly "justified" in firing on an airplane just because it _could_become_ a threat, and _could_ fire a missile at any moment, then why can't we turn this logic around and claim that an Iranian aircraft could view an Aegis as a ship which "could become a threat" and "could fire a missile at any moment." Generally, I'm not sympathetic to the Iranians; far from it. But I can smell hypocrisy a mile away and the US military's "logic" in this area is unbelievable. Jim Bell jimbell at pacifier.com From enzo at ima.com Sun Sep 1 23:16:18 1996 From: enzo at ima.com (Enzo Michelangeli) Date: Mon, 2 Sep 1996 14:16:18 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: On Sun, 1 Sep 1996, Mark M. wrote: > I have every right as a citizen of country A to tell politicians of country B > what they should or shouldn't do. This isn't about American Ideology; it's > about natural rights. There are no "natural" rights: a right is the contractual flipside of the an obligation, and is only meaningful in the context of a society - which is a thing that evolves continuously. Enzo (more with Hume and Hayek than with Descartes and Rousseau). From grafolog at netcom.com Sun Sep 1 23:27:34 1996 From: grafolog at netcom.com (jonathon) Date: Mon, 2 Sep 1996 14:27:34 +0800 Subject: Bob Dole on Drugs In-Reply-To: <199609011633.LAA30982@manifold.algebra.com> Message-ID: On Sun, 1 Sep 1996, Igor Chudov @ home wrote: > during which he's expected to propose that the > military be enlisted to assist in a renewed war on > drugs. Question: Since the military, or more specifically, the CIA imports most of the drugs into the US, just which part of the military is going to declare war on which part of the military? Or is all that going to get swept under the rug, so that the ripocrats can further enslave the american population? xan jonathon grafolog at netcom.com However, if you're tired of the Lesser of N evils, Cthulu's export policy is that you can't escape anyway, and your puny mortal lives will be absorbed along with his morning coffee. Your encryption technology is futile against the Elder Gods, and the arcane formulas in the Cyphernomicon of that mad physicist Tim The Enchanter may summon spirits from the vasty deep, but no secrets are safe from Nyarla-S-Ahothep who knows all and sees all. Bill Stewart From grafolog at netcom.com Sun Sep 1 23:32:52 1996 From: grafolog at netcom.com (jonathon) Date: Mon, 2 Sep 1996 14:32:52 +0800 Subject: Sen. Leahy's "impeccable cyberspace credentials" In-Reply-To: <199609012034.NAA11901@dns1.noc.best.net> Message-ID: On Sun, 1 Sep 1996, James A. Donald wrote: > > I agree with what you are saying but not all polititions are that bad. > > You make it sound as if their are no politisions are for freedom of the > > net. > So who is the exception? Harry Browne Libertarian Party Candidate. xan jonathon grafolog at netcom.com However, if you're tired of the Lesser of N evils, Cthulu's export policy is that you can't escape anyway, and your puny mortal lives will be absorbed along with his morning coffee. Your encryption technology is futile against the Elder Gods, and the arcane formulas in the Cyphernomicon of that mad physicist Tim The Enchanter may summon spirits from the vasty deep, but no secrets are safe from Nyarla-S-Ahothep who knows all and sees all. Bill Stewart From ichudov at algebra.com Sun Sep 1 23:33:32 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 2 Sep 1996 14:33:32 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: <199609020417.XAA03139@manifold.algebra.com> Enzo Michelangeli wrote: > On Sun, 1 Sep 1996 ichudov at algebra.com wrote: > > James Seng wrote: > > > Most importantly, the move to censor certain WWW site actually comes as a > > > relieve to many people, especially parents who worried about the bad > > > influence of it. We can go into the same discussion about whose > > > responsibilty it is but before you do that, please bear in mind that this > > > is Singapore. > > > > America is much less different from Singapore in that respect than > > you might think. > > Actually, it is. I've been living in South-East Asia for almost one > decade now, and I can tell you that most citizen are more socially > conservative than their governments. ... snippity snip ... > IMHO, the present measures [in Singapore] > represent more a gesture of appeasement to concerned social conservatives, > not differently from the CDA in the US, than an attempt to control the > flow of information. Ummm, sounds pretty close to what we have here... - Igor. From tcmay at got.net Sun Sep 1 23:39:54 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 2 Sep 1996 14:39:54 +0800 Subject: Free Speech and List Topics Message-ID: At 3:19 AM 9/2/96, Mark M. wrote: >On Mon, 2 Sep 1996, James Seng wrote: >> ps: Sorry for the off-topic discussion. > >Cpunks is certainly not the best place to be discussing free speech. However, >the link between free speech and the spread of cryptographic technology is too >close to completely overlook. I think it is as good a place as any to discuss free speech. The issues surrounding Net censorship, Singapore, the CDA, Germany, the shutdown of Julf's server, etc., are central to our concerns. And, in fact, it is "cypherpunk technology" which will have a more lasting effect on these issues than mere talking about it in some "free speech discussion group" will have. More disturbing to me recently has been the steady increase in subscribers to this list who don't seem to value free speech very highly, who write of their own nation's censorship as valiant efforts to protect citizen-units from foreign devils, and, even more shockingly, from supposed defenders of electronic freedom who are now talking about the need for limits on anonymity. With friends like those... --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From webmaster at online.barrons.com Sun Sep 1 23:40:34 1996 From: webmaster at online.barrons.com (webmaster at online.barrons.com) Date: Mon, 2 Sep 1996 14:40:34 +0800 Subject: Your password for BARRON'S Online Message-ID: <199609020420.AAA10320@online.barrons.com> Thank you for registering with BARRON'S Online! THE USER NAME YOU HAVE CHOSEN IS cypherpunks THE PASSWORD YOU HAVE CHOSEN IS cypherpunk Please remember that your user name and password are case-sensitive (i.e. Bsmith is different than bsmith) and you should enter them as shown above. Your user name is required in its exact form each time you want to use registered areas on our site (including the exact upper/lowercase combination). The same restriction applies to your password. Your user name and password will allow you to access all of the features of BARRON'S Online. The rest of this message contains information about using your password and user name on BARRON'S Online. You may find it helpful to save this message for future reference. WHAT HAPPENS NOW? 1. Return to BARRON'S Online (www.barrons.com). You can use your password and user name to log in to any part of the site that requires registration (such as the Table of Contents, this week's stories, Dossiers and Market Day, and so on). The first time you go to one of these parts of BARRON'S Online, you will be prompted to enter your user name and password. 2. If you ever forget your password, or need any registration-related information, just click on the REGISTER button from the BARRON'S Online gateway page to find the help you need. Welcome to BARRON'S Online... we look forward to seeing you again and again! BARRON'S Online Customer Service barrons-support at www.barrons.com From qut at netcom.com Sun Sep 1 23:52:15 1996 From: qut at netcom.com (Dave Harman OBC) Date: Mon, 2 Sep 1996 14:52:15 +0800 Subject: Silenced Machine Guns Are Safer Than TWA Message-ID: <199609020433.VAA29977@netcom.netcom.com> ! "James A. Donald" , writes: ! >I heard on talk.politics.guns somebody say that in Sweden they ! >had banned knives with a sharp point at the end, and were going ! >to ban sharp knives altogether. I think he was just engaging in ! >hyperbole, that he really meant that gun control in Sweden was ! >unreasonably strict, but on reflection I am not sure. ! > ! ! In a survey conducted in Sweden a few years ago, 50% of Swedish ! households had access to guns (generally military service weapons ! and sporting shotguns). Guns are, however, licensed and regulated, ! and seldom used in crimes. Licenses for "personal protection" are ! almost unobtainable. At least one military officer was court martialed ! when his service revolver was stolen from his automobile. ! ! The most significant "mass murderer" crimes in Sweden (one last ! year and one in the 1970's) were caused by people who used their ! legally-obtained military weapons. Hundreds of thousands of private American citizens legally own machine guns, silencers, live hand grenades, .75 caliber machine guns, etc. Perhaps 40% or so of the populace lives in an area without significantly higher regulations concerning such than the federal, which is not that bad. There is no federal law making silenced machine guns substantially more difficult to purchase and shoot than ordinary handguns. The feds certainly don't require training or any other similar requirement. Contrary to popular fiction, ALL firearms have been permanently registered since the 1968 Gun Control Act. The media monopoly lies when they say the contrary. How many firearm crimes were committed by these hundreds of thousands of ordinary untrained destructive weapon owners with their destructive weapons in the entire span of 1980-1996? *NONE*! THEREFORE, everyone in Sweden and America should be allowed to own silenced machine guns without any greater than the usual restrictions. BTW, I muse that the issue of guns, drugs and censorship make an excellent litmus test for libertarians: either you support the legalization of, all of, or your a fake. From grafolog at netcom.com Mon Sep 2 00:03:16 1996 From: grafolog at netcom.com (jonathon) Date: Mon, 2 Sep 1996 15:03:16 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: On Mon, 2 Sep 1996, James Seng wrote: > Most importantly, the move to censor certain WWW site actually comes as a > relieve to many people, especially parents who worried about the bad And it is a pain for people whodevelop websites. To avoid offending those who are easilly offended, I either have to put up a stupid << and very misleading warning label >> or block them out. My solution is to put up the misleading, and incredibly stupid "warning" label. << Stupid & misleading, because although my pages do violate the CDA, and most other countries statues on what is acceptable content, the same text, if written would not even be given a second glance -- except maybe by the humint part of that country, who would use it for training purposes. >> > for artistic which rules out soft-porn. It may be surprising but many > people (in Singapore) do welcome censorship sad to say. And what will happen to Singapore when "their beloved leader" dies, especially if a result of an assasination? > passive manner. They _do not_ read every issue of every magazine available > in Singapore. They only do so when there is enough complains. For example, IOW, the newspapers, etc have to either not print stories that may cause complains, or print them, and go to jail. Censorship at its most vicious, and the most destructive of both the society it tries to appease, and the individual who doesn't conform to its sheere stupidity. > One more point. They know it is impossible to censor everything. It is And passing laws that are unenforceably, is simply another way to ensure that laws in general are ignored, which leads to the increased instability of the regime, which leads to the precise opposite effect of what usually is intended. xan jonathon grafolog at netcom.com From qut at netcom.com Mon Sep 2 00:18:23 1996 From: qut at netcom.com (Dave Harman OBC) Date: Mon, 2 Sep 1996 15:18:23 +0800 Subject: http://infinity.nus.sg/cypherpunks/ Message-ID: <199609020450.VAA02140@netcom.netcom.com> Someone keeps asking for the filtered cypherpunks archive: http://infinity.nus.sg/cypherpunks/ It's filtered with hypermail and is lynx friendly. It's easiest to read by choosing the link to filter by subject. From Adamsc at io-online.com Mon Sep 2 00:24:20 1996 From: Adamsc at io-online.com (Adamsc) Date: Mon, 2 Sep 1996 15:24:20 +0800 Subject: WARNING vIRuS! Message-ID: <19960902051255234.AAA172@IO-ONLINE.COM> On Sat, 31 Aug 1996 23:41:58 -0700, Alan Olsen wrote: >> There is a new and VERY dangerous virus called the HAZ-MAT virus! >This is the clueless kind of crap I expect pitched to AOL users and upper >level management. >The only way that you could obtain the effects described above is with Black >Magic and/or Voodoo. (And not even then.) > >I remember a similar hoax going around about 3-4 years ago about viruses in >image files. I guess nothing on the net is ever forgotten entirely. >Especially the urban legends and bullshit. You ever notice how that is? People *never* remember things like "You have to execute something to get a virus". They *always* remember something like "Good Times." Reminds me of the guy who said you could stick all sorts of sensitive data in README.TXT because you can be sure nobody will look in there. - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From markm at voicenet.com Mon Sep 2 00:42:14 1996 From: markm at voicenet.com (Mark M.) Date: Mon, 2 Sep 1996 15:42:14 +0800 Subject: PGPCrack for DOS Message-ID: -----BEGIN PGP SIGNED MESSAGE----- There is now a DOS version of pgpcrack. It's available at http://www.voicenet.com/~markm/pgpcrack.html. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMipT5yzIPc7jvyFpAQE8Ewf+J7x0km0xcGZM32c4clmFJ5I9z/bAj6bL ryXS1BNDBbC72HuJWQPUeqDc0xEc6uyjCc0iytfBL0VqwjlLKCb7KZtxgP7gOlf6 T12/ZNQZwGy3PeClLthQRqQ0fjUtVs4mXWp+sDnAAClI6J+xEL/cBdHDD5tREngM ufDwueSAwFPQQE/adpS0E3alHj1XqdHMam5s60SGpsZyknnUhnUiAIc2w2CdmjJU 5jywEOosiMcbvYqhBaSuy3S53Pfjh07wEFfXp0t9CvvsJY13ipIW6jvgQgVYQL6u 0f1ob7CkwxiD/z598aXmmCc4Nmn0pFg9Zvqw9xLcs88s4GaGsH15gw== =zGl8 -----END PGP SIGNATURE----- From Adamsc at io-online.com Mon Sep 2 00:56:55 1996 From: Adamsc at io-online.com (Adamsc) Date: Mon, 2 Sep 1996 15:56:55 +0800 Subject: hackers texts Message-ID: <19960902051749062.AAA212@IO-ONLINE.COM> On Sun, 01 Sep 1996 08:51:36 EDT, patrick b cummings wrote: >If any of you hackers out their have wrote any texts for beginning >hackers or know of any please send them to me at patrickc at juno.com You know, I think his mail server has a 36 hour delay on incoming messages. Either that or he's Roadkill on the Information Superhighway // \\ // \\ ______________ // \\ | | // \\ | Information | // \\ | Superhighway | // ____ \\ | 56MB/s | // /____\ \\ |______________| // |==__==| \\ | | // ~||~~||~ \\ | | // ' \\ | | // // \\ | | // \\ | | // / / \\ | | // \\ | | // /// \\ | | // \\ | | // . ,& \\ | | // . `;//* IS HERE \\ // . `|/^\@'< ' . | \\ // `_/x@=%$P/,', <---/ \\ // >@#)*?o$%( , \\ // \.X#j~\===B \\ / \\ : The Clue truck got him... [In case you haven't noticed yet, this looks best with a non-proportional font] - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From Adamsc at io-online.com Mon Sep 2 01:07:08 1996 From: Adamsc at io-online.com (Adamsc) Date: Mon, 2 Sep 1996 16:07:08 +0800 Subject: Moscowchannel.com hack Message-ID: <19960902051921875.AAA201@IO-ONLINE.COM> On Sun, 1 Sep 1996 10:09:32 -0500 (CDT), Igor Chudov @ home wrote: >> > Not really crypto, but related to the DOJ hack in a way. >> > >> > Moscow Channel is a pretty slick, Russian news/commentary >>page. Their Web >> > site was hacked and altered by someone who didn't seem to >>like Russians all >> > Just a matter of time before some builds a dedicated Satan >>type tool that >> > scans for HTTP server holes or messed up file permissions >>to make locating >> > potential victims easy. >> Write your web site to a CD-ROM and hard-code the base >>directory into the >> webserver. > >A hacker who has root can forcibly unmount the cdrom and mount >another >directory on that node. Not a good solution. Hack your system kernel to only allow mounting read-only media to that point. Most hackers wouldn't try "hot-patching" the system kernel. The ones that can probably have better things to do than hack your page. - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From qut at netcom.com Mon Sep 2 01:07:36 1996 From: qut at netcom.com (Dave Harman OBC) Date: Mon, 2 Sep 1996 16:07:36 +0800 Subject: Free Speech and List Topics In-Reply-To: Message-ID: <199609020517.WAA06504@netcom.netcom.com> ! At 3:19 AM 9/2/96, Mark M. wrote: ! ! >On Mon, 2 Sep 1996, James Seng wrote: ! ! >> ps: Sorry for the off-topic discussion. ! > ! >Cpunks is certainly not the best place to be discussing free speech. However, ! >the link between free speech and the spread of cryptographic technology is too ! >close to completely overlook. ! ! I think it is as good a place as any to discuss free speech. The issues ! surrounding Net censorship, Singapore, the CDA, Germany, the shutdown of ! Julf's server, etc., are central to our concerns. ! ! And, in fact, it is "cypherpunk technology" which will have a more lasting ! effect on these issues than mere talking about it in some "free speech ! discussion group" will have. ! ! More disturbing to me recently has been the steady increase in subscribers ! to this list who don't seem to value free speech very highly, who write of ! their own nation's censorship as valiant efforts to protect citizen-units ! from foreign devils, and, even more shockingly, from supposed defenders of ! electronic freedom who are now talking about the need for limits on ! anonymity. How about supporting the effort for comp.cypherpunks ? About the need for limits for anonymity, guess what brought that on? Crime? Yes! The crime of the media monopoly violating the anti-trust acts, because people are ignorant enough to trust the mass media for their news. From Adamsc at io-online.com Mon Sep 2 01:12:40 1996 From: Adamsc at io-online.com (Adamsc) Date: Mon, 2 Sep 1996 16:12:40 +0800 Subject: Bob Dole on Drugs Message-ID: <19960902052400296.AAA43@IO-ONLINE.COM> On Sun, 1 Sep 1996 11:33:02 -0500 (CDT), Igor Chudov @ home wrote: >http://allpolitics.com/news/9608/31/radio.addresses/ > >... snip ... > > Dole, who returned to Washington for Labor Day > weekend, also pledged to use the White House as a > bully pulpit to promote the "moral message" > against drugs and to criticize what he called the > entertainment industry's glamorization of drug use. > > On Sunday, he is to address the convention of the > National Guard Association of the United States > during which he's expected to propose that the > military be enlisted to assist in a renewed war on > drugs. This actually makes a lot of sense; if you've decided on an all-out war on drugs, doing it right is *much* better than some sort of weenie effort like we've got. I liked Robert Heinlein on immigration "If we're going to stop immigration build a Berlin style wall complete with alligators in the moat. Otherwise give up the pretense; nothing is more expensive or less useful than a wall that isn't." (very loosely paraphrased) - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From tcmay at got.net Mon Sep 2 01:14:55 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 2 Sep 1996 16:14:55 +0800 Subject: Silenced Machine Guns Are Safer Than TWA Message-ID: At 4:33 AM 9/2/96, Skippy wrote: >Contrary to popular fiction, ALL firearms have been permanently >registered since the 1968 Gun Control Act. The media monopoly lies when >they say the contrary. Nope. Gun sales between individuals without any paperwork were fully legal in some places until recently (and may still be fully legal...I can only speak of California). >From 1974 until a couple of years ago, I bought and sold a dozen or more rifles, handguns, and even Evil Assault Weapons, mostly through fully legal gun shows. I even sold a .357 Smith to some guy, made a joke about how great these gun shows were and how great it was to be able to just take cash and hand over a gun without any paperwork...the guy laughed and said he was a San Jose cop. I felt nervous for a few seconds, but quickly realized there was no law *I* was breaking, so I laughed too. Most of these guns I kept no records on, nor did any laws say I had to. (A few years ago it became necessary for even private citizen-units to obtain the proper firearms transfer papers from the gubment. I wanted to sell a laser-equipped Heckler & Koch SP-89 without creating a paper trail (as I'd not had one when I acquired the piece a few years earlier), so a friend of mine used his friendly neighborhood libertarian FFL dealer, who has a policy that the stack of transfer forms he is required to keep on file will mysteriously burn up if the Feds ever seek out his records. (Who knows if he'll abide by this policy, but the point is that there are literally tens of thousands of these "kitchen table FFL dealers," and no computerized filing of records. This is one reason I quit the NRA: they are advocating the "instant check." Such an instant check would mean massive computerization of all files, and of course cross-referencing to files on citizens. This would be much worse than the "paper chaos" of stacks of firearms paperwork sitting in dusty filing cabinets. I'll take a 10-day ineffectual waiting period to a Big Brother database of all purchasers.) >BTW, I muse that the issue of guns, drugs and censorship make an >excellent litmus test for libertarians: either you support the >legalization of, all of, or your a fake. I'm not sure what the "legalization of censorship" would mean, though I support the right of anyone to screen out what they choose not to read or view. And I support the right of companies to decide what materials to buy, have viewed by employees, etc. (So if the "Valley Lesbigays" want to show a tape at Hewlett-Packard, H-P can just say "Nope--we're not interested.) I fully support legalization of all drugs, all guns, and am unalterably opposed to any form of government censorship. Does this mean I pass or flunk the litmus test? (He said acidly.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From bobs at ns.net Mon Sep 2 01:18:25 1996 From: bobs at ns.net (Cyber Thrill) Date: Mon, 2 Sep 1996 16:18:25 +0800 Subject: desubscribe Message-ID: <199609020550.WAA06206@tomcat.ns.net> desubscribe From Adamsc at io-online.com Mon Sep 2 01:18:42 1996 From: Adamsc at io-online.com (Adamsc) Date: Mon, 2 Sep 1996 16:18:42 +0800 Subject: Moscowchannel.com hack Message-ID: <19960902052808718.AAA203@IO-ONLINE.COM> On Sun, 1 Sep 1996 12:22:40 -0500 (CDT), Igor Chudov @ home wrote: >> > > Write your web site to a CD-ROM and hard-code the base directory into the >> > > webserver. >> > >> > A hacker who has root can forcibly unmount the cdrom and mount another >> > directory on that node. Not a good solution. >> >> Real hard disks such as RL02's & RK07's have WRITE DISABLE >> switches.... >> > >You can't mount the whole Unix read-only, so there will always be a place >to put the hacked web page, and then mount that place over DocumentRoot. If you had enough RAM in the machine, you could disable swapping, send all log files to /dev/nul (or /dev/lp0), run *only* a web server or anything else that can avoid writing to disk (probably no CGI, etc). It wouldn't be too interesting, but then you probably don't want much happening on your web server anyway. You could even wire that write-disable switch or jumper into a keyswitch on the main console. - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From tcmay at got.net Mon Sep 2 02:01:13 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 2 Sep 1996 17:01:13 +0800 Subject: Free Speech and List Topics Message-ID: At 5:17 AM 9/2/96, qut wrote: >About the need for limits for anonymity, guess what brought that on? >Crime? Yes! The crime of the media monopoly violating the anti-trust >acts, because people are ignorant enough to trust the mass media for >their news. No self-respecting Cypherpunk thinks the Antitrust Act and related acts are worthy of enforcement. (Think of how the technology we support will tend to allow new avenues for price collusion, interlocking directorates, new forms of business combines, unreadable secure communications with foreign competitors, and so on, all things the Antitrust regulators are already growing worried about.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From stewarts at ix.netcom.com Mon Sep 2 02:01:46 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 2 Sep 1996 17:01:46 +0800 Subject: Encourage Singapore To Come Out Of the Stone Age Message-ID: <199609020630.XAA20578@toad.com> At 07:06 AM 9/2/96 +0800, James Seng wrote: >Just let to add my comment in regard to this unforuntate discusssion. >To understand the sitution better, you should not impose America >idealogy and perspection on how things to be done to Singapore. >Singapore maybe young but there are certain culture too. While Tim's article title was clearly intended to be provocative, I think the most unfortunate thing about this discussion is that we need to have it at all. Any government, or any individual thug, that would impose violence on people for saying things that would bring it into disrespect deserves no respect at all. Any government that claims to have the god-like wisdom to dictate what's best for its subjects to hear or what religious ideas to believe doesn't deserve to be listened to, much less obeyed. If Singapore's government and religious leaders want to say "Our ideas are better than American ideas", and you or I or your neighbor want to listen to them, fine; maybe some of their ideas are better than some of the many ideas floating around North America. But if you or I or your neighbor want to listen to competing ideas, and even to believe and talk about competing ideas, neither you nor the government have the right to stop them - only to refute them with better ideas. People like Tim and I aren't upset only because we believe that we know better than you and Lee Kwan Yew how to run Singapore; free speech is often threatened here in the US and especially Canada. You mentioned movie ratings - they were invented here partly to avoid the threat of government censorship. A few years ago a prominent right-wing religious/political leader, Jerry Falwell, put out a "Bill Of Rights For American Families" that included the right not to hear offensive foreign ideas like Communism. I agree that Singapore and America have different cultures; in an environment of free speech, if Singaporeans don't like American TV and movies, they won't watch them, and advertisers will quickly figure this out and try to find TV programs they like. On the other hand, if a power-hungry government decides that it doesn't like American TV, forbids business licenses to anyone who broadcasts it, and jails anyone who broadcasts TV without a business license, they're more corrupt than a government that forbids business licenses to anyone who doesn't pay a bribe. (At least in a kleptocracy, you can usually print or say what you want if you pay the bribes, though my father-in-law's newspaper was once shut down for printing that the mayor was taking bribes, and who they were from, and how much.) >In addition, you need to see the method of censorship deployed in >Singapore. For press media like papers and magazine, it is done in a >passive manner. They _do not_ read every issue of every magazine available >in Singapore. They only do so when there is enough complains. This also means you don't know what is safe to print and what isn't. You have to restrict yourself very strongly, because otherwise some politically influential person will complain to the government, and you go to jail. At least if the government tells you what the rules are, you know it's safe to say things that don't violate them. >One more point. They know it is impossible to censor everything. [....] >his reasoning is "how many people can do it? 10%? 5%? That's fine with us. >If the people really wans it, they can get it". Interesting. I don't know if this is good or bad, but at least they're realistic. It also means that if enough people want information badly enough, the government may know not to censor it. On the other hand, a government that can keep the leader of an opposition political party in jail for years just because he opposes them is pretty corrupt. >if you wish to rebuke the points which i mention above, please feel >free to do so but do so in the context wrt Singapore culture. >Do not impose the general idealogy and culture within >your country into your argument. The right to speak freely without government thugs shutting you down and throwing you in jail or killing you is a universal one. The ability to get anybody to listen to what you have to say, on the other hand, is highly dependent both on general culture and on the interests of the individuals you hope will listen, as well as on what you have to say and your ability to say it well. >Now, what makes you think that citizen of Country A has the power or >rights to tell politicians of Country B what to do and what they cannot do? >Just wondering. Because I have a mouth and a conscience, and they have ears and consciences. I certainly have more right to tell a politician in Country B not to stop his subjects from speaking than he does to order them not to speak. And if the politicians over here are wrong, which they often are, you've got the right to tell them that too. Of course, the politicians over here usually won't listen to you, and the politicians over there either won't listen to me or they'll add my name to the firewall killfile :-) But it's also safer for me to tell your politicians to behave well than for you to tell them, since you have to live with them. >ps: Sorry for the off-topic discussion. It's not off-topic. Building tools to prevent censorship is distinctly on-topic for cypherpunks, and an occasional digression into whether it's a good idea is worthwhile. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # Reassign Authority! From patrickbc at juno.com Mon Sep 2 02:15:47 1996 From: patrickbc at juno.com (patrick b cummings) Date: Mon, 2 Sep 1996 17:15:47 +0800 Subject: free speech online Message-ID: <19960901.014144.9678.2.patrickbc@juno.com> I agree that their should be free speech on the net. Someone should start a petition and get as many people to sign it as possible. From unicorn at schloss.li Mon Sep 2 02:17:27 1996 From: unicorn at schloss.li (Black Unicorn) Date: Mon, 2 Sep 1996 17:17:27 +0800 Subject: "Security risks" vs. "credit risks" In-Reply-To: Message-ID: On Sat, 31 Aug 1996, Timothy C. May wrote: > I find the notion that one's speeches and Usenet utterances could "harm > one's security rating" a distasteful idea, but so long as such security > ratings are handled by private players, and used by private players, I see > no illegality. Yet another reason to be a pseudonym in the United States. I tend to agree with Mr. May. I don't really care who has "access" to information provided they do not have access to government collection resources. The former can be detered suiimply by taking measures to prevent your information from being introdued into the system. They only get what you give them. The second would be more disturbing. One only deserves what privacy one secures for one's self. > > --Tim May > > We got computers, we're tapping phone lines, I know that that ain't allowed. > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > Licensed Ontologist | black markets, collapse of governments. > "National borders aren't even speed bumps on the information superhighway." -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From unicorn at schloss.li Mon Sep 2 02:33:27 1996 From: unicorn at schloss.li (Black Unicorn) Date: Mon, 2 Sep 1996 17:33:27 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: <19960901220323595.AAA208@Esther.edventure.com> Message-ID: On Sun, 1 Sep 1996, Esther Dyson wrote: > Now, speaking personally: I believe there are trade-offs -- which is what I > told the LA Times. I assume I was quoted accurately (although the word > "enforce" is awkward), but out of context. Anonymity can be dangerous -- > as can traceability, especially in/by repressive regimes. Therefore I would > favor allowing anonymity -- with some form of traceability only under terms > considerably stronger than what are generally required for a wiretap. > Anyone who seriously needs anonymity because of a repressive government is > likely to use a foreign (outside whatever jurisdiction he fears) server, so > that this is not a matter of "local" laws. The tracer would have to pass > through what I hope would be tighter hoops than we have now. > > Please note that this is not the same as the right to *private* > conversations and the use of encryption; this is the issue of being > accountable for what you publish in public. I've left the attributation list open because I think my view a majority one. The inclinations I had to be involved with or financially support EFF are, after reading this, entirely quashed. What is or is not your personal or EFF's official position is meaningless. It is clear that the personal beliefs of those involved in EFF are those of compromise, present day politics, and a general lack of moral fiber. The political assumptions and the degree of technical invasion that would make the above scheme possible are either hopelessly naive, or insidiously invasive. A scheme to make every net goer traceable (albut with some undefined mechanism to "safeguard" against abuse) is, even in its core requirements, frightening. Whatever respect I had for EFF collectively and the individuals working within the organization is much deminished, if it survives at all. > Yes, I'm aware of the complexities, and of the possibilities for > miscarriages of justice. Yet you address this where exactly, even now in your "apology" or "explanation" statement? > Speaking for myself, only (and publicly), > Esther Dyson Perhaps you should have spoken publically but anonymously the first time? Having not done so, I think you have damaged yourself as well as EFF. > Esther Dyson Always make new mistakes! I find the above amusing. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From lutz at as-node.jena.thur.de Mon Sep 2 02:44:39 1996 From: lutz at as-node.jena.thur.de (Lutz Donnerhacke) Date: Mon, 2 Sep 1996 17:44:39 +0800 Subject: Pseudonym server: Jenaer Anonymous Service In-Reply-To: <199609011109.NAA14105@jengate.thur.de> Message-ID: * stewarts at ix.netcom.com wrote: > Jenaer Anonymous Service > looks like a high-security pseudonym server. Thanks. > rather than having it arrive directly. But in return, > it's pretty secure, since you can only get caught if the > remailer or its operator are compromised when you request a delivery. It's strongly recomment to use a reply server to forward your requests to. The server sends all outgoing messages via mixmaster chains. (mixmaster at as-node.jena.thur.de can is always the first one in the chain). The policy of this remailer urges the user to send incoming jobs only via mixmaster chains. It may be changed to drop incoming jobs which does not come from the local mixmaster silently. > I haven't yet checked if how flexible it is about the location > of Reply-To: in the headers, since some mailers make it difficult > to paste that in. Reply-To: is neccessary to be included in the encrypted message body. All readable header informations execpt Subject: {help,send} is drop to /dev/null including the To:, From:, Sender:, Path:, Reply-To: ... lines. > The public key for the server is signed by Lutz.Donnerhacke at Jena.Thur.De, > which is in turn signed by 0x3B7F286D, which MIT thinks is an unknown > signator... 0x3B7F286D is the key of Winfried Mueller, the maintainer and autor of Religio, an information system anout religious subjects. A lot of documents fight against Scientology. Try http://Www.thur.de/religio/. Type Bits/KeyID Date User ID pub 2048/39F37F5D 1996/04/25 Lutz Donnerhacke Lutz Donnerhacke -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzGACKIAAAEIAMSu8OdG/ZNUiN1qc/eobx53oCeOW3iaxWIrK3q9XgBfzHwy AuwumYmL+mgCFnP7jkmk0Y4mst6UszujK+mplzuqzCox+7mUhBl0swQQ/0Bqg8HX 0lm0oYoTnQoeUMcoqCGcj1PbO8Gm40nlXj6wKHzhWQfIVkvhyzUODEhu/Pr0mf9V PtjVoWya8qD+LleM6u8GHsGP2bfERUfFDr6cmdtbUg24U/lsenYzzE5kW1VUyFqK YqRGJoDy1ZQlXIgVG6wULdNcJ96Vc2tEMRMWASvxxS9BJORUC0nRAE6sqBKXiQ93 +x06J3xEaSuCVv9DxyFl8HIQzOtzCdxwOTnzf10ABRG0MEx1dHogRG9ubmVyaGFj a2UgPEx1dHouRG9ubmVyaGFja2VASmVuYS5UaHVyLkRlPokBFQMFEDG9XE/4w3ah osUXSQEBgeoH/iA1uhqU3RsqebIgJquaTB2e5m9NfZdD108ctmhbf191IodV+Doz oWAp9GH9PMhD/vEERoiuwNJCGGCUDooaRXR4ZRh6I8Tb4D+C53uiPqaNKdzjaZTi gQ3I/odRwpoggWqr5d8SjIG4Hf5ERB39wdMSrzmHpXYJJRdLvVh9tYFhmS1islDB vAUxAVlnWKk1vLkbn4cSuIrZL53HQ60fBfcK9MVAPelHhi4jh1J3JN8NJk8bsht6 lx5BfdygLN5Mn4FEQ0JveH2kH2xmSoQvHuAjo1YzBJePOoyJgfJ/QcwNx7ZAcewC HvaogTeALtt0n11q67/1PNOq3/5D+CMqB8iJAJUDBRAxgT1EYH38Rzt/KG0BATIr BACijD0IjjePaO0ZVU2zk+OChpXmztf512PwIf6nRcdlOC+DtoK/EusXJoUx2lmb 8M8sJiaN9PgCOj21QfbpkEcyCCXdKfpBvtj5g73OruJdSCFV+O9Pts8jEqlTK+zo we/Rqr/Nd08Sh0dkQ8E0hlpUVgQkGUiBs5T8LNSeV9G8LIkBFQMFEDGACKMJ3HA5 OfN/XQEB/+QH/20sSVx0VZyv6bbX4t37dd8uY0ZmY7ZxAkwTFZD9wgmcpCQ11cTY 2ZiAKZFheSo4HirBtdKKmW9jMl2GuOs/yDT3JUEcFLSdsFEeqy3EzDYCpJDlm+pV Vd1BidO3phnt6mqbHoKVbwD0+SL6ZxvRzUscnLL3fEDuIepJ4RGlTH6K8cfooDi3 AI6SBPlphO92ZEeVYs/MRCziwhyYHBAZ3ldJJR23V2vlRaB8LO/UhtcZ8aAHXBi2 XbML4sI4qVqvWEeDLe42lAEmlzgm9zzzvjeBHUe2h8kUU/p0KWhnBbRBDLIuoY4Z lEogVqB2bzYFZ17IWQtsy7VS7X9IcxERg6m0H0x1dHogRG9ubmVyaGFja2UgPGx1 dHpAZGFuYS5kZT6JARUDBRAxhoKJCdxwOTnzf10BAS90CACENM1MPBE4vg9sm7Bq t7PyUCrO4z0ZGjiVQhAe1e2nzXAWqYbNhg7tpla/eekG146KBq9h7KFd2v3qApyR cosse0KUiuLEiCNne7wnwgHpe0+g5DEMmqqqkInaErxyDLEa12YVcwWkaESQyJD8 B5pgRyf4G1SuDRnhOL1VY3SaZeo8trzwWWFLapPI4Qy6vzm2/LdtprL52pFuTD3J f591mHnnIo3FsYEuMBJUxFYw91dO2RfqSQmqCnR7v4B5IE2OElXZZy8co2rHy969 2IM32oJyRJVbj/U3M+EqOSvhsFmqU6muEUkfvNyknyCGyt1hdATSb4QzwPdMKXRC YTRi =LDb+ -----END PGP PUBLIC KEY BLOCK----- > Because you don't get your reply email until you ask to pick it up, > it does seem easy to abuse; complaints, flames, and mailbombs won't reach you > if you don't ask for them. I hope the operator doesn't mind the workload > of managing the remailer - it looks like a good service, and with > Julf's remailer shut down, we need more nymservers. Sure. My nymserver is completely written as a bash script. -- | Lutz Donnerhacke +49/3641/380259 voice, -60 ISDN, -61 V.34 und Fax | From MAILER-DAEMON at mqg-smtp3.usmc.mil Mon Sep 2 02:47:32 1996 From: MAILER-DAEMON at mqg-smtp3.usmc.mil (MAILER-DAEMON at mqg-smtp3.usmc.mil) Date: Mon, 2 Sep 1996 17:47:32 +0800 Subject: Undeliverable Message Message-ID: To: Cc: Subject: Re: It is good that anon.penet.fi has been closed! Message not delivered to recipients below. Press F1 for help with VNM error codes. VNM3043: BANYAN SERVER at MAG26@2DMAW NEW RIVER VNM3043 -- MAILBOX IS FULL The message cannot be delivered because the recipient's mailbox contains the maximum number of messages, as set by the system administrator. The recipient must delete some messages before any other messages can be delivered. The maximum message limit for a user's mailbox is 10,000. The default message limit is 1000 messages. Administrators can set message limits using the Mailbox Settings function available in the Manage User menu (MUSER). When a user's mailbox reaches the limit, the user must delete some of the messages before the mailbox can accept any more incoming messages. UNDEFINED-----BEGIN PGP SIGNED MESSAGE----- On Sun, 1 Sep 1996, Igor Chudov @ home wrote: > I believe that Private Idaho is a cypherpunks remailer client for Windows. True. But it is a seperate program from email clients which means that anyone wanting to use Private Idaho has to download it, install it, and learn how to use it in conjunction with one's email program. Most people who may have a need for anonymity have probably never heard of PGP or Private Idaho. I think that until remailer functions are actually built into the programs that people use, remailer use will be rare. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMipNqizIPc7jvyFpAQFy0Qf+LbMgy3PBJ+ipGbxblKbjEm09aiziLEpD p7JCudf6TrBUdF+2PwTdxK/sOCITE9lTwbycAgeCvEYNUJEbsR3a6ix5fxbQuF8p Y9/tEbLVESUz0/+UthVnBasbFsCOzHV+ztlIRIk8SEEJKxsu8cNRZqcjaAqH5Q1A dmBKZ9KGQWPNuc5oLfqahyzroa8kAG59HSDm+ntV9fwduKNi8wSV6WFmA2s9pnZa +yRRXmSm4PkWVXgNdQCosTTcD1enSIBcH2WAQu1jpDZbbs6+6v1KvdPa5+WOvTs3 kpBfFBlsmVkWJS63ouqDb7yihoq/qZvhyE2Fske8uVYh9M5Ffn9AKg== =md6D -----END PGP SIGNATURE----- From MAILER-DAEMON at mqg-smtp3.usmc.mil Mon Sep 2 02:52:11 1996 From: MAILER-DAEMON at mqg-smtp3.usmc.mil (MAILER-DAEMON at mqg-smtp3.usmc.mil) Date: Mon, 2 Sep 1996 17:52:11 +0800 Subject: Undeliverable Message Message-ID: To: Cc: Subject: Re: DON'T Nuke Singapore Back into the Stone Age Message not delivered to recipients below. Press F1 for help with VNM error codes. VNM3043: BANYAN SERVER at MAG26@2DMAW NEW RIVER VNM3043 -- MAILBOX IS FULL The message cannot be delivered because the recipient's mailbox contains the maximum number of messages, as set by the system administrator. The recipient must delete some messages before any other messages can be delivered. The maximum message limit for a user's mailbox is 10,000. The default message limit is 1000 messages. Administrators can set message limits using the Mailbox Settings function available in the Manage User menu (MUSER). When a user's mailbox reaches the limit, the user must delete some of the messages before the mailbox can accept any more incoming messages. UNDEFINED-----BEGIN PGP SIGNED MESSAGE----- On Mon, 2 Sep 1996, James Seng wrote: > Now, what makes you think that citizen of Country A has the power or > rights to tell politicians of Country B what to do and what they cannot do? > Just wondering. I have every right as a citizen of country A to tell politicians of country B what they should or shouldn't do. This isn't about American Ideology; it's about natural rights. Politicians of country B can refuse to listen to me or attempt to prevent my corrupt ideas from polluting the minds of its citizens, but they won't succeed very well with the latter. Of course, politicians may be satisfied with making sure that only the most determined citizens will be able to access information they don't want citizens to access, but as technology progresses, it will become much more difficult to prevent this information from spreading to the masses. > > ps: Sorry for the off-topic discussion. Cpunks is certainly not the best place to be discussing free speech. However, the link between free speech and the spread of cryptographic technology is too close to completely overlook. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMipSASzIPc7jvyFpAQFYyAgAuy7FvTpGHqYHi9zw3FMiea2tLnYVWPU6 D6VrGvN5NxRtTE8yW3eKrc1iU/0jQIVxHtUhHcodbPfvGqEtwuZKKbbknNj5GmzS pmhcYPguXDwlXL4m3IjxEvhPg7GZ7tjbhXlPK7ADu0EHxvjwesAcrKyCPddu0i9U e83bo3Q4vBT75WPVpSI1i6jJmC7ql4s3GZVvP2Qf6hzvu9fwSKbAra0ZLBFVKf25 WKwNK2eTVBcQOYytwXOQmdSV/hgFB/Y2T6+PHgnAjaDVeX3WqUuxggk6DpBY2V8g bORwsuZyweJviVZIOjbLx6RDeNJQWWSjUCojHvJyKzqffg23Fi8bAw== =+23m -----END PGP SIGNATURE----- From stewarts at ix.netcom.com Mon Sep 2 02:53:04 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 2 Sep 1996 17:53:04 +0800 Subject: It is good that anon.penet.fi has been closed! Message-ID: <199609020721.AAA21297@toad.com> In a challenging article posted 12:33 PM 9/1/96 -0500, ichudov at algebra.com (Igor Chudov) wrote: >Yes, subject says it all. anon.penet.fi was a whole lot worse than >cypherpunks remailers. It provided clueless users with no real security, >because it stored return addresses and did not use chaining and >encryption. There are different reasons people use remailers, different amounts of security they need, and different levels of security that the remailers can provide. Anon.penet.fi was a Good Thing. It got a few hundred thousand people thinking about remailers, and why they want them, and thinking they were good tools. It helped the public learn that anonymity is useful for real people, and helped the public learn that they can't always believe an email message is from the "person" on the From: line, and that email and news postings aren't always authentic just because they come out of a computer :-) One way to provide privacy is through heavy mathematics; for some people, and some threats, you need that. Another way to provide privacy is through a trusted operator who's willing to put up with a lot of crap to provide the service. For many people, that's enough - not for people worried about eavesdroppers and overthrowing governments, but enough for people talking about their attitudes toward work and sex and drugs who don't want their email traced by their employers, nosy neighbors, or local vice cops. And part of this security is the willingness to close down a popular service when it's security is threatened. One feature that's really needed for many remailer applications is reply addresses. Doing that securely with cypherpunks-style remailers is hard; doing it securely with trusted-sysop remailers is much easier, and even then there were occasional bugs, and plain surprises. In general, anything that knows the return path is vulnerable; if the person sending the reply knows the destination address, which doesn't apply to many of the applications, the remailer system in between can be secure, but otherwise you're not "truly secure" - only "pretty good". Knowing what the users really want to do helps you do it more securely. >From what I know of remailer history, the main original goal of the cypherpunks-style remailer was to provide security against traffic analysis by eavesdroppers, rather than to prevent the recipient from knowing the sender's address, though everybody pretty quickly realized that the latter was an interesting feature, especially coupled with posting to Usenet. Learning the differences between what people will really do with 2-way remailers as opposed to 1-way remailers can be done better with an easy-to-use 2-way remailer like penet.fi which can get 500,000 (possibly duplicated) users than with moderately complicated systems like alpha.c2.org or the really complicated things that may be needed to get better security. >Maybe closing of anon.penet.fi will spur real interest from the unwashed >alt.sex.* masses to the truly secure remailers. Who knows; maybe the most effective way to fund "truly secure" (bwah-hah-ha) remailers will turn out to be to carry phone sex advertising :-) Or maybe somebody will build a decent digicash interface to a remailer, which will help get digicash going now that everybody who uses remailers will be looking for a new home. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # Reassign Authority! From stewarts at ix.netcom.com Mon Sep 2 02:55:00 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 2 Sep 1996 17:55:00 +0800 Subject: It is good that anon.penet.fi has been closed! Message-ID: <199609020724.AAA21368@toad.com> In a challenging article posted 12:33 PM 9/1/96 -0500, ichudov at algebra.com (Igor Chudov) wrote: >Yes, subject says it all. anon.penet.fi was a whole lot worse than >cypherpunks remailers. It provided clueless users with no real security, >because it stored return addresses and did not use chaining and >encryption. There are different reasons people use remailers, different amounts of security they need, and different levels of security that the remailers can provide. Anon.penet.fi was a Good Thing. It got a few hundred thousand people thinking about remailers, and why they want them, and thinking they were good tools. It helped the public learn that anonymity is useful for real people, and helped the public learn that they can't always believe an email message is from the "person" on the From: line, and that email and news postings aren't always authentic just because they come out of a computer :-) One way to provide privacy is through heavy mathematics; for some people, and some threats, you need that. Another way to provide privacy is through a trusted operator who's willing to put up with a lot of crap to provide the service. For many people, that's enough - not for people worried about eavesdroppers and overthrowing governments, but enough for people talking about their attitudes toward work and sex and drugs who don't want their email traced by their employers, nosy neighbors, or local vice cops. And part of this security is the willingness to close down a popular service when it's security is threatened. One feature that's really needed for many remailer applications is reply addresses. Doing that securely with cypherpunks-style remailers is hard; doing it securely with trusted-sysop remailers is much easier, and even then there were occasional bugs, and plain surprises. In general, anything that knows the return path is vulnerable; if the person sending the reply knows the destination address, which doesn't apply to many of the applications, the remailer system in between can be secure, but otherwise you're not "truly secure" - only "pretty good". Knowing what the users really want to do helps you do it more securely. >From what I know of remailer history, the main original goal of the cypherpunks-style remailer was to provide security against traffic analysis by eavesdroppers, rather than to prevent the recipient from knowing the sender's address, though everybody pretty quickly realized that the latter was an interesting feature, especially coupled with posting to Usenet. Learning the differences between what people will really do with 2-way remailers as opposed to 1-way remailers can be done better with an easy-to-use 2-way remailer like penet.fi which can get 500,000 (possibly duplicated) users than with moderately complicated systems like alpha.c2.org or the really complicated things that may be needed to get better security. >Maybe closing of anon.penet.fi will spur real interest from the unwashed >alt.sex.* masses to the truly secure remailers. Who knows; maybe the most effective way to fund "truly secure" (bwah-hah-ha) remailers will turn out to be to carry phone sex advertising :-) Or maybe somebody will build a decent digicash interface to a remailer, which will help get digicash going now that everybody who uses remailers will be looking for a new home. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # Reassign Authority! From stewarts at ix.netcom.com Mon Sep 2 03:02:15 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Mon, 2 Sep 1996 18:02:15 +0800 Subject: Educating former anon.penet.fi users about other remailers Message-ID: <199609020724.AAA21373@toad.com> I've gotten about 5 messages from daemon at anon.penet.fi telling me that the remailer is closed; don't know if they're from various previous identities, or if they're from postings to mailing lists with anonymous people on them, or whatever. If somebody were to put together a one-page note on other remailers, would it make sense to send it to all the penet.fi users? A canonical cypherpunks approach would be to just write one and send it to na000001 at anon.penet.fi ..... na600000 at anon.penet.fi, but I assume either my system or Julf's would decide it was spam and discard it (even if it were split up into 60,000 10-message chunks.) The press release on www.penet.fi does contain pointers to the FAQs, but people have to go looking for that. On the other hand, if there are an extra 10,000 hits per day on alpha.c2.org because of a really well-written one-page blurb, can it handle the load? # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # Reassign Authority! From jseng at pobox.org.sg Mon Sep 2 04:56:36 1996 From: jseng at pobox.org.sg (James Seng) Date: Mon, 2 Sep 1996 19:56:36 +0800 Subject: Encourage Singapore To Come Out Of the Stone Age Message-ID: <199609020913.TAA11331@jagumba.anu.edu.au> At 11:29 PM 9/1/96 -0700, Bill Stewart wrote: >bring it into disrespect deserves no respect at all. Any government >that claims to have the god-like wisdom to dictate what's best for >its subjects to hear or what religious ideas to believe doesn't >deserve to be listened to, much less obeyed. If Singapore's government >and religious leaders want to say "Our ideas are better than American >ideas", and you or I or your neighbor want to listen to them, fine; I think you have misunderstood my posting. I never say Singapore ideas are better than American ideas. What i am saying is that Asian (Singapore) values are _DIFFERENT_ from western (America) values. [i know i am generalising] When you look at the laws and regulation. You cannot just look at what you think is best. You have to look at other things. Culture, social and economical structure, religion and history. In every aspect, Singapore (or most Asian for that matter) are different. Thus, you cannot judge a Singapore government action based on your social background. My purpose of posting is to hope to bring some light to the people here about some social norm in Singapore, hopefully to explain why the government choose to block certain WWW and yet was not strongly opposited here. Secondly, you do not need to convience me. I agree with you totally. What you have to convience is the general population here, against the culture, the society and everything. >maybe some of their ideas are better than some of the many ideas >floating around North America. But if you or I or your neighbor >want to listen to competing ideas, and even to believe and talk about >competing ideas, neither you nor the government have the right to >stop them - only to refute them with better ideas. Nope. I am open to ideas which is why i been watching to this thread. I find it is rather constructive to see how people think about Singapore and then compare it with my own ideas. However, i also know it is useless to have continue discussion with fanatic as they have a tendancy to distored what you say to suit their argument. Nor are they particular open minded to listen to others like our dear Tim has clearly shown us. This is why i am responsing to your article and not his. >On the other hand, if a power-hungry government decides that it doesn't >like American TV, forbids business licenses to anyone who broadcasts it, >and jails anyone who broadcasts TV without a business license, >they're more corrupt than a government that forbids business licenses to >anyone who doesn't pay a bribe. (At least in a kleptocracy, >you can usually print or say what you want if you pay the bribes, >though my father-in-law's newspaper was once shut down for printing >that the mayor was taking bribes, and who they were from, and how much.) Sad to say, Singapore government does have a lot of power. But i am glad what you mention isnt happening in Singapore. I havent heard of any serious corruption cases or people accepting bribes etc. Nor does the people here feel a suppressed nor are there general disatifaction. I think you are too influenced with the persepection from 1984. *8) All things works both ways. Power is no otherwise. >This also means you don't know what is safe to print and what isn't. >You have to restrict yourself very strongly, because otherwise >some politically influential person will complain to the government, >and you go to jail. At least if the government tells you what >the rules are, you know it's safe to say things that don't violate them. You dont go to jail for writing articles. You might be sue for deframation if you published something untrue (similar to your civil lawsuit i guess?) and have to pay large sum of money to the person but you dont go to jail. And yes, they are telling the people what _are_ the things now so you know what to avoid. >It also means that if enough people want information badly enough, >the government may know not to censor it. On the other hand, >a government that can keep the leader of an opposition political party >in jail for years just because he opposes them is pretty corrupt. I am not interested in politics so i didnt really know what is happening in that case. for that, i have no comment. >The right to speak freely without government thugs shutting you down >and throwing you in jail or killing you is a universal one. >The ability to get anybody to listen to what you have to say, >on the other hand, is highly dependent both on general culture >and on the interests of the individuals you hope will listen, >as well as on what you have to say and your ability to say it well. Very true. So does the First Amendment said. Singapore does have such similar law as First Amendment which is slight "modified". You have freedom of speech as long as your comments does not endanger religious/racist harmony and national security. (I do not know the exact term..need a lawyer for that..). The reasons for this are for historical reasons which trace back. >Because I have a mouth and a conscience, and they have ears and consciences. >I certainly have more right to tell a politician in Country B not to >stop his subjects from speaking than he does to order them not to speak. >And if the politicians over here are wrong, which they often are, >you've got the right to tell them that too. Of course, the politicians >over here usually won't listen to you, and the politicians over there >either won't listen to me or they'll add my name to the firewall killfile :-) >But it's also safer for me to tell your politicians to behave well than >for you to tell them, since you have to live with them. Fair enough. Point taken and you are right. I was able to say that you are not the one who are going to vote for/against them in the next election. *8) >It's not off-topic. Building tools to prevent censorship is >distinctly on-topic for cypherpunks, and an occasional digression into >whether it's a good idea is worthwhile. Perhaps but not to the other thousand of other cypherpunk subscribers. With this, i hope i have explained any misunderstanding with the previous posting. If you wish to carried on with this discussion, please feel feel to email me directly. -James Seng From proff at suburbia.net Mon Sep 2 06:23:51 1996 From: proff at suburbia.net (Julian Assange) Date: Mon, 2 Sep 1996 21:23:51 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: Message-ID: <199609021023.UAA09571@suburbia.net> > On Sun, 1 Sep 1996, Esther Dyson wrote: > > > Now, speaking personally: I believe there are trade-offs -- which is what I > > told the LA Times. I assume I was quoted accurately (although the word > > "enforce" is awkward), but out of context. Anonymity can be dangerous -- > > as can traceability, especially in/by repressive regimes. Therefore I would > > favor allowing anonymity -- with some form of traceability only under terms > > considerably stronger than what are generally required for a wiretap. > > Anyone who seriously needs anonymity because of a repressive government is > > likely to use a foreign (outside whatever jurisdiction he fears) server, so > > that this is not a matter of "local" laws. The tracer would have to pass > > through what I hope would be tighter hoops than we have now. > > > > Please note that this is not the same as the right to *private* > > conversations and the use of encryption; this is the issue of being > > accountable for what you publish in public. > > I've left the attributation list open because I think my view a majority > one. > > The inclinations I had to be involved with or financially support EFF are, > after reading this, entirely quashed. > > What is or is not your personal or EFF's official position is meaningless. > It is clear that the personal beliefs of those involved in EFF are > those of compromise, present day politics, and a general lack of moral > fiber. > > The political assumptions and the degree of technical invasion that would > make the above scheme possible are either hopelessly naive, or insidiously > invasive. > > -- > I hate lightning - finger for public key - Vote Monarchist > unicorn at schloss.li I agree with you whole-heartedly. I am stunned by the EFF's position on this matter and they no longer have my support. Here are some more of Dyson's statements on this subject. [http://bin-1.gnn.com/gnn/feat/dyson/index.html] [...] The EFF began very much as a civil rights "don't tread on me" kind of organization, and in a sense one of our major jobs was helping to educate law enforcement and the government. I wouldn't say that job is done, but now we also need to educate a broader population. If our motto was civil rights in cyberspace, it's now civil rights and responsibilities, because as more people come on to the Internet, they have to understand their responsibilities as well as their rights. If people don't do that, someone is going to try to come and regulate them. We are trying to create a civil society rather than a legal society in cyberspace. [...] We are strongly in favor of privacy, although there's some kind of balance required because of the need for a free press. Anonymity is a tougher one, and we actually don't have a formal position on that. The need for anonymity I agree with, but there are issues with accountability that mean it shouldn't be absolute. Examining in detail Dyson's interests it appears she maintains a sizeable and long-standing interest in Eastern European technology companies. She is also clearly very far to the right of the political spectrum (rampant capitalist would be putting it mildly). She also speaks Russian. I'm not saying she has been working for the CIA for the past decade, but I would be very surprised if the CIA has not exerted quite significant pressure (which they are easily able to do given the location of many of Dyson's assets) in order to bring her into their folds during that time period. -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+ From dlv at bwalk.dm.com Mon Sep 2 07:06:21 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 2 Sep 1996 22:06:21 +0800 Subject: Sen. Leahy's "impeccable cyberspace credentials" In-Reply-To: Message-ID: jonathon writes: > On Sun, 1 Sep 1996, James A. Donald wrote: > > > > I agree with what you are saying but not all polititions are that bad. > > > You make it sound as if their are no politisions are for freedom of the > > > net. > > So who is the exception? > > Harry Browne Libertarian Party Candidate. Harry Browne is a fucking statist. All politicians are scum. No exceptions. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Mon Sep 2 07:06:28 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 2 Sep 1996 22:06:28 +0800 Subject: Free Speech and List Topics In-Reply-To: Message-ID: tcmay at got.net (Timothy C. May) writes: > More disturbing to me recently has been the steady increase in subscribers > to this list who don't seem to value free speech very highly, who write of > their own nation's censorship as valiant efforts to protect citizen-units > from foreign devils, and, even more shockingly, from supposed defenders of > electronic freedom who are now talking about the need for limits on > anonymity. The Freedom Knights are the only true defenders of True Free Speech. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From pjn at nworks.com Mon Sep 2 07:22:05 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Mon, 2 Sep 1996 22:22:05 +0800 Subject: wardialer Message-ID: > Does any body know where I can get a half decent war dialer. > In> Use a websearch utility, and stop posting to cryptography-based In> mailing lists. Someone should shoot that kid and put US out of OUR misery... :) P.J. pjn at nworks.com ... Nothing is opened more often by mistake than YOUR mouth. ___ Blue Wave/QWK v2.20 [NR] From asgaard at Cor.sos.sll.se Mon Sep 2 07:26:51 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Mon, 2 Sep 1996 22:26:51 +0800 Subject: Sharp knives In-Reply-To: Message-ID: "James A. Donald" , writes: >I heard on talk.politics.guns somebody say that in Sweden they >had banned knives with a sharp point at the end, and were going >to ban sharp knives altogether. I think he was just engaging in >hyperbole, that he really meant that gun control in Sweden was >unreasonably strict, but on reflection I am not sure. There is a law in Sweden, some 5 years old, against carrying 'dangerous devices' (hunting knives, Ninja stars etc) in 'public places' (unless you are a carpenter, electrician or some such going about your business). It's okay to carry a knife when going fishing/hunting or sitting on your terrace carving totem poles. It's only a misdemeanour and might be punished with a fine, but usually the cops just use the law to disarmour street gangs on the spot. The effects of the law are dubious. Knives have come into fashion among teenagers after this legislation (but not as a consequence of it, I think). Asgaard From frissell at panix.com Mon Sep 2 08:01:52 1996 From: frissell at panix.com (Duncan Frissell) Date: Mon, 2 Sep 1996 23:01:52 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age Message-ID: <2.2.32.19960902124403.00ae6430@panix.com> At 07:06 AM 9/2/96 +0800, James Seng wrote: >that). I have a long argument with this person, telling him that despite >what they have done, i could still access to those stuff which they ban. >his reasoning is "how many people can do it? 10%? 5%? That's fine with us. >If the people really wans it, they can get it". The flaw with this view is that it is no harder to deploy software that defeats Singapore's proxy than it is to establish a tcp/ip connection in the first place. For civilians (such as myself) establishing a tcp/ip connection is as hard or as easy as establishing an encrypted tcp/ip tunnel to defeat government control efforts. For both these tasks, I am dependent on software writers who know more than I do. Since the software of the Net is written by people not governments, the governments will find it hard to hold "free users" down to a 5% or 10% figure. The Net is nothing more than the software that it runs on and we (not governments) write the software. In addition, we are not imposing our ideology on Singapore. If Singapore changes, it will be because an encounter with the realities of the free flow of information changes it. DCF From m5 at tivoli.com Mon Sep 2 08:10:20 1996 From: m5 at tivoli.com (Mike McNally) Date: Mon, 2 Sep 1996 23:10:20 +0800 Subject: Encourage Singapore To Come Out Of the Stone Age In-Reply-To: <199609020913.TAA11331@jagumba.anu.edu.au> Message-ID: <322AD535.3E6C@tivoli.com> James Seng wrote: > > I am not interested in politics so i didnt really know what is > happening in that case. for that, i have no comment. Gee, James, have you paused to wonder whether the presence of a truly free press might make it really difficult for a smart person like yourself to *not* find out about political prisoners? ______c_________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * For the time being, m5 at tivoli.com * m101 at io.com * * three heads and eight arms. From liberty at gate.net Mon Sep 2 08:23:31 1996 From: liberty at gate.net (Jim Ray) Date: Mon, 2 Sep 1996 23:23:31 +0800 Subject: "Always make new mistakes" Message-ID: <199609021248.IAA84818@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Esther Dyson sigfiled: ... > Esther Dyson Always make new mistakes! OK, but must we always be trying to make the same *old* ones, only in a new medium? At least there's still EPIC (for now, I'm wondering when _they_ decide to cave?). I'm feeling pessimistic. JMR Regards, Jim Ray -- DNRC Minister of Encryption Advocacy & Weekend Winsock Wemailer Opewator. "Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech." -- Benjamin Franklin Defeat the Duopoly! Stop the Browne-out! Harry Browne for President. Jo Jorgensen for Vice-president. http://www.HarryBrowne96.org/ http://www.twr.com/stbo ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 http://www.shopmiami.com/prs/jimray ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMirUhG1lp8bpvW01AQHR3QQAl9EvaUOCHnTZ0eyIa+kv41fXDJMsOC0v BUGKvnz3rfVxRTS3JiHALB93Kc1F+kSjoOd7ftM42Pod4bsreSAHJ0CInJ2Q8iYS r7Y2/opiY139YonF4WsD6IPTMA2Hfip9t8EACu0v2jIvxSCBqwa84WVrAxCijS9t qfKK8d3Xw9g= =6tBV -----END PGP SIGNATURE----- From rah at shipwright.com Mon Sep 2 08:30:05 1996 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 2 Sep 1996 23:30:05 +0800 Subject: The AI-who??? Message-ID: An admittedly leftist interpretation of recent Alaskan electorial events, for those fans of the Alaskan Independance Party... Cheers, Bob Hettinga --- begin forwarded text From: sxaeg at aurora.alaska.edu (GREENWALT ART E) (by way of rah at shipwright.com (Robert A. Hettinga)) To: rah at shipwright.com Subject: The AI-who??? Organization: University of Alaska Fairbanks Path: news-central.tiac.net!news-in.tiac.net!uunet!in3.uu.net!brighton.openmarket.com!decwrl!news.alaska.edu!aurora.alaska.edu!sxaeg Newsgroups: alt.culture.alaska Date: 29 Aug 1996 01:07:38 GMT Lines: 35 NNTP-Posting-Host: aurora.alaska.edu X-Newsreader: TIN [version 1.2 PL2] X-Newsreader: Yet Another NewsWatcher 2.1.2 Okay, okay...I know everyone has been sitting on the edge of their privy seats wondering how the Rent-A-Party (aka "The Sub-Arctic Titanic of Politics") fared in the recent primaries here in the Interior, so here goes. Now, keep something in mind as you read these results: the Interior is the heart of the Rent-A-Party. Der Fuhrer Vogel "graced" us with his presence and as the infirmities of advancing age took their toll, he devised the party back in the mid-70's here in the Interior. So...you should think the bastion, the stronghold, Yea, Brethren and Sistren!, the very for-r-r-r-rtress of AIP-ity would be...the INTERIOR! Amen! The AIP fielded 1 candidate here on the Fairbanks ballots: Paul Chizmar. He finished last. Indeed, surpassing even the last performance of the party when they dropped from their 1990 high of 39% of the vote to their 1994 basement 13% of the vote, we now see them seeking subterranean levels as their sole candidate on the entire ballot received *barely* 11% of the vote! Right here! In the Interior! Just about 15 miles from Lynette and Dexter Clarke, the penultimate-Grand Poobahs of Das Partie! Tsk.... I tell ya, folks...I love to watch "Rocky and Bullwinkle", "Monty Python", "The 3 Stooges", the "Little Rascals", etc. But when the AIP finally dwindles/splinters/transmogrifies into its final bit of light and then that little glimmer goes out....I will have lost one of my greatest sources of amusement Alaska has ever offered me. Sigh.... .....Art, who will just have to watch more 3 Stooges and see if he can tell which one is Joe... --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From raph at CS.Berkeley.EDU Mon Sep 2 09:36:11 1996 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Tue, 3 Sep 1996 00:36:11 +0800 Subject: List of reliable remailers Message-ID: <199609021350.GAA03391@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail. For more information, see: http://www.c2.org/~raph/premail.html For the PGP public keys of the remailers, finger pgpkeys at kiwi.cs.berkeley.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"extropia"} = " cpunk pgp special"; $remailer{"c2"} = " eric pgp hash reord"; $remailer{"penet"} = " penet post"; $remailer{"flame"} = " cpunk mix pgp. hash latent cut post reord"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord ?"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"ecafe"} = " cpunk mix"; $remailer{"amnesia"} = " cpunk mix pgp hash latent cut ksub"; $remailer{'alpha'} = ' alpha pgp'; $remailer{'nymrod'} = ' alpha pgp'; $remailer{"lead"} = " cpunk pgp hash latent cut ek"; $remailer{"nemesis"} = " cpunk pgp hash latent cut"; $remailer{"exon"} = " cpunk pgp hash latent cut ek"; $remailer{"vegas"} = " cpunk pgp hash latent cut"; $remailer{"haystack"} = " cpunk mix pgp hash latent cut ek"; $remailer{"ncognito"} = " mix cpunk pgp hash latent"; $remailer{"lucifer"} = " cpunk mix pgp hash latent cut ek"; $remailer{"jam"} = " cpunk mix pgp hash latent cut ek"; $remailer{"winsock"} = " cpunk pgp hash cut ksub reord"; $remailer{'nym'} = ' newnym pgp'; $remailer{"balls"} = " cpunk pgp hash latent cut ek"; $remailer{"squirrel"} = " cpunk mix pgp hash latent cut ek"; $remailer{"middle"} = " cpunk mix pgp hash middle latent cut ek reord"; $remailer{'cyber'} = ' alpha pgp'; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. Groups of remailers sharing a machine or operator: (cyber mix) The alpha and nymrod nymservers are down due to abuse. However, you can use the cyber nymserver. The nym.alias.net server will be listed soon. See http://www.cs.berkeley.edu/~raph/n.a.n.html for details. 403 Permission denied errors have been caused by a flaky disk on the Berkeley WWW server. Hopefully, this is fixed by now. The penet remailer is closed. Last update: Mon 2 Sep 96 6:45:14 PDT remailer email address history latency uptime ----------------------------------------------------------------------- mix mixmaster at remail.obscura.com -+++++-+++++ 1:38:18 99.98% jam remailer at cypherpunks.ca .*****-+**+* 28:42 99.98% exon remailer at remailer.nl.com ***--**+**** 3:33 99.98% squirrel mix at squirrel.owl.de +-+------.+ 2:37:06 99.96% cyber alias at alias.cyberpass.net +-+*+** 38:49 99.96% middle middleman at jpunix.com ---- --+++ 55:25 99.69% replay remailer at replay.com +* *-**+*** 6:15 99.36% amnesia amnesia at chardos.connix.com - -----+--- 3:24:36 99.35% lead mix at zifi.genetics.utah.edu +++--+-+++++ 48:39 99.23% winsock winsock at c2.org - -----+-- 5:46:31 98.94% balls remailer at huge.cajones.com # **-**+**** 5:32 98.70% nemesis remailer at meaning.com ****- ++**** 23:48 98.46% extropia remail at miron.vip.best.com -..------ 4:55:14 94.02% haystack haystack at holy.cow.net *#* ##+### 10:59 90.11% History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From qut at netcom.com Mon Sep 2 09:40:06 1996 From: qut at netcom.com (Dave Harman OBC) Date: Tue, 3 Sep 1996 00:40:06 +0800 Subject: Sharp Knives In-Reply-To: Message-ID: <199609021338.GAA29868@netcom21.netcom.com> ! "James A. Donald" , writes: ! >I heard on talk.politics.guns somebody say that in Sweden they ! >had banned knives with a sharp point at the end, and were going ! >to ban sharp knives altogether. I think he was just engaging in ! >hyperbole, that he really meant that gun control in Sweden was ! >unreasonably strict, but on reflection I am not sure. ! ! There is a law in Sweden, some 5 years old, against carrying ! 'dangerous devices' (hunting knives, Ninja stars etc) in 'public ! places' (unless you are a carpenter, electrician or some such ! going about your business). It's okay to carry a knife when ! going fishing/hunting or sitting on your terrace carving totem poles. ! It's only a misdemeanour and might be punished with a fine, ! but usually the cops just use the law to disarmour street gangs ! on the spot. The effects of the law are dubious. Knives have come ! into fashion among teenagers after this legislation (but not as ! a consequence of it, I think). In California, it's a felony to merely *own* a Ninja star. It's a felony to carry a *concealed* knife, but carrying it openly in a holster is legal. It's a felony for most people to carry a concealed loaded handgun on the street only on a *second* offense. It'a a felony to merely *own* a switchblade, brass knuckles, etc. Do our weapons laws sound strange? Are many of our weapons laws stricter than countries like Sweden? Yes! From frogfarm at yakko.cs.wmich.edu Mon Sep 2 10:05:42 1996 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Tue, 3 Sep 1996 01:05:42 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: <199609021023.UAA09571@suburbia.net> Message-ID: <199609021354.JAA13057@yakko.cs.wmich.edu> > Examining in detail Dyson's interests it appears she maintains a > sizeable and long-standing interest in Eastern European technology > companies. She is also clearly very far to the right of the political > spectrum (rampant capitalist would be putting it mildly). She also speaks > Russian. And all these would certainly be excellent reasons to denounce her as an enemy of liberty, now wouldn't they. [CIA snip] > "Of all tyrannies a tyranny sincerely exercised for the good of its victims > may be the most oppressive. It may be better to live under robber barons > than under omnipotent moral busybodies, The robber baron's cruelty may > sometimes sleep, his cupidity may at some point be satiated; but those who > torment us for own good will torment us without end, for they do so with > the approval of their own conscience." - C.S. Lewis, _God in the Dock_ So what's wrong with her being an Evil Capitalist(tm) again? -- http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information "We think people like seeing somebody in a uniform on the porch." -US Postal spokeswoman, quoted in AP, 1/27/96. I don't know about you, but most people I know who saw someone in uniform on their porch would pull out the shotgun... From grafolog at netcom.com Mon Sep 2 11:14:01 1996 From: grafolog at netcom.com (jonathon) Date: Tue, 3 Sep 1996 02:14:01 +0800 Subject: Encourage Singapore To Come Out Of the Stone Age In-Reply-To: <199609020913.TAA11331@jagumba.anu.edu.au> Message-ID: On Mon, 2 Sep 1996, James Seng wrote: > You dont go to jail for writing articles. You might be sue for deframation > if you published something untrue (similar to your civil lawsuit i guess?) So what happens if somebody in Singapore publishes a list of Singaporians who beat up Chinese immigrants the previous week. > and have to pay large sum of money to the person but you dont go to jail. If the person who publishes the list of Singaporians who beat up Chinese immigrants the previous week is not in jail for publishing that, then what is he in jail for? The individual is publishing factual data, just data that the Singapore government has been trying very hard to keep out of the hands of the population of Singaporians in specific, and the world in general. > >a government that can keep the leader of an opposition political party > >in jail for years just because he opposes them is pretty corrupt. > I am not interested in politics so i didnt really know what is happening in > that case. for that, i have no comment. IOW, you don't give a damm about freedom of speech -- which is what I suspected was the case all along. You're just one of those people who says pretty words, without meaning them. > Very true. So does the First Amendment said. Singapore does have such > similar law as First Amendment which is slight "modified". You have freedom > of speech as long as your comments does not endanger religious/racist > harmony and national security. (I do not know the exact term..need a lawyer National security is a hole that makes a mockery of anything which allegedly protects freedom of speech. The slight modification in Singapore's freedom of speech law means that all speech is acceptable, so long as the writer first self-censors, and secondly doesn't offend any jerks in Singapore, and thirdly doesn't offend any jerks in the neighbouring countries, and fourthly doesn't offend the current despot in Singapore. << A statment which makes this message illegal to carry through the internet. >> Still want to claim that Singapore practices freedom of speech? Or do you want me to start citing religious, political and serious literary works of merit that are prohibited under Singapore's alleged freedom os speech statute, that bans any speech that might be controversial? xan jonathon grafolog at netcom.com However, if you're tired of the Lesser of N evils, Cthulu's export policy is that you can't escape anyway, and your puny mortal lives will be absorbed along with his morning coffee. Your encryption technology is futile against the Elder Gods, and the arcane formulas in the Cyphernomicon of that mad physicist Tim The Enchanter may summon spirits from the vasty deep, but no secrets are safe from Nyarla-S-Ahothep who knows all and sees all. Bill Stewart From tbyfield at panix.com Mon Sep 2 11:19:16 1996 From: tbyfield at panix.com (tbyfield at panix.com) Date: Tue, 3 Sep 1996 02:19:16 +0800 Subject: American Imperialism, Firing Squads, and the Vincennes Shootdown In-Reply-To: Message-ID: <199609021514.LAA12830@mail2.panix.com> Timothy C. May) wrote: > At 1:03 AM 9/2/96, Alan Horowitz wrote: > >The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone. > > > >If my memory serves, the Iranian jetliner had its squawker turned off, or > >broken. The officer in charge in the CIC had about ten seconds to decide > >if he was about to be locked-on by a missle. And no real information to > >make the decision with. > > The U.S.S. Vincennes shot down an Iranian commercial airliner that was in > its normal and well-known flight path out of Bandar Abbas. <...> > > As to the "squawker" being turned off, this is not my recollection of the > case (though it was nearly a decade ago, so memories fade...). If memory serves, the disinfo campaign following the Airbus incident put much emphasis on the plane's (allegedly) erratic, seemingly hostile behavior: it was said to be menacing a specific US ship in the convoy. It later turned out, I think, that the ship being menaced was a radar ghost fabricated by the Vincennes's AEGIS system. \t From frissell at panix.com Mon Sep 2 11:33:28 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 3 Sep 1996 02:33:28 +0800 Subject: PLEASE Nuke Singapore Back into the Stone Age Message-ID: <2.2.32.19960902151654.00abd6ac@panix.com> At 05:51 PM 9/1/96 -0700, Timothy C. May wrote: >Who says this has anything to do with "American ideology"? The Usenet is >propagated around the world. All we are saying is that honest commentary on >the corruption of Lee Kwan Yew (and his billion dollars in Australian and >European banks) will be reported on the Usenet. > >This is not "imposing American ideology" on anyone. Didn't you know that TCP/IP was an attempt by American Intelligence Agencies in concert with Britain to impose Anglo-American values (free trade in goods and bits) on the poor Mittel Europeans and the followers of Confucius in the East. These sinister British-American conspirators had done so well with their earlier releases of blue jeans, Rock and Roll, and Coca Cola. TCP/IP was designed to be the final blow to Central Europe and Asia in a culture ware that has dominated this century. Pretty sneaky those Anglo Saxons. DCF "Course if Mittel Europeans and Confucians hadn't murdered 100 million people or so in the 20th century, perhaps we could feel sorry for them." (The US-UK alliance only murdered a few million mostly via mass bombing of civilians during WWII.) From edyson at edventure.com Mon Sep 2 11:39:37 1996 From: edyson at edventure.com (Esther Dyson) Date: Tue, 3 Sep 1996 02:39:37 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi Message-ID: <19960902152515012.AAA179@Esther.edventure.com> At least you don't accuse me of being a Communist. For the record, I am not a tool of the CIA nor have they pressured me, but there's no reason for you to believe me. Esther Dyson At 08:23 PM 9/2/96 +1000, Julian Assange wrote: SNIP --- > >Examining in detail Dyson's interests it appears she maintains a >sizeable and long-standing interest in Eastern European technology >companies. She is also clearly very far to the right of the political >spectrum (rampant capitalist would be putting it mildly). She also speaks >Russian. I'm not saying she has been working for the CIA for the past >decade, but I would be very surprised if the CIA has not exerted quite >significant pressure (which they are easily able to do given the >location of many of Dyson's assets) in order to bring her into their >folds during that time period. > >-- >"Of all tyrannies a tyranny sincerely exercised for the good of its victims > may be the most oppressive. It may be better to live under robber barons > than under omnipotent moral busybodies, The robber baron's cruelty may > sometimes sleep, his cupidity may at some point be satiated; but those who > torment us for own good will torment us without end, for they do so with > the approval of their own conscience." - C.S. Lewis, _God in the Dock_ >+---------------------+--------------------+----------------------------------+ >|Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | >|proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | >|proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | >+---------------------+--------------------+----------------------------------+ > Esther Dyson Always make new mistakes! EDventure Holdings 1 (212) 924-8800 1 (212) 924-0240 fax 104 Fifth Avenue New York, NY 10011 USA www.edventure.com High-Tech Forum in Lisbon, October 27-29, 1996 PC Forum in Tucson, Arizona, March 23-26, 1997 From cmcurtin at research.megasoft.com Mon Sep 2 11:39:57 1996 From: cmcurtin at research.megasoft.com (C Matthew Curtin) Date: Tue, 3 Sep 1996 02:39:57 +0800 Subject: Terrible story on crypto in InfoWorld Message-ID: <199609021327.JAA06854@goffette.research.megasoft.com> There's a story covering crypto in this weeks' InfoWorld Electric. Since it's a members-only thing, I'll include the text here, as well as my response to it. I'm hoping that they'll take the article down and take up my offer to provide a better replacement. I suspect that the problem here is that someone was given a subject and a deadline, and told to "go for it." The requisite background for getting clued on crypto is probably significantly longer than the amount of time allowed by the deadline. I suspect that the issue was further clouded by the crypto-clued people she talked to during the research speaking directly about what they're doing, without giving any sort of analogies to make the ideas click and make sense. I hope that my illustration of the bicycle lock serves to clear up the confusion... In any event, we've all got a lot of work to do. I think we should take it upon ourselves to not only talk about crypto and why it's such a Good Thing(tm), but also to *educate* people to help them understand what in the world we're talking about. -matt ------------------------ begin silly article ------------------------- [Image] [PageOne] [Search] [Reader Service] [Ads Services] [Overview Map] [Todays News Logo] [Opinions] [Forums] [Test Center] [Calendar] [This Week In Print[Week In Review] Encryption technology can help secure private data over public carriers, but tackling its own issues is another story By Julie Bort InfoWorld Electric Think about this: Every time one of your end-users sends an electronic communication from your network, it opens the door to an attack. It is unbelievably easy for a knowledgeable hacker to exploit the failings of SMTP and other communications protocols to eavesdrop on Internet e-mail, send phony messages, or even gain access to other networked systems, security consultants say. A domain name or single IP address is the only information needed, and from there the door is wide open for other mischief. One increasingly popular way to plug this gaping hole is to encrypt e-mail and other electronic communications. Encryption is a way to encode text using complex mathematical algorithms. "When explaining encryption, I like to use the analogy of the Cap'n Crunch Super Secret Decoder Rings. These rings [distributed in Cap'n Crunch cereal boxes in the 1960s] contained a very simple algorithm. It was something like `take a letter then add 5.' So an A became an F. Simply speaking, that's all these algorithms are, mathematical formulas," explains Gary Fresen, a member of the American Bar Association's committee on digital signatures and an attorney and partner at Baker McKenzie LLP, in Chicago, one of the world's largest law firms. Although no encryption algorithm is in and of itself crack-proof, several of them are so complex that they are virtually unbreakable. Coupled with proper implementation, authentication, and secure connections, encryption solutions can add a high level of security to any company's arsenal. However, it is an area that requires a knowledgeable person to make the purchasing decision because the technology is very complex, the best product selected will add a level of administration overhead, and numerous industry consortiums are developing competing APIs. NUMEROUS USES. Is encryption security overkill? Absolutely not, say users who have already adopted it or are in the processing of adopting it. One reason is to gain some security control over public telecommunications lines used in wide area networks. "We have a good idea of our internal security, but we also use the public carriers for our worldwide WAN, such as CompuServe [Inc.'s] frame relay and British Telecom [Plc.'s] frame relay, and we [don't control] their level of security," says Richard Perlotto, corporate network security manager for VLSI Technology Inc., in Tempe, Ariz. "Even if you own most of your own equipment, with frame relay you don't own the router, the carrier does. Frequently [the carrier has] modems attached to those routers to manage the equipment remotely," Perlotto adds. Those modems can allow hackers to tap in and grab data as it is being transmitted, without ever being detected by the company's security systems. Consequently, VLSI is currently evaluating encryption boxes and other products that sit on either end of a connection, such as NetFortress from Digital Secured Networks Technology Inc. (DSN), in Englewood Cliffs, N.J. One box encodes all traffic on the fly when it's being transmitted, and the other decodes the information upon receipt. Router vendors offer similar add-ons. Besides simply letting employees sleep better at night with the knowledge that their corporate secrets are safe, encryption technology can mean that a company can operate more efficiently and cost-effectively, users say. "Right now, we drop letters into the post office, which isn't very secure when you think about it," Fresen says. "After all, anyone could look at them. Or we send a courier. But if we can secure our [Lotus Development Corp.] cc:Mail system, there's a tremendous cost savings to us compared to sending a courier to Hong Kong three times a day. And we'll be able to do things in a day that used to take a week." Fresen is currently testing Entrust 2.0 from Northern Telecom Ltd. (NorTel), in Research Triangle Park, N.C., as an encryption add-on to e-mail. GETTING KEYED IN. But before you can go out and purchase an encryption system, you need to do some serious homework. Encryption involves multiple technologies, competing protocols, and complex mathematics. You can start the learning process by understanding the two components that make up most encryption systems: the key and the certificate. The key is the algorithm or mathematical formula that encodes the message itself. It must be sent to the message recipient so the message can be decoded, hence the term key. The size of the key, measured in bits, determines how complex the algorithm is and how tough the code is to crack. The state of the art for encryption technology used exclusively within the United States is 1,024 bits. However, the maximum size key that is allowed to be exported is 40 bits. Keys come in two flavors: symmetrical, or public key model; and asymmetrical, or public key/private key model. A symmetrical key uses the same algorithm to encode and decode a message. This is the technique used by the public key encryption program Pretty Good Privacy (PGP). PGP assumes what security experts call the peer trust model. That is, the sender knows and trusts the receiver and is therefore perfectly comfortable in sending the key on its way. Herein lies the "pretty good" part of the privacy. Although the algorithm itself makes the message difficult to crack, the key exchange is only pretty good when compared with other methods. On the other hand, the great advantage to PGP is that it creates no key management overhead, which is the biggest drawback of asymmetrical keys. In the asymmetrical model, users have a public key stored somewhere that is available. Should someone want to send an encrypted message, the sender locates the public key of the recipient, encodes the message, and sends it off. The receiver then uses a private key to decode the message. The private key is different from the public key, but they are mathematically linked so that the private key is capable of decoding the message. Asymmetrical systems require no trust between the sender and the recipient. That's good. But they do create administration overhead in the form of storing and maintaining public and private keys. Public/private key exchange is the technique used by RSA Data Security Inc., which was recently sold to Security Dynamics Inc., in Bedford, Mass. RSA uses a technology that is actually an adaptation of the decade-old National Institute of Standards and Technology's peer-trust Data Encryption Standard (DES), still used in many products. DES is a method of grabbing random keys for each encryption task, rather than using the same key repeatedly. Cryptographers say that RSA solves some problems, such as the trust issue but generates others. "Say I want to send a secure message. The first thing I do is take a random key and encrypt the message with it," says Paul Kocher, an independent cryptography consultant in Menlo Park, Calif., and one of the people responsible for discovering the flaw in the security of Netscape Communication Corp.'s Netscape Navigator. "But without that key, I won't know how to decode [the message], so I take an RSA public key and encrypt the random DES key with my recipient's public key. The recipient uses a private RSA key to decrypt the DES key. If it sounds convoluted, it is. RSA is very slow and cumbersome. DES is fast and efficient, but it doesn't give you the security of the public/private key system," Kocher explains. RSA remains one of the most well-known encryption technologies, but it is not, by far, the only public/private key exchange method currently in use. For example, other vendors use a competing version called Diffie-Hellman. It is a mathematically different implementation of the asymmetrical model, and it is the method employed by DSN's NetFortress. THE REAL YOU. Using public or public and private keys is the foundation of encryption, but keys can't verify a recipient's identity. "When you're talking about sending secured messages, there are two goals you've got. One is to make sure that the information stays confidential, and the other is that it does not get tampered with," Kocher says. Enter the certificate, also called the digital signature. Certificates act like an electronic driver's license. They authenticate that the receivers and senders are who they say they are. "The issue is trust. When we owned our own 3270 cabling, we trusted it, we worried less. Now I have someone at Daytona Co. that needs access to Chrysler Corp. across multiple networks. What sort of trust do I have?" asks Bob Maskowitz, technical support specialist for Chrysler, in Detroit, and a member of the Internet Architecture Board of the Internet Engineering Task Force (IETF). "I need to authenticate that this person is allowed to update [a document]." Certificates can be created and managed by a third party, such as VeriSign Inc., in Mountain View, Calif., or they can be created and managed internally, with products such as NorTel's Entrust, which also performs encryption. Once a certificate is obtained, it becomes the user's digital signature. When digitally signing something, the recipient of the signature gets all of the information contained on the certificate, such as who the person is, the person's address, or other items chosen to be included on the certificate. The digital signature also says who granted the certificate, when it expires, and what level of verification was done. "There are three classes of certificates," explains Gina Jorasch, director of product marketing for VeriSign. "In Class 1, we check for a unique name, that the e-mail address is correct, and that the person receiving it has authority to access that e-mail account. In Class 2, we check the name, address, driver's license, social security number, and date of birth. For a Class 3 we check all of those things, plus we check against the Equifax [credit reporting bureau] database." Although certificates provide the invaluable service of authenticating users, organizations that care enough about their security to use encryption and certificates may not want to trust an outsider to handle them, according to users. "Do you think Ford [Motor Co.] or Chrysler is going to let someone else control their certificates? Then there is this issue of where did you get your certificate from? Am I going to let you query my database to get a key? No way," Maskowitz says. From a network management perspective, certificates are also an issue. Unless they are outsourced, they will add a significant amount of system management overhead to an encryption system, even with systems such as Entrust that include management features. Most certificates are set to expire in a set amount of time, such as a year. Someone will have to see that they get reissued. Someone will also have to make sure that certificates for employees who leave a company are revoked and that new employee certificates are issued. SMIME'S THE WORD. The final area of concern IS managers face is the new wave of protocols being spewed out by various industry consortiums. Numerous APIs are being created that cover all the aspects of using encryption. Although these APIs are posing as standards, in truth the two most popular APIs for the commercial sector are merely vehicles for the mass adoption of a particular company's key technology. Nevertheless, vendors of products such as e-mail packages are lining up behind them. The four big protocols being worked on are Secure Multipurpose Internet Mail Extensions (SMIME), Multipart Object Security Standard (MOSS), the next-generation version of PGP that allows asymmetrical key exchange, and Message Security Protocol, says Rik Drummond, chairman of the IETF's electronic data interchange over the Internet committee and president of The Drummond Group, a consultancy in Fort Worth, Texas, that helps corporations choose and implement networking and security systems. MOSS is the API for the Department of Defense, and it will be mandatory for anyone in the government or anyone who does business with it. But commercially, SMIME and PGP, Version 3.0, are more robust choices, Drummond says, and they offer features best-suited for the commercial sector, such as backward compatibility, and better key and certificate management capabilities. By far the biggest names in the Internet world have lined up behind SMIME, including Microsoft Corp., which intends to make Microsoft Exchange SMIME-compliant; Netscape; and Qualcomm Inc., maker of the Eudora e-mail package. That makes it a comforting set of protocols to choose because corporations that buy products with SMIME or that purchase SMIME toolkits for customer applications will know that they will be able to communicate with the vast majority of others through a de facto standard. Those using other protocols will be left talking to themselves. Still, SMIME, as it stands now, isn't a panacea. Among its problems is that "the signature is exposed outside the encryption envelope," Maskowitz says. Also, once a message is encrypted with someone else's public key, the sender of the message can't open the message to make changes, Maskowitz adds. The architects of SMIME haven't completed the APIs yet, so there is some possibility that these problems will be fixed but in all likelihood not in time to be included in the first crop of SMIME-compliant applications, due to start rolling out this fall. Even with such serious issues still up in the air, today's encryption and certification products can offer a great deal of protection, especially if the Internet or a wide area intranet is becoming a serious business tool for a particular organization, and it can't wait for a de facto standard to emerge. For those with the time to wait, the learning curve should be ascended now. Mass adoption of encryption technology is a virtual certainty. Those that ignore it will find their secrets being blabbed to the world. -------------------------------- Uses for encryption technology: * Sending sensitive data over publicly owned wide area links; * Sending sensitive data over Internet e-mail; * Electronic commerce; * Electronic data interchange over the Internet; * Order entry/order status over an intranet or the Internet; * Automated access to personnel files; * Storing sensitive data online; * Distribution, newsgroup style, of sensitive data. -------------------------------- Will the export of strong encryption be allowed? One of the problems with adopting encryption worldwide is that the federal government severely restricts its export. In fact, encryption technology is classified as munitions. Therefore, U.S. encryption vendors and corporations are forbidden from exporting and deploying versions that use more than a 40-bit key. However, companies in other countries, such as Japan, can freely sell encryption technology that uses the tougher 1,024-bit standard. The U.S. government isn't completely closing its eyes to the matter. In July, Vice President Al Gore unveiled a proposal that would create a key-escrow system allowing keys greater than 40 bits to be exported but requiring a third party to keep a copy of a key that could be used by law enforcement officials. (See U.S. considers easing encryption export laws.) And this past June, the Senate Subcommittee on Technology, Science, and Space heard a slew of testimony from encryption vendors and other experts on the problem. In fact, there are several bills pending in both houses of Congress that would relax the current export restrictions. The Security and Freedom Through Encryption Act was introduced in the House by Rep. Robert Goodlatte, R-Va. Meanwhile, The Encrypted Communications Privacy Act of 1996 was introduced in the Senate by Sen. Patrick Leahy, D-Vt., and the Promotion of Commerce On-Line in the Digital Era Act of 1996 also sits before the Senate. All three laws would relax the 40-bit restriction on keys as well as eliminate other restrictions on international use and development of encryption. Officials of U.S. corporations look forward to these changes and believe that such changes would improve their ability to compete in the international marketplace. "We're an international company, so we can't use the domestic version of Netscape [Communications Corp.'s Netscape Navigator]. And we can't trust the data using the international versions," says Richard Perlotto, corporate network security manager at VLSI Technology Inc., in Tempe, Ariz. Julie Bort is a free-lance writer based in Dillon, Colo. Please direct your comments to InfoWorld Electric News Editor Dana Gardner. [Image] To respond to this review, go to the forum. [Image] [Image] Copyright � 1996 InfoWorld Publishing Company ------------------------- end silly article -------------------------- --------------------------- begin response --------------------------- -----BEGIN PGP SIGNED MESSAGE----- This references http://www.infoworld.com/cgi-bin/displayStory.pl?960830.crypt.htm Hi, First of all, I'd like to commend InfoWorld for covering a very important topic: cryptography. There are, however, some very significant flaws in the story, which I hope will be corrected soon. As the article exists now, the information is sufficiently incorrect to be more harm than if the article didn't exist at all. Anyone using it as a guide will be only further confused. The quotes are indented two spaces, with my comments below... Although no encryption algorithm is in and of itself crack-proof, several of them are so complex that they are virtually unbreakable. Coupled with proper implementation, authentication, and secure connections, encryption solutions can add a high level of security to any company's arsenal. However, it is an area that requires a knowledgeable person to make the purchasing decision because the technology is very complex, the best product selected will add a level of administration overhead, and numerous industry consortiums are developing competing APIs. Also, there are a lot of people who simply don't know what they're doing when it comes to cryptography and security. Many products claim high degrees of security, but are hardly strong enough to keep someone's kid sister from deciphering the message. The key is the algorithm or mathematical formula that encodes the message itself. It must be sent to the message recipient so the message can be decoded, hence the term key. Bzzzt. The formula is the algorithm. The key is a piece of data (often times, a passphrase, or a relatively small file) that is fed to the algorithm along with the data to be encrypted or decrypted to produce the desired result. The idea being that if an attacker knows what algorithm someone is using, and they have the encrypted message, they'll not be able to break the message unless they can also get their hands on the key. Hence, the key needs to be sufficiently large such that it can't be easily guessed by an attacker trying keys at random (or by effectively starting at "1" and working his way up.) The size of the key, measured in bits, determines how complex the algorithm is and how tough the code is to crack. The state of the art for encryption technology used exclusively within the United States is 1,024 bits. However, the maximum size key that is allowed to be exported is 40 bits. Bzzzt. The complexity of the algorithm and key size are two different matters entirely. The level of complexity, by the way, typically increases the chance for error (in both algorithm design and implementation) more than adding any levels of security. A secure algorithm doesn't have to be complex. However, its key must be of sufficient length to be "computationally infeasable to break." Let's take the example of a bicycle combination lock. It has a chain which will secure the bicycle to a rack; we'll assume that it's some newfangled sort of chain which is resistant to bolt cutters and all of those sorts of things. The security of this lock now rests in the actual locking mechanism. It's a very simple tumbler lock, perhaps having three or four digits between 0 and 9 that collectively make up the combination. The "key" is the combination in this case. The lock is simple, but it can be difficult to break, if the length of the key is long enough. If there is only one digit, there are 10 possible (10**1) keys. An attacker can quickly guess this and have a new bicycle. However, each time a digit is added to the key, it increases the number of combinations an order of magnitude. Two digits will have 100 possible (10**2) keys, three digits will have 1000 (10**3), four will have 10,000 (10**4) possible, etc. The key size necessary to prevent breaking the solution will depend on your attacker. I mentioned the term "computationally infeasable" earlier. The term simply means that more time and money would need to be spent in breaking the key than the value of that which it locks. If a bike combination has 10**8 (100,000,000) possible combinations, and a thief can try 60 combinations per minute, it would take 165 weeks of continuous attempts to try every combination. By that time, enough lawns could be cut to buy two such bikes. Because computers are binary, we work in bases of two, instead of base 10, which the bicycle combination lock uses, but the principle is the same. Each time you add a digit, you increase the number of keys by an order of magnitude (in a binary system, that means you double it, in a base 10 system, you increase it 10 times.) The key size of your algorithm, therefore, must be large enough to prevent an attacker from having any benefit to recovering that which is encrypted. Keys come in two flavors: symmetrical, or public key model; and asymmetrical, or public key/private key model. Symmetric cryptosystems are sometimes known as "conventional." Asymmetric cryptosystems are known as "public key" ciphers. (Public key/private key *is* the public key model, and an asymmetric cipher!) Symmetric ciphers require the same key to encrypt and decrypt. If you imagine the encryption formula on the left side, and decryption on the right, you apply the same key to both sides in order to encrypt or retrieve the plaintext. Hence, the name "symmetric." Systems which use a different key to encrypt from the key to decrypt, therefore, are asymmetrical. The note about key sizes is also misleading: conventional cryptosystems require a much, much smaller key for security than do public key cryptosystems. Because the math is different, a 128 bit key on a conventional algorithm is roughly the same security as a 2304 bit asymmetric cipher key. The "state of the art" in symmetric cryptosystems is about 128 bits. In this type of system, the government does not allow export of keys greater than 40 bits. Using a 1024 bit key in a symmetric cipher would provide an insane level of security, but would also be very, very slow to use. A symmetrical key uses the same algorithm to encode and decode a message. This is the technique used by the public key encryption program Pretty Good Privacy (PGP). This is wrong, I will explain later. PGP assumes what security experts call the peer trust model. That is, the sender knows and trusts the receiver and is therefore perfectly comfortable in sending the key on its way. Herein lies the "pretty good" part of the privacy. Although the algorithm itself makes the message difficult to crack, the key exchange is only pretty good when compared with other methods. VERY WRONG! I'll explain this also later. On the other hand, the great advantage to PGP is that it creates no key management overhead, which is the biggest drawback of asymmetrical keys. Key management is the biggest problem for the keys of symmetric ciphers, not asymetric ciphers. In the asymmetrical model, users have a public key stored somewhere that is available. Should someone want to send an encrypted message, the sender locates the public key of the recipient, encodes the message, and sends it off. The receiver then uses a private key to decode the message. The private key is different from the public key, but they are mathematically linked so that the private key is capable of decoding the message. Entirely correct. Public/private key exchange is the technique used by RSA Data Security Inc., which was recently sold to Security Dynamics Inc., in Bedford, Mass. RSA uses a technology that is actually an adaptation of the decade-old National Institute of Standards and Technology's peer-trust Data Encryption Standard (DES), still used in many products. DES is a method of grabbing random keys for each encryption task, rather than using the same key repeatedly. Cryptographers say that RSA solves some problems, such as the trust issue but generates others. ACK! NO! RSA is an asymmetric cipher. DES is a symmetric cipher. That's the only difference. How keys are managed is entirely dependant on how the system is implemented. Anything can be assigned a key "at random," by allowing a user's passphrase to be the key. Now it seems like a good time to explain the way that PGP (and Netscape's encryption system) works. Asymmetric ciphers, such as RSA, are very slow. Their key management, however, is very nice and flexible, which is why we like to use them. In a system that requires flexible key management, a high level of security, as well as decent performance, both symmetric and asymmetric ciphers are used. If Alice wants to send Bob a message in such a system (like PGP), she simply composes her message, and tells her mailer to PGP-encrypt the message. PGP will find Bob's public key (either from her key ring, or from a database, perhaps, but it doesn't matter.) The message will then be encrypted with a random SYMMETRIC key (in the case of PGP, it will use the 128-bit-key IDEA cipher). That session key, then, will be encrypted using Bob's public key, and both the session key and message will be sent off (in one PGP encrypted message). Bob will see his mail from Alice, and then his PGP will decrypt the session key, and apply it to the encrypted message, yielding the plaintext: Alice's message. So, in PGP, the MESSAGE is encrypted using a random session key (which is symmetric.) The SESSION KEY, then, is encrypted using the recipient's public key. The rest of the article seems to be generally on track, but certificates and signatures have been confused. A certificate is a cryptographically secure message that states the identify of the presenter. In that way, the analogy to a driver's license is correct. A trusted third party issues the certificate. A digital signature, however, is the cryptographic equivalent of signing your name to something. For example, with PGP, I can digitally sign an email message. PGP does this by taking the message, encrypting it with my PRIVATE key, running the result of that through a secure one-way function ("hash"), and attaching the result to the bottom of the message. A user can then verify that the signature is legitimate by applying my PUBLIC key to the message, and running the result back through the hash, and comparing the two. If they match, the signature is good, if not, something is amiss. (PGP, naturally, handles all of this automatically.) Therefore, U.S. encryption vendors and corporations are forbidden from exporting and deploying versions that use more than a 40-bit key. However, companies in other countries, such as Japan, can freely sell encryption technology that uses the tougher 1,024-bit standard. The two are being confused again. See my earlier note about comparable keys. If you have further questions, please feel free to contact me. If there is interest, I would also be willing to write a series on how to choose a cryptosystem. I am very concerned about the state of cryptographic knowledge in the industry. The area is vital for successful companies' IS departments to understand, and understand well. Yet, the general level of knowledge is abysmally low. I applaud efforts by InfoWorld to increase coverage of this important topic, but I emphasize that the material presented must be correct. Many vendors are currently offering solutions they call secure. Without an understanding of how cryptography works, an IS organization is completely unable to choose between that which is good security and that which is snake oil. A "snake oil FAQ" is being drafted, but is not yet available. In the mean time, there are cryptography FAQs available from ftp://rtfm.mit.edu/pub/usenet-by-group/sci.crypt/ - -- C Matthew Curtin MEGASOFT, INC Chief Scientist I speak only for myself. Don't whine to anyone but me about anything I say. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet cmcurtin at research.megasoft.com http://research.megasoft.com/people/cmcurtin/ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Have you encrypted your data today? iQEVAwUBMireN36R34u/f3zNAQF+BQf/XD0fPYFuOQsd+u2k4zE1UpfZQKaP+SDw RUhx6R7LnD0ZK5dA+seStvsLl+cvg5tu2wMzf9bniS7taj2DHwmu8MDWYwJPnQST Iiti6XBAoFjCJYWaVghHQzVKw8vxlNC20LzyJ791PdabpUo5ztpf+AXVHGAfWaTg F3ZNYWbbyxg81uxAnKMM/Li6NOKJhcE6nNO+eHUMFLciFki+mz/mOT45fUPs0R9y 4UYLQDvcSVAt246xSufwqbrSY/4dUB3A7KjYvbqWUjYRF/40c1h3K6h69dDnOR/8 SY+AZNnZSzQZbMbHNpjlJ+E71Yz+9Ppvgl6Eeo7oqa+PNeYW0W9GMQ== =PS8M -----END PGP SIGNATURE----- ---------------------------- end response ---------------------------- -- C Matthew Curtin MEGASOFT, INC Chief Scientist I speak only for myself. Don't whine to anyone but me about anything I say. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet cmcurtin at research.megasoft.com http://research.megasoft.com/people/cmcurtin/ From jwilk at iglou.com Mon Sep 2 11:44:22 1996 From: jwilk at iglou.com (Blake Wehlage) Date: Tue, 3 Sep 1996 02:44:22 +0800 Subject: free speech online Message-ID: At 02:47 AM 9/2/96 EDT, patrick b cummings wrote: >I agree that their should be free speech on the net. Someone should >start a petition and get as many people to sign it as possible. > Patrick.... i have a deal for ya.... you don't write this list for a week? or at least keep the spams to a minimum. Post the hacker requests to a hacker-mailing list (what a concept). Have a nice day! ========================================== Blake Wehlage World's Youngest Cypherpunk 2400bps is the net's old people drivers From whgiii at amaranth.com Mon Sep 2 11:44:25 1996 From: whgiii at amaranth.com (William H. Geiger III) Date: Tue, 3 Sep 1996 02:44:25 +0800 Subject: Cypherpunk Mailboxes? Message-ID: <199609021534.KAA26279@mailhub.amaranth.com> -----BEGIN PGP SIGNED MESSAGE----- Hi, I have a thought for addressing the anon. problem. We could create a network of anonymous remailers with mailboxes. All messages in the mailboxes are stored encrypted. No information about the users are keep. Users would be be given x K of mailbox space. We could use PGP keys for encrypting the messages. Each user would have his own key pair for his anonymous mailbox. Any plain text messages received to the server would be encrypted on recept. Let the government's subpoena away. :) "Sorry we don't have user addresses, no I can't decrypt those messages Senator." What do you think? - -- - ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Merlin Beta Test Site - WarpServer SMP Test Site Author of PGPMR2 - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii at amaranth.com for PGP Key and other info - ----------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMisGh49Co1n+aLhhAQHvAgP/aLktPSyoj3Ps7OnJ2LXlSIJJQq+B3GiA TlGFJ/DZVF9Ai9rKMzjgmTiukLY/+Hf58vrw7QjJA7wp/fcGOZoYNnMt0mW09wsp biUtXnMkX86sW2abtazy6U3f+DR15lGi9S2F0dvZERmFCdUX5Yi5geoa31Zezght Sj/0sFT+AUk= =7tw/ -----END PGP SIGNATURE----- From pjb at 23kgroup.com Mon Sep 2 11:48:41 1996 From: pjb at 23kgroup.com (Paul J. Bell) Date: Tue, 3 Sep 1996 02:48:41 +0800 Subject: Moscowchannel.com hack Message-ID: <9609021545.AA15755@23kgroup.com> FWIW, not even root can unmount a file system that is busy. -paul > From cypherpunks-errors at toad.com Sun Sep 1 18:17:12 1996 > Subject: Re: Moscowchannel.com hack > To: snow at smoke.suba.com (snow) > Date: Sun, 1 Sep 1996 10:09:32 -0500 (CDT) > Cc: joelm at eskimo.com, Cypherpunks at toad.com > Reply-To: ichudov at algebra.com (Igor Chudov) > From: ichudov at algebra.com (Igor Chudov @ home) > X-No-Archive: yes > Organization: Bool Sheet Software > X-Mailer: ELM [version 2.4 PL24 ME7] > Content-Type> : > text> > Sender: owner-cypherpunks at toad.com > Content-Length: 689 > > snow wrote: > > > > On Sat, 31 Aug 1996, Joel McNamara wrote: > > > > > Not really crypto, but related to the DOJ hack in a way. > > > > > > Moscow Channel is a pretty slick, Russian news/commentary page. Their Web > > > site was hacked and altered by someone who didn't seem to like Russians all > > > Just a matter of time before some builds a dedicated Satan type tool that > > > scans for HTTP server holes or messed up file permissions to make locating > > > potential victims easy. > > Write your web site to a CD-ROM and hard-code the base directory into the > > webserver. > > A hacker who has root can forcibly unmount the cdrom and mount another > directory on that node. Not a good solution. > > - Igor. > From ichudov at algebra.com Mon Sep 2 11:56:30 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Tue, 3 Sep 1996 02:56:30 +0800 Subject: Moscowchannel.com hack In-Reply-To: <9609021545.AA15755@23kgroup.com> Message-ID: <199609021606.LAA06211@manifold.algebra.com> Paul J. Bell wrote: > > FWIW, not even root can unmount a file system that is busy. > > -paul Well, root can kill all processes that use the mounted directory. igor > > > From cypherpunks-errors at toad.com Sun Sep 1 18:17:12 1996 > > Subject: Re: Moscowchannel.com hack > > To: snow at smoke.suba.com (snow) > > Date: Sun, 1 Sep 1996 10:09:32 -0500 (CDT) > > Cc: joelm at eskimo.com, Cypherpunks at toad.com > > Reply-To: ichudov at algebra.com (Igor Chudov) > > From: ichudov at algebra.com (Igor Chudov @ home) > > X-No-Archive: yes > > Organization: Bool Sheet Software > > X-Mailer: ELM [version 2.4 PL24 ME7] > > Content-Type> : > text> > > Sender: owner-cypherpunks at toad.com > > Content-Length: 689 > > > > snow wrote: > > > > > > On Sat, 31 Aug 1996, Joel McNamara wrote: > > > > > > > Not really crypto, but related to the DOJ hack in a way. > > > > > > > > Moscow Channel is a pretty slick, Russian news/commentary page. Their Web > > > > site was hacked and altered by someone who didn't seem to like Russians all > > > > Just a matter of time before some builds a dedicated Satan type tool that > > > > scans for HTTP server holes or messed up file permissions to make locating > > > > potential victims easy. > > > Write your web site to a CD-ROM and hard-code the base directory into the > > > webserver. > > > > A hacker who has root can forcibly unmount the cdrom and mount another > > directory on that node. Not a good solution. > > > > - Igor. > > > - Igor. From mycroft at actrix.gen.nz Mon Sep 2 12:00:17 1996 From: mycroft at actrix.gen.nz (Paul Foley) Date: Tue, 3 Sep 1996 03:00:17 +0800 Subject: Free Speech and List Topics In-Reply-To: <199609020517.WAA06504@netcom.netcom.com> Message-ID: <199609021414.CAA29655@mycroft.actrix.gen.nz> qut at netcom.com (Dave Harman OBC) wrote: How about supporting the effort for comp.cypherpunks ? God forbid. Isn't there enough off-topic noise on the list for you? I'd be glad to email you a bunch of "MAKE MONEY FA$T" and "Want XXX pictures in your mailbox?" messages every day, if not. About the need for limits for anonymity, guess what brought that on? Crime? Yes! The crime of the media monopoly violating the anti-trust acts, because people are ignorant enough to trust the mass media for their news. huh? -- Paul Foley --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- Without freedom of choice there is no creativity. -- Kirk, "The return of the Archons", stardate 3157.4 From declan at eff.org Mon Sep 2 12:39:48 1996 From: declan at eff.org (Declan McCullagh) Date: Tue, 3 Sep 1996 03:39:48 +0800 Subject: Bob Dole on Drugs In-Reply-To: <199609011633.LAA30982@manifold.algebra.com> Message-ID: The Post also noted -- and this was buried inside in a short article -- that Clinton had stepped up his attacks on drugs during his acceptance speech, which I intentionally missed. -Declan On Sun, 1 Sep 1996 ichudov at algebra.com wrote: > http://allpolitics.com/news/9608/31/radio.addresses/ > > ... snip ... > > Dole, who returned to Washington for Labor Day > weekend, also pledged to use the White House as a > bully pulpit to promote the "moral message" > against drugs and to criticize what he called the > entertainment industry's glamorization of drug use. > > On Sunday, he is to address the convention of the > National Guard Association of the United States > during which he's expected to propose that the > military be enlisted to assist in a renewed war on > drugs. > // declan at eff.org // I do not represent the EFF // declan at well.com // From eitland at blue.weeg.uiowa.edu Mon Sep 2 12:44:14 1996 From: eitland at blue.weeg.uiowa.edu (Brett Eitland) Date: Tue, 3 Sep 1996 03:44:14 +0800 Subject: desubscribe Message-ID: <322B2CF6.ECD@blue.weeg.uiowa.edu> desubscribe From ccarper at microsoft.com Mon Sep 2 12:49:58 1996 From: ccarper at microsoft.com (Christopher Carper) Date: Tue, 3 Sep 1996 03:49:58 +0800 Subject: desubscribe Message-ID: desubscribe From tcmay at got.net Mon Sep 2 12:51:40 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Sep 1996 03:51:40 +0800 Subject: Sharp Knives Message-ID: At 1:38 PM 9/2/96, Dave Harman OBC wrote: >In California, it's a felony to merely *own* a Ninja star. It's a >felony to carry a *concealed* knife, but carrying it openly in a >holster is legal. It's a felony for most people to carry a >concealed loaded handgun on the street only on a *second* offense. >It'a a felony to merely *own* a switchblade, brass knuckles, etc. >Do our weapons laws sound strange? Are many of our weapons laws >stricter than countries like Sweden? Yes! Most laws about knives, dirks, daggers, brass knuckles, saps, etc. were devised to control the coloreds, who could not afford the weapons of choice of whites and other gentlemen. Hence, a colored who gets picked up on some charge, or detained, can be jailed on a felony charge for having a pocketknife, or a sap, or brass knucks. Coloreds from Asia can be jailed for having the martial arts sorts of weapons. A white gets a misdemeanor charge for carrying a gun. (This analysis is not original with me. The gun magazines have noted the racist origins of misdemeanor/felony dichotomies for many years. One article I read a few years ago traced the precise times at which these laws came into being...mostly the times in various states corresponded with periods of high immigration of coloreds to major cities.) Here in California there's a bill pending in the legislature which would decriminalize the carrying of a pocketknife that can be opened with one hand (a la the Spyderco, Benchmade, Buck, Cold Steel, etc., knives with thumb holes or studs). Even though such knives are openly sold in every sporting goods store I have ever been in, and are carrried by a truly large fraction of the population, such knives are currently classified as "switchblades" and can be prosecuted as a felony. A good way to selectively harasss someone. Interestingly, it was the District Attorneys lobbying group in California which made the difference: they argued that such laws are unenforceable or are selectively enforced. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From aba at dcs.ex.ac.uk Mon Sep 2 13:03:46 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Tue, 3 Sep 1996 04:03:46 +0800 Subject: strengthening remailer protocols In-Reply-To: <9608231805.AA01523@clare.risley.aeat.co.uk> Message-ID: <199609011430.PAA00133@server.test.net> Peter Allan writes on cpunks: > [re-encrypting as a mechanism to prevent an attacker in a spamming > attack reconizing his own messages] The attack Peter is hoping to frustrate is as follows: target message being sent from Alice to Bob through remailer R. The attacker in an active `spam' attack floods remailer R so that he will recognize the target message and it's destination. Another approach to making the transmitted message unrecognizable to it's owner would be to finish the implementation of D-H key exchange in mixmaster. (The version I am looking at (2.0.3) does not have the D-H key exchange and direct socket communication implemented, rather it delivers mail by sendmail, I believe). As a bonus this provides forward secrecy, so that not even a supeonaed remailer operator would be able to reconstruct the destination. You can still do a spamming attack by recognizing the destination, rather than the message: Eve forwards enough messages to remailer R to flush the target message. Each of Eves messages is headed to a known (to Eve) address. Say the remailer R has a buffer of 10 messages, if Eve sends 9 messages, 3 to each of remailers R2, R3, and R4. Eve can then determine the destination of the target message: the remailer which gets 4 messages is the destination remailer. (Here my knowledge of mixmasters workings are wearing thin, but I believe it does these things, or provides facilities so that the operators/users can make sure these things happen). The way that this kind of attack is frustrated is that dummy messages are created as cover traffic by the remailer, and that at some points messages can be swallowed by a remailer as junk messages. Sufficient junk cover traffic would ensure that even with a spamming attack the destination would not be known immediately because the attacker can distinguish the target message from the junk. Ultimately a good way to foil this attack in general is to have each remailer send a fixed amount of mail to each other remailer in cycles. No traffic analysis if all remailers get equal traffic. The only entry point for analysis then is the entry and exit points. The active spam attack then would be to block, or delay all entry points into the remailer net, apart from the target message. The only messages in the network would then be the spam traffic, and the target message. When the target message leaves the net, the Eve knows the destination. To hinder this attack, the remailers could generate and mail to previous users junk mail. Over a long time, statistical attacks could perhaps be built on a pair of users who communicated frequently. The ultimate solution to this is for the users also to receive fixed amounts of junk each day. Starting to sound like similar overheads to a DC net, huh? Peters other suggestions of adding random diversions sound like reasonable ways to add another form of cover traffic, and should help make life harder for the attacker, Adam -- #!/bin/perl -sp0777i At 6:29 AM 9/2/96, Bill Stewart wrote: >While Tim's article title was clearly intended to be provocative, Indeed, I write many things to be _provocative_. Not to be insulting, but to challenge orthodoxies. And when I hear mealy-mouthed platitudes along the lines of "foreigners do not understand the special needs of our nation, and do not understand why Benevolent Father Yew channels our thoughts in more productive directions," I have to call a spade a spade. (quoting James Seng) >>In addition, you need to see the method of censorship deployed in >>Singapore. For press media like papers and magazine, it is done in a >>passive manner. They _do not_ read every issue of every magazine available >>in Singapore. They only do so when there is enough complains. > >This also means you don't know what is safe to print and what isn't. >You have to restrict yourself very strongly, because otherwise >some politically influential person will complain to the government, >and you go to jail. At least if the government tells you what >the rules are, you know it's safe to say things that don't violate them. Yes, what James Seng calls a "passive manner" is often worse than censorship in a direct manner. Psychologists would mention "random reinforcement" at this point. When there is _direct_ censorship, with clearly defined rules, publishers will skate as close to the edge of the envelope as they can, and even test the limits. When there is _passive_ or _vague_ censorship, with rules not carefully spelled out but with the possibility of prosecution and jail time always looming, then publishers and others will rein themselves in, taking the cautious route. This is, of course, often the result desired, that people invoke "the policeman inside" (to use the Burroughs term). This is really the essence of a "terror state." The rules are not known, the fear of a knock on the door is omnipresent, and the Beloved Ruler may dispatch his enforcers on a whim. >>ps: Sorry for the off-topic discussion. > >It's not off-topic. Building tools to prevent censorship is >distinctly on-topic for cypherpunks, and an occasional digression into >whether it's a good idea is worthwhile. Exactly. A discussion of routing-around Censorpore's policies is at least as on-topic as the 17th discussion of some snake oil cipher. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From banisar at epic.org Mon Sep 2 13:14:51 1996 From: banisar at epic.org (Dave Banisar) Date: Tue, 3 Sep 1996 04:14:51 +0800 Subject: National ID Card Web Pages Message-ID: EXTENSIVE NATIONAL ID CARD WEB SITE IS NOW ON LINE The London-based human rights watchdog Privacy International (PI) has just opened an extensive web page on National ID cards. The initiative comes in the wake of pending efforts in the United States, Canada and United Kingdom to implement national ID card systems. The page contains a 7,000 word FAQ (Frequently Asked Questions) on all aspects of ID cards and their implications. Also included in the PI documents is a paper describing successful campaigns opposing to ID cards in Australia and other countries. The page also has links to numerous other sites and documents. PI Director Simon Davies said he hoped the page would help promote debate about the cards, "ID cards are often introduced without serious discussion or consultation. The implications are profound, and countries planning to introduce them should proceed with caution." "The existence of a card challenges important precepts of individual rights and privacy. At a symbolic and a functional level, ID cards are often an unnecessary and potentially dangerous white elephant. They are promoted by way of fear-mongering and false patriotism, and are implemented with scant regard for serious investigation of the consequences." he said. The URL is : http://www.privacy.org/pi/activities/idcard/ PI has also set up an auto response function for the FAQ document. Its address is: idcardfaq at mail.privacy.org Privacy International is an international human rights group concerned with privacy and surveillance issues. It is based in London, UK. For further information contact the Privacy International Washington Office at +1.202.544.9240 or email pi at privacy.org. PI's web page is available at: http://www.privacy.org/pi/ _________________________________________________________________________ Subject: National ID Card Web Pages _________________________________________________________________________ David Banisar (Banisar at privacy.org) * 202-544-9240 (tel) Privacy International Washington Office * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * HTTP://www.privacy.org/pi/ Washington, DC 20003 From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 2 13:14:52 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Tue, 3 Sep 1996 04:14:52 +0800 Subject: Modem tax again? Message-ID: <01I9075ZGV3O9JDI20@mbcl.rutgers.edu> As I recall, the alleged "subsidy" consists of lack of payments so rural areas can have subsidized phone service - thus making their costs borne by everyone else. -Allen > _________________________________________________________________ > Avis > _________________________________________________________________ > INTERNET IS HURTING PHONE NETWORKS, STUDY SAYS > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 San Francisco Examiner > SAN FRANCISCO (Aug 27, 1996 3:11 p.m. EDT) -- Hoping to reduce or end > a subsidy that has kept down the cost of on-line service, local phone > companies here have presented the Federal Communications Commission > with studies arguing that Internet users are overtaxing phone networks > and ought to pay more for monthly service. > The studies, one of which was published on the Internet, argue that a > 13-year-old subsidy lets Internet service providers (ISPs) pay a > fraction of what a long distance company pays to get a phone line, > even though Internet calls may use more phone system capacity than > voice traffic. [...] > For their part, ISPs are alarmed at the remote possibility that the > FCC might let phone companies raise their monthly costs from the > current monthly average of $30 to anything approaching the $600 that > some long distance carriers pay for a phone line. > "If we had to pay anything like long distance access charges, it would > put all the ISPs out of business," said Ronald Plesser, the > Washington, D.C., attorney who represents the Commercial Internet > Exchange, an ISP trade group. > FCC staff attorney Kevin Werbach said the subsidy began in 1983, when > the five-member federal commission created a special rate to encourage > the growth of on-line services, voicemail companies and other emerging > industries that offered enhanced electronic services over phone lines. > In 1987, the FCC considered ending the subsidy but backed down after > public protest over what came to be characterized as the "modem tax." > Given the growth in on-line usage, ISPs assume any talk of ending the > subsidy would create a bigger backlash today. > "There are a minimum of 20 million and perhaps as many as 40 million > on-line and Internet users and many of them are registered voters," > said William Schrader, president of PSI Net, an ISP in Herndon, Va. > Schrader said when he visited several FCC members recently, he > suggested that many of those users would be happy to send a letter of > protest to FCC Chairman Reed Hundt. [...] > Copyright © 1996 Nando.net From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 2 13:16:26 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Tue, 3 Sep 1996 04:16:26 +0800 Subject: More child pornography nonsense Message-ID: <01I906YVP1M89JDI20@mbcl.rutgers.edu> > webslingerZ > _________________________________________________________________ > POLICE SEARCH INTERNET FOR CHILD SEX ABUSERS > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 Reuter Information Service > STOCKHOLM, Sweden (Aug 31, 1996 00:11 a.m. EDT) - Police across Europe > widened their net Friday to track down a pedophile network which is > spreading increasingly to the hard-to-detect Internet, while at an > international conference, Southeast Asia was cast as a major > destination for child sex tourists. > At the World Congress Against Commercial Sexual Exploitation of > Children, which has attracted over 1,000 delegates to Stockholm from > 130 countries, campaigners outlined measures to crack down on > pedophiles' use of the Internet. > Norway's ombudsman for children, Trond Waage, said to date there was > very little action that could be taken to stop the distribution of > child pornography on the Internet. > But he said the establishment last week of an international body to > monitor child pornography on the net, a task taken on by the Norwegian > branch of Save the Children, was firm action against pedophiles using > the net. > "This is a kind of a cybercop," Waage told reporters. > "We need some visible cops on the net. If you undertake these kinds of > criminal activities someone will monitor you." > Save the Children will try to monitor any child pornography on the > Internet and is encouraging other net surfers to pass on information > that will be handed to the police. Want to bet how fast they'll be mail-bombed? Cops on the net are _not_ popular, no matter what they're doing. This fact is especially true when there's no actual harm taking place (unlike, say, spamming) - the harm has _already_ taken place by the time the material is on the Internet. Should we ban films with violence because they _might_ be snuff films? -Allen From qut at netcom.com Mon Sep 2 13:16:35 1996 From: qut at netcom.com (Dave Harman OBC) Date: Tue, 3 Sep 1996 04:16:35 +0800 Subject: Free Speech and List Topics In-Reply-To: Message-ID: <199609021759.KAA00489@netcom21.netcom.com> ! At 5:17 AM 9/2/96, qut wrote: ! ! >About the need for limits for anonymity, guess what brought that on? ! >Crime? Yes! The crime of the media monopoly violating the anti-trust ! >acts, because people are ignorant enough to trust the mass media for ! >their news. I just mean to throw the media's lies right back at them. If crypto anonymity is considered to lend itself to crime, no doubt by the same logic, mass media collusion lends itself to crime. And American mass media collusion IS a crime, crypto anonymity is not. It's been a hundred years since it became illegal to violate the Sherman Anti-Trust Act. ! No self-respecting Cypherpunk thinks the Antitrust Act and related acts are ! worthy of enforcement. ! ! (Think of how the technology we support will tend to allow new avenues for ! price collusion, interlocking directorates, new forms of business combines, ! unreadable secure communications with foreign competitors, and so on, all ! things the Antitrust regulators are already growing worried about.) And should! No doubt the media is colluding for criminal purposes and shady outfits like The New York Times should be seized and analysed by Department Of Justice anti-trust invesigators. From tcmay at got.net Mon Sep 2 13:19:45 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Sep 1996 04:19:45 +0800 Subject: The Earliest CP Remailer *DID* Emphasize Anonymity Message-ID: At 7:22 AM 9/2/96, Bill Stewart wrote: >>From what I know of remailer history, the main original goal >of the cypherpunks-style remailer was to provide >security against traffic analysis by eavesdroppers, rather than to >prevent the recipient from knowing the sender's address, though >everybody pretty quickly realized that the latter was an interesting >feature, especially coupled with posting to Usenet. No, the focus was at _least_ as much on providing anonymity as on protection from eavesdroppers or traffic analysts. More so, actually. How do I know this? Well, I was the one who did the presentation on Chaumian mixes at the first meeting, describing them as remailers and using paper envelopes-within-envelopes to illustrate the concept. Later that day, in the "Crytpo Anarchy Game" we played to educate the attendees, remailers were used to post anonymous offers of goods and services, to make contact in message pools, and to generally implement a crypto-anarchic, distributed system. (With some obvious flaws, stalls, and other weirdnesses.) Still, it embodied most of what we see today (and a lot more that we still haven't managed to implement). The next afternoon, Hugh Daniel, Eric Hughes, and I went out for some bagels and talked about what had been learned. Either Hugh or Eric had the idea of coding up the remailer in C or Perl. As it turned out, Eric was the one to do it, a few weekends later, using Perl (which he learned enough of on Saturday to then do on Sunday). The first remailer was put for use and immediately began to be used for anonymous postings. And all of the early uses were explicitly to anonymize the sender, not to deter eavesdropping (which conventional crypto works well for, anyway). The Kleinpaste-style remailer was in a nascent stage, and Julf was running one on his site. But we all knew the longterm advantages of chained remailers, and, of course, even the very first Hughes remailer supported arbitrary chaining. And we also knew of the central defect of the Kleinpaste-style anonymizer, that law enforcement would seek the records through subpoena. As it turned out, penet lasted longer than I for one thought it would. PGP encryption was added soon after to the Hughes-style remailer, by Hal Finney, as I recall. Later developments, by Matt Ghio, Lance Cottrell, etc., added to the capabilities. So, the anonymizing and arbitrary chaining (which is for protection against collusion of the remailers and subpoenas of logs) features were there from the start. Even before the start, as the "Crypto Anarchy Game" had them. (I've been clear that it was Eric Hughes who coded the first Perl version, but I feel I have to make my own role clear. There are some critics of me here on this list who have claimed "Tim has never done a thing for Cypherpunks except talk." Well, besides organizing the first meeting with Eric, and giving the morning talk on the topics mentioned, and demonstrating the role of mixes and digital cash, and writing articles on many topics, and setting up BlackNet (which actually works, and is not just an idea), and on and on, I'm satisfied with my contributions. Your mileage may vary.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From qut at netcom.com Mon Sep 2 13:23:58 1996 From: qut at netcom.com (Dave Harman OBC) Date: Tue, 3 Sep 1996 04:23:58 +0800 Subject: Sharp Knives In-Reply-To: <199609021720.MAA06616@manifold.algebra.com> Message-ID: <199609021809.LAA01872@netcom21.netcom.com> ! How do these Ninja stars work anyway? ! ! I've heard about them, but do not know much. I don't know either, they're as illegal to own as it is to rip off a car! From markm at voicenet.com Mon Sep 2 13:28:55 1996 From: markm at voicenet.com (Mark M.) Date: Tue, 3 Sep 1996 04:28:55 +0800 Subject: Cypherpunk Mailboxes? In-Reply-To: <199609021534.KAA26279@mailhub.amaranth.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 2 Sep 1996, William H. Geiger III wrote: > Hi, > > I have a thought for addressing the anon. problem. > > We could create a network of anonymous remailers with mailboxes. All > messages in the mailboxes are stored encrypted. No information about the > users are keep. Users would be be given x K of mailbox space. > > We could use PGP keys for encrypting the messages. Each user would have his > own key pair for his anonymous mailbox. Any plain text messages received to > the server would be encrypted on recept. > > Let the government's subpoena away. :) > > "Sorry we don't have user addresses, no I can't decrypt those messages > Senator." > > What do you think? The only problem is there has to be someway for users to retrieve their mail. The current nym server approach is to use an encrypted reply block to send a user new mail. This way the nym server doesn't know who the user is. If users have to actively retrieve their mail, then the feds could install a packet sniffer on the remailers net link to find out the real email address of an anonymous user. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMiscESzIPc7jvyFpAQGQ8ggAoHoGwwLI/8WI3XEBvA/Yo/lOPu1bQGYZ +m/jYzZjlF/YcS54J+H+L+xRo9WcOJkm7LLetTRZM3N/vG71M01vLcoOnfciRjFz AhLj2V5DGEcyQE0GMBXOxgxKvnzMVkFJh6ZWFalIM0DedncdX541W3j+almPb7Yr YyT+On5mqbPd0U5rJgv2CfE5CFlAE7XyO0KteH5aONK3f6TxzGH4cGG8wSZaBiu4 jP55nTl8VdtMH7MBDqOFkAH7IOboDZzjDglbuFHFk/nhtKfYIzg4c/ck5VCZ1vs8 xIqaPIMzpQF/smfKS2upyhZB1fb3G101lUJmjoVkEATQhwMzLBhY1Q== =QbyB -----END PGP SIGNATURE----- From amehta at giasdl01.vsnl.net.in Mon Sep 2 13:41:35 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Tue, 3 Sep 1996 04:41:35 +0800 Subject: Encourage Singapore To Come Out Of the Stone Age Message-ID: <1.5.4.32.19960902174515.0032f9cc@giasdl01.vsnl.net.in> At 19:13 02/09/96 +1000, James Seng wrote: > > What i am saying is that Asian (Singapore) >values are _DIFFERENT_ from western (America) values. [i know i am generalising] > >When you look at the laws and regulation. You cannot just look at what you >think is best. You have to look at other things. Culture, social and >economical structure, religion and history. In every aspect, Singapore (or >most Asian for that matter) are different. Thus, you cannot judge a >Singapore government action based on your social background. I've been reading some of the postings on singapura.singnet.com.sg: quite a few people in Singapore are pissed off that they have to go through the proxy. So, not everyone in Singapore thinks as differently from those of us who oppose your government's action as you would have us imagine. Look, if the government had said, "those who wish to avoid smut on the Net, go through this proxy, but those who do not wish our guidance can do as they please," we would not be having this discussion. What we have a problem with is the government trying to *force* on everyone its own judgement on what is appropriate. People like you in Singapore are responsible, thinking adults. Surely you can make the choice yourself on whether you wish to accept government guidance in this or not? > >Sad to say, Singapore government does have a lot of power. But i am glad >what you mention isnt happening in Singapore. I havent heard of any serious >corruption cases or people accepting bribes etc. Nor does the people here >feel a suppressed nor are there general disatifaction. I think you are too >influenced with the persepection from 1984. *8) In 1975, Indira Gandhi imposed a totalitarian regime in India. The newspapers only carried news about how happy everyone was with the controls. Lulled into complacency, Mrs. Gandhi called elections, partly to make everyone shut up. What happened? She was soundly defeated. Moynihan, a former US ambassador to India, remarked, "Politicians rarely like what they read about themselves in a free press, but it can save their skin." Or words to that effect. Maybe, just maybe, there is far more corruption in Singapore than you think, but that you have no way of finding out without a free press? Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From ponder at freenet.tlh.fl.us Mon Sep 2 13:53:50 1996 From: ponder at freenet.tlh.fl.us (P. J. Ponder) Date: Tue, 3 Sep 1996 04:53:50 +0800 Subject: new-thinking mailing list tidbit; Singapore slings Message-ID: keywords: thought police; mind control; Stone Age; cluelessness; Island nation; why are remailers bad? the mailing list 'new-thinking' has an interesting piece in the current issue, speaking of on-line communities of interest. the archive is at: ******************************************************************** For a hyperlinked version of this piece, please go to: http://www.nua.ie/NewThinking/Archives/newthinking011/index.html For New thinking archives, please go to: http://www.nua.ie/NewThinking/Archives/index.html ******************************************************************** +++++ sounds like the Singapore brainwashing is working pretty well if their educated people are opposed to even a discussion of whether free speech is a good thing or not. Yikes. It isn't a cultural thing, pinhead. Get life, government goon. Free speech is the right to say things others - even a _majority_ or even the government - may find unpopular. And you can tell your fascist dictator I said so. -- P.J. Ponder OBCrypto: for a keyed-SHA signature system, is there an advantage to pre-pending the keystring as opposed to appending it? I think I read something about this in one of Hugo Kracyk's (sp) papers about a keyed-MD5 system, but now I can't find it. If I recall correctly, he explained why it was better to put the key part in the beginning, instead of the end.... Thanks for any help. [Anti-Dyson and anti-EFF rant left off for now. waiting for more responses from EFF et al. Was nice to get a reply from Esther Dyson. Didn't change my mind about anonymity being a good thing, though. It will be interesting to see what Julf gets back from his survey of why people are opposed or in favor of anonymity.] [See the web page listed in the press release from penet.] I looked at the FTP, Inc. software site referenced here a few days ago for the email package that integrates PGP. Pretty hefty package to ftp over a 28.8 dialup. The write-up on the web page looked good - I'll ftp it at the office over the T1 if I can and see what it does. I assume it blows up after the 30 days (or whatever the trial period is)? From amehta at giasdl01.vsnl.net.in Mon Sep 2 14:00:15 1996 From: amehta at giasdl01.vsnl.net.in (Arun Mehta) Date: Tue, 3 Sep 1996 05:00:15 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age Message-ID: <1.5.4.32.19960902174507.0032cf14@giasdl01.vsnl.net.in> At 15:18 01/09/96 -0700, Rishab Aiyer Ghosh wrote: >Arun Mehta wrote: >> and India will be too: the law here holds the ISPs responsible >> for ensuring that nothing objectionable and obscene is carried by >> them, and what simpler way to comply than to > >FWIW: "There is no need to licence content providers; Internet >service providers are not responsible for illegal content." R K >Takkar, Indian Telecom Secretary (at the time of interview) What Mr. Takkar says isn't law, plus he's gone. The law clearly holds ISPs responsible for content: when it suits the government it will pull it out. Doesn't even have to be the government: some headline-seeking opposition politician could take the government to task because the government-run ISPs aren't complying with the law. And please don't get lulled into complacency by a stupid law that isn't being enforced: in 1975, Indira Gandhi pulled out a host of them to *legally* impose dictatorship. >> Ideally, I should be able to >> send via pgp and anonymous remailer a request for a page, which would soon >> come beamed down unencrypted via satellite. No more waiting hours >> for the latest version of Netscape to download > >(!) you'll only have to wait hours for your anonymous-remailer-web-to-e-mail >gateway, EVERY time you want a page. every time I want a BANNED page -- I'd say it's worth it. In the process of accessing it, I also show it to everyone in Asia, thus giving the banned stuff much more publicity than it otherwise would get on the net. >governments will >eventually see sense and stop censorship, if they're interested in >making their countries rich. Singapore in every other field of work >has shown its interest in deregulation; I would expect them to do so >on the Net as well, when it becomes clear that there's rather more to >it than porn and subversion. Governments everywhere (see Declan's long list) seem to think they can separate out the porn and subversion from the "rather more". Just as in the German case, where the Zundel-site was mirrored so that Germans could access it, external measures to help Singaporeans access what they like would certainly help their government "see sense." >In the meanwhile, there's not much point >trying to "help" them, apart from providing moral support. Guess I'll risk being accused of indulging in cliches when I cite the famous Niemoeller quote once more which begins, " First they came for the communists, and I did not speak out, for I was not one"... and ends "And then they came for me. There was no one left to say anything..." Freedom is won and lost in inches, and you have to fight every single inch they try to take away. Arun Mehta Phone +91-11-6841172, 6849103 amehta at cpsr.org http://www.cerfnet.com/~amehta/ finger amehta at cerfnet.com for public key From qut at netcom.com Mon Sep 2 14:05:40 1996 From: qut at netcom.com (Dave Harman OBC) Date: Tue, 3 Sep 1996 05:05:40 +0800 Subject: Silenced Machine Guns Are Safer Than TWA Message-ID: <199609021837.LAA05216@netcom21.netcom.com> tcmay at got.net (Skippy) wrote: ! At 4:33 AM 9/2/96, qut at netcom.com (Net God) wrote: ! ! >Contrary to popular fiction, ALL firearms have been permanently ! >registered since the 1968 Gun Control Act. The media monopoly lies when ! >they say the contrary. ! ! Nope. Gun sales between individuals without any paperwork were fully legal ! in some places until recently (and may still be fully legal...I can only ! speak of California). So? I was talking about NEW sales of firearms from license holders. Let's consider improving the future rather than preserving the past, shall we? ! >From 1974 until a couple of years ago, I bought and sold a dozen or more ! rifles, handguns, and even Evil Assault Weapons, mostly through fully legal ! gun shows. I even sold a .357 Smith to some guy, made a joke about how ! great these gun shows were and how great it was to be able to just take ! cash and hand over a gun without any paperwork...the guy laughed and said ! he was a San Jose cop. I felt nervous for a few seconds, but quickly ! realized there was no law *I* was breaking, so I laughed too. ! ! Most of these guns I kept no records on, nor did any laws say I had to. ! ! (A few years ago it became necessary for even private citizen-units to ! obtain the proper firearms transfer papers from the gubment. I wanted to ! sell a laser-equipped Heckler & Koch SP-89 without creating a paper trail ! (as I'd not had one when I acquired the piece a few years earlier), so a ! friend of mine used his friendly neighborhood libertarian FFL dealer, who ! has a policy that the stack of transfer forms he is required to keep on ! file will mysteriously burn up if the Feds ever seek out his records. (Who ! knows if he'll abide by this policy, but the point is that there are ! literally tens of thousands of these "kitchen table FFL dealers," and no ! computerized filing of records. This is one reason I quit the NRA: they are ! advocating the "instant check." Such an instant check would mean massive ! computerization of all files, and of course cross-referencing to files on ! citizens. This would be much worse than the "paper chaos" of stacks of ! firearms paperwork sitting in dusty filing cabinets. I'll take a 10-day ! ineffectual waiting period to a Big Brother database of all purchasers.) So you'ld prefer the security of obscurity? I'd prefer to have much more government protected rights, openly. Do you belive the civil courts have a role in protecting people's rights? If so, then "government protected rights." ! >BTW, I muse that the issue of guns, drugs and censorship make an ! >excellent litmus test for libertarians: either you support the ! >legalization of, all of, or your a fake. ! ! I'm not sure what the "legalization of censorship" would mean, though I ! support the right of anyone to screen out what they choose not to read or ! view. And I support the right of companies to decide what materials to buy, ! have viewed by employees, etc. (So if the "Valley Lesbigays" want to show a ! tape at Hewlett-Packard, H-P can just say "Nope--we're not interested.) ! ! I fully support legalization of all drugs, all guns, and am unalterably ! opposed to any form of government censorship. I meant the good side of the censorship issue! But I also support enforcement of the anti-trust laws, so some would view the court enforced break up of illegal collusion of the media to crush competition as "government censorship." From qut at netcom.com Mon Sep 2 14:27:35 1996 From: qut at netcom.com (Dave Harman OBC) Date: Tue, 3 Sep 1996 05:27:35 +0800 Subject: Sharp Knives In-Reply-To: Message-ID: <199609021911.MAA08644@netcom21.netcom.com> ! At 1:38 PM 9/2/96, Dave Harman OBC wrote: ! ! >In California, it's a felony to merely *own* a Ninja star. It's a ! >felony to carry a *concealed* knife, but carrying it openly in a ! >holster is legal. It's a felony for most people to carry a ! >concealed loaded handgun on the street only on a *second* offense. ! >It'a a felony to merely *own* a switchblade, brass knuckles, etc. ! >Do our weapons laws sound strange? Are many of our weapons laws ! >stricter than countries like Sweden? Yes! ! ! Most laws about knives, dirks, daggers, brass knuckles, saps, etc. were ! devised to control the coloreds, who could not afford the weapons of choice ! of whites and other gentlemen. ! ! Hence, a colored who gets picked up on some charge, or detained, can be ! jailed on a felony charge for having a pocketknife, or a sap, or brass ! knucks. Coloreds from Asia can be jailed for having the martial arts sorts ! of weapons. ! ! A white gets a misdemeanor charge for carrying a gun. Of course, whites never commit other crimes, are never on the proscribed categories, and people of colour never carry guns or are never free of being classified as being in the proscribed categories. You sound like Skippy making fun of the McClatchy newspapers. ! (This analysis is not original with me. The gun magazines have noted the ! racist origins of misdemeanor/felony dichotomies for many years. One ! article I read a few years ago traced the precise times at which these laws ! came into being...mostly the times in various states corresponded with ! periods of high immigration of coloreds to major cities.) ! ! Here in California there's a bill pending in the legislature which would ! decriminalize the carrying of a pocketknife that can be opened with one ! hand (a la the Spyderco, Benchmade, Buck, Cold Steel, etc., knives with ! thumb holes or studs). Even though such knives are openly sold in every ! sporting goods store I have ever been in, and are carrried by a truly large ! fraction of the population, such knives are currently classified as ! "switchblades" and can be prosecuted as a felony. A good way to selectively What? Are you talking about lockbacks? An actual switchblade is a felony to *possess* in California. ! harasss someone. Interestingly, it was the District Attorneys lobbying I'm familiar with the anti-racist pandering of the gun rights majority. The weapons mentioned above were banned later this century in California, ostensibly to protect minors. There has always been cheap firearms available to poor people in America, I'm not aware that only coloured people can be poor! It's been a step by step process to take away rights, it's been entirely irrelevent what the laws were supposedly for. It is not believable that all whites are rich or that poor whites in prison are treated with greater respect than rich people of colour or poor people of colour. There's been *both* racist and anti-racist elements to the progress of unjust laws, the original intent of the law itself is forgotten if the current law only respects people of capital. From nobody at replay.com Mon Sep 2 14:39:03 1996 From: nobody at replay.com (Anonymous) Date: Tue, 3 Sep 1996 05:39:03 +0800 Subject: Too few nymservers Message-ID: <199609021918.VAA21564@basement.replay.com> On Sun 1 Sep 1996 Dave Harman OBC wrote : [snip] > There has to be more crypto anonymizing aliasing remailers and with > easier interfaces. Closing the Kleinpaste derived server will help > put the pressure of demand to start better remailer systems. > There's not enough capacity and reliability with the servers extant. > There should be thousands of full featured remailers. Exactly. Sometimes *all* the nymservers are down at the same time. From cmcurtin at research.megasoft.com Mon Sep 2 14:53:48 1996 From: cmcurtin at research.megasoft.com (C Matthew Curtin) Date: Tue, 3 Sep 1996 05:53:48 +0800 Subject: Pseudocrypto detector is going wild (was: Re: ALPHACIPHER - An unbreakable encryption program.) In-Reply-To: <01bb94a6.44902540$8adc9dcc@survival> Message-ID: <864tlgivwo.fsf@goffette.research.megasoft.com> The following message is a courtesy copy of an article that has been posted as well. -----BEGIN PGP SIGNED MESSAGE----- "Alex Walker" writes: > The strongest encryption system available to the public will be available > soon at: > http://www.aa.net/cyber-survival-hq > > ALPHACIPHER has been in the making for the past ten years, and has come > into its own > with the proliferation of Internet communications. > > A demo of this program along with a FAQ can be downloaded from > cyber-survival-hq 1SEP. This is an unbreakable program... Here we go again. I just got done surfing the site above. Assuming that all statements regarding the unbreakability of the cipher, the lack of applicability of the question regarding its key size, etc., are at least based on some degree of truth, "alphacipher" is a one-time pad. Given that anything else is not really "unbreakable," if it's not a one-time pad, the claims about its security are bogus. But let's assume that it is. In exchange for the great security of one-time pads, users of such must be willing to tolerate their drawbacks, and there are some significant ones. 1 The unbreakability of the one-time pad is completely thrown out the window if the key is not _truly_ random. A software based pseudorandom number generator simply won't cut it; even the best PRNGs will have some degree of predicability. It is possible that these random keys are truly random (given point 2, below), but I find this to be unlikely, since the overview boasts that the keys are generated by a "proprietary random key set generator." Now, we're getting into *another* issue, and that is of the wisdom (or, more correctly, lack thereof) in using proprietary algorithms. Not only does this fail to ensure any higher level of security when compared to that of a well-known algorithm, but actually increases the liklihood that an error has gone undiscovered, since fewer experts have had the opportunity scrutinize it. 2 The pool (or "pad") of random bits from which the keys are generated must be distributed ahead of time. Given this requirement, the "random bit pad" must be distributed with the program itself. In fact, the two "comm key disks" seem to be just this. A third "vault key" disk, used for local online storage, seems to be another random bit pad. 3 Keys must stay perfectly in sync. A single bit-shift either way, and you're hosed. Given that there is a finite number of bits in the pad (as there must be, since they need to be precalculated and distributed with the program), that they all must stay perfectly in sync, and that the program appears to be marketed for widespread (albeit low-bandwidth) use, there must be some mechanism by which the encrypting program can tell the decrypting program how far along in the bit pad to advance before using them for the key. Otherwise, if I send a message to Alice, then I send one to Bob, Bob is going to use a different starting point in the pad for the key assembly than I did to create the message, unless he also received a copy of what I sent Alice, and every person before that. Giving an indication of the byte offset to use for decryption seems the only workable solution to this problem. 4 The keysize must be exactly equal to the size of the plaintext to be encrypted. 5 Bits from the pad that are used for key generation must never be used again. Ever. Since there are only two "comm key" disks, which must be the same for every distribution, you can get probably get somewhere between two and 10 million "random" bits on the disks, depending on whether you're using compression, and if so, what compression algorithm you're using. Let's assume that you've got 10 million bits on there. Since the encryption of one bit exhausts one bit from the pad, I can exhaust the entire supply by sending someone a 10MB mail message. Or two five MB mail messages, or 10 one MB messages. In any case, it doesn't take long. And as soon as I'm out, if I start over again at the beginning, I'm blowing the security, since I'm reusing keys. 6 Anyone with access to the key pad can decrypt a message sent to anyone else, as long as they know the proper bit offset. Because of what I've described in item 3, it seems likely that I'll know that ahead of time. Hence, the security of the "alphacipher" encrypted messages decreases with each additional user that "alphacipher" gains. So, it seems to me that I can break *any* message that anyone encrypts with "alphacipher" by getting a copy of the comm key disks, figure out how "alphacipher" calculates where in the pad to begin generating the key, and apply the appropriate key to the encrypted message. Perhaps a bit of additional obfuscation is occuring somewhere in there, but the basic premise is that because of what it's trying to do, this has to be a very poor implementation of a one-time pad, and therefore completely vulnerable to passive attack. (This is using the "comm key"; the "vault key" has much more potential, since it can be unique for every user, but it can still be exhausted very quickly, and therefore have a successful cryptanalysis made of that data, using other means: a larger amount of data will be necessary to reconstruct the bit pad before any messages can be broken, but once again, after it's constructed, anything encrypted using that bit pad can be broken. And, since it seems unlikely that we're dealing with REAL random numbers here, this probably isn't nearly as tough as it ought to be.) I have absolutely no knowledge of "alphacipher" beyond what is contained in the original posting I saw on alt.security which pointed me to the web page (http://www.aa.net/cyber-survival-hq/Alpha1.htm) but it seems that I've made a decent (albeit trivial) analysis of its weakness, and at least given serious raise to your ability to make such claims about its security. If I'm wrong, please show me how so. If not, please do us all a favor and quit with the advertising claims. (All I need now is someone to threaten to sue me, and I'll maintain my record of having lawsuit threats made against me every time I criticize something that claims to be "strong crypto.") - -- C Matthew Curtin MEGASOFT, INC Chief Scientist I speak only for myself. Don't whine to anyone but me about anything I say. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet cmcurtin at research.megasoft.com http://research.megasoft.com/people/cmcurtin/ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Have you encrypted your data today? iQEVAwUBMisu2X6R34u/f3zNAQFKSgf/T/cB0X33sDGHoiqVfbXZcW9VEFBcbtVA bTjFLEKrh89pEeZ8VR7FsZRkbC5C7ceuy1aoTAK+RLdaOBZN8AkOTWXvo139gVW/ 9P+gv8eitZlhWzSnXfpURp45m737wjRfgsP7drgWZr3AdGCu3XOipIyy3tcJrcGY fPBpBZXvAfdmxX5B3CiRgLFOdhVxzhyO7Cv019ybRTCYjZncPEyyXIYMzrCJkyBi QbZzcsvgwTq+vD0Cw9/REVqxH6Av3tzJacLLgo33hO1cvti9910FcTSCIdnmR+E+ Pse2Gm0nx8Ochcfw2ZmEVtJI7hXkLbOXMq7i/i++jtMSeMVrIsfXUg== =ZbJf -----END PGP SIGNATURE----- From jamesd at echeque.com Mon Sep 2 15:30:16 1996 From: jamesd at echeque.com (James A. Donald) Date: Tue, 3 Sep 1996 06:30:16 +0800 Subject: Encourage Singapore To Come Out Of the Stone Age Message-ID: <199609021945.MAA05327@dns2.noc.best.net> At 07:13 PM 9/2/96 +1000, James Seng wrote: > What i am saying is that Asian (Singapore) > values are _DIFFERENT_ from western (America) values. One of the classic Greek rationalizations for slavery was that Asians are slaves by nature. It would seem that you are saying that they were right. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From unicorn at schloss.li Mon Sep 2 15:47:56 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 3 Sep 1996 06:47:56 +0800 Subject: Sharp knives In-Reply-To: Message-ID: On Mon, 2 Sep 1996, Asgaard wrote: > "James A. Donald" , writes: > >I heard on talk.politics.guns somebody say that in Sweden they > >had banned knives with a sharp point at the end, and were going > >to ban sharp knives altogether. I think he was just engaging in > >hyperbole, that he really meant that gun control in Sweden was > >unreasonably strict, but on reflection I am not sure. > > There is a law in Sweden, some 5 years old, against carrying > 'dangerous devices' (hunting knives, Ninja stars etc) in 'public > places' (unless you are a carpenter, electrician or some such > going about your business). It's okay to carry a knife when > going fishing/hunting or sitting on your terrace carving totem poles. > It's only a misdemeanour and might be punished with a fine, > but usually the cops just use the law to disarmour street gangs > on the spot. The effects of the law are dubious. Knives have come > into fashion among teenagers after this legislation (but not as > a consequence of it, I think). This mirrors D.C.'s concealed weapon law. A screwdriver is a weapon if you are carrying it for that purpose (i.e. if the cop thinks he wants to arrest you) but a tool if you are carrying it for that purpose (i.e., if you are wearing an expensive suit and look non-ethnic). > > Asgaard > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 2 15:49:22 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Tue, 3 Sep 1996 06:49:22 +0800 Subject: Scoring Politicians on Digital Liberty Issues (Re: Net Politics) Message-ID: <01I90CVK55W89JDDSI@mbcl.rutgers.edu> I would suggest that support for "parental empowerment" and for any sort of mandated rating system (e.g., PICS with a requirement to rate pages for parental censorship use) be a down-rating. -Allen From perry at piermont.com Mon Sep 2 15:54:56 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 3 Sep 1996 06:54:56 +0800 Subject: desubscribe In-Reply-To: Message-ID: <199609022045.QAA21135@jekyll.piermont.com> Christopher Carper writes: > desubscribe Never. From gnu at toad.com Mon Sep 2 15:56:10 1996 From: gnu at toad.com (John Gilmore) Date: Tue, 3 Sep 1996 06:56:10 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: <19960901220323595.AAA208@Esther.edventure.com> Message-ID: <199609022031.NAA28702@toad.com> > >>Is this _really_ the EFF policy on anonymopus remailers?? EFF does not have an agreed-upon position on anonymity (or anonymopusity). Each of us speaks as individuals on the topic. Several EFF board members have experienced problems around anonymity. On the Well, there was an experiment in anonymity which ended poorly. I wasn't there so it's hard to critique it in hindsight. But it certainly convinced ex-EFF-board-member Stewart Brand of the dangers of anonymity. Personally I'm in favor of anonymity. I've researched the Supreme Court cases that support it, and spoken on panels in favor of it. I frequently point out that postal mail and telephones are anonymous, and the world has not disintegrated. Part of what started the cypherpunks in the first place was the anonymous remailer game, in which some players tried to figure out who was passing notes to who, while the others tried to conduct transactions anonymously under their noses. I was arrested at an airport a few weeks ago, and kept in custody for 2-1/2 hours, for refusing to identify myself (and failing to turn on my laptop on command!). If the ACLU is interested, I'd love to make a test case out of it. I think in America we have -- and should work to keep -- the right to travel within our borders without identifying ourselves or producing any kind of government "papers". But I sure can tell you I got mad when someone "anonymously" punctured the tires of the car I was driving, for many weeks in a row. The hardest part was that I had no way to figure out WHY they were doing it -- there was no way to communicate with them. (Perhaps I should've painted a message on the tires...) If you think the problem with anonymity is restricted to physical damage, think again; there are ways to do non-physical damage. "Outing" people who have secrets is one way; confronting people with ideas that they are unprepared to deal with is another. Not to mention theft of intellectual property, fraud, and other economic damage, that anonymity makes it harder to deter or punish. Like free speech and democracy, anonymity comes with its drawbacks; it's just better than the alternatives. Personally I think each person should have the right to choose how much to identify themselves and how much to be anonymous, in each situation. Without losing their civil rights (like the right to travel, or to speak or publish). John Gilmore PS: I would counsel against the kind of false anonymity provided by the Finnish server, though. Providing information under the promise that it will "never be revealed or misused" is a lot more dangerous than never providing it at all. E.g. "Anonymous cash" that is really based on dossiers or account-numbers isn't anonymous at all. Even physical cash is getting easier to trace; the British government has been tracking money by serial numbers for years, with custom machines in the banks, to de-anonymize Irish freedom-fighters (oops, I mean terrorists). Anonymity is another area, like privacy, where changes from technology can make big social differences. From unicorn at schloss.li Mon Sep 2 15:59:38 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 3 Sep 1996 06:59:38 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: <19960902152515012.AAA179@Esther.edventure.com> Message-ID: On Mon, 2 Sep 1996, Esther Dyson wrote: > At least you don't accuse me of being a Communist. Without commenting on the question of intelligence agencies, far left and far right on this issue are fairly non-distinct. > Esther Dyson Always make new mistakes! > EDventure Holdings > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From tcmay at got.net Mon Sep 2 16:02:59 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Sep 1996 07:02:59 +0800 Subject: Silenced Machine Guns Are Safer Than TWA Message-ID: At 6:37 PM 9/2/96, Dave Harman OBC wrote: >tcmay at got.net (Skippy) wrote: > >! At 4:33 AM 9/2/96, qut at netcom.com (Net God) wrote: >! >! >Contrary to popular fiction, ALL firearms have been permanently >! >registered since the 1968 Gun Control Act. The media monopoly lies when >! >they say the contrary. >! >! Nope. Gun sales between individuals without any paperwork were fully legal >! in some places until recently (and may still be fully legal...I can only >! speak of California). > >So? I was talking about NEW sales of firearms from license holders. Let's >consider improving the future rather than preserving the past, shall >we? My apologies! I assumed when you wrote "since the 1968 Gun Control Act" you meant since the 1968 Gun Control Act. I did not realize that you translate "since the 1968 Gun Control Act" into "NEW sales of of firearms." Sorry. I'll consult my qut-dictionary more often. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 2 16:16:20 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Tue, 3 Sep 1996 07:16:20 +0800 Subject: Whistleblowing on the Internet Message-ID: <01I90C52IMZ49JDDSI@mbcl.rutgers.edu> There's also the point that some whistleblowing isn't exactly what some political groups would want to occur. For instance, opponents to unions such as myself aren't going to want a whistleblower to be able conveniently to report their exclusion from a job due to union membership. -Allen From: IN%"adam at homeport.org" "Adam Shostack" 27-AUG-1996 02:41:17.66 To: IN%"geoff at digidem.com" CC: IN%"cypherpunks at toad.com" Subj: RE: Whistleblowing on the Internet Geoffrey Gussis wrote: | Overall, I am quite surprised that there isn't a whistleblowing | clearinghouse on the Internet; a site sponsored by a non-profit that lists | email addresses and secure forms for sending anonymized email to those | areas of the public and private sector that deal with whistleblowing. As | the Internet is a great medium for information dissemination, and offers | significant privacy advantages, I really expected to find much more. Such a clearinghouse is what we call a fat target; something likely to attract attention since wiretapping it could be very useful to an organization that worried about having a whistleblower. As such, the correct attitude towords whistleblowing is to use an anonymous remailer, and send to interested parties. That's how the AT&T deal that sunk the des phones and made clipper a household word was publicized; a member of the list(?) interested party sent a number of interesting documents through remailers to cypherpunks. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From deviant at pooh-corner.com Mon Sep 2 16:16:56 1996 From: deviant at pooh-corner.com (The Deviant) Date: Tue, 3 Sep 1996 07:16:56 +0800 Subject: Cypherpunk Mailboxes? In-Reply-To: Message-ID: On Mon, 2 Sep 1996, Mark M. wrote: > Date: Mon, 2 Sep 1996 13:41:04 -0400 (EDT) > From: "Mark M." > Reply-To: cypherpunks at toad.com > To: cypherpunks at toad.com > Subject: Re: Cypherpunk Mailboxes? > > On Mon, 2 Sep 1996, William H. Geiger III wrote: > > > Hi, > > > > I have a thought for addressing the anon. problem. > > > > We could create a network of anonymous remailers with mailboxes. All > > messages in the mailboxes are stored encrypted. No information about the > > users are keep. Users would be be given x K of mailbox space. > > > > We could use PGP keys for encrypting the messages. Each user would have his > > own key pair for his anonymous mailbox. Any plain text messages received to > > the server would be encrypted on recept. > > > > Let the government's subpoena away. :) > > > > "Sorry we don't have user addresses, no I can't decrypt those messages > > Senator." > > > > What do you think? > > The only problem is there has to be someway for users to retrieve their mail. > The current nym server approach is to use an encrypted reply block to send a > user new mail. This way the nym server doesn't know who the user is. If users > have to actively retrieve their mail, then the feds could install a packet > sniffer on the remailers net link to find out the real email address of an > anonymous user. > > -- Mark > > PGP encrypted mail prefered. > Key fingerprint = d61734f2800486ae6f79bfeb70f95348 > http://www.voicenet.com/~markm/ Hrmm.. perhaps there's a better way... such as having the user and the mail server negoiae a key (i don't really know the details of diffie-hellman or he like, so tell me if this isn't feasable), and have the encryption/decypion routines strip addresses, so that the person is only identifiable by their key... anybody see what i'm saying? --Deviant All extremists should be taken out and shot. From tim at ora.com Mon Sep 2 16:17:36 1996 From: tim at ora.com (Tim O'Reilly) Date: Tue, 3 Sep 1996 07:17:36 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: Message-ID: <199609022105.OAA03983@isla.west.ora.com> John, Your statements seem like a position I could sign up to as an official EFF position... -- Tim O'Reilly @ O'Reilly & Associates, Inc. Publishers of Nutshell Handbooks 103 Morris Street, Sebastopol, CA 95472 707-829-0515 ext 266, Fax 707-829-0104, tim at ora.com Check out http://www.ora.com, http://website.ora.com, http://www.songline.com From hallam at ai.mit.edu Mon Sep 2 16:21:33 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Tue, 3 Sep 1996 07:21:33 +0800 Subject: SCO giving free licenses to UNIX OpenServer In-Reply-To: <5025qi$k65@life.ai.mit.edu> Message-ID: <322B4E8E.41C6@ai.mit.edu> Eric Murray wrote: > > Scottauge at aol.com writes: > > Read, Understand, and Delight... Microsoft maybe in trouble at last. > > I doubt it. People don't use Microsoft products because > of their quality or functionality. Errmm.. hate to disappoint but SCO UNIX started life as Xenix which was written by Microsoft in the dark ages. > > This is for single user home based UNIX systems. > > Single-user UNIX isn't all that useful. Multi-user ain't much better. Listen to the guys who built it. UNIX is a program development environment. In the early years it was interesting because there was source available, that ceased to be the case years ago. Today Linux probably represents the future of the UNIX familly, it allows people who want to hack at the OS level access to the sources of a fully functioning OS. This allows people to add in new kernel features, schedulers and other exotica without having to write a whole new O/S. Just don't confuse it with "home computing", this is geek computing and you better have a lot of interest in computing to use it. Home computing is the market for users who need a system thats simpler than a VCR or they can't use it. At one time that meant Apple, today it means Microsoft, it will never mean Linux - not unless someone can make Linux much much simpler than it is at present and provide decent WISIWIG tools such as editors etc. designed for use by aunt Ethel. Phill From nobody at cypherpunks.ca Mon Sep 2 16:44:09 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Tue, 3 Sep 1996 07:44:09 +0800 Subject: strengthening remailer protocols In-Reply-To: <9608231805.AA01523@clare.risley.aeat.co.uk> Message-ID: <199609022125.OAA17259@abraham.cs.berkeley.edu> I don't really see the use of this complicated scheme. The main problem seems to be that if M floods remailer R with messages to B, and A sends a message to C through R, then it will be clear to M that A's message was destined for C. Rather than divert messages, then, I propose that for each input message there is a 10% chance that a piece of cover traffic is generated. Thus, if M sends 50 messages through R and sees 6 outgoing messages going to remailers C, D, and D, he will now know which messages correspond to the message that A send through. From mix-admin at nym.alias.net Mon Sep 2 18:06:48 1996 From: mix-admin at nym.alias.net (lcs Remailer Administrator) Date: Tue, 3 Sep 1996 09:06:48 +0800 Subject: Too few nymservers In-Reply-To: <199609021918.VAA21564@basement.replay.com> Message-ID: <199609022157.RAA01689@anon.lcs.mit.edu> > [snip] > > There has to be more crypto anonymizing aliasing remailers and with > > easier interfaces. Closing the Kleinpaste derived server will help > > put the pressure of demand to start better remailer systems. > > There's not enough capacity and reliability with the servers extant. > > There should be thousands of full featured remailers. > > Exactly. Sometimes *all* the nymservers are down at the same time. Well, I just designed a nymserver that's probably more complicated and difficult to use than any previous one. From this experience, I have concluded that if you want to design a remailer with real security (as opposed to a penet-style server), it just won't be easy to use that remailer manually. Even alpha.c2.org was kind of a pain to use manually. I therefore think in the long run it's better to bite the bullet, write as secure a nym server as possible, and expect that people will use special client software to use the remailer. Incidentally, if anyone else wants to run another nym.alias.net-style remailer, the code is available and I'd be glad to help anyone set things up if that person is serious about running a nymserver. From paul at fatmans.demon.co.uk Mon Sep 2 18:11:51 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Tue, 3 Sep 1996 09:11:51 +0800 Subject: New cryptography www site Message-ID: <841692280.5131.0@fatmans.demon.co.uk> Hi all, Just announcing my cryptography www site, it`s very new so the content isn`t all there yet but it`s worth a look, email me and tell me what you think, also if anyone has any research papers on cryptography in ASCII, doc etc.. formats could they email them to me for putting on the pages... the URL is Http://www.fatmans.demon.co.uk/crypt/index.htm Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From spg at dds.nl Mon Sep 2 18:28:28 1996 From: spg at dds.nl (SPG) Date: Tue, 3 Sep 1996 09:28:28 +0800 Subject: FWD: Another try to kill democracy Message-ID: <322B5766.60F8C2BB@dds.nl> Hi Y'all, I just got wind that the German government is planning to force german ISP's to shut off access to my ISP, XS4ALL, because the german magazine 'Radikal' has a web page on xs4all. This magazine is a radical left wing magazine of the type that in the netherlands is 13 in a dozen, and in germany (obviously) labelled 'terrorist'. The issue here is not my political beliefs (quite distant from radical I can assure you) but the fact that the german government does NOT see fit to extradite nazi war criminals, to fire Judges, DA's and other powerfull officials who were member of the nazi party during WW2, or to take steps towards closing access to US neo-nazi sites, but DOES deem it necessary to shut off an entire server because of a (in the netherlands perfectly legal) left wing magazine. Not so much is changed after all I guess. As student history I can name several people also labelled 'terrorist' before by a government, who were not. 'Terrorist' is the name opressive and undemocratic Junta's use for their opposition. Please considder mirroring or linking to this site. THIS IS A MATTER OF PRINCIPLE!! It has litle to do with the actual content of the page (wich is quite harmless) URL: http://www.xs4all.nl/~tank/radikal/index.htm or contact tank at xs4all.nl REMEMBER! NEXT OPINION LABELLED 'UNWANTED' BY A GOVERNMENT, MAY BE YOURS!! Greetz. DD. -- --__+==[ NOTE!! This e-mail adress is read by several different people, due to the fact that it is in use as mailing adress for our editorial staff (TRIBE MAGAZINE), If your message is of a personal nature, and is not to be reposted or used in our magazine , please state so. NOTE: we maintain the right to ignore this, if it has news value. ]==+--__ From jimbell at pacifier.com Mon Sep 2 18:31:01 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 3 Sep 1996 09:31:01 +0800 Subject: "Bit Tax" article in EET Message-ID: <199609022015.NAA09677@mail.pacifier.com> August 26, 1996, Electronics Engineering Times, Page 4 "Europe wary of bit tax" By Peter Clarke Maastrict, Netherlands Since it surfaced in a report prepared for the European Commission earlier this year (see April 29, page 1) the idea of a "bit tax" on data communications has received a mixed response in Europe. Feedback has ranged from calls for adoption and implementation from within the Belgian government, to a qualified rejection by one vice president of the European Commission (EC), to disjust and disbelief amonst individual Interenet users, particularly in Italy. The bit tax idea, only a very minor part of an interim report, has received a great deal of publicity from private individuals, who seem to be the most upset, fearing state interference as an attempt to tax freedom of speech. Luc Soete, director of the Maastrict Economics Research Institute on Innovation and Technology, has been heavily flamed via e-mail since the report's publication. As chairman of the so-called High Level Experts Group (HLEG) which authorited the report, it was he who included just one clause in about 100 pages of text, calling for an investigation of the taxing of data transmission over networks, and particularly over the internet. [JB: I can't resist adding a comment here. One of the most threatening aspects of this "bit tax" idea (even far more important than the value of the money paid) is the fact that it would make all ISP's and Internet users automatically subject to "tax evasion" charges which would just be a smokescreen for content investigation, and would automatically "justify" wiretaps where content-based investigation would be impossible. It is very likely that threatening an ISP with such charges would cause him to become more cooperative, and the difficulty in calculating and verifying the accuracy of the taxes paid would make everyone an inadvertent criminal, which would give the government enormous leverage it wouldn't otherwise have. The way I see it, anyone who values freedom who would otherwise support a bit-tax-type proposal should run into a brick wall with this problem, and join the opposition to it right here.] Speaking at a conference on telecommuting, the Belgian Minister for Telecommunications, Elio Di Ruppo, came out as a supporter of the bit tax. But the Flemish government, which is responsible for half of Belgium, claims a bit tax would undermine its efforts in promoting information technology within its territory. The report was prepared for DG-V, the department of the EC responsible for social affairs, but Martin Bangemann, the EC vice president who heads up DG-XIII and is responsible for information technology and telecommunications, has expressed concern over the impact of a bit tax. Issues include economic growth and roll out of next-generation information and communications technologies and how a bit tax could be implemented. The EC's official position on the bit tax is that it has no position. "This is only an interim report at the moment," said a spokesman for the DG-V. "The bit tax idea may not even be present in the final report." Not Possible? "The big problem is that it's a nice idea, but implementation may not be possible at the European level," the spokesman continued. It may have to be set at the world level. At the moment, we are waiting for the final report." Officials responses to the interim report, from government and industry bodies, have been generally favorable but often don't mention the bit tax, Soete said. "The bit tax responses have been much more individual. It just goes to show that people don't read reports, but they do read newspapers." Soete continued: "E-mail responses have been very offensive, very negative." Reluctant to give examples, Soete admitted that many e-mail messages had attacked him personally but that the gist was "keep your hands off the Internet." Those responses, as well as more cogent arguments put forward, have prompted Soete to publish a second paper, titled: "The bit tax: the case for further research." In this, Soete has recast the bit tax as a replacement for the value-added tax (VAT) on information-technology goods and services, rather than as an additional tax. "There was an issue of double taxation there, which it is hard to justify," he said. VAT is a European-wide system of taxation on consumption roughly equivalent to the US sales-tax system: It is typically set at 17.5 percent of the untaxed value. Soete argued that VAT is heavily based on ideas of material inputs at different states through a chain of manufacture and is not well-suited to "intangible" services. He pointed out that a telephone call is currently priced and taxed in relation to the distance and time. Instead, Soete proposes the bit or byte--rather than the second--as the fundamental unit of measure. Taxation on that basis might save small-scale users money while increasing the tax burden on large-scale users. "This is a new system of communications, and the assumption that we should be able to use it without any taxation is ridiculous," Soete said. As planned, the HLEG will rewrite its report in light of responses and further research by the end of 1996 before submitting it to DG-V, which is then expected to call for some of the particular recommendations to be investigated in 1997. [end of article] Jim Bell jimbell at pacifier.com From um at c2.org Mon Sep 2 18:31:22 1996 From: um at c2.org (Ulf Moeller) Date: Tue, 3 Sep 1996 09:31:22 +0800 Subject: EFF chairwoman: Anonymity proven not to be a positive factor Message-ID: >From a Scientology magazine: Esther Dyson, member of the board of directors of the Electronic Frontier Foundation and member of the National Information Infrastructure Advisory Council, spoke on the anonymity issue at the fifth Computers, Freedom & Privacy (CFP) conference in San Francisco. [...] "I have a concern about the spread of bad behavior on the Net," said Dyson. "Anonymity figures into this, and I feel that it has proven to not be a positive factor. It breaks down the community which we are seeking to build, and cout protection and privacy laws already exist and should be applied in a broad way, such that they are transparent to new wrinkles in the technology. It is not necessary to view the world of the Net as different from the rest of the world." http://www.anonymizer.com:8080/http://www.theta.com/goodman/hijack.htm [For EFF's former position on anonymity, see http://ftp.sterling.com:80/COAST/doc/law+ethics/EFF-Anonymity] From molnard1 at nevada.edu Mon Sep 2 18:47:26 1996 From: molnard1 at nevada.edu (DAVID A MOLNAR) Date: Tue, 3 Sep 1996 09:47:26 +0800 Subject: Question re: MD5/other key-crunching methods Message-ID: On the plane back home, I had the pleasure of being treated to a screening of "Sgt. Bilko". Not a bad movie overall, but had a nice throwaway crypto line. It got me to thinking, though... Is it possible to make generalizations about the MD5 hashes of classes of input values? That is, can one say that "no input values of length greater than 512 bits will..." or 'all input values starting with the value 3 have a tendency to..." with any degree of probability? I know hash functions strive to evenly distribute values over their range, but I wonder if it might sometimes be possible to predict the hash of a value without computing it. Why? Well, it's mainly in regards to the way MD5 and other hash functions are used in mapping pass phrases to actual key values for a cipher. Suppose I have a situation in which I feel comfortable in making certain generalizations about the passphrase. Perhaps it's all lowercase, perhaps all alphanumeric, has five hyphens, whatever. Information which may allow one to restrict the passphrase to a certain range. In a system where the passphrase is the encryption key, that range of key values can be doled out and searched sequentially. Since they are likely to be one or several contiguous blocks, one may simply distribute the task of searching each one to willing machines everywhere. The efforts with respect to RC4-40 in the previous year prove that much. If I can rule out even 10% of all possible keyvalues, I've saved a good deal of time. What if one is dealing with a passphrase key-crunched w/MD5, though? The obvious way to go about it is to compute the MD5 hash for each and every value in the given range, then test that set of keys. This is an extra step, and adds a measure of extra time to the whole operation. Sure, one may abstract it away by claiming it's trivial compared to the problem of searching an exponetially large keyspace, but that seems something of a cop-out. Perhaps it's a silly question, but is it possible to identify a set of hashes which correspond to a set of domain values w/o performing the hash itself? I'm aware that it's not possible to reverse a one-way hash like MD5 (wish we could...what a compression ratio!), and I know "good" hash functions strive for properties which would make this exceedingly difficult. However, has anyone looked at the question? Is it worth considering? Thanks. -David Molnar From unicorn at schloss.li Mon Sep 2 18:53:07 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 3 Sep 1996 09:53:07 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609022132.OAA16572@eff.org> Message-ID: On Mon, 2 Sep 1996, Stanton McCandlish wrote: > > > What is or is not your personal or EFF's official position is meaningless. > > > It is clear that the personal beliefs of those involved in EFF are > > > those of compromise, present day politics, and a general lack of moral > > > fiber. > > But that's not clear at all, since none of you have access to internal > discussion on this or any other topic here. Esther's position is one of > guarded caution. Our former board member David Johnson's was one of > almost complete anti-anonymity (a fact that probably had a lot to do with > his leaving the board), while other board and staff members are 100% > pro-anonymity, and yet others are middleground or entirely silent on the > topic. Why am I any more mistaken for pointing out that a single influential member of EFF's staff or board is anti-anonymity and yet remains with the organization than you are for pointing out that a single influential member who happened to be anti-anonymity has left? If my position, as you represent, is misguided, surely your point about Mr. Johnson is equally so. If the board is almost 100% pro-anonymity, where's the official position? In so far as an organization is much defined by those involved, I think it entirely right to wonder aloud about the personal motives of the staff and board. I think this PARTICULARLY prudent given EFF's reputation and prior conduct. I would be most happy to be proven wrong and see EFF suddenly, in a burst of impressive moral fiber, speak out publically and take some political action to assure anonymous communication. > > Things simply are not as black and white as they might seem. > Well, let's have a clear official position issued then to end all dispute. > > I agree with you whole-heartedly. I am stunned by the EFF's position on > > this matter and they no longer have my support. Here are some more > > of Dyson's statements on this subject. > > You've not been reading very carefully. There is no "EFF's position on > this matter". There is just Esther Dyson's position on this matter, > and quoted out of context. Maybe there should be an EFF position on the matter. What is EFF doing if not supporting anonyminity? I'm hardly going to support an organization that proports to be pro-internet freedom and yet has no official position on anonyminity. Of course you should expect people to wonder about EFF when you have no official position and yet some staff and board members seem to have a statist bent. > -- > Stanton McCandlish >
mech at eff.org >

Electronic Frontier Foundation >

Online Activist -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From MAILER-DAEMON at mqg-smtp3.usmc.mil Mon Sep 2 18:59:07 1996 From: MAILER-DAEMON at mqg-smtp3.usmc.mil (MAILER-DAEMON at mqg-smtp3.usmc.mil) Date: Tue, 3 Sep 1996 09:59:07 +0800 Subject: Undeliverable Message Message-ID: To: Cc: Subject: Re: Cypherpunk Mailboxes? Message not delivered to recipients below. Press F1 for help with VNM error codes. VNM3043: BANYAN SERVER at MAG26@2DMAW NEW RIVER VNM3043 -- MAILBOX IS FULL The message cannot be delivered because the recipient's mailbox contains the maximum number of messages, as set by the system administrator. The recipient must delete some messages before any other messages can be delivered. The maximum message limit for a user's mailbox is 10,000. The default message limit is 1000 messages. Administrators can set message limits using the Mailbox Settings function available in the Manage User menu (MUSER). When a user's mailbox reaches the limit, the user must delete some of the messages before the mailbox can accept any more incoming messages. UNDEFINED-----BEGIN PGP SIGNED MESSAGE----- On Mon, 2 Sep 1996, William H. Geiger III wrote: > Hi, > > I have a thought for addressing the anon. problem. > > We could create a network of anonymous remailers with mailboxes. All > messages in the mailboxes are stored encrypted. No information about the > users are keep. Users would be be given x K of mailbox space. > > We could use PGP keys for encrypting the messages. Each user would have his > own key pair for his anonymous mailbox. Any plain text messages received to > the server would be encrypted on recept. > > Let the government's subpoena away. :) > > "Sorry we don't have user addresses, no I can't decrypt those messages > Senator." > > What do you think? The only problem is there has to be someway for users to retrieve their mail. The current nym server approach is to use an encrypted reply block to send a user new mail. This way the nym server doesn't know who the user is. If users have to actively retrieve their mail, then the feds could install a packet sniffer on the remailers net link to find out the real email address of an anonymous user. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMiscESzIPc7jvyFpAQGQ8ggAoHoGwwLI/8WI3XEBvA/Yo/lOPu1bQGYZ +m/jYzZjlF/YcS54J+H+L+xRo9WcOJkm7LLetTRZM3N/vG71M01vLcoOnfciRjFz AhLj2V5DGEcyQE0GMBXOxgxKvnzMVkFJh6ZWFalIM0DedncdX541W3j+almPb7Yr YyT+On5mqbPd0U5rJgv2CfE5CFlAE7XyO0KteH5aONK3f6TxzGH4cGG8wSZaBiu4 jP55nTl8VdtMH7MBDqOFkAH7IOboDZzjDglbuFHFk/nhtKfYIzg4c/ck5VCZ1vs8 xIqaPIMzpQF/smfKS2upyhZB1fb3G101lUJmjoVkEATQhwMzLBhY1Q== =QbyB -----END PGP SIGNATURE----- From jya at pipeline.com Mon Sep 2 19:03:31 1996 From: jya at pipeline.com (John Young) Date: Tue, 3 Sep 1996 10:03:31 +0800 Subject: FWD: Another try to kill democracy Message-ID: <199609022352.XAA09328@pipe5.t1.usa.pipeline.com> On Sep 02, 1996 21:53:42, 'SPG ' wrote: >As student history I can name several people also labelled 'terrorist' before >by a government, who were not. 'Terrorist' is the name opressive and >undemocratic Junta's use for their opposition. --------- >From the US journal "Foreign Affairs," Sep/Oct, 1996: Postmodern Terrorism Since 1900, terrorists' motivation, strategy, and weapons have changed to some extent. The anarchists and the left-wing terrorist groups that succeeded them, down through the Red Armies that operated in Germany, Italy, and Japan in the 1970s, have vanished; if anything, the initiative has passed to the extreme right. Governments and media in other countries do not wish to offend terrorists by calling them terrorists. The French and British press would not dream of referring to their countries' native terrorists by any other name but call terrorists in other nations militants, activists, national liberation fighters, or even "gun persons." ---------- For the full 30kb essay see: http://jya.com/pothot.txt From jamesd at echeque.com Mon Sep 2 19:03:59 1996 From: jamesd at echeque.com (James A. Donald) Date: Tue, 3 Sep 1996 10:03:59 +0800 Subject: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd) Message-ID: <199609021945.MAA05331@dns2.noc.best.net> At 09:04 PM 9/1/96 -0400, Alan Horowitz wrote: > The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone. > > If my memory serves, the Iranian jetliner had its squawker turned off, or > broken. Your memory does not serve: The computers record of the events was: Computer tells crew: Civilian jetliner on radar. Crew expecting an attack by jetfighters, tell computer to shoot it down. Computer does not put up a bunch of dialogs saying: "Hey, I think this is a CIVILIAN airliner, did you get that CIVILIAN airliner, are you quite sure you want it shot down? Instead it just shoots it down. Human error by the American military. Possibly poor user interface on the computer. Possibly indifference to civilian lives by the American military. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From wb8foz at nrk.com Mon Sep 2 19:14:18 1996 From: wb8foz at nrk.com (David Lesher) Date: Tue, 3 Sep 1996 10:14:18 +0800 Subject: [NOISE] Re: FLT 800: From the Rumor Mill... In-Reply-To: <199609020352.FAA29463@basement.replay.com> Message-ID: <199609022357.TAA06324@nrk.com> Anonymous sez: > > > Well, not quite the same situation. IIRC, the Iranian aircraft refused to resp > > The Iranian Airbus was also flying out of what was essentially "hostile" airsp > > Feel free to correct my memory if I'm wrong. I wish I had an off-list way to say this: Mr Anonymous: won't you please fix your posting s/w so it break lines correctly? It's a Royal PITA to deal with as it is.... Often I do want to read your comments, but when you make it a hassle... (I now return to the flame war already in progress...) -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From stewarts at ix.netcom.com Mon Sep 2 19:18:54 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 3 Sep 1996 10:18:54 +0800 Subject: Pseudocrypto detector is going wild (was: Re: ALPHACIPHER - An unbreakable encryption program.) Message-ID: <199609030003.RAA03934@toad.com> C Matthew Curtin posted a reference to ALPHACIPHER, which appears to be Yet Another Snake Oil System. It's got good intentions - it uses (ahem) "one-time pads", and tries to build a convenient user interface for low-volume work. Of course, it apparently doesn't quite get it: > ALPHACIPHER uses key sets generated by a > proprietary random key set generator > to insure the production of unique, high-quality keys. The key set generation is inherently part of the encryption process; since it's proprietary, it's not possible to test the quality of the random numbers, but they must be assumed to be low-quality crackable stuff unless the author is willing to reveal the algorithm and demonstrate otherwise. The program is written in DOS, and produces its output as UPPERCASE LETTERS to avoid being caught by eavesdropping scanners that might detect other patterns. Not unreasonable, I guess. The author, Wolfgang Hammersmith, also wrote The New ADFGVX, a cypher that can be done by hand (if necessary), which he does acknowledge is breakable, but comments that for short messages, there may not be enough information to break it. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From tcmay at got.net Mon Sep 2 19:19:17 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Sep 1996 10:19:17 +0800 Subject: strengthening remailer protocols Message-ID: At 9:25 PM 9/2/96, John Anonymous MacDonald wrote: >I don't really see the use of this complicated scheme. The main >problem seems to be that if M floods remailer R with messages to B, >and A sends a message to C through R, then it will be clear to M that >A's message was destined for C. > >Rather than divert messages, then, I propose that for each input >message there is a 10% chance that a piece of cover traffic is >generated. Thus, if M sends 50 messages through R and sees 6 outgoing >messages going to remailers C, D, and D, he will now know which >messages correspond to the message that A send through. This type of attack is why "reply-block" schemes are fundamentally flawed. Any such scheme gives an attacker (a traffic analyst) a wedge with which to deduce mappings. It is a kind of "chosen plaintext" attack (loosely speaking). Or a "forcing attack." Maybe a "flooding attack" is as good a name as any. One floods the reply block and simply watches where the water goes. (If there were more academics in the crypto community looking at digital mix issues, there would likely be clever names for the various attacks.) Several folks on this list, including (from memory), Scott Collins, Wei Dai, Hal Finney, myself, and others, have noted this weakness over the years. Note that merely fiddling around with probabilities of transmission, such as described above, will not be enough. This just adds a layer of noise, which will disappear under a correlation analysis. (For newcomers, there are interesting parallels between statistical analysis of ciphers and similar analysis of remailer networks. And lots of statistical tools can be used to deduce likely mappings based on source/sink correlations, digram analysis, etc. Making a remailer network robust against such analyses will take a whole more basic thinking. Merely increasing message volume is not enough. Nor is increasing latency enough. Generally speaking, of course.) Instead of reply blocks, I think use of message pools (a la BlackNet) is a more robust reply method, as it uses "widely-distributed messages" (a la Usenet newsgroups) to get around the source/sink correlation issue. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ghio at netcom.com Mon Sep 2 20:02:45 1996 From: ghio at netcom.com (Matthew Ghio) Date: Tue, 3 Sep 1996 11:02:45 +0800 Subject: anon.penet.fi: URGENT REQUEST In-Reply-To: <199609011922.OAA31806@manifold.algebra.com> Message-ID: <199609022129.OAA02339@myriad> Someone wrote: : ! > I remember the load on anon.penet.fi was something like 7500 messages : ! > daily. As for connection, you will need 64kbps line or even less in case : ! > you compress the messages. The machine could be either an older Sun Sparc : ! > or a PC running free Unix (Linux/FreeBSD/...) anon.penet.fi actually used a 486/66 running FreeBSD. Dave Harman OBC (qut at netcom.com) wrote: : ! I suggest the following configuration: a IBM 486 PC with 16MB of : ! RAM and 28.8 modem, running qmail instead of sendmail and Linux, : : How is qmail better than sendmail? The default BSD sendmail since 8.00+ : has automated ident requests built in. It can easily be compiled without : that default option, for greater efficiency. Disable reverse-DNS too... : ! on a dedicated 28.8 PPP line. The cheapest used VGA display from : ! the nearby waste dump will work just fine. : : Hell, any monitor should work! You don't need a monitor at all. Since we're assuming that the remailer is a dedicated machine, and you'll do your real work on another computer, just plug a null modem cable into the serial ports and use a terminal program on your other computer. : ! Estimated cost: $700-1000 for the system, $50-100/month for the : ! connection, and 3 hours per day to deal with mailbombing from $500 tops. 8MB is probably okay, 16 might improve resistance to mailbombs a bit tho. You can get 486 motherboards for under $100 nowadays. Do the math: used 486 MB+CPU: $100 16MB RAM: $150 case+powersupply: $50 100MB HD: $20 HD Controller: $15 Dual 16550 Serial Card: $15 28800bps Modem: $150 ------ $500 And if you really want to run a remailer, I can sell you most of the above, and I'll even throw in a 340MB IDE HD with Linux+remailers preinstalled! (Yes, I'm serious.) From paul at fatmans.demon.co.uk Mon Sep 2 20:11:38 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Tue, 3 Sep 1996 11:11:38 +0800 Subject: Free Speech and List Topics Message-ID: <841692279.5129.0@fatmans.demon.co.uk> > More disturbing to me recently has been the steady increase in subscribers > to this list who don't seem to value free speech very highly, who write of > their own nation's censorship as valiant efforts to protect citizen-units > from foreign devils, and, even more shockingly, from supposed defenders of > electronic freedom who are now talking about the need for limits on > anonymity. I too have noticed this, but we must remember that although we are the people who see the tyranny of censorship etc. all to clearly we are in a very small minority, the majority of people do not support censorship because they have made a reasoned judgement, the either support it because they are too lazy to do anytthing, too shit scared of the government if they do, or they just do not take the time to understand the issues and so support the common view, there is also the case that many people "go with the majority", because they do not want to appear different, and the media has so demonized free speech and liberty advocated that to associate yourself with them now is equivalent to telling people you are a rampant sexually deprived paedophile in an anorak. Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From mech at eff.org Mon Sep 2 20:28:35 1996 From: mech at eff.org (Stanton McCandlish) Date: Tue, 3 Sep 1996 11:28:35 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: <19960901220323595.AAA208@Esther.edventure.com> Message-ID: <199609022106.OAA15793@eff.org> > Therefore I would > favor allowing anonymity -- with some form of traceability only under terms > considerably stronger than what are generally required for a wiretap. [...] > Please note that this is not the same as the right to *private* > conversations and the use of encryption; this is the issue of being > accountable for what you publish in public. A problem here is that the *same* services and capabilities that permit anonymous speech in private permit anonymous speech in public. Compromising the latter compromises the former as well. > Anyone who seriously needs anonymity because of a repressive government is > likely to use a foreign (outside whatever jurisdiction he fears) server, so > that this is not a matter of "local" laws. The tracer would have to pass > through what I hope would be tighter hoops than we have now. Unless chaining of remailers is made manadatory and automatic, this is unlikely to work. CoS had little difficulty getting anon.penet.fi's logs, and getting a preliminary ruling against online anonymity from the Finnish courts. You have to have an anonymizing system that crosses a dozen or so national boundaries to make such an attack infeasible for most large organizations. You'd need a system that crossed 50 or more widely disparate jurisdictions to make it infeasible to large intelligence or law enforcement agencies, and even then you'd have to NOT have broad international agreements, such as you'd called for or it would be trivial to force all the remailers in the chain to cough up personally identifiable information. > My assumption is that there will be a wide variety of Net communities with > different rules/regulations/attitudes towards anonymity that would apply ex This is already true. > some kind of international sanctions; I think that's appropriate. That's what bugs me - if there are some kind of sanctions coming from a governmental body (I may be misinterpreting you here), that's probably enough to kill private and well as public anonymity on the Net. Incidentally, if something does happen from a governmental direction to kill online anonymity, it will probably be readily broadenable to all other media. -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From hallam at ai.mit.edu Mon Sep 2 20:52:36 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Tue, 3 Sep 1996 11:52:36 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: <50a42c$nph@life.ai.mit.edu> Message-ID: <322B5BFD.41C6@ai.mit.edu> Timothy C. May wrote: > The point is to make clear to them that the Usenet and similar Web sites > are global in nature, not subject to censorship without a very high local > cost. If discussions of Lee Kwan Yew's dynasty are considered illegal, then > Singaporans will have to choose not to carry the various newsgroups into > which *I* post such messages! If the govt. of Singapore wish to keep their people in ignorance of their corruption it is going to be harder than banning a few newsgroups. I would expect the opposition to be scanning USEnet and like fora for email addresses ending with .sg and spamming appropriately. The irony of censorship is that its rarely effective and almost always superfluous. The people of singapore are aware that their government is corrupt. They vote it back in because they expect the alternative to be at least as corrupt. Its much like the US where there is a choice between the rightwing authoritarian Republican Party and the authoritarian, rightwing Democrats. > (This was done by many of us during the Karla Homulka and Teale trial in > Canada a couple of years ago: Canada imposed press restrictions on > discussion of the trial and the grisly evidence...and then was chagrinned > to find that the global Net did not adhere to their notions of what should > and could be discussed. They even seized copies of "Wired" at the border, > very much akin to Singapore's stone age policies.) There is a big difference between the Canada situation and the Singapore situation. In Canada the restrictions are temporary and stem from making the right to a fair trial a higher priority than the right to free speech. It is a conflict of two competing individual liberties. No observer of the OJ Simpson trial could state that the media coverage did not affect the outcome. The arguments that Mill advances for freedom of speech in On Liberty do not apply in the context of a temporary judicial injunction, they are utilitarian (suprise) and applying his general principle of "interests" would favour the temporary restriction. The situation in Sigapore is simply a corrupt government trying to supress legitimate democratic discussion. The intention is not to protect an individuals right to a fair trial, the intention is to restrict argument permanently. It is important that in an international forum people don't start imagining that their local customs are universally accepted as superior. The difference between Canadian and US law is a minor one and relates to different interpretations of a common principle. There is a vast gulf between the Singapore position and that of either the US or Canada. This is not simply a difference of local interpretation. Phill From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 2 20:57:59 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Tue, 3 Sep 1996 11:57:59 +0800 Subject: Free Speech and List Topics Message-ID: <01I90JJH1NJ49JDDSI@mbcl.rutgers.edu> From: IN%"tcmay at got.net" 2-SEP-1996 05:36:20.36 >No self-respecting Cypherpunk thinks the Antitrust Act and related acts are >worthy of enforcement. >(Think of how the technology we support will tend to allow new avenues for >price collusion, interlocking directorates, new forms of business combines, >unreadable secure communications with foreign competitors, and so on, all >things the Antitrust regulators are already growing worried about.) There's a difference between thinking something shouldn't be enforced (e.g., drug laws for adults) and thinking that other things - such as privacy and free speech - are more important than fully effective enforcement of something (anti-terrorism measures, AntiTrust Act, etcetera). I don't think that transparent houses, as Perry put it, should be required to prevent murders - but I don't approve of murders either. It's a problem with means, not ends. -Allen From paul at fatmans.demon.co.uk Mon Sep 2 21:04:09 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Tue, 3 Sep 1996 12:04:09 +0800 Subject: Secure anonymouse server protocol: comments please Message-ID: <841692281.5135.0@fatmans.demon.co.uk> The following is a very sketchy plan for a secure protocol for an anonymous server which allows replies without storing a recipient database in the clear. To send a message: The sender first exchanges keys with the sever (public key cryptography assumed), the server now has the users key and the user the servers. The user sends the server: The recipient for the message the message itself a password previously agreed The users ID on the server The server decrypts to get the above back in plaintext, then it encrypts the ID & the users address with a random session key and stores it in the database. notice nothing is stored in the clear the server now encrypts the session key with the senders public key, and fowards it to the sender of the original message. now finally the server sends the message onto the intended recipient in plaintext (who must also have exchanged keys with the server) along with the ID of the sender encrypted with the servers public key. the recipient responds with his reply, and the ID of the sender still encrypted in the servers Public key The server stores this When the user (the original sender) wants to pick up his mail after a couple of days he sends the server his ID encrypted with the servers public key, the server compares this with all of the encrypted IDs in the database and when it finds a match it fowards the corresponding mail to the original sender of the first message. Thats all folks. This system has 1 huge fault, we can encrypt a uses ID with the servers public key to see what his ID in the encrypted database is and therefore identify him, maybe we need two seperate server public keys, and when IDs come in encrypted with key1 (the one it releases) it decrypts with secretkey1 then encrypts with publickey2 (the one it keeps secret) or maybe we can just hash and sign the IDs in the database? as I said it`s very sketchy, I made most of this up as I wrote it so if you must tear it to pieces please do so constructively, it could be the route to a secure system.... Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From franf at hhs.net Mon Sep 2 21:11:03 1996 From: franf at hhs.net (Fran Frisina) Date: Tue, 3 Sep 1996 12:11:03 +0800 Subject: (no subject) Message-ID: <322BB272.442F@hhs.net> desubscribe From snow at smoke.suba.com Mon Sep 2 21:23:28 1996 From: snow at smoke.suba.com (snow) Date: Tue, 3 Sep 1996 12:23:28 +0800 Subject: Sen. Leahy's "impeccable cyberspace credentials" In-Reply-To: <19960830.170609.9758.0.patrickbc@juno.com> Message-ID: On Sat, 31 Aug 1996, patrick b cummings wrote: > jimbell, > I agree with what you are saying but not all polititions are that bad. > You make it sound as if their are no politisions are for freedom of the > net. Politicians get power by restricting, not by liberating. Politicians who liberate don't get re-elected. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From jimbell at pacifier.com Mon Sep 2 21:25:19 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 3 Sep 1996 12:25:19 +0800 Subject: FLT 800: From the Rumor Mill...But It Makes Sense.. (fwd) Message-ID: <199609030140.SAA24564@mail.pacifier.com> At 11:59 PM 9/1/96 -0700, James A. Donald wrote: >At 09:04 PM 9/1/96 -0400, Alan Horowitz wrote: >> The Aegis ship in the Gulf wzs not in an exercise. It was in a war zone. >> >> If my memory serves, the Iranian jetliner had its squawker turned off, or >> broken. > >Your memory does not serve: The computers record of the events was: > >Computer tells crew: Civilian jetliner on radar. > >Crew expecting an attack by jetfighters, tell computer to shoot it down. > >Computer does not put up a bunch of dialogs saying: "Hey, I think this >is a CIVILIAN airliner, did you get that CIVILIAN airliner, are you quite >sure you want it shot down? Instead it just shoots it down. Suggestion for future improvement... C:>DEL AIRLINER.COM Are you sure? (Y/N) _ Jim Bell jimbell at pacifier.com From alanh at infi.net Mon Sep 2 21:25:49 1996 From: alanh at infi.net (Alan Horowitz) Date: Tue, 3 Sep 1996 12:25:49 +0800 Subject: desubscribe In-Reply-To: Message-ID: desubscribe From chuck at nova-net.net Mon Sep 2 21:27:52 1996 From: chuck at nova-net.net (Chuck Thompson) Date: Tue, 3 Sep 1996 12:27:52 +0800 Subject: The Esther Dyson Flap Message-ID: <1.5.4.32.19960903005919.0068fc70@mail.nova-net.net> I don't quite understand the position taken by Mr. Assange and Mr. Unicorn regarding recent statements attributed to Ms. Dyson. I would appreciate some additional insight. It appears as though they are both critical of statements (taken out of context according to Dyson) because of her position with the EFF. It appears that they both believe that she has no right to her opinion if it is contradictory to the policy of the EFF. If such an EFF policy exists, and if Dyson is of a different opinion, the fact that she holds office in an organization with which she is not in total agreement should not count against her. In fact, it is to her credit that she has the courage to speak her mind, considering that hers is an elected position. She has something to lose by speaking her mind publicly. Mr. Unicorn remains anonymous, thereby mitigating repercussions which might otherwise accrue to him as a result of the expression of his opinion. I agree with Mr. Unicorn that the EFF should state its position unequivocally. I do not agree that officers or staff of EFF should not be allowed to disagree with that position, if in fact they do. In the case of Ms. Dyson, how can we know whether she agrees or disagrees with a non-existant policy? She has, evidently, spoken her mind. Isn't that what freedom of speech allows? Imagine, if you will, where we would be right now if all elected representatives were censured for disagreeing with stated government policy. That ability is what makes this country great - and, what you both seem to be saying you stand for. Is your position solid only if everyone agrees with you and you them? Whatever happened to "defending to the death your right to say it"? Pouncing on someone, without knowing all the facts, who is vulnerable because of their position smacks of dirty politics - it is distasteful. Why not ask for the facts from the source? Then state your opinions or make your threats about not contributing financially. In keeping with the message, you have the right to take a cheap shot. I'd just like some insight into your thinking. Regards, Chuck Thompson From EALLENSMITH at ocelot.Rutgers.EDU Mon Sep 2 21:31:14 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. ALLEN SMITH) Date: Tue, 3 Sep 1996 12:31:14 +0800 Subject: Any cypherpunk solutions to this problem? Message-ID: <01I90CQSB7289JDDSI@mbcl.rutgers.edu> To the degree that he's correct, how can such problems be solved while increasing privacy, security, etcetera? What sort of decentralized replacements for the current DNS system can be used, preferably with prevention of removal of DN for political reasons? -Allen From: IN%"rre at weber.ucsd.edu" 27-AUG-1996 06:03:35.07 [Maybe the next Internet myth to bust up is this stuff about the Internet being decentralized. "Designed to survive a nuclear attack", etc etc. I'm afraid it doesn't work like that. The net has little redundancy, the backbones are in the hands of a small number of large companies, and all of the detailed mechanics of getting your packets to their destination are fragile and prone to propagating errors. The high levels of service to which we've grown accustomed are due to the hard work of specific people, not to the intrinsic properties of the machinery. The net works because those people are able to do the right thing. The conditions that *let* them do the right thing may disappear next month, or the month after that. So let's forget the technological determinism and lose our complacency about the future, and instead have a little gratitude to the hackers who make it work and a little political concern for the architectural choices that are coming right up on the horizon.] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, send an empty message to rre-help at weber.ucsd.edu =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Date: Mon, 26 Aug 1996 14:15:06 -0700 (PDT) From: risks at csl.sri.com RISKS-LIST: Risks-Forum Digest Monday 26 August 1996 Volume 18 : Issue 38 ---------------------------------------------------------------------- Date: Sat, 24 Aug 1996 08:53:31 -0700 From: stevenw at best.com (Steven Weller) Subject: DNS failure [from Matthew Dillon] The following describes DNS meltdown at my ISP the other day: all DNS services were unavailable, despite multiple servers being online. Lack of DNS assured that other working services were unavailable to everyone who didn't have IP addresses written down. Here is a technical explanation of the DNS failure, for those of you interested. First, a synopsis of how DNS works... every site on the net serves their own DNS records. Some sites serve other people's DNS records. For example, BEST serves the DNS records for best.com, best.net, and most of our customer's custom domains. No site serves more then a small fraction of the DNS records on the internet from their own database. The way DNS works is that when a domain name needs to be resolved, our DNS server (anyone's DNS server) first goes to the NIC to ask where to go to resolve the domain name. The NIC itself cannot resolve domains, it can only tell our DNS server where to go to resolve a domain. Our DNS server then goes to the specified remote site to resolve the domain name belonging to that site. The remote site replies with the answer which our DNS server (a) caches for future reference, and (b) returns to the original requester. The caching is important, because otherwise a DNS server would have to re-query the remote DNS server every time someone wanted to resolve a domain. DNS records propagate through caches. It is simply not possible to run a DNS system with caching turned off, it would create an impossible load on the internet. Around 4:00 a.m. yesterday, some unknown site's cache got corrupted. The corruption propagated to many (hundreds) of other sites on the internet and eventually propagated to us. This corruption hit a bug in the DNS server program that wound up corrupting the program, causing DNS to loose major records. Restarting the server in this case does not solve the problem because, due to the caching on remote sites, the corrupted record repropagates almost instantly. BEST was hit by this problem very hard due to the large number of custom domains we serve... so many DNS requests come into BEST and are made by BEST that our servers would hit the corruption out on the internet within 10 seconds of starting up. Worse, this particular corruption tended to destroy the root records (stored in memory), called SOA records, for the domains served locally. This destroyed the mail system causing mail messages to bounce rather then to simply be delayed, because the DNS server was saying 'site X does not exist' rather then timing out. It's worst possible corruption that can occur in a DNS system. -- It turns out that the last two BIND releases contain a bug that, when a corrupted record of the type that started propagating at 4:00 a.m. is received, results in the destruction of other **unassociated** records stored in memory. The particular release of BIND that we were using had been running perfectly for several *months* before this incident. It was not something recently installed. There are two fixes to the problem: (1) One can lock out those sites where the corrupted records come from, and (2) One can revert to an older release. (1) is not a good solution because, due to the nature of DNS, corruption can propagate to many sites and it would be impossible to keep up to date and lock all of them out. We wound up taking action #(2) and reverting to an older release of bind which, fortunately, did not have the bug that caused the problem. We had to revert to BIND 4.9.3. Unfortunately, we did not think to do this for many hours because we were all convinced that the problem was external in nature and just didn't think to try a reversion. In hind sight, that is the first thing we should have tried since we had the friggin binary for the older version sitting in our source tree. As far as DNS goes... the DNS we run is not 'bsd' or 'sgi' .. it's the *official* world-wide BIND distribution run by Paul Vixie. It is really not appropriate to run the older versions shipped with most operating systems due to massive, massive security holes. The corruption problem was unavoidable. What *was* avoidable was the long period of time that elapsed before the problem got fixed, which I take full responsibility for. We spent most of that time trying to track down where the corruption was coming from... a near impossible task. Around 6:00 p.m. scuttlebutt started propagating regarding a possible bug in the last two BIND releases at which point we instantly reverted to an earlier version, which fixed the problem, then started banging our heads against the wall for not trying it earlier. Matthew Dillon Engineering, BEST Internet Communications, Inc. ------------------------------ Date: 15 Aug 1996 (LAST-MODIFIED) From: RISKS-request at csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Or use Bitnet LISTSERV. Alternatively, (via majordomo) DIRECT REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] => The INFO file (submissions, default disclaimers, archive sites, .mil/.uk subscribers, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks at CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. The ftp.sri.com site risks directory also contains the most recent PostScript copy of PGN's comprehensive historical summary of one liners: get illustrative.PS ------------------------------ End of RISKS-FORUM Digest 18.38 ************************ From snow at smoke.suba.com Mon Sep 2 21:31:17 1996 From: snow at smoke.suba.com (snow) Date: Tue, 3 Sep 1996 12:31:17 +0800 Subject: mailing lists In-Reply-To: <19960830.205359.4758.1.patrickbc@juno.com> Message-ID: On Sat, 31 Aug 1996, patrick b cummings wrote: > If any body knows any good mailings lists please tell me. > > -P. Cummings- > Patrickbc at juno.com clueless at c2.org is pretty good. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From gimonca at skypoint.com Mon Sep 2 21:35:52 1996 From: gimonca at skypoint.com (Charles Gimon) Date: Tue, 3 Sep 1996 12:35:52 +0800 Subject: Cocktail Party Conversation... Message-ID: ...of the clueful who should know better... "Ms. Denning, I'd like to introduce Ms. Dyson. Ms. Dyson, Ms. Denning." *********************************************************************** Wild new Ubik salad dressing, not | gimonca at skypoint.com Italian, not French, but an entirely | Minneapolis MN USA new and different taste treat that's | http://www.skypoint.com/~gimonca waking up the world! | A lean, mean meme machine. *********************************************************************** From tcmay at got.net Mon Sep 2 21:36:31 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Sep 1996 12:36:31 +0800 Subject: The Earliest CP Remailer *DID* Emphasize Anonymity Message-ID: At 12:27 AM 9/3/96, Bill Stewart wrote: >At 11:05 AM 9/2/96 -0700, Tim wrote: >>No, the focus was at _least_ as much on providing anonymity as on >>protection from eavesdroppers or traffic analysts. More so, actually. >>How do I know this? Well, I was the one who did the presentation on >>Chaumian mixes at the first meeting, describing them as remailers and using >>paper envelopes-within-envelopes to illustrate the concept. >>Later that day, in the "Crypto Anarchy Game" we played to educate the > >Thanks for the history correction; I got involved with Cypherpunks about >a year after the initial meeting/game, so I'm going on other people's >comments about the intent of mixes and remailers. Out of curiousity, >did either spam or blackmail show up during the first run of the game? A full range of interesting behaviors showed up. Usually this was publicized via the "out-of-band" channel of someone yelling "Hey, I was just told to deposit $100 credits to the account of "AnonymousBanker" or else my digital pseudonym will be published." A murder-for-hire business was started, several weapons-trading schemes developed, etc. Information selling was a big market success. (Not very surprising, given that Eric and I devised the playing cards, roles to be played (banker, assassin, money launderer, freedom fighter, whistleblower, etc.), and doled out crypto-currency (Monopoly money). The idea was not to discover real-world lessons, of course, but to graphically demonstrate some of the technology, some of the ways crypto-anonymity would change interactions, etc.) >>And all of the early uses were explicitly to anonymize the sender, not to >>deter eavesdropping (which conventional crypto works well for, anyway). > >Keeping the sender's identity hidden from the recipient is a different >problem than keeping either of them hidden from Untrusted Third Parties. >Conventional crypto is fine for keeping message content secure from >eavedroppers, but isn't enough to prevent traffic analysis; >that requires either mixes or at least message pools or broadcasts. Yes, but my point was more that we were more concerned about building a solid foundation which would solve a larger class of problems than just straight encryption would. Remailers do this. Anonymity of sender was a dominant mode in the game, for various reasons. But anonymity of receiver was also possible (we faked message pools by pinning messages to a board and then letting them be taken down, but not letting others spend time seeing which were taken down...obviously a determined person could have seen which were removed, and by whom...). Regarding traffic analysis, at least one person (George ?) set himself up as an NSA traffic analyst and tried to deduce pseudonym/true name mappings. (We gave some people roles as "NSA," "narc," and whatnot.) I no longer recall all the details of how the game evolved, interesting behaviors seen, etc. I think someone posted a summary of his reactions to the game a few weeks afterward, circa September/October 1992. It should be in any archives that cover this period. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From enzo at ima.com Mon Sep 2 21:39:09 1996 From: enzo at ima.com (Enzo Michelangeli) Date: Tue, 3 Sep 1996 12:39:09 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: <2.2.32.19960902124403.00ae6430@panix.com> Message-ID: I agree with what you say, and that's exactly why all this thread is out of focus. Blocking anything on the net is impossible, we know it and, I'm sure, the Singapore government knows it as well. The filtering proxies they deployed, however, allow them to show that they are "doing something" and get continued support from the socially conservative constituency; the net will route around, and life will go on. If the purpose of those measures had been political censorship, the SG government would have banned crypto or simply restricted Internet access, as they have done with mass media like satellite TV. Hovever, they on one hand know that Internet is strategic to the country's future development, and on the other hand that its use is limited to a well-educated elite not likely to fall prey of simplistic propaganda as tabloid readers would be, and that would be able to find sources of free information anyway: hence, the green light. Let's not fool ourselves: social mores are determined by economic development, which in turn is driven by technology and free markets. Political activism may sometimes help, but it's largely overrated (and in some cases it may backfire). When a government pursues free market and technological advancement, time is on freedom's side. Enzo On Mon, 2 Sep 1996, Duncan Frissell wrote: > At 07:06 AM 9/2/96 +0800, James Seng wrote: > >that). I have a long argument with this person, telling him that despite > >what they have done, i could still access to those stuff which they ban. > >his reasoning is "how many people can do it? 10%? 5%? That's fine with us. > >If the people really wans it, they can get it". > > The flaw with this view is that it is no harder to deploy software that > defeats Singapore's proxy than it is to establish a tcp/ip connection in the > first place. For civilians (such as myself) establishing a tcp/ip > connection is as hard or as easy as establishing an encrypted tcp/ip tunnel > to defeat government control efforts. For both these tasks, I am dependent > on software writers who know more than I do. Since the software of the Net > is written by people not governments, the governments will find it hard to > hold "free users" down to a 5% or 10% figure. The Net is nothing more than > the software that it runs on and we (not governments) write the software. > > In addition, we are not imposing our ideology on Singapore. If Singapore > changes, it will be because an encounter with the realities of the free flow > of information changes it. > > DCF > From snow at smoke.suba.com Mon Sep 2 21:41:08 1996 From: snow at smoke.suba.com (snow) Date: Tue, 3 Sep 1996 12:41:08 +0800 Subject: "Security risks" vs. "credit risks" In-Reply-To: <199609010153.UAA22411@manifold.algebra.com> Message-ID: On Sat, 31 Aug 1996, Igor Chudov @ home wrote: > Timothy C. May wrote: > > than in Marianne Smith, retired school teacher from Peoria. > > Remember, private airlines are just that: private. Surely we do not support > > laws which limit a private airline from using data it has acquired to > > decide whom to pay closer attention to. This is the essence of what > > knowledge is. > Unfortunately, most private businesses suck up to the government. It > is understandable if we note that they can be harassed by the government. > Airlines, for example, are under tight and rather arbitrary control of > the FAA. Nail, Hammer, Head. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From um at c2.net Mon Sep 2 21:43:34 1996 From: um at c2.net (Ulf Moeller) Date: Tue, 3 Sep 1996 12:43:34 +0800 Subject: FWD: Another try to kill democracy In-Reply-To: <322B5766.60F8C2BB@dds.nl> Message-ID: >I just got wind that the German government is planning to force german >ISP's >to shut off access to my ISP, XS4ALL, because the german magazine >'Radikal' >has a web page on xs4all. That would be which government agency? >http://www.xs4all.nl/~tank/radikal/index.htm From stewarts at ix.netcom.com Mon Sep 2 22:04:16 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 3 Sep 1996 13:04:16 +0800 Subject: The Earliest CP Remailer *DID* Emphasize Anonymity Message-ID: <199609030030.RAA04862@toad.com> At 11:05 AM 9/2/96 -0700, Tim wrote: >No, the focus was at _least_ as much on providing anonymity as on >protection from eavesdroppers or traffic analysts. More so, actually. >How do I know this? Well, I was the one who did the presentation on >Chaumian mixes at the first meeting, describing them as remailers and using >paper envelopes-within-envelopes to illustrate the concept. >Later that day, in the "Crypto Anarchy Game" we played to educate the Thanks for the history correction; I got involved with Cypherpunks about a year after the initial meeting/game, so I'm going on other people's comments about the intent of mixes and remailers. Out of curiousity, did either spam or blackmail show up during the first run of the game? >And all of the early uses were explicitly to anonymize the sender, not to >deter eavesdropping (which conventional crypto works well for, anyway). Keeping the sender's identity hidden from the recipient is a different problem than keeping either of them hidden from Untrusted Third Parties. Conventional crypto is fine for keeping message content secure from eavedroppers, but isn't enough to prevent traffic analysis; that requires either mixes or at least message pools or broadcasts. > Kleinpaste .... Julf .... I've also been pleased by how long Julf's remailer stayed in business. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From jimbell at pacifier.com Mon Sep 2 22:06:28 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 3 Sep 1996 13:06:28 +0800 Subject: Assassination Politics Question Message-ID: <199609030140.SAA24561@mail.pacifier.com> At 06:10 PM 9/2/96 -0500, correspondent wrote: >If there are more than one accurate prediction for an even, how will >CP Server will allocate the prizes? What made me think of that is >that, only in the case of famous peoples, a very smart individual >might make a prediction simply out of being smart and informed. To a first approximation, they could split the reward among the correct guessers. This is an issue that I considered in some detail a year ago, but which (surprisingly enough) hasn't been raised by others. As I pointed out in AP part 1, it is necessary to reduce "shotgun guesses" among people who simply guess a date (or many dates) and make a bet. That's why I included the system of requiring the predictor to include a payment with the prediction, in such a way that the prediction remains anonymous while the included money is always paid to the AP organization. This might initially appear to be a burden to the potential "guesser"/killer, but in fact if he understands the reason for it he'll want the system in place: It's one of the main ways to avoid the situation where multiple people make guesses for a particular person and date, and thus it would tend to ensure that the successful "guessor" is the only one to make that guess. Some of my analysis in AP part 1 was superficial and not really accurate, because in the example it gave, it suggested that the amount of money that would have to be included might be as little as 1/1000th of the reward money. However, chances are it'll usually be somewhat higher for this reason: Let's say a person does something REALLY AWFUL, such as Jeffrey Dahmer or another multiple murderer. Suddenly, he goes from completely anonymous to Public Enemy #1. One would suppose that if AP was operating "efficiently," he'd be dead in a week. However, if indeed he's dead in a week, and you only have to pay 1/1000th per day to place your bet on his demise, you could (hypothetically) make your bet for all seven days, paying a total of 7/1000th of the prize, and assuming the death occurred any day that week you'd be guaranteed to share in that prize. But that's the problem: You'd only _share_ in that prize, because many other people would get the same idea and they'd make similar bets, and the thing would simply turn into a Lotto-type game. The potential killer out there, aware of this problem, would hesitate to make his bet under those circumstances, because it is almost certain he'd lose at least part of the prize to others. The result would be a great deal of suspense, because nobody would know when somebody is actually going to place a prediction and carry out a killing. The AP organization would rake in the money from all those bets, but the killing would be delayed and the betting public would become unhappy. At some point the "prediction" donations would slow down, and perhaps a killer would take this as a cue to actually make his prediction. One way to avoid this is to carefully adjust the amount of payment that's required with the "prediction," raising it _just_enough_ to deter all but "informed guessing" among people who know what's going to happen. Or, at least, to reduce "uninformed guessing" to a level which doesn't dramatically affect the fulfillment of the donations. The problem with this is that this price-setting would be a lot of work, and is not likely to produce the "right" price. It would be somewhat akin to the kind of central planning that the communists never did very well. The problem with trying to set a price like this is that to do it right, requires WAY too much knowledge, knowledge that will often only be known by a small number of people that you can't identify. Perhaps the most obvious solution is to allow the free market to decide how much a given prediction is worth. In other words, the Invisible Hand of Adam Smith. Instead of asking for some specific amount of money along with any given prediction, simply announce that along with a prediction the predictor ought to include some portion of digital cash, although there would be no minimum amount required. Assuming the associated prediction turns out to be true, the reward fund will be distributed on a pro-rated basis, divided up based on the amount of prediction. For example, if you're the killer and you include a dollar with your prediction, and I'm a random, guessing predictor and I include a dime, you get 1/1.1 of the reward and I get 0.1/1.1. Had you included $10 with your prediction, you'd have won 10.00/10.10, and I'd get 0.1/10.10. Sure, the amount a predictor included might be as little as a dime, and if that's the only correct prediction he'll get the entire amount of the reward. But a killer would be stupid to ONLY include a dime, because somebody else could, likewise, include a dime per day for a prediction for a given person, and then he'd get half of the reward if nobody else did the same thing. And since it would only cost him $0.10 per day or $36.50 per year for a given person, he'd be dollars ahead to do this. It should be clear that a person who really KNEW that the target would die on a particular day would want to include enough digital cash to help ensure that he's the beneficiary of a good fraction of the reward, ideally most or all of it. On the other hand, he won't want to include so much that it's "too much" a proportion of the reward itself, since the payment is non-refundable and it reduces his net reward. The random guesser likewise wants to maximize his share, but unlike the killer does not have the specific knowledge that the death will occur on that particular day. With this system, the market is responsible for finding its own equilibrium point. The AP organization need not decide how likely a given death is, and how much money to ask for. Its job is made substantially simpler. Jim Bell jimbell at pacifier.com From stewarts at ix.netcom.com Mon Sep 2 22:11:22 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 3 Sep 1996 13:11:22 +0800 Subject: [BEATING A NOT QUITE DEAD] Passive Trojan [HORSE] (was:Re: HAZ-MAT virus) Message-ID: <199609030151.SAA07328@toad.com> >The key to the success is that the application in question has to be >compromised to respond to these codes, either by design or by hacking. >Either way the individual responsible must modify the execution >mechanism, not just the data itself. A well-written program is hard to exploit, but badly written programs can often be exploited in ways that allow execution of untrusted code. For instance, the fingerd bug exploited so spectacularly by Robert Morris handed a program more input that it was ready to accept, and the program stupidly kept writing the input into the array, past the end, and out into the stack, where it could be later interpreted as executable code. If a popular GIF or JPEG interpreter was written that badly, you could possibly devise a GIF that lies about how big it is and encourages the program to scribble on its stack. Now, there probably aren't any like that, and it'd probably have to be Netscape or MSIE or Lview to be widespread enough to make an attack like that worthwhile. (I'd bet on MSIE, of the three of them :-) Does Microsoft have some sort of Really Cool Extension to JPEG, allowing Macros for Self-Modifying JPEGs, trying to out-do Netscape's animated GIFs?) >Let's see -current examples of computing items with this kind of a >"feature"... magic cookies, macros, OLE, DDE, MS Objects, JAVA, and the >list keeps growing. Back when Good Times came out, everyone denied that it was possible for there to be any risk from a text file (though, as I pointed out, escape-sequence hacks have been used occasionally for over 15 years), and not long after that, the MSWord Macro Viruses started appearing. Bad Code can't always be hacked usefully, but it can always be hacked... # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From molnard1 at nevada.edu Mon Sep 2 22:50:57 1996 From: molnard1 at nevada.edu (DAVID A MOLNAR) Date: Tue, 3 Sep 1996 13:50:57 +0800 Subject: In-Reply-To: <19960825000344312.AAA199@maverick> Message-ID: On Sat, 24 Aug 1996, Sean Sutherland wrote: > > Does anybody know what I can get for generating the credit card > > numbers? > > > > And they say there's hope for the youth of America. It would seem that the hope of the "youth of America" lies in convincing all others they do not exist. After all, if behaviour is the only standard by which to determine age, one only exists as a "youth" when one exhibits the negative qualities of childhood. This is then used as an excuse to segregate, control, censor, and reject one's input on the grounds of age. The offense is not being a youth. The offense is getting caught. Clueless remarks (as the above), are a form of "getting caught". Personally, I wouldn't be surprised to see "the youth of America" emerge as one of the biggest users of nymservers and anon remailers. With the push toward hard identities we're likely to see, I think more and more "youth" will come to realize how limiting the stigma of 'child' or 'teenager' can be, and will work to trandescend it. Besides, there's always the need to hide from parents. An entire generation of people disappearing into the woodwork, so to speak(*). Expect to see a lot of ranting about how the Internet is "stealing away childhood" when people finally catch on to what's happening. You could say that the current child porn hysteria is just the opening shot. I wonder what kinds of laws we will see. Perhaps it will become illegal to operate a computer without a license. :-) -David Molnar * Yes, yes, "an entire generation" is overreaching future-speak. It ignores the millions of people who can't or won't have access to the Net, it assumes everyone will want freedom (after all, people stay in AOL's monitored chat rooms and speak Beavis and Butthead to each other all day long), it assumes enough things to make it a piece of empty rhetoric. However, it's a nice-sounding piece of empty rhetoric. From declan at eff.org Mon Sep 2 22:55:10 1996 From: declan at eff.org (Declan McCullagh) Date: Tue, 3 Sep 1996 13:55:10 +0800 Subject: Scoring Politicians on Digital Liberty Issues (Re: Net Politics) In-Reply-To: <01I90CVK55W89JDDSI@mbcl.rutgers.edu> Message-ID: On Mon, 2 Sep 1996, E. ALLEN SMITH wrote: > I would suggest that support for "parental empowerment" and for > any sort of mandated rating system (e.g., PICS with a requirement to rate > pages for parental censorship use) be a down-rating. No arguments here. Check out the latest article to follow up on the CyberWire Dispatch story in which Brock and I revealed what the "smut-blockers" *really* block. It's in Internet World Online, at the URL below. -Declan // declan at eff.org // I do not represent the EFF // declan at well.com // Linkname: Who Will Watch the Watchmen? Filename: http://www.iw.com/current/feature3.html WHO WILL WATCH THE WATCHMEN? By Eric Berlin and Andrew Kantor Porno-filtering software may be blocking out more than most people realize. Porno-filtering software or "censorware" is a big thing these days. It lets parents make sure their kids aren't seeing Bad Things on the Net -- things like pornography, violence, and information about drugs. Oh, and did we mention AIDS, Judaism, fascism, and some guy named Fred? How about any Web site in the crl.com domain? Thanks to an apparent philosophy of "block first, ask questions later" -- plus a combination of overzealousness, with a little laziness and ignorance tossed in -- some filtering software is screening out more than most people expect. To top it off, often neither users of the software nor owners of the blocked sites know about it. [...] From pstira at escape.com Mon Sep 2 23:30:19 1996 From: pstira at escape.com (pstira at escape.com) Date: Tue, 3 Sep 1996 14:30:19 +0800 Subject: Encourage Singapore To Come Out Of the Stone Age In-Reply-To: <199609020630.XAA20578@toad.com> Message-ID: Ah yes, why don't we just destroy ALL culture, our way is ALWAYS better ISN'T it? And those rainforest schmucks, what do THEY know... Screw those Africans who live simple lives, and fuck all the people who have dinner at 9 pm too while we're at it. Let's just all assimilate and live happily ever after. In the meantime, I'm trying to colonize a new planet. -Millie\n :: while : do echo 'you will be assimilated'\n done. sfuze at tiac.net PS: In case you didn't figure this out, I am VERY against people telling other people how to live. "Sure it's okay if you want your freedom, as long as you live like us..." -- some list on privacy guys. Next, everyone will have to wear the same underwear sizes and speak the same language (hint: ENglish is NOT the most spoken language in the world.) From markm at voicenet.com Mon Sep 2 23:46:30 1996 From: markm at voicenet.com (Mark M.) Date: Tue, 3 Sep 1996 14:46:30 +0800 Subject: Cypherpunk Mailboxes? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 2 Sep 1996, The Deviant wrote: > Hrmm.. perhaps there's a better way... > such as having the user and the mail server negoiae a key (i don't really > know the details of diffie-hellman or he like, so tell me if this isn't > feasable), and have the encryption/decypion routines strip addresses, > so that the person is only identifiable by their key... The mail server still has to send packets to the user. A packet sniffer might not be able to find out the actual contents of the transmission, but it would be able to find out the host that has made the connection. If this is combined with the knowledge of the times that certain user's mailboxes get cleared out, it would be possible to find out which nyms belong to which people. The current nym servers that automatically forward mail do not have this problem. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMituHCzIPc7jvyFpAQFXSQf9FS30slaO7LDllILC+eEdk/7aBAy312MY esRgbc2EUI7W1WBsujrCznLrbzki0MZ58djDxAmIlz2+YzmQFAMpCx1YGaEkTLIt o4//O6KnAkXde1no+WJXuNry3gzXUDgrUG3S8s3HCDsPfmu1x25J/M8nrL9ijx42 Jd2q9Z/wdAZxIFuUUoZotbUDIwXkHk17l+rNVUL5Pt4ukVd2M85wDp6EpWRCWsQP Xjgwp8FdYd8m/tqxjIygyog5tfsV3qD4ve8Wl7E0MaWkqPyvzb843G0VXSKfI0iH fE1WaHmqvF+VwPU/I2BXnjMjWK4xOW/pKk3llQFSEj8frFGjtqn1ag== =3Phf -----END PGP SIGNATURE----- From tcmay at got.net Mon Sep 2 23:56:18 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Sep 1996 14:56:18 +0800 Subject: The Esther Dyson Flap Message-ID: At 12:59 AM 9/3/96, Chuck Thompson wrote: >I don't quite understand the position taken by Mr. Assange and Mr. Unicorn >regarding recent statements attributed to Ms. Dyson. I would appreciate >some additional insight. > >It appears as though they are both critical of statements (taken out of >context according to Dyson) because of her position with the EFF. It >appears that they both believe that she has no right to her opinion if it is >contradictory to the policy of the EFF. Certainly no one is suggesting she should have her right of free speech taken away from her, as a citizen. Rather, these are precarious times for the future of the Net, with actions in many countries, including the U.S. to restrict the Net in various ways. Esther Dyson is in an influential postition, not just because of her new role as Chairman of the EFF. Anytime a person of her influence is seen to be supporting limitations on what private citizens can communicate to others or to the public at large, this is cause for worry. (As both John Gilmore and Stanton McCandlish have noted, anonymity has a long history in the United States. From the Federalist Papers, to anonymous leafletting (upheld by the Supreme Court), to anonymous letters to the editor, to the basic architecture of the Postal System and the phone system, anonymity has been with us for a long time. Esther Dyson says that anonymity on the Net can do more damage than anonymity in other forums, and thus may need to be regulated and restricted in various ways. I disagree, as "the Net of a Million Lies" (to use Vinge's term) has grown up with anonymity, and few people take the anonymous (or not) rants and charges made in the millions per day with the same degree of certainty they take print comments. Put another way, there is no clear and present danger. And the Net makes for effective counterspeech. As free speech advocates note, the proper remedy for bad speech is more speech. (The links between "free speech" and "anonymity" are fairly obvious, and curtailing one curtails the other. "Congress shall make no law restricting speech" says nothing about anonymous speech being subject to regulation.) Further, the computerized nature of Net speech makes other remedies available as well. For example, reputation-ratings services. And digital signatures (to preclude forged comments). Speech on the Net closely resembles idiots, scholars, dweebs, and scoundrels ranting in public parks. Sometimes they accuse the mayor of adultery, sometimes they rant about UFOs, sometimes they merely utter obscenities. All are potentially dangerous, potentially ignorable, potentially humorous. And yet in none of these cases is there a demand that identification be produced, that one's papers be in order, that a "free speech license" be produced upon demand by the authorities. (Some might say that the physical personna of the speaker means that a means of last resort--apprehending the person--exists to track down a speaker of illegal thoughts, and that this is the kind of last resort that is currently lacking for Net speech. Perhaps. But this very same lack is evidenced with anonymous pamphlets, with anonymous pieces written for newsletters (where even an editor may not know the author), and with phone calls, say, to radio call-in programs. Clearly someone calling "The Howard Stern Show" and making a preposterous, or even illegal, claim is reaching many more people than is some anonymous message to a Usenet newsgroup. Again, where is the clear and present danger with anonymous Net speech that would justify (putatively) greater restrictions on Net speech than other speech channels have?) >Pouncing on someone, without knowing all the facts, who is vulnerable >because of their position smacks of dirty politics - it is distasteful. Why >not ask for the facts from the source? Then state your opinions or make >your threats about not contributing financially. Well, many of us did not pounce. Speaking for myself, I strongly suspected that the newspaper article had summarized a more-nuanced point and had effectively taken just a convenient sound bite. (Also, I'd heard Dyson speak on anonymity issues before, and knew her to have some doubts about full-blown crypto anarchy.) Now that she has somewhat clarified what it was she actually said, more issues have been raised. I believe she does not understand the problems implicit in trying to provide "accountability" for online speech. What if, for example, I offer to forward things I receive to various online forums? Am I then violating a law by "anonymizing" a message? Am I supposed to check identities? (How?) Are remailers to be declared illegal? If not, all other "accountability" laws go out the window. This is the "knife edge," or "fork in the road," I've long talked about. If anonymity is outlawed, it will take draconian measures to enforce it--citizen-unit ID cards, officially issued encryption keys, escrow, monitoring of communications, massive penalties to deter illegal use of encryption, and other police state measures. On the other hand, if enough degrees of freedom are left untouched, the result is a growing, expanding crypto anarchy. Government will find itself powerless to control commerce (handled via encrypted channels), will find it doesn't know the True Names of various Net entities, and will end up being chased into an enclave of things it _can_ control. My strong hunch is that no stable solutions lie between these two extremes. This is one of those "decision points" for modern society, with attractors pulling the solution to one side or another. We know which side we stand on. It's possible that Esther Dyson is finding herself on the other side, alongside Dorothy Denning, Louis Freeh, Donn Parker, and the other advocates of "responsible freedom." (Anytime you hear someone speaking of "responsible freedom," look out.) I don't call her our enemy. Perhaps she just hasn't thought things through as deeply as many of us have. Given that I think EFF has pretty much lost any role it may have once had, for a variety of reasons we're probably all tired of hearing about, I'm not too worried about what the EFF says or does on this issue. I'm more worried, to be honest, that a person as influential _for other reasons_ as Esther Dyson is talking about responsible freedom and the need to limit certain forms of speech. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From mech at eff.org Tue Sep 3 00:35:14 1996 From: mech at eff.org (Stanton McCandlish) Date: Tue, 3 Sep 1996 15:35:14 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi In-Reply-To: Message-ID: <199609022209.PAA17638@eff.org> Also questionably relevant for an issue like this (more relevant perhaps to intellectual property issues, etc.) The political axis most relevant here is civil libertarian v. authoritarian. I don't think you'll find any authoritarians on the EFF board or staff. Black Unicorn typed: > > On Mon, 2 Sep 1996, Esther Dyson wrote: > > > At least you don't accuse me of being a Communist. > > Without commenting on the question of intelligence agencies, far left and > far right on this issue are fairly non-distinct. > > > Esther Dyson Always make new mistakes! > > EDventure Holdings > > > > -- > I hate lightning - finger for public key - Vote Monarchist > unicorn at schloss.li > > -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From janke at unixg.ubc.ca Tue Sep 3 00:49:18 1996 From: janke at unixg.ubc.ca (janke at unixg.ubc.ca) Date: Tue, 3 Sep 1996 15:49:18 +0800 Subject: LInteger Version 0.1: A C++ MPILIB Message-ID: <199609022311.QAA01347@clouds.heaven.org> -----BEGIN PGP SIGNED MESSAGE----- LInteger is a C++ library designed to allow programmers to create and perform arithmetic on objects representing nearly arbitrary precision integers. Thanks to C++'s support for operator overloading, the use of the large integers in this library should be nearly as easy as the use of regular int's. In fact, much code which performs arithmetic on regular int's can be converted to code to perform the same arithmetic on arbitrary precision integers merely by substituting "LInteger" for "int". This library is free for both commercial and non-commercial use. (See the COPYRIGHT notice included in the source distribution for exact details.) The current version of this library is only implemented for i386+ processors, and will, probably, only compile unhacked under gcc. Additionally, it has only been tested on the Linux operating system, though I am fairly confident that it will compile, unhacked, under the OS/2 and Windows versions of gcc. (Please let me know if you get it to work!) The basic multiprecision methods are implemented in i386+ assembly language for high speed. Multiplication is performed recursively resulting in O(lg 3) performance. Modular multiplication can be performed via Montgomery representations for a noticeable performance gain when a large number of these modular multiplications are performed. HTML documentaion for all public methods is included. There is currently no pseudo-random or probable prime number generation included. These are my highest priorities for the next release which will, hopefully, come out shortly after I read Rabin-Miller. :) A link to the latest version of this library can be found at http://www.interchg.ubc.ca/janke/linteger/index.html Once you have the file linteger-v0.1.tar.gz, uncompress and untar it with tar -zxvf linteger-v0.1.tar.gz. Next, cd to the newly created directory linteger-v0.1 and read the file README for details on how to proceed. The message digests for linteger-v0.1.tar.gz are MD5: B518B338D59A8376095B9CAD74EA2E16 SHA: 445D8D1555DC18AB0DF47B9B0381F0B07D4CB644 HAVAL: 53774BA2BF60116DF9F0F476913252188DFD9D3828D19B6795BC14C19EFA7FEE -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQCVAwUBMitSJR6H/su8/YEZAQH3lwQAsBpNY0rEW1U5vq5hkxdnqxgk1ZZtSV3K 5gTlYu7Z3OAqsqC62Qi7LlkI2dzhrNWYr/G+OXdFfCaHfBcNlePgHsj6xF4oCy3U iGy9yiCxP7Xs4xb8CjHYkW7S/HfVwyiY2AMxGJ/YfFzvi1MJTIT2A8z4Par5qwWe XuG7XztGzAI= =wq2q -----END PGP SIGNATURE----- From tcmay at got.net Tue Sep 3 00:55:32 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Sep 1996 15:55:32 +0800 Subject: Solid Foundations Message-ID: At 9:57 PM 9/2/96, lcs Remailer Administrator wrote: >Well, I just designed a nymserver that's probably more complicated and >difficult to use than any previous one. From this experience, I have >concluded that if you want to design a remailer with real security (as >opposed to a penet-style server), it just won't be easy to use that >remailer manually. Even alpha.c2.org was kind of a pain to use >manually. I therefore think in the long run it's better to bite the >bullet, write as secure a nym server as possible, and expect that ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >people will use special client software to use the remailer. I strongly agree. It's very important that _foundations_ be as robust and strong as possible. Then on top of this foundation, other layers can be added without the whole structure tumbling down when flaws in the underlying protocols are discovered. This has been one of my pet theories for a long time. Not just the fairly obvious point that foundations need to be robust, but the specific point that one of the strengths of PGP was that it dealt with *text blocks*. Though we all want integration into our favorite programs, by building PGP around a text block there were several advantages. First, a simpler problem than trying to deal with n different programs. Second, a text block has fewer places for flaws to creep in. Third, platform independence. Fourth, any editor or other program that can access text can potentially be used with PGP. Fifth, separating crypto functions from other functions is good, orthogonal, method-oriented design. Sixth, this allows drop-in replacements (where "hooks" are used.) (To understand why these points are so important, one needs to look at programs which integrate crypto directly...independent verification is harder to do, bugs may be less apparent, and delays in supporting other platforms (if ever) are likely, etc..) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From geek at algebra.com Tue Sep 3 00:55:48 1996 From: geek at algebra.com (Computer Geek) Date: Tue, 3 Sep 1996 15:55:48 +0800 Subject: The most ridiculous SPAM in my lifetime Message-ID: <199609030322.WAA13140@manifold.algebra.com> This is the American reincarnation of Ostap Bender. Next spam from him will be about interplanetary chess congress, no less I am sure. Here's what his Web page says (excerpt): IRS> The Internet Registration Service Has Created An On-Line Service That IRS> Will Simultaneously Register Your Web Site With The Top 400 Internet IRS> Directories And Search Engines Operating On The Internet. IRS> IRS> The Proper Registration Of Your Web Site In These Directories And Search IRS> Engines Will Insure You That When Your Potential Customers Perform A IRS> "Net Search," Your Web Site Will Be Included In The "Search Results," And IRS> Your Web Site Will Become A Selection For Anyone Searching The Internet IRS> For The Products Or Services Your Company Sells. IRS> IRS> To Compete In This Fast Paced "Information Age" You Must Secure Your IRS> Place In As Many Of These Directories And Search Engines As Possible... If IRS> You Do Not... The Competition Will Simply Pass You By. IRS> IRS> In Order For You To Complete Your Internet Registration, All You Need To IRS> Do Is Complete The On-Line Registration Forms On The Following Pages IRS> And Submit Them To Our Offices Along With Your Registration Fee Of ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ IRS> $395. You Can Pay Your Registration Fee By Credit Card, Or By Company ^^^^^^^ IRS> Check. If You Are Paying By Check, Please Make Your Check Payable To: IRS> Internet Registration Service. And Mail It To: >From nking at pvnet.com.mx Mon Sep 2 22:13:17 1996 Return-Path: nking at pvnet.com.mx Received: from galaxy.galstar.com (ichudov at galaxy.galstar.com [204.251.80.2]) by manifold.algebra.com (8.7.5/8.6.11) with SMTP id WAA13038 for ; Mon, 2 Sep 1996 22:13:15 -0500 Received: from neptuno.pvnet.com.mx ([200.23.229.18]) by galaxy.galstar.com (8.6.12/8.6.12) with ESMTP id WAA07844 for ; Mon, 2 Sep 1996 22:00:37 -0500 Received: from nking.pvnet.com.mx ([200.23.229.43]) by neptuno.pvnet.com.mx (8.6.12/8.6.12) with SMTP id VAA27361 for ; Mon, 2 Sep 1996 21:59:40 -0500 Message-ID: <322B57BF.704 at pvnet.com.mx> Date: Mon, 02 Sep 1996 21:55:11 +0000 From: NORMAN KING Reply-To: nking at pvnet.com.mx Organization: Internet Registration Committee X-Mailer: Mozilla 3.0b7Gold (Win95; I) MIME-Version: 1.0 To: geek at algebra.com Subject: IMPORTANT MESSAGE!!! Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit IMPORTANT MESSAGE!!! Dear Sirs, It Has Recently Come To The Attention Of The Internet Registration Committee That Your Web-Site Has Not Been Properly Registered On The Internet Or On The World Wide Web. This Could Result In Your Potential Customers Being Unable To Locate You Or Find Your Web-Site On The World Wide Web. Proper Web-Site Registration On The Internet Is Required In Order For Your Web-Site To Be Successful. There Are Currently More Than 400 Hundred Internet Directories And Search Engines Operating On The Internet. It Will Be Necessary For You To Register Your Web-Site With The Majority Of These Directories And Search Engines In Order For Your Web-Site To Become Easily Located By Your Potential Customers. If You Do Not Become Registered With A Large Number Of These Internet Directories, Your Web Site Could Become Impossible For Your Customers To Locate, Your Web-Site Will Become Inaccessable, Therefore Becoming Dormant, Unprofitable And Inactive. In Order To Resolve This Situation, We Urge You To Contact Our Web-Site Registration Service At The Internet Address Below By Clicking Your Mouse On This Link: http://adgrafix.com/mail/irs.html It Is Imperative That This Situation Be Resolved Immediately! We Hope That We Can Help You To Resolve Your Registration Problem As Soon As Possible. Thank-You, Sincerely, NORMAN KING - Administrator Internet Registration Service From jimbell at pacifier.com Tue Sep 3 01:01:20 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 3 Sep 1996 16:01:20 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi Message-ID: <199609030339.UAA01367@mail.pacifier.com> At 02:06 PM 9/2/96 -0700, Stanton McCandlish wrote: >You have to have an anonymizing system that crosses a dozen or so >national boundaries to make such an attack infeasible for most large >organizations. You'd need a system that crossed 50 or more widely >disparate jurisdictions to make it infeasible to large intelligence or >law enforcement agencies, and even then you'd have to NOT have broad >international agreements, such as you'd called for or it would be trivial >to force all the remailers in the chain to cough up personally >identifiable information. > >> My assumption is that there will be a wide variety of Net communities with >> different rules/regulations/attitudes towards anonymity that would apply ex > >This is already true. > >> some kind of international sanctions; I think that's appropriate. > >That's what bugs me - if there are some kind of sanctions coming from a >governmental body (I may be misinterpreting you here), that's probably >enough to kill private and well as public anonymity on the Net. > >Incidentally, if something does happen from a governmental direction to >kill online anonymity, it will probably be readily broadenable to all >other media. At the risk of sounding like a broken record (a phrase that will get ever more obscure now that we're in the CD era...) that's why I pushing AP (Assassination Politics.) While anonymous remailers and chains are great for security, there ought to be some final bulwark against violations of our security and anonymity that doesn't depend on legal arguments, or even technical refinements of encryption. When organizations such as CoS can seek Penet data with impunity, and when courts in Finland can let them, we're not safe. Remember the saying, "The best defense is a good offense." Playing as we do now, it's like saying, "We'll try our best to maintain our security, but if it fails too bad." I propose changing it to, "We'll try our best to maintain our security, but if you manage to violate it anyway you're dead." As rude as it may sound, one of the best advantages is that this defense is free while it's not needed, and is pretty cheap when called upon. In case anybody has any residual doubts as to whether we should enforce our rights in this way, consider this: if we've decided that we have the right to anonymity and security (through remailers and encryption) EVEN IF some people might misuse those tools to cause crime and potentially even death (which, of course, would be an exceedingly rare outcome) then I suggest we've already accepted the principle that our rights to use these tools daily are more important than the possibility of a rare negative outcome. (in the same sense that occasional fatal car accidents don't justify taking away all cars.) And if that's the case, we should also be willing to DELIVER a rare negative outcome to anyone who acts to take these rights away, particularly if such a person is adequately forewarned of our intentions. Jim Bell jimbell at pacifier.com From furballs at netcom.com Tue Sep 3 01:01:40 1996 From: furballs at netcom.com (Paul S. Penrod) Date: Tue, 3 Sep 1996 16:01:40 +0800 Subject: Passive Trojan (was:Re: HAZ-MAT virus) Message-ID: This has been done in the past using several vairants (but not in a image program). The key to the success is that the application in question has to be compromised to respond to these codes, either by design or by hacking. Either way the individual responsible must modify the execution mechanism, not just the data itself. Let's see -current examples of computing items with this kind of a "feature"... magic cookies, macros, OLE, DDE, MS Objects, JAVA, and the list keeps growing. On Mon, 2 Sep 1996, Jason Wong wrote: > > Actually , THINK about it, it does makes a interesting idea for a trojan > horse doesn't it ? I mean, just get a solid graphic program, insert codes > into it so that when certain conditions, i.e. a particular gif or jpg file > is view, print, etc, the trojan activates !! > ___________________________________________________________________________ > > Jason Wong (CNE, MCP) Jason at MCSB.COM.SG > Network Engineer > MCSB Systems Pte Ltd > ___________________________________________________________________________ > > From jya at pipeline.com Tue Sep 3 01:04:32 1996 From: jya at pipeline.com (John Young) Date: Tue, 3 Sep 1996 16:04:32 +0800 Subject: POT_hot Message-ID: <199609022339.XAA08162@pipe5.t1.usa.pipeline.com> Foreign Affairs, Sep/Oct, Lead Essay: "Postmodern Terrorism. The terrorism of the future may be far more destructive than terrorism as we have known it." An informative survey and pot-heat by Walter Laqueur. Terrorism's prospects, often overrated by the media, the public, and some politicians, are improving as its destructive potential increases. Terrorism has replaced wars between nations of the 1800s and 1900s. In the future, terrorists will be individuals or like-minded people working in very small groups. An individual may possess the technical competence to steal, buy, or manufacture the weapons he or she needs for a terrorist purpose. The ideologies such individuals and minigroups espouse are likely to be even more aberrant than those of larger groups. And terrorists working alone or in very small groups will be more difficult to detect unless they make a major mistake or are discovered by accident. Society has also become vulnerable to a new kind of terrorism, in which the destructive power of both the individual terrorist and terrorism as a tactic are infinitely greater. The advanced societies of today are more dependent every day on electronic information. That exposes enormous vital areas of national life to mischief or sabotage by any computer hacker, and concerted sabotage could render a country unable to function. Why assassinate a politician or indiscriminately kill people when an attack on electronic switching will produce far more dramatic and lasting results? If the new terrorism directs its energies toward information warfare, its destructive power will be exponentially greater than any it wielded in the past -- greater even than it would be with biological and chemical weapons. The single successful one could claim many more victims, do more material damage, and unleash far greater panic than anything the world has yet experienced. ----- http://jya.com/pothot.txt (30 kb) POT_hot (in 2 parts) From hallam at ai.mit.edu Tue Sep 3 01:10:11 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Tue, 3 Sep 1996 16:10:11 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: <50dcvo$qop@life.ai.mit.edu> Message-ID: <322B62FD.167E@ai.mit.edu> One of the things that you are probably not aware of is that your government tracks every phone call you make and has a complete list of everyone who you comunicate with. This information is then used to identify potential dissidents who can be "monitored" - just like in the old USSR. I know that this is a fact because I know people in the business. They also tell me that they prefer to dissuade people from entertaining guests at home. The assumption being that the more private conversations take place the more opportunities to criticise the government there are. >Now, what makes you think that citizen of Country A has the power or >rights to tell politicians of Country B what to do and what they cannot >do? What makes you think that the concept "country" has any legitimacy whatsoever? The Web is not politically neutral. I intended the Web to be an agent of social change. The corruption of the present social order should be apparent from the fact that we destroy food while people starve, the majority of the worlds population have no political rights and political participation is only available to a tiny minority. The Web will have an effect whenever there is an internal inconsistency within a social order. The interaction of opposed cultures via the Web will reveal these inconsistencies in a manner that requires them to be resolved. The people of Singapore are not going to change their government because the US people convince them of the superiority of US culture. While it is patriotic for a US citizen to believe a-priori in US superiority it is unpatriotic for anyone else. What will change the government of Singapore is revealing the internal inconsistencies of the governments claims. Phill From gbroiles at netbox.com Tue Sep 3 01:18:21 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Tue, 3 Sep 1996 16:18:21 +0800 Subject: Anonymity and free speech Message-ID: <1.5.4.16.19960903035433.37773f1a@mail.io.com> Instead of discussing whether or not Esther Dyson or other EFF board members are personally comfortable with anonymity, let's talk about whether or not the EFF and its board members believe that the First Amendment provides a right to speak and associate anonymously. (I believe that the First Amendment gives everyone the right to wear a t-shirt which says "I am an asshole." But I have no interest in wearing such a t-shirt. And so on.) I believe that it does, and that the Supreme Court has already made that clear. In cypherpunks at toad.comparticular, I'm thinking of _NAACP v. Alabama ex rel Patterson_, _Talley_, and _McIntrye v. Ohio Elections Commission_. (Sorry for the lack of cites; 95% of my stuff is still in boxes and I'm sending this via laptop and a Ricochet modem.) If the right to speak/associate in "real life" is protected by the First Amendment, I don't see why it wouldn't be on computers and networks which are located inside the United States. And if that right is based upon the Constitution, it will take a constitutional amendment or a big sea change in the Supreme Court to take it away. (I wonder if the decision in _McIntrye_ would have gone the other way if Ms. McIntrye were selling drugs via anonymous message pools instead of discussing school funding via windshield flyers.) Discussions about the utility of anonymity would be more useful if we were designing a communication system or a constituion from scratch; but that's not our current situation. Is there serious debate about whether or not the Constitution and the Internet allow anonymous communication? (I'm not asking a rhetorical question. If someone's familiar with an argument to the contrary, please tell me about it.) Both the Constitution and the Internet are difficult to modify quickly; we probably have anonymity (like it or not) for at least a few more years. (I'm not trying to imply that US law is the only law, or that the rest of the world doesn't existy. But I don't know poo about the right to anonymity in other nations; and to a certain extent anonymity anywhere on the Internet is the same as anonymity everywhere on the Internet. Are other readers aware of other jurisdictions where anonymous speech is considered a right?) ---- Greg Broiles gbroiles at netbox.com http://www.io.com/~gbroiles From dsmith at prairienet.org Tue Sep 3 01:25:30 1996 From: dsmith at prairienet.org (David E. Smith) Date: Tue, 3 Sep 1996 16:25:30 +0800 Subject: SCO giving free licenses to UNIX OpenServer Message-ID: <199609030411.XAA28740@bluestem.prairienet.org> -----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: hallam at ai.mit.edu, cypherpunks at toad.com Date: Mon Sep 02 23:01:35 1996 > > > > I doubt it. People don't use Microsoft products because > > of their quality or functionality. > > Errmm.. hate to disappoint but SCO UNIX started life as Xenix which > was written by Microsoft in the dark ages. > Concur. Microsoft products are used not necessarily because of quality or functionality (which are often dubious, but very occasionally present), but because of user interface and/or market share. > Today Linux probably represents the future of the UNIX familly, it > allows people who want to hack at the OS level access to the sources > of a fully functioning OS. This allows people to add in new kernel > features, schedulers and other exotica without having to write a > whole new O/S. I still like FreeBSD. Similar functionality, similar availability- of-source, but very slightly easier to install/run/manage/play with. Similarly free. (FreeBSD was able to find my modem, something I couldn't get Linux to do after most of an hour. Of course I'm a *nix novice for the most part.) > Just don't confuse it with "home computing", this is geek computing > and you better have a lot of interest in computing to use it. Home > computing is the market for users who need a system thats simpler > than a VCR or they can't use it. At one time that meant Apple, today > it means Microsoft, it will never mean Linux - not unless someone > can make Linux much much simpler than it is at present and provide > decent WISIWIG tools such as editors etc. designed for use by aunt > Ethel. I'm not sure about that... X-Windows seems to have a decent interface, runs on Linux, hell, most any *nix you care to name, and has some decent editors available. (Or, there's always emacs, but aunt Ethel might not grok emacs too well. I don't :) - ----- David E. Smith, P O Box 324, Cape Girardeau MO USA 63702 dsmith at prairienet.org http://www.prairienet.org/~dsmith send mail with subject of "send pgp-key" for my PGP public key "Ask not what you can do for your country; ask what your country did to you" -- KMFDM, "Dogma" -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMiutozVTwUKWHSsJAQEdCgf+OM8tpEbJh/FonjORnFwe9lo2t+my8eD7 +oM7Gv/WMPekDhvxxolzqGSvgUAJL1sgbwKdray5fHFCwOtK1ogQJrN4qrXKQH5e IXlC+G91i5BUq98MmzsEngZ3Akz2YciY/U4zyEJSXUNigAFgGcuXhZ1Bw+HT3hLt x27h45wWxHWfUJR8EUgOiUDG41rTW3eSLN0Pf/cSyvMTE3c+ub+59SMYJzCO+DnK MjNfhKvFLVNPUGJYNfLGt3OzwJFaCLnuDKLI78R0W+MsCqSA02o4Mq8GRul78Dfi jgBNJEsP8JdZnQTheRCwR4cgwIHc/Csmu+Ab5UN8h5L7VV1u2YFfkA== =PgX+ -----END PGP SIGNATURE----- From dlv at bwalk.dm.com Tue Sep 3 01:27:15 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 3 Sep 1996 16:27:15 +0800 Subject: Kill all "libertarians" In-Reply-To: <199609021626.SAA11752@basement.replay.com> Message-ID: >From nobody at REPLAY.COM Mon Sep 2 12:26:36 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Mon, 02 Sep 96 15:42:57 EDT for dlv Received: from basement.replay.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA18013 for dlv at bwalk.dm.com; Mon, 2 Sep 96 12:26:36 -0400 Received: (from replay at localhost) by basement.replay.com (8.7.5/8.7.3) id SAA11752 for dlv at bwalk.dm.com; Mon, 2 Sep 1996 18:26:28 +0200 (MET DST) Date: Mon, 2 Sep 1996 18:26:28 +0200 (MET DST) Message-Id: <199609021626.SAA11752 at basement.replay.com> To: dlv at bwalk.dm.com From: nobody at REPLAY.COM (Anonymous) Organization: Replay and Company UnLimited Xcomm: Replay may or may not approve of the content of this posting Xcomm: Report misuse of this automated service to Subject: All russians are scum. No exceptions. Return-Path: To: cypherpunks at toad.com Subject: Re: Sen. Leahy's "impeccable cyberspace credentials" From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Comments: Dole/Kemp '96! Date: Mon, 02 Sep 96 01:19:37 EDT Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y. Sender: owner-cypherpunks at toad.com jonathon writes: > On Sun, 1 Sep 1996, James A. Donald wrote: > > > > I agree with what you are saying but not all polititions are that bad. > > > You make it sound as if their are no politisions are for freedom of the > > > net. > > So who is the exception? > > Harry Browne Libertarian Party Candidate. Harry Browne is a fucking statist. All politicians are scum. No exceptions. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From wombat at mcfeely.bsfs.org Tue Sep 3 01:36:54 1996 From: wombat at mcfeely.bsfs.org (Rabid Wombat) Date: Tue, 3 Sep 1996 16:36:54 +0800 Subject: [OFF TOPIC] Re: SCO giving free licenses to UNIX OpenServer In-Reply-To: <322B4E8E.41C6@ai.mit.edu> Message-ID: Ah, round 274,562,889 of the OS wars ... On Mon, 2 Sep 1996, Drr Phill wrotee: > Eric Murray wrote: > > > > Scottauge at aol.com writes: > > Errmm.. hate to disappoint but SCO UNIX started life as Xenix which > was written by Microsoft in the dark ages. > OTOH, UNIX Systems Labs was sold to Novell, who didn't do much with it, and then sold it to SCO. A free single-user license sounds suspiciously like the old Novell Personal Edition Unixware. Anybody know if this is what's being given away? I'd look, but I haven't got much use for yet another free UNIX - the two I have work fine. > > > > This is for single user home based UNIX systems. > > > > Single-user UNIX isn't all that useful. > If this is the old Pers. Ed., it will support one or two users via telnet/ftp in addition to console. Certainly enough for someone who wants a system for educational purposes, using X-windows to access the office, work on coding, etc. If you want to write a commercial app. for SCO, it's darn nice of them to give you a free license to use as a development platform. > Multi-user ain't much better. Listen to the guys who built it. UNIX > is a program development environment. In the early years it was > interesting because there was source available, that ceased to be > the case years ago. I feel so stupid for having bought all that Sun Microsystems and HP stock years ago ... It is a good platform for many applications; running a desktop OS for a user who only types memos and takes phone messages probably isn't one of them, although I'm sure I'll hear from someone who disagrees. It does make a good, scalable base for SQL databases, is the primary handler of email, runs a lot of the world's engineering software, etc ... I'm sure if you looked around you'd even find Solitaire for it. :) I use M$-Windoze as the standard desktop for most business applications, with UNIX-based SQL servers, web servers, and email servers, in general. Just my preference. > > Today Linux probably represents the future of the UNIX familly, it > allows people who want to hack at the OS level access to the sources > of a fully functioning OS. This allows people to add in new kernel > features, schedulers and other exotica without having to write a > whole new O/S. > I wouldn't expect a free OS in a constant state of change to replace commercially supported operating systems; they each have their purposes. Some people want access to the source code, and some people want 24x7 on site support. Yes, there's great support available for Linux and BSD on the 'net. That's not at issue. Some business models need a vendor out there that can furnish a maintenance contract and uphold it. > Just don't confuse it with "home computing", this is geek computing > and you better have a lot of interest in computing to use it. Home > computing is the market for users who need a system thats simpler > than a VCR or they can't use it. At one time that meant Apple, today > it means Microsoft, it will never mean Linux - not unless someone > can make Linux much much simpler than it is at present and provide > decent WISIWIG tools such as editors etc. designed for use by aunt > Ethel. Maybe Aunt Ethel is into kernel tuning. ;) I agree with you to a point; UNIX has not had an idiot-proof "stick the disk in the drive and type setup" capability until recently. UNIX apps are fewer in variety, and cost nmore than their M$-D0S/Windoze counterparts. Partly because anyone who wanted to develop could do so on an affordable D0S system. If the free SCO offering is the old Novell Pers. Ed. (I don't know, just venturing a guess), Aunt Ethel just might be able to install it (your Aunt Ethel - mine's a kernel hack). As I recall, it came w/ a GUI installation routine. Just my $.02 > > > Phill > From jimbell at pacifier.com Tue Sep 3 02:02:42 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 3 Sep 1996 17:02:42 +0800 Subject: Modem tax again? Message-ID: <199609022230.PAA15730@mail.pacifier.com> Yes, isn't it interesting how they managed to turn this issue into their desire to "end a subsidy," when you know they would be terrified of REALLY ending the various telephone subsidies that are operating. For years, businesses have paid more for telephone service than residences. While this might have made sense in the era before digital switches, it does no longer. Also, the claim that "Internet users are overtaxing phone networks and ought to pay more for monthly service" isn't believable. In my experience, the time between 9:30 pm and 11:00 pm is the only time which usually produces busy signals to my ISP, a time which is when, traditionally, telephone traffic is quite light as compared to peak hours. I'd be happy to compare the "usage-factor versus time" of ISP's versus regular voice calls if I had the numbers, but I suspect that calls to local ISP's complement voice traffic rather than add to its peaks. At 01:40 PM 9/2/96 EDT, E. ALLEN SMITH wrote: > As I recall, the alleged "subsidy" consists of lack of payments so >rural areas can have subsidized phone service - thus making their costs borne >by everyone else. > -Allen > >> _________________________________________________________________ >> Avis >> _________________________________________________________________ >> INTERNET IS HURTING PHONE NETWORKS, STUDY SAYS >> __________________________________________________________________________ >> Copyright © 1996 Nando.net >> Copyright © 1996 San Francisco Examiner > >> SAN FRANCISCO (Aug 27, 1996 3:11 p.m. EDT) -- Hoping to reduce or end >> a subsidy that has kept down the cost of on-line service, local phone >> companies here have presented the Federal Communications Commission >> with studies arguing that Internet users are overtaxing phone networks >> and ought to pay more for monthly service. > >> The studies, one of which was published on the Internet, argue that a >> 13-year-old subsidy lets Internet service providers (ISPs) pay a >> fraction of what a long distance company pays to get a phone line, >> even though Internet calls may use more phone system capacity than >> voice traffic. > >[...] > >> For their part, ISPs are alarmed at the remote possibility that the >> FCC might let phone companies raise their monthly costs from the >> current monthly average of $30 to anything approaching the $600 that >> some long distance carriers pay for a phone line. > >> "If we had to pay anything like long distance access charges, it would >> put all the ISPs out of business," said Ronald Plesser, the >> Washington, D.C., attorney who represents the Commercial Internet >> Exchange, an ISP trade group. > >> FCC staff attorney Kevin Werbach said the subsidy began in 1983, when >> the five-member federal commission created a special rate to encourage >> the growth of on-line services, voicemail companies and other emerging >> industries that offered enhanced electronic services over phone lines. > >> In 1987, the FCC considered ending the subsidy but backed down after >> public protest over what came to be characterized as the "modem tax." >> Given the growth in on-line usage, ISPs assume any talk of ending the >> subsidy would create a bigger backlash today. > >> "There are a minimum of 20 million and perhaps as many as 40 million >> on-line and Internet users and many of them are registered voters," >> said William Schrader, president of PSI Net, an ISP in Herndon, Va. > >> Schrader said when he visited several FCC members recently, he >> suggested that many of those users would be happy to send a letter of >> protest to FCC Chairman Reed Hundt. > >[...] > >> Copyright © 1996 Nando.net > > Jim Bell jimbell at pacifier.com From unicorn at schloss.li Tue Sep 3 02:19:15 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 3 Sep 1996 17:19:15 +0800 Subject: Pseudocrypto detector is going wild (was: Re: ALPHACIPHER - An unbreakable encryption program.) In-Reply-To: <864tlgivwo.fsf@goffette.research.megasoft.com> Message-ID: On 2 Sep 1996, C Matthew Curtin wrote: Alex Walker > claims: > > The strongest encryption system available to the public will be available > > soon at: [Blah Blah Blah] > > > > A demo of this program along with a FAQ can be downloaded from > > cyber-survival-hq 1SEP. This is an unbreakable program... > > Here we go again. > > I just got done surfing the site above. Assuming that all statements > regarding the unbreakability of the cipher, the lack of applicability > of the question regarding its key size, etc., are at least based on > some degree of truth, "alphacipher" is a one-time pad. Given that > anything else is not really "unbreakable," if it's not a one-time pad, > the claims about its security are bogus. Looks like another snake oil peddler. Look, Mr. Walker: Either you are a marketing type, in which case I suspect you have no idea what you are peddling, you are a techncal type, in which case you are deceiving us, or you don't really know what you are doing, in which case you are making representations without the benefit of knowledge. In any of these cases, you are, it seems to me, peddling garbage. > If I'm wrong, please show me how so. If not, please do us all a favor > and quit with the advertising claims. Crypto, for some reason, seems to be at the level of hair tonic when it comes to hype advertizing making up for 0 in product quality. > (All I need now is someone to threaten to sue me, and I'll maintain my > record of having lawsuit threats made against me every time I > criticize something that claims to be "strong crypto.") Any attorney who knew anything would have that suit laughed out of court. If he sues in D.C. come see me. > - -- > C Matthew Curtin MEGASOFT, INC Chief Scientist > I speak only for myself. Don't whine to anyone but me about anything I say. > Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From mch at squirrel.com Tue Sep 3 02:22:22 1996 From: mch at squirrel.com (Mark C. Henderson) Date: Tue, 3 Sep 1996 17:22:22 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: <9609022116.TE21076@squirrel.com> On Sep 2, 7:06, James Seng wrote: > Subject: Re: DON'T Nuke Singapore Back into the Stone Age > On Sat, 31 Aug 1996, Timothy C. May wrote: > > The point is to make clear to them that the Usenet and similar Web sites > > are global in nature, not subject to censorship without a very high local > > cost. If discussions of Lee Kwan Yew's dynasty are considered illegal, then > > Singaporans will have to choose not to carry the various newsgroups into > > which *I* post such messages! > > Just let to add my comment in regard to this unforuntate discusssion. > > To understand the sitution better, you should not impose America > idealogy and perspection on how things to be done to Singapore. Singapore > maybe young but there are certain culture too. Let me see, our "American idealogy" is blinding us to the wonderful government of Singapore which jails and tortures its citizens for expressing political views which might call the government of Singapore into question. Check out, for example, this interview with the former Solicitor General of Singapore. http://www.unl.edu/scarlet/v5n33/v5n33qa.html Nothing earth shattering at this URL - just what we all expect from a police state. -- Mark Henderson -- mch at squirrel.com, henderso at netcom.com, markh at wimsey.bc.ca ViaCrypt PGP Key Fingerprint: 21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46 unstrip for Solaris, Wimsey crypto archive, TECO, computer security links, change-sun-hostid, Sun NVRAM/hostid FAQ - http://www.squirrel.com/squirrel/ From enzo at ima.com Tue Sep 3 02:26:13 1996 From: enzo at ima.com (Enzo Michelangeli) Date: Tue, 3 Sep 1996 17:26:13 +0800 Subject: Encourage Singapore To Come Out Of the Stone Age In-Reply-To: <199609021945.MAA05327@dns2.noc.best.net> Message-ID: On Sun, 1 Sep 1996, James A. Donald wrote: > At 07:13 PM 9/2/96 +1000, James Seng wrote: > > What i am saying is that Asian (Singapore) > > values are _DIFFERENT_ from western (America) values. > > One of the classic Greek rationalizations for slavery was that Asians > are slaves by nature. > > It would seem that you are saying that they were right. Only if you assume that values depend on the nature, which James didn't say. (Besides, Greeks didn't need to rationalize: slavery was part of their society, not only in cities like Sparta based on a caste-style social structure, but also in the "democratic" Athens. Aristoteles shrugged off the whole issue saying that slavery would have been abolished only if "machines could move by themselves": and the prophecy has proven accurate indeed). Back to the nature vs nurture issue: even though I usually agree with most of what you say, I must disagree with your .Sig file: > We have the right to defend ourselves | http://www.jim.com/jamesd/ > and our property, because of the kind | > of animals that we are. True law | James A. Donald > derives from this right, not from the | > arbitrary power of the state. | jamesd at echeque.com The idea that rights and values can be "natural" is contradicted by several thousand years of history, during which absolutism or downright tyranny have been well more common than freedom. The success of that misleading view in America, and by extension in most of the western countries, is largely due to the unfortunate influence of French rationalism over the founding fathers, as Hayek repeatedly noted. (A similar criticism of the theory of built-in values in Rousseau and his followers, with emphasis on the ethical -as opposed to economic/ political- side, was moved by Nietzsche in "Human, all too human"). In the real world, freedom is a by-product of a materially prosperous society (which is why capitalism generally produces free societies, but socialism does not). Constitutional papers should spell what a society guarantees to and what it expects from its members, not the (supposed) nature of the latter. Trying to build a free society by screaming loud what the "natural" rights are supposed to be, has no better chances of success than trying to summon a god into existence by virtue of prayers. Enzo From unicorn at schloss.li Tue Sep 3 02:43:27 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 3 Sep 1996 17:43:27 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609022254.PAA09742@netcom10.netcom.com> Message-ID: On Mon, 2 Sep 1996, Vladimir Z. Nuri wrote: > > ah, the quasi-yearly ranting on EFF has started up. what a great > opportunity for drop-down-drag-dead flamewar. > > Black Unicorn: I resent your holier-than-thou moral posturing > over EFF, and am going to attack it as representative of other > criticism I have seen of EFF. I, unlike EFF, have never compromised my efforts to make strong crypto, unescrowed strong crypto, and digitial communications, free from the FUD spouted by government and media alike. I, unlike EFF, have never compromised my efforts to resist the expansion of a wiretap state. I, unlike EFF, have never proported to be a political represenative for these positions and folded under the weakest of pressures like a reed. > EFF is an organization that is professional and has > worked toward improving cyberspace. it is easy for someone > such as yourself to criticize such an organization anonymously, > but what is the justification of your criticism? to me someone > who has tried and failed, yet is still trying, is better than > someone who has never tried. I would put forth that you know nothing of my efforts, and therefore are in no position to judge me. I would also put forth that the efforts of EFF, or lack thereof, are quite public. > what *constructive* > alternative to EFF do you propose? if you have none, please shut up. I think any organization that would apply political pressure rather than bow to it would be an alternative. I think an organization in touch enough with its own policy to prevent its staff and board from making embarassing big brother type proposals to curtail the ability of any of us to post without attributation would be an alternative. I think an organization without the internal conflict and strife that has clearly marred EFF in past and made it a laughable attempt at cohesive political persuasion would be an alternative. I think an organization that had official policies on the core issues which it proposes to influence would be an alternative. In short, an organization that had even one of the needed elements of legislative influence. (Cohesive, directed, persistent, and uncompromising). > I am tired of people announcing loudly to the world, "well if EFF > doesn't support [insert my personal jihad here], then they're > a bunch of losers who don't deserve anyone's money". Now who's holier-than-thou? What is so shocking about announcing that a given organization does not support my interests and therefore calling on others who share my interests not to make financial donations to said organization? Is there something EFF fears in free speech and political consensus building? Perhaps if they had a straightforward policy.... Were I to say that the Clinton administration has accomplished nothing but oppression (not that this is necessarily my view) and that others should place their resources elsewhere would you claim that somehow I was in the wrong? Political speech is in the air every day. Learn to live with it, even if you do not agree with the points contained within. Phrased another way, who cares what you are tired of hearing? That's what filters and channel changers and off buttons are for. > >Why am I any more mistaken for pointing out that a single influential > >member of EFF's staff or board is anti-anonymity and yet remains with the > >organization than you are for pointing out that a single influential > >member who happened to be anti-anonymity has left? > > get a clue. an organization does not have to officially espouse what > its members espouse. No, but when an organization espouses nothing on a given subject key to its mission, what does that say? What about when its members espouse entirely different and even counter productive beliefs? I would hardly trust Senator Burns on the board of the ACLU, or a George Pacific exec on Sierra Club's board. What's different here? > what an organization espouses should be carefully > crafted. if all members feel strongly about an issue, yet all also > feel that it should not be part of the official plank, then that may be > a wise decision to leave it out. what an organization does *not* do is as > important as what it does do. EFF is learning, by trial and error and the > hard way, to "choose battles wisely". I thought its point was to protect cyberspace? What battles are left after Digital Telecom, Anonymous Communication, Strong Crypto and CDA? There aren't many battles to choose. Let's seem some action. I can sit on my hands all day long too, but I will hardly claim to be supporting hunger prevention in Africa by "thinking very hard about the subject." (Particularly not when I have accepted money to further that goal). > I would love to see more info about EFF's new direction. but one > can ask for such clarification without a rabid style such as your own. Are you one of those people who still believes you can get more flies with honey...? Ever been to Washington, D.C.? > >In so far as an organization is much defined by those involved, I think it > >entirely right to wonder aloud about the personal motives of the staff and > >board. I think this PARTICULARLY prudent given EFF's reputation and prior > >conduct. > > blah, blah, blah. why should EFF give the slightest damn what you think > of them? Its fairly clear that they don't. That said, why should I not make that point known. "Folks, EFF doesn't give a damn what I think. If you think what I think, then they don't give a damn what you think either." This is called POLITICS. They are free to ignore people like me when we comment that their public appearance is damaging them. They will also pay the price for doing so. What kind of organization proports to support and then ignores the public? if you were at the helm of a competing organization that > was doing superior work, or a privacy lobbyist with a track record, > maybe they should listen. as it stands I think they are giving you > far more respect than you deserve by even responding to your > various scurrilous insinuations. Apparently their view of the respect I deserve and yours are disperate. You yourself admitted that my criticisms were generally represenative. I hardly think my worth is the issue. > why do I see so much of this in cyberspace and on the cpunks list: > gripes, gripes, gripes by people who have no record themselves of > doing anything constructive...? the difficulty of doing something > constructive is proven by the failures, it is not necessarily > evidence of incompetence or conspiracies. perhaps you, Unicorn, > feel the cpunks have a greater track record than EFF? I do infact feel the cpunks have a greater track record than EFF. Tell me, what has EFF done? The list of "cypherpunk" accomplishments in terms of making the net a better place to be is, in my view, significant. Certainly the discussion here is livelier than anything I've seen from EFF. > >I would be most happy to be proven wrong and see EFF suddenly, in a burst > >of impressive moral fiber, speak out publically and take some political > >action to assure anonymous communication. > > I would like you to explain why you feel the need to criticize EFF > for not necessarily sharing your own agenda. The same reason I feel free to criticize communism for not sharing my own agenda. You reveal here the basic character of your objection. You don't like the fact that I criticized EFF. It has nothing to do with the fact that you think EFF has done wonderful and fantastic things (you point to none in this post) but that you have some emotional fondness for them. This is the trap. EFF _sounds_ good, and so its worth sticking up for. Well what, EFF, have you done for us LATELY? > >Well, let's have a clear official position issued then to end all dispute. > > again, you fail to grasp: EFF may justifiably not want to engage in that > fight. it might be a wise decision. who are you to dictate EFF's > agenda? why are you picking a fight with someone who might be the > best ally? If EFF is the best ally then we need to seek others. They have done nothing in my view to help keep strong crypto around, to secure a person's right to speak without a citizen unit I.D. being attached, and to promote, by extension, free speech. Look, even you have gotten on my case here for speaking without revealing my real name. You think something I said libelous? Is it dangerous? Would you like to contact me further about it? What precisely is the need to attach my real name to this work about? It's about retribution. It's about the need to see people unable to really speak as they think, and the need to have words softened so no one is "hurt." Forget it. I will not pay the political and financial price of revealing my name just to make you, or anyone else, happy. > >I'm hardly going to support an organization that proports to be > >pro-internet freedom and yet has no official position on anonyminity. > > perhaps you would be more influential if you learned to spell what > you are advocating. (hee, hee) English is not my first language. Start paying my hourly rate to type in the thousands of words and dozens of legal summaries I send to this list every month and I will begin to proof read carefully. > > Of > >course you should expect people to wonder about EFF when you have no > > official position and yet some staff and board members seem to have a > >statist bent. > > and you, like many other cypherpunks and cyberspace weasels, > have a whine-and-shriek-from-the-shadows bent. And your point is? You'd like the shadows lifted? Speaking without a true name attached is somehow evil? > BTW, I reject the claim by some here (e.g. TCM) that the supposed change in > direction at EFF implies that such an organization is inherently > top-heavy and will fail in comparison to cypherpunk guerilla-style > "technology deployment." it seems to me both the cpunk philosophy > and the EFF philosophy can coexist, and I really get tired of people > who can't think past a "only one can exist" worldview. Why not make some solid arguments for why TCM is wrong then? Certainly it appears he is on the mark to me. > I also don't understand the anonymity fight by cpunks. it's the > wrong battle imho. ask any remailer operators how their services > are panning out. they will complain of the incessant spam and > increasing litigious pressure. I don't see any technological > solutions to these problems. if there were, they'd have been > invented now. This is EFF talking. "The situation is hopeless, bail now to preserve image." > let's face it, anonymity is a pain in the ass > to support. maybe there are other goals that are more crucial > that lie at the heart of anonymity. what cpunks are really > seaking is "assurance of freedom from retribution". when the > problem is phrased more openly like that, other solutions become > possible and worth consideration. anonymity is only one such > way to achieve this goal. I for one would like to see more > experimentation with reputation systems. "aw gee, nobody knows what > one would look like". well, that's the point. Explain to me how reputation systems work in the absence of anonymity. Explain to me when freedom has been anything but "a pain in the ass." Weakness is all you have to offer. Offer it to EFF. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From stewarts at ix.netcom.com Tue Sep 3 02:46:24 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 3 Sep 1996 17:46:24 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609030615.XAA15848@toad.com> Black Unicorn wrote: >> > > What is or is not your personal or EFF's official position is meaningless. >> > > It is clear that the personal beliefs of those involved in EFF are >> > > those of compromise, present day politics, and a general lack of moral >> > > fiber. While nobody's called Esther Dyson a Communist here yet, there are people on the board I disagree with - Mitch Kapor, in particular, has shown signs of being a (gasp!) Democrat! My initial reaction to the EFF's first year or two was that they were doing some very good things (the Steve Jackson defense), and also had people making speeches about the need to provide everybody with access to the Information SuperHighway. Getting the S.266 anti-crypto-pro-wiretapping bill killed a few years ago was what convinced me to join them, though their compromise positions on some of the other anti-freedom bills since then have not helped my mixed views of the organization. With all due respect to Jerry Berman, I'm more comfortable now that they're not Washington Insiders any more. >Why am I any more mistaken for pointing out that a single influential >member of EFF's staff or board is anti-anonymity and yet remains with the >organization than you are for pointing out that a single influential >member who happened to be anti-anonymity has left? .... >Maybe there should be an EFF position on the matter. Maybe. If it's a good position, it will recognize that anonymity is a mixed blessing; there are people who use it creatively and responsibly, like Black Unicorn and Lucky Green, and there are spammers who abuse it to the detriment of society, like the slimeball who used my remailer to post hatemail to the gay newsgroups with somebody else's name attached to the bottom. On the other hand, free speech is also a mixed blessing; there _are_ things I wish people had the good taste not to say, but I'm not going to get in Voltaire's way while he defends to the death their right to say them... # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From stewarts at ix.netcom.com Tue Sep 3 02:57:01 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 3 Sep 1996 17:57:01 +0800 Subject: Whistleblowing on the Internet Message-ID: <199609030615.XAA15838@toad.com> At 04:02 PM 9/2/96 EDT, "E. ALLEN SMITH" wrote: >There's also the point that some whistleblowing isn't exactly >what some political groups would want to occur. For instance, opponents >to unions such as myself aren't going to want a whistleblower to be able >conveniently to report their exclusion from a job due to union membership. While some unions are clearly run by and for thugs, some employers have also hired thugs to attack union organizers, and both unions and employers have convinced government thugs to attack their opponents, though unions generally have convinced governments to write laws with fines attached, while employers have often had actual Federal troops shooting union strikers, and have had police refrain from defending strikers from attack. In a free market, there wouldn't be laws requiring or forbidding union membership, and some unions would prosper by providing good service to their members and to the employers that hire them, while others wouldn't. I'd be happy to see union members able to anonymously blow the whistle on employers that blacklist union members, though it's harder to be credible with the public if you're anonymous, and particularly hard to get people to believe "Employer MegaFooBar refused to hire [name deleted for privacy], a member of the IBCPARO, because of his union membership" without revealing enough about the union member's identity that the employer knows, and therefore telling all other employers to know that the guy is not only a union member, but also a troublemaker. In this case, the technology is more strongly useful for maintaining blacklists than for detecting or outing blacklist users. Unfortunately, that's especially true because government taxation and anti-immigrant policies require that employees provide employers with a [mostly] unique ID number and papers to prove who they are, so you can't just show up at a construction-workers' hiring hall, call yourself Joe, and get your pay in cash at the end of the day. (Unless you're already an illegal immigrant, in which case it works fine, but then it's tough to be a union member.) # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From stewarts at ix.netcom.com Tue Sep 3 03:00:47 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 3 Sep 1996 18:00:47 +0800 Subject: Whistleblowing on the Internet Message-ID: <199609030615.XAA15843@toad.com> Geoffrey Gussis wrote: >| Overall, I am quite surprised that there isn't a whistleblowing >| clearinghouse on the Internet; a site sponsored by a non-profit that lists >| email addresses and secure forms for sending anonymized email to those >| areas of the public and private sector that deal with whistleblowing. Alt.whistleblowing was started a while ago, and was probably pretty quiet (not that I've read it in years.) Of the 5 articles there today, one is from Geoffrey Gussis, one is a reply, one has an EPA phone number, one is test, and one is spam. The reply said #> See www.taf.org on the net. #> See www.whistleblowers.com on the net #> In a few weeks, our site will be up, and we are also #> involved in bringing false claims act or whistleblower #> lawsuits. We have one under seal, and three more pending. > Such a clearinghouse is what we call a fat target; something >likely to attract attention since wiretapping it could be very useful >to an organization that worried about having a whistleblower. That kind of wiretapping we can deal with. Forging Usenet headers was easy enough even without anonymous remailers, and chaining encrypted messages through remailers should be adequate, even without the huge mix volume of anon.penet.fi. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From jimbell at pacifier.com Tue Sep 3 03:09:22 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 3 Sep 1996 18:09:22 +0800 Subject: POT_hot Message-ID: <199609030651.XAA09953@mail.pacifier.com> At 11:39 PM 9/2/96 GMT, John Young wrote: > Foreign Affairs, Sep/Oct, Lead Essay: > > "Postmodern Terrorism. The terrorism of the future may be > far more destructive than terrorism as we have known it." > > An informative survey and pot-heat by Walter Laqueur. > > Terrorism's prospects, often overrated by the media, > the public, and some politicians, are improving as its > destructive potential increases. Terrorism has > replaced wars between nations of the 1800s and 1900s. [deleted] > Why assassinate a politician or indiscriminately kill > people when an attack on electronic switching will > produce far more dramatic and lasting results? If the > new terrorism directs its energies toward information > warfare, its destructive power will be exponentially > greater than any it wielded in the past -- greater > even than it would be with biological and chemical > weapons. The single successful one could claim many > more victims, do more material damage, and unleash far > greater panic than anything the world has yet > experienced. > http://jya.com/pothot.txt (30 kb) Am I being unreasonable to expect at least a certain degreee of logic in the world? Why is it that this guy (Laqueur) seems to believe that the future is filled with "greater panic than anything the world has yet experienced." I believe that, while there may be panic, it'll be panic on the part of the politicians, not ordinary citizens. I suppose a certain amount of bias is to be expected, seeing as how it's Foreign Affairs magazine. Jim Bell jimbell at pacifier.com From mech at eff.org Tue Sep 3 03:14:42 1996 From: mech at eff.org (Stanton McCandlish) Date: Tue, 3 Sep 1996 18:14:42 +0800 Subject: What is the EFF doing exactly? In-Reply-To: Message-ID: <199609022255.PAA19109@eff.org> (You may need to manually repost this to c'punks. NB: I did not authorize redistribution of my email to you to c'punks in the first place. But since it's there now... Black Unicorn typed: > > Why am I any more mistaken for pointing out that a single influential > member of EFF's staff or board is anti-anonymity and yet remains with the > organization than you are for pointing out that a single influential > member who happened to be anti-anonymity has left? I didn't say you were more mistaken than anyone or anything else. I'm not aware of a mistakenometer with which to make such a measurement. I pointed out your assumption that "It is clear that the personal beliefs of those involved in EFF are those of compromise, present day politics, and a general lack of moral fiber" is not in fact "clear" at all, because you have insuffient information to make such a statement. You don't even have to belive my remark that others in EFF have very pro-anonymity positions - you categorization of EFF is still logically bankrupt, because you don't have enough facts to make it. > If my position, as you represent, is misguided, surely your point about > Mr. Johnson is equally so. If the board is almost 100% pro-anonymity, > where's the official position? The board is not almost 100% pro-anonymity. There are widely differing opinions on the topic, and many board members have not directly wrestled with this issue before at all. I've seen some opinions shift in the space of a few messages. This should clearly illustrate why there is no official position yet. Some EFFers are not only not in agreement with eachother on this, but aren't sure where they stand at all. This is the first time the issue has come up for the board as a whole since early 1995, and the board's composition is very different now. This is the same process EFF goes through every time an issue comes up on which we have no position. Sometimes a position is agreed upon, and there we are, but sometimes no position is taken, as is still the case with intellectual property. In cases like that, we look at what happens on a case by case basis, rather than categorically. (That is to say, even on stuff where we have no position, if something happens that harms the public interest we do not feel any obligation not to act simply because we lack a position on the meta-issue.) It will take some time to formuate a position on it. Personally, I am confident that if EFF takes a position on online anonymity, it will be the positive stance you would expect from us. It is also likely to be tempered with a discussion of responsibility issues, just like every other EFF position. This is not a "sellout" or a "compromise" just a recognization of fact: anonymity does have costs associated with it, such as the ability to defame without the defamed party having much recourse other than contradiction. Such costs should be stated openly, not lied about or ignored. If EFF or other organizations pretend there are no costs or belittle concerns about costs, we undermine everything we are working for - we undermine the public interest and individual liberty. > In so far as an organization is much defined by those involved, I think it > entirely right to wonder aloud about the personal motives of the staff and > board. I think this PARTICULARLY prudent given EFF's reputation and prior > conduct. That's fine. I do think you should wonder. But wondering and making unfounded accusations are different things. It's one thing to say, "I wonder if Black Unicorn has good moral fiber whatever that is, and in fact I suspect he doesn't" (hypothetically, mind you), but it's quite another to say "Black Unicorn has no moral fiber!" (whatever moral fiber might be.) > > I would be most happy to be proven wrong and see EFF suddenly, in a burst > of impressive moral fiber, speak out publically and take some political > action to assure anonymous communication. Don't be surprised if it happens. Also don't be surprised if it doesn't happen. In EFF's 6+ years, no clear consensus on anonymity has yet evolved within any version of EFF's board and staff. DO be surprised if you see EFF take an official position against anonymity. If that happens, I'll start looking for another job. I'm confident it won't happen, or I'd probably already be looking for another job. > > > > Things simply are not as black and white as they might seem. > > > > Well, let's have a clear official position issued then to end all dispute. > I'd like to see that too, but it may be a while in comming. > What is EFF doing if not supporting anonyminity? That's a very good question. EFF has, the entire time I've been with it, and before that the entire time I was observing it (that is, ~1992 to present) been quite supportive of anonymity, in ways that range from relying on facets of the NAACP case in our own CDA challenge, to defending online anonymity when being interviewed by the press, to providing publicly available materials (e.g. at http://www.eff.org/pub/Privacy/Anonymity) on anonymity including remailer lists and FAQs, to having a link on our "other interesting sites" page to the WWW remailer gateway, to permitting anonymous posts to all of our public mailing lists. I can't think of any EFF statement against anonymity, and even Esther's personal statement is not against anonymity, just advising caution and noting that there are many unresolved concerns in this area. > I'm hardly going to support an organization that proports to be > pro-internet freedom and yet has no official position on anonyminity. Of It's certainly your right to not support us. I'm sad that you won't, but it is beyond anything I can do anything about. Positions on issues take time to evolve. > course you should expect people to wonder about EFF when you have no > official position and yet some staff and board members seem to have a > statist > bent. Again, I think you're making unfounded assumptions. The fact that Dyson has questions about the balance of the value and cost of online anonymity does not indicate a "statist bent". Hell, *I* have questions about that balance. For myself, I've found adequate answers, and have come to the conclusion that even if anonymity on the net were abused 1000x more than it is now, it would still be better to have anonymity than to not have it. But I have to let other people come to that conclusion themselves, with my help when appropriate. I can't find any value in demonizing others who've not come to that conclusion, even if if I do find value in severely criticizing people who have taken a completely anti-anonymity position, which Dyson has not. Dorothy Denning, different story. I will happily criticize her positions into the ground, because they are what they are. EFF's position does not exist yet, and the only not completely pro-anonymity individual opinions I've seen out of the board are not anti-anonymity, they're just full of questions. I can't slam people for having questions. -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From vznuri at netcom.com Tue Sep 3 03:45:43 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Tue, 3 Sep 1996 18:45:43 +0800 Subject: What is the EFF doing exactly? In-Reply-To: Message-ID: <199609022254.PAA09742@netcom10.netcom.com> ah, the quasi-yearly ranting on EFF has started up. what a great opportunity for drop-down-drag-dead flamewar. Black Unicorn: I resent your holier-than-thou moral posturing over EFF, and am going to attack it as representative of other criticism I have seen of EFF. EFF is an organization that is professional and has worked toward improving cyberspace. it is easy for someone such as yourself to criticize such an organization anonymously, but what is the justification of your criticism? to me someone who has tried and failed, yet is still trying, is better than someone who has never tried. what *constructive* alternative to EFF do you propose? if you have none, please shut up. I am tired of people announcing loudly to the world, "well if EFF doesn't support [insert my personal jihad here], then they're a bunch of losers who don't deserve anyone's money". >Why am I any more mistaken for pointing out that a single influential >member of EFF's staff or board is anti-anonymity and yet remains with the >organization than you are for pointing out that a single influential >member who happened to be anti-anonymity has left? get a clue. an organization does not have to officially espouse what its members espouse. what an organization espouses should be carefully crafted. if all members feel strongly about an issue, yet all also feel that it should not be part of the official plank, then that may be a wise decision to leave it out. what an organization does *not* do is as important as what it does do. EFF is learning, by trial and error and the hard way, to "choose battles wisely". I would love to see more info about EFF's new direction. but one can ask for such clarification without a rabid style such as your own. >In so far as an organization is much defined by those involved, I think it >entirely right to wonder aloud about the personal motives of the staff and >board. I think this PARTICULARLY prudent given EFF's reputation and prior >conduct. blah, blah, blah. why should EFF give the slightest damn what you think of them? if you were at the helm of a competing organization that was doing superior work, or a privacy lobbyist with a track record, maybe they should listen. as it stands I think they are giving you far more respect than you deserve by even responding to your various scurrilous insinuations. why do I see so much of this in cyberspace and on the cpunks list: gripes, gripes, gripes by people who have no record themselves of doing anything constructive...? the difficulty of doing something constructive is proven by the failures, it is not necessarily evidence of incompetence or conspiracies. perhaps you, Unicorn, feel the cpunks have a greater track record than EFF? >I would be most happy to be proven wrong and see EFF suddenly, in a burst >of impressive moral fiber, speak out publically and take some political >action to assure anonymous communication. I would like you to explain why you feel the need to criticize EFF for not necessarily sharing your own agenda. >Well, let's have a clear official position issued then to end all dispute. again, you fail to grasp: EFF may justifiably not want to engage in that fight. it might be a wise decision. who are you to dictate EFF's agenda? why are you picking a fight with someone who might be the best ally? >I'm hardly going to support an organization that proports to be >pro-internet freedom and yet has no official position on anonyminity. perhaps you would be more influential if you learned to spell what you are advocating. (hee, hee) > Of >course you should expect people to wonder about EFF when you have no > official position and yet some staff and board members seem to have a >statist bent. and you, like many other cypherpunks and cyberspace weasels, have a whine-and-shriek-from-the-shadows bent. BTW, I reject the claim by some here (e.g. TCM) that the supposed change in direction at EFF implies that such an organization is inherently top-heavy and will fail in comparison to cypherpunk guerilla-style "technology deployment." it seems to me both the cpunk philosophy and the EFF philosophy can coexist, and I really get tired of people who can't think past a "only one can exist" worldview. I also don't understand the anonymity fight by cpunks. it's the wrong battle imho. ask any remailer operators how their services are panning out. they will complain of the incessant spam and increasing litigious pressure. I don't see any technological solutions to these problems. if there were, they'd have been invented now. let's face it, anonymity is a pain in the ass to support. maybe there are other goals that are more crucial that lie at the heart of anonymity. what cpunks are really seaking is "assurance of freedom from retribution". when the problem is phrased more openly like that, other solutions become possible and worth consideration. anonymity is only one such way to achieve this goal. I for one would like to see more experimentation with reputation systems. "aw gee, nobody knows what one would look like". well, that's the point. From jf_avon at citenet.net Tue Sep 3 03:55:53 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Tue, 3 Sep 1996 18:55:53 +0800 Subject: "Security risks" vs. "credit risks" Message-ID: <9609030808.AB20606@cti02.citenet.net> On 31 Aug 96 at 20:53, Igor Chudov @ home wrote: > Airlines, for example, are under tight and rather > arbitrary control of the FAA. Most CPunks have no idea how true this is. Try reading about the Bob Hoover case if you want to learn about FAA's finest actions... jfa From furballs at netcom.com Tue Sep 3 03:59:29 1996 From: furballs at netcom.com (Paul S. Penrod) Date: Tue, 3 Sep 1996 18:59:29 +0800 Subject: Still more mileage from the old grey mare... was: Trojan Horse In-Reply-To: <199609030151.SAA07328@toad.com> Message-ID: On Mon, 2 Sep 1996, Bill Stewart wrote: > >The key to the success is that the application in question has to be > >compromised to respond to these codes, either by design or by hacking. > >Either way the individual responsible must modify the execution > >mechanism, not just the data itself. > > A well-written program is hard to exploit, but badly written programs > can often be exploited in ways that allow execution of untrusted code. > For instance, the fingerd bug exploited so spectacularly by Robert Morris > handed a program more input that it was ready to accept, and the program > stupidly kept writing the input into the array, past the end, and out > into the stack, where it could be later interpreted as executable code. That is one instance where it was obscure and workable. I am not familiar with the UNIX binary map, but in the Intel DOS world (includes Windows to a large degree), the stack generally lies at the top of DSEG, not CSEG and flows down. Older incarnations of x86 allowed for such wonders as: push ds push cs pop ds [ series of writes ] pop ds and viola, self modifying code by one method. Ugly, but it works. Variations on the same theme exist, now that Intel does not allow direct manipulation of the IP anymore. It's not that difficult to do. Some of the digital audio work I was involved in several years ago required modifying code sequencing on the fly to accomodate time delays and different types of processor performance. Intel binaries are not difficult to modify directly - especially when they are DOS binaries (note the plethora of viruses in the medium). Even good code can be reworked without having source. One of the tricks is to grab the intial JMP off the binary header and point it down past the bottom of the existing binary towards the code you have added. This way on startup DOS does not truncate the new binary size via Function 31h. Now all you have to do is mudge the read section and look for your trigger before executing the additional code. What I have just described is a very simplistic viral mechanism. > > If a popular GIF or JPEG interpreter was written that badly, you could > possibly devise a GIF that lies about how big it is and encourages > the program to scribble on its stack. Now, there probably aren't any > like that, and it'd probably have to be Netscape or MSIE or Lview > to be widespread enough to make an attack like that worthwhile. > (I'd bet on MSIE, of the three of them :-) Does Microsoft have some sort > of Really Cool Extension to JPEG, allowing Macros for Self-Modifying JPEGs, > trying to out-do Netscape's animated GIFs?) > It wouldn't surprise me. > >Let's see -current examples of computing items with this kind of a > >"feature"... magic cookies, macros, OLE, DDE, MS Objects, JAVA, and the > >list keeps growing. > > Back when Good Times came out, everyone denied that it was possible > for there to be any risk from a text file (though, as I pointed out, > escape-sequence hacks have been used occasionally for over 15 years), > and not long after that, the MSWord Macro Viruses started appearing. > Bad Code can't always be hacked usefully, but it can always be hacked... > > # Thanks; Bill > # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com > # > # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto > Escape sequence hacking in DOS has been done since the day ANSI.SYS came out to play. IT was a quick and dirty trick to send escape sequence laden files to the unsuspecting and ask them to type them to the screen. Then the fun began. When you stop and think about it though, any application that functions as a data engine of some type is susecptible at some level to this form of attack. The issue is really which method to employ that will give you ROI. ...Paul From tcmay at got.net Tue Sep 3 04:09:31 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 3 Sep 1996 19:09:31 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi Message-ID: At 10:09 PM 9/2/96, Stanton McCandlish wrote: >Also questionably relevant for an issue like this (more relevant perhaps >to intellectual property issues, etc.) The political axis most relevant >here is civil libertarian v. authoritarian. I don't think you'll find >any authoritarians on the EFF board or staff. A civil libertarian would not be speaking about limiting forms of speech to those that are traceable. Anonymous messages are consistent with the First Amendment. Calls for restrictions on anonymity are not consistent with a civil liberties orientation. (As I described in a much longer message earlier today, I can only hope Esther Dyson simply hasn't thought enough about this issue, and about the implications of her calls for "responsible freedom.") --Tim May -- [This Bible excerpt awaiting review under the U.S. Communications Decency Act of 1996] And then Lot said, "I have some mighty fine young virgin daughters. Why don't you boys just come on in and fuck them right here in my house - I'll just watch!"....Later, up in the mountains, the younger daughter said: "Dad's getting old. I say we should fuck him before he's too old to fuck." So the two daughters got him drunk and screwed him all that night. Sure enough, Dad got them pregnant, and had an incestuous bastard son....Onan really hated the idea of doing his brother's wife and getting her pregnant while his brother got all the credit, so he pulled out before he came....Remember, it's not a good idea to have sex with your sister, your brother, your parents, your pet dog, or the farm animals, unless of course God tells you to. [excerpts from the Old Testament, Modern Vernacular Translation, TCM, 1996] From MAILER-DAEMON at mqg-smtp3.usmc.mil Tue Sep 3 04:10:19 1996 From: MAILER-DAEMON at mqg-smtp3.usmc.mil (MAILER-DAEMON at mqg-smtp3.usmc.mil) Date: Tue, 3 Sep 1996 19:10:19 +0800 Subject: Undeliverable Message Message-ID: To: Cc: Subject: Re: Cypherpunk Mailboxes? Message not delivered to recipients below. Press F1 for help with VNM error codes. VNM3043: BANYAN SERVER at MAG26@2DMAW NEW RIVER VNM3043 -- MAILBOX IS FULL The message cannot be delivered because the recipient's mailbox contains the maximum number of messages, as set by the system administrator. The recipient must delete some messages before any other messages can be delivered. The maximum message limit for a user's mailbox is 10,000. The default message limit is 1000 messages. Administrators can set message limits using the Mailbox Settings function available in the Manage User menu (MUSER). When a user's mailbox reaches the limit, the user must delete some of the messages before the mailbox can accept any more incoming messages. UNDEFINED-----BEGIN PGP SIGNED MESSAGE----- On Mon, 2 Sep 1996, The Deviant wrote: > Hrmm.. perhaps there's a better way... > such as having the user and the mail server negoiae a key (i don't really > know the details of diffie-hellman or he like, so tell me if this isn't > feasable), and have the encryption/decypion routines strip addresses, > so that the person is only identifiable by their key... The mail server still has to send packets to the user. A packet sniffer might not be able to find out the actual contents of the transmission, but it would be able to find out the host that has made the connection. If this is combined with the knowledge of the times that certain user's mailboxes get cleared out, it would be possible to find out which nyms belong to which people. The current nym servers that automatically forward mail do not have this problem. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMituHCzIPc7jvyFpAQFXSQf9FS30slaO7LDllILC+eEdk/7aBAy312MY esRgbc2EUI7W1WBsujrCznLrbzki0MZ58djDxAmIlz2+YzmQFAMpCx1YGaEkTLIt o4//O6KnAkXde1no+WJXuNry3gzXUDgrUG3S8s3HCDsPfmu1x25J/M8nrL9ijx42 Jd2q9Z/wdAZxIFuUUoZotbUDIwXkHk17l+rNVUL5Pt4ukVd2M85wDp6EpWRCWsQP Xjgwp8FdYd8m/tqxjIygyog5tfsV3qD4ve8Wl7E0MaWkqPyvzb843G0VXSKfI0iH fE1WaHmqvF+VwPU/I2BXnjMjWK4xOW/pKk3llQFSEj8frFGjtqn1ag== =3Phf -----END PGP SIGNATURE----- From schneier at counterpane.com Tue Sep 3 04:17:31 1996 From: schneier at counterpane.com (Bruce Schneier) Date: Tue, 3 Sep 1996 19:17:31 +0800 Subject: What the NSA is patenting Message-ID: I just spent a pleasant hour or so searching a patent database for all patents assigned to the NSA. There's some interesting stuff: "Self-locking, tamper-evident package" Method of retrieving documents that concern the same topic" Fifty-Four patents total. (Used to be they just kept stuff secret; now they patent some of it.) Attached is the most interesting thing I found: a patent on techniques for reading data off overwritten magnetic media. Bruce ******************************************************************************** United States Patent Patent Number: 5264794 Date of Patent: 23 Nov 1993 Method of measuring magnetic fields on magnetically recorded media using a scanning tunneling microscope and magnetic probe Inventor(s): Burke, Edward R., Silver Spring, MD, United States Mayergoyz, Isaak D., Rockville, MD, United States Adly, Amr A., Hyattsville, MD, United States Gomez, Romel D., Beltsville, MD, United States Assignee: The United States of America as represented by the Director, National Security Agency, Washington, DC, United States (U.S. government) Appl. No.: 92-947693 Filed: 21 Sep 1992 Int. Cl. ............. G01R033-00; G01R033-12 Issue U.S. Cl. ....... 324/260.000; 324/212.000 Current U.S. Cl. ..... 324/260.000; 324/212.000 Field of Search ...... 324/212; 324/244; 324/260; 324/262 Reference Cited PATENT DOCUMENTS Patent Number Date Class Inventor ---------- --------- -------------- ------------ US 4232265 Apr 1980 324/260.000 Smirnov US 4567439 Jan 1986 324/304.000 McGregor US 4625166 Nov 1986 324/223.000 Steingroever et al. US 4710715 Dec 1987 324/307.000 Mee et al. US 4791368 Dec 1988 324/301.000 Tsuzuki OTHER PUBLICATIONS Magnetic Tip Sees Fine Detail, Lost Data, E. Pennisi, Feb. 29, 1992, Science News, p. 135. Magnetic Field Imaging by Using Magnetic Force Scanning Tunneling Microscopy, Gomez, Burke, Adly, Mayergoyz, Feb. 17, 1992 pp. 906-908 Appl. Phy. Lett. Tunneling-Stabilized Magnetic Force Microscopy of Bit Tracks . . . , Rice, Moreland, IEEE Trans. on Magnetics vol. 27 No. 3 May 1998, pp. 3452-3454. Magnetic Force Scanning Tunneling Microscope Imaging of Overwritten Data, Gomez, Adly, Mayergoyz, Burke, IEEE Journal of Magnetics, Sep. 1992. Analysis of Tunneling Magnetic Force Microscopy Using a Flexible Triangular Probe, Burke, Gomez, Adly, Mayergoyz, IEEE Journal of Magnetics, Sep. 1992. Magnetic Force Microscopy: General Principles and Application to . . . , Rugar, Mamin, et al. Journal of Appl. Phys., Aug. 1, 1990 pp. 1169-1183. Analysis of In-Plane Bit Structure by Magentic Force Microscopy, Wadas, Grutter, Guntherodt, J. Appl Phys. Apr. 1, 1990 pp. 3462-3467. Theoretical Approach to Magnetic Force Microscopy, Wadas, Grutter, American Physical Society, Jun. 1, 1989, 12,013-17. Theory of Magnetic Imaging by Force Microscopy, Saenz, Garcia, Slonczewski, Appl. Phys. Letters, Oct. 10, 1988 pp. 1449-1451. Description of Magnetic Imaging in Atomic Force Microscopy, Wadas, Journal of Magnetism and Magnetic Materials, Aug. 1989 pp. 263-268. Art Unit - 267 Primary Examiner - Snow, Walter E. Attorney, Agent or Firm - Morelli, Robert D.; Maser, Thomas O. --------------------- 8 Claim(s), 4 Drawing Figure(s), 4 Drawing Page(s) ABSTRACT The present invention discloses a method of measuring magnetic fields on magnetically recorded media. The method entails replacing the metal tip typically used with a scanning tunneling microscope with a flexible thin-film nickel of iron magnetic probe. The present invention describes a mathematical equation that relates probe position to magnetic field strength. In order to establish a tunneling current between the magnetic probe and the magnetically recorded media, any protective layer on the magnetically recorded media is removed. The magnetic probe and the magnetically recorded media may be coated with at least three-hundred angstroms of gold in order to reduce spurious probe deflections due to oxide growths on either the magnetic probe or the magnetically recorded media. The scanning tunneling microscope is designed to maintain a constant tunneling current between the probe and the item being scanned. The present invention uses the scanning tunneling microscope to scan the recording tracks of magnetically recorded media. Any change in the magnetic field of the magnetically recorded media will cause a change in the tunneling current. The microscope will change the position of the probe in order to maintain a constant tunneling current. These changes in position are recorded as an image. A mathematical equation that relates probe position to magnetic field strength is then used to extract the magnetic fields of the magnetically recorded media from the recorded image of probe positions. BACKGROUND OF THE INVENTION 1. Field of Invention This invention relates to a method of measuring the magnetic fields of a recorded surface and more particularly to a method of measuring the magnetic fields of magnetically recorded information using a scanning tunneling microscope. 2. Description of Related Art One of the most active areas in magnetic recording technology is the study of processes occurring at the microscopic level. In recent years, several techniques based on scanning tunneling microscopy have been developed to study magnetization patterns in recording media with sub-micron resolution. These include magnetic force microscopy (MFM), and tunneling stabilized (TS) or magnetic force scanning tunneling microscopy (MFSTM). In "Tunneling-stabilized Magnetic Force Microscopy of Bit Tracks on a Hard Disk," a published article by P. Rice and J. Moreland in IEEE Trans. Magn., vol. Mag-27, 1991, pp. 3452-3454 it was shown that magnetic data on a hard disk can be imaged with a tunneling microscope by using a flexible triangular probe cut from a thin film of magnetic material. In U.S. Pat. No. 4,791,368, entitled "Automatic Magnetic Field Measuring Apparatus Using NMR Principles," a method of more accurately measuring magnetic fields is described which entails surrounding the item being measured with a coil, initially measuring the magnetic field, estimating the magnetic resonance frequency of the item being measured, applying a high-frequency voltage of the estimated magnetic resonance frequency, iteratively refining the estimate of the magnetic resonance frequency until the variation in coil inductance is a maximum, and finally, from the resulting magnetic resonance frequency, calculating the magnetic field of the item being measured. In U.S. Pat. No. 4,710,715, entitled "Method Of Mapping Magnetic Field Strength And Tipping Pulse Accuracy Of An NMR Imager," a method of checking the homogeneity of a magnetic field by producing contour lines of equal field strength is disclosed that utilizes a different preparation phase for NMR imaging. The new preparation phase consists of tipping the spins of the volume elements with a 90 degree wait 90 degree RF pulse sequence. In U.S. Pat. No. 4,625,166, entitled "Method For Measuring Magnetic Potentials Using Hall Probes," a method of measuring the hysteresis curve of a magnetic material is disclosed. The steps of the method include subjecting the material to a magnetic field, summing the voltages from a plurality of Hall probes that are spaced in an arc, obtaining the magnetic flux density in the material, and deriving a hysteresis curve of the material from the magnetic flux density and the magnetic field intensity. In U.S. Pat. No. 4,567,439, entitled "Apparatus For Measuring The Magnitude Of A Magnetic Field," a method of measuring the magnitude of a magnetic field is disclosed. The steps of the method include magnetizing the item, inducing an oscillating magnetic field, permitting free precession, inducing signals during free precession, and producing an output that is proportional to the frequency deviation of the induced signals. In U.S. Pat. No. 4,232,265, entitled "Device For Measuring Intensity Of Magnetic Or Electromagnetic Fields Using Strain Gauges Mounted On Ferromagnetic Plates," a device is disclosed that measures magnetic fields by monitoring the electrical signal produced by strain gauges which are connected to overlapping ferromagnetic plates. The magnetic field to be measured causes the gap between the plates to change which in turn causes the electrical output signal from the strain gauges to change. The magnitude of the electrical signal indicates the magnitude of the magnetic field. SUMMARY OF THE INVENTION It is an object of this invention to provide a method of measuring magnetic fields. It is another object of this invention to provide a method of measuring magnetic fields of magnetically recorded information. It is another object of this invention to provide a method of measuring magnetic fields of magnetically recorded information using a scanning tunneling microscope. It is another object of this invention to provide a method of measuring magnetic fields of magnetically recorded information using a scanning tunneling microscope that incorporates a thin-film magnetic probe that is used to relate probe position to magnetic field strength. These objects are achieved by using a magnetic force scanning tunneling microscope to measure magnetic fields. This microscope, which is typically used for recording surface topology of an item, is modified by replacing the fine metallic tip with a flexible magnetic probe. In the typical operation of a scanning tunneling microscope, the fine metallic tip, which is held at a bias potential, is placed in close proximity to the sample surface so that a tunneling current is established between the tip and the sample surface. As the tip scans across the surface, changes in surface topology cause the tunneling current to change. In order to maintain a constant tunneling current, the microscope changes the position of the tip. These changes in tip position are recorded in a two dimensional image that reflects the surface topology of the item scanned. The present invention shows that by replacing the tip with a magnetic probe and by scanning recorded media along the recording tracks, which have no significant topological variations, the scanning tunneling microscope can be used to record the magnetic fields of the recorded media. Just as surface variations caused changes in the tunneling current, changes in magnetic field cause changes in the tunneling current. The microscope will change the position of the probe, as it did with the metallic tip, in order to maintain a constant tunneling current. These position changes are recorded and, with the use of a mathematical equation that relates probe position to magnetic field strength, are used to measure the magnetic fields of the recorded media. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a perspective view of a typical image created by a scanning tunneling microscope; FIG. 2 is a perspective view of the magnetic probe superimposed upon a graph that indicates the critical dimensions, coordinates, and angles; FIG. 3 is a chart showing the relationship between magnetic probe amplitude and the angle theta; and FIG. 4 is a chart that compares theoretically expected results of probe amplitude versus the angle phi against experimentally obtained data of probe amplitude versus the angle phi. DESCRIPTION OF PREFERRED EMBODIMENTS There is a growing interest in measuring magnetic fields created by magnetization patterns recorded on magnetic media. Since these fields vary over microscopic distances, various microscopic techniques have been developed. The present invention describes a method for measuring magnetic fields on magnetically recorded media by using a modified scanning tunneling microscope. These magnetic fields are measured by determining the relationship between the microscope probe movement and magnetic field strength. The scanning tunneling microscope operates by scanning the surface of an object with a metal tip. The tip is biased with a dc voltage and placed close enough to the surface of the object to establish a tunneling current. Changes in the surface topology of the object cause a change in the tunneling current. A feedback system in the microscope adjusts the vertical position of the tip in order to maintain a constant tunneling current. As the tip is scanned across the object, the changes in tip position are recorded. These recordings reflect the surface topology of the item scanned. An example of such an image is indicated in FIG. 1. The present invention discloses a method for using a modified magnetic force scanning tunneling microscope to measure magnetic fields. The metal tip of the microscope is replaced with a thin-film magnetic probe 20 of FIG. 2. Instead of scanning the surface topology of an item, the modified microscope is used to scan individual recording tracks of a magnetically recorded media which do not have any significant topological variations. Just as was done with the metal tip, the probe 20 is placed in close proximity with the recorded media in order to establish a tunneling current. The probe 20 is then scanned along the recording tracks of the magnetically recorded media. Changes in magnetic field cause a change in the tunneling current. The microscope then changes the position of the probe 20 in order to maintain a constant tunneling current. These position changes are recorded and, with the use of a mathematical equation that relates probe position to magnetic field strength, used to measure the magnetic fields of the recorded media. The energy of interaction between the probe 20 and the magnetic field emanating from the sample surface was evaluated using the geometry as shown in FIG. 2. It was assumed that the field interacts only with the last magnetic domain (i.e., a region that is magnetized in one direction only) at the tip of the probe 20 and that this domain is magnetized uniformly along its length. The magnetization pattern is typically a recorded signal with repetition in the x-direction and infinite extent in the y-direction. Measurements were taken with a scanning tunneling microscope operating in a constant current mode with a maximum scan range in excess of 100 micrometers in each lateral dimension. The tunneling current is typically 0.11 nanoamperes, at a dc bias of 2.7 volts. The scan rate is about 1.5 lines per second. Any protective coatings on the recorded media must be removed. Adverse effects due to surface oxides on the probe 20 or recorded media are reduced by coating the recorded media and the tip of the probe 20 with approximately 300 angstroms of gold. Such a coating is typically deposited by conventional sputtering techniques. The tunneling current changes as the probe 20 interacts with the surface and its magnetic fields. Feedback compensates for this change and the vertical displacement of the probe 20, .DELTA.z, is recorded as a function of its horizontal position. Therefore, a two dimensional image, similar to the image shown in FIG. 1, is formed that maps variations in z as a function of lateral position, i.e., .DELTA.z(x,y). Such an image reflects both the topological and magnetic features of the magnetically recorded media. With the appropriate choice of probe 20 properties, it is possible to extract the magnetic fields from this image. The magnetic contribution to the displacement, .DELTA.z, is determined by the forces acting on the probe 20. Several theoretical calculations that relate recorded images using such a probe 20 with the forces on the probe 20 have appeared in "Analysis of in-plane bit structure by magnetic force microscopy", a published article by A. Wadas, P. Grutter, and H. Guntherodt in J. Appl. Phys., vol. 67, 1990, p. 3462 and "Theory of magnetic imaging by force microscopy," a published article by J. Saenz, N. Garcia, and J. Slonczewski in Appl. Phys. Lett. 53, 1988, p. 1449. However, these calculations have not directly addressed the issue of the dependence of image contrast and resolution on the orientation of the probe 20 as the present invention does. By assuming that the probe 20 is uniformly magnetized along the direction of its length, the vertical displacement can be modeled by considering the interaction of the surface magnetic fields with a magnetic charge distribution at the tip of the probe 20. Flexible magnetic probes 20 made of nickel (Ni) can be used. The probes 20 used in the present invention were fabricated by evaporating approximately 500 nanometers of Ni onto pre-patterned substrates. These films retain the shape of the substrate pattern when peeled away from the pattern. A typical probe would have a thickness (t) of less than or equal to one micrometer, a length (l) of two millimeters, and a width (w) of one micrometer. The angle delta is typically 15 degrees. The angle theta can vary over a range of zero degrees to pi/2 degrees. The angle phi can vary over a range of -pi/2 to pi/2. It has been observed that these probes 20 produce consistent images of magnetization patterns. FIG. 1 also shows the parameters for the equations used in the present invention. It was assumed that the recorded signal is a repetitive pattern of wavelength lambda (.lambda.) in the x direction, with infinite extent in the y direction. In "Theoretical approach to magnetic force microscopy," a published article by A. Wadas and P. Grutter in Phys. Rev. B, vol. 39, no. 16, June 1989, pp. 12013-12017 it was shown that the energy (E) of interaction between the field from the pattern and the last domain on the probe tip can be expressed as E=-.intg.H.multidot.M dV, where H is the magnetic field from the pattern, M is the magnetization of the domain, and V is the volume of the domain. The magnetic field can be expressed as the gradient of a scalar potential capital phi (.PHI.), and, if the magnetization is uniform (.gradient..multidot.M=0 is sufficient), then the above equation for E can be rewritten as E=.intg..gradient..multidot.(.PHI.M) dV. This new equation for E can then be converted to a surface integral using Gauss's theorem to obtain E=.intg..PHI.M.multidot.dA. This latest equation simplifies the calculation of E and the identification of the source of the different terms. The scalar potential will then be of the form ##EQU1## where k=2.pi.n/.lambda. and the coefficients .PHI.n match the series solution to the particular field pattern. Specific values of .PHI.n for various field patterns can be found in "Theoretical approach to magnetic force microscopy," a published article by A. Wadas and P. Grutter in Phys. Rev. B, vol. 39, no. 16, pp 12013-12017, June 1989 and in "Analysis of in-plane bit structure by magnetic force microscopy," a published article by A. Wadas, P. Grutter, ad H. Gutherolt in J. Appl. Phys. 67 (7), pp. 3462-3467, 1990. In the present invention, it was assumed that 1) the domain is magnetized along the probe axis by shape anisotropy, 2) the domain is much longer than .lambda. so that the limit of integration in the z direction can be extended to infinity, and 3) the thickness of the probe, t, is much less than the wavelength .lambda.. In "Magnetic force microscopy: General principles and application to longitudinal recording media," a published article by D. Rugar, H. Mamim, P. Guethner, S. Lambert, J. Stern, I. McFadyen, and T. Yogi in J. Appl. Phys. 68 (3), 1990, pp. 1169-1183, it was shown that the last domain on the probe was 20 micrometers in length. A domain length of this size is typically much longer than the wavelength of patterns on modern recording surfaces. In calculating the energy of interaction (E), the last two equations are used to obtain ##EQU2## The integrals were preformed so that the point (x,z) is the coordinate of the probe tip. The first term in the calculation of the energy of interaction is due to a magnetic charge, Mtw, at the tip of the probe. The magnetic potential is weighted by a sampling factor caused by the variation in the field across the width, w, of the probe tip. The next two terms can be thought of as the contributions from the magnetic charges on the sides of the probe, separated from the tip by the distances x.+-.. The quantity that is measured by the tunneling microscope is the displacement, .DELTA.z, of the probe tip. The displacement is caused by both the surface topology and magnetic field of the recorded media. If the probe tip is properly designed, the magnetic interaction will predominate and the effects due to surface topology will b minimized. If the probe is constrained to rotate in the theta (.theta.) direction, the displacement will be given by lsin.theta..DELTA..theta., where l is the length of the probe's 20 moment-arm. A force, F.sub.N, normal to the probe 20 will cause a rotation in the theta (.theta.) direction such that lF.sub.N =-K.DELTA..theta. where K is the tip torque constant. The displacement .DELTA.z is then given by ##EQU3## The force acting on the tip is the gradient of the energy, F=-.gradient.E, so that .DELTA.z further becomes ##EQU4## Using the last equation and the equation for the energy (E) of interaction, .DELTA.z becomes ##EQU5## These last three equations give a complete description of the interaction between the probe and the recorded pattern. In general, the equations are quite complicated and their usefulness is not readily apparent. In the case where the probe lines up with the pattern (i.e., phi=0), so that the probe scans along the recorded information, the equation for .DELTA.z reduces to a simple form, ##EQU6## The first two terms give the interaction between the magnetic field and the magnetic charge at the tip. The third term gives the effect of the charges on the sides of the probe. The third term was written in the integral form so that it could be expressed in terms of the magnetic field Hz. This last equation can be used to obtain relative values of the magnetic field components Hx and Hz. To obtain absolute values, the probe would have to be calibrated in a known field to obtain the factor (1**2)Mtw/K. An alternative way to obtain the fields from the last equation is by obtaining three images at three different values of the angle theta (.theta.). The fields Hx and Hz can then be obtained at every point from a linear combination of the three images. As an example, if the images were taken at theta equal to 30, 45, and 60 degrees then Hx and Hz would be given by the following two equations: H.sub.x =-18.01z(30.degree.)-13.55z(60.degree.)+29.35z(45.degree.), H.sub.z =-23.48z(30.degree.)-10.40z(60.degree.)+29.35z(45.degree.) where ##EQU7## If phi=0 is chosen as the angle of rotation of the probe, the angle theta must be determined to give the best image sensitivity. For ##EQU8## the relative amplitude of the harmonics, for phi=0, will vary with theta as ##EQU9## The amplitude will have a maximum near theta=pi/2 for both large and small values of a. Raising the elevation of the probe to this value would cause interactions with all the domains in the probe so a smaller value would have to be chosen. The smallest value of theta for which the amplitude is a maximum occurs when a=1, cos(theta)=1/3, and theta=70.5 degrees. This is still a relatively large elevation, but as can be seen from FIG. 3, the maximum occurs over a broad range. Adequate sensitivity can be achieved when theta is as small as 45 degrees. Numerous experiments were performed to verify the equations given above for .DELTA.z, C**2, and beta. Agreement between experimental data and theory, as shown in FIG. 4, is quite good. The theoretical curve was obtained using delta (.delta.)=15 degrees, theta=12 degrees and w=1 micrometer. Error is introduced into the experimental data if, during rotation of the sample, a different recorded track is followed. The method of the present invention shows how the constituent magnetic fields from recorded magnetic patterns can be obtained using a magnetic force scanning tunneling microscope. The sensitivity of the microscope will vary with the orientation of the probe. Changes and modifications in the specifically described embodiments can be carried out without departing from the scope of the invention which is intended to be limited only by the scope of the appended claims. 1. A method of measuring magnetic fields on magnetically recorded media comprising the steps of: (a) replacing the fine metallic tip of a scanning tunneling microscope with a flexible thin-film magnetic probe in order to relate probe position to magnetic field strength; (b) removing any protective layer from said magnetically recorded media so that said protective layer does not impede the establishment of a tunneling current between said magnetic probe and said magnetically recorded media; (c) aligning said magnetic probe with a recorded track of said magnetically recorded media at an angle of zero degrees; (d) positioning the tip of said magnetic probe to said magnetically recorded media at an angle in the range of zero degrees to pi/2 degrees in order to establish said tunneling current; (e) scanning said recorded track of said magnetically recorded media with said magnetic probe; (f) recording changes in position of said magnetic probe during said scanning of step (e) due to changes in the magnetic field of said magnetically recorded media; and (g) computing the magnetic fields associated with said recordings of step (f) by using a mathematical equation that relates the position of said magnetic probe to the strength of the magnetic field. 2. The method of claim 1 further comprising the step of plating said magnetic probe and said magnetically recorded media with at least three-hundred angstroms of gold in order to reduce spurious probe deflection due to surface oxides on either said magnetic probe or said magnetically recorded media. 3. The method of claim 1 wherein said step of replacing the fine metallic tip of a scanning tunneling microscope with a flexible thin-film magnetic probe is accomplished by replacing the fine metallic tip of said scanning tunneling microscope with a thin-film nickel probe. 4. The method of claim 1 wherein said step of replacing the fine metallic tip of a scanning tunneling microscope with a flexible thin-film magnetic probe is accomplished by replacing the fine metallic tip of said scanning tunneling microscope with a thin-film iron probe. 5. A method of measuring magnetic fields on magnetically recorded media comprising the steps of: (a) replacing the fine metallic tip of a scanning tunneling microscope with a flexible thin-film magnetic probe in order to relate probe position to magnetic field strength; (b) removing any protective layer from said magnetically recorded media so that said protective layer does not impede the establishment of a tunneling current between said magnetic probe and said magnetically recorded media; (c) aligning said magnetic probe with a recorded track of said magnetically recorded media at an angle of zero degrees; (d) positioning the tip of said magnetic probe to said magnetically recorded media at an angle in the range of zero degrees to pi/2 degrees in order to establish said tunneling current; (e) scanning said recorded track of said magnetically recorded media with said magnetic probe a first time; (f) recording changes in position of said magnetic probe during said scanning of step (e) due to changes in the magnetic field of said magnetically recorded media; (g) positioning the tip of said magnetic probe to said magnetically recorded media at an angle in the range of zero degrees to pi/2 degrees but at an angle that is different then the angle used in step (d) in order to establish said tunneling current; (h) scanning said recorded track of said magnetically recorded media with said magnetic probe a second time; (i) recording changes in position of said magnetic probe during said scanning of step (h) due to changes in the magnetic field of said magnetically recorded media; (j) positioning the tip of said magnetic probe to said magnetically recorded media at an angle in the range of zero degrees to pi/2 degrees but at an angle that is different than the angles used in step (d) and step (g) in order to establish said tunneling current; (k) scanning said recorded track of said magnetically recorded media with said magnetic probe a third time; (l) recording changes in position of said magnetic probe during said scanning of step (k) due to changes in the magnetic field of said magnetically recorded media; (m) combining the resulting three recordings of step (f), step (i), and step (l) linearly in order to obtain a single record of the position changes of said magnetic probe due to changes in the magnetic field of said magnetically recorded media; and (n) computing the magnetic fields associated with said combination of step (m) by using a mathematical equation that relates the position of said magnetic probe to the strength of the magnetic field. 6. The method of claim 5 further comprising the step of plating said magnetic probe and said magnetically recorded media with at least three-hundred angstroms of gold in order to reduce spurious probe deflection due to surface oxides on either said magnetic probe or said magnetically recorded media. 7. The method of claim 5 wherein said step of replacing the fine metallic tip of a scanning tunneling microscope with a flexible thin-film magnetic probe is accomplished by replacing the fine metallic tip of said scanning tunneling microscope with a thin-film nickel probe. 8. The method of claim 5 wherein said step of replacing the fine metallic tip of a scanning tunneling microscope with a flexible thin-film magnetic probe is accomplished by replacing the fine metallic tip of said scanning tunneling microscope with a thin-film iron probe. ************************************************************************ * Bruce Schneier 2,000,000,000,000,000,000,000,000,002,000, * Counterpane Systems 000,000,000,000,000,000,002,000,000,002,293 * schneier at counterpane.com The last prime number...alphabetically! * (612) 823-1098 Two vigintillion, two undecillion, two * 101 E Minnehaha Pkwy trillion, two thousand, two hundred and * Minneapolis, MN 55419 ninety three. ************************************************************************ From craiu at pcnet.pcnet.ro Tue Sep 3 04:31:12 1996 From: craiu at pcnet.pcnet.ro (Costin RAIU) Date: Tue, 3 Sep 1996 19:31:12 +0800 Subject: Message Digest Message-ID: <01BB9989.81517870@dial15.pcnet.ro> Hi, cypherpunks I'm interested in a 256 bits (or more) message digest algorithm (C source is better). Any URLs ? bye, c0s *-----------------------------------------------------------------------------* | Costin RAIU, D.S.E. (craiu at pcnet.pcnet.ro) | | UNIX++C, RAYTRACING, RAVE, anime and SF(ST) fan | | | | "Windows95 - Tomorrow's bugs, Today" | *-----------------------------------------------------------------------------* From jf_avon at citenet.net Tue Sep 3 04:42:45 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Tue, 3 Sep 1996 19:42:45 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age Message-ID: <9609030809.AB20606@cti02.citenet.net> On 2 Sep 96 at 11:46, Enzo Michelangeli wrote: > On Sun, 1 Sep 1996 ichudov at algebra.com wrote: > > James Seng wrote: > > > To understand the sitution better, you should not impose America > > > idealogy and perspection on how things to be done to Singapore. > > > Singapore maybe young but there are certain culture too. I agree with that. I should therefore cease, as much as possible, to interact with them by stopping to buy anything made in Singapore. Then, let them starve, fed by their highers cultural ideas. > > > Most importantly, the move to censor certain WWW site actually > > > comes as a relieve to many people, especially parents who > > > worried about the bad influence of it. We can go into the same > > > discussion about whose responsibilty it is but before you do > > > that, please bear in mind that this is Singapore. At whose moral expanse? > Of course, one may argue that the racial, social and religious > relations are better handled the American way. That, however, is a > controversial issue, and adopting confrontational cowboy attitudes > is not going to make the social evolution any faster. Who talks of social evolution? We only talk about civil liberties. And they are damn easy to implement: Leave your neighbor do what he pleases. Mind your own business. > IMHO, the present measures represent more a gesture of appeasement > to concerned social conservatives, not differently from the CDA in > the US, than an attempt to control the flow of information. This whole paragraph is a fine example of appeasement. And the CDA *is* an attempt to control the flow, not of information, but of ideas. jfa DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal JFA Technologies, R&D consultants: physicists, technologists and engineers. PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From stewarts at ix.netcom.com Tue Sep 3 05:52:55 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 3 Sep 1996 20:52:55 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609030930.CAA21885@toad.com> At 03:54 PM 9/2/96 -0700, someone purporting to be "Vladimir Z. Nuri" wrote: [EFF / Unicorn rant, deleted. ] >I also don't understand the anonymity fight by cpunks. it's the >wrong battle imho. ask any remailer operators how their services >are panning out. they will complain of the incessant spam and >increasing litigious pressure. I don't see any technological >solutions to these problems. if there were, they'd have been >invented now. As a former remailer operator who quit because of spam, and may restart when I can hack together a spam-reducing remailer, let me comment on this. We're only beginning to understand the technical questions for the parts of the problem that technology can do. One problem is that the technical definition of spam is "I'll know it when I see it", which is hard to write code for. And the definition of "offensive" is "one or more letters together, viewed by the appropriate reader", and remailers are good at finding that sort of reader. A lot of it is social, not technical. But improving blocking capabilities and news-cancel capabilities helps. And some problems are just _hard_ technically. Take 2-way remailers - encrypted reply blocks aren't perfect, because the system that handles them can decrypt them. Nymservers that depend on a different system supporting encrypted reply blocks help, because it forces Bad Guys to subvert two systems to identify the recipient, and you can chain that sort of thing to make it harder. But it's still tough, and that problem is fairly well-defined. Getting rid of vaguely-defined things is tougher. Mike Godwin has suggested that some of the major problems on the net are the results of "cheap speech". It's easy to send insults and hate email to people, nearly anonymously, nearly free, when only a few hostile people would bother doing it with paper mail, and most newspapers wouldn't print it. The News Media Establishment is threatened because anybody can broadcast anything they want to millions of people without spending millions of dollars for an artificially scarce TV channel that requires government permission to broadcast on. Readers are swamped because 25 million Internet users sending one line of text per day make 2 GB of Usenet/Web/Email, which is three or four orders of magnitude beyond what most people can actually read. Scale is tough, and problems that are half-solvable at one scale may be insolvable at the next order of magnitude. Anonymous remailers support several things I want to do, and that I want other people be able to do: 1) Let people have private conversations without being identified by third parties. 2) Let people have private conversations without being identified by each other, voluntarily and respecting each others' rights. 3) Let people broadcast things to the public that they might be afraid to do otherwise. 4) Let people broadcast things to the public without their reputations, good or bad, affecting readers' reactions. 5) Let people experiment with different personality and conversation styles, though this doesn't strictly require anonymity. 6) Let people communicate with government officials without risk. Not all of these things are always good; people can abuse them if they want, and one reason for experimenting with different kinds of remailers is to try to balance the good and bad that comes from facilitating those conversations. Technical capabilities of the remailer will affect how people use it; two-way-ness is a big win. I blocked president at whitehouse.gov on my remailer real early, though that's mainly because the government has this silly law against threatening the President. >let's face it, anonymity is a pain in the ass to support. >maybe there are other goals that are more crucial >that lie at the heart of anonymity. what cpunks are really >seaking is "assurance of freedom from retribution". when the >problem is phrased more openly like that, other solutions become >possible and worth consideration. An interesting formulation. While there are more issues than just preventing retribution, theft, and prejudice, that would be a good start. Unfortunately, the two approaches I can see to achieving it are 1) Have a perfect world with perfect people in it and perfect people running human-rights-respecting governments 2) Don't let them know your name. While there are groups that are working on bringing us closer to 1), or at least as far as "1a) Have a semi-tolerable world where the government doesn't harass you very much for what you say and doesn't single you out as a source of funds for their great plans", those folks have a long row to hoe. We can do something about 2). I'm happy to work on 1a) with people, though I won't see it in my lifetime, but you and I can work on 2) today, and accomplish something. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From hvdl at sequent.com Tue Sep 3 06:08:34 1996 From: hvdl at sequent.com (Hans Unicorn Van de Looy) Date: Tue, 3 Sep 1996 21:08:34 +0800 Subject: Passive Trojan (was:Re: HAZ-MAT virus) In-Reply-To: Message-ID: <9609030938.AA07849@amsqnt.nl.sequent.com> :: Request-Remailing-To: remailer at huge.cajones.com ## Subject: Re: Passive Trojan (was:Re: HAZ-MAT virus) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit :: Request-Remailing-To: remailer at remailer.nl.com ## Subject: Re: Passive Trojan (was:Re: HAZ-MAT virus) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit :: Request-Remailing-To: furballs at netcom.com (Paul S. Penrod) ## Subject: Re: Passive Trojan (was:Re: HAZ-MAT virus) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit The one-and-only Paul S. Penrod once stated: ! ! This has been done in the past using several vairants (but not in a image ! program). ! ! The key to the success is that the application in question has to be ! compromised to respond to these codes, either by design or by hacking. ! Either way the individual responsible must modify the execution ! mechanism, not just the data itself. ! ! Let's see -current examples of computing items with this kind of a ! "feature"... magic cookies, macros, OLE, DDE, MS Objects, JAVA, and the ! list keeps growing. And not to forget the future of virii. Modification of the BIOS of parts of the PC platform (motherboard, SCSI interfaces), or the firmware of drives. Since these building blocks are more and more equipped with flash-like PROMS which can be reprogrammed, they become a valid target for these kinds of programs. ! On Mon, 2 Sep 1996, Jason Wong wrote: ! ! > ! > Actually , THINK about it, it does makes a interesting idea for a trojan ! > horse doesn't it ? I mean, just get a solid graphic program, insert codes ! > into it so that when certain conditions, i.e. a particular gif or jpg file ! > is view, print, etc, the trojan activates !! ! > ___________________________________________________________________________ ! > ! > Jason Wong (CNE, MCP) Jason at MCSB.COM.SG ! > Network Engineer ! > MCSB Systems Pte Ltd ! > ___________________________________________________________________________ Deep Throat. From stewarts at ix.netcom.com Tue Sep 3 08:35:34 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Tue, 3 Sep 1996 23:35:34 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi Message-ID: <199609030830.BAA20001@toad.com> At 08:39 PM 9/2/96 -0800, Jim Bell (who else:-) wrote: >At the risk of sounding like a broken record (a phrase that will get ever >more obscure now that we're in the CD era...) that's why I pushing AP >(Assassination Politics.) In case anybody wonders why there _are_ relatively reasonable people like Esther Dyson who aren't happy with anonymity in spite of not liking the alternative of government control, this sort of thing _is_ one of the reasons :-) You CAN freak ALL the mundanes all the time, but it's not necessarily a good idea..... # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From jonl at well.com Tue Sep 3 08:45:48 1996 From: jonl at well.com (Jon Lebkowsky) Date: Tue, 3 Sep 1996 23:45:48 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.32.19960903115249.006e7bfc@mail.well.com> At 07:40 PM 9/2/96 -0400, Black Unicorn wrote: >> what *constructive* >> alternative to EFF do you propose? if you have none, please shut up. > >I think any organization that would apply political pressure rather than >bow to it would be an alternative. I think an organization in touch >enough with its own policy to prevent its staff and board from making >embarassing big brother type proposals to curtail the ability of any of us >to post without attributation would be an alternative. I think an >organization without the internal conflict and strife that has clearly >marred EFF in past and made it a laughable attempt at cohesive political >persuasion would be an alternative. I think an organization that had >official policies on the core issues which it proposes to influence would >be an alternative. > >In short, an organization that had even one of the needed elements of >legislative influence. (Cohesive, directed, persistent, and >uncompromising). "Uncompromising" is not an "element of legislative influence," at least not on this planet. -- Jon Lebkowsky FAX (512)444-2693 http://www.well.com/~jonl Electronic Frontiers Forum, 6PM PDT Thursdays "No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky From haystack at cow.net Tue Sep 3 09:05:00 1996 From: haystack at cow.net (Bovine Remailer) Date: Wed, 4 Sep 1996 00:05:00 +0800 Subject: Voting Monarchist? Message-ID: <9609031057.AA17091@cow.net> unicorn at schloss.li wrote: >I hate lightning it's pretty, but it can be nasty. most pretty things can. > Vote Monarchist who is the candidate? LaRouche? From jonl at well.com Tue Sep 3 09:41:36 1996 From: jonl at well.com (Jon Lebkowsky) Date: Wed, 4 Sep 1996 00:41:36 +0800 Subject: POT_hot Message-ID: <2.2.32.19960903115927.006b2548@mail.well.com> At 11:50 PM 9/2/96 -0800, jim bell wrote: >At 11:39 PM 9/2/96 GMT, John Young wrote: >> Foreign Affairs, Sep/Oct, Lead Essay: >> >> "Postmodern Terrorism. The terrorism of the future may be >> far more destructive than terrorism as we have known it." >> >> An informative survey and pot-heat by Walter Laqueur. >> >> Terrorism's prospects, often overrated by the media, >> the public, and some politicians, are improving as its >> destructive potential increases. Terrorism has >> replaced wars between nations of the 1800s and 1900s. >[deleted] >> Why assassinate a politician or indiscriminately kill >> people when an attack on electronic switching will >> produce far more dramatic and lasting results? If the >> new terrorism directs its energies toward information >> warfare, its destructive power will be exponentially >> greater than any it wielded in the past -- greater >> even than it would be with biological and chemical >> weapons. The single successful one could claim many >> more victims, do more material damage, and unleash far >> greater panic than anything the world has yet >> experienced. >> http://jya.com/pothot.txt (30 kb) > > > >Am I being unreasonable to expect at least a certain degreee of logic in the >world? Why is it that this guy (Laqueur) seems to believe that the future >is filled with "greater panic than anything the world has yet experienced." >I believe that, while there may be panic, it'll be panic on the part of the >politicians, not ordinary citizens. I suppose a certain amount of bias is >to be expected, seeing as how it's Foreign Affairs magazine. A good representation of postmodern paranoia...the ingredients: a mind somewhat boggled by the extent of change (and the extent of awareness of change) occasioned by the 'information revolution,' a growing awareness of the fragile interdependence of control systems, and (this is the clincher) an inability to trust the intentions of the vast conspiratorial World Outside. -- Jon Lebkowsky FAX (512)444-2693 http://www.well.com/~jonl Electronic Frontiers Forum, 6PM PDT Thursdays "No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky From peter.allan at aeat.co.uk Tue Sep 3 10:22:45 1996 From: peter.allan at aeat.co.uk (Peter M Allan) Date: Wed, 4 Sep 1996 01:22:45 +0800 Subject: SNAKEOIL? Top Secret for Windows Message-ID: <9609031259.AA24982@clare.risley.aeat.co.uk> DJ> From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) DJ> Subject: SNAKEOIL? Top Secret for Windows DJ> http://www.simtel.net/pub/simtelnet/win3/security/tsecret.zip DJ> ftp://ftp.simtel.net/pub/simtelnet/win3/security/tsecret.zip 12070 bytes DJ> tsecret.zip TOPSECRET!: Easily encrypts any file DJ> TOPSECRET is a program to encrypt your sensitive files. ............ DJ> Shareware. Uploaded by the author. DJ> Siva Krishna DJ> sk510019 at mail.idt.net PA> I'm interested in reading the source PA> code and any more detailed description you have. SK> I am currently not releasing the source code.Here is a copy of the zip SK> file if you get hold of a pc. -- Peter Allan peter.allan at aeat.co.uk From hvdl at sequent.com Tue Sep 3 10:26:13 1996 From: hvdl at sequent.com (Hans Unicorn Van de Looy) Date: Wed, 4 Sep 1996 01:26:13 +0800 Subject: Passive Trojan (was:Re: HAZ-MAT virus) In-Reply-To: <9609030938.AA07849@amsqnt.nl.sequent.com> Message-ID: <9609031310.AA11046@amsqnt.nl.sequent.com> A non-text attachment was scrubbed... Name: not available Type: application/pgp Size: 14 bytes Desc: not available URL: From froomkin at law.miami.edu Tue Sep 3 10:51:45 1996 From: froomkin at law.miami.edu (Michael Froomkin) Date: Wed, 4 Sep 1996 01:51:45 +0800 Subject: Los Angeles Times article on Helsingius and anon.penet.fi (fwd) Message-ID: Mike Godwin on E.Dyson: [please note that I'm just a conduit here; direct replies accordingly] ---------- Forwarded message ---------- Date: Tue, 3 Sep 1996 02:17:12 -0700 >From: Mike Godwin To: Michael Froomkin , Mike Godwin Subject: Re: Los Angeles Times article on Helsingius and anon.penet.fi (fwd) Esther had written: >Now, speaking personally: I believe there are trade-offs -- which is what I >told the LA Times. I assume I was quoted accurately (although the word >"enforce" is awkward), but out of context. Anonymity can be dangerous -- >as can traceability, especially in/by repressive regimes. Therefore I would >favor allowing anonymity -- with some form of traceability only under terms >considerably stronger than what are generally required for a wiretap. >Anyone who seriously needs anonymity because of a repressive government is >likely to use a foreign (outside whatever jurisdiction he fears) server, so >that this is not a matter of "local" laws. The tracer would have to pass >through what I hope would be tighter hoops than we have now. This is surely a reasonable statement for Esther to have made, even though connotatively it may seem to have an anti-anonymity thrust to it. Who can dispute that individual freedom (of any sort) entails the potential that someone will use that freedom badly, and that the greater the freedom the greater the theoretical potential for harm? The civil-libertarian argument can't be any naive denial of this sort of analysis -- instead, it has to something that acknowledges the truth of the principle, yet simultaneously denies the inference that the principle, standing alone, amounts to a case for limiting that freedom. One way to do so is to argue that the theoretical threat is outweighed by the benefits both to society and to individuals. Another is to point out that there seems to be no evidence that the theoretical problem has transmuted itself into a real one. You may feel free to forward this. --Mike ------------------------------------------------------------------------------- Law Professor Volokh Errs In Slate Article About Communications Decency Act. Set your browser to the following URL to read a critique of the Slate article by EFF's Mike Godwin and MIT's Hal Abelson: . Mike Godwin, EFF Staff Counsel, can be reached at mnemonic at eff.org or at his office, 510-548-3290. --------------------------------------------------------------------------- From proff at suburbia.net Tue Sep 3 11:13:22 1996 From: proff at suburbia.net (Julian Assange) Date: Wed, 4 Sep 1996 02:13:22 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <2.2.32.19960903115249.006e7bfc@mail.well.com> Message-ID: <199609031324.XAA30461@suburbia.net> > At 07:40 PM 9/2/96 -0400, Black Unicorn wrote: > >> what *constructive* > >> alternative to EFF do you propose? if you have none, please shut up. > > > >I think any organization that would apply political pressure rather than > >bow to it would be an alternative. I think an organization in touch > >enough with its own policy to prevent its staff and board from making > >embarassing big brother type proposals to curtail the ability of any of us > >to post without attributation would be an alternative. I think an > >organization without the internal conflict and strife that has clearly > >marred EFF in past and made it a laughable attempt at cohesive political > >persuasion would be an alternative. I think an organization that had > >official policies on the core issues which it proposes to influence would > >be an alternative. > > > >In short, an organization that had even one of the needed elements of > >legislative influence. (Cohesive, directed, persistent, and > >uncompromising). Certain members of the EFF board seem to be politically naive. The rational, intelligent lobbyist will always see both sides of the argument. Presenting both sides of the argument to the world at large is another matter altogether. You should only present both sides of the argument to the inner policy tactics personnel only in order to formulate policy and create defences for the weaknesses in your position. To the outside world only ever sees a united front. This is basic politics. The EFF is most certainly not the only speaker on the floor where this issue is concerned. There are some very powerful government interests who oppose anonymity in any form. For the EFF, who is viewed as normally opposing government regulation, to have it's spokes-person start shooting off her mouth and the EFF's previous position down publically before they even go into battle is political suicide. The claim of `I was just presenting my personal opinion on the matter' doesn't hold water. Dyson represents a political lobby group and has no "personal opinion" when talking publically about issues that concern the organisation she has been elected to represent. In the interview material I have seen Dyson talks about the EFF in the same context as the anonymity issue, and the reader understandably gains the impression that she is speaking on the behalf of the EFF, and I'm sure at the time Dyson and the interviewer thought she was too. Compromise is part of the legislative process, but it is something you do behind closed doors when the battle is concluded and each faction is counting the dead and starting to divide up territory. If you start the battle in a compromised position, expect to loose everything. Dyson, given her age and experience should be well aware of this, which is why I find her remarks unusual. -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+ From julf at penet.fi Tue Sep 3 12:16:41 1996 From: julf at penet.fi (Johan Helsingius) Date: Wed, 4 Sep 1996 03:16:41 +0800 Subject: Educating former anon.penet.fi users about other remailers Message-ID: <1.5.4.32.19960903141834.0084bc34@pentu.penet.fi> >If somebody were to put together a one-page note on other remailers, >would it make sense to send it to all the penet.fi users? >A canonical cypherpunks approach would be to just write one and >send it to na000001 at anon.penet.fi ..... na600000 at anon.penet.fi, >but I assume either my system or Julf's would decide it was spam >and discard it (even if it were split up into 60,000 10-message chunks.) Yes, that�s what would happen. And I fear what woudl happen, load-wise, if I tried to send 700.000 messages. Might be a good idea to post it into the appropriate newsgroups, at least. Julf From preese at erinet.com Tue Sep 3 12:35:18 1996 From: preese at erinet.com (Paul Reese) Date: Wed, 4 Sep 1996 03:35:18 +0800 Subject: hackerlist Message-ID: <2.2.32.19960903111744.8c66f01c@erinet.com> At 08:51 AM 9/1/96 EDT, you wrote: Get a clue! Why on earth would you want a list like this and why on earth would anyone want to place themselves on such a list? Dumb idea! Proves the kind of clientel that Juno opens the doorways of Internet E-mail to.... >I am planning to make a list of hackers and would appreciatte it if you >would e-mail me with the following information. >handle >e-mail >city,state >url >whether or not you would like to recieve the list when finished > thanks for your help > P. Cummings > Patrickbc at juno.com > > Reply-To: preese at erinet.com From smith at sctc.com Tue Sep 3 12:52:17 1996 From: smith at sctc.com (Rick Smith) Date: Wed, 4 Sep 1996 03:52:17 +0800 Subject: Moscowchannel.com hack Message-ID: <199609031548.KAA04410@shade.sctc.com> : On Sat, 31 Aug 1996, Joel McNamara wrote: : > Just a matter of time before some builds a dedicated Satan type tool that : > scans for HTTP server holes or messed up file permissions to make locating : > potential victims easy. Snow replied: : Write your web site to a CD-ROM and hard-code the base directory into the : webserver. Or host it on something with mandatory access control protections. There are still a handful of us building such things, and they can give really good protection to web page contents. Rick. smith at sctc.com secure computing corporation From jamesd at echeque.com Tue Sep 3 13:45:14 1996 From: jamesd at echeque.com (James A. Donald) Date: Wed, 4 Sep 1996 04:45:14 +0800 Subject: The Esther Dyson Flap Message-ID: <199609031617.JAA01391@dns1.noc.best.net> At 08:11 PM 9/2/96 -0700, Timothy C. May wrote: > Esther Dyson says that anonymity on the Net can do more damage than > anonymity in other forums, and thus may need to be regulated and restricted > in various ways. > > [...] > > This is the "knife edge," or "fork in the road," I've long talked about. If > anonymity is outlawed, it will take draconian measures to enforce > it--citizen-unit ID cards, officially issued encryption keys, escrow, > monitoring of communications, massive penalties to deter illegal use of > encryption, and other police state measures. Esther Dyson has gone over to the enemy, she is chairman of the EFF, therefore the EFF has gone over to the enemy. > I don't call her our enemy. Perhaps she just hasn't thought things through > as deeply as many of us have. This seems unlikely. After all, it is her job. The net makes free speech more effective. Therefore the world must become more free, or else must suppress free speech, and thus become less free. Which side are you on? It is that simple. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jamesd at echeque.com Tue Sep 3 13:48:11 1996 From: jamesd at echeque.com (James A. Donald) Date: Wed, 4 Sep 1996 04:48:11 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609031557.IAA28466@dns1.noc.best.net> At 06:52 AM 9/3/96 -0500, Jon Lebkowsky wrote: > "Uncompromising" is not an "element of legislative influence," at least not > on this planet. Dead wrong: The pols always say "We would like your help in writing legislation, but if you want to contribute to the legislation you must accept reasonable compromise". But we do not want legislation, so we do not want to help write legislation. We want to delay legislation for as long as possible, for the longer the delay, the more the balance of power favors the net and disavors the pols. Therefore the correct strategy is simply to attack any politician who shows any interest in legislating on our issues. We have no friends on Capitol hill, and if we did have friends, it would still be necessary to denounce them as enemies. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From nobody at huge.cajones.com Tue Sep 3 14:01:34 1996 From: nobody at huge.cajones.com (Huge Cajones Remailer) Date: Wed, 4 Sep 1996 05:01:34 +0800 Subject: Free Speech and List Topics Message-ID: <199609031644.JAA08677@fat.doobie.com> qut at netcom.com (Dave Harman OBC) penned: >! At 5:17 AM 9/2/96, qut wrote: >No doubt the media is colluding for criminal purposes and >shady outfits like The New York Times should be seized and analysed >by Department Of Justice anti-trust invesigators. I never thought I'd say this, so I'm saying it through a remailer :) but please, skippy, don't vote Libertarian! From tcmay at got.net Tue Sep 3 14:15:52 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 4 Sep 1996 05:15:52 +0800 Subject: Passive Trojan (was:Re: HAZ-MAT virus) Message-ID: At 9:38 AM 9/3/96, Hans "Unicorn" Van de Looy, aka "Deep Throat," wrote: >:: >Request-Remailing-To: remailer at huge.cajones.com .... >:: >Request-Remailing-To: remailer at remailer.nl.com .... >:: >Request-Remailing-To: furballs at netcom.com (Paul S. Penrod) > >Deep Throat. Hey, Hans, ya gotta watch those "Cc: cypherpunks at toad.com" lines! At least now we know who the _other_ "Unicorn" is. How's Sequent doing? Is Casey Powell still there? --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From declan at well.com Tue Sep 3 14:17:46 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 4 Sep 1996 05:17:46 +0800 Subject: Flux in today's HotWired/Packet Message-ID: http://www.packet.com/flux/ The recently concluded merger of Security Dynamics Technologies Inc. with RSA Data Security Inc. may have offered us one of our last opportunities for insight into the bizarre and byzantine business world of commercial cryptography in America today. And one of the chief insights we've gleaned from Security Dynamics' filings with the Securities and Exchange Commission about the merger is that the company may have bought not only a lemon, but a lemon that, when swallowed, could make Security Dynamics double over with food poisoning. Why did Security Dynamics pay nearly US$300 million for RSA, a company which had less than $1 million in profit last year on revenue of some $11 million? Furthermore, its encryption patents will expire in four years, which means that all RSA really owns is its relationships with customers such as Netscape and Hewlett-Packard. Even worse, those patents are under attack at the moment through a lawsuit filed against RSA by Cylink Corporation, an RSA competitor holding similar patents that was a one-time partner in a failed joint venture with RSA. Another lawsuit pending against RSA, Security Dynamics, and Cylink was brought by Roger Schlafly, a cryptographic researcher who is attempting to invalidate any and all patents that might attempt to monopolize public key cryptography. Indeed, in a worst case scenario, what Security Dynamics may have purchased is a huge summary judgment (against itself) should Cylink actually prevail in its suits. According to Security Dynamics' recent S-4 filing with the SEC, "RSA has been advised that, in a letter to SDI following the announcement of the proposed merger, Cylink's general counsel asserted that Cylink's compensatory damages, conservatively estimated, would exceed $75,000,000 but provided no basis for such estimate." That's the kind of negative return on investment from an acquisition that we've come to expect from America Online (remember BookLink and WAIS Inc.?)! From pstira at escape.com Tue Sep 3 14:18:55 1996 From: pstira at escape.com (pstira at escape.com) Date: Wed, 4 Sep 1996 05:18:55 +0800 Subject: What the NSA is patenting... In-Reply-To: Message-ID: On Tue, 3 Sep 1996, Bruce Schneier wrote: > I just spent a pleasant hour or so searching a patent database for all > patents assigned to the NSA. There's some interesting stuff: > > "Self-locking, tamper-evident package" > Method of retrieving documents that concern the same topic" > Oh Bruce, Bruce, Bruce, Say it ain't so -- the NSA is trying to patent the GUMMED ENVELOPE ???! *NOW* I have truly seen everything. -Millie. From tcmay at got.net Tue Sep 3 14:23:17 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 4 Sep 1996 05:23:17 +0800 Subject: The Esther Dyson Flap Message-ID: At 1:40 PM 9/3/96, Chuck Thompson wrote: >"as a citizen" You seem to be qualifying your statement. Do you mean that >she should have her right to free speech taken or stifled as chairwoman? At No. I said nothing of the kind. When people speak of "don't you believe in her right to free speech?," I try to point out that this such a "right of free speech" is not the issue at hand. >the very least, it appears that several are demanding that she espouse a >particular point of view because she is the chairwoman of an organization >which, on the whole, is assumed to have a different viewpoint. It seems to No, I said nothing like this. She is obviously free to speak anything she wishes, as a citizen or as head of an organization. It is up to members (actually: _Board_ members, as EFF is not a grassroots, member-voting organization) to decide if her support for restricting anonymous speech is consistent with EFF directions. However, as I said, if the top spokesman at EFF gives indication of having views pretty much 180 degrees out of phase with our views, it's likely we'll speak up and oppose her (or him), and perhaps even suggest that other EFF board members look into the matter. "Free speech" is not even an issue. >>Well, many of us did not pounce. Speaking for myself, I strongly suspected >>that the newspaper article had summarized a more-nuanced point and had >>effectively taken just a convenient sound bite. > >And you are to be commended for not doing so. In fact, your response to my >message is exactly what I would expect.. a well-put statement of a contrary >opinion. Thanks. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From peter.allan at aeat.co.uk Tue Sep 3 14:24:01 1996 From: peter.allan at aeat.co.uk (Peter M Allan) Date: Wed, 4 Sep 1996 05:24:01 +0800 Subject: SRP (from the cutting-room floor) Message-ID: <9609031622.AA26229@clare.risley.aeat.co.uk> JAM> Rather than divert messages, then, I propose that for each input JAM> message there is a 10% chance that a piece of cover traffic is JAM> generated. AB> The way that this kind of attack is frustrated is that dummy messages AB> are created as cover traffic by the remailer, and that at some points AB> messages can be swallowed by a remailer as junk messages. Automatic decoy traffic was in my draft, but was not in the slimmed-down document I posted to CP. This was mainly because Lance Cottrell and I agreed on that bit, and thought it could be passed over. Unlike JAM, I was in favour of decoy traffic being _inversely_ related to genuine traffic. AB> You can still do a spamming attack by recognizing the destination, AB> rather than the message: Diversion was intended to make that harder too. Eve's messages won't all go straight where she wants them. They should turn up after some of them completed the diversion, but I suggested that would sometimes be too late to track it further through the chain. As for "messages can be swallowed by a remailer as junk messages", there's a catch for the unwary in that. See below. TCM> Note that merely fiddling around with probabilities of transmission, such TCM> as described above, will not be enough. This just adds a layer of noise, TCM> which will disappear under a correlation analysis. Kelsey wrote on 28th June about correlating messages at the points of entry & exit from the remailer network. I don't know what an attacker gains by correlating _inside_ the net. Here are the bits I omitted before. DECOY MESSAGES The sending of decoy messages by users is recommended, and serves to hide statistical correlations between your sending a message and somebody receiving one. This practice should continue. It is also desirable that a remailer be able to originate decoy messages itself. Advantages include better traffic load following. The remailer knows when traffic is light and can generate more decoys. This could be important at times of low traffic such as public holidays. It would be especially important during a denial-of-service attack. When an attacker prevents messages from reaching the remailer (in the hope of isolating a small number of target messages) a locally-produced set of decoys, immune from the denial-of-service, could be crucial. DESTINATION Addressing all automatic decoys ultimately to "nobody" would ensure that they circulate in the network and then disappear. Nonconservation of message number should prove annoying to an eavesdropper. (An implementation detail on this will be mentioned later.) Addressing some of them outside the network, to test newsgroups for instance might also be useful - confusing an attacker looking at the point of exit. NUMBER A possible means of matching the traffic would be to use an exponential- along the lines of those in thermodynamics. decoys = max ( D.exp(-kT) , E ) The "max" operator here ensures that every time a batch of messages is sent a minimum number of decoys will be included. Values for the constants can doubtless be suggested by remailer operators familiar with the traffic load. ..... SILENT SPAMMING Re-encryption as discussed here will not do any good if remailers allow "silent spamming". To exploit this feature the attacker addresses his messages to "nobody" (or "null" in Mixmaster jargon). These mails fill the message pool, sweeping out all the target messages, but when they come to be sent they disappear. They do not show on the net, they do not need to be recognised and eliminated from the search. All the attacker sees leaving the spammed host is undiluted target mail. Obviously the remailer should detect messages of this type and process them without storing them in the message pool. Any message that will not be delivered to a remote host comes into this category, including those to most local accounts. I briefly examined the source of 2.0.3 (from ftp://utopia.hacktic.nl/pub/replay/pub/remailer on 11 July 1996) and could not find code to deal with this attack. [Cottrell tells me this is on the to-do list.] -- Peter Allan peter.allan at aeat.co.uk From nobody at replay.com Tue Sep 3 14:26:23 1996 From: nobody at replay.com (Anonymous) Date: Wed, 4 Sep 1996 05:26:23 +0800 Subject: KILL ALL RUSSIAN IMIGRANTS Message-ID: <199609031704.TAA02114@basement.replay.com> Return-Path: To: cypherpunks at toad.com Subject: Kill all "libertarians" From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 02 Sep 96 15:48:31 EDT Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y. Sender: owner-cypherpunks at toad.com >From nobody at REPLAY.COM Mon Sep 2 12:26:36 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Mon, 02 Sep 96 15:42:57 EDT for dlv Received: from basement.replay.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA18013 for dlv at bwalk.dm.com; Mon, 2 Sep 96 12:26:36 -0400 Received: (from replay at localhost) by basement.replay.com (8.7.5/8.7.3) id SAA11752 for dlv at bwalk.dm.com; Mon, 2 Sep 1996 18:26:28 +0200 (MET DST) Date: Mon, 2 Sep 1996 18:26:28 +0200 (MET DST) Message-Id: <199609021626.SAA11752 at basement.replay.com> To: dlv at bwalk.dm.com From: nobody at REPLAY.COM (Anonymous) Organization: Replay and Company UnLimited Xcomm: Replay may or may not approve of the content of this posting Xcomm: Report misuse of this automated service to Subject: All russians are scum. No exceptions. Return-Path: To: cypherpunks at toad.com Subject: Re: Sen. Leahy's "impeccable cyberspace credentials" From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Comments: Dole/Kemp '96! Date: Mon, 02 Sep 96 01:19:37 EDT Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y. Sender: owner-cypherpunks at toad.com jonathon writes: > On Sun, 1 Sep 1996, James A. Donald wrote: > > > > I agree with what you are saying but not all polititions are that bad. > > > You make it sound as if their are no politisions are for freedom of the > > > net. > > So who is the exception? > > Harry Browne Libertarian Party Candidate. Harry Browne is a fucking statist. All politicians are scum. No exceptions. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From attila at primenet.com Tue Sep 3 14:35:02 1996 From: attila at primenet.com (attila) Date: Wed, 4 Sep 1996 05:35:02 +0800 Subject: Blissful? Ignorance (was SCO giving free licenses to UNIX OpenServer) Message-ID: <199609031629.KAA02275@InfoWest.COM> ** Reply to note from Hallam-Baker 09/02/96 5:15pm -0400 --or another Hallum-Baker ignorant rant v. unix, bsd, etc. = Eric Murray wrote: = > = > Scottauge at aol.com writes: = = > > Read, Understand, and Delight... Microsoft maybe in trouble at last. = > = > I doubt it. People don't use Microsoft products because = > of their quality or functionality. = = Errmm.. hate to disappoint but SCO UNIX started life as Xenix which = was written by Microsoft in the dark ages. = = the **original** SCO product and versions up to 3.something **were** xenix --not written by MS, but simple unix V7 which was capable of 64K program and 64K data and would run on a 286. MS had a substantial investment in SCO when the old man was screwing things up (before the old man was forced out for sexual harassment --his brother had long since raped Convergent and was gated). MS had made the V7 deal with Western Electric with Billy thinking he had an exclusive on **the** way to go --better than sliced bread; V7 was not commercially available --only to universities because of a WE consent decree with the government. Billy was in seventh heaven --sure he had the deal of a lifetime! not so: Bell Labs shortly announced the breakup and decided to commercially ship System III --it was available in source code only, but the price was only about $25K in the first go around, and you could produce binaries for sublicensing for $250 or some such --it was not a great price, but it was doable. System III was not restricted to 64K plus 64K. One of my major conract customers at the time was WE --System V R2 was already available internally, including a decent VAX port (unlike the really piss-poor V32 Berkeley rewrote into BSD 4.2 --offering it back to Bell Labs for free, which was spurned from the Ivory Tower at Murrey Hill...) With the WE and AT&T breakup, and the multiple licensing activity, Gates hit the roof --threw several well known major temper tantrums, including at least one at WE/Labs that I am directly aware of. Gates vowed to bury UNIX in all flavours and has had that intention ever since --non-stop. Billy-boy does not carry a grudge lightly --he not only gets very mad and comes off the wall (or handle), but he has every intention of getting even. I've always figured Billy suffers from Tourette's for his mannerisms, his uncontrollable rage, &c. --just has not learned to manage it, and figured his Daddy could solve it all --and now there is an item of $10billion give or take a few --buys a lot of hate. part of Billy's vindictive plan against AT&T involved hiring Dave Cutler from DEC --Cutler was the self-styled leader of the VMS team, also with a bad case of temper-tantrums I saw dave literally shatter an impossible to break WE 500 series telephone simply by "hanging" it up.... (...time to clear the decks!) and that was for NT --great job! Cutler took the deal thinking he had a free hand --at Billy's place? --naive. and Dave had to put up with the Windows legacy... the crap that goes on inside NT is not all Cutler's direct fault. and that is Billy Boy and the SCO club... and death lurking in the alley for unix --but I doubt he will be able to kill it --there is just too large a crowd of professionals who refuse to use MS --not just because the product is crap, but because of Billy. = > > This is for single user home based UNIX systems. = > = > Single-user UNIX isn't all that useful. = matter of opinion --works fine, just like the big guys, on a workstation. so it limits you to one login -??? runs full multi-tasking re-entrant just like multi-user. somewhere along the line, you were standing behind the door and forgot to listen when single user limitations were defined. = Listen to the guys who built it. UNIX = is a program development environment. = that's so ludicrous, it's funny. you figure everyone just sat around playing with themselves? I wouldn't tell that to Thompson, Ritchie, Kerrigan and friends... unix was a **tool**. = In the early years it was = interesting because there was source available, that ceased to be = the case years ago. = and AT&T source has always been available at some price. BSD source from 4.2 through the current (and last) 4.4 is freely available, give Walnut Creek $29,00 and you have it all and pay the shipping from Free Software Foundation (GNU) and you have all that too (most of which is on the freeBsd and Linux CDROMs anyway. = Multi-user ain't much better. Listen to the guys who built it. apparently you never figured out there was anything after SCO's initial releases --they were junk as was their first several passes at System III and V -they tried to live with their Xenix Heritage --including trying to make System III run on a 286 --an abysmal product. today SCO is shipping SysV R4+ --the last Labs and Unix International version which also contains all BSD calls which were added by SUN under contract --it's a good solid product. however, despite years of kernal hacking for WE, I still prefer straight BSD flavours. Commercially, SUN leads that pack, followed by DEC with Ultrix which is BSD by another name... HP is sort of System V R4+ Even IBM is Unix --they just call it AIX and it is BSD based --also very solid and thoroughly supported --you can not even get IBM heavy iron without AIX --MVS &c. run as processes. Ken Olsen, founder of DEC, called unix "snake oil." DEC's VMS is good, but was originally a DCL platform. security is excellent by comparison to early unix, but it is not open (or was not, to be correct) --and source is virtually out of the question. FYI, both unix and VMS are derived from Multix... Today DEC ships Ultrix on everything, and VMS basically only on the mainframes. Ken Olsen was forced out when the sales staff blew Ford Motor Co out of the water on an immense deal, along with an even larger Fed contract --essentially the salesmen refused to sell unix (required in both bid specs) on the hardware.... DEC started sliding, and Ken was "retired." = Today Linux probably represents the future of the UNIX family, it = allows people who want to hack at the OS level access to the sources = of a fully functioning OS. This allows people to add in new kernel = features, schedulers and other exotica without having to write a = whole new O/S. = the only reasons NT will end up in big business is a) politics, b) freebies, and c) intimidation. MIS staffs will not choose it, MSNBC just canned NT 4.0 as worthless junk. Linux has a large base, but it is a warmed over version of Bell System V --rewritten supposedly from scratch by a husband/wife team (I might have believed it had it been the husband/wife team of Peter Conklin who was also on the DEC VMS gig from the gate --I gave him his first job out of Harvard in 1962 --arrogant, but 100%. = Just don't confuse it with "home computing", this is geek computing = and you better have a lot of interest in computing to use it. = that's pure bullshit, again. actually, FreeBSD is easier to handle than Linux and more professionally supported --including ongoing active development, It qualifies as home computing in my book --you take the CD, copy two disks out to kick it off, and say GO. comes up in X windows... geek code? get off your MicroSlop mentality limitation. = Home = computing is the market for users who need a system that's simpler = than a VCR or they can't use it. = that's total nonsense, your British class system is showing its ignorant face again -you are insulting what little intelligence the American middle class does have... unless you really wish to limit the users to TV set-top boxes which can "surf" a few canned sites from assholes-on-line, etc. the children of the household will never settle for that! = At one time that meant Apple, today = it means Microsoft, it will never mean Linux - not unless someone = can make Linux much much simpler than it is at present and provide = decent WISIWIG tools such as editors etc. designed for use by aunt = Ethel. = give me a break! your igonance is showing --it's plain and simple an MS advertising jugernaut! both linux and freebsd have X built in --FreeBSD actually goes directly to X at bootup --and there are plenty of tools,editors, etc in X --and freeBSD runs Linux binaries. and there are a number of high grade packages which are fully supported. Secondly, SUN binaries for X86 are no more expensive than MS is heading for with NT which they will use to "replace" W95 (W95 was just another MicroSlop holding pattern). just a simple fact: MicroSlop advertising buries anything and everything. and, if that does not work: Intimidation is just another form of Communication and Billy's real good at, witness the DOJ and FTC round 2 unfolding now. apparently your schooling is limited to MS courses.... MS is a pure virus on its own, if not the software, than certainly the company. why does MS have 85% of the desktop? --the power of money and lies --and a loud noisy parade with a bandwagon, free beer, and all that good stuff that goes with predatory market practices. fair competition? why should MS be fair when its stated goal is to take a fraction of **every** transaction on any network. Billy has no tolerance for the existence of anything other than Billy's creations and control --total control. It does not matter if W95 crashes more often than 3.1 --upgrade it for more money! Money is the name of the game at MS, not decent product for a reasonable price. Always has been, always will.... --attila -- Now, with a black jack mule you wish to harness, you walk up, look him in the eye, and hit him with a 2X4 over the left eye. If he blinks, hit him over the right eye! He'll cooperate --so will politicians. From vipul at pobox.com Tue Sep 3 14:44:55 1996 From: vipul at pobox.com (Vipul Ved Prakash) Date: Wed, 4 Sep 1996 05:44:55 +0800 Subject: [NOISE] The Doors Message-ID: <199609031936.TAA00607@fountainhead.net> The Doors was not only about freedom and love, but about crypto too! Notice these lines from the song "Five to One" Old [cipher] gets old and young get stronger May take a week baby, may take longer [to crack] they've [clinton] got the guns and we've got the numbers gonna win we will take 'em over, com'on. :) - Vipul -- Vipul Ved Prakash | - Electronic Security & Crypto vipul at pobox.com | - Internet & Intranets 91 11 2247802 | - Web Development & PERL 198 Madhuban IP Extension | - Linux & Open Systems Delhi, INDIA 110 092 | - (Networked) Multimedia From jimbell at pacifier.com Tue Sep 3 14:48:34 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 4 Sep 1996 05:48:34 +0800 Subject: The Esther Dyson Flap Message-ID: <199609031719.KAA03089@mail.pacifier.com> At 08:11 PM 9/2/96 -0700, Timothy C. May wrote: >Esther Dyson says that anonymity on the Net can do more damage than >anonymity in other forums, and thus may need to be regulated and restricted >in various ways. I disagree, as "the Net of a Million Lies" (to use Vinge's >term) has grown up with anonymity, and few people take the anonymous (or >not) rants and charges made in the millions per day with the same degree of >certainty they take print comments. Put another way, there is no clear and >present danger. Indeed, I support the elimination of concepts such as "slander" and "libel" precisely because they cause more harm than good. Currently, there is an illusion among ordinary citizens that "if that was untrue, you could sue him for libel!" despite the fact that this is rarely practical. In that way, the law actually adds credibility to what should be an incredible claim. Eliminate libel suits, and you've eliminated any presumption that because it's been spoken or is in print, it's likely to be correct. Jim Bell jimbell at pacifier.com From vznuri at netcom.com Tue Sep 3 14:59:12 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 4 Sep 1996 05:59:12 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609030930.CAA09010@mail6.netcom.com> Message-ID: <199609031737.KAA20451@netcom2.netcom.com> agree with all of BS's points... >Anonymous remailers support several things I want to do, >and that I want other people be able to do: >1) Let people have private conversations without being identified >by third parties. >2) Let people have private conversations without being identified >by each other, voluntarily and respecting each others' rights. >3) Let people broadcast things to the public that they might >be afraid to do otherwise. >4) Let people broadcast things to the public without their >reputations, good or bad, affecting readers' reactions. >5) Let people experiment with different personality and >conversation styles, though this doesn't strictly require anonymity. >6) Let people communicate with government officials without risk. I suspect all these items can be accomplished using means other than anonymous remailers. anonymous remailers are a good start, but possibly there is still technology waiting to be invented to support some of these features. one possibility that I'm very interested in: consider that Usenet was not built from the ground-up to support anonymity, nor was the sendmail system. when anonymity was introduced to Usenet, everyone went crazy, and it was only marginally supported. I think I may work on some technical proposals along these lines for future posting here, because much of this dialogue has me thinking. what cpunks might consider doing is creating an alternative message distribution system like Usenet that starts from the premise that anonymous communication is allowed and trying to grow it. btw, McCullagh's and other's claims about "ghettoization" of anonymity strike me as very specious. as long as people can use anonymity in some forum they want, I think that's acceptable. what's the equivalent of a "ghetto" in cyberspace? you can't go into a meeting of professionals wearing a ski mask, although you might be able to create such a forum yourself. does that mean you are in some kind of a "ghetto"? oh, brother. From surya at premenos.com Tue Sep 3 15:07:23 1996 From: surya at premenos.com (Surya Koneru) Date: Wed, 4 Sep 1996 06:07:23 +0800 Subject: rc2 export limits.. Message-ID: Hi, Does anyone know the export limit for RC2 Key size ? --Surya From vznuri at netcom.com Tue Sep 3 15:09:29 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 4 Sep 1996 06:09:29 +0800 Subject: What is the EFF doing exactly? In-Reply-To: Message-ID: <199609031730.KAA20063@netcom2.netcom.com> >I would put forth that you know nothing of my efforts, and therefore are >in no position to judge me. I would also put forth that the efforts of >EFF, or lack thereof, are quite public. that's my point. an entity that is willing to put its reputation on the line is inherently more valuable than one that is not, imho. all the EFF members have good public track records. what EFF has accomplished is checkered, like any battle-scarred infrantry will experience. if you expect unadulterated success, you're not living in the same reality everyone else around here is. granted, EFF has made some serious compromises in their agenda. they're finding their identity. but it doesn't help to have people rant at them and ignore their notable successes, and tend to criticize them merely because they're a public target. whenever you criticize something, please keep in mind the basic qualification: what is a better alternative? sure, EFF hasn't had stellar success, but then, who has in the agenda they are pursuing? their goals are extremely ambitious and difficult in the current climate. lack of success is proof of the difficulty, not of any incompetence, as I wrote. when you begin to understand this, you won't alienate those you are critical of. EFF members are *tremendously* open to positive comments. instead you harangue them and lose their good will to the point that they may tend to ignore cpunk comments entirely because of your very poor example. >I think any organization that would apply political pressure rather than >bow to it would be an alternative. I think an organization in touch >enough with its own policy to prevent its staff and board from making >embarassing big brother type proposals to curtail the ability of any of us >to post without attributation would be an alternative. I think an >organization without the internal conflict and strife that has clearly >marred EFF in past and made it a laughable attempt at cohesive political >persuasion would be an alternative. I think an organization that had >official policies on the core issues which it proposes to influence would >be an alternative. why don't you start one then? what you seem to fail to adequately understand is that there is virtually no organization in the world that is free from the difficulties you describe. whenever you have multiple people working together, you aren't going to have clear-cut successes. cpunks are always yelling at anything resembling organization, which really annoys me. EFF has had tremendous powerful successes in areas you are conveniently overlooking, in areas that are hard to measure, such as increasing public awareness. can you make a good case that EFF has had no positive effect? we may be living in a much darker reality without them. >In short, an organization that had even one of the needed elements of >legislative influence. (Cohesive, directed, persistent, and >uncompromising). our congress does not have this property after centuries of trying. why should a private organization totally transcend it? face it, getting things done in this world can be awfully tricky at times. you make it sound like attacking Clipper or stopping any of the legislation that has made its way into congress is a trivial endeavor. go ahead, please create a counterexample. > What is so shocking about announcing that a >given organization does not support my interests and therefore calling on >others who share my interests not to make financial donations to said >organization? you can criticize an organization without implying the people who contribute to it are incompetent, a distinction that has subtly eluded you so far. > Is there something EFF fears in free speech and political >consensus building? Perhaps if they had a straightforward policy.... no matter what they decide, they will be flamed by someone such as yourself. they do have an agenda. >Phrased another way, who cares what you are tired of hearing? the EFF ranting is periodic, and your own sour comments are a repeated feature of this list. who *are* you? why are you so critical of everything in existence? based on previous rants, you're a habitual sourpuss. >No, but when an organization espouses nothing on a given subject key to >its mission, what does that say? What about when its members espouse >entirely different and even counter productive beliefs? again, you are presuming that anonymity is key to their mission. that's a big leap of faith. there is room for honest disagreement. you haven't heard of their agenda personally, so you are assuming there is none. from what I have seen, there is a reasonably cohesive agenda going on, and I'm not, like yourself, assuming that it doesn't exist merely because I haven't seen it blared in a noisy advertisement somewhere. I agree with some of the EFF member's comments: anonymity could be a very serious quagmire to support. there are probably better trees to bark up. >I thought its point was to protect cyberspace? of course, the interpretation of what is a threat is subjective. >There aren't many battles to choose. Let's seem some action. EFF has lobbied against many of the bills you mention. again, I think you're being unfair in assuming merely because you haven't heard of them accomplishing anything, they haven't. >I do infact feel the cpunks have a greater track record than EFF. Tell >me, what has EFF done? The list of "cypherpunk" accomplishments in terms >of making the net a better place to be is, in my view, significant. >Certainly the discussion here is livelier than anything I've seen from >EFF. ah, the fundamental illusion that is going on here. discussion alone is WORTHLESS in changing the world. yet we have REAMS of it on the cpunk list. I'd say EFF has *acted* and put enormous effort into its agenda. but it is invisible because its not easily quantified. ask them how many pamphlets they have printed for the public, how much mail they have sent out to members informing them of developments, etc. consider the high-quality EFF newsletter. is there anything like that in the cpunk area? frankly I think your comparing cpunks to EFF is really laughable. they are not even in the same ballpark. it only shows how warped your concept is of what an "accomplishment" is. >You reveal here the basic character of your objection. You don't like >the fact that I criticized EFF. no, as I stated, criticism is great, but yours is written in such a way as to imply your target is incompetent. your tone has changed significantly in your letter now that I have challenged you on it. >Well what, EFF, have you done for us LATELY? EFF hasn't done much for anyone who hasn't paid their dues.. >English is not my first language. Start paying my hourly rate to type in >the thousands of words and dozens of legal summaries I send to this list >every month and I will begin to proof read carefully. your legal summaries are impressive. your rabid criticisms leave a sour taste in my mouth. measured criticism, I can deal with. >> and you, like many other cypherpunks and cyberspace weasels, >> have a whine-and-shriek-from-the-shadows bent. > >And your point is? > >You'd like the shadows lifted? Speaking without a true name attached is >somehow evil? really, an opinion without attribution is not worth as much as one with it. there's no escaping this simple concept. I agree that a pseudonym can gain a reputation, but yours has very little associated with it to qualify criticism of EFF imho. so you have posted regularly to the cpunk list. big deal. >This is EFF talking. "The situation is hopeless, bail now to preserve >image." EFF has changed its direction from working in washington. a straw man statement if I ever heard one. From jonl at well.com Tue Sep 3 15:35:21 1996 From: jonl at well.com (Jon Lebkowsky) Date: Wed, 4 Sep 1996 06:35:21 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.16.19960903130738.422f617c@mail.well.com> At 08:06 PM 9/2/96 -0700, James A. Donald wrote: >At 06:52 AM 9/3/96 -0500, Jon Lebkowsky wrote: >> "Uncompromising" is not an "element of legislative influence," at least not >> on this planet. >Therefore the correct strategy is simply to attack any politician who shows >any interest in legislating on our issues. > >We have no friends on Capitol hill, and if we did have friends, it would >still be necessary to denounce them as enemies. As I said, on *this* planet. -- Jon Lebkowsky http://www.well.com/~jonl jonl at hotwired.com From qut at netcom.com Tue Sep 3 16:32:31 1996 From: qut at netcom.com (Dave Harman OBC) Date: Wed, 4 Sep 1996 07:32:31 +0800 Subject: SRP (from the cutting-room floor) In-Reply-To: <9609031622.AA26229@clare.risley.aeat.co.uk> Message-ID: <199609031909.MAA20276@netcom.netcom.com> This sounds simple to implement by users and remailers, after all, cpunk messages with bad syntax -> /dev/null . Users can implement this quite easily, simply use the cpunk more than you actually need to. You are your best decoy. I muse about the idea of remailers that freely allow anybody to access the ques of the cpunk remailers with http and telnet. If people are using the remailers properly, and the destination is usenet, there's no loss to privacy. This can even be implemented with e-mail destinations, with no loss to privacy that isn't already lost simply by using the net itself. Should this idea be implemented with the cpunk remailers, it can actually prevent the seizure of the server by the authorities, considering how they couldn't get anything they couldn't have already gotten by simply telneting or httping in. There is the reported risk of the timing cryptanalysis attacks, so a que of messages can be made inaccessable while the actual {en|de}cryption is being done. I plan on doing these things when I can get the Linux/BSD system more figured out than I have. I'm primarily intersted in learning, so I plan on keeping an open system, other than the Mixmaster binaries and other stuff affected by ITAR. From wendigo at pobox.com Tue Sep 3 16:35:20 1996 From: wendigo at pobox.com (Mark Rogaski) Date: Wed, 4 Sep 1996 07:35:20 +0800 Subject: PKS RFC Project Message-ID: <199609032023.QAA01688@charon.gti.net> -----BEGIN PGP SIGNED MESSAGE----- For anyone who is interested in contributing to our experimental RFC for public key servers, I set up a little mailing list for discussion. pks-rfc at charon.gti.net To subscribe, send a message to pks-rfc-request at charon.gti.net with "subscribe" in the subject field. mark - -- Mark Rogaski | Why read when you can just sit and | Member GTI System Admin | stare at things? | Programmers Local wendigo at gti.net | Any expressed opinions are my own | # 0xfffe wendigo at pobox.com | unless they can get me in trouble. | APL-CPIO -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMiyToBz4pZwIaHjdAQGxTQf+Pvz6tFzbncPkbj2QX6awMjVZiYcAknQx /n6JWGFpImCs+/WZJOqesUMWUXA2/Iwg1un2djZ5n8xsQKvcRzHrKwo3C8ZV9ECn KuDJe/y2ZeU5sOSvqyyDATUxSUstj4CwhTES5/OD2NcuIKkVPW/h4Gtoo5ZuPp3D wWdHjsuZ2tAZACvICpNvq3wHu2bW4Skv4p/BQeJFfRtGst/blmHrprFjjnlIXIUs yF2S60DilGjIkcAtljGbI0VgH3O8Ra2HM4pTx/bDh86YTx8SKuOiZ6KbJwZl81yt uEwkhdKrfQkp5M3FgfS1k1sIWjIm3K5u1osIqcTrTem5a1eivXqx/w== =EvkN -----END PGP SIGNATURE----- From qut at netcom.com Tue Sep 3 16:41:10 1996 From: qut at netcom.com (Dave Harman OBC) Date: Wed, 4 Sep 1996 07:41:10 +0800 Subject: rc2 export limits.. In-Reply-To: Message-ID: <199609031938.MAA26356@netcom.netcom.com> ! Hi, Does anyone know the export limit for RC2 Key size ? Who cares? We already know it isn't good enough, if it was, the size or key would be illegal to export. From dlv at bwalk.dm.com Tue Sep 3 16:49:17 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Sep 1996 07:49:17 +0800 Subject: The most ridiculous SPAM in my lifetime In-Reply-To: <199609030322.WAA13140@manifold.algebra.com> Message-ID: geek at algebra.com (Computer Geek) writes: > This is the American reincarnation of Ostap Bender. > > Next spam from him will be about interplanetary chess congress, > no less I am sure. I'm sure the few cypherpunks who haven't read the Ilf&Petrov book all saw the Mel Brooks movie (the 12 chairs) and recognized the cryptic reference. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From hack5 at juno.com Tue Sep 3 16:49:17 1996 From: hack5 at juno.com (patrick b cummings) Date: Wed, 4 Sep 1996 07:49:17 +0800 Subject: No Subject Message-ID: <19960902.151101.3470.0.hack5@juno.com> their is a new mailing list for all you hackers just email your name or handle and e-mail address and youll be subscribed send information to hack5 at juno.com From dlv at bwalk.dm.com Tue Sep 3 16:54:27 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Sep 1996 07:54:27 +0800 Subject: anon.penet.fi: URGENT REQUEST In-Reply-To: <199609022129.OAA02339@myriad> Message-ID: <05XoTD3w165w@bwalk.dm.com> ghio at netcom.com (Matthew Ghio) writes: > $500 tops. 8MB is probably okay, 16 might improve resistance to mailbombs > a bit tho. You can get 486 motherboards for under $100 nowadays. > Do the math: used 486 MB+CPU: $100 > 16MB RAM: $150 > case+powersupply: $50 > 100MB HD: $20 FWIW, a very nice store in NYC called J&R (Park Row) is selling Digital 486 boxes for $600, including 16MB RAM, 540MB hd, and color monitor. I also bought a 16MB thingie for my kid's 486 for $109. > HD Controller: $15 > Dual 16550 Serial Card: $15 > 28800bps Modem: $150 I just got an internal 28.8Kbps modem (including fax) for $100. > ------ > $500 > > And if you really want to run a remailer, I can sell you most of the above, > and I'll even throw in a 340MB IDE HD with Linux+remailers preinstalled! > (Yes, I'm serious.) Are we talking about running a remailer over a dial-up UUCP, the way Julf did? This box runs over dial-up UUCP on 14.4K modem, with two incoming feeds. I may be willing to run a remailer to replace anon.penet.fi - let's discuss t (It used to have an outgoing feed to Moscow, but not anymore. :-) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From mech at eff.org Tue Sep 3 16:55:03 1996 From: mech at eff.org (Stanton McCandlish) Date: Wed, 4 Sep 1996 07:55:03 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609030615.XAA00596@eff.org> Message-ID: <199609031953.MAA25374@eff.org> [This post may be fwd'd to the CP list if it does not show up there from my sending it.] Bill Stewart typed: > While nobody's called Esther Dyson a Communist here yet, there are > people on the board I disagree with - Mitch Kapor, in particular, has shown who is no longer on the board > signs of being a (gasp!) Democrat! My initial reaction to the EFF's first Democrat v. Republican is largely irrelevant here, though more relevant when you get into infrastructure, universal access, and intellectual property issues - stuff that EFF has touched on here and there, but which is not at the heart of our mission. There are other democrats on our board and staff, as well as Republicans. Even Kapor, however, is very strongly for competition, for entrepreneurs, for markets, and ergo differs from a lot of Democrats in that regard. And no one at EFF that I know of is an extreme liberal or conservative on social issues (both extremes are very censorious - the right of "ungodly" things, and the left of "un-p.c." things). So, again, I'd like to suggest that political party affiliation is approaching meaninglessness. The political axis that counts isn't l. vs. r., but civil libertarian v. authoritarian. No one at EFF is an authoritarian. > year or two was that they were doing some very good things > (the Steve Jackson defense), That was quite a bit more than a year or two ago. :) > and also had people making speeches about > the need to provide everybody with access to the Information SuperHighway. > Getting the S.266 anti-crypto-pro-wiretapping bill killed a few years > ago was what convinced me to join them, though their compromise positions > on some of the other anti-freedom bills since then have not helped > my mixed views of the organization. There were no compromise positions. We have 100% opposed implementation of such legislation. In the case of the Digital Telephony Bill (the later version of S.266, drafted by the FBI), we were simply unable to stop it, and instead had to try to strip as much FBI wish list out of it as possible and insert privacy protections. That's not a compromise, that's emergency action. We did everything we could. We are too, for numerous reasons. > Maybe. If it's a good position, it will recognize that anonymity > is a mixed blessing; there are people who use it creatively and > responsibly, like Black Unicorn and Lucky Green, and there are > spammers who abuse it to the detriment of society, like the slimeball > who used my remailer to post hatemail to the gay newsgroups with > somebody else's name attached to the bottom. On the other hand, > free speech is also a mixed blessing; there _are_ things I wish people Such a position is likely to be the one EFF takes if it takes one, which is probable. EFF in generally does not issue extremist position statements, but is careful to examine the risks as well as the benefits, and look for pro-liberty solutions to those risks. > had the good taste not to say, but I'm not going to get in Voltaire's > way while he defends to the death their right to say them... Just as an aside, in case anyone's interested, what Voltaire actually said was, "I never approved either the errors of his book, or the trivial truths he so vigorously laid down. I have, however, stoutly taken his side when absurd men have condemned him for these same truths." The "defend to the death his right to say it" paraphrase is an embellishment. :) -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From dlv at bwalk.dm.com Tue Sep 3 17:03:37 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Sep 1996 08:03:37 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age In-Reply-To: Message-ID: Enzo Michelangeli writes: > I agree with what you say, and that's exactly why all this thread is out > of focus. Blocking anything on the net is impossible, we know it and, I'm > sure, the Singapore government knows it as well. The filtering proxies Am I the only one to notice the striking similarities between the actions of the SG gubment (kill kill kill) and the self-appointed censors who keep inventing new classes of 'inappropriate' Usenet articles for which they forge cancels? First they forged cancels for any materials which was reposted too many times, then binaries cross-posted in non-binary newsgroups (supposedly cross-posting wastews bandwidth), then any articles with "cracking" information on breaking copy-protection... --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Sep 3 17:09:08 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Sep 1996 08:09:08 +0800 Subject: Voting Monarchist? In-Reply-To: <9609031057.AA17091@cow.net> Message-ID: Bovine Remailer writes: > > Vote Monarchist > > who is the candidate? LaRouche? Harry Brone is a fucking statist. If he weren't, he wouldn't be running for president. Anyone who doesn't advocate killing all kings, presidents, and prime ministers is a fucking statist and should be beaten to a pulp with a rattan stick. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From frissell at panix.com Tue Sep 3 17:09:50 1996 From: frissell at panix.com (Duncan Frissell) Date: Wed, 4 Sep 1996 08:09:50 +0800 Subject: The Esther Dyson Flap Message-ID: <2.2.32.19960903204031.008a7850@panix.com> At 09:42 AM 9/3/96 -0700, Timothy C. May wrote: >However, as I said, if the top spokesman at EFF gives indication of having >views pretty much 180 degrees out of phase with our views, it's likely >we'll speak up and oppose her (or him), and perhaps even suggest that other >EFF board members look into the matter. "Free speech" is not even an issue. Everyone please take a deep breath. Slow down. Reread Esther's comments. Count to 10. Notice that nowhere does she call for state action to outlaw anonymity. She explicitly predicted a place for anonymity in her CFP'95 talk (is it on the Net anywhere?). We may disagree with her predictions of the future scope of anonymity or with her concerns about the risks of the practice but she has never called for State action. She is discussing the problems she perceives with it. That's all. Poor Esther, Forbes swatted her last week for her prediction that the Net kills copyright and now some of us are swatting her for her prediction that many of the future Net transactions will be non-anonymous. She may be wrong in this prediction but so what. Remember she is from the soft left. She is not a macho-flash radical libertarian like many of us. Save the 155 MM howitzers for the armed opposition not for our allies. DCF From mech at eff.org Tue Sep 3 17:19:44 1996 From: mech at eff.org (Stanton McCandlish) Date: Wed, 4 Sep 1996 08:19:44 +0800 Subject: What is the EFF doing exactly? In-Reply-To: Message-ID: <199609031904.MAA23619@eff.org> [again, since I'm not on the CP list these days, feel free to bounce this over to the list if it doesn't make it. I'm not sure what the non-subscriber posting policy is and/or whether such attempted posts are filtered out, though I seem to recall they didn't used to be.] Black Unicorn typed: > > On Mon, 2 Sep 1996, Vladimir Z. Nuri wrote: > > > > > ah, the quasi-yearly ranting on EFF has started up. what a great > > opportunity for drop-down-drag-dead flamewar. > > > > Black Unicorn: I resent your holier-than-thou moral posturing > > over EFF, and am going to attack it as representative of other > > criticism I have seen of EFF. > > I, unlike EFF, have never compromised my efforts to make strong crypto, > unescrowed strong crypto, and digitial communications, free from the FUD > spouted by government and media alike. I, unlike EFF, have never > compromised my efforts to resist the expansion of a wiretap state. I, > unlike EFF, have never proported to be a political represenative for these > positions and folded under the weakest of pressures like a reed. EFF has done none of that either. Compromise: 1. a settlement in which each side gives up some demands or makes concessions. 2. a) an adjustment of opposing principles, systems, etc., by modifying some aspects of each b) the result of such an adjustment. 3. something midway between two other things 4. a) exposure, as of one's reputation, to danger, suspicion, or disrepute b) a weakening, as of one's principles, ideals, etc.) as for reasons of expediency. 1 did not occur. EFF yielded nothing on any of the issues you mention. On Digital Telephony, which you clearly allude to, EFF opposed implementation of the wiretapping provisions of the CALEA bill from start to finish, and was instrumental in stripping most of them out, replacing them with new privacy protections. 2 did not occur. Our mission remains unedited from the day it was adopted, and EFF is just as committed to those principles now as ever. We don't have a system, in the relevant sense, as such. There was no such adjustment, ergo no result of one. 3 does not apply in any relevant sense (our steadfast assault against the CDA is a "compromise" under such a definition because it was neither a total victory, nor a total loss - yet I'm certain this is not the definition of "compromise" that you intend). 4a is not relevant (that's the security/secrecy-related definition, a nonsequitur in this context). 4b is simply a restatement of 2a - simply didn't happen. Our results speak for themselves on this. > > EFF is an organization that is professional and has > > worked toward improving cyberspace. it is easy for someone > > such as yourself to criticize such an organization anonymously, > > but what is the justification of your criticism? to me someone > > who has tried and failed, yet is still trying, is better than > > someone who has never tried. > > I would put forth that you know nothing of my efforts, and therefore are > in no position to judge me. I would also put forth that the efforts of > EFF, or lack thereof, are quite public. I would put forth that the public factors of EFF's efforts are quite public, but that you know nothing of the internal factors of those efforts, and ergo lack sufficient knowledge to make the allegations you make. > > what *constructive* > > alternative to EFF do you propose? if you have none, please shut up. > > I think any organization that would apply political pressure rather than > bow to it would be an alternative. I think an organization in touch I'm at a loss to think of any time in which EFF did otherwise. I don't think you have any concept whatsoever what a fight EFF put up over Digital Telephony. I would strongly advise a reading of the original version of the DT/CALEA bill, and the version that passed after EFF took an axe to it. You'll find a world of difference. You're welcome. We make no bones about the fact that the DT bill passing at all with wiretap provisions in it was a defeat. Defeats happen. Being defeated is not the same thing as bowing, as yielding the fight. > enough with its own policy to prevent its staff and board from making > embarassing big brother type proposals to curtail the ability of any of us > to post without attributation would be an alternative. I think an In other words you propose an alternate EFF that censors its own boardmembers. I'm not aware of any logical consistency that could adhere to an organization that simultaneously says it supports free speech, yet demands that its board of directors never speak except in agreement with the organization's policy. You are asking for a mini-dictatorship. EFF has no position on anonymity. We also have no position on abortion or on whether roast duck is better than fried chicken. You are in essence demanding that EFF impeach any boardmember that offers an opinion in public or in private about whether or not chicken is good stuff, or states a belief about right to choose v. right to life positions. I'm sorry that we are not totalitarian enough for you. Incidentally, Dyson made no such proposal as you refer to, but simply expressed questions and doubts about the misuse of anonymity, and made a clear and correct statement of fact ("you need to be able to get at somebody's identity to enforce accountability") without offering any value judgement about whether that was a good idea. She concluded that "the question is how do you also enforce freedom of speech and freedom from prosecution for unpopular opinions," clearly indicating at least as much doubt about the value of any attempt to force identifiability and accountability. Even Dyson's lead statement that "the damage that can be done by anonymity is far bigger" online that offline is factually correct, and does not consist of any kind of value judgement. It's simply an honest and, IMNERHO, necessary observation. If we lie to the public, or lie to ourselves, we lose, because the opposition will have arguements we have not even looked at much less wrestled with. I'm sorry we are not self-delusional and dishonest enough for you. > organization without the internal conflict and strife that has clearly > marred EFF in past and made it a laughable attempt at cohesive political > persuasion would be an alternative. I have news for you: We are human. Incidentally, two points: 1) "cohesive political persuasion" is not the be-all and end-all of civil liberties work, just a part of it; and 2) the political cohesion you want to see is very hard to accomplish, because civil libertarians are loath to march in lockstep. Compare the Christian Coalition and their allies - authoritarians all. It is no surprise, on a moment's consideration, that their spot on the politics-of-rights-and-authority axis has everything to do with their ability to suspend disbelief, to embrace blind faith, and to act in unison. BUT - a lot of progress is being made. EFF, ACLU, CDT, VTW, EPIC, et al., are all coordinating like never before, new global-scale civil liberties coalitions are forming, joint legal cases being filed, joint press releases and action alerts, being issued, conferences organized together, etc. What you are looking for is evolving as we type. > I think an organization that had > official policies on the core issues which it proposes to influence would > be an alternative. EFF has that. We have not proposed to influence anonymity issues, and we do not have a policy on that issue. When we have a policy on it, we'll probably propose to influence it. > In short, an organization that had even one of the needed elements of > legislative influence. (Cohesive, directed, persistent, and > uncompromising). We have all of these elements, but we have a lot more to do than engage in legislative influence. You've all seen how well that worked. The process is very corrupt, so we have to use it sparingly, and only when nececessary. The bulk of our work has to be done in other areas like supporting technical development, fighting cases to the Supreme Court, direct grassroots action campaigns, public education, media exposure, etc. All of these things directly affect the Hill, but EFF is not solely a lobbying organization. Even CDT and other DC-based groups are not solely lobbying organizations. > > I am tired of people announcing loudly to the world, "well if EFF > > doesn't support [insert my personal jihad here], then they're > > a bunch of losers who don't deserve anyone's money". > > Now who's holier-than-thou? What is so shocking about announcing that a > given organization does not support my interests and therefore calling on > others who share my interests not to make financial donations to said > organization? What's shocking to me is that you'd state as fact "that a given organization does not support [your] interests" when you have no actual knowledge of whether that's true or not, just a vague perception based on clearly insufficient information, and misapprehensions of fact that are easily refutable. > Is there something EFF fears in free speech and political > consensus building? Perhaps if they had a straightforward policy.... Certainly not. And please note that the person you are responding to does not speak for EFF, so your question is a nonsequitur. [Some stuff skipped, since irrelevant.] > > get a clue. an organization does not have to officially espouse what > > its members espouse. > > No, but when an organization espouses nothing on a given subject key to > its mission, what does that say? What about when its members espouse That says that the board of that organization has yet to come to consensus on the issue. Happens all the time. Ask the ACLU - there are all kinds of issues that someone somewhere thinks is "key to its mission" that ACLU has not yet evolved a position on, and won't until they need to due to some event or impending event such as legislation or a court case. Personally I agree with you that this issue is key to our mission, and I hope that EFF has a position on it soon. But I'm not the chairman of the board, so I wait, and I speak my mind. I have no problem with you speaking your mind, or even being less willing to wait. But I have no respect for unfounded accusations and fingerpointing. I don't even have much respect for well-founded fingerpointing when it's not helpful. Cypherpunks are supposed to write code. This is a waste of time. > entirely different and even counter productive beliefs? I would hardly > trust Senator Burns on the board of the ACLU, or a George Pacific > exec on Sierra Club's board. What's different here? Neither are on our board. What's your point? > > what an organization espouses should be carefully > > crafted. if all members feel strongly about an issue, yet all also > > feel that it should not be part of the official plank, then that may be > > a wise decision to leave it out. what an organization does *not* do is as > > important as what it does do. EFF is learning, by trial and error and the > > hard way, to "choose battles wisely". > > I thought its point was to protect cyberspace? What battles are left > after Digital Telecom, Anonymous Communication, Strong Crypto and CDA? About a thousand. Probably more. > There aren't many battles to choose. What a laugh. Just an example: At least 12 US state have passed or are considering passing CDA-like state legislation. Even after we kick the CDA's unconstitutional butt, each one of those state bills, with one or two exceptions if we're lucky, will have to be individually dealt with all the way to the state supreme courts in all probability, and quite possibly to the US Supreme Court in some cases. None of these bills are direct clones of the CDA, and it's doubtful that a whole lot of the CDA ruling will apply to them, necessitating individual constitutionality challenges. Now think on how many other jurisdictions there are in the world, from the local to the multinational, and consider how many of them have or are in the process of getting their own CDA-alike. And this is before we even think about censorship of online "hate speech" or "dangerous information". This is just the anti-porn bills. AND, when all is said and done the majority of these jurisdictions, especially the US federal Congress, are very likely to come right back and try it all again, with slightly modified bills that attempt to get around previous rulings. This is complete aside from privacy issues which are even less clear-cut than free speech issues. If you think there are a handful of issues to wrestle with, you are very, very sadly mistaken. There's an ocean of them. > Let's seem some action. I must surmise you don't read much about us. > I can sit > on my hands all day long too, but I will hardly claim to be supporting > hunger prevention in Africa by "thinking very hard about the subject." > (Particularly not when I have accepted money to further that goal). http://www.eff.org/pub/Legal/Cases/SJG http://www.eff.org/pub/Legal/Cases/Phrack_Neidorf_Riggs http://www.eff.org/pub/Legal/Cases/EFF_ACLU_v_DoJ http://www.eff.org/pub/Legal/Cases/AABBS_Thomases_Memphis/ http://www.eff.org/pub/Legal/Cases/Bernstein_v_DoS http://www.eff.org/pub/Legal/Cases/Church_of_Scientology_cases http://www.eff.org/pub/Legal/Cases/Clipper_FOIA http://www.eff.org/pub/Legal/Cases/PGP_Zimmermann http://www.eff.org/pub/Legal/Cases/Gilmore_v_NSA http://www.eff.org/pub/Legal/Cases/Karn_Schneier_export http://www.eff.org/pub/Legal/Cases/Kerberos_export http://www.eff.org/pub/Censorship/Internet_censorship_bills http://www.eff.org/pub/Censorship/Rimm_CMU_Time http://www.eff.org/pub/Censorship/GII_NII http://www.eff.org/pub/Censorship/Hate-speech_discrimination http://www.eff.org/pub/Censorship/Online_services http://www.eff.org/pub/Censorship/Terrorism_militias http://www.eff.org/pub/Privacy http://www.eff.org/pub/Privacy/ITAR_export http://www.eff.org/pub/Privacy/Key_escrow http://www.eff.org/pub/Privacy/Crypto_bills_1996 http://www.eff.org/pub/Privacy/Digital_Telephony_FBI http://www.eff.org/pub/Privacy/Email_GII_NII http://www.eff.org/pub/Privacy/Terrorism_militias http://www.eff.org/pub/Privacy/Tools http://www.eff.org/pub/Activism/FOIA/ITAR_FOIA http://www.eff.org/pub/GII_NII http://www.eff.org/pub/GII_NII/Govt_docs http://www.eff.org/pub/GII_NII/ISDN http://www.eff.org/pub/GII_NII/NREN_NSFNET_NPN http://www.eff.org/pub/Net_info/EFF_Net_Guide http://www.eff.org/pub/Alerts/ http://www.eff.org/pub/Intellectual_property/NII_copyright_bill [EFF has a position on intprop in as much as the fair use rights of the public are involved, and we work with DFC on this issue.] http://www.eff.org/blueribbon.html http://www.eff.org/goldkey.html http://www.ipc.org/ipc http://www.crypto.com http://www.etrust.org and so forth and so on. That's just off the top of my head. [Note: If one of these URLs doesn't work for you, stick "/index.html" at the end of it and try again, and/or try www2.eff.org instead of www.eff.org.] > > I would love to see more info about EFF's new direction. but one > > can ask for such clarification without a rabid style such as your own. > > Are you one of those people who still believes you can get more flies with > honey...? Ever been to Washington, D.C.? What does DC have to do with clarification of EFF's "new direction"? EFF was not founded in DC, and is not based there now. CDT fissioned off to do the DC stuff. > > blah, blah, blah. why should EFF give the slightest damn what you think > > of them? > > Its fairly clear that they don't. That said, why should I not make that You are mistaken. Don't think for an instant I'd waste 5 seconds of staff time on you otherwise. I have 10x more to do than I have time to do it in. [rest deleted as irrelevant, since founded on mistaken assumption.] > > why do I see so much of this in cyberspace and on the cpunks list: > > gripes, gripes, gripes by people who have no record themselves of > > doing anything constructive...? the difficulty of doing something > > constructive is proven by the failures, it is not necessarily > > evidence of incompetence or conspiracies. perhaps you, Unicorn, > > feel the cpunks have a greater track record than EFF? > > I do infact feel the cpunks have a greater track record than EFF. Tell > me, what has EFF done? See URLs above. Consider it a suggested reading list. The list of "cypherpunk" accomplishments in terms > of making the net a better place to be is, in my view, significant. Indeed it is. I do not think it possible to quantify what EFF have done or what CPs have done, and then weigh the two against eachother. I have yet to see an accomplishometer. I also can't think of any point in doing so. This is not a contest. We are on the same side. > Certainly the discussion here is livelier than anything I've seen from > EFF. EFF is not a discussion forum (though we provide, in some sense, a pretty lively one at comp.org.eff.talk in Usenet. We also started alt.politics.datahighway, which sees some traffic, mostly about US govt "info superhighway" hype and b.s. Comp.org.eff.talk is more general, and tends to focus on civil liberties issues and cases.) > > >I would be most happy to be proven wrong and see EFF suddenly, in a burst > > >of impressive moral fiber, speak out publically and take some political > > >action to assure anonymous communication. > > > > I would like you to explain why you feel the need to criticize EFF > > for not necessarily sharing your own agenda. > > The same reason I feel free to criticize communism for not sharing my own > agenda. > > You reveal here the basic character of your objection. You don't like > the fact that I criticized EFF. It has nothing to do with the fact that > you think EFF has done wonderful and fantastic things (you point to none > in this post) but that you have some emotional fondness for them. This is > the trap. EFF _sounds_ good, and so its worth sticking up for. Well > what, EFF, have you done for us LATELY? Again, see above. See in particular: http://www.eff.org/pub/Censorship/Internet_censorship_bills - PA court rules CDA unconstitutional http://www.eff.org/pub/Legal/Cases/Bernstein_v_DoS - CA court rules software - both source and object code - protected expression under the First Amendment Both cases are headed for the Supreme Court. NB: I think your criticism is valid at least in the abstract. It is certainly fair to ask what we've done, not how we sound or feel. I think the refereces I've provided will answer that question adequately. > > >Well, let's have a clear official position issued then to end all dispute. > > > > again, you fail to grasp: EFF may justifiably not want to engage in that > > fight. it might be a wise decision. who are you to dictate EFF's > > agenda? why are you picking a fight with someone who might be the > > best ally? > > If EFF is the best ally then we need to seek others. They have done > nothing in my view to help keep strong crypto around, to secure a person's > right to speak without a citizen unit I.D. being attached, and to promote, > by extension, free speech. Then you know absolutely diddley about what we are doing. Beware lecturing about that of which you know little. If our legal cases win, we win all of the above concerns you just articulated. And both cases look very much like they will win hands down. And, these are hardly the only fronts we are working on. > Look, even you have gotten on my case here for > speaking without revealing my real name. You think something I said Notably I have not. Indeed, I mentioned to the board here that the fact that I've met you in person, signed your PGP key, had you and other DC CP's over to EFF's DC office for CP meetings, was a testament to anonymity/pseudonymity - I didn't need to know the name the government calls you buy, just needed to see enough evidence that you as a body are attached to Black Unicorn as a nym, and to have an idea of the reputation of the nym. [non-relevant (to me) comments skipped.] > > > Of > > >course you should expect people to wonder about EFF when you have no > > > official position and yet some staff and board members seem to have a > > >statist bent. > > > > and you, like many other cypherpunks and cyberspace weasels, > > have a whine-and-shriek-from-the-shadows bent. > > And your point is? > > You'd like the shadows lifted? Speaking without a true name attached is > somehow evil? I tend to suspect the criticism had more to do with "all talk and no action" and other such concerns. Just my interpretation. > Why not make some solid arguments for why TCM is wrong then? Certainly it > appears he is on the mark to me. The main flaw in this reasoning (which I'm not sure at all is actually Tim's reasoning, but appears to be the reasoning here) is that these efforts are not contradictory, but complementary. As a practical matter, the entire question is meaningless since neither effort can be measured, and there is no point in doing so in the first place, since no issue of whether or not the CPs or the EFF is 'better' has arisen, and no such issue makes sense. > > I also don't understand the anonymity fight by cpunks. it's the > > wrong battle imho. ask any remailer operators how their services > > are panning out. they will complain of the incessant spam and > > increasing litigious pressure. I don't see any technological > > solutions to these problems. if there were, they'd have been > > invented now. > > This is EFF talking. "The situation is hopeless, bail now to preserve > image." Uh, no, that was someone talking, who has an individual opinion on the subject. One that I don't share and that I don't think anyone else shares at EFF either. In particular, the litigatory pressures are likely to be groundless, at least in US law. There is a hell of a lot of caselaw supporting the rights to anonymous and pseudonymous speech and publication. As for the spam problem, that can be rather trivially fixed with filters (or reduced, at least. Clever people will always find a way to break or abuse any given system.) EFF has never "bailed" from any issue to preserve image. If we'd been concerned with image, we would not have taken the tactic we did with DigTel - a tactic that worked incompletely but better than shouting "boo" from the sidelines, but a tactic which harmed our image very much. Such is the price we pay. Our mission is not "to look cool to the public", much less to Cypherpunks, our mission is to protect the public interest and individual liberty. > Explain to me how reputation systems work in the absence of anonymity. > Explain to me when freedom has been anything but "a pain in the ass." I have to agree wholeheartedly. > Weakness is all you have to offer. Offer it to EFF. No thanks, we have no use for it. We also have no use for pointless ankle-biting. Please, go write some code. That's what you guys are best at, and it's why you're here ("here" = cypherpunks). If you are in need of a project, how about an anon remailer that runs on Windows 3.x, NT, and 95, and another for Mac? There are what, maybe 20 operational chained remailers right now? That's not going to cut it. There need to be more. (This is MY PERSONAL opinion, not an EFF statement of policy. For the time being anyway. :) PS: No hard feelings are held here, on my part, and I intend to convey none, even if I do argue forcefully. I am not your enemy. Consider this a workout, some mental sparring to get the blood flowing. -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From jonl at well.com Tue Sep 3 17:21:00 1996 From: jonl at well.com (Jon Lebkowsky) Date: Wed, 4 Sep 1996 08:21:00 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.16.19960903152037.58cfc590@mail.well.com> At 12:04 PM 9/3/96 -0700, Stanton McCandlish wrote: >> I, unlike EFF, have never compromised my efforts to make strong crypto, >> unescrowed strong crypto, and digitial communications, free from the FUD >> spouted by government and media alike. I, unlike EFF, have never >> compromised my efforts to resist the expansion of a wiretap state. I, >> unlike EFF, have never proported to be a political represenative for these >> positions and folded under the weakest of pressures like a reed. > >EFF has done none of that either. > >Compromise: 1. a settlement in which each side gives up some demands or >makes concessions. 2. a) an adjustment of opposing principles, systems, >etc., by modifying some aspects of each b) the result of such an >adjustment. 3. something midway between two other things 4. a) exposure, >as of one's reputation, to danger, suspicion, or disrepute b) a >weakening, as of one's principles, ideals, etc.) as for reasons of >expediency. > >1 did not occur. EFF yielded nothing on any of the issues you mention. >On Digital Telephony, which you clearly allude to, EFF opposed >implementation of the wiretapping provisions of the CALEA bill from start >to finish, and was instrumental in stripping most of them out, replacing >them with new privacy protections. 2 did not occur. Our mission remains >unedited from the day it was adopted, and EFF is just as committed to those >principles now as ever. We don't have a system, in the relevant sense, >as such. There was no such adjustment, ergo no result of one. 3 does >not apply in any relevant sense (our steadfast assault against the CDA is >a "compromise" under such a definition because it was neither a total >victory, nor a total loss - yet I'm certain this is not the definition of >"compromise" that you intend). 4a is not relevant (that's the >security/secrecy-related definition, a nonsequitur in this context). 4b >is simply a restatement of 2a - simply didn't happen. Our results speak >for themselves on this. Compromise is not necessarily a bad thing; without some give and take, we sorta run right over each other. OTOH, I do agree that a strong position is necessary at this juncture. -- Jon Lebkowsky http://www.well.com/~jonl jonl at hotwired.com From talon57 at well.com Tue Sep 3 17:27:39 1996 From: talon57 at well.com (Brian D Williams) Date: Wed, 4 Sep 1996 08:27:39 +0800 Subject: The Vincennes shootdown Message-ID: <199609032039.NAA13681@well.com> FACT #1 The U.S.S. Vincennes was under attack by gunboats of Iraq's Republican guard at the time of the unfortunate incident. (All bets are off) FACT #2 Intelligence believed the Republicican guard had it's own version of the "Kamikazi." Fact #3 If I was still a sneaky-ass airwarrior given the mission to take out a vastly superior vehicle like an Aegis class cruiser I would do one of the following: a) set my transponder to the I.D. of a commercial jet, and do my best to fly like it's profile. b) turn my transponder off and "ride tail" (stay directly under and behind the commercial jet, hiding in it's radar sig) till I was within range. Brian From dlv at bwalk.dm.com Tue Sep 3 17:36:06 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Sep 1996 08:36:06 +0800 Subject: Forwarded Mail In-Reply-To: <199609031658.SAA01776@basement.replay.com> Message-ID: >From nobody at REPLAY.COM Tue Sep 3 12:58:21 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Tue, 03 Sep 96 13:17:51 EDT for dlv Received: from [194.109.9.44] by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA23053 for dlv at bwalk.dm.com; Tue, 3 Sep 96 12:58:21 -0400 Received: (from replay at localhost) by basement.replay.com (8.7.5/8.7.3) id SAA01776 for dlv at bwalk.dm.com; Tue, 3 Sep 1996 18:58:19 +0200 (MET DST) Date: Tue, 3 Sep 1996 18:58:19 +0200 (MET DST) Message-Id: <199609031658.SAA01776 at basement.replay.com> To: dlv at bwalk.dm.com From: nobody at REPLAY.COM (Anonymous) Organization: Replay and Company UnLimited Xcomm: Replay may or may not approve of the content of this posting Xcomm: Report misuse of this automated service to Subject: KILL ALL RUSSIAN IMIGRANTS Return-Path: To: cypherpunks at toad.com Subject: Kill all "libertarians" From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 02 Sep 96 15:48:31 EDT Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y. Sender: owner-cypherpunks at toad.com >From nobody at REPLAY.COM Mon Sep 2 12:26:36 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Mon, 02 Sep 96 15:42:57 EDT for dlv Received: from basement.replay.com by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA18013 for dlv at bwalk.dm.com; Mon, 2 Sep 96 12:26:36 -0400 Received: (from replay at localhost) by basement.replay.com (8.7.5/8.7.3) id SAA11752 for dlv at bwalk.dm.com; Mon, 2 Sep 1996 18:26:28 +0200 (MET DST) Date: Mon, 2 Sep 1996 18:26:28 +0200 (MET DST) Message-Id: <199609021626.SAA11752 at basement.replay.com> To: dlv at bwalk.dm.com From: nobody at REPLAY.COM (Anonymous) Organization: Replay and Company UnLimited Xcomm: Replay may or may not approve of the content of this posting Xcomm: Report misuse of this automated service to Subject: All russians are scum. No exceptions. Return-Path: To: cypherpunks at toad.com Subject: Re: Sen. Leahy's "impeccable cyberspace credentials" From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Comments: Dole/Kemp '96! Date: Mon, 02 Sep 96 01:19:37 EDT Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y. Sender: owner-cypherpunks at toad.com jonathon writes: > On Sun, 1 Sep 1996, James A. Donald wrote: > > > > I agree with what you are saying but not all polititions are that bad. > > > You make it sound as if their are no politisions are for freedom of the > > > net. > > So who is the exception? > > Harry Browne Libertarian Party Candidate. Harry Browne is a fucking statist. All politicians are scum. No exceptions. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From adam at homeport.org Tue Sep 3 18:10:01 1996 From: adam at homeport.org (Adam Shostack) Date: Wed, 4 Sep 1996 09:10:01 +0800 Subject: [Noise] Hardware encryption devices? Message-ID: <199609032223.RAA03063@homeport.org> Anyone used any LAN encryption devices (ethernet or fast ethernet speed?) Something that could do IP AH off the back of an Ultrasparc would be ideal. Proprietary packet formats are ok, if they tunnel in IP. Needs to use DES, IDEA, or some other well known cipher. Manual key exchange is ok for this app. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From tcmay at got.net Tue Sep 3 18:14:49 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 4 Sep 1996 09:14:49 +0800 Subject: The Esther Dyson Flap Message-ID: At 8:40 PM 9/3/96, Duncan Frissell wrote: >Everyone please take a deep breath. Slow down. Reread Esther's comments. >Count to 10. Notice that nowhere does she call for state action to outlaw >anonymity. She explicitly predicted a place for anonymity in her CFP'95 >talk (is it on the Net anywhere?). We may disagree with her predictions of >the future scope of anonymity or with her concerns about the risks of the >practice but she has never called for State action. She is discussing the >problems she perceives with it. That's all. I certainly read her words, and don't need to be told to reread them just because I take them to mean she supports anonymity less than many of us would like. As I said in my message to Chuck Thompson, I held off in criticizing her "L.A. Times" words until I could get a better clarification of what she said, precisely, what was taken out of context, and what she really meant to say. When she spoke up and the result was just as ambivalent about anonymity rights, this is when I wrote my first criticism of her views. And I saw her CFP '95 talk. I've also read various of her other comments on the Net, freedom, responsibility, and anonymity. Some of her comments: * "Esther Dyson, President EDventure Holdings, Inc. said her work with the Electronic Frontier Foundation was based on the assumptions that the Internet will have a beneficial effect on society. "The longer I have been at this, the more questions I have about these assumptions," she said." (Perhaps Esther is finding the goals of the EFF--or at least the views of the other board members--are not her goals.) * "The second way to create friction is to create accountability, identity and personality. "I would like to see a world where anonymity is not illegal, but is discouraged," Dyson said. "It has its place in life, but people should have persistent identities."" (Couple with other comments about possibly requiring traceability (albeit with some legal protections), it sure does sound like her form of "discouraged" would imply a role for government.) * "This raises the issue of privacy. "I am looking at a notion of privacy for the consumer, but less privacy for companies and public office holders and others in positions of responsibility," she said." (Is this the direction the EFF is being taken in? Granted, these are her comments, but surely the views of the Chairman of the EFF affect the personality and direction of the organization.) These quotes from: http://seicenter.wharton.upenn.edu/SEIcenter/panel3.html. By the way, the Scientologists have also noted her views: "Esther Dyson, member of the board of directors of the Electronic Frontier Foundation and member of the National Information Infrastructure Advisory Council, spoke on the anonymity issue at the fifth Computers, Freedom & Privacy (CFP) conference in San Francisco. "I have a concern about the spread of bad behavior on the Net," said Dyson. "Anonymity figures into this, and I feel that it has proven to not be a positive factor. It breaks down the community which we are seeking to build, and could turn the 'big cities' of the information infrastructure into a big cesspool." "Remailers who facilitate anonymous postings are part of the problem. They can act as conduits for those who seek anonymity as a way to act illegally without getting caught; yet remailers are able to shield themselves from responsibility or liability. "Computer experts stress that anonymous users should at least be trackable by the remailers -- and that ones who act unlawfully can easily put the remailers at risk. Dyson noted that in self-regulatory schemes for almost any part of the Internet, "visibility, not anonymity, would have a strong place."" (end quote, from "Freedom," at http://www.theta.com/goodman/hijack.htm) >Remember she is from the soft left. She is not a macho-flash radical >libertarian like many of us. Save the 155 MM howitzers for the armed >opposition not for our allies. I don't know what "macho-flash" means, but I reject the label. And please spare us the "save the howitzers" comment. We talk about what concerns us. As it happens, our political opponents don't read our words, whereas a bunch of EFF board members apparently do, and so our criticisms here may cause EFF to actually confront the issue of anonymity and decide where they actually stand. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jamesd at echeque.com Tue Sep 3 18:24:24 1996 From: jamesd at echeque.com (James A. Donald) Date: Wed, 4 Sep 1996 09:24:24 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609032113.OAA06380@dns2.noc.best.net> At 12:53 PM 9/3/96 -0700, Stanton McCandlish wrote: > EFF in generally does not issue extremist position > statements, but is careful to examine the risks as well as the benefits, > and look for pro-liberty solutions to those risks. If the right to speak anonymously is an "extremist" position in the eyes of the EFF, then they are no friends of liberty. It is hardly an "extremist" position outside of such countries as Cuba, Iran, or China. It is the overwhelmingly mainstream position, not just among netizens, but when last heard, amongst supreme court judges and ordinary people in the street. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From myth at nym.alias.net Tue Sep 3 19:04:31 1996 From: myth at nym.alias.net (Medea) Date: Wed, 4 Sep 1996 10:04:31 +0800 Subject: [NOISE] The Doors Message-ID: <199609032152.RAA26814@anon.lcs.mit.edu> Vipul wrote: > >The Doors was not only about freedom and love, but about crypto too! >Notice these lines from the song "Five to One" > >Old [cipher] gets old and young get stronger >May take a week baby, may take longer [to crack] >they've [clinton] got the guns and we've got the numbers >gonna win we will take 'em over, com'on. What?! I think you need to stop ingesting those controlled substances.... Medea ======================================== I wonder whatever happened to Jason.... From markm at voicenet.com Tue Sep 3 19:26:15 1996 From: markm at voicenet.com (Mark M.) Date: Wed, 4 Sep 1996 10:26:15 +0800 Subject: Message Digest In-Reply-To: <01BB9989.81517870@dial15.pcnet.ro> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 3 Sep 1996, Costin RAIU wrote: > I'm interested in a 256 bits (or more) message digest algorithm > (C source is better). Any URLs ? Try HAVAL. It is a variable one-way hash function that is apparently secure against collisions. It should be on any of the standard crypto FTP sites. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMixPHCzIPc7jvyFpAQHzvQf/ehXClQ/hfTRYCe7bQZh03vZWQOJqbvOo iwteOol5yJMpkwFy/ytj86cUm/ge1b7ASGE14U79MHaEucEV17OspHGMYl61l+IY U05rcajORmGqO1WvwU50tvU9viqFO/F6OiFu+BSd4mKIHL1iyLlw3+X7RtMeD5Ol y9XZVNV4ErUh8RTFU1bMj7I04YWFGt0jk78ona5RMjbNdqYX9r59h3recN/3M6TI wZ5lS4aaR0nrUY8B1mI3ZPKqvEcJrqjEAq4eb8iVqX1/GkJoj3PR155ABsRhtKea ZoE7Giz/9BYOaADBL2wp/m+E7QtnbGizKrOy2cFVi1sd1N4PAAl3mQ== =aqHU -----END PGP SIGNATURE----- From jquinby at fivepaces.com Tue Sep 3 19:34:26 1996 From: jquinby at fivepaces.com (Jay Quinby) Date: Wed, 4 Sep 1996 10:34:26 +0800 Subject: [NOISE] The Doors Message-ID: <2.2.32.19960903214956.007154d4@mailhost> At 07:36 PM 9/3/96 +0000, you wrote: > >The Doors was not only about freedom and love, but about crypto too! >Notice these lines from the song "Five to One" > >Old [cipher] gets old and young get stronger >May take a week baby, may take longer [to crack] Actually, I think the line reads "They take our week, and make it longer." (There's a line a little later that goes "Trading your hours for a handful of dimes.") >they've [clinton] got the guns and we've got the numbers >gonna win we will take 'em over, com'on. Slightly left of topic, but it is a great song! :) Someone ought to compile a "Best of Crypto-references in pop culture" file. |--------------------------------------------------------------------------| |James R. Quinby, Atlanta, GA | PADI/153KHz-999MHz/HTML/EADBGE/Phl4:8-13 | |jquinby at fivepaces.com (work) | Own a 45 MPH couch potato: Adopt a | |jquinby at bellsouth.net (home) | greyhound today. Write for details. | |--------------------------------------------------------------------------| |Standard disclaimer: Opinions expressed are mine alone, not my employers. | |PGP Public Key fingerprint: 9ACC4C28478018E1372DC06A9452A477/MIT Keyserver| |--------------------------------------------------------------------------| From qut at netcom.com Tue Sep 3 19:41:04 1996 From: qut at netcom.com (Dave Harman OBC) Date: Wed, 4 Sep 1996 10:41:04 +0800 Subject: Voting Monarchist? In-Reply-To: Message-ID: <199609032341.QAA24172@netcom.netcom.com> ! > > Vote Monarchist ! > ! > who is the candidate? LaRouche? ! ! Harry Brone is a fucking statist. If he weren't, he wouldn't be running ! for president. Anyone who doesn't advocate killing all kings, presidents, ! and prime ministers is a fucking statist and should be beaten to a pulp ! with a rattan stick. That's the problem with the Libertarians, they've got some sort of hang up about beatings. Must be some childhood difficulties. From jonl at well.com Tue Sep 3 19:50:49 1996 From: jonl at well.com (Jon Lebkowsky) Date: Wed, 4 Sep 1996 10:50:49 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.16.19960903171629.0b172268@mail.well.com> At 01:22 AM 9/3/96 -0700, James A. Donald wrote: >At 12:53 PM 9/3/96 -0700, Stanton McCandlish wrote: >> EFF in generally does not issue extremist position >> statements, but is careful to examine the risks as well as the benefits, >> and look for pro-liberty solutions to those risks. > >If the right to speak anonymously is an "extremist" position in the eyes >of the EFF, then they are no friends of liberty. > >It is hardly an "extremist" position outside of such countries as Cuba, >Iran, or China. > >It is the overwhelmingly mainstream position, not just among netizens, >but when last heard, amongst supreme court judges and ordinary people >in the street. Not necessarily. The character of the anonymous speech is decisive. If you use anonymity to cloak harassment, for instance, the anonymity (which removes accountability) is a problem. The accountability issue is real and should be addressed, not evaded. -- Jon Lebkowsky http://www.well.com/~jonl jonl at hotwired.com From dlv at bwalk.dm.com Tue Sep 3 19:59:22 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Sep 1996 10:59:22 +0800 Subject: The Esther Dyson Flap In-Reply-To: <199609031719.KAA03089@mail.pacifier.com> Message-ID: jim bell writes: > At 08:11 PM 9/2/96 -0700, Timothy C. May wrote: > >Esther Dyson says that anonymity on the Net can do more damage than > >anonymity in other forums, and thus may need to be regulated and restricted > >in various ways. I disagree, as "the Net of a Million Lies" (to use Vinge's > >term) has grown up with anonymity, and few people take the anonymous (or > >not) rants and charges made in the millions per day with the same degree of > >certainty they take print comments. Put another way, there is no clear and > >present danger. > > Indeed, I support the elimination of concepts such as "slander" and "libel" > precisely because they cause more harm than good. Currently, there is an > illusion among ordinary citizens that "if that was untrue, you could sue him > for libel!" despite the fact that this is rarely practical. In that way, > the law actually adds credibility to what should be an incredible claim. > Eliminate libel suits, and you've eliminated any presumption that because > it's been spoken or is in print, it's likely to be correct. The gubment has no right to fuck with any speech - (seditius) libel, child porn, bomb-making instructions... --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From stewarts at ix.netcom.com Tue Sep 3 20:02:13 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Wed, 4 Sep 1996 11:02:13 +0800 Subject: Secure anonymouse server protocol: comments please Message-ID: <9609032156.AA05838@anchor.ho.att.com> At 07:24 PM 9/2/96 +0000, paul at fatmans.demon.co.uk wrote: >The following is a very sketchy plan for a secure protocol for an >anonymous server which allows replies without storing a recipient >database in the clear. Several people have talked about this sort of thing recently, inluding William Geiger, Doug Floyd, and myself. Lutz Donnerhacke's Jenaer Anonymous Service actually implements it (send it mail saying "help".) Rather than using a human-selected userid, it uses the PGP keyid to make IDs like anon-1a2b3c4d at as-node.jena.thur.de. >This system has 1 huge fault, we can encrypt a uses ID with the >servers public key to see what his ID in the encrypted database is >and therefore identify him, maybe we need two seperate server public >keys, and when IDs come in encrypted with key1 (the one it releases) >it decrypts with secretkey1 then encrypts with publickey2 (the one it >keeps secret) If you encrypt the id using raw RSA and constant padding, this is a risk. If you encrypt it using PGP, which uses a random session key, it's not. If you encrypt it using raw RSA and pad the id with a random nonce, it's also no risk. In the latter two cases, the encrypted material is different every time, so you can't compare with previous messages. The Jenaer nymserver avoids this by using a remailer approach - you send an encrypted message with a Reply-To: header telling where to send the accumulated mail (which may, of course, be another nymserver), and it delivers it using mixmaster. This frees you to send your pickup requests by anonymous remailer as well. It's still not risk-free, since if Bad Guys crack the remailer or force the operator to operate it while they monitor it, they can see pickup requests, but it's far more difficult to do that than to just steal the box, and there's no database on the box that's useful to steal. Lutz does recommend chaining your Reply-To: to another nymserver, but it's already very secure. I don't remember if he gets fancy and requires the pickup requests to be signed by the key of the owner or not; the only difficulty with this is the syntax of PGP, which is "fixed in 3.0". Hal Finney has also suggested a system that, instead of delivering anonymous email to the recipient, sends a message saying "You have anonymous mail, receipt #123456. Send back this ticket to pick it up." and you can extend the syntax to handle automatic blocking requests and automatic deliver-everything requests. This is fairly easy to extend for anonymous mailboxes and datahaven code. I've wavered between the delete-on-retrieval model, which is fine for email and not very useful for samizdat, or the delete-after-some-time-period-or-request model, which is useful for both but makes it easy for users to turn you into the local pirate-warez-and-child-pornography server. If you extend the model and charge digicash for storage, it becomes a much cleaner solution. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From rwright at adnetsol.com Tue Sep 3 20:06:27 1996 From: rwright at adnetsol.com (Ross Wright) Date: Wed, 4 Sep 1996 11:06:27 +0800 Subject: their is a new mailing list Message-ID: <199609032335.QAA09136@adnetsol.adnetsol.com> > To: cypherpunks at toad.com > From: hack5 at juno.com (patrick b cummings) > Date: Tue, 03 Sep 1996 16:14:40 EDT > their is a new mailing list for all you hackers just email your name or > handle and e-mail address and youll be subscribed > send information to hack5 at juno.com > > Am I missing something here? Is this guy fucking crazy? =========== Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From nobody at replay.com Tue Sep 3 20:08:13 1996 From: nobody at replay.com (Anonymous) Date: Wed, 4 Sep 1996 11:08:13 +0800 Subject: No Subject Message-ID: <199609032354.BAA29220@basement.replay.com> patrick b cummings wrote: > their is a new mailing list for all you > hackers > just email your name or handle and e-mail address and youll be subscribed > send information to hack5 at juno.com k00l d00de.... c'mon Varney, we know its you. From Ben at explorateur.quaternet.fr Tue Sep 3 20:21:51 1996 From: Ben at explorateur.quaternet.fr (Ben at explorateur.quaternet.fr) Date: Wed, 4 Sep 1996 11:21:51 +0800 Subject: No Subject Message-ID: <199609040016.BAA10030@explorateur.quaternet.fr> suscribe me From mech at eff.org Tue Sep 3 20:36:05 1996 From: mech at eff.org (Stanton McCandlish) Date: Wed, 4 Sep 1996 11:36:05 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609031557.IAA28466@dns1.noc.best.net> Message-ID: <199609032202.PAA29704@eff.org> > But we do not want legislation, so we do not want to help write legislation. > > We want to delay legislation for as long as possible, for the longer the > delay, the more the balance of power favors the net and disavors the pols. > > Therefore the correct strategy is simply to attack any politician who shows > any interest in legislating on our issues. > > We have no friends on Capitol hill, and if we did have friends, it would > still be necessary to denounce them as enemies. I agree with the general sentiment behind this, but I think it may go a bit overboard. For example, it is worthwhile to support Pro-CODE and SAFE (the two crypto bills now floating around in Congress). On the surface they both appear to threaten the viability of the Bernstein, Karn and Junger cases, but in reality neither of these bills have a chance in hell of passage. "What's the point then?", you may ask. They slow down the Administration, which is pushing *very* hard and fast to get GAK adopted internationally, and to get US software companies to knuckle in to GAK in exchange for slightly relaxed export controls. Make a lot of noise about the bills, and you screw up the administration's plans, since they have to divert at least some energy to fending the bills off or they *will* pass. You do that, but keep the legal staff working solely on the cases, and you have more breathing room to get the cases through the Supreme Court before it's too late. And, in the event you lose the cases, you still have slightly less than a chance in hell of getting one of the bills passed and salvaging *something*, or simultaneously or alternately, just deploying more crypto tech such as S/WAN (which EFF is committed to as of the most recent board meething), since the Adminstration has been slowed down. The more tech deployment you have, the more irrelevant the Administration's noises are. The point being: Don't let disgust of a process or thing deter you from milking that process or thing of all it is worth, provided you sacrifice nothing significant in the process. It has to be a judgement call. On some other issues this tactic does not work. Any legislation about porn on the Net needs to be slammed down, because any such legislation will get gutted by theocrats and turned into a censorship bill, as an example. Choose action based on careful thinking, not kneejerk reaction, that's my motto, for what it may be worth. -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From declan at eff.org Tue Sep 3 20:41:40 1996 From: declan at eff.org (Declan McCullagh) Date: Wed, 4 Sep 1996 11:41:40 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609031737.KAA20451@netcom2.netcom.com> Message-ID: V.Z. Nuri, please watch your attributions. I don't recall making any claims about "ghettoization" of anonymity. -Declan On Tue, 3 Sep 1996, Vladimir Z. Nuri wrote: > what cpunks might consider doing is creating an alternative message > distribution system like Usenet that starts from the premise that > anonymous communication is allowed and trying to grow it. > > btw, McCullagh's and other's claims about "ghettoization" of > anonymity strike me as very specious. as long as people can use > anonymity in some forum they want, I think that's acceptable. what's > the equivalent of a "ghetto" in cyberspace? you can't go into > a meeting of professionals wearing a ski mask, although you might > be able to create such a forum yourself. does that mean you are > in some kind of a "ghetto"? oh, brother. // declan at eff.org // I do not represent the EFF // declan at well.com // From mech at eff.org Tue Sep 3 20:45:09 1996 From: mech at eff.org (Stanton McCandlish) Date: Wed, 4 Sep 1996 11:45:09 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609040057.RAA01205@mail.pacifier.com> Message-ID: <199609040104.SAA06261@eff.org> > >The accountability issue is real and > >should be addressed, not evaded. > > "Addressed", maybe, but that doesn't necessarily mean, "solved." For many > decades, people have been able to walk up to a pay telephone at 3:00 AM and > make a harassing phone call to somebody, a "problem" which still exists and > no solution is being implemented for. Yes! Exactly! Of course! Precisely the example that has come up in EFF's own statements on anonymity (which, in absence of a policy on the topic have been strictly factual, reporting both sides of the issue). > I think it's reasonable to come to the conclusion that there is no solution > to the anonymity "problem" that isn't worse than the underlying anonymity. That's a common view here, to say the least. And it's one with which I am in 100% agreement. > And, BTW, I don't consider a pro-anonymity position to be an extremist one. We don't either, even those of us with questions and conundrums to think about. I do think its extremist to not be willing to even address the questions and conundrums, but we're in agrement on that, so not much to argue about, fortunately. -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From winsock at c2.net Tue Sep 3 20:45:10 1996 From: winsock at c2.net (WinSock Remailer) Date: Wed, 4 Sep 1996 11:45:10 +0800 Subject: Pseudocrypto detector is going wild Message-ID: <199609040024.RAA14142@infinity.c2.org> Is it just me, or is the snake-oil frequency factor scaling up? We used to get this stuff quarterly, and now it's monthly, if not weekly! slither-squeek I think enquirer must be overloaded with ammo, and I am sure in the mood for it now. me From peiterz at secnet.com Tue Sep 3 20:46:36 1996 From: peiterz at secnet.com (Peiter Z) Date: Wed, 4 Sep 1996 11:46:36 +0800 Subject: SecurID White Paper Message-ID: <199609041738.LAA01411@silence.secnet.com> SecurID Vulnerabilities White-Paper Due to increased recent interest that has been witnessed on the net about the SecurID token cards and potential vulnerabilities with their use, we offer a white paper on some of the vulnerabilities that we believe have been witnessed and/or speculated upon. This paper is being put forth into the public domain by Secure Networks Incorporated and is available at the following URL : ftp://ftp.secnet.com/pub/papers/securid.ps Topics dealt with in the paper include: . Race attacks based upon fixed length responses (still valid even with the current patch) . Denial of Service attacks based upon server patches . Server - Slave separation and replay attacks . Vulnerabilities in the communications with the ACE Server . A quick analysis of the communications with the ACE Server . Problems with out-of-band authentication We hope this paper provides insight, enlightenment, and is helpful to the security community in general. thanks and enjoy, Secure Networks Inc. From jimbell at pacifier.com Tue Sep 3 20:54:31 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 4 Sep 1996 11:54:31 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609040057.RAA01205@mail.pacifier.com> At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote: >At 01:22 AM 9/3/96 -0700, James A. Donald wrote: >>At 12:53 PM 9/3/96 -0700, Stanton McCandlish wrote: >>> EFF in generally does not issue extremist position >>> statements, but is careful to examine the risks as well as the benefits, >>> and look for pro-liberty solutions to those risks. >> >>If the right to speak anonymously is an "extremist" position in the eyes >>of the EFF, then they are no friends of liberty. >> >>It is hardly an "extremist" position outside of such countries as Cuba, >>Iran, or China. >> >>It is the overwhelmingly mainstream position, not just among netizens, >>but when last heard, amongst supreme court judges and ordinary people >>in the street. > >Not necessarily. The character of the anonymous speech is decisive. If you >use anonymity to cloak harassment, for instance, the anonymity (which >removes accountability) is a problem. The accountability issue is real and >should be addressed, not evaded. "Addressed", maybe, but that doesn't necessarily mean, "solved." For many decades, people have been able to walk up to a pay telephone at 3:00 AM and make a harassing phone call to somebody, a "problem" which still exists and no solution is being implemented for. I think it's reasonable to come to the conclusion that there is no solution to the anonymity "problem" that isn't worse than the underlying anonymity. And, BTW, I don't consider a pro-anonymity position to be an extremist one. Jim Bell jimbell at pacifier.com From mech at eff.org Tue Sep 3 20:56:11 1996 From: mech at eff.org (Stanton McCandlish) Date: Wed, 4 Sep 1996 11:56:11 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <2.2.16.19960903152037.58cfc590@mail.well.com> Message-ID: <199609040019.RAA04643@eff.org> > Compromise is not necessarily a bad thing; without some give and take, we > sorta run right over each other. OTOH, I do agree that a strong position is > necessary at this juncture. Certainly. EFF regularly compromises with our allies, e.g. on who will run a particular web page, what a campaign icon will look like, where an event will be held, etc. We're just not in the habit of compromising on legislation, since we are not in a position to give or sell anything, particular the rights of the public and of individual citizens. -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From ddfr at best.com Tue Sep 3 21:03:26 1996 From: ddfr at best.com (david friedman) Date: Wed, 4 Sep 1996 12:03:26 +0800 Subject: Schelling Points, Rights, and Game Theory--My article Message-ID: Tim May mentioned my article on this subject. It is: "A Positive Account of Property Rights," Social Philosophy and Policy 11 No. 2 (Summer 1994) pp. 1-16. It can be found from the academic part of my web page: http://www.best.com/~ddfr/Academic/Academic.html David Friedman From mech at eff.org Tue Sep 3 21:33:13 1996 From: mech at eff.org (Stanton McCandlish) Date: Wed, 4 Sep 1996 12:33:13 +0800 Subject: EDyson CPF 95 item Message-ID: <199609040140.SAA07236@eff.org> If anyone does did that up, please bounce one my way, so I can add it to the archives. Any other good stuff from that CFP would be of value too. Ditto for CFP96. I think the newest CFP transcripts we have are 94. -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From drose at AZStarNet.com Tue Sep 3 22:07:14 1996 From: drose at AZStarNet.com (David M. Rose) Date: Wed, 4 Sep 1996 13:07:14 +0800 Subject: Voting Monarchist? Message-ID: <199609032306.QAA26604@web.azstarnet.com> Dimitri, err, Dr. Vulis, or is that Dr. Nuri?, Relax! The modern cure for hydrophobia is a great deal less painful than what it was in the past >Harry Brone is a fucking statist. If he weren't, he wouldn't be running >for president. Anyone who doesn't advocate killing all kings, presidents, >and prime ministers is a fucking statist and should be beaten to a pulp >with a rattan stick. From ichudov at algebra.com Tue Sep 3 22:10:31 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 4 Sep 1996 13:10:31 +0800 Subject: Passive Trojan (was:Re: HAZ-MAT virus) In-Reply-To: Message-ID: <199609032225.RAA07933@manifold.algebra.com> Timothy C. May wrote: > At 9:38 AM 9/3/96, Hans "Unicorn" Van de Looy, aka "Deep Throat," wrote: > >:: > >Request-Remailing-To: remailer at huge.cajones.com > >:: > >Request-Remailing-To: remailer at remailer.nl.com > .... > >:: > >Request-Remailing-To: furballs at netcom.com (Paul S. Penrod) > >Deep Throat. > > > Hey, Hans, ya gotta watch those "Cc: cypherpunks at toad.com" lines! > At least now we know who the _other_ "Unicorn" is. Which brings up the following question: what is the role of human screwups in cryptosecurity? How "foolproof" (no pun intended) should be remailer clients? How can we prevent people from forgetting to delete unencrypted files after encryption? Alternatively, let's think about this: premail always fingers a certain user account at berkeley.edu to obtain remailer keys. Suppose that Joe DrugUser uses remailers to talk to his Columbian friends and the government wants to find out what he is doing. They could just break into the computer at berkeley.edu and replace keys with the government-provided keys. They could even modify the finger server so that it would be lying only to Joe's computer and would work just as before for all others (to prevent detection). The government would then intercept Joe's communications and decrypt them. - Igor. From stewarts at ix.netcom.com Tue Sep 3 22:27:56 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Wed, 4 Sep 1996 13:27:56 +0800 Subject: rc2 export limits.. Message-ID: <199609040252.TAA11495@toad.com> At 10:33 AM 9/3/96 -0700, you wrote: >Hi, Does anyone know the export limit for RC2 Key size ? As with any other crypto system, the rule is "you need to get the NSA's permission, which they'll give if they feel like", rather than any well-defined rule you can depend on. However, the usual guidelines for systems like RC2 and RC4 is 40-bit keys, and RSA keys up to 512 bits for encrypting session keys and 1024 bits for signatures, plus you have to structure the code so people can't easily modify it or use it to triple-encrypt in ways that make the triple-encrypted version stronger than 40 bits. Also, if you're using Real RC2, you may need permission from RSA Data Systems, Inc.. If you're just using the algorithm that came out on the net that looks suspiciously like RC2, you may or may not. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From tcmay at got.net Tue Sep 3 22:35:40 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 4 Sep 1996 13:35:40 +0800 Subject: What is the EFF doing exactly? Message-ID: At 1:56 AM 9/4/96, jim bell wrote: >At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote: >>Not necessarily. The character of the anonymous speech is decisive. If you >>use anonymity to cloak harassment, for instance, the anonymity (which >>removes accountability) is a problem. The accountability issue is real and >>should be addressed, not evaded. > >"Addressed", maybe, but that doesn't necessarily mean, "solved." For many >decades, people have been able to walk up to a pay telephone at 3:00 AM and >make a harassing phone call to somebody, a "problem" which still exists and >no solution is being implemented for. > >I think it's reasonable to come to the conclusion that there is no solution >to the anonymity "problem" that isn't worse than the underlying anonymity. >And, BTW, I don't consider a pro-anonymity position to be an extremist one. I agree, of course. There is absolutely nothing about "speech" that is tied to "accountability." And various Supreme Court decisions have emphasized this. (Pay special attention to the quote from Greg Broiles I included in my section from my Cyphernomicon I just posted to the list.) Think about it. Anyone may say pretty much anything they wish (modulo the usual exceptions of certain forms of obscenity, shouting "Fire!," etc....and even these are enforced ex post facto). Once a speech act occurs and some criminal prosecution results, the cops can try to catch the speaker. But if they can't, they can't. We don't require that speech only be done in a way that illegal speakers may be held "accountable." The fact that certain classes of speakers are indeed held accountable is more a function of the particular details of the way they spoke and the nature of society than it is that there is a rule that "all speech must involve accountability." We hold the author of an article in "The Washington Post" more liable for insulting speech than we do the guy in the neighborhood gym, even if they both say the same words. The issue is clearly not that "all speech must involve accountability," as many forms of speech are not. (I'd say the meta-issue is "You can drag someone into court if you can catch them. But if you can't catch them, you can't. And we're not going to limit speech just to make it easier to catch speakers you may wish to haul into court.") As Jim and so many others have noted, anonymous phone calls, anonymous postal mail, whispering campaigns, speech in private homes, etc., are all examples where accountability is extremely difficult or impossible to enforce. We even have names for these things: anonymous threats, poison pen letters, ransom demands, gossip, etc. Saying that speech on the Net may need to be restricted so as to ensure "accountability" is a serious step in the direction of requiring credentialling of all speakers, key escrow, and limits on remailers. Given that so many other types of speech are given anonymity protection, why? The reason this is such a hot button for Cypherpunks is that "responsible freedom" and "accountability" are often code words for controlling some very basic freedoms. Placing limits on anonymous speech would involve some very fundamental restrictions on freedoms of various sorts. Even if "safeguards" are built-in, the effect would almost certainly be to illegalize remailers (unless they had "escrow" features!). And a wide array of other freedoms, too numerous for me to write about here. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Tue Sep 3 22:46:48 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 4 Sep 1996 13:46:48 +0800 Subject: Anonymity (re: the Esther Dyson issue) Message-ID: The latest debate about "anonymity" and its hazards is bringing up charges that we Cypherpunks are not taking Esther Dysomn's concerns seriously enough. I strongly disagree. The various downsides of anonymity, pseudonymity/pseudoanonymity, lack of accountability, etc., have been hashed out in literally *thousands* of posts over the past four years! Many of us have written long articles dealing with these issues, and referring in great detail to mechanisms for dealing with "obnoxious speech," "defamatory speech," "anonymous mailbombs," "anonymous threats," etc. Rather than dredge up my own articles, or those of the many others who have addressed most or all of the concerns most often raised, I'll post here one of the subsections from my Cyphernomicon. This is just one of the subsections in the entire _chapter_ devoted to issues of anonymity, mixes, and remailers. (For those not familiar with the style of my Cyphernomicon, I used a powerful outline processor (MORE) to build a skeleton, attach threads and ideas, move things around, clone headings in more than one place, etc. For a large writing project of this sort, an outline processor is almost a necessity. At least for me. The points are often short and are sometimes incomplete; fleshing the whole thing out into well-written expository prose would've taken an additional several months of full-time effort. This form gets the points across.) (A few subsubsections are deleted, to save space.) Cyphernomicon 8.3 Anonymity, Digital Mixes, and Remailers: Anonymity and Digital Pseudonyms 8.3.1. Why is anonymity so important? - It allows escape from past, an often-essential element of straighening out (an important function of the Western frontier, the French Foreign Legion, etc., and something we are losing as the dossiers travel with us wherever we go) - It allows new and diverse types of opinions, as noted below - More basically, anonymity is important because identity is not as important as has been made out in our dossier society. To wit, if Alice wishes to remain anonymous or pseudonymous to Bob, Bob cannot "demand" that she provide here "real" name. It's a matter of negotiation between them. (Identity is not free...it is a credential like any other and cannot be demanded, only negotiated.) - Voting, reading habits, personal behavior...all are examples where privacy (= anonymity, effectively) are critical. The next section gives a long list of reasons for anonymity. 8.3.2. What's the difference between anonymity and pseudonymity? + Not much, at one level...we often use the term "digital pseudonym" in a strong sense, in which the actual identity cannot be deduced easily - this is "anonymity" in a certain sense - But at another level, a pseudonym carries reputations, credentials, etc., and is _not_ "anonymous" - people use pseudonyms sometimes for whimsical reasons (e.g., "From spaceman.spiff at calvin.hobbes.org Sep 6, 94 06:10:30"), sometimes to keep different mailing lists separate (different personnas for different groups), etc. 8.3.3. Downsides of anonymity - libel and other similar dangers to reputations + hit-and-runs actions (mostly on the Net) + on the other hand, such rantings can be ignored (KILL file) - positive reputations - accountability based on physical threats and tracking is lost + Practical issue. On the Cypherpunks list, I often take "anonymous" messages less seriously. - They're often more bizarre and inflammatory than ordinary posts, perhaps for good reason, and they're certainly harder to take seriously and respond to. This is to be expected. (I should note that some pseudonyms, such as Black Unicorn and Pr0duct Cypher, have established reputable digital personnas and are well worth replying to.) - repudiation of debts and obligations + infantile flames and run-amok postings - racism, sexism, etc. - like "Rumormonger" at Apple? - but these are reasons for pseudonym to be used, where the reputation of a pseudonym is important + Crimes...murders, bribery, etc. - These are dealt with in more detail in the section on crypto anarchy, as this is a major concern (anonymous markets for such services) 8.3.4. "How will privacy and anonymity be attacked?" - the downsides just listed are often cited as a reason we can't have "anonymity" - like so many other "computer hacker" items, as a tool for the "Four Horsemen": drug-dealers, money-launderers, terrorists, and pedophiles. - as a haven for illegal practices, e.g., espionage, weapons trading, illegal markets, etc. + tax evasion ("We can't tax it if we can't see it.") - same system that makes the IRS a "silent partner" in business transactions and that gives the IRS access to-- and requires--business records + "discrimination" - that it enables discrimination (this _used_ to be OK) - exclusionary communities, old boy networks 8.3.5. "How will random accusations and wild rumors be controlled in anonymous forums?" - First off, random accusations and hearsay statements are the norm in modern life; gossip, tabloids, rumors, etc. We don't worry obsessively about what to do to stop all such hearsay and even false comments. (A disturbing trend has been the tendency to sue, or threaten suits. And increasingly the attitude is that one can express _opinions_, but not make statements "unless they can be proved." That's not what free speech is all about!) - Second, reputations matter. We base our trust in statements on a variety of things, including: past history, what others say about veracity, external facts in our possession, and motives. 8.3.6. "What are the legal views on anonymity?" + Reports that Supreme Court struck down a Southern law requiring pamphlet distributors to identify themselves. 9I don't have a cite on this.) - However, Greg Broiles provided this quote, from _Talley v. State of California_, 362 U.S. 60, 64-65, 80 S.Ct. 536, 538-539 (1960) : "Anonymous pamphlets, leaflets, brochures and even books have played an important role in the progress of mankind. Persecuted groups and sects from time to time throughout history have been able to criticize oppressive practices and laws either anonymously or not at all." Greg adds: "It later says "Even the Federalist Papers, written in favor of the adoption of our Constitution, were published under fictitious names. It is plain that anonymity has sometimes been assumed for the most constructive purposes." [Greg Broiles, 1994-04-12] + And certainly many writers, journalists, and others use pseudonyms, and have faced no legal action. - Provided they don't use it to evade taxes, evade legal judgments, commit fraud, etc. - I have heard (no cites) that "going masked for the purpose of going masked" is illegal in many jurisdictions. Hard to believe, as many other disguises are just as effective and are presumably not outlawed (wigs, mustaches, makeup, etc.). I assume the law has to do with people wearning ski masks and such in "inappropriate" places. Bad law, if real. 8.3.7. Some Other Uses for Anonymous Systems: + Groupware and Anonymous Brainstorming and Voting - systems based on Lotus Notes and designed to encourage wild ideas, comments from the shy or overly polite, etc. - these systems could initially start in meeting and then be extended to remote sites, and eventually to nationwide and international forums - the NSA may have a heart attack over these trends... + "Democracy Wall" for encrypted messages - possibly using time-delayed keys (where even the public key, for reading the plaintext, is not distributed for some time) - under the cover of an electronic newspaper, with all of the constitutional protections that entails: letters to the editor can be anonymous, ads need not be screened for validity, advertising claims are not the responsibility of the paper, etc. + Anonymous reviews and hypertext (for new types of journals) + the advantages - honesty - increased "temperature" of discourse + disadvantages - increased flames - intentional misinformation + Store-and-forward nodes - used to facillitate the anonymous voting and anonymous inquiry (or reading) systems - Chaum's "mix" + telephone forwarding systems, using digital money to pay for the service - and TRMs? ... We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From declan at well.com Tue Sep 3 22:48:11 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 4 Sep 1996 13:48:11 +0800 Subject: Save the Howitzers (was Re: The Esther Dyson Flap) Message-ID: TCM wrote: >And please spare us the "save the howitzers" comment. We talk about what >concerns us. As it happens, our political opponents don't read our words, >whereas a bunch of EFF board members apparently do, and so our criticisms >here may cause EFF to actually confront the issue of anonymity and decide >where they actually stand. I think Tim's comments are generally on-point. EFF board members are paying attention to discussions on the cypherpunks list and the organization would appear to be moving in a direction that will result in a solid pro-anonymity policy. For reference, EPIC's position is: "Our position is that we strongly support anonymity both for speech and for transactions. The right to anonymous speech is a constitutionally protected right (Tally v. California, McIntrye v Ohio) and we believe that it equally applies in cyberspace. Anonymous transactions are a key way (and perhaps the only way that really works) to provide privacy on the net." CDT's current position is: "CDT believes that anonymous political speech is protected under the first amendment and would oppose any effort to restrict or curtail it on the Net." -Declan From jamesd at echeque.com Tue Sep 3 22:52:22 1996 From: jamesd at echeque.com (James A. Donald) Date: Wed, 4 Sep 1996 13:52:22 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609040334.UAA19232@dns1.noc.best.net> At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote: > Not necessarily. The character of the anonymous speech is decisive. If you > use anonymity to cloak harassment, for instance, the anonymity (which > removes accountability) is a problem. The accountability issue is real and > should be addressed, not evaded. No: The harassment is the problem, not the anonymity that makes it possible. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From mpd at netcom.com Tue Sep 3 22:53:21 1996 From: mpd at netcom.com (Mike Duvos) Date: Wed, 4 Sep 1996 13:53:21 +0800 Subject: The Esther Dyson Flap In-Reply-To: Message-ID: <199609040316.UAA27856@netcom16.netcom.com> Timothy C. May writes: > Indeed, I support the elimination of concepts such as > "slander" and "libel" precisely because they cause more harm > than good. Currently, there is an illusion among ordinary > citizens that "if that was untrue, you could sue him for > libel!" despite the fact that this is rarely practical. In > that way, the law actually adds credibility to what should > be an incredible claim. Eliminate libel suits, and you've > eliminated any presumption that because it's been spoken or > is in print, it's likely to be correct. Reputation performs this function very well, and without expensive litigation. That is why there is really no clear and present danger posed by inacurate information on the Net. Governments shield themselves far better by promoting conspiracy theory as a recreational activity than they ever could by prosecuting people who expose their activities. Drowning signal in noise effectively obscures it without lending credence to material one cannot easily debunk. As they say on X-Files, "The Truth is Out There..." (Somewhere) -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From geeman at best.com Tue Sep 3 22:53:23 1996 From: geeman at best.com (geeman at best.com) Date: Wed, 4 Sep 1996 13:53:23 +0800 Subject: Is Knuth's _AoCP_ still the authority on PRNG? Message-ID: <01BB99D9.9A115240@geeman.vip.best.com> check out "On the Efficient Generation of Cryptographic Confusion and Diffusion Sequences" I may have gotten the title less than perfect. AltaVista will find it for you if you try. Excellent piece. ---------- From: eli+ at gs160.sp.cs.cmu.edu[SMTP:eli+ at gs160.sp.cs.cmu.edu] Sent: Tuesday, September 03, 1996 7:54 PM To: coderpunks at toad.com Subject: Re: Is Knuth's _AoCP_ still the authority on PRNG? Bryce writes: >I'm reading Knuth chapter 3 on "random numbers". Have there >been any major advances since the publication of the second >edition of _The Art of Computer Programming, Volume 2_ in 1981? A much-referenced article: Marsaglia, G. (1985). "A current view of random number generation". In L. Billard (ed.), _Computer Science and Statistics: The Interface_. A more recent survey, which I haven't read: L'Ecuyer, P. (1990). "Random numbers for simulation". CACM 87, no. 10, 85-97. I read the resulting _NYT_ blurb, but not the paper: Ferrenberg et al. (1992). "Monte Carlo simulations: Hidden errors from `good' random number generators". Phys. Rev. Lett. 69, 3382-4. This is from the "simulation" angle, which is where Knuth is coming from. For crypto you may be interested in the complexity-theoretic approach (things like Blum-Blum-Shub), which is a whole different field. >Are any of the ideas advocated in chapter 3 now considered >inadvisable? I think the Marsaglia paper sank Knuth's recommended generator. "Sank" is a relative term, of course. -- Eli Brandt eli+ at cs.cmu.edu From jonl at well.com Tue Sep 3 22:56:43 1996 From: jonl at well.com (Jon Lebkowsky) Date: Wed, 4 Sep 1996 13:56:43 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.32.19960904032356.006dd760@mail.well.com> At 05:56 PM 9/3/96 -0800, jim bell wrote: >"Addressed", maybe, but that doesn't necessarily mean, "solved." For many >decades, people have been able to walk up to a pay telephone at 3:00 AM and >make a harassing phone call to somebody, a "problem" which still exists and >no solution is being implemented for. > >I think it's reasonable to come to the conclusion that there is no solution >to the anonymity "problem" that isn't worse than the underlying anonymity. >And, BTW, I don't consider a pro-anonymity position to be an extremist one. Yeah, the main point re. anonymity, IMO, is that you can't pretend that it's all pro, no con. You have to acknowledge and think through the negatives...and, as Tim May pointed out, that's already been done. I don't think you oughtta ream somebody for pointing to the down side. That you raise an issue should never be taken to imply that you've taken a position, and it's vital to remain open to discussion and entertain sentiments that oppose your own thinking. -- Jon Lebkowsky FAX (512)444-2693 http://www.well.com/~jonl Electronic Frontiers Forum, 6PM PDT Thursdays "No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky From dlv at bwalk.dm.com Tue Sep 3 23:01:34 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Sep 1996 14:01:34 +0800 Subject: Voting Monarchist? In-Reply-To: <199609032341.QAA24172@netcom.netcom.com> Message-ID: <42oPTD12w165w@bwalk.dm.com> qut at netcom.com (Dave Harman OBC) writes: > ! > > Vote Monarchist > ! > > ! > who is the candidate? LaRouche? > ! > ! Harry Brone is a fucking statist. If he weren't, he wouldn't be running > ! for president. Anyone who doesn't advocate killing all kings, presidents, > ! and prime ministers is a fucking statist and should be beaten to a pulp > ! with a rattan stick. > > That's the problem with the Libertarians, they've got some sort of > hang up about beatings. Must be some childhood difficulties. I ain't no fucking Libertarian. All Libertarians are fucking statists. P.S. you also wrote: ]Andie, that forgery was either Dr. Fuckhead, or someone trying to pin ]the blame on the good doctor. I'm glad {s}he posted it, it was funny ]and it also gave a hint who did the forgery of Ingrid. Either ]someone out to get him, or the doctor himself, if so, he lives in ]New York City too! Maybe you can meet your secret admirer! While Rich Graves is a proven liar and forger, the article you refer to is a perfectly good and authentic article from Rabbi Shlomo R. I don't know who forged Ingrid - probably Rich Graves, a proven forger, liar, and a fucking Libertarian statist. ]Now if it's someone out to get the doctor, I'd pin the blame on ]Rich Graves, because of his obssessive hatred of Ingrid, in which ]he did the post so it could be blamed on Dr. Fuckhead, who ]perhaps would hate Ingrid too, because she has written many times ]about how her family was hurt by Russians and Jews. Dr. Fuckhead ]may be Jewish, you know, since 80% of immigrants from Russia this ]generation have been Jewish, because Jews have first priorty in ]USA immigration law. Yes, I'm Jewish. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jonl at well.com Tue Sep 3 23:05:06 1996 From: jonl at well.com (Jon Lebkowsky) Date: Wed, 4 Sep 1996 14:05:06 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.32.19960904034147.006f6cd4@mail.well.com> At 08:04 PM 9/3/96 -0700, Timothy C. May wrote: >The reason this is such a hot button for Cypherpunks is that "responsible >freedom" and "accountability" are often code words for controlling some >very basic freedoms. Placing limits on anonymous speech would involve some >very fundamental restrictions on freedoms of various sorts. Even if >"safeguards" are built-in, the effect would almost certainly be to >illegalize remailers (unless they had "escrow" features!). And a wide array >of other freedoms, too numerous for me to write about here. The terms "responsibility" and "accountability" are misused, which is unfortunate, since I think we'd all argue in favor of taking responsibility for our speech/actions in a positive sense. The negative is in asking me to sacrifice my freedom because some few behave irresponsibly. This is like setting an illogical default, assuming that it's a preventive, but it prevents nothing. Getting beyond this discussion of EFF, has any global entity discussed making remailers illegal? jonl -- Jon Lebkowsky FAX (512)444-2693 http://www.well.com/~jonl Electronic Frontiers Forum, 6PM PDT Thursdays "No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky From mech at eff.org Tue Sep 3 23:05:55 1996 From: mech at eff.org (Stanton McCandlish) Date: Wed, 4 Sep 1996 14:05:55 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609032113.OAA06380@dns2.noc.best.net> Message-ID: <199609040043.RAA05468@eff.org> James A. Donald typed: > > At 12:53 PM 9/3/96 -0700, Stanton McCandlish wrote: > > EFF in generally does not issue extremist position > > statements, but is careful to examine the risks as well as the benefits, > > and look for pro-liberty solutions to those risks. > > If the right to speak anonymously is an "extremist" position in the eyes > of the EFF, then they are no friends of liberty. Recognition of the right to anything without recognition of the ethics that need to be observed in excerising that right, is an extremist position just as much as is a demand people give up liberty so that "responsibility" can be enforced. It's probably far less dangerous in most cases, but it's still rather indefensible. That's all. We certainly do NOT advocate what you may be misinterpreting as our position: that rights should or must be taken away when people behave unethically, or due to the fear that people will behave unethically. That's precisely the opposite of our opinion on everything we have an opinion on. We hold that liberty must be preserved *in spite of* inevitable abuses. But we also hold that it's important to know the ethics that come with rights, to adhere to them, to educate other people about them. Otherwise the rights aren't worth much. What is the value of free speech if every message you receive is a threat, defamation, spam, or private information stolen from someone else? (to give a fairly extreme example). > It is the overwhelmingly mainstream position, not just among netizens, > but when last heard, amongst supreme court judges and ordinary people > in the street. I believe we are talking about precisely the same position, just in different terms. Let's not argue. :) -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From banisar at epic.org Tue Sep 3 23:06:43 1996 From: banisar at epic.org (Dave Banisar) Date: Wed, 4 Sep 1996 14:06:43 +0800 Subject: Anonymity Message-ID: Speaking of anonymous transactions, a fair trading office in London found that mondex is not truly anonymous (they were claiming it for a while until the complaint was filed by PI director Simon Davies). A couple of docs are available at http://www.privacy.org/pi/activities/mondex/ Dave _________________________________________________________________________ Subject: Anonymity _________________________________________________________________________ David Banisar (Banisar at epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * HTTP://www.epic.org Washington, DC 20003 * ftp/gopher/wais cpsr.org From tcmay at got.net Tue Sep 3 23:11:52 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 4 Sep 1996 14:11:52 +0800 Subject: Reputations Message-ID: Something closely related to anonymity issues is _reputation_. As I keep saying, there have been dozens of articles on this and similar topics. Mostly in the early days, when we were exploring such things (well, some of us has started exploring them some years earlier...). Regrettably, the archive system is not very functional, especially not for older articles (there are rumors that L. Todd Masco took down the archive site due to pressure from the "Wall Street Journal" over their copyrighted articles in the archives...those Web spiders find all such copyright violations!). Here's another fragment of my Cyphernomicon, making some points about positive reputations. Briefly, think of "restaurants" when thinking about reputations. If one arrives in a new city, most restaurants may have the same baseline reputation, e.g. "none." A few may be known by name, for their "reputation," either good ("You have to eat at Louie's--the laser chicken is incredible") or bad ("Blecch!). Positive reputations and negative reputations are self-explanatory. And the reputations of others may affect the reputations of restaurants ("John Gilmore says he likes the Burma Burger on Castro Street."). Bad recommendations may affect the "reputation capital" of John, for example. (We speak of "reputation capital" because it can in some sense be "spent.") And so on. Many of the debates about anonymity seem to ignore reputations, filters, kill files. It is almost as if the critics of anonymous speech are saying "If there is not accountability for restaurant recommendations, we'll all be buried in garbage food." This ignores the _emergent order_ or _evolutionary_ nature of actors in the restaurant and restaurant evaluator market. Free speech is often messy. 98% of everything I read or hear is crap, to do Sturgeon one better. But I use judgement to decide what to read, who to listen to, and what to mostly ignore. I use _reputation_ to choose restaurants, books, movies, speakers to listen to, etc. Sometimes I listen to anonymous speech, but mostly I don't. Pseudonyms take a while to gather a "positive reputation," and some never do. This is the way speech works. "Accountability" is a red herring. Anyway, here's the promised excerpt: 15.5.5. reputations are what keep CA systems from degenerating into flamefests - digital pseudonyms mean a trail is left, kill files can be used, and people will take care about what they say - and the systems will not be truly anonymous: some people will see the same other people, allowing the development of histories and continued interactions (recall that in cases where no future interaction is exected, rudeness and flaming creeps in) + "Rumormonger" at Apple (and elsewhere) always degenerates into flames and crudities, says Johann Strandberg - but this is what reputations will partly offset 15.5.6. "brilliant pennies" scam 15.5.7. "reputation float" is how money can be pulled out of the future value of a reputation 15.5.8. Reputation-based systems and repeat business + reputations matter...this is the main basis of our economic system - repeat business....people stop doing business with those they don't trust, or who mistreat them, or those who just don't seem to be reputable - and even in centrally-controlled systems, reputations matter (can't force people to undertake some relations) - credit ratings (even for pseudonyms) matter - escrow agents, bonding, etc. - criminal systems still rely on reputations and even on honor - ironically, it is often in cases where there are restrictions on choice that the advantages of reputations are lost, as when the government bans discrimination, limits choice, or insists on determining who can do business with who + Repeat business is the most important aspect - granularity of transactions, cash flow, game-theoretic analysis of advantages of "defecting" - anytime a transaction has a value that is very large (compared to expected future profits from transactions, or on absolute basis), watch out - ideally, a series of smaller transactions are more conducive to fair trading...for example, if one gets a bad meal at a restaurant, one avoids that restaurant in the future, rather than suing (even though one can claim to have been "damaged") - issues of contract as well We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Tue Sep 3 23:13:42 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 4 Sep 1996 14:13:42 +0800 Subject: What is the EFF doing exactly? Message-ID: At 3:41 AM 9/4/96, Jon Lebkowsky wrote: >The terms "responsibility" and "accountability" are misused, which is >unfortunate, since I think we'd all argue in favor of taking responsibility >for our speech/actions in a positive sense. The negative is in asking me to >sacrifice my freedom because some few behave irresponsibly. This is like >setting an illogical default, assuming that it's a preventive, but it >prevents nothing. Well, I've written a lot (or forwarded a lot) on various aspects of this issue. Both terms are _overloaded_, probably to the point of not even being useful terms for this debate. Everyone comes in to the debate with their notions of what "responsible" speech is, what "accountability" entails, etc. Having said this, and not knowing how your (or anyone else's) definitions relate to mine, I simply don't agree that I have to take responsibility for all of my speech/actions. I can think of many cases where I have elected to use untraceable anonymity, as many others have, so those are direct counterexamples to your point, thus disproving your "I think we'd all argue in favor of taking responsibility" point. (A vast number of other points worthy of discussion. I am happy to hear from at least two EFF "insiders" that this issue is being discussed within EFF as we speak. It's about time. Anonymity is a whole lot more than just about "anonymous posts" from "Mr. Anonymous." The issue hits on issues of True Names, speech licenses, escrow, legality of remailers, business vs. personal speech, etc.) >Getting beyond this discussion of EFF, has any global entity discussed >making remailers illegal? > By "global entity" do you mean the U.N., or the Borg? The G7 issued a typically vague statement about cracking down on terrorist communications...this could be construed as the beginnings of an assault on Cypherpunkish sorts of things. Too soon to tell. The Church of Scientology (the same group which favorable quotes Esther Dyson's concerns about anonymity and dangerous speech) has of course been targetting remailers for a long time. Not in getting them outlawed, but in getting them to to divulge names and logs. This has the effect of harassing remailers, and causing some to discontinue them...probably a desired effect. Julf's shutdown of Penet they probably are dancing a jig over (but the last laugh will be when users transition to a world-wide, distributed, robust network of Cypherpunks-style remailers). Within the U.S. there are few ways remailers could be shut down, in terms of legal action. The various Supreme Court cases have been discussed many times. I suspect the Digital Telephony Act could be invoked to demand that ISPs make their systems wiretappable: then, if the presence of a remailer defeats this wire-tappability, the ISP could force the remailer off. (I'm not an expert, but I believe DT doesn't apply to computer bulletin boards and ISPs, only to phone systems. But as Internet telephony spreads, and any ISP may also be a de facto phone system, couldn't the language of DT be extended to cover ISPs? This is something I worried about at the time the EFF helped give us Digital Telephony.) If legislation passes that makes carrying and producing identification mandatory (and this could happen by either the immigration or anti-terrorism route, or both), and if the Postal Service succeeds in getting accepted their scheme to require positive identification of all letter and package senders, then the same sorts of laws could be used to require that all e-mail messages have a True Name attached. Poof, there go the remailers. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From hvdl at sequent.com Tue Sep 3 23:55:59 1996 From: hvdl at sequent.com (Hans Unicorn Van de Looy) Date: Wed, 4 Sep 1996 14:55:59 +0800 Subject: Passive Trojan (was:Re: HAZ-MAT virus) In-Reply-To: Message-ID: <9609040450.AA01346@amsqnt.nl.sequent.com> Hi Tim, The one-and-only Timothy C. May once stated: ! At 9:38 AM 9/3/96, Hans "Unicorn" Van de Looy, aka "Deep Throat," wrote: ! >:: ! >Request-Remailing-To: remailer at huge.cajones.com ! .... ! >:: ! >Request-Remailing-To: remailer at remailer.nl.com ! .... ! >:: ! >Request-Remailing-To: furballs at netcom.com (Paul S. Penrod) ! > ! ! ! >Deep Throat. ! ! ! Hey, Hans, ya gotta watch those "Cc: cypherpunks at toad.com" lines! Like I explained before, this was a problem with a user of one of my/our systems, and has been taken care of. ! At least now we know who the _other_ "Unicorn" is. Well that has never been a secret... Has it? ! How's Sequent doing? Is Casey Powell still there? Sequent is doing extremely well. New architecture well on it's way, looking good! And yes, Casey is still in charge. Wanna know more? Then let's continue this off line... ! --Tim May ! ! We got computers, we're tapping phone lines, I know that that ain't allowed. ! ---------:---------:---------:---------:---------:---------:---------:---- ! Timothy C. May | Crypto Anarchy: encryption, digital money, ! tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero ! W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, ! Licensed Ontologist | black markets, collapse of governments. ! "National borders aren't even speed bumps on the information superhighway." -- GreetZ, Hans. ==== _ __,;;;/ TimeWaster on http://www.IAEhv.nl/users/hvdl ============ ,;( )_, )~\| Hans "Unicorn" Van de Looy PGP: ED FE 42 22 95 44 25 D8 ;; // `--; GSM: +31 653 261 368 BD F1 55 AA 04 12 44 54 '= ;\ = | ==== finger hvdl at sequent.com for more info =================== From flengyel at dorsai.org Wed Sep 4 00:03:00 1996 From: flengyel at dorsai.org (Florian Lengyel) Date: Wed, 4 Sep 1996 15:03:00 +0800 Subject: The Esther Dyson Flap In-Reply-To: Message-ID: <322D3D08.314@dorsai.org> Dr.Dimitri Vulis KOTM wrote: > >>[excise] > > The gubment has no right to fuck with any speech - (seditius) libel, child > porn, bomb-making instructions... > Agreed. Otherwise, by a slipery slope argument, they can eventually supress any form of speech whatsoever. > > Dr.Dimitri Vulis KOTM > Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From ses at tipper.oit.unc.edu Wed Sep 4 00:43:16 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Wed, 4 Sep 1996 15:43:16 +0800 Subject: rc2 export limits.. In-Reply-To: Message-ID: It's the usual - if you want commercial jurisdiction, 40 bits unescrowed 64 bits (16 escrowed) Above that, you'll have to go through state on a per customer basis (which I don't think is that easy to get if software is being shipped outside the US, and is definitely going to be expensive.) Simon --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From declan at well.com Wed Sep 4 00:44:00 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 4 Sep 1996 15:44:00 +0800 Subject: Workers of the Web, UNITE! Message-ID: Tired: Libertarian cypherpunks Wired: Crypto-socialists "Whether they be fast-food workers, word processors, or micro-chip assemblers, today's non-union wage workers need the IWW's brand of no-compromise unionism even more than their predecessors." :) -Declan http://iww.org/tandv.html > THE WOBBLIES: > > Tactics and Vision for a New Workers' Movement > > An Introduction to the Industrial Workers of the World (IWW) > > ISN'T THE IWW JUST FOR FACTORY WORKERS? > > Every worker is an "industrial" worker - whether they work in health > care, tourism, education, or publishing. The relatively recent > association between the word "industry" and heavy manufacturing is > misleading, and was never intended to be by the founders of the IWW. > If you earn your living by working with your hands or your mind, > then you're welcome in the IWW. Only bosses (defined as those with > direct power to hire and fire) are excluded from IWW membership. > > The Wobblies (as members of the IWW are known) have historically > focused on helping organize those workers that the American > Federation of Labor (AFL) shunned. In the early 1900s that meant > African-Americans, immigrants, women, and unskilled laborers. Today > that means curbside recyclers, non-profit staffers, temp workers, > sex-industry workers, co-op employees -- in short, any worker in any > workplace regardless of size or structure. > > CAN THE IWW HELP ME TO IMPROVE THE WAGES OR WORKING CONDITIONS AT MY > CURRENT JOB? > > That largely depends on you. The IWW is a "do-it-yourself" union, > and does not provide an all-knowing leadership or hefty treasury to > fight your battles for you. But if you're willing to organize at > your job-site by talking with your co-workers about the issues that > matter to them, then you can count on your fellow workers in the IWW > to lend their full support to your struggle. > > Individual workers can accomplish little by themselves, and are > liable to be fired if they raise their voice in protest. But by > joining together in a union such as the IWW, workers are far more > powerful when confronting their boss about workplace injustices. Our > union can provide tangible, community-based resources such as > low-cost printing, speakers, legal advise, and how-to manuals, as > well as bodies on a picket line. You won't get bureaucrats in suits > and ties telling you how to run your strike, just friends lending a > hand where they can. > > THE IWW AND MAINSTREAM LABOR > > For almost a century, the leadership of the AFL-CIO has worked hand > in hand with the capitalists to squelch rank and file militancy. > Their overriding concern has been "industrial harmony," not economic > and social justice, and so they fail to question the most basic > assumptions of capitalist production. While union bosses play golf > with the titans of industry, real wages and safety conditions have > continued to worsen these last thirty years or so. > > Regular AFL trade unions split workers up into their respective > skills, allowing one craft union to cross the picket line of > another. The IWW believes in "industrial unionism," organizing all > workers in a given industry into the same union (thus our name). At > a construction site, for instance, the carpenters should be able to > count on the unswerving support of the plumbers, laborers, > electricians, and hod carriers in the event of a strike. This is > much simpler when all these workers are in the same industrial > union, rather than separate, even competing, trade unions. > > Some Wobblies find themselves in jobs where they are represented by > these more conservative trade unions. These "two- card" Wobs often > bring their IWW principles to the union hall with them, agitating > for rank and file democracy, more militant "direct action" tactics, > and class solidarity. The IWW does not believe in signing away the > right to strike ( the so-called "no strike" clause), nor does it > condone the "dues check-off," in which management deducts union dues > directly from the paycheck. While the IWW often does strike support > for other unions when necessary, we also try to keep our sights on > the bigger prize ahead. > > DIDN'T THE IWW DIE OUT? ARE ITS IDEAS STILL RELEVANT? > > The IWW was nearly crushed in the early 1920's by some of the > fiercest repression ever unleashed by big business and the U.S. > government. Because the IWW had strongholds in industries that were > critical to the First World War effort, and because they refused to > do their patriotic bit by signing no-strike pledges for the duration > of the war, the Wobblies were branded "pro-German" and relentlessly > persecuted. > > The world economy has changed a lot since the days when the IWW > controlled great sections of the logging, mining, and agricultural > industries. Yet despite tremendous technological advances and the > structural reorganization of capital, industrial unionism remains a > fundamentally sound basis for workers' self- organization. Today, > while mainstream labor tries desperately to hold its ground against > the anti-worker policies of the ruling political parties, vast new > sectors of the economy have opened up that the AFL-CIO would never > dream of organizing. > > Whether they be fast-food workers, word processors, or micro- chip > assemblers, today's non-union wage workers need the IWW's brand of > no-compromise unionism even more than their predecessors. Winning > the eight-hour day was not enough. We must redefine the very meaning > of work itself, and find ways to redistribute society's wealth for > the benefit of all. > > DOES THE IWW SUPPORT ANY POLITICAL PARTY? > > The IWW is a labor union, not a political party. We believe that > economic justice must be achieved through economic struggle, whether > that be with our boss or our landlord. The institutions of > government have always proven themselves to be the allies of > Capital, so we do not wait for politicians to free us from wage- > slavery. We believe our power lies in the workplace, not in "the > vote" - since it is our labor on which bosses are dependent. > > The IWW has successfully resisted attempts by various "left" parties > to make the union a mere tool of their political ambitions. Our > Constitution explicitly states "the IWW refuses all alliances, > direct and indirect, with existing parties and anti-political > sects." This policy has helped us avoid the sectarian feuding that > can easily destroy a group. > > True, our commitment to worker control and the abolition of > capitalism has not won us any friends among the ruling elites, and > our disavowal of all political party affiliation has not prevented > us from being red-baited. We address the root causes of this > society's problems, and that makes us "radical," but we have the > common sense to leave our electoral political views outside the > union hall where they belong. > > WHAT IS DIRECT ACTION? > > The labor movement has been most successful when it relied on the > direct intervention of the workers to obtain their demands. Rather > than allowing professional negotiators to speak for them, Wobblies > have engaged in those tactics which they could control themselves -- > strikes, slowdowns, monkey wrenching -- what we call sabotage. > > Sabotage in this context does not mean arson and dynamite. It's more > properly defined as "the conscious withdrawal of efficiency." > Staying at your workstation but reducing your production by half > will bring a boss to his knees quicker than a whole team of > negotiators. > > The IWW has never advocated violence. By fighting for justice with > non-violent tactics, the IWW has often won the support of an > initially mistrustful public. > > WHAT IS A GENERAL STRIKE? > > The General Strike has long been touted by militant unionists as the > ultimate expression of workers' power, and it still plays an > important role in the IWW's program for social change. Simply put, a > General strike is a massive work stoppage on a local, regional, or > national scale, and may involve people either staying home or > occupying their workplaces and refusing to work. > > A General Strike halts business as usual, and serves notice to those > in power that those of us doing the work have the ultimate say in > whether that work gets done or not. It debunks the myth that power > flows downward, and proves instead that all real power still resides > at the grassroots level, if we only choose to exercise it. > > The general Strike is a common tactic in many countries of the > world, yet most North American workers are unfamiliar with it. This > is largely the result of the conservative trade unions' reluctance > to flex their economic muscle and rock the boat. A great deal of > education and organization must take place before North American > workers are ready to wage a successful General Strike, and it's > toward this end that the IWW dedicates itself. > > THE IWW AND FEMINISM > > Women have been active in the IWW since its inception. Elizabeth > Gurley Flynn, one of the union's best know agitators, once said that > "the IWW has been accused of pushing women to the front. This is not > true. Rather, the women have not been kept in back, and so they have > naturally moved to the front." > > Much of the work that has traditionally been done by women was not > recognized as such by the male-run business unions. The IWW supports > the right of homemakers, sex-industry workers, and other women to > organize for better conditions and wages just like other workers. > > THE IWW AND MILITARISM > > Wars between nations have never benefitted the working class, and > they never will. The war profiteers, safe in their mansions and > boardrooms, never consider the human cost of their military > adventurism. Working people are mere cannon fodder for their > corporate and imperialist ambitions. > > Real working class solidarity does not recognize the artificial > borders erected between nation-states, but instead unites against a > common class enemy. Poor people, especially those of color, make up > a disproportionate part of the armed forces, simply because few > other economic options are available. > > To put an end to war, working people must lay down their arms and > refuse to fight for their masters. Unfortunately, many have been > brainwashed into thinking that their interests are the same as those > of the people in power, so this is easier said than done. > Nevertheless, the IWW is committed to fighting patriotic propaganda > by educating workers about where their real self-interest lies. > > THE IWW AND THE ENVIRONMENT > > Bhopal, Chernobyl, the Exxon Valdez oil spill... These are just a > few examples of how dangerous it can be to put profit before people. > Government regulation and public outcry can at best slow down the > destruction of our planet, not reverse it. > > Workers and their families suffer the worst effects of pollution. > The workplace continues to be a very dangerous environment, and > working class communities are often the site for toxic dumps, > incinerators, and the like. > > Workers' control of all industry is the only practical strategy for > assuring the practice of sustainable and environmentally sound forms > of production. For if the workers in all polluting industries were > to withdraw their labor, the poison factories could be shut down in > a matter of weeks. The workers themselves must decide whether or not > what they produce is socially useful. > > JOIN THE I.W.W. > > NO BUREAUCRATS - Aside from the modestly paid General > Secretary/Treasurer, the I.W.W. has no paid officers. The General > Executive Board is elected annually by the entire membership, and > its job is to oversee the running of union affairs, not to set > policy. All officers may be recalled at any time by referendum. > > REAL DEMOCRACY - All policy decisions are made by the members > themselves by referendum. All branches maintain full autonomy on > matters within their jurisdiction. Job branches (I.W.W. groups > composed of workers at a single job-site) set their own demands and > strategies in negotiations, free of meddling internaitonals or > sellout business agents. > > LOW DUES - Our dues are structured on a sliding scale basis. > Unemployed and low-income workers pay $5 a month; those making > between $800 and $1,700 per month pay $9; members making more than > $1,700 per month pay $12 monthly dues; and workers in extremely poor > financial situations may pay only $3 per month. Initiation fees > equal one month's dues; so a very low-income worker can join for as > little as $6. > > TO JOIN - Fill out the questions below and send a copy of this form > with your check or money order (in U.S. funds) to I.W.W., 103 W. > Michigan Ave., Ypsilanti, MI 48197, USA. > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > ___ I affirm that I am a common worker without direct power to hire > and fire. > > ___ I agree to abide by the constitution and regulations of this > organization. > > ___ I will study its principles and make myself acquainted with its > purposes. > > Name ____________________________________________________________ > > Occupation ______________________________________________________ > > Industry ________________________________________________________ > > Address _________________________________________________________ > > City ____________________________________________________________ > > State/Province __________________________________________________ > > Zip _____________________________________________________________ > > Phone ___________________________________________________________ > > Email ___________________________________________________________ > > Total amount enclosed $__________________________________________ > > Initiation $_____________________________________________________ > > Dues $ __________________________________________________________ > > When you join the I.W.W., you'll receive a free subscription to our > newspaper, the Industrial Worker, in addition to your membership > card, constitution, button, and the One Big Union pamphlet which > describes the structure and function of the I.W.W. in detail. You'll > also start to get a monthly publication for members only called the > General Organization Bulletin, which contains Board motions, > financial reports, and members' discussion of various internal > matters such as upcoming referenda. And if you have access to email, > you'll be invited to join a growing network of Wobblies engaging in > on-line communications. > > IWW PREAMBLE > > The working class and the employing class have nothing in common. > There can be no peace so long as hunger and want are found among > millions of working people; and the few, who make up the employing > class, have all the good things in life. > > Between these two classes a struggle must go on until the workers of > the world organize as a class, take possession of the machinery of > production, abolish the wage system, and live in harmony with the > earth. > > We find that the centering of the management of industries into > fewer and fewer hands makes the trade unions unable to cope with the > ever growing power of the employing class. The trade unions foster a > state of affairs which allows one set of workers to be pitted > against another set of workers in the same industry, thereby helping > to defeat one another in wage wars. Moreover, the trade unions aid > the employing class to mislead the workers into the belief that the > working class has interests in common with its employers. > > These conditions can be changed and the interests of the working > class upheld only by an organization formed in such a way that all > its members in any one industry, or in all industries if necessary, > cease work whenever a strike or lockout is on in any department > thereof, thus making an injury to one an injury to all. > > Instead of the conservative motto, "A fair day's wage for a fair > day's work," we must inscribe on our banner the revolutionary > watchword, "Abolition of the wage system." > > It is the historic mission of the working class to do away with > capitalism. The army of production must be organized, not only for > the everyday struggle with capitalists, but also to carry on > production when capitalism shall have been overthrown. By organizing > industrially we are forming the structure of the new society within > the shell of the old. > > CONTACT THE IWW GENERAL HEADQUARTERS AT > 103 W. Michigan Ave. > Ypsilanti, MI 48197, USA > ph: 313-483-3548 > fax: 313-483-4050 > email: iww at igc.apc.org From jimbell at pacifier.com Wed Sep 4 00:49:14 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 4 Sep 1996 15:49:14 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609040534.WAA18683@mail.pacifier.com> At 10:41 PM 9/3/96 -0500, Jon Lebkowsky wrote: >The terms "responsibility" and "accountability" are misused, which is >unfortunate, since I think we'd all argue in favor of taking responsibility >for our speech/actions in a positive sense. The negative is in asking me to >sacrifice my freedom because some few behave irresponsibly. This is like >setting an illogical default, assuming that it's a preventive, but it >prevents nothing. > >Getting beyond this discussion of EFF, has any global entity discussed >making remailers illegal? The Leahy crypto bill introduced early this year made (paraphrasing) "the use of encryption to thwart a law-enforcement investigation illegal." I immediately pointed out that while this wouldn't make _encrypted_ remailers illegal, per se, effectively it would because the moment an investigation (even a phony or trumped-up one) is started and is "thwarted" by the encryption used, the remailer operator became guilty of a crime. True, the USG isn't quite a "global entity" (even though it has a nasty habit of behaving like it!), but along with Europe (which would presumably treaty with USG any such restrictions) it's the next closest thing. Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Wed Sep 4 01:09:25 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 4 Sep 1996 16:09:25 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609040412.VAA13877@mail.pacifier.com> At 03:02 PM 9/3/96 -0700, Stanton McCandlish wrote: >> But we do not want legislation, so we do not want to help write legislation. >> >> We want to delay legislation for as long as possible, for the longer the >> delay, the more the balance of power favors the net and disavors the pols. >> >> Therefore the correct strategy is simply to attack any politician who shows >> any interest in legislating on our issues. >> >> We have no friends on Capitol hill, and if we did have friends, it would >> still be necessary to denounce them as enemies. > >I agree with the general sentiment behind this, but I think it may go a >bit overboard. For example, it is worthwhile to support Pro-CODE and SAFE >(the two crypto bills now floating around in Congress). On the surface >they both appear to threaten the viability of the Bernstein, Karn and >Junger cases, but in reality neither of these bills have a chance in hell >of passage. Be careful, Leahy's bill sucked. I don't classify it as "pro-crypto" at all, although if you believed those organizations that initially supported it you'd come to that conclusion. So somebody following your analysis (blindly) might have inadvertently embraced a clunker, concluding that supporting SOMETHING was important for the reasons you listed. And while this may appear to be paranoia, I suspected that that the whole reason for the Leahy bill was to get the "criminalization of the use of encryption" section on the books, the one truly awful part of the bill. The funny thing is, it almost worked! Didn't it, EFF?!? Burns' bill seems to be at least moderately acceptable, in that it appears to remove most restrictions on crypto export. Further, I don't necessarily share your pessimism that these bills won't pass. Not this year, of course, but possibly next year. Jim Bell jimbell at pacifier.com From jf_avon at citenet.net Wed Sep 4 01:12:14 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Wed, 4 Sep 1996 16:12:14 +0800 Subject: [NOISE^2] Re: Voting Monarchist? Message-ID: <9609040557.AA13191@cti02.citenet.net> On 3 Sep 96 at 16:06, David M. Rose wrote: > Dimitri, err, Dr. Vulis, or is that Dr. Nuri?, Well, is astonishlingly sounds the same... Makes me think of a rabbid Det<^h^h^h>Rotweiler. :) jfa From qut at netcom.com Wed Sep 4 02:05:26 1996 From: qut at netcom.com (Dave Harman OBC) Date: Wed, 4 Sep 1996 17:05:26 +0800 Subject: {Rich Graves Only} Enclosed Message-ID: <199609040443.VAA23153@netcom.netcom.com> Newsgroups: alt.revisionism,alt.fan.ernst-zundel,alt.politics.white-power Subject: Re: Nomination: The Right Reverend Colin James III for Kook of the Month References: <50i362$71q at Networking.Stanford.EDU> In <50i362$71q at Networking.Stanford.EDU> llurch at stanford.edu (Rich Graves) writes: ! shlomo at bwalk.dm.com () writes: ! >The Right Reverend Colin James III got Andrew Mathis ! >fired from his second job in two months (at the Princeton Review, on Thursday). ! >I hereby nominate the dear bishop for both the Kook of the Month for September ! >1996 and for the Golden Killfile Award. Vote early and often! ! ! Vulis, you've already earned your Kook of the Month laurels. It's nap ! time. Since you know that is Dr. D, why did you blame the harassment of Ingrid on Rev. Ron?!????? It looks like you did it to pin it on the doctor, or more likely, you saw the opportunity to harass Rev. Ron, even after you feigned praise of him! It's the same damned header, IDJIT. Of course, I never saw the headers for the unidentified harasser to the Zgrams list, was that the same header, too? It looks like you did it or you know who did it and you want to compound harassment on to nswpp! How Gravesian! Is Dr. D your friend your talking about? Dr. D, defect, defect! He's a jerk, jerk! -- | | | | | | | | | | | | | | _|__|__|__|__ /--------------\ | | | 0 0 |--\ | * | | | \-------/ | | | \_____/ |__/ \______________/ ����ב�� ������ From qut at netcom.com Wed Sep 4 02:54:01 1996 From: qut at netcom.com (Dave Harman OBC) Date: Wed, 4 Sep 1996 17:54:01 +0800 Subject: Voting Monarchist? In-Reply-To: <42oPTD12w165w@bwalk.dm.com> Message-ID: <199609040710.AAA15682@netcom.netcom.com> ! qut at netcom.com (Dave Harman OBC) writes: ! ! > ! > > Vote Monarchist ! > ! > ! > ! > who is the candidate? LaRouche? ! > ! ! > ! Harry Brone is a fucking statist. If he weren't, he wouldn't be running ! > ! for president. Anyone who doesn't advocate killing all kings, presidents, ! > ! and prime ministers is a fucking statist and should be beaten to a pulp ! > ! with a rattan stick. ! > ! > That's the problem with the Libertarians, they've got some sort of ! > hang up about beatings. Must be some childhood difficulties. ! ! I ain't no fucking Libertarian. All Libertarians are fucking statists. They are. That's why I said the above. I just think voting Libertarian or American Independant would be easy choices, for *single issue* purposes only, their entire packages seperate or together, suck. ! P.S. you also wrote: ! ! ]Andie, that forgery was either Dr. Fuckhead, or someone trying to pin ! ]the blame on the good doctor. I'm glad {s}he posted it, it was funny ! ]and it also gave a hint who did the forgery of Ingrid. Either ! ]someone out to get him, or the doctor himself, if so, he lives in ! ]New York City too! Maybe you can meet your secret admirer! ! ! While Rich Graves is a proven liar and forger, the article you refer ! to is a perfectly good and authentic article from Rabbi Shlomo R. Sure! Why don't you just respond to the e-mail I sent you directly, Dr. D Graves! I, myself, study with the *real* Rabbi Schlomo. ! I don't know who forged Ingrid - probably Rich Graves, a proven forger, ! liar, and a fucking Libertarian statist. ! ! ]Now if it's someone out to get the doctor, I'd pin the blame on ! ]Rich Graves, because of his obssessive hatred of Ingrid, in which ! ]he did the post so it could be blamed on Dr. Fuckhead, who ! ]perhaps would hate Ingrid too, because she has written many times ! ]about how her family was hurt by Russians and Jews. Dr. Fuckhead ! ]may be Jewish, you know, since 80% of immigrants from Russia this ! ]generation have been Jewish, because Jews have first priorty in ! ]USA immigration law. ! ! Yes, I'm Jewish. Aren't we all, really, deep down, I mean, when we real little, I mean, in mind, yesterday, year, in the past. From tcmay at got.net Wed Sep 4 03:00:42 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 4 Sep 1996 18:00:42 +0800 Subject: The Esther Dyson Flap Message-ID: At 3:16 AM 9/4/96, Mike Duvos wrote: >Timothy C. May writes: > > > Indeed, I support the elimination of concepts such as > > "slander" and "libel" precisely because they cause more harm > > than good. Currently, there is an illusion among ordinary > > citizens that "if that was untrue, you could sue him for > > libel!" despite the fact that this is rarely practical. In > > that way, the law actually adds credibility to what should > > be an incredible claim. Eliminate libel suits, and you've > > eliminated any presumption that because it's been spoken or > > is in print, it's likely to be correct. I didn't write this. I agree with it, though. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From pstira at escape.com Wed Sep 4 04:36:50 1996 From: pstira at escape.com (pstira at escape.com) Date: Wed, 4 Sep 1996 19:36:50 +0800 Subject: their is a new mailing list In-Reply-To: <199609032335.QAA09136@adnetsol.adnetsol.com> Message-ID: On Tue, 3 Sep 1996, Ross Wright wrote: > > To: cypherpunks at toad.com > > From: hack5 at juno.com (patrick b cummings) > > Date: Tue, 03 Sep 1996 16:14:40 EDT > > > their is a new mailing list for all you hackers just email your name or > > handle and e-mail address and youll be subscribed > > send information to hack5 at juno.com > > Am I missing something here? Is this guy fucking crazy? I think "crazy" and idiocy are two different things, Herr Ross. ;) Millie sfuze at tiac.net From dlv at bwalk.dm.com Wed Sep 4 07:19:07 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Sep 1996 22:19:07 +0800 Subject: Learning time for you In-Reply-To: <19960904053342.25462.qmail@squirrel.owl.de> Message-ID: >From fiction!squirrel.owl.de!mix at golden-gate.owl.de Wed Sep 4 03:05:08 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Wed, 04 Sep 96 06:45:37 EDT for dlv Received: from golden-gate.uni-paderborn.de by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA10409 for dlv at bwalk.dm.com; Wed, 4 Sep 96 03:05:08 -0400 Received: by golden-gate.owl.de (Smail3.1.28.1) from fiction with uucp id ; Wed, 4 Sep 96 09:03 MET DST Received: by fiction.pb.owl.de id m0uyC1m-00005mC; Wed, 4 Sep 96 09:05 MET DST Return-Path: Received: (qmail-queue invoked by uid 200); 4 Sep 1996 05:33:42 -0000 Date: 4 Sep 1996 05:33:42 -0000 Message-Id: <19960904053342.25462.qmail at squirrel.owl.de> To: dlv at bwalk.dm.com From: Squirrel Remailer X-Comment1: This message did not originate from the X-Comment2: above address. It was automatically remailed X-Comment3: by an anonymous mail service. Please report X-Comment4: problems or inappropriate use to X-Comment5: Subject: Learning time for you Vulis, your comments include the following: >Comments: Dole/Kemp '96 and you have yelled about Harry Browne enough. LEARN TO SHUT UP! This is a Perrygram. Just can the constant noise for a day 'till I get back to my computer at home, where you are killfiled. Keep it down to a reasonable number of messages a day, or you will see others respond as you do. From dlv at bwalk.dm.com Wed Sep 4 07:38:13 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Wed, 4 Sep 1996 22:38:13 +0800 Subject: {Rich Graves Only} Enclosed In-Reply-To: <199609040443.VAA23153@netcom.netcom.com> Message-ID: qut at netcom.com (Dave Harman OBC) writes: > Since you know that is Dr. D, why did you blame the harassment of > Ingrid on Rev. Ron?!????? It looks like you did it to pin it on the doct= > or, > or more likely, you saw the opportunity to harass Rev. Ron, even > after you feigned praise of him! It's the same damned header, IDJIT. > > Of course, I never saw the headers for the unidentified harasser to > the Zgrams list, was that the same header, too? It looks like you did > it or you know who did it and you want to compound harassment on to > nswpp! How Gravesian! Is Dr. D your friend your talking about? Dr. > D, defect, defect! He's a jerk, jerk! Rich Graves is no friend of mine. He's a liar and a forger, as is Ron Newman. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jonl at well.com Wed Sep 4 08:15:19 1996 From: jonl at well.com (Jon Lebkowsky) Date: Wed, 4 Sep 1996 23:15:19 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.32.19960904121017.006cbc1c@mail.well.com> At 10:33 PM 9/3/96 -0800, jim bell wrote: >At 10:41 PM 9/3/96 -0500, Jon Lebkowsky wrote: >>The terms "responsibility" and "accountability" are misused, which is >>unfortunate, since I think we'd all argue in favor of taking responsibility >>for our speech/actions in a positive sense. The negative is in asking me to >>sacrifice my freedom because some few behave irresponsibly. This is like >>setting an illogical default, assuming that it's a preventive, but it >>prevents nothing. >> >>Getting beyond this discussion of EFF, has any global entity discussed >>making remailers illegal? > >The Leahy crypto bill introduced early this year made (paraphrasing) "the >use of encryption to thwart a law-enforcement investigation illegal." I >immediately pointed out that while this wouldn't make _encrypted_ remailers >illegal, per se, effectively it would because the moment an investigation >(even a phony or trumped-up one) is started and is "thwarted" by the >encryption used, the remailer operator became guilty of a crime. Is that true? Or is it that the individual user would be guilty of a crime? The real problem, to me, is that the remailer operator might be required to breach anonymity; cf the decision in Finland that led Julf to squash anon.penet.fi. -- Jon Lebkowsky FAX (512)444-2693 http://www.well.com/~jonl Electronic Frontiers Forum, 6PM PDT Thursdays "No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky From jonl at well.com Wed Sep 4 08:17:19 1996 From: jonl at well.com (Jon Lebkowsky) Date: Wed, 4 Sep 1996 23:17:19 +0800 Subject: Reputations Message-ID: <2.2.32.19960904115805.006d2790@mail.well.com> At 08:40 PM 9/3/96 -0700, Timothy C. May wrote: >And so on. Many of the debates about anonymity seem to ignore reputations, >filters, kill files. It is almost as if the critics of anonymous speech are >saying "If there is not accountability for restaurant recommendations, >we'll all be buried in garbage food." This ignores the _emergent order_ or >_evolutionary_ nature of actors in the restaurant and restaurant evaluator >market. Could be a lack of understanding of the possibility of authentication, which IMO can be necessary for 'reputation' to be viable. >Free speech is often messy. 98% of everything I read or hear is crap, to do >Sturgeon one better. But I use judgement to decide what to read, who to >listen to, and what to mostly ignore. I use _reputation_ to choose >restaurants, books, movies, speakers to listen to, etc. > >Sometimes I listen to anonymous speech, but mostly I don't. Pseudonyms take >a while to gather a "positive reputation," and some never do. This is the >way speech works. "Accountability" is a red herring. I wouldn't exactly say that...but it's more of a personal responsibility thing. Our model should be default acceptance of responsibility for words and deeds, but I see that as a personal issue, not a matter for 'enforcement.' -- Jon Lebkowsky FAX (512)444-2693 http://www.well.com/~jonl Electronic Frontiers Forum, 6PM PDT Thursdays "No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky From jonl at well.com Wed Sep 4 08:25:36 1996 From: jonl at well.com (Jon Lebkowsky) Date: Wed, 4 Sep 1996 23:25:36 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.32.19960904115249.006b6580@mail.well.com> At 07:44 AM 9/3/96 -0700, James A. Donald wrote: >At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote: >> Not necessarily. The character of the anonymous speech is decisive. If you >> use anonymity to cloak harassment, for instance, the anonymity (which >> removes accountability) is a problem. The accountability issue is real and >> should be addressed, not evaded. > >No: The harassment is the problem, not the anonymity that makes it >possible. The harassment is one problem, the lack of accountability another. Which is not to say that 'lack of accountability' should be 'fixed' by some sort of blanket restriction...but it should be acknowledged as a problem. -- Jon Lebkowsky FAX (512)444-2693 http://www.well.com/~jonl Electronic Frontiers Forum, 6PM PDT Thursdays "No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky From jonl at well.com Wed Sep 4 08:27:25 1996 From: jonl at well.com (Jon Lebkowsky) Date: Wed, 4 Sep 1996 23:27:25 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.32.19960904120641.006c3388@mail.well.com> At 09:11 PM 9/3/96 -0700, Timothy C. May wrote: >Both terms are _overloaded_, probably to the point of not even being useful >terms for this debate. Everyone comes in to the debate with their notions >of what "responsible" speech is, what "accountability" entails, etc. > >Having said this, and not knowing how your (or anyone else's) definitions >relate to mine, I simply don't agree that I have to take responsibility for >all of my speech/actions. I can think of many cases where I have elected to >use untraceable anonymity, as many others have, so those are direct >counterexamples to your point, thus disproving your "I think we'd all argue >in favor of taking responsibility" point. The semantic point is a good one, but I'd like to see an example of a situation where you don't think you should take responsibility for something you've said or done. I'm not sure whether we agree or not on that one...it could be we're coming from different dimensions... >>Getting beyond this discussion of EFF, has any global entity discussed >>making remailers illegal? >> > >By "global entity" do you mean the U.N., or the Borg? The G7 issued a >typically vague statement about cracking down on terrorist >communications...this could be construed as the beginnings of an assault on >Cypherpunkish sorts of things. Too soon to tell. Well, we all know what the Borg think. I probably should have said 'governments' rather than 'global entities.' >Within the U.S. there are few ways remailers could be shut down, in terms >of legal action. The various Supreme Court cases have been discussed many >times. My real question is whether there is a real rather than possible legislative threat that demands action now. thx jonl -- Jon Lebkowsky FAX (512)444-2693 http://www.well.com/~jonl Electronic Frontiers Forum, 6PM PDT Thursdays "No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky From stewarts at ix.netcom.com Wed Sep 4 08:34:20 1996 From: stewarts at ix.netcom.com (stewarts at ix.netcom.com) Date: Wed, 4 Sep 1996 23:34:20 +0800 Subject: Message Digest Message-ID: <199609041218.FAA19800@toad.com> At 11:31 AM 9/3/96 -0400, you wrote: >> I'm interested in a 256 bits (or more) message digest algorithm >> (C source is better). Any URLs ? >Try HAVAL. It is a variable one-way hash function that is apparently secure >against collisions. It should be on any of the standard crypto FTP sites. Or there's the simple "MD5(x),SHA(x)", which is 288 bits long and has the advantage that the two parts have different characteristics and have been looked at (separately) by many people, so concatenating them should be fairly strong. Or "MD5(SHA(x)),SHA(MD5(x))" if you're paranoid. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From declan at well.com Wed Sep 4 08:46:09 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 4 Sep 1996 23:46:09 +0800 Subject: Workers of the Web, UNITE! In-Reply-To: <19960907.023551.4311.0.weirdprincess@juno.com> Message-ID: On Wed, 4 Sep 1996, John Doe wrote: > PLEASE TAKE ME OFF OF YOUR MAILING LIST... Never! Join us in standing up for collective rights and against corporate cyber-rapaciousness! In solidarity, Declan From frogfarm at yakko.cs.wmich.edu Wed Sep 4 08:54:43 1996 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Wed, 4 Sep 1996 23:54:43 +0800 Subject: Workers of the Web, UNITE! In-Reply-To: Message-ID: <199609041227.IAA20694@yakko.cs.wmich.edu> *This* sub-"minimum wage" worker does NOT want any "help" from unions, and will resist any and all attempts to forcibly induct him into one. I love how if I'm lucky and/or skilled enough to become a "boss", I am suddenly become EEEEvil in their eyes. Fuck 'em. -- http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information Hey, Bill Clinton: You suck, and those boys died! I hope you die! I feel a groove comin' on $ Freedom...yeah, right. From frogfarm at yakko.cs.wmich.edu Wed Sep 4 09:03:27 1996 From: frogfarm at yakko.cs.wmich.edu (Damaged Justice) Date: Thu, 5 Sep 1996 00:03:27 +0800 Subject: Voting Monarchist? In-Reply-To: <42oPTD12w165w@bwalk.dm.com> Message-ID: <199609041232.IAA20787@yakko.cs.wmich.edu> Would some kind soul out there be willing to instruct a novice in the mysteries of procmail? I've finally decided to start killfiling my mail as well as my news. -- http://yakko.cs.wmich.edu/~frogfarm ...for the best in unapproved information Hey, Bill Clinton: You suck, and those boys died! I hope you die! I feel a groove comin' on $ Freedom...yeah, right. From minow at apple.com Wed Sep 4 09:51:15 1996 From: minow at apple.com (Martin Minow) Date: Thu, 5 Sep 1996 00:51:15 +0800 Subject: Letter to the Observer [re: Internet paedophile] Message-ID: Forwarded to me by a friend: Path: reboot.demon.co.uk!news.demon.co.uk!dispatch.news.demon.net!demon! muir-et2.staff.demon.net!SERVER!not-for-mail From: malcolm at muir-et2.staff.demon.net (Malcolm Muir) Newsgroups: demon.announce Subject: Letter to the Observer Followup-To: demon.service Date: 1 Sep 96 07:25:38 GMT Organization: Demon Internet Ltd. Lines: 188 Approved: Malcolm at demon.net Message-ID: <32293a72.0 at muir-et2.staff.demon.net> Reply-To: pr at demon.net NNTP-Posting-Host: muir-et2.staff.demon.net X-NNTP-Posting-Host: muir-et2.staff.demon.net X-Newsreader: TIN [Windows/NT 1.3 950824BETA PL0] The following letters were delivered to the Editor of the Observer last week as a request to publish a retraction of their article relating to the Internet that appeared on Sunday 25th. August. Since a full retraction has not been published, we feel it is right to circulate copies of the letters to our customers. Copies of the letters may also be viewed on the World Wide Web at: http://www.demon.net/observer1.html (Solicitors Letter) and http://www.demon.net/observer2.html (Open letter from the Chairman) Malcolm Muir Demon Internet --------------------------------------------------------------------- Jeffrey Green Russel Solicitors Apollo House 56 New Bond Street London W1Y 0SX 0171-499 7020 The Editor The Observer Newspaper Guardian Newspapers Limited 119 Farringdon Road London EC1R 3ER 30th August 1996 By Hand and Fax: 0171 713 4250 Our ref: DRJ/JHG/[c]423395/9403.047 Dear Sir, RE: Our Clients: Demon Internet Limited and Mr Clive Feather We act on behalf of Demon Internet Limited and Mr Clive Feather both of whom were the subject of articles which appeared on the front page and on page 19 of your newspaper in the edition of Sunday, 25th August. In the offending article you have represented that our clients are "Pedlars of child abuse" and are "Key links in the international paedophile chain". You have represented that both our clients actively support the supply of paedophile material. This allegation is entirely false and is a most serious and outrageous libel. Our clients are most distressed by the publication of the offending statements which are inaccurate and grossly defamatory of them and which will cause damage to their goodwill and reputation, professionally, commercially and socially. Both Mr Feather and Demon Internet Limited have been the subject of serious expressions of concern and outrage from various of the readers of your newspaper. The damage that you have done to our clients cannot, of course, be undone but it can be mitigated. We require that you mitigate the serious damage that has been done to our clients by publishing the enclosed letter from Mr A W Mudd, Chairman of Demon Internet Limited. You were well aware, when you decided to publish the false article in question, of the damage that would be caused to our clients which is already very considerable and which will form the basis of a claim for special damages. It is open to you to mitigate that substantial loss at the earliest possible time by publishing a full retraction and apology in this coming Sunday's edition of your newspaper. We shall, within the next week or so, issue a Writ and deliver a Statement of Claim. In the meantime, we reserve all our clients' rights in the matter and nothing contained in this letter or in the enclosed letter from Mr Mudd shall be regarded as a diminution or waiver of those rights. Yours faithfully, JEFFREY GREEN RUSSELL --------------------------------------------------------------------- Demon Internet Limited Gateway House 322 Regents Park Road London N3 2QQ 0181 371 1000 Our ref : AWM/SC/28-08 The Editor The Observer Newspaper Guardian Newspapers Limited 119 Farringdon Road London EC1R 3ER 30 August 1996 Dear Sir THE PEDLARS OF CHILD ABUSE Banner headline: Front page and Page 19 : Sunday 25th August 1996 I refer to your articles on the front page and page 19 of last Sunday�s paper. I regard these as highly defamatory as well as a poor piece of journalism that sensationalises a serious issue and clouds fact with emotion. I am appalled and outraged that The Observer has printed such a misleading, abusive and inaccurate article - giving the impression to readers that Clive Feather and Demon Internet are the "Pedlars of child abuse". This libellous reporting, littered with malicious lies not only defames the good character and reputation of a valued employee, but also destroys the genuine efforts Demon Internet has been making in conjunction with the police and the DTI to deal effectively with the problem. The articles clearly aimed at sensationalism at any cost with the intention of misleading readers by stating that our employee is an "Internet abuser" immediately after using the word "paedophiles". As the UK's largest provider of Internet access, Demon has taken the lead in discussions with all relevant parties and is in the process of announcing restrictions to illegal material and processes to classify content, enabling users to monitor and report on what is viewed. Demon Internet is also the first European Internet Service Provider to deliver Microsoft's new browser software, 'Internet Explorer' which incorporates a classifications standard. Demon Internet has been taking action to ensure that the Internet in the UK has informed and appropriate legislation guarding the interests of users. This report not only confuses an extremely complex and sensitive issue but also smears the integrity of an honourable, family man. Demon Internet is committed to eliminating this scourge from this new and rapidly expanding market. The Internet is bringing great benefit to millions of users not least your own journalists. For you to pick on one aspect in total isolation and present it in such a lurid fashion, does not help the DTI, the police or ourselves who are genuinely striving to solve the issues. Would you please publish this letter in your edition of 1st September. Your unreserved apology and full retraction, to be given as great prominence as your original articles, would also be greatly appreciated Yours faithfully, A W Mudd Chairman -- Malcolm S. Muir Demon Internet Ltd. Sunderland 322 Regents Park Road England London N3 2QQ From liberty at gate.net Wed Sep 4 10:03:39 1996 From: liberty at gate.net (Jim Ray) Date: Thu, 5 Sep 1996 01:03:39 +0800 Subject: GAR [was:Re: What is the EFF doing exactly?] Message-ID: <199609041311.JAA14994@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- Tim May wrote: ... >The reason this is such a hot button for Cypherpunks is that "responsible >freedom" and "accountability" are often code words for controlling some >very basic freedoms. Placing limits on anonymous speech would involve some >very fundamental restrictions on freedoms of various sorts. Even if >"safeguards" are built-in, the effect would almost certainly be to >illegalize remailers (unless they had "escrow" features!). Again, and as Tim is aware, this is not the true meaning of the fine old word "escrow," which as we all know involves neutral, trusted third parties. I think that this requires a new term, so I am now proposing one: "GAR -- Government Access to Remailers." In real life, the gar is a fish that lives in great numbers in the Everglades, just west of where I type. They can grow to a very large size. The fossil record indicates that this species has been around, unchanged, since dinosaur times. Keeping the Pinnochio tale in mind, I find it quite fitting that the gar has a *very* long nose in relation to its body. ;) >And a wide array >of other freedoms, too numerous for me to write about here. Indeed. JMR Regards, Jim Ray -- DNRC Minister of Encryption Advocacy "Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech." -- Benjamin Franklin "As govt.s grow arithmetically, corruption grows exponentially." -- Ray's Law of official corruption. Defeat the Duopoly! Stop the Browne out. Harry Browne for President. Jo Jorgensen for Vice-president. http://www.HarryBrowne96.org/ http://www.twr.com/stbo ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 http://www.shopmiami.com/prs/jimray ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMi12Nm1lp8bpvW01AQHHRwQAsr2a7rPwC9mfZ/ht2dF1jvRt/yuWJptL Utg1nm0YY5WrbvA12YAmkYBc4P7/xyqEARlIUWK3Z9qhcMFXjfXMRI5IwyfBmXSQ Ilra/XIUd6ES2p9jNupiKDO2yn56bpbubVS/T1QFkjRDgrLuRMEUndhNK8n5pGUA jL2L/IwMVCo= =seP6 -----END PGP SIGNATURE----- From minow at apple.com Wed Sep 4 10:15:00 1996 From: minow at apple.com (Martin Minow) Date: Thu, 5 Sep 1996 01:15:00 +0800 Subject: Workers of the Web, UNITE! Message-ID: >Tired: Libertarian cypherpunks >Wired: Crypto-socialists > The Wobblies are a prime example of Tom Leherer's comment: "They won all of the battles, but we had all the good songs." Up the Revolution. Martin (crypto social democrat) From sshelby.fn.net at wichita.fn.net Wed Sep 4 10:33:29 1996 From: sshelby.fn.net at wichita.fn.net (Steve Shelby) Date: Thu, 5 Sep 1996 01:33:29 +0800 Subject: Spam, and how to stop it. Message-ID: <199609041353.IAA10678@wichita.fn.net> -----BEGIN PGP SIGNED MESSAGE----- To: cypherpunks at toad.com Date: Wed Sep 04 08:53:00 1996 Hello all. I assist in running an ISP. We recently had a problem with some of the users massmailing from our server. We would have never known, but someone on CompuServe that didn't like it mailed our support email address. We checked into it, and I called the two people voice. It pretty gratifying to be able to talk to one of these spammer massmailer 'get rich quick' scheme people directly. What I'm looking for is a way to monitor the amount of mail leaving the system per user. I'm not interested in poking into users mail, but I would like the ability to spot other users sending out more than x messages per x minutes. If anyone has any tips on this subject I'd like to hear them. Spam and massmailing is one of the major things that's bogging down the net these days, I believe. Thanks -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMi2Xz/uS3FANHwnlAQFDEAQAgj1ngBhFk1J2IEzmWnPROA5RYPgAnkcN iZPCJ+mnaGppts6MqurCbWv4lPvHZ8Mm6RlMXsPVUCQKu2PsHG6Vmik/3bAZ1D67 V6Zin1bq1027fvsE2i0tbg0t2wWTLgZkFl3JOWxz7nExaLNgM2WNxw3FbgqrnKXa Ufm7YICPH2I= =Hr63 -----END PGP SIGNATURE----- From michael.tighe at Central.Sun.COM Wed Sep 4 10:35:41 1996 From: michael.tighe at Central.Sun.COM (Michael Tighe SUN IMP) Date: Thu, 5 Sep 1996 01:35:41 +0800 Subject: Silenced Machine Guns Are Safer Than TWA In-Reply-To: Message-ID: <199609041352.IAA07442@jeep.Central.Sun.COM> >>So? I was talking about NEW sales of firearms from license holders. Let's >>consider improving the future rather than preserving the past, shall >>we? >My apologies! I assumed when you wrote "since the 1968 Gun Control Act" you >meant since the 1968 Gun Control Act. I did not realize that you translate >"since the 1968 Gun Control Act" into "NEW sales of of firearms." Well, maybe you are both right. "Since the 1968 Gun Control Act" all "NEW sales of firearms" from an FFL dealer to the first customer have been tracked via Form 4473. From qut at netcom.com Wed Sep 4 10:42:54 1996 From: qut at netcom.com (Dave Harman OBC) Date: Thu, 5 Sep 1996 01:42:54 +0800 Subject: Andrew "skippy" Mathis converts to Judaism - Film at 11 In-Reply-To: Message-ID: <199609041444.HAA01429@netcom18.netcom.com> ! I circumcized Andrew "Skippy" Mathis with my own hand, ! as the Right Reverend Colin James III pronounced the blessings. ! ! Igor Chudov, our understudy, sucked out the blood. No, you forget, Brother Schlomo, Rich Graves did the cutting and Dr. Fuckhead did the sucking. From the right hand to the left! Your a little confused about when you circ'ed Dr. Fuckhead and he ended up with gangreen, that was before Mr. Graves decided to use anti-septics, I was the first with the new style rite. From shlomo at bwalk.dm.com Wed Sep 4 11:13:46 1996 From: shlomo at bwalk.dm.com (Rabbi Shlomo Ruthenberg) Date: Thu, 5 Sep 1996 02:13:46 +0800 Subject: Andrew "skippy" Mathis converts to Judaism - Film at 11 Message-ID: I circumcized Andrew "Skippy" Mathis with my own hand, as the Right Reverend Colin James III pronounced the blessings. Igor Chudov, our understudy, sucked out the blood. Amen. From declan at eff.org Wed Sep 4 11:17:04 1996 From: declan at eff.org (Declan McCullagh) Date: Thu, 5 Sep 1996 02:17:04 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <2.2.32.19960904034147.006f6cd4@mail.well.com> Message-ID: On Tue, 3 Sep 1996, Jon Lebkowsky wrote: > Getting beyond this discussion of EFF, has any global entity discussed > making remailers illegal? Others have responded with information about the Church of Scientology and similar threats to remailers. I would add that global entities haven't woken up to the threat of anonymous remailers and that remailers aren't widely deployed yet -- two conditions that when they change will be sufficient for a global crackdown. My cover story in last month's issue of _Internet Underground_ magazine discussed how governments can move quickly to craft international treaties that could muzzle the Net. This is what we have to be on the lookout for; in fact, we need to have a "friendly" country introduce an opposing proposal that countries can bicker over for decades, while the Net matures and strengthens and improves its defenses against this type of attack. -Declan // declan at eff.org // I do not represent the EFF // declan at well.com // From frissell at panix.com Wed Sep 4 12:05:41 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 5 Sep 1996 03:05:41 +0800 Subject: Workers of the Web, UNITE! Message-ID: <2.2.32.19960904150225.008a22a8@panix.com> At 06:38 AM 9/4/96 -0700, Martin Minow wrote: >The Wobblies are a prime example of Tom Leherer's comment: > >"They won all of the battles, but we had all the good songs." > >Up the Revolution. > >Martin (crypto social democrat) I dreamed I saw Joe Hill last night, Alive as you or me Says I, "But Joe, you're ten years dead," "I never died," says he "I never died," says he "The copper bosses killed you, Joe, They shot you, Joe," says I. "Takes more than guns to kill a man," Says Joe, "I didn't die," Says Joe, "I didn't die." See: http://www.bluemarble.net/~mitch/iww/lrs.html for more. DCF "Who wonders where his IWW card is -- 'Unemployed Worker' (Student) Dues 50 cents a month." It was the only organization on the Attorney General's list I could still join in 1970. You had to be there... From jamesd at echeque.com Wed Sep 4 12:29:56 1996 From: jamesd at echeque.com (James A. Donald) Date: Thu, 5 Sep 1996 03:29:56 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609041557.IAA00984@dns1.noc.best.net> At 10:33 PM 9/3/96 -0800, jim bell wrote: >>The Leahy crypto bill introduced early this year made (paraphrasing) "the >>use of encryption to thwart a law-enforcement investigation illegal." I >>immediately pointed out that while this wouldn't make _encrypted_ remailers >>illegal, per se, effectively it would because the moment an investigation >>(even a phony or trumped-up one) is started and is "thwarted" by the >>encryption used, the remailer operator became guilty of a crime. At 07:10 AM 9/4/96 -0500, Jon Lebkowsky wrote: > Is that true? Or is it that the individual user would be guilty of a crime? Since the individual user would already be guilty of a crime, if he is using the remailer to conceal his crimes, the paragraph in question would be fairly useless and irrelevant unless it had the meaning that Jim Bell attributes to it. I believe that judges have a policy of interpreting deliberately ambiguous statutes in whatever way makes the most sense. The only sensible interpretation of Leahy's bill is that it criminalizes strong remailers, that it is intended to punish ANYONE, not just the criminals themselves, who obstructs investigations. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jamesd at echeque.com Wed Sep 4 12:32:04 1996 From: jamesd at echeque.com (James A. Donald) Date: Thu, 5 Sep 1996 03:32:04 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609041557.IAA00970@dns1.noc.best.net> At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote: >>> Not necessarily. The character of the anonymous speech is decisive. If you >>> use anonymity to cloak harassment, for instance, the anonymity (which >>> removes accountability) is a problem. The accountability issue is real and >>> should be addressed, not evaded. At 07:44 AM 9/3/96 -0700, James A. Donald wrote: >>No: The harassment is the problem, not the anonymity that makes it >>possible. At 06:52 AM 9/4/96 -0500, Jon Lebkowsky wrote: >The harassment is one problem, the lack of accountability another. So: Lucky Green and Dark Unicorn are not accountable. This is a problem? Because it is a problem "We" need to do something about it, --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From qut at netcom.com Wed Sep 4 12:35:46 1996 From: qut at netcom.com (Dave Harman OBC) Date: Thu, 5 Sep 1996 03:35:46 +0800 Subject: How To Do Cgi Against www.anonymizer.com Message-ID: <199609041610.JAA17207@netcom22.netcom.com> There are two difficult ways to tell how to Cgi your page against http://www.anonymizer.com:8080/{*} Either ask Rich Graves for the details on how he did it with http://www.stanford.edu/{*} or Use a decent browser client with 100% debugging mode, {and|or} telnet://www.stanford.edu:80/{*} {and|or} telnet://www.anonymous.com:8080/http://www.stanford.edu/{*} and enter a telnet script to find out how he did it. BTW, how to do telnet scripting and data transfers between two remote hosts with standard telnet clients available for Unice shells? It's rediculous to have to sz to my local machine before sz to my remote account if I simply want to transfer a file between two remote hosts! Yes, I'm aware of the mail utility, I mean telnet. -- | | | | | | | | | | | | | | _|__|__|__|__ /--------------\ | | | 0 0 |--\ | * | | | \-------/ | | | \_____/ |__/ \______________/ ����ב�� ������ From 72124.3234 at compuserve.com Wed Sep 4 12:52:11 1996 From: 72124.3234 at compuserve.com (Kent Briggs) Date: Thu, 5 Sep 1996 03:52:11 +0800 Subject: rc2 export limits.. Message-ID: <199609041606.MAA20510@spirit.hks.net> -----BEGIN PGP SIGNED MESSAGE----- stewarts at ix.netcom.com wrote: > However, the usual guidelines for systems like RC2 and RC4 is > 40-bit keys, and RSA keys up to 512 bits for encrypting > session keys and 1024 bits for signatures Can you list a source for the 1024-bit signature restriction? I know about the 40-bit RC2/RC4 and 512-bit public encryption keys because they are specifically addressed in the State Dept's "Procedure for Submitting a Commodity Jurisdiction Request for a Mass Market Software Product that Contains Encryption". However, digital signatures are not mentioned in this procedure. I can't image what justificication could be used to restrict the strength of digital signatures. Kent - ------------------------------------------------------------ Puffer & CryptaPix available from http://execpc.com/~kbriggs - ------------------------------------------------------------ - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMi2o9SoZzwIn1bdtAQEBoAF+PjxvtAuPUnlMr9UGoIYhjgjPQ0Bs0GeE 5077GFz/pASkMfFvsh5uO6I9BBtpGMpI =P92s -----END PGP SIGNATURE----- From alano at teleport.com Wed Sep 4 12:55:19 1996 From: alano at teleport.com (Alan Olsen) Date: Thu, 5 Sep 1996 03:55:19 +0800 Subject: Mail OnNet Message-ID: <3.0b11.32.19960904090523.010d81e8@mail.teleport.com> At 05:10 PM 8/31/96 -0700, Joel McNamara wrote: >In my never-ending search for the perfect PGP e-mail client, I just stumbled >on to a beta of a product put out by FTP Software called Mail OnNet. Unlike >the Pronto Secure and Pegasus, this client actually has PGP code (licensed >from PGP Inc.) built directly in. No shelling out to DOS! It is very nice. It is a bit on the hard side to get. (Took me three tries. It seems to time out the transfer if it is not completed within a certain time frame. I guess that is what I get for trying to download all three parts at the same time.) It does have the beta nature however. I have found a couple of problems with the program that make it so that i will not use it beyond testing. The people at FTP have been very responsive to e-mail, so I expect the problems to be fixed soon. They also seem to have no idea as to what it will retail for. With proper marketing, Eudora could be in real trouble. >Very nice interface and almost complete idiot-proof >encrypting/decrypting/signing. Extremely powerful rules based processing too. The interface design is very clean. (It is nice seeing well designed dialog boxes in a product. I have been using too much shareware lately I guess...) The rules processing looks to be very powerful. (Puts Eudora 3.0 to shame.) >Check out: > >http://www.ftp.com/mkt_info/onnet32/try.htm > >IMHO, this is getting very close to transparent secure e-mail for the masses. Now all they need is a remailer interface. >Two notes. (1) It only runs under Win95 and NT. (2) It's ITAR restricted. (3) It is bigger than a battleship. The distribution is just shy of 10 megs. Installed it is supposed to be about 45 megs. (In perspective, a full install of Visual Basic 4.0 "Professional" is about 50 megs.) --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From jf_avon at citenet.net Wed Sep 4 13:20:04 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Thu, 5 Sep 1996 04:20:04 +0800 Subject: Letter to the Observer [re: Internet paedophile] Message-ID: <9609041639.AA25461@cti02.citenet.net> On 4 Sep 96 at 5:41, Martin Minow wrote: > Forwarded to me by a friend: > The following letters were delivered to the Editor of the Observer > last week as a request to publish a retraction of their article > relating to the Internet that appeared on Sunday 25th. August. One way to limit or retaliate against diffamation would be to refuse internet access to anybody known to be part of any such medias, being tv or paper. ISPs would probably easily agree since the revenues coming from journalists vs from the general population is probably minuscule. Of course, the conventionnal media would set up their own ISP but they could be identified. Does that makes sense or am I out to lunch? jfa Jean-Francois Avon DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal JFA Technologies, R&D consultants: physicists, technologists and engineers. PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From jf_avon at citenet.net Wed Sep 4 13:27:31 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Thu, 5 Sep 1996 04:27:31 +0800 Subject: [troll] Re: Workers of the Web, UNITE! Message-ID: <9609041643.AA25642@cti02.citenet.net> On 4 Sep 96 at 6:38, Martin Minow wrote: > >Tired: Libertarian cypherpunks > >Wired: Crypto-socialists > > > The Wobblies are a prime example of Tom Leherer's comment: > "They won all of the battles, but we had all the good songs." > Up the Revolution. > Martin (crypto social democrat) Minow? What is a missing "n" on the net? Everybody makes typos nowadays... Minow? Sound like a little living thing used as a lure on a troll, isn't it? jfa From tcmay at got.net Wed Sep 4 13:32:26 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 5 Sep 1996 04:32:26 +0800 Subject: Race Bit: C Message-ID: At 3:02 AM 9/4/96, James A. Donald wrote: >At 10:33 PM 9/3/96 -0800, jim bell wrote: >>>The Leahy crypto bill introduced early this year made (paraphrasing) "the >>>use of encryption to thwart a law-enforcement investigation illegal." I >>>immediately pointed out that while this wouldn't make _encrypted_ remailers >>>illegal, per se, effectively it would because the moment an investigation >>>(even a phony or trumped-up one) is started and is "thwarted" by the >>>encryption used, the remailer operator became guilty of a crime. ... >I believe that judges have a policy of interpreting deliberately >ambiguous statutes in whatever way makes the most sense. The only >sensible interpretation of Leahy's bill is that it criminalizes >strong remailers, that it is intended to punish ANYONE, not just >the criminals themselves, who obstructs investigations. As the recent discussion of knives, switchblades, and throwing stars showed, such ambiguous laws are often used to keep the coloreds down. But how will cops and local prosecutors know which users of remailers are colored? Answer: the race bit must be set on all posts. --Klaus (P.S. More than one of you has expressed anger to me that I am using the term "colored." As in "what the coloreds are doing." I use this term deliberately, because the perfectly fine term "black" is now being replaced by the ultra-awkward and stupid-sounding "person of color." We have even seen this in posts to this list. Here in Santa Cruz, the terms in use are: people of color, students of color, lesbians of color, etc. Only about 17.32% of the entire population is _not_ "persons of color." I say, "Fuck it...they want to be called "colored," then, fine, they're "colored."") We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From snow at smoke.suba.com Wed Sep 4 13:40:58 1996 From: snow at smoke.suba.com (snow) Date: Thu, 5 Sep 1996 04:40:58 +0800 Subject: Moscowchannel.com hack In-Reply-To: <199609031548.KAA04410@shade.sctc.com> Message-ID: On Tue, 3 Sep 1996, Rick Smith wrote: > : On Sat, 31 Aug 1996, Joel McNamara wrote: > : > Just a matter of time before some builds a dedicated Satan type tool that > : > scans for HTTP server holes or messed up file permissions to make locating > : > potential victims easy. > Snow replied: > : Write your web site to a CD-ROM and hard-code the base directory into the > : webserver. > Or host it on something with mandatory access control protections. > There are still a handful of us building such things, and they can > give really good protection to web page contents. Could you illuminate me on this subject please? I am working with a potential client who may need a fairly secure web server. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From jimbell at pacifier.com Wed Sep 4 13:46:19 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 5 Sep 1996 04:46:19 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609041702.KAA15781@mail.pacifier.com> At 08:02 PM 9/3/96 -0700, James A. Donald wrote: >At 10:33 PM 9/3/96 -0800, jim bell wrote: >>>The Leahy crypto bill introduced early this year made (paraphrasing) "the >>>use of encryption to thwart a law-enforcement investigation illegal." I >>>immediately pointed out that while this wouldn't make _encrypted_ remailers >>>illegal, per se, effectively it would because the moment an investigation >>>(even a phony or trumped-up one) is started and is "thwarted" by the >>>encryption used, the remailer operator became guilty of a crime. > >At 07:10 AM 9/4/96 -0500, Jon Lebkowsky wrote: >> Is that true? Or is it that the individual user would be guilty of a crime? > >Since the individual user would already be guilty of a crime, if he is >using the remailer to conceal his crimes, the paragraph in question would >be fairly useless and irrelevant unless it had the meaning that Jim Bell >attributes to it. > >I believe that judges have a policy of interpreting deliberately >ambiguous statutes in whatever way makes the most sense. The only >sensible interpretation of Leahy's bill is that it criminalizes >strong remailers, that it is intended to punish ANYONE, not just >the criminals themselves, who obstructs investigations. Moreover, this "spreading the responsibility" philosophy ties in with the recent practices (both in the civil and criminal areas) of passing blame around. In civil areas, it's called "deep pockets." In the criminal area, you occasionally see news items about laws making parents criminally liable for the actions of their children. Why WOULDN'T the police want to shut down anonymous remailers? The Leahy bill clearly didn't distinguish between remailer operators and users, so it is no leap to conclude that they would be treated similarly. Jim Bell jimbell at pacifier.com From jfricker at vertexgroup.com Wed Sep 4 13:48:51 1996 From: jfricker at vertexgroup.com (John F. Fricker) Date: Thu, 5 Sep 1996 04:48:51 +0800 Subject: 2^1,257,787-1 Message-ID: <2.2.32.19960904165452.006dd000@vertexgroup.com> Ok so maybe here in Organ we are a little behind the times but I just heard about this 378,632 digit prime. Grab your HP11C's and crank out 2^1,257,787-1 courtesy of David Slowinski at Cray. From nosferat at atcon.com Wed Sep 4 14:35:10 1996 From: nosferat at atcon.com (Stephen Charchuk) Date: Thu, 5 Sep 1996 05:35:10 +0800 Subject: No Subject Message-ID: From declan at eff.org Wed Sep 4 14:56:34 1996 From: declan at eff.org (Declan McCullagh) Date: Thu, 5 Sep 1996 05:56:34 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <2.2.32.19960904115249.006b6580@mail.well.com> Message-ID: Harassment in person when someone is shouting at you in the street, spittle flying in your face, is one thing. Online "harassment," I believe, is a problem that can be solved with technical means. Don't like someone? Killfile them. -Declan On Wed, 4 Sep 1996, Jon Lebkowsky wrote: > At 07:44 AM 9/3/96 -0700, James A. Donald wrote: > >At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote: > >> Not necessarily. The character of the anonymous speech is decisive. If you > >> use anonymity to cloak harassment, for instance, the anonymity (which > >> removes accountability) is a problem. The accountability issue is real and > >> should be addressed, not evaded. > > > >No: The harassment is the problem, not the anonymity that makes it > >possible. > > The harassment is one problem, the lack of accountability another. Which is > not to say that 'lack of accountability' should be 'fixed' by some sort of > blanket restriction...but it should be acknowledged as a problem. > > -- > Jon Lebkowsky FAX (512)444-2693 http://www.well.com/~jonl > Electronic Frontiers Forum, 6PM PDT Thursdays > "No politician can sit on a hot issue if you make it hot enough."--Saul Alinsky > // declan at eff.org // I do not represent the EFF // declan at well.com // From paul at fatmans.demon.co.uk Wed Sep 4 15:10:06 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Thu, 5 Sep 1996 06:10:06 +0800 Subject: (Fwd) Re: Secure anonymouse server protocol: comments please Message-ID: <841849157.2629.0@fatmans.demon.co.uk> ------- Forwarded Message Follows ------- From: Adamsc at io-online.com (Adamsc) To: "paul at fatmans.demon.co.uk" On Mon, 2 Sep 1996 19:24:23 +0000, paul at fatmans.demon.co.uk wrote: >This system has 1 huge fault, we can encrypt a uses ID with the >servers public key to see what his ID in the encrypted database is >and therefore identify him, maybe we need two seperate server public >keys, and when IDs come in encrypted with key1 (the one it releases) >it decrypts with secretkey1 then encrypts with publickey2 (the one it >keeps secret) >or maybe we can just hash and sign the IDs in the database? >as I said it`s very sketchy, I made most of this up as I wrote it so >if you must tear it to pieces please do so constructively, it could >be the route to a secure system.... How about this: do the exchange *every* time. Never reuse a key. That way at most 1 message could be easily snagged (by seeing where it goes). It'd be processor intensive, but it avoids the whole reuse problem - where you store an ID to be used to retrieve all messages. Also, software could be written to do the key computation solely on the client - after all, the server doesn't care if they pass themselves a dud key, right? Let them crunch it. Put all those Pentiums to work! ... Better idea, I hadn`t thought of that, anyone else care to comment on a way to solve this? - how did the nymservers do it???? Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From tcmay at got.net Wed Sep 4 15:10:19 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 5 Sep 1996 06:10:19 +0800 Subject: What is the EFF doing exactly? Message-ID: At 11:52 AM 9/4/96, Jon Lebkowsky wrote: >At 07:44 AM 9/3/96 -0700, James A. Donald wrote: >>At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote: >>> Not necessarily. The character of the anonymous speech is decisive. If you >>> use anonymity to cloak harassment, for instance, the anonymity (which >>> removes accountability) is a problem. The accountability issue is real and >>> should be addressed, not evaded. >> >>No: The harassment is the problem, not the anonymity that makes it >>possible. > >The harassment is one problem, the lack of accountability another. Which is >not to say that 'lack of accountability' should be 'fixed' by some sort of >blanket restriction...but it should be acknowledged as a problem. It has been. In many hundreds of articles addressing aspects of the issue. The fact that Esther Dyson and others think advocates of the right to be anonymous claim that these issues are not being considered just shows that Esther and others are not aware of these many articles. Nor can every brief post--such as the one James Donald made above--include a fully-nuanced, fully-balanced discussion of all issues. Saying that an advocate for a position has not considered the alternate positions is usually incorrect. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Wed Sep 4 15:15:29 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 5 Sep 1996 06:15:29 +0800 Subject: 2^1,257,787-1 Message-ID: At 4:54 PM 9/4/96, John F. Fricker wrote: >Ok so maybe here in Organ we are a little behind the times but I just heard >about this 378,632 digit prime. Grab your HP11C's and crank out >2^1,257,787-1 courtesy of David Slowinski at Cray. The news sites on the Web I looked at had the announcement, but not the number. Thanks. I've already modified my .sig. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From janzen at idacom.hp.com Wed Sep 4 15:17:58 1996 From: janzen at idacom.hp.com (Martin Janzen) Date: Thu, 5 Sep 1996 06:17:58 +0800 Subject: How to use procmail Message-ID: <9609041821.AA27906@sabel.idacom.hp.com> "Damaged Justice" writes: > Would some kind soul out there be willing to instruct a novice in the > mysteries of procmail? I've finally decided to start killfiling my mail > as well as my news. A fine idea. Procmail makes the Cypherpunks list infinitely more readable. 1) First, here's how to get it: ---------------------- A recent version can be picked up at various comp.sources.misc archives. The latest version can be obtained directly from the ftp-archive at: amaru.informatik.rwth-aachen.de (137.226.112.31) as compressed tar file: pub/unix/procmail.tar.Z <100KB or in compressed shar format: pub/unix/procmail.0?.Z ---------------------- 2) Build the procmail program and install it in a suitable location. I have no idea what your familiarity with UNIX and C is; you may want to have your sysadmin help you with this. Alternatively, you could use Alta Vista or equivalent to search for binaries for your system. 3) Create a file of procmail "recipes", which tell it how to process your mail. This file is called "$HOME/.procmailrc". Mine begins like this; fix up directory names as needed for your system: ----------------------- # # $HOME/.procmailrc - procmail recipe file # PATH=/usr/local/bin:/usr/ucb:/bin:/usr/bin:$HOME/bin/700o:$HOME/bin ME= janzen HOME= /Home/$ME LOGFILE= $HOME/.procmaillog MAILDIR= $HOME/Mail ORGMAIL= /usr/mail/$ME DEFAULT= $ORGMAIL TMP= $HOME/tmp SENDMAIL= /usr/lib/sendmail TMPFILE= $TMP/procmail.$$ LOCKFILE= $HOME/Mail/.procmail # toss out junk mail :1 ^Subject:.*unsubscribe /dev/null # sort mail from mailing lists into the proper folders :1 cypherpunks Cypherpunks ----------------------- The last part sorts all mail whose header contains the word "cypherpunks" into the folder $MAILDIR/Cypherpunks. Now the fun part -- writing your "recipes"! You can get as specific as you want: ----------------------- # kill a particular thread :2 ^To:.*cypherpunks at toad.com ^Subject:.*Workers of the /dev/null # ignore a particular user :2 cypherpunks patrickbc at juno.com /dev/null # I haven't tried this one, but any subject with too many consecutive # capitals is probably spam or worse. Separate it out, but don't toss # it just yet. :2 cypherpunks ^Subject:.*[A-Z][A-Z][A-Z][A-Z][A-Z][A-Z] ProbableSpam # search the whole message body, not just the headers, for probable spam :1HB ^dear friend ProbableSpam # put everything else in the incoming Cypherpunks mail folder :1 ^To:.*cypherpunks at toad.com NewCypherpunksMail ----------------------- Rules are evaluated in top-to-bottom order; first matching rule wins. Anything not matched ends up in your usual $ORGMAIL folder. 4) Run your incoming mail through procmail. To do this, most Unix systems let you create a file called "$HOME/.forward" with the following contents (including the quotes): "| IFS=' '; /usr/local/bin/procmail -p" (Replace "/usr/local/bin" with the directory in which you installed procmail.) 5) One thing to watch out for: procmail is executed on the machine which handles your mail. If this machine has a different architecture than your own machine, you must build procmail for the mail handling machine, not your own. Also, the permissions on your $HOME/.forward and $HOME/.procmailrc files must be set so that they are readable on the mail handling machine. If your home directory is NFS-mounted, this should happen automatically; otherwise, you may need to copy them to the mail handling machine manually. Finally, the procmail process may not have your userid, so you must make these files world-readable: chmod 644 $HOME/.forward $HOME/.procmailrc For the first day or two, check your $HOME/.procmaillog file frequently to see whether there are any problems. Check with your sysadmin to make sure that your mail isn't ending up "all over the floor". Send yourself mail to test "recipes". 6) Once it's running smoothly, you can get fancy and run the following shell script, which reads the $HOME/.procmaillog file and produces a nice summary, sorted by mail folder: ------------------------------------------------------------------------------- #!/bin/sh # Summarize the ~/.procmaillog file LOGFILE=${LOGFILE:=$HOME/.procmaillog} echo "Subject: Procmail Summary" echo " " sort ${LOGFILE} | /usr/bin/awk ' /^ Folder:/ { folder = $2; nbytes = $3; msgcount[folder] += 1; totalbytes[folder] += nbytes; } END { for (folder in msgcount) printf "Folder %s:\tsaved %d messages (%d bytes)\n", \ folder, msgcount[folder], totalbytes[folder]; } ' if [ "$1" = "-clear" ]; then rm -f $LOGFILE; fi ------------------------------------------------------------------------------- To arrange to have it run daily, I use the following crontab entry: 0 7 * * * /Home/janzen/bin/pmsumm.sh -clear | elm -s "Procmail Summary" janzen which means, "At 7:00AM every morning, run the pmsumm.sh script, use the Elm mailer to mail the output to me, and then clear $HOME/.procmaillog". See the "cron" man page for your system, and/or talk to your sysadmin, since this varies among different flavors of Unix. Hope this helps... -- Martin Janzen janzen at idacom.hp.com From vznuri at netcom.com Wed Sep 4 15:25:37 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Thu, 5 Sep 1996 06:25:37 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609040057.RAA01205@mail.pacifier.com> Message-ID: <199609041827.LAA29523@netcom20.netcom.com> jim bell >"Addressed", maybe, but that doesn't necessarily mean, "solved." For many >decades, people have been able to walk up to a pay telephone at 3:00 AM and >make a harassing phone call to somebody, a "problem" which still exists and >no solution is being implemented for. amusing the way you phrase that-- you didn't say, "phone", but "pay phone". the statement used to hold in general for all "phones", but then caller id, caller blocking, etc. have been introduced that make this no longer true. so in a very real sense, anonymity in the phone system was considered a "problem" by some that has been "solved" or "modified" by some recent advancements. (yes, most people agree caller ID is an advancement). I think cpunks should hold the view that communication is a matter of mutual consent between sender and receiver. if a receiver says, "I don't want any anonymous messages", then should be able to block them. this is essentially what is happening with the remailers *right*now*, if you ask any remailer operator. people ask not to receive anonymous mail, and are put on the blocking lists. imho only the extremists are arguing, and have always argued, that they should have some ability to put an anonymous message in front of someone else against their will. this basic rule becomes more murky when you look at public forums, because you can't really say whether given individuals reading them want to hear something anonymous or not. by designing the forum beforehand to force the situation, you solve this problem. I do believe that in the future there will be all types of forums: those in which identity is required, those in which it is optional, and those in which it is always cloaked. this is eminently reasonable imho. those who argue against one of the above's existence (such as saying it involves a ghettoization of anonymity, that there should always be an ability to be anonymous in any communication setting) are extremists imho. the above is almost exactly what Dyson was saying, and I have been advocating this position for a long time. again, I think anyone who rejects the above is an extremist. there are different ways to support or restrict anonymity, some of them extremist. those who argue for no restrictions anywhere don't have a clue about reality imho. From smith at sctc.com Wed Sep 4 15:36:01 1996 From: smith at sctc.com (Rick Smith) Date: Thu, 5 Sep 1996 06:36:01 +0800 Subject: Protecting Web servers (was: Moscowchannel.com hack) Message-ID: > Could you illuminate me on this subject please? I am working with a >potential client who may need a fairly secure web server. Years ago, the government published some criteria for highly secure systems, notably the TCSEC or "Orange Book," which described requirements for protecting classified information on a timesharing system with uncleared users. Several vendors managed to build such systems, though very few were judged secure enough to really protect classified data from uncleared users. However, the underlying mechanisms of "mandatory access control" do manage to block a range of sophisticated attacks against the host computer. These are the systems given the various B and A ratings: B1, B2, B3, A1 (in ascending order of security). Also-ran systems that can keep honest people from tripping over one another were given "C" ratings, though "C2" is all you see any more. A few vendors are putting Web servers and such on systems with mandatory protection. I've heard talk of it from SecureWare, HP, Harris, and AT&T using B1 or B1-like systems. Pardon the plug, but our Sidewinder also hosts a protected Web server and uses mandatory protection to prevent Internet attacks from damaging it. In practice, I've found that most customers just want to demonstrate "due diligence" regarding security. They pick up whatever's popular in the marketplace that has some pretention of strong security ("We're C2 rated by the government!!"). It's a rare customer that actually takes the time to look at the security issues and consider whether they might need what mandatory protection provides. Rick. smith at sctc.com secure computing corporation From vznuri at netcom.com Wed Sep 4 15:43:35 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Thu, 5 Sep 1996 06:43:35 +0800 Subject: flimflamery on anonymity In-Reply-To: <199609041557.IAA00970@dns1.noc.best.net> Message-ID: <199609041839.LAA00713@netcom20.netcom.com> james donald: >Lucky Green and Dark Unicorn are not accountable. This is a problem? > Because it is a problem "We" need to do something about it, (last line is sarcasm for the sarcasm impaired) a cpunk position I have seen repeated often. it goes along a very simplistic line of reasoning that I have seen TCM evoke repeatedly. it rather annoys me. it goes like this: cyberspace is merely discussion between people. anonymity should be allowed anywhere there are discussions (its a free speech issue). therefore it should be possible everywhere in cyberspace. this idea lacks a lot of subtlety in thought and to my mind is tremendously simplistic. first, it suggests that cyberspace as we now see it is the way it will always be. but that is ridiculous. what we have today in cyberspace is something like a sophomoric debate society. it's gradually increasing in professionalism with the rise of web sites etc. cyberspace is going to grow to become a lot more than a debate society, and is in this progress right now. whenever challenged on anonymity in certain contexts, the extremist cpunk position is to blur the issue into one of free speech. but the issue is much different if we are talking about a professional situation. scientists demand that each other be "accountable" for their work, for example, and pseudonymous publication simply would not be acceptable. cpunks will also argue that anonymity can suffice for any business transaction. that may be so, but what about a business that simply says, "we choose to require identity among our customers, and you can go elsewhere if you disagree". the extremist cypherpunks would be in a quandary over this example, because they think they can support anarchocapitalist freedom and anonymity at the same time. they will argue that such a business will one day not exist. but shouldn't a business be free to make this decision? rabid cpunks would probably argue against such a decision. cyberspace as a whole is *not* going to lead to a totlal motion away from physical identity. in some ways physical identity will be more strictly enforced in cyberspace, in "some regions". there will be other regions of cyberspace in which "anything goes". anyway, I want to emphasize my main point, that *anonymity* is not merely about debate societies. it's about human interaction. any time two or more humans interact in a host of ways that go beyond communication (such as business transactions, professional societies, etc) its going far beyond mere speech. of course in the cpunk mailing list, who cares if there are anonymous/pseudonymous participants? but using this as a metaphor for anonymity in general shows a pathetic lack of sophistication in thinking, imho. there is nothing at stake here on this mailing list except reputations and egos. but far more is at stake in the "real world" and the risks posed by anonymity will be adequately diluted because of this. and it won't be by people who are all "f***ing statists"-- it will be by reasonable people such as those who head EFF, who are interested in a civilized society. "cryptoanarchy"--? if what is being connoted by this is no one knowing anyone else's true identity-- sure, in places, if you go looking for them. but it will be the invisible underside, not the mainstream of society. From unicorn at schloss.li Wed Sep 4 16:03:02 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 5 Sep 1996 07:03:02 +0800 Subject: EFF chairwoman: Anonymity proven not to be a positive factor In-Reply-To: Message-ID: On Mon, 2 Sep 1996, Ulf Moeller wrote: > >From a Scientology magazine: > > Esther Dyson, member of the board of directors of the Electronic > Frontier Foundation and member of the National Information > Infrastructure Advisory Council, spoke on the anonymity issue at the > fifth Computers, Freedom & Privacy (CFP) conference in San Francisco. > > [...] > "I have a concern about the spread > of bad behavior on the Net," said Dyson. "Anonymity figures into this, > and I feel that it has proven to not be a positive factor. It breaks > down the community which we are seeking to build, and cout protection > and privacy laws already exist and should be applied in a broad way, > such that they are transparent to new wrinkles in the technology. It > is not necessary to view the world of the Net as different from the > rest of the world." I think EFF needs to make attempts to clear up this mess. > > http://www.anonymizer.com:8080/http://www.theta.com/goodman/hijack.htm > > > [For EFF's former position on anonymity, see > http://ftp.sterling.com:80/COAST/doc/law+ethics/EFF-Anonymity] > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From james at corp.netcom.net.uk Wed Sep 4 16:28:39 1996 From: james at corp.netcom.net.uk (James Fidell) Date: Thu, 5 Sep 1996 07:28:39 +0800 Subject: Letter to the Observer [re: Internet paedophile] In-Reply-To: <9609041639.AA25461@cti02.citenet.net> Message-ID: <199609041954.UAA04906@corp.netcom.net.uk> Jean-Francois Avon wrote: > On 4 Sep 96 at 5:41, Martin Minow wrote: > > > Forwarded to me by a friend: > > > The following letters were delivered to the Editor of the Observer > > last week as a request to publish a retraction of their article > > relating to the Internet that appeared on Sunday 25th. August. > > One way to limit or retaliate against diffamation would be to refuse > internet access to anybody known to be part of any such medias, being > tv or paper. > > ISPs would probably easily agree since the revenues coming from > journalists vs from the general population is probably minuscule. Of > course, the conventionnal media would set up their own ISP but they > could be identified. > > Does that makes sense or am I out to lunch? I don't think it makes sense. The media would be the first to point the finger at the ISPs for censorship in such a case, one imagines (whether it could be justified or not is a different matter of course). James. -- "Yield to temptation -- | Work: james at corp.netcom.net.uk it may not pass your way again" | Play: james at hermione.demon.co.uk | http://www.netcom.net.uk/~james/ - Lazarus Long | James Fidell From unicorn at schloss.li Wed Sep 4 16:33:26 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 5 Sep 1996 07:33:26 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <2.2.32.19960903115249.006e7bfc@mail.well.com> Message-ID: On Tue, 3 Sep 1996, Jon Lebkowsky wrote: > "Uncompromising" is not an "element of legislative influence," at least not > on this planet. Explain that to the tobbacco lobby. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From claborne at CYBERTHOUGHT.com Wed Sep 4 16:38:18 1996 From: claborne at CYBERTHOUGHT.com (Christian Claborne) Date: Thu, 5 Sep 1996 07:38:18 +0800 Subject: San Diego CPunk Physical meeting this Thursday Message-ID: <2.2.32.19960904195619.002c4b20@cyberthought.com> -----BEGIN PGP SIGNED MESSAGE----- <<<<< NOTE! I have a new address!!! >>>>>> This Thursday!!! San Diego Area CPUNKS symposium Thursday, Sep. 5, 1996. Invitation to all Cypherpunks to join the San Diego crowd at "The Mission Cafe & Coffee Shop". We discuss cryptography and other related subjects, have the special cypherpunk dinner, and unwind after a long day at the grind stone. Don't forget to bring your public key fingerprint. If you can figure out how to get it on the back of a business card, that would be cool. If you want the suspicious crowd there to sign your key, bring two forms of ID. Hopefully Lance Cottrell will give us an update on Mixmaster and what's going on at San Diego's best ISP. You can also get the scoop on why I resigned from NCR. It wouldn't of course be because someone freaked out when I forwarded the cypherpunk e-mail titled "How to become in international Arms trafficker"... Place: The Mission Cafe & Coffee Shop 3795 Mission Bl in Mission Beach. 488-9060 Time:1800 Their Directions: 8 west to Mission Beach Ingram Exit Take west mission bay drive Go right on Mission Blvd. On the corner of San Jose and mission blvd. It is located between roller coaster and garnett. It's kind of 40s looking building... funky looking (their description, not mine) They serve stuff to eat, coffee stuff, and beer. See you there! New guy, bring your fingerprint. Drop me a note if you plan to attend... NOTE: My primary e-mail address has changed to use my own domain. You can reach me at "claborne at cyberthought.com". Permanently replace any other address that you may have for me. I am currently not subscribed to the CP list since my current internet connection is slow (I can't afford anything right now :) 2 -- C -- -----BEGIN PGP SIGNATURE----- Version: 4.0 Personal Edition iQEVAgUBMi3ezYP1MBWQ+9udAQE/QAf/W/tdXCFx57p17tlXT0WbtZHPK2riMC2j 5golSBxmP5t0X6SbM0DYz9b8kq6FWrqTJ9hVKQhGHiiZVqRo6AcbYM9SlFM54x6E TFMKB6WzBp7h2DPqAeFZKuP2yGIhZaMns8fDS4EZIYHeH63DjEuhmwtM//iGe9KI txHFiQUKi0cQWGNfqeowpESfbO0HppFbsmgj9z9KTg2gFRpPpXQLP3vXJ9Dg0/IK gd5AiT+BTE2OOORS3OCmIUTC3vDI1acu/d2MNVOFuIBOkwH5y/mGf1pMndIW0++v eC+3j27wJyUbSumxM6+iVn+gu0mE7QB6YPllB9FbihkYNNfzWejyuA== =obLu -----END PGP SIGNATURE----- ... __o .. -\<, Claborne at CYBERTHOUGHT.com ...(*)/(*)._ Providing thoughts on your computing problems. http://www.CYBERTHOUGHT.com/cyberthought/ PGP Pub Key fingerprint = 7E BF 38 3F 24 A7 D1 B0 54 44 96 AA 10 D0 5D 51 Avail on Pub Key server. PGP-encrypted e-mail welcome! Dreams. They are just a "screen saver" for the brain. From declan at well.com Wed Sep 4 16:46:33 1996 From: declan at well.com (Declan McCullagh) Date: Thu, 5 Sep 1996 07:46:33 +0800 Subject: Internet blamed in shoe-cam crimes, assailant free on $750 bail Message-ID: Toronto Sun, 04sep96 Sneaky photographer charged ... by Tom Godfrey A retired high school shop teacher has been charged after a man allegedly used a camera hidden in his size 12 shoe to secretly videotape up the skirts of young women at the CNE. Det. Mike Beauparlant said a man photographed up to 20 women with his "shoe cam," which contained about seven hours of footage when he was arrested at the CNE last Saturday night. Beauparlant said investigators believe he got the idea from surfing a voyeur news group on the Internet. He ordered a $400 fibre optic lens and fastened it in a brogue shoe, police allege. The Oxford-style footwear contained a false front and two small screws on the sole to which a bracket and lens were affixed. "I've never seen anything like this in my 21 years on the force," Beauparlant said. "This was ingenious." Beauparlant said the body of the camera was hidden in a waist pouch and connected to the lens on the shoe with wires that ran under a man's pants and through his sock. "He always photographed very attractive women in their 20s with short skirts," added Det. Const. Mike Dicosola. He said the man was detected by two couples who noticed him moving his foot under the skirt of a woman. They followed the man, held him and called police. Police ask women who feel they've been victimized to call 808-5289. George Walter Campbell, 62, of Cornwall, has been charged with sexual assault and mischief. He returns to College Park court on Sept. 10. He was released on $750 cash bail yesterday. -30- From janzen at idacom.hp.com Wed Sep 4 16:47:56 1996 From: janzen at idacom.hp.com (Martin Janzen) Date: Thu, 5 Sep 1996 07:47:56 +0800 Subject: How to use procmail In-Reply-To: <199609042119.QAA06971@homeport.org> Message-ID: <9609042045.AA27973@sabel.idacom.hp.com> Adam Shostack writes: > Rule introductions of the form :# are depreciated. You should always > use :0, which means any line starting with * is a rule. > [...] > And :0: means use a lockfile on the folder. > [...] > :0 > *^Subject:.*unsub > /dev/null > :0: > *^TOcypherpunks > cypherpunks Thanks, Adam. I created my .procmailrc a long time ago, using the old 2.?? version, and now just cut and paste as required. New procmail users, listen to Adam! (And read the man page, even though it's a bit intimidating at first.) MJ From aba at dcs.ex.ac.uk Wed Sep 4 16:51:03 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Thu, 5 Sep 1996 07:51:03 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609031904.MAA23619@eff.org> Message-ID: <199609042000.VAA00708@server.test.net> Stanton McCandlish writes on cpunks: > [again, since I'm not on the CP list these days, feel free to bounce this > over to the list if it doesn't make it. I'm not sure what the > non-subscriber posting policy is and/or whether such attempted posts are > filtered out, though I seem to recall they didn't used to be.] Cypherpunks always has been and remains an open list. You shouldn't need to wonder given cypherpunk views on free speech :-) > Black Unicorn writes: > > enough with its own policy to prevent its staff and board from making > > embarassing big brother type proposals to curtail the ability of any of us > > to post without attributation would be an alternative. I think an > > In other words you propose an alternate EFF that censors its own > boardmembers. No. But I too am rather suprised to hear an EFF board member apparently speaking against free speech. OK, so maybe she was mis-quoted so I wait for her rebuttal, but nope, she basically to my reading reiterates nothing but negative opinions on free speech and anonymity. Tim's quotes of her CFP speech further demonstrates her leanings. > I'm not aware of any logical consistency that could adhere to an > organization that simultaneously says it supports free speech, yet > demands that its board of directors never speak except in agreement with > the organization's policy. You are asking for a mini-dictatorship. EFF > has no position on anonymity. We also have no position on abortion or on > whether roast duck is better than fried chicken. You are in essence > demanding that EFF impeach any boardmember that offers an opinion in > public or in private about whether or not chicken is good stuff, or states > a belief about right to choose v. right to life positions. > > I'm sorry that we are not totalitarian enough for you. Lets put it this way: if Louis Freeh offered to be an EFF board member, would you take him on board? If he seemed quite pro-anonymity, and free speech, and later turned out to be having doubts, would you keep him? Ie if her views are proving a liability for EFFs reputation, perhaps you all ought to get together and see if you can work something out? Anonymity is a pretty darn major issue here, so it'd be really sad to see EFF coming down on the wrong side. I've seen some of the other EFF insiders own opinions, and would like to see them adopted in place of Dyson's views, which whether they are her opinion or not, are more likely to get misrepresented by the press as such, in face of a lack of an EFF position. EPICs statement looked a reasonable start. > Incidentally, Dyson made no such proposal as you refer to, but simply > expressed questions and doubts about the misuse of anonymity, and made a > clear and correct statement of fact ("you need to be able to get at > somebody's identity to enforce accountability") without offering any > value judgement about whether that was a good idea. She sounded pretty anti-anonymity to me. Are there a shortage of political and net-aware libertarians for board candidates or something? > She concluded that "the question is how do you also enforce freedom > of speech and freedom from prosecution for unpopular opinions," > clearly indicating at least as much doubt about the value of any > attempt to force identifiability and accountability. Even Dyson's > lead statement that "the damage that can be done by anonymity is far > bigger" online that offline is factually correct, and does not > consist of any kind of value judgement. It's simply an honest and, > IMNERHO, necessary observation. Perhaps the quote was unfortunate, perhaps she has also said pro-anonymity things. But a person who is pro-anonymity would surely try to emphasise the pro arguments also? The material I have seen so far does not seem to indicate that this is the case. If this is the case she needs to be _much_ more careful about what she says in `personal' interviews. > If we lie to the public, or lie to ourselves, we lose, because the > opposition will have arguements we have not even looked at much less > wrestled with. > > I'm sorry we are not self-delusional and dishonest enough for you. Be sure to express the pro-anonymity arguments while you're zealously hammering out every last thing that can go wrong with anonymity: like that free speech is not possible with out it. It's pretty much all or nothing, either you think free speech is worth the risk, or you prefer big brother, government access to keys, the works. [see http://www.c2.org/~winsock/ for a windows remailer] Adam -- #!/bin/perl -sp0777i In Tim's Cyphernomicon, he says - I have heard (no cites) that "going masked for the purpose of going masked" is illegal in many jurisdictions. Hard to believe, as many other disguises are just as effective and are presumably not outlawed (wigs, mustaches, makeup, etc.). I assume the law has to do with people wearning ski masks and such in "inappropriate" places. Bad law, if real. A lot of the motivation was to stop the Ku Klux Klan terrorism. On the other hand, the reason it was mentioned on the list a couple years ago was that a woman was arrested in some North Central city, probably Detroit, for violating it, because she was wearing a Middle-Eastern-style chador outfit that covered her face. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From mix at squirrel.owl.de Wed Sep 4 17:13:35 1996 From: mix at squirrel.owl.de (Squirrel Remailer) Date: Thu, 5 Sep 1996 08:13:35 +0800 Subject: No Subject Message-ID: <19960904203437.2587.qmail@squirrel.owl.de> -----BEGIN PGP SIGNED MESSAGE----- Subject: How to send bogus mail to mislead traffic analysis? Hi How can I send messages to remailer so that they will get lost? I want to generate a more or less steady flow of remailer-processed, encrypted mail. Can I send to nobody at some_remailer.net? What are the guidelines for that? What are the best remailers to send to? Cheers Bugged - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2i mQCNAjItXH4AAAEEAL7znlceWxOboMgS5TJykI0LvxZ+nRwaUle05LyGdbQK8Tbv cnFb945OgUMxlWb+xpwYKpZIaZRJME86aO5OvMAI8IN5AQv1zx/e1v+l/6G8QyWN kRqtIxA++WlPO0co9DbckmED7IhtMabIto9S5vH7m6UzH/ASLE/d3JIQvo5FAAUR tAZCdWdnZWSJAJUCBRAyLVzhT93ckhC+jkUBAYnsA/9WGCWZvZXRibOs6Be9roWX fgTGhDl0rZhH13D5n7O77uQfAMCYf9ALbfn9UkbnMnAGtDyecPTp9TC3Ha65TkWv ald2LoLvMD01d6iS8SkvedcgHqojfh/Q55NkJ0wtO/Ne0jOtFVQzDEtF7awwypAx HZgIoEMsSLDrTT0EwTlTjg== =mlIT - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAgUBMi1g10/d3JIQvo5FAQE70wQAsVZzVT9MrP5TuKcilJaehufve5O56B4y 0y5vaeax5fAAElZz9SxRV+meAgUNvRNTUu1afZIHYzoFUdJWoSAroLxMjSqbv1uT O95Qur+jJRLwgDoo+Kgse8DESDqlGdI2kab6KxDrSz2erkARYn9A5/JQTTI/L3I5 z1eW2fBec9c= =kDXU -----END PGP SIGNATURE----- From unicorn at schloss.li Wed Sep 4 17:17:03 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 5 Sep 1996 08:17:03 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609031730.KAA20063@netcom2.netcom.com> Message-ID: [This will be my last comment on this thread.] On Tue, 3 Sep 1996, Vladimir Z. Nuri wrote: > > >I would put forth that you know nothing of my efforts, and therefore are > >in no position to judge me. I would also put forth that the efforts of > >EFF, or lack thereof, are quite public. > > that's my point. an entity that is willing to put its > reputation on the line is inherently more valuable than one that > is not, imho. all the EFF members have good public track records. > what EFF has accomplished is checkered, like any battle-scarred > infrantry will experience. if you expect unadulterated success, > you're not living in the same reality everyone else around here > is. If you're going to ask me for money and support, you damn well better produce unadulterated success. > granted, EFF has made some serious compromises in their agenda. > they're finding their identity. but it doesn't help to have people > rant at them and ignore their notable successes, and tend to criticize > them merely because they're a public target. Awww, poor EFF. It just needs a little love and attention. It's trying to be the best compromising entity it can be. It's not fair to criticize it. We don't want to frighten it or anything, it might be stunted for life. > whenever you criticize something, please keep in mind the basic > qualification: what is a better alternative? Sometimes nothing at all can be a better alternative. > sure, EFF hasn't had > stellar success, but then, who has in the agenda they are pursuing? > their goals are extremely ambitious and difficult in the current > climate. lack of success is proof of the difficulty, not of any Again, I'm sure every violin in the place is playing for EFF and it the powerful traumas it has to endure. What do you think this is? The olympics? I don't CARE how hard the job is. You don't get things done by being sympathetic in politics. Maybe, Lance, that's how it works in Colorado, but not in D.C. Take the hearts and flowers crap elsewhere. IF they are asking for money I don't think that excuses are a luxury they can indulge in. > when you begin to understand this, you > won't alienate those you are critical of. EFF members are *tremendously* > open to positive comments. instead you harangue them and lose their > good will to the point that they may tend to ignore cpunk comments > entirely because of your very poor example. If EFF is so sensitive that my comments will cause them to close their ears to their potentially most interested constituancy, well, EFF is an organization that needs to die and be replaced. > >I think any organization that would apply political pressure rather than > >bow to it would be an alternative. I think an organization in touch > >enough with its own policy to prevent its staff and board from making > >embarassing big brother type proposals to curtail the ability of any of us > >to post without attributation would be an alternative. I think an > >organization without the internal conflict and strife that has clearly > >marred EFF in past and made it a laughable attempt at cohesive political > >persuasion would be an alternative. I think an organization that had > >official policies on the core issues which it proposes to influence would > >be an alternative. > > why don't you start one then? As I said before, you know nothing of what I am doing. I don't buy the "well then you do it" crap. They are taking other people's money. Do it right because that is their JOB. I don't have time to play about with net politics in D.C. right now. Nor, frankly, do I think my resources in that area would do much good. Maybe EFF can't do the job, which is the position you seem to be taking, then maybe no one can and resources should be allocated elsewhere. Just don't come whining to me about how life is so hard on EFF. Deal. what you seem to fail to adequately > understand is that there is virtually no organization in the world > that is free from the difficulties you describe. whenever you have > multiple people working together, you aren't going to have clear-cut > successes. cpunks are always yelling at anything resembling organization, > which really annoys me. EFF has had tremendous powerful successes in > areas you are conveniently overlooking, in areas that are hard > to measure, such as increasing public awareness. can you make a good > case that EFF has had no positive effect? we may be living in a much > darker reality without them. Yadda Yadda Yadda and life is so hard isn't it a shame? > >In short, an organization that had even one of the needed elements of > >legislative influence. (Cohesive, directed, persistent, and > >uncompromising). > > our congress does not have this property after centuries of trying. You confuse legislation with legislative influence. Advocacy with concensus building. > > What is so shocking about announcing that a > >given organization does not support my interests and therefore calling on > >others who share my interests not to make financial donations to said > >organization? > > you can criticize an organization without implying the people who contribute > to it are incompetent, a distinction that has subtly eluded you so far. I can, but I happen to believe that they are. Look at the slips. A political action organization cannot afford to have their primary members spouting off like that. It kills the organization. It has, in my view. Perhaps EFF has an important function. Lobbying is not it. > > Is there something EFF fears in free speech and political > >consensus building? Perhaps if they had a straightforward policy.... > > no matter what they decide, they will be flamed by someone such as > yourself. they do have an agenda. What's their anonymous poster agenda then? > >Phrased another way, who cares what you are tired of hearing? > > the EFF ranting is periodic, and your own sour comments are > a repeated feature of this list. who *are* you? why are you so > critical of everything in existence? based on previous rants, > you're a habitual sourpuss. When people are asking for money and promising results, I expect results. If this makes me a sourpuss, fine, I'm a sourpuss. As for who I am, it is and shall be none of your business. I understand that there is a dtendency here to get flaky and passive. "So what, they are trying." Hey, life is hard. Sometimes people aren't up to the task. Fine, admit it rather than dragging it on for years and move on. If EFF ranting is periodic perhaps EFF should take a hint? > >No, but when an organization espouses nothing on a given subject key to > >its mission, what does that say? What about when its members espouse > >entirely different and even counter productive beliefs > > again, you are presuming that anonymity is key to their mission. > that's a big leap of faith. there is room for honest disagreement. > you haven't heard of their agenda personally, so you are assuming > there is none. from what I have seen, there is a reasonably > cohesive agenda going on, and I'm not, like yourself, assuming > that it doesn't exist merely because I haven't seen it blared in > a noisy advertisement somewhere. > > I agree with some of the EFF member's comments: anonymity could > be a very serious quagmire to support. there are probably better > trees to bark up. Anonymity is currently the status quo. Tell me, what exactly, if someone takes the position that it is too hard to support, are they going to do to, for example, prevent what I'm doing? Will you be required to register with your ISP? Provide credit references to be permitted on the net? Use a smart card with fingerprint checking to log on? Anonymity is the key. Period. Your failure to see this simply destroys your argument. Look Lance, just because you have not been able to keep from being outted doesn't mean that some others don't benefit from Anonymity. > EFF has lobbied against many of the bills you mention. again, I think > you're being unfair in assuming merely because you haven't heard > of them accomplishing anything, they haven't. If I haven't heard of EFF's accomplishments then they aren't doing their job. > >I do infact feel the cpunks have a greater track record than EFF. Tell > >me, what has EFF done? The list of "cypherpunk" accomplishments in terms > >of making the net a better place to be is, in my view, significant. > >Certainly the discussion here is livelier than anything I've seen from > >EFF. > > ah, the fundamental illusion that is going on here. discussion alone > is WORTHLESS in changing the world. yet we have REAMS of it on the > cpunk list. I'd say EFF has *acted* and put enormous effort into > its agenda. So trying hard is the measure of success? "But he was trying SO hard to get the gold medal, let's just give it to him." Bah. > but it is invisible because its not easily quantified. > ask them how many pamphlets they have printed for the public, how > much mail they have sent out to members informing them of > developments, etc. consider the high-quality EFF newsletter. Wait, wait. Wasn't it you who just said "ah, the fundamental illusion that is going on here. discussion alone is WORTHLESS in changing the world." How are pamphlets any different? > is there anything like that in the cpunk area? frankly I think your > comparing cpunks to EFF is really laughable. I take that almost as a compliment. > they are not even in the same ballpark. Oh, I agree. > >Well what, EFF, have you done for us LATELY? > > EFF hasn't done much for anyone who hasn't paid their dues.. So keep paying Lance. At least you're getting some satisfaction out of it. > > >English is not my first language. Start paying my hourly rate to type in > >the thousands of words and dozens of legal summaries I send to this list > >every month and I will begin to proof read carefully. > > your legal summaries are impressive. your rabid criticisms leave > a sour taste in my mouth. measured criticism, I can deal with. If it's too hot... > >> and you, like many other cypherpunks and cyberspace weasels, > >> have a whine-and-shriek-from-the-shadows bent. > > > >And your point is? > > > >You'd like the shadows lifted? Speaking without a true name attached is > >somehow evil? > > really, an opinion without attribution is not worth as much as > one with it. there's no escaping this simple concept. I agree that > a pseudonym can gain a reputation, but yours has very little > associated with it to qualify criticism of EFF imho. so you have > posted regularly to the cpunk list. big deal. By your logic you're not in much of a position to commend EFF or criticise me for that matter then, "Vlad." > >This is EFF talking. "The situation is hopeless, bail now to preserve > >image." > > EFF has changed its direction from working in washington. Exactly. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From jya at pipeline.com Wed Sep 4 17:20:58 1996 From: jya at pipeline.com (John Young) Date: Thu, 5 Sep 1996 08:20:58 +0800 Subject: SG Spy Ring Message-ID: <199609042056.UAA18784@pipe6.t2.usa.pipeline.com> Financial Times, September 4, 1996, p. 4. Singapore looks to superhighway By James Kynge in Kuala Lumpur Singapore took another step toward its vision of becoming an "intelligent island" yesterday, announcing an initiative to link the city-state's main on-line networks. Mr Goh Chee Wee, Singapore's minister of state for communications, said the "internetwork hub" would link service providers of the Internet, government on-line networks, commercial networks and some others. Singapore's move follows an ambitious scheme announced by neighbour Malaysia last month to launch an "information superhighway" designed to attract the world's leading information technology companies to Kuala Lumpur. The perceived advantage in Singapore's initiative is that users will be able to access all networks using a single leased line, rather than the separate lines currently necessary. The hub will use a single set of national standards, meaning inter-operability between networks becomes easier. Mr Goh said the hub should be up and running by the end of the year. A mechanism to identify users electronically would be incorporated into the hub network next year, paving the way for secure operations such as payments, banking and confidential correspondence. The move is part of the Information Technology 2000 masterplan, a scheme which aims to accomplish the sometimes conflicting aims of exploiting the information superhighway to its full potential while continuing to insulate Singaporeans from undesired influences. From September 15, the city-state will implement its first big attempt to police cyberspace. From then all Internet providers must channel more than 120,000 subscribers on the island through "proxy servers" before they reach the net. These servers will check every Internet site a subscriber requests and block access to a about a dozen banned sites known to display pornography. The government has warned against material deemed politically subversive or inciting religious disharmony. [End] From azur at netcom.com Wed Sep 4 17:34:30 1996 From: azur at netcom.com (Steve Schear) Date: Thu, 5 Sep 1996 08:34:30 +0800 Subject: What is the EFF doing exactly? Message-ID: >Vladimir Z. Nuri wrote: >so in a very real sense, anonymity in >the phone system was considered a "problem" by some that has been >"solved" or "modified" by some recent advancements. (yes, most people >agree caller ID is an advancement). Yes, and that is why some companies (e.g., Private Lines) offer anonymous out-bound calling services. > >I think cpunks should hold the view that communication is a matter >of mutual consent between sender and receiver. if a receiver says, >"I don't want any anonymous messages", then should be able to block them. >this is essentially what is happening with the remailers *right*now*, >if you ask any remailer operator. people ask not to receive anonymous >mail, and are put on the blocking lists. imho only the extremists are arguing, >and have always argued, that they should have some ability to put >an anonymous message in front of someone else against their will. > >this basic rule becomes more murky when you look at public forums, >because you can't really say whether given individuals reading them want to >hear something anonymous or not. by designing the forum beforehand >to force the situation, you solve this problem. > I find most unwanted communications objectionable, anonymous or not. How about billboards. Should the fact that I choose to be outside or on a roadway make my eye a target for ads? (If so, then why not consider having an e-mail account in a similar vein?) The fact that I can immediately, or later, identify the responsible party doesn't keep me from initially seeing the ad and taking my time. If I object, what are my alternatives? The last thing I want is monetary compensation. I want my time back. Failing this, I want the abusers time (sorta' like in Zardoz). >I do believe that in the future there will be all types of forums: those in >which identity is required, those in which it is optional, and those in >which it is always cloaked. this is eminently reasonable imho. >those who argue against one of the >above's existence (such as saying it involves a ghettoization >of anonymity, that there should always be an ability to be anonymous >in any communication setting) are extremists imho. "The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man." --George Bernard Shaw PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Steve Schear, N7ZEZ | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- From azur at netcom.com Wed Sep 4 17:52:52 1996 From: azur at netcom.com (Steve Schear) Date: Thu, 5 Sep 1996 08:52:52 +0800 Subject: flimflamery on anonymity Message-ID: >Vladimir Z. Nuri wrote: >(last line is sarcasm for the sarcasm impaired) >a cpunk position I have seen repeated often. it goes along a very >simplistic line of reasoning that I have seen TCM evoke repeatedly. >it rather annoys me. it goes like this: > >cyberspace is merely discussion between people. anonymity should >be allowed anywhere there are discussions (its a free speech issue). >therefore it should be possible everywhere in cyberspace. > >this idea lacks a lot of subtlety in thought and to my mind is >tremendously simplistic. [snip] > >cpunks will also argue that anonymity can suffice for any >business transaction. that may be so, but what about a business >that simply says, "we choose to require identity among our >customers, and you can go elsewhere if you disagree". These attitudes create business opportunities for others who would seek to serve those who prefer anonymity. [snip] > >cyberspace as a whole is *not* going to lead to a totlal motion >away from physical identity. in some ways physical identity will >be more strictly enforced in cyberspace, in "some regions". >there will be other regions of cyberspace in which "anything goes". > As long as attractive, anonymous, alternatives sufficient for those (of a 'cyherpunk' mind) seeking to communicate, transact commerce, etc. exist it won't matter to whether others choose to enforce stricter identity adherence. [snip] >of course in the cpunk mailing list, who cares if there are >anonymous/pseudonymous participants? [snip]... but far more is at stake >in the "real world" and the risks posed by anonymity will be >adequately diluted because of this. and it won't be by people >who are all "f***ing statists"-- it will be by reasonable people >such as those who head EFF, who are interested in a civilized >society. > As always the market and the street will decide. PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Steve Schear, N7ZEZ | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- From dfloyd at io.com Wed Sep 4 17:55:30 1996 From: dfloyd at io.com (Douglas R. Floyd) Date: Thu, 5 Sep 1996 08:55:30 +0800 Subject: Letter to the Observer [re: Internet paedophile] In-Reply-To: <9609041639.AA25461@cti02.citenet.net> Message-ID: <199609042131.QAA02995@xanadu.io.com> > > On 4 Sep 96 at 5:41, Martin Minow wrote: > > > Forwarded to me by a friend: > > > The following letters were delivered to the Editor of the Observer > > last week as a request to publish a retraction of their article > > relating to the Internet that appeared on Sunday 25th. August. > > One way to limit or retaliate against diffamation would be to refuse > internet access to anybody known to be part of any such medias, being > tv or paper. > > ISPs would probably easily agree since the revenues coming from > journalists vs from the general population is probably minuscule. Of > course, the conventionnal media would set up their own ISP but they > could be identified. > > Does that makes sense or am I out to lunch? AOL will take them. Most of them are on there anyway. > > jfa > > Jean-Francois Avon > DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal > JFA Technologies, R&D consultants: physicists, technologists and engineers. > > PGP keys at: http://w3.citenet.net/users/jf_avon > ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 > > From declan at eff.org Wed Sep 4 18:10:36 1996 From: declan at eff.org (Declan McCullagh) Date: Thu, 5 Sep 1996 09:10:36 +0800 Subject: Letter to the Observer [re: Internet paedophile] In-Reply-To: <9609041639.AA25461@cti02.citenet.net> Message-ID: Jean-Francois, your comments are inspired! As a member of "such media" in that I still publish articles on dead trees -- I have articles in fall issues of Wired and Playboy, for instance -- I rejoice in your reasoned suggestion that you deny me and my ilk access to the Net. But wait! I connect through wired.com, eff.org, or *.edu accounts. How do you plan to kick me off my "ISPs?" No, you're not out to lunch. -Declan On Wed, 4 Sep 1996, Jean-Francois Avon wrote: > > One way to limit or retaliate against diffamation would be to refuse > internet access to anybody known to be part of any such medias, being > tv or paper. > > ISPs would probably easily agree since the revenues coming from > journalists vs from the general population is probably minuscule. Of > course, the conventionnal media would set up their own ISP but they > could be identified. > > Does that makes sense or am I out to lunch? > // declan at eff.org // I do not represent the EFF // declan at well.com // From jonl at well.com Wed Sep 4 18:31:41 1996 From: jonl at well.com (Jon Lebkowsky) Date: Thu, 5 Sep 1996 09:31:41 +0800 Subject: What is the EFF doing exactly? Message-ID: <2.2.16.19960904170224.40bfe688@mail.well.com> At 08:02 PM 9/3/96 -0700, James A. Donald wrote: >At 03:17 PM 9/3/96 -0700, Jon Lebkowsky wrote: >>>> Not necessarily. The character of the anonymous speech is decisive. If you >>>> use anonymity to cloak harassment, for instance, the anonymity (which >>>> removes accountability) is a problem. The accountability issue is real and >>>> should be addressed, not evaded. > >At 07:44 AM 9/3/96 -0700, James A. Donald wrote: >>>No: The harassment is the problem, not the anonymity that makes it >>>possible. > >At 06:52 AM 9/4/96 -0500, Jon Lebkowsky wrote: >>The harassment is one problem, the lack of accountability another. > >So: > >Lucky Green and Dark Unicorn are not accountable. This is a problem? > >Because it is a problem "We" need to do something about it, Looks like you didn't quite finish yer msg...what is it that "We" need to do about it? -- Jon Lebkowsky http://www.well.com/~jonl jonl at hotwired.com From azur at netcom.com Wed Sep 4 18:51:08 1996 From: azur at netcom.com (Steve Schear) Date: Thu, 5 Sep 1996 09:51:08 +0800 Subject: Intelligence Community Briefing Message-ID: My security clearence has long since expired. Anyone on the list plan to attend and report back :-) ------------------------------------ AFCEA The U.S. Intelligence Community: Who Does What, With What, For What? October 8, 9, 10, 1996 #### This course is Classified SECRET. ### Sponsored by The Community Management Staff. Location: AFCEA International Headquarters, Fairfax, Virginia The U.S. Intelligence Community continues to undergo substantial changes. This top-down course provides an up-to-date understanding of the structure and functions of the Intelligence Community and its components, the changing threats and challenges with which they must deal, as well as resources and processes used. The course addresses intelligence programs structure and provides insight into relations between intelligence producers and policy consumers, as well as useful information about the interaction between U.S. Intelligence and industry. WHO SHOULD ATTEND This course is suitable for industry managers, designers and producers of security and intelligence systems and products, including software and special purpose products. The up-to-date coverage of the changing intelligence community is equally suitable for intelligence officers and operatives proficient in their own services or specialties who have or expect to have responsibilities involving other agencies and services, overview functions or supervision of interfaces between various agency efforts. Past attendance has been divided about equally between persons from the government and from industry. COURSE OUTLINE: Intelligence, Practice and Issues Background of U.S. Intelligence Definitions of Intelligence Intelligence Process Relationships between Intelligence and Policy Systems Intelligence Issues Components and Coordination of the Intelligence Community Organization and Components of the U.S. Intelligence Community The Role of the DCI DCI Special Staffs and Multi-Agency Activity Centers The Community Management Executive Director and Staff The National Intelligence Council Intelligence Oversight and Management within the Executive Branch Civilian Intelligence Organizations Military Intelligence Components Coordination of Counterintelligence Intelligence Budget Structure NFIP TIARA JMIP The Central Intelligence Agency Structure and Functions of the Changing CIA Intelligence Collection, Analysis and Dissemination CIA Support to Military Intelligence Operations Military Intelligence OASDC3I Organization and Functions Structure and Functions of the Defense Intelligence Agency Support for OSD, JCS, and Operational Commands Military Services: Organization, Roles and Missions Impact and Trends Resulting from Changing World Situation and Operational Experiences Overhead Reconnaissance and Surveillance National Reconnaissance Office Defense Airborne Reconnaissance The National Security Agency and Central Security Service Role in the Community Specific Functions Services of Common Concern Federal Bureau of Investigation FBI Organization and Functions Law Enforcement Intelligence Functions Counter-Intelligence Relationships with CIA and Other Components of the Intelligence Community Counternarcotics Intelligence and the Drug Enforcement Administration The Problem The Counternarcotics Community DCI Counternarcotics Center Operational Counternarcotics Intelligence Activities Imagery The Central Imagery Office Relationships with Other Parts of the Intelligence Community Support to Operational Commands Intelligence Support for Arms Control and Disarmament Arms Control Intelligence Staff Non-Proliferation Center On-Site Inspections Nuclear Intelligence and Role of Department of Energy Intelligence Community and the Congress Functions of the Oversight Committees Legislation Affecting the Intelligence Community Trends Intelligence and Industry Relationship Between Intelligence Components and the Private Sector Opportunities to Market Services and Products Control Mechanisms Business Strategies Intelligence Developments in Private Industry Internal Intelligence System Risk Analysis Course Coordinator COL John D. Sitterson, USA (Ret.), is now a consultant to AFCEA and industry. His military career included assignments in intelligence and international security affairs, as well as combat and commands with extensive C3I involvement. He headed the Department of National and International Security Studies at the Army War College. Colonel Sitterson served on a White House Task Force, in operations coordinating elements under NSA, on a Presidential-Congressional Commission, and as a military member of two blue ribbon study groups at the Council on Foreign Relations. As a civilian he served 20 years in defense-related government and industry positions, including 11 years with HRB-Singer (now HRB Systems). Lecturers: Mr. Peter C. Oleson has had extensive experience in intelligence related positions in the U.S. government and industry, including the Office of the Secretary of Defense. He has been adjunct professor of Resource Management at the Defense Intelligence College. He now heads his own consulting firm. Other lecturers will be authoritative representatives of the Central Intelligence Agency; Community Management Staff; the Office of the Assistant Secretary of Defense (C3I); Defense Intelligence Agency; National Security Agency; Intelligence Services of the Army, Navy, Air Force and Marine Corps; the National Reconnaissance Office; the Defense Airborne Reconnaissance Office; the Central Imagery Office; Department of State (INR); Department of Energy; Federal Bureau of Investigation; Drug Enforcement Administration; Arms Control Intelligence Staff; Non-Proliferation Center and the House of Representatives Permanent Select Committee on Intelligence. Register by submitting the following information to: AFCEA 4400 Fair Lakes Court Fairfax, Virginia 22033-3899 Phone: (703) 631-6135 FAX (703) 631 4693 email = aafceapdc at aol.com until 1 October and then pdc at afcea.org Course Name or Number: Intelligence Course/ 203N Date Course Convenes: 8 October 1996 STUDENT: Rank/Honorific: Service: First Name: MI: Last Name: Title/Position: Company/Organization: Division: Mail Stop/ Suite/ Office Symbol: Street Address: City: State: ZIP: Country Telephone: (area code) Fax: (area code) Please indicate method of payment intended: Mastercard/Visa/AMEX/Diners Club/ DD1556/Voucher All registrations will be acknowledged. The acknowledgement letter will contain information on location of the course, housing and transportation details. Fees: Government Personnel $700 Industry $950 ### A Classified Visit Request must be submitted by mail or fax before the student is permitted to attend the course. This request should be received at AFCEA at least the week before the class convenes. ------------------------- PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Steve Schear, N7ZEZ | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- From azur at netcom.com Wed Sep 4 18:57:10 1996 From: azur at netcom.com (Steve Schear) Date: Thu, 5 Sep 1996 09:57:10 +0800 Subject: Reputations Message-ID: "Regulation - which is based on force and fear - undermines the moral base of business dealings. It becomes cheaper to bribe a building inspector than to meet his standards of construction. A fly-by-night securities operator can quickly meet all the S.E.C. requirements, gain the inference of respectability, and proceed to fleece the public. In an unregulated economy, the operator would have had to spend a number of years in reputable dealings before he could earn a position of trust sufficient to induce a number of investors to place funds with him. Protection of the consumer by regulation is thus illusory." -- Alan Greenspan TCM, seems like a reputable source to support your views. -- Steve PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Steve Schear, N7ZEZ | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- From jimbell at pacifier.com Wed Sep 4 19:03:26 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 5 Sep 1996 10:03:26 +0800 Subject: Race Bit: C Message-ID: <199609042222.PAA19090@mail.pacifier.com> At 02:47 AM 9/4/96 -0700, Timothy C. May wrote: >At 3:02 AM 9/4/96, James A. Donald wrote: >>At 10:33 PM 9/3/96 -0800, jim bell wrote: >>>>The Leahy crypto bill introduced early this year made (paraphrasing) "the >>>>use of encryption to thwart a law-enforcement investigation illegal." I >>>>immediately pointed out that while this wouldn't make _encrypted_ remailers >>>>illegal, per se, effectively it would because the moment an investigation >>>>(even a phony or trumped-up one) is started and is "thwarted" by the >>>>encryption used, the remailer operator became guilty of a crime. >... >>I believe that judges have a policy of interpreting deliberately >>ambiguous statutes in whatever way makes the most sense. The only >>sensible interpretation of Leahy's bill is that it criminalizes >>strong remailers, that it is intended to punish ANYONE, not just >>the criminals themselves, who obstructs investigations. > >As the recent discussion of knives, switchblades, and throwing stars >showed, such ambiguous laws are often used to keep the coloreds down. Perhaps the most ominous part of making "use of encryption to thwart an investigation" illegal is _not_ that remailer operators might be prosecuted, but that they might NOT be prosecuted in a deal where (in exchange for not being prosecuted) they continue to operate the remailer, "cracked" or sabotaged so that they share all the info with the cops. While even that won't make chained remailers totally useless, eventually suspicions of such a crack will surface, which will help sabotage the credibility of all remailers, not just the ones that have been "stung." Jim Bell jimbell at pacifier.com From adam at homeport.org Wed Sep 4 19:40:05 1996 From: adam at homeport.org (Adam Shostack) Date: Thu, 5 Sep 1996 10:40:05 +0800 Subject: How to use procmail In-Reply-To: <9609042045.AA27973@sabel.idacom.hp.com> Message-ID: <199609050006.TAA07462@homeport.org> Martin Janzen wrote: | New procmail users, listen to Adam! (And read the man page, even | though it's a bit intimidating at first.) Yeah, Listen to me! Listen to me! (Its the new cypherpunks theme song!) More seriously, here's my .procmailrc. I'm fond of it, but the cpunks section could use some more work. Other parts may be useful basis for other people's hacking. Adam # $Id: .procmailrc,v 1.10 1996/08/05 04:54:46 adam Exp $ PATH=/bin:/usr/bin:/usr/local/bin:/usr/local/lib/mh MAILDIR=$HOME/Mail/= #you'd better make sure it exists DEFAULT=/var/spool/mail/adam LOGFILE=$MAILDIR/.procmail.log REALLF=$LOGFILE # So I only have one path to LF COMSAT=no # don't tell comsat; its obstelete. # VERBOSE=on # bad bad bad! #This first ruleset protets me from mailbombs from an automated service #that I often send incorrect commands to, generating 5mb of reply. # It also sorts based on sucsess of the command. :0c : .safe :0 * From bal at swissnet.ai.mit.edu { :0 h * >10000 /dev/null :0 h *^Subject:.*no keys match /dev/null :0: *Subject: Your command, ADD $DEFAULT :0E | pgp +batchmode -fka } # This is a backup. Don't forget to cycle safe boxes. # this is here because I don't want to hear about everything going in .safe. # prevent duplicate messages from showing up in several folders. LOGABSTRACT=all # doesn't work :0 Wh: msgid.lock | formail -D 65536 .msgid.cache # auto key retreival # # I have an elm alias, pgp, points to a keyserver # The logfile gets unset briefly to keep the elm lines out of my # logfile. :0BW * -----BEGIN PGP *!^FROM_DAEMON KEYID=|/home/adam/bin/sender_unknown LOGFILE= :0 ahc # added h 8 jan 95 * ! ^X-Loop: Adams autokey retreival. | formail -a"X-Loop: Adams akr" |elm -s"mget $KEYID" pgp LOGFILE=$REALLF :0 * (^TOCypherpunks|Sender:.*cypherpunks|^From owner-cypherpunks at toad.com) { :0: * From.*owner-cp-lite at comsec.com cp-lite :0 h * Subject:.*(Delete|u*n*Sub*| add |leave|help|Undeliverable Message) * < 1000 /dev/null :0 :rml.lock * ^From: Raph Levien * ^Subject: List of reliable remailers | cat /dev/null - > ~/sec/remailer-list :0: * 1^1 ^(From|To|Cc):.*david at sternlight.com * 1^1 ^Subject:.*CDA * 1^1 ^Subject:.*Assasination * 1^1 ^Subject:.*Reasons in support of crypto-anarchy * 1^1 ^Subject:.*Noise * 1^1 ^Subject:.*FV * 1^1 ^Subject:.*(PLEASE REPLY|test) cjunk :0B: * ^Alice de 'nonymous * an455120 at anon.penet.fi * ^P.S. This post is in the public domain. | formail -a "Status: O" >> cjunk # I really ought to make this a wieghted rule. :0: * ^From:.*(aba at atlas|adam at lighthouse|blancw|cdodhner|cfrye|chen|cman|cme|colin@|daw at cs|ddt|ebrandt|eric at remail|futplex|frissell|gnu|gtoal|habs|hallam|hfinney|hugh|jis|karn|loewenste|loki|mab|froomki|mpj|nate|nsb|perry|pfarrel|rah|rjc|rsalz|sameer|sandfort|schneier|ses|smb|stewarts|szabo|tcmay|trei|unicorn|usura at berserk|warlord|weidai|whitaker|Zimmerman) * !^From.*(anonymous|perry at jpunix.com|jonathan at Memexis|perry at psii.persci.com|gertstein|Schartman|don at cs.byu.edu|senate.gov|doug at eng) cpunks :0: cpunks-noise } :0: * ^TOfirewalls firewalls :0: *^From owner-fwtk-users at tis.com fwtk :0 *^TOcyberia-l { # VERBOSE=on :0 HW FROM=|formail -x "From: " :0 f | formail -I"Reply-To: $FROM" :0 fw:cyberia.sed.lock * ^From: Timothy Arnold-Moore |sed 's/^ //g' :0: cyberia } :0: * ^From procmail-request at informatik.rwth-aachen.de procmail # Thats it for the high volume lists. Low volume lists I don't push # through formail. :0: * ^TOyucks at cs.purdue.edu * ^Subject: Yucks Digest | formail +1 -ds cat >> yucks :0: * ^TObugtraq bugtraq :0 * ^TO .*(ietf|rfc-dist) { :0h *^Subject:.*ON-SITE /dev/null :0: ietf } :0 * ^TOwww-buyinfo { :0 * ^From: rah at shipwright * ^Subject: .*(cpx) /dev/null :0: | formail -a "Status: O" >> wwwb } :0: *^TOspki spki :0 *^TOssl-talk { :0 *^Subject:.*remove * < 2000 /dev/null :0: ssl } :0: *^TOwww-security at ns2.rutgers.edu wwws :0: *^From owner-ssh ssh :0: *^TOremailer-operators at c2.org remailers :0: *From best-of-security bos :0: * ^TObblisa bblisa :0: *^TOcoderpunks coderpunks :0: *^TOmix-l mix-l :0: * ^TOphrack v/phrack :0: *^TOsdadmin sdadmin :0: * Precedence: (junk|bulk) junk :0: * To: postmaster postmaster # basic file server. Only sends whats in .outbound :0 * ^Subject: (SEND|get) [0-9a-z][-_/0-9a-z.]+$ * !^Subject:.*[ /.]\. * !^FROM_DAEMON { # FILE=`formail -x Subject: | sed 's/.* //'` FILE=`sed -n -e '/Subject:/s/.* //p' -e '/^$/q'` :0c | (formail -rt -A"Precedence: junk";\ cat $HOME/.outbound/$FILE) | $SENDMAIL -t :0: $MAILDIR/.log } # This handles vacation messages. Make sure .vacation.msg and # .vacationlist exist :0 hc:vaction.lock # untested * ? [ -r $MAILDIR/.vacationlist ] * !? [ -r $MAILDIR/.vacation.msg ] | rm -f $MAILDIR/.vacationlist :0 * ? [ -s $MAILDIR/.vacation.msg ] * !^Precedence:(junk|bulk) * !^FROM_DAEMON { FROM=`formail -rx To:` ALREADYSENT=$MAILDIR/.vacationlist :0 hc: * !? fgrep -e "$FROM" $ALREADYSENT | echo "$FROM" >> $ALREADYSENT;\ (formail -rA"Precedence: junk";\ cat $MAILDIR/.vacation.msg ;\ ) | $SENDMAIL -t } -- "It is seldom that liberty of any kind is lost all at once." -Hume From jimbell at pacifier.com Wed Sep 4 19:49:00 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 5 Sep 1996 10:49:00 +0800 Subject: Browne and foreign tyrants Message-ID: <199609042343.QAA25061@mail.pacifier.com> >From: "George D. Phillies" >Subject: Re: Browne & foreign tyrants >There is a section of the Geneva Protocols forbidding actions in occupied >territories directed against officers of political parties. Under that >section, the actions in Somalia against, e.g., the treasurer of General >Aidid's political party, were war crimes. No one seems to get very upset. > >> If there is such a treaty, the US has a long history of ignoring it. >> >> 0) Attempts to kill Hitler. >I don't think we ever tried this. And this was a real shame. Over 30 million people died in WWII, directly or indirectly. We knew that Hitler was going to be a problem well before 1936. Think how many could have been saved... If anything, WWII is excellent proof that AP is a good idea. Stauffenberg was the German who bombed Hitler's meeting in 1944 but failed to kill him. Stauffenberg knew as early as 1942 that Hitler needed to be killed, and a recent "60 Minutes" episode related how hundreds of people knew about this plot. The reason he failed was that while he was preparing the two bombs in a bathroom, he was interrupted. (The bomb's delay mechamism was acid dissolving a metal.) Rather than being caught, he left one of the briefcases in the bathroom and went to the meeting with only one bomb. Furthermore, he left the bomb at the meeting, but it was pushed behind the heavy table after he left, which shielded Hitler from much of the force of the explosion. If AP (or at least, some anonymous reward mechanism for Stauffenberg's family) had been available, he would have done "the honorable thing," and walked up to Hitler with the bomb and instantly detonated it right there, resulting in both Hitler's and Stauffenberg's certain death. At least hundreds of thousands or perhaps over a million people would have SURVIVED. As it happened, Stauffenberg's reticence caused not only his death after torture, but also the deaths of well over a hundred coup-plotters, but also the thousands that were yet to die in the last 6+ months of WWII. Question: Would you kill yourself to save a million lives? Even if you wouldn't, would you change your mind if your heirs would be anonymously paid an extra $10 million dollars or so? I'd say that's a pretty substantial motivation, wouldn't you? Jim Bell jimbell at pacifier.com From surya at premenos.com Wed Sep 4 20:34:30 1996 From: surya at premenos.com (Surya Koneru) Date: Thu, 5 Sep 1996 11:34:30 +0800 Subject: rc2 export limits.. Message-ID: RC2 uses a effective key size, so is it ok to use a key of 128 bits size with a 40 bits effective key size for export. Thanx --Surya >---------- >From: Simon Spero[SMTP:ses at tipper.oit.unc.edu] >Sent: Tuesday, September 03, 1996 8:33 PM >To: Surya Koneru >Cc: 'cypherpunks at toad.com' >Subject: Re: rc2 export limits.. > >It's the usual - if you want commercial jurisdiction, > 40 bits unescrowed > 64 bits (16 escrowed) > >Above that, you'll have to go through state on a per customer basis >(which I don't think is that easy to get if software is being shipped >outside the US, and is definitely going to be expensive.) > >Simon > > >--- >Cause maybe (maybe) | In my mind I'm going to Carolina >you're gonna be the one that saves me | - back in Chapel Hill May 16th. >And after all | Email address remains unchanged >You're my firewall - | ........First in Usenet......... > From cjs at cinenet.net Wed Sep 4 20:49:42 1996 From: cjs at cinenet.net (Chris Steinke) Date: Thu, 5 Sep 1996 11:49:42 +0800 Subject: cypherpunks Message-ID: <322E4DFA.167E@cinenet.net> subscribe cypherpunks From azur at netcom.com Wed Sep 4 21:15:57 1996 From: azur at netcom.com (Steve Schear) Date: Thu, 5 Sep 1996 12:15:57 +0800 Subject: Secure remailers, was Race Bit: C Message-ID: >At 04 Sep 1996 15:21:54 -0800, jim bell wrote: >Perhaps the most ominous part of making "use of encryption to thwart an >investigation" illegal is _not_ that remailer operators might be prosecuted, >but that they might NOT be prosecuted in a deal where (in exchange for not >being prosecuted) they continue to operate the remailer, "cracked" or >sabotaged so that they share all the info with the cops. While even that >won't make chained remailers totally useless, eventually suspicions of such >a crack will surface, which will help sabotage the credibility of all >remailers, >not just the ones that have been "stung." > Yes, that is why there needs to be a move to place all 'critical' portions of remailers and other important servers inside trusted hardware which is highly resistant to compromise. All access to sensitive information (e.g., keys) inside these modules should require multiple parties in several countries (not just the operator of the server) to cooperate. Properly structured (such controls could effectively thwart law enforcement compromise. PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Steve Schear, N7ZEZ | Internet: azur at netcom.com Grinder | Voice: 1-702-655-2877 Sacred Cow Meat Co. | Fax: 1-702-658-2673 7075 W. Gowan Road, #2148 | Las Vegas, NV 89129 | --------------------------------------------------------------------- From EALLENSMITH at ocelot.Rutgers.EDU Wed Sep 4 21:28:50 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Thu, 5 Sep 1996 12:28:50 +0800 Subject: Paladin Publishing suit dismissed Message-ID: <01I93G9JPMBK9JDJT7@mbcl.rutgers.edu> Thank you; my memory isn't the best in the world (obviously). -Allen From jf_avon at citenet.net Wed Sep 4 21:30:15 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Thu, 5 Sep 1996 12:30:15 +0800 Subject: Letter to the Observer [re: Internet paedophile] Message-ID: <9609042255.AA24605@cti02.citenet.net> On 4 Sep 96 at 14:44, Declan McCullagh wrote: > Jean-Francois, your comments are inspired! > > As a member of "such media" in that I still publish articles on dead > trees -- I have articles in fall issues of Wired and Playboy, for > instance -- I rejoice in your reasoned suggestion that you deny me > and my ilk access to the Net. > > But wait! I connect through wired.com, eff.org, or *.edu accounts. > How do you plan to kick me off my "ISPs?" > > No, you're not out to lunch. Well, I did not expect nor want to bar all of the ink spreader community, only, by giving some individual or some rags some trouble, they might get the message. *I* don't plan to kick any net-smearer scumbag off his ISP, I suggest/-ask if- ISP themselves would have advantage to do that./? I simply don't pretend to know it all, so I ask questions... jfa Jean-Francois Avon DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal JFA Technologies, R&D consultants: physicists, technologists and engineers. PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From gregburk at netcom.com Wed Sep 4 21:34:19 1996 From: gregburk at netcom.com (Greg Burk) Date: Thu, 5 Sep 1996 12:34:19 +0800 Subject: Reputations Message-ID: -----BEGIN PGP SIGNED MESSAGE----- tcmay at got.net (Timothy C. May) writes: > Briefly, think of "restaurants" when thinking about reputations. If one > arrives in a new city, most restaurants may have the same baseline > reputation, e.g. "none." A few may be known by name, for their > "reputation," either good ("You have to eat at Louie's--the laser chicken > is incredible") or bad ("Blecch!). Positive reputations and negative > reputations are self-explanatory. And the reputations of others may affect > the reputations of restaurants ("John Gilmore says he likes the Burma > Burger on Castro Street."). Bad recommendations may affect the "reputation > capital" of John, for example. (We speak of "reputation capital" because it > can in some sense be "spent.") That part of the "reputation capital" theory has always seemed suspicious to me. "reputation capital" doesn't behave linearly. There's too much incentive to bottom-feed and too little incentive to shoot for the heights. As an "asset", it is extremely non-liquid. It is hard to spend it in a controlled manner. Too much incentive to bottom-feed: For example, let's say there's someone well-known who frequently speaks nonsense on crypto issues. We'll call her "Norothy Nenning". She makes a recommendation on some particular crypto issue, say "The government's Nipper chip is a safe and effective form of crupto". Plenty of naive people will credit her to some degree. True, fewer people than if she had carefully husbanded her reputation, and to a lesser degree, but still a lot more than zero. Notice that that's a zero cost/benefit ratio. She never does anything to husband her reputation, she just spends it every chance she gets. And while no single expenditure rewards her as much as it would if she made the same expenditure with a good reputation, she spends so much more freely that it is a good strategy for her on the whole. "Reputation capital" is hard to spend down to absolute 0 because it is significant work to distinguish valid "reputation capital" from worthless counterfeit, and it is easy to counterfeit... just talk. I anticipate the answer "Well, the work pays off". But that misses the point. Frequently the work required to tell the good "reputation capital" from the worthless is as much as would be required to find the straight dope yourself. Too little incentive to shoot for the heights: Suppose you judge that you've accumulated twice as much "reputation capital" as Joe. How do you get twice as much payoff? It seems to me that above the threshhold of credibility, minor side issues make more difference than your two-fold "reputation capital" differential. As an "asset", it is extremely non-liquid: How exactly would you "convert" your reputation into other capital? Would you accept bribes and tell lies? Seems to me you would only get a one-shot "conversion" and it couldn't possibly hope to equal your investment. As soon as you leave the information-broker business, you discover that your "asset" cannot be converted, sold, auctioned off, or much of anything else of value to you. It is hard to spend it in a controlled manner: See above. The single bribe-and-lie will spend your "reputation capital" down to below the threshhold of credibility, no matter how much you started with. Human discourse often tends to be absolutist. It is often very difficult to make people understand and retain a message of partial support or qualified support. Particularly on hot issues. Restaurants, sure, you can give 1 to 5 stars, but in many subject areas there is no such system. And any system you yourself invent tends to be ignored. So I think the latter part of the analysis is wishful thinking, or at least restricted to a small subset of subject-matter. -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQBVAwUBMi4omrMyVAabpHidAQGGPAIAizIOktCC4B5gtVYPblaTi9FL6ZtwTfkP sAFHT626mMLz1f/ZKa2SLq3pdag09ACCklJLJ1djFwSFP4bvoijMfw== =rFti -----END PGP SIGNATURE----- From mech at eff.org Wed Sep 4 21:37:46 1996 From: mech at eff.org (Stanton McCandlish) Date: Thu, 5 Sep 1996 12:37:46 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609042000.VAA00708@server.test.net> Message-ID: <199609042341.QAA14459@eff.org> Adam Back typed: > > > Stanton McCandlish writes on cpunks: > > [again, since I'm not on the CP list these days, feel free to bounce this > > over to the list if it doesn't make it. I'm not sure what the > > non-subscriber posting policy is and/or whether such attempted posts are > > filtered out, though I seem to recall they didn't used to be.] > > Cypherpunks always has been and remains an open list. You shouldn't > need to wonder given cypherpunk views on free speech :-) I grok. Hadn't been on the list for a while, and a lot of lists have set up non-subscriber filters to block spam these days. I appologize to CP readers, who rightfully question my Ccing the list when I'm not on it (lately, anyway). I'm just responding to where the message I'm responding to has been. So far no one's seem particularly upset at this, just irritated, so it seems prudent to continue doing so, unless/until this gets to be a pointless thread. > > In other words you propose an alternate EFF that censors its own > > boardmembers. > > No. But I too am rather suprised to hear an EFF board member > apparently speaking against free speech. OK, so maybe she was > mis-quoted so I wait for her rebuttal, but nope, she basically to my > reading reiterates nothing but negative opinions on free speech and > anonymity. > > Tim's quotes of her CFP speech further demonstrates her leanings. I've talked to her personally about this. She's not thinking along those lines, she just perceives a potential problem in the accountability/ethics area, and is wondering how that can be solved, if it can be solved, and what the price of such a solution is. Honest, she's not *advocating* restrictions on anonymity, just asking if any are necessary, in who's opinion, with what rationale, at what cost, and by what mechanism. Another CP reader I've been talking to suggests even asking such a question is dangerous because it puts ideas in the minds of anti-freedom legislators. I tend to disagree on this, since such people already see anonymity as a problem. They come from a world in which every citizen minus a few "weirdos" has an ID card, who's check and credit transactions are traceable, who's money is marked and numbered, whos medical and other records are readily available. And their campaigns are funded by companies with a vested interest in identification (credit bureaus, banks, insurance companies, etc.) The *already have* the idea. But, that may be neither here nor there. I would agree when it comes to things that legislators have not even thought about yet. In cases like that, better to work quietly with activists, with industry, etc., to deal with it behind the scenes so it never even appears on congressional or regulatory radars. > Lets put it this way: if Louis Freeh offered to be an EFF board > member, would you take him on board? If he seemed quite Highly unlikely. Who gets to be a boardmember is decided by a board vote. Freeh's anti-freedom history, and his obnoxious nature would, in my guesstimate, give him less that a .0000000000001% chance of ever making it onto the EFF board. And that's being nice. :) Dyson has no such history, and does have a history of careful thought (even if disagreed with by quite a few people) about networks, online commerce, negative effects of regulation, and civil liberties issues. More the former 3 than the latter 1. Not everyone on the board is there because of strong work directly in liberty areas, but often for other stuff, as long as they seem consistent with the civil liberties issues. Otherwise we might as well just have one boardmember. The diversity is necessary, as long as it doesn't get divisive. It has gotten divisive in the past, and there are some boardmembers who are not on the board any more as a result (none that I know of were "canned", they just understood it wasn't working and moved on.) > pro-anonymity, and free speech, and later turned out to be having > doubts, would you keep him? I'll generalize that to "if you had any boardmember who expressed doubts about the value of free speech and privacy, would the board keep them?" I think not. But Esther's taken no such position. She's asking questions about the mechanics of a system, and the effects of the system on society. These are valid questions. It'd be helpful to see some short Cypherpunks-generated answers, if they are available. Stuff about reputational systems, etc. I know this stuff in a vague way from reading CP for years, but I don't have or know of any specific documents on the topic. Something like that to pass around internally here would be of value in helping EFF settle remaining issue, adopt a policy position, and get on with it. > Ie if her views are proving a liability for EFFs reputation, perhaps > you all ought to get together and see if you can work something out? That is unlikely to ever be a concern. If any boardmember's views proved a liability for EFF mission and work toward that mission, that's when the board would considering asking for a resignation, or kicking someone off the board directly. We're mindful of PR and image, but the mission comes first. > Anonymity is a pretty darn major issue here, so it'd be really sad to > see EFF coming down on the wrong side. I've seen some of the other That will never happen. EFF would tear itself apart in a matter of hours if that happened. The worst that will happen is that EFF won't adopt a policy on this issue. I tend to doubt that will happen either. As I was telling BU, I think we're closer now than ever before to having an anonymity policy. That's mainly why I'm asking for pointers to any superb documentation on the topic. It's genuinely needed to resolve a few remaining issues. Just to be clear: There is no disagreement on the board, or the staff, of EFF that anonymity is a vital component of privacy. If that's what the worry is, lay it to rest! Actually coming up with a statement on the issue is something that's taking a bit longer due to some concerns and questions that haven't been assessed yet (by the boardmembers with these questions & concerns). > She sounded pretty anti-anonymity to me. I think that's your inferrence, not her implication. :) I've talked to her personally about this, and that's not what she's saying. > Are there a shortage of political and net-aware libertarians for board > candidates or something? There's no shortage of candidates in general, but finding ones that add something useful to the mix, get along with everyone, work cooperatively, are not interested in being a board member to add a line to their vitae or for other purely personal reasons, who have enough time and resources to do this, are willing to do fundraising, etc., etc., is somewhat more difficult. (I answer the question since it was asked. I refute, from a personal level, the implication that Esther's not fit to be on the EFF board. She's been here almost from the very start, and EFF would not be here right now at all if not for her.) > Perhaps the quote was unfortunate, perhaps she has also said > pro-anonymity things. But a person who is pro-anonymity would surely > try to emphasise the pro arguments also? The material I have seen so > far does not seem to indicate that this is the case. This long after the fact I have no way of knowing what she said verbatim, in what order, with what stress, etc. Having been interviewed a lot of times, and seen a mangled result, I know that interviewers often take liberties with the ordering of statements, and remove material, and juxtapose one statment with other stuff it was not referring to originally, etc. Any of that could have happened. If it was an oral interview, which is likely, keep in mind that many people don't speak well off the tops of their heads. I can't believe some of the things *I*'ve said in situations like this. They just didn't come out right. Interviewers often get attribution incorrect too, as in this case. I think this is a mountain out of a mole hill problem. Like I say, if EFF comes out with a policy against anonymity, THEN get out the rope. It just won't happen. > If this is the case she needs to be _much_ more careful about what she > says in `personal' interviews. Certainly. All of us do. I know I do. I still remember the time I slammed the FCC for being "the largest censorship body in the western world", at a time during which EFF was trying to get them to back off from deciding to push for regulatory authority (which, as we've seen, Congress is only too willing to grant). Needless to say, they would have been less willing to listen to EFF after that, had they seen the comment (probably didn't, it was in a small local newspaper; had a lot of dangerous potential though.) > Be sure to express the pro-anonymity arguments while you're zealously > hammering out every last thing that can go wrong with anonymity: like > that free speech is not possible with out it. It's pretty much all or > nothing, either you think free speech is worth the risk, or you prefer > big brother, government access to keys, the works. Agreed. I'm sure the board agrees too. We just like, and need, to have answers to the immediate authoritarian attack that will come on what EFF says, before we say it. The saying about being silent and being thought a fool, vs. speaking up and removing all doubt applies here in an interesting way. If we have unprepared arguments, opponents will make us look like fools. It's only a secondary concern that this hurts EFF's image. The real problem is that things like that undermine the credibility of the whole "cyberliberty" camp. > [see http://www.c2.org/~winsock/ for a windows remailer] Any e.t.a. on a Mac one? Sometimes I wish I could write code worth an exon so I could help move this along. Like I have any time to do programming anyway... -- Stanton McCandlish

mech at eff.org

Electronic Frontier Foundation

Online Activist From declan at eff.org Wed Sep 4 21:38:30 1996 From: declan at eff.org (Declan McCullagh) Date: Thu, 5 Sep 1996 12:38:30 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609041702.KAA15781@mail.pacifier.com> Message-ID: On Wed, 4 Sep 1996, jim bell wrote: > Why WOULDN'T the police want to shut down anonymous remailers? The Leahy > bill clearly didn't distinguish between remailer operators and users, so it > is no leap to conclude that they would be treated similarly. Why *wouldn't* the police want to shut 'em down? Because the police respect the Constitution and our civil liberties, of course, and realize and respect the value of anonymous political speech. -Declan // declan at eff.org // I do not represent the EFF // declan at well.com // From unicorn at schloss.li Wed Sep 4 21:41:18 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 5 Sep 1996 12:41:18 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609041827.LAA29523@netcom20.netcom.com> Message-ID: On Wed, 4 Sep 1996, Vladimir Z. Nuri wrote: > > jim bell > >"Addressed", maybe, but that doesn't necessarily mean, "solved." For many > >decades, people have been able to walk up to a pay telephone at 3:00 AM and > >make a harassing phone call to somebody, a "problem" which still exists and > >no solution is being implemented for. Incidently, this is being "solved." In D.C. and Chicago the solution is to rip up the payphones and not permit new ones to be installed. If anyone objects the officals responsible make a wide gesture and say "We didn't take away your phones, CRIMINALS took away your phones." > amusing the way you phrase that-- you didn't say, "phone", but "pay > phone". the statement used to hold in general for all "phones", but > then caller id, caller blocking, etc. have been introduced that > make this no longer true. so in a very real sense, anonymity in > the phone system was considered a "problem" by some that has been > "solved" or "modified" by some recent advancements. (yes, most people > agree caller ID is an advancement). > Yet today one can go out and rent a cell phone on the street, or even pay for one's activation in cash up front without presenting any real identity documents. The real question is this, what are you going to do to anihilate anonymous communication, because if you think its harmful that's what you have to do. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From EALLENSMITH at ocelot.Rutgers.EDU Wed Sep 4 21:52:19 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Thu, 5 Sep 1996 12:52:19 +0800 Subject: Internet Tax in Tacoma cancelled Message-ID: <01I93H4Y6YHW9JDJT7@mbcl.rutgers.edu> An excellent case of considering regulatory arbitrage effects. -Allen > _________________________________________________________________ > webslingerZ > _________________________________________________________________ > TACOMA, WASH. CITY COUNCIL REPEALS TAX ON INTERNET PROVIDERS > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 Reuter Information Service > TACOMA, Wash. (Sep 4, 1996 01:17 a.m. EDT) - Tacoma City Council > members voted Tuesday to exempt Internet service providers from a 6 > percent telecommunications tax that had attracted nationwide > attention. > With only one dissenting vote, the council approved the exemption at > the urging of Mayor Brian Ebersole, who said Tacoma's reputation as a > good place to do business outweighed the estimated $200,000 in annual > revenue the city stands to lose. > The tax had been imposed on Internet companies in March by Tacoma's > tax and license department as part of a broader levy that affects > users of cellular telephones, pagers and other equipment who get > billed at addresses within the city, about 30 miles south of Seattle. [...] > Tacoma is one of many cities and states who have seized on the rapid > growth of the Internet as a potential for raising needed tax revenues. > West Virginia, Tennessee, Texas, New York and Ohio have similar taxes > in place, and California, Florida, New York and Washington state are > considering them. [...] > Copyright © 1996 Nando.net From sunder at brainlink.com Wed Sep 4 21:52:35 1996 From: sunder at brainlink.com (Ray Arachelian) Date: Thu, 5 Sep 1996 12:52:35 +0800 Subject: Cypherpunks Lite Info Here. In-Reply-To: <2.2.32.19960828225105.006ccc74@pop.ben2.ucla.edu> Message-ID: On Wed, 28 Aug 1996 youssefy at ucla.edu wrote: > There was a posting by someone about three weeks ago that gave the address > for a person who ran a filtered version of the cypherpunks list, can someone > please repost that information? Very well, I will be lazy, and post the info out of my help file. Enjoy. :) Help is here! Hi there, as requested, here's some info about the filtered cypherpunks list which I run (by hand with the help of a couple of mailbots) This list is NOW running from: sunder at brainlink.com. Basically, I use the 'bots to keep the list of recipients, then forward any message to this list of usernames which I find interesting, and usually noise-free... Since, I do this by hand, AND since there is no majordomo mailing list software, and since I get a lot of mail, it's a good idea to make sure the subject of any messages you send to me stand out. i.e. make the subject line: "***000 Personal junk mail for the human, not the bots ***" (The 0's are there to make sure that when Pine sorts the messages on this side, they come up on top, making sure I'll see them immediatly.) There is no automated filtering of any sort... Whatever message I find to be interesting, news-worthy, or technical (theoretical crypto, actual code, etc) gets handed over to the bots, which send it to this list. If you use some sort of filtering program to move messages to a folder, look for the string "FCPUNX:" (without quotes) in the subject field. There will usually be a propagation delay of one day to a week days - sometimes as long as two weeks between the messages on the actual cypherpunks list, and this filtered one. This is because I may not always get the chance to log in every day, and also because I may have to wade through tons of noise/spam/flames from the real list. :-) Occasionally, if I see something interesting from another list (such as Cyber Rights, coderpunks, etc) I will forward it here if I feel that it pertains to Cypherpunk interests, or that you'd like to see it. You should unsubscribe yourself from the real list by sending an "unsubscribe cypherpunks" message to majordomo at toad.com - that is send a message with no subject and just that single line - no signature either, so as to unsubscribe. - Unless you wish to continue to receive messages from the real list as well as copies of those messages from here. :-) All filtering is again according to my whims so if you dislike what I send you, sorry. I might eventually work something out where this list will be broken up into many tiny lists so you'd subscribe to whatever subjects you're interested in. This is a free service, no strings attached, just tons o'mail, but less mail than the unfiltered list... Also note that the bots I run may sometimes be slightly buggy and may do unexpected weird things. Appologies in advance if this happens. But please by all means do report any such runaway bot occurances. If you wish to unsubscribe yourself from this list, just send a message with the subject "unsubscribe fcpunx" (no quotes) and the next time I log in, one of the bots will handle the ubsubscribe. You can re-subscribe yourself as many times as you like, you'll only get one copy of each message, but as many copies of the request response as you've sent.The 'bots hone in on your address and send mail only there, so subscribe yourself from whatever account you want to receive mail. If by accident you subscribe from two different machines, the bots won't know the difference and you'll get two copies of each filtered message, so be careful. This also means that you can only unsubscribe yourself from the same address you subscribed from. To get help, send a message with the subject "help fcpunx." To subscribe yourself (if you see this, you are subscribed) send a message with the *SUBJECT* "subscribe fcpunx" NOTE: THE BOTS ONLY RESPOND TO THE SUBJECT LINE, NOT TO TEXT IN THE BODY OF YOUR MESSAGE! The bots only look at your message's subject and your mailing address so it doesn't matter what you put in the body. Whenever the 'bots honor a request from you, you'll see a response mailed from them (under my name.) Since the bots are only active when I log in and run them by hand, the message acknowledging your request may take several days to get to you. *ALL COMMANDS MUST BE SENT IN THE SUBJECT OF THE MESSAGE! The body (text) of the message are ignored. Commands available: subscribe fcpunx - subscribes you to the list and you are visible to fcpunx who requests subscribe invisible fcpunx - subscribe but don't let others know digest fcpunx - receive the digest version (visibly) digest invisible fcpunx - receive the digest invisibly unsubscribe fcpunx - unsubscribe from the list or digest undigest fcpunx who fcpunx - receive a list of (visible) subscribed users help fcpunx - sends a help file (you're looking at it) If you're already subscribed to the list and want to switch to the digest version, you can do this by sending a digest fcpunx message; the reverse is also true. Notice that you cannot subscribe to both the digest and the list. Sorry. If you'd like that feature either use two different accounts to receive them, or complain to me and I'll add it in. The unsubscribe and undigest commands do the same thing, they take you off the list no matter which version you're subscribed to. ============================================================================= + ^ + | Ray Arachelian |FL| KAOS KERAUNOS KYBERNETOS |==/|\== \|/ |sunder at brainlink.com|UL|__Nothing_is_true,_all_is_permitted!_|=/\|/\= <--+-->| ------------------ |CG|What part of 'Congress shall make no |=\/|\/= /|\ | Just Say "No" to |KA|law abridging the freedom of speech' |==\|/== + v + | Janet Reno & GAK |AK| do you not understand? |======= ===================http://www.brainlink.org/~sunder/========================= ActiveX! ActiveX! Format Hard drive? Just say yes! From EALLENSMITH at ocelot.Rutgers.EDU Wed Sep 4 22:05:24 1996 From: EALLENSMITH at ocelot.Rutgers.EDU (E. Allen Smith) Date: Thu, 5 Sep 1996 13:05:24 +0800 Subject: ASEAN nations generally pro-censorship Message-ID: <01I93H09FN2O9JDJT7@mbcl.rutgers.edu> The interesting "cultural sovereignty" variation on the usual "national sovereignty" excuse for censorship and other such unethical actions. I'm reminded of another Asian state that used it... after Tianenmin Square. At least one member (the Phillipines) is making, at the minimum, lip service for freedom of speech. US control over them does appear to have done some good. -Allen > _________________________________________________________________ > The Peanut Roaster > _________________________________________________________________ > ASEAN FORUM AGREES ON NEED TO POLICE THE NET > __________________________________________________________________________ > Copyright © 1996 Nando.net > Copyright © 1996 Reuter Information Service > SINGAPORE (Sep 4, 1996 11:41 a.m. EDT) - Southeast Asian broadcasters > and officials agreed on Wednesday to police the Internet and block off > sites that run counter to Asian values. > A statement issued at the close of the three-day Internet forum in > Singapore also said there was a need for nations in the West to > understand concerns about the Internet in the region. > It said the meeting "affirmed the importance of having safeguards > against easy access to sites which ran counter to our cherished > values, traditions and culture. ASEAN would encourage other nations, > especially the West to understand its concern." > The Association of Southeast Asian Nations (ASEAN) groups Brunei, > Malaysia, Singapore, Indonesia, the Philippines, Thailand and Vietnam. > Earlier this year, ASEAN information ministers met in Singapore to > discuss the darker side of the information technology revolution and > agreed to set up a regulatory body to oversee the Internet invasion. [...] > But the statement suggested there was no agreement on a uniform > approach to policing the Internet. > The ASEAN officials had agreed that regulatory frameworks would depend > on each country, and said they would continue to meet regularly "to > help each country formulate and fine tune its regulatory approaches," > it said. > Policing of the Net in ASEAN varies from Singapore's stance of strict > controls by licensing only three Internet service providers who have > to screen all material accessed by clients. > Other ASEAN members encourage more self-regulation, and the > Philippines says freedom of speech is a critical factor. > "Political control would not be on the Philippines' agenda," Glenn > Sipin, deputy executive director of the Philippines Council for > Advanced Science and Technology, told Reuters at the start of the > conference. > Copyright © 1996 Nando.net From snow at smoke.suba.com Wed Sep 4 22:15:02 1996 From: snow at smoke.suba.com (snow) Date: Thu, 5 Sep 1996 13:15:02 +0800 Subject: What is the EFF doing exactly? In-Reply-To: Message-ID: On Wed, 4 Sep 1996, Black Unicorn wrote: > [This will be my last comment on this thread.] > On Tue, 3 Sep 1996, Vladimir Z. Nuri wrote: > > >I would put forth that you know nothing of my efforts, and therefore are > > infrantry will experience. if you expect unadulterated success, > > you're not living in the same reality everyone else around here > > is. > > If you're going to ask me for money and support, you damn well better > produce unadulterated success. I disagree with this. No one produces unadulterated sucess. Ever. You win some, you lose some. As long as you fight as hard as possible, and DO NOT COMPROMISE, then that is enough. Other than that, I concur. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From jgrasty at gate.net Wed Sep 4 22:18:53 1996 From: jgrasty at gate.net (Joey Grasty) Date: Thu, 5 Sep 1996 13:18:53 +0800 Subject: Message-ID: <199609050231.WAA36740@osceola.gate.net> Bugged: > Subject: How to send bogus mail to mislead traffic analysis? > > Hi > > How can I send messages to remailer so that they will get lost? > I want to generate a more or less steady flow of remailer-processed, encrypted mail. > > Can I send to nobody at some_remailer.net? > What are the guidelines for that? > What are the best remailers to send to? > > Cheers > > Bugged Set your final destination to "null:", e.g. ============================== :: Request-Remailing-To: null: This message gets trashed. ============================== This works for mixmaster remailers, WinSock Remailer, and probably most other cypherpunk remailers. Regards, -- Joey Grasty jgrasty at gate.net [home -- encryption, privacy, RKBA and other hopeless causes] jgrasty at pts.mot.com [work -- designing pagers] "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin." -- John Von Neumann PGP = A7 CC 31 E4 7E A3 36 13 93 F4 C9 06 89 51 F5 A7 From andrew_loewenstern at il.us.swissbank.com Wed Sep 4 22:19:54 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Thu, 5 Sep 1996 13:19:54 +0800 Subject: How to send bogus mail to mislead traffic analysis? In-Reply-To: <19960904203437.2587.qmail@squirrel.owl.de> Message-ID: <9609050225.AA00649@ch1d157nwk> an anonymous squirrel wrote: > How can I send messages to remailer so that they will get > lost? I want to generate a more or less steady flow of > remailer-processed, encrypted mail. The single best way to generate a steady flow of encrypted remailer-processed mail for the purpose of disguising your own personal remail is to operate a publicly accessible remailer from your own account. This offers many advantages: 1. encrypted remail is (more or less, depending on traffic) constantly flowing from your account: the addition of your own remail traffic will not raise any more flags. 2. there is always at least one remailer in your chain you can trust: yours. This means you never have to worry about compromised remailers. 3. if your mailings are traced back to your account, operating a remailer gives you more 'plausible deniability' than if you weren't... 4. if remailers start charging for service, you not only would continue to enjoy free remailing, but you could possibly make money... 5. you aren't likely to get blacklisted from your own remailer... 6. you get to read the complaints generated by your own messages (is this the cyberspatial equivalent to "doing it just to see their expression" ......???) 7. you could get your picture on the front-page of a British tabloid... ...to name a few.... andrew From paul at fatmans.demon.co.uk Wed Sep 4 22:34:13 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Thu, 5 Sep 1996 13:34:13 +0800 Subject: desubscribe Message-ID: <841849147.2513.0@fatmans.demon.co.uk> > desubscribe I`m sorry I can`t allow that Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From declan at eff.org Wed Sep 4 22:49:50 1996 From: declan at eff.org (Declan McCullagh) Date: Thu, 5 Sep 1996 13:49:50 +0800 Subject: Digital Telephony and the Net In-Reply-To: <9609042054.AB16740@anchor.ho.att.com> Message-ID: It's late and I'm about to go home, but my search through the text of the Digital Telephony legislation comes up with the attached definitions the law uses. If I were, say, Jason "The Weasel" Baron (who's my fave DoJ attorney) and I wanted to really screw over some netizens, I might try to argue that an ISP should be a "telecommunications carrier." If the FCC bought my argument and thought that an ISP could in some cases substantially replace telephone service, then DT would apply to ISPs. Then ISPs must -- at the request of "authorized" Feds acting even without a warrant -- cough up all data coming to and from a person on their system. I'm probably wrong here and I hope I am, so I'm copying this to Marc who can point out the holes in my reasoning. -Declan // declan at eff.org // I do not represent the EFF // declan at well.com // (4) The term `electronic messaging services' means software-based services that enable the sharing of data, images, sound, writing, or other information among computing devices controlled by the senders or recipients of the messages. (6) The term `information services'-- (A) means the offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications; and (B) includes-- (i) a service that permits a customer to retrieve stored information from, or file information for storage in, information storage facilities; (ii) electronic publishing; and (iii) electronic messaging services; but (8) The term `telecommunications carrier'-- [...] (ii) a person or entity engaged in providing wire or electronic communication switching or transmission service to the extent that the Commission finds that such service is a replacement for a substantial portion of the local telephone exchange service and that it is in the public interest to deem such a person or entity to be a telecommunications carrier for purposes of this title; but (C) does not include-- (i) persons or entities insofar as they are engaged in providing information services; and (ii) any class or category of telecommunications carriers that the Commission exempts by rule after consultation with the Attorney General. SEC. 103. ASSISTANCE CAPABILITY REQUIREMENTS. (a) Capability Requirements: Except as provided in subsections (b), (c), and (d) of this section and sections 108(a) and 109(b) and (d), a telecommunications carrier shall ensure that its equipment, facilities, or services that provide a customer or subscriber with the ability to originate, terminate, or direct communications are capable of-- (1) expeditiously isolating and enabling the government, pursuant to a court order or other lawful authorization, to intercept, to the exclusion of any other communications, all wire and electronic communications carried by the carrier within a service area to or from equipment, facilities, or services of a subscriber of such carrier concurrently with their transmission to or from the subscriber's equipment, facility, or service, or at such later time as may be acceptable to the government; From deviant at pooh-corner.com Wed Sep 4 23:06:40 1996 From: deviant at pooh-corner.com (The Deviant) Date: Thu, 5 Sep 1996 14:06:40 +0800 Subject: Internet blamed in shoe-cam crimes, assailant free on $750 bail In-Reply-To: Message-ID: On Wed, 4 Sep 1996, Declan McCullagh wrote: > He said the man was detected by two couples who noticed him moving his > foot under the skirt of a woman. They followed the man, held him and > called police. > > Police ask women who feel they've been victimized to call 808-5289. > > George Walter Campbell, 62, of Cornwall, has been charged with sexual > assault and mischief. He returns to College Park court on Sept. 10. > He was released on $750 cash bail yesterday. > Hrmm.. I can see how its _wrong_, but exactly how is looking under somebodies skirt _assault_? --Deviant "Obviously, a major malfunction has occurred." -- Steve Nesbitt, voice of Mission Control, January 28, 1986, as the shuttle Challenger exploded within view of the grandstands. From jfricker at vertexgroup.com Wed Sep 4 23:10:52 1996 From: jfricker at vertexgroup.com (John F. Fricker) Date: Thu, 5 Sep 1996 14:10:52 +0800 Subject: Mail OnNet Message-ID: <2.2.32.19960905032606.0074c024@vertexgroup.com> At 09:06 AM 9/4/96 -0700, Alan Olsen wrote: >At 05:10 PM 8/31/96 -0700, Joel McNamara wrote: > >>Two notes. (1) It only runs under Win95 and NT. (2) It's ITAR restricted. > >(3) It is bigger than a battleship. The distribution is just shy of 10 >megs. Installed it is supposed to be about 45 megs. (In perspective, a >full install of Visual Basic 4.0 "Professional" is about 50 megs.) >--- The install is only 5MBs. Part of that 10MB package is a silly collection of netscape plugins which don't have to be installed. I guess they could be nice if I tried them. It also only works on NT4 regardless of what the web page says. With it's ability to run a program on receiving an email based upon filter criteria the possibilities are endless. (I know I know old hat for unix but so whiz bang for NTnoids like me.) --j From stewarts at ix.netcom.com Wed Sep 4 23:14:05 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 5 Sep 1996 14:14:05 +0800 Subject: DON'T Nuke Singapore Back into the Stone Age Message-ID: <199609050327.UAA06817@dfw-ix8.ix.netcom.com> At 06:13 PM 9/2/96 -0400, you wrote: >> (This was done by many of us during the Karla Homulka and Teale trial in ... >There is a big difference between the Canada situation and the Singapore >situation. In Canada the restrictions are temporary and stem from making >the right to a fair trial a higher priority than the right to free >speech. >It is a conflict of two competing individual liberties. No observer of ..... >The situation in Sigapore is simply a corrupt government trying to >supress >legitimate democratic discussion. The intention is not to protect an >individuals right to a fair trial, the intention is to restrict argument >permanently. The Karla Homulka case and other criminal trials aren't the only censorship in Canada - there are far more serious problems. Zundel's problems (his legal ones, not just his moral ones) are well-known, as are the Dworkin/MacKinnon-inspired anti-pornography laws which Canada uses to censor lesbian bookstores and gay magazines. For the most part, other than sex and drugs, Canada's censorship is the pro-human-rights-politically-correct-liberal-hypocritical variety rather than the Singapore-style anti-human-rights-order-enforcing- politically-correct-dictatorship variety. But it's not only illegal to sell unapproved drugs in Canada, it's illegal to sell materials advocating drugs or their legalization, or of course information on how to make or grow drugs as well. (This helped Mark Emery get the capital to start his Hemp store in Vancouver by selling Cannabis magazines door-to-door :-) (It turns out that, since hemp seeds don't contain THC, they're not illegal in Canada, and hemp stores he's started or encouraged have sold enough seeds to grow more dope than Canada's police have confiscated in the last year or two. Mark openly violates the censorship laws, and his shop occasionally gets raided, and after the last bust they've decided he's a co-conspirator with everybody who's grown drugs using seeds or light bulbs bought from him, and they're playing a FUD game about whether to charge him with 8 life sentences, in under-5-year pieces....) Vancouver newspaper columnist Doug Collins gave a talk on censorship at an international libertarian conf. in BC recently, which Emery also spoke at. He knows the subject fairly well, since some of BC's censorship laws were written just for him. He's one of those anti-immigrant anti-Semitic* WW2-veteran curmudgeons who's got an editor who lets him write whatever he wants, and he offends a lot of people. In BC, and to some extent in the rest of Canada, you can be charged with human rights violations for disparaging ethnic and religious groups, and he's been tried and defended himself successfully for that, because Canada does have some limited protections for free speech in their Charter. So BC wrote a law that allows the BC human rights commission to fine people for human rights violations with just an administrative proceeding, not requiring a full-scale trial, and you generally can't get a jury in Canada for crimes with punishment less than 5 years in jail anyway. He hasn't been busted under the new law yet, but his publisher has spent about $30K in legal costs trying to make sure it doesn't happen. [*He knew better than to specifically say anything anti-Semitic while he was talking to us, but he referred to Jewish groups that oppose him in ways that implied he probably was.] And of course Canada has broadcasting licensing requirements that prevent people from starting radio and TV stations whenever they want to, plus a huge government broadcasting company, but they're not as limited as Singapore on that, and there are other countries with that problem. And of course they have silly language laws in Quebec, but they don't really limit what you can say as long as you say it in French (or Chinese or Vietnamese or just about anything except English and maybe Native languages.) # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From whgiii at amaranth.com Wed Sep 4 23:16:57 1996 From: whgiii at amaranth.com (William H. Geiger III) Date: Thu, 5 Sep 1996 14:16:57 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609042000.VAA00708@server.test.net> Message-ID: <199609050409.XAA28542@mailhub.amaranth.com> -----BEGIN PGP SIGNED MESSAGE----- In <199609042000.VAA00708 at server.test.net>, on 09/04/96 at 09:00 PM, Adam Back said: >If this is the case she needs to be _much_ more careful about what she >says in `personal' interviews. There seems to be a point being missed in this thread. :( This was not a 'personal' interview. The paper was not interested in Ms. Dyson's views on anonymity on the internet because she seemed like a nice person. The only reason she was interviewed is because of her position with the EFF as chairwoman. Ms. Dyson knows this, the reporter knows this, the paper knows this, and so should everyone else. Under such circumstances this interview should be seen as an 'official' statement from the chairwoman of the EFF. Trying to call this a 'personal' interview and not reflecting 'official' EFF policy is just plain old spin-doctoring. Ms. Dyson should have had more common sense than this. These statements made by her are akin to the chairman of Philip Morris saying that he believe that cigarette smoke cause cancer but that's just his opinion and not the 'official' company position on it. Who would believe it? How long would he still have his job after making such a statement? The EFF should make an official statement of their position on this issue and if it is not the same as Ms. Dyson's she should be removed from the board. IMHO this is to important of an issue for the EFF to try to ignore. - -- - ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Merlin Beta Test Site - WarpServer SMP Test Site Author of PGPMR2 - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii at amaranth.com for PGP Key and other info - ----------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMi5aMo9Co1n+aLhhAQH+CwQAs/6nRK/jy2vUFIeWhmFIA0xCdf/m2Vgn SVyzMm6NTx8rVlJiluubkx3Au1t7/lb/KzzZJqt2ocbRUtc0XQUo0TQImqgY06/G 0OAiDYjgddGppUr+42yeHtWXUHK8vhYEgWeSfGS1msnYKchlcqZ16xzDmYVlfize ncf+FDLd+tE= =nOVA -----END PGP SIGNATURE----- From gsi at juno.com Wed Sep 4 23:24:36 1996 From: gsi at juno.com (Floyd W Odom) Date: Thu, 5 Sep 1996 14:24:36 +0800 Subject: GSI Message-ID: <19960904.200349.3230.3.GSI@juno.com> From: GSI Full-Name: Floyd W Odom To: Bugtraq Subject: GSI Message-ID: <19960904.195621.3230.0.GSI at juno.com> X-Status: Unsent X-Mailer: Juno 1.15 Dear Recipient, We at Galaxy Software would like to offer you a chance to buy software over the magic of e-mail. How it works is you can send us here at GSI(Galaxy Software Inc.) e-mail orders from our software list telling us that the check or money order is in the mail. To e-mail us just send a letter to GSI at JUNO.COM. For more information you can e-mail at: doom13 at juno.com.1. CGW Game Pack2. One must fall 2097 3. Decsent 24. CD Sampler: Volume Two5. Cannon Creative6. Animation Festival7. Duke Nukem 3D8. Doom9. World Atlas10. Crime City11. Airforce Combat12. GT Personel Accounting13. Wolfenstein 3D14. Print Master Gold15. Chaos16. Wizardry17. Corel 618. America Online 3.019. Power Chute Plus Demo20. UPC Doctor21. Epic Pinball: Enigma22. Epic Pinball: Android23. Epic Pinball: 1, 2, 324. Jazz Jackrabbit: Holiday Hare25. Jazz Jackrabbit: All* From gsi at juno.com Wed Sep 4 23:24:41 1996 From: gsi at juno.com (Floyd W Odom) Date: Thu, 5 Sep 1996 14:24:41 +0800 Subject: GSI Message-ID: <19960904.200214.3230.2.GSI@juno.com> From: GSI Full-Name: Floyd W Odom To: Bugtraq Subject: GSI Message-ID: <19960904.195621.3230.0.GSI at juno.com> X-Status: Unsent X-Mailer: Juno 1.15 Dear Recipient, We at Galaxy Software would like to offer you a chance to buy software over the magic of e-mail. How it works is you can send us here at GSI(Galaxy Software Inc.) e-mail orders from our software list telling us that the check or money order is in the mail. To e-mail us just send a letter to GSI at JUNO.COM. For more information you can e-mail at: doom13 at juno.com.1. CGW Game Pack2. One must fall 2097 3. Decsent 24. CD Sampler: Volume Two5. Cannon Creative6. Animation Festival7. Duke Nukem 3D8. Doom9. World Atlas10. Crime City11. Airforce Combat12. GT Personel Accounting13. Wolfenstein 3D14. Print Master Gold15. Chaos16. Wizardry17. Corel 618. America Online 3.019. Power Chute Plus Demo20. UPC Doctor21. Epic Pinball: Enigma22. Epic Pinball: Android23. Epic Pinball: 1, 2, 324. Jazz Jackrabbit: Holiday Hare25. Jazz Jackrabbit: All* From declan at well.com Wed Sep 4 23:38:49 1996 From: declan at well.com (Declan McCullagh) Date: Thu, 5 Sep 1996 14:38:49 +0800 Subject: Internet blamed in shoe-cam crimes, assailant free on $750 bail In-Reply-To: Message-ID: On Wed, 4 Sep 1996, The Deviant wrote: > > On Wed, 4 Sep 1996, Declan McCullagh wrote: > > He said the man was detected by two couples who noticed him moving his > > foot under the skirt of a woman. They followed the man, held him and > > called police. > > > > Police ask women who feel they've been victimized to call 808-5289. > > > > George Walter Campbell, 62, of Cornwall, has been charged with sexual > > assault and mischief. He returns to College Park court on Sept. 10. > > He was released on $750 cash bail yesterday. > > > > Hrmm.. I can see how its _wrong_, but exactly how is looking under > somebodies skirt _assault_? Why is this wrong? Information wants to be free! More to the point, boys used to put mirrors on their shoes. Now they learn about shoecams on the Net. Ah, to be young again. -Declan From tcmay at got.net Wed Sep 4 23:44:42 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 5 Sep 1996 14:44:42 +0800 Subject: Reputations Message-ID: At 1:11 AM 9/5/96, Greg Burk wrote: >That part of the "reputation capital" theory has always seemed >suspicious to me. "reputation capital" doesn't behave linearly. There's >too much incentive to bottom-feed and too little incentive to shoot for >the heights. As an "asset", it is extremely non-liquid. It is hard to >spend it in a controlled manner. Sure, it isn't fungible, it isn't transitive, it isn't neat and clean. But it's the best thing we've got, imperfect as it is (and must be, I believe). >Too much incentive to bottom-feed: > >For example, let's say there's someone well-known who frequently speaks >nonsense on crypto issues. We'll call her "Norothy Nenning". She makes a >recommendation on some particular crypto issue, say "The government's >Nipper chip is a safe and effective form of crupto". Plenty of naive >people will credit her to some degree. True, fewer people than if she >had carefully husbanded her reputation, and to a lesser degree, but >still a lot more than zero. > >Notice that that's a zero cost/benefit ratio. She never does anything to >husband her reputation, she just spends it every chance she gets. And >while no single expenditure rewards her as much as it would if she made >the same expenditure with a good reputation, she spends so much more >freely that it is a good strategy for her on the whole. To stick with my restaurant example, consider _advertising_. MacDonald's and Burger King spend hundreds of millions of dollars every year claiming their "restaurants" are great. Many millions of people obviously are swayed. So? Others choose not to trust the advice of the MacDonald's hucksters. Maybe only a tiny fraction choose Chez Panisse over MacDonald's. This is the way of the world. It's still the give and take of reputations. It ain't perfect (in that it doesn't produce results I believe are empirically valid and optimum :-}). But it's all we have. It's the market. The agora. >"Reputation capital" is hard to spend down to absolute 0 because it is >significant work to distinguish valid "reputation capital" from >worthless counterfeit, and it is easy to counterfeit... just talk. I strongly disagree. It's quite possible for Person A to quickly convert his reputation to Person B to a _negative_ value. Real quick, in fact. Perhaps my short article did not fully explain a few things. Reputations are a _tensor_ or _matrix_ quantity. Person A has a reputation R(A,B) to Person B, a reputation R(A,C) to Person C, and so on. (And the matrix may be further broken down into reputations for advice on various subjects, in various fields, etc.) We may lump a lot of folks together and say, for example, that MacDonald's has a reputation of R (MacDonald's, lots of people) = 0.7531. And perhaps R (Chez Panisse, lots of people) = 0.0013 (i.e., they don't know what it is, and so value the rep of Chez Panisse at near zero). And so on. Lots of examples could be given. Now suppose that J. Anonymous Gourmand announces that MacDonald's is shit. How much will anonymous claim hurt MacDonald's? Obviously, not much. But what if the American Heart Association publishes a detailed study on the fat levels of MacDonald's products and declares it to "Dangerous." The effect will probably be greater, as R (AHA, many people) = high, and by the kind of Dempster-Shafer belief calculus I discussed a few months ago, the rep of the AHA propagates semi-transitively to the rep of MacDonald's. (This all happened recently, with the famous studies of fat levels of movie theater food...sales dropped almost overnight, and now the fat levels of popcorn, etc., have been changed for the better.) This is a real example of how reputations matter, how negative and positive reps matter, etc. Note especially that the "identity" (in the Dyson sense of providing True Name accountability) of an opinion-giver is not what it is important...it is not the essence of why people believe or don't believe the opinions of others. (Some years ago on the CBS station in San Francisco, there was an "anonymous gourmet" who visited restaurants and gave reviews. His reviews were taken quite seriously, and his anonymity did not matter, provided his personna was _persistent_. That is, provided that people thought it was "the guy they had come to trust," and not, say, a guy the station recruited off the street each day and sent out as the "anonymous gourmet." In the case of this guy, his face was cloaked in shadows, but his voice was distinctive. (His voice on the show was probably different from his food-ordering voice, so restaurants would not know who was ordering and alter the food or service.) Much could be written abou the role of anonymity in such reviews, in tests of service, etc.) >I anticipate the answer "Well, the work pays off". But that misses the >point. Frequently the work required to tell the good "reputation >capital" from the worthless is as much as would be required to find the >straight dope yourself. Reputations work OK for me in the real world. Given the limits on a lot of ontological facts, hard to see how it could be better. I've already spent too much time writing this, so I can't address the remainder of your points. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From tcmay at got.net Wed Sep 4 23:49:09 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 5 Sep 1996 14:49:09 +0800 Subject: Using Compromised Remailers to Get the Goods Message-ID: At 11:21 PM 9/4/96, jim bell wrote: >Perhaps the most ominous part of making "use of encryption to thwart an >investigation" illegal is _not_ that remailer operators might be prosecuted, >but that they might NOT be prosecuted in a deal where (in exchange for not >being prosecuted) they continue to operate the remailer, "cracked" or >sabotaged so that they share all the info with the cops. While even that >won't make chained remailers totally useless, eventually suspicions of such >a crack will surface, which will help sabotage the credibility of all >remailers, >not just the ones that have been "stung." A very valid concern. As Jim must be tired of hearing by now, this was brought up a couple of years ago in discussions about the pressure that could be brought to bear on remailers. One suggestion was a duress signal, effectively saying "I have been compromised." (Also known as a "wave off" in criminal circles.) The issue of whether a remailer can be trusted to wave off others, via covert channels, is of course another issue. One can hope that additional channels will be acquired to produce the necessary information. (For example, full sender untraceablility means that sources within police departments can go home, log on with the own PCs, and sell information about pending investigations, modulo their concerns about pointing to themselves with information provided (see "canary traps"). What an exciting world we are entering.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From cme at cybercash.com Wed Sep 4 23:57:23 1996 From: cme at cybercash.com (Carl Ellison) Date: Thu, 5 Sep 1996 14:57:23 +0800 Subject: ZD Net Registration Message-ID: <322E5ADD.124@cybercash.com> http://community.zdnet.com/register/register.cgi Check this out! Harvesting Mother's Maiden Name. I wonder how many they get each hour.... From shabbir at vtw.org Thu Sep 5 00:02:05 1996 From: shabbir at vtw.org (Voters Telecommunications Watch) Date: Thu, 5 Sep 1996 15:02:05 +0800 Subject: ALERT: Join thousands of net users in their fight against the White House! (9/4/96) Message-ID: <199609050413.AAA03766@panix3.panix.com> ============================================================================= ____ _ _ _ / ___|_ __ _ _ _ __ | |_ ___ | \ | | _____ _____ | | | '__| | | | '_ \| __/ _ \ _____| \| |/ _ \ \ /\ / / __| | |___| | | |_| | |_) | || (_) |_____| |\ | __/\ V V /\__ \ \____|_| \__, | .__/ \__\___/ |_| \_|\___| \_/\_/ |___/ |___/|_| NET LUMINARIES JOIN THOUSANDS IN SIGNING PRO-ENCRYPTION PETITION http://www.crypto.com/petition/ CRYPTO ACTION WEEK ENDS WITH JUDICIARY HEARING ON HR 3011 (9/11/96) Date: September 4, 1996 URL:http://www.crypto.com/ crypto-news at panix.com If you redistribute this, please do so in its entirety, with the banner intact. ----------------------------------------------------------------------------- Table of Contents Introduction Join Phil Zimmermann, Bruce Schneier, and other cyber luminaries! How to receive crypto-news Press contacts ----------------------------------------------------------------------------- INTRODUCTION This week is a hard week for many working on the encryption issue. The House pro-encryption bill, SAFE (HR 3011), will have a hearing in the Judiciary committee on September 11. Between now and then, individuals and industry representatives will be calling on their legislators to support HR 3011. On the other side of the issue, the White House is expected to release their "solution" to the encryption debate no earlier than September 8th. It will surprise no one if it is designed to be in the best interests of law enforcement with concerns for privacy placed dead last. Be a part of this assault on the White House by signing the pro-encryption petition at http://www.crypto.com/petition/ ----------------------------------------------------------------------------- JOIN PHIL ZIMMERMANN, BRUCE SCHNEIER, AND OTHER CYBER LUMINARIES! The following petition can be signed onto at http://www.crypto.com/petition/ The Information Revolution is being held hostage by an outdated, Cold War-era U.S. encryption policy. Current U.S. export controls and other initiatives are slowing the widespread availability of strong encryption products, endangering the privacy and security of electronic communications, harming the competitiveness of U.S. businesses, and threatening the future of electronic commerce and the growth of the Global Information Infrastructure (GII). We the undersigned Internet users and concerned citizens strongly support Congressional efforts to address this critical issue. Bills are currently pending in both Houses of Congress which would: -Relax export controls on encryption technology; -Prohibit the government from imposing "Key Escrow" solutions domestically; and -Recognize the importance of privacy and security for the future of electronic commerce, individual liberty, and the success of the Internet. We urge Congress to act NOW to enact a U.S. encryption policy that promotes electronic privacy and security. Join Phil Zimmerman, author of Pretty Good Privacy (PGP), Bruce Schneier, author of "Applied Cryptography", Dr. Matt Blaze of Tessera card fame, Phil Karn and Vince Cate as they pressure the White House to change their wrong-headed encryption policies. Add your name to theirs at http://www.crypto.com/petition/ ! ----------------------------------------------------------------------------- HOW TO RECEIVE CRYPTO-NEWS To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com) or send mail to majordomo at panix.com with "subscribe crypto-news" in the body of the message. To unsubscribe, send a letter to majordomo at panix.com with "unsubscribe crypto-news" in the body. ----------------------------------------------------------------------------- PRESS CONTACT INFORMATION Press inquiries on Crypto-News should be directed to Shabbir J. Safdar (VTW) at +1.718.596.2851 or shabbir at vtw.org Jonah Seiger (CDT) at +1.202.637.9800 or jseiger at cdt.org ----------------------------------------------------------------------------- End crypto-news ============================================================================= From tcmay at got.net Thu Sep 5 00:12:11 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 5 Sep 1996 15:12:11 +0800 Subject: Voluntary Disclosure of True Names Message-ID: In a rare moment of lucidity Vladimir Z. Dettweiler wrote: >I think cpunks should hold the view that communication is a matter >of mutual consent between sender and receiver. if a receiver says, >"I don't want any anonymous messages", then should be able to block them. But this is precisely what nearly all of us have been arguing. Namely, that the issue of anonymity vs. providing of True Names, is a matter of _contract_ between parties, not something the government is justified in sticking its nose into. Those who wish to not deal with the entities they cannot reliably verify the True Name of are free to filter them out. All we are asking is that those of us happy to deal with S. Boxx, Black Unicorn, PrOduct Cypher, Pablo Escobar, and other pseudospoofing tentacles, not be told by a government that, for our own good, such communications are felonies. >the above is almost exactly what Dyson was saying, and I have been No, Dyson said "Therefore I would favor allowing anonymity -- with some form of traceability only under terms considerably stronger than what are generally required for a wiretap." This implies a role for government, and concomitant restrictions on related anonymity technologies, to provide traceability. So much for mutual agreement between sender and recipient. (I have nothing against senders and recipients agreeing to use the services of some third party in providing ultimate traceability. I'm not wild about the U.S. Government being this third party, paid for by tax money, but so long as it is not required, it's a minor concern to me. I surmise, though, that use of the U.S. Government as a third party would not be optional, in the schemes of Dyson, Denning, and others of that ilk.) --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From makof at alias.cyberpass.net Thu Sep 5 00:40:14 1996 From: makof at alias.cyberpass.net (makofi) Date: Thu, 5 Sep 1996 15:40:14 +0800 Subject: Steganography -- Tell Tale Signs? Message-ID: <199609050421.VAA21428@sirius.infonex.com> Hi there! I'd appreciate some help from you experts in steganography. 1) If I hide some PGP encrypted data in a gif, jpg or wav file will there be any tell tale signs to the naked eye of an expert? If yes, what are they? 2) Would it better to hide the data in a jpg with black and white image rather than a color one? 3) Are there any tools at the moment to expose (not crack) the hidden encrypted data? If none. are there tools in development? If this is off-topic please accept my apologies. and if necessary, please email replies to me directly. Thank you. Makofi From rwright at adnetsol.com Thu Sep 5 01:01:57 1996 From: rwright at adnetsol.com (Ross Wright) Date: Thu, 5 Sep 1996 16:01:57 +0800 Subject: Voluntary Disclosure of True Names Message-ID: <199609050545.WAA18030@adnetsol.adnetsol.com> On Or About: 4 Sep 96 at 21:48, Timothy C. May wrote: > In a rare moment of lucidity Vladimir Z. Dettweiler wrote: > > >I think cpunks should hold the view that communication is a matter > >of mutual consent between sender and receiver. if a receiver says, > >"I don't want any anonymous messages", then should be able to block them. > > But this is precisely what nearly all of us have been arguing. Namely, that > the issue of anonymity vs. providing of True Names, is a matter of > _contract_ between parties, not something the government is justified in > sticking its nose into. I always use my true name and am happy to spread it far and wide, but I have been doing some work for a GroupWare manufacturer. They have seen that even in a corporate environment where information sharing is practised and embraced, sometimes people want to make a comment and not take the heat for making that comment. This can provide some constructive input, so they have a anonymous comment feature built in. So you could say that it is absolutely necessary for the web to have that feature as well. > of some third party in providing ultimate traceability. I'm not wild about > the U.S. Government being this third party NO WAY, These guys are in my life enough already, and you can't trust them anyway!!!! Ross =========== Ross Wright King Media: Bulk Sales of Software Media and Duplication Services http://www.slip.net/~cdr/kingmedia Voice: 415-206-9906 From tcmay at got.net Thu Sep 5 01:07:33 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 5 Sep 1996 16:07:33 +0800 Subject: ZD Net Registration Message-ID: At 4:45 AM 9/5/96, Carl Ellison wrote: >http://community.zdnet.com/register/register.cgi > >Check this out! Harvesting Mother's Maiden Name. >I wonder how many they get each hour.... "Think of it as evolution in action." I tried to register as "foobar," but the name was taken. So I added a few bits. I used "fuckyou" as my mother's maiden name (no pun intended). So now I'm an full-fledged member of ZD Net, fuck you very much. The more things change... --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From nobody at replay.com Thu Sep 5 01:10:03 1996 From: nobody at replay.com (Anonymous) Date: Thu, 5 Sep 1996 16:10:03 +0800 Subject: WinSock Remailer Available Overseas Message-ID: <199609050553.HAA12430@basement.replay.com> The Winsock remailer announced by Joey Grasty available at Obscura, an access-contolled site on August 21, became available August 26 at at least five overseas sites, one of which is ftp://ftp.replay.com/pub/replay/pub/remailer/wsa12.zip OK, let's get some more non-USA remailers running!! From jimbell at pacifier.com Thu Sep 5 01:14:41 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 5 Sep 1996 16:14:41 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609050305.UAA08601@mail.pacifier.com> At 05:13 PM 9/4/96 -0700, Declan McCullagh wrote: >On Wed, 4 Sep 1996, jim bell wrote: >> Why WOULDN'T the police want to shut down anonymous remailers? The Leahy >> bill clearly didn't distinguish between remailer operators and users, so it >> is no leap to conclude that they would be treated similarly. > >Why *wouldn't* the police want to shut 'em down? Because the police >respect the Constitution and our civil liberties, of course, and realize >and respect the value of anonymous political speech. "Hey, man, whatever you'se been smoking, could'ja give me a joint or two?" Jim Bell jimbell at pacifier.com From declan at well.com Thu Sep 5 01:26:43 1996 From: declan at well.com (Declan McCullagh) Date: Thu, 5 Sep 1996 16:26:43 +0800 Subject: German prosecutors redouble attack on Net, subversive leftists Message-ID: [Note www.anonymizer.com doesn't seem to be blocked. --Declan] --- Date: Thu, 5 Sep 1996 01:59:36 +0200 (MET DST) From: Ulf Moeller To: fight-censorship at vorlon.mit.edu Subject: German Internet Censorhip: http://www.xs4all.nl The German Generalbundesanwaltschaft (Chief Federal Prosecutor's office) has "advised" the Internet providers to block access to http://www.xs4all.nl:80 and http://www.serve.com:80 due to supposedly illegal contents at the URLs http://www.serve.com/spg/154/, http://www.xs4all.nl/~tank/radikal//154/ and http://ourworld.compuserve.com/homepages/angela1/radilink.htm. The commercial ISPs have blocked the routes to the servers. Their statement (in German) is at http://www.anwalt.de/ictf/p960901d.htm "Radikal" (http://www.xs4all.nl/~tank/radikal) is a publication from the radical left that is illegal in Germany, but not in the Netherlands. --- Date: Wed, 4 Sep 1996 22:15:42 -0700 (PDT) From: Declan McCullagh To: fight-censorship at vorlon.mit.edu Subject: Re: German Internet Censorhip: http://www.xs4all.nl I heard about this a few days ago, but I was unable to verify it. Yesterday I bounced mail through a German university to xs4all.nl back to EFF, and it came through just fine. I also tried golden-gate.owl.de and wserver.physnet.uni-hamburg.de, both of which have no problems talking to xs4all.nl. From those tests, I can say there's no complete ban, though I can't confirm or deny any partial ban. However, just in case the German government is successful in this censorship gambit, I've mirrored the three embattled web sites at: http://www.well.com/~declan/mirrors/ This is a quick grab of the files in question; I'll work on a formatted intro page later. (As background for more recent subscribers to fight-censorship, this isn't the first time the German government has tried this. A similar move came early this year when German prosecutors tried to cut connections to webcom.com in California, where some of Ernst Zundel's Nazi "Holocaust Revisionist" propaganda was hosted. I and a few other folks including Rich at Stanford and Blake at Penn held our noses and mirrored it around the country, prompting the Gemans to lift the ban. I had thought the German prosecutors smarter than to try this again. I guess I was wrong.) My global Net-censorship roundup is at: http://www.eff.org/~declan/global/ -Declan From stewarts at ix.netcom.com Thu Sep 5 01:32:47 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Thu, 5 Sep 1996 16:32:47 +0800 Subject: rc2 export limits.. Message-ID: <199609050609.XAA17556@dfw-ix8.ix.netcom.com> I'm afraid my source is "Read it on the net and was surprised to hear it". My assumption is that the limit is for software that implements both signature and verification, since ITAR doesn't ban export of pure-authentication software. Is the State Dept doc on the net? It would be nice to have something saying there are well-defined rules that they agree to follow, unreasonable and unconstitutional though they may be. At 12:06 PM 9/4/96 -0400, Kent Briggs <72124.3234 at compuserve.com> wrote: >stewarts at ix.netcom.com wrote: >> However, the usual guidelines for systems like RC2 and RC4 is >> 40-bit keys, and RSA keys up to 512 bits for encrypting >> session keys and 1024 bits for signatures > >Can you list a source for the 1024-bit signature restriction? I know >about the 40-bit RC2/RC4 and 512-bit public encryption keys because they >are specifically addressed in the State Dept's "Procedure for Submitting >a Commodity Jurisdiction Request for a Mass Market Software Product that >Contains Encryption". However, digital signatures are not mentioned in >this procedure. I can't image what justificication could be used to >restrict the strength of digital signatures. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com # # You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto From mccoy at communities.com Thu Sep 5 01:40:38 1996 From: mccoy at communities.com (Jim McCoy) Date: Thu, 5 Sep 1996 16:40:38 +0800 Subject: Reputations Message-ID: Greg Burk writes: > Too little incentive to shoot for the heights: > > Suppose you judge that you've accumulated twice as much "reputation > capital" as Joe. How do you get twice as much payoff? It seems to me > that above the threshhold of credibility, minor side issues make more > difference than your two-fold "reputation capital" differential. Go read Ender's Game by Orson Scott Card (a good book to read anyway :) and examine the nature of the computer network "discussion groups" he talks about: a classic example of reputation markets in many-to-many discussions. With the proper tools someone with twice the reputation capital in a particular category as another will have a greater chance of what they say not being filtered out as noise. > As an "asset", it is extremely non-liquid: > > How exactly would you "convert" your reputation into other capital? > Would you accept bribes and tell lies? Seems to me you would only get a > one-shot "conversion" and it couldn't possibly hope to equal your > investment. Tell that to Walter Cronkite, Siskel & Ebert, Moody's and others who have converted reputation capital into large piles of money. Time is an asset that has a monetary value to most people, and they are willing to spend money to hear the opinions of sources which they feel have a high reputation in a particular area rather than spending the time necessary to do the research and investigation themselves. > So I think the latter part of the analysis is wishful thinking, or at > least restricted to a small subset of subject-matter. No, I think that you just don't understand the mechanics of reputations and how they interact with the most important resource in most people's lives: time. Instead of thinking of "reputation" look at it from the other end and consider the "attention marketplace." Right now reputation markets have a limited presence on the internet (mostly through killfiles) because the tools required are not integreated into the tools used to browse the information. In time this will change. jim From Adamsc at io-online.com Thu Sep 5 01:44:28 1996 From: Adamsc at io-online.com (Adamsc) Date: Thu, 5 Sep 1996 16:44:28 +0800 Subject: Internet blamed in shoe-cam crimes, assailant free on $750 bail Message-ID: <19960905062418656.AAA164@IO-ONLINE.COM> On Wed, 4 Sep 1996 23:31:29 -0400 (EDT), The Deviant wrote: >> He said the man was detected by two couples who noticed him moving his >> foot under the skirt of a woman. They followed the man, held him and >> called police. >> Police ask women who feel they've been victimized to call 808-5289. >> George Walter Campbell, 62, of Cornwall, has been charged with sexual >> assault and mischief. He returns to College Park court on Sept. 10. >> He was released on $750 cash bail yesterday. >Hrmm.. I can see how its _wrong_, but exactly how is looking under >somebodies skirt _assault_? Mischief is true. However it does get back to the eventual question: if they are giving off radiation, are we guilty receiving them? For instance, if you have your pot sensing IR camera in a plane, do you need a search warrant? If you walk around with a scanner listening to cell-phones is it illegal? One can also imagine a sewer worker getting sued for looking out of one of those cover grill things. (Perhaps up at a cover girl. Pun intended.) - "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said. * Home: Chris Adams | http://www.io-online.com/adamsc/adamsc.htp * Autoresponder: send email w/subject of "send resume" or "send PGPKEY" * Work: cadams at acucobol.com | V.M. (619)515-4894 | (619)689-6579 * Member in good standing of the GNU whirled hors d'oeuvre From nobody at zifi.genetics.utah.edu Thu Sep 5 01:56:13 1996 From: nobody at zifi.genetics.utah.edu (Anonymous) Date: Thu, 5 Sep 1996 16:56:13 +0800 Subject: Race Bit: C Message-ID: <199609050630.AAA07395@zifi.genetics.utah.edu> >At 02:47 AM 9/4/96 -0700, Timothy C. May wrote: >>At 3:02 AM 9/4/96, James A. Donald wrote: >>>At 10:33 PM 9/3/96 -0800, jim bell wrote: <...> [I am unsure just *who* wrote:] >>As the recent discussion of knives, switchblades, and throwing stars >>showed, such ambiguous laws are often used to keep the coloreds down. Gunlaws and druglaws have deep roots in racism, but it is politically incorrect to say, even if I can find it in the congressional record. [and I can.] But then it was certainly Jim Bell who wrote: >Perhaps the most ominous part of making "use of encryption to thwart an >investigation" illegal is _not_ that remailer operators might be prosecuted, >but that they might NOT be prosecuted in a deal where (in exchange for not >being prosecuted) they continue to operate the remailer, "cracked" or >sabotaged so that they share all the info with the cops. While even that >won't make chained remailers totally useless, eventually suspicions of such >a crack will surface, which will help sabotage the credibility of all >remailers, not just the ones that have been "stung." If someone tried a scheme involving violence such as A. P. through a remailer I was involved in, the feds would not have to threaten me with prosecution to get me to cooperate with them. I may not keep any logs right now, Jim, but if your little scheme gets underway I will cooperate willingly as long as I don't compromise the privacy of non- violent people such as drug users & sellers. For them, I would go to jail; for you, I would even cooperate with the BATF (which should be defunded 100%, IMO). Violence begats violence which begats even larger government, don't start us on that road -- leave me in peace. From isptv at access.digex.net Thu Sep 5 02:17:49 1996 From: isptv at access.digex.net (ISP-TV Main Contact) Date: Thu, 5 Sep 1996 17:17:49 +0800 Subject: No Subject Message-ID: <199609050626.CAA28796@access2.digex.net> *** ISP-TV Program Announcement: Meeks Interview *** Monday, September 9 9:00 PM ET Brock Meeks Chief Washington Correspondent for WIRED and HotWIRED WIRED's chief muckraking journalist will join ISP-TV for a discussion of the the technology policy underbelly of Washington, D.C, ranging from the Communications Decency Act to pornography in the bathrooms of the Senate Russell Building. This video interview can be viewed on the ISP-TV main CU-SeeMe reflector at IP 205.197.247.33, or other ISP-TV affiliate reflectors listed at http://www.digex.net/isptv/members.html There will be a call-in number for questions, and we will be monitoring EFnet IRC channel #isptv See URL http://www.digex.net/isptv for more information about the ISP-TV Network From jamesd at echeque.com Thu Sep 5 02:21:19 1996 From: jamesd at echeque.com (James A. Donald) Date: Thu, 5 Sep 1996 17:21:19 +0800 Subject: FWD: Another try to kill democracy Message-ID: <199609050642.XAA28858@dns2.noc.best.net> At 09:53 PM 9/2/96 +0000, SPG wrote: > I just got wind that the German government is planning to force german > ISP's to shut off access to my ISP, XS4ALL, because the german magazine >'Radikal' has a web page on xs4all. A few more details please: What german agency is taking what action. Has any access been shut off yet, or is it just some two bit asshole fascist with delusions of grandeur? > Please considder mirroring or linking to this site. Linking is pointless if the site is cut off or access seriously threatened. Mirroring is appropriate only if access is seriously threatened. How serious is this threat? --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From tcmay at got.net Thu Sep 5 03:01:37 1996 From: tcmay at got.net (Timothy C. May) Date: Thu, 5 Sep 1996 18:01:37 +0800 Subject: Reasons for Preferring Anonymity Message-ID: At 3:41 AM 9/4/96, Jon Lebkowsky wrote: >The terms "responsibility" and "accountability" are misused, which is >unfortunate, since I think we'd all argue in favor of taking responsibility >for our speech/actions in a positive sense. The negative is in asking me to This issue keeps coming up: "Shouldn't people be willing to take responsibility for their speech and actions?" No, actually, and I presented the fact that people are using anonymity and remailers as evidence that clearly they are not willing to take responsibility under their own, traceable True Names for their speech. Q.E.D. But the issue persist. Well, why do people use anonymity in general? * To call the IRS to ask questions. Maybe to ask what they should do if they haven't paid taxes since 1983. Believe me, with the advent of "Caller ID" here in California, I've learned to use payphones before calling the IRS office over in San Jose. (As the Net takes on a larger role, what will be the parallel to anonymous calls to the IRS? Obvious answer.) * AIDS test results. And a whole panoply of similar queries. Caller anonymity is crucial. * Whistleblowing, obviously. * Ordering of information and supplies is often done through agents, or cut-outs. Coca Cola, as the story goes, orders supplies so as to deliberately confuse those trying to deduce the formula for Coke (probably a bad example, as the 80-90 years of Coke has probably made the formula for Coke a kind of joke). But there are very real cases where businesses make queries or orders and cannot tolerate traceability to them. (Dyson's thought that maybe anonymity should be banned for businesses shows her lack of understanding of the issues.) * As a special form of whistleblowing, sometimes people have information they feel should be disseminated, and have no desire to be "accountable" for releasing this information. The release of RC4 code is an example. The Dumpster diving of Mykotronx is another. * Admissions and confessions. Those who use the various "recovery" groups obviously feel no need to ensure "accountability" and "traceability," nor should they. * Their comments may affect their Real World jobs, their status in organizations, their distant future political careers, etc. (In an age of Web spiders, anything said may show up in future lawsuits, divorce settlements, tenure reviews, political campaigns, etc.) And so on. John L. may wish that all people believe in being held accountable for their speech and actions, but obviously this demonstrably is not the case. Names are just another credential, another potential factor in a transaction. Sometimes they help to close a deal, sometimes they are unneeded. The notion that a government-issued name credential is necessary for mutually-satisfactory transactions is just an illusion. --Tim May (have any of you checked that I am really, truly who I claim to be? Have you been dealing with me on the basis of belief that I am a persistent personna, or because you saw me present an SS card?) We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From madden+ at andrew.cmu.edu Thu Sep 5 04:32:51 1996 From: madden+ at andrew.cmu.edu (Rebecca L Madden) Date: Thu, 5 Sep 1996 19:32:51 +0800 Subject: up In-Reply-To: Message-ID: it's three o four. I'm up. Becky Madden #(412)-862-2934 //<@>\\*//<@>\\*//<@>\\*//<@>\\*//<@>\\*//<@>\\ I believe that imagination is stronger than knowledge- That myth is more potent than history. I believe that dreams are more powerful than facts- That hope always triumphs over experience- That laughter is the only cure for grief. And I believe that love is stronger than death. -Robert Fulghum From gary at systemics.com Thu Sep 5 05:02:45 1996 From: gary at systemics.com (Gary Howland) Date: Thu, 5 Sep 1996 20:02:45 +0800 Subject: German prosecutors redouble attack on Net, subversive leftists In-Reply-To: Message-ID: <322E94B9.41C67EA6@systemics.com> Declan McCullagh wrote: > > The German Generalbundesanwaltschaft (Chief Federal Prosecutor's > office) has "advised" the Internet providers to block access to > http://www.xs4all.nl:80 and http://www.serve.com:80 due to > supposedly illegal contents at the URLs http://www.serve.com/spg/154/, > http://www.xs4all.nl/~tank/radikal//154/ and > http://ourworld.compuserve.com/homepages/angela1/radilink.htm. > > The commercial ISPs have blocked the routes to the servers. > Their statement (in German) is at http://www.anwalt.de/ictf/p960901d.htm I wonder how they are doing this? We know that the Germans allow full internet access (don't they?), so they can't be using a filtering http proxy. I guess they're blocking on IP number (and perhaps port). It might be a good idea for xs4all to gather up all of their spare IP numbers, and alias the lot on their web site - this would increase the number of blocked addresses needed. It might also be a good idea to run some proxies on unusual ports (eg. smtp, DNS, pop, ftp ports) (although of course this will then need to be a dedicated proxy machine) - again this would increase the size of the blacklist that the Germans must use, and may involve some awkward router programming (for example, a router might be configured to allow all DNS traffic - if a proxy is sitting on the DNS port, then things get a bit difficult to set up). Of course, netscape probably won't allow use of these ports (it certainly doesn't allow the use of port 79). Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From moe-san at stadt.com Thu Sep 5 06:44:31 1996 From: moe-san at stadt.com (D. Moeller) Date: Thu, 5 Sep 1996 21:44:31 +0800 Subject: FWD: Another try to kill democracy In-Reply-To: <199609050642.XAA28858@dns2.noc.best.net> Message-ID: <322EA63D.35B5@stadt.com> James A. Donald wrote: > > At 09:53 PM 9/2/96 +0000, SPG wrote: > > I just got wind that the German government is planning to force german > > ISP's to shut off access to my ISP, XS4ALL, because the german magazine > >'Radikal' has a web page on xs4all. <..> > How serious is this threat? No problem in gaining access so far. I even traces through Telekom and C-Serve - no trace of restrictions. Maybe just a way to generate traffic to a lame site? Cheers Moe! -- D. Moeller at WebLab U-Agency GmbH webadmin at stadt.com http://www.stadt.com/u-agency/ moe-san at elcafe.com http://www.elcafe.com/~moe-san/ From tank at xs4all.nl Thu Sep 5 07:38:38 1996 From: tank at xs4all.nl (SPG) Date: Thu, 5 Sep 1996 22:38:38 +0800 Subject: FWD: Another try to kill democracy Message-ID: <322ECF33.6871CB6D@xs4all.nl> James A. Donald wrote: > > A few more details please: What german agency is taking what action. Oke, taken from: http://www.anwalt.de/ictf/p960901e.htm ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Internet Content Task Force (ICTF), Press Release of Sep. 03, 1996 RA Michael Schneider, eco e.V. A telefax was received by us from the Public Prosecutor General on August 30 in which eco e.V. is informed of an on-going investigatory procedure. We have been requested in this context to inform all Internet service providers affiliated with ICTF (Internet Content Task Force) the following in writing: "Under the following addresses in Internet: http://www.serve.com/spg/154/ http://www.xs4all.nl/~tank/radikal//154/ and using the link on page http://ourworld.compuserve.com/homepages/angela1/radilink.htm one can call up the entire edition of the pamphlet entitled �radikal Nr. 154". Parts of this pamphlet justify preliminary suspicion of promoting a terrorist organization under � 129a, Par.3 of the German Criminal Code, public condoning of criminal activities penalizable under � 140 no.2 of the German Criminal Code and preliminary suspicion of inciting to criminal activity under � 130a Par.1 of the German Criminal Code. The Public Prosecutor General at the Federal Court of Justice has therefore initiated a criminal investigatory procedure against the parties disseminating this pamphlet. You are herewith informed that you may possibly make yourself subject to criminal prosecution for aiding and abetting criminal activities if you continue to allow these pages to be called up via your access points and network crosspoints" +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > Please considder mirroring or linking to this site. As of today: http://burn.ucsd.edu/%7Eats/RADIKAL/ http://www.jca.or.jp/~taratta/mirror/radikal/ http://www.serve.com/~spg/ http://huizen.dds.nl/~radikal http://www.canucksoup.net/radikal/index.html http://www.ecn.org/radikal http://www.well.com/~declan/mirrors/ http://www.connix.com/~harry/radikal/index.htm http://www.connix.com/~harry > Linking is pointless if the site is cut off or access seriously threatened. > > Mirroring is appropriate only if access is seriously threatened. > > How serious is this threat? Serious enough i think. henk (SPG) From asgaard at Cor.sos.sll.se Thu Sep 5 08:25:02 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Thu, 5 Sep 1996 23:25:02 +0800 Subject: ... subversive leftists In-Reply-To: Message-ID: On Wed, 4 Sep 1996, Declan McCullagh wrote: > The German Generalbundesanwaltschaft (Chief Federal Prosecutor's > office) has "advised" the Internet providers to block access to > "Radikal" (http://www.xs4all.nl/~tank/radikal) is a publication > from the radical left that is illegal in Germany, but not in > the Netherlands. This is amazing. Without defending the German stand on the Revisionist crap, that part is at least understandable in a historical context (their sense of guilt for the unfortunate developments in the 30's and 40's etc). But a quick overview of the contents of Radikal gives the impression of an ordinary leftist zine, defining the outlawing of it as pure political censorship in a Western 'democracy'. I'm truly surprised. Asgaard From peter.allan at aeat.co.uk Thu Sep 5 09:31:37 1996 From: peter.allan at aeat.co.uk (Peter M Allan) Date: Fri, 6 Sep 1996 00:31:37 +0800 Subject: Job for netescrow ? (was Secure anonymouse server protocol... Message-ID: <9609051155.AA14504@clare.risley.aeat.co.uk> In the talk about replyable nym-mailers I haven't yet seen netescrow mentioned. You DID all read this ? > Oblivious Key Escrow > Matt Blaze AT&T Research > mab at research.att.com > 12 June 1996 > > Abstract > We propose a simple scheme, based on secret-sharing over large-scale > networks, for assuring recoverability of sensitive archived data e.g., > cryptographic keys. In our model any one can request a copy of the > archived data but it is very difficult to keep the existence of a > request secret or to subvert the access policy of the data owner. This all hinges on a policy to be followed by archive holders defining the conditions under which they release their shares. This could be receipt of a signed request from the owner (remailer). Maybe the table relating nyms to reply addresses could be stored in netescrow style so that captured remailers reveal nothing. The problem of operator coercion is not addressed by this. Police investigations might apply "angry mob cryptanalysis" to find a sender - convincing a sizable number of operators that a crime had been committed with some particular piece of traffic. Anybody want to estimate traffic + storage requirements ? Or number of participants needed for a viable scheme ? -- Peter Allan peter.allan at aeat.co.uk From richards at netrex.com Thu Sep 5 10:26:36 1996 From: richards at netrex.com (Richard Stiennon) Date: Fri, 6 Sep 1996 01:26:36 +0800 Subject: 2^1,257,787-1 Message-ID: <2.2.32.19960905122436.00b04674@trex.netrex.com> At 09:54 AM 9/4/96 -0700, John F. Fricker wrote: >Ok so maybe here in Organ we are a little behind the times but I just heard >about this 378,632 digit prime. Grab your HP11C's and crank out >2^1,257,787-1 courtesy of David Slowinski at Cray. Is there a URL for the entire number? Or could someone post it to the list? ---------------------------------------------------------------------------- Richard Stiennon richards at netrex.com Director, Business Development http://www.netrex.com Netrex, Inc. Voice: 810-352-9643 Southfield, Michigan Fax: 810-352-2375 ----------------------------------------------------------------------------- Providing businesses and organizations with secure Internet solutions. From ponder at freenet.tlh.fl.us Thu Sep 5 11:11:32 1996 From: ponder at freenet.tlh.fl.us (P. J. Ponder) Date: Fri, 6 Sep 1996 02:11:32 +0800 Subject: rc2 export limits.. Message-ID: keywords: ITAR, SHA, beneficial and innocuous crypto The persistent reputation known as Bill Stewart wrote: >Date: Wed, 04 Sep 1996 23:09:17 -0700 >From: Bill Stewart >To: Kent Briggs <72124.3234 at compuserve.com> >Cc: cypherpunks at toad.com >Subject: Re: rc2 export limits.. > >I'm afraid my source is "Read it on the net and was surprised to hear it". >My assumption is that the limit is for software that implements >both signature and verification, since ITAR doesn't ban export of >pure-authentication software. The FIPS Pub (?180? ?181?) for the Secure Hash Algorithm (SHA) states in the fine print at the beginning that SHA is export controlled. I don't have the document to refer to right now, but it plainly states that SHA falls under ITAR. As a cryptographic hash function, why would it be controlled in this way? How can I use SHA to encrypt something for someone else to decrypt? I know how to use it for authentication; am I missing something here? ANFSCD: I tried that OnNet32 e-mail software from FTP software. It runs under Windows95. It is a lot of material to download, and way too intrusive to install. It wants to metastasize itself into the innards of Microsoft Exchange and Inboxes, etc. What is it with all this complexity anyway? Why not just have a POP client that will check mail on the server? It also wants you to store your mailbox password in it, as opposed to letting you enter it on a session-by-session basis. I don't like that. sticking with PINE, PGP, and Xywrite II for now.... From bkmarsh at feist.com Thu Sep 5 11:18:30 1996 From: bkmarsh at feist.com (Bruce M.) Date: Fri, 6 Sep 1996 02:18:30 +0800 Subject: Internet blamed in shoe-cam crimes, assailant free on $750 bail In-Reply-To: Message-ID: On Wed, 4 Sep 1996, Declan McCullagh wrote: > > Hrmm.. I can see how its _wrong_, but exactly how is looking under > > somebodies skirt _assault_? > > Why is this wrong? Information wants to be free! > > More to the point, boys used to put mirrors on their shoes. Now they > learn about shoecams on the Net. I'm working on some nanotech bots to take care of everything now. With a little more work I'm sure they'll be able to actually later reproduce the 'target' in life-like synthetics. Uhh.. any investors interested? :) ________________________________ [ Bruce M. - Feist Systems, Inc. ] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ "Official estimates show that more than 120 countries have or are developing [information warfare] capabilities." -GAO/AIMD-96-84 So, what is your excuse now? From campbell at c2.net Thu Sep 5 11:21:04 1996 From: campbell at c2.net (Rick Campbell) Date: Fri, 6 Sep 1996 02:21:04 +0800 Subject: NYT on penet closure Message-ID: <9609051348.AA16186@cfdevx1.lehman.com> -----BEGIN PGP SIGNED MESSAGE----- http://www.nytimes.com/library/cyber/week/0905remail.html September 5, 1996 Scientology Case and Finnish Law Blamed for Demise of Remail Service By PAMELA MENDELS The issue, Johan M. Helsingius insists, was not pornography but privacy. Helsingius, the Finnish volunteer who shook the online community last week with the announcement that he was closing his popular anonymous remailer service, said in an interview on Wednesday that he had acted because he believes that Finland today offers inadequate privacy protection to Internet users. The only thing I am concerned with is that the threshold of protection for the Internet should be the same as for ordinary postal mail or phone calls. Johan M. Helsingius [ I've deleted the rest of the article. See the URL above for the full text. -Rick ] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMi7aJhj0UvMeUesFAQHEHwP+N+MB+YrO1HfxXJx5v+z6PCMcwCREpvYN /HZGzdlvh4z1A0viQluGjkhDe0Xo/gLfiCxzsVM92zWEBhzh5cYiWDO0gj5tJklc nU/WPVOpz7+W/JR495NwcDFKiHUQU/nInq26ixVTPi+56YHG2cTl61iHc7b1Pnt0 jBVa+8V9WTM= =kigF -----END PGP SIGNATURE----- From paul at fatmans.demon.co.uk Thu Sep 5 12:26:00 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Fri, 6 Sep 1996 03:26:00 +0800 Subject: SNAKEOIL ALLERT: FUCKHEAD ;-) Message-ID: <841932737.22584.0@fatmans.demon.co.uk> > SK> I am currently not releasing the source code.Here is a copy of the zip > SK> file if you get hold of a pc. Aghhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh. Last week is was " The Knapsack TM " with a "proprietary algorithm" now it`s Secureit for windows! It`s a veritable flood of snakeoil..... lets start a drunroll: fuckhead Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From paul at fatmans.demon.co.uk Thu Sep 5 12:35:47 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Fri, 6 Sep 1996 03:35:47 +0800 Subject: Pseudocrypto detector is going wild Message-ID: <841932730.22539.0@fatmans.demon.co.uk> > Is it just me, or is the snake-oil frequency factor scaling up? > We used to get this stuff quarterly, and now it's monthly, if > not weekly! > > slither-squeek Yeah, I too have noticed this. Hey kids, heres uncle Pauls Snake oil test. if the post contains any of the following it is slither-squeek material: 1. The word "Proprietary" 2. References to a new algorithm, which hasn`t been seen yet and is "the strongest ever" 3. people who use TM after their alogorithm, this is Snakeoil(TM)(R) 4. People who think cryptographers seeing their algorithm will make it less secure 5. People who have never coded a crypto tool in their life then instead of working on current algorithm implementations re-invent the wheel because they don`t understand how to implement current ciphers. Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From paul at fatmans.demon.co.uk Thu Sep 5 12:53:32 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Fri, 6 Sep 1996 03:53:32 +0800 Subject: No Subject Message-ID: <841932742.22613.0@fatmans.demon.co.uk> > > The gubment has no right to fuck with any speech - (seditius) libel, child > > porn, bomb-making instructions... > > > Agreed. Otherwise, by a slipery slope argument, they can eventually > supress any form of speech whatsoever. true enough, most punks on here are a bit less radical but we need more of this sort of absolutism Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From schmidt at pin.de Thu Sep 5 14:15:22 1996 From: schmidt at pin.de (Stephan Schmidt) Date: Fri, 6 Sep 1996 05:15:22 +0800 Subject: German prosecutors redouble attack on Net, subversive leftists In-Reply-To: Message-ID: On Thu, 5 Sep 1996, Declan McCullagh wrote: > > You're not talking about http://www.anwalt.de/ictf/p960901e.htm, are you? > I'm talking about this link (you mentioned earlier). Maybe I can translate it (or I can summarize it). (tomorrow :) -stephan From tcmay at got.net Thu Sep 5 15:11:46 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 6 Sep 1996 06:11:46 +0800 Subject: Herr Schmidt Message-ID: At 3:20 PM 9/5/96, Stephan Schmidt wrote: >Definetly not. >There is an advisory from the Generalbundesanwaltschaft and >the ICTF that ISPs should ('have to') restrict the access to >those urls. > >But so far nothing happend. I asked some people >to try the urls and there where no restrictions. >(I encounterd no restrictions myself.) By the way, I used the name "Schmidt" in my satire post, sent out earlier this morning. I picked that name randomly, being a common German name (cognate to Smith, I believe), and meant nothing with regard to Stephan. (I also don't dislike Germans in general. I studied some German in high school--don't ask me to use it, though!--and have visited Germany. They just have a certain well-known tendency to take the authoritarian path at times.) --Tim We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From makof at alias.cyberpass.net Thu Sep 5 15:16:45 1996 From: makof at alias.cyberpass.net (makofi) Date: Fri, 6 Sep 1996 06:16:45 +0800 Subject: Steganography -- Tell-tale signs? Message-ID: <199609051649.JAA06578@sirius.infonex.com> Hi there! I'd appreciate some help from you experts in steganography. 1) If I hide some PGP encrypted data in a gif, jpg or wav file will there be any tell tale signs to the naked eye of an expert? If yes, what are they? 2) Would it better to hide the data in a jpg with black and white image rather than a color one? 3) Are there any tools at the moment to expose (not crack) the hidden encrypted data? If none. are there tools in development? If this appears twice please accept my apologies. I didn't see the first posting and so I assumed it was lost in transit. Please email replies to me directly if this is off-topic. Thank you. Makofi From aba at dcs.ex.ac.uk Thu Sep 5 15:34:59 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Fri, 6 Sep 1996 06:34:59 +0800 Subject: What is the EFF doing exactly? In-Reply-To: <199609042341.QAA14459@eff.org> Message-ID: <199609051650.RAA00376@server.test.net> Stanton McCandlish writes on cpunks: > Adam Back typed: > > > > No. But I too am rather suprised to hear an EFF board member > > apparently speaking against free speech. OK, so maybe she was > > mis-quoted so I wait for her rebuttal, but nope, she basically to my > > reading reiterates nothing but negative opinions on free speech and > > anonymity. > > > > Tim's quotes of her CFP speech further demonstrates her leanings. > > I've talked to her personally about this. She's not thinking along those > lines, she just perceives a potential problem in the > accountability/ethics area, and is wondering how that can be solved, it can't, > if it can be solved, and what the price of such a solution is. the price for removing anonymity is the price of loosing strongly free speech (you know real free speech, as opposed to `free speech' where you can say what you want provided you provide your ID up front to the thought police, just in case at some future date you say something that someone somewhere in some region of the world finds mildly objectionable). The draconian measures necessary to even start also involve GAK, outlawing of non-GAKed crypto, placing import restrictions on crypto (I saw Freeh quoted as saying that restricting crypto imports may be necessary recently, something I predicted some years ago) draconian thought police laws, and so on. It's quite simple to envisage: place yourself in the position of the overzealous law enforcement type, imagine you are tasked with elminating encryption, free speech on the internet, anonymity. So what're you going do? First thing you might notice is that pretty near everyone is against you. So you work up a few four horseman scare stories, try to squelch all the first ammendment based challenges in the courts, do a few oblique trade-offs with companies exchanging key escrow for more bits, maybe blow up a few airplanes, and federal buildings and blame it on `militias', and the Internet. Rant about the Internet at each opportunity whether has anything to do with it or not (did the perps even know anyone with internet access, do they have a distant cousin who does, there must be an angle somewhere, or heck who cares, just shout about the Internet anyway, no one'll notice it's nothing to do with it). You realise that you're going to have to get pretty mean to actually stamp out free speech for all these people with a quaint wish to uphold the constitution, and protect their freedoms. Russia just about managed it for a while but they shot about 1 in 10 people in the process, they had licenses to own a photocopier, a typewriter, samples had to be provided to the KGB. > Honest, she's not *advocating* restrictions on anonymity, just > asking if any are necessary, no, they are not > in who's opinion, mine, most cpunks, yours? the rest of the EFF board? > with what rationale, at what cost, and by what mechanism. rationale above: the alternative loss of freedoms is too costly, look at Singapore's example. > > Lets put it this way: if Louis Freeh offered to be an EFF board > > member, would you take him on board? If he seemed quite > > Highly unlikely. Who gets to be a boardmember is decided by a board vote. > Freeh's anti-freedom history, and his obnoxious nature would, in my > guesstimate, give him less that a .0000000000001% chance of ever making > it onto the EFF board. And that's being nice. :) > > Dyson has no such history, and does have a history of careful thought > (even if disagreed with by quite a few people) about networks, online > commerce, negative effects of regulation, and civil liberties issues. > More the former 3 than the latter 1. So it seems. If she has little to say on civil liberties, perhaps she should refrain. William Geiger corrected me in this thread, his reading is that Dyson's interview was not a personal interview, she was being interviewd _as_ an EFF board member, she just chose to make a personal statement in it. If this is the case I submit the correct comment on her part would have been that the EFF had no current position on the topic. > > pro-anonymity, and free speech, and later turned out to be having > > doubts, would you keep him? > > I'll generalize that to "if you had any boardmember who expressed doubts > about the value of free speech and privacy, would the board keep them?" > I think not. But Esther's taken no such position. She's asking questions > about the mechanics of a system, and the effects of the system on society. > These are valid questions. It'd be helpful to see some short > Cypherpunks-generated answers, if they are available. Stuff about > reputational systems, etc. Personally I think I'm better at coding, than constructing convincing arguments. But for what it's worth here's a few. I doubt they are news to you, but since you kind of asked: Tim's cyphernomicon isn't short but should be a required reading, IMO. The US constitutional protections for free speech? The Singaporean demonstration of the alternative? The principle of having laws against crimes, not against the potential means of comitting crimes. You know, you can't carry a knife, why not? Because you might commit a crime. So why not wait see if you do commit a crime. You could just as easily stab someone with a screw driver, so what now, outlaw carrying of screw drivers, have permits to carry a screw driver? Sad fact is you can probably get successfully prosecuted for carrying a screw driver if you can't demonstrate a need to carry one already. You see where this line of reasoning heads. It is ultimately useless to make it illegal for people to have any means to commit crimes. Crimes with victims are already illegal, we don't need anymore laws, we've got way too many already. If someone goes out and murders someone, the police attempt to catch the murderer to prevent further murders. We don't need dumb laws outlawing cars (so the guy can't drive away from the scene?), knives, guns, the internet (in case he plots to off someone), the phone system in case he uses that, pay phones in case he uses one of those, what comes next, you know? Several things which were proposed in jest by cypherpunks which were thought too outlandish to be next in line for banning, were actually seriously proposed and even implemented. It never ceases to amaze me the things the law enforcement types think up. Perhaps when the technology is up to it we ought to just implant a CCD chip behind newborn's eyeballs, and have a life escrow system to just record ever last second of everyones existance just in case they have the urge to drive over 55, or not divulge their true name, social security number, address etc. in a casual electronic conversation. > Just to be clear: There is no disagreement on the board, or the staff, of > EFF that anonymity is a vital component of privacy. yay :-) Now all you need to do is have an official policy that says so, so that board members who are less clear on the subject, can quote that policy rather than discussing their own opinions :-) Guess I've said all that I can on this sub-thread, so I'll leave you to continue with important EFF work, trying to knock down all those son of CDAs the individual states are even now crafting, Adam -- #!/bin/perl -sp0777i Message-ID: <9609051711.AA06484@etna.ai.mit.edu> >as are the Dworkin/MacKinnon-inspired anti-pornography laws which >Canada uses to censor lesbian bookstores and gay magazines. >For the most part, other than sex and drugs, Somewhat ironic that the first material to be banned under the law was by MacKinnon. Meanwhile Dworkin has no credebility at all, in addition to her "anti-porn" crusading activities she has a line writing sado-masochistic erotica. >Mark openly violates the >censorship laws, and his shop occasionally gets raided, and after >the last bust they've decided he's a co-conspirator with everybody >who's grown drugs using seeds or light bulbs bought from him, >and they're playing a FUD game about whether to charge him >with 8 life sentences, in under-5-year pieces....) There are equally bad cases in Texas. Two brothers who ran a hydroponics equipment store got jailed on "conspiracy" charges. There are problems in Canada, no doubt. I was simply pointing out that the Teal case is a bad example. The Zundel case is a much more apprpriate one. Phill From flengyel at dorsai.org Fri Sep 6 01:35:21 1996 From: flengyel at dorsai.org (Florian Lengyel) Date: Fri, 6 Sep 1996 16:35:21 +0800 Subject: up In-Reply-To: Message-ID: <322F0FDC.1682@dorsai.org> Rebecca L Madden wrote: > > it's three o four. > I'm up. > > Becky Madden > #(412)-862-2934 Given the opportunity to construe something the wrong way, I will. I take it this means we should call you now. F Lengyel flengyel at dorsai.org http://www.dorsai.org/~flengyel > > //<@>\\*//<@>\\*//<@>\\*//<@>\\*//<@>\\*//<@>\\ > > I believe that imagination is stronger than knowledge- > That myth is more potent than history. > I believe that dreams are more powerful than facts- > That hope always triumphs over experience- > That laughter is the only cure for grief. > And I believe that love is stronger than death. > > -Robert Fulghum From grafolog at netcom.com Fri Sep 6 01:43:53 1996 From: grafolog at netcom.com (jonathon) Date: Fri, 6 Sep 1996 16:43:53 +0800 Subject: Race Bit: C In-Reply-To: <199609050630.AAA07395@zifi.genetics.utah.edu> Message-ID: On Thu, 5 Sep 1996, Anonymous wrote: > defunded 100%, IMO). Violence begats violence which begats even larger > government, don't start us on that road -- leave me in peace. If I understand you correctly, it is OK for a government to institute violence against the residents of the land it claims dominion over, but it is not acceptable for the inhabitants of that piece of land to respond in self defence. xan jonathon grafolog at netcom.com However, if you're tired of the Lesser of N evils, Cthulu's export policy is that you can't escape anyway, and your puny mortal lives will be absorbed along with his morning coffee. Your encryption technology is futile against the Elder Gods, and the arcane formulas in the Cyphernomicon of that mad physicist Tim The Enchanter may summon spirits from the vasty deep, but no secrets are safe from Nyarla-S-Ahothep who knows all and sees all. Bill Stewart From nobody at replay.com Fri Sep 6 02:08:18 1996 From: nobody at replay.com (Anonymous) Date: Fri, 6 Sep 1996 17:08:18 +0800 Subject: Tack of Internet censorship Message-ID: <199609051526.RAA18328@basement.replay.com> Six months ago, the Internet censors and Exon wannabees took the tack of "the Internet is too hard to censor". Now, their motto is "There will be some who get around our censorship, but we will try anyway." Unfortunately, I believe these censorship strikes will keep happening unless we find a way to stalemate them. What I am proposing is that Apache or other WWW servers have a way to allow access to site B's URL at site A, similar to the old trick of finger user at sitea.com@siteb.com. Implementation should be simple. However, I wonder what is a good standard way to specify this in the URL or a site. From schmidt at pin.de Fri Sep 6 02:26:31 1996 From: schmidt at pin.de (Stephan Schmidt) Date: Fri, 6 Sep 1996 17:26:31 +0800 Subject: FWD: Another try to kill democracy In-Reply-To: <322EA63D.35B5@stadt.com> Message-ID: > No problem in gaining access so far. I even traces through Telekom and > C-Serve - no trace of restrictions. > > Maybe just a way to generate traffic to a lame site? > Definetly not. There is an advisory from the Generalbundesanwaltschaft and the ICTF that ISPs should ('have to') restrict the access to those urls. But so far nothing happend. I asked some people to try the urls and there where no restrictions. (I encounterd no restrictions myself.) -stephan From Kevin.L.Prigge-2 at tc.umn.edu Fri Sep 6 02:37:01 1996 From: Kevin.L.Prigge-2 at tc.umn.edu (Kevin L Prigge) Date: Fri, 6 Sep 1996 17:37:01 +0800 Subject: Anonymity (re: the Esther Dyson issue) In-Reply-To: <9609042054.AB16740@anchor.ho.att.com> Message-ID: <322eea225b5e002@noc.tc.umn.edu> stewarts at IX.NETCOM.COM said: > In Tim's Cyphernomicon, he says > - I have heard (no cites) that "going masked for the purpose > of going masked" is illegal in many jurisdictions. Hard to > believe, as many other disguises are just as effective and > are presumably not outlawed (wigs, mustaches, makeup, > etc.). I assume the law has to do with people wearning ski > masks and such in "inappropriate" places. Bad law, if real. > > A lot of the motivation was to stop the Ku Klux Klan terrorism. > On the other hand, the reason it was mentioned on the list a couple > years ago was that a woman was arrested in some North Central city, > probably Detroit, for violating it, because she was wearing a > Middle-Eastern-style chador outfit that covered her face. > That would be St Paul, MN. If I recall, the arrest was thrown out (and possibly the law overturned). I can look for references if anyone cares. -- Kevin L. Prigge | "I rarely saw people sitting at Systems Software Programmer | computers producing real code Internet Enterprise - OIT | wearing ties." - Philippe Kahn University of Minnesota | (speech at Software Development '90) From paul at fatmans.demon.co.uk Fri Sep 6 02:39:22 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Fri, 6 Sep 1996 17:39:22 +0800 Subject: their is a new mailing list Message-ID: <841932721.22517.0@fatmans.demon.co.uk> Some crazy fucker wrote: > > their is a new mailing list for all you hackers just email your name or > > handle and e-mail address and youll be subscribed > > send information to hack5 at juno.com Listen motherfucker. I`m going to say this once and for all... this list is not about hacking, not about "me too" messages, it is about cryptography, the tecnical and ethical sides. if you want to post shit like this do it on alt.2600 and let me tell you they will flame you for it there too, and quite rightly, I think I speak for us all when I say RTFM. Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From declan at eff.org Fri Sep 6 02:55:21 1996 From: declan at eff.org (Declan McCullagh) Date: Fri, 6 Sep 1996 17:55:21 +0800 Subject: FWD: Another try to kill democracy In-Reply-To: <322EA63D.35B5@stadt.com> Message-ID: That was my first thought, but it appears the ban is being implemented, albeit slowly. Check out my message of about 12 hours ago on the topic. -Declan On Thu, 5 Sep 1996, D. Moeller wrote: > James A. Donald wrote: > > > > At 09:53 PM 9/2/96 +0000, SPG wrote: > > > I just got wind that the German government is planning to force german > > > ISP's to shut off access to my ISP, XS4ALL, because the german magazine > > >'Radikal' has a web page on xs4all. > > <..> > > > How serious is this threat? > > No problem in gaining access so far. I even traces through Telekom and > C-Serve - no trace of restrictions. > > Maybe just a way to generate traffic to a lame site? > > Cheers Moe! > -- > > D. Moeller at WebLab U-Agency GmbH > webadmin at stadt.com http://www.stadt.com/u-agency/ > moe-san at elcafe.com http://www.elcafe.com/~moe-san/ > // declan at eff.org // I do not represent the EFF // declan at well.com // From paul at fatmans.demon.co.uk Fri Sep 6 02:57:44 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Fri, 6 Sep 1996 17:57:44 +0800 Subject: Voting Monarchist? Message-ID: <841932727.22534.0@fatmans.demon.co.uk> > ! Harry Brone is a fucking statist. If he weren't, he wouldn't be running > ! for president. Anyone who doesn't advocate killing all kings, presidents, > ! and prime ministers is a fucking statist and should be beaten to a pulp > ! with a rattan stick. Yeah, and anyone who dosen`t advocate random street searches, public floggings and legislation to make the eating of asparagus for breakfast law is a raving leftist militant cyberterrorist neon lighting, macdonalds working, fudge packing, bad ass dude with an attitude... have a nice day motherfucker Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Http://www.fatmans.demon.co.uk/crypt/ "Don`t forget to mount a scratch monkey" -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAjH9j+cAAAEEAMBvREiQR0ot9dFCO0TiSCSunAYLv2g1Bc6I3bz8FzKXNH53 6mieJf/W4rD+CxJpT0q9RQaaoRtkHJLwbjfK2il3D7mEahMAyqvF/xRJNqkXfhM3 sRJM0Jh43l+W0M5vwokbEbk25/bxWWGspTsLD3YHbzKnG6pOcL5OPIRbv66xAAUR tCdQYXVsIEJyYWRsZXkgPHBhdWxAZmF0bWFucy5kZW1vbi5jby51az4= =riHc -----END PGP PUBLIC KEY BLOCK----- From makof at alias.cyberpass.net Fri Sep 6 03:22:36 1996 From: makof at alias.cyberpass.net (makofi) Date: Fri, 6 Sep 1996 18:22:36 +0800 Subject: Steganography -- Tell-tale signs? Message-ID: <199609051651.JAA06856@sirius.infonex.com> Hi there! I'd appreciate some help from you experts in steganography. 1) If I hide some PGP encrypted data in a gif, jpg or wav file will there be any tell tale signs to the naked eye of an expert? If yes, what are they? 2) Would it better to hide the data in a jpg with black and white image rather than a color one? 3) Are there any tools at the moment to expose (not crack) the hidden encrypted data? If none. are there tools in development? If this appears twice please accept my apologies. I didn't see the first posting and so I assumed it was lost in transit. Please email replies to me directly if this is off-topic. Thank you. Makofi From frantz at netcom.com Fri Sep 6 03:46:49 1996 From: frantz at netcom.com (Bill Frantz) Date: Fri, 6 Sep 1996 18:46:49 +0800 Subject: rc2 export limits.. Message-ID: <199609060629.XAA27790@netcom6.netcom.com> At 9:23 AM 9/5/96 -0400, P. J. Ponder wrote: >The FIPS Pub (?180? ?181?) for the Secure Hash Algorithm (SHA) states in >the fine print at the beginning that SHA is export controlled. I don't >have the document to refer to right now, but it plainly states that SHA >falls under ITAR. As a cryptographic hash function, why would it be >controlled in this way? > >How can I use SHA to encrypt something for someone else to decrypt? I >know how to use it for authentication; am I missing something here? Any secure hash can be used as a stream cypher. Concatenate your key and a block serial number (never to be reused) to get a number to exclusive or with the plain text. When you need a new block, use the next sequential serial number. (See Applied Cryptography) Raw SHA probably isn't exportable because people can use it for crypto. If your use of SHA was bundled into a OS password scheme, you could probably get a CJ on it and export it. ------------------------------------------------------------------------- Bill Frantz | "Lone Star" - My personal | Periwinkle -- Consulting (408)356-8506 | choice for best movie of | 16345 Englewood Ave. frantz at netcom.com | 1996 | Los Gatos, CA 95032, USA From schmidt at pin.de Fri Sep 6 03:52:31 1996 From: schmidt at pin.de (Stephan Schmidt) Date: Fri, 6 Sep 1996 18:52:31 +0800 Subject: German prosecutors redouble attack on Net, subversive leftists In-Reply-To: <322E94B9.41C67EA6@systemics.com> Message-ID: > I wonder how they are doing this? We know that the Germans allow full There is an advisory around where the ISPs say that they think it's not possible to block urls. And even if they figure a way out to do this, this mailing list proves (mirrors) that it's not possible to stop the flow of information. But the German Government doesn't seem to even understand a bit how the inet works. > this would increase the size of the blacklist that the Germans must use, The Germans. I don't like this evil German bashing. (which is quite obvios in some mails, although I think not in this one, but I had to say this) Some of us (some may say most, I'm not) are quite normal and there are even some cypherpunks around :) And as there are lots of ISPs in Germany (as in every other country) they won't get everyone to resctrict the access to some pages. -stephan From perry at piermont.com Fri Sep 6 03:59:18 1996 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 6 Sep 1996 18:59:18 +0800 Subject: rc2 export limits.. In-Reply-To: Message-ID: <199609051547.LAA07458@jekyll.piermont.com> "P. J. Ponder" writes: > The FIPS Pub (?180? ?181?) for the Secure Hash Algorithm (SHA) states in > the fine print at the beginning that SHA is export controlled. I don't > have the document to refer to right now, but it plainly states that SHA > falls under ITAR. As a cryptographic hash function, why would it be > controlled in this way? Because the feds aren't stupid -- they know you can use any good hash algorithm as the core for a block cipher. Perry From jimbell at pacifier.com Fri Sep 6 04:01:27 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 6 Sep 1996 19:01:27 +0800 Subject: Herr Schmidt Message-ID: <199609052021.NAA29277@mail.pacifier.com> At 10:07 AM 9/5/96 -0700, Timothy C. May wrote: >By the way, I used the name "Schmidt" in my satire post, sent out earlier >this morning. I picked that name randomly, being a common German name >(cognate to Smith, I believe), and meant nothing with regard to Stephan. > >(I also don't dislike Germans in general. I studied some German in high >school--don't ask me to use it, though!--and have visited Germany. They >just have a certain well-known tendency to take the authoritarian path at >times.) >--Tim "Once all the Germans were warlike and mean But that couldn't happen again. We taught them a lesson in 1918... And they've hardly bothered us since then!" Tom Lehrer, "MLF Lullaby" Jim Bell jimbell at pacifier.com From andrew_loewenstern at il.us.swissbank.com Fri Sep 6 04:01:36 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Fri, 6 Sep 1996 19:01:36 +0800 Subject: Message Digest Ciphers (was Re: rc2 export limits..) In-Reply-To: Message-ID: <9609051609.AA00717@ch1d157nwk> P J Ponder writes: > How can I use SHA to encrypt something for someone else to > decrypt? I know how to use it for authentication; am I missing > something here? Check Applied Cryptography for info on ciphers such as "Karn", "Luby-Rackoff", and "MDC" ... These are encryption algorithms that use one-way hashes as their block functions. Attached is a version of the Karn cipher I implemented as an export-a-crypt-system .sig a while back... I used python because it's my favorite language and has MD5 built-in. I implemented the Karn cipher since it was the simplest (and therefore shortest) of the MD ciphers, not because it's the most secure. andrew #!/usr/local/bin/python -- -export-a-crypt-system MD5 CBC-mode Karn Cipher from md5 import *;from sys import *;from string import *;M=md5;il=ir=M(argv[3]\ ).digest();ki=M(argv[2]).digest();K,k=ki[:8],ki[8:];p=stdin.read(32);c={'-e':'\ l=x(l,il);r=x(r,ir);R=x(M(l+K).digest(),r);L=x(M(R+k).digest(),l);il=L;ir=R','\ -d':'L=x(M(r+k).digest(),l);R=x(M(L+K).digest(),r);L=x(L,il);R=x(R,ir);ir=r;il\ =l'};main="def x(a,b):return joinfields(map(lambda m,n:chr(m^n),map(lambda m:o\ rd(m),a),map(lambda m:ord(m),b)),'');\nwhile(p):p=ljust(p,32);l,r=p[:16],p[16:\ ];exec(c[argv[1]]);stdout.write(L+R);p=stdin.read(32)";exec(main) #try: echo 'TESTING 1 2 3' | karn -e 'key' 'I-V' | karn -d 'key' 'I-V' From adam at homeport.org Fri Sep 6 04:04:22 1996 From: adam at homeport.org (Adam Shostack) Date: Fri, 6 Sep 1996 19:04:22 +0800 Subject: GAK by TIS In-Reply-To: <199608302326.XAA02261@pipe2.t1.usa.pipeline.com> Message-ID: <199609060148.UAA03173@homeport.org> To the editor, Its important to note that the Clinton administration has not vowed to end export restrictions on key escrowed products. The administration has agreed to let out relatively weak 64 bit products, if they are escrowed. This is far below the minimum key length of 80 bits recommended by Schneier, Rivest, Blaze, et al. (To be fair, this is noted deep inside the article.) The Clinton administration seems to expect overseas business to buy software with the spying functions built in and publicized. It is more likely that US software companies will continue to suffer until such time as the administration realizes that strong crypto is not only not going to disappear, but flourish as it enables online commerce. Adam Shostack | Network World, August 26, 1996, Page 1 | Key-escrow firewall ready to leave the country | | by Ellen Messner, Washington D.C. | | | After months of talk about exporting encryption software, | there will finally be action. | | Fulfilling the Clinton Administration's vow to end export | restrictions on strong encryption products if they use | key-escrow features, the U.S. government this week is | expected to permit Trusted Information Systems, Inc. | (TIS) to sell its Data Encryption Standard (DES)-equipped | Gauntlet firewall overseas. From amnesia at chardos.connix.com Fri Sep 6 04:05:21 1996 From: amnesia at chardos.connix.com (Anonymous) Date: Fri, 6 Sep 1996 19:05:21 +0800 Subject: No Subject Message-ID: <199609052210.SAA11602@chardos.connix.com> On 5 Sep 96 at 0:30, Anonymous, a man with a double standard wrote: > For them, I would go to jail; for you, I would even cooperate > with the BATF (which should be defunded 100%, IMO). Why would you go to jail? Who made jails? Who would use violence to bring you in? jfa From whgiii at amaranth.com Fri Sep 6 04:05:29 1996 From: whgiii at amaranth.com (William H. Geiger III) Date: Fri, 6 Sep 1996 19:05:29 +0800 Subject: ... subversive leftists In-Reply-To: Message-ID: <199609051915.OAA03527@mailhub.amaranth.com> -----BEGIN PGP SIGNED MESSAGE----- HI FOUND THE NOTICE ABOUT IMMIGRATION AND NATURALIZATION SERVICE (INS) JOBS! THEY ARE RECRUITING FOR APPROXIMATELY 1500 ADMINISTRATIVE AND SUPPORT STAFF TO BE HIRED AND ON-BOARD BY SEPTEMBER 30, 96. TYPES OF POSITIONS: IMMIGRATION INFORMATION OFFICERS ADMINISTRATIVE AND SUPPORT STAFF DEPORTATION CLERK INVESTIGATIVE ASSISTANTS IMMIGRATION STATUS VERIFIER IMMIGRATION RECORDS TECHNICIAN APPLICATION CLERKS MOTOR VEHICLE OPERATOR AUTOMOTIVE MECHANICS FENCE REPAIRMAN LAW ENFORCEMENT COMMUNICATIONS ASSISTANT ELECTRONICS TECHNICIAN HEADQUARTERS PERSONNEL VACANCY HOTLINE: (202) 514-4711 (VIRGINIA, WASHINGTON DC) ADMINSTRATIVE CENTER, BURLINTON, VT: (902) 660-1116 (CT, DE, ME, MD, MA, NJ, NY, PA, PUERTO RICO, VT, WV) ADMINISTRATIVE CENTER, DALLAS, TX: (214) 767-5884 (AL, AR, FL, GA, KY, LA, MS, NM, NC, OK, SC, TN, TX) ADMINISTRATIVE CENTER, TWIN CITIES, MN: (612) 725-3897 RECORDING (612) 725-3880 (CO, DENVER, ID, IL, IO, KS, MI, MN, MO, MT,NE, ND, OH, SD, UT, WI, WY) ADMINISTRATIVE CENTER, LAGUNA NIGUEL, CA: (714) 360-3058 (AL, AR, CA, HI, GUAM, NE, OR, WA) SORRY IT TOOK SO LONG TO FIND. THIS WAS ON OUR OCPM EASTERN REGION BBS MESSAGE 07-17-96, FROM JACKIE MCLEER, SUBJECT: DEPARTMENT OF JUSTICE RECRUITMENT. I GUESS YOU HAVE HEARD BY NOW THAT PLANS FOR REGIONIZATION HAS BEEN PUT ON HOLD DO TO LACK OF MONEY. THEY SAY WE WON'T BE GOING ANY WHERE OR DOING ANY THING UNTIL AT LEAST 1999. THERE IS TALK OF A RIF HERE! 50 PEOPLE THIS YEAR (97) AND 50 THE NEXT TWO YEARS(98 & 99). WE HAVE TO BE DOWN TO 160 BY THE YEAR 2000. I THINK MY JOB IS SAFE, THEY CAN'T GET THE WORK DONE NOW WITH 12 PERSONNEL ACTIONS CLERK I CAN'T SEE THEM DOING IT WITH LESS. DID YOU HAVE A NICE HOLIDAY? DO ANYTHING SPECIAL? WE HAD RAIN ALL FOUR DAYS - (I HAD TAKEN OFF FRIDAY) - BUT IT WAS GREAT JUST NOT BEING AT WORK! I HAD BILL'S BIRTHDAY PRESENT DELIVERED EARLY (SEPT 18 IS HIS B'DAY). I GOT HIM A TV HE COULD SEE WITHOUT SITTING ON TOP OF -- RCA 52 INCH PROSCAN. IT'S GREAT AND HE SEEMS TO REALLY LOVE IT. I DON'T WATCH ENOUGH TO MATTER, BUT IT IS NICE FOR MOVIES. SHELLY AND HER DAUGHTER LESLIE CAME OVER FRIDAY EVENING TO HAVE PIZZA AND WATCH A MOVIE. THEY LIKED IT TOO! HOPE THINGS ARE GOING BETTER THERE. MY JOB IS GOING OK FOR NOW BUT A LOT OF THIS IS MEDICATION. MY DOCTOR PUT ME ON SOMETHING AGAIN WHEN I SAW HIM LAST MONTH. BLOOD PRESSURE WAY UP AND STARTING TO FEEL LIKE I WOULD CRY ANY MINUTE OVER ANYTHING! I SEE HIM AGAIN SEPT 13 MAYBE HE'LL TELL ME EVERYTHINGS OK (HA!:) THATS ALL FOR NOW - ITS SOMEWHERE AROUND 4 AM AND I HAVE TO GET READY FOR WORK. HI TO HOLLY! LOVE YA! KATHY In , on 09/05/96 at 01:23 PM, Asgaard said: >On Wed, 4 Sep 1996, Declan McCullagh wrote: >> The German Generalbundesanwaltschaft (Chief Federal Prosecutor's >> office) has "advised" the Internet providers to block access to >> "Radikal" (http://www.xs4all.nl/~tank/radikal) is a publication >> from the radical left that is illegal in Germany, but not in >> the Netherlands. >This is amazing. Without defending the German stand on the Revisionist >crap, that part is at least understandable in a historical context >(their sense of guilt for the unfortunate developments in the 30's >and 40's etc). But a quick overview of the contents of Radikal gives the >impression of an ordinary leftist zine, defining the outlawing of it as >pure political censorship in a Western 'democracy'. I'm truly surprised. >Asgaard Is there an URL with a English version? I am always curious to see what governments think they should "protect" their citizens from. Thanks, - -- - ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Merlin Beta Test Site - WarpServer SMP Test Site Author of PGPMR2 - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii at amaranth.com for PGP Key and other info - ----------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMi8ubY9Co1n+aLhhAQEA2AP+N9svCUkXskUhLE3AQ/O1EyaqAPQS5CKm jAqKfnPjfTwFYxdZyE/XPrL+K877JTL1R6aDSN+cHb+YsmOQES4Zxj9AyshZbM1h 5P9Yw7448JUNp/ve4kdBkVJ1e+/+PuojKqnqmET1+a4uCywi3tG4D5XIN1jOFNsX 4ReMh+U5XkU= =Gr7I -----END PGP SIGNATURE----- From pjn at nworks.com Fri Sep 6 04:10:22 1996 From: pjn at nworks.com (pjn at nworks.com) Date: Fri, 6 Sep 1996 19:10:22 +0800 Subject: Message-ID: In> what do you know about hackers More than you appariently... P.J. pjn at nworks.com ... Nothing is opened more often by mistake than YOUR mouth. ___ Blue Wave/QWK v2.20 [NR] From makof at alias.cyberpass.net Fri Sep 6 04:12:50 1996 From: makof at alias.cyberpass.net (makofi) Date: Fri, 6 Sep 1996 19:12:50 +0800 Subject: Steganography -- Tell-tale signs? Message-ID: <199609051650.JAA06725@sirius.infonex.com> Hi there! I'd appreciate some help from you experts in steganography. 1) If I hide some PGP encrypted data in a gif, jpg or wav file will there be any tell tale signs to the naked eye of an expert? If yes, what are they? 2) Would it better to hide the data in a jpg with black and white image rather than a color one? 3) Are there any tools at the moment to expose (not crack) the hidden encrypted data? If none. are there tools in development? If this appears twice please accept my apologies. I didn't see the first posting and so I assumed it was lost in transit. Please email replies to me directly if this is off-topic. Thank you. Makofi From wclerke at emirates.net.ae Fri Sep 6 04:15:29 1996 From: wclerke at emirates.net.ae (Wayne Clerke) Date: Fri, 6 Sep 1996 19:15:29 +0800 Subject: Using Compromised Remailers to Get the Goods Message-ID: <199609052137.BAA04432@ns2.emirates.net.ae> > From: Timothy C. May > To: cypherpunks at toad.com > Subject: Using Compromised Remailers to Get the Goods > Date: Thursday, 5 September 1996 8:28 < ... > > (For example, full sender untraceablility means that sources within police > departments can go home, log on with the own PCs, and sell information > about pending investigations, modulo their concerns about pointing to > themselves with information provided (see "canary traps"). Heh ... is this a 'whistle-SUCKER'? :-) > > --Tim May > EMail: wclerke at emirates.net.ae PGP key ID: AEB2546D FP: D663D11E DA19D74F 5032DC7E E001B702 PGP mail welcome. Voice: +971 506 43 48 53 Wayne Clerke If you're not living on the edge, you're taking up too much space. From tcmay at got.net Fri Sep 6 04:15:48 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 6 Sep 1996 19:15:48 +0800 Subject: ... subversive leftists Message-ID: At 11:23 AM 9/5/96, Asgaard wrote: >On Wed, 4 Sep 1996, Declan McCullagh wrote: > >> The German Generalbundesanwaltschaft (Chief Federal Prosecutor's >> office) has "advised" the Internet providers to block access to > >> "Radikal" (http://www.xs4all.nl/~tank/radikal) is a publication >> from the radical left that is illegal in Germany, but not in >> the Netherlands. > >This is amazing. Without defending the German stand on the Revisionist >crap, that part is at least understandable in a historical context >(their sense of guilt for the unfortunate developments in the 30's >and 40's etc). But a quick overview of the contents of Radikal gives the >impression of an ordinary leftist zine, defining the outlawing of it as >pure political censorship in a Western 'democracy'. I'm truly surprised. Leftists are despicable. They steal our money, they corrupt our politics, they nationalized our industries, they subvert our ideals, and they undermine our national will. The Democratic People's German Reich is fully justified in cutting off contacts with subversive radical publications in Jew-dominated nations like Holland. As Reichskommander Schmidt points out: "The citizen-units who access foreign Web sites will be rounded up and disposed of like the vermin they are. We cannot allow the Revisionists and Leftists to triumph. We will send them to the showers." Heil Freeh! --Klaus From nobody at zifi.genetics.utah.edu Fri Sep 6 04:20:26 1996 From: nobody at zifi.genetics.utah.edu (Anonymous) Date: Fri, 6 Sep 1996 19:20:26 +0800 Subject: Subject: Re: Race Bit: C Message-ID: <199609052031.OAA10096@zifi.genetics.utah.edu> No need to send to :Anonymous But since you did >Cc: cypherpunks at toad.com saying ... > If I understand you correctly, it is OK for a government to > institute violence against the residents of the land it claims > dominion over, but it is not acceptable for the inhabitants of > that piece of land to respond in self defence. I will say this: No, government initiation of violence (such as in Waco, Ruby Ridge, etc.) is not OK, and AsPol initiation of violence is not either. This can lead into a long argument about just _when_ violence is initiated, where opinion is more important than fact, but IMO: Randy Weaver was not initiating violence. David Keresh was not initiating violence. Pot growers and smokers are not initiating violence. But Mr. Bell, if he follows through on his scheme, *will* be initiating violence. His scheme, while it can sound tempting (especially every April 15th!) has no guarantee that it will _only_ be used against the Lon Horiuchis of our government, in fact, it may be said it is not guaranteed to not be used against Mr. Bell himself, as many have joked. There are two roads to take in life, convincing and coercing others. I think that the former is still possible, Mr. Bell and many others disagree. I worry that abuse of the very young and weak (for now) anonymity system for the purpose of initiating, rather than exposing, violence will lead to more government violence than we already have. Perhaps I am wrong and there is no hope; but if so, that means another revolution. Revolutions are very romantic sounding, to those who have not been in a war. I urge everyone to read "Emancipating Slaves, Enslaving Free Men" by Jeffrey Rogers Hummel for a look at what our last revolution got us (hint: it was *not* less government). I believe the book is available from Laissez Faire books. It is quite good, and refreshingly truthful when compared to the gobbledygook that most history teachers try to force down students' throats. From jya at pipeline.com Fri Sep 6 04:23:20 1996 From: jya at pipeline.com (John Young) Date: Fri, 6 Sep 1996 19:23:20 +0800 Subject: Metcalf and Other Net.Fogies Message-ID: <199609052028.UAA12733@pipe2.t1.usa.pipeline.com> On Sep 05, 1996 10:27:34, 'tcmay at got.net (Timothy C. May)' wrote: Tim's right on the "old fogies." Providing you make the cut off at about 50-55. After that you get retro-infantiles like me (at 61) who have fallen head over heels for the Internet, and are absolutely fed up with being "mature-and-responsible" -- that truly sucks, sucks, sucks. Elsewhere in my field (architecture) I get accused by 40-55 year-olds of trying to brainwash the under-30s. You bet I am, to warn them off the "mature" assholes who think their warped experience is the best teacher, when in fact all it teaches is how to be bent out of shape, and how to project and promote that distortion as the definition of reality. That crippling narrow vision passes at about 50-55 when you realize that you don't know shit, never did and never will. Every fails, in the end, well before The End. So what. Laugh, don't go hurt somebody. Yep, self-deception is the certain sign of maturity, get used to it, it's as unavoidable as the wars mature folks, fearing mortality, wage to kill the helplessness in themselves. Still, I admire the ingenuity of under-30s and over 55s who can trick the middling-matures into serving us, keeping us clothed and sheltered -- and entertained at their pompous fatuities. Don't trust anyone between 30 and 55, especially those nuts with a Solution for The Problem They've Dreamed Up. From declan at eff.org Fri Sep 6 04:23:21 1996 From: declan at eff.org (Declan McCullagh) Date: Fri, 6 Sep 1996 19:23:21 +0800 Subject: German prosecutors redouble attack on Net, subversive leftists In-Reply-To: Message-ID: Looks like a more extensive translation now is available at: http://www.anwalt.de/ictf/p960901e.htm Tho it's still not complete. The criminal law links are only available in German, for instance. -Declan On Thu, 5 Sep 1996, Stephan Schmidt wrote: > On Thu, 5 Sep 1996, Declan McCullagh wrote: > > > > > You're not talking about http://www.anwalt.de/ictf/p960901e.htm, are you? > > > > I'm talking about this link (you mentioned earlier). > > > Maybe I can translate it (or I can summarize it). > (tomorrow :) > > -stephan > > // declan at eff.org // I do not represent the EFF // declan at well.com // From mark at unicorn.com Fri Sep 6 04:23:59 1996 From: mark at unicorn.com (Rev. Mark Grant) Date: Fri, 6 Sep 1996 19:23:59 +0800 Subject: MUD anyone? In-Reply-To: <9608271647.AA22569@divcom.umop-ap.com> Message-ID: On Tue, 27 Aug 1996, Jon Leonard wrote: > I've been planning to run a MUD like that, at mud.umop-ap.com port 2121. > I just don't have enough coded to be worth announcing yet. Cool. What's it running under? I was planning to base it around the latest version of the Nightmare library for MudOS, which I just downloaded. If I can get a copy somehow I could start hacking on it. > Pseudonyms > Anonymous digital cash (issued by any pseudonym, not just "banks") > Public and private keys > Secret sharing > Anonymous broadcast & message pools > Anonymous markets All sounds like good stuff to me... DC Nets as well, of course. I guess we should also simulate the Net somehow, with Web servers, email, etc. Though the Nightmare library apparently lets you create Mud objects which can access the Web so perhaps we can use the real one somehow (with the obvious security implications). What else? Protection Agencies Escrow Agencies Private Law Courts (probably controlled by players rather than the computer) Reputation Agencies > What am I missing? Should there be direct support for Jim Bell's > assasination markets? It'd provide a means of demonstrating its > ineffectiveness as a means of social control. I think it should be incorporated, but I think that people can set them up easily themselves. Perhaps we should have an NPC-run 'Assasins Inc' which would run the lottery, and then players could do the actual 'wet work'. But yes, I'd really like to see how this would work in the game. As I said I'm thinking of this more as a semi-scientific experiment than a pure game. We have some idea of how this stuff should work in theory, but little of how it works in practice. I do think though that we'd have to enforce some kind of rule against 'disposable characters', otherwise people could simply create a new character every time they were killed trying to assasinate someone. There would need to be some disadvantage to just going in guns-blazing and being killed ten times in a row. > I think that for purposes of simulation, it's reasonable to model > cryptographic primitives in a "Trust the server" mode, because you > need to trust the MUD server anyway (unlike a government), and it > puts a much lower load on the CPU. Yep, I agree. I would like to include the real protocols but it's going to be far too slow. So we could create, say, remailer objects, anonymous digital cash objects, etc. As long as they have the same properties in 'SimAnarchy' as they would in real life then the actual behind the scene mechanics don't matter. We could, perhaps, allow characters to break protocols if they could accumulate enough processing power. I don't know how low a level we'd want to go to. I think that having an explicit group of remailers (and 'IP rerouters') would be a good idea as it would allow people to try to crack messages and perform traffic analysis. Some remailers could be run by NPCs (some of whom would be trustworthy and some wouldn't), others by the players themselves (with or without logging enabled). I'd like to also include some way by which players could write 'software' even if they weren't able to create new objects for the game. So they could perhaps write front-ends for remailers and give them away or sell them to other players. > There's also the question of log policy. Having run a MUD for a few > years, I want to keep logs for bug detection. A declared policy that > they aren't released for n years would work though. Opinions, anyone? Part of me thinks that we should explicitly state that anything may be logged and used in sociological research. Perhaps we could create some kind of secure protocol to allow users to connect without revealing their real identities, so that it wouldn't matter if they were logged? Anyone want to set up a mailing list for this discussion? Mark |-----------------------------------------------------------------------| |Reverend Mark Grant M.A., U.L.C. EMAIL: mark at unicorn.com | |WWW: http://www.c2.org/~mark MAILBOT: bot at unicorn.com | |Approximate Current Location: Auckland, New Zealand | |-----------------------------------------------------------------------| From omega at bigeasy.com Fri Sep 6 04:25:15 1996 From: omega at bigeasy.com (Omegaman) Date: Fri, 6 Sep 1996 19:25:15 +0800 Subject: What is the EFF doing exactly? Message-ID: <199609051928.OAA19142@bigeasy.com> > If anyone objects the officals responsible make a wide gesture and say "We > didn't take away your phones, CRIMINALS took away your phones." Indeed. It appears the Unabomber has taken away the privelege of dropping stamped mail weighing over 16ozs into street-side mailboxes. One is now instructed to take these packages to a post-office mail clerk for mailing. (Of course it's unclear just what would be done if a package weighing over that magical 16ozs was left in a mailbox) > The real question is this, what are you going to do to anihilate anonymous > communication, because if you think its harmful that's what you have to > do. > What strikes me as odd is that the arguments against anonymous communication are nearly identical to those against strong crypto. ie. the same four horsemen flare up in these discussions. Yet we have parties who are ostensibly pro-crypto but anti-anonymity. To put it in a nutshell, in a free societ