From eugen at leitl.org Sun Dec 1 01:26:34 2002 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 1 Dec 2002 10:26:34 +0100 (CET) Subject: CNN.com - WiFi activists on free Web crusade - Nov. 29, 2002 (fwd) In-Reply-To: <021f01c298c7$9b95e100$01c8a8c0@davehowe> Message-ID: On Sat, 30 Nov 2002, Dave Howe wrote: > without routing and name services, you have what amounts to a propriatory I believe I mentioned geographic routing (which is actually switching, and not routing) so your packets get delivered, as the crow flies. The question of name services. How often do you actually use a domain name as an end user? Not very often. People typically use a search engine. It doesn't matter how the URI looks like, as long as it can be clicked on, or is short enough to be cut and pasted, or written down on a piece of paper and entered manually, in a pinch. So you need (distributed) searching and document (not machine) address spaces, which current P2P suites create the architecture for. > NAT solution - no way to address an interior node on the cloud from the It depends on how large the network is. Wireless is potentially a much bigger node cloud, so the current Internet could became a 'proprietary niche' eventually. However, there is no reason why the nodes wouldn't have a second address, or the IPv6 address would double as a geographic coordinate. At least during the migration. > internet (and hence, peer to peer services or any other protocol that > requires an inbound connection not directly understood by the nat > translation - eg ftp on a non standard port or ssl-encrypted as ftps) Fear not. > under ipv6 you can avoid having to have a explicit naming service - the You obviously understand under naming service something other than DNS. > cloud id of the card (possibly with a network prefix to identify the cloud > as a whole) can *be* the unique name; routing is still an issue but that Anything which relies on global routing tables and their refresh will always has an issue. Which is why geographical local-knowledge routing will dominate global networks. > reduces to being able to route to a unique node inside the cloud - which > appears from a brief glance at the notes from Morlock Elloi (thanks again :) > to have at least a workable trial solution. if a IPv6 internet ever becomes > a reality, clouds would fit right in. It is a patch, not a solution. But wireless ad hoc meshes are really a first real reason to go IPv6. > TCP/IP tunnelling without a name service at at least one end isn't workable; > *static* NAT/PAT is of course a name service and can't be considered, but > SOCKS and socks aware p2p is a definite possibility. The best solution would seem to leave the multilingual node the choice of means of delivery. It would be completely transparent to the packet. From camera_lumina at hotmail.com Sun Dec 1 08:08:17 2002 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sun, 01 Dec 2002 11:08:17 -0500 Subject: CNN.com - WiFi activists on free Web crusade - Nov. 29, 2002 (fwd) Message-ID: "Photons are bosons, so they don't interact with each other. Photon detectors can and usually have anisotropic sensitivity. Sure you can never beat fiber, but line of sight is free..." Well, by interfere I meant in the detectors of course. So are you telling me that two WiFi receivers pointed in different directions will not receive the same information? I don't think WiFi (IR) is all that directional is it? If it is, then maybe we CAN have a new LAN segment. >From: Eugen Leitl >To: Tyler Durden >CC: >Subject: Re: CNN.com - WiFi activists on free Web crusade - Nov. 29, 2002 >(fwd) >Date: Sun, 1 Dec 2002 11:39:37 +0100 (CET) > >On Sat, 30 Nov 2002, Tyler Durden wrote: > > > I just don't see how a single WiFi cloud will be able to scale very far. >All > > the WiFi users within "eyeshot" of each other are always going to >contend > > for bandwidth, no? It'll be just like the old half-duplex 10BaseT copper > >There is limited bandwidth within a cell, if you use omni radiators. How >high is the limit? No one knows, but you can get 100 MBits/s with current >ultrabroadband prototypes. Then you have stuff like > > http://www.mobileinfo.com/News_2002/Issue05/NTT_2.5gps.htm > >Wireless Transfer Rate of 10 Gbps Possible, NTT says > >Always stretching the boundaries of wireless communications is Japanese >telecom NTT. > >The company?s most recent accomplishment was achieving a peak data >transfer rate of 2.5 Gbps, breaking the recorded rate of 1 Gbps; NTT >researchers now believe they will eventually break the 10 Gbps barrier. > >As the airwaves become increasingly congested, exploring uncharted >airwaves could pay NTT high dividends in the future. > >As an article in ComputerWire explains, NTT's solution has been to harness >new electronic and optical technologies to access the empty 120 GHz radio >band. Optical systems are used to generate the original signal which is >passed, using amplitude modulation to a 300 GHz photodiode, which creates >an electrical signal that is passed to a direct slot antenna. The key to >the whole process is the 300 GHz photodiode, which harnesses optical >technology, in this case the Lithium Niobate substrate originally designed >for light switching, to the business of generating an electrical signal. > >Commercial viability is still a ways off. At the moment, the sustained >1.25 Gbps signal generates a range of only 50 cm. Nevertheless, as demand >for wireless services out strips available spectrum, NTT will no doubt >find itself swarmed by partners and competitors alike. > >Then, you have funky stuff like antenna arrays. People have started >tinkering on MEMS galvanometers lately, which would allow to use line of >sight lasers across free space without need for manual alignment; possibly >dynamically tracking moving objects. > > > LANs. And I still don't understand how a WiFi router will help you...if >the > >Current routers use an omni to cover local area, and directional aeries to >create a mesh with their peers. Directional aerials for long-range >connections have both a longer range and are less sensitive to crosstalk >from the omni. > > > different Layer2 LANs overlap in space at all, they'll interfere with >each > > other optically even if they are on different segments. (With copper you > >Photons are bosons, so they don't interact with each other. Photon >detectors can and usually have anisotropic sensitivity. Sure you can never >beat fiber, but line of sight is free... > > > didn't even have this problem.) Thus, aren't you stuck with zillions o > > little WiFi islands that must not overlap without things getting very >slow? > >No. > > > As for service providers not wanting freeloaders, I'd point out that DSL > > "cares" much less....the DSL connection is mapped over ATM and is >basically > >If I have a P2P infrastructure run on end-user owned hardware (little >boxes glued to windowpanes) across an urban area with ~100 MBps/cell there >is not all that much use for an ISP. > >Things only become difficult if you want to crosslink cities. Here you >have to use fiber, or similiar. > > > a dedicated connection to a router port, with fixed bandwidth in either > > direction. Whether that port is processing lots of freeloader packets or > > idle packets from a single dedicated user shouldn't matter much. > > > > Uh, but now that I think of it ATM does allow for some oversubscription, >so > > in order to maximize the conection between the DSLAM and the ATM switch > > that's in front of the router (it might be in thesame box as the router, >I > > know!), maybe they'l discourage freeloading. BUT, DSL companies have >been > > touting that they're very happy for you to put a home-based LAN on your >side > > of the connection (Cable Modem providers don't normally like that). _________________________________________________________________ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail From eugen at leitl.org Sun Dec 1 02:39:37 2002 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 1 Dec 2002 11:39:37 +0100 (CET) Subject: CNN.com - WiFi activists on free Web crusade - Nov. 29, 2002 (fwd) In-Reply-To: Message-ID: On Sat, 30 Nov 2002, Tyler Durden wrote: > I just don't see how a single WiFi cloud will be able to scale very far. All > the WiFi users within "eyeshot" of each other are always going to contend > for bandwidth, no? It'll be just like the old half-duplex 10BaseT copper There is limited bandwidth within a cell, if you use omni radiators. How high is the limit? No one knows, but you can get 100 MBits/s with current ultrabroadband prototypes. Then you have stuff like http://www.mobileinfo.com/News_2002/Issue05/NTT_2.5gps.htm Wireless Transfer Rate of 10 Gbps Possible, NTT says Always stretching the boundaries of wireless communications is Japanese telecom NTT. The company?s most recent accomplishment was achieving a peak data transfer rate of 2.5 Gbps, breaking the recorded rate of 1 Gbps; NTT researchers now believe they will eventually break the 10 Gbps barrier. As the airwaves become increasingly congested, exploring uncharted airwaves could pay NTT high dividends in the future. As an article in ComputerWire explains, NTT's solution has been to harness new electronic and optical technologies to access the empty 120 GHz radio band. Optical systems are used to generate the original signal which is passed, using amplitude modulation to a 300 GHz photodiode, which creates an electrical signal that is passed to a direct slot antenna. The key to the whole process is the 300 GHz photodiode, which harnesses optical technology, in this case the Lithium Niobate substrate originally designed for light switching, to the business of generating an electrical signal. Commercial viability is still a ways off. At the moment, the sustained 1.25 Gbps signal generates a range of only 50 cm. Nevertheless, as demand for wireless services out strips available spectrum, NTT will no doubt find itself swarmed by partners and competitors alike. Then, you have funky stuff like antenna arrays. People have started tinkering on MEMS galvanometers lately, which would allow to use line of sight lasers across free space without need for manual alignment; possibly dynamically tracking moving objects. > LANs. And I still don't understand how a WiFi router will help you...if the Current routers use an omni to cover local area, and directional aeries to create a mesh with their peers. Directional aerials for long-range connections have both a longer range and are less sensitive to crosstalk from the omni. > different Layer2 LANs overlap in space at all, they'll interfere with each > other optically even if they are on different segments. (With copper you Photons are bosons, so they don't interact with each other. Photon detectors can and usually have anisotropic sensitivity. Sure you can never beat fiber, but line of sight is free... > didn't even have this problem.) Thus, aren't you stuck with zillions o > little WiFi islands that must not overlap without things getting very slow? No. > As for service providers not wanting freeloaders, I'd point out that DSL > "cares" much less....the DSL connection is mapped over ATM and is basically If I have a P2P infrastructure run on end-user owned hardware (little boxes glued to windowpanes) across an urban area with ~100 MBps/cell there is not all that much use for an ISP. Things only become difficult if you want to crosslink cities. Here you have to use fiber, or similiar. > a dedicated connection to a router port, with fixed bandwidth in either > direction. Whether that port is processing lots of freeloader packets or > idle packets from a single dedicated user shouldn't matter much. > > Uh, but now that I think of it ATM does allow for some oversubscription, so > in order to maximize the conection between the DSLAM and the ATM switch > that's in front of the router (it might be in thesame box as the router, I > know!), maybe they'l discourage freeloading. BUT, DSL companies have been > touting that they're very happy for you to put a home-based LAN on your side > of the connection (Cable Modem providers don't normally like that). From DaveHowe at gmx.co.uk Sun Dec 1 15:28:43 2002 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Sun, 1 Dec 2002 23:28:43 -0000 Subject: CNN.com - WiFi activists on free Web crusade - Nov. 29, 2002 (fwd) References: Message-ID: <010901c29991$d2954220$01c8a8c0@davehowe> Eugen Leitl wrote: > On Sat, 30 Nov 2002, Dave Howe wrote: > I believe I mentioned geographic routing (which is actually > switching, and not routing) so your packets get delivered, as the > crow flies. The question of name services. How often do you actually > use a domain name as an end user? Not very often. People typically > use a search engine. It doesn't matter how the URI looks like, as > long as it can be clicked on, or is short enough to be cut and > pasted, or written down on a piece of paper and entered manually, in > a pinch. ah. Sorry, I don't think of dns as a name service (apart from once removed) - we are talking DHCP or similar routable-address assignment. >> under ipv6 you can avoid having to have a explicit naming service - >> the > You obviously understand under naming service something other than > DNS. yup - I recognise anything as a naming service that allows you to associate a routable name with a node that otherwise has only a mac address; > Anything which relies on global routing tables and their refresh will > always has an issue. Which is why geographical local-knowledge routing > will dominate global networks. Indeed so - but of course the current internet *does* work that way, so any new solution that advertises itself as "Free Internet access" *must* fit into the current scheme or it is worthless. > The best solution would seem to leave the multilingual node the > choice of means of delivery. It would be completely transparent to > the packet. Unfortunately, such abstraction fails unless the *sender* knows how to push the packet in the right direction, and each hop knows how to get it a little nearer; this more or less requires that each node be given a unique identifier compatable with the existing system, and given the existing system is still ipv4, there are problems. From pcw2 at flyzone.com Sun Dec 1 20:49:18 2002 From: pcw2 at flyzone.com (Peter Wayner) Date: Sun, 1 Dec 2002 23:49:18 -0500 Subject: Question on P=NP In-Reply-To: <20021201165540.92853.qmail@web21204.mail.yahoo.com> References: <20021201165540.92853.qmail@web21204.mail.yahoo.com> Message-ID: At 8:55 AM -0800 12/1/02, Sarad AV wrote: >hi, > >Is the problem P=NP or not 'Decidable'. I don't even think we know. I vaguely remember someone saying that it would be really fascinating if it turned out not to be decidable. -Peter From mv at cdc.gov Mon Dec 2 08:24:03 2002 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 02 Dec 2002 08:24:03 -0800 Subject: Wireless Routing, Position Inference (was Re: CNN.com - WiFi activists on free Web crusade) Message-ID: <3DEB8923.57D29DE3@cdc.gov> At 02:57 PM 12/2/02 +0000, Peter Fairbrother wrote: > >What I don't understand is how a node knows the location of a person who >moves about in the first place. > >Also, I don't like the idea that my location is known by the location of my >equipment. But I know very little about geographical routing. I'll bite. Lets think about fundamentals, and play the adversary game. If I know that you can receive in *any wireless* system, then I know something about your location. This includes nets with huge 'cells', like a 100,000 watt commercial broadcast station (are you listening to KFOO or WFOO?), and nets with smaller cells, like the 'cellular' phones and 802.11foo meshes. The only difference (albeit a significant one) is the size of the cell ---the smaller your cells the more bits I get about your location. (Barring cypherpunk jokesters who make cell calls from the foci of dishes to hit another base station...) Of course if you're needing to transmit, you give your location. If you're needing to receive, and you roam beyond the diameter of a single 'cell', you are going to have to transmit your location (think cell phones) for routing XOR the system has no routing and must broadcast to all cells (think pagers) (you might consider the physical cells merged into a large single virtual cell in this case.). This latter doesn't scale. ---- Got Yagis? From eugen at leitl.org Mon Dec 2 00:42:36 2002 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 2 Dec 2002 09:42:36 +0100 (CET) Subject: CNN.com - WiFi activists on free Web crusade - Nov. 29, 2002 (fwd) In-Reply-To: <010901c29991$d2954220$01c8a8c0@davehowe> Message-ID: On Sun, 1 Dec 2002, Dave Howe wrote: > ah. Sorry, I don't think of dns as a name service (apart from once > removed) - we are talking DHCP or similar routable-address assignment. You can use GPS as naming service (name collisions are then equivalent to physical space collisions). You can actually label the nodes automagically, once you know that it's a nearest-neighbour mesh spanned over patches of Earth surface. You can use signal strenght and relativistic ping to make mutual time of flight triangulation. It is a good idea to use a few GPS anchor nodes, so that all domains are consistent. > Indeed so - but of course the current internet *does* work that way, > so any new solution that advertises itself as "Free Internet access" > *must* fit into the current scheme or it is worthless. I think it can fit. > Unfortunately, such abstraction fails unless the *sender* knows how to > push the packet in the right direction, and each hop knows how to get > it a little nearer; this more or less requires that each node be given > a unique identifier compatable with the existing system, and given the No, an orthogonal identifier is sufficient. In fact, DNS loc would be a good start. The system can negotiate whatever routing method it uses. If the node doesn't understand geographic routing, it falls back to legacy methods. > existing system is still ipv4, there are problems. From camera_lumina at hotmail.com Mon Dec 2 07:12:52 2002 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 02 Dec 2002 10:12:52 -0500 Subject: A couple of book questions...(one of them about Completeness) Message-ID: >That any particular string can be -precisely- defined as truth or false >as required by the definition of completeness, is what is not possible. Here we come down to what appears to be at the heart of the confusion as far as I see it. "True", depending on who's saying it (even in a discussion of Godelian Completeness), may be different. Mathematical types may define "true" as being "provably true", meaning something like "this statement can be derived from the other statements in my system by building up from logic plus the fundamental axioms". In Godel, in any formal system there are statements that are true but unprovable in that system. This would seem to render the notion of "true" above meaningless. But what it means in a "practical" sense is that there may be truisms (such as, "there exists no solution to the problem of a^n + b^n = c^n, where a,b,c and n are integers and n>2"), which are true (and let's face it, this statement is either true or false) but which can not be proven given the fundamental axioms of the system. Thus, in order to build more mathematics with this "truth", it must be incoroprated as an axiom. (Godel also says that after this "incoporation" is done, there will now be new unprovable statements.) I originally mentioned Godel in the context of the notion of the dificulty of factoring large numbers. My point was that its possible that... 1) Factoring is inherently difficult to do, and no mathematical advances will ever change that. and 2) We may never be able to PROVE 1 above. Thus, we may have to forever live with the uncertainty of the difficulty of factorization. _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail From DaveHowe at gmx.co.uk Mon Dec 2 02:35:04 2002 From: DaveHowe at gmx.co.uk (David Howe) Date: Mon, 2 Dec 2002 10:35:04 -0000 Subject: CNN.com - WiFi activists on free Web crusade - Nov. 29, 2002 (fwd) References: Message-ID: <00e301c29a07$d127f2e0$c71121c2@sharpuk.co.uk> at Monday, December 02, 2002 8:42 AM, Eugen Leitl was seen to say: > No, an orthogonal identifier is sufficient. In fact, DNS loc would be > a good start. I think what I am trying to say is - given a "normal" internet user using IPv4 software that wants to connect to someone "in the cloud", how does he identify *to his software* the machine in the cloud if that machine is not given a unique IP address? few if any IPv4 packages can address anything more complex than a IPv4 dotted quad (or if given a DNS name, will resolve same to a dotted quad) > The system can negotiate whatever routing method it uses. If the node > doesn't understand geographic routing, it falls back to legacy > methods. odds are good that "cloud" nodes will be fully aware of geographic routing (there are obviously issues there though; given a node that is geographically "closer" to the required destination, but does not have a valid path to it, purely geographic routing will fail and fail badly; it may also be that the optimum route is a longer but less congested (and therefore higher bandwidth) path than the direct one. For a mental image, imagine a circular "cloud" with a H shaped hole in it; think about routing between the "pockets" at top and bottom of the H, now imagine a narrow (low bandwidth) bridge across the crossbar (which is a "high cost" path for traffic). How do you handle these two cases? From zenadsl6186 at zen.co.uk Mon Dec 2 06:57:19 2002 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Mon, 02 Dec 2002 14:57:19 +0000 Subject: CNN.com - WiFi activists on free Web crusade - Nov. 29, 2002 In-Reply-To: Message-ID: Eugen Leitl wrote: > On Sun, 1 Dec 2002, Dave Howe wrote: > >> ah. Sorry, I don't think of dns as a name service (apart from once >> removed) - we are talking DHCP or similar routable-address assignment. > > You can use GPS as naming service (name collisions are then equivalent to > physical space collisions). You can actually label the nodes > automagically, once you know that it's a nearest-neighbour mesh spanned > over patches of Earth surface. You can use signal strenght and > relativistic ping to make mutual time of flight triangulation. It is a > good idea to use a few GPS anchor nodes, so that all domains are > consistent. What I don't understand is how a node knows the location of a person who moves about in the first place. Also, I don't like the idea that my location is known by the location of my equipment. But I know very little about geographical routing. -- Peter Fairbrother From eugen at leitl.org Mon Dec 2 07:41:51 2002 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 2 Dec 2002 16:41:51 +0100 (CET) Subject: CNN.com - WiFi activists on free Web crusade - Nov. 29, 2002 In-Reply-To: Message-ID: On Mon, 2 Dec 2002, Peter Fairbrother wrote: > What I don't understand is how a node knows the location of a person > who moves about in the first place. The node spans a cell. Similiar to your cellular phone, you can link an ID to a cell. Within the cell you can use relativistic ping and/or signal strength (that's how mobile phone localization is done today). Since cells overlap you've got a lot of constraints to get a position fix. > Also, I don't like the idea that my location is known by the location > of my equipment. But I know very little about geographical routing. Your location is already known, whether you're using wire or wireless. Wireless has limited range, cables are expensive enough so that their lenght is being minimized. Traceroutes and signal pings and already existing IP location databases make anonymity a myth. The only way to address it is to use anonymizing proxies/traffic remixing. Geographic routing is intrinsically resistant to address spoofing (neighbours will refuse routing packets from obviously bogus origin). If you want to avoid disclosing your physical location, use a higher, anonymizing protocol layer. From anmetet at freedom.gmsociety.org Mon Dec 2 15:44:29 2002 From: anmetet at freedom.gmsociety.org (An Metet) Date: Mon, 2 Dec 2002 18:44:29 -0500 Subject: test post from ??? Message-ID: do not reply! From camera_lumina at hotmail.com Tue Dec 3 07:27:32 2002 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 03 Dec 2002 10:27:32 -0500 Subject: A couple of book questions...(one of them about Completeness) Message-ID: Well, this is quite a post, and I agree with most of it. As for the Godel stuff, there's a part of it with which I disagree (or at least as far as I take what you said). >If you want >to compare something mathematically you -must- use the same axioms and >rules of derivation. The -only- discussion there is one of two parts: >Is the sequence of applications/operators valid? (ie Proof) >Is the sequence terminal, does it leave room for more derivation? > (ie Publish or Perish) Well, not necessarily, unless I misunderstand you. Take the Fermat's last theorem example I gave (a^n+b^n=c^n for a,b,c,n integers but n>2). And let's say I want to "prove" (or disprove) the statement "This has no solution for n>2. There are two 'distinct' methods of determining the validity of the statement. One is by what is normally considered a "proof". In other words, by building up from axioms using the logical rules of the system. The other is to actually find a solution for a,b,c and n. In this case the statement will have been disproven, but not by a series of logical statements and axioms. It is now seen to be "untrue", but not via the methods of "proof". Thus, the statement is untrue, and (possibly) unprovably untrue (which is the same thing as saying the statement's negation is "unprovably true"). Now if subsequent truths need to be made but require the statement above (a^n+b^n=c^n has no solution for n>2), even though we know that it is true (or untrue, in my example above), to build subsequent truths we need to include this statement as an axiom even though we know it's true. It's "true", but unprovable. But perhaps this is what you meant. >And no, there is zero confusion on what true means under Godel or Cauchy. Yes, I agree, and the confusion to which I referred had to do with the term "true" as it seemed to be used by various parties in the conversation. From this alone I think a big "take away" here is that "true" in the Godelian sense means something probably quite different from what many believe it to be. >The reality is that most people have problems grasping concepts or >ideas because there is a conflict with other ideas/concepts they hold dear >and near. In most cases of mental block it is an emotional issue not an >intellectual one. People have a hard time learning not because they are >stupid but because they don't deal with their emotional landscape >effectively. Couldn't agree more. "Reason is the whore of desire." Well, not always, but its clear to me that most of the time we start with the conclusion we want and then work backwards! Most human beings seem to stumble upon some little piece of flotsam and then cling onto it for dear life, not knowing they can actually swim (or perhaps they don't need to!). I don't consider myself an exception, except for the fact that knowing this, I constantly try to expose myself to information and experiences that do not correspond to what I currently believe. As the spanish mystic St John of the Cross wrote: "To come to be what you are not, you must go by a way in which you are not. To come to know what you know not, you must go by a way in which you know not." _________________________________________________________________ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail From schear at attbi.com Tue Dec 3 11:09:42 2002 From: schear at attbi.com (Steve Schear) Date: Tue, 03 Dec 2002 11:09:42 -0800 Subject: CNN.com - WiFi activists on free Web crusade - Nov. 29, 2002 In-Reply-To: References: Message-ID: <5.1.0.14.2.20021203110216.0352e6b8@mail.attbi.com> At 12:54 PM 12/3/2002 -0500, Sunder wrote: >Simple. Signal strength from at least three access points will pinpoint >your location. If any of the AP's have known GPS coordinates, your >location can be interpolated. > >To fix this, change your MAC address (or whatever WiFi uses for that), >randomly every time you move around, and don't share things that can >identify your machine. i.e don't run things such as SMTP, FTP, Microsoft >File sharing which give away your host name, and don't accept cookies from >web sites that can track you, and make sure your browser doesn't leak your >email address, and be aware that anything you do can be sniffed. In the late 70s, I was at TRW we built inflatable (beach ball) antennas for a black project. About 1/3 of the balloon's inside surface was aluminized and the feed was simply snapped into place at the opposite side. The antenna could either be used hand-held or place in a ring mount on a flat surface. This sort of approach could work well for cell phones and WiFi cards with external antenna port. For cell phones the entire instrument could be placed in at the reflector's focus and operated via a mic/headset adapter (some older Nokia models have an external antenna port behind a small rubber plug on the rear.) A State must pay attention to virtue, because the law is a covenant or a guarantee of men's just claims, but it is not designed to make the citizens virtuous and just -- Aristotle From sunder at sunder.net Tue Dec 3 09:54:54 2002 From: sunder at sunder.net (Sunder) Date: Tue, 3 Dec 2002 12:54:54 -0500 (est) Subject: CNN.com - WiFi activists on free Web crusade - Nov. 29, 2002 In-Reply-To: Message-ID: Simple. Signal strength from at least three access points will pinpoint your location. If any of the AP's have known GPS coordinates, your location can be interpolated. To fix this, change your MAC address (or whatever WiFi uses for that), randomly every time you move around, and don't share things that can identify your machine. i.e don't run things such as SMTP, FTP, Microsoft File sharing which give away your host name, and don't accept cookies from web sites that can track you, and make sure your browser doesn't leak your email address, and be aware that anything you do can be sniffed. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :NSA got $20Bil/year |Passwords are like underwear. You don't /|\ \|/ :and didn't stop 9-11|share them, you don't hang them on your/\|/\ <--*-->:Instead of rewarding|monitor, or under your keyboard, you \/|\/ /|\ :their failures, we |don't email them, or put them on a web \|/ + v + :should get refunds! |site, and you must change them very often. --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Mon, 2 Dec 2002, Peter Fairbrother wrote: > What I don't understand is how a node knows the location of a person who > moves about in the first place. > > Also, I don't like the idea that my location is known by the location of my > equipment. But I know very little about geographical routing. From schear at attbi.com Tue Dec 3 13:33:34 2002 From: schear at attbi.com (Steve Schear) Date: Tue, 03 Dec 2002 13:33:34 -0800 Subject: CNN.com - WiFi activists on free Web crusade In-Reply-To: <3DED0761.ADBDBE12@cdc.gov> Message-ID: <5.1.0.14.2.20021203131834.045ffe80@mail.attbi.com> At 11:34 AM 12/3/2002 -0800, you wrote: >At 12:54 PM 12/3/02 -0500, Sunder wrote: > >To fix this, change your MAC address (or whatever WiFi uses for that), > >randomly every time you move around, and don't share things that can > >identify your machine. i.e don't run things such as SMTP, FTP, >Microsoft > >File sharing which give away your host name, and don't accept cookies >from > >web sites that can track you, and make sure your browser doesn't leak >your > >email address, and be aware that anything you do can be sniffed. > >Hope that identifying 802.11 transmitters from their analog artifactual >properties [1] is more >difficult than identifying a Morse Coder's fist. The technology to identify transmitters from the "keying" characteristics of the transmitter was commercially made available by Corsair Communications http://www.corsair.com/ (now merged with Lightbridge) using PhonePrint technology licensed from TRW's Avionics & Surveillance Group. They claim it was successful in preventing over 250 million fraudulent cloned handset call. It appears PhonePrint is no longer being actively marketed by Lightbridge. steve From schear at attbi.com Tue Dec 3 13:55:54 2002 From: schear at attbi.com (Steve Schear) Date: Tue, 03 Dec 2002 13:55:54 -0800 Subject: DBCs now issued by DMT Message-ID: <5.1.0.14.2.20021203135301.045fc898@mail.attbi.com> Digital Monetary Trust now supports Digital Bearer Certificates. https://196.40.46.24/dmtext/jog/dmt_bearercert.htm Although the DBC are not blinded, DMT claims it maintains no client data on its accounts so there is a modicum of anonymity in transactions. steve A State must pay attention to virtue, because the law is a covenant or a guarantee of men's just claims, but it is not designed to make the citizens virtuous and just -- Aristotle From tcmay at got.net Tue Dec 3 16:06:12 2002 From: tcmay at got.net (Tim May) Date: Tue, 3 Dec 2002 16:06:12 -0800 Subject: DBCs now issued by DMT In-Reply-To: <5.1.0.14.2.20021203135301.045fc898@mail.attbi.com> Message-ID: <32C3361D-071C-11D7-9D30-0050E439C473@got.net> <<< No Message Collected >>> From info at ccstrade.com Tue Dec 3 14:11:54 2002 From: info at ccstrade.com (Capitol Commodity Services, Inc.) Date: Tue, 3 Dec 2002 16:11:54 -0600 (CST) Subject: Managed Account Performance Message-ID: <20021203221154.A90A984428@mail.ccstrade.com> An embedded and charset-unspecified text was scrubbed... Name: not available URL: From rah at shipwright.com Tue Dec 3 16:20:22 2002 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 3 Dec 2002 19:20:22 -0500 Subject: DBCs now issued by DMT In-Reply-To: <20021203160310.P26969@corp.earthlink.net> References: <20021203160310.P26969@corp.earthlink.net> Message-ID: At 4:03 PM -0800 on 12/3/02, Somebody wrote: > Using xmlrpc for message passing, no less! Man, you gotta love that > for simplicity. One mustn't let the best kill the good enough, certainly, though, without blinding, it'll be interesting if this airplane lifts its wheels, security-wise. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue Dec 3 16:20:34 2002 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 3 Dec 2002 19:20:34 -0500 Subject: DBCs now issued by DMT In-Reply-To: <20021203160646.S26969@corp.earthlink.net> References: <20021203160646.S26969@corp.earthlink.net> Message-ID: At 4:06 PM -0800 on 12/3/02, Somebody wrote: > I forgot to ask: who the hell is DMT? Nobody I ever heard of... > How are they marketing this > stuff - on a website with only an IP address... :-). > or, who have they gotten to use it thus far? Nobody I ever heard of... However, that old volcano's giving off some tasty beta-waves, dontcha think? Cheers, RAH [Sounds like a low "C" to me...] -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From remailer at aarg.net Tue Dec 3 20:07:09 2002 From: remailer at aarg.net (AARG! Anonymous) Date: Tue, 3 Dec 2002 20:07:09 -0800 Subject: copyright, royalties, micropayments, Finn cabbies to pay References: <3DED5032.16EE43F3@cdc.gov> Message-ID: mv at cdc.gov (Major Variola ret) writes: > http://www.ananova.com/news/story/sm_721008.html > > Finnish taxi drivers to pay royalties for backseat music > > Finland's Supreme Court has ruled taxi drivers must pay royalty fees > if they play music in their car while a customer is in the backseat. > > The order even applies to the radio. > > A case, based on one driver's refusal to pay, is likely to set a > precedent for the 9,500 cab drivers in the country. > > Under the ruling, a cab driver in Finland must pay #14 annually for > playing music while transporting a fare. > > Lauri Luotonen, chairman of the Helsinki Taxi Drivers' Association, > says the ruling is likely to force most drivers to keep their radios > off. > > Recently, two Finnish churches refused to pay royalties to the > country's copyright society for the performance of Christmas hymns. > The congregations won their case in a district court, but the society > has appealed. From mcrandall at mailvault.com Tue Dec 3 19:58:24 2002 From: mcrandall at mailvault.com (Martin Crandall) Date: Tue, 03 Dec 2002 22:58:24 -0500 (EST) Subject: Password security Message-ID: <200212040358.gB43wkuK006252@slack.lne.com> I've been thinking about and investigating the issue of password management. Passwords are the weak link in any computer security system. The problem is that following the standard recommendations -- choose long, random passwords, and never recycle them for use with multiple accounts -- quickly overloads the memory capacity of all but the most dedicated. Here are some solutions that I've been investigating, intended to be practical for unsophisticated computer users. I'd like your comments. 1. Use Diceware (www.diceware.com) to generate passphrases. The way it works is that you use physical randomness (rolling dice) to generate groups of five numbers in the range 1-6. For each group of five numbers you then look up the corresponding word in a list of 7000+ of the shortest English words. Your passphrase is the sequence of words thus generated, separated by spaces. I have found that the passphrases generated using this method are much easier to memorize than random alphanumeric strings of equal entropy. You get a shorter sequence of symbols by choosing from a larger -- and semantically rich -- "alphabet" (the list of 7000+ words). 2. Use something like Bruce Schneier's Password Safe (now an open source project at http://passwordsafe.sourceforge.net) to keep track of your passwords, so that you only absolutely, positively have to remember one. 3. The problem now is that Password Safe only runs on the notoriously insecure Windows operating systems. Even if it were to be ported to something more secure (Linux, *BSD), there are still plenty of security bugs found every day even on these systems, and it's not inconceivable that someone hacking into your system could catch your master password as you type it into Password Safe. I'm very uncomfortable with the idea of leaving my password database on any network-connected machine. This leaves two possibilities: 3a. Keep your "password database" as a handwritten list on physical paper. This is secure from network attacks, but physical security is minimal. 3b. Use a Palm OS-based PDA with PDA Defense (www.pdadefense.com) installed to store your password database. I'm not sure yet if you can use that to encrypt important databases, or if it's aimed more at securing the entire device. If the latter, use a Palm OS port of Password Safe (doesn't yet exist :-( ), or use one of the encrypted PDA password managers at Tucows.com. Backup the encrypted password database onto a removable expansion card, NOT on your PC. What are your thoughts? Am I off-base here? Are there better solutions I've missed? -- Martin Crandall From ESavers at usairways.com Tue Dec 3 23:00:00 2002 From: ESavers at usairways.com (ESavers at usairways.com) Date: Wed, 4 Dec 2002 01:00:00 -0600 Subject: US Airways Domestic E-Savers Message-ID: <200212040720.gB47KdPB018194@ak47.algebra.com> Dear E-Savers Subscriber, US Airways is pleased to present this weekend's Domestic E-Savers offers: ************************************************************ 1. This Weekend's Domestic E-Savers 2. Dividend Incentives Online 3. Last-Minute Hotel Deals 4. Dividend Miles Offers 5. E-Savers Fare Requirements 6. Subscription Information ************************************************************ 1. THIS WEEKEND'S DOMESTIC E-SAVERS ************************************************************ We will not be offering Domestic E-Savers for travel during the weekends of Dec. 28 and Jan. 4 due to the upcoming holiday season. But you can still take advantage of other great travel deals at http://www.usairways.com/promotions Here are this week's E-Savers for travel departing Saturday, December 7 and returning Sunday, December 8; Monday, December 9; or Tuesday, December 10. For travel this weekend, make your reservations online at http://www.usairways.com/promotions/esavers/offer_dec7.htm These special fares can also be purchased by calling 1-888-359-3728. Tickets must be purchased at the time of reservation. ROUNDTRIP FROM: TO: FARE: ------------------------------------------------------------- Albany, NY Washington National, DC $128 (#3) Albany, NY Pittsburgh, PA $128 Allentown, PA Charlotte, NC $138 Atlanta, GA Charlotte, NC $108 (*) Baltimore, MD Charlotte, NC $138 Baltimore, MD Pittsburgh, PA $138 Baltimore, MD San Francisco, CA $208 (C) Bedford, MA Trenton, NJ $128 (#19) Binghamton, NY Pittsburgh, PA $128 (#5) Birmingham, AL Charlotte, NC $138 Boston, MA Charlotte, NC $148 Boston, MA New York LaGuardia, NY $128 Boston, MA Houston, TX $158 (C) Boston, MA Richmond, VA $128 (#6) Buffalo, NY Washington National, DC $128 (#1) Buffalo, NY Philadelphia, PA $128 Buffalo, NY Raleigh/Durham, NC $148 (C) Burlington, VT Washington National, DC $128 (#17) Burlington, VT Pittsburgh, PA $128 Charleston, SC Philadelphia, PA $138 (#8) Charleston, WV Washington National, DC $118 (#14) Charlotte, NC Atlanta, GA $108 (*) Charlotte, NC Fayetteville, AR $128 (#9) Charlotte, NC Pittsburgh, PA $148 (*) Charlotte, NC Mobile, AL $138 (#9) Charlotte, NC Jacksonville, FL $148 (*) Charlotte, NC Washington Dulles, DC $148 (*) Charlotte, NC Buffalo, NY $148 Charlotte, NC Denver, CO $198 Charlotte, NC Washington National, DC $148 (*) Chattanooga, TN Charlotte, NC $118 (#10) Chicago O'Hare, IL Boston, MA $148 (C) Cincinnati, OH Charlotte, NC $138 (#15) Cincinnati, OH Washington National, DC $138 (C) Cincinnati, OH Philadelphia, PA $128 (*) (#7) Cleveland, OH Boston, MA $138 (C) Cleveland, OH Charlotte, NC $138 Cleveland, OH Philadelphia, PA $128 (#7) Columbia, SC Charlotte, NC $118 (#10) Columbia, SC Newark, NJ $148 (C) Columbus, OH Jacksonville, FL $158 (C) Columbus, OH Philadelphia, PA $128 Dallas/Ft. Worth, TX Charlotte, NC $158 Dayton, OH Philadelphia, PA $128 (#17) Detroit, MI Columbia, SC $148 (C) Detroit, MI Philadelphia, PA $138 Elmira, NY Philadelphia, PA $118 (#4) Evansville, IN Pittsburgh, PA $128 (#17) Ft. Wayne, IN Pittsburgh, PA $118 (#19) Gainesville, FL Charlotte, NC $128 (#14) Grand Rapids, MI Pittsburgh, PA $128 (#20) Greensboro, NC Chicago O'Hare, IL $148 (C) Greensboro, NC Pittsburgh, PA $138 (*) (#11) Greenville/Spart., SC Pittsburgh, PA $138 (#13) Harrisburg, PA Boston, MA $128 (#1) Harrisburg, PA Pittsburgh, PA $108 Harrisburg, PA Charlotte, NC $128 Hartford, CT Washington National, DC $128 Hartford, CT Pittsburgh, PA $128 Houston, TX Charlotte, NC $158 Indianapolis, IN Washington National, DC $138 (#9) Indianapolis, IN Pittsburgh, PA $118 Ithaca, NY Pittsburgh, PA $128 (#5) Jacksonville, FL Charlotte, NC $148 (*) Kalamazoo, MI Pittsburgh, PA $118 (#17) Knoxville, TN Washington National, DC $118 (#12) Lexington, KY Charlotte, NC $128 (#15) Lexington, KY Pittsburgh, PA $128 (#18) Los Angeles, CA Pittsburgh, PA $228 Louisville, KY Charlotte, NC $118 (#10) Louisville, KY Houston, TX $158 (C) Louisville, KY Pittsburgh, PA $108 (#12) Manchester, NH New York LaGuardia, NY $128 (#2) Manchester, NH Philadelphia, PA $138 Milwaukee, WI Pittsburgh, PA $128 Minneapolis/St. Paul, MN Columbia, SC $158 (C) Montgomery, AL Charlotte, NC $128 (#10) Nashville, TN Charlotte, NC $118 Nashville, TN Philadelphia, PA $138 (#5) Nashville, TN Pittsburgh, PA $128 New Orleans, LA Washington National, DC $148 New York LaGuardia, NY Atlanta, GA $148 (C) New York LaGuardia, NY Washington Dulles, DC $128 (#2) New York LaGuardia, NY Syracuse, NY $118 (*) (#2) New York LaGuardia, NY Washington National, DC $128 Newark, NJ Pittsburgh, PA $138 Newark, NJ San Francisco, CA $218 (*) (C) Newport News, VA Charlotte, NC $128 (#14) Norfolk, VA Charlotte, NC $128 Norfolk, VA Philadelphia, PA $128 Orlando, FL Charlotte, NC $148 Philadelphia, PA Birmingham, AL $128 (#9) Philadelphia, PA Charlotte, NC $148 Philadelphia, PA Los Angeles, CA $228 Philadelphia, PA Cincinnati, OH $128 (*) (#7) Philadelphia, PA Syracuse, NY $128 Philadelphia, PA Phoenix, AZ $228 Philadelphia, PA Minneapolis/St. Paul, MN $168 Pittsburgh, PA Atlanta, GA $138 Pittsburgh, PA Boston, MA $148 Pittsburgh, PA Charlotte, NC $148 (*) Pittsburgh, PA Greensboro, NC $138 (*) (#11) Pittsburgh, PA Providence, RI $138 (*) Pittsburgh, PA Kansas City, MO $128 Pittsburgh, PA San Diego, CA $228 Portland, ME Philadelphia, PA $128 Providence, RI Washington National, DC $138 Providence, RI Tampa/St. Petersburg, FL $158 (C) Providence, RI Pittsburgh, PA $138 (*) Providence, RI Philadelphia, PA $118 Raleigh/Durham, NC Washington National, DC $128 (#15) Raleigh/Durham, NC Pittsburgh, PA $148 Raleigh/Durham, NC New York LaGuardia, NY $148 (#6) Richmond, VA Philadelphia, PA $118 Roanoke, VA Pittsburgh, PA $108 (#16) Rochester, NY Washington National, DC $128 (#1) Rochester, NY Philadelphia, PA $118 San Diego, CA Boston, MA $218 (C) San Francisco, CA Newark, NJ $228 (*) (C) South Bend, IN Pittsburgh, PA $118 (#20) Syracuse, NY Washington National, DC $128 (#3) Syracuse, NY Pittsburgh, PA $118 Syracuse, NY New York LaGuardia, NY $118 (*) (#2) Tampa/St. Petersburg, FL Charlotte, NC $138 Washington Dulles, DC Charlotte, NC $148 (*) Washington Dulles, DC Pittsburgh, PA $128 (#2) Washington National, DC Charlotte, NC $148 (*) Washington National, DC Greensboro, NC $138 (#14) Washington National, DC Los Angeles, CA $218 (C) Washington National, DC Pittsburgh, PA $138 Washington National, DC Portland, ME $138 (#17) White Plains, NY Pittsburgh, PA $128 (#10) Worcester, MA Philadelphia, PA $118 (#1) Roundtrip purchase required. (*) Indicates available for travel originating in either city (C) Indicates travel requires a connecting flight (#) Indicates travel is wholly on US Airways Express, served by the following carriers: 1. Allegheny 2. Allegheny/Colgan 3. Allegheny/Piedmont 4. Allegheny/PSA 5. Allegheny/Trans States 6. Chautauqua 7. Chautauqua/Mesa 8. Chautauqua/PSA 9. Mesa 10. Mesa/Piedmont 11. Mesa/Piedmont/Trans States 12. Mesa/PSA 13. Mesa/PSA/Trans States 14. Piedmont 15. Piedmont/PSA 16. Piedmont/Shuttle America/Trans States 17. PSA 18. PSA/Shuttle America 19. Shuttle America 20. Trans States Fares shown are based on roundtrip Coach travel on US Airways/US Airways Express, during the period specified above. Depending upon your travel needs, alternative routings may be available at the same fares, with part of the service on regional aircraft operated by US Airways Express carriers Allegheny, Air Midwest, CCAIR, Chautauqua, Colgan, Mesa, Piedmont, PSA, Shuttle America or Trans States. ************************************************************ 2. DIVIDEND INCENTIVES ONLINE ************************************************************ Dividend Incentives - US Airways' mileage incentive program - enables your business to reward and motivate customers and employees. And now, you can buy and award miles online at usairways.com. Make your first online purchase by 2/28/02 and earn 20,000 bonus miles - enough miles for a free domestic off-peak ticket on US Airways. To register and for complete terms and conditions, visit http://www.usairways.com/dm/dividendincentivesoffer ************************************************************ 3. LAST-MINUTE HOTEL DEALS ************************************************************ US Airways has teamed up with hotels.com to offer E-Savers subscribers great discounts at hotels in this weekend's E-Savers destinations. Simply visit http://www.8002hotels.com/usairways/index.html and click on the E-Savers destination you're planning to visit. hotels.com will list a variety of hotels offering a wide range of rates for you to choose from. Book your room online or call hotels.com directly at 1-800-645-6144. Here's a sample of this week's special rates from hotels.com: Boston from $69 Charlotte from $49 Philadelphia from $65 Providence from $69 Washington DC from $55 ************************************************************ 4. DIVIDEND MILES OFFERS ************************************************************ Did you know you could earn thousands of Dividend Miles when you buy, sell, and/or finance your home or obtain an auto loan through LendingTree? It's one of the most generous mileage offers around. Visit http://www.lendingtree.com/usairways/default.asp?source=esavers for complete details. Already a Dividend Miles member? You can earn triple miles on every US Airways Shuttle flight you fly through December 31, 2002. Plus, your bonus miles will count towards earning Preferred status. Register before you take your next US Airways Shuttle flight at http://www.usairways.com/dividendmiles/5236.htm Reminder: Make sure your Dividend Miles account number is in your E-Savers reservation, so you can earn miles for worldwide award travel on US Airways and our partners. To enroll in Dividend Miles, go to http://www.usairways.com/ To earn even more miles, book E-Savers using your US Airways Dividend Miles Visa card. To apply for the Dividend Miles Visa card issued by Bank of America, please visit us at http://www.usairways.com/dmcreditcards Please note: Mileage bonus for booking online does not apply to E-Savers. ************************************************************ 5. E-SAVERS FARE REQUIREMENTS ************************************************************ - Restrictions: Seats are limited and are not available on all flights/days. Fares cannot be combined with other fares, discounts, promotions or coupons. Travel must begin and end in the same city. One-way travel, stopovers, waitlisting and standbys are not permitted. Tickets must be purchased at the time of reservation. Fares will not be honored retroactively or in conjunction with the exchange of any partially used ticket. - Travel: Depart Saturday, 12/7/02, and return Sunday, Monday or Tuesday, 12/8-12/10/02. - Taxes/Fees: Fares do not include a $3 federal excise tax which will be imposed on each flight segment of your itinerary. A flight segment is defined as a takeoff and a landing. Fares for Canada do not include total government-imposed taxes and fees of up to $70. Depending on the itinerary, passenger facility charges of up to $18 and the September 11th Security Fee of up to $10 may apply in addition to the fare. - Changes: Tickets become non-refundable 24 hours after making initial reservation, and may be changed prior to the departure of each flight segment for a minimum $100 fee. If changes are not made prior to the departure date/time of each flight, the entire remaining ticket will have no further value. - Miscellaneous: Lower fares may be available in these markets. Other conditions apply. ************************************************************ 6. SUBSCRIPTION INFORMATION ************************************************************ This is a post-only mailing sent to CYPHERPUNKS at ALGEBRA.COM. If you would like to change your e-mail address, you will need to unsubscribe and resubscribe at the E-Savers Enrollment page: http://www.usairways.com/promotions/esavers/enroll/index.htm To unsubscribe from this list, please click here: http://www.usairways.com/cgi-bin/delete.cgi?email=CYPHERPUNKS at ALGEBRA.COM To change your departure city preferences, please visit: http://www.usairways.com/promotions/esavers/enroll/index.htm Please do not respond to this message. Copyright US Airways 1996-2002. All rights reserved. From ptrei at rsasecurity.com Wed Dec 4 06:52:37 2002 From: ptrei at rsasecurity.com (Trei, Peter) Date: Wed, 4 Dec 2002 09:52:37 -0500 Subject: CNN.com - WiFi activists on free Web crusade - Nov. 29, 2 002 Message-ID: > Morlock Elloi[SMTP:morlockelloi at yahoo.com] > > Cellphone taped in focal point of a 18" directv dish hits cell stations 10 > miles away. With 80% signal strength. > That's cute. I'll have to play with using the dishes with 802.11b sometime. Peter Trei From mv at cdc.gov Wed Dec 4 12:05:26 2002 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 04 Dec 2002 12:05:26 -0800 Subject: ACLU funds Total Awareness of State Abuse Message-ID: <3DEE6006.24A9EC57@cdc.gov> The organization has budgeted $3.5 million for a campaign that asks Americans to monitor their government monitors and report abuses. It's a mirror image to the government's plan to empower some Americans to check on their neighbors, under a program known as the Terrorism Information and Prevention System. http://news.mysanantonio.com/story.cfm?xla=saen&xlb=190&xlc=883000 --- Wonder if this ties in with JG's Total Pointdexter Awareness program.. and the Kirkwood, WA police monitoring... From mv at cdc.gov Wed Dec 4 12:23:09 2002 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 04 Dec 2002 12:23:09 -0800 Subject: pamphleting is now a crime Message-ID: <3DEE642D.A9FA3140@cdc.gov> The distribution of printed material is now a crime. Hate Leaflets Distributed in San Fernando Valley Neighborhoods (Van Nuys, CA) -- Los Angeles Police say they are investigating the distribution of Anti-Semitic hate leaflets found in a Van Nuys neighborhood. A police spokesperson referred to the distribution of the material believed to have taken place between Monday evening and yesterday morning, a "hate incident." The Jewish Defense League is urging the LAPD and FBI to investigate the incident as a hate crime. JDL spokesperson Brett Stone says residents in Encino and Sherman Oaks called to complain about the leaflets he says were distributed by a group calling itself the National Alliance. --- We have always been at war with Oceania bin Laden From nobody at cryptofortress.com Wed Dec 4 18:31:11 2002 From: nobody at cryptofortress.com (Anonymous) Date: Wed, 4 Dec 2002 20:31:11 -0600 (CST) Subject: 3rd test Message-ID: <765d9dee7766efd04853f71186b97dab@remailer.cryptofortress.com> 3rd test 5 chained remailers From zenadsl6186 at zen.co.uk Wed Dec 4 18:17:30 2002 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Thu, 05 Dec 2002 02:17:30 +0000 Subject: DBCs now issued by DMT In-Reply-To: Message-ID: OK, suppose we've got a bank that issues bearer "money". Who owns the bank? It should be owned by bearer shares, of course. Can any clever person here devise such a protocol? I'd guess that all the Bank's finances should be available to anyone who asks. That should include an accounting of all the "money" issued. And not be reliant on one computer to keep the records. Or the propounders wanting to: make a profit/control the bank? -- Peter Fairbrother (who's drunk now, but will be sober tomorrow, and may regret posting this then...) From tcmay at got.net Thu Dec 5 10:41:21 2002 From: tcmay at got.net (Tim May) Date: Thu, 5 Dec 2002 10:41:21 -0800 Subject: Money is about expected future value....nothing more, nothing less In-Reply-To: Message-ID: <26743382-0881-11D7-8CF2-0050E439C473@got.net> On Thursday, December 5, 2002, at 10:31 AM, Tim May wrote: > Swiss banks could take in and dispense from accounts without any > identity credentials (the passwords and equivalents to signatures and > chop marks) because of this basic point about Bayesian probability. > Swiss banks were not trustworthy because they let customers examine > their vaults, their computers (!), or who their owners were. In rereading the first line here, I didn't mean to define identity credentials as passwords and equivalents to signatures and chop marks. Just the opposite.; Identity credentials are taken to be biometric ID, or is-a-person signed credentials, or other statements of legal and personal identy. The passport of Timothy C. May, for example. But a Swiss bank, pre-eunuch version, did not require passports or credentials issued by the Vichy Government or Pol Pot or whomever. This is what numbered accounts were all about. (Perhaps some did, and this was their "right" to operate as they wished.) The core point is that identity credentials of the is-a-person sort have nothing to do with banking and money in general. --Tim May From tcmay at got.net Thu Dec 5 11:01:36 2002 From: tcmay at got.net (Tim May) Date: Thu, 5 Dec 2002 11:01:36 -0800 Subject: Emanations from Choate Prime In-Reply-To: Message-ID: On Thursday, December 5, 2002, at 06:50 AM, Peter Fairbrother wrote: > Jim Choate wrote: > > No he didn't. He proved Mathematics is incomplete, ie that there are > universally valid but unprovable statements within it. > > He proved that any system that contains Peano arithmetic (roughly, a > concept > of the natural numbers) is incomplete. Mathematics certainly contains > Peano > arithmetic. > > Go and lie down. Your brain is feverish. And stop posting nonsense. I believe you, Peter, are fairly new to the list. At least I have only been seeing a lot of posts from you recently. So, you being new, you apparently don't know that Jim Choate is a visitor from Choate Prime, a reality which is parallel to our own but "different" in many strange, but ultimately boring, ways. In Choate Prime, the laws of physics are quite different from our own. In Choate Prime, the prime numbers (the so-called Choate Prime primes, or CPPs) have substantially different properties than they have in our world. Mathematics and logic are generally quite different in Choate Prime than here on Earth. In Choate Prime, naturally, history and law are substantially different from what we here on Earth see. Many of us have found various ways to disconnect the signals coming in from Choate Prime. We see his signals only in the replies of others who have not yet realized what kind of weird place Choate Prime is. --Tim May -- Timothy C. May tcmay at got.net Corralitos, California Political: Co-founder Cypherpunks/crypto anarchy/Cyphernomicon Technical: physics/soft errors/Smalltalk/Squeak/ML/agents/games/Go Personal: b.1951/UCSB/Intel '74-'86/retired/investor/motorcycles/guns Recent interests: category theory, toposes, algebraic topology From mv at cdc.gov Thu Dec 5 11:29:04 2002 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 05 Dec 2002 11:29:04 -0800 Subject: Delegates tagged and tracked Message-ID: <3DEFA900.7267CD8E@cdc.gov> At 06:51 PM 12/5/02 +0100, Eugen Leitl wrote: >Scientists often use radio tags to track elusive animals. But at last >week's Supercomputing 2002 conference in Baltimore, Maryland, they used >them on each other. > >Each researcher carried a small transmitter That's all very nice, but they'll still go extinct without habitat protection and managed breeding. We need this for congressvermin, and it shouldn't be voluntary for them. From mv at cdc.gov Thu Dec 5 12:09:21 2002 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 05 Dec 2002 12:09:21 -0800 Subject: Citizens spying on citizens, for bounties paid by state Message-ID: <3DEFB271.6B69DB1C@cdc.gov> TRENTON, N.J. These days, a truant officer's job goes beyond keeping kids in school. Some spend more time keeping out-of-towners out, sometimes by spotting bogus leases or trailing students home. A few school districts are even going a step further, offering members of the public bounties of $100 or more for information on students who sneak across district lines. http://www2.ocregister.com/ocrweb/ocr/article.do?id=14587§ion=NATION_WORLD&year=2002&month=12&day=5 From scooter at discountcertificates.com Thu Dec 5 15:02:02 2002 From: scooter at discountcertificates.com (Electric Scooter) Date: Thu, 5 Dec 15:02:02 2002 -0800 Subject: Electric Scooter, the Number One Christmas Gift Message-ID: <27163328.2009063@mailhost> ==================================================== The Electric Scooter is this Year's #1 Christmas Toy ==================================================== Kids love scooters. Now they can get an electric one that rides at a safe, 10 miles per hour! Just plug it in, charge it up and go. To learn more Visit us here: http://www.coolonlineproducts.com/escooter/?code=esrm12 ==> Can ride up to 8 miles on one charge ==> Goes up to 10 MPH ==> Powerful 100 Watt Motor ==> Takes 3-4 Hours for a Full Charge The Electric Scooter is safe, pollutant free and very inexpensive. Our factory direct price is just ninety- nine dollars - that's over two-hundred dollars less than department store prices. To learn more Visit us here: http://www.coolonlineproducts.com/escooter/?code=esrm12 You can see a picture of this beautiful Electric Scooter by visiting our website. ======================================================== You are receiving this email due to your membership, that entitles you to purchase Gift Certificates to your favorite stores, restaurants, etc at up to 80% off! If you wish to cancel your free subscription , please visit http://www.DiscountCertificates.com and unsubscribe. You will be removed immediately from our service. c&y&p&h&e&r&p&u&n&k&s&%m&i&n&d&e&r&~n&e&t& -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3080 bytes Desc: not available URL: From mbc at debian.org Thu Dec 5 15:06:10 2002 From: mbc at debian.org (Michael Cardenas) Date: Thu, 5 Dec 2002 15:06:10 -0800 Subject: Build It Rolling Your Own Tivo (fwd) In-Reply-To: References: Message-ID: <20021205230610.GE2897@rilke> Of course, you could do this yourself with a $199 microtel box from walmart and linux. Then you'd just have to add a $30 tv in card. On Thu, Dec 05, 2002 at 04:48:44PM -0600, Jim Choate wrote: > http://www.extremetech.com/article2/0,3973,692134,00.asp > > > > We don't see things as they are, ravage at ssz.com > we see them as we are. www.ssz.com > jchoate at open-forge.org > Anais Nin www.open-forge.org > > > -- michael cardenas | lead software engineer, lindows.com hyperpoem.net | GNU/Linux software developer people.debian.org/~mbc | encrypted email preferred "One evening I seated beauty on my knees. And I found her bitter, And I cursed her." - Arthur Rimbaud [demime 0.97c removed an attachment of type application/pgp-signature] From BConder at hoffcocomet.com Thu Dec 5 12:15:05 2002 From: BConder at hoffcocomet.com (Barb Conder) Date: Thu, 5 Dec 2002 15:15:05 -0500 Subject: Virus Found in message "A very new website" Message-ID: Norton AntiVirus found a virus in an attachment you (cypherpunks) sent to bconder at hoffcocomet.com. To ensure the recipient(s) are able to use the files you sent, perform a virus scan on your computer, clean any infected files, then resend this attachment. Attachment: BellSouth[1].scr Virus name: W32.Klez.H at mm Action taken: Clean failed : Quarantine succeeded : File status: Infected -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 1681 bytes Desc: not available URL: From schear at attbi.com Thu Dec 5 19:07:04 2002 From: schear at attbi.com (Steve Schear) Date: Thu, 05 Dec 2002 19:07:04 -0800 Subject: How to Stop Telemarketers... Message-ID: <5.1.0.14.2.20021205190322.046c3200@mail.attbi.com> Most Telemarketers use what is called Predictive Dialers, which are PCs with software that dials ever number in a phone exchange until it gets lucky. Now you can use their own technology against them, and it's legal... Here is how their system works: the dialer calls your number, you answer, and you have probably notice the line appears dead after you said, "Hello". What their computer is doing is listening for a short burst of audio, your "HELLO", followed by a period of silence. With this heard, it will log your phone number as valid and transfer the call to an available telemarketer, the reason for the delay before someone comes on line. Now, if their computer receives a long audio burst (an answering machine) " Hello, this is Alan Carlton", then it will disconnect, but it will log you phone number as valid, for a later call-back. Oh Lovely! Some are even capable of detecting Fax tones and will even transmit a fax trying to sell selling something you're probably are not interested in. However, do not answer, or when you do answer the phone, or if fax tones are detected, or if it detects an answering machine, in all four (4) cases IT LOGS YOUR NUMBER AS A GOOD PHONE NUMBER FOR FUTURE CALL- BACK --- PLUS THE COMPANY IS ALSO SELLING THESE VERIFIED VALID NUMBERS LIST TO OTHER TELEMARKETERS. A SIMPLE WAY TO STAY OFF THE LIST IS TO USE THEIR OWN TECHNOLOGY AGAINST THEM. The predictive dialer's software also looks for NON-valid phone numbers, and there is a simple way you can make your phone number appear invalid to the telemarketers' computers, thus they do not call back and accumulate no database, at least with your number, to sell other Telemarketers. Here is how to do it: If you call a number that has been disconnected or is no longer in service you will hear 3 short tones, "doo...dah...dee", thanks to Ma-Bell. Each time you Refresh this page you should hear, "doo...dah...dee". The actual frequency of these tones are 985.2 Hz, 1370.6 Hz, and 1776.7 Hz. Guess what the telemarketers' software does when it detects these 3 tones at the beginning of your outgoing message? It thinks it has reached a line that is disconnected or is no longer in service. So, it disconnects and does not log your phone number as a working number. BINGO! NOW record these onto you outgoing message or voice mail announcement, and start exterminating telemarketers. Try this example, but use your own name, "doo...dah...dee, Hello, This is Tyler Durden". It must be at the beginning of your announcement to work. You may have to explain it to you friends, but they will soon have it on theirs' too. CLICK ON THE FOLLOWING LINK TO PLAY THE 3 TONES. http://www.flash.net/~carlton2/telemark.htm steve From hseaver at cybershamanix.com Thu Dec 5 22:26:47 2002 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Fri, 6 Dec 2002 00:26:47 -0600 Subject: Cyberpunkish: Neuromancer mp3s Message-ID: <20021206062647.GC2810@cybershamanix.com> Check out http://neuromancer.einen.org/ for what seems to be William Gibson reading Neuromancer in it's entirety. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From ESavers at usairways.com Thu Dec 5 23:00:00 2002 From: ESavers at usairways.com (ESavers at usairways.com) Date: Fri, 6 Dec 2002 01:00:00 -0600 Subject: US Airways E-Savers to Paris Message-ID: <200212060709.gB679o2O019307@ak47.algebra.com> Dear E-Savers Subscriber, US Airways is pleased to present this special International E-Savers offer: ************************************************************ 1. This Week's International E-Savers 2. US Airways Vacations Deals 3. Dividend Miles Offers 4. E-Savers Fare Requirements 5. Subscription Information ************************************************************ 1. THIS WEEK'S INTERNATIONAL E-SAVERS ************************************************************ You may depart on Mondays to Thursdays, between May 5 and May 29, 2003. Return travel is Tuesdays to Fridays, between May 13 and June 6, 2003. Saturday night stay is required. Tickets must be purchased by December 11, 2002. For travel, make your reservations online at http://www.usairways.com/promotions/esavers/offer_cdg.htm These special fares can also be purchased by calling 1-888-359-3728. Tickets must be purchased at the time of reservation. For more information on Frankfurt, please visit http://www.usairways.com/travel/destinations/europe/cdg.htm ROUNDTRIP FROM: TO: FARE: ------------------------------------------------------------- Baltimore, MD Paris, France $419 Boston, MA Paris, France $419 Buffalo, NY Paris, France $439 Charlotte, NC Paris, France $419 Cleveland, OH Paris, France $439 Columbus, OH Paris, France $439 Greensboro, NC Paris, France $439 Hartford, CT Paris, France $419 Indianapolis, IN Paris, France $439 Los Angeles, CA Paris, France $469 Manchester, NH Paris, France $439 New York LaGuardia, NY Paris, France $419 Philadelphia, PA Paris, France $399 Pittsburgh, PA Paris, France $399 Providence, RI Paris, France $419 Raleigh/Durham, NC Paris, France $439 Richmond, VA Paris, France $419 Rochester, NY Paris, France $439 San Francisco, CA Paris, France $469 Syracuse, NY Paris, France $439 Washington National, DC Paris, France $419 Fares shown are based on roundtrip Coach travel on US Airways/US Airways Express, during the period specified above. Depending upon your travel needs, alternative routings may be available at the same fares, with part of the service on regional aircraft operated by US Airways Express carriers Allegheny, Air Midwest, Chautauqua, Colgan, Mesa, Midway, Piedmont, PSA, Shuttle America or Trans States. ************************************************************ 2. US AIRWAYS VACATIONS DEALS ************************************************************ US Airways Vacations is pleased to offer Paris land packages to provide a complete vacation experience. Vacations include hotel accommodations, breakfast daily, hotel taxes and service charges. A variety of optional features including attraction admissions and sightseeing tours are available. US Airways Vacations offers packages to 80+ destinations. EXPERIENCE PARIS! ----------------- Land only based on per person, per night from: Royal Medoc $67 Quality Pierre - Arc de Triomphe $117 K+K Hotel Cayre $137 Hotel Ambassador $162 Hotel du Louvre $257 Purchase these land packages online at http://www.usairwaysvacations.com/pricing_res.htm Simply enter your origin and destination cities, departure date, number of adults, children's ages and click "Search For Vacation." Choose "Hotel Vacations for 1-59 nights," confirm your departure date and indicate the number of nights for your vacation. Click "Check Availability" and continue with your choices for hotels and options as the system presents them until you reach the final price. You may then purchase your vacation with a secure credit card transaction. If you prefer to speak with a reservations agent, call 1-800-352-8747. Rates shown are per person, per night based on double occupancy for departures 5/5/03 through 6/6/03. Hotel space is limited and may not be available at all hotels on all days. Additional travel dates, hotels and rates are available. Prices are subject to change with or without notice and do not include miscellaneous hotel charges typically paid by the customer directly to the hotel. Substantial restrictions apply for refunds. Other conditions may apply. ************************************************************ 3. DIVIDEND MILES OFFERS - EARN 500 MILES WITH E-STATEMENTS ************************************************************ "Sign Up For E-Statements, Get 500 Miles" If you like E-Savers, you will really like Dividend Miles E-Statements. E-Statements are sent monthly via e-mail and include your account summary along with exclusive bonus mile offers, US Airways news, special discount travel awards and other offers. Earn 500 miles when you sign up for E-Statements at usairways.com/estatements now through December 31, 2002. E-Statements = More Miles, More Offers, More Awards and Your Statement, More Often." Reminder: Make sure your Dividend Miles account number is in your E-Savers reservation, so you can earn miles for worldwide award travel on US Airways and our partners. To enroll in Dividend Miles, go to http://www.usairways.com/ To earn even more miles, book E-Savers using your US Airways Dividend Miles Visa card. To apply for the Dividend Miles Visa card issued by Bank of America, please visit us at http://www.usairways.com/dmcreditcards Please note: Mileage bonus for booking online does not apply to E-Savers. ************************************************************ 4. E-SAVERS FARE REQUIREMENTS ************************************************************ - Restrictions: Roundtrip purchase required. Seats are limited and are not available on all flights/days. Fares cannot be combined with other fares, discounts, promotions or coupons. Travel must begin and end in the same city. One-way travel, stopovers, waitlisting and standbys are not permitted. Tickets must be purchased at the time of reservation. Fares will not be honored retroactively or in conjunction with the exchange of any partially used ticket. - Travel: Depart to Paris 5/5-5/29/03, Monday-Thursday, and return from Paris 5/13-6/6/03, Tuesday-Friday. Saturday night stay required. All travel must be completed by 6/6/03. - Ticketing: Tickets must be purchased by 12/11/02. - Taxes/Fees: Depending on the itinerary, passenger facility charges of up to $18 and the September 11th Security Fee of up to $10 may apply in addition to the fare. Fares shown do not include total government-imposed taxes/fees/surcharges of up to $85. - Changes: Tickets become non-refundable 24 hours after making initial reservation, and may be changed prior to the departure of each flight segment for a minimum $200 fee. If changes are not made prior to the departure date/time of each flight, the entire remaining ticket will have no further value. - Miscellaneous: Lower fares may be available in these markets. Other conditions apply. ************************************************************ 5. SUBSCRIPTION INFORMATION ************************************************************ This is a post-only mailing sent to CYPHERPUNKS at ALGEBRA.COM. If you would like to change your e-mail address, you will need to unsubscribe and resubscribe at the E-Savers Enrollment page: http://www.usairways.com/promotions/esavers/enroll/index.htm To unsubscribe from this list, please click here: http://www.usairways.com/cgi-bin/delete.cgi?email=CYPHERPUNKS at ALGEBRA.COM To change your departure city preferences, please visit: http://www.usairways.com/promotions/esavers/enroll/index.htm Please do not respond to this message. Copyright US Airways 1996-2002. All rights reserved. From levitte at openssl.org Thu Dec 5 16:32:25 2002 From: levitte at openssl.org (Richard Levitte - VMS Whacker) Date: Fri, 06 Dec 2002 01:32:25 +0100 (CET) Subject: [ANNOUNCE] OpenSSL 0.9.7 beta 5 released Message-ID: <20021206.013225.02305091.levitte@openssl.org> The fifth beta release of OpenSSL 0.9.7 is now available from the OpenSSL FTP site . This beta contains quite a number of fixes since beta 4. This is NOT a final beta, even if that was the original plan. The updated plan has beta 6 as final beta. It is scheduled for release on Thursday 2002-12-12. The final release of OpenSSL 0.9.7 has been rescheduled for Tuesday 2002-12-17. To make sure that it will work correctly, please test beta 5 thoroughly, for example with your favorite piece of software, and please report back to us! Also, please test on as many platforms as you have available and you have time for, especially on less common platforms. If you're interested in helping further, please join the openssl-dev at openssl.org list, where test requests on specific development snapshots will be announced. Changes between 0.9.7 beta 4 and 0.9.7 beta 5 include: o Bug fixes. o Only supports MIT Kerberos for now, Heimdal support is disabled. o Support for new platforms: Linux x86_64. The full set of changes between 0.9.6{x} and 0.9.7 beta 5 include: o New library section OCSP. o Complete rewrite of ASN1 code. o CRL checking in verify code and openssl utility. o Extension copying in 'ca' utility. o Flexible display options in 'ca' utility. o Provisional support for international characters with UTF8. o Support for external crypto devices ('engine') is no longer a separate distribution. o New elliptic curve library section. o New AES (Rijndael) library section. o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit, Linux x86_64 o Extended support for some platforms: VxWorks o Enhanced support for shared libraries. o Support for pkg-config. o Lots of new manuals. o Change DES API to clean up the namespace (some applications link also against libdes providing similar functions having the same name). Provide macros for backward compatibility (will be removed in the future). o Unify handling of cryptographic algorithms (software and engine) to be available via EVP routines for asymmetric and symmetric ciphers. o NCONF: new configuration handling routines. o Change API to use more 'const' modifiers to improve error checking and help optimizers. o Finally remove references to RSAref. o Reworked parts of the BIGNUM code. o Support for new engines: Broadcom ubsec, Accelerated Encryption Processing, IBM 4758. o A few new engines added in the demos area. o Extended and corrected OID (object identifier) table. o PRNG: query at more locations for a random device, automatic query for EGD style random sources at several locations. o SSL/TLS: allow optional cipher choice according to server's preference. o SSL/TLS: allow server to explicitly set new session ids. o SSL/TLS: support Kerberos cipher suites (RFC2712). Only supports MIT Kerberos for now. o SSL/TLS: allow more precise control of renegotiations and sessions. o SSL/TLS: add callback to retrieve SSL/TLS messages. o SSL/TLS: support AES cipher suites (RFC3268). The distribution file name is: o openssl-0.9.7-beta5.tar.gz MD5 checksum: 2d8dcddb3b545d9354178d41f8bb01bd The checksum was calculated using the following commands: openssl md5 < openssl-0.9.7-beta5.tar.gz --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From levitte at openssl.org Thu Dec 5 16:32:50 2002 From: levitte at openssl.org (Richard Levitte - VMS Whacker) Date: Fri, 06 Dec 2002 01:32:50 +0100 (CET) Subject: [ANNOUNCE] OpenSSL 0.9.6h released Message-ID: <20021206.013250.27777216.levitte@openssl.org> OpenSSL version 0.9.6h released =============================== OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.6h of our open source toolkit for SSL/TLS. This new OpenSSL version is a bugfix release. This will be the last release in the 0.9.6 series. The most significant changes are: o New configuration targets for Tandem OSS and A/UX. o New OIDs for Microsoft attributes. o Better handling of SSL session caching. o Better comparison of distinguished names. o Better handling of shared libraries in a mixed GNU/non-GNU environment. o Support assembler code with Borland C. o Fixes for length problems. o Fixes for uninitialised variables. o Fixes for memory leaks, some unusual crashes and some race conditions. o Fixes for smaller building problems. o Updates of manuals, FAQ and other instructive documents. We consider OpenSSL 0.9.6h to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.6h is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ [1] OpenSSL comes in the form of two distributions this time. The reasons for this is that we want to deploy the external crypto device support but don't want to have it part of the "normal" distribution just yet. The distribution containing the external crypto device support is popularly called "engine", and is considered experimental. It's been fairly well tested on Unix and flavors thereof. If run on a system with no external crypto device, it will work just like the "normal" distribution. The distribution file names are: o openssl-0.9.6h.tar.gz [normal] MD5 checksum: 621bef36ad61012bb71945a1cb449073 o openssl-engine-0.9.6h.tar.gz [engine] MD5 checksum: a7e3f5c0a5451ca666e4cbe23a8617a2 The checksums were calculated using the following commands: openssl md5 < openssl-0.9.6h.tar.gz openssl md5 < openssl-engine-0.9.6h.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Ben Laurie Andy Polyakov Ralf S. Engelschall Richard Levitte Geoff Thorpe Dr. Stephen Henson Bodo Möller Lutz Jänicke Ulf Möller --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From eresrch at eskimo.com Fri Dec 6 10:11:13 2002 From: eresrch at eskimo.com (Mike Rosing) Date: Fri, 6 Dec 2002 10:11:13 -0800 (PST) Subject: How to Stop Telemarketers... In-Reply-To: Message-ID: On Fri, 6 Dec 2002, Tyler Durden wrote: > But I have utilized a stopgap strategy for a number of years now that has > worked pretty good: > > 1) If I hear silence for more than a moment or two I hang up the phone. Yeah, I've done that for a while now. But here in wisconsin (USA) we have a new law that goes into effect on Jan 1: The state maintains an official "no call" list. If your name is on the list and telemarketers call, the state can take them to court. I don't know how effective it'll be, but I think losing money in court would be enough of an incentive to pay attention to the list. If enough states do it the telemarketers may decide it's worth fighting in court. Life gets interesting at that point... Patience, persistence, truth, Dr. mike From mdpopescu at subdimension.com Fri Dec 6 06:07:27 2002 From: mdpopescu at subdimension.com (Marcel Popescu) Date: Fri, 6 Dec 2002 16:07:27 +0200 Subject: Money is about expected future value....nothing more, nothing less References: Message-ID: <002f01c29d30$cefe5280$0300a8c0@mark> From: "Tim May" > Nearly all forms of money are more like IOUs than any other single > description. Right. > With British money it is the Bank of England (so I hear, > but maybe it has changed to some sort of U.K. reference) that says > "Anyone who presents this IOU for 10 pounds will be given either > another IOU for the same amount or will be, sometimes, given gold or > silver." Wrong. I can do this - I can write IOUs "redeemable" in other IOUs or, "sometimes", in gold or silver. The reason the IOUs emitted by the Bank of England were *initially* accepted was that they were redeemable in gold or silver. *One* reason they are now accepted is that they are legal tender - you can pay your taxes with them, and companies are forbidden from accepting them as payment. Mark From morlockelloi at yahoo.com Sat Dec 7 10:56:14 2002 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Sat, 7 Dec 2002 10:56:14 -0800 (PST) Subject: If this be terrorism make the most of it! In-Reply-To: <5.1.0.14.2.20021207092943.04548598@mail.attbi.com> Message-ID: <20021207185614.8607.qmail@web40609.mail.yahoo.com> This, with obligatory cameras in cybercafes, is just plugging the anonymity holes. Also, one of unmentioned consenquences is that any "security" will make self-organising networks harder to implement. Guess who benefits. But we will always have phone booths and acoustic couplers. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com From eresrch at eskimo.com Sat Dec 7 20:15:37 2002 From: eresrch at eskimo.com (Mike Rosing) Date: Sat, 7 Dec 2002 20:15:37 -0800 (PST) Subject: Photographer Arrested For Taking Pictures Of Vice President'S Hotel In-Reply-To: Message-ID: On Sat, 7 Dec 2002, Tim May wrote: > > Frankly, millions of these fascists need a simple solution: a tree, a > horse, and a rope. There aren't enough horses :-) Patience, persistence, truth, Dr. mike From tcmay at got.net Sun Dec 8 10:01:30 2002 From: tcmay at got.net (Tim May) Date: Sun, 8 Dec 2002 10:01:30 -0800 Subject: Money is about expected future value....nothing more, nothing less In-Reply-To: <5.1.0.14.2.20021208092358.03e94b18@mail.attbi.com> Message-ID: <143D1B96-0AD7-11D7-8CF2-0050E439C473@got.net> On Sunday, December 8, 2002, at 09:26 AM, Steve Schear wrote: > At 06:19 PM 12/8/2002 +0200, you wrote: >> Errata: "companies are forbidden from accepting them as payment" is, >> of >> course, "companies are REQUIRED TO accept them as payment". >> >> Sorry. >> >> Mark >> >> ----- Original Message ----- >> From: "Marcel Popescu" >> >> > The reason the IOUs emitted by the Bank of England were *initially* >> accepted >> > was that they were redeemable in gold or silver. *One* reason they >> are now >> > accepted is that they are legal tender - you can pay your taxes >> with them, >> > and companies are forbidden from accepting them as payment. > > I seem to recall there are still provisions in the statutes for > contracts to be fulfilled by whatever therms are spelled out. For > example, if a contract requires that you deliver pork bellies, you > cannot merely substitute the cash value of the porkers. Mark cited the Bank of England, not U.S. law. I don't know what British law is in this regard. But I will tell you that the notion that U.S. dollars must be accepted as "payment" in the U.S. (using the variant that corrects Mark's typographical error above) is false. The language is along the lines of "this note good for all debts public and private." This does not stop parties from agreeing to transfers in yak brains, or houses, or gold, or tantalum. It says that if Alice agrees to pay Bob 50 dollars ($50), with no special payment instructions agreed to, and Alice at some point gives Bob a $50 piece of U.S. currency, she has fulfilled her debt obligation under U.S. law. I surmise, but have not verified, that this sort of language was added to banknotes to better ensure that people accepted the banknotes as being equivalent to specie (gold and silver). --Tim May "Stupidity is not a sin, the victim can't help being stupid. But stupidity is the only universal crime; the sentence is death, there is no appeal, and execution is carried out automatically and without pity." --Robert A. Heinlein From mark at tweakt.net Sun Dec 8 12:07:28 2002 From: mark at tweakt.net (Mark Renouf) Date: Sun, 08 Dec 2002 15:07:28 -0500 Subject: Photographer Arrested For Taking Pictures Of Vice President'S Hotel References: <1039312116.18153.3.camel@numbers> Message-ID: <3DF3A680.8030201@tweakt.net> jet wrote: > At 20:48 -0500 2002/12/07, Myers W. Carpenter wrote: > >>http://www.2600.com/news/display/display.shtml?id=1441 >> >>PHOTOGRAPHER ARRESTED FOR TAKING PICTURES OF VICE PRESIDENT'S HOTEL >>Posted 5 Dec 2002 06:03:48 UTC One major issue is these days, the laws have become so incredibly complicated that the average citizen isn't confident in their knowledge of the law, let alone most that enforce it. They know that the average citizen is going to want to 'do the right thing' and comply with any requests, whether or not any laws were broken. And let's face it, even if you or I know our rights to the letter it doesn't make a bit of difference until after the fact in a courtoom. Police generally won't sit and debate with you about it on the spot. From go at go.youclick2save.com Sun Dec 8 14:06:09 2002 From: go at go.youclick2save.com (Liver Warning) Date: Sun, 8 Dec 2002 17:06:09 -0500 (EST) Subject: ARE YOU TRYING TO KILL YOURSELF??? Message-ID: <200212082206.gB8M69rb081129@locust.minder.net> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2724 bytes Desc: not available URL: From mdpopescu at subdimension.com Sun Dec 8 08:19:45 2002 From: mdpopescu at subdimension.com (Marcel Popescu) Date: Sun, 8 Dec 2002 18:19:45 +0200 Subject: Money is about expected future value....nothing more, nothing less References: <002f01c29d30$cefe5280$0300a8c0@mark> Message-ID: <006701c29ed5$a2887630$0300a8c0@mark> Errata: "companies are forbidden from accepting them as payment" is, of course, "companies are REQUIRED TO accept them as payment". Sorry. Mark ----- Original Message ----- From: "Marcel Popescu" > The reason the IOUs emitted by the Bank of England were *initially* accepted > was that they were redeemable in gold or silver. *One* reason they are now > accepted is that they are legal tender - you can pay your taxes with them, > and companies are forbidden from accepting them as payment. From camera_lumina at hotmail.com Sun Dec 8 18:07:34 2002 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sun, 08 Dec 2002 21:07:34 -0500 Subject: DBCs now issued by DMT Message-ID: I too admit of having done some imbibing (Belgian ale I'm afraid). I was thinking about this on the heels of your last lubricated missive, and a very similar thing occurred to me. Actually, something far less ambitious (in the short run)... First of all, I see no deep reason why some bank acount (or, more likely, a whole bunch of 'em) can't be auto-administered like a simple mini bank. It would be auto-administered via the votes of its "owners", who have never met, and who are unaware of the real names of the other owners. Owners vote to lend money out of this account to whomever. As for the administration, well that's 'obviously' handled by a proxy program somewhere, that translates the votes into actual decisions about the account (including loan amount, interest rate, debt-to-liquidity ratio and so on). Needless to say, since this account is tied to one or more denominations, it could eventually be shutdown through the concerted actions of various governments. But the mechanisms of such a "bank" are (I think) independent of the possibility of reliability of a future digital currency. (And of course, there's a lot such a "bank" could do before getting shut down.) The tough thing (or perhaps not..someone here must surely know) is the possibility of lending money to persons who are unidentified in "meatspace". (But then again, even in the non-Cyber world, 'meatspace' is very rarely an issue when lending money...it all boils down to credit records anyway...) > >But do we need a bank? I'd guess we need an issuer, but why can't it be a >distributed issuer without central control (or even distributed control?)? >Can't the protocol deal with the problem of issue? > >(We'd have to write a damn good one, of course) > >-- >Peter Fairbrother > >bear wrote: > > > > > > > On Thu, 5 Dec 2002, Peter Fairbrother wrote: > > > >> OK, suppose we've got a bank that issues bearer "money". > >> > >> Who owns the bank? It should be owned by bearer shares, of course. > >> > >> Can any clever person here devise such a protocol? > > > > I thought about this problem for several months. > > > > The problem I kept running into and had no way around is that if the > > holders are truly anonymous, then there is no way for them to seek > > redress for fraudulent issue or fraudulent transactions. If the > > banker goes broke, people want to be able to make a claim against the > > banker's future earnings for whatever worthless currency they were > > holding when it happened, and they cannot do that from a position of > > anonymity. People want a faithless banker punished, meaning jail time > > or hard labor, not just burning a nym. > > > > The sole method for any truly anonymous currency to acquire value is > > for the banker to promise to redeem it for something that has > > value. So the banker, if it's to have a prayer of acceptance, cannot > > be anonymous. > > > > And the minute the banker's not anonymous, the whole system is handed > > on a platter to the civil authorities and banking laws and so on, and > > then no part of the system can be reliably anonymous because the > > entire infrastructure of our legal system requires identity. > > > > Look at the possibilities for conflict resolution. How can the > > anonymous holder of an issued currency prove that he's the beneficiary > > to the issuer's promise to redeem, without the banker's cooperation > > and without compromising his/her anonymity? And if s/he succeeded in > > proving it, who could force an anonymous banker to pay up? And if you > > succeeded in making the banker pay up, how could the banker prove > > without the cooperation of the payee that the payment was made and > > made to the correct payee? > > > > We use a long-accepted fiat currency, so we're not used to thinking > > about the nitty-gritty details that money as an infrastructure > > requires. It is hidden from us because our currency infrastructure has > > not broken down in living memory. We shifted from privately issued > > currency to government-issued currency largely without destabilizing > > the economy. Then once people were accustomed to not thinking of a > > promise to redeem as being the source of value, we went off the gold > > standard. Our economy hasn't broken yet, but you have to realize that > > this situation is a little bizarre from the point of view of currency > > issue. We're not thinking anymore about the promise to redeem > > currency for something of value, and the implications of failure to > > honor that promise, because we live in a sheltered and mildly bizarre > > moment in history where those things haven't been relevant for a long > > time to the currency we use most. But any new currency would have to > > have a good solid solution for that issue. > > > > The only way I found to decentralize the system, at all, was the model > > where all the actors are pseudonymous rather than anonymous, each user > > has the power to issue currency, and different issued currencies were > > allowed to fluctuate in value against each other depending on the > > degree of trust or value of the underlying redemption commodity. > > Money becomes a protocol and a commodity and labor exchange in raw > > form, rather than a simple sum - it's back to the barter system. > > > >> I'd guess that all the Bank's finances should be available to anyone >who > >> asks. That should include an accounting of all the "money" issued. And >not > >> be reliant on one computer to keep the records. > > > > An interesting idea, but it more or less prohibits offline > > transactions involving a currency issue. It also means the entire > > market must be finite and closed. > > > >> Or the propounders wanting to: make a profit/control the bank? > > > > I do not think that there are profits to be made as an issuer of > > anonymous or hard-pseudonymous money. That's one of the reasons I > > advocate the "everyone is potentially a mint" model -- the expenses of > > issue, and the cost of doing business uphill against trust until one's > > issue is trusted, should be shared in something like equal proportions > > by people who undertake it voluntarily. > > > > Bear _________________________________________________________________ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail From levitte at openssl.org Sun Dec 8 12:55:39 2002 From: levitte at openssl.org (Richard Levitte - VMS Whacker) Date: Sun, 08 Dec 2002 21:55:39 +0100 (CET) Subject: [ANNOUNCE] OpenSSL 0.9.6h released Message-ID: <20021208.215539.34764527.levitte@openssl.org> OpenSSL version 0.9.6h release correction ========================================= A small packaging fault was just discovered. In crypto/opensslv.h, the macro OPENSSL_VERSION_NUMBER has the value 0x00906080L when it should really be 0x0090608fL. The cause of this fault was a tagging error in our CVS repository. To solve this issue, the faulty has been corrected, and we have rebuilt the 0.9.6h distribution. The 0.9.6h [engine] distribution is unaffected by this. The corrected distribution is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ The distributed file name is: o openssl-0.9.6h.tar.gz MD5 checksum: 1a0c2bee9f6b0af95ce65106462411f5 The checksum was calculated using the following commands: openssl md5 < openssl-0.9.6h.tar.gz Additionally, for those who don't really want to reload a full distribution, the following very small patch file is available: o openssl-0.9.6h.BOGUS-0.9.6h.patch Yours, The OpenSSL Project Team... Mark J. Cox Ben Laurie Andy Polyakov Ralf S. Engelschall Richard Levitte Geoff Thorpe Dr. Stephen Henson Bodo Möller Lutz Jänicke Ulf Möller --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From bill.stewart at pobox.com Sun Dec 8 21:56:18 2002 From: bill.stewart at pobox.com (Bill Stewart) Date: Sun, 08 Dec 2002 21:56:18 -0800 Subject: Photographer Arrested For Taking Pictures Of Vice President'S Hotel In-Reply-To: <3DF3A680.8030201@tweakt.net> References: <1039312116.18153.3.camel@numbers> Message-ID: <5.1.1.6.2.20021208215340.02b413a8@idiom.com> At 03:07 PM 12/08/2002 -0500, Mark Renouf wrote: >jet wrote: >>At 20:48 -0500 2002/12/07, Myers W. Carpenter wrote: >> >>>http://www.2600.com/news/display/display.shtml?id=1441 >>> >>>PHOTOGRAPHER ARRESTED FOR TAKING PICTURES OF VICE PRESIDENT'S HOTEL >>>Posted 5 Dec 2002 06:03:48 UTC > >One major issue is these days, the laws have become so >incredibly complicated that the average citizen isn't confident >in their knowledge of the law, let alone most that enforce it. There are a couple of laws that are universal. One of them is "Don't Annoy The Cops". While occasionally you can violate this by accident, because there's some thing the cops are doing that you didn't expect, or because their paranoia or grouchiness levels have recently increased, but usually you know when you're going to violate it. That doesn't mean that you shouldn't do it, just that you shouldn't be surprised. From eugen at leitl.org Sun Dec 8 13:01:10 2002 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 8 Dec 2002 22:01:10 +0100 (CET) Subject: [p2p-hackers] RESCHEDULE: (SF Bay Area) South Bay PeerPunks meeting (fwd) Message-ID: ---------- Forwarded message ---------- Date: Sun, 8 Dec 2002 13:42:45 -0800 (PST) From: James D. Levine To: p2p-hackers at zgp.org Subject: [p2p-hackers] RESCHEDULE: (SF Bay Area) South Bay PeerPunks meeting Several people have written to remind me that PeerPunks will conflict with the Creative Commons reception. That's worth rescheduling for, so please note the change- Tuesday December 17, 7pm onward James ------ The second monthly...er, semi-annual South Bay PeerPunks meeting will convene Tuesday December 17 - that's a week from next Tuesday at the time/place below. PeerPunks is just my clever name for the Silicon Valley contingent of p2p enthusiasts, hackers, well-wishers, etc. who can't make it up to Bram's monthly meeting in SF on a regular basis. Any and all are welcome, so please come and join in... If you don't know what I look like, just look for the guy in the red EFF "Fair Use Has A Possee" t-shirt. See you there and then. James Where: Dana Street Roasting Company 744 W Dana St, Mountain View,CA 94041 Phone: (650) 390-9638 This is just 1/2 block off Castro St. When: 7:00 pm onward, Tuesday December 17 -- _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers From wife at blackplanet.com Sun Dec 8 07:38:08 2002 From: wife at blackplanet.com (wife ) Date: Sun, 08 Dec 2002 23:38:08 +0800 Subject: Border Message-ID: <20021208153809.2889.qmail@blackplanet.com> Hi, Thanks. But, I couldn't pull up text or graphics. Would you resend your letter to me at: wife at blue.weeg.uiowa.edu! See ya then. Wo ----- Original Message ----- From: cypherpunks Date: Tue, 3 Dec 2002 19:42:08 -0500 (EST) To: wife at BlackPlanet.com Subject: Border -- _______________________________________________ Get your free email from http://www.BlackPlanet.com/ The World is Yours Powered by Outblaze From bill.stewart at pobox.com Mon Dec 9 00:57:11 2002 From: bill.stewart at pobox.com (Bill Stewart) Date: Mon, 09 Dec 2002 00:57:11 -0800 Subject: DBCs now issued by DMT In-Reply-To: References: Message-ID: <5.1.1.6.2.20021209005338.04aafc90@idiom.com> At 02:17 AM 12/05/2002 +0000, Peter Fairbrother wrote: >OK, suppose we've got a bank that issues bearer "money". >Who owns the bank? It should be owned by bearer shares, of course. Why? >Or the propounders wanting to: make a profit/control the bank? There are two main reasons honest people start banks - - either they want to make a profit / gain control / etc. - or else they want to get banking services with some predictability they're not finding in the commercial market, e.g. in the US, this is a Credit Union, or in many cultures, this is some family or private group that lends money to each other. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From tcmay at got.net Mon Dec 9 09:17:46 2002 From: tcmay at got.net (Tim May) Date: Mon, 9 Dec 2002 09:17:46 -0800 Subject: Photographer Arrested For Taking Pictures Of Vice President'S Hotel In-Reply-To: Message-ID: <22B0C7E7-0B9A-11D7-8CF2-0050E439C473@got.net> On Monday, December 9, 2002, at 06:56 AM, Tyler Durden wrote: > "Frankly, millions of these fascists need a simple solution: a tree, a > horse, and a rope." > > Damn. If it gets to the point where I'm a terrorist because some local > warlord doesn't like me (or thinks I disrespect his authority), then > "might makes right" is all that will be left. Anyone in the U.S. can be declared an "enemy combatant" and vanished away from lawyers, habeas corpus, the 6th Amendment, and any semblance of the system of liberty we sort of had at one time. > > In a way, the potential and impending truth of Tim May's statement is > for a me a motivator to continue to promote strong crypto, ubiquitous > Wi-Fi, "BlackNet", and so on. Hopefully it won't come down to the > above. It's mildly amusing to watch your months-long transition from newcomer to believer that crypto provides the tools for sabotaging the State and protecting real liberty. --Tim May "If I'm going to reach out to the the Democrats then I need a third hand.There's no way I'm letting go of my wallet or my gun while they're around." --attribution uncertain, possibly Gunner, on Usenet From camera_lumina at hotmail.com Mon Dec 9 06:56:39 2002 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 09 Dec 2002 09:56:39 -0500 Subject: Photographer Arrested For Taking Pictures Of Vice President'S Hotel Message-ID: "Frankly, millions of these fascists need a simple solution: a tree, a horse, and a rope." Damn. If it gets to the point where I'm a terrorist because some local warlord doesn't like me (or thinks I disrespect his authority), then "might makes right" is all that will be left. In a way, the potential and impending truth of Tim May's statement is for a me a motivator to continue to promote strong crypto, ubiquitous Wi-Fi, "BlackNet", and so on. Hopefully it won't come down to the above. _________________________________________________________________ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 From declan at well.com Mon Dec 9 07:52:13 2002 From: declan at well.com (Declan McCullagh) Date: Mon, 09 Dec 2002 10:52:13 -0500 Subject: "Drug czar" McCaffrey cashes in as homeland-security lobbyist Message-ID: <5.1.1.6.0.20021209105120.019cdca8@mail.well.com> http://www.rollcall.com/pages/columns/hoh/ Seeing Green. The latest person to take the well-traveled path from Capitol Hill to greater riches on K Street is Dan Turton, floor assistant for outgoing House Minority Leader Richard Gephardt (D- Mo.). Turton has singed up with Timmons & Co., which has also snapped up Alan Hoffman, chief of staff to Sen. Joseph Biden (D-Del.). At a grave time for the airline industry, meanwhile, American Airlines has tapped Daniel Elwell to serve as managing director of international and governmental affairs. Taking a more unconventional path to the lobbying industry, Elwell is a veteran company pilot. That led to the inevitable quip in a company press release that he is "equally at ease navigating a bill through Congress as he is a 767 across the country." Fleishman-Hillard, meanwhile, has signed up the former drug czar, retired Gen. Barry McCaffrey, to launch a new homeland security practice at the public relations behemoth. Three members of the firm's international advisory board - former Defense Secretary William Cohen, ex-Speaker Newt Gingrich (R-Ga.) and former Health and Human Services Secretary Louis Sullivan - will provide "strategic counsel"to the new practice. And Thomas Wheeler, president and CEO of the Cellular Telecommunications & Internet Association, has been elected president of the board of directors of the Foundation for the National Archives. From pelcak at earthlink.net Mon Dec 9 09:42:18 2002 From: pelcak at earthlink.net (Greg Pelcak) Date: Mon, 9 Dec 2002 11:42:18 -0600 Subject: Akamai In-Reply-To: <20021209145221.GA16281@cybershamanix.com> Message-ID: <8FF0F90D-0B9D-11D7-9954-000393B92858@earthlink.net> On Monday, December 9, 2002, at 08:52 AM, Harmon Seaver wrote: > Anyone know anything about Akamai (www.akamai.com, also > akamaitechnologies.com)? Most of the experience I have with Akamai is with them hosting high-traffic websites with geographically distributed servers. I thought they had mostly gone bust, but it's possible they're still doing it. A lot of websites a couple years ago talked about being "akamaized", meaning that they had their site hosted by akamai to allow for good server response time all around the country. From eresrch at eskimo.com Mon Dec 9 12:01:29 2002 From: eresrch at eskimo.com (Mike Rosing) Date: Mon, 9 Dec 2002 12:01:29 -0800 (PST) Subject: Photographer Arrested For Taking Pictures Of Vice President'S Hotel In-Reply-To: <03e4410677073dc5cc4e66f7225eb4ea@nox.lemuria.org> Message-ID: On Mon, 9 Dec 2002, Anonymous wrote: > > It already has. And the hell with the horses -- tie the other end of the rope > to a fast car. That would give a new meaning to "drawn and quartered". There's a lot of bureaucrats who need that performed on them. Patience, persistence, truth, Dr. mike From mdpopescu at subdimension.com Mon Dec 9 03:23:44 2002 From: mdpopescu at subdimension.com (Marcel Popescu) Date: Mon, 9 Dec 2002 13:23:44 +0200 Subject: Money is about expected future value....nothing more, nothing less References: <143D1B96-0AD7-11D7-8CF2-0050E439C473@got.net> Message-ID: <017201c29f75$6f6623b0$0300a8c0@mark> From: "Tim May" > Mark cited the Bank of England, not U.S. law. I don't know what British > law is in this regard. It does appear that the law in England is not as "demanding" as I believed: http://www.bankofengland.co.uk/banknotes/legaltender.htm <> Mark From sunder at sunder.net Mon Dec 9 10:28:34 2002 From: sunder at sunder.net (Sunder) Date: Mon, 9 Dec 2002 13:28:34 -0500 (est) Subject: If this be terrorism make the most of it! In-Reply-To: <7DEE9803-0A1B-11D7-8CF2-0050E439C473@got.net> Message-ID: On Sat, 7 Dec 2002, Tim May wrote: > Siliness, compounded. Show me a law about "obligatory cameras in > cybercafes." It's silly now. A few years back, the spook said that the NSA doesn't spy on US citizens and won't because that was not its charter. From schear at attbi.com Mon Dec 9 14:29:35 2002 From: schear at attbi.com (Steve Schear) Date: Mon, 09 Dec 2002 14:29:35 -0800 Subject: Fwd: Jon Johansen charged with "hacking his own PC" Message-ID: <5.1.0.14.2.20021209142808.043e0c48@mail.attbi.com> [Another example of how desperate and morally bankrupt Hollywood has become.] >From: "Cory Doctorow" >Mailing-List: list boingboing-mailblog at yahoogroups.com; contact >boingboing-mailblog-owner at yahoogroups.com >Delivered-To: mailing list boingboing-mailblog at yahoogroups.com >Date: Fri, 06 Dec 2002 23:26:50 -0800 >Subject: [Boing Boing Blog] DVD hacker on trial in Norway on Monday >Reply-To: boingboing-mailblog-owner at yahoogroups.com > > > My Groups | >boingboing-mailblog Main >Page > >Jon Johansen, the Norweigan teenager who helped crack the crypto on DVDs so >that he could watch out-of-region disks on his PC, is facing charges on >Monday in Norway. I asked a lawyer-friend about this today: if Norgeigan >law doesn't have the "anti-circumvention" stuff that the American DMCA has, >what has Jon been charged with? It turns out that the MPAA insisted that >Jon be prosecuted and that the best the Norweigan prosecutors could come up >with is a statute forbidding intruding on a computer, so they charged him >with hacking his own PC. >Link >Discuss > >-- >Posted by Cory Doctorow to Boing Boing Blog at >12/6/2002 11:26:49 PM "A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the Public Treasury. From that moment on, the majority always votes for the candidate promising the most benefits from the Public Treasury with the result that a democracy always collapses over loose fiscal policy always followed by dictatorship." --Alexander Fraser Tyler From schear at attbi.com Mon Dec 9 16:52:00 2002 From: schear at attbi.com (Steve Schear) Date: Mon, 09 Dec 2002 16:52:00 -0800 Subject: Digital Bearer Settlements Wiki Message-ID: <5.1.0.14.2.20021209164537.043af9c0@mail.attbi.com> Haven't seen this discussed here. steve "A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the Public Treasury. From that moment on, the majority always votes for the candidate promising the most benefits from the Public Treasury with the result that a democracy always collapses over loose fiscal policy always followed by dictatorship." --Alexander Fraser Tyler From tcmay at got.net Mon Dec 9 20:08:56 2002 From: tcmay at got.net (Tim May) Date: Mon, 9 Dec 2002 20:08:56 -0800 Subject: Digital Bearer Settlements Wiki In-Reply-To: Message-ID: <1A619775-0BF5-11D7-8CF2-0050E439C473@got.net> On Monday, December 9, 2002, at 07:29 PM, R. A. Hettinga wrote: > At 4:52 PM -0800 on 12/9/02, Steve Schear wrote: > > >> Haven't seen this discussed here. > > Meaning there is one, or you want to start one? SSShhh!, everyone! Don't tell Bob about Wikis and Blogs, else we'll be inundated with a dozen Wikis and Blogs like "Insta-Clearing Wiki," "Digifrancsblog," "Philodex Wiki," "Bearer Blog," and all the other cruft. > --Tim May "You don't expect governments to obey the law because of some higher moral development. You expect them to obey the law because they know that if they don't, those who aren't shot will be hanged." - -Michael Shirley From shamrock at cypherpunks.to Tue Dec 10 01:37:22 2002 From: shamrock at cypherpunks.to (Lucky Green) Date: Tue, 10 Dec 2002 01:37:22 -0800 Subject: Photographer Arrested For Taking Pictures Of Vice President'S Hotel In-Reply-To: <3DF47684.8790.B1EF3D@localhost> Message-ID: <00c301c2a02f$c0167700$6401a8c0@VAIO650> James A. Donald wrote: > In general wars lead to a major temporary reduction in liberty, > but a smaller permanent reduction in liberty. Unfortunately > the war on terror will probably never end, so there will be no > recovery. I heard some governmental official on the radio the other day (I paid attention too late to catch the name) that the War on Terrorism should be won in about 60 years, at which point the American citizens would see their civil liberties returned. Obviously, only traitors, agitators, and other enemy combatants would make the outrageous claim that this war will likely last perpetually. --Lucky From ptrei at rsasecurity.com Tue Dec 10 07:03:58 2002 From: ptrei at rsasecurity.com (Trei, Peter) Date: Tue, 10 Dec 2002 10:03:58 -0500 Subject: The trend toward "signing away rights" Message-ID: > Tim May[SMTP:tcmay at got.net] wrote [...] > Last night had a plot device on "The Practice" (a generally bad > show...I ought to stop watching) where nearly all residents in an > upscale burbclave had signed a pledge--reminiscent of my opening > point--where owners of cars would invite the police to stop their cars > and search them without a warrant of any kind, without even today's lax > probable cause. Obedient citizen-units would place a bumper sticker on > their vehicles giving up their Fourth Amendment expectations of being > secure in their papers and possessions. Those who didn't have the > bumper sticker, well, there are a _lot_ of cops out there with nothing > better to do between donut breaks than to stop cars without stickers > for "suspicious reasons." > > (I wonder what would happen if a bumper sticker said "I support the > Fourth Amendment. Just in case you don't, I have a gun.") > Reality precedes fiction. Around Boston I sometimes see cars with an odd little sticker in the back window, white, round, with a stylized blue car in the top half (it can also be read as the face of someone wearing a fedora, peering out from under the brim). If you put one of these stickers on your car, you are giving the police permission to pull the car over without probable cause if they find it on the road late at night (1am-5am, or something like that), just to check that all is in order. I think it's being promoted as an anti-theft tool. I prefer the "This car protected by Smith & Wesson" stickers. "They that give up essential liberties to obtain temporary safety will soon have neither libery or safety." Peter Trei From tcmay at got.net Tue Dec 10 10:36:34 2002 From: tcmay at got.net (Tim May) Date: Tue, 10 Dec 2002 10:36:34 -0800 Subject: The trend toward "signing away rights" In-Reply-To: Message-ID: <4F0CA25D-0C6E-11D7-8CF2-0050E439C473@got.net> On Tuesday, December 10, 2002, at 07:03 AM, Trei, Peter wrote: > Reality precedes fiction. Around Boston I sometimes see > cars with an odd little sticker in the back window, white, round, > with a stylized blue car in the top half (it can also be read as > the face of someone wearing a fedora, peering out from under the > brim). > > If you put one of these stickers on your car, you are giving the > police permission to pull the car over without probable cause if > they find it on the road late at night (1am-5am, or something like > that), just to check that all is in order. > > I think it's being promoted as an anti-theft tool. This figures, that Boston is involved, as "The Practice" is set in Boston. The writers try to use local news to shape the stories they tell, as with the "ripped from the headlines" themes of other programs. And this really does raise some interesting issues which need exploration, here as well as on t.v. For example, to a kind of pure libertarian, signing away rights is permissible. Employees at corporations do it every day, and always have. Many libertarians would even support selling oneself into slavery (perhaps to pay for some operation or to provide for one's children.) And indentured servitude is easy to support. Signing away rights is also common in certain residential communities, where the local rules ("CC&Rs") may restrict all sort of activities. However, when it is government one signs rights away to, and when there are issues of what happens to those who DON'T have the "Mr. Policeman is Your Friend!" sticker on their cars, the issues are no longer about voluntarism. Vernor Vinge could probably write some good stories around these themes. --Tim May From camera_lumina at hotmail.com Tue Dec 10 09:01:32 2002 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 10 Dec 2002 12:01:32 -0500 Subject: [2600.com] Update On The Mike Maginnis Story Message-ID: eJazeera, Baby! That guy should have had a tiny laptop or something that could wisk those images off the moment an 802.l1 port was detected. (Actually, it should wisk off a copy of the photos EVERY time an 802.11 port is detected!) In addition, wouldn't it be great if he had actually had a digital camera that had the capability to auto-upload the images when sensing a WiFi link? (And since I'm wishing, perhaps it could take photographs automatically when handled...) This could result in the ironic possibility that the authorities themselves might (inadvertantly) cause the uploads, perhaps even with photos of their faces staring into the (live) camera they are examining. >From: Myers Carpenter >To: cypherpunks >Subject: [2600.com] Update On The Mike Maginnis Story >Date: 10 Dec 2002 11:35:30 -0500 > >[ the radio interview with this guy can be found here: > http://www.2600.com/offthehook/rafiles/2002/120402.mp3 ] > >http://www.2600.com/news/display/display.shtml?id=1455 > >UPDATE ON THE MIKE MAGINNIS STORY >Posted 10 Dec 2002 08:15:20 UTC > >2600 has received a tremendous amount of correspondence regarding the >December 4th edition of "Off The Hook," and the news article that >followed, in which Mike Maginnis told his story of harassment by the >Secret Service. > >Although many readers find Maginnis's story highly believable, others >have criticized the article due to a lack of corroborating evidence. It >is true that Maginnis was given no paperwork in relation to his ordeal, >and so far no one has come forward as a witness to Maginnis's arrest >across from the Adams Mark Hotel in Denver. > >Quite a number of people have written in with similar stories of >harassment for taking pictures of everything from trains to motorcades >to public buildings. Others have expressed a degree of skepticism, some >even accusing us of all kinds of things from being anti-American to >engaging in shoddy journalism. As much as we disagree and find offense >in such statements, we actually understand much of the feeling behind >such anger. We believe this outrage is a not-so-distant relative of the >outrage that we feel when we report on stories like the Maginnis case. >In this instance, those who chose not to believe the story aimed their >anger at us for saying something they found offensive. And that's >something we can agree with - it WAS offensive. The difference is that >we also believe it was real. > >We think it's right to be skeptical when reading any news account and >that we should be treated no differently. We'd like to think that every >story reported on in the mainstream media is questioned thoroughly, >although we all know this is rarely the case. In the end, whether it's >2600 or Time, the decision on whether there is truth in a report lies >with the reader. > >This story has been frustrating for us because - like those who have >sent us mail - we want there to be a smoking gun, some way of proving >beyond any reasonable doubt that the events told to us by Mike Maginnis >were completely accurate. As is often the case in a story of injustice, >particularly when that injustice involves law enforcement, we're often >left with a solitary voice calling attention to it. When that happens, >we're faced with a difficult decision - do we not devote any attention >at all to what happened because there wasn't a crowd of witnesses? Or do >we give the person an opportunity to be heard and base our conclusions >on what they say and how they respond to questions, along with some >rudimentary fact checking? In this instance, we chose the latter and we >have no regrets at all for doing so. We believe the story is accurate >for a number of reasons. > > * First off, very little can be gained from making such accusations >against law enforcement in the town where you live. It's almost >literally like painting a big target on your back. And we all know what >happens when you piss off the Secret Service. It's unlikely someone >would put themselves in this position unless they were either completely >insane or telling the truth. At the very least, Maginnis stands to be >ridiculed for claiming to be detained by police when they deny ever >having had him in custody. > > * We were unable to find any holes or inconsistencies in the story >as Maginnis told it when interviewed on our radio program. Not one >person who has written in has been able to either. In his firsthand >account of his experience, Maginnis comes across as highly credible. We >encourage all readers to listen to the December 4th edition of "Off The >Hook," and make a personal judgment as to his credibility. Maginnis was >also completely up front about previously getting into trouble for >trespassing. That admission alone could risk his being labeled as a >troublemaker who deserved what he got. But if he wasn't telling the >truth about what happened last week, why make that admission in the >first place? > > * Maginnis has intentionally not spoken to other news media. If he >was seriously pursuing any type of political or social cause, speaking >to the major media would have been the next logical step after 2600. >There are a number of news organizations attempting to contact Maginnis >through us but he has requested that his privacy not be invaded any >further. > > * Most importantly, it's a very believable scenario. As mentioned >above, we've gotten reports of all sorts of similar encounters. They >include a man being threatened with arrest by a Secret Service agent in >front of the same hotel for overtly attempting to photograph the agent. >We've been aware of other such occurrences well before this story broke. >Those who believe such an event cannot happen in our country have simply >not been paying attention to what's been going on. It seems a foregone >conclusion that the United States is heading in a direction of increased >civil rights abuses. The case of Jose Padilla illustrates just how easy >it is to bypass due process these days. > >Now let's turn the tables and examine the other side. We contacted both >the Denver Police and the Secret Service to find out if the story was >true. They both took our information and neither of them ever got back >to us. Their silence has been deafening and it's perhaps the most >significant statement they could have made. > >We realize that there will still be people who remain unconvinced. And >so we hereby invite them to help us get to the bottom of this by proving >us wrong: The Vice President is always staying somewhere and one day >he's certain to stay somewhere near you. When that happens, simply go >down to the hotel he's staying at and take as many pictures as you can. >Be sure to photograph the snipers and the military guard as well. When >we receive pictures proving that we do indeed have the right to take >photos of public places while standing in a public place, we will be >more than happy to make that known. We will also welcome and make public >any correspondence from appropriate law enforcement agencies who wish to >say for the record that such freedoms will not be challenged in the >future. > >As it's now gotten to the point where Mike Maginnis is being harassed at >his home and even his parents are getting calls from reporters, he is >now rightfully asking to just be left alone. It took a great deal of >courage to speak out in the first place and we hope that the nightmare >he's lived through has come to an end. For the rest of us, keeping our >eyes open has never been so important. > >As always, we welcome your critiques and input. You can send mail to the >radio show at oth at 2600.com or to our website at webmaster at 2600.com. All >tips will be treated as confidential. _________________________________________________________________ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail From mdpopescu at subdimension.com Tue Dec 10 03:06:40 2002 From: mdpopescu at subdimension.com (Marcel Popescu) Date: Tue, 10 Dec 2002 13:06:40 +0200 Subject: Money is about expected future value....nothing more, nothing less References: <8622B1B5-0B99-11D7-8CF2-0050E439C473@got.net> Message-ID: <00ab01c2a03c$374d4d10$0300a8c0@mark> From: "Tim May" > Isn't this what I said? Yes, I agreed with you with regard to the law as it is in the UK. I corrected my mistake. Mark From mv at cdc.gov Tue Dec 10 14:08:08 2002 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 10 Dec 2002 14:08:08 -0800 Subject: 60 years to rights restoration Message-ID: <3DF665C8.29B0B01A@cdc.gov> > that the War on Terrorism should > be won in about 60 years, at which point the American citizens would > see > their civil liberties returned. Obviously, only traitors, agitators, > and > other enemy combatants would make the outrageous claim that this war > will likely last perpetually. None have yet commented that in 60 years, there will be no one left that remembers what things were like. If they do, maybe congress will quietly apologize to them and grant some hush money to the few survivors, following the Jap Internment Apology plan. --- Better put some ice on that, NYC From rah at shipwright.com Tue Dec 10 12:11:31 2002 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 10 Dec 2002 15:11:31 -0500 Subject: Digital Bearer Settlements Wiki In-Reply-To: <1039491120.1470.158.camel@numbers> References: <5.1.0.14.2.20021209164537.043af9c0@mail.attbi.com> <1039491120.1470.158.camel@numbers> Message-ID: At 10:32 PM -0500 on 12/9/02, Myers W. Carpenter wrote: > Apparently we still haven't. I was waiting to beef up the site with more > interesting bits and pieces, but you lot are welcome to have a look around. > > The link is: > > http://cryptomonkey.net/dbs/ > > And yes, I run the site. *That* is extremely cool. Thank you. Very much. We definitely need to crank up a full antecedents/precedents list of people who came before me on the internet bearer transaction idea though, including, but not limited to Nick Szabo, who you have, but also folks like the Agorics guys, Eric Hughes, Tim May, and so on. We can also link to the paper that David Wyatt of CREST did about internet bearer securities transactions, Richard Rahn's testimony before Congress on them, and so on. Not to mention all the stuff the E-language people did, including Ferex :-). Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From tcmay at got.net Tue Dec 10 18:51:22 2002 From: tcmay at got.net (Tim May) Date: Tue, 10 Dec 2002 18:51:22 -0800 Subject: Anonymous blogging In-Reply-To: Message-ID: <6ED1D93D-0CB3-11D7-8CF2-0050E439C473@got.net> On Tuesday, December 10, 2002, at 05:40 PM, Nomen Nescio wrote: > > But cypherpunks isn't that great a forum for publishing ideas. Take a > look at http://www.inet-one.com/cypherpunks/current/maillist.html to > see the unfiltered list feed. Sure, no subscriber with half a clue > actually sees it like this, but that's how it looks to the outside > world. > It's tough to find the nuggets of enlightenment buried amongst the > crap. Reading an unfiltered feed these days is like watching television without a mute button, without a channel change button, without a PVR. In other words, reading an unfiltered feed is a lot like watching television in 1970, when changing the channel meant getting up and walking over to turn a crude knob, when junk and spam was unavoidable. > > I'd like to start publishing a blog. But of course given the > sensitivity > of my position and the boldness of my arguments, it's important that > there be strong anonymity protection. Blogs without active feedback are just rants. You may find yourself ranting to a handful of people you'll never know, never hear from. Boring. And as boring and low-volume as Cypherpunks has become, this is true for most lists. So many proliferated lists, blogs, newsgroups, chat forums, Yahoo groups.... (You could do the Hettinga thing and post to 7 of your own lists, but this is considered tacky in civilized places.) Offhand, I can think of several ways to do an anonymous blog...posting to alt.anonymous.messages, for starters. Same ability to do stream of conscious writing. Sure, the "immediacy" of some blogs is missing, but posting to Usenet can propagate in tens of minutes, which is comparable to most blogs. And adding anonymity through remailers makes an anonymous blog no more responsive than posting via a mail-to-Usenet gateway. But the best way would of course be to use a standard Web proxy. Such things have been out for several years. --Tim May From jamesd at echeque.com Tue Dec 10 19:54:20 2002 From: jamesd at echeque.com (James A. Donald) Date: Tue, 10 Dec 2002 19:54:20 -0800 Subject: Anonymous blogging In-Reply-To: Message-ID: <3DF6466C.6435.7C610A9@localhost> -- On 11 Dec 2002 at 2:40, Nomen Nescio wrote: > But cypherpunks isn't that great a forum for publishing > ideas. Take a look at > http://www.inet-one.com/cypherpunks/current/maillist.html to > see the unfiltered list feed. Sure, no subscriber with half > a clue actually sees it like this, but that's how it looks to > the outside world. In a way, Mathew's and Choate's attack upon the list has done us a favour. The list is now effectively restricted to those with the will and ability to use filters, which raises the required intelligence level. For a while Mathew kept changing his email address, which led me to consider hunting him down and remonstrating him in person on my next visit to Australia, but now he holds it constant, so he and Choate are only a problem for idiots. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 3zalEmgDfRHRR2dLaPYt11ySXtkp1DlrxQ7JjK3t 4lTIAXG7p/FelDNPyrw1C62lPQej1gALsHiPdxIbJ From rah at shipwright.com Tue Dec 10 17:01:37 2002 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 10 Dec 2002 20:01:37 -0500 Subject: 60 years to rights restoration In-Reply-To: <3DF665C8.29B0B01A@cdc.gov> References: <3DF665C8.29B0B01A@cdc.gov> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 2:08 PM -0800 on 12/10/02, Major Variola (ret) wrote: > None have yet commented that in 60 years, there will be no one left > that remembers > what things were like. One of my favorite cypherpunk gedankenexperiments from the old days had to do with what could be called tradition. I hope I remember it right. I also hope there's an original source out there for this, it would be nice to know. Can't find it in google, much less the cypherpunk archives, and, generally, it's kind of hard to get the gist of a whole story like this out of google anyway... 1. Put a bunch of gorillas in a cage. 2. Put a nice stack of boxes in the cage. 3. Then, string a big bunch of bananas from the top of the cage hanging within arm's reach from the top of the stack of boxes. (3a. Okay, put the gorillas in last, or you'll never get to steps 1 and 2 :-).) 4. When the first gorilla climbs to the top of the boxes to grab the bananas, do something extremely unpleasant to all the gorillas, like, say, deluging them with icy water from sprinklers at the top of the cage, or something. Pretty soon, they stop climbing the boxes completely. 5. Then, replace the one gorilla. Watch the others physically restrain him if he tries to go for the bananas. Repeat 5 until all the gorillas have been replaced. 6. The gorillas will physically assault anyone who climbs the pyramid, and they won't know why. :-). Now, I bet this "experiment" won't yield to actual empirical testing, all mammals, including us, are either not that stupid, or, I suppose, not that smart, but you get the point.... Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 - not licensed for commercial use: www.pgp.com iQA/AwUBPfaOZsPxH8jf3ohaEQLynwCg1abG3e+mEVA9nPEEmUNECwh+pj4AnA3k PIR9BnGJOLn8TzOAahZQ8r/I =qZe5 -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From nobody at dizum.com Tue Dec 10 12:20:11 2002 From: nobody at dizum.com (Nomen Nescio) Date: Tue, 10 Dec 2002 21:20:11 +0100 (CET) Subject: Hooray for TIA Message-ID: <14b3a4f84d30213bcd0ab7d7caaafcb0@dizum.com> [I'm not happy with the tone of this, but I'm forwarding it as privacy politics is pretty clearly on topic... --Perry] For years we cypherpunks have been telling you people that you are responsible for protecting your own privacy. Use cash for purchases, look into offshore accounts, protect your online privacy with cryptography and anonymizing proxies. But did you listen? No. You thought to trust the government. You believed in transparency. You passed laws, for Freedom of Information, and Protection of Privacy, and Insurance Accountability, and Fair Lending Practices. And now the government has turned against you. It's Total Information Awareness program is being set up to collect data from every database possible. Medical records, financial data, favorite web sites and email addresses, all will be brought together into a centralized office where every detail can be studied in order to build a profile about you. All those laws you passed, those government regulations, are being bypassed, ignored, flushed away, all in the name of National Security. Well, we fucking told you so. And don't try blaming the people in charge. You liberals are cursing Bush, and Ashcroft, and Poindexter. These laws were passed by the entire U.S. Congress, Republicans and Democrats alike. Representatives have the full support of the American people; most were re-elected with large margins. It's not Bush and company who are at fault, it's the whole idea that you can trust government to protect your privacy. All that data out there has been begging to be used. It was only a matter of time. And you know what? It's good that this has happened. Not only has it shown the intellectual bankruptcy of trust-the-government privacy advocates, it proves what cypherpunks have been saying all along, that people must protect their own privacy. The only way to keep your privacy safe is to keep the data from getting out there in the first place. Cypherpunks have consistently promoted two seemingly contradictory ideas. The first is that people should protect data about themselves. The second is that they should have full access and usability for data they acquire about others. Cypherpunks have supported ideas like Blacknet, and offshore data havens, places where data could be collected, consolidated and sold irrespective of government regulations. The same encryption technologies which help people protect their privacy can be used to bypass attempts by government to control the flow of data. This two-pronged approach to the problem produces a sort of Darwinian competition between privacy protectors and data collectors. It's not unlike the competition between code makers and code breakers, which has led to amazing enhancements in cryptography technology over the past few decades. There is every reason to expect that a similar level of improvement and innovation can and will eventually develop in privacy protection and data management as these technologies continue to be deployed. But in the mean time, three cheers for TIA. It's too bad that it's the government doing it rather than a shadowy offshore agency with virtual tentacles into the net, but the point is being made all the same. Now more than ever, people need privacy technology. Government is not the answer. It's time to start protecting ourselves, because nobody else is going to do it for us. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From ESavers at usairways.com Tue Dec 10 23:00:00 2002 From: ESavers at usairways.com (ESavers at usairways.com) Date: Wed, 11 Dec 2002 01:00:00 -0600 Subject: US Airways Domestic E-Savers Message-ID: <200212110854.gBB8s556032746@ak47.algebra.com> Dear E-Savers Subscriber, US Airways is pleased to present this weekend's Domestic E-Savers offers: ************************************************************ 1. This Weekend's Domestic E-Savers 2. Introducing E-Upgrades 3. Last-Minute Hotel Deals 4. Dividend Miles Offers 5. E-Savers Fare Requirements 6. Subscription Information ************************************************************ 1. THIS WEEKEND'S DOMESTIC E-SAVERS ************************************************************ We will not be offering Domestic E-Savers for travel during the weekends of Dec. 28 and Jan. 4 due to the upcoming holiday season. But you can still take advantage of other great travel deals at http://www.usairways.com/promotions Here are this week's E-Savers for travel departing Saturday, December 14 and returning Sunday, December 15; Monday, December 16; or Tuesday, December 17. For travel this weekend, make your reservations online at http://www.usairways.com/promotions/esavers/offers2.htm These special fares can also be purchased by calling 1-888-359-3728. Tickets must be purchased at the time of reservation. ROUNDTRIP FROM: TO: FARE: ------------------------------------------------------------- Albany, NY Pittsburgh, PA $128 Allentown, PA Pittsburgh, PA $118 Atlanta, GA Philadelphia, PA $128 (*) Atlanta, GA Pittsburgh, PA $128 (*) Baltimore, MD Charlotte, NC $138 Baltimore, MD Phoenix, AZ $198 (C) Baltimore, MD Pittsburgh, PA $128 Baton Rouge, LA Charlotte, NC $128 (#10) Birmingham, AL Charlotte, NC $138 Boston, MA Atlanta, GA $138 (C) Boston, MA Greensboro, NC $148 (*) (#6) Boston, MA Syracuse, NY $118 (#4) Boston, MA Pittsburgh, PA $138 (*) Boston, MA Charlotte, NC $148 (*) Buffalo, NY Boston, MA $128 (#6) Buffalo, NY New York LaGuardia, NY $118 (*) (#2) Buffalo, NY Memphis, TN $138 (C) Burlington, VT Philadelphia, PA $128 Charleston, SC Washington National, DC $128 (*) (#17) Charleston, SC Philadelphia, PA $128 (#9) Charlotte, NC Atlanta, GA $108 Charlotte, NC Boston, MA $148 (*) Charlotte, NC Dallas/Ft. Worth, TX $158 (*) Charlotte, NC Huntsville/Decatur, AL $128 (#10) Charlotte, NC Cincinnati, OH $138 (#17) Charlotte, NC Columbus, OH $138 (*) Charlotte, NC Indianapolis, IN $138 (*) Charlotte, NC Chicago O'Hare, IL $148 Charlotte, NC Jackson, MS $128 (#10) Charlotte, NC Syracuse, NY $138 (*) Charlotte, NC St. Louis, MO $148 Charlotte, NC Philadelphia, PA $148 Chicago O'Hare, IL Baltimore, MD $138 (C) Chicago O'Hare, IL Philadelphia, PA $148 (*) Chicago O'Hare, IL Pittsburgh, PA $138 Cincinnati, OH Philadelphia, PA $128 (#7) Cleveland, OH Charlotte, NC $138 Columbia, SC Boston, MA $148 (C) Columbus, OH Charlotte, NC $138 (*) Columbus, OH Philadelphia, PA $128 Dallas/Ft. Worth, TX Charlotte, NC $158 (*) Dallas/Ft. Worth, TX Philadelphia, PA $168 Dallas/Ft. Worth, TX Pittsburgh, PA $158 Denver, CO Raleigh/Durham, NC $188 (*) (C) Detroit, MI Charlotte, NC $158 Detroit, MI Washington National, DC $148 (C) Detroit, MI Philadelphia, PA $138 Ft. Lauderdale, FL Raleigh/Durham, NC $138 (C) Greensboro, NC Boston, MA $148 (*) (#6) Greensboro, NC Newark, NJ $148 (C) Greensboro, NC Philadelphia, PA $138 (*) Greenville/Spart., SC Philadelphia, PA $148 (#8) Greenville/Spart., SC Pittsburgh, PA $138 (#14) Harrisburg, PA Boston, MA $128 (#1) Hartford, CT Buffalo, NY $118 (#1) Hartford, CT Denver, CO $208 (C) Houston, TX Charlotte, NC $158 Houston, TX Pittsburgh, PA $158 (*) Indianapolis, IN Charlotte, NC $138 (*) Indianapolis, IN New York LaGuardia, NY $128 (#6) Indianapolis, IN Philadelphia, PA $138 Kansas City, MO Charlotte, NC $148 Lansing, MI Pittsburgh, PA $118 (#5) Manchester, NH Charlotte, NC $138 Manchester, NH Philadelphia, PA $138 Manchester, NH Washington National, DC $128 (*) (#18) Manchester, NH New York LaGuardia, NY $118 (#4) Miami, FL Baltimore, MD $148 (C) Miami, FL Philadelphia, PA $148 Miami, FL Charlotte, NC $148 Milwaukee, WI Boston, MA $148 (C) Milwaukee, WI Pittsburgh, PA $128 Milwaukee, WI Charlotte, NC $148 Minneapolis/St. Paul, MN Philadelphia, PA $158 Minneapolis/St. Paul, MN Raleigh/Durham, NC $148 (C) Nashville, TN Boston, MA $148 (C) Nashville, TN Philadelphia, PA $138 (*) New York LaGuardia, NY Boston, MA $128 New York LaGuardia, NY Greensboro, NC $148 (#6) New York LaGuardia, NY Baltimore, MD $118 (#1) New York LaGuardia, NY Buffalo, NY $118 (*) (#2) New York LaGuardia, NY Houston, TX $158 (C) New York LaGuardia, NY Pittsburgh, PA $128 (*) New York LaGuardia, NY Richmond, VA $108 (#2) New York LaGuardia, NY Norfolk, VA $118 (#3) Newark, NJ Chicago O'Hare, IL $138 (C) Newark, NJ Pittsburgh, PA $138 Norfolk, VA Philadelphia, PA $128 Orlando, FL Boston, MA $148 (C) Orlando, FL Pittsburgh, PA $158 Philadelphia, PA Atlanta, GA $128 (*) Philadelphia, PA Houston, TX $158 Philadelphia, PA Greensboro, NC $138 (*) Philadelphia, PA Tampa/St. Petersburg, FL $158 (*) Philadelphia, PA Louisville, KY $128 (#13) Philadelphia, PA Rochester, NY $118 Philadelphia, PA Chicago O'Hare, IL $148 (*) Philadelphia, PA Kansas City, MO $138 Philadelphia, PA Nashville, TN $138 (*) Philadelphia, PA Denver, CO $188 Philadelphia, PA Boston, MA $118 Phoenix, AZ Newark, NJ $198 (C) Pittsburgh, PA Atlanta, GA $128 (*) Pittsburgh, PA Boston, MA $138 (*) Pittsburgh, PA Cincinnati, OH $108 (#18) Pittsburgh, PA Denver, CO $208 Pittsburgh, PA Houston, TX $158 (*) Pittsburgh, PA Kansas City, MO $128 Pittsburgh, PA San Francisco, CA $218 (*) Pittsburgh, PA Norfolk, VA $128 Pittsburgh, PA New York LaGuardia, NY $128 (*) Pittsburgh, PA Greensboro, NC $138 (#12) Pittsburgh, PA Washington National, DC $138 Providence, RI Charlotte, NC $148 Providence, RI Pittsburgh, PA $138 Providence, RI Philadelphia, PA $118 Raleigh/Durham, NC Denver, CO $188 (*) (C) Raleigh/Durham, NC New York LaGuardia, NY $148 (#6) Richmond, VA Pittsburgh, PA $138 (#15) Rochester, NY Atlanta, GA $148 (C) Rochester, NY Charlotte, NC $138 Rochester, NY Washington National, DC $128 (#1) San Francisco, CA Baltimore, MD $218 (C) San Francisco, CA Pittsburgh, PA $218 (*) San Francisco, CA Philadelphia, PA $218 St. Louis, MO Charleston, SC $138 (C) Syracuse, NY Charlotte, NC $138 (*) Syracuse, NY New York LaGuardia, NY $118 (#4) Tampa/St. Petersburg, FL Charlotte, NC $138 Tampa/St. Petersburg, FL Chicago O'Hare, IL $158 (C) Tampa/St. Petersburg, FL Philadelphia, PA $158 (*) Washington Dulles, DC Kansas City, MO $148 (C) Washington National, DC Buffalo, NY $128 (#1) Washington National, DC Charleston, SC $128 (*) (#17) Washington National, DC Columbus, OH $138 (#11) Washington National, DC New York LaGuardia, NY $128 Washington National, DC Manchester, NH $128 (*) (#18) Washington National, DC Knoxville, TN $118 (#13) West Palm Beach, FL Washington National, DC $158 White Plains, NY Washington National, DC $118 (#16) White Plains, NY Pittsburgh, PA $118 (#11) Wilmington, NC Newark, NJ $138 (C) Roundtrip purchase required. (*) Indicates available for travel originating in either city (C) Indicates travel requires a connecting flight (#) Indicates travel is wholly on US Airways Express, served by the following carriers: 1. Allegheny 2. Allegheny/Chautauqua 3. Allegheny/Chautauqua/Colgan/Piedmont 4. Allegheny/Colgan 5. Allegheny/Shuttle America 6. Chautauqua 7. Chautauqua/Mesa 8. Chautauqua/Mesa/PSA 9. Chautauqua/PSA 10. Mesa 11. Mesa/Piedmont 12. Mesa/Piedmont/Trans States 13. Mesa/PSA 14. Mesa/PSA/Trans States 15. Mesa/Trans States 16. Piedmont 17. Piedmont/PSA 18. PSA Fares shown are based on roundtrip Coach travel on US Airways/US Airways Express, during the period specified above. Depending upon your travel needs, alternative routings may be available at the same fares, with part of the service on regional aircraft operated by US Airways Express carriers Allegheny, Air Midwest, Chautauqua, Colgan, Mesa, Piedmont, PSA, Shuttle America or Trans States. ************************************************************ 2. INTRODUCING E-UPGRADES ************************************************************ No more paper or waiting -- E-Upgrades make it easy for Dividend Miles members to upgrade on their next US Airways flight. E-Upgrades can be purchased for $50 each ($40 for Preferred members), and a minimum of one 500-mile E-Upgrade is debited per flight segment. You can even check in for your flight at any Self-Service Check-In kiosks when using an E-Upgrade. For more information, visit http://www.usairways.com/dm/eupgrades ************************************************************ 3. LAST-MINUTE HOTEL DEALS ************************************************************ US Airways has teamed up with hotels.com to offer E-Savers subscribers great discounts at hotels in this weekend's E-Savers destinations. Simply visit http://www.8002hotels.com/usairways/index.html and click on the E-Savers destination you're planning to visit. hotels.com will list a variety of hotels offering a wide range of rates for you to choose from. Book your room online or call hotels.com directly at 1-800-645-6144. Here's a sample of this week's special rates from hotels.com: Atlanta from $45 Baltimore from $59 Charlotte from $45 New York from $85 Tampa from $59 Washington DC from $55 ************************************************************ 4. DIVIDEND MILES OFFERS ************************************************************ Did you know you could earn thousands of Dividend Miles when you buy, sell, and/or finance your home or obtain an auto loan through LendingTree? It's one of the most generous mileage offers around. Visit http://www.lendingtree.com/usairways/default.asp?source=esavers for complete details. Already a Dividend Miles member? You can earn triple miles on every US Airways Shuttle flight you fly through December 31, 2002. Plus, your bonus miles will count towards earning Preferred status. Register before you take your next US Airways Shuttle flight at http://www.usairways.com/dividendmiles/5236.htm Reminder: Make sure your Dividend Miles account number is in your E-Savers reservation, so you can earn miles for worldwide award travel on US Airways and our partners. To enroll in Dividend Miles, go to http://www.usairways.com/ To earn even more miles, book E-Savers using your US Airways Dividend Miles Visa card. To apply for the Dividend Miles Visa card issued by Bank of America, please visit us at http://www.usairways.com/dmcreditcards Please note: Mileage bonus for booking online does not apply to E-Savers. ************************************************************ 5. E-SAVERS FARE REQUIREMENTS ************************************************************ - Restrictions: Seats are limited and are not available on all flights/days. Fares cannot be combined with other fares, discounts, promotions or coupons. Travel must begin and end in the same city. One-way travel, stopovers, waitlisting and standbys are not permitted. Tickets must be purchased at the time of reservation. Fares will not be honored retroactively or in conjunction with the exchange of any partially used ticket. - Travel: Depart Saturday, 12/14/02, and return Sunday, Monday or Tuesday, 12/15-12/17/02. - Taxes/Fees: Fares do not include a $3 federal excise tax which will be imposed on each flight segment of your itinerary. A flight segment is defined as a takeoff and a landing. Fares for Canada do not include total government-imposed taxes and fees of up to $70. Depending on the itinerary, passenger facility charges of up to $18 and the September 11th Security Fee of up to $10 may apply in addition to the fare. - Changes: Tickets become non-refundable 24 hours after making initial reservation, and may be changed prior to the departure of each flight segment for a minimum $100 fee. If changes are not made prior to the departure date/time of each flight, the entire remaining ticket will have no further value. - Miscellaneous: Lower fares may be available in these markets. Other conditions apply. ************************************************************ 6. SUBSCRIPTION INFORMATION ************************************************************ This is a post-only mailing sent to CYPHERPUNKS at ALGEBRA.COM. If you would like to change your e-mail address, you will need to unsubscribe and resubscribe at the E-Savers Enrollment page: http://www.usairways.com/promotions/esavers/enroll/index.htm To unsubscribe from this list, please click here: http://www.usairways.com/cgi-bin/delete.cgi?email=CYPHERPUNKS at ALGEBRA.COM To change your departure city preferences, please visit: http://www.usairways.com/promotions/esavers/enroll/index.htm Please do not respond to this message. Copyright US Airways 1996-2002. All rights reserved. From morlockelloi at yahoo.com Wed Dec 11 01:31:22 2002 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Wed, 11 Dec 2002 01:31:22 -0800 (PST) Subject: Anonymous blogging In-Reply-To: <3DF6466C.6435.7C610A9@localhost> Message-ID: <20021211093122.76118.qmail@web40610.mail.yahoo.com> > In a way, Mathew's and Choate's attack upon the list has done > us a favour. The list is now effectively restricted to those > with the will and ability to use filters, which raises the > required intelligence level. Does this vindicate homeopathy ? ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com From nobody at dizum.com Tue Dec 10 17:40:09 2002 From: nobody at dizum.com (Nomen Nescio) Date: Wed, 11 Dec 2002 02:40:09 +0100 (CET) Subject: Anonymous blogging Message-ID: I get a lot of compliments on my anonymous posts here. Thanks very much guys, keep those cards and letters coming. But cypherpunks isn't that great a forum for publishing ideas. Take a look at http://www.inet-one.com/cypherpunks/current/maillist.html to see the unfiltered list feed. Sure, no subscriber with half a clue actually sees it like this, but that's how it looks to the outside world. It's tough to find the nuggets of enlightenment buried amongst the crap. I'd like to start publishing a blog. But of course given the sensitivity of my position and the boldness of my arguments, it's important that there be strong anonymity protection. Does anyone have advice on how to get started with anonymous blogging? I have access to Windows, Linux and Mac systems, and I could go through anonymizer.com or some other service if necessary. Ideally I'd like to use one of the turnkey blog clients for ease of setup and use. Thanks for your suggestions. From mix at anon.lcs.mit.edu Tue Dec 10 19:20:03 2002 From: mix at anon.lcs.mit.edu (lcs Mixmaster Remailer) Date: 11 Dec 2002 03:20:03 -0000 Subject: 60 years to rights restoration Message-ID: <20021211032003.8577.qmail@nym.alias.net> This is the best explanation of the behavior of the Democratic Party I've ever seen. On Tue, 10 Dec 2002 20:01:37 -0500, you wrote: > > 1. Put a bunch of gorillas in a cage. > > 2. Put a nice stack of boxes in the cage. > > 3. Then, string a big bunch of bananas from the top of the cage > hanging within arm's reach from the top of the stack of boxes. > > (3a. Okay, put the gorillas in last, or you'll never get to steps 1 > and 2 :-).) > > > 4. When the first gorilla climbs to the top of the boxes to grab the > bananas, do something extremely unpleasant to all the gorillas, like, > say, deluging them with icy water from sprinklers at the top of the > cage, or something. > > Pretty soon, they stop climbing the boxes completely. > > 5. Then, replace the one gorilla. Watch the others physically > restrain him if he tries to go for the bananas. > > Repeat 5 until all the gorillas have been replaced. > > 6. The gorillas will physically assault anyone who climbs the > pyramid, and they won't know why. > > :-). From eresrch at eskimo.com Wed Dec 11 06:17:07 2002 From: eresrch at eskimo.com (Mike Rosing) Date: Wed, 11 Dec 2002 06:17:07 -0800 (PST) Subject: Anonymous blogging In-Reply-To: <20021211093122.76118.qmail@web40610.mail.yahoo.com> Message-ID: On Wed, 11 Dec 2002, Morlock Elloi wrote: > Does this vindicate homeopathy ? I thought the rules were you have to have a smily to signify a joke. But I guess on the net there are no rules :-) Patience, persistence, truth, Dr. mike From tcmay at got.net Wed Dec 11 08:43:09 2002 From: tcmay at got.net (Tim May) Date: Wed, 11 Dec 2002 08:43:09 -0800 Subject: Anonymous blogging In-Reply-To: <20021211093122.76118.qmail@web40610.mail.yahoo.com> Message-ID: On Wednesday, December 11, 2002, at 01:31 AM, Morlock Elloi wrote: >> In a way, Mathew's and Choate's attack upon the list has done >> us a favour. The list is now effectively restricted to those >> with the will and ability to use filters, which raises the >> required intelligence level. > > Does this vindicate homeopathy ? No, it vindicates the vaccination approach, the antigen-antibody approach. Or, more pedestrianly, simple learning. Those who learn to filter do so. Others drown. A central tenet of homeopathy is the bizarre and acausal notion that dilution of the agent by 100x, by 1000x, even by one billion times, makes no difference. "If there is just one atom of arsenic, maybe just one quarter of an atom, in this liquid, your body will learn to later tolerate arsenic!" --Tim May "That government is best which governs not at all." --Henry David Thoreau From ichudov at Algebra.COM Wed Dec 11 08:27:56 2002 From: ichudov at Algebra.COM (Igor Chudov) Date: Wed, 11 Dec 2002 10:27:56 -0600 Subject: Current status of CFS for linux? Message-ID: <20021211162756.GA5408@manifold.algebra.com> If you do not know what is CFS, do not bother... For years, I have been and still am a happy user of CFS. I have not paid any attention to its development. I am now concerned though whether it has become obsolete. I am creating nightly backups and backup the encrypted CFS tree. What I am concerned is, if my computer crashes, perhaps I will have difficulty restoring CFS data on other computers. I noticed that there is something called TCFS, which is derived from CFS. Is it binary compatible? That is, let's say my home computer dies and I have the backup CDRW. Can I take the encrypted tree to some computer running _TCFS_ and decode the tree? igor From schear at attbi.com Wed Dec 11 10:42:23 2002 From: schear at attbi.com (Steve Schear) Date: Wed, 11 Dec 2002 10:42:23 -0800 Subject: Son of ZKS? Message-ID: <5.1.0.14.2.20021211103801.0474cf58@mail.attbi.com> Tarzan is a peer-to-peer anonymous IP network layer. Many P2P systems try to implement anonymity at the application layer, instead of at a lower-level network layer. A robust free infrastructure which can anonymize any Internet traffic would benefit a wide array of existing protocols and current p2p systems, since the anonymous connection could seamlessly replace the current connection. Main designs goals of Tarzan, ordered by priority: 7 Application independence: Tarzan should provide the abstraction of an IP tunnel and perform transparently to user applications. 7 Anonymity against malicious nodes: Tarzan should ensure that colluding nodes cannot link a participating host as the sender (or recipient) of any message. 7 Fault-tolerance and availability: Tarzan should resist an adversary's attempts to overload the system or to block system entry or exit points. Tarzan should minimize the damage any one adversary can cause by running a few compromised machines. 7 Performance: Tarzan should maximize the performance of tunnel transmission, subject to our anonymity requirements. 7 Anonymity against a global eavesdropper: An adversary observing the entire network should be unable to determine which Tarzan relay initiates a particular message. http://www.pdos.lcs.mit.edu/tarzan/ From mv at cdc.gov Wed Dec 11 15:42:41 2002 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 11 Dec 2002 15:42:41 -0800 Subject: Gateway sells computing Message-ID: <3DF7CD71.D3D8A466@cdc.gov> http://www.washingtonpost.com/wp-dyn/articles/A32701-2002Dec9.html (This is what ProcessTree, etc. tried to do commercially, and SETI at home, distributed.net etc. do for fun. Gateway is selling its 14 Teraflops of floor-demo machines' performance.) From schear at attbi.com Wed Dec 11 18:25:33 2002 From: schear at attbi.com (Steve Schear) Date: Wed, 11 Dec 2002 18:25:33 -0800 Subject: Anonymous blogging and unlicensed medical advice. In-Reply-To: <5.1.1.6.2.20021211155638.02ccd210@idiom.com> References: <20021211093122.76118.qmail@web40610.mail.yahoo.com> Message-ID: <5.1.0.14.2.20021211180953.04720a08@mail.attbi.com> At 04:27 PM 12/11/2002 -0800, Bill Stewart wrote: >At 08:43 AM 12/11/2002 -0800, Tim May wrote: >>On Wednesday, December 11, 2002, at 01:31 AM, Morlock Elloi wrote: >> In particular, there's a flu medicine that >doesn't leave you feeling good, but takes you from feeling awful to >feeling not so hot, which is a major improvement, at the cost of a >small amount of ipecac in the pills. Speaking about over the counter, has anyone one the list tried Zicam cold remedy? I've used it twice and all my symptoms disappeared with a few hours. No cold! Available at druggists for <$10/spray bottle (2 bottles for <$13 at Costco). No need for universities and major drug companies to spend millions searching for what will turn out to be an expensive prescriptive. Its here and now and over the counter. steve From ccalder at directvinternet.com Wed Dec 11 21:00:27 2002 From: ccalder at directvinternet.com (Charly Calder Faux Furs) Date: Wed, 11 Dec 2002 21:00:27 -0800 Subject: Christmas Greetings! Message-ID: <41124-22002124125026933@directvinternet.com> Faux Chinchilla Faux Fox Manhattan Mink Midnight Mink Faux Fur Throw: Faux Fur Throws are ideal choice to make your living space more cozy, elegant or plain cool. Charly Calder throws come in a variety of best quality TISSAVEL Faux Furs (Black & Brown Mink, Sable, Red & Purple Fox, Wolf and more) Our exclusive offer only available at: www.charlycalder.com Forward this e-mail to a friend, and automatically enter to WIN! Happy Holidays! If you wish no longer to receive e-mail offers from us, send e-mail to ccalder at directvinternet.com, with subject line Remove. We apologize for the inconvenience. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3077 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: rektop.gif Type: image/gif Size: 5723 bytes Desc: rektop.gif URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: holidaygift.gif Type: image/gif Size: 9900 bytes Desc: holidaygift.gif URL: From dan at etoan.com Wed Dec 11 18:33:42 2002 From: dan at etoan.com (Dan Veeneman) Date: Wed, 11 Dec 2002 21:33:42 -0500 Subject: "Satellites to challenge Pentagon Spin" In-Reply-To: References: <1039639064.3df7a218aacfc@ns2.cscs.se> Message-ID: <5.1.0.14.0.20021211212918.039f6280@enigma> At 03:13 PM 12/11/02 -0800, you wrote: >Space war already exists. Laser blinding and buckets of >BB's will wipe out a satelite quite nicely. You're thinking too crudely. Imagine, if you will, being able to control the downlink content of such a spacecraft. Analogous to finding an eavesdropping device in your office. Much better to feed it false information than shut it off. >Making it >look like an accident is going to be harder, but I bet >that's coming too. Already been done, at least to comsats. Cheers, Dan From mv at cdc.gov Thu Dec 12 09:19:31 2002 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 12 Dec 2002 09:19:31 -0800 Subject: Libel lunacy -all laws apply fnord everywhere Message-ID: <3DF8C523.F7294BC8@cdc.gov> Quoth Steve: >Under this logic a retailer in one > country, selling a controversial book to someone in another country, could > involve publishers in yet a third country to litigation in the second > country. Bizarre. > > The real question is whether any judgement is enforceable. Depends if the Dow Jones CEOs ever go to Australia. Ask Mr. Skylarov about enforceability. Better yet, ask his wife or newborn. From ichudov at Algebra.COM Thu Dec 12 07:49:51 2002 From: ichudov at Algebra.COM (Igor Chudov) Date: Thu, 12 Dec 2002 09:49:51 -0600 Subject: Anonymous blogging In-Reply-To: <3DF6466C.6435.7C610A9@localhost> References: <3DF6466C.6435.7C610A9@localhost> Message-ID: <20021212154951.GA4506@manifold.algebra.com> algebra.com filters choate out completely. I also filter out a lot of spam using spamassassin and a bunch of other tools. igor On Tue, Dec 10, 2002 at 07:54:20PM -0800, James A. Donald wrote: > > -- > On 11 Dec 2002 at 2:40, Nomen Nescio wrote: > > But cypherpunks isn't that great a forum for publishing > > ideas. Take a look at > > http://www.inet-one.com/cypherpunks/current/maillist.html to > > see the unfiltered list feed. Sure, no subscriber with half > > a clue actually sees it like this, but that's how it looks to > > the outside world. > > In a way, Mathew's and Choate's attack upon the list has done > us a favour. The list is now effectively restricted to those > with the will and ability to use filters, which raises the > required intelligence level. > > For a while Mathew kept changing his email address, which led > me to consider hunting him down and remonstrating him in person > on my next visit to Australia, but now he holds it constant, so > he and Choate are only a problem for idiots. > > > --digsig > James A. Donald > 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG > 3zalEmgDfRHRR2dLaPYt11ySXtkp1DlrxQ7JjK3t > 4lTIAXG7p/FelDNPyrw1C62lPQej1gALsHiPdxIbJ From editor at beam.screaming.net Thu Dec 12 09:22:58 2002 From: editor at beam.screaming.net (London Morning) Date: Thu, 12 Dec 2002 17:22:58 -00 Subject: Art Bell nearing retirement Message-ID: <417-2200212412172258106@Vaio> Hello your email address was found at http://cypherpunks.venona.com/ this was during a search for readers that might be interested in a different kind of news, much in the way the Art Bell radio show has discussed in the past. I am the editor of The London Morning Paper and invite you to a free subscription. It is email based and is sent daily. It includes news from a different slant and that of contemporary press for comparison. May I send you a sample? James van Etten, Editor contact: AB at beam.screaming.net London, W14 0HD - United Kingdom 0044 207 603 5340 From GaryJeffers at aol.com Thu Dec 12 22:28:44 2002 From: GaryJeffers at aol.com (GaryJeffers at aol.com) Date: Fri, 13 Dec 2002 01:28:44 EST Subject: Anonymous blogging Message-ID: <147.50318a1.2b2ad81c@aol.com> My Fellow Cypherpunks, My defense against getting overwhelmed with Cypherpunks list mail is to use Guan Sin Ong 's excellent archieve: http://www.inet-one.com/cypherpunks . I find this easy and I don't have to delete tons of mail. Yours Truly, Gary Jeffers -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 433 bytes Desc: not available URL: From bill.stewart at pobox.com Fri Dec 13 02:43:22 2002 From: bill.stewart at pobox.com (Bill Stewart) Date: Fri, 13 Dec 2002 02:43:22 -0800 Subject: [MPUNKS] Cypherpunks December Mtg: HIGHFIRE Design Session In-Reply-To: References: Message-ID: <5.1.1.6.2.20021213023717.04e99138@idiom.com> At 05:21 AM 12/13/2002 +0000, Peter Fairbrother wrote: >Dave Del Torto wrote: > > > Resumes should be in plain > > ASCII text format with a PGP signature (detached sigs are OK) and on > > floppy disk or CD-R also containing a copy of the applicant's PGP > > public key. > >Fuck off. > >If you think that a PGP key is good enough, you don't know the threats you >are facing with GAK and the like. If you think a resume should be >required... >-- >Peter Fairbrother He didn't say you needed a resume to get into the meeting; he said you needed it if you wanted to apply for a job so they can show the people they're asking for grant money that they've got a bunch of highly qualified people that are interested in working on the project. If it's like most projects, the resume is largely separate from whether everybody knows whether you write great code quickly, but it can be a hook to remind them who's interested. Personally, I like resumes to be in hand-written well-styled HTML :-) From zenadsl6186 at zen.co.uk Thu Dec 12 22:43:53 2002 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Fri, 13 Dec 2002 06:43:53 +0000 Subject: Extradition, Snatching, and the Danger of Traveling to Other Countries In-Reply-To: Message-ID: Anonymous wrote: > On Thu, 12 Dec 2002 10:47:25 -0800, Tim May wrote: >> >> America used to disdain the secret trials, the Star Chamber proceedings so >> endemic in other parts of the world. Now we have them. >> >> We will reap what we sow. >> >> --Tim May > > Spot on. But what, if anything, do you think can be done to > reverse this slide to Red White and Blue Stalinism with good PR? > I trust you are not one of those who will prattle something like > "exercise your right to vote", or "write your > congressperson/MP", etc. In practical terms, in a surveillance > society, what can the regular person do to strike a blow in > opposition to the direct attack on the Constitution and civil > liberties and civil rights? > > Do we need a program to oppose the progrom? Dear America, Yes, It's hard, but here's how. First, you can make comms unreadable. There are well-known ways to do this. Second, you can make comms untraceable. Ways to do this exist, and better ones are being developed*. Third, you can make comms available to everyone - the 'net might help here. If you don't choose to use these methods, the consequences are up to you. But secure comms alone will only provide you with useful information, by themselves they aren't enough; you need to vote. Lots of you. Nothing else really matters. To "them", and you. -- Peter Fairbrother From schear at attbi.com Fri Dec 13 10:15:22 2002 From: schear at attbi.com (Steve Schear) Date: Fri, 13 Dec 2002 10:15:22 -0800 Subject: Gilmore's response In-Reply-To: <20021213174307.GB29493@lightship.internal.homeport.org> Message-ID: <5.1.0.14.2.20021213101006.04505510@mail.attbi.com> At 12:43 PM 12/13/2002 -0500, you wrote: >Gilmore's legal response to secret laws, etc. > >http://cryptome.org/gilmore-v-usa-god.htm I have a possible trip coming up soon. I intend to have my tickets purchased by a third party and fly under an assumed name (maybe Tyler Durden ;-) I will carry no ID on my person. Perhaps there is now a need to have large numbers of refusnik travelers assume the same "nom de avion" identity. Sort of like the Killroy in WW II. steve From eresrch at eskimo.com Fri Dec 13 11:18:53 2002 From: eresrch at eskimo.com (Mike Rosing) Date: Fri, 13 Dec 2002 11:18:53 -0800 (PST) Subject: Gilmore's response In-Reply-To: <20021213183812.GA30312@lightship.internal.homeport.org> Message-ID: On Fri, 13 Dec 2002, Adam Shostack wrote: > The response of the apparatchiks is to increase the penalties until > we're all cowed, like they did in the old war on drugs. As long as they are that successful, we don't have too much to worry about! Besides, the CIA ships more drugs into the US than all the other cartels combined. Hmmm... be an aparatchik and get all the drugs, guns and money you want, fight it and die in a torture chamber. Sounds like Iraq to me! And Columbia and Afghanistan and .... I think the problem is that the US governemnet is so used to dealing with totalitarian regiems it sets up all over the world that the bureaucrats figured they might as well set one up in the US too. Might work, for a while. Might be a good reason they hired Kisenger to burry the facts. Patience, persistence, truth, Dr. mike From ptrei at rsasecurity.com Fri Dec 13 08:44:28 2002 From: ptrei at rsasecurity.com (Trei, Peter) Date: Fri, 13 Dec 2002 11:44:28 -0500 Subject: Extradition, Snatching, and the Danger of Traveling to Other Countries Message-ID: Mike Rosing wrote: [...] > When we can't vote, we can fight. So far the number of horror > stories is small. But when everyone has a personal friend or > relative that's been shot, abused, tortured or even just roughed > up - then they'll know they might be next. And they might vote to change > things. So from a purely machivellian perspective, the faster > "they" become more repressive and the more people "they" harm, > the faster things will change. > > We just have a few years of hell to go thru, that's all. > > Patience, persistence, truth, > For the Russians, 'a few' was over 70. I hope for a non-violent restoration - this sort of thing could give the Libertarian Party legs, if they handled it right. Peter Trei From adam at homeport.org Fri Dec 13 09:43:07 2002 From: adam at homeport.org (Adam Shostack) Date: Fri, 13 Dec 2002 12:43:07 -0500 Subject: Gilmore's response Message-ID: <20021213174307.GB29493@lightship.internal.homeport.org> Gilmore's legal response to secret laws, etc. http://cryptome.org/gilmore-v-usa-god.htm -- "It is seldom that liberty of any kind is lost all at once." -Hume From mv at cdc.gov Fri Dec 13 12:47:04 2002 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 13 Dec 2002 12:47:04 -0800 Subject: Gilmore's response Message-ID: <3DFA4748.D2935311@cdc.gov> > From: Steve Schear > I have a possible trip coming up soon. I intend to have my tickets > purchased by a third party and fly under an assumed name (maybe Tyler > Durden ;-) I will carry no ID on my person. Perhaps there is now a need to > have large numbers of refusnik travelers assume the same "nom de avion" > identity. Sort of like the Killroy in WW II. Dare you to do this with your Groucho glasses on :-) From eugen at leitl.org Fri Dec 13 04:51:57 2002 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 13 Dec 2002 13:51:57 +0100 (CET) Subject: XSS flaw found at "https://www.e-gold.com" (fwd) Message-ID: ---------- Forwarded message ---------- Date: 10 Dec 2002 12:50:03 -0000 From: Liu Die Yu To: bugtraq at securityfocus.com Subject: XSS flaw found at "https://www.e-gold.com" i know bugtraq doesn't accept vulnerability on one site, but the following info is important; please suggest a forum for me to post. ----=======------ XSSatEGOLD-Content-Tech XSS flaw found at "https://www.e-gold.com" technically, it's nothing new. XSS at E-gold is very dangerous. E-gold is one of the most popular way to do international business. and unlike credit card system, e-gold sent, it never comes back. there is no refund policy. so stealing passphrase means stealing real gold. it's important, so i take it seriously. [tested] browser:MSIEv6 time:2002/12/10 UTC+800 [demo] at http://www16.brinkster.com/liudieyu/XSSatEGOLD/XSSatEGOLD-MyPage.htm or http://clik.to/liudieyu ==>XSSatEGOLD or [CODE.URL START] https://www.e-gold.com/acct/historycsv.asp? initial=1xxxx"><SCRIPT>s="You_can_NOT_trust_this_page_if_you_got_if_from_a_ link.____by_LiuDieYu_http://clik.to/liudieyu";w=window.open("https://www.e- gold.com/acct/login.html");setTimeout("w.document.write (s)",150);</SCRIPT>&startmonth=12&startday=4&startyear=1996&endmonth=12&end day=4&endyear=2003&paymentsreceived=1&oldsort=tstamp&page=1 [CODE.URL END] [exp] technically, there is only one thing important for XSS attackers: some CGI can only be found when you are logged in, but they can be reached even if you are not logged in. of course, the module dealing with logged-in users is different from the one dealing with un-logged-in users. so, you have to test in both situations to ensure it's not XSS vulnerable. [contact] http://clik.to/liudieyu ==> "how to contact liu die yu" section [BTW] this flaw can be found easily with FASX at http://clik.to/fasx From landon at fyyff.com Fri Dec 13 15:54:56 2002 From: landon at fyyff.com (Landon Dyer) Date: Fri, 13 Dec 2002 15:54:56 -0800 Subject: Extradition, Snatching, and the Danger of Traveling to Other Countries In-Reply-To: <3DFA21C0.2E663799@cdc.gov> Message-ID: <5.2.0.9.2.20021213155017.0133fc28@130.94.185.39> At 10:06 AM 12/13/2002 -0800, Major Variola (ret) wrote: >See Gilmore's proposal. Consider the meaning of >reverse-panopticon. Find federal employees >and let them know "we're watching you" but don't >identify "we". Publish public info. Do this >for executives in firms that pander to the Evil. >Not just e.g., Ellison ---there are more next-level-down >underlings who might just live in your neighborhood. > >Anyone got ideas for a "neighborhood watch" type >sticker which expresses the reverse-panopticon >visually? sure, I took a stab at this. i'm not much of an artist, but what the heck: http://fyyff.com/images/binocSmall.jpg http://fyyff.com/images/binocCounted.jpg (after a gary larson _far side_ cartoon that also used binoculars...) -landon [re-lurking] From sfurlong at acmenet.net Fri Dec 13 13:38:47 2002 From: sfurlong at acmenet.net (Steve Furlong) Date: Fri, 13 Dec 2002 16:38:47 -0500 Subject: Extradition, Snatching, and the Danger of Traveling to Other Countries In-Reply-To: References: Message-ID: <200212131638.47898.sfurlong@acmenet.net> On Friday 13 December 2002 11:44, Trei, Peter wrote: > ... this sort > of thing could give the Libertarian Party legs, > if they handled it right. Hahahahahahaha -- Steve Furlong Computer Condottiere Have GNU, Will Travel You don't expect governments to obey the law because of some higher moral development. You expect them to obey the law because they know that if they don't, those who aren't shot will be hanged. --Michael Shirley From iang at systemics.com Tue Dec 17 09:34:47 2002 From: iang at systemics.com (Ian Grigg) Date: Tue, 17 Dec 2002 12:34:47 -0500 Subject: Obituary - Gary Howland - 197? - 2002 Message-ID: Obituary - Gary Howland - 197? - 2002 I first met Gary in 1990. I was the team leader for a big telecoms project and he was one of the 1000 CVs that crossed my desk that summer. Of those 1000, I interviewed about 50, and we ended up with a technical team of 20. Most were contractors from the huge pool of British labour, but from my jaundiced view, only 4 on our team rated as contractors. Gary was one of those 4. He was only just out of college, the polytechnic at Brighton. But his CV included all that splattering of Unix acronyms that made you feel that here was a kindred spirit, one who learnt in spite of the academic environment. We shared that time together, the vast tense year at ICL where we all made too much money and lived like there was no impending recession. Hard coding, hard driving; Gary in his girlfriend's 924 was as fast as I was, at track day with the Porsche club, in my 928. He was fast with the code, too, when a fire could be lighted under him. He once replaced a 3 month project in 3 days. For the most part he was slow and careful, thoughtful, complete and perenially late. But when a deadline hit, he could fly. He was the only person I could trust the sys admin role to, and he was the lowest paid contractor in the building. Fast forward to 1995. I'd had my Spanish adventure, Gary had done his contracting stint in Germany, where he met his long term girlfriend, Inka. He'd hooked up with a new outfit in Amsterdam, some crazy guys doing money on the net, called DigiCash. Gary fed me the papers and fed me the story. Using cryptography, David Chaum had invented a way to solve the privacy problem so that coins could be simulated on the net. As I sat in finance classes in London, I realised that bonds were just a more broad definition of money. We agreed that there was more to this than the guys at DigiCash had thought about, so we agreed to try out our hand at the finance area. Gary was one of the first true financial cryptographers. He intuitively knew that DigiCash would fail. Not because of their software, which was good, but because their business was misdirected. He also knew that the bearer idea wouldn't survive. Not because it wasn't beautiful - it was the most extraordinary discovery in the last decade - but because it didn't solve the bank robbery problem. He was a superlative cryptoplumber, but he understood intimately how the real action was in determining the business requirements without being blinded by the science. Our early plans, hatched over email, assumed we could license DigiCash's software, but that was scotched pretty quickly. So, Gary took on the task of designing a payment system for our venture. It wasn't easy. We had to address the bank robbery problem, and we had to retain the privacy. Those goals were eventually to coalesce as contradictions, and the way he walked the line became known as SOX. I believe SOX is Gary's legacy to the world. It is capabilities for the Internet. It is strong crypto, and it is private. It is extensible, it is flexible, and reliable. I mean, reliable in a deterministic way: we can guarantee correct results over SOX transactions that can only be imagined in other protocols. It technically dominated the bearer model, in a way that only a few could grasp. It was also a computer science solution, a value that only came to be fully appreciated when we found how trivial it was to add David Chaum's bearer tokens to SOX. Gary, Mike and I, built the SOX protocol into Ricardo, a complete payment system that operated as the settlement and transfer layers for financial trading. We ran bonds, trading them at night so that all our bond holders around the world had a chance to access the market. At 9.15 pm every night, Gary's 100MHz desktop blared out the theme song for the James Bond movies, to announce the start of trading; his workstation was also our one and only Issuance server, as well as the Exchange. While they were at it, they wrote Cryptix. Gary did the Perl code for all our needs, and supervised Mike on the first version of the Java native interfaces, all to Gary's design and core library in C. When we published Cryptix as complete open source crypto for Java and Perl, it was the first and only crypto available for Java, then, an emerging language. Our decision to put out the Java cryptography libraries, later rewritten by Gary to be pure Java, set the scene for all Java crypto. It was critical in forcing Sun to write a crypto API that was relatively open, even though they were under tremendous pressure from the US government. In a silent, secret and private war, Gary fought against the behemoth known to us all as "the TLAs" in their bid to control the worldwide flow of information over our Internet. When the Clinton administration capitulated in early 2000, it was because of Gary Howland and other fellow spirits - the authors of Crypto++, SSLeay, and all of the Cryptix programmers to follow in his footsteps. Their committment to always keep the art of cryptography an accessible, open tool for the people survives Gary. We will always publish free crypto as long as we remain free programmers, and a free people. Like so many of the dotcom dreams to come, our trading adventure ran out of cash, and we took pause. We split, we both went back to contracting, and we paid off our debts. He and Inka lived for a while on the island of Anguilla. There, the Financial Cryptography conference had employed him in '97 and '98 to teach the art of payment systems at "boot camp". Gary worked with Vince Cate's SAXAS for a while, and when I caught up with him over a Grolsch in an Amsterdam bar, we laughed as he told me how he had spent most of the time trying to inject SOX ideas into SAXAS. We had great visions of Anguilla being the financial cryptography centre of the universe; at one stage, there were over 10 people working there on various projects, but, like many things, the dream faded as the field failed to take off, and frustration with the local bureaucracy scared too many people away. Gary died last week of a heroin overdose in a friend's London appartment. He'd been on it for a long time, but was well used to keeping the secret. I only learnt of his affliction well after we had split up. I often wondered whether I'd change my mind about drugs when someone close was killed. Maybe I'd go rabid and insist on all those bastards being killed or incarcerated without trial, as seemed to be the response of others. Maybe I'd sign on for a term of service with the War on Drugs. (These days, it would be Homeland Defence, licensed to hack.) On reflection, I can only say that Gary's death underscores futility of the War on Drugs. The developments in Europe, Australia, and now some states in the US, as country after country seeks to decriminalise drugs, remain our only hope of a civilised response to the health problem that is addiction. If Gary had lived in a society that hadn't forced the dirty secret on him, he might have got the support and community that would have helped him. I don't know that I could have done anything there, but maybe someone else could have. Financial cryptographers don't die, they just cease to be atomic. Wherever he is, Gary would have laughed to know that his work will be the subject of scrutiny by the TLAs, once again. This time, from the other side; in the same week that Gary died, we filed all forms imaginable - four boxes-worth carried by hand in through the doors of the SEC headquarters in Washington, D.C. - to start a new financial system in the USA. Using Gary's SOX, of course. -- iang --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From rah at shipwright.com Tue Dec 17 11:40:24 2002 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 17 Dec 2002 14:40:24 -0500 Subject: Obituary - Gary Howland - 197? - 2002 Message-ID: --- begin forwarded text From levitte at openssl.org Tue Dec 17 07:37:20 2002 From: levitte at openssl.org (Richard Levitte - VMS Whacker) Date: Tue, 17 Dec 2002 16:37:20 +0100 (CET) Subject: [ANNOUNCE] OpenSSL 0.9.7 beta 6 released Message-ID: <20021217.163720.116347925.levitte@openssl.org> The sixth beta release of OpenSSL 0.9.7 is now available from the OpenSSL FTP site . This beta contains just a few fixes since beta 5. This is assumed to be the final beta. The final release of OpenSSL 0.9.7 has been rescheduled for somewhere between Friday 2002-12-27 to Monday 2002-12-30, mostly because of all the holidays around that time. To make sure that it will work correctly, please test beta 6 thoroughly, for example with your favorite piece of software, and please report back to us! Also, please test on as many platforms as you have available and you have time for, especially on less common platforms. If you're interested in helping further, please join the openssl-dev at openssl.org list, where test requests on specific development snapshots will be announced. Changes between 0.9.7 beta 5 and 0.9.7 beta 6 include: o Solaris shared library fixes. o Support for new platforms: Linux 64-bit on Sparc v9 o Now only builds PIC code when shared library support is requested. o Makes symbolic links to or copies of manuals to cover all described functions. o Dynamic lock bugfixes. o Correct DES header protection macros for better backward compatibility. The full set of changes between 0.9.6{x} and 0.9.7 beta 5 include: o New library section OCSP. o Complete rewrite of ASN1 code. o CRL checking in verify code and openssl utility. o Extension copying in 'ca' utility. o Flexible display options in 'ca' utility. o Provisional support for international characters with UTF8. o Support for external crypto devices ('engine') is no longer a separate distribution. o New elliptic curve library section. o New AES (Rijndael) library section. o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit, Linux x86_64, Linux 64-bit on Sparc v9 o Extended support for some platforms: VxWorks o Enhanced support for shared libraries. o Now only builds PIC code when shared library support is requested. o Support for pkg-config. o Lots of new manuals. o Makes symbolic links to or copies of manuals to cover all described functions. o Change DES API to clean up the namespace (some applications link also against libdes providing similar functions having the same name). Provide macros for backward compatibility (will be removed in the future). o Unify handling of cryptographic algorithms (software and engine) to be available via EVP routines for asymmetric and symmetric ciphers. o NCONF: new configuration handling routines. o Change API to use more 'const' modifiers to improve error checking and help optimizers. o Finally remove references to RSAref. o Reworked parts of the BIGNUM code. o Support for new engines: Broadcom ubsec, Accelerated Encryption Processing, IBM 4758. o A few new engines added in the demos area. o Extended and corrected OID (object identifier) table. o PRNG: query at more locations for a random device, automatic query for EGD style random sources at several locations. o SSL/TLS: allow optional cipher choice according to server's preference. o SSL/TLS: allow server to explicitly set new session ids. o SSL/TLS: support Kerberos cipher suites (RFC2712). Only supports MIT Kerberos for now. o SSL/TLS: allow more precise control of renegotiations and sessions. o SSL/TLS: add callback to retrieve SSL/TLS messages. o SSL/TLS: support AES cipher suites (RFC3268). The distribution file name is: o openssl-0.9.7-beta6.tar.gz MD5 checksum: 8877ea9643e4d6ac18476bc63015c450 The checksum was calculated using the following commands: openssl md5 < openssl-0.9.7-beta5.tar.gz --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From mv at cdc.gov Fri Dec 20 14:04:49 2002 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 20 Dec 2002 14:04:49 -0800 Subject: Bruce Schneier hullabaloo Message-ID: <3E039401.C9F98BC4@cdc.gov> At 01:43 PM 12/20/02 -0800, Mike Rosing wrote: > I >don't see Nero as that much different than W, other than W's >mom isn't gonna get offed like Nero's was. She's smarter than >her son is :-) Not necessarily. Nero's mom didn't have SS agents watching her and PaBush for life. -- "Intended only for lawful uses." -HP Computer Advert From jamesd at echeque.com Sat Dec 21 09:07:39 2002 From: jamesd at echeque.com (James A. Donald) Date: Sat, 21 Dec 2002 09:07:39 -0800 Subject: CRYPTO-GRAM, December 15, 2002 In-Reply-To: <3E03B550.3040500@adelphia.net> Message-ID: <3E042F5B.16881.3E794EA@localhost> -- On 20 Dec 2002 at 19:26, William Warren wrote: > voting keeps you free..voting is our way of controlling and > shaping the government. No matter who you vote for, a politician always gets elected. > Those who do not exercise this duty do not deserve to > complain about what goes on. By voting, you give the appearance of consent to what the government does to you. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG xmBBW56MrvFmh7U6fPSMDbyYqa+PTDPhTlRLmwmD 4cHSTvSFFo32sjmnBGPqe0vLtp3CfQhXyVLccQaXm From njohnsn at IowaTelecom.net Sat Dec 21 13:05:34 2002 From: njohnsn at IowaTelecom.net (Neil Johnson) Date: Sat, 21 Dec 2002 15:05:34 -0600 Subject: Bruce Schneier Hullabaloo In-Reply-To: <954915c2c4e72b4427c85b302b2dee19@ecn.org> References: <954915c2c4e72b4427c85b302b2dee19@ecn.org> Message-ID: <200212211505.35041.njohnsn@iowatelecom.net> On Saturday 21 December 2002 08:45 am, Anonymous wrote: > > The high ranking for power concentration you implicity give to > transnationals is undeserved and you are fearful of the wrong > threat. The humblest meter maid can commence a process against > you with consequences far greater than those that can be > directed your way by the CEO of the most loathsome transnational > company. That meter maid can write you a ticket. If unpaid, you > will be fined. If unpaid again, your property will be seized. If > you resist having your property seized, you will be beaten. If > you resist being beaten, you will be shot until dead. > > Your most dreaded CEO can only dream for the power of a meter > maid. > Uhhhh, how about. 1. Big multi-national corporation buys off politicians to pass laws to protect their business model (DMCA anyone ?) 2. Gets meter maid to enforce said law. 3. See above. Ahhh, I see. Let's just get rid of the middle-man (government) and then the corps can take take of enforcement directly (pirate a song, get whacked). Much more efficient I would guess. -- Neil Johnson PGP key available on request. From eugen at leitl.org Sat Dec 21 10:07:32 2002 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 21 Dec 2002 19:07:32 +0100 (CET) Subject: Policing Bioterror Research Message-ID: http://sciencenow.sciencemag.org/cgi/content/full/2002/1217/1 Policing Bioterror Research One of science's hottest fields is now becoming one of its most heavily regulated, too. The U.S. government last week unveiled sweeping new bioterror research regulations that will require 20,000 scientists at nearly 1000 laboratories to beef up security--or face hefty fines and jail sentences. The interim rules, due to go into effect early next year, could also force scientists to get prior approval for a growing list of sensitive experiments. Select experts. CDC's Larry Sparks (right) and other government officials answer questions about the new rules. CREDIT: D. MALAKOFF/SCIENCE The 13 December announcements in the Federal Register, which ran nearly 50 pages, are a response to the 2001 anthrax letter attacks. Alarmed by reports of weak security in labs that study deadly viruses, bacteria, and other potential bioweapons, Congress this summer passed a bioterror bill that called for stricter controls on dozens of "select agents" that could imperil people, farm animals, and crops (Science, 31 May, p. 1585). The new rules, issued by the Centers for Disease Control and Prevention (CDC) in Atlanta, in conjunction with the U.S. Department of Agriculture (USDA), mete out responsibilities among universities, private companies, and government laboratories. All must agree to unannounced inspections. Labs that handle any of nearly 100 select agents must register with the government, submit detailed physical security and training plans, and provide the names--and probably fingerprints--of all workers for background checks. Moreover, prior approval from the Department of Health and Human Services will be needed for experiments that might make a select agent more toxic or more resistant to known drugs, as well as similar studies that could be added to a restricted list. Some researchers think the list is a good idea. Biochemist Richard Ebright of Rutgers University in Piscataway, New Jersey, says it should include experiments that could lead to better methods for making or spreading bioweapons. "It's common sense that such work get stricter scrutiny," he says. But Ron Atlas, a bioterrorism expert at the University of Louisville in Kentucky and president of the American Society for Microbiology, says he's "not sure the government should start proscribing experiments . and locking rules into regulations" which can be difficult to adjust, he says. He'd rather have the government issue less legalistic guidelines, which better evolve with the times. --DAVID MALAKOFF Related sites CDC and USDA rules http://www.asm.org/ CDC select agent FAQ http://www.cdc.gov/od/sap/docs/faq.pdf FAQ for New Select Agent Regulation (42 CFR 73) General Questions Concerning Select Biological and Toxins 1. What is the Public Health Security and Bioterrorism Preparedness and Response Act of 2002 and how do I find a copy? On June 12, 2002, President Bush signed the .Public Health Security and Bioterrorism Preparedness Response Act of 2002. (Public Law 107-188). The law is designed to improve the ability of the United States to prevent, prepare for, and respond to bioterrorism and other public health emergencies. Section 202(a) of the Law requires that all persons possessing biological agents or toxins deemed a threat to public health to notify the Secretary, Department of Health and Human Services (HHS). Section 213(b) of Law requires all persons possessing biological agents or toxins deemed a threat to animal or plant health and to animal or plant products notify the Secretary, United States Department of Agriculture (USDA). The Law also requires that both Secretaries be notified when a person possesses agents that appear on both the HHS and the USDA list of agents and toxins. These agents and toxins have been designated HHS/USDA overlap agents. The Centers for Disease Control and Prevention (CDC) has been designated as the HHS agency responsible for providing guidance on this notification. The Animal and Plant Health Inspection Service (APHIS) has been designated as the USDA agency responsible for providing guidance on this notification. For more information on the Public Health Security and Bioterrorism Preparedness and Response Act of 2002 (Public Law 107-188) see: http://www.cdc.gov/od/sap/bioterro.htm Subsequent to the enactment of Public Law 107-188, requirements for facilities or entities that possess, use, or transfer select agents and toxins have been published by HHS (42 CFR 73; December 13, 2002) and by USDA (9 CFR 121 and 7 CFR 331; December 13, 2002). 2. What is the USA PATRIOT Act and how does it relate to the new select agent regulation? Where can I find a copy? The USA PATRIOT Act is a law signed by President Bush on October 26, 2001, that places restrictions on persons who possess select agents and provides criminal penalties for possession of such agents that cannot be justified for specified peaceful purposes. More information on the PATRIOT Act can be found at: http://www.cdc.gov/od/sap/patriot.htm 3. What is a select agent or toxin (.select agent.)? What is a High Consequence Pathogen and Toxin? How do they differ? The original list of select agents was published in Appendix A of 42 CFR Part 72.6 (.Additional Requirements for Facilities Transferring or Receiving Select Agents,. October 24, 1996). The list included approximately 40 viruses, bacteria, rickettsiae, fungi, and toxins that CDC considers New Select Agent Regulation FAQ Page 1 of 13 to have potential to pose substantial harm to human health. The list of select agents in 42 CFR 72.6 is available at: http://www.cdc.gov/od/sap/42cfr72.htm. Under that regulation, laboratories were to register with CDC prior to transfer of select agents. The regulation and additional information may be found at: http://www.cdc.gov/od/sap/42cfr72.htm. A listing of HHS select agents and toxins in the new select agent regulation (42 CFR 73) is available at http://www.cdc.gov/od/sap. High Consequence Livestock Pathogens and Toxins are agents that the USDA considers to have the potential to pose a severe threat to animal or plant health, or to animal or plant products. A list of the agents may be found at: http://www.aphis.usda.gov/vs/ncie/bta.html. Agents that appear on both the HHS and USDA list of agents and toxins are referred to as .Overlap Agents.. The list of overlap agents is available at: http://www.cdc.gov/od/sap or http://www.aphis.usda.gov/vs/ncie. The plant pathogens listed by USDA have been deemed a threat to plant health or products. The list of plant agents and toxins is available at http://www.aphis.usda.gov/ppq/permits. 4. Why do I need to register with HHS and USDA for select agents that I may possess or use? Agents identified under the HHS and USDA lists of biological select agents and toxins or USDA.s list of High Consequence Livestock Pathogens and Toxins have been deemed a potential threat to human, animal, or plant health or animal or plant products. The registration of facilities possessing and using these agents or toxins is part of the government.s efforts to improve the ability of the United States to prevent, prepare for, and respond to bioterrorism and other public health emergencies and is required under the Public Health Security and Bioterrorism Preparedness and Response Act of 2002. Reporting Possession of Select Agents 1. What is the difference between notification and registration? Under the new Public Health Security and Bioterrorism Preparedness Act, all facilities that possessed an HHS select agent or toxin, or a USDA .High Consequence Livestock Pathogens and Toxins. were required to notify HHS by September 10, 2002 and/or USDA by October 11, 2002. This was a one-time notification process. The specific requirements for reporting were published in a Federal Register Notice on July 12, 2002. The notification period has passed. The current HHS Select Agent Program requires facilities to register with CDC if they transferred or received a select agent listed in Appendix A of Title 42 CFR Part 72. The current registration process also requires submission of an application that certifies that the facility is in compliance with specific safety and security standards set forth in the regulation. More information is available at http://www.cdc.gov/od/sap. New Select Agent Regulation FAQ Page 2 of 13 The Public Health Security and Bioterrorism Preparedness and Response Act of 2002, required both HHS and USDA to publish an interim final rule in the Federal Register that will describe the new regulations and registration processes for both agencies. 2. Can I still notify HHS and USDA that I possess select agents? If you have questions or concerns regarding this activity, please call 404-498-2250. General Questions Regarding the New Select Agent Regulation (42 CFR 73) 1. Where can I find a copy of the interim final rule? The regulation published by HHS concerning HHS and HHS/USDA overlap select agents and toxins (42 CFR 73, December 13, 2002) is available at: http://www.cdc.gov/od/sap. The regulations published by CDC/APHIS for HHS/USDA overlap and USDA high consequence livestock and pathogens and for listed plant agents (9 CFR 121 and 7 CFR 331, December 13, 2002) are available at: http://www.aphis.usda.gov. 2. Where do I submit comments on the Interim Final Rule (42 CFR 73)? Written comments pertaining to the Interim Final Rule should be sent to: Minh Thomas, Centers for Disease Control and Prevention, Select Agent Program, 1600 Clifton Road, MS E-79, Atlanta, Georgia 30333 within 60 days of the publication of the Federal Register notice. The last date for comments is February 7, 2003. 3. How was the select agent list determined? CDC prepared the select agent list for 42 CFR 73 after receiving extensive input from scientists representing 21 Federal government entities. The proposed list was published in the Federal Register for public comment on August 23, 2002. The HHS Secretary considered the following criteria for establishing the list as directed in 42 U.S.C. 262a (a)(1)(B): . The effect on human health of exposure to the agent or toxin; . The degree of contagiousness of the agent or toxin and the methods by which the agent or toxin is transferred to humans; . The availability and effectiveness of pharmacotherapies and immunizations to treat and prevent any illness resulting from infection by the agent or toxin. 4. What is an entity? An entity is any government agency (Federal, State, or local), academic institution, corporation, company, partnership, society, association, firm, sole proprietorship, or other legal entity. 5. Who is affected by the new select agent regulation? New Select Agent Regulation FAQ Page 3 of 13 The new select agent regulation (42 CFR 73) requires that entities possessing biological agents that are listed as select agents must register with CDC and/or APHIS and demonstrate compliance with specific safety and security standards for handling these agents. Any entity that possesses the select agents and toxins listed in 42 CFR 73, unless specifically exempted, are affected by the regulation. The exclusions and exemptions are discussed in questions 6 , 7 and 8 below. 6. What changes will affect CLIA labs? Does 42 CFR 73.6(a)(1) automatically include and replace the previous CLIA exemption? Any diagnostic or CLIA lab that does diagnostic testing, verification or proficiency testing is exempt from the regulation. The laboratory director must notify HHS immediately upon identifying specific select agents; the entity must transfer the agents to a registered facility or destroy them (unless directed otherwise by law enforcement or HHS) within 7 calendar days of identification of the select agent. See number 7 and 8, below. NOTE: Retention of any select agent as a positive control or reference sample is no longer exempt for any reason. 7. Who is exempt from the new select agent regulation? An entity may be exempt from the provisions of the regulation, if: . The only activities that an entity conducts concerning select agents are processing diagnostic, verification or proficiency specimens or isolates (see ' 73.6 for details on additional requirements for these laboratories. Also see number 8, below). . The entity has select agents or toxins that are cleared, approved, licensed, or registered under any of the laws specified in the regulation, and are used only for the approved purpose of such laws. . The entity applies to CDC and/or APHIS as appropriate for an exemption for select agents or toxins that are an investigational product authorized under a Federal Act listed in the regulation. . An exemption is granted by CDC and/or APHIS due to a public health or agricultural emergency. 8. Our entity has been exempt since we are a diagnostic/clinical laboratory. What are we required to do under 42 CFR 73? . Even if exempt, the entity must immediately report to CDC (telephone: 404-498-2255, facsimile: 404-498-2265, or to lrsat at cdc.gov ) the identification of the following select agents: Variola major virus (Smallpox virus) and Variola minor (Alastrim), Bacillus anthracis, Yersinia pestis, Botulinum neurotoxins, Francisella tularensis, Ebola viruses, Marburg virus, Lassa fever virus, and South American Haemorrhagic Fever viruses (Junin, Machupo, Sabia, Flexal, Guanarito). . The entity reports as required under Federal, State, or local law, to appropriate authorities. New Select Agent Regulation FAQ Page 4 of 13 . After diagnosis, verification or proficiency testing, the entity either transfers the specimens or isolates to a registered facility or destroys them on-site by an appropriate method. . Select agents used for diagnosis, verification or proficiency testing are transferred or destroyed within 7 days after identification, unless directed otherwise by the FBI or other law enforcement agency after consultation with the HHS Secretary. . Select agents used for proficiency testing are transferred or destroyed within 90 days after receipt. . The entity makes a written record of the identification and transfer or destruction on CDC Form 0.1318, submits the form to the HHS Secretary (within 7 days after identification or 90 days after receipt for proficiency testing). . The entity maintains a copy of the record for a period of three years. 9. Under what conditions is an entity excluded from the new select agent regulation (42 CFR 73)? The following are excluded from the regulation: . Select agents or toxins that are in their naturally occurring environment, provided that it has not been intentionally introduced, cultivated, collected, or otherwise extracted from its natural source. . Non-viable select agent organisms or nonfunctional toxins. . The vaccine strain of Junin virus (Candid #1). . It is possible under the new rule to apply for exclusion for any attenuated agent or toxin using an appropriate form obtainable from CDC. Exclusions for specific strains may be granted if the attenuated strain is determined not to pose a significant public health or safety threat. Exclusions will be published in the notice section of the Federal Register and will be listed on the CDC website at http://www.cdc.gov/od/sap. . Exclusions for entities with specific quantities of toxins under the control of a principal investigator at a given time are also detailed in the regulation (see number 10, below). 10. What specific changes in the list of agents take effect in the new regulation when compared to the agents and toxins listed in 42 CFR 72.6? (For USDA only agents see: http://www.aphis.usda.gov/vs/ncie.) . Two agents (viruses causing Hantavirus pulmonary syndrome and yellow fever virus) have been removed from the list. One toxin (aflatoxin) was removed from the list previously published in 42 CFR 72.6. . Several agents have been added to the list of HHS agents, including Cercopithecine herpes virus 1 (Herpes B virus), Monkeypox virus, Coccidioides posadasii, and Shigalike ribosome inactivating proteins. . Nomenclature changes are as follows: Equine Morbillivirus Virus has been renamed to Nipah and Hendra Complex viruses; Clostridium botulinum was updated to include botulinum neurotoxin producing species New Select Agent Regulation FAQ Page 5 of 13 of Clostridium. Tick borne encephalitis complex (flavi) viruses are now specified by individual name (Central European Tick-Borne encephalitis (CTBE); Far Eastern Tickborne encephalitis (including Russian Spring and Summer encephalitis (RSSE), Kyasanur Forest disease, and Omsk hemorrhagic fever). The listing of Variola minor virus (Alastrim) is added to Variola major (smallpox) virus. Toxins are regulated based on potency and quantity (as opposed to potency only or LD50 values as in 42 CFR 72.6). Entities that do not at any time have more than the following aggregate amounts (in the purified form or in combinations of pure and impure forms) under the control of a principal investigator are excluded from requirements of the regulation: Abrin 100 mg Botulinum neurotoxin 0.5 mg Clostridium perfringens epsilon toxin 100 mg Conotoxins 100 mg Diacetoxyscirpenol 1000 mg Ricin 100 mg Saxitoxin 100 mg Shiga-like ribosome inactivating proteins 100 mg Shigatoxin 100 mg Staphylococcal enterotoxin 5 mg Tetrodotoxin 100 mg T-2 1,000 mg 11. Who must register? Any entity that possesses, uses, or will receive or transfer any select agent or toxin to or from entities within the US or outside the US are subject to 42 CFR 73. 12. Where can I obtain an application? In the near future (after February 1, 2003), an application will be available from the Select Agent Program website at www.cdc.gov/od/sap or by directly contacting our office via phone at 404- 498-2255 or facsimile 404-498-2265. 13. What are the duties of the Responsible Official (RO)? The RO is responsible for ensuring compliance with the regulations including: . Developing and implementing safety, security and emergency response plans; . Allowing only approved individuals to have access to select agents or toxins. . Providing appropriate training for safety, security, and emergency response. . Transferring select agents or toxins. . Providing timely notice of any theft, loss or release of a select agent or toxin. . Maintaining detailed records of information necessary to give a complete accounting of all activities related to select agents or toxins. New Select Agent Regulation FAQ Page 6 of 13 . Reporting the identification of a select agent or toxin as a result of diagnosis, verification or proficiency testing. CDC recommends that the RO and alternate RO are biosafety officers or senior management officials of the entity/facility, or both. Although we understand that some entities have limited staff, we recommend that the RO not be an individual actually using, working with, or transferring or receiving the select agents and toxins to minimize potential conflicts of interest. 14. What is the responsibility of the alternate RO? The alternate RO must meet all the qualifications for the RO and must be able to conduct all the activities of the RO (listed above) in the absence of the RO. 15. What agency should the application be submitted to? The agency that the Responsible Official (RO) should contact is determined by the type of select biological agent or toxin that is possessed. . For HHS agents, the RO should contact CDC (telephone: 404-498-2255; facsimile 404- 498-2265). . For USDA agents (animal agents and toxins), the RO should contact APHIS (telephone: 301-734-3277; facsimile: 301-734-3652). . For HHS/USDA overlap agents, the RO may contact either APHIS or the CDC. . For plant agents and toxins the RO should contact APHIS (telephone: 301-734-5519; facsimile: 301-734-8700). . A listing of HHS select biological agents and toxins is available at http://www.cdc.gov/od/sap. . A listing of USDA animal agents and toxins is available at http://www.aphis.usda.gov/vs/ncie/bta.html. . The list of plant agents and toxins is available at http://www.aphis.usda.gov/ppq/permits. 16. Will one or both agencies approve applications that include overlap select agents? Regardless of which agency receives the application regarding an overlap select agent or toxin, both agencies will provide input before a determination is made to grant or deny a certificate of registration. 17. What does the registration cover? The registration will only be valid for the specific select agents and toxins and the specific activities and locations consistent with the information which the certificate of registration or amendment is granted. 18. What if we need to update, change, or amend our registration? If any change occurs in the information submitted, the Responsible Official (RO) of the entity must obtain prior approval by promptly notifying the CDC in writing in accordance with 42 CFR New Select Agent Regulation FAQ Page 7 of 13 73.21. This includes modifications to the list of individuals that have been approved under 42 CFR 73.8 to work/access select agents, changes in work locations, and changes in protocols or objectives of the studies. The entity must submit the information requested in the relevant portion of the application package to the agency that issued the certificate of registration. 19. Under what conditions could a registration be terminated? The HHS Secretary will terminate a certificate of registration based on a determination that the entity no longer conducts activities covered by the certificate. It may also be terminated based on the security risk assessment from Department of Justice, or if the entity fails to meet or maintain safety or security requirements as specified in 42 CFR 73. The HHS Secretary may take such action immediately if necessary to protect the public health or safety. Upon such termination the select agent or toxin possessed by the entity must be destroyed or transferred as directed by the HHS Secretary. 20. Who has to have a security risk assessment? All entities (except for Federal, State, or local governmental agencies), the RO, alternate RO, and all individuals working with or having access to select agents or toxins must have an approved security risk assessment. An entity may not provide an individual access to a select agent or toxin unless the individual has been approved by the HHS Secretary or USDA Secretary based on this security risk assessment. 21. How does an entity obtain a security risk assessment? Information will be posted on our website when it becomes available. 22. What criteria are used for determining approval of a security risk assessment? The security risk assessment will evaluate if an individual is a restricted person based on the criteria of the PATRIOT Act http://www.cdc.gov/od/sap/patriot.htm , has committed a Federal crime, is involved with any group that engages in domestic or international terrorism or any organization that engages in intentional acts of violence, or is an agent of a foreign power. 23. How long is the security risk assessment valid? It is valid for a period of three years unless terminated by the HHS Secretary sooner. 24. What are the safety requirements of the new regulation? Each entity must implement a safety plan. This safety plan should consider: . The requirements of the Biosafety in Microbiological and Biomedical Laboratories (BMBL), including all appendices except Appendix F. . The requirements for handling toxins found in the 29 CFR 1910.1450 and / or 29 CFR 1910.1200, and Appendix I of the BMBL. New Select Agent Regulation FAQ Page 8 of 13 . NIH Guidelines for Research Involving Recombinant DNA (NIH Guidelines) for work with genetic elements, recombinant nucleic acids, and recombinant organisms. 25. What are the responsibilities of the RO with respect to the safety requirement? The RO must conduct regular inspections, at least annually, of the laboratory where select agents or toxins are stored or used to ensure compliance with all procedures and protocols of the safety plan. The results of these inspections must be documented and any deficiencies must be corrected. 26. What other safety requirements are included in the new regulation? An entity may not conduct the following types of experiments unless approved by the HHS Secretary: . Utilizing recombinant DNA to deliberately transfer drug resistance traits to select agents that are not known to acquire the trait naturally, if such acquisition could compromise the use of drug to control disease agents in humans, veterinary medicine, or agriculture. . Work involving the deliberate formation of recombinant DNA containing genes for the synthesis of select agent toxins lethal for vertebrates at an LD 50 < 100 ng/kg body weight. 27. What are the requirements of the security plan? The specific components to include in the security plan as required by 42 CFR 73 are located in the regulation at ' 73.11 http://www.cdc.gov/od/sap/docs/73_11.pdf. 28. What records are entities required to keep and for what duration? Records that should be kept include: the list of approved individuals that may access select agents, inventories, access to agents and toxins, areas where agents are used, and transfer and destruction documents. These should be maintained for a period of three years, as described in 42 CFR 73.15. 29. When and how will inspections take place? Inspectors from the CDC Select Agent Program will conduct inspections of registered entities. Such inspections may be conducted without prior notification and will include a review of all safety and security aspects, as well as record keeping requirements, covered by 42 CFR Part 73. 30. Are there criminal or civil penalties for not being in compliance with the new regulation? If yes, what are they? Violation of the Public Health Security and Bioterrorism Preparedness Response Act of 2002 can result in substantial fines or imprisonment of up to 5 years, or both. In addition, violation of the Law can result in a civil money penalty of up to $250,000 for individuals and $500,000 for an entity. New Select Agent Regulation FAQ Page 9 of 13 Questions Regarding the New Select Agent Regulation (42 CFR 73) for Facilities Currently Registered under 42 CFR 72.6 1. I was just registered for a period of three years, is anything further required of our institution as a result of the new regulation? Yes. Your RFO/ RO will be receiving a letter describing the requirements of 42 CFR 73, including the necessity to file a new application form. Please note that there are phase-in timeline dates that you are required to meet (see below, number 2). 2. My registration certificate states that we are registered until 2005, and yet the regulation says it is superceded by 42 CFR 73. Does that negate my current registration certificate? The new rule will supercede the previous registration rule according to the phase-in timeline specified in the regulation and you must follow the provisions of the new rule to remain registered to work with select agents and toxins. The requirements of the first phase-in date become effective on February 7, 2003. To remain registered, the entity must complete an application under 42 CFR 73 for the effective items set forth for the February phase-in date, and meet filing requirements at each of the subsequent phase-in date. Between February 7, 2003 and March 12, 2003, the new application compliance requirements include the designation of a Responsible Official; development of a safety plan and laboratory compliance with the requirements of the BMBL, 29 CFR 1910.1450, and/or NIH Guidelines for recombinant DNA; an emergency response plan; a security risk assessment; a record management system; acknowledgment of inspection requirement; a theft, loss, or release notification procedure; and acknowledgement of administrative review of adverse actions, civil and criminal penalties for violations, and application submission requirements. 3. How can I ensure continuity of our registration for Select Agents? File the new application as it becomes available, and provide documentation to the appropriate agency that your entity meets the requirements of the parts of the rule that become effective by each phase-in date. 4. Our facility has been inactive with respect to select agents, and is ready to register at this point. We are hopeful to begin work sooner than the new regulation takes full effect, how do we proceed, and when can we expect to proceed with work? File the new application as it becomes available, and meet the requirements of the parts of the rule which become effective by each phase-in date. By meeting the requirements for compliance at each phase-in date of 42 CFR 73, you will receive authorization to work with the agents. New Select Agent Regulation FAQ Page 10 of 13 5. Our institution now has occasion to register additional agents and laboratories, is this still a simple amendment? If you request an amendment to your registration under 42 CFR 72.6, the amendment will only be effective until the applicable phase-in date of 42 CFR 73. Please note that you will be required to submit an application for all work performed at your institution, including the amendment to meet the requirements of 42 CFR 73 on or around March 12, 2003. 6. How do I determine whether to submit my registration to CDC or USDA for the overlap select agents? You may submit your new registration package to either agency. A joint reporting system has been developed between CDC and APHIS to approve your application for use of HHS/USDA overlap agents. 7. If I have a CDC select agent and a USDA select agent in the same lab with the same Principal Investigator (PI), do I have to register the same lab with both agencies for each select agent? Yes. Even if you are registering the same laboratory and PI with the two agencies, you must submit a separate package to each agency for the agent under their control. 8. Our registration is about to expire. Are there changes in the process since our previous registration? There are new requirements and a new application. 42 CFR 72.6 is being superceded by 42 CFR 73 on November 12, 2003, with phase-in requirements from February 2003 through November 2003. Please use the new application when it becomes available (information to be posted on our website) to renew your registration under 42 CFR 73. 9. Will you utilize documentation on file which I have sent in for my current registration? Some documentation on file from your current registration will be used for activities such as transfers under 42 CFR 72.6 until March 12, 2003. After the date the 73.14 Transfer Section becomes effective, a new version of the transfer form will be used. To accomplish transfers, the 42 CFR 73 application must be on file and approved between February 7, 2003 and March 12, 2003. New documentation must be submitted because HHS and USDA are required to evaluate and concur on registrations for HHS/USDA overlap agents. 10. It may take some time to have the personnel in our laboratories approved for the security risk assessment by DOJ. How will this affect my registration and the processing of our application? Your entity will receive an application number when your application has been approved under 42 CFR 73. The DOJ component of the rule becomes effective on June 12, 2003, and compliance New Select Agent Regulation FAQ Page 11 of 13 with each phase of the registration process will enable you to conduct business legally until a registration number is issued under 42 CFR 73, as it supercedes 42 CFR 72.6 in November 2003. 11. We have select agents on the exclusive HHS list as well as on the exclusive USDA list. How do we coordinate the registration? You must register with both agencies if you have agents on both lists. If you are also working with an overlap agent, then continue with your initial registering agency. The two agencies will be jointly reviewing that portion of the evaluation. 12. Currently we only store select agents and toxins, do we have to register personnel with access to the freezers with DOJ? Yes. You must submit application for a security risk assessment to DOJ for any individuals that require access, including the appointed RO and alternate RO. 13. I just received a letter with a response due date from the inspector assigned to my facility. Is there a process by which I can request to extend this response date? The regulation specifically provides for an 8 week period of processing of the application. This time is to allow you to provide information that is required, but was not furnished with your application. As noted on the application, information not provided can seriously delay processing of your application, and may result in delaying your registration. 14. We are a facility that is currently registered with CDC to transfer select agents, but due to funding constraints for the select agent project, we are considering eliminating the project and destroying the agent. What should we do? Until on or around March 12, 2003 when the new transfer section becomes effective under 42 CFR 73.14, an EA-101 must be submitted to CDC to report the destruction of the agents or toxins (as specified in 42 CFR 72.6; see http://www.cdc.gov/od/sap/docs/attach6.pdf). After March 12, 2002, CDC must be notified in writing at least 5 business days prior to destruction. Questions Regarding the New Select Agent Regulation (42 CFR 73) for Facilities Not Currently Registered under 42 CFR 72.6 and Not Currently Possessing Select Agents 1. I did not possess select agents or toxins prior to February 7, 2003. What timeline must I meet to register my entity? As of February 7, 2003, to register your entity, you must submit an application that certifies your compliance with the designation of a Responsible Official; development of a safety plan and laboratory compliance with the requirements of the BMBL, 29 CFR 1910.1450, and/or NIH Guidelines for recombinant DNA; an emergency response plan; security risk assessment; training requirements; select agent transfer requirements; record management system; New Select Agent Regulation FAQ Page 12 of 13 New Select Agent Regulation FAQ Page 13 of 13 acknowledgment of inspection requirement; theft, loss, or release notification procedure; and acknowledgement of administrative review of adverse actions, civil and criminal penalties for violations, and application submission requirements. As of September 12, 2003, you must submit an amendment to your application that certifies your compliance with the security requirements by developing a security plan. As of November 12, 2003, you must be in full compliance with all provisions of the new select agent rule. You must meet the requirements for compliance at each phase-in date of 42 CFR 73 in order to be authorized to work with the agent. From schear at attbi.com Sun Dec 22 20:49:29 2002 From: schear at attbi.com (Steve Schear) Date: Sun, 22 Dec 2002 20:49:29 -0800 Subject: Using Brin to thwart ISP subpoenas In-Reply-To: References: <5.1.0.14.2.20021222182318.048dcdf0@mail.attbi.com> Message-ID: <5.1.0.14.2.20021222203656.048e3068@mail.attbi.com> At 10:16 PM 12/22/2002 -0500, you wrote: >On Sunday, Dec 22, 2002, at 21:28 US/Eastern, Steve Schear wrote: > >>At 09:59 AM 12/20/2002 -0500, you wrote: >>>Date: Fri, 20 Dec 2002 09:10:18 -0500 >>>Subject: Re: Using Brin to thwart ISP subpoenas >>>From: Charles Evans >>>To: "R. A. Hettinga" >>> >>>How long do you think it would be before the ISP described below would >>>receive a cease and desist letter, ordering it to remove the cameras, >>>in order to protect customer privacy? >> >>I guess it would depend on the ISP's posted privacy policy. There are no >>regulations, AFAIK, that set some minimum standard for customer privacy. > >The customer privacy part would be an excuse. Your legal-irony hack is >too clever to stand unchallenged. It would be interesting. In a way it would be a test of Brin. One way might be to have property management companies build total surveillance into their leases. Could a court prevent a company from becoming transparent to its customers. >>If the ISP accepted only DMT or e-gold payments, which are anonymous, it >>would not be likely to reveal much about a customer's privacy during the >>course of normal office conversations except perhaps their email address. > >How do you mean anonymous? Do you mean untraceable? Well I'd never say untraceable, however, DMT does not require any meat space customer information. See https://196.40.46.24/ If you can't join 'em, beat 'em. -- W's global policy of hegenomy From rah at shipwright.com Thu Dec 26 19:37:32 2002 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 26 Dec 2002 22:37:32 -0500 Subject: Peace Through Trade, Redux: Medieval Iceland and the Absence of Government In-Reply-To: <0101E600-1947-11D7-855B-000393459DE0@brandeis.edu> References: <0101E600-1947-11D7-855B-000393459DE0@brandeis.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 9:57 PM -0500 on 12/26/02, Somebody wrote: > Obviously he hasn't read Njal's Saga. Yeah, people say this a lot, but it's more the exception that proves the rule. For instance, multi-generational blood feud that runs over the course of Njal's Saga goes over a century or more, I think, so a simple body count doesn't work very well. In addition, the reason they made a saga out of the story was that the events in it were so exceptional, not just the burning of Njal and the Njalssons, but the whole fight that lead up to it. Like the paper said about Icelandic conflicts in general, when the burning was over, the whole "war" was over -- without dragging in a cast of thousands. Hype is a very old thing. The saga said, among other things, that Gunnar could also jump his own height from a standing start, too, remember? :-). Like they said in the Old West, which was also much more peaceful than the pulp-novels, movies, and gun-control advocates would have you believe, "We didn't need the law until the lawyers came." The Norse, like people in early America were, of course, all armed to the teeth, and an armed society is a polite society. Remember that rabbits fight to the death by disembowelment, while rattlesnakes just bump chests to see who gets the girl... Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 - not licensed for commercial use: www.pgp.com iQA/AwUBPgvK88PxH8jf3ohaEQJDSwCfXVukQ1nvHKtY55LpGuB2TJCr3qgAoKyC txJTrHdsyw7zKeviCRE7kRRs =S1jd -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mix at anon.lcs.mit.edu Thu Dec 26 19:20:04 2002 From: mix at anon.lcs.mit.edu (lcs Mixmaster Remailer) Date: 27 Dec 2002 03:20:04 -0000 Subject: I Crypto U and your files Message-ID: <20021227032004.23693.qmail@nym.alias.net> Blah blah blah wrote... (Begin quote) "The down side is the concern that they will be doing something unusual. Since there is no mass use of PGP, crypto users do stand out - all 23,000 of us regular users worldwide are well mapped, charted and identified. I don't have a good answer for this. What novice users really want is ANONYMOUS use of crypto, so that they don't raise flags. Then I have to explain about anonymous remailers, whose reliability is nowhere near regular smtp e-mail. The only remaining option is use of public-access internet terminals." (End quote) A point I was harping on a few weeks ago (but that seems to have been largely overlooked), is that if the amount of traffic that is encrypted rises exponentially, then those red flags will mean very little (I remember Homer Simpson designing a car and saying: "You know those little balls you put on your antenna to find your car in the mall parking lot? Every car should have one!"). One leverage point for possibly encouraging this to happen is in P2P, methinks. A few power-users have been prosecuted recently, so imagine a nice little crypto-tunnel (and mp3 disc-encryptor) app that could easily be injected into the Kazaa or other Gnutella-centric browsers. The nice thing here is that if we could get a functioning app, the app itself could be shared and spread variola-like via the P2P networks themselves. There's the technical difficulty that someone pointed out here that the IP address of both serv-ants is visible. One possible go-around is to have an encrypted tunnel materialize through blacknet, but I strongly doubt this will scale to millions of users very well. Another possibility includes allowing the user to make only a portion of their content visible to any single user (plus crypto of course), the logic being that 'they' won't come after the millions of regular file sharers. Any thoughts? If we could develop such an app and roll it over into the file-sharing networks, then the amount of encrypted files being moved around could increase tremendously. ANd then, us law-abiding, flag-saluting supporters of even this governments' insistence on world destabilisation will feel safer in using crypto on a daily basis, because crypto will no longer be the sole provence of cranks, kooks, and libertarians. -TD From rah at shipwright.com Fri Dec 27 07:32:18 2002 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 27 Dec 2002 10:32:18 -0500 Subject: The Archbishop is right: the nation-state is dying Message-ID: http://www.timesonline.co.uk/newspaper/0,,174-524468,00.html December 27, 2002 The Archbishop is right: the nation-state is dying Philip Bobbitt Writing a long book such as The Shield of Achilles: War, Peace and the Course of History is like sending a message to HQ from behind enemy lines. You may never know if the message was received, or if it was understood, or precisely what action was taken. So I was especially pleased when the Archbishop of Canterbury's Dimbleby Lecture, about the rise of the market state, called upon the Church to take up some of the moral responsibilities the 20th-century nation-state is beginning to shed. Alas, however, the Archbishop cannot assume that everyone who heard the lecture had read the book, and although his analyses drawing on the work were impeccable, I can appreciate how his critics have misconstrued novel terms and ideas that he could describe only briefly. Some reactions were absurd, others far more extensive, and they deserve to be treated seriously. I think that my terminology, and the fact that the Archbishop could only summarise the basis for my analysis, misled otherwise thoughtful commentators into offering reactions that are wide of the mark. Take the estimable Matthew Parris, whose work I so admire that it is quoted in my book. He dissected the Archbishop's lecture as mistaken in every element. "The nation-state is not being torn away," he wrote. "The citizen has never in history enjoyed a higher level of protection and shelter from government. . . The idea that the nation state is being blown away by the global market is a fashionable view for which there is no sound evidence. The delusion has three understandable causes: first, we in Europe are conscious that some functions previously exercised by our domestic governments are in the hands of the European Union. . . Secondly, we are uncomfortably aware of the emergence of a new imperial power. . . Thirdly, now that currencies float and protectionism is out of fashion, we have the illusion of being newly exposed to global market forces." None of the three reasons for the delusion Mr Parris perceives has got anything to do with why the nation state will be increasingly unable to fulfill its citizens' expectations. The state is not declining, nor is the nation dying, but the relationship between the two is changing and the particular version of the State which has dominated for a little more than 100 years is undergoing a profound change. Like earlier versions of the State, stretching back to the Renaissance, the constitutional order of the nation-state (dating roughly from 1865/1871 to the present) rests on its own unique premise for legitimacy: give us power and we will better the material wellbeing of the people. Roosevelt, Hitler and Stalin all made this same promise, although they had different ideas about how to achieve it. Indeed the long wars of the 20th century determined which of three forms of the nation- state - fascist, communist or parliamentary - would accede to the legitimacy of the imperial states of the 19th century. Now, at the moment of its greatest triumph, the nation state is increasingly unable to fulfill its legitimising premise. Five developments are chiefly responsible for this. First, the recognition of human rights as norms that require adherence within all states, regardless of their internal laws; this is why Slobodan Milosevic is in the dock today, not because he disobeyed any of the laws of the state of which he was the elected leader. Second, the development of nuclear weapons and other weapons of mass destruction that render the defence of state borders ineffectual; this is why it is untrue that "no generation has ever been better protected". Third, the proliferation of global and trans- national threats - such as those that damage the environment, or threaten states through migration, population expansion, disease, or famine - that no nation-state alone can control or hide from. Fourth, the growth of a world economic regime that ignores borders in the movement of capital, which curtails states in the management of their economic affairs. Fifth, the creation of a global communications network that penetrates borders and threatens national languages, customs and cultures. A constitutional order will arise that reflects these five developments and hails them as requirements which only it can meet. The emergence of this new order will also change how states interact with each other. The European Union, the increased power of the United States (which some mistakenly believe to be a new empire), floating currencies: these are all consequences of the five developments, not drivers. Mr Parris completely mistakes this point and he seems to acknowledge it when he writes: "The second leg of Dr Williams's argument therefore baffles me. 'Where the State was once seen as guaranteeing the general good of the community,' he says, 'the State no longer has the power to keep its side of the bargain.' I have no idea on what the Archbishop bases this remark." Exactly. And having mistaken the analysis, he misses the link to Dr Williams 's point about the emergence of the market state, the likely successor to the nation-state. It is not, as Mr Parris alleges, that Dr Williams claims that we live "in a new and market-driven age of individual greed". And thus Mr Parris's riposte that individuals are no greedier today than they ever were, while doubtless true, misses the point. The link to Dr Williams's argument about the role of faith-based institutions is the following: if the legitimising premise of the nation-state will be increasingly difficult to fulfil, the state will not simply wither away, rather it will change that premise. The premise of the market state is that it will maximise the opportunity of individuals. A market state is not a market. The state is not going away, and in some respects it will be more powerful than ever. Nor does the nation state have a monopoly on nationalism; far earlier constitutional orders reflected intense nationalism. Rather, Dr Williams is arguing that the emergence of the market state will see the state evacuate areas of responsibility that it had, in the last 150 years, undertaken. When the Left argues for affirmative action, and the Right for criminalising abortion; when the Left wants to make hate speech a crime and the Right wants to criminalise drug use; when the Left seeks to create "hate crimes" and the Right wants to ban non-national languages: all are regarding the state as a nation-state, employing law and regulation to enforce moral positions. But when the Left urges the deregulation of reproductive choice, and the Right the deregulation of industry, they have moved to a market-state perspective. Phenomena such as the replacement of conscription with an all- volunteer force, welfare reform that attempts to replace unemployment allowances with education and training to help the unemployed to enter the labour market, and the use of non-governmental organisations and private companies as adjuncts to traditional government activities, reflect elements of the barely emerging market state. And this is the Archbishop's point: that a state that is, owing to these new forces, relatively (compared to the nation-state) indifferent to loyalty, civility, trust in authority, respect for family life, regard for privacy, reverence for sacrifice, equality and solidarity will require that the society it governs promotes these qualities through non-state agencies. As the Archbishop put it: "It is inevitable that governments can no longer deliver in terms of setting out a moral basis in law - other institutions will have to take up a new role." This is why he focuses on "the willingness of the market-state government to engage with traditional religious communities in a new way". I cannot help but wonder whether, if the Archbishop had substituted the phrase "non-governmental organisation" - such as Amnesty International, Medecins sans Frontieres, trade unions or multinational corporations - instead of "religious communities" as taking up new responsibilities, anyone would have been so terribly surprised. After all, underlying his proposals is an analysis that suggests new roles for businessmen, and for the private sector generally, not just for religious institutions. Thus, here, too, the Archbishop's critics mistake their target when they respond to his lecture by saying that the Church has no monopoly on moral argument. I urge the Archbishop's critics to give their reactions to his lecture a second - and a third - thought. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Fri Dec 27 04:40:03 2002 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 27 Dec 2002 13:40:03 +0100 (CET) Subject: I Crypto U and your files In-Reply-To: Message-ID: On Thu, 26 Dec 2002, Anonymous wrote: > One leverage point for possibly encouraging this to happen is in P2P, > methinks. A few power-users have been prosecuted recently, so imagine > a nice little crypto-tunnel (and mp3 disc-encryptor) app that could > easily be injected into the Kazaa or other Gnutella-centric browsers. There's no point in trying to fix braindamaged designs by incremental patchwork. You know about , right? > The nice thing here is that if we could get a functioning app, the app > itself could be shared and spread variola-like via the P2P networks > themselves. If the users didn't consent to auto-upgrade, you could as well write a worm with p2p node functionality. God knows some people in China could have used some plausible deniability. > There's the technical difficulty that someone pointed out here that > the IP address of both serv-ants is visible. One possible go-around is Well, duh. > to have an encrypted tunnel materialize through blacknet, but I > strongly doubt this will scale to millions of users very well. Instead of doubting, try creating a model that might work, and test drive it in the simulator with millions of nodes. > Another possibility includes allowing the user to make only a portion > of their content visible to any single user (plus crypto of course), > the logic being that 'they' won't come after the millions of regular > file sharers. The point is to not make content linkable to a specific node. > Any thoughts? If we could develop such an app and roll it over into > the file-sharing networks, then the amount of encrypted files being > moved around could increase tremendously. ANd then, us law-abiding, Instead of inventing a polygonal wheel, try joining any of the many efforts like MNet and Freenet, and start hacking. > flag-saluting supporters of even this governments' insistence on world > destabilisation will feel safer in using crypto on a daily basis, > because crypto will no longer be the sole provence of cranks, kooks, > and libertarians. From jya at pipeline.com Sat Dec 28 15:16:39 2002 From: jya at pipeline.com (jya at pipeline.com) Date: Sat, 28 Dec 2002 18:16:39 -0500 Subject: NSA Show Sexually Arouses Hanssen Message-ID: The 20/20 TV show on December 27, 2002 had a segment on Robert Hanssen, FBI spy, in which he is described as becoming sexually aroused by a National Security Agency PowerPoint presentation and stroked himself through his pants, according to Eric O'Neill, a young FBI agent who had been assigned to covertly report on Hanssens's activities. (The show transcript omits the stroking description and demonstration on camera by O'Neill.) Crypome invites information on which NSA presentation aroused Hanssen, and a copy of it for publication. Send to jya at pipeline.com 20/20 report: http://abcnews.go.com/sections/2020/DailyNews/2020_spykid021227.html From tcmay at got.net Sat Dec 28 23:07:56 2002 From: tcmay at got.net (Tim May) Date: Sat, 28 Dec 2002 23:07:56 -0800 Subject: NSA Show Sexually Arouses Hanssen In-Reply-To: Message-ID: <418FAD76-1AFC-11D7-9EEA-0050E439C473@got.net> On Saturday, December 28, 2002, at 03:16 PM, wrote: > The 20/20 TV show on December 27, 2002 had a segment on Robert > Hanssen, FBI > spy, in which he is described as becoming sexually aroused by a > National > Security Agency PowerPoint presentation and stroked himself through > his pants, > according to Eric O'Neill, a young FBI agent who had been assigned to > covertly > report on Hanssens's activities. (The show transcript omits the > stroking > description and demonstration on camera by O'Neill.) Crypome invites > information on which NSA presentation aroused Hanssen, and a copy of > it for > publication. > This is silly. Rather than show that Hanssen had any particular erotic reaction to part of the NSA presentation, it is vastly more likely that it shows that anyone under constant surveillance will at some point do something, perhaps out of boredom, out of daydreaming, which surveillers will note with prurient interest. "Citizen-unit Winston Smith was observed engaging in said behavior during the Thursday One Hour Preparation for the Great Hate. Suggest surveillance be increased." --Tim May From tcmay at got.net Sun Dec 29 12:05:43 2002 From: tcmay at got.net (Tim May) Date: Sun, 29 Dec 2002 12:05:43 -0800 Subject: The Geodesic Economy: "World Peace Through Free Trade" In-Reply-To: Message-ID: (All of these Hettinga lists elided from the distribution: "'R. A. Hettinga'" , Digital Bearer Settlement List , dcsb at ai.mit.edu, e$@vmeng.com, mac_crypto at vmeng.com, fork at xent.com, nettime-l at bbs.think.net, irregulars at tb.tf.....) On Sunday, December 29, 2002, at 10:33 AM, Trei, Peter wrote: > What do I think? I think they're one hell of a lot better than the > first batch, which came out last summer. They lowered the > square footage mandated, and told the companies to be a lot > more imaginative. "Square footage mandated"? "Told the companies"? It sure would be great if things were just left this way: "It is up to the owner of the property to decide what to do with the property. He can ask for opinions, hire consultants, of course, as he wishes. But the herd has no say on what he does, so long as uniform building standards and zoning regulations are met." (Issues of zoning, safety, and traffic are easily dealt with, and have nothing to do with the various pronouncements about "more square footage must be provided" and "The Mayor prefers at least two towers.") Regrettably, many levels of government and "the public" are involved. I realize that things got very confusing when a quasi-government agency (Port Authority) bought and paid for the original towers--though it then leased the site and towers to another owner, a private individual. If they wanted to own their building, they should not have then leased it to another, then back to themselves, while diverting the monies in the usual government way. So now we have what should be a private land development deal mixed up with government...again. My hunch is that the new towers will never be filled and will turn out to be a business catastrophe (oops, I said "business," when in fact it is the Port Authority, a weird melange of jurisdictions which is probably constitutionally invalid). Many of the occupants have found other office spaces, and many of them have said they are perfectly happy uptown or midtown. Or out in Jersey or Long Island or the other burrows (ObMisspellingDeliberate). Or decentralized out to where people are cheaper to hire. This is what networks are for. Centralizing people into antheap buildings...ugh. I wasn't sorry to see those Bauhaus boxes go. > One thing I liked in particular was that most of the designs > weren't afraid to go high into the sky this time around. Building > high is an expression of confidence. Or, to many of us, of stupidity. > The WTC was a landmark > for a huge part of the city; you could see it easily from most > of midtown and downtown. Hideous boxes. > I worry about designs which require a huge amount of maintenance > (Libeskind's sky forests), which I can't see being maintained more > than a decade or so, or which devote so much to memorial that > 40 years from now they will seem over the top (Foster has a huge > area which is supposed to be restricted to victim's family members). > > My own initiial idea was to rebuild the towers as they were, but in > goldtone instead of silver. Now, I'd like to be a little more > respectful > of the pre-WTC street grid (If you weren't actually going to the WTC, > it was a huge obstacle to get around, either driving or on foot). But I > still want towers which rise far above the skyline. One hopes not a single fucking dime of taxpayer money will go into rebuilding anything on that site. (Oh, I won't scream if $25,000 is allocated to hire that Chinese architect to replicate her Vietcong wall with the names of the dead so that the weepy ones can do their tracings and all. But nothing more should be spent out of the taxpayer's pocket.) (And to the extent the Port Authority is really a shakedown operation, a gatekeeper, extracting revenues from those who cross into its regime, the use of Port Authority money should be watched carefully. The insurance should cover the rebuilding. If it doesn't, scale back the plans accordingly.) I like the new skyline better. (ObHettinga: Meet the new skyline, same as the old, old one.) But all this yawp coming out of NYC about which of the plans will be selected, how the City wants the towers to be reconstructed, blah blah, is all just an indication of statism. (Ayn Rand loved the Twin Towers, ironically, and typically, and disgustingly. But, then, she thought cigarette smoking was a symbolic affirmation of Man's control of fire and his striving to reify A or Not-A through purity of essence! But, then, she was aynal about a lot of things, such as her support for NASA even though it consumed 50,000 slave-lives to put an American flag on a ball of worthless rock. Hilarious that she died of cancer.) --Tim May "That the said Constitution shall never be construed to authorize Congress to infringe the just liberty of the press or the rights of conscience; or to prevent the people of the United States who are peaceable citizens from keeping their own arms." --Samuel Adams From ptrei at rsasecurity.com Sun Dec 29 10:33:13 2002 From: ptrei at rsasecurity.com (Trei, Peter) Date: Sun, 29 Dec 2002 13:33:13 -0500 Subject: The Geodesic Economy: "World Peace Through Free Trade" Message-ID: > R. A. Hettinga[SMTP:rah at shipwright.com] wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I wonder what people, especially from New York City, think about the > new proposals for Lower Manhattan and World Trade Center site that > came out this week. > > > > My qualifications: I lived in NYC when I was a little kid, and in Manhattan from the end of college until I moved to Massachusetts 14 years ago. I used to work at 101 Barclay Street, directly across the street from 7 WTC. I've been up the towers many times - I used to take friends from out of town up to the observatory, and dates to Windows on the World. I'd visit the concourse for lunch, and hang out at a bar halfway up the north tower after work. What do I think? I think they're one hell of a lot better than the first batch, which came out last summer. They lowered the square footage mandated, and told the companies to be a lot more imaginative. One thing I liked in particular was that most of the designs weren't afraid to go high into the sky this time around. Building high is an expression of confidence. The WTC was a landmark for a huge part of the city; you could see it easily from most of midtown and downtown. I like the Foster design best. The SOM, Libeskind, and United Architects designs are also very good. The THINK and Peterson designs leave me kind of cold. I don't much like the Richard Meier (tictactoe) design. I worry about designs which require a huge amount of maintenance (Libeskind's sky forests), which I can't see being maintained more than a decade or so, or which devote so much to memorial that 40 years from now they will seem over the top (Foster has a huge area which is supposed to be restricted to victim's family members). My own initiial idea was to rebuild the towers as they were, but in goldtone instead of silver. Now, I'd like to be a little more respectful of the pre-WTC street grid (If you weren't actually going to the WTC, it was a huge obstacle to get around, either driving or on foot). But I still want towers which rise far above the skyline. Peter From nobody at cryptofortress.com Sun Dec 29 17:16:34 2002 From: nobody at cryptofortress.com (Anonymous) Date: Sun, 29 Dec 2002 19:16:34 -0600 (CST) Subject: =?iso-8859-1?Q?Rd=08e:?= The Two Towers.... Message-ID: <024eef412b1f7f33cf90da3190c81839@remailer.cryptofortress.com> Oh that our saviour Osama would come soon and turn all New York into a radioactive pile of rubble. From schear at attbi.com Sun Dec 29 19:21:07 2002 From: schear at attbi.com (Steve Schear) Date: Sun, 29 Dec 2002 19:21:07 -0800 Subject: County votes for land use anarchy Message-ID: <5.1.0.14.2.20021229191849.04c70180@mail.attbi.com> Georgia County Fed Up with Too Many Rules and Regulations Excerpt: Fed up with the complexity of zoning ordinances and various other land use restrictions already in existence, and a new raft of rules handed down by the state government, elected officials in Habersham County, Georgia, took a radical and unprecedented step. They voted to eliminate all land use regulations for the county, as well as the planning commission and building inspectors. http://www.heartland.org/Article.cfm?artId=11369 If you can't join 'em, beat 'em. -- W's global policy of hegenomy From gbnewby at ils.unc.edu Sun Dec 29 16:23:35 2002 From: gbnewby at ils.unc.edu (Greg Newby) Date: Sun, 29 Dec 2002 19:23:35 -0500 Subject: The Two Towers.... In-Reply-To: <20021229234026.29838.qmail@nym.alias.net> References: <20021229234026.29838.qmail@nym.alias.net> Message-ID: <20021230002335.GA20768@ils.unc.edu> Please label movie review postings with "spoiler" so that those of us who haven't seen the movie yet don't mistakenly read the plot. Go Frodo! (I'm joking, of course: I already saw The Two Towers.) On Sun, Dec 29, 2002 at 11:40:26PM -0000, lcs Mixmaster Remailer wrote: > > Blah blah blah wrote... > > "My hunch is that the new towers will never be filled and will turn out to be a business catastrophe" > > Who gives a crap? Despite the fact that the original towers were as ugly as hell, they were a giant "Fuck You" to the rest of the world and we New Yorkers loved 'em. (I still say to NJ-based relatives that "All of you" conspired to knock down the towers...I refuse to distinguish between bin Laden, gov Florio (or whoever), and George Bush. All I know is that it was you non-New-Yorkers who did it 'cause you hate us and all our cool food, culture, filth and crime.) And until I stop paying taxes entirely, I might as well SEE something my tax $$$ may have been used to build, as opposed to stealth buildings and giant storage "schools". (I always used the same argument to support the superconducting supercollider....) > > > > > "oops, I said "business," when in fact it is the Port Authority, a weird melange of jurisdictions which is probably constitutionally invalid)." > > The PA is certainly one of the more lecherous groups in these parts, including the mob. They were supposed to dissappear after the tolls paid for roads and bridges to be built. But using that ole' loophole (something to do with refinancing), they've maintained their incpometant and corrupt stranglehold on most of our major thoroughfares for lo these many years (increasing the pollution like crazy, too). > > > > "I wasn't sorry to see those Bauhaus boxes go." > > Bauhaus? I guess. More like that 70s warmed over post-Bauhaus fascist crapola. Nobody in NYC really thought they were beautiful, but we do miss 'em (see above!). > > And Peter Trei wrote... > > "One thing I liked in particular was that most of the designs > weren't afraid to go high into the sky this time around. Building > high is an expression of confidence." > > This I more or less agree with. And it's not a government thing, not a business thing, just a New York thing. We need replacement towers for sure, and that design by David Rockwell & Co (with those odd empty tower-structures) might be good. They have the additional advantage of not casting such a dark shadow over downtown and Brooklyn Heights. > > > PT wrote... > "The WTC was a landmark > for a huge part of the city; you could see it easily from most > of midtown and downtown." > > but Blah Blah Blah wrote... > > "Hideous boxes." > > Again, you miss the point. We New Yorkers navigated by them, and when traveling out in th'sticks (ie, New Jersey and west of the hudson) those ugly boxes would come popping up over the horizon welcoming you home, just like your ugly ole' Mom. > > > Somebody wrote, and I really don't remember or care who. Hell, let's say Tim May wrote it just to piss him off... > > "My own initiial idea was to rebuild the towers as they were, but in > goldtone instead of silver. Now, I'd like to be a little more respectful > of the pre-WTC street grid (If you weren't actually going to the WTC, > it was a huge obstacle to get around, either driving or on foot). But I > still want towers which rise far above the skyline." > > That original twisty-towers design brought forward in response to how shitty the original official designs were by that Amalgamated Architects was the best design, but for some reason it didn't make it into the official final round. > > > "One hopes not a single fucking dime of taxpayer money will go into rebuilding anything on that site. (Oh, I won't scream if $25,000 is allocated to hire that Chinese architect to replicate her Vietcong wall with the names of the dead so that the weepy ones can do their tracings and all. But nothing more should be spent out of the taxpayer's pocket.)" > > Like I said, you can either SEE your tax dollars build something (even if its useless), or else they'll just dissappear up some buereucrats (I can never spell that word) nose. Unless you pay zero taxes of course. > > > "(Ayn Rand loved the Twin Towers, ironically, and typically, and disgustingly. But, then, she thought cigarette smoking was a symbolic affirmation of Man's control of fire and his striving to reify A or Not-A through purity of essence!" > > A read through a couple Ayn Rand books and none of this should be suprising. As far as I'm concerned she wasn't exactly von Neumann. > > Tyler Durden From mix at anon.lcs.mit.edu Sun Dec 29 15:40:26 2002 From: mix at anon.lcs.mit.edu (lcs Mixmaster Remailer) Date: 29 Dec 2002 23:40:26 -0000 Subject: The Two Towers.... Message-ID: <20021229234026.29838.qmail@nym.alias.net> Blah blah blah wrote... "My hunch is that the new towers will never be filled and will turn out to be a business catastrophe" Who gives a crap? Despite the fact that the original towers were as ugly as hell, they were a giant "Fuck You" to the rest of the world and we New Yorkers loved 'em. (I still say to NJ-based relatives that "All of you" conspired to knock down the towers...I refuse to distinguish between bin Laden, gov Florio (or whoever), and George Bush. All I know is that it was you non-New-Yorkers who did it 'cause you hate us and all our cool food, culture, filth and crime.) And until I stop paying taxes entirely, I might as well SEE something my tax $$$ may have been used to build, as opposed to stealth buildings and giant storage "schools". (I always used the same argument to support the superconducting supercollider....) "oops, I said "business," when in fact it is the Port Authority, a weird melange of jurisdictions which is probably constitutionally invalid)." The PA is certainly one of the more lecherous groups in these parts, including the mob. They were supposed to dissappear after the tolls paid for roads and bridges to be built. But using that ole' loophole (something to do with refinancing), they've maintained their incpometant and corrupt stranglehold on most of our major thoroughfares for lo these many years (increasing the pollution like crazy, too). "I wasn't sorry to see those Bauhaus boxes go." Bauhaus? I guess. More like that 70s warmed over post-Bauhaus fascist crapola. Nobody in NYC really thought they were beautiful, but we do miss 'em (see above!). And Peter Trei wrote... "One thing I liked in particular was that most of the designs weren't afraid to go high into the sky this time around. Building high is an expression of confidence." This I more or less agree with. And it's not a government thing, not a business thing, just a New York thing. We need replacement towers for sure, and that design by David Rockwell & Co (with those odd empty tower-structures) might be good. They have the additional advantage of not casting such a dark shadow over downtown and Brooklyn Heights. PT wrote... "The WTC was a landmark for a huge part of the city; you could see it easily from most of midtown and downtown." but Blah Blah Blah wrote... "Hideous boxes." Again, you miss the point. We New Yorkers navigated by them, and when traveling out in th'sticks (ie, New Jersey and west of the hudson) those ugly boxes would come popping up over the horizon welcoming you home, just like your ugly ole' Mom. Somebody wrote, and I really don't remember or care who. Hell, let's say Tim May wrote it just to piss him off... "My own initiial idea was to rebuild the towers as they were, but in goldtone instead of silver. Now, I'd like to be a little more respectful of the pre-WTC street grid (If you weren't actually going to the WTC, it was a huge obstacle to get around, either driving or on foot). But I still want towers which rise far above the skyline." That original twisty-towers design brought forward in response to how shitty the original official designs were by that Amalgamated Architects was the best design, but for some reason it didn't make it into the official final round. "One hopes not a single fucking dime of taxpayer money will go into rebuilding anything on that site. (Oh, I won't scream if $25,000 is allocated to hire that Chinese architect to replicate her Vietcong wall with the names of the dead so that the weepy ones can do their tracings and all. But nothing more should be spent out of the taxpayer's pocket.)" Like I said, you can either SEE your tax dollars build something (even if its useless), or else they'll just dissappear up some buereucrats (I can never spell that word) nose. Unless you pay zero taxes of course. "(Ayn Rand loved the Twin Towers, ironically, and typically, and disgustingly. But, then, she thought cigarette smoking was a symbolic affirmation of Man's control of fire and his striving to reify A or Not-A through purity of essence!" A read through a couple Ayn Rand books and none of this should be suprising. As far as I'm concerned she wasn't exactly von Neumann. Tyler Durden From mv at cdc.gov Mon Dec 30 08:56:47 2002 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 30 Dec 2002 08:56:47 -0800 Subject: Manhattan Bldgs (RE: The Geodesic Economy:) Message-ID: <3E107ACF.57188354@cdc.gov> At 01:33 PM 12/29/02 -0500, Trei, Peter wrote: I don't much like the Richard Meier >(tictactoe) design. Its not a tictactoe or "hollywood squares" design ---those are gleaming white prison bars. A motif for the 21st century. -- "Intended only for lawful uses." -HP Computer Advert From boo at datashopper.dk Mon Dec 30 03:27:37 2002 From: boo at datashopper.dk (Bo Elkjaer) Date: Mon, 30 Dec 2002 12:27:37 +0100 (CET) Subject: Ecstasy Air: U.S. Airforce members in Europe smuggle drugs Message-ID: List At least the U.S. Airforce active duty members show some ingenuity when smuggling drugs in and out of the European Union. http://www.dps.state.mn.us/MCAN/CASystem/uploadedfiles/Hydroxycut.pdf (May be gone. Google has a copy) Yours -------------------------------------------------------------------------------- LAW ENFORCEMENT SENSITIVE DO NOT DISSEMINATE OUTSIDE OFFICIAL CHANNELS DEPARTMENT OF THE AIR FORCE AIR FORCE OFFICE OF SPECIAL INVESTIGATIONS ANDREWS AFB, MD 20762-7002 NARCOTICS BRIEF 02-03 FROM:HQ AFOSI/XOGP DATE OF REPORT:23 May 02 SUBJECT:Hydroxycut(r) Capsules Used to Store Ecstasy TO:All Regions, Squadrons, Detachments, and Operating Locations (CAT III) SOURCE: SA Earl Lesniak, AFOSI Detachment 531, Aviano Air Base, Italy SUMMARY:Recent interviews disclosed Active Duty Air Force members stationed at Aviano Air Base, Italy, emptied Hydroxycut(r) capsules and replaced the contents with crushed ecstasy pills to avoid detection when crossing the Slovenia/Italy and Slovenia/Croatia borders. Hydroxycut(r) is a popular dietary supplement used for weight loss. Hydroxycut(r) is made by MusleTech Research and Development -- EOT From rah at shipwright.com Mon Dec 30 10:35:53 2002 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 30 Dec 2002 13:35:53 -0500 Subject: Brinwear Message-ID: http://wearcam.org/domewear/ -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From tcmay at got.net Mon Dec 30 13:49:34 2002 From: tcmay at got.net (Tim May) Date: Mon, 30 Dec 2002 13:49:34 -0800 Subject: Many Worlds Version of Fermi Paradox In-Reply-To: Message-ID: <959EDA3E-1C40-11D7-9BF4-0050E439C473@got.net> On Monday, December 30, 2002, at 01:18 PM, Jesse Mazer wrote: > Hal Finney wrote: > >> One correction, there are no known problems which take exponential >> time >> but which can be checked in polynomial time. If such a problem could >> be >> found it would prove that P != NP, one of the greatest unsolved >> problems >> in computability theory. > > Whoops, I've heard of the P=NP problem but I guess I was confused > about what it meant. But there are some problems where candidate > solutions can be checked much faster than new solutions can be > generated, no? If you want to know whether a number can be factorized > it's easy to check candidate factors, for example, although if the > answer is that it cannot be factorized because the number is prime I > guess there'd be no fast way to check if that answer is correct. Factoring is not known to be in NP (the so-called "NP-complete" class of problems...solve on in P time and you've solved them all!). The example I favor is the Hamiltonian cycle/circuit problem: find a path through a set of linked nodes (cities) which passes through each node once and only once. All of the known solutions to an arbitrary Hamiltonian cycle problem are exponential in time (in number of nodes). For example, for 5 cities there are at most 120 possible paths, so this is an easy one. But for 50 cities there are as many as 49!/2 possible paths (how many, exactly, depends on the links between the cities, with not every city having all possible links to other cities). For a mere 100 cities, the number of routes to consider is larger than the number of particles we believe to be in the universe. However, saying "known solutions" is not the same thing as "we have proved that it takes exponential time." For all we know, now, in 2002, there are solutions not requiring exponential time (in # of cities). > This is also somewhat relevant to "theories of everything" since we > might want to ask if somewhere in the set of "all possible universes" > there exists one where time travel is possible and computing power > increases without bound. If the answer is yes, that might suggest that > any TOE based on "all possible computations" is too small to > accomodate a really general notion of all possible universes. And this general line of reasoning leads to a Many Worlds Version of the Fermi Paradox: Why aren't they here? The reason I lean toward the "shut up and calculate" or "for all practical purposes" interpretation of quantum mechanics is embodied in the above argument. IF the MWI universe branchings are at all communicatable-with, that is, at least _some_ of those universes would have very, very large amounts of power, computer power, numbers of people, etc. And some of them, if it were possible, would have communicated with us, colonized us, visited us, etc. This is a variant of the Fermi Paradox raised to a very high power. My conclusion is that the worlds of the MWI are not much different from Lewis' "worlds with unicorns"--possibly extant, but unreachable, and hence, operationally, no different from a single universe model. (I don't believe, necessarily, in certain forms of the Copenhagen Interpretation, especially anything about signals propagating instantaneously, just the "quantum mechanics is about measurables" ground truth of what we see, what has never failed us, what the mathematics tells us and what is experimentally verified. Whether there "really are" (in the modal realism sense of Lewis) other worlds is neither here nor there. Naturally, I would be thrilled to see evidence, or to conclude myself from deeper principles, that other worlds have more than linguistic existence.) --Tim May (.sig for Everything list background) Corralitos, CA. Born in 1951. Retired from Intel in 1986. Current main interest: category and topos theory, math, quantum reality, cosmology. Background: physics, Intel, crypto, Cypherpunks From eugen at leitl.org Mon Dec 30 05:13:09 2002 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 30 Dec 2002 14:13:09 +0100 (CET) Subject: Finns To Use Cell Phones To Monitor Traffic Jams Message-ID: http://slashdot.org/articles/02/12/30/1243247.shtml?tid=126 Posted by Hemos on Monday December 30, @07:59AM from the interesting-adaptation dept. Okko writes "The Finnish Road Administration announced it is going to use cellphone location data to find out about traffic jams. They say they are using the location data available from the GSM base stations to determine the locations and speeds of vehicles carrying mobile phones. The information will be used to inform people about traffic jams and peaks in traffic trough public FM radio stations. Until now, the information about traffic has been gathered using car sensors embedded in the roads. The spokesperson of FRA, interviewed in the evening news of MTV3 Finland, seemed very pleased they can monitor cell phones even when no calls are made, it is enough the phone has power on. They said they are about to use the information anonymously and thought people approve it as long as it is done in an anonymous and "everyone-wins" way. It was told they do not currently tell the police about the data they discover as the current law forbids this. So, it is not, at least yet, possible to fine people carrying mobile phones in their cars too fast on public roads (exceeding the speed limit of the road). Unfortunately, probably because of vacations, FRA has not updated their website accordingly yet. There does exist an annoucement about testing the technology from the summer. " From eresrch at eskimo.com Mon Dec 30 21:12:45 2002 From: eresrch at eskimo.com (Mike Rosing) Date: Mon, 30 Dec 2002 21:12:45 -0800 (PST) Subject: QM, EPR, A/B In-Reply-To: Message-ID: <<< No Message Collected >>> From levitte at openssl.org Mon Dec 30 16:34:07 2002 From: levitte at openssl.org (Richard Levitte - VMS Whacker) Date: Tue, 31 Dec 2002 01:34:07 +0100 (CET) Subject: [ANNOUNCE] OpenSSL 0.9.7 released Message-ID: <20021231.013407.104029435.levitte@openssl.org> OpenSSL version 0.9.7 released =============================== OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.7 of our open source toolkit for SSL/TLS. This new OpenSSL version is a major release and incorporates at least 262 changes and bugfixes to the toolkit (for a complete list see http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o New library section OCSP. o Complete rewrite of ASN1 code. o CRL checking in verify code and openssl utility. o Extension copying in 'ca' utility. o Flexible display options in 'ca' utility. o Provisional support for international characters with UTF8. o Support for external crypto devices ('engine') is no longer a separate distribution. o New elliptic curve library section. o New AES (Rijndael) library section. o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit, Linux x86_64, Linux 64-bit on Sparc v9 o Extended support for some platforms: VxWorks o Enhanced support for shared libraries. o Now only builds PIC code when shared library support is requested. o Support for pkg-config. o Lots of new manuals. o Makes symbolic links to or copies of manuals to cover all described functions. o Change DES API to clean up the namespace (some applications link also against libdes providing similar functions having the same name). Provide macros for backward compatibility (will be removed in the future). o Unify handling of cryptographic algorithms (software and engine) to be available via EVP routines for asymmetric and symmetric ciphers. o NCONF: new configuration handling routines. o Change API to use more 'const' modifiers to improve error checking and help optimizers. o Finally remove references to RSAref. o Reworked parts of the BIGNUM code. o Support for new engines: Broadcom ubsec, Accelerated Encryption Processing, IBM 4758. o A few new engines added in the demos area. o Extended and corrected OID (object identifier) table. o PRNG: query at more locations for a random device, automatic query for EGD style random sources at several locations. o SSL/TLS: allow optional cipher choice according to server's preference. o SSL/TLS: allow server to explicitly set new session ids. o SSL/TLS: support Kerberos cipher suites (RFC2712). Only supports MIT Kerberos for now. o SSL/TLS: allow more precise control of renegotiations and sessions. o SSL/TLS: add callback to retrieve SSL/TLS messages. o SSL/TLS: support AES cipher suites (RFC3268). We consider OpenSSL 0.9.7 to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.7 is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ OpenSSL 0.9.6 (all patch levels) came in the form of two distributions, a "normal" one and an "engine" variant that included support for external crypto devices. In 0.9.7, the "engine" framework is part of the "normal" distribution, so there are no variants of 0.9.7. The distribution file name is: o openssl-0.9.7.tar.gz [normal] MD5 checksum: ef376d14205afcfb831cd3720f705d79 The checksum was calculated using the following command: openssl md5 < openssl-0.9.7.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Ben Laurie Andy Polyakov Ralf S. Engelschall Richard Levitte Geoff Thorpe Dr. Stephen Henson Bodo Möller Lutz Jänicke Ulf Möller --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From bill.stewart at pobox.com Tue Dec 31 03:01:21 2002 From: bill.stewart at pobox.com (Bill Stewart) Date: Tue, 31 Dec 2002 03:01:21 -0800 Subject: [e-gold-list] Announcing Seagold.net: E-mail Privacy, Secure, Encrypted, accepts e-gold In-Reply-To: Message-ID: <5.1.1.6.2.20021231023320.02cf2d38@idiom.com> At 11:50 AM 12/13/2002 -0500, R. A. Hettinga wrote: >...It had to happen sooner or later, I suppose... >--- begin forwarded text > >From: >Subject: [e-gold-list] Announcing Seagold.net: E-mail Privacy, Secure, >Encrypted, accepts e-gold >... >Introducing Seagold.net, a secure web-based email service located in >the Principality of Sealand, outside the jurisdiction of any >government on earth! ... followed by some description of their email system and a long complex description of their shell game \\\\\\ multi- level pyramid scheme\\\\\\\\\ silly sales rep recruiting system.* If you poke around their site a bit, you'll see a reference to http://sealand.pmmit.com/seamail.html which appears to be a straightforward mail system without the shell game, though I haven't done a feature-by-feature comparison to be sure if it's quite identical. It's basically webmail plus SSL-encrypted POP3. The price ranges from $10/month to $90/year depending on contract length, vs. $25/month for the pyramid game, which offers the possibility of being free or letting you make gazillions of dollars if you can find a way to convince the untapped potential customer base to play the game instead of just buying the service. It strikes me as a bit short on features, but then I'm comparing it to fastmail.fm, which is an extremely well-run email system that my wife uses (which ranges from free accounts with signature tags to cheap accounts without them to full-featured accounts for $20-40/year.) There's no encryption, but their spam-avoidance features are the best I've seen. * Don't get me wrong - I'm not totally dissing well-designed pyramid marketing as a sales-rep recruitment technique, but it has to be something that has a product that's realistic at a price that's realistic with margins that are realistic, while these guys seem to have a margin that's unrealistic (at least compared to other services they're offering) with a total hand-waving shell-game compensation method, and other than the fact that their system is based in Sealand, which is worth paying some margin for, and open-source based, which says it has some chance of stability if administered well, they don't say anything that inspires me to expect them to be competent at running email systems well. But hey, free trials can be fun sometimes, though this one requires an e-gold account number, which makes it harder to burn lots of them. From k-elliott at wiu.edu Tue Dec 31 09:49:28 2002 From: k-elliott at wiu.edu (Kevin Elliott) Date: Tue, 31 Dec 2002 09:49:28 -0800 Subject: Privacy qua privacy (Was: Photographer Arrested For Taking Pictures...) In-Reply-To: <20021231171251.GA72692@lightship.internal.homeport.org> References: <5.2.0.9.0.20021216162531.00a61040@pop.ix.netcom.com> <20021215122230.A19968@cluebot.com> <6A54D0D1-0BAA-11D7-8CF2-0050E439C473@got.net> <20021214141947.D7942@cluebot.com> <20021215122230.A19968@cluebot.com> <5.2.0.9.0.20021216162531.00a61040@pop.ix.netcom.com> <5.1.1.6.2.20021231010756.052e3be8@idiom.com> <20021231171251.GA72692@lightship.internal.homeport.org> Message-ID: At 12:12 -0500 on 12/31/02, Adam Shostack wrote: >Rummaging through my wallet...a grocery card in the name of Hughes, a >credit card with the name Shostack, and an expired membership card in >the name Doe. Interesting point on grocery cards... Why do they have your name at all? Every grocery card I've ever gotten they've said "here's your card and application, please fill out the application and mail it in". I say "thank you ma'am", walk out the door and toss the "application" in the trash. Not exactly strong (or any) name linkage... -- ___________________________ Kevin Elliott ICQ#23758827 AIM ID: teargo ___________________________ From camera_lumina at hotmail.com Tue Dec 31 07:38:45 2002 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 31 Dec 2002 10:38:45 -0500 Subject: QM, EPR, A/B Message-ID: Actually, Tyler Durden (ie, me) wrote what is attributed to the generic anonymous name of Norman Nescio. Anyway,... >Part of the problem is that the detection equipment is many fermions >looking at single particles. I think QM is easier to understand when >looking at an ion trap. There are lots of photons around for every atom >but the interactions are with fields and the detection is of single >photons (again with massive amounts of equipment, but the atoms don't >interact directly as in EPR or double slit). With all due respect, Pooey Dr Mike. Take a nice, straightforward EPR using two correlated photons produced by KDP-downconversion. How do you exaplain the EPR experiements where pairs of photons are created via KDP downconversion? The two particles are separated at birth and travel through different paths through the apparatus. (And this apparatus can be made aribtrarily large.) If the apparatus does not permit us to determine the path of any single photon, the two photons will have completely coupled measureables (eg, polarization) at the output. The moment will are able to determine the path of ONE of the photons, then the measureable of the other becomes completely de-correlated from the other. This is true on the single photon level, and looked at up close its pretty startling. Now the odd thing (if this isn't odd already), is that we can (and have) perform the change from isolatable to nonisolatable AFTER THE PHOTONS HAVE ENTERED THE APPARATUS. (This was suggested by Wheeler and done around '94 as I remember). In a sense, then, the photons are 'aware' of events happening (relatively speaking) backwards in time. And this is not theoretical. It was predicted via quantum theory and seen in the lab many times. Now obviously we could step back and say that "QM is a useful computational tool. Let's not worry about reality", but that's an intellectual dodge. Classical physics grew up around the desire to understand natural reality, and this "new" fad of ignoring what QM says about reality only arose as a way to move QM forward in the early days. Look, it's not like we say "Don't think of light as an electromagnetic wave. E-M theory is merely a useful computational tool". Likewise just because we are in the odd situation of not knowing what QM says about the universe doesn't mean its not saying anything, or that what its saying is of no interest. With EPR (and, arguably, A-b), we are confronted with obvious "proof" that these particles communicate in ways that are completely different from the models developed prior to 1910 or so. (One of the few intelligent thoughts I've had on the subject is that the particles are still a single quantum object prior to measurement.) With respect to Cypherpunks and cryptography, then, we would be intellectually hypocritical if we thought there was anything inherently more secure about quantum cryptography. But we (I mean, pretty much every working physicist in the world) DO believe this, because this is really the way reality "works". Wavefunction collapse actually "objectively" (if that's the right word in the quantum world) happens and there's no undoing it. It's a basic physical property of the universe. With respect to many worlds, David Deutch, et al have argued that for any single path taken by a particle in a quantum there are innumerable "shadow photons" in the other universes that communicate with the observed photon. We also see just one possible but the complete collection of shadow photons take all possible outcomes. Now while I don't really buy this explanation, I DO buy Deutch's desire to find a picture of the underlying reality (we once spoke on this issue and wildly agreed). I could go on but I've got work to do. No one's actually read this far anyway, have they? -Tyler Durden > >QM is a nice model that works. It is a good mathematical description of >observed phenomena. What else do we need? The idea that a photon >"passes thru" one slit or the other is just a model. What is the slit? >It's really a whole bunch of fermions in a spacial pattern, and when an >electron or photon interacts with that distribution we get the observed >"self interaction" result. The model is self interaction. That may have >nothing to do with reality. > >Patience, persistence, truth, >Dr. mike _________________________________________________________________ STOP MORE SPAM with the new MSN 8 and get 3 months FREE*. http://join.msn.com/?page=features/junkmail&xAPID=42&PS=47575&PI=7324&DI=7474&SU= http://www.hotmail.msn.com/cgi-bin/getmsg&HL=1216hotmailtaglines_stopmorespam_3mf From mbc at debian.org Tue Dec 31 11:41:59 2002 From: mbc at debian.org (Michael Cardenas) Date: Tue, 31 Dec 2002 11:41:59 -0800 Subject: biological systems and cryptography Message-ID: <20021231194159.GA28949@rilke> How do you all see the future use of biologically based systems affecting cryptography in general? By biologically based systems I mean machine learning, genetic algorithms, chips that learn (like Carver Mead's work), neural networks, vecor support machines, associative memory, etc. It seems to me that computer science based on writing longer and longer streams of instructions is coming to an end, as it cannot possibly scale. We now have supercomputers that can execute 35 trillion instructions per second, but if someone has to write all of those instuctions, what good are they? Also, it seems that the brain has immensely powerful visual processing power, without having millions of lines of code written to do so. I only ask this because I'm deciding whether to study computational neuroscience or cryptography in grad school. -- michael cardenas | lead software engineer, lindows.com hyperpoem.net | GNU/Linux software developer people.debian.org/~mbc | encrypted email preferred Listening to: David Bowie - Wild Is The Wind "He who knows himself knows his Lord." - Sufi saying [demime 0.97c removed an attachment of type application/pgp-signature] From tcmay at got.net Tue Dec 31 12:12:02 2002 From: tcmay at got.net (Tim May) Date: Tue, 31 Dec 2002 12:12:02 -0800 Subject: Dossiers and Customer Courtesy Cards In-Reply-To: <20021231193216.GB28838@rilke> Message-ID: <203A12EC-1CFC-11D7-9BF4-0050E439C473@got.net> On Tuesday, December 31, 2002, at 11:32 AM, Michael Cardenas wrote: > But what if this data is used as part of a larger picture, such as in > TIA. It definitely can be used, along with gas purchases, to track > where a suspect, aka a citizen, is living. Also, many possible > weapons such as perscription drugs, box cutters, and kitchen knives > can be purchased at a grocery store, which combined with case data > could be useful in framing, aka finding, the suspect. _Can_ be used is different from _must_ be used. Collecting valid name information costs a vendor money (both in labor, computerization/records, and in driving some customers elsewhere). It also deters some people from completing transactions. Given free choice, most parties to a transaction in a store will not exchange name information. Examples abound of this. No time today to describe the examples of where people choose not to give names. Flea markets, gas stations, grocery stores, hardware stores, etc. A gas station which refuses to take paper currency limits its sales. J. Random Terrorist will likely buy gas with cash. Only an enforceable (and unconstitutional, for various reasons) requirement for ID will work. As for your point about prescription drugs, box cutters, kitchen knives being trackable, I assume this is a troll or something you haven't thought through. Treat it as a signal to noise problem, with millions of such purchases every day. Again, I don't have time to describe this in detail. Think about it. --Tim May From k-elliott at wiu.edu Tue Dec 31 13:32:19 2002 From: k-elliott at wiu.edu (Kevin Elliott) Date: Tue, 31 Dec 2002 13:32:19 -0800 Subject: Dossiers and Customer Courtesy Cards In-Reply-To: References: Message-ID: At 12:03 -0800 on 12/31/02, Tim May wrote: >Yes. So? > >Notice that exactly the same type of coupon is printed out with a >cash or non >courtesy card purchase. It's a purely local >calculation. In programming terms, >a purely local variable >situation. No. Obviously the coupon was closely linked with my buying pattern, and in at least one case I received one of these "buy several" coupons without having purchased that product that particular trip (though I'd purchased it the the past). >In my normal insulting way I would say "Duh" here. But I am >attempting to be >more polite, so I will say "Am I missing >something in your analysis?" My oh my. Getting an early start on your new years resolution? -- ___________________________ Kevin Elliott ICQ#23758827 AIM ID: teargo ___________________________ From tcmay at got.net Tue Dec 31 15:45:44 2002 From: tcmay at got.net (Tim May) Date: Tue, 31 Dec 2002 15:45:44 -0800 Subject: Recommended: "Catch Me If You Can," a film In-Reply-To: <20021231222333.GA29278@rilke> Message-ID: On Tuesday, December 31, 2002, at 02:23 PM, Michael Cardenas wrote: > On Tue, Dec 31, 2002 at 01:22:49PM -0800, Tim May wrote: > ... >> >> (The next time a CP meeting/party is at my house, someone remind me >> and >> I'll put it on. Along with "A Beautiful Mind," also of interest to >> us.) >> >> " The tree of liberty must be refreshed from time to time with the >> blood of patriots & tyrants. "--Thomas Jefferson, 1787 >> >> > > I actually found a beautiful mind to be a disappointment. I was hoping > for a movie more about math and crypto, but it turned out to be a > movie about schizophrenia. Did you not find the same thing? It was what it was about. A movie about math and crypto would be watched by only a small audience. "The Enigma" was also about things other than crypto. --Tim May "Dogs can't conceive of a group of cats without an alpha cat." --David Honig, on the Cypherpunks list, 2001-11 From mbc at debian.org Tue Dec 31 16:35:30 2002 From: mbc at debian.org (Michael Cardenas) Date: Tue, 31 Dec 2002 16:35:30 -0800 Subject: Quantum Probability and Decision Theory In-Reply-To: <3CA92C86-1769-11D7-A7EA-0050E439C473@got.net> References: <3CA92C86-1769-11D7-A7EA-0050E439C473@got.net> Message-ID: <20030101003530.GA29536@rilke> On Tue, Dec 24, 2002 at 09:57:58AM -0800, Tim May wrote: > First, I sent this in error to the CP list...it was intended for > another list. (My mailer has command completion and I am so used to > typing "cy" in the To: box and having it expand to > "cypherpunks at lne.com" that I sent it to CP by accident. As to why type > list addresses rather than "Reply to All," this is to get the list in > the To: and not the Cc: and not have misc. other lists or persons > getting copied--as in this reply, where TD is initially in the To: and > CP is in the Cc:, in OS X Mail.) > And what list would that be? I'd like to take a look at it. ... > > On Tuesday, December 24, 2002, at 08:25 AM, Tyler Durden wrote: > > > >>> Yes. I strongly suspect that "minds" are quantum mechanical. > > > >Penrose also believes this, and has actually identified > >Aharanov-Bohm-like structures in certain simple organisms used to > >probe their immediate environment. > > Max Tegmark fairly conclusively demonstrated that decoherence occurs > far too rapidly in proteins and other biological structures for QM to > be an actor. As for Stuart Hameroff's nanotubules idea, I've been a > skeptic of this ever since meeting him at the A-LIFE Conference in 1987. > Last summer I read "the physics of consciousness". It was a pretty disappointing attempt to explain consciousness with QM, mixed with lots of emotional and relgious hand waving, nice background info though. Anyway, this is exactly why I want to do computational neuroscience. I also think that the turing machine is a sorely classical model, and that the brain is definitely not a turning machine, but something else, far more powerful. As for making a neuron, look into the research of henry abarbanel. I was in his lab the other day, and his students have actually made simple neurons that can be wired into the brain of a lobster to simulate removed neurons, creating the proper oscillation to generate the signals which allow the lobster to digest things. He mostly does research into the nonlines dynamic properties of neurons. I'm hoping to work in his lab next year. michael -- michael cardenas | lead software engineer, lindows.com hyperpoem.net | GNU/Linux software developer people.debian.org/~mbc | encrypted email preferred Listening to: Lamb - Cotton Wool "Sit Rest Work. Alone with yourself, Never weary. On the edge of the forest Live joyfully, Without desire." - The Buddha [demime 0.97c removed an attachment of type application/pgp-signature] From schear at attbi.com Tue Dec 31 19:44:19 2002 From: schear at attbi.com (Steve Schear) Date: Tue, 31 Dec 2002 19:44:19 -0800 Subject: Bush More Hopeful for Diplomacy With Korea Than Iraq Message-ID: <5.1.0.14.2.20021231192932.034fbe88@mail.attbi.com> [Of course Bush sees diplomacy with North Korea more likely to yield results: they've already got nukes. Any nation that wants respect from the U.S. and to maintain their sovereignty needs to get theirs ASAP. Wouldn't be surprised if Saddam is telling the truth about WoMD. You can bet that if the inspectors doesn't find any smoking gun the international community will quickly lose interest. He has less need to develop them himself if he can purchase them covertly from NK. Probably already has all presents for next Ramadam picked out and paid for ;-) ] Bush More Hopeful for Diplomacy With Korea Than Iraq By DAVID STOUT[] WASHINGTON, Dec. 31 President Bush said today that he was still hopeful that the confrontations with Iraq and North Korea could be resolved through diplomacy rather than war, though he seemed to express deeper concern over Iraq. http://www.nytimes.com/2002/12/31/international/31CND-PREX.html Political power grows out of the barrel of a gun -- Mao Tse-tung From GaryJeffers at aol.com Tue Dec 31 18:14:00 2002 From: GaryJeffers at aol.com (GaryJeffers at aol.com) Date: Tue, 31 Dec 2002 21:14:00 EST Subject: Silver coin banks to oppose the Fed? Message-ID: My Fellow Cypherpunks, http://www.strike-the-root.com/columns/guillory/guillory3.htmlYours Truly, Gary Jeffers BEAT STATE!!!! to see how the world runs see: www.WHATREALLYHAPPENED.COM and http://www.skolnicksreport.com/ to see how our evil money system really works see: www.fame.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 631 bytes Desc: not available URL: From FaithsustainHurd at janetjackson.com Tue Dec 31 16:14:56 2002 From: FaithsustainHurd at janetjackson.com (Shawna Dickens) Date: Wed, 1 Jan 2003 00:14:56 +0000 Subject: 100% Money Back Guarantee. Message-ID: 4c8101c2b12b$365addf0$4001a8c0@lumfungwa Put on an average gain of 3.02 inches where it matters - and all gains are 100% permanent! Amazing growth within just a few short weeks is possible with this breakthrough! Just two capsules a day, and you can start enjoying a larger, more powerful you. http://tentrate.com/ From GaryJeffers at aol.com Tue Dec 31 21:28:18 2002 From: GaryJeffers at aol.com (GaryJeffers at aol.com) Date: Wed, 1 Jan 2003 00:28:18 EST Subject: Silver coin banks to oppose the Fed? Message-ID: <57.163c84c3.2b43d672@aol.com> My Fellow Cypherpunks, THIRD EDITION!! Sorry, this corrects the 2nd edition and 1st which had bad links. AOL is a bitch! My 1st post on this subject lost text. sorry. Here is the full text: I have found another alternative to our corrupt, fiat, debt issued, privately owned, fractionally reserved $US. - Silver Banks. Here is the idea. The silver bank only accepts the walking silver dollar coin. It treats each coin as 1 US dollar as it nominally is. However, each coin is worth many times that in $US money. Bank members are encouraged to deal with each other by writing checks on the silver bank. Also, members are encouraged to give deep discounts to other members for purchases. There are tax advantages to using the silver bank. Also, the transactions and store of value are inflation proof. Also, VERY IMPORTANT, use of the bank will encourage "velocity of transactions" (business) among the members and, thusly, keep the members prosperous. Well, Cypherpunks, is this a good plan or not? Any ideas for making it better? The link below is where I got the info from: http://www.strike-the-root.com/columns/guillory/guillory3.html Yours Truly, Gary Jeffers BEAT STATE!!!! to see how the world really works see: www.WHATREALLYHAPPENED.COM and http://www.skolnicksreport.com/ to see how our evil money system really works see: www.fame.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2091 bytes Desc: not available URL: