To: "Mises Daily Article"

Subject: Economic Secession Won't Succeed Date: Tue, 15 Apr 2003 08:14:49 -0500 Importance: Normal http://www.mises.org/fullstory.asp?control=1204 Economic Secession Won't Succeed By Paul Birch and Gene Callahan [Posted April 15, 2003] Some freedom-minded people pin their hope for liberty on withdrawing from an unfree world. In times of crisis, such as wars and recessions, this idea gains popularity. We might refer to this notion as "economic secession," borrowing the name from John Kennedy's article of the same title." Despairing of advancing the cause of liberty in society at large, they hope to be able to secure their own liberty anyway. They may put their trust in new computer technologies, which they believe will let them hide money and economic transactions from the taxman. They may hope to withdraw into some remote location and "unplug from the grid." You can find ideas falling broadly under the umbrella of economic secession at Backwoods Home Magazine, in the writings of Claire Wolfe, in the many books on financial privacy, encryption, becoming invisible, and so on. We don't mean to disparage someone who wants to move to the remote countryside, encrypt his email, or set up a numbered bank account in Bermuda. Such activities are not, in themselves, objectionable, and they may be a good choice for some people. But we do wish to point out that they do not solve the problem of the gradual erosion of liberty in our world. We will not discuss the issue of whether it would be morally sound to abandon our fellows and withdraw from the effort to improve human life in society. We don't need to do so, because the attempt fails on its own terms, for several reasons. First of all, "economic secessionists" often seem to confuse money with wealth. If they can hide their cash, they think, they can avoid taxes. But money is only useful in so far as you can exchange it for the economic goods and services you want to enjoy. In the long run you have to keep your real wealth where you live, or transfer it there. Otherwise it's worthless. Most real wealth is highly visible. The government of the place where you live or spend your time will be able to see this wealth and gain access to it; and thus can readily tax and regulate it. There is no sense in imagining that hiding your cash will get you off the hook; the government will simply seize your real assets for failure to pay taxes on them, as they already do today. In many countries, governments have in recent years found it convenient for political purposes to shift the burden of taxation away from income taxes, towards sales and property taxes; and this at a time of rising taxes overall. For example, in the past two decades, income tax rates in the U.K. have fallen by about 30%, but local property taxes (rates and council tax) have increased three or four fold. Thus we should not expect the taxation of real wealth to prove problematic, even in those unlikely scenarios in which it is supposed that the bulk of ordinary people's incomes could be successfully concealed. We would also point out that governments are increasingly forming tax collection cartels; there are no longer any real tax havens that the U.S. and other high-tax countries are not now bullying into submission. Ireland has come under pressure from other E.U. states for having "too low" a corporate tax rate. The U.S. is pushing the I.M.F. and World Bank to crackdown on "money laundering." The O.E.C.D. has been addressing the "problem" of countries that engage in "harmful tax competition." Even Switzerland, with its traditional and much-vaunted banking privacy, has caved in. Economic secessionists may think that making it more expensive for the government to collect taxes will reduce its incentive to do so. But taxation is not, for the most part, about the government "making money," because modern governments actually consume only a tiny fraction of the total tax revenue; rather it is about redirecting the spending of individuals, and thus the collective spending of the economy, in ways predicated upon the political goals of the regime. Typically, the cost of collecting a tax amounts to no more than a few percent of the revenue obtained; so the ability of governments to tax would not seriously be impeded until tax collection became at least fifty times more expensive (something the ready accessibility of real wealth makes most improbable). Note, by the way, that in order to promote their political aims governments may continue to collect particular taxes even when the monetary cost exceeds the monetary revenue. The marginal cost of collection, in cash terms, doesn't worry them. People rarely go into politics or public administration in order to make money. Many of them could become considerably wealthier in the private sector (in purely pecuniary terms, though not in terms of what they actually want). What they want is mostly influencewfor a wide variety of motives, both selfish and altruistic. They want to be (and in fact are) importantweven if that importance is often only that of being an important pain in the neck. That is why it is a mistake to think of government as primarily concerned with collecting as much tax revenue as possible, practicable, or profitable. That may be what bandits would dowbut to governments taxation is merely one of the tools with which society as a whole is constrained and governed. Even the fact that government actions can prompt us to seek tax shelters confirms their influence! Not only are we unable effectively to escape having the government tax us directly, we are also unable to escape the effect upon us of government taxes on others. Introductory economics classes teach that although the government may specify the legal incidence of a tax, its economic incidence is subsequently determined through the market. As Mises says: "It is the market, and not the revenue department, which decides upon whom the burden of the tax falls and how it affects production and consumption. The market and its inescapable law are supreme." Even if an individual citizen succeeds in concealing all of his wealth and income from the tax collector, there will be others who cannot or will not do so. Someone who is inclined to say, "Well, that's their problem," does not realize that he is paying those taxes as well. If the butcher is taxed, he pays more for meat. If the airlines are taxed, he pays more to fly. If capital gains are taxed in some countries, that will lower the returns on capital in "tax havens," just as taxing corporate bonds lowers the return on tax-free municipals. Furthermore, rearranging one's affairs to avoid or evade taxes (the former is legal, the latter illegal) carries its own burdens, whether in terms of actual costs, lower returns to capital, or foregone opportunities. The costs of tax avoidance and tax evasion are also taxes. What would happen if the man in the street were able to hide a larger fraction of his personal wealth or income? Would the government shrug its collective shoulders and reduce its spending? Hardly. It would merely assume that each taxpayer is hiding a similar fraction of his income and increase all tax assessments accordingly. This would penalize honesty, and in fostering anger against the tax evaders would in all likelihood encourage the introduction of ever more draconian and authoritarian laws. And the tax revenues would keep flowing just the same. Many secessionist apologists are misled by the existence of a small minority of people who operate on the black market or are otherwise able to shield much of their wealth from direct taxation; or by the fact that most people occasionally massage their tax returns a bit or pay tradesmen in cash for a small consideration. However, these transactions relate to only a small fraction of the national product. The tax revenues "lost" are not large; indeed, the argument above implies that there is no overall loss of revenue. Governments know all about itwand don't care. It doesn't threaten them. Indeed, the existence of black marketeers, tax shelters and tax evasion provides them with handy scapegoats whenever they needwor desirewto increase taxes or impose tougher regulations. All in all, to make economic secession work we should have to withdraw into autarky, foregoing the benefits of the division of labor. It is doubtful whether Thoreauesque self-sufficiency is any longer practicable in developed countries, for all but a minuscule fraction of the population. Conceivably one could still flee to Siberia or the jungles of New Guinea; and there live free from any burden of tax, other than the burden of grinding poverty and social isolation from one's self-imposed exile. We will not take exception to those who make such a choice. As Aristotle notes: "He who would live without the polis must be either a beast or a god." In either case, criticism would be pointless. If we are unprepared to take so drastic a step, we would do well to heed Mises's words, which echo John Donne's famous epigram that "No man is an island": "Society lives and acts only in individuals; it is nothing more than a certain attitude on their part. Everyone carries a part of society on his shoulders; no one is relieved of his share of responsibility by others. And no one can find a safe way out for himself if society is sweeping towards destruction. Therefore everyone, in his own interests, must thrust himself vigorously into the intellectual battle. None can stand aside with unconcern; the interests of everyone hang on the result. Whether he chooses or not, every man is drawn into the great historical struggle, the decisive battle into which our epoch has plunged us." Paul Birch lives in Cowes on the Isle of Wight, England. He is a freelance scientist and writer who has published many papers on space colonisation. He is also interested in political philosophy and maintains a website of his writings. Gene Callahan is author of Economics for Real People. Send him MAIL, and see his Mises.org Daily Articles Archive. He delivered the Henry Hazlitt Memorial Lecture at the Austrian Scholars Conference 9, March 13, 2003. Click HERE to view the online video version of his lecture. [Print Friendly Page] Mises Email List Services Join the Mises Institute Mises.org Store Home | About | Email List | Search | Contact Us | Periodicals | Articles | Games & Fun News | Resources | Catalog | Contributions | Freedom Calendar You are subscribed as: rahettinga at earthlink.net To unsubscribe, click here: http://mises.biglist.com/unsub.php/article/rahettinga at earthlink.net or e-mail: article-unsubscribe-rahettinga=earthlink.net at mises.biglist.com --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue Apr 15 15:08:43 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 15 Apr 2003 18:08:43 -0400 Subject: Baghdad looters returning swag Message-ID: San Jose Mercury News Posted on Tue, Apr. 15, 2003 Baghdad looters returning swag Widespread rumor says cleric forbade wives from allowing their thieving husbands to touch them By Carol Rosenberg KNIGHT RIDDER NEWSPAPERS BAGHDAD, Iraq -Some people are surrendering the booty they took in the Dura district of Baghdad, perhaps in response to a rumored edict by a Muslim cleric forbidding Iraqi wives from having sex with looter husbands. Muslim clerics have been demanding that ill-gotten goods be surrendered, though none here could confirm the sex-ban order, said to have been issued in Najaf. One cleric said the rumor of the edict was widespread and that it would be consistent with Islamic teaching. "A good Muslim woman would not let this man touch her, as a signal to everybody that this is not a way to behave," said Sheik Ali Jabouri, who also preached Monday morning that people must give up their loot. "The people were destroying their civilization, their heritage; they were destroying their good Iraqi Muslim character," Jabouri said. "I think these waves of bad people, the enemies of peace, will stop. You will soon see how good the people are, how willing they are to apply the good Islam." Whatever the reason, workers from the huge Dura power plant weaved through the district Monday, recovering looted items from their neighbors. "They started to put it outside their houses, so we go around and collect it. It is my country and I am happy to serve it," said Nasser Ghali, 43, easing a truck crammed with office equipment past two U.S. tanks to Dura's huge power plant compound in southern Baghdad. His fourth shipment of the morning, it contained chairs, desks and bookcases that had been stripped from the plant in the havoc of looting that followed Saddam Hussein's fall last week. Staff Sgt. Adam Jablonowski, who grew up near Miami, supervised gate security and said stolen equipment had been "coming in all day," including vehicles and other supplies. No doubt part of the inspiration for turning over looted goods was the hope that Iraqi engineers guarded by U.S. forces could restart the huge plant, which maintenance engineer Tony Mateus said stopped serving some 3 million customers amid U.S. air strikes about 10 days ago. Mateus said about half the usual 500-member work force turned up at the gates of the plant Monday, eager to figure out how to fix the problem. Engineers concluded that a natural gas line was cut north of the city, and that fuel was needed to fire up the plant. Now, Mateus said, Iraqi civilians and U.S. forces were trying to figure out how to restart it without natural gas. The plant was damaged, he said, first by U.S. airstrikes and then by Iraqi looters, but not beyond repair. Mateus, a Christian Iraqi, said he and 10 other men from Dura barricaded themselves inside throughout the war, armed, to ward off widespread thievery, and were more or less successful. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From shaddack at ns.arachne.cz Tue Apr 15 09:46:57 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Tue, 15 Apr 2003 18:46:57 +0200 (CEST) Subject: date formats (was Re: Single Point of Weakness is in the Works.Thank you Major Tom.) In-Reply-To: Message-ID: > I've always preferred YYYY.MM.DD, this way you can sort things very > easily. If you write the names of the months, it doesn't translate well > to other languages, though it may be similar, *AND* more importantly from > a geek perspective, if you do a sort, April shows as the 1st month of the > year, before January - not good. All depends on what you want. YYYY-MM-DD (or variations, including YYMMDD) are good when there is a chance it could be needed to be sorted. > If you do the reverse DD.MM.YYYY you can't sort it either since the 1st > day of every month shows up 1st. Dumb. Friendly to non-geeks, but dumb. However, not all data are to be sorted. There are some applications where friendliness to non-geeks is more important than sortability (eg, when showing only one value anyway). Sometimes we have to sacrifice something to the users to get them out of our hair. > The worst annoyance I've seen is using Unix time as a timestamp on log > dates. It's the most unreadable of all formats. Sorts nicely though, but > what a bitch to read. (Unix time being the number of seconds in decimal > since 1/1/1970.) The logs are usually intended to be human-readable. However, as long as it is reasonably trivial to write a program to process the timestamps, it's merely annoying. From shaddack at ns.arachne.cz Tue Apr 15 09:56:23 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Tue, 15 Apr 2003 18:56:23 +0200 (CEST) Subject: DMCA Crypto Software In-Reply-To: Message-ID: > John Markoff reports today on Paul Kocher/Cryptography Research's > proposed software protection of DMCA content: > http://cryptome.org/dmca-kiss.htm Oh great. More complexity, more points of vulnerability. We already have cellphones that can be DoS-ed with a SMS message. The embedding of watermarks will make computer intrusions a very attractive way to "steal" content, which then can be widely distributed without too high chance of repercussions for the distributor, as the original owner will take the heat. Victimization, anyone? Besides, if the data are digital and personalized, the system will be vulnerable to algorithm disclosure (or at least watermark removal) by comparing several differently personalized but otherwise identical files. I believe I seen a couple proposed watermark attacks some time earlier. Matter of time until it will become a standard plug-in to P2P software. Another doomed attempt to keep the dying business model. From shaddack at ns.arachne.cz Tue Apr 15 12:49:12 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Tue, 15 Apr 2003 21:49:12 +0200 (CEST) Subject: DMCA Crypto Software In-Reply-To: <3E9C3D8C.5010803@cdc.gov> Message-ID: On Tue, 15 Apr 2003, Major Variola (ret) wrote: > At 06:56 PM 4/15/03 +0200, Thomas Shaddack wrote: > There's that, and the watermark removal you mentioned, > (see Felton et al.) but why bother? Someone from someplace > not under the grip of the DMCA regime will buy the marked file, > and not care about its propogation. There will be no such place. The mighty wrath of WTO and WIPO will descend upon the countries who would dare to not enforce the interests of The Wealthy, followed by import duties, locking the "infringers" out of the "free" market. > If incoming media files are blocked by a national firewall (no first > amendment for imports.. customs can seize your porn when you re-enter > the US) well, crypto just laughs at this. They can??!? Blessed be encrypted digital media! (Another reason to hope for the world of software-defined generic devices - no customs would have a reason to seize an empty generic core, even if one of its functions could be "illegal", if flashed with the right firmware. I should sacrifice the necessary time and buy a handful of Xilinx FPGAs and learn how to play with them...) From shaddack at ns.arachne.cz Tue Apr 15 14:30:57 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Tue, 15 Apr 2003 23:30:57 +0200 (CEST) Subject: Kill MS, again, but sideways In-Reply-To: Message-ID: On 14 Apr 2003, Tom Veil wrote: > If I want to keep secret the details of something I make, it is my right > to do so. Then I have the right to appropriately dislike you, and to reverse-engineer the "product", which is so shoddy that you are ashamed of documenting its internals, and to publish it. I am currently HEAVILY pissed, as we built our servers on ASUS motherboards (otherwise pretty good) with AS99127F chips for health monitoring. We run Linux on them. When I load the appropriate drivers to activate the onboard sensor chip, the speaker starts beeping an alarm and won't stop until hardware reset. So I either have to sacrifice the sensors (which can be potentially fatal, one of my servers had problems (weird crashes) because of cooling fan, and because of no sensors support (old board) it took me several crashes to identify the pattern (it was a remote, unattended machine)), or I have to unplug the internal squeaker, which makes it difficult to assess boot-time problems. I met MANY other problems of this kind. > Don't like it? Don't fucking buy it. THERE IS NO CHOICE! Couple months ago we were shopping for a PABX. The only possibilities available were Siemens, Nortel, and Bosch. No one of them supplied any service-level documentation, all three wanted to lock us into an expensive service contract. We have to wait for hours in case of every little hiccup, instead of me taking a look at the box and giving it the right commands, because I DON'T KNOW THE FUCKING COMMANDS AND NOBODY TELLS ME WHAT THEY ARE!!! There is of course the choice of doing without the phones, but you can't run a bigger office without telephones. And the open-source PABX constructions that are out there aren't mature enough for practical use yet :((( And if there is a choice, tell me what brand of a cellphone comes with full docs, what TV comes with full docs (see lower), what hard drive comes with full docs (which is especially painful as it makes problems with secure data overwriting). > Any communist maggots that murder, or attempt to murder people for merely > keeping secret the details of the stuff they make and sell should be bound, > gagged, tortured, then taken out back to have their skulls crushed with a > sledgehammer until their brains start oozing out their ears. ...and after you kill off all the technicians with a peeve against the money-hungry corporations (read: everyone who ever tried to do some real work on a budget), you will pay through your nose for every hiccup, and not only in money, but also in time loss and in being whined at for not being able to do something immediately. I could talk for long about "intellectual property", my pet peeve, but one paragraph will do. There was no such concept for millenia. Imagine how it could slow down the progress if eg. alphabet or calculus would be someone's "property", and the someone would then aggressively enforce the royalties or "licence conditions". How many people would think reading is worth of the added expenses? (...and how many would just "steal" the knowledge without paying? Or maybe decide to "opt out" - the literacy results of American students are going down... not even talking about calculating with just a pencil and paper. *sigh*) Besides, the proceedings rarely go to the inventors themselves - or did you expect that the inventor of eg. LED got rich? In way too many cases the "intellectual property" is a yoke to keep the market share, to deny others the access there, to slow down the others when the "owner" can't cope by fair play. Sorry, this isn't the kind of game I want to play. Not by these rules. I don't even talk about the insecurity factor for the public infrastructure. The documentation will leak sooner or later, or the crucial parts will be acquired and reverse-engineered, and someone who will want to cause damage will get ahold of the information. A determined attacker has a choice where he wants to invest the effort, but a determined defender has no other choice than to be intimately familiar with ALL parts of their infrastructure - and you can't sanely expect to be able to reverse-engineer every byte of every firmware of every your critical device, nor can you expect the vendors to plug all the holes, especially in older devices. (Especially not in the pace the devices get obsolete, the artificially fueled march towards unreliability, towards the promises of better results in next version. After all, what's better force to upgrade than a bug in your old device, which you can't repair because of no docs, and which the vendor won't repair because their interest is to make you buy something new? With the only thing you can be confident about being the increasing shoddiness of new electronics, as the time-to-market takes precedence over testing and debugging! *spit* Phooey! And then you come and have the balls to defend the "right" of the vendors to not reveal how crappy and unfinished is what they dare to call a "product".) Back during the Communism there was a small shop here, where it was possible to buy schematics and docs for all the consumer devices manufactured by Tesla, local manufacturer. Their quality was widely underestimated (or, more accurately, the quality of the Western crap was overestimated, as not enough people opened the imported equipment to make the public aware about the cheap material of the circuitboards, usage of plastic levers and gearwheels where metal would be more suitable, and mistaking design for quality). With available documentation the followup came, with hobbyists devising add-ons, repairs, and tweaks, and publishing them in a widely read magazine. (If Tesla would follow and incorporate the tweaks into newer submodels, then they could get much better quality. But, as Communist way of leading the factories was more about careerism and politics than about technology, it didn't happen. On the other hand, capitalism is more about money than about technology, so no big difference either. *sigh*) Now, the users are actively discouraged from understanding the internals of their appliances, maybe in order to keep the advertising effective in peddling trivial add-ons (eg, home networking) as groundbreaking features. There is an expression to characterize the techno-economical system we're heading into: CRAPITALISM! The case of Blackboard security, which recently flashed through Politech (thanks, Declan!), nicely illustrates the situation - technical shortcomings addressed by lawyers. Vendors, who keep crucial informations away from the customers, should be shot. The ones, who try to sue the reverse engineers, should be boiled in oil before being shot. From eresrch at eskimo.com Wed Apr 16 06:24:34 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Wed, 16 Apr 2003 06:24:34 -0700 (PDT) Subject: Kill MS, again, but sideways In-Reply-To: Message-ID: On Tue, 15 Apr 2003, Thomas Shaddack wrote: > Then I have the right to appropriately dislike you, and to > reverse-engineer the "product", which is so shoddy that you are ashamed of > documenting its internals, and to publish it. > > I am currently HEAVILY pissed, as we built our servers on ASUS [rant snipped] > Vendors, who keep crucial informations away from the customers, should be > shot. The ones, who try to sue the reverse engineers, should be boiled in > oil before being shot. I guess I have to agree :-) Back in the early '80's I reverse engineered a Harris PBX. Replacing its 8080 microprocessor with a 68020 allowed me to take over total control of the switch and make the long distance company I worked in far more competitive. It took a lot of effort and equipment, and Harris Corp. never even believed we did it. Good thing, or they would have probably sued us! Reverse engineering in that case makes 1 company far more competitive. But in most cases simply understanding the principles is all you need to build a better product. The problem is then manufacturing, marketing and selling the better product. Most people are lazy, they just steal the idea and duplicate the principles, maybe with cheaper parts. That's where I think the lawyers have a good job. But if someone can figure out a better way to do things, then the person who hired the lawyers to harrass them needs to be boiled in oil. Anything that slows the advance of technology is a bad thing, and there's too many laws now aimed at exactly that. Patience, persistence, truth, Dr. mike From mv at cdc.gov Wed Apr 16 08:35:17 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 16 Apr 2003 08:35:17 -0700 Subject: Kill MS, again, but sideways Message-ID: <3E9D7835.AD28533D@cdc.gov> At 11:30 PM 4/15/03 +0200, Thomas Shaddack wrote: > >The case of Blackboard security, which recently flashed through Politech >(thanks, Declan!), nicely illustrates the situation - technical >shortcomings addressed by lawyers. Lawyers are merely implementing what the *legislators* let them. The legislators are the ones deserving of the jumpercables on the genitals, though perhaps though the lawyers could be required to do the honors. Since lawyers decay into legislators, this would have beneficial prophylactic educational effects. >Vendors, who keep crucial informations away from the customers, should be >shot. No Thomas, a market will find better uses for them if your arguments have merit. (Which they do, but it takes time.) It is, after all, the right of any individual (or group thereof) to keep secrets. (And Thomas, I wouldn't argue against that *here* :-) Or bind others with consensual contracts like NDAs. Much as it is the right of anyone to diddle with anything they own, and talk about it freely. >The ones, who try to sue the reverse engineers, should be boiled in oil before being shot. The nice thing about jumpercables is the longer you use them, the lesser the ohmic resistance of the legislator, until you get charring, at which point you can move on to the next deserving most honorable sir. ... PS: TS you might at this point enjoy _A Xenix Chainsaw Massacre_ From mv at cdc.gov Wed Apr 16 09:08:08 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 16 Apr 2003 09:08:08 -0700 Subject: All Your Bases Are Belong To Us [GATTACA] Message-ID: <3E9D7FE8.48E8B243@cdc.gov> White House seeks to expand DNA database WASHINGTON DNA profiles from juvenile offenders and from adults who have been arrested but not convicted would be added to the FBI's national DNA database under a Bush administration proposal. Under current law, only DNA from adults convicted of crimes can be placed in the national database, which is used to compare those samples with biological evidence from the scenes of unsolved crimes. As of January, there were about 1.3 million DNA samples in the database, U.S. officials say. http://www.usatoday.com/news/washington/2003-04-15-dna-usat_x.htm From schear at attbi.com Wed Apr 16 11:27:28 2003 From: schear at attbi.com (Steve Schear) Date: Wed, 16 Apr 2003 11:27:28 -0700 Subject: RSA Show impressions Message-ID: <5.1.0.14.2.20030416102239.0445aad0@mail.attbi.com> This year's RSA show was, like it predecessors, mostly a schmooze event. Shrunk at least 1/3 in floor space from the 2001/2 events, it certainly reflected the changes in this industry. I was surprised and a bit dismayed that I saw few familiar faces. A brief talk with Stacy Cannan, of L.J. Kushner, the leading security industry recruiter, confirmed my suspicions that many senior level people had left the industry in the past two years. The booths were mostly manned with the latest generation of newly graduated fodder. There didn't seem to be much activity (or smiles for that matter) in most booths. This is probably reflecting the exit/acquisition of some early players, decreased level of IT spending, and the increasing impact of open source security solutions. About the most amusing thing was receiving a "Regime change begins at home" button from one of the executives. steve From camera_lumina at hotmail.com Wed Apr 16 10:51:32 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 16 Apr 2003 13:51:32 -0400 Subject: All Your Bases Are Belong To Us [GATTACA] Message-ID: Variola wrote... >From: "Major Variola (ret)" >To: "cypherpunks at lne.com" >Subject: All Your Bases Are Belong To Us [GATTACA] >Date: Wed, 16 Apr 2003 09:08:08 -0700 > >White House seeks to expand DNA database > >WASHINGTON DNA profiles from juvenile offenders and from adults >who have been arrested but not convicted would be added to the FBI's >national >DNA database under a Bush administration proposal. And apparently mainland Chinese research has shown that the most appropriate DNA in such cases comes from the eyeballs, kidneys, or liver. -TD _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail From rah at shipwright.com Wed Apr 16 10:53:25 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 16 Apr 2003 13:53:25 -0400 Subject: Plan Would Use Software, Not Devices, to Fight Piracy In-Reply-To: <3E9CF527.7080700@thing.dyndns.org> References: <3E9CF527.7080700@thing.dyndns.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 6:16 PM +1200 4/16/03, thing wrote: >All that will happen is >people will be forced into one camp or another, and Im willing to >bet once ppl move into the pirated camp they wont be able to get >back, and wont want too. More to the point, "piracy", meaning the auctioning of *any* copy, for bearer form internet cash using protocols everyone on these lists know by heart, is *desirable*, and, I would claim, inevitable. Inevitable because it's cheaper, it already is, :-), but I mean risk-adjusted transaction cost compared to book-entry DRM markets, and, in addition, will put more revenue in the pockets of actual innovators of new content. Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 - not licensed for commercial use: www.pgp.com iQA/AwUBPp2YisPxH8jf3ohaEQL8oQCeOYrp2aMX4G9Zg6hlt+xiEz/D23sAoKga nnmcEWKBdsw0alwGy5oKgXaB =QgJH -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Wed Apr 16 12:28:45 2003 From: eugen at leitl.org (eugen) Date: Wed, 16 Apr 2003 14:28:45 -0500 Subject: This document saved from http Message-ID: <20030416192835.VNRS6289.out008.verizon.net@Wub> From mv at cdc.gov Wed Apr 16 15:48:22 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 16 Apr 2003 15:48:22 -0700 Subject: Crypto cartoon Message-ID: <3E9DDDB6.F87B41E0@cdc.gov> from the cryptography mailing list: Today's (April 16ths) "Foxtrot" will amuse readers of this list. http://www.ucomics.com/foxtrot/ From jei at cc.hut.fi Wed Apr 16 06:40:42 2003 From: jei at cc.hut.fi (Jei) Date: Wed, 16 Apr 2003 16:40:42 +0300 (EET DST) Subject: No Freedom to Speak - Court blocks security conference talk Message-ID: http://news.com.com/2100-1028-996836.html By John Borland Staff Writer, CNET News.com April 14, 2003 A pair of students were blocked by a federal court from presenting information at a Georgia security and hackers' conference on how to break into and modify a university electronic transactions system. Washington D.C.-based education software company Blackboard successfully convinced a Georgia state court to block the students' presentation, which was scheduled to be given at the Interz0ne conference in Atlanta last weekend. Blackboard argues that the restraining order blocked the publication of information gained illegally, which would have harmed the company's commercial interests and those of its clients. But conference organizers contend that the students' free speech rights were abridged. "The temporary restraining order pointed out that the irreparable injury to Blackboard, our intellectual property rights and clients far outweighed the commercial speech rights of the individuals in question," said Michael Stanton, a Blackboard spokesman. The company claims that the speech being blocked is commercial speech because the students were a "small competitor" to Blackboard. One of the students, Georgia Institute of Technology's Billy Hoffman, had threatened to give away code allowing any computer to emulate Blackboard's technology, the company claims. Programmers' rights to publish or present information that would help break security technology has been an increasingly controversial issue over the past few years. Much of the controversy has focused on the Digital Millennium Copyright Act, which contains a provision making it illegal to break technological security measures protecting copyrighted works, or even to publish information explaining how to do so. The best-known case in this area had to do with Princeton University professor Edward Felton's attempts to present information on how to break protections created by the now-defunct Secure Digital Music Initiative. Felton said that SDMI attorneys told him he would be violating copyright law if he presented his work. The Recording Industry Association of America (RIAA), a key part of the SDMI effort, denied making legal threats. Although an initial cease and desist letter sent to the Interz0ne conference organizers hinted that the students may have violated the DMCA, the complaint that resulted in the temporary restraining order did not touch on that copyright law. Instead, the restraining order was grounded largely in federal and Georgia state antihacking laws and a state trade secrets act. The information set to be presented was gleaned after one of the students had physically broken into a network and switching device on his campus and subsequently figured out a way to mimic Blackboard's technology, the company told the judge. Because that alleged act would be illegal under the federal and state laws, publication of the resulting information should be blocked, it argued. The state judge agreed, at least temporarily. A hearing on a permanent injunction against publication or presentation of the work will be held in Georgia state court Wednesday. The students, Hoffman and the University of Alabama's Virgil Griffith, could not immediately be reached for comment. From schear at attbi.com Wed Apr 16 17:10:49 2003 From: schear at attbi.com (Steve Schear) Date: Wed, 16 Apr 2003 17:10:49 -0700 Subject: Skunkworks seeks brilliant hacker Message-ID: <5.1.0.14.2.20030416164757.042d5eb0@mail.attbi.com> Skunkworks research group seeks brilliant hacker Reply to: sf_skunkworks at hotmail.com Date: 2003-04-15, 11:59AM We are a small, tightly-knit special research division of a money management firm, and we are seeking a new member for our team. Our mission is to create tools that complement human intelligence. Instead of trying to predict the future with "quant" techniques, we prefer to create information systems that lead to better decisions. To fulfill our skunkworks name, we combine computers, networks, and other technology with statistics, mathematics, and the latest academic research, and use these to gain advantageous information about our investments. The candidate we seek is a skilled hacker with an active mind. You will be required to invent your own next project, implement it, and use it in collaboration with the rest of the team. ... From timcmay at got.net Wed Apr 16 18:02:12 2003 From: timcmay at got.net (Tim May) Date: Wed, 16 Apr 2003 18:02:12 -0700 Subject: Reason's Cathy Young complains of post-9-11 "panic-mongers" In-Reply-To: <5.1.1.6.0.20030416190219.02928c50@mail.well.com> Message-ID: <38E37804-7070-11D7-B966-000A956B4C74@got.net> On Wednesday, April 16, 2003, at 04:04 PM, Declan McCullagh wrote: > http://www.reason.com/cy/cy040803.shtml > > ... > Should we be on guard against sacrificing civil liberties to national > security? Yes. But despite the panic-mongering, this is still America, > and we still have checks and balances. Journalist Steven Brill, whose > book After examines post- Sept. 11 America, notes in a Salon interview > that judges and legislators, including Republicans, have curbed some > of the excesses of John Ashcroft's Justice Department. > ... > > Measures such as limiting terror suspects' communications with their > lawyers in order to prevent potential terrorist acts are > controversial, and rightly so. But they are a far cry from Stalinism. > ... > Yes, this is a different America than it was on Sept. 10, 2001. But it > wasn't Ashcroft, President Bush, or the Republican Congress who > conspired to rob us of our freedom; it was the terrorists. > ... > > I hope someone kills the bitch. --Tim May "We are at war with Oceania. We have always been at war with Oceania." "We are at war with Eurasia. We have always been at war with Eurasia." "We are at war with Iraq. We have always been at war with Iraq. "We are at war with France. We have always been at war with France." From thing at thing.dyndns.org Tue Apr 15 23:16:07 2003 From: thing at thing.dyndns.org (thing) Date: Wed, 16 Apr 2003 18:16:07 +1200 Subject: Plan Would Use Software, Not Devices, to Fight Piracy References: Message-ID: <3E9CF527.7080700@thing.dyndns.org> As always I dont think the answer we see to the problem we saw is the true vision. From the postings I see here I think most of us see through the decit anyway. At the end of the day there are to many greedy, fat fingers wanting to get into the consumer pie, to make guarranteed money and a guarranteed stream of it. I would like to wash my hands of it, however it effects me directly whether I want it to or not. What does knowing where the original copy came from matter? It just disappeared into "china" and out comes a million + copies. All I can see is that there will clearly be 2 streams of movies/music, a highly restricted and expensive official solution, and an extreamly open, cheap, pirated version. All that will happen is people will be forced into one camp or another, and Im willing to bet once ppl move into the pirated camp they wont be able to get back, and wont want too. The RIAA's business model is shot, its just a question of how long it takes to die. In 3rd world countries I suspect its already dead, they cant afford to buy official stuff. regards Thing R. A. Hettinga wrote: >Wherein Paul Kocher proves, once again, that secure messages on >insecure public networks will always beat insecure messages on >"secure" private networks. > >So much for book-entry to the screen buffer. Take *that* WAVE-oids. >:-) > > >Of course, the old crypto saw still prevails: The only thing DRM gets >you is who the copy was stolen *from*, not who stole it. > >So, I still predict an eventual convergence to a cash-settled auction >market for authenticated copies of any digital work, and, of course, >I think Paul's work is a great step in this direction. > >Financial cryptography is the only cryptography that matters. > >Cheers, >RAH >------- > >rint&position=top> > >The New York Times > > >April 15, 2003 > >Plan Would Use Software, Not Devices, to Fight Piracy >By JOHN MARKOFF > > >A prominent computer security researcher has proposed a technical >solution aimed at forging a middle ground in the increasingly bitter >battle by Hollywood and Silicon Valley over the best way to protect >digital content from consumer piracy. > >Cryptography Research has begun circulating its proposal, which it >calls Self-Protecting Digital Content, among entertainment companies. >It plans to make it available publicly this week, in an effort to >break the impasse over the Digital Millennium Copyright Act, which >Congress passed in 1998 with strong lobbying support from Hollywood >and other creators of intellectual property. > >Cryptography Research's proposal would shift the location of >copy-protection code from the consumer products that play music and >movies and run software to the content files produced by >entertainment companies and software developers. The plan aims to >help avoid the immense costs of building piracy protection into >personal computers, video game players, satellite receivers and other >devices produced by technology manufacturers. While it would not >eliminate the possibility of digital theft, its advocates said it >would drastically curb piracy while easing the burden on the >technology industry. > >They say the plan would also avoid invading the privacy of consumers >who do not engage in piracy and make it easier and less costly for >content owners to recover if a copy-protection system is broken. > >The authors of the report include Paul Kocher, a leading American >cryptographer, who was involved in the development of an important >Web standard for protecting the security of commercial transactions. > >Consumer electronics makers create coding to wrap what they hope will >be unbreakable shells of software around digital content on CD's, >DVD's and the like. Once the copy protection systems are undermined, >however, it is simple for pirates to make unlimited copies of the >music, video or software. > >Under pressure from Hollywood and the recording industry, the >personal computing industry has now embarked on an ambitious project >to build copy protection hardware into the circuitry of all PC's. The >efforts, including the PC hardware industry's Trusted Computing >Platform Alliance and Microsoft's Palladium system are being sold to >users on the grounds that they will protect information privacy and >computer security. > >But if the hard-wired approach proves to be fallible, allowing a >determined enemy to bypass this digital Maginot line, the standards >efforts could turn into a financial disaster for the computer >industry and harm Hollywood as well. > >"We use the term brittle," said Mr. Kocher, who consults widely in >the consumer electronics industry on cryptography issues. "You have a >strong external shell, but the inside is software and completely >vulnerable." > >Under the proposal from Cryptography Research, based in San >Francisco, the hardware would be radically simplified and the >complexity of protecting the information would be embedded within the >music, video or software file itself. > >As part of the approach, each file would embed a digital mark, making >it possible for a stolen copy to be traced. The advantage of the >system is that the tracing technology would only come into play if a >file is widely copied. > >"It's a clever idea," said Bruce Schneier, founder and chief >technical officer of Counterpane Internet Security, a computer >security company. "This makes the job of the attacker more annoying. >Paul is approaching the problem more sensibly than others." > >Most security experts now believe that there will never be a perfect >solution to digital piracy. But most earlier proposals would involve >such extensive invasions of privacy that many experts worry that they >could end up producing a consumer backlash against the entertainment >and technology industries. > >Mr. Kocher said he decided to explore a new approach after years of >watching the mounting tension among Hollywood, electronics >manufacturers and consumer advocacy groups. > >"I find the problem of piracy absolutely fascinating," he said. "Most >people view this as a war between Hollywood and technology companies. >But I view it as the security industry has done a terrible job of >attempting to solve Hollywood's piracy problem." From rah at shipwright.com Wed Apr 16 15:16:54 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 16 Apr 2003 18:16:54 -0400 Subject: Key Republican Not Sure on Patriot Act Message-ID: Newsday.com Key Republican Not Sure on Patriot Act By JESSE J. HOLLAND Associated Press Writer April 16, 2003, 12:08 PM EDT WASHINGTON -- The Bush administration's plans to expand a post-Sept. 11 anti-terrorism law face resistance from a powerful House Republican who says he's not even sure he wants the government to keep its new powers. James Sensenbrenner of Wisconsin, the House Judiciary Committee chairman, complains that the Justice Department isn't sharing enough information for lawmakers to make a judgment on how well or poorly the USA Patriot Act is working. "I can't answer that because the Justice Department has classified as top-secret most of what it's doing under the Patriot Act," Sensenbrenner said when asked about the future of the anti-terrorism law in a recent interview. Sensenbrenner maintains that because the department refuses to be forthcoming, it is losing the public relation battle needed to extend the law beyond its October 2005 expiration, much less expand it. "The burden will be on the Justice Department and whomever is attorney general at that time to convince Congress and the president to extend the Patriot Act or modify it," he said. "But because of the fact that everything has been classified as top-secret, the public debate is centering on (the act's) onerousness." For example, the American Civil Liberties Union this week used newspaper ads to attack one provision that the ACLU says allows the government to enter homes, conduct searches, download computer contents and Internet viewing histories without informing the occupant that such a search was conducted. "Enacting policies that allow the government to enter our homes in secret and to collect highly personal information won't make us safer, but it will make us less free," said Anthony Romero, the ACLU's executive director. A Justice Department spokesman said the Bush administration will do its best to answer more than 100 questions from give Sensenbrenner and House Democrats about the law and its use in the war on terrorism. "The courts have upheld our actions time and time again," spokesman Mark Corallo said Tuesday. But "we will do everything we can to cooperate with Congress and with Chairman Sensenbrenner in answering his questions." Passed weeks after the Sept. 11 attacks, the USA Patriot Act granted the government broad new powers to use wiretaps, electronic and computer eavesdropping and searches and the authority to access a wide range of financial and other information in its investigations. It also broke down the traditional wall between FBI investigators and intelligence agents. Justice officials won't say what their new proposal would do, but "we will present Congress with an anti-terrorism package sometime in the near future," Corallo said. An early draft leaked to reporters in November suggested creating a DNA database of "suspected terrorists;" forcing suspects to prove why they should be released on bail, rather than have the prosecution prove why they should be held; and deporting U.S. citizens who become members of or help terrorist groups. But that draft was never reviewed by Attorney General John Ashcroft and about two-thirds of it will not be proposed to Congress, according to Justice Department officials speaking on condition of anonymity. Advocates say the current law has helped quash other terrorism attacks, but opponents claim it has eroded civil liberties. Among the advocates is Senate Judiciary Committee Chairman Orrin Hatch, who isn't waiting on 2005 to craft legislation to extend the life of the law. Last week, Hatch sought to extend the act through an amendment to a bill that would further expand government wiretapping authority under the Foreign Intelligence Surveillance Act. Lawmakers left for their Easter break before considering it. "It seems to me to be ridiculous to take away the best law enforcement tool against terrorism before we get rid of terrorism," said Hatch, R-Utah. "This bill has helped us protect ourselves from terrorism both inside and outside the country. It's a tough bill, but it's constitutional and it works." The Justice Department likely will need full Republican support to renew the anti-terrorism law, with congressional Democrats are already lining up against Hatch's legislation. A renewal effort "will be highly controversial and is not justified by the Justice Department's own record," said Sen. Patrick Leahy of Vermont, the Judiciary Committee's ranking Democrat. * __ On the Net: Senate Judiciary Committee: http://judiciary.senate.gov House Judiciary Committee questions on USA Patriot Act: http://www.house.gov/judiciary/patriot040103.htm Copyright 2003, The Associated Press -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From declan at well.com Wed Apr 16 16:04:07 2003 From: declan at well.com (Declan McCullagh) Date: Wed, 16 Apr 2003 19:04:07 -0400 Subject: Reason's Cathy Young complains of post-9-11 "panic-mongers" Message-ID: <5.1.1.6.0.20030416190219.02928c50@mail.well.com> http://www.reason.com/cy/cy040803.shtml ... Should we be on guard against sacrificing civil liberties to national security? Yes. But despite the panic-mongering, this is still America, and we still have checks and balances. Journalist Steven Brill, whose book After examines post- Sept. 11 America, notes in a Salon interview that judges and legislators, including Republicans, have curbed some of the excesses of John Ashcroft's Justice Department. ... Measures such as limiting terror suspects' communications with their lawyers in order to prevent potential terrorist acts are controversial, and rightly so. But they are a far cry from Stalinism. ... Yes, this is a different America than it was on Sept. 10, 2001. But it wasn't Ashcroft, President Bush, or the Republican Congress who conspired to rob us of our freedom; it was the terrorists. ... From bill.stewart at pobox.com Wed Apr 16 19:19:37 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Wed, 16 Apr 2003 19:19:37 -0700 Subject: Crypto cartoon In-Reply-To: <3E9DDDB6.F87B41E0@cdc.gov> Message-ID: <5.1.1.6.2.20030416191307.02d0aec8@idiom.com> At 03:48 PM 04/16/2003 -0700, Major Variola (ret) wrote: >from the cryptography mailing list: > >Today's (April 16ths) "Foxtrot" will amuse readers of this list. > >http://www.ucomics.com/foxtrot/ The image is at http://images.ucomics.com/comics/ft/2003/ft030416.gif , which is a more stable URL. From shaddack at ns.arachne.cz Wed Apr 16 10:21:20 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Wed, 16 Apr 2003 19:21:20 +0200 (CEST) Subject: Kill MS, again, but sideways In-Reply-To: <3E9D7835.AD28533D@cdc.gov> Message-ID: On Wed, 16 Apr 2003, Major Variola (ret) wrote: > Lawyers are merely implementing what the *legislators* let them. Good note. But if we apply the "aiding and abetting" clause, they can be summarily executed together, saving the manpower. > Since lawyers decay into legislators, this would have beneficial > prophylactic educational effects. I like this idea. An ounce of prevention... > No Thomas, a market will find better uses for them if your arguments > have merit. (Which they do, but it takes time.) Do we have the time? In long term, everyone will end up dead. I have problems and I have them *now*. :( > It is, after all, > the right of any individual (or group thereof) to keep secrets. > (And Thomas, I wouldn't argue against that *here* :-) > Or bind others with consensual contracts like NDAs. Individuals, yes. For small subjects, cooperation is favorable mode of operation, which counteracts the tendency to secretiveness. Corporations, NO! Once these monsters get too big, they try to do every dirty trick in the books and then some more to get and keep market share and to raise the barriers to entry for the others as high as possible, and to prevent everyone around to learn that their preciousss sssecretsss are nothing more than poorly tested dirty hacks holding together with duct tape and blobs of hot-melt glue. During last couple years, I developed blind hate against them. > Much as it is the right of anyone to diddle with anything they own, > and talk about it freely. If we'll get this, and a set of decent rev-eng tools, I will scale down my demands for officially sanctioned access. (I don't care how I get the data, if I get the vendor to fax me the docs or have to visit my local blackmarket dealer, the important thing is that I have the specs.) ...and the definition of ownership as physical possession. No "licensing". > The nice thing about jumpercables is the longer you use them, > the lesser the ohmic resistance of the legislator, until you > get charring, at which point you can move on to the next deserving > most honorable sir. ...and then the Market will finally find some useful use for the legislators. As a fertilizer. > PS: TS you might at this point enjoy _A Xenix Chainsaw Massacre_ Beeeeeeautiful! Thanks :) From timcmay at got.net Wed Apr 16 21:18:31 2003 From: timcmay at got.net (Tim May) Date: Wed, 16 Apr 2003 21:18:31 -0700 Subject: Crypto cartoon In-Reply-To: <200304162141.09987.njohnsn@njohnsn.com> Message-ID: On Wednesday, April 16, 2003, at 07:41 PM, Neil Johnson wrote: > On Wednesday 16 April 2003 09:19 pm, Bill Stewart wrote: >> At 03:48 PM 04/16/2003 -0700, Major Variola (ret) wrote: >>> from the cryptography mailing list: >>> >>> Today's (April 16ths) "Foxtrot" will amuse readers of this list. >>> >>> http://www.ucomics.com/foxtrot/ >> >> The image is at http://images.ucomics.com/comics/ft/2003/ft030416.gif >> , >> which is a more stable URL. > > Careful, might need a export permit. > "Clicking on this cartoon helps the terrorists." --Tim May From jamesd at echeque.com Wed Apr 16 21:23:40 2003 From: jamesd at echeque.com (James A. Donald) Date: Wed, 16 Apr 2003 21:23:40 -0700 Subject: Key Republican Not Sure on Patriot Act In-Reply-To: Message-ID: <3E9DC9DC.9835.D3AF9E0@localhost> -- On 16 Apr 2003 at 18:16, R. A. Hettinga wrote: > WASHINGTON -- The Bush administration's plans to expand a > post-Sept. 11 anti-terrorism law face resistance from a > powerful House Republican who says he's not even sure he > wants the government to keep its new powers. Any war does great and permanent damage to liberty. However a short victorious war in a faraway place does considerably less damage than most. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG odbZw4ASECzPXce96RGFgfxbwAZRPn65AX3bMSIC 4OdrOaOsLVLT6FqWpFdrgVVButlDMmPRjORMSzUKw From njohnsn at njohnsn.com Wed Apr 16 19:41:09 2003 From: njohnsn at njohnsn.com (Neil Johnson) Date: Wed, 16 Apr 2003 21:41:09 -0500 Subject: Crypto cartoon In-Reply-To: <5.1.1.6.2.20030416191307.02d0aec8@idiom.com> References: <5.1.1.6.2.20030416191307.02d0aec8@idiom.com> Message-ID: <200304162141.09987.njohnsn@njohnsn.com> On Wednesday 16 April 2003 09:19 pm, Bill Stewart wrote: > At 03:48 PM 04/16/2003 -0700, Major Variola (ret) wrote: > >from the cryptography mailing list: > > > >Today's (April 16ths) "Foxtrot" will amuse readers of this list. > > > >http://www.ucomics.com/foxtrot/ > > The image is at http://images.ucomics.com/comics/ft/2003/ft030416.gif , > which is a more stable URL. Careful, might need a export permit. -- Neil Johnson http://www.njohnsn.com PGP key available on request. From rah at shipwright.com Wed Apr 16 19:46:58 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 16 Apr 2003 22:46:58 -0400 Subject: Skunkworks seeks brilliant hacker In-Reply-To: <5.1.0.14.2.20030416164757.042d5eb0@mail.attbi.com> References: <5.1.0.14.2.20030416164757.042d5eb0@mail.attbi.com> Message-ID: At 5:10 PM -0700 4/16/03, Steve Schear wrote: >Skunkworks research group seeks brilliant hacker ... to find material non-public information? :-) Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From roughneck777 at hotmail.com Wed Apr 16 23:53:17 2003 From: roughneck777 at hotmail.com (The Roughneck) Date: Thu, 17 Apr 2003 01:53:17 -0500 Subject: Post this on your web site Message-ID: I realize that you were just trying to help me by posting my earlier emails but I think it may have caused more harm than good; at least for the short term. So if you will be so kind as to post this email for me then maybe I can make a little lemonaide from the previous lemons. The way I see it is if the "powers that be" at my job have already read my email postings from earlier then they'll probably go back to your site to see if you've posted any more emails. Please respect my wishes, here. I just want to avoid any harm against my family and me. And please dont show my email address again, too. If I'm lucky and they still dont know who I am then that would be a good thing. http://cryptome.org/il-spies-tx.htm -------- I think people have not quite gotten their hands around the speed at which information can be disseminated online. -Monica Lewinsky, LATimes 9 may 01 From eugen at leitl.org Thu Apr 17 02:10:37 2003 From: eugen at leitl.org (eugen) Date: Thu, 17 Apr 2003 04:10:37 -0500 Subject: W32.Klez.E removal tools Message-ID: <20030417091027.WDZ12665.out007.verizon.net@Ltoviys> From thing at thing.dyndns.org Wed Apr 16 11:39:22 2003 From: thing at thing.dyndns.org (thing) Date: Thu, 17 Apr 2003 06:39:22 +1200 Subject: Plan Would Use Software, Not Devices, to Fight Piracy References: <3E9CF527.7080700@thing.dyndns.org> Message-ID: <3E9DA35A.1090707@thing.dyndns.org> R. A. Hettinga wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >At 6:16 PM +1200 4/16/03, thing wrote: > > >>All that will happen is >>people will be forced into one camp or another, and Im willing to >>bet once ppl move into the pirated camp they wont be able to get >>back, and wont want too. >> >> > >More to the point, "piracy", meaning the auctioning of *any* copy, >for bearer form internet cash using protocols everyone on these lists >know by heart, is *desirable*, and, I would claim, inevitable. > >Inevitable because it's cheaper, it already is, :-), but I mean >risk-adjusted transaction cost compared to book-entry DRM markets, >and, in addition, will put more revenue in the pockets of actual >innovators of new content. > >Cheers, >RAH > > Totally agree, its just a question of time. I have a friend who is a musician/composer her intent is to publish on the Net, me I'll do the technical stuff for her. In the past the music houses distributed the music, now they are not needed, the marketing they do is less and less and worse and worse. I think the musicians pay for such stuff anyway, so why precisely do we need the likes of Sony? They are just churning out the same stuff, while new musicians struggle and are ignored. Cutting out the middle men who offer smoke and mirrors means we as consumers pay less and the creators get a fairer return, I cant wait for it. While all this DRM , Palladium is fine for the US, I dont see it being saleable anywhere else, and I suspect the "youngsters" will avoid such crippled kit like its the plague in the US. Some of the suits seem to forget we have choice or think they have removed that choice, I very much want to prove them wrong. regards Thing From mv at cdc.gov Thu Apr 17 06:56:51 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 17 Apr 2003 06:56:51 -0700 Subject: Calling Internet rumor mills harmful, some move to shut sites. Defenders say free speech is at stake. Message-ID: <3E9EB2A3.81869D31@cdc.gov> Parents Rally to Stop 'Cyber Bullying' Calling Internet rumor mills harmful, some move to shut sites. Defenders say free speech is at stake. By Erika Hayasaki and Jia-Rui Chong, Times Staff Writers When Internet users log onto http://www.schoolscandals.com and click on the Beverly Hills High School link, they will find a message calling one student a "retard" who "deserves to go to hell." A posting in the Frost Middle School chat room describes a student as a "homosexual with a pigeon-like face and a penguin-like body." Such name-calling and gossip about students are common on the 3-year-old Web site, similar to the crude messages scribbled inside of school bathroom stalls for decades but on a much larger scale. That "cyber bullying" has an audience of tens of thousands, and it features links for chat rooms about nearly 100 Southern California middle and high schools, particularly in the San Fernando Valley. As a result, parents and school administrators are calling for the site's closure, contending much of its content is libelous and harmful. ... Wendy Seltzer, a staff attorney with the Electronic Frontier Foundation, an online civil liberties organization, said that the authors of the postings might be held liable, but that a 1996 federal law protects many Internet service providers from lawsuits about their content. Only sites like http://www.salon.com, http://www.latimes.com and others can be sued for defamation, since they hold the right to edit their content, she said. The notion is that most Web hosts "don't look at all, because if you do look, you might be held liable for what your users are saying," she said. http://www.latimes.com/news/local/la-me-website17apr17,1,911742.story?coll=la%2Dhome%2Dtodays%2Dtimes From mv at cdc.gov Thu Apr 17 07:25:19 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 17 Apr 2003 07:25:19 -0700 Subject: Key Republican Not Sure on Patriot Act Message-ID: <3E9EB94F.31CCC3D8@cdc.gov> At 10:05 AM 4/17/03 -0400, Tyler Durden wrote: > >Which is why we're lookin' at Syria next. > Speaking of which, Syria pulled an excellent counter to the US bullying. "No WMD in the middle east". Who could object to that, and who would their owners be, and who could fail to see that? And if the US actually does something military (agreed, there's a decent chance of that) then Osama wins bigtime. Checkmate. ... We have always been at war with Oceania bin Laden From eresrch at eskimo.com Thu Apr 17 07:41:21 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Thu, 17 Apr 2003 07:41:21 -0700 (PDT) Subject: Key Republican Not Sure on Patriot Act In-Reply-To: <3E9EB94F.31CCC3D8@cdc.gov> Message-ID: On Thu, 17 Apr 2003, Major Variola (ret) wrote: > > Speaking of which, Syria pulled an excellent counter to the US bullying. > > "No WMD in the middle east". Who could object to that, and who > would their owners be, and who could fail to see that? > > And if the US actually does something military (agreed, there's a > decent chance of that) then Osama wins bigtime. Checkmate. There's 2 sides to that move - by forcing Israel to join the no WMD group they'd have to eliminate their nukes. No way Israelies will go for that, so the US loses face again. This helps all the Osama's even more (plus it gives Iran a good reason to go to Pakistan for the last bit of help they need to complete their weapons.) So the US better conquer the whole area pretty quickly or it'll be dealing with nuclear powers instead of chemcial ones. Patience, persistence, truth, Dr. mike From declan at well.com Thu Apr 17 05:08:32 2003 From: declan at well.com (Declan McCullagh) Date: Thu, 17 Apr 2003 08:08:32 -0400 Subject: Kill MS, again, but sideways In-Reply-To: ; from shaddack@ns.arachne.cz on Wed, Apr 16, 2003 at 07:21:20PM +0200 References: <3E9D7835.AD28533D@cdc.gov> Message-ID: <20030417080832.A14122@cluebot.com> On Wed, Apr 16, 2003 at 07:21:20PM +0200, Thomas Shaddack wrote: > Good note. But if we apply the "aiding and abetting" clause, they can be > summarily executed together, saving the manpower. It's a rare lawyer that will criticize his own cartel... -Declan From schear at attbi.com Thu Apr 17 09:33:21 2003 From: schear at attbi.com (Steve Schear) Date: Thu, 17 Apr 2003 09:33:21 -0700 Subject: Skunkworks seeks brilliant hacker In-Reply-To: Message-ID: <5.1.0.14.2.20030417093246.043c2600@mail.attbi.com> At 10:34 AM 4/17/2003 -0400, Tyler Durden wrote: >>From: "R. A. Hettinga" >>To: cypherpunks at lne.com >>Subject: Re: Skunkworks seeks brilliant hacker >>Date: Wed, 16 Apr 2003 22:46:58 -0400 >> >>At 5:10 PM -0700 4/16/03, Steve Schear wrote: >> >Skunkworks research group seeks brilliant hacker >> >>... to find material non-public information? > >I actually thought this was a clever gag. Gag perhaps. All the info I have is at http://www.craigslist.org/sfo/sfc/eng/10367784.html steve From mv at cdc.gov Thu Apr 17 09:52:59 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 17 Apr 2003 09:52:59 -0700 Subject: Plumes, LA=Bhopal++ Message-ID: <3E9EDBEB.CE3D1D9F@cdc.gov> Chemical Plants Said to Pose Risk More than 100 facilities, including 12 in the L.A. Basin, could expose millions to toxic gas in an attack or accident, documents indicate. By Marla Cone, Times Staff Writer More than 100 chemical plants throughout the United States -- including 12 in the Los Angeles Basin -- each could expose millions of people to dangerous concentrations of toxic gas in the event of a terrorist attack or major accident, according to industry documents filed with the U.S. Environmental Protection Agency. In Southern California, eight plants in Los Angeles County, three in San Bernardino County and one in Riverside County are each capable of exposing a million or more people to the gases, and some people could receive doses high enough to cause death or serious injury, the documents show. About 30 other plants in the region handle smaller volumes of chemicals that could affect between 100,000 and 1 million people. http://www.latimes.com/news/local/la-me-chemplants17apr17,1,6036321.story?coll=la%2Dheadlines%2Dcalifornia cf http://cryptome.org/cshib041003.txt http://www.epa.gov/ceppo/ap-ocgu.htm http://yosemite.epa.gov/oswer/ceppoweb.nsf/frmVZIS?OpenForm From camera_lumina at hotmail.com Thu Apr 17 07:00:56 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 17 Apr 2003 10:00:56 -0400 Subject: Reason's Cathy Young complains of post-9-11 "panic-mongers" Message-ID: I sure saw Tim's response coming. My own initial reaction was the same, except this fascist's stupidity might be a good thing (ie, for those of us that don't want to end up having a ratcage around our heads). A little Durdanian analysis will let you know what I mean... >>Measures such as limiting terror suspects' communications with their >>lawyers in order to prevent potential terrorist acts are controversial, >>and rightly so. But they are a far cry from Stalinism. So the masses reading this say: "Stalinism? You mean some people are comparing our loss of freedom with Stalinism? I don't believe that..." But the seed is now planted. Now the masses perceive other masses as being afraid we're paying too much for this war on (someone else's) terrorism. >>... >>Yes, this is a different America than it was on Sept. 10, 2001. But it >>wasn't Ashcroft, President Bush, or the Republican Congress who conspired >>to rob us of our freedom; it was the terrorists. Nice! So she tacitly admits SOMEONE'S fuckin' us over. AND, she accidently acknowledges that people believe its Bush and Asscruft. Fortunately, even the rank-and-file are smart enough to recognize who actually makes the laws here. So all that's needed are a few more horror stories of white Americans getting carted away for reading about rocketry at the library, and they'll bum-rush this show. -TD _________________________________________________________________ From camera_lumina at hotmail.com Thu Apr 17 07:05:11 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 17 Apr 2003 10:05:11 -0400 Subject: Key Republican Not Sure on Patriot Act Message-ID: James Donald wrote.... >From: "James A. Donald" >To: cypherpunks at lne.com, cryptography at metzdowd.com >Subject: Key Republican Not Sure on Patriot Act >Date: Wed, 16 Apr 2003 21:23:40 -0700 > > -- >On 16 Apr 2003 at 18:16, R. A. Hettinga wrote: > > WASHINGTON -- The Bush administration's plans to expand a > > post-Sept. 11 anti-terrorism law face resistance from a > > powerful House Republican who says he's not even sure he > > wants the government to keep its new powers. > >Any war does great and permanent damage to liberty. However a >short victorious war in a faraway place does considerably less >damage than most. Which is why we're lookin' at Syria next. -TD _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus From camera_lumina at hotmail.com Thu Apr 17 07:34:54 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 17 Apr 2003 10:34:54 -0400 Subject: Skunkworks seeks brilliant hacker Message-ID: >From: "R. A. Hettinga" >To: cypherpunks at lne.com >Subject: Re: Skunkworks seeks brilliant hacker >Date: Wed, 16 Apr 2003 22:46:58 -0400 > >At 5:10 PM -0700 4/16/03, Steve Schear wrote: > >Skunkworks research group seeks brilliant hacker > >... to find material non-public information? > >:-) > >Cheers, >RAH > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' I actually thought this was a clever gag. -TD _________________________________________________________________ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail From timcmay at got.net Thu Apr 17 11:28:13 2003 From: timcmay at got.net (Tim May) Date: Thu, 17 Apr 2003 11:28:13 -0700 Subject: Key Republican Not Sure on Patriot Act In-Reply-To: <3E9EB94F.31CCC3D8@cdc.gov> Message-ID: <59AEBF9A-7102-11D7-B966-000A956B4C74@got.net> On Thursday, April 17, 2003, at 07:25 AM, Major Variola (ret) wrote: > At 10:05 AM 4/17/03 -0400, Tyler Durden wrote: >> >> Which is why we're lookin' at Syria next. >> > > Speaking of which, Syria pulled an excellent counter to the US > bullying. > > "No WMD in the middle east". Who could object to that, and who > would their owners be, and who could fail to see that? > Who indeed? The Zionist Entity claims they need their germs, their chemicals, and their nukes (which they say they do not have, wink, wink) as a deterrent against the sand niggers who want their farms and orchards and shops back. As the Zionists have emulated nearly every other measure of their teachers, including concentration camps, identity checkpoints, and a socialized economy, one wonders why they do not go ahead and deploy the Final Solution? --Tim May "To those who scare peace-loving people with phantoms of lost liberty, my message is this: Your tactics only aid terrorists." --John Ashcroft, U.S. Attorney General From rah at shipwright.com Thu Apr 17 09:01:41 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 17 Apr 2003 12:01:41 -0400 Subject: Experts say looters had keys to Iraqi antiquity vaults Message-ID: Autovandalism: Wherein the Iraqui Ancien Regime "loots" itself... It looks like the guys with the keys stole the stuff they already stole in the first place. The museum hasn't been open in 15 years, so who knows what was really there, and most of the stuff that wasn't copied elsewhere was copies anyway. Now, hopefully, the rest is on the open market, where it belongs. At the very least, the stuff should have been auctioned off to pay the Iraqi debt, anyway. Saying that that stuff was the patrimony of three different kinds of Arabs was like saying that Kennewick Man wasn't a Caucasian. Cheers, RAH ------- Boston Globe Experts say looters had keys to Iraqi antiquity vaults By Associated Press, 4/17/03 PARIS -- Some of the looters who ravaged Iraqi antiquities had keys to museum vaults and were able to take pieces from safes, experts said Thursday at an international meeting. The U.N. cultural agency, UNESCO, gathered some 30 art experts and cultural historians in Paris on Thursday to assess the damage to Iraqi museums and libraries looted in the aftermath of the U.S.-led invasion. Although much of the looting was haphazard, experts said some of the thieves clearly knew what they were looking for and where to find it, suggesting they were prepared professionals. "It looks as if part of the looting was a deliberate planned action," said McGuire Gibson, a University of Chicago professor and president of the American Association for Research in Baghdad. "They were able to take keys for vaults and were able to take out important Mesopotamian materials put in safes." Cultural experts, curators and law enforcement officials are scrambling to track down the missing antiquities and prevent further looting of the valuables. The pillaging has ravaged the irreplaceable Babylonian, Sumerian and Assyrian collections that chronicled ancient civilization in Mesopotamia, and the losses have triggered an impassioned outcry in cultural circles. Many fear the stolen artifacts have been absorbed into highly organized trafficking rings that ferry the goods through a series of middlemen to collectors in Europe, the United States and Japan. Officials at the UNESCO meeting at its headquarters in Paris said the information was still too sketchy to determine exactly what was missing and how many items were unaccounted for. But they were united in calling for quick action to track down the pilfered items. "I have a suspicion it was organized outside the country, in fact I'm pretty sure it was," said Gibson. He added that if a good police team was put together, "I think it could be cracked in no time." Koichiro Matsuura, director-general of the U.N. Educational, Scientific and Cultural Organization, began the meeting Thursday by calling for a U.N. resolution imposing a temporary embargo on trade in Iraqi antiquities. Matsuura said it was urgent to repair the antiquities that remain and to keep them from the hands of those who traffic in the lucrative market of stolen objects. "It is always difficult, when communities are facing the consequences of an armed conflict ... to plead the case for the preservation of the cultural heritage," Matsuura said. Matsuura said he would ask U.N. Secretary-General Kofi Annan to seek a resolution against illicit trafficking that would also impose an embargo "for a limited period" on the acquisition of Iraqi cultural objects. Such a resolution would also call for the return of such items to Iraq, he said. In addition, Matsuura said the establishment of a nationwide "heritage police" was necessary to watch over cultural sites and institutions. Such a force could be set up by "the authorities on the ground," an apparent reference to U.S. and British forces in Baghdad. He reiterated a call for governments to adopt emergency legal and administrative measures to prevent the importing of objects from Iraq, and to make sure museums and art dealers refuse transactions in such objects. A database of all cultural objects needs to be quickly established so police, museums, customs authorities can act against any traffickers, he said. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mv at cdc.gov Thu Apr 17 12:57:41 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 17 Apr 2003 12:57:41 -0700 Subject: Unredacting With Smoke & Mirrors & Google, Paranoids, Israeli Art Spies Message-ID: <3E9F0735.C381A6EE@cdc.gov> 17 April 2003 From camera_lumina at hotmail.com Thu Apr 17 13:35:10 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 17 Apr 2003 16:35:10 -0400 Subject: HoneyNet Looks to Stick Hackers Message-ID: Anyone know what kind of encryption is being discussed below? (ie, that hackers use to communicate with each other) -TD HoneyNet Looks to Stick Hackers -------------------------------------------------------------------------------- Online vandals and stalkers beware. A group of security professionals called The HoneyNet Project, has just made it easier for law enforcement to stealthily track the behavior of online evil-doers. On Monday, the volunteer group, which consists of two dozen computer security, information intelligence, and psychology professionals, released the second version of its how-to-build-a-honeynet software, a tool used by law enforcement and others interested in security issues to track the behavior of hackers. For those folks not down with security lingo, a honeynet expands on the concept of a honeypot, a software application that pretends to be a server on the Internet and lures unsuspecting hackers to it. A honeynet is a collection of these honeypots networked together. When hackers (or blackhats, as theyre known in security circles) enter the honeynet, they are watched closely by a combination of surveillance technologies. Youre really playing with fire in this type of environment, says Lance Spitzner, a security architect at Sun Microsystems Inc. (Nasdaq: SUNW - message board) and founder of the four-year old HoneyNet Project. The whole point is to observe the bad guys as they go about their work in a controlled setting without them knowing it. The way it works is an intrusion-detection system triggers a virtual alarm whenever an attacker breaches security on one of the networked computers. Meanwhile, an administrator watches everything the intruder types, from commands to emails to chat sessions. A separate firewall is set up to cut the hacker off from the Internet anytime he tries to attack another system from the honeynet. Proponents say the latest HoneyNet release includes the following improvements over previous versions: The software is prepackaged for easy setup and comes for installation on a single server. A new utility called Honey Inspector, which will be released soon, will allow honeypots within the honeynet to be managed and analyzed through a graphical user interface. Eventually, the HoneyNet Project expects to release a bootable CD-ROM that will make installing its version of a honeynet even easier. Software includes improvements for breaking encryption codes that hackers often use to communicate with each other. The designers claim to have made it harder for hackers to detect that theyve been lured into a honeynet. In the previous version of software, all the surveillance was done at Layer 3. Hackers had to pass through a Layer 3 gateway when entering the honeynet, which often tipped them off to what was happening. But now HoneyNet uses a Layer 2 bridging gateway, making any surveillance invisible to the hacker. The upgrade includes an enhanced firewall that blocks harmful attacks, while still allowing hackers to communicate with their associates outside the honeynet. The longer we can keep them in the honeynet without them realizing what is going on, the more information we can gather, says Spitzner. We want them talking to their buddies on the Internet, but we dont want them causing anymore harm. So are the Honeynet Project volunteers some sort of cyber police force? Not at all. The not-for-profit groups only purpose is to observe and learn about hacker behavior and share that information with the public. Thats not to say that the information and tools gathered cant be used to catch bad guys. Government agencies like the United States Department of Homeland Security and the Federal Bureau of Investigation (FBI) already use HoneyNet Project information and techniques in their work. The HoneyNet Project is not designed for commercial use, according to Spitzner. He says it wouldnt make much sense for an enterprise to spend the resources to build such a network. But network security might use the tools to learn more about hackers and recommend strategies to clients. All software on the HoneyNet Project Website is free to download by anyone. For more information, go to The HoneyNet Project. Marguerite Reardon, Senior Editor, Light Reading _________________________________________________________________ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail From jei at cc.hut.fi Thu Apr 17 06:54:25 2003 From: jei at cc.hut.fi (Jei) Date: Thu, 17 Apr 2003 16:54:25 +0300 (EET DST) Subject: White House seeks to expand DNA database Message-ID: White House seeks to expand DNA database By Richard Willing, USA TODAY 4/15/2003 7:36 PM WASHINGTON DNA profiles from juvenile offenders and from adults who have been arrested but not convicted would be added to the FBI's national DNA database under a Bush administration proposal. Under current law, only DNA from adults convicted of crimes can be placed in the national database, which is used to compare those samples with biological evidence from the scenes of unsolved crimes. As of January, there were about 1.3 million DNA samples in the database, U.S. officials say. Adding profiles from thousands of adult arrestees and juvenile offenders would greatly expand the DNA system's worth by increasing the number of potential matches, administration officials say. Justice Department officials have discussed potential changes in federal DNA law with key members of Congress and are pushing for legislation this year. "DNA is to the 21st century what fingerprinting was to the 20th," says Deborah Daniels, assistant U.S. attorney general for justice programs. "The widespread use of DNA evidence is the future of law enforcement in this country." But critics say adding juvenile and arrestee profiles to the database threatens privacy by expanding the pool of samples beyond adult criminals. Although only digital DNA profiles would be linked to the FBI computer, the blood or saliva samples from which the DNA was drawn would be kept by state labs, they note. "It's only a matter of time before the government gets its hands on those DNA samples and starts playing around with our genetic codes," says Barry Steinhardt, privacy specialist for the American Civil Liberties Union's national office in New York City. "They say they don't want to do that, but not too long ago they were saying they'd only take DNA profiles from rapists and murderers and now they want juveniles ... We're not just on a slippery slope, we're halfway down it." DNA system defenders say the actual samples must be retained for quality- control testing and in the event a DNA match is challenged in court. They note that strict privacy laws prevent researchers from using the stored samples for any other purpose. And they note that the U.S. government already stores fingerprints from arrestees in a giant computer system without causing privacy problems. Privacy advocates aren't convinced. They note that researchers are identifying genetic markers for height, hair color and other features. They suspect that authorities soon will want to search DNA samples for such genetic markers. DNA, a cellular acid contained in blood, semen and other body fluids and tissues, is an ideal tool for crime solving. Because it contains an individual's unique genetic code, a DNA sample taken from blood, semen or even traces of saliva in a bite mark left on a crime victim can be used to match the perpetrator to the crime. In 1989, states began to collect DNA from convicted criminals and add the profiles to a computer that could match them to DNA from unsolved crimes. In 1992, the FBI created a system that linked the state databases via a bureau computer in Morgantown, W.Va. Thirty states already collect DNA profiles from juvenile offenders, who typically range in age from 13 to 17 but can be as young as 8, according to the Coalition for Juvenile Justice, a Washington, D.C., advocacy group. Since January, Virginia also has collected DNA from those accused of murder, rape and other violent felonies. But under U.S. law, only DNA from people convicted of crimes can be put into the FBI system. The national DNA database has had many successes. As of December, 6,670 DNA samples had been matched to unsolved crimes, the FBI says. States that take DNA from the widest range of offenders seem to produce the best results. New York has had 830 matches since it began to collect DNA from violent felons in 1996. But 80% were made after 1999, when the state began to require DNA collection from most other felonies. In Virginia, DNA from 74 crimes, including 12 rapes and nine murders, has been matched to DNA profiles from juvenile offenders during the past 10 years. "Not all juveniles are going to become adult criminals," says Paul Ferrara, director of Virginia's DNA program. "But for the few who are, the sooner we have them in the system the better." It is unclear how many new DNA samples would be put into the system if juvenile offenders and adult arrestees are added. In 1996, the last year for which data are available, 567,200 youths were found responsible for crimes by juvenile courts or other authorities. Virginia expects to collect DNA from 8,000 arrestees this year. The White House is pushing to make DNA a more effective law enforcement tool. Last month, it announced a plan to spend about $1 billion over five years to improve the national database. http://www.usatoday.com/news/washington/2003-04-15-dna-usat_x.htm From shaddack at ns.arachne.cz Thu Apr 17 10:12:18 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Thu, 17 Apr 2003 19:12:18 +0200 (CEST) Subject: Skunkworks seeks brilliant hacker In-Reply-To: <5.1.0.14.2.20030417093246.043c2600@mail.attbi.com> Message-ID: On Thu, 17 Apr 2003, Steve Schear wrote: > Gag perhaps. All the info I have is at > http://www.craigslist.org/sfo/sfc/eng/10367784.html Doesn't seem they are looking for a hacker in the sense of a network security "tester". Looks rather like they are looking for a hacker in the sense of a smart, out-of-the-box-thinking programmer/designer/analyst. From ckuethe at ualberta.ca Thu Apr 17 21:18:58 2003 From: ckuethe at ualberta.ca (Chris Kuethe) Date: Thu, 17 Apr 2003 22:18:58 -0600 (MDT) Subject: HoneyNet Looks to Stick Hackers In-Reply-To: References: Message-ID: On Thu, 17 Apr 2003, Tyler Durden wrote: > Anyone know what kind of encryption is being discussed below? (ie, that > hackers use to communicate with each other) lance is talking about encrypted archives, pgp'd messages, ssh and silc. short version is that his honeypots install a kernelmod to log all the IO buffers after decryption or before encryption and then fire them out over the wire. there is another kernel mod to prevent the raw socket / bpf / lpf / tap / ??? from seeing frames with a certain mac address. i saw him at cansecwest last week - good talk as usual. the talk he gave should be posted to www.cansecwest.com shortly... > -TD > > > > HoneyNet Looks to Stick Hackers > >[snip] -- GDB has a 'break' feature; why doesn't it have 'fix' too? From wmo at rebma.pro-ns.net Thu Apr 17 22:33:03 2003 From: wmo at rebma.pro-ns.net (Bill O'Hanlon) Date: Fri, 18 Apr 2003 00:33:03 -0500 Subject: Future Realities Discussed - WLG In-Reply-To: <20030418000909.EVHX20386.imf47bis.bellsouth.net@Inbox> References: <20030418000909.EVHX20386.imf47bis.bellsouth.net@Inbox> Message-ID: <20030418053303.GG309@rebma.pro-ns.net> On Fri, Apr 18, 2003 at 12:04:00AM +0000, Wilfred at Cryogen.com wrote: > > > The real reason I've been trying to establish a comprehensive knowledgebase of human competance. Having only been suppressed and prevented by political, corporate, religious, social organizations, and related evils. > > -Wilfred > Wilfred at Cryogen.com > Twirlip of the Ice: Hexapodia is the key insight. From shaddack at ns.arachne.cz Thu Apr 17 16:49:08 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Fri, 18 Apr 2003 01:49:08 +0200 (CEST) Subject: [speak-freely] (#62) initialization vector - weak crypto ? (fwd) Message-ID: This is what I feared of, and what I hoped someone from here will figure out sooner... ---------- Forwarded message ---------- Date: Fri, 18 Apr 2003 00:55:10 +0200 (MEST) Subject: [speak-freely] (#62) initialization vector - weak crypto ? From: Speak Freely Forum To: speak-freely at fourmilab.ch Message posted to the Speak Freely Forum by anon on Fri, 18 Apr 2003 00:55:10 +0200 (MEST). http://www.fourmilab.ch/wb/speak-freely.pl?rev=62 It seems that for each CBC packet the same initialization vector 0 is used! This likely weakens the crypto and might enable an attacker to break the encryption: According to rfc2405/rfc2451 the IV in CBC-mode must not be predictable. From mv at cdc.gov Fri Apr 18 09:21:04 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 18 Apr 2003 09:21:04 -0700 Subject: Govt uses private investigators to watch quarantined Message-ID: <3EA025F0.1020406@cdc.gov> http://www.nytimes.com/2003/04/18/science/sciencespecial/18INFE.html?ex=1051243200&en=c0c66bc035169a16&ei=5062&partner=GOOGLE They put a police guard on one patient at a hospital and have hired private security investigators to check on people in isolation. "This is a time when the needs of a community outweigh those of a single person." Ontario's health minister, Tony Clement From mv at cdc.gov Fri Apr 18 09:32:22 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 18 Apr 2003 09:32:22 -0700 Subject: [1st amend] Boycott Wal-Mart: They pressured a web site to close Message-ID: <3EA02896.4040407@cdc.gov> A website that urged visitors to lower prices for grocery items by substituting bar codes shut itself down after pressure from Wal-Mart. The site's operators, a group of tech-savvy political activists, decided to close the site Wednesday after contacts between their lawyer and those of Wal-Mart , the world's largest retailer. http://wired.com/news/business/0,1367,58528,00.html From gbnewby at ils.unc.edu Fri Apr 18 07:15:04 2003 From: gbnewby at ils.unc.edu (Greg Newby) Date: Fri, 18 Apr 2003 10:15:04 -0400 Subject: HoneyNet Looks to Stick Hackers In-Reply-To: References: Message-ID: <20030418141504.GH13765@ils.unc.edu> On Thu, Apr 17, 2003 at 04:35:10PM -0400, Tyler Durden wrote: > > Anyone know what kind of encryption is being discussed below? (ie, that > hackers use to communicate with each other) > > -TD rot13? No, just kidding. I think they might be talking about capturing ssh sessions to and from the HoneyNet server. Not quite the way it was presented below... The HoneyNet crew is very clever and capable, but I don't think they're doing encryption research. -- Greg > > > > HoneyNet Looks to Stick Hackers > > -------------------------------------------------------------------------------- > > Online vandals and stalkers beware. A group of security professionals > called The HoneyNet Project, has just made it easier for law enforcement to > stealthily track the behavior of online evil-doers. > > On Monday, the volunteer group, which consists of two dozen computer > security, information intelligence, and psychology professionals, released > the second version of its how-to-build-a-honeynet software, a tool used > by law enforcement and others interested in security issues to track the > behavior of hackers. > > For those folks not down with security lingo, a honeynet expands on the > concept of a honeypot, a software application that pretends to be a > server on the Internet and lures unsuspecting hackers to it. A honeynet > is a collection of these honeypots networked together. When hackers (or > blackhats, as theyre known in security circles) enter the honeynet, they > are watched closely by a combination of surveillance technologies. > > Youre really playing with fire in this type of environment, says Lance > Spitzner, a security architect at Sun Microsystems Inc. (Nasdaq: SUNW - > message board) and founder of the four-year old HoneyNet Project. The > whole point is to observe the bad guys as they go about their work in a > controlled setting without them knowing it. > > The way it works is an intrusion-detection system triggers a virtual alarm > whenever an attacker breaches security on one of the networked computers. > Meanwhile, an administrator watches everything the intruder types, from > commands to emails to chat sessions. A separate firewall is set up to cut > the hacker off from the Internet anytime he tries to attack another system > from the honeynet. > > Proponents say the latest HoneyNet release includes the following > improvements over previous versions: > > > The software is prepackaged for easy setup and comes for installation on a > single server. > > > A new utility called Honey Inspector, which will be released soon, will > allow honeypots within the honeynet to be managed and analyzed through a > graphical user interface. Eventually, the HoneyNet Project expects to > release a bootable CD-ROM that will make installing its version of a > honeynet even easier. > > > Software includes improvements for breaking encryption codes that hackers > often use to communicate with each other. > > > The designers claim to have made it harder for hackers to detect that > theyve been lured into a honeynet. In the previous version of software, > all the surveillance was done at Layer 3. Hackers had to pass through a > Layer 3 gateway when entering the honeynet, which often tipped them off to > what was happening. But now HoneyNet uses a Layer 2 bridging gateway, > making any surveillance invisible to the hacker. > > > The upgrade includes an enhanced firewall that blocks harmful attacks, > while still allowing hackers to communicate with their associates outside > the honeynet. The longer we can keep them in the honeynet without them > realizing what is going on, the more information we can gather, says > Spitzner. We want them talking to their buddies on the Internet, but we > dont want them causing anymore harm. > > So are the Honeynet Project volunteers some sort of cyber police force? Not > at all. The not-for-profit groups only purpose is to observe and learn > about hacker behavior and share that information with the public. Thats > not to say that the information and tools gathered cant be used to catch > bad guys. Government agencies like the United States Department of Homeland > Security and the Federal Bureau of Investigation (FBI) already use HoneyNet > Project information and techniques in their work. > > The HoneyNet Project is not designed for commercial use, according to > Spitzner. He says it wouldnt make much sense for an enterprise to spend > the resources to build such a network. But network security might use the > tools to learn more about hackers and recommend strategies to clients. > > All software on the HoneyNet Project Website is free to download by anyone. > For more information, go to The HoneyNet Project. > > Marguerite Reardon, Senior Editor, Light Reading > > > > > > > _________________________________________________________________ > Tired of spam? Get advanced junk mail protection with MSN 8. > http://join.msn.com/?page=features/junkmail From mv at cdc.gov Fri Apr 18 11:14:16 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 18 Apr 2003 11:14:16 -0700 Subject: Who needs Padilla when you have FedEx? Message-ID: <3EA04078.C21DBC20@cdc.gov> Date and Place--January 2, 2002, Federal Express facility at New Orleans International Airport, in Kenner, Louisiana. Nature and Probable Consequences--A package containing iridium-192 (Ir-192) with elevated surface radiation levels was discovered at the Federal Express facility located at the New Orleans airport. The package was identified as a routine shipment for Source Production and Equipment Company (SPEC), located in St. Rose, Louisiana. The total activity was 366 terabecquerels (TBq) (9893 curies (Ci)). [IE the activity of 9 kilos of radium-226] http://cryptome.org/nrc041803.txt (look for SAFKEG) From eresrch at eskimo.com Fri Apr 18 11:47:41 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Fri, 18 Apr 2003 11:47:41 -0700 (PDT) Subject: Who needs Padilla when you have FedEx? In-Reply-To: <3EA04078.C21DBC20@cdc.gov> Message-ID: Pretty impressive how little radiation dose the exposed people got for how hot that is! But it does show you should try to hijack cargo planes instead of passenger planes if you really want to create som havoc. Patience, persistence, truth, Dr. mike On Fri, 18 Apr 2003, Major Variola (ret) wrote: > Date and Place--January 2, 2002, Federal Express facility at New > Orleans International Airport, in Kenner, Louisiana. > Nature and Probable Consequences--A package containing iridium-192 > (Ir-192) with elevated surface radiation levels was discovered at the > Federal Express facility located at the New Orleans airport. The > package was identified as a routine shipment for Source Production and > Equipment Company (SPEC), located in St. Rose, Louisiana. > > The total activity was 366 terabecquerels (TBq) (9893 curies (Ci)). > > [IE the activity of 9 kilos of radium-226] > > http://cryptome.org/nrc041803.txt > (look for SAFKEG) From timcmay at got.net Fri Apr 18 13:04:01 2003 From: timcmay at got.net (Tim May) Date: Fri, 18 Apr 2003 13:04:01 -0700 Subject: Quarantines may be justified In-Reply-To: <3EA025F0.1020406@cdc.gov> Message-ID: On Friday, April 18, 2003, at 09:21 AM, Major Variola (ret) wrote: > http://www.nytimes.com/2003/04/18/science/sciencespecial/ > 18INFE.html?ex=1051243200&en=c0c66bc035169a16&ei=5062&partner=GOOGLE > > They put a police guard on one patient at a hospital and have hired > private security investigators to check on people in isolation. > > "This is a time when the needs of a community outweigh those of a > single person." > Ontario's health minister, Tony Clement > I will make what some here will probably think is a totalitarian sentiment: under extreme conditions, I support quarantine measures. Better yet, those seeking to avoid a disease should self-quarantine or isolate themselves. Or wear masks (I have a plentiful supply of 3M N95 respirators, for example...better to buy them when they are dirt cheap, ahead of an emergency, than to be scrambling to buy them later). A person who is known to be communicable is committing a kind of assault by spraying germs around. (Assuming the medical condition is as described.) Though it is a serious step to limit a person's freedom to move about on public property, this is one of the few cases, along with imprisonment for criminal convictions, where it is justified. I will gladly make this trade of liberties: * roll back all of the bullshit laws designed to protect people from themselves: laws against smoking, laws against other drugs, laws banning sexual practices. And get rid of 90% of all government functions and staff in general: roll things back to 1925 levels, in terms of percentages. (I would favor reducing government further, but 1925 levels would be a great start.) in exchange for: * infectious, communicable diseases may need quarantines Provided the quarantine is only for medical reasons, and is never used to isolate people as punishment, for political reasons, for economic reasons, etc., it's an extreme measure which is consistent, I believe with the Constitution. (And with anarchocapitalist principles, if we had such a system: one's insurers would likely insist on quarantine as a condition for continued coverage, for example.) A larger principle is that those who are in risky locations and/or social situations pay for their increased risk. So a person in Kansas should not pay for my earthquake risks, nor I for his tornado risks. A person living in Oregon, where essentially few natural risks exist, would be rewarded for his choice and a person living in hurricane country would be punished for his choice. Likewise, with disease. --Tim May "The only purpose for which power can be rightfully exercised over any member of a civilized community, against his will, is to prevent harm to others. His own good, either physical or moral, is not a sufficient warrant." --John Stuart Mill From mv at cdc.gov Fri Apr 18 14:16:40 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 18 Apr 2003 14:16:40 -0700 Subject: Quarantines may be justified Message-ID: <3EA06B37.E91BE492@cdc.gov> At 01:04 PM 4/18/03 -0700, Tim May wrote: >On Friday, April 18, 2003, at 09:21 AM, Major Variola (ret) wrote: > >> http://www.nytimes.com/2003/04/18/science/sciencespecial/ >> 18INFE.html?ex=1051243200&en=c0c66bc035169a16&ei=5062&partner=GOOGLE >> >> They put a police guard on one patient at a hospital and have hired >> private security investigators to check on people in isolation. >I will make what some here will probably think is a totalitarian >sentiment: under extreme conditions, I support quarantine measures. Actually, I was hoping someone would pick up on the "hiring PIs" part. In the US, a PI hired by the State should be subject to the restraints on govt in the Constitution etc. However the US regime frequently hires private entities (e.g., databases, "civilian" CIA activities) to get around this. Maybe its just a staffing issue and the PIs *are* restricted by whatever passes for a constitution in Canada. I think almost everyone will agree with you IFF the quarantines are reasonable --disease is infectious to randoms, untreatable(?), lethal. And the quarantined are reimbursed (else its govt taking). I do have some problems with the police being able to take temperatures of people on the street (though not at the borders), should medicofascism erupt. You have lost an "anarcho" point :-) by supposing a central ruling medical authority. Each burbclave could have its own (contractually enforced) medical rules. The xian scientists who think disease is mental could demonstrate evolution for the rest of us. The ultraworried (think Howard Hughes) communities could ban entry and travel for even mild colds or not-easily-communicable diseases like HIV. You are actually taking the more reasonable (IMHO) minimal govt ("1925") perspective. Decaf today? :-) From mv at cdc.gov Fri Apr 18 14:22:58 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 18 Apr 2003 14:22:58 -0700 Subject: Military Drops OpenBSD Funding Because of de Raadt's Antiwar Comment Message-ID: <3EA06CB1.5ED60637@cdc.gov> SAN JOSE, Calif. (AP) - The U.S. military's research agency cut off grant money for helping to develop a secure, free operating system after a top programmer made anti-war statements to a major newspaper. The U.S. Defense Advanced Research Projects Agency halted the contract less than two weeks after The Globe and Mail of Toronto published a story in which programmer Theo de Raadt was quoted as saying he was "uncomfortable" about the funding source. "I try to convince myself that our grant means a half of a cruise missile doesn't get built," de Raadt told the newspaper. Within a few days, de Raadt said he received an e-mail from Jonathan Smith, a computer science professor at the University of Pennsylvania and the grant's lead researcher, expressing discomfort over the statements. On Thursday, Smith notified de Raadt of the cancellation. "A tenured professor was telling me not to exercise my freedom of speech," de Raadt said. Smith declined to comment on the matter, and DARPA did not return telephone messages Friday. De Raadt's suspicions about the cancellation could not be confirmed. The $2.3 million grant had funded security improvements to the OpenBSD operating system since 2001 as well as related projects. OpenBSD, a variation of Unix designed for use on servers, is touted as so secure that its default installation has had only one bug in the past seven years. Thousands of copies of OpenBSD have been downloaded in the past six months. It's not clear, however, how many are in use. De Raadt estimates about 85 percent of the DARPA grant has been spent, with about $1 million being used to pay for OpenBSD developers. Much of the work has been handled by a team of 80 unpaid volunteers. Another $500,000 of the money funded the work of United Kingdom-based researchers on a related project called OpenSSL, which is used to encrypt data. DARPA, which oversees research activities for the Pentagon, is best known for developing the network that evolved into the Internet. http://ap.tbo.com/ap/breaking/MGAD9B1KOED.html From frantz at pwpconsult.com Fri Apr 18 14:55:44 2003 From: frantz at pwpconsult.com (Bill Frantz) Date: Fri, 18 Apr 2003 14:55:44 -0700 Subject: Quarantines may be justified In-Reply-To: <3EA06B37.E91BE492@cdc.gov> Message-ID: At 2:16 PM -0700 4/18/03, Major Variola (ret) wrote: >I do have some problems with the police being able to take >temperatures of people on the street (though not at the borders), >should medicofascism erupt. FWIF, According to the morning paper, Singapore is using thermal imaging at the airport to identify people running a fever. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | Due process for all | Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. frantz at pwpconsult.com | American way. | Los Gatos, CA 95032, USA From mv at cdc.gov Fri Apr 18 15:37:26 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 18 Apr 2003 15:37:26 -0700 Subject: Quarantines may be justified Message-ID: <3EA07E26.4B125C09@cdc.gov> At 02:55 PM 4/18/03 -0700, Bill Frantz wrote: >FWIF, According to the morning paper, Singapore is using thermal imaging at >the airport to identify people running a fever. Or growing cannabis under their armpits. From sfurlong at acmenet.net Fri Apr 18 13:38:05 2003 From: sfurlong at acmenet.net (Steve Furlong) Date: Fri, 18 Apr 2003 16:38:05 -0400 Subject: Antibiotics In-Reply-To: References: Message-ID: <200304181638.05117.sfurlong@acmenet.net> On Friday 18 April 2003 16:04, Tim May wrote: > I will make what some here will probably think is a totalitarian > sentiment: under extreme conditions, I support quarantine measures. ... > Though it is a serious step to limit a person's freedom to move about > on public property, this is one of the few cases, along with > imprisonment for criminal convictions, where it is justified. Another of the few powers I'd grant to the US Federal government which aren't spelled out in the Constitution is the ability to regulate the use of antibiotics. Careless use of them can lead to the development of drug-resistent bacteria, which adversely affects the whole population. I'd gladly trade increased governmental oversight of antibiotic usage for elimination of governmental meddling with drugs which don't affect anyone but the taker. -- Steve Furlong Computer Condottiere Have GNU, Will Travel Guns will get you through times of no duct tape better than duct tape will get you through times of no guns. -- Ron Kuby From timcmay at got.net Fri Apr 18 19:09:32 2003 From: timcmay at got.net (Tim May) Date: Fri, 18 Apr 2003 19:09:32 -0700 Subject: Military Drops OpenBSD Funding Because of de Raadt's Antiwar Comment In-Reply-To: <3EA06CB1.5ED60637@cdc.gov> Message-ID: On Friday, April 18, 2003, at 02:22 PM, Major Variola (ret) wrote: > SAN JOSE, Calif. (AP) - The U.S. military's research agency cut off > grant money for helping to develop a secure, free operating system > after > a top programmer made anti-war statements to a major newspaper. > > The U.S. Defense Advanced Research Projects Agency halted the contract > less than two weeks after The Globe and Mail of Toronto published a > story in which programmer Theo de Raadt was quoted as saying he was > "uncomfortable" about the funding source. > > "I try to convince myself that our grant means a half of a cruise > missile doesn't get built," de Raadt told the newspaper. > > Within a few days, de Raadt said he received an e-mail from Jonathan > Smith, a computer science professor at the University of Pennsylvania > and the grant's lead researcher, expressing discomfort over the > statements. > Not enough bugs in OpenBSD. Not enough back doors in OpenBSD. "If you are using OpenBSD, you are computing with Osama." --Tim May From timcmay at got.net Fri Apr 18 19:25:14 2003 From: timcmay at got.net (Tim May) Date: Fri, 18 Apr 2003 19:25:14 -0700 Subject: Antibiotics In-Reply-To: <200304181638.05117.sfurlong@acmenet.net> Message-ID: <2784639C-720E-11D7-B966-000A956B4C74@got.net> On Friday, April 18, 2003, at 01:38 PM, Steve Furlong wrote: > On Friday 18 April 2003 16:04, Tim May wrote: > >> I will make what some here will probably think is a totalitarian >> sentiment: under extreme conditions, I support quarantine measures. > ... >> Though it is a serious step to limit a person's freedom to move about >> on public property, this is one of the few cases, along with >> imprisonment for criminal convictions, where it is justified. > > Another of the few powers I'd grant to the US Federal government which > aren't spelled out in the Constitution is the ability to regulate the > use of antibiotics. Careless use of them can lead to the development of > drug-resistent bacteria, which adversely affects the whole population. > > I'd gladly trade increased governmental oversight of antibiotic usage > for elimination of governmental meddling with drugs which don't affect > anyone but the taker. I don't have a strong view on antibiotics, but to expand on my quarantine point, I think the Founders would consider it ludicrous that "civil rights" arguments might be used to allow someone with typhoid or smallpox or (perhaps) SARS to walk around in public spreading the diseases. This is why I support very limited government, so that true threats and true criminals can be stopped. Let anyone drink themselves to death, smoke themselves to death (or even let their own property be used for smoking), shoot up drugs, have damaging anal sex the way the fags do, and so on. But communicable diseases is/are one of the very few areas where "provide for the common defense" is eminently applicable. Again, provided there is no punishment aspect, no vengeance by the authorities aspect. I support this, even though I am presumably far from being in danger of being infected, for the "Rawlesian" reason that I would want these kinds of measures without knowing in advance my risk of getting the diseases. --Tim May (.sig for Everything list background) Corralitos, CA. Born in 1951. Retired from Intel in 1986. Current main interest: category and topos theory, math, quantum reality, cosmology. Background: physics, Intel, crypto, Cypherpunks From mv at cdc.gov Fri Apr 18 19:34:49 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 18 Apr 2003 19:34:49 -0700 Subject: custerflock optimism Message-ID: <3EA0B5C9.7060202@cdc.gov> When the Roman military fell, the church took power for a thousand years. Iraqi priests are telling the US to, paraphrasing Pink Floyd, "get our their filthy hands off their desert". 3 kilotons of conventional arms: $30,000,000 Grabbing your crotch before shaking hands with Geraldo: Free Getting rid of Hussein and getting a democratically elected Islamic Republic: Priceless For Zionist imperialism, there's a huge military budget. For everything else, there's Mastercard. --- brezhnev took afghanistan begin took beirut galtieri took the union jack and maggie over lunch one day took a cruiser with all hands apparently to make him give it back From mv at cdc.gov Fri Apr 18 19:53:01 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 18 Apr 2003 19:53:01 -0700 Subject: Antibiotics (Libertarian Epidemiology & The State) Message-ID: <3EA0BA0D.6000308@cdc.gov> >Let anyone drink themselves to death, smoke themselves to death (or >even let their own property be used for smoking), shoot up drugs, have >damaging anal sex the way the fags do, and so on. > >But communicable diseases is/are one of the very few areas where >"provide for the common defense" is eminently applicable. You mean "communicable to randoms" not "communicable to those who choose to expose themselves", as in the following example. Everyone out of the gene pool! Festival Is Called Syphilis Threat Officials fear outbreak from annual party in Palm Springs. Expected are 30,000 gay revelers. With 30,000 gay revelers expected for this weekend's "White Party" in Palm Springs a festival famous for sex and substance abuse public health officials and some gay leaders worry openly that it will fan an epidemic of syphilis. http://www.latimes.com/news/local/la-me-party18apr18,1,3177921.story?coll=la%2Dhome%2Dtodays%2Dtimes A case more interesting to libertarian epidemiologists involves fetuses and their state-owned incubators, er, female-type citizen-units: HIV Testing Urged in All Pregnancies Federal health officials will unveil a new HIV (news - web sites ) testing strategy today designed to expand screening among pregnant women and about 200,000 others who are infected with the virus but do not know it. The new strategy by the U.S. Centers for Disease Control and Prevention (news - web sites ) specifically urges the testing of all pregnant women, rather than relying upon them to volunteer. http://story.news.yahoo.com/news?tmpl=story&u=/trib/20030418/lo_latimes/hiv_testing_urged_in_all_pregnancies From shaddack at ns.arachne.cz Fri Apr 18 13:46:55 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Fri, 18 Apr 2003 22:46:55 +0200 (CEST) Subject: HoneyNet Looks to Stick Hackers In-Reply-To: Message-ID: On Thu, 17 Apr 2003, Tyler Durden wrote: > HoneyNet Looks to Stick Hackers > --------------------------------------------------------- According to The Register, honeynets could be legally problematic. http://www.theregister.co.uk/content/55/30320.html Wondering how many more unusable laws the Wise Elected Officials will make. Wondering why you have to pass exams for getting a driving licence, but there are no exams for the ability to make laws... From zenadsl6186 at zen.co.uk Fri Apr 18 22:50:02 2003 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Sat, 19 Apr 2003 06:50:02 +0100 Subject: Military Drops OpenBSD Funding Because of de Raadt's Antiwar Comment In-Reply-To: <3EA06CB1.5ED60637@cdc.gov> Message-ID: Major Variola (ret) wrote: > SAN JOSE, Calif. (AP) - The U.S. military's research agency cut off > Another $500,000 of the money funded the work of United Kingdom-based > researchers on a related project called OpenSSL, which is used to > encrypt data. OpenSSH, sshurely. Is that UK-based? OpenSSL might well be, at least sort-of, but OpenSSH? I dunno, but I doubt it. There are potential problems ahead for OpenSSL in the UK. The EU dual-use/ (including crypto) export control regulations might be about to be implemented here, under the Export Control Act 2002,.. but it won't affect the actual releases, just talking about them beforehand... -- Peter Fairbrother From hseaver at cybershamanix.com Sat Apr 19 07:02:30 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Sat, 19 Apr 2003 09:02:30 -0500 Subject: Quarantines may be justified In-Reply-To: References: <3EA025F0.1020406@cdc.gov> Message-ID: <20030419140230.GA22860@cybershamanix.com> On Fri, Apr 18, 2003 at 01:04:01PM -0700, Tim May wrote: > > I will gladly make this trade of liberties: > > * roll back all of the bullshit laws designed to protect people from > themselves: laws against smoking, laws against other drugs, laws > banning sexual practices. And get rid of 90% of all government > functions and staff in general: roll things back to 1925 levels, in > terms of percentages. (I would favor reducing government further, but > 1925 levels would be a great start.) Agreed, except for smoking in public. All smoking in public should be banned. No one has the right to pollute the air I have to breath, in any way. I shouldn't have to breath in or even smell someones else's drug as I walk down the street. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From mv at cdc.gov Sat Apr 19 09:44:27 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Sat, 19 Apr 2003 09:44:27 -0700 Subject: Quarantines may be justified (limits of biochem assault in public) Message-ID: <3EA17CEB.28493297@cdc.gov> At 09:02 AM 4/19/03 -0500, Harmon Seaver wrote: > Agreed, except for smoking in public. All smoking in public should be >banned. No one has the right to pollute the air I have to breath, in any way. I >shouldn't have to breath in or even smell someones else's drug as I walk down >the street. How about smell their perfume? You are not talking about pharmacological effects, but odor. Perfumes are voluntary. Some are even allergic to them. What are the limits? From stuart at realhappy.net Sat Apr 19 09:30:22 2003 From: stuart at realhappy.net (stuart) Date: Sat, 19 Apr 2003 12:30:22 -0400 Subject: Quarantines may be justified In-Reply-To: <20030419140230.GA22860@cybershamanix.com> References: <3EA025F0.1020406@cdc.gov> <20030419140230.GA22860@cybershamanix.com> Message-ID: <1675238252.20030419123022@realhappy.net> On Saturday, April 19, 2003, Harmon came up with this... HS> Agreed, except for smoking in public. All smoking in public should be HS> banned. No one has the right to pollute the air I have to breath, in any way. I HS> shouldn't have to breath in or even smell someones else's drug as I walk down HS> the street. You know, by exhaling, you're releasing dangerous carbon dioxide into air, which is air pollution, so I'm going to propose a bill to prevent you from breathing in public, because you don't have the right to pollute the air I breathe. Smoking in public, that's an easy one to pick on. But the argument holds no water, unfortunately. Find me RELIABLE, UNBIASED evidence that second-hand smoke is actually dangerous, and I'll agree to ban smoking. Everybody's 'second-hand smoke causes cancer' routine is based on a 1992 EPA report that manipulated data to fit their preconceived notion of what was 'bad'. They fit the facts to their hypothesis, not the other way around. They ignored legitimate studies that didn't support their hypothesis and had to actually lower their standards of risk assessment to 'prove' a connection between second-hand smoke and lung cancer. Find some real research by an INDEPENDENT party with real evidence that second-hand smoke causes cancer. Cardiovascular disease is the biggest killer in America. This fraudulent EPA report estimates 3000 people die from second-hand smoke related illness each year. Almost 3000 people die EACH DAY from cardiovascular disease. Let's go over that again: second-hand smoke: 3000 per year cardiovascular disease: almost 3000 PER DAY So why are people trying to ban smoking in public instead of banning McDonalds and Burger King? Getting rid of McDonalds would surely ease America's cardiovascular strain, it would lower health insurance costs, the rest of the world might not consider us the bloated, fat-gorged leech on the ass of humanity, and Brazil might have some more forests. America would be much healthier if instead of eating at McDonalds people went to Subway, even if Subway was filled with chain-smoking nicotine fiends. But I guess it's a lot easier to pick on smoking than fast food. Car exhaust is far worse than cigarette smoke. Ban cars first. Oh wait, that'd be a bit inconvenient, wouldn't it. Wait, I know! Airplanes! They release more toxic fumes than anything! But that'd be inconvenient too. Hmmmm..... VOLCANOES! Yeah, volcanoes release more toxins into the air than the entire industrial revolution did! How do you ban volcanoes, though.... I'm sorry you don't like cigarette smoke. Don't stand downwind. Don't try to ban it, though. Banning. Ick. I'm always very distrustful of people who want to ban things. There are always better ways. -- stuart Anyone who tells you they want a utopia wants to put chains on the souls of your children. They want to deny history and strangle any unforeseen possibility. They should be resisted to the last breath. -Bruce Sterling- From hseaver at cybershamanix.com Sat Apr 19 11:54:57 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Sat, 19 Apr 2003 13:54:57 -0500 Subject: Quarantines may be justified In-Reply-To: <1675238252.20030419123022@realhappy.net> References: <3EA025F0.1020406@cdc.gov> <20030419140230.GA22860@cybershamanix.com> <1675238252.20030419123022@realhappy.net> Message-ID: <20030419185457.GA22903@cybershamanix.com> On Sat, Apr 19, 2003 at 12:30:22PM -0400, stuart wrote: > On Saturday, April 19, 2003, Harmon came up with this... > > HS> Agreed, except for smoking in public. All smoking in public should be > HS> banned. No one has the right to pollute the air I have to breath, in any way. I > HS> shouldn't have to breath in or even smell someones else's drug as I walk down > HS> the street. > > You know, by exhaling, you're releasing dangerous carbon dioxide into > air, which is air pollution, so I'm going to propose a bill to prevent > you from breathing in public, because you don't have the right to > pollute the air I breathe. Duh! You don't know much about biology, eh? CO2 makes plants grow. Plants and animals interact that way -- they exhale oxygen for us and we exhale CO2 for them. > > Smoking in public, that's an easy one to pick on. But the argument > holds no water, unfortunately. Find me RELIABLE, UNBIASED evidence that > second-hand smoke is actually dangerous, and I'll agree to ban smoking. > I could care less what any report says, I get an immediate sick feeling from breathing tobacco smoke. And a great many other people do as well. (snip) > Car exhaust is far worse than cigarette smoke. Ban cars first. > Oh wait, that'd be a bit inconvenient, wouldn't it. No, actually, banning cars in cities is a great idea. And, as a matter of fact, since I ride a bicycle a lot, I often *do* get a sick feeling from breathing car exhaust, at least from some that are apparantly burning "reformutlated gasoline". > Wait, I know! Airplanes! They release more toxic fumes than anything! > But that'd be inconvenient too. Hmmmm..... Not for me it wouldn't. I'm overjoyed at the prospect of all the airlines going tits up. At least if the USG would let them instead of pumping more subsidies into them. I took my last commercial flight about four years ago -- never again. > VOLCANOES! Yeah, volcanoes release more toxins into the air than the > entire industrial revolution did! How do you ban volcanoes, though.... > Toxins? Particulates, yes, but not many toxins. And you're right, Mother Nature will always win in the end. > I'm sorry you don't like cigarette smoke. Don't stand downwind. > Don't try to ban it, though. "don't stand downwind" -- that's a pretty simplistic answer. Impossible to do when you're moving down the street. The bottom line is this: No one has the right to do something in their space that adversely affects my space, whether it's smoking in public or the farmer next door who sprays pesticides which drift over to my land, or puts chemicals on his land which get into my well. > > Banning. Ick. > I'm always very distrustful of people who want to ban things. > There are always better ways. Sure, I guess I could just walk around with a pellet gun and zap anyone whose smoke bothered me, right? Why not? After all, I'm not really seriously harming them, just more like a temporary annoyance. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From hseaver at cybershamanix.com Sat Apr 19 12:03:58 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Sat, 19 Apr 2003 14:03:58 -0500 Subject: Quarantines may be justified (limits of biochem assault in public) In-Reply-To: <3EA17CEB.28493297@cdc.gov> References: <3EA17CEB.28493297@cdc.gov> Message-ID: <20030419190358.GB22903@cybershamanix.com> On Sat, Apr 19, 2003 at 09:44:27AM -0700, Major Variola (ret) wrote: > At 09:02 AM 4/19/03 -0500, Harmon Seaver wrote: > > Agreed, except for smoking in public. All smoking in public should > be > >banned. No one has the right to pollute the air I have to breath, in > any way. I > >shouldn't have to breath in or even smell someones else's drug as I > walk down > >the street. > > How about smell their perfume? You are not talking about > pharmacological effects, but odor. Perfumes are voluntary. > Some are even allergic to them. What are the limits? No, I am talking about physical effects. I get a definite sick feeling breathing tobacco smoke. And I know large numbers of other people who do as well. Most ex-smokers are very familiar with this. But perfume is another one, not one that bothers me very often but I've known people who got physically sick from the smell of certain perfumes. That's a lot more rare than people who are affected by tobacco smoke tho. The feeling is a lot like the one you got when you smoked your first cigarette as a kid. Both my wife and I get a really unpleasant feeling just walking down the aisle at Home Depot with all the lawn chemicals, in fact my wife, on occasion has had to leave stores that had too many chemical smells. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From sfurlong at acmenet.net Sat Apr 19 11:57:54 2003 From: sfurlong at acmenet.net (Steve Furlong) Date: Sat, 19 Apr 2003 14:57:54 -0400 Subject: Quarantines may be justified In-Reply-To: <20030419140230.GA22860@cybershamanix.com> References: <3EA025F0.1020406@cdc.gov> <20030419140230.GA22860@cybershamanix.com> Message-ID: <200304191457.54743.sfurlong@acmenet.net> On Saturday 19 April 2003 10:02, Harmon Seaver wrote: > ... All smoking in public should > be banned. No one has the right to pollute the air I have to breath, > in any way. Yah. Maj Variola already beat me to the point about perfume. And what about people who don't bathe as often as I think they should? > I shouldn't have to breath in... Feel free to stop any time. No skin off our noses. -- Steve Furlong Computer Condottiere Have GNU, Will Travel Guns will get you through times of no duct tape better than duct tape will get you through times of no guns. -- Ron Kuby From hseaver at cybershamanix.com Sat Apr 19 13:46:33 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Sat, 19 Apr 2003 15:46:33 -0500 Subject: Quarantines may be justified In-Reply-To: <20030419195512.1F9FC2423@localhost.localdomain> References: <3EA025F0.1020406@cdc.gov> <20030419140230.GA22860@cybershamanix.com> <20030419195512.1F9FC2423@localhost.localdomain> Message-ID: <20030419204633.GA23512@cybershamanix.com> On Sat, Apr 19, 2003 at 03:55:06PM -0400, david wrote: > On Saturday 19 April 2003 10:02, Harmon Seaver wrote: > > > > Agreed, except for smoking in public. All smoking in public > > should be banned. No one has the right to pollute the air I have > > to breath, in any way. I shouldn't have to breath in or even > > smell someones else's drug as I walk down the street. > > Public property was paid for by looting private individuals' > pockets or appropriating it directly. The concept of regulating > public activities is pure socialist bullshit. Ordinances > prohibiting or regulating any activity on private property is part > of our creeping nanny state totalitarianism. You fucking dimwit -- public property was all there ever was. Private property is purely a construct of Euro culture, at least in this hemisphere. Who owned the whole fucking continent when the eurotrash expatriates hit the east coast? You really think you *own* a piece of Mother Earth? Guess again when that volcano erupts underneath it. > > Any individual who enforces, or any politician who votes for a law > that uses force to regulate behavior is guilty of initiating force > against anyone affected by the law, and is a deserving target of > retaliation. Any individual who votes for one of these political > scumbags or urges them to enact such a law is also a deserving > target of retaliation. > Some people, like this dumbfuck, don't deserve to be sucking air. "using force to regulate behavior" is wrong? Like if some shithead tries to rob me I can't "regulate" their behavior? Or my village can't hire a professional "regulator" to deal with robbers? Or for that matter, to "regulate" people who smoke in public? -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From david at morningwood.net Sat Apr 19 12:55:06 2003 From: david at morningwood.net (david) Date: Sat, 19 Apr 2003 15:55:06 -0400 Subject: Quarantines may be justified In-Reply-To: <20030419140230.GA22860@cybershamanix.com> References: <3EA025F0.1020406@cdc.gov> <20030419140230.GA22860@cybershamanix.com> Message-ID: <20030419195512.1F9FC2423@localhost.localdomain> On Saturday 19 April 2003 10:02, Harmon Seaver wrote: > > Agreed, except for smoking in public. All smoking in public > should be banned. No one has the right to pollute the air I have > to breath, in any way. I shouldn't have to breath in or even > smell someones else's drug as I walk down the street. Public property was paid for by looting private individuals' pockets or appropriating it directly. The concept of regulating public activities is pure socialist bullshit. Ordinances prohibiting or regulating any activity on private property is part of our creeping nanny state totalitarianism. Any individual who enforces, or any politician who votes for a law that uses force to regulate behavior is guilty of initiating force against anyone affected by the law, and is a deserving target of retaliation. Any individual who votes for one of these political scumbags or urges them to enact such a law is also a deserving target of retaliation. David Neilson From david at morningwood.net Sat Apr 19 14:22:42 2003 From: david at morningwood.net (david) Date: Sat, 19 Apr 2003 17:22:42 -0400 Subject: Quarantines may be justified In-Reply-To: <20030419204633.GA23512@cybershamanix.com> References: <3EA025F0.1020406@cdc.gov> <20030419195512.1F9FC2423@localhost.localdomain> <20030419204633.GA23512@cybershamanix.com> Message-ID: <20030419212246.DC9D6212E@localhost.localdomain> On Saturday 19 April 2003 16:46, Harmon Seaver wrote: >(snip) > Private property is purely a construct of Euro culture, at least > in this hemisphere. Who owned the whole fucking continent when > the eurotrash expatriates hit the east coast? You really think > you *own* a piece of Mother Earth? Guess again when that volcano > erupts underneath it. The concept of, and respect for private property are essential elements of individual liberty. They cannot be separated. There is an inverse proportion between the power the governments have over private property and freedom. > > Any individual who enforces, or any politician who votes for a > > law that uses force to regulate behavior is guilty of > > initiating force against anyone affected by the law (snip) > > (snip) "using force to regulate behavior" is wrong? Like if some > shithead tries to rob me I can't "regulate" their behavior? Or my > village can't hire a professional "regulator" to deal with > robbers? Or for that matter, to "regulate" people who smoke in > public? It is the initiation of force that is wrong. People who try to rob others should have their behavior regulated by being killed by their intended victims. Hiring professionals to deal with robbers is a valid response to the robbers' initiation of force. Killing people who use force to regulate individuals who smoke in public is also a legitimate response to the their initiation of force. David Neilson From david at morningwood.net Sat Apr 19 21:18:26 2003 From: david at morningwood.net (david) Date: Sun, 20 Apr 2003 00:18:26 -0400 Subject: Quarantines may be justified In-Reply-To: <20030419140230.GA22860@cybershamanix.com> References: <3EA025F0.1020406@cdc.gov> <20030419140230.GA22860@cybershamanix.com> Message-ID: <20030420041830.4FDF4212E@localhost.localdomain> On Saturday 19 April 2003 16:46, Harmon Seaver wrote: >(snip) > Private property is purely a construct of Euro culture, at least > in this hemisphere. Who owned the whole fucking continent when > the eurotrash expatriates hit the east coast? You really think > you *own* a piece of Mother Earth? Guess again when that volcano > erupts underneath it. The concept of, and respect for private property are essential elements of individual liberty. They cannot be separated. There is an inverse proportion between the power the governments have over private property and freedom. > > Any individual who enforces, or any politician who votes for a > > law that uses force to regulate behavior is guilty of > > initiating force against anyone affected by the law (snip) > > (snip) "using force to regulate behavior" is wrong? Like if some > shithead tries to rob me I can't "regulate" their behavior? Or my > village can't hire a professional "regulator" to deal with > robbers? Or for that matter, to "regulate" people who smoke in > public? It is the initiation of force that is wrong. People who try to rob others should have their behavior regulated by being killed by their intended victims. Hiring professionals to deal with robbers is a valid response to the robbers' initiation of force. Killing people who use force to regulate individuals who smoke in public is also a legitimate response to the their initiation of force. David Neilson From rah at shipwright.com Sat Apr 19 22:00:02 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 20 Apr 2003 01:00:02 -0400 Subject: Labour to launch ID card - and it'll cost you �25 Message-ID: The Telegraph Labour to launch ID card - and it'll cost you £25 By Colin Brown and Francis Elliott (Filed: 20/04/2003) Everyone in Britain will have to pay around £25 for a compulsory identity card under proposals being put to the cabinet by David Blunkett, the Home Secretary. The "smart" card will identify the holder using iris-recognition technology. Failure to carry the card will not be an offence but police will be able to order people to present it at a police station. The charge is aimed at overcoming resistance to the scheme from the Treasury. Until now Cabinet support for a national compulsory identity card has been outweighed by the Treasury, which has objected to footing the estimated £1.6 billion bill. While forcing people to pay for the card could add to the anticipated objections from human rights campaigners, Mr Blunkett believes that concern about national security is sufficient to ensure that individuals will be prepared to bear the cost. Mr Blunkett is confident that he can win support for the idea of a compulsory card even though previous ministers have failed. One Home Office official said that the threat of international terrorism following the September 11 attacks had tilted public opinion in favour of such a scheme. "The atmosphere has changed," he said. Another official discounted any suggestion that the public would baulk at the cost. "We think that a charge of £25 to £30 would be reasonable for five years and once it is up and running and the initial cost is out of the way, you could then extend the life of the card for 10 years," he said. Senior figures in the Cabinet strongly support the plan for the card, which would use a microchip to hold details including age, place of birth, home address and a personal number to identify the holder. It is also hoped that the card could be used to entitle the holder to a range of state benefits, thereby cutting benefit fraud. Mr Blunkett discussed his plan for a national ID card with Tom Ridge, the head of the US Department of Homeland Security, at a meeting in Washington earlier this month. Mr Blunkett agreed to develop a joint programme, using the same technology, with the US, which has already agreed a similar protocol with Canada. Iris recognition - so-called biometric information - is considered a more accurate and fraud-proof system than fingerprint or photo identification. The Home Office has already piloted the use of the technology. The UK Passport Office last year issued 500 passport cards with iris data. In another move to tighten security, ministers are to ban the practice of sending out passports by ordinary mail after a Home Office audit found that some 3,000 are still being "lost in the post" each year. Two years after The Telegraph first highlighted the problem of thousands of missing passports, the Home Office has admitted that 2,982 were lost in the post during 2002. The vast majority are stolen by criminal gangs and sold on to illegal immigrants or possibly terrorists. Beverley Hughes, the immigration minister, has ordered that people applying for a passport must in future pay for them to be sent by recorded delivery, ensuring that someone has to sign for them on receipt. The increased cost of this - up to £5 for each passport - would be borne by the applicant for the passport in increased fees. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From measl at mfn.org Sun Apr 20 06:50:09 2003 From: measl at mfn.org (J.A. Terranson) Date: Sun, 20 Apr 2003 08:50:09 -0500 (CDT) Subject: =?X-UNKNOWN?Q?CDR=3A_Labour_to_launch_ID_card_-_and_it'll?= =?X-UNKNOWN?Q?_cost_you_=A325_=28fwd=29?= Message-ID: According to the article, "Mr Blunkett discussed his plan for a national ID card with Tom Ridge, the head of the US Department of Homeland Security, at a meeting in Washington earlier this month. Mr Blunkett agreed to develop a joint programme, using the same technology, with the US, which has already agreed a similar protocol with Canada." So, apparently Ridge has already decided that (a) Amerikkkans *will* carry ID cards, (b) these cards will be interoperable with cards from other countries, (c) that these other countries should be able to access information on US citizens at will, provided we can do the same to their citizens. Cute. Totally fascist, but cute. I wonder how long they are going to work on this before announcing the good news formally? -- J.A. Terranson sysadmin at mfn.org From hseaver at cybershamanix.com Sun Apr 20 07:03:15 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Sun, 20 Apr 2003 09:03:15 -0500 Subject: Quarantines may be justified In-Reply-To: <20030419212246.DC9D6212E@localhost.localdomain> References: <3EA025F0.1020406@cdc.gov> <20030419195512.1F9FC2423@localhost.localdomain> <20030419204633.GA23512@cybershamanix.com> <20030419212246.DC9D6212E@localhost.localdomain> Message-ID: <20030420140315.GA24668@cybershamanix.com> On Sat, Apr 19, 2003 at 05:22:42PM -0400, david wrote: > On Saturday 19 April 2003 16:46, Harmon Seaver wrote: > > >(snip) > > Private property is purely a construct of Euro culture, at least > > in this hemisphere. Who owned the whole fucking continent when > > the eurotrash expatriates hit the east coast? You really think > > you *own* a piece of Mother Earth? Guess again when that volcano > > erupts underneath it. > > The concept of, and respect for private property are essential > elements of individual liberty. They cannot be separated. There > is an inverse proportion between the power the governments have > over private property and freedom. So the native americans here before 1492 weren't free? They did, of course, have private property -- whatever they could carry with them -- but the land was held in common. The idea that individuals could "own" land was not known to them. > > > > Any individual who enforces, or any politician who votes for a > > > law that uses force to regulate behavior is guilty of > > > initiating force against anyone affected by the law (snip) > > > > (snip) "using force to regulate behavior" is wrong? Like if some > > shithead tries to rob me I can't "regulate" their behavior? Or my > > village can't hire a professional "regulator" to deal with > > robbers? Or for that matter, to "regulate" people who smoke in > > public? > > It is the initiation of force that is wrong. People who try to rob > others should have their behavior regulated by being killed by > their intended victims. You're right, and it's really too bad the indigs here didn't realize soon enough that they needed to kill each and everyone of those euros who landed here and thought they could "own" land. > Hiring professionals to deal with robbers > is a valid response to the robbers' initiation of force. Killing > people who use force to regulate individuals who smoke in public is > also a legitimate response to the their initiation of force. > People can smoke in public if they wear some sort of helmet which contains all the smoke, otherwise they are using force to invade my body and I should have the right to kill them for it. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From mv at cdc.gov Sun Apr 20 09:32:16 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 20 Apr 2003 09:32:16 -0700 Subject: Quarantines may be justified Message-ID: <3EA2CB8F.8A7A1FDD@cdc.gov> At 09:03 AM 4/20/03 -0500, Harmon Seaver wrote: > So the native americans here before 1492 weren't free? They did, of >course, have private property -- whatever they could carry with them -- but the >land was held in common. The idea that individuals could "own" land was not >known to them. This is a white fallacy. If you caught someone hunting on your familial land, you might initiate violence against them. Within the family, resources were shared, but in dealing with other clans, violence certainly occurred. You think some of them lived in fortresses for yucks? Talk to an anthropologist some time. Territoriality is as old as amphibians. From hseaver at cybershamanix.com Sun Apr 20 08:48:54 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Sun, 20 Apr 2003 10:48:54 -0500 Subject: Quarantines may be justified In-Reply-To: References: <20030419185457.GA22903@cybershamanix.com> Message-ID: <20030420154854.GA1151@cybershamanix.com> On Sun, Apr 20, 2003 at 05:25:55PM +0200, Tarapia Tapioco wrote: > Harmon Seaver wrote on April 19th, 2003 at 13:54:57 -0500: > > > On Sat, Apr 19, 2003 at 12:30:22PM -0400, stuart wrote: > > > > > Smoking in public, that's an easy one to pick on. But the argument > > > holds no water, unfortunately. Find me RELIABLE, UNBIASED evidence that > > > second-hand smoke is actually dangerous, and I'll agree to ban smoking. > > > > > > > I could care less what any report says, I get an immediate sick feeling > > from breathing tobacco smoke. And a great many other people do as well. > > Then don't go where there's tobacco smoke. Right. Where is that? It's absolutely impossible to walk or ride a bike down a city street without breathing tobacco smoke. I'm always amazed at how many so-called libertarians don't get the concept that their rights end where my nose begins. Everyone should have the right to enjoy whatever drug they choose -- as long as their use of it doesn't interfere with other people's rights to not use it. So you really think some drug addict has a right to stand on the street getting his fix and at the same time forcing it upon everyone else in the immediate vicinity? I'm amazed that anyone too stupid to understand such a simple concept is even able to type on a keyboard. By the same logic, it should be alright for me to mix up some LSD and DMSO and carry it in a little squirtgun to spray smokers with, right? -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From ben at algroup.co.uk Sun Apr 20 03:41:05 2003 From: ben at algroup.co.uk (Ben Laurie) Date: Sun, 20 Apr 2003 11:41:05 +0100 Subject: Military Drops OpenBSD Funding Because of de Raadt's Antiwar Comment In-Reply-To: References: Message-ID: <3EA27941.5050400@algroup.co.uk> Peter Fairbrother wrote: > Major Variola (ret) wrote: > > >>SAN JOSE, Calif. (AP) - The U.S. military's research agency cut off > > >>Another $500,000 of the money funded the work of United Kingdom-based >>researchers on a related project called OpenSSL, which is used to >>encrypt data. > > > OpenSSH, sshurely. > > Is that UK-based? OpenSSL might well be, at least sort-of, but OpenSSH? I > dunno, but I doubt it. No, OpenSSL - I know, coz I did most of the work. OpenSSH is not a "related project" it is part of OpenBSD. > There are potential problems ahead for OpenSSL in the UK. The EU dual-use/ > (including crypto) export control regulations might be about to be > implemented here, under the Export Control Act 2002,.. but it won't affect > the actual releases, just talking about them beforehand... Amusing. Not. Incidentally, OpenSSL is (currently) hosted in Switzerland, if that matters. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From hseaver at cybershamanix.com Sun Apr 20 10:05:43 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Sun, 20 Apr 2003 12:05:43 -0500 Subject: Quarantines may be justified In-Reply-To: <3EA2CB8F.8A7A1FDD@cdc.gov> References: <3EA2CB8F.8A7A1FDD@cdc.gov> Message-ID: <20030420170543.GA1478@cybershamanix.com> On Sun, Apr 20, 2003 at 09:32:16AM -0700, Major Variola (ret) wrote: > At 09:03 AM 4/20/03 -0500, Harmon Seaver wrote: > > So the native americans here before 1492 weren't free? They did, > of > >course, have private property -- whatever they could carry with them -- > but the > >land was held in common. The idea that individuals could "own" land was > not > >known to them. > > This is a white fallacy. If you caught someone hunting on your familial > land, > you might initiate violence against them. Within the family, resources > were > shared, but in dealing with other clans, violence certainly occurred. > Well, not between clans, certainly tho between various tribes. Territoriality is quite a bit different than dividing it up into individual parcels, however. Nor was it like communism where the government imposes group ownership from above, since they really had essentially no government. It was really a totally different mindset, and one that the euros couldn't even grasp. Nor could the native americans understand the euros -- why would the euros leave the land where their ancestors were buried? Why would they think that any of the local "chiefs" had any authority to speak for anyone except themselves, as in most tribes they only had their own personal charisma to exert any influence on thier "followers". No kings or rulers at all in the european sense, just councils of old men, or more often, old women, who got together and reasoned things out and gave advice. > You think some of them lived in fortresses for yucks? > > Talk to an anthropologist some time. > > Territoriality is as old as amphibians. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From jamesd at echeque.com Sun Apr 20 14:47:45 2003 From: jamesd at echeque.com (James A. Donald) Date: Sun, 20 Apr 2003 14:47:45 -0700 Subject: Quarantines may be justified In-Reply-To: <20030420140315.GA24668@cybershamanix.com> References: <20030419212246.DC9D6212E@localhost.localdomain> Message-ID: <3EA2B311.9427.5995ACD@localhost> -- On 20 Apr 2003 at 9:03, Harmon Seaver wrote: > So the native americans here before 1492 weren't free? > They did, > of > course, have private property -- whatever they could carry > with them -- but the land was held in common. I think you have been reading the fake Chief Seattle speech. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG GJt1bMX4Gutb48wlf55JpviT+q0p1UgTHg6kEmgW 4Go9kT1tgIxGBF48ijkgTJ9lRPs1tcMaNSHN/Ufo6 From timcmay at got.net Sun Apr 20 15:26:56 2003 From: timcmay at got.net (Tim May) Date: Sun, 20 Apr 2003 15:26:56 -0700 Subject: Quarantines may be justified In-Reply-To: <3EA2B311.9427.5995ACD@localhost> Message-ID: <31C57DDD-737F-11D7-B966-000A956B4C74@got.net> On Sunday, April 20, 2003, at 02:47 PM, James A. Donald wrote: > -- > On 20 Apr 2003 at 9:03, Harmon Seaver wrote: >> So the native americans here before 1492 weren't free? >> They did, >> of >> course, have private property -- whatever they could carry >> with them -- but the land was held in common. > > I think you have been reading the fake Chief Seattle speech. > Which one? The one where he wrote the Federalist Papers or the one where he did the Constitution? One of the strongest arguments that Columbus was not the first European in America is the Magna Carta. It's a crass copy of the Qctzlzacopec Codex, written by the wise Aztecs hundreds of years prior to 1215. (Or so I am starting a rumor about.) --Tim May (.sig for Everything list background) Corralitos, CA. Born in 1951. Retired from Intel in 1986. Current main interest: category and topos theory, math, quantum reality, cosmology. Background: physics, Intel, crypto, Cypherpunks From comesefosse at ntani.firenze.linux.it Sun Apr 20 08:25:55 2003 From: comesefosse at ntani.firenze.linux.it (Tarapia Tapioco) Date: Sun, 20 Apr 2003 17:25:55 +0200 (CEST) Subject: Quarantines may be justified In-Reply-To: <20030419185457.GA22903@cybershamanix.com> Message-ID: Harmon Seaver wrote on April 19th, 2003 at 13:54:57 -0500: > On Sat, Apr 19, 2003 at 12:30:22PM -0400, stuart wrote: > > > Smoking in public, that's an easy one to pick on. But the argument > > holds no water, unfortunately. Find me RELIABLE, UNBIASED evidence that > > second-hand smoke is actually dangerous, and I'll agree to ban smoking. > > > > I could care less what any report says, I get an immediate sick feeling > from breathing tobacco smoke. And a great many other people do as well. Then don't go where there's tobacco smoke. > (snip) > > > Car exhaust is far worse than cigarette smoke. Ban cars first. > > Oh wait, that'd be a bit inconvenient, wouldn't it. > > No, actually, banning cars in cities is a great idea. And, as a matter of > fact, since I ride a bicycle a lot, I often *do* get a sick feeling from > breathing car exhaust, at least from some that are apparantly burning > "reformutlated gasoline". Well, most of us normal people _don't_ get sick from minor whiffs of car exhaust. Since you apparently do, I suggest you avoid it. > > I'm sorry you don't like cigarette smoke. Don't stand downwind. > > Don't try to ban it, though. > > "don't stand downwind" -- that's a pretty simplistic answer. Impossible > to do when you're moving down the street. The bottom line is this: No one > has the right to do something in their space that adversely affects my space, > whether it's smoking in public or the farmer next door who sprays pesticides > which drift over to my land, or puts chemicals on his land which get into my > well. Fine. Of course, this means that if I ever smell your farts, or your various odors, or start smelling rotten fish from your wife or daughter, I'll fine you $500 per offense. -- Tom Veil From sfurlong at acmenet.net Sun Apr 20 16:24:55 2003 From: sfurlong at acmenet.net (Steve Furlong) Date: Sun, 20 Apr 2003 19:24:55 -0400 Subject: Rumors In-Reply-To: <31C57DDD-737F-11D7-B966-000A956B4C74@got.net> References: <31C57DDD-737F-11D7-B966-000A956B4C74@got.net> Message-ID: <200304201924.55256.sfurlong@acmenet.net> On Sunday 20 April 2003 18:26, Tim May wrote: > (Or so I am starting a rumor about.) That's nothing. Did you know Hillary Clinton appeared in just a bikini bottom in a 1960's issue of _Playboy_? It was one of the college issues, don't recall which one. I know it's true because I read it on the internet. -- Steve Furlong Computer Condottiere Have GNU, Will Travel Guns will get you through times of no duct tape better than duct tape will get you through times of no guns. -- Ron Kuby From cpunk at lne.com Sun Apr 20 20:00:00 2003 From: cpunk at lne.com (cpunk at lne.com) Date: Sun, 20 Apr 2003 20:00:00 -0700 Subject: Cypherpunks List Info Message-ID: <200304210300.h3L300B4029186@gw.lne.com> Cypherpunks Mailing List Information Last updated: Sep 12, 2002 This message is also available at http://www.lne.com/cpunk Instructions on unsubscribing from the list can be found below. 0. Introduction The Cypherpunks mailing list is a mailing list for discussing cryptography and its effect on society. It is not a moderated list (but see exceptions below) and the list operators are not responsible for the list content. Cypherpunks is a distributed mailing list. A subscriber can subscribe to one node of the list and thereby participate on the full list. Each node (called a "Cypherpunks Distributed Remailer", although they are not related to anonymous remailers) exchanges messages with the other nodes in addition to sending messages to its subscribers. A message posted to one node will be received by the list subscribers on the other nodes, and vice-versa. 1. Filtering The various CDRs follow different policies on filtering spam and to a lesser extent on modifying messages that go to/from their subscribers. Filtering is done, on nodes that do it, to reduce the huge amount of spam that the cypherpunks list is subjected to. There are three basic flavors of filtering CDRs: "raw", which send all messages to their subscribers. "cooked" CDRs try to eliminate the spam on that's on the regular list by automatically sending only messages that are from cypherpunks list subscribers (on any CDR) or people who are replying to list messages. Finally there are moderated lists, where a human moderator decides which messages from the raw list to pass on to subscribers. 2. Message Modification Message modification policy indicates what modifications, if any, beyond what is needed to operate the CDR are done (most CDRs add a tracking X-loop header on mail posted to their subscribers to prevent mail loops). Message modification usually happens on mail going in or out to each CDR's subscribers. CDRs should not modify mail that they pass from one CDR to the next, but some of them do, and others undo those modifications. 3. Privacy Privacy policy indicates if the list will allow anyone ("open"), or only list members, or no one ("private") , to retrieve the subscribers list. Note that if you post, being on a "private" list doesn't mean much, since your address is now out there. It's really only useful for keeping spammers from harvesting addresses from the list software. Digest mode indicates that the CDR supports digest mode, which is where the posts are batched up into a few large emails. Nodes that support only digest mode are noted. 4. Anonymous posting Cypherpunks encourages anonymous posting. You can use an anonymous remailer: http://www.andrebacard.com/remail.html http://anon.efga.org/Remailers http://www.gilc.org/speech/anonymous/remailer.html or you can send posts to the list via cpunks_anon at einstein.ssz.com and your mail's headers will be stripped before posting. Note that this doesn't provide complete anonymity since the receiving site will still have log file entries showing the source of the mail (or you have to trust that they delete them). You also will be 'sharing' a reputation with the other entities that post through this alias, and some of them are spammers, so some subscribers will have this alias filtered. 5. Unsubscribing Unsubscribing from the cypherpunks list: Since the list is run from a number of different CDRs, you have to figure out which CDR you are subscribed to. If you don't remember and can't figure it out from the mail headers (hint: the top Received: line should tell you), the easiest way to unsubscribe is to send unsubscribe messages to all the CDRs listed below. How to figure out which CDR you are subscribed to: Get your mail client to show all the headers (Microsoft calls this "internet headers"). Look for the Sender or X-loop headers. The Sender will say something like "Sender: owner-cypherpunks at lne.com". The X-loop line will say something like "X-Loop: cypherpunks at lne.com". Both of these inticate that you are subscribed to the lne.com CDR. If you were subscribed to the algebra CDR, they would have algebra.com in them. Once you have figured out which CDR you're subscribed to, look in the table below to find that CDRs unsubscribe instructions. 6. Lunatics, spammers and nut-cases "I'm subscribed to a filtering CDR yet I still see lots of junk postings". At this writing there are a few sociopaths on the cypherpunks list who are abusing the lists openness by dumping reams of propaganda on the list. The distinction between a spammer and a subscriber is nearly always very clear, but the dictinction between a subscriber who is abusing the list by posting reams of propaganda and a subscriber who is making lots of controversial posts is not clear. Therefore, we tolerate the crap. Subscribers with a low crap tolerance should check out mail filters. Procmail is a good one, although it works on Unix and Unix-like systems only. Eudora also has a capacity for filtering mail, as do many other mail readers. An example procmail recipie is below, you will of course want to make your own decisions on which (ab)users to filter. # mailing lists: # filter all cypherpunks mail into its own cypherspool folder, discarding # mail from loons. All CDRs set their From: line to 'owner-cypherpunks'. # /dev/null is unix for the trash can. :0 * ^From.*owner-cypherpunks at .* { :0: * (^From:.*ravage at ssz\.com.*|\ ^From:.*jchoate at dev.tivoli.com.*|\ ^From:.*mattd at useoz.com|\ ^From:.*proffr11 at bigpond.com|\ ^From:.*jei at cc.hut.fi) /dev/null :0: cypherspool } 7. List of current CDRs All commands are sent in the body of mail unless otherwise noted. --------------------------------------------------------------------------- Algebra: Operator: Subscription: "subscribe cypherpunks" to majordomo at algebra.com Unsubscription: "unsubscribe cypherpunks" to majordomo at algebra.com Help: "help cypherpunks" to majordomo at algebra.com Posting address: cypherpunks at algebra.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- CCC: Operator: drt at un.bewaff.net Subscription: "subscribe [password of your choice]" to cypherpunks-request at koeln.ccc.de Unsubscription: "unsubscribe " to cypherpunks-request at koeln.ccc.de Help: "help" to to cypherpunks-request at koeln.ccc.de Web site: http://koeln.ccc.de/mailman/listinfo/cypherpunks Posting address: cypherpunks at koeln.ccc.de Filtering policy: This specific node drops messages bigger than 32k and every message with more than 17 recipients or just a line containing "subscribe" or "unsubscribe" in the subject. Digest mode: this node is digest-only NNTP: news://koeln.ccc.de/cbone.ml.cypherpunks Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Infonex: Subscription: "subscribe cypherpunks" to majordomo at infonex.com Unsubscription: "unsubscribe cypherpunks" to majordomo at infonex.com Help: "help cypherpunks" to majordomo at infonex.com Posting address: cypherpunks at infonex.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Lne: Subscription: "subscribe cypherpunks" to majordomo at lne.com Unsubscription: "unsubscribe cypherpunks" to majordomo at lne.com Help: "help cypherpunks" to majordomo at lne.com Posting address: cypherpunks at lne.com Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to lne CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. messages are demimed (MIME attachments removed) when posted through lne or received by lne CDR subscribers 2. leading "CDR:" in subject line removed 3. "Reply-to:" removed Privacy policy: private Info: http://www.lne.com/cpunk; "info cypherpunks" to majordomo at lne.com Archive: http://archives.abditum.com/cypherpunks/index.html (thanks to Steve Furlong and Len Sassaman) --------------------------------------------------------------------------- Minder: Subscription: "subscribe cypherpunks" to majordomo at minder.net Unsubscription: "unsubscribe cypherpunks" to majordomo at minder.net Help: "help" to majordomo at minder.net Posting address: cypherpunks at minder.net Filtering policy: raw Message Modification policy: no modification Privacy policy: private Info: send mail to cypherpunks-info at minder.net --------------------------------------------------------------------------- Openpgp: [openpgp seems to have dropped off the end of the world-- it doesn't return anything from sending help queries. Ericm, 8/7/01] Subscription: "subscribe cypherpunks" to listproc at openpgp.net Unsubscription: "unsubscribe cypherpunks" to listproc at openpgp.net Help: "help" to listproc at openpgp.net Posting address: cypherpunks at openpgp.net Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Ssz: Subscription: "subscribe cypherpunks" to majordomo at ssz.com Unsubscription: "unsubscribe cypherpunks" to majordomo at ssz.com Help: "help cypherpunks" to majordomo at ssz.com Posting address: cypherpunks at ssz.com Filtering policy: raw Message Modification policy: Subject line prepended with "CDR:" Reply-to cypherpunks at ssz.com added. Privacy policy: open Info: http://www.ssz.com/cdr/ --------------------------------------------------------------------------- Sunder: Subscription: "subscribe" to sunder at sunder.net Unsubscription: "unsubscribe" to sunder at sunder.net Help: "help" to sunder at sunder.net Posting address: sunder at sunder.net Filtering policy: moderated Message Modification policy: ??? Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- Pro-ns: Subscription: "subscribe cypherpunks" to majordomo at pro-ns.net Unsubscription: "unsubscribe cypherpunks" to majordomo at pro-ns.net Help: "help cypherpunks" to majordomo at pro-ns.net Posting address: cypherpunks at pro-ns.net Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to local CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. leading "CDR:" in subject line removed 2. "Reply-to:" removed Privacy policy: private Info: http://www.pro-ns.net/cpunk From ravage at einstein.ssz.com Sun Apr 20 19:33:31 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sun, 20 Apr 2003 21:33:31 -0500 (CDT) Subject: Idea: Rogue DNS resolvers In-Reply-To: Message-ID: Hi Thomas, Pretty old news. There are quite a few folks who have been doing this sort of stuff for quite a while. Besides SSZ there is also the .god domain. If you get around to setting something up give me a holler. On Mon, 7 Apr 2003, Thomas Shaddack wrote: > Watching the senseless court fights for domains, DNS hijackings, all kinds > of technical and lawyernical attacks, getting into the way of the people > who just want their informations and want their bookmarks and links from > search engines just-working. Pondering... > > The situation could be alleviated by a few (or a wider network of) > volunteers, running public DNS resolvers (dnscache could be a good > candidate) paired with DNS servers (tinydns is a choice here), with the > "problematic" domains resolvings being set up manually, outside of the > DNS infrastructure. (I don't talk about the alternative root servers now.) > Let's name them RogueDNS (contrary to fully specs-conformant OfficialDNS). > Standard setup, used commonly on LANs when some domains have to resolve to > internal IPs instead of external ones (eg, servers behind the firewall, > accessible from both the LAN and the outside over external IP). > > Example of function: A company (or a country) unleashes their lawyers (or > goons) on somedomain.com, which then gets shut down or repointed to the > companydomain.com. A news about it gets out, together with the patch for > the RogueDNS server definitions. From then, the RogueDNS resolvers answer > queries for the hijacked domain with their original values, though the > OfficialDNS hierarchy now show the officially enforced values (eg, > pointing to the DEA servers with the we-don't-sell-bongs agenda, like in > the recent case of government-hijacked domains of head shops). > > Could be paired together with a webserver specialized to issue > HTTP-REDIRECT responses, for the cases when the server is entirely taken > down but a mirror exists - RogueDNS returns the IP of the redirecting > server, the redirecting server gets the entire URL in the request, looks > up the database of redirects, issues one. > > Can be both centralized, decentralized, or running on end users' machines. > The key problem here are the updates; they can be realized by mailing > lists, or periodic or on-demand queries on a server (or server networks) > using a protocol of choice; this is open for the developers. > > A prototype version, without the HTTP redirector, already worked for my > LAN (standard dnscache/tinydns combination). The HTTP redirector can be > easily implemented using eg. Apache/PHP/MySQL. > Or it can be partially emulated locally, by using hosts file. > > Could it be useful in some scenarios? Does it have the proper ingredients > for eventual wider deployment? Or is it completely unusable? > Ideas welcomed. :) > -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From ravage at einstein.ssz.com Sun Apr 20 19:34:50 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sun, 20 Apr 2003 21:34:50 -0500 (CDT) Subject: Yahoo! News - Pentagon Expects Long-Term Access to Four Key Bases in Iraq (fwd) Message-ID: http://story.news.yahoo.com/news?tmpl=story2&cid=68&ncid=68&e=3&u=/nyt/20030419/ts_nyt/pentagon_expects_long_term_access_to_four_key_bases_in_iraq Now it becomes much clearer...bunch of war mongers. -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From mv at cdc.gov Sun Apr 20 21:35:43 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 20 Apr 2003 21:35:43 -0700 Subject: Internet dies if GPS dies? Message-ID: <3EA3751E.F351B335@cdc.gov> [If GPS dies] "Internet activity would slow to a crawl, because many backbone operators rely on precise GPS time stamps to route data. " http://www.wired.com/wired/archive/11.05/start.html?pg=6 Sounds like bullshit to me, data clocks should be able to run without being fully synched externally, constantly. Maybe very occasional minor glitches at boundaries of clock domains. Any SONET Gurus wanna comment? [The article is full of hysterics like this. What it *doesn't* say is that the rockets have been used to launch OsamaSat, HusseinSat, etc., none of which exist of course, no such hardware here] --- Number theory makes my brain hurt. From ravage at einstein.ssz.com Sun Apr 20 19:37:42 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sun, 20 Apr 2003 21:37:42 -0500 (CDT) Subject: [eff-austin] Cyber War! on Austin's KLRU Thursday, April 24, at 9pm In-Reply-To: Message-ID: New form of warfare? Where have these folks been for the last 10 years? Clearly they've not been doing anything on the net...other than reading their own press releases that is. Spin doctor bullshit. They should check out the Cypherpunks archives for a lot of in depth discussion as well as more than a couple of examples. On Sun, 20 Apr 2003, Carl Webb wrote: > Cyber War! > > https://www.klru.org/ > > [2116small.jpg] [blank.gif] > > A new form of warfare has broken out and the battleground is cyberspace. > In "Cyber War!" airing Thursday, April 24, at 9 P.M. on PBS (check local > listings), FRONTLINE investigates the threat of cyber war and reveals > what the White House knows that the rest of us don't. > > caption: Graduate students at the Naval Postgraduate School learn both > offensive and defensive tactics of cyber war. > > For electronic images, contact Jenna Lowe at (617) 300-3500 or e-mail > jenna_lowe at wgbh.org, > or go > to www.pbs.org/pressroom to download the high-resolution photos. > > Images may only be used in editorial conjunction with the direct > promotion of this film in North America. No other rights are granted. All > rights reserved. > > Photo credit: ) WGBH/FRONTLINE > > [blank.gif] Thursday, April 24, at 9pm, 60 minutes > > In the aftermath of September 11, as most intelligence gathering shifted > to finding Al Qaeda cells throughout the world, one group at the White > House decided to investigate a new threat--attacks from cyberspace. > > "In the past, you would count the number of bombers and the number of > tanks your enemy had. In the case of cyberwar, you really can't tell > whether the enemy has good weapons until the enemy uses them," says > Richard Clarke, former chairman of the White House Critical > Infrastructure Protection Board. > > In "Cyber War!" airing Thursday, April 24, at 9 P.M. on PBS (check local > listings), Clarke and other insiders talk about a new set of warriors who > are fighting on a new American battlefield--cyberspace. In this one-hour > report, FRONTLINE investigates how vulnerable the Internet is to both > virtual and physical attack. > > "The thing that keeps me awake at night is [the thought of] a physical > attack on a U.S. infrastructure...combined with a cyberattack which > disrupts the ability of first responders to access 911 systems," says Ron > Dick, former head of the FBI's National Infrastructure Protection Center. > > The issue of cyberwar first began to command urgent White House attention > after a distinguished group of scientists wrote an open letter to the > president following the Al Qaeda attacks. > > "The critical infrastructure of the United States, including electrical > power, finance, telecommunications, health care, transportation, water, > defense and the Internet, is highly vulnerable to cyberattack. Fast and > resolute mitigating action is needed to avoid national disaster," wrote > the authors of the letter, who included J.M. McConnell, a former head of > the National Security Agency, Stephen J. Lukasik of the Defense Advanced > Research Projects Agency, and Sami Saydjari of the Defense Research > Center. > > "Ultimately, it turned into about fifty-four scientists and > leaders--former national leaders, intelligence community people as > well--sending this letter that makes the case that says, 'We have a > problem here,'" Saydjari tells FRONTLINE. > > In "Cyber War!" FRONTLINE investigates a number of cyberattacks that have > already occurred: "Slammer," which last January took down the Internet in > South Korea and affected 911 systems and the banking system in the United > States, and the "Nimda" virus that quietly attacked Wall Street in 2001. > > "Nimda cost probably three billion dollars," says Clarke. "Had it not > been for the fact that September eleventh was the week before, it would > have been a big news story." > > FRONTLINE also follows efforts by the United States to go on the > offensive. > > "You cannot defend yourself unless you understand how the offense works. > And in so doing, you learn to wage offensives," says John Arquilla, > associate professor of Defense Analysis at the Naval Postgraduate School > in Monterey, California. Arquilla has helped the Department of Defense > develop information warfare strategies utilized in the first Gulf War, > Kosovo, Afghanistan, and in the most recent war with Iraq. > > But many cyberwar experts believe the Internet could be used to launch a > major attack on the nation's infrastructure. > > "What we found on Al Qaeda computers was that members of Al Qaeda were > from outside the United States doing reconnaissance in the United States > on our critical infrastructure," says Clarke. > > One target, experts say, could be the country's electric power grid. By > exploiting vulnerabilities in the supervisory-control and > data-acquisition (SCADA) systems that utility companies use to remotely > monitor and control their operations, American cities could be left in > the dark. > > "You could take down significant pieces of it for let's say operationally > useful periods of time. Penetrating a SCADA system that's running a > Microsoft operating system takes less than two minutes," one cyberwarrior > who spoke on the condition of anonymity tells FRONTLINE. > > Joe Weiss, a control system engineer and executive consultant for KEMA > Inc. reluctantly agrees that the power grid is vulnerable. "A very worst > case could be loss of power for six months or more," says Weiss. > > Clarke, scientists, and some inside the military have tried to convince > Washington that cybersecurity needs to be a priority. They have had > limited success. > > "I think cyberterrorism is a theoretical possibility," says John Hamre, > director of the Center for Strategic and International Studies, a > prestigious military think tank. "Will cyberterrorism be like September > eleventh? No, I don't think so, not right now." > > "Terrorists are after the shock effect of their actions," Hamre adds. > "And it's very hard to see the shock effect when you can't get your ATM > machines to give you twenty dollars." > > But Clarke--who as head of counterterrorism for the Clinton and Bush > administrations was an early voice warning about Al Qaeda in the middle > 1990s--says cyberattacks are imminent. > > "When we have the experts telling us we have a big risk," says Clarke, > "wouldn't it be nice, for once, to get ahead of the power curve, solve > the problem, so there never is the big disaster?" > > Following the broadcast, visit FRONTLINE's Web site at > www.pbs.org/frontline for extended coverage of this story, including: > * Extended interviews with top-level experts on cyberspace security in > private industry, the U.S. government, the intelligence community, > and infrastructure networks; > * A forum with cybersecurity experts from CERT, Akamai, Symantec, and > Sandia Labs who will field questions from viewers; > * A discussion with a master hacker on how tools for computer hacking > can help access systems such as SCADA controls, corporate databases, > and secure government networks; > * Video streaming of "Cyber War!" in both Windows Media and Real > Player, and much more. > > "Cyber War!" is a FRONTLINE co-production with the Kirk Documentary > Group. The writer, producer, and director is Michael Kirk. The > co-producer and reporter is Jim Gilmore. > > FRONTLINE is produced by WGBH Boston and is broadcast nationwide on PBS. > > Funding for FRONTLINE is provided through the support of PBS viewers. > > FRONTLINE is closed-captioned for deaf and hard-of-hearing viewers. > > The executive producer for FRONTLINE is David Fanning. > > Press contacts: > Erin Martin Kane [erin_martin_kane at wgbh.org] > Chris Kelly [chris_kelly at wgbh.org] > (617) 300-3500 > > FRONTLINE XXI/April 2003 > [blank.gif] > about frontline 7 upcoming programs 7 teachers 7 join us 7 contact us > frontline privacy policy 7 pbs online 7 wgbh new content copyright )2001 > pbs online and wgbh/frontline > > [blank.gif] > > ________________________________________________________________________________ > Add photos to your messages with MSN 8. Get 2 months FREE*. > -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From ravage at einstein.ssz.com Sun Apr 20 19:41:03 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sun, 20 Apr 2003 21:41:03 -0500 (CDT) Subject: Quarantines may be justified In-Reply-To: <20030420041830.4FDF4212E@localhost.localdomain> Message-ID: On Sun, 20 Apr 2003, david wrote: > The concept of, and respect for private property are essential > elements of individual liberty. They cannot be separated. There > is an inverse proportion between the power the governments have > over private property and freedom. Actually that's so much whaledreck. They in fact are -not- related at all. In fact if one talks of 'individuals' then -no- concept of 'property' -ever- arises. It is only until one brings in two or more than -any- concept of 'property' has any meaning at all. The connection between 'private freedom' and 'property' is really a strawman. What matters is life, liberty, and the -pursuit of hapiness- and not collecting more 'stuff' than your neighbor. If anything it demonstrates an exception lack of maturity and excessive insecurity. -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From ravage at einstein.ssz.com Sun Apr 20 19:45:48 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sun, 20 Apr 2003 21:45:48 -0500 (CDT) Subject: U.S. Drops 'E-Bomb' On Iraqi TV In-Reply-To: <3E90DA10.A8FB1418@cdc.gov> Message-ID: On Sun, 6 Apr 2003, Major Variola (ret) wrote: > Fact is, if the sheeple weren't so ignorant/afraid, peaceful, > clean uses of nukes could benefit, e.g., excavating canals at > a fraction of the cost/time of conventional work. > > This is economics & physics, with politics smothering the > whole affair. What that is is bullshit, plain and simple. The use of nukes to create canals is just so much wishfull thinking. The impact of even small nukes on the stability of underground structures is -not- a good effect in -any- case. The radiation and storage of contaminated materials would far outweigh any short term savings of cost. There is one and only one place to use nukes, that is where people don't or won't live; and that means not on terra. Use of nukes in extra-terrestrial applications is another entire issue. Unfortunately we have a technology curve to climb before we'll get there. No War. No Killing. No Nuclear Weapons. -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From die at die.com Sun Apr 20 22:21:00 2003 From: die at die.com (Dave Emery) Date: Mon, 21 Apr 2003 01:21:00 -0400 Subject: Internet dies if GPS dies? In-Reply-To: <3EA3751E.F351B335@cdc.gov> References: <3EA3751E.F351B335@cdc.gov> Message-ID: <20030421052100.GB6458@pig.die.com> On Sun, Apr 20, 2003 at 09:35:43PM -0700, Major Variola (ret) wrote: > [If GPS dies] "Internet activity would slow to a crawl, because many > backbone operators rely on precise GPS time stamps to route data. " > http://www.wired.com/wired/archive/11.05/start.html?pg=6 > > Sounds like bullshit to me, data clocks should be able to run without > being fully synched externally, constantly. > Maybe very occasional minor glitches at boundaries of clock domains. > Much of the current telcom plant from CDMA cellphones to many high capacity fiber muxes, switches and rings depend on GPS timing and operate with a decentralized timing hierarchy with each major node having its own primary reference locked to GPS time. And CDMA cellsites in particular cannot perform proper handoffs without GPS accuracy timing. Even such technology as low tech as police radio trunking systems and pagers now depend on GPS for accurately synchronizing multiple ("simulcast") transmitters so they don't interfere with each other. It is, however, true that most of these facilities use accurate rubidium or sometimes even cesium clocks as backup for GPS outages and even CDMA cellsites often have high precision ovenized oscillator frequency standards that will meet the timing drift specs for up to a couple of days with no valid GPS signal. And some network facilities can fall back to locking their timing to other facilities (eg the data coming in from a fiber) rather than GPS - it really depends on how much care and thought went into the system design and whether any of the backup timing modes are tested regularly. But yes, GPS time and frequency is VERY widely used, and has revolutionized the timing and synchronizing architectures of many kinds of telcom networks and systems. It ain't 1975 when all timing and frequency for the whole CONUS radiated out of a master oscillator in an underground bunker in Hillsboro Mo, and essentially everything was slaved to it by layers of PLLs and local disciplined oscillators. And having a GPS broadcast time base has made life much easier for system designers - time of day accurate to around 25 ns is now available for less than $1K anywhere you want it with very high reliability as is frequency accurate to parts in 10^13. Back in the old days these were unheard of numbers... with maybe 10 ms timing accuracy being considered good. And yes, all of this is to some degree or another - sometimes quite severely - vulnerable to a long term GPS outage of hours or days or longer. Virtually all of these GPS timing systems are designed to stand short GPS outages, as they can happen due to sky coverage, satellite failures, or routine maintenance. And yes, malicious jamming is a real threat. What else is new ? -- Dave Emery N1PRE, die at die.com DIE Consulting, Weston, Mass 02493 PGP fingerprint 1024D/8074C7AB 094B E58B 4F74 00C2 D8A6 B987 FB7D F8BA 8074 C7AB From ravage at einstein.ssz.com Mon Apr 21 05:05:24 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Mon, 21 Apr 2003 07:05:24 -0500 (CDT) Subject: China's coders get into shareware - News (fwd) Message-ID: http://asia.cnet.com/newstech/applications/0,39001094,39128484,00.htm -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From sunder at sunder.net Mon Apr 21 07:02:34 2003 From: sunder at sunder.net (Sunder) Date: Mon, 21 Apr 2003 10:02:34 -0400 (edt) Subject: Quarantines may be justified In-Reply-To: <20030419185457.GA22903@cybershamanix.com> Message-ID: And most people find farts offensive. Should everyone be banned from eating beans? Or be forced to wear butt plugs to make you happy? So put on an air filter if the air offends you. If someone wishes to kill themselves with either smoke, drink, or Mickey D's, that's their choice. No one forces you to walk behind them, nor breathe their exhaled smoke, or farts, or car exhaust, live over Radon emitting land, stick your head in a microwave oven and disable the safety switches, etc. You can chose to be where those odors that offend you are not. Just as you can chose to not engage in unprotected sex with VD/HIV carriers, play Russian Roulette, etc. it's up to you to protect yourself. If others chose to endanger their lives and health it is their choice. Either they will wind up killing themselves weeding themselves out of the gene pool and winning a Darwin Award, or their bodies will build up tolerance improving the gene pool. Why should your standards and life choices be used to limit those of others? Who decides whose life choice should define the baseline of everyone's? And why that person? Remember Farenheight 451. Books were burned because not everyone, but someone found something offensive, and since everyone put together pretty much found everything offensive, all books were banned and everyone was forced to be happy by artificial means. That is the slippery slope you ask all humans to take with your stupidly selfish demands. And no, personally, I'm not a smoker. But I take great exception to NYC forcing everyone to quit smoking just because a few morons in power - much like yourself - except that you have no political power (thank the gods for that!), have decided to be the conscience of the public. And personally, if someone wishes to clog their arteries or lungs or destroy their liver with alcohol, or pancreas with sugar, brain cells with aspertame, no one should have to pay for their condition. Neither in welfare, social security, health insurance, nor any other means. And yes, if a corporation decides to poison the environment and their actions make everyone around them sick - without informing them of the dangers, they should be held liable. But things like second hand smoke and obesity are well known to be dangerous, so if someone inhales smoke or fat burgers, that's their life choice. Fuck'em. If someone is spreading SARS, the plague, or running around machine gunning people, they should be dealt with accordingly. But if all they're doing affects only themselves, that's their choice. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :NSA got $20Bil/year |Passwords are like underwear. You don't /|\ \|/ :and didn't stop 9-11|share them, you don't hang them on your/\|/\ <--*-->:Instead of rewarding|monitor, or under your keyboard, you \/|\/ /|\ :their failures, we |don't email them, or put them on a web \|/ + v + :should get refunds! |site, and you must change them very often. --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Sat, 19 Apr 2003, Harmon Seaver wrote: > > > > Smoking in public, that's an easy one to pick on. But the argument > > holds no water, unfortunately. Find me RELIABLE, UNBIASED evidence that > > second-hand smoke is actually dangerous, and I'll agree to ban smoking. > > > > I could care less what any report says, I get an immediate sick feeling from > breathing tobacco smoke. And a great many other people do as well. From bill.stewart at pobox.com Mon Apr 21 10:48:58 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Mon, 21 Apr 2003 10:48:58 -0700 Subject: Quarantines may be justified In-Reply-To: References: <20030420041830.4FDF4212E@localhost.localdomain> Message-ID: <5.1.1.6.2.20030421102421.02c72ab8@idiom.com> At 09:41 PM 04/20/2003 -0500, Jim wrote: >The connection between 'private freedom' and 'property' is really a >strawman. What matters is life, liberty, and the -pursuit of hapiness- >and not collecting more 'stuff' than your neighbor. If anything it >demonstrates an exception lack of maturity and excessive insecurity. It's a difficult problem - claiming that land is your private property implies a willingness to initiate force to enforce your rights, which is different for something like land that you didn't create than for objects that you did create. But if you can't collect "stuff", you can't insure yourself against starving to death in the short term or the more distant future, and governments in during the last century made a habit of declaring that all the land and stuff in a given area was theirs, and either starving the local population to death (if they were totalitarians) or forcing them to leave (if they were merely greedy) or just killing them. If you're looking at the world as a whole, as opposed to just the US and Canada and parts of Western Europe that aren't near Germany, insecurity about such things unfortunately demonstrates a realistic maturity. If you live in a society that guarantees liberty and the pursuit of happiness, you still need to plan for your old age, and you do that by collecting stuff, or by collecting friends and kids who will care for you. Societies that don't let you collect stuff are forcing you to depend on them for your food and housing - not much liberty there. People who are especially good at acquiring and managing stuff can retire at 35 (:-), and people who don't have families to support can argue about whether they've got more liberty or happiness with less stuff (but the classic non-materialistic hippie ethic often involved going back to the land, i.e. you and your friends owning land and farming.) And farmers can never retire, except by having their kids do the work, unless they're in high-value crops like dope that let them acquire lots of stuff... From frantz at pwpconsult.com Mon Apr 21 12:46:21 2003 From: frantz at pwpconsult.com (Bill Frantz) Date: Mon, 21 Apr 2003 12:46:21 -0700 Subject: Quarantines may be justified In-Reply-To: <5.1.1.6.2.20030421102421.02c72ab8@idiom.com> References: <20030420041830.4FDF4212E@localhost.localdomain> Message-ID: At 10:48 AM -0700 4/21/03, Bill Stewart wrote: >It's a difficult problem - claiming that land is your private property >implies a willingness to initiate force to enforce your rights, >which is different for something like land that you didn't create >than for objects that you did create. > >But if you can't collect "stuff", you can't insure yourself against >starving to death in the short term or the more distant future, >and governments in during the last century made a habit of >declaring that all the land and stuff in a given area was theirs, >and either starving the local population to death (if they were totalitarians) >or forcing them to leave (if they were merely greedy) or just killing them. >If you're looking at the world as a whole, as opposed to just the US and >Canada and >parts of Western Europe that aren't near Germany, insecurity about such things >unfortunately demonstrates a realistic maturity. The Scottish land clearances are an interesting case study here. For generations before 1745, the scots lived in clans where the clan leaders depended on landless peasants for agricultural labor and private armies. After the Jacobite revolution, with Bonnie Prince Charlie's claim to the throne, the government tried to suppress the highland clans, banned the private armies, the playing of bagpipes, and the wearing of highland dress. Clan leaders no longer needed the peasants for private armies, and their tenancy became a financial burden. At the same time, the introduction of the potato allowed the population of peasants depending on the clans for support to almost double. These changes, along with increased economic value of wool and mutton, caused the land owners to shift their lands to sheep production. The peasants were either moved to small holdings on the poorest land (called crofts), or shipped abroad. Modern historians estimate that between 50,000 and 100,000 people were removed from the land during the 19th century. The clearances did not proceed without protest, and there were frequent tenant uprisings. However, nothing in Scottish law prevented land lords from clearing their land. In 1886, the government passed the Crofter's Holding Act which provided for security of tenure, fair rents, and the crofter's right to pass the croft through inheritance. On May 3, 2000, the Scottish parliament abolished feudal tenure, ending 900 years of feudalism. [Source: The Lonely Planet, Scotland's Highlands & Islands guidebook] Now for the questions: Who owned the land? The lords? The peasants? Someone else? What does it mean to own land? Are land owners justified in evicting people who have lived on, and worked the land for generations? Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | Due process for all | Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. frantz at pwpconsult.com | American way. | Los Gatos, CA 95032, USA From blancw at cnw.com Mon Apr 21 13:58:05 2003 From: blancw at cnw.com (Blanc) Date: Mon, 21 Apr 2003 13:58:05 -0700 Subject: New Lawsuit from JimB Message-ID: Jim Bell has sent a request that the list be notified of a new complaint to the WA. State Bar which he is composing, a new lawsuit he is filing (up on cryptome: http://cryptome.org/jdb-v-usa-ric.wpd - in WordPerfect format), and a message: "Fortunately, I am still allowed to write and I have learned enough law to write both the lawsuit and the complaint. But to do any good, that writing must be read and acted upon, and that's why I need your help. The news media must be told, and moreover it must be documented that they were told. And, it would help if a lawyer was available to represent my lawsuit, although as I learn more of the law that is becoming less critical. I invite all inquiries along these lines." his address: U.S. Penitentiary Atwater P.O. Box 019001 Atwater, CA 95301 From timcmay at got.net Mon Apr 21 17:39:42 2003 From: timcmay at got.net (Tim May) Date: Mon, 21 Apr 2003 17:39:42 -0700 Subject: Three Cheers for the State - RAH RAH RAH In-Reply-To: Message-ID: On Monday, April 21, 2003, at 04:55 PM, Patrick Chkoreff wrote: > You're on a roll, Mr. Bob Hettinga: > >> ... is a distinction without a difference. Identical to the >> distinction between "pacifism", or "opposition to war", and treason, >> in an actual time of war. > >> Of course, the very concept of tax-free *anything* is anathema to me, >> these days. At the very least, it's just as much a state subsidy as a >> cash grant. > > First, Bob should cut back on his massive cross-posting to his several self-centered groups (including new ones to me: "Philodex Clips" and "dgcchat"). Second, those from other lists who give their hero his "props" (a negro term now being used by many negro wannabees) should do so on lists other than Cypherpunks. Third, I wonder when Bob will stop proliferating "digibucks" and "bearer settlement" and "e$" and "Philodex Clips" and all of his other lists and instead actually _work on_ his "fractally geodesic multi-centered emergent global clearing" b.s. Unless his real career is, as many suspect, just endless self-promotion using the latest snake oil buzzwords. --Tim May From patrick at fexl.com Mon Apr 21 16:55:33 2003 From: patrick at fexl.com (Patrick Chkoreff) Date: Mon, 21 Apr 2003 19:55:33 -0400 Subject: Three Cheers for the State - RAH RAH RAH In-Reply-To: Message-ID: You're on a roll, Mr. Bob Hettinga: > ... is a distinction without a difference. Identical to the > distinction between "pacifism", or "opposition to war", and treason, > in an actual time of war. > Of course, the very concept of tax-free *anything* is anathema to me, > these days. At the very least, it's just as much a state subsidy as a > cash grant. To summarize: - Opposing any war is treason. - Every human activity should be taxed. - Failure to tax is equivalent to subsidy. > Nation-states are a bitch, y'all... And from the above I conclude that you like it that way. > Cheers, > RAH Three cheers for the state, rah rah rah! Digital bearer settlement is treason. -- Patrick "Of all the enemies to public liberty war is, perhaps, the most to be dreaded because it comprises and develops the germ of every other. War is the parent of armies; from these proceed debts and taxes. And armies, and debts, and taxes are the known instruments for bringing the many under the domination of the few. In war, too, the discretionary power of the Executive is extended. ... No nation could preserve its freedom in the midst of continual warfare." James Madison, April 20, 1795 From camera_lumina at hotmail.com Mon Apr 21 18:27:49 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 21 Apr 2003 21:27:49 -0400 Subject: Internet dies if GPS dies? Message-ID: Variola wrote... "[If GPS dies] "Internet activity would slow to a crawl, because many backbone operators rely on precise GPS time stamps to route data. " http://www.wired.com/wired/archive/11.05/start.html?pg=6 Sounds like bullshit to me, data clocks should be able to run without being fully synched externally, constantly. Maybe very occasional minor glitches at boundaries of clock domains. Any SONET Gurus wanna comment?" Sure, but I don't know enough about IP to tell you. SONET networks derive their timing from a STRATUM1 clock, which used to be Cesium but which are increasingly GPS-based. If the STRATUM1 clock "dies", the network can look for another high-quality clock. If it doesn't find one, each NE will go into hold-over, and time of of the internal STRATUM (likely 2e) clock until a good clock reappears. But the time stamps for SONET clocks are in the DS1 overhead, so the packets in the (other) DS1s/DS3s, etc...never "see" that timestamp, unless that timestamp is somehow read by a router and then put into the packets. But does a router even GET timing? (ie, is there a BITS interface on a router? I don't think so.) In any event, if the router gets its timing from the SONET network then there's no problem. If they don't get their timing from SONET, I doubt they get it directly from a GPS. So it sounds like bullshit to me. -TD >From: "Major Variola (ret)" >To: "cypherpunks at lne.com" >Subject: Internet dies if GPS dies? Date: Sun, 20 Apr 2003 21:35:43 -0700 > >[If GPS dies] "Internet activity would slow to a crawl, because many > backbone operators rely on precise GPS time stamps to route data. " >http://www.wired.com/wired/archive/11.05/start.html?pg=6 > >Sounds like bullshit to me, data clocks should be able to run without >being fully synched externally, constantly. >Maybe very occasional minor glitches at boundaries of clock domains. > >Any SONET Gurus wanna comment? > >[The article is full of hysterics like this. What it *doesn't* say >is that the rockets have been used to launch OsamaSat, HusseinSat, >etc., none of which exist of course, no such hardware here] > >--- >Number theory makes my brain hurt. _________________________________________________________________ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 From shaddack at ns.arachne.cz Mon Apr 21 15:16:48 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Tue, 22 Apr 2003 00:16:48 +0200 (CEST) Subject: Patches for SpeakFreely 7.5/Linux for handling of encryption keys Message-ID: In Linux version, the encryption keys are supplied to the sfspeaker and sfmike processes as commandline parameters. This is fundamentally insecure, as the keys are then available for every user and process that can do "ps -ef" or has /proc access. Also, it would be beneficial for many settings if the program could read the keys from an external file. Then the key can be protected on the level of the filesystem, or even by complete hardware removal when not used (eg, storing the keys on a smartcard, removable USB drive, or a floppy). They also can be easier automatically distributed, eg. by scp. I wrote some modifications for version 7.5, which solves both problems. If the key value begins with @, it's interpreted as a file name. After reading the key value, the parameters accessible via /proc and ps are overwritten in memory and destroyed. The patches are tested for only the IDEA encryption, but the code is identical for the other options. The patches for sfmike and sfspeaker are available from . Enjoy. :) Shaddack, the Mad Scientist From shields at msrl.com Mon Apr 21 22:00:23 2003 From: shields at msrl.com (Michael Shields) Date: Tue, 22 Apr 2003 05:00:23 +0000 Subject: Internet dies if GPS dies? In-Reply-To: (Tyler Durden's message of "Mon, 21 Apr 2003 21:27:49 -0400") References: Message-ID: <87smsbnn2w.fsf@mulligatwani.msrl.com> In message , "Tyler Durden" wrote: > But the time stamps for SONET clocks are in the DS1 overhead, so the > packets in the (other) DS1s/DS3s, etc...never "see" that timestamp, > unless that timestamp is somehow read by a router and then put into > the packets. But does a router even GET timing? (ie, is there a BITS > interface on a router? I don't think so.) Routers do not have any ability to take input from a frequency standard, even if you have one available. Each interface recovers clocking from the line, or can use an internal clock. Some discussion of this as it applies to routers running PPP over SONET over dark fiber: http://www.cisco.com/en/US/tech/tk713/tk607/technologies_tech_note09186a0080094bb9.shtml Those routers will operate independently of any external clock. Routers that are connected to a mux (which includes anything DS3 and below) will recover clock from the mux, which will have its own timing interface or internal clock. I'm not a SONET guru, but my understanding is that even with the internal clocks, you would see at worst an occasional error burst for a few ms. No credible engineer would make a network that fell over without GPS anyway, since it's just too easy for someone to accidentally knock over your antenna while installing another, or nick the cable with a saw, or who knows what. In a nutshell, this isn't something I'd worry about. -- Shields. From ravage at einstein.ssz.com Tue Apr 22 04:53:33 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Tue, 22 Apr 2003 06:53:33 -0500 (CDT) Subject: TheStar.com - Pro-U.S. pundits should get real (fwd) Message-ID: http://www.thestar.com/NASApp/cs/ContentServer?pagename=thestar/Layout/Article_Type1&c=Article&cid=1035781079330&call_pageid=968332188854&col=968350060724 -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From camera_lumina at hotmail.com Tue Apr 22 07:15:28 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 22 Apr 2003 10:15:28 -0400 Subject: Internet dies if GPS dies? Message-ID: Michael Shields wrote... "I'm not a SONET guru, but my understanding is that even with the internal clocks, you would see at worst an occasional error burst for a few ms. No credible engineer would make a network that fell over without GPS anyway, since it's just too easy for someone to accidentally knock over your antenna while installing another, or nick the cable with a saw, or who knows what. In a nutshell, this isn't something I'd worry about." SONET Synchronization is not a thing that can easily be discussed in any short amount of time. Synch in a SONET network is "provisioned", NE-by-NE, and if its done right then the chances of timing slips are very low. However, in certain cases you can have a big timing "island", and in this case over the course of days you'll start to see more and more slips until that whole Island pretty much disconnects from the rest of the network. (This can happen when the primary reference fails, and when the reamining NEs all get their timing from each other in a big loop, like a snake eating its tail. The whole clock for this island begins to drift wrt the rest of the network, and in some cases there can eventually be enough slips as to cause some NEs to declare AIS. However, if Synch was provisioned correctly this won't be seen.) The existence of possible timing islands, owever, should not be strongly associated with the loss of GPS. Traditionally, SONET networks use Cesium clocks as their primary reference source.GPSs have only started to proliferate in order to simplify synch. So in order for GPS cancellation to do anything at all to the internet, you'd have to have a network that has no access to ANY stratum1 clock (Cesium or GPS), you'd have to have old NEs in that network (ie, with a poor internal SONET clock), AND you'd have to have a timing island. And even then, only this island would be affected. If this island were in the middle of UUNet, you might see some slowdown. As for routers I'll take it that they can read timing out of the Synch Status Byte (S1 in the SONET overhead), so they'll "know" what the problem is at least (ie, that byte will tell them what the quality of the synch is). If the line clock is bad, I'd guess that the big Cisco routers will go into "holdover" (or whatever router heads call holdover), and that's the time they'll use to stamp the flows with. So, no problem I'm 99.9% sure. (And I'm rarely that sure of anything.) -TD _________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail From kelsey.j at ix.netcom.com Tue Apr 22 08:16:54 2003 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Tue, 22 Apr 2003 11:16:54 -0400 Subject: Quarantines may be justified In-Reply-To: <20030419212246.DC9D6212E@localhost.localdomain> References: <20030419204633.GA23512@cybershamanix.com> <3EA025F0.1020406@cdc.gov> <20030419195512.1F9FC2423@localhost.localdomain> <20030419204633.GA23512@cybershamanix.com> Message-ID: <5.2.0.9.0.20030422104433.045781d0@pop.ix.netcom.com> At 05:22 PM 4/19/03 -0400, david wrote: ... >It is the initiation of force that is wrong. People who try to rob >others should have their behavior regulated by being killed by >their intended victims. In order to distinguish when force has been initiated, you have to have some agreed-upon definitions of rights. The whole argument you're in here about smoking has to do with boundaries of rights. Harmon says your cigarette smoke is a form of assault. This may or may not be valid, but it's certainly possible to come up with kinds of fumes that are a violation of the rights of the people forced to endure them (think of mustard gas, or even the smell of raw sewage), so it's not obviously bogus. In practice, this is an area where simple rights arguments don't work all that well, because there are big areas of gray. >Hiring professionals to deal with robbers >is a valid response to the robbers' initiation of force. Killing >people who use force to regulate individuals who smoke in public is >also a legitimate response to the their initiation of force. How about if whenever I see someone smoking in public, I go stand upwind of them and open my package of Instant Sarin Mix? Which one of us is initiating force? How about if I'm more polite, and merely open my package of Instant Skunk Scent Mix? The issue is where you draw the line, and the problem is that there's no unambiguously right answer. The only way to resolve this peaceably is to have some agreed-upon standards to resolve the gray areas into solid lines. Those agreed-upon standards are sometimes in the form of written laws, sometimes in the form of precedent in case law, and are very often simply the unwritten standards of conduct that most people live by most of the time. And often they need courts of some kind to rule on gray areas that exist even within those rules. >David Neilson --John Kelsey, kelsey.j at ix.netcom.com PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259 From jya at pipeline.com Tue Apr 22 11:56:48 2003 From: jya at pipeline.com (John Young) Date: Tue, 22 Apr 2003 11:56:48 -0700 Subject: New Lawsuit from JimB In-Reply-To: Message-ID: An HTML of Jim's RICO suit: http://cryptome.org/jdb/jdb-v-usa-ric.htm The RICO suit is over twice the length of AP. For those who haven't followed the Bell case and Assassination Politics, here's a link to the Jim Bell and Carl Johnson files: http://cryptomer.org/jdb/jdb-files.htm Jim and his Multnomah County Common Law Court avengers have put together an impressive cast of enemies of the citizenry, many of whom are probably little known here, but whose names and duties pop up in the official records of the Bell trials as in the comprehensive RICO suit. According the WWA prosecutor's web page, Robb London has moved on, perhaps to the gargantuan homeland terrorism upmarket. Not sure where Jeff Gordon is, anybody know? From rah at shipwright.com Tue Apr 22 11:46:31 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 22 Apr 2003 14:46:31 -0400 Subject: Three Cheers for the State - RAH RAH RAH In-Reply-To: References: Message-ID: At 7:55 PM -0400 4/21/03, Patrick Chkoreff attempted to calibrate his apostasy reflex, across three email lists: >You're on a roll, Mr. Bob Hettinga: And you're on a troll, Mr. Patrick Chkoreff? :-). At the very least he either doth protest too much, or at least mistook my meaning. Let's be charitable, and assume the latter, shall we? >> ... is a distinction without a difference. Identical to the >> distinction between "pacifism", or "opposition to war", and treason, >> in an actual time of war. > >> Of course, the very concept of tax-free *anything* is anathema to me, >> these days. At the very least, it's just as much a state subsidy as a >> cash grant. > >To summarize: > >- Opposing any war is treason. Well, if you're the de facto property of one nation-state or another, that's exactly true. Find me someone who isn't, these days. Hint: The very definition of evil these days is the so called "failed" state. >- Every human activity should be taxed. Isn't it already? Certainly I think that *nothing* should be done without profit, that nothing really *is* done without profit to somebody, no matter what its governmental designation, and that *all* economic activity should be taxed if any of it is, and it *will* be, directly in cash, or indirectly in regulation, since we're all the "property" of one nation state or another, whether we say we "own ourselves" or not. So, maybe you're right. When you think about it too hard, Non-Governmental Organizations aren't Non-Governmental, and that Non-Profit isn't. Churches, included, if you remember one of the three(?) original posts you're clipping from. >- Failure to tax is equivalent to subsidy. Given the above, indeed. Think about the implicit government subsidy for medicine (I hate to commit the commie-code neologism "healthcare" in polite company...) by making it tax-deductible on a corporate tax return. Certainly the home interest rate deduction is a subsidy for single housing. Taxes, since nation-states have their guns at our heads and take them whether we want them or not, shouldn't have deductions, if the word "should" has anything to do with it. It "should" not distort the economy anymore than it has to to pay the guys with guns. >> Nation-states are a bitch, y'all... > >And from the above I conclude that you like it that way. I think you mistake a statement of naked fact for approbium. Since the nation-state is caused by physics, I expect that changing physical phenomena is the only way to solve the problem. >Three cheers for the state, rah rah rah! Fancy that. My initials make a cheer. Never heard that one before. >Digital bearer settlement is treason. Possibly. Certainly lots of people, you and others, hope so, apparently. But, hope, as exemplified by one's politics, or ethics, for that matter, doesn't have much to do with it. Like I said, nation-states are caused by physics, not politics. Politics is a result. It is not a cause of anything. These days, I tend to prefer economics, myself, as a reason for doing things. YMMV. Religion, applied fiction, if you will, doesn't make physical reality change anymore except through non-coercive economic means, and I live for the day when politics, whose very modern definition is the control of force monopoly, doesn't either. I figure that suckers are born every minute, if they want to pay money to people who tell them what to think, ethically, or politically, that's fine by me. I'm not resigned to, much less in favor of -- not that what you or I *want* actually matters -- the ubiquity of the nation state or any other monopoly, force or otherwise. Nonetheless, we do live in a world of geographic force monopoly, funded by expropriation and extortion. Like Philip Dick said, reality doesn't change when you change your mind. Part of that expropriation is that nation-states can expropriate your physical person, put you in jail or kill you, for not agreeing with them, much less actively thwarting their behavior, particularly in time of war between nation-states. Part of that extortion is that they can threaten you with every thing from mobs and vigilantism to, again, murder and kidnap you if you don't pay them what they tell you you owe them. Their attempts to do this as efficiently as possible with the least amount of violence, usually through bribery of their supporters and fraud about that bribery as a "public good", do nothing more than sugar-coat the fact of their basic extortion and theft. Life is hard. As I said before, "Nation states are a bitch". Certain financial cryptography protocols hold out the, promise, the *hope*, that functionally anonymous, and completely secure, non-repudiable transactions can be done on ubiquitous geodesic internetworks without the requirement of the monopolistic force of nation-states in order to execute, clear, and settle. Economics, and not politics, will determine the answer to that question. Furthermore, as has been said by Tim May and others, those transactions must, sooner or later, execute, clear, and settle in the face of vigorous *repression* of those transactions, by most, if not all nation-states. Though certainly said as expressions of political opinion by Tim May and others, the efficacy of their survival in the face of such opposition will be the ultimate determinant of their *economic*, their physical -- and not political or ethical -- usefulness. That's not surprising, or, for that matter, hostile to nation-states, per se. Any more than railroads or television are hostile to nation states, even marginal or "failed" ones, like Bhutan, or Somalia, or Afghanistan. Ultimately, however, *if* those transaction technologies work as advertised, orthogonal to the nation-state, if you will, they will have consequences to the nation-state, and, as others have said, might be considered threats. Clearly lots of people *want* them to threaten nation-states, but what people want in the absence of *profit* is, also orthogonal. However, and this is most important, at *every* step of the way these protocols must make money. You can't be like Trotsky and say that the revolution hasn't come *yet*, with "yet" being permanently defined as "not now". That means that, plugged into and collateralized by existing *book-entry* assets, bearer certificates on the net are cheaper than book-entry transactions on public internetworks, much less the considerably more expensive book-entry transactions over the proprietary networks of meatspace. My other claim, contingent on the above admittedly long stretch of conditionals, that bearer transactions on the net, because they execute not only anonymously, but more important, *without* the force monopoly of the nation state, make the transaction costs of nation states, and, ultimately non-monopolistic force contracting itself, fall, and, accordingly, dramatically increase the number of "firms", and competition in markets for force. Anarchocapitalism, right here in River City, folks. Crypto-Anarchy, in other words, but not because nation-states can't *catch* previously illegal transactions, causing their fall and, ultimately, violent chaos, but because their *competition* in newly emerging non-monopolistic force markets reduces their market share -- as the net does to centralized information, the surfacting of markets for force into recursively smaller and smaller market actors, at lower and lower cost, with no loss of, if not actual gains in, total individual security -- and liberty. Finally an even bigger stretch, contingent on all of the above, is the idea that if the above really does happen, it, among other things, would prove something that I've always thought was true, something someone else has probably said before somewhere, though I haven't come across them yet, that our social structures map to our communication networks, and that Moore's "Law", in making our network architectures geodesic makes, in turn, our social structures less hierarchical and more geodesic themselves. That, boys and girls, would be very cool indeed, but we ain't there by a long shot. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue Apr 22 11:46:53 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 22 Apr 2003 14:46:53 -0400 Subject: Three Cheers for the State - RAH RAH RAH In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 5:39 PM -0700 4/21/03, Tim May accused me of pissing in his personal catbox: >First, Bob should cut back on his massive cross-posting to his >several self-centered groups (including new ones to me: "Philodex >Clips" and "dgcchat"). Ah. Theoretically, that's a claim made in the absence of data, at least as far as Mr. May is concerned, because, last time looked, I was in his killfile. Which might still be the case, because, inevitably, when someone replies to something I send to cypherpunks, Tim flames away. :-). Oddly enough, Patrick's libertarian/anarchocapitalist ideological purity flame was actually an original message, which probably proves the point. So, I plead guilty of creating new mailing list, m'lord, though the idea for the new list not exactly new. Philodox Clips is an attempt to put all the forwarded stuff into one list, like I used to do with the now 5-year-defunct e$pam list, only with, heh, more scope. :-). As a firehose of firehoses, it's probably not useful in its present form, but copyright law prevents turning it into a web-archive or an RSS feed. Besides, I'm going to do it anyway, and, apparently, *some* people want to look at it, including Patrick, :-), so I might as well put it in, heh, one place. However, dgcchat at lists.goldmoney.com isn't mine. It's an unmoderated discussion list ostensibly about digital gold currencies hosted, but not controlled by, GoldMoney.com. It's where lots of the original libertarian/anarchocapitalist (hence Patrick's "purity" flame) e-gold types went after several interesting, not to mention litigious, events occurred on and around the original e-gold discussion list, resulting in an unfortunate over-moderation of same. [Think what precipitated the demise of the old cypherpunks list at toad.com, and you'll get something of an idea.] >Second, those from other lists who give their hero his Well, somebody *did* call me a "hyperactive genius saint from the future" once, but I attribute that to, um, misplaced enthusiasm. Certainly the only genius saint from the future *I* know is Tim May, who, by all accounts, is not hyperactive, per se... >"props" (a negro >term now being used by many negro wannabees) should do so on lists >other than Cypherpunks. ...though certainly racist, if not in fact, then in deliberate affect. >Third, I wonder when Bob will stop proliferating "digibucks" and >"bearer settlement" and "e$" and "Philodex Clips" and all of his >other lists and instead actually _work on_ his "fractally geodesic >multi-centered emergent global clearing" That's "functionally anonymous instantaneous internet bearer transactions executing, clearing, and settling on ubiquitous geodesic internetworks", to you, Tim. :-). Besides, none of the above is mine, after all. "Anonymous" is David Chaum. "Geodesic Networks" is Peter Huber. Digital bearer transactions is Nick Szabo. "Immediate and final clearing" is Eric Hughes. "Functionally", and "ubiquitous" I leave as an exercise for the reader. I just stuck it all together in the right order. Nonetheless, I do agree that Making Shit Happen is Hard, even in the best of times. Guilty as charged 'mlord. But Tim knew that, like everything else he currently knows, in 1992. :-). Officially, IBUC is a going concern, but only just. Last revenue was a year ago, and last real revenue was in July 2001. We've got more unpaid bills than Carter's has pills, and we haven't made an interest payment on our outstanding bonds in a year either. I'm living proof that bootstrapping in the absence of revenue is not nearly as easy as it looks. :-). I am looking at ways to generate revenue other ways (which is why the Philodox site is probably going to be retooled, if we can figure out what for or how to do it) to pay both IBUC's bills, and to pay for new stuff to do. Not much luck there, yet, either. Making Shit Happen is Hard, these days, in particular. I'm too stubborn, if not stupid, :-), to quit, though. Of course, it's hard to tell whether I've quit or not given the present pace of things. One of the more humorous definitions of insanity is persistent behavior in the absence of evidence to the contrary, and it's starting to feel like it applies, but that can be said of several people we all know. :-). >b.s. Unless his real career >is, as many suspect, just endless self-promotion using the latest >snake oil buzzwords. It's amazing to me how many people insult others by describing themselves. 'nuff said. Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 - not licensed for commercial use: www.pgp.com iQA/AwUBPqV89sPxH8jf3ohaEQIvmgCfebX4LGBB+QaNcmYh288KpGlQHZ4AoKO8 kTdDAuV48O04xCJ1Vfw4e3+W =J0Ey -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From camera_lumina at hotmail.com Tue Apr 22 12:26:37 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 22 Apr 2003 15:26:37 -0400 Subject: Three Cheers for the State - RAH RAH RAH Message-ID: RAH wrote... "as the net does to centralized information, the surfacting of markets for force into recursively smaller and smaller market actors,..." Ah. I was wondering when a reference to "fractals" would be made. -TD >From: "R. A. Hettinga" >To: Patrick Chkoreff , dgcchat > >CC: cypherpunks at lne.com, Clippable >Subject: Re: Three Cheers for the State - RAH RAH RAH >Date: Tue, 22 Apr 2003 14:46:31 -0400 > >At 7:55 PM -0400 4/21/03, Patrick Chkoreff attempted to calibrate his >apostasy reflex, across three email lists: > > >You're on a roll, Mr. Bob Hettinga: > >And you're on a troll, Mr. Patrick Chkoreff? :-). > >At the very least he either doth protest too much, or at least mistook my >meaning. Let's be charitable, and assume the latter, shall we? > > >> ... is a distinction without a difference. Identical to the > >> distinction between "pacifism", or "opposition to war", and treason, > >> in an actual time of war. > > > >> Of course, the very concept of tax-free *anything* is anathema to me, > >> these days. At the very least, it's just as much a state subsidy as a > >> cash grant. > > > >To summarize: > > > >- Opposing any war is treason. > >Well, if you're the de facto property of one nation-state or another, >that's exactly true. Find me someone who isn't, these days. Hint: > The very >definition of evil these days is the so called "failed" state. > > >- Every human activity should be taxed. > >Isn't it already? Certainly I think that *nothing* should be done without >profit, that nothing really *is* done without profit to somebody, no matter >what its governmental designation, and that *all* economic activity should >be taxed if any of it is, and it *will* be, directly in cash, or indirectly >in regulation, since we're all the "property" of one nation state or >another, whether we say we "own ourselves" or not. So, maybe you're right. > >When you think about it too hard, Non-Governmental Organizations aren't >Non-Governmental, and that Non-Profit isn't. Churches, included, if you >remember one of the three(?) original posts you're clipping from. > > >- Failure to tax is equivalent to subsidy. > >Given the above, indeed. Think about the implicit government subsidy for >medicine (I hate to commit the commie-code neologism "healthcare" in polite >company...) by making it tax-deductible on a corporate tax return. >Certainly the home interest rate deduction is a subsidy for single housing. > >Taxes, since nation-states have their guns at our heads and take them >whether we want them or not, shouldn't have deductions, if the word >"should" has anything to do with it. It "should" not distort the economy >anymore than it has to to pay the guys with guns. > > >> Nation-states are a bitch, y'all... > > > >And from the above I conclude that you like it that way. > >I think you mistake a statement of naked fact for approbium. > >Since the nation-state is caused by physics, I expect that changing >physical phenomena is the only way to solve the problem. > > > >Three cheers for the state, rah rah rah! > >Fancy that. My initials make a cheer. Never heard that one before. > > > >Digital bearer settlement is treason. > >Possibly. Certainly lots of people, you and others, hope so, apparently. > >But, hope, as exemplified by one's politics, or ethics, for that matter, >doesn't have much to do with it. Like I said, nation-states are caused by >physics, not politics. Politics is a result. It is not a cause of anything. >These days, I tend to prefer economics, myself, as a reason for doing >things. YMMV. Religion, applied fiction, if you will, doesn't make physical >reality change anymore except through non-coercive economic means, and I >live for the day when politics, whose very modern definition is the control >of force monopoly, doesn't either. I figure that suckers are born every >minute, if they want to pay money to people who tell them what to think, >ethically, or politically, that's fine by me. > >I'm not resigned to, much less in favor of -- not that what you or I *want* >actually matters -- the ubiquity of the nation state or any other monopoly, >force or otherwise. Nonetheless, we do live in a world of geographic force >monopoly, funded by expropriation and extortion. Like Philip Dick said, >reality doesn't change when you change your mind. > >Part of that expropriation is that nation-states can expropriate your >physical person, put you in jail or kill you, for not agreeing with them, >much less actively thwarting their behavior, particularly in time of war >between nation-states. Part of that extortion is that they can threaten you >with every thing from mobs and vigilantism to, again, murder and kidnap you >if you don't pay them what they tell you you owe them. Their attempts to do >this as efficiently as possible with the least amount of violence, usually >through bribery of their supporters and fraud about that bribery as a >"public good", do nothing more than sugar-coat the fact of their basic >extortion and theft. > >Life is hard. As I said before, "Nation states are a bitch". > > >Certain financial cryptography protocols hold out the, promise, the *hope*, >that functionally anonymous, and completely secure, non-repudiable >transactions can be done on ubiquitous geodesic internetworks without the >requirement of the monopolistic force of nation-states in order to execute, >clear, and settle. > >Economics, and not politics, will determine the answer to that question. > >Furthermore, as has been said by Tim May and others, those transactions >must, sooner or later, execute, clear, and settle in the face of vigorous >*repression* of those transactions, by most, if not all nation-states. > >Though certainly said as expressions of political opinion by Tim May and >others, the efficacy of their survival in the face of such opposition will >be the ultimate determinant of their *economic*, their physical -- and not >political or ethical -- usefulness. That's not surprising, or, for that >matter, hostile to nation-states, per se. Any more than railroads or >television are hostile to nation states, even marginal or "failed" ones, >like Bhutan, or Somalia, or Afghanistan. > >Ultimately, however, *if* those transaction technologies work as >advertised, orthogonal to the nation-state, if you will, they will have >consequences to the nation-state, and, as others have said, might be >considered threats. Clearly lots of people *want* them to threaten >nation-states, but what people want in the absence of *profit* is, also >orthogonal. > >However, and this is most important, at *every* step of the way these >protocols must make money. You can't be like Trotsky and say that the >revolution hasn't come *yet*, with "yet" being permanently defined as "not >now". That means that, plugged into and collateralized by existing >*book-entry* assets, bearer certificates on the net are cheaper than >book-entry transactions on public internetworks, much less the considerably >more expensive book-entry transactions over the proprietary networks of >meatspace. > > >My other claim, contingent on the above admittedly long stretch of >conditionals, that bearer transactions on the net, because they execute not >only anonymously, but more important, *without* the force monopoly of the >nation state, make the transaction costs of nation states, and, ultimately >non-monopolistic force contracting itself, fall, and, accordingly, >dramatically increase the number of "firms", and competition in markets for >force. Anarchocapitalism, right here in River City, folks. > >Crypto-Anarchy, in other words, but not because nation-states can't *catch* >previously illegal transactions, causing their fall and, ultimately, >violent chaos, but because their *competition* in newly emerging >non-monopolistic force markets reduces their market share -- as the net >does to centralized information, the surfacting of markets for force into >recursively smaller and smaller market actors, at lower and lower cost, >with no loss of, if not actual gains in, total individual security -- and >liberty. > > >Finally an even bigger stretch, contingent on all of the above, is the idea >that if the above really does happen, it, among other things, would prove >something that I've always thought was true, something someone else has >probably said before somewhere, though I haven't come across them yet, that >our social structures map to our communication networks, and that Moore's >"Law", in making our network architectures geodesic makes, in turn, our >social structures less hierarchical and more geodesic themselves. > >That, boys and girls, would be very cool indeed, but we ain't there by a >long shot. > >Cheers, >RAH > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus From bill.stewart at pobox.com Tue Apr 22 16:12:34 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Tue, 22 Apr 2003 16:12:34 -0700 Subject: Internet dies if GPS dies? Nah. In-Reply-To: <3EA3751E.F351B335@cdc.gov> Message-ID: <5.1.1.6.2.20030422144939.02c848c8@idiom.com> Variola quoted and commented: > > [If GPS dies] "Internet activity would slow to a crawl, because many > > backbone operators rely on precise GPS time stamps to route data. " > > http://www.wired.com/wired/archive/11.05/start.html?pg=6 > Sounds like bullshit to me, data clocks should be able to run without > being fully synched externally, constantly. There are at least three interesting GPS failure modes - Whole system fails at once - Whole system becomes less accurate - Local areas get jammed The article's talking about a failure mode where the satellites gradually wear out over a couple of years and nobody replaces them. From a telco perspective, this is annoying, because GPS is cheaper and better than what we used to do before we adopted it about 5 years ago, and we've got a few hundred billion dollars less ready cash then we did then, and the people who really knew synchronization well have mostly retired or moved to dotcoms, but we could always hire enough of them back to do the job for a lot less money than it would take to redesign GPS, on the off-chance that we haven't replaced enough of the old phone infrastructure with VOIP for it to simply Not Matter by then. It's not like this is Air Traffic Control. [Summary: If you blew GPS out of the sky without warning, major telco synchronization would degrade a bit but not much, voice calls would be more likely to get noise, but not much, internet connections might have a fractional percent more TCP retransmits, and a random number of things that didn't have other timing sources would break until people fixed them. Cell phone systems are the big telecom uncertainty, and of course Air Traffic Control, nuclear missiles, and similar apps.] As Tyler said, SONET synchronization is a complex topic, and telco synchronization is more complex than that. There are two basically separate problems - timestamping / NTP Network Time Protocol, used by lots of Internet stuff, because ISPs sometimes need to know what time it is. - synchronization used in synchronous telco transmission media, which doesn't care about time of day, just about phase. ISPs care about this because they don't like lots of dropped bits, but it takes a lot of dropped bits to really bother TCP. Everybody uses GPS for everything these days, because they _can_, but high-end GPS equipment is about 5 orders of magnitude more accurate than the most demanding NTP things ISPs use it for, and cheap GPS equipment usually gets you millisecond precision, which is about 3 orders of magnitude more than most things care about, and most of them don't care very much. WWV radio clocks were Really Just Fine, and ISPs who needed better clocking could build decent NTP systems. Routers don't care much about phase, because each T1 or fiber interface usually gets timing from the transmission line independently. Voice transmission equipment cares more about phase, because it uses Time Division Multiplexing to switch the voice bits, so a whole voice switch runs on the same clock source - it it's talking to somebody else whose clock is different and drifts by more than the line buffers can fix, it drops a frame of bits or adds a frame of 0s, which will cause brief noise on voice calls or trash one or two data packets. Telcos care about this because they not only care about voice quality, they have SLAs with customers for the number of errored seconds per day/month/etc. that cost money that cost money if they don't meet them, but it takes a lot to get down to cell-phone-in-traffic quality. Telecom sync equipment is categorized in different strata, and normally a box will have a clock that accepts timing from outside and has a Stratum-N-quality holdover clock inside that's guided by the feed. There are lots of different ways to measure the accuracies of these things. A Stratum 1 clock is whatever master timing source you're using, and a Stratum 2 clock is supposed to be able to hold its own for about 5 days before the first slip and not do more than a slip every couple hours after that. A Stratum 3 clock can slip about 10/hour the first day and 132/hour free-running. SONET needs somewhere between Stratum 3 and Stratum 4 to stay connected. The best timing feeds between buildings run on copper T1s, not fiber. GPS is Stratum 1 quality, as long as you've got a good holdover clock, typically Stratum 2 quality for telco offices. A decade ago, a main AT&T, MCI, or Sprint office would have a feed from a Stratum 1 source, and a Stratum 2 clock of its own, and would feed a bunch of smaller offices which had their own clocks. MCI and Sprint tended to use Loran for some of their timing sources; AT&T used really expensive clocks in main offices, and had more offices. An important concept for AT&T is the Building Integrated Timing Source - there's a master clock for each building that feeds all the hardware. Most of the other professional telcos do something similar; I'm not sure if all the upstart newcomers do. Since then, most AT&T offices have their own GPS clock, except a few percent with Bad Radio Magic or building issues which get fed by other nearby offices. I'm not sure how local telcos get their timing - presumably a similar combination of GPS, local clocks, and feeds. They have more small offices which are closer together, but also the clocks keep getting cheaper. Cellular systems are the main telco case I don't understand; some of the newer systems care much more about timing, but the application that needs the most precision is 911 location, because that needs to triangulate between multiple offices as opposed to just handing off calls at the optimum time to avoid drops. It's possible that something could go wrong here, but I'd guess that cell towers are also more likely to be fed by copper T1s, which would give them excellent sync if they need it. (GPS is also useful for finding the precise location of a tower, which phone-locator ICBM-delivery apps care about, but you only need to do that once; the things don't move except in earthquakes.) at least with some of the newer systems, but I'd be surprised. From timcmay at got.net Tue Apr 22 16:55:56 2003 From: timcmay at got.net (Tim May) Date: Tue, 22 Apr 2003 16:55:56 -0700 Subject: Three Cheers for the State - RAH RAH RAH In-Reply-To: Message-ID: On Tuesday, April 22, 2003, at 11:46 AM, R. A. Hettinga wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > At 5:39 PM -0700 4/21/03, Tim May accused me of pissing in his > personal catbox: > >> First, Bob should cut back on his massive cross-posting to his >> several self-centered groups (including new ones to me: "Philodex >> Clips" and "dgcchat"). > > Ah. Theoretically, that's a claim made in the absence of data, at > least as far as Mr. May is concerned, because, last time looked, I > was in his killfile. How could you _possibly_ look in my killfile? I often discard older killfiles when I change my system, when I change my mailer, etc. My recollection is that you were in my Eudora Pro killfile, but that was a year or so ago. True, mostly I delete your stuff after only reading the first paragraph. The phony "ums" and "ers" and the silliness about "listen, boys and girls," all of this stuff should be edited out. And the content is, um, redundant. And, er, uninteresting. And that, boys and girls, is enough to make me blow milk out my nose. To use another, um, Hettingaism. > Which might still be the case, because, > inevitably, when someone replies to something I send to cypherpunks, > Tim flames away. :-). And the silly use of smileys. > > So, I plead guilty of creating new mailing list, m'lord, though the > idea for the new list not exactly new. Philodox Clips is an attempt > to put all the forwarded stuff into one list, like I used to do with > the now 5-year-defunct e$pam list, only with, heh, more scope. :-). Have as many lists as you like, er, though it, um, seems to be silly to concentrate so much on spamming material to so many seemingly, um, related lists. Ebuscks, Philodex, E$, DCSB...this seems to be your main industry, creating new little mailing lists. > people want to look at it, including Patrick, :-), so I might as well > put it in, heh, one place. > Too many smileys, too many "heh"s and "um"s and "er"s. Bad enough in spoken speech, and utterly pointless in writings. More examples included below. You really ought to consider a major change in your writing style. The smileys and ums and hehs and ers and phony folksiness distracts from what may be your real message. Unless being a certain kind of prose stylist is your goal...in which case I would even _more_ strongly urge you to tighten up your prose. > Well, somebody *did* call me a "hyperactive genius saint from the > future" once, but I attribute that to, um, misplaced enthusiasm. > ... > That's "functionally anonymous instantaneous internet bearer > transactions executing, clearing, and settling on ubiquitous geodesic > internetworks", to you, Tim. :-). > I'm living proof that > bootstrapping in the absence of revenue is not nearly as easy as it > looks. :-). ... > I'm too stubborn, if not stupid, :-), ... > several people we all know. :-). From camera_lumina at hotmail.com Tue Apr 22 14:39:29 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 22 Apr 2003 17:39:29 -0400 Subject: Three Cheers for the State - RAH RAH RAH Message-ID: Thomas Shaddack wrote... "This is enforceable only with purely money-based economy. But there are activities that are done for non-monetary profit: knowledge, experience, fun. Or plain barter. I remove a virus from your computer, you later drop by to repair my TV; barter, no paper trail. Help me and I will help you when you'll need. Instead of shelving out money for expensive courseware, drop by and I'll explain you how TCP/IP works. Then do the same for me with SQL couple weeks later. Skills and knowledge are a kind of capital as well - the kind of ownership no IRS can audit you for." This is actually done systematically done in parts of the US. It's referred to by various names, including a "time bank". Basically, anyone in the community contributes X hours of their skill, which is counted purely as time in hours. They can then "withdraw" an equivalent number of hours from the bank in terms of the goods and services of the other bank memebers. Strangely, in some parts of the country the system has so proliferated some communities that they have issued "money" that can be spent in local shops. This money is "backed" by X hours in the time bank. There're some people who actually collect these time bank tokens. Now for some reason, there was a lot of talk about these time banks back in the mid 90s, but now I rarely hear about them. I wonder if the potential loss of tax revenue was a factor. Hum...it'd be interesting to look at securing one of those local time banks with financial cryptography. -TD >From: Thomas Shaddack >To: "R. A. Hettinga" >CC: Patrick Chkoreff , dgcchat >, >Subject: Re: Three Cheers for the State - RAH RAH RAH >Date: Tue, 22 Apr 2003 22:16:05 +0200 (CEST) > >On Tue, 22 Apr 2003, R. A. Hettinga wrote: > > >- Opposing any war is treason. > > > > Well, if you're the de facto property of one nation-state or another, > > that's exactly true. Find me someone who isn't, these days. > >I refuse to be a property. Whoever handles me as such, gets open >disrespect and either my open refusal to obey, or, in compliance with >Czech national tradition, a hidden refusal to obey[1]. Unique concept of >sabotage by obedience. > >[1] Refer to "The Good Soldier Schweik", local national hero. > >See also http://www.rferl.org/newsline/1999/07/5-NOT/not-090799.html for >the international politics applications. > > > Isn't it already? Certainly I think that *nothing* should be done > > without profit, that nothing really *is* done without profit to > > somebody, no matter what its governmental designation, and that *all* > > economic activity should be taxed if any of it is, and it *will* be, > > directly in cash, or indirectly in regulation, since we're all the > > "property" of one nation state or another, whether we say we "own > > ourselves" or not. So, maybe you're right. > >This is enforceable only with purely money-based economy. But there are >activities that are done for non-monetary profit: knowledge, experience, >fun. Or plain barter. I remove a virus from your computer, you later drop >by to repair my TV; barter, no paper trail. Help me and I will help you >when you'll need. Instead of shelving out money for expensive courseware, >drop by and I'll explain you how TCP/IP works. Then do the same for me >with SQL couple weeks later. Skills and knowledge are a kind of capital >as well - the kind of ownership no IRS can audit you for. > >Tax this. Regulate this. Good luck. _________________________________________________________________ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail From timcmay at got.net Tue Apr 22 18:26:48 2003 From: timcmay at got.net (Tim May) Date: Tue, 22 Apr 2003 18:26:48 -0700 Subject: Three Cheers for the State - RAH RAH RAH In-Reply-To: <200304222027.32292.sfurlong@acmenet.net> Message-ID: On Tuesday, April 22, 2003, at 05:27 PM, Steve Furlong wrote: > On Tuesday 22 April 2003 17:39, Tyler Durden wrote: > >> Hum...it'd be interesting to look at securing one of those local time >> banks with financial cryptography. > > But, but, but...that would be tax fraud. You'd be aiding terrorists. > And > think of the chiiiiildren. And the nexus of taxation is the actual worker (narced out by others), not the means of settlement. The means of settlement is usually cash, folding money, and is not traceable in any plausible way. The attack on off-the-book/under-the-table business transactions is not the clearing mechanism. After all, cash works perfectly well for clearing under-the-table transactions. What nails under-the-table transactions is (rarely, actually) when someone narcs out a partner as a way of getting a lighter sentence. This will all change if cash is ever outlawed, if the Beast insists that all financial transactions be cleared through one of his compliant banks. This is expected to happen soon enough, by more of us than just Xtian Fundies. --Tim May From rah at shipwright.com Tue Apr 22 15:38:10 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 22 Apr 2003 18:38:10 -0400 Subject: Three Cheers for the State - RAH RAH RAH In-Reply-To: References: Message-ID: At 10:16 PM +0200 4/22/03, Thomas Shaddack wrote: >Tax this. Regulate this. Good luck. Try to do it for a living. I.E., buy something. Say, food? ...and don't give me that Karl Marx labor theory of value happy horseshit either. :-). As Rocky the Flying Squirrell said onece, "That trick never works!". Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From sfurlong at acmenet.net Tue Apr 22 17:07:35 2003 From: sfurlong at acmenet.net (Steve Furlong) Date: Tue, 22 Apr 2003 20:07:35 -0400 Subject: Three Cheers for the State - RAH RAH RAH In-Reply-To: References:

Message-ID: <200304222007.35295.sfurlong@acmenet.net> On Tuesday 22 April 2003 18:38, R. A. Hettinga wrote: > Try to do it for a living. I.E., buy something. Say, food? Heh. As the World's Worst Businessman (tm), I can't even buy food when I'm consulting (allegedly) for pay. Good thing I have an employed girlfriend, eh? > As Rocky the Flying Squirrell said onece, "That trick never works!". As Bullwinkle J Moose said once (in the fairly recent live/animated movie, not in the old series), "Kinda makes you feel discouraged." -- Steve Furlong Computer Condottiere Have GNU, Will Travel Guns will get you through times of no duct tape better than duct tape will get you through times of no guns. -- Ron Kuby From sfurlong at acmenet.net Tue Apr 22 17:27:32 2003 From: sfurlong at acmenet.net (Steve Furlong) Date: Tue, 22 Apr 2003 20:27:32 -0400 Subject: Three Cheers for the State - RAH RAH RAH In-Reply-To: References: Message-ID: <200304222027.32292.sfurlong@acmenet.net> On Tuesday 22 April 2003 17:39, Tyler Durden wrote: > Strangely, in some parts of the country the system has so > proliferated some communities that they have issued "money" that can > be spent in local shops. This money is "backed" by X hours in the > time bank. There're some people who actually collect these time bank > tokens. > > Now for some reason, there was a lot of talk about these time banks > back in the mid 90s, but now I rarely hear about them. I wonder if > the potential loss of tax revenue was a factor. The IRS claims jurisdiction over all time banks and barter exchanges. Each participant is required to provide his SSN for reporting, and all transactions must be logged. Taxes must be paid for time worked. > Hum...it'd be interesting to look at securing one of those local time > banks with financial cryptography. But, but, but...that would be tax fraud. You'd be aiding terrorists. And think of the chiiiiildren. -- Steve Furlong Computer Condottiere Have GNU, Will Travel Guns will get you through times of no duct tape better than duct tape will get you through times of no guns. -- Ron Kuby From shaddack at ns.arachne.cz Tue Apr 22 13:16:05 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Tue, 22 Apr 2003 22:16:05 +0200 (CEST) Subject: Three Cheers for the State - RAH RAH RAH In-Reply-To: Message-ID: On Tue, 22 Apr 2003, R. A. Hettinga wrote: > >- Opposing any war is treason. > > Well, if you're the de facto property of one nation-state or another, > that's exactly true. Find me someone who isn't, these days. I refuse to be a property. Whoever handles me as such, gets open disrespect and either my open refusal to obey, or, in compliance with Czech national tradition, a hidden refusal to obey[1]. Unique concept of sabotage by obedience. [1] Refer to "The Good Soldier Schweik", local national hero. See also http://www.rferl.org/newsline/1999/07/5-NOT/not-090799.html for the international politics applications. > Isn't it already? Certainly I think that *nothing* should be done > without profit, that nothing really *is* done without profit to > somebody, no matter what its governmental designation, and that *all* > economic activity should be taxed if any of it is, and it *will* be, > directly in cash, or indirectly in regulation, since we're all the > "property" of one nation state or another, whether we say we "own > ourselves" or not. So, maybe you're right. This is enforceable only with purely money-based economy. But there are activities that are done for non-monetary profit: knowledge, experience, fun. Or plain barter. I remove a virus from your computer, you later drop by to repair my TV; barter, no paper trail. Help me and I will help you when you'll need. Instead of shelving out money for expensive courseware, drop by and I'll explain you how TCP/IP works. Then do the same for me with SQL couple weeks later. Skills and knowledge are a kind of capital as well - the kind of ownership no IRS can audit you for. Tax this. Regulate this. Good luck. From ravage at einstein.ssz.com Tue Apr 22 20:18:40 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Tue, 22 Apr 2003 22:18:40 -0500 (CDT) Subject: Slashdot | More on Cisco Building Surveillance into Routers (fwd) Message-ID: http://yro.slashdot.org/yro/03/04/22/1656215.shtml?tid=158&tid=95&tid=137 -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From rah at shipwright.com Tue Apr 22 20:20:45 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 22 Apr 2003 23:20:45 -0400 Subject: Three Cheers for the State - RAH RAH RAH In-Reply-To: <200304222007.35295.sfurlong@acmenet.net> References:

<200304222007.35295.sfurlong@acmenet.net> Message-ID: At 8:07 PM -0400 4/22/03, Steve Furlong wrote: >As the World's Worst Businessman (tm), Take heart, I think I've got you beat, at the moment. :-). Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue Apr 22 21:02:33 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 23 Apr 2003 00:02:33 -0400 Subject: Three Cheers for the State - RAH RAH RAH In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 4:55 PM -0700 4/22/03, Tim May deigned to flame my prose, pointing out a mild inadvertant conundrum: >> Ah. Theoretically, that's a claim made in the absence of data, at >> least as far as Mr. May is concerned, because, last time looked, I >> was in his killfile. > >How could you _possibly_ look in my killfile? Ah. There you go again, accenting the trivial, while ignoring the substantive. Frankly, forgetting it wasn't September, I expected some undergrad to come running to your logical rescue, but you did so yourself, promptly, in proper adolescent fashion, I might add, with every thing but the "so there" and sticking your tongue out. I knew, reading it as it came back off the list (how's that for self-absorbed?), that that little malaprop would come back and bite me in the ass. Frankly, I was too lazy to fix it. I might have said "heard", of course, instead of "looked", though, literally "looked" was true, since I *see* you, on this list, put me in your kill-file about once a year, every year, since, oh, 1995 or so. So, let's use "heard" instead --metaphorically, of course -- as in "heard" from Mr. May about it, as in publicly "heard". As in repeatedly "heard". As in, dare I say, er, um, redundantly "heard"? Nahhh... that's too lumpy. :-). Frankly, I would never killfile Mr. May, because, at the very least, he provides 9/10ths of the entertainment around here these days, between his affected racism, sexism, anti-semitism, threats of physical violence and genuine paranoia (see Olsen in the .sig, below...), and, like All True Literate Aryans (his word, not mine, folks), he doesn't even use emoticons. ;-). As for me being redundant, guilty as charged, m'lord. Same shit, different day, every day, since heh, May-ish, 1994. That's 18 months less redundancy than October 1992, I suppose. :-P... (See? I have a tongue, too, though I drool a bit when I use it too much.) For entertainment, let's see how fast I can get myself back into Tim's kill-file again, shall we? Let's see if he's read down this far... Hey, Tim, threatened anyone on Usenet with raping their wife and children lately? Cheers, =:-)=- RAH ^^^^^^ (aka BeelzeBob. I'm sooo bad today...) -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 - not licensed for commercial use: www.pgp.com iQA/AwUBPqYP+MPxH8jf3ohaEQIqugCgqUCmfvzy6MvYUAw2sP0Wg/Un6SAAoLaw XCBHnrdSor75B32mO0wJi5zG =XPE5 -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "When I was your age we didn't have Tim May! We had to be paranoid on our own! And we were grateful!" --Alan Olsen From ptrei at rsasecurity.com Wed Apr 23 07:12:19 2003 From: ptrei at rsasecurity.com (Trei, Peter) Date: Wed, 23 Apr 2003 10:12:19 -0400 Subject: RSA Show impressions Message-ID: > Steve Schear[SMTP:schear at attbi.com] > > This year's RSA show was, like it predecessors, mostly a schmooze > event. Shrunk at least 1/3 in floor space from the 2001/2 events, it > certainly reflected the changes in this industry. > Steve: [Don't take this as an Official RSA Statement - it's just my personal opinion. -pt] 1. The floor space - the north half of Moscone - was identical to last year. We sold out the booths months ahead of time. 2. Attendence was up over last year, well over 10,000, with 3,000+ full memberships - again up over last year. > I was surprised and a bit dismayed that I saw few familiar faces. A brief > > talk with Stacy Cannan, of L.J. Kushner, the leading security industry > recruiter, confirmed my suspicions that many senior level people had left > the industry in the past two years. The booths were mostly manned with > the > latest generation of newly graduated fodder. There didn't seem to be much > activity (or smiles for that matter) in most booths. This is probably > reflecting the exit/acquisition of some early players, decreased level of > IT spending, and the increasing impact of open source security > solutions. About the most amusing thing was receiving a "Regime change > begins at home" button from one of the executives. > > steve > I've been going to the conference almost since the start, and while it did not match the euphoria of the dot.com boom period, the atmosphere felt more upbeat than last year (which was just a few months post-911). There is turnover, of course. But many of the old players are still there. I got my 'regime change' button from Bruce Schneier, along with an dedicated copy of 'Secrets and Lies'. (Trivia alert: Bruce was actually the very first vendor at the RSA Conference. At the second one (11 years ago) he set up a card table in the hall and peddled copies of the first edition of "Applied Cryptography".) Peter Trei From camera_lumina at hotmail.com Wed Apr 23 07:28:18 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 23 Apr 2003 10:28:18 -0400 Subject: Three Cheers for the State - RAH RAH RAH Message-ID: >But, but, but...that would be tax fraud. You'd be aiding terrorists. >And >think of the chiiiiildren. Harumph. I take exception to the "fraud" part. No fraud would be involved. It's just brazenly not paying taxes. Oh yeah. A funny picture just occurred to me. If there be any bills, they should have a picture of a homeless Uncle Sam, wearing tattered and torn clothes, with his hand outstretched and his empty palm open, looking for some loose change. -TD _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail From ptrei at rsasecurity.com Wed Apr 23 08:18:28 2003 From: ptrei at rsasecurity.com (Trei, Peter) Date: Wed, 23 Apr 2003 11:18:28 -0400 Subject: Metaswitch cleared by FBI for spying Message-ID: > Ralf-Philipp Weinmann[SMTP:ralf at fimaluka.org] writes: > > Easier still might be porting Nautilus or Speak Freely to the Zaurus or > just using ZMeeting over an IPsec tunnel over a GPRS connection. > > Cheers, > Ralf > I know that there have been projects underway to port SpeakFreely to 802.11 enabled Linux Ipaqs - I think they actually work. Peter Trei From ptrei at rsasecurity.com Wed Apr 23 08:33:09 2003 From: ptrei at rsasecurity.com (Trei, Peter) Date: Wed, 23 Apr 2003 11:33:09 -0400 Subject: date formats (was Re: Single Point of Weakness is in the Work s.Thank you Major Tom.) Message-ID: > Sunder[SMTP:sunder at sunder.net] > > > Guys, let's please change the subject from now on when we are no longer > talking about the original issues. > > > One marketing vp at an old little hole in the wall company used to date > things the european way on purpose, so as to look more sophisticated or > some nonsense. > > Funny how that didn't save the company when the bubble burst. > > I've always preferred YYYY.MM.DD, this way you can sort things very > easily. If you write the names of the months, it doesn't translate well > to other languages, though it may be similar, *AND* more importantly from > a geek perspective, if you do a sort, April shows as the 1st month of the > year, before January - not good. > > If you do the reverse DD.MM.YYYY you can't sort it either since the 1st > day of every month shows up 1st. Dumb. Friendly to non-geeks, but dumb. > > The worst annoyance I've seen is using Unix time as a timestamp on log > dates. It's the most unreadable of all formats. Sorts nicely though, but > what a bitch to read. (Unix time being the number of seconds in decimal > since 1/1/1970.) > > I use YYYYMMDD when automatic sorting may be required, for just that reason. In all others situations, I use DD name_of_month YYYY to disambiguate the format. I grew up in Europe, and moved back to the States after college. I've had long exposure to both formats, and don't automatically assume one or the other. It's gotten worse recently. Since the turn of the century, all three fields are frequently below 13. 04/05/03 or 05/04/03 are very ambiguous. 04/05/2003 is still confusing. 20030405 is good for computers 5 April 2003 is unambiguous. Peter Trei From anonymous at panta-rhei.dyndns.org Wed Apr 23 06:15:10 2003 From: anonymous at panta-rhei.dyndns.org (anonymous at panta-rhei.dyndns.org) Date: 23 Apr 2003 13:15:10 -0000 Subject: New Lawsuit from JimB Message-ID: > According the WWA prosecutor's web page, Robb London > has moved on, perhaps to the gargantuan homeland terrorism > upmarket. Not sure where Jeff Gordon is, anybody know? Yes: we will be posting his new address shortly, along with the name and address of his family doctor. From timcmay at got.net Wed Apr 23 16:30:56 2003 From: timcmay at got.net (Tim May) Date: Wed, 23 Apr 2003 16:30:56 -0700 Subject: Quarantines may be justified In-Reply-To: <5.2.0.9.0.20030422104433.045781d0@pop.ix.netcom.com> Message-ID: On Tuesday, April 22, 2003, at 08:16 AM, John Kelsey wrote: > At 05:22 PM 4/19/03 -0400, david wrote: > ... >> It is the initiation of force that is wrong. People who try to rob >> others should have their behavior regulated by being killed by >> their intended victims. > > In order to distinguish when force has been initiated, you have to > have some agreed-upon definitions of rights. The whole argument > you're in here about smoking has to do with boundaries of rights. > Harmon says your cigarette smoke is a form of assault. This may or > may not be valid, but it's certainly possible to come up with kinds of > fumes that are a violation of the rights of the people forced to > endure them (think of mustard gas, or even the smell of raw sewage), > so it's not obviously bogus. > > In practice, this is an area where simple rights arguments don't work > all that well, because there are big areas of gray. But in practice, in real practice out on the streets, this has never been where the anti-smoking laws have been invoked. No state in the U.S., to my knowledge, bans smoking outside, on public streets. There may be a few places near public congregation areas, near air intakes, etc. There may even be a few isolated cases of towns passing "no smoking anywhere on our streets" laws. But, by and large, the anti-smoking laws are confined to restaurants, office buildings, stores, city offices, and other indoor places. So the real debate is not about Harmon's extreme example of not liking the smell of cigarettes when he walks past a smoker, but the issue of anti-smoking laws in the above examples. And here the issue is about as nearly unambiguous as one can get: it is up to the property owner to decide on smoking policies on his property. This was as it once was, and it worked very well. Some restaurants barred smoking, some permitted it, some set up different sections. Likewise, some companies barrred smoking, some permitted it, some set up smoking lounges, etc. (As a nonsmoker, as one who has never taken a single puff on any kind of cigarette or cigar or pipe, I thought smoking was incredibly wasteful, dirty, and annoying. I used to see engineers and technicians going off to take smoking breaks (they would have argued that their alertness was then raised by the nicotine hit). Whatever my views, it was up to my employer to establish his policies. It was not up to some outside party to tell my employer what to allow and what not to allow.) > How about if whenever I see someone smoking in public, I go stand > upwind of them and open my package of Instant Sarin Mix? Which one > of us is initiating force? How about if I'm more polite, and merely > open my package of Instant Skunk Scent Mix? The issue is where you > draw the line, and the problem is that there's no unambiguously right > answer. > > The only way to resolve this peaceably is to have some agreed-upon > standards to resolve the gray areas into solid lines. Those > agreed-upon standards are sometimes in the form of written laws, > sometimes in the form of precedent in case law, and are very often > simply the unwritten standards of conduct that most people live by > most of the time. And often they need courts of some kind to rule on > gray areas that exist even within those rules. The Schelling point for such rights was agreed-upon a couple of centuries ago with the protection of property rights. My house, my rules. Your house, your rules. Examples like Sarin are not helpful, as they differ massively from the annoyance of smoking. --Tim May "As my father told me long ago, the objective is not to convince someone with your arguments but to provide the arguments with which he later convinces himself." -- David Friedman From timcmay at got.net Wed Apr 23 17:37:22 2003 From: timcmay at got.net (Tim May) Date: Wed, 23 Apr 2003 17:37:22 -0700 Subject: Makeup as low-tech measure against automated face recognition? In-Reply-To: Message-ID: On Wednesday, April 23, 2003, at 04:42 PM, Thomas Shaddack wrote: > Vnity is about as old as mankind. With vanity, various ways come to > change > one's appearance. > > Wider lips. Narrower mouth. Wider eyes. Different shape of eyes. Name a > facial feature, there is a way to enhance or suppress it. > > Face-recognition systems rely on visual appearance. They typically need > edges - edges of mouth, edges of eyes...; one popular algorithm for > indexing a face is recognizing these points and measuring their > distance. > A little amount of properly applied pigment could shift these values by > couple percents. > > So low-tech device a lipstick is could be a potential tool for lowering > the probability of a successful identification by face recognition. > Ladies > often carry many more similar "terrorist tools" in their purses. > > Opinions, comments? These reasons are largely why ear shape, ear-eye-mouth geometry, etc., have been increasingly used in face recognition schemes. It is very difficult to use makeup to modify fundamental geometries over these scales, and fundamental geometries are easy to do math on (using affine or projective geometry, for example). While a woman may be able to change her eye appearance, her lip shape, or even her eyebrow shape, she cannot easily change the affine geometry of ear-nose-eye-chin. Men cannot do even this, lest they be considered fags, but they can of course change beard characteristics...which is why no face recognitions worth a dime to Big Brother use facial hair (or hair style in general) as a determinant. A friend of mine is doing a lot of work with "support vector machines" as generalization of neural nets, Hopfield networks, and other learning systems. Quite amazing how hard it is to hide from such classifiers. A little bit of makeup just doesn't do it, not when these systems have been trained on hundreds of thousands of exemplars with varying amounts of eye shade, eye liner, lipstick, and facial hair alterations. --Tim May "The whole of the Bill [of Rights] is a declaration of the right of the people at large or considered as individuals... It establishes some rights of the individual as unalienable and which consequently, no majority has a right to deprive them of." -- Albert Gallatin of the New York Historical Society, October 7, 1789 From ravage at einstein.ssz.com Wed Apr 23 17:54:27 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 23 Apr 2003 19:54:27 -0500 (CDT) Subject: [eff-austin] Super-DMCA hearing (fwd) Message-ID: ---------- Forwarded message ---------- Date: Wed, 23 Apr 2003 09:38:40 -0500 From: Jon Lebkowsky To: Leaders , Eff-Austin Cc: William Harrell Subject: [eff-austin] Super-DMCA hearing Last night the Texas legislature held a hearing on HB2121, aka "super DMCA" proposed by the MPAA. I don't have time for an extended comment, but thanks primarily to testimony by EFF-Austin directors Doug Barnes and Adina Levin, there was no action on the bill. Says Doug, "The chair ended saying that the bill clearly needed a lot of work, and encouraging the various folks in attendance to work on modifying the bill." We'll follow up with more info about next steps etc. We should all thank Doug and Adina for making it down to testify effectively with little notice. best, Jon L. -- Jon Lebkowsky jonl at polycot.com President, EFF-Austin http://www.effaustin.org From zem at vigilant.tv Wed Apr 23 04:19:55 2003 From: zem at vigilant.tv (zem) Date: Wed, 23 Apr 2003 21:19:55 +1000 Subject: Anonymous blog experiment, take two Message-ID: <200304232119.58021.zem@vigilant.tv> I've put together an experimental remailer/PGP interface to a weblog hosting service. Creating a blog and posting are entirely one-way processes via Mixmaster; there's no need for nyms or reply blocks. The short version, for those familiar with PGP and mixmaster: To create a blog, generate a new PGP key. Set the Name field to 'invisiblog' and optionally put a name or description in the Comment field. Use mixmaster to send the ascii-exported public key to signup at invisiblog.com. Each new blog will show up at http://invisiblog.com/ as soon as its key is received. To post, clearsign a message and send it to post at invisiblog.com. The fingerprint of the signing key is used to figure out which blog to post it to. There's no way to delete or modify posts. If a first attempt at creating a blog or posting fails, resend - it'll ignore dupes. More details here: Step-by-step signup and posting instructions: Anonymous weblogs will be linked from here as they are created: -- mailto:zem at vigilant.tv F289 2BDB 1DA0 F4C4 DC87 EC36 B2E3 4E75 C853 FD93 http://vigilant.tv/ "..I'm invisible, I'm invisible, I'm invisible.." --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From declan at well.com Wed Apr 23 21:01:13 2003 From: declan at well.com (Declan McCullagh) Date: Thu, 24 Apr 2003 00:01:13 -0400 Subject: FC: Speaking to MIT Tech/Eros group today (Thursday, 4/24) Message-ID: Join the Tech/Eros group for an informal discussion with renowned technology policy journalist Declan McCullagh. McCullagh is the chief political correspondent for CNET's News.com and moderator of the Politech List (www.politechbot.com). Among other topics, McCullagh will be talking about how current government cyber-policies affect sexual expression on the Internet. McCullagh is a frequent guest on national news shows and was formerly the Washington correspondent for Wired News. He is also a photographer. Come meet McCullagh Thursday, April 24, 5PM in the conference room at E32-300 on the MIT campus. The Tech/Eros Group is made possible by a generous grant from the Initiative on Technology and Self at MIT. Tech/Eros (www.techeros.org) is a research group of scholars, scientists and writers devoted to analyzing the connection between technology and sexuality. If you would like more information about Tech/Eros, write to Annalee Newitz at godzilla at mit.edu. ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. ------------------------------------------------------------------------- To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ Like Politech? Make a donation here: http://www.politechbot.com/donate/ ------------------------------------------------------------------------- --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Wed Apr 23 21:37:02 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 24 Apr 2003 00:37:02 -0400 Subject: FC: Speaking to MIT Tech/Eros group today (Thursday, 4/24) Message-ID: --- begin forwarded text From shaddack at ns.arachne.cz Wed Apr 23 16:42:58 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Thu, 24 Apr 2003 01:42:58 +0200 (CEST) Subject: Makeup as low-tech measure against automated face recognition? Message-ID: Vnity is about as old as mankind. With vanity, various ways come to change one's appearance. Wider lips. Narrower mouth. Wider eyes. Different shape of eyes. Name a facial feature, there is a way to enhance or suppress it. Face-recognition systems rely on visual appearance. They typically need edges - edges of mouth, edges of eyes...; one popular algorithm for indexing a face is recognizing these points and measuring their distance. A little amount of properly applied pigment could shift these values by couple percents. So low-tech device a lipstick is could be a potential tool for lowering the probability of a successful identification by face recognition. Ladies often carry many more similar "terrorist tools" in their purses. Opinions, comments? From adam at cypherspace.org Wed Apr 23 20:42:33 2003 From: adam at cypherspace.org (Adam Back) Date: Thu, 24 Apr 2003 04:42:33 +0100 Subject: Makeup as low-tech measure against automated face recognition? In-Reply-To: ; from shaddack@ns.arachne.cz on Thu, Apr 24, 2003 at 01:42:58AM +0200 References: Message-ID: <20030424044233.A7958367@exeter.ac.uk> There was a paper at Privacy Enhancing Technologies 03 on this topic: "Engineering Privacy in Public: Confounding Face Recognition", James Alexander and Jonathan Smith. It's full of pictures of one of the authors with various forms of facial makeup, glasses, hats, stockings (over head bank-robber style), dazzled camera with pen-light laser, etc, plus an empirical analysis of the disguise efficacy in hiding identity against I think a face recognition system called FERET. A copy seems to be online here: http://petworkshop.org/preproc/07-preproc.pdf Adam On Thu, Apr 24, 2003 at 01:42:58AM +0200, Thomas Shaddack wrote: > Vnity is about as old as mankind. With vanity, various ways come to change > one's appearance. > > Wider lips. Narrower mouth. Wider eyes. Different shape of eyes. Name a > facial feature, there is a way to enhance or suppress it. > > Face-recognition systems rely on visual appearance. They typically need > edges - edges of mouth, edges of eyes...; one popular algorithm for > indexing a face is recognizing these points and measuring their distance. > A little amount of properly applied pigment could shift these values by > couple percents. > > So low-tech device a lipstick is could be a potential tool for lowering > the probability of a successful identification by face recognition. Ladies > often carry many more similar "terrorist tools" in their purses. > > Opinions, comments? From juicy at melontraffickers.com Thu Apr 24 05:44:25 2003 From: juicy at melontraffickers.com (A.Melon) Date: Thu, 24 Apr 2003 05:44:25 -0700 (PDT) Subject: Bad Elf. In-Reply-To: <5.1.0.14.0.20030424213652.00a4b4e0@mail.nex.com.au> References: <5.1.0.14.0.20030424213652.00a4b4e0@mail.nex.com.au> Message-ID: > Pierre Lethier, 48, had been wanted by the French authorities since > September 2000 on suspicion that he helped illicitly divert Elf funds to > secure the company's 1992 acquisition of the eastern German Leuna refinery > complex. This and a variety of other stuff, is showing up in RAZOR2. Whichever fucking asshole out there is reporting some of Fuhrer Rat's cypherpunk mail to RAZOR or any other UE signature repository, needs to stop now. From schear at attbi.com Thu Apr 24 07:36:07 2003 From: schear at attbi.com (Steve Schear) Date: Thu, 24 Apr 2003 07:36:07 -0700 Subject: Makeup as low-tech measure against automated face recognition? In-Reply-To: References: Message-ID: <5.2.1.1.0.20030424073322.049d0d30@mail.attbi.com> At 05:37 PM 4/23/2003 -0700, Tim May wrote: So low-tech device a lipstick is could be a potential tool for lowering >>the probability of a successful identification by face recognition. Ladies >>often carry many more similar "terrorist tools" in their purses. >> >>Opinions, comments? > >These reasons are largely why ear shape, ear-eye-mouth geometry, etc., >have been increasingly used in face recognition schemes. It is very >difficult to use makeup to modify fundamental geometries over these >scales, and fundamental geometries are easy to do math on (using affine or >projective geometry, for example). > >While a woman may be able to change her eye appearance, her lip shape, or >even her eyebrow shape, she cannot easily change the affine geometry of >ear-nose-eye-chin. Men cannot do even this, lest they be considered fags, >but they can of course change beard characteristics...which is why no face >recognitions worth a dime to Big Brother use facial hair (or hair style in >general) as a determinant. > >A friend of mine is doing a lot of work with "support vector machines" as >generalization of neural nets, Hopfield networks, and other learning >systems. Quite amazing how hard it is to hide from such classifiers. A >little bit of makeup just doesn't do it, not when these systems have been >trained on hundreds of thousands of exemplars with varying amounts of eye >shade, eye liner, lipstick, and facial hair alterations. Despite the widespread municipal bans against wearing masks in public (except during Halloween), its still widely legal to wear a motorcycle helmet with faceplate in place outdoors. I've never heard of anyone hassled for wearing one when the didn't just step off a bike. steve From timcmay at got.net Thu Apr 24 09:26:23 2003 From: timcmay at got.net (Tim May) Date: Thu, 24 Apr 2003 09:26:23 -0700 Subject: Makeup as low-tech measure against automated face recognition? In-Reply-To: <5.2.1.1.0.20030424073322.049d0d30@mail.attbi.com> Message-ID: <7D0339E2-7671-11D7-B966-000A956B4C74@got.net> On Thursday, April 24, 2003, at 07:36 AM, Steve Schear wrote: > > Despite the widespread municipal bans against wearing masks in public > (except during Halloween), its still widely legal to wear a motorcycle > helmet with faceplate in place outdoors. I've never heard of anyone > hassled for wearing one when the didn't just step off a bike. With SARS, a large surgical mask covers nearly all of the identification markers. Add a pair of sunglasses or tinted eyeglasses and nearly nothing remains. However, the long-term implications are clear: computers become so cheap and cameras so ubiquitous that public movements are trackable. Many have written on this already. It's a signal detection problem, and the odds favor the trackers. (Which may cause more people to limit public purchases, to limit public shopping. Which can help crypto in private places, where the reverse of the above is the case: technology favors the person trying to hide, not the watchers. Crypto wins here.) --Tim May ""Guard with jealous attention the public liberty. Suspect everyone who approaches that jewel. Unfortunately, nothing will preserve it but downright force. Whenever you give up that force, you are ruined." --Patrick Henry --Tim May "A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the Public Treasury. From that moment on, the majority always votes for the candidate promising the most benefits from the Public Treasury with the result that a democracy always collapses over loose fiscal policy always followed by dictatorship." --Alexander Fraser Tyler From adam at homeport.org Thu Apr 24 06:33:52 2003 From: adam at homeport.org (Adam Shostack) Date: Thu, 24 Apr 2003 09:33:52 -0400 Subject: Makeup as low-tech measure against automated face recognition? In-Reply-To: <20030424044233.A7958367@exeter.ac.uk> References: <20030424044233.A7958367@exeter.ac.uk> Message-ID: <20030424133352.GA17797@lightship.internal.homeport.org> At the workshop, I talked to James about using make-up to create different lines that would be picked up, ie, a wider nose drawn in brightly. He was very skeptical. Adam On Thu, Apr 24, 2003 at 04:42:33AM +0100, Adam Back wrote: | There was a paper at Privacy Enhancing Technologies 03 on this topic: | | "Engineering Privacy in Public: Confounding Face Recognition", James | Alexander and Jonathan Smith. | | It's full of pictures of one of the authors with various forms of | facial makeup, glasses, hats, stockings (over head bank-robber style), | dazzled camera with pen-light laser, etc, plus an empirical analysis | of the disguise efficacy in hiding identity against I think a face | recognition system called FERET. | | A copy seems to be online here: | | http://petworkshop.org/preproc/07-preproc.pdf | | Adam | | On Thu, Apr 24, 2003 at 01:42:58AM +0200, Thomas Shaddack wrote: | > Vnity is about as old as mankind. With vanity, various ways come to change | > one's appearance. | > | > Wider lips. Narrower mouth. Wider eyes. Different shape of eyes. Name a | > facial feature, there is a way to enhance or suppress it. | > | > Face-recognition systems rely on visual appearance. They typically need | > edges - edges of mouth, edges of eyes...; one popular algorithm for | > indexing a face is recognizing these points and measuring their distance. | > A little amount of properly applied pigment could shift these values by | > couple percents. | > | > So low-tech device a lipstick is could be a potential tool for lowering | > the probability of a successful identification by face recognition. Ladies | > often carry many more similar "terrorist tools" in their purses. | > | > Opinions, comments? -- "It is seldom that liberty of any kind is lost all at once." -Hume From declan at well.com Thu Apr 24 08:05:04 2003 From: declan at well.com (Declan McCullagh) Date: Thu, 24 Apr 2003 11:05:04 -0400 Subject: Give money to Iraq charities, go to jail Message-ID: <5.2.0.9.0.20030424110409.010ca948@mail.well.com> NEWS RELEASE Glenn T. Suddaby, United States Attorney for the Northern District of New York, announced today that OSAMEH ALWAHAIDY has entered a plea of guilty in U.S. District Court, Syracuse to a prosecutor's Information charging him with violating the International Emergency Economic Powers Act (IEEPA) by sending money to Iraq in violation of the sanctions imposed on that country. In entering his guilty plea, ALWAHAIDY, age 41, Fayetteville, New York, admitted that he assisted others at "HELP THE NEEDY" in sending money to Iraq, notwithstanding his knowledge that sanctions had been imposed on that country since 1990 prohibiting such transactions. Specifically, ALWAHAIDY admitted allowing RAFIL DAHFIR to use checks from an account on which ALWAHAIDY was a signatory to transfer money from HELP THE NEEDY'S account to the private accounts of another indicted defendant, MAHER ZAGHA. ALWAHAIDY further admitted that on October 25, 1999, November 9, 1999, and February 23, 2000, he helped transfer $20,000, $50,000, and $30,000 respectively to MAHER ZAGHA's business account in Jordan knowing those funds would be forwarded to individuals in Iraq. ALWAHAIDY stated in the plea agreement that he believed that the money was intended to help needy people, especially needy people in Iraq. The government noted in Court, however, that the purpose of the prohibitions on transfers of money into Iraq is to prevent money sent for any purpose from being misused once in Iraq and that it's investigation into the use of that money once it was sent to Jordan is still under investigation. ALWAHAIDY had previously been charged with conspiracy to violate IEEPA in an Indictment that was made public on February 26, 2003. Conspiracy to violate IEEPA is a charge that carries a maximum possible penalty of five years incarceration. As a result of today's guilty plea, ALWAHAIDY faces a maximum possible penalty of ten years incarceration when he is sentenced. In addition, he faces a maximum possible fine of $250,000. A special assessment of $100 is also mandatory in a case of this type. The plea agreement filed today provides that the conspiracy charge pending against ALWAHAIDY will be dismissed at the time of his sentencing and he will not be furthered charged in connection with this case. Finally, the plea agreement contemplates that he will cooperate with the government in its ongoing investigation. The Honorable Norman A. Mordue, U.S. District Court Judge, presided over today's proceeding. The entry of this plea is a result of the continuing investigation undertaken by agents from the Federal Bureau of Investigation; the Internal Revenue Service; the Social Security Administration, Office of Inspector General; the Defense Criminal Investigation Service; the New York State Police; the United States Customs Service; the Immigration and Naturalization Service; the U.S. Postal Service; the Department of Health and Human Services, Office of Inspector General; and the United States Marshals Service. Although additional information concerning this case will be limited at this time, further inquiries can be directed to First Assistant U.S. Attorney Joseph A. Pavone at (315) 448-0672. From frantz at pwpconsult.com Thu Apr 24 11:06:38 2003 From: frantz at pwpconsult.com (Bill Frantz) Date: Thu, 24 Apr 2003 11:06:38 -0700 Subject: Makeup as low-tech measure against automated face recognition? In-Reply-To: <20030424133352.GA17797@lightship.internal.homeport.org> References: <20030424044233.A7958367@exeter.ac.uk> <20030424044233.A7958367@exeter.ac.uk> Message-ID: At 6:33 AM -0700 4/24/03, Adam Shostack wrote: >At the workshop, I talked to James about using make-up to create >different lines that would be picked up, ie, a wider nose drawn in >brightly. He was very skeptical. > >Adam > > >On Thu, Apr 24, 2003 at 04:42:33AM +0100, Adam Back wrote: >| There was a paper at Privacy Enhancing Technologies 03 on this topic: >| >| "Engineering Privacy in Public: Confounding Face Recognition", James >| Alexander and Jonathan Smith. >| >| It's full of pictures of one of the authors with various forms of >| facial makeup, glasses, hats, stockings (over head bank-robber style), >| dazzled camera with pen-light laser, etc, plus an empirical analysis >| of the disguise efficacy in hiding identity against I think a face >| recognition system called FERET. >| >| A copy seems to be online here: >| >| http://petworkshop.org/preproc/07-preproc.pdf >| >| Adam Ah, but the surgical masks made popular by the SARS outbreak will cover most of the signs. Add ear coverings for cold climates, and I suspect the accuracy will go way down. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | Due process for all | Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. frantz at pwpconsult.com | American way. | Los Gatos, CA 95032, USA From patrick at fexl.com Thu Apr 24 08:09:00 2003 From: patrick at fexl.com (Patrick Chkoreff) Date: Thu, 24 Apr 2003 11:09:00 -0400 Subject: [Lucrative-L] lucrative accounts revisited In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday, April 24, 2003, at 10:28 AM, R. A. Hettinga wrote: > ... Since we're literally moving title to an asset around the net > instead > of changing records in a database somewhere (remember the > double-spend database at the mint is only *redeemed* notes, not > copies of what's out there), ... I am taking a different approach, where the server stores RIPEMD-160 hashes of all the redeemable coins "out there." It completely forgets redeemed coins. Because the server only stores hashes, the entire contents of the server database could literally be published on the web in streaming live form without seriously reducing the security of the system. Of course, this would be stupid because it would needlessly invite collision attacks, but in principle the idea of avoiding security through obscurity could be applied to the database itself. But then, why not hide the hash file behind a Unix password, and behind an AES-256 key while we're at it? :-) So a coin consists of an lseek position in the server data file, 256 bits of random gibberish, and 64 bits representing the amount. When you present the coin to the server, the server hashes it and looks at the given lseek position. If it matches, it manufactures a new coin at some other lseek place and sends it to you. You store the coin, compute the RIPEMD-160 hash yourself, and send that to the server, at which point it kills the old coin and enlivens the new coin. Obviously all the smart folks who talk about storing only the redeemed notes and even using probabilistic double-spend detection methods have reasons for doing so. I expect my scheme will be slapped down forthwith. :-) > Finally, I would also strongly recommend that we try like hell not to > invent new cryptographic conventions, much less new cryptography, > here. You're preaching to the choir here. I haven't seen any snake oil proposals lately (unless I just gave one above. :-) > First, crypto is hard. :-), and our chances of actually inventing > something new that isn't trivially broken on its face is even harder. > Obviously, if you're one of those big swinging di-, er, big giant > heads, who actually do the math, understand what cryptography > protocols do, and see something that's wrong, or that you can do > better, that's different, but there's a whole lot of time that can be > wasted in reinventing the wheel here that won't get us to code that > earns money. ... Good C libraries for existing crypto protocols are always welcome. I'm just getting Rijndael, RSA, RIPEMD, BBS, etc. into a shape I like. Mostly, I don't like routines that declare *anything* on the stack -- all of my working space is allocated on a single 4k mlocked page up front and Mersenne-twisted before munlock and free. > Second, and in that vein, there is a whole published language of > crypto that's already being used, and if we don't use it from the > outset, nobody will understand us later if we get stuck. In > particular, a trusted third party, or trusted entity, is "Trent", for > some reason, probably because Schneier had it in Applied Cryptography > 10 or 12 years ago. :-). Ah, Marvin for "medium" considered non-standard. :-) OK, Trent it is. > We should change nomenclature only when we've added to it, yes? > > Believe me, we'll get there, especially after we're actually > operating this code the way we want it to run, at a profit, in an > open market. That's certainly something that nobody's done before, > :-), and we're going to have our hands full when we make it happen. Truly. - -- Patrick http://fexl.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPqf+F1A7g7bodUwLEQISIgCfTVhs4Q+8xc4w5xuH1z5+DPMb/EAAoK/j al4Clq6VA/dR5aFIb0ZxPsEe =pNFb -----END PGP SIGNATURE----- From timcmay at got.net Thu Apr 24 12:24:57 2003 From: timcmay at got.net (Tim May) Date: Thu, 24 Apr 2003 12:24:57 -0700 Subject: [Lucrative-L] lucrative accounts revisited In-Reply-To: Message-ID: <6F8B6271-768A-11D7-B966-000A956B4C74@got.net> On Thursday, April 24, 2003, at 10:57 AM, R. A. Hettinga wrote: > At 11:09 AM -0400 4/24/03, Patrick Chkoreff wrote: >> I expect my scheme will be slapped down >> forthwith. :-) > > :-) > > Again, the *only* thing you need to prevent double-spending is a copy > of the spent coins. Period. > > Anything else costs money. For on-line clearing, a copy of the spent "coin" stops double-spending. I would not call it a "coin," however. We should reserve the word "coin" for things which behave like coins, e.g, things that clear locally without presentation to an issuer or other entity. For off-line clearing, double-spending is a significant and hard problem. Perhaps unsolvable. If so, then there are no digital coins and never will be. (I don't count token-based systems, using smartcards or "observers," as digital coins.) Everything connected with money costs money, by the way. Even keeping copies and comparing them to newly-presented exemplars. --Tim May "The great object is that every man be armed and everyone who is able may have a gun." --Patrick Henry "The best we can hope for concerning the people at large is that they be properly armed." --Alexander Hamilton From patrick at lfcgate.com Thu Apr 24 11:54:30 2003 From: patrick at lfcgate.com (Patrick) Date: Thu, 24 Apr 2003 12:54:30 -0600 Subject: [Lucrative-L] Great news! Lucrative has a home! Message-ID: My sincere thanks to Lucky Green for arranging server space and bandwidth for a public demonstration server. I can setup the server at any time. However, eliminating Lucrative accounts is a major change. It will rearrange the server API, significantly change the schema, and impact the Purse as well. I think it would be a good idea to go to v8, with the accounts->envelope revision done, before starting the public server. I don't know how long it will take - at least two days - but I'm working on it now. Patrick The Lucrative Project: http://lucrative.thirdhost.com ...................................................... To subscribe or unsubscribe from this discussion list, write to lucrative-l-request at lucrative.thirdhost.com with just the word "unsubscribe" in the message body (or, of course, "subscribe") --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu Apr 24 10:57:12 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 24 Apr 2003 13:57:12 -0400 Subject: [Lucrative-L] lucrative accounts revisited In-Reply-To: References: Message-ID: At 11:09 AM -0400 4/24/03, Patrick Chkoreff wrote: >I expect my scheme will be slapped down >forthwith. :-) :-) Again, the *only* thing you need to prevent double-spending is a copy of the spent coins. Period. Anything else costs money. Transaction cost is everything. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From patrick at fexl.com Thu Apr 24 12:35:46 2003 From: patrick at fexl.com (Patrick Chkoreff) Date: Thu, 24 Apr 2003 15:35:46 -0400 Subject: [Lucrative-L] lucrative accounts revisited Message-ID: > From: "James M. Ray" > > At 10:46 AM -0400 4/24/03, Patrick Chkoreff wrote: > ... >> With these cards you would have a true off-network solution. I wonder >> if it's feasible to do the crypto and hardware for this? > > While crypto-hardware is cool stuff, and I'm all-for-it, I think > that ubiquitous bandwidth is much more likely to happen. > We have to remember, we're INTO this stuff. Most people would > not see the benefits of a $100 cryptocard nearly as quickly ... I can see your point, but let me think about it a bit. Alice is at a craft fair with digital coins loaded into a PDA that costs at least $100. So she's already somewhat of a geek to begin with. But she is glad that her general-purpose PDA is capable of handling coins in addition to her date and address book. No need to pony up more money for a specialized crypto-wallet. But for every geeky Alice, there are at least one hundred non-geeky Alyssas out there. Alyssa is not likely to purchase a relatively expensive and difficult to use general purpose device. She might, however, pony up for an inexpensive, easy to use, specialized crypto-wallet. She would not consider anything that has icons and a stylus, but she would readily adopt a sleek little black-box crypto-wallet. Maybe it even comes in her favorite colors. So even if the network is as reliable and ubiquitous as the atmosphere itself, in this new digital coin economy both Alice and Alyssa are going to be carrying around SOMETHING. Which is easier, persuading geeky Alice to purchase a cheap specialized device, or persuading non-geeky Alyssa to purchase an expensive clunky general purpose device? Of course, the network will NOT be as reliable as the atmosphere itself, and there is at least one alternative. Physical cash is the obvious choice -- after all, these digital coins are ultimately redeemable for valuable physical objects like gold and silver coins or notes for same, so I expect people to carry around a combination of valuable atoms and valuable bits as they shop. But in the case of inexpensive crypto-cards, there is a second option. Direct offline beaming of digital coins from one device to another. Assuming it can be done simply, inexpensively, and securely. So when the network is inaccessible and Alyssa is out of cash, she's still in luck. Whip out the candy-red colored crypto-wallet and snag the sweater. > ... Or Joris may > be right, there's something to be said for physical cash... Definitely. At the very least, the issuer stores that in the vault to back up the digital coins. :-) But seriously, people are going to want to hold and trade valuable physical stuff because it is a form of wealth independent of the server, ubiquitous networks, or even crypto-wallets. It's the real deal, the final deliverable upon which all bit-bashing is based. > I'm also curious about how all this is going to be profitable. > How (aside from a small e-gold donation, if he tells me his > account number!) will Lucrative-Patrick get paid? Thanks. > JMR This is a very good question. Obviously if you are an ISSUER I can see how it might be profitable -- you simply charge transaction fees whenever coins are swapped, split, merged, etc. at the server. You can assess storage fees to cover your base costs or even try to nick a small profit there. All of this would be implemented as tunable parameters in the server software, perhaps even DYNAMICALLY self-tuning based on market conditions, changing constraints on bandwidth and disk usage, etc. If you are a mere CODER like Lucrative-Patrick and Fexl-Patrick, well sorry, we're just slaves in it for the fun. :-) Work for tips, become an issuer, hold a day job, whatever it takes to get your next fix. -- Patrick http://fexl.com From patrick at fexl.com Thu Apr 24 12:52:28 2003 From: patrick at fexl.com (Patrick Chkoreff) Date: Thu, 24 Apr 2003 15:52:28 -0400 Subject: [Lucrative-L] lucrative accounts revisited In-Reply-To: Message-ID: <475309FF-768E-11D7-B4FF-000393D91E36@fexl.com> On Thursday, April 24, 2003, at 01:57 PM, R. A. Hettinga wrote: > Again, the *only* thing you need to prevent double-spending is a copy > of the spent coins. Period. Alternatively, I think a copy of the non-spent coins will do the trick also. So in your scenario, the predicate valuable(x) = valid_crypto_stamp(x) & not element(x, spent_coins). In my scenario, valuable(x) = element(x, unspent_coins). Why store the large set of spent coins when you can store the much smaller set of unspent coins? There's no security issue I don't think. In my scheme the bad guys can torture you and get access to the hash file, yes, but what's the point? They still have to mount a multi-million dollar collision attack. It's much easier just to seize the gold in the vaults than fiddle around with some pathetic bits on a server. Or if the digital coins are backed by something like e-bullion they can just torture you for the e-bullion password. > Anything else costs money. > > Transaction cost is everything. I don't understand your point here. Why are my transaction costs greater than yours? They might even be less. The disk usage might be less, too. -- Patrick http://fexl.com From rah at shipwright.com Thu Apr 24 13:17:21 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 24 Apr 2003 16:17:21 -0400 Subject: [Lucrative-L] lucrative accounts revisited In-Reply-To: <475309FF-768E-11D7-B4FF-000393D91E36@fexl.com> References: <475309FF-768E-11D7-B4FF-000393D91E36@fexl.com> Message-ID: At 3:52 PM -0400 4/24/03, Patrick Chkoreff wrote: >Alternatively, I think a copy of the non-spent coins will do the trick >also. Patrick, no offense, but have you actually *read* this stuff? You *delete* the spent coins after some pre-arranged period. They're useless. You don't *care* about the unspent coins. You're going to *have* to keep the spent coins to prevent double spending. Get it? Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From patrick at lfcgate.com Thu Apr 24 15:18:45 2003 From: patrick at lfcgate.com (Patrick) Date: Thu, 24 Apr 2003 16:18:45 -0600 Subject: double-spending prevention w. spent coins (Re: [Lucrative-L] lucrative accounts revisited) In-Reply-To: Message-ID: <002101c30aaf$79c95ca0$0200a8c0@scylla> > If there is any problem of "linkability" in this scheme, please help me > see it. The server does not log any socket events or transaction > records of any kind. OK, if someone put a gun to my head and said "put > in some code to log everything" then they might be able to discern some > pattern like "this coin was issued to this IP address, and then three > days later that coin was swapped from this other IP address." OK, that > sounds like a potential problem, but I don't see how you can hide this > information from the server ITSELF. When you present a coin to the > server, it is going to know from which IP address it came, and I don't > see a way around that. Perhaps I am mistaken, but the system you describe seems to be unlinkable-by-policy. Lucrative is unlinkable-by-mathematics. I believe the difference is nontrivial. Patrick McCuller From patrick at fexl.com Thu Apr 24 13:51:05 2003 From: patrick at fexl.com (Patrick Chkoreff) Date: Thu, 24 Apr 2003 16:51:05 -0400 Subject: Double spending, i.e. X in S == not X not in S In-Reply-To: Message-ID: <77699552-7696-11D7-B4FF-000393D91E36@fexl.com> On Thursday, April 24, 2003, at 04:17 PM, R. A. Hettinga wrote: > At 3:52 PM -0400 4/24/03, Patrick Chkoreff wrote: >> Alternatively, I think a copy of the non-spent coins will do the trick >> also. > > Patrick, no offense, but have you actually *read* this stuff? > > You *delete* the spent coins after some pre-arranged period. They're > useless. > > You don't *care* about the unspent coins. You're going to *have* to > keep the spent coins to prevent double spending. > > Get it? No, which indicates there is one huge unshared premise at work here. I assert that I can prevent double spending without keeping the spent coins, even for a limited time period. It's simple. Alice gives Bob a coin X. Bob immediately swaps coin X for a brand new coin Y. The server deletes coin X completely, forgetting the bits with extreme prejudice. Now Alice tries to give Charles the same coin X. Charles immediately attempts to swap coin X for a new one. The server tries to look up X in the set of valid coins and does not find it. The server says "Sorry, Charlie, that is not a valid coin." The whole thing depends on the recipient doing an immediate swap. But that's no big requirement, because the recipient must contact the server to see if it's a valid coin anyway. So you just go ahead and do a swap at that point. -- Patrick http://fexl.com From rah at shipwright.com Thu Apr 24 14:17:32 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 24 Apr 2003 17:17:32 -0400 Subject: [Lucrative-L] lucrative accounts revisited In-Reply-To: <6F8B6271-768A-11D7-B966-000A956B4C74@got.net> References: <6F8B6271-768A-11D7-B966-000A956B4C74@got.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 12:24 PM -0700 4/24/03, Tim May arose to smite linguistic heresy: >For on-line clearing, a copy of the spent "coin" stops >double-spending. Indeed. That was my entire point. Thank you for repeating it. Again. As for the following... >I would not call it a "coin," however. We should reserve the word >"coin" for things which behave like coins, e.g, things that clear >locally without presentation to an issuer or other entity. "We" should, but I won't, though I prefer using "coins" to mean something even smaller -- my original use in this thread a lamentable and reflexive use from the DigiCash days -- but I think if we're copying, or, more properly, redeeming and reissuing, something to that controls ownership of an asset, something that is supposed to reside, physically, in a single place on the net at any one time, it's more like a coin, or a subway token, or a note, or a bearer bond, than anything else used to move money around, say, book-entries (debits and credits) tunneled using SSL, for instance. And, no, I don't think the use of "coin" or "note", much less "certificate", is even close to the modern mis-use of the words "signature" or "certificate" to describe cryptographic authentication, because there's a whole lot of difference between those things and the holographic, supposedly biometric, writings that we call "signatures" in meatspace. But, we say "signature", anyway. Hopefully we'll re-load "certificate", someday... So, calling a financial instrument using a Chaumian blind-signature financial cryptography protocol a "note", or "certificate", is fine. As for "coin", while we were thinking about this stuff a while back, I decided that streaming protocols, using bulk-issued MicroMint, and then Rabin Signature, "tokens", tested for double-spending with statistical sampling, could execute, clear and settle at a low enough cost enough to be called a "coin". Chaumian or other blind signature "notes" have to be checked on every transaction, so they are, by definition, more expensive to handle individually, just like paper notes are, compared to a coin. >For off-line clearing, double-spending is a significant and hard >problem. Perhaps unsolvable. Amen. >If so, then there are no digital coins and never will be. If you say so, Tim. :-). >(I don't count token-based systems, using smartcards or "observers," >as digital coins.) I think "token" is also a word subject to overloading. I would call "token" a superset of "coin" and "note", myself, to be used to generalize things. In current usage in the ATM or meatspace electronic payment business, "token" means the thing you carry around to put into an electronic "terminal" as one "factor" in a two-factor transaction process. A shared secret, like a "Personal Identification Number" being the second "factor". "Three factor" authentication, of course, uses a "signature", right? ;-). >Everything connected with money costs money, by the way. Even >keeping copies and comparing them to newly-presented exemplars. Certainly if you want to dance your nits on the head of a pin, yes, Tim, knock yourself out. You certainly seem better catching and wrangling them then I am. On the net full of scientists, former or otherwise, the price of error, no matter how small, is bandwidth... Of *course*, everything costs money. I plead a Dirksenist brevity, in the meantime. Cheers, RAH "A coin here, and a coin there..." -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 - not licensed for commercial use: www.pgp.com iQA/AwUBPqhUZMPxH8jf3ohaEQLtBQCfXmO3HAqoMd0QBywCm2mdx3Xt9GIAnjgo guMk67rqIyo6KMifU4IVHhii =D1bN -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu Apr 24 14:18:45 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 24 Apr 2003 17:18:45 -0400 Subject: [Lucrative-L] Great news! Lucrative has a home! Message-ID: --- begin forwarded text From patrick at fexl.com Thu Apr 24 15:12:34 2003 From: patrick at fexl.com (Patrick Chkoreff) Date: Thu, 24 Apr 2003 18:12:34 -0400 Subject: double-spending prevention w. spent coins (Re: [Lucrative-L] lucrative accounts revisited) In-Reply-To: <20030424222736.A7938000@exeter.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday, April 24, 2003, at 05:27 PM, Adam Back wrote: > If the coins offer privacy, then unspent coins are unlinkable when the > same coin is deposited, so keeping just unspent coins doesn't work. > > Spent coins on the other hand have their blinding removed, so you > notice double spending by looking at spent coins. > > (There are zero-knowledge proofs of non-set membership as proposed for > use in ecash by Sander and Ta-Shma [1], but I think these are quite > computationally expensive.) Although I have read some material on blinding etc., I do not see a need for it in my system. At Tim May's suggestion I shall avoid using the word "coin" and use the more accurate financial term "note" instead. Although technically a note in my system is <32-bit file position><256-bit random gibberish><64-bit amount>, I'll use a simpler and abbreviated decimal notation with dashes in the quick example that follows. Alice has a note "0247-223235898-00032" that entitles her to 32 grams of e-bullion. She decides to take delivery. She presents the coin to the server and the server computes the RIPEMD-160 hash. It looks at record number 247 in the data file and sees if the hash stored there matches the computed hash. If so, the server extinguishes the coin (randomizing the record and chaining it to the free list) and spends 32 grams of e-bullion to the account that Alice designates, no questions asked. (Obviously you have to handle any errors in the e-bullion spend - -- don't extinguish the coin if the spend fails.) Now Alice tries to pull a fast one. She presents that same note "0247-223235898-00032" to Bob. Bob decides to swap the note for a new one. He presents it to the server. The server computes the RIPEMD-160 hash. It looks at record number 247 in the data file and sees that the record is on the free list. It rejects Bob's request. Double spend prevented. Now perhaps in the meantime the server has decided to reuse record 247. In that case there is a brand new note hash sitting there, and it is astronomically unlikely to match the hash of the "0247-223235898-00032" note. (I have considered issuing serial numbers that are never reused but for some vague reason I don't quite like that. It might not be a big deal.) Again, double spend prevented. Quite simply, the absence of a match indicates a spent coin, or one that was never issued in the first place. It's very much like GoldMoney payment keys, which simply say YES or NO when you try to redeem them, with no information given about whether it was EVER a valid payment key. If there is any problem of "linkability" in this scheme, please help me see it. The server does not log any socket events or transaction records of any kind. OK, if someone put a gun to my head and said "put in some code to log everything" then they might be able to discern some pattern like "this coin was issued to this IP address, and then three days later that coin was swapped from this other IP address." OK, that sounds like a potential problem, but I don't see how you can hide this information from the server ITSELF. When you present a coin to the server, it is going to know from which IP address it came, and I don't see a way around that. There is no linkability of personal identity in the system because there is no personal identity in the system, period. The server has no use for a public key from any user. - -- Patrick http://fexl.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPqhhW1A7g7bodUwLEQL63gCg91lfShbCyCGQ68Bn2LAeY3Cv6wkAnAtR lEhm4j76EzsgzU/sdrm6TNbV =4OMx -----END PGP SIGNATURE----- From rah at shipwright.com Thu Apr 24 15:24:33 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 24 Apr 2003 18:24:33 -0400 Subject: Double spending, i.e. X in S == not X not in S In-Reply-To: <77699552-7696-11D7-B4FF-000393D91E36@fexl.com> References: <77699552-7696-11D7-B4FF-000393D91E36@fexl.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 4:51 PM -0400 4/24/03, Patrick Chkoreff wrote: >No, which indicates there is one huge unshared premise at work here. Okay. I think I understand what's happened, here. It's a function of whether or not you're blinding, and the blinding protocol you're using. If you're doing Chaumian blinding, part of the double-spending prevention is bound up in the blinding protocol itself. Since Lucrative is done in Wagner blinding, maybe that's not the case, but I wouldn't think so, on a first approximation. Wagner's too smart. :-). For non-blinded notes, you still keep a copy of the ones that come in, (or a sample of them, for "streaming" coins where a large number of coins are statistically dependent, like between IP addresses in a P2P streaming network) but you *still* you don't care about the ones that haven't come back yet. Because, and note this, one more time: they're not *spent* yet. You're trying to *prove* double spending, remember? If someone comes back with a note you *don't* have, it may make for a smaller list, and, hey, if it's not on your list, you don't let it in. But you want to keep some kind of *proof* that the coin's already come in, besides simply saying, "nope. Not here". Instead, you want to say things like "nope. this one's double spent.", and provide whatever information you've agreed to as proof. (timestamp, or IP address, or whatever. Not pretty) That's why Chaum did what he did. You munge the two hashes you now have in double-spent note and out pops the *signature* of the double spender, and so you only have to keep the notes that have come in. You can't even *decipher* the notes you've issued, because, hey, they're blinded. They're complete gibberish to the mint, and equally useless. The blinding happens on the client with a secret blinding factor, right? Now I have to go back and look at what Wagner said myself :-), and figure out if he did something like that as well. I expect that by "blinding", he meant the getting same kind of result that Chaum was after, or people wouldn't have been offering it as an alternative to Chaum all these years. Wagner did it with Diffie-Hellman, so the math operators are different than RSA, but I bet you get the same effect, or again, people wouldn't call it "blinding." There's certainly something to be said for learning by answering questions, and I thank you for giving me the opportunity for personal growth ;-), but, really, Patrick, go *read* these protocols to see how they work before proposing new ones. Most of the time, people haven't the bandwidth to repeat what's been said, on especially on cypherpunks in particular, and on the net in general, many times before. So, again I ask, Patrick, have you gone and looked at blind signature protocols in the CRC Handbook of Applied Crypto? or Applied Cryptography? The CRC book is more technical than Applied Crypto, which is the more readable of the two, but the CRC book is actually available in PDF on the net, for free, if you go look for it. Google is Your Friend, Patrick, and Crypto is Hard. Don't invent any if you really don't have to. Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 - not licensed for commercial use: www.pgp.com iQA/AwUBPqhkEsPxH8jf3ohaEQKqjwCgmMF7t/K/Ljitmz8+MWPhYlrMkiwAoMZX oIstn0atLxrPvXzQZWTP2rkT =8voZ -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From frantz at pwpconsult.com Thu Apr 24 18:42:19 2003 From: frantz at pwpconsult.com (Bill Frantz) Date: Thu, 24 Apr 2003 18:42:19 -0700 Subject: [Lucrative-L] lucrative accounts revisited In-Reply-To: <58FD2C26-76BC-11D7-B4FF-000393D91E36@fexl.com> References: <20030424224605.GA10094@mids.student.utwente.nl> Message-ID: At 6:22 PM -0700 4/24/03, Patrick Chkoreff wrote: >But that is simply not how it works. Citibank issues coin X to Alice. >Alice immediately swaps X with the server and obtains a new coin Y. >Alice gives coin Y to Bob in return for kinky porn. Bob immediately >swaps Y with the server and obtains a new coin Z. Bob gives coin Z to >Citibank. Citibank immediately swaps coin Z with the server and >obtains a new coin A. I do not see "linkage" here. Citibank never >sees X again. The server is in a position to keep track of the money transfer by recording the serial numbers of the old and new coins as the exchanges take place. The server is perfectly capable of making the linkage. If you don't trust the server, then you must believe that all your transfers are know. The advantage of the various blinding schemes is that your trust is in mathematics and probability, not in the integrity of the server operators. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | Due process for all | Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. frantz at pwpconsult.com | American way. | Los Gatos, CA 95032, USA From gbroiles at bivens.parrhesia.com Thu Apr 24 19:22:19 2003 From: gbroiles at bivens.parrhesia.com (Greg Broiles) Date: Thu, 24 Apr 2003 19:22:19 -0700 Subject: Bad Elf. In-Reply-To: ; from juicy@melontraffickers.com on Thu, Apr 24, 2003 at 05:44:25AM -0700 References: <5.1.0.14.0.20030424213652.00a4b4e0@mail.nex.com.au> Message-ID: <20030424192219.A16705@bivens.parrhesia.com> On Thu, Apr 24, 2003 at 05:44:25AM -0700, A.Melon wrote: > > Pierre Lethier, 48, had been wanted by the French authorities since > > September 2000 on suspicion that he helped illicitly divert Elf funds to > > secure the company's 1992 acquisition of the eastern German Leuna refinery > > complex. > > This and a variety of other stuff, is showing up > in RAZOR2. Whichever fucking asshole out there is > reporting some of Fuhrer Rat's cypherpunk mail to > RAZOR or any other UE signature repository, needs > to stop now. Oh, I can do better than that - "Whichever fucking asshole is sending me unwanted messages needs to stop now." Shit, they haven't stopped. Why don't people listen when I boss them around? Maybe trying to shift responsibility for solving my problems to others via the use of anonymous passive-voice messages (passive-aggressive voice?) isn't a good strategy after all. Spam databases which aren't designed to cope with false reports and/or differences of opinion about what's spam are doomed. On the way to their doom, they may take some of your inbound mail with them. The Cloudmark/Vipul's Razor people don't seem interested in describing their trust metric system in a public forum, so it's hard to say much about it beyond "apparently it's not working very well." You might try "man 5 razor-whitelist" if you don't like having cpunks mail tossed in the trash with the spam. -- Greg Broiles gbroiles at parrhesia.com From ravage at einstein.ssz.com Thu Apr 24 17:27:02 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 24 Apr 2003 19:27:02 -0500 (CDT) Subject: Feral Robot Dogs (fwd) Message-ID: http://xdesign.eng.yale.edu/feralrobots/, -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From rah at shipwright.com Thu Apr 24 16:46:17 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 24 Apr 2003 19:46:17 -0400 Subject: double-spending prevention w. spent coins (Re: [Lucrative-L] lucrative accounts revisited) In-Reply-To: References: Message-ID: At 6:12 PM -0400 4/24/03, Patrick Chkoreff wrote: >Although I have read some material on blinding etc., I do not see a >need for it in my system. Well, for me, at least, there's no point to discussing it anymore. :-). That was easy enough. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From patrick at fexl.com Thu Apr 24 18:22:14 2003 From: patrick at fexl.com (Patrick Chkoreff) Date: Thu, 24 Apr 2003 21:22:14 -0400 Subject: [Lucrative-L] lucrative accounts revisited In-Reply-To: <20030424224605.GA10094@mids.student.utwente.nl> Message-ID: <58FD2C26-76BC-11D7-B4FF-000393D91E36@fexl.com> On Thursday, April 24, 2003, at 06:46 PM, Joris Bontje wrote: > Like Patrick M (the Lucrative-one) said, it is unlinkable-by-policy vs > unlinkable-by-mathematics. If you don't blind coins (and want them to > be > able to be linkend), the easiest solution is storing the valid coins. > If > you do have blinded coins, the only solution is storing spend coins. Strictly speaking, my server stores neither the valid nor the invalid coins. It stores the hashes of the valid coins. Therefore, the server has no way of discerning the details of any coin stored in its database. All it can do is recognize a valid coin when it sees one, and immediately extinguish it and issue a new one. So, can somebody give me a concrete example of a "linkage" problem here? I'll tip you a couple of grams in the DGC of your choice if you can do a good job of it. One person suggested that Citibank might issue a coin X to Alice, who then spends it at Bob's Kinky Sex Emporium, who then deposits that coin at Citibank. Citibank begins building a profile of Alice's kinky tastes because it remembers issuing X. But that is simply not how it works. Citibank issues coin X to Alice. Alice immediately swaps X with the server and obtains a new coin Y. Alice gives coin Y to Bob in return for kinky porn. Bob immediately swaps Y with the server and obtains a new coin Z. Bob gives coin Z to Citibank. Citibank immediately swaps coin Z with the server and obtains a new coin A. I do not see "linkage" here. Citibank never sees X again. To be clear, I am NOT trying to solve the problem of having a coin circulate several times out in the wild without any contact with a server, and somehow prevent a double spend in that scenario. I do not see how that is even remotely possible. Alice has a fancy string of bits on her computer. She transmits that string of bits to Bob and gets a sweater. Then she transmits the same string of bits to Charles and gets a beer. You cannot prevent this without consulting a server. -- Patrick http://fexl.com From bill.stewart at pobox.com Thu Apr 24 22:10:15 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Thu, 24 Apr 2003 22:10:15 -0700 Subject: double-spending prevention w. spent coins In-Reply-To: <20030425041501.A7984020@exeter.ac.uk> References: <726015E0-76CB-11D7-B4FF-000393D91E36@fexl.com> <20030424234721.A8027760@exeter.ac.uk> <726015E0-76CB-11D7-B4FF-000393D91E36@fexl.com> Message-ID: <5.1.1.6.2.20030424214841.02ce9738@idiom.com> At 04:15 AM 04/25/2003 +0100, Adam Back wrote: >On Thu, Apr 24, 2003 at 11:10:20PM -0400, Patrick Chkoreff wrote: > > All right, I can generally understand the purpose here, to make it > > impossible to correlate an old coin with a new one issued in its place. >... >The bank checks deposited coins >and can tell which users double spent coins if any after the fact. >What you do about double spending when you detect a given user has >done it is a policy question for the bank -- eg fine user, prosecute >user for fraud to recuperate costs etc. As Doug Barnes put it, if your algorithm has to exercise the "then haul them off to jail" step, you've failed. The two basic models of digital cash clearing have been - embed some identity model into the coins, which is revealed by double-spending, and then do something grouchy if you detect it - always honor the first use of a coin and reject future uses, and let the users fight over failed spending attempts. Depending on what you're trying to accomplish with your digital cash, one mode or the other may be useful. Hettinga would probably contend that the first-use model is much cheaper and more efficient, because it avoids the costs of creating and tracking user identities and tieing it to the world in book-entry fashion. If you're trying to use it for something like remailer tokens rather than real cash, that's certainly the case. On the other hand, the identity-embedding models have tended to be more prominent around Cypherpunks, partly because it has its own technically interesting characteristics, and may have problems that it can solve, but also because it prevents some kinds of fraud, such as making it harder for the bank to claim that a coin has already been spent. >(You can also use the same protocol for online checking, so the >recipient has the choice of convenience of using peer-to-peer without >going via the bank, or the choice to deposit now and get a fresh coin >and be sure there won't be any dispute resolution later.) Offline is much much harder than online. >Patrick wrote: > > Well hell, that wasn't so hard. Sure it was :-) But it's stuff that's been done now, mathematically. Doing it in practice is still hard, which is why almost nobody's done it in practice, and not for very long. Back when this stuff was new and exciting, there was an attempt to form an Austin Cypherpunks Credit Union, and the proprietors found that not only was doing business with David Chaum a difficult unsolved problem (:-), but in fact finding a business model that would let them make money at it was even harder. From adam at cypherspace.org Thu Apr 24 14:27:36 2003 From: adam at cypherspace.org (Adam Back) Date: Thu, 24 Apr 2003 22:27:36 +0100 Subject: double-spending prevention w. spent coins (Re: [Lucrative-L] lucrative accounts revisited) In-Reply-To: <475309FF-768E-11D7-B4FF-000393D91E36@fexl.com>; from patrick@fexl.com on Thu, Apr 24, 2003 at 03:52:28PM -0400 References: <475309FF-768E-11D7-B4FF-000393D91E36@fexl.com> Message-ID: <20030424222736.A7938000@exeter.ac.uk> If the coins offer privacy, then unspent coins are unlinkable when the same coin is deposited, so keeping just unspent coins doesn't work. Spent coins on the other hand have their blinding removed, so you notice double spending by looking at spent coins. (There are zero-knowledge proofs of non-set membership as proposed for use in ecash by Sander and Ta-Shma [1], but I think these are quite computationally expensive.) Adam [1] "Auditable, Anonymous Electronic Cash", Tomas Sander, Amnon Ta-Shma, Crypto 99 http://citeseer.nj.nec.com/sander98auditable.html On Thu, Apr 24, 2003 at 03:52:28PM -0400, Patrick Chkoreff wrote: > On Thursday, April 24, 2003, at 01:57 PM, R. A. Hettinga wrote: > > > Again, the *only* thing you need to prevent double-spending is a copy > > of the spent coins. Period. > > Alternatively, I think a copy of the non-spent coins will do the trick > also. > > So in your scenario, the predicate valuable(x) = valid_crypto_stamp(x) > & not element(x, spent_coins). > > In my scenario, valuable(x) = element(x, unspent_coins). > > Why store the large set of spent coins when you can store the much > smaller set of unspent coins? > > There's no security issue I don't think. In my scheme the bad guys can > torture you and get access to the hash file, yes, but what's the point? > They still have to mount a multi-million dollar collision attack. > It's much easier just to seize the gold in the vaults than fiddle > around with some pathetic bits on a server. Or if the digital coins > are backed by something like e-bullion they can just torture you for > the e-bullion password. > > > > Anything else costs money. > > > > Transaction cost is everything. > > I don't understand your point here. Why are my transaction costs > greater than yours? They might even be less. The disk usage might be > less, too. > > -- Patrick > http://fexl.com From bill.stewart at pobox.com Thu Apr 24 22:38:43 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Thu, 24 Apr 2003 22:38:43 -0700 Subject: [Lucrative-L] lucrative accounts revisited In-Reply-To: References: <475309FF-768E-11D7-B4FF-000393D91E36@fexl.com> <475309FF-768E-11D7-B4FF-000393D91E36@fexl.com> Message-ID: <5.1.1.6.2.20030424221751.02cd1fd8@idiom.com> At 04:17 PM 04/24/2003 -0400, R. A. Hettinga wrote: >You *delete* the spent coins after some pre-arranged period. They're useless. That only works if you've modified your protocols to identify the ages of coins, for instance by rotating what signature parameters the bank uses. Otherwise somebody can walk in with a used P+1-old coin and spend it again. If you do modify the protocols to identify coin or signature batches, and delete older batches of coins, you have to also refuse to cash them, like checks that say "Not valid after 90 days" or whatever. This implies that users will be required to come in and exchange coins every so often before they expire, or lose their money. For most markets, this may be ok with appropriate time periods, but for other applications, it might not be. One alternative is to keep only the new batches in high-speed storage, and if somebody comes in with a bunch of dusty old coins, you say "eh, haven't seen one-a them in a long time, lets' see what we've got back in the back room", and go drag out the punch cards and 9-track-tape with the old databases on them. How expensive is this? Well, the going rate for disks is about $1/GB, and I forget how big the coins are but they're unlikely to be over 1KB, so that's about 1 microbuck per coin, plus some labor cost for fetching old records, and a $1000 stack of drives holds a billion spent coins. CDRs are more trouble to handle, but only cost about $0.25/GB; I'd expect the write-once DVD market to be similar until blue-ray gets common. From patrick at fexl.com Thu Apr 24 20:10:20 2003 From: patrick at fexl.com (Patrick Chkoreff) Date: Thu, 24 Apr 2003 23:10:20 -0400 Subject: double-spending prevention w. spent coins In-Reply-To: <20030424234721.A8027760@exeter.ac.uk> Message-ID: <726015E0-76CB-11D7-B4FF-000393D91E36@fexl.com> On Thursday, April 24, 2003, at 06:47 PM, Adam Back wrote: >> OK, that sounds like a potential problem, but I don't see how you >> can hide this information from the server ITSELF. When you present >> a coin to the server, it is going to know from which IP address it >> came, and I don't see a way around that. > > That's where blinding comes into the picture. > ... This is helpful, Adam, thanks. Bill Frantz wrote: > The server is in a position to keep track of the money transfer by > recording the serial numbers of the old and new coins as the exchanges > take > place. The server is perfectly capable of making the linkage. If you > don't trust the server, then you must believe that all your transfers > are > know. This is good too, Bill. All right, I can generally understand the purpose here, to make it impossible to correlate an old coin with a new one issued in its place. That I can see. I was starting to get the impression that somehow the Chaumian techniques were attempting to address the problem of preventing double spends even when doing a long chain of spends without contact with a server. In fact they are trying to address a more modest goal than that, and double spends are still something that must be detected by contact with the server. With the Chaumian techniques, the random coin bits are generated on the user side: http://munitions.vipul.net/documents/cyphernomicon/chapter12/12.5.html > "The way the process works, with the blinding, is like this. The user > chooses a random x. ... So naturally the server cannot keep a list of the valid coins because their specific bits appear to be invented out there in the wild. Hence keeping the list of spent coins, since keeping a list of unspent coins is clearly impossible. Well hell, that wasn't so hard. -- Patrick http://fexl.com From adam at cypherspace.org Thu Apr 24 15:47:21 2003 From: adam at cypherspace.org (Adam Back) Date: Thu, 24 Apr 2003 23:47:21 +0100 Subject: double-spending prevention w. spent coins (Re: [Lucrative-L] lucrative accounts revisited) In-Reply-To: ; from patrick@fexl.com on Thu, Apr 24, 2003 at 06:12:34PM -0400 References: <20030424222736.A7938000@exeter.ac.uk> Message-ID: <20030424234721.A8027760@exeter.ac.uk> > Although I have read some material on blinding etc., I do not see a > need for it in my system. Your system as described is not in the slightest bit anonymous or private. Or at least the user has no cryptographic assurances that the server is not logging everything, or that some adversary isn't logging everything that goes over the connection even though the server is not. > OK, if someone put a gun to my head and said "put in some code to > log everything" then they might be able to discern some pattern like > "this coin was issued to this IP address, and then three days later > that coin was swapped from this other IP address." Right that is the linkability problem. Plus of course as mentioned above the user has no reason to trust the server. Or at least he would prefer a protocol where he did not need to trust the server. > OK, that sounds like a potential problem, but I don't see how you > can hide this information from the server ITSELF. When you present > a coin to the server, it is going to know from which IP address it > came, and I don't see a way around that. That's where blinding comes into the picture. Probably the simplest one to understand is Chaum's original scheme, though there are others such as Brands, and Wagner's online system. serial-no = (b^e).[R||h(R)] mod n proto-coin = serial-no^d mod n = b.[R||h(R)]^d mod n coin = proto-coin . b^-1 mod n = [R||h(R)]^d mod n check-valid-coin(c) = c^e mod n is of form [x||h(x)] check-double-spent(c) = bank records spent coins trace-payee(c) = payer gives bank b, bank records proto-coins as well so a blind signature in this scheme is that the bank has an RSA modules n, private key d, and public exponent e. The user sends b^e.M mod n to the bank (where b is a random blinding factor), the bank computes (b^e.M)^d mod n (a standard RSA siganture) and sends back to the user. The user then unblinds by dividing by b, which works because: (b^e.M)^d = b^{e.d}.M^d = b.M^d mod n and b.M^d/b = M^d mod n plus some other detais to avoid existential forgeries. and so the bank can recognize it's signature later on a coin (because it's a valid RSA signature made with it's private key d), but it won't know which unspent coin it corresponds to because it doesn't know the blinding factors b. Adam From rah at shipwright.com Thu Apr 24 23:34:30 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 25 Apr 2003 02:34:30 -0400 Subject: Soon, I think (was Re: double-spending prevention w. spent coins) In-Reply-To: <5.1.1.6.2.20030424214841.02ce9738@idiom.com> References: <726015E0-76CB-11D7-B4FF-000393D91E36@fexl.com> <20030424234721.A8027760@exeter.ac.uk> <726015E0-76CB-11D7-B4FF-000393D91E36@fexl.com> <5.1.1.6.2.20030424214841.02ce9738@idiom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 10:10 PM -0700 4/24/03, Bill Stewart wrote: >Hettinga would probably contend that the first-use model is much >cheaper and more efficient, because it avoids the costs of creating >and tracking user identities and tieing it to the world in >book-entry fashion. Actually, I prefer a first-use model *with* something like "identity" checking, kind of a belt-and-braces approach. When someone pops up with a double-spent coin, the mint can say "nope, can't honor it, here's the key that double spent it, though; have fun." OTOH, as a financial intermediary, the underwriter would make absolutely *no* effort to keep track of who had what key, at all. The whole process would rather tartly teach people *never* to take offline transactions, and, more to the point, reject transactions from a given double-spending key *if* that key ever comes around again. But, as I've noted before, all this haggling about amateur protocol design is, frankly, a waste of time. Folks (meaning people who write code) have *had* the protocols, for years now, at least three protocols that most people would trust to use for unity-tested transactions above, say, a quarter: Chaum, Brands, and Wagner, and, on a prima facie basis, Wagner's unencumbered by patent, which makes it first in line for experimental use. And, as you noted, Bill, the trick is the business model, and that's been figured out for at least 4 or 5 years as well :-). That is, plug them into an accepted book-entry reserve-value/ transaction execution - - -clearing -settlement system, like one of the digital gold currency systems, or PayPal, or ATM/ACH, or a central securities depository system on the back end, front-end a mint to the web and a decent internet-level transaction-exchange protocol, and see what happens. Folks are fairly close to being able to do that now, from the way *all* of those book-entry transaction systems have grown themselves into the net over the past 5 years or so, *including* the central securities depositories and clearinghouses. Even PayPal has loosened up their end-user agreement within the last two months or so for what looks like gold-currency exchange providers. Certainly John Muller, their Corporate Counsel, is completely familiar with those internet bearer transaction protocols and what they can do, so when someone walks in the door there with something that is at least as secure as their system is, it'll probably get a polite hearing. You can certainly bet their management, much less their tech people, knows about the financial cryptography and network security issues. As far as the digital gold currencies themselves are concerned, people can pretty much do something now, with not too much of a push, because at least two gold currency operators that I know of, GoldMoney and e-Gold, have both actively encouraged people's efforts to make that happen. As Patrick McCuller (the other Patrick :-)) chugs along with the code for Lucrative, it won't take too much to plug a Wagner mint into the shopping-cart interface of an existing value-exchange system like GoldMoney or e-Gold, which Patrick has already worked on doing, and hang out one's underwriting shingle to see what happens. BTW, kudos to Lucky for volunteering a box for Patrick to test Lucrative on so this can happen faster. It's going to get interesting, folks, and pretty soon, I think. It'll be nice to see if the economics of all of this is going to actually work, finally. Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 - not licensed for commercial use: www.pgp.com iQA/AwUBPqjWsMPxH8jf3ohaEQJdngCg5bhcubb4ljjgJW9cRrCW0LR8bEkAnRwb bBFdyOhO3Q7Q5aDfMK5Qkke4 =kZMS -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From shaddack at ns.arachne.cz Thu Apr 24 17:37:49 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Fri, 25 Apr 2003 02:37:49 +0200 (CEST) Subject: Rapid information dissemination in hostile environment Message-ID: Sipping from a cup of tea, reading newspapers, and enjoying my favorite pastime - idle musing. I am possibly stating the obvious and already known, though, but someone may find something I forgot about... Time to time, the situation arises an information has to be let out in the fastest possible way. It may be a whistleblowing, it may be the "liberation" of some discovered or "acquired" closed technological detail, it doesn't matter what it is as long as there are The Powers That Be that aren't too happy about it getting out. The less amount of copies Out There, the more vulnerable the information is. Web is excellent as persistent data source, but a website is way too easy to be taken down. FreeNet is better in this regard, as it is fairly impossible to find the physical location of the data source, but the weakness is the Freenet key that has to be published somewhere, the lack of content search engine ("Freenetoogle"?) and the abysmally low utilization by the General Public. For initial distribution of an information in a hostile environment, populated by factors aiming for elimination of the information, Web is rather unusable; sooner than a reasonable number of people get the chance to retrieve the information, the site gets taken down. (Consider the most pessimistic situation with an immediately aware adversary and fully complying ISPs.) The Rapid Information Dissemination (RID) (or maybe Rapid Information Proliferation, RIP?) system has to achieve the widest reasonably possible distribution within first couple seconds, or at most minutes. Two good examples of robust systems providing this feature are Usenet and unmoderated mailing lists. Cypherpunks could be an excellent example for a list especially suitable for RID; spanning several continents, the core list is unmoderated and distributed by automated means (which ensures that even in the case of forced compliance of the moderators they won't have any practical chance of intercepting a mail before it being sent to the unmoderated-list subscribers), and populated by the people whose profiles make them unlikely to comply en-masse with every whim of The Authorities, whoever tries to be that at the moment. One post, matter of few seconds, can then achieve the rapid seed distribution, necessary for ensuring the information can't be entirely eliminated from the world anymore (and then possibly making it even to Web archives - being it the List web archives themselves, or cryptome.org, or Politechbot, or any of the numerous others, depending on the type of the information). The adversary's only possibilities then are "data poisoning", publishing versions of the data with intentional inaccuracies (eg, the way British Secret Service(?) (MI6?) reacted to the leak of their agents list onto the Net), and/or finding the author and unleash the havoc of Exemplary Punishment onto him. The author has the choice of protecting his identity by using eg. an anonymous remailer chain, further limiting the adversary's options, or playing rough and taking the risk in the cases the situation warrants it (though it's always better to keep the awareness that a free guerrilla is better than a hero in prison). Finished the tea, back to work. Opinions, comments, peer review? :) From rah at shipwright.com Thu Apr 24 23:47:45 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 25 Apr 2003 02:47:45 -0400 Subject: [Lucrative-L] lucrative accounts revisited In-Reply-To: <5.1.1.6.2.20030424221751.02cd1fd8@idiom.com> References: <475309FF-768E-11D7-B4FF-000393D91E36@fexl.com> <475309FF-768E-11D7-B4FF-000393D91E36@fexl.com> <5.1.1.6.2.20030424221751.02cd1fd8@idiom.com> Message-ID: At 10:38 PM -0700 4/24/03, Bill Stewart wrote: >If you do modify the protocols to identify coin or signature batches, >and delete older batches of coins, you have to also refuse to cash them, >like checks that say "Not valid after 90 days" or whatever. Yup, and I'd prefer signature batches, I think. You can easily determine whether which signature was used at the time of redemption. As to the duration of a given tranche, or epoch, or whatever, that would be pre-announced, and probably calculable by the number of signed coins in a given batch, and, yes, you wouldn't have to be absolute in your redemption-expiry policy, particularly if there's still an outstanding balance in an epoch's reserve account. :-). Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From comesefosse at ntani.firenze.linux.it Thu Apr 24 18:47:20 2003 From: comesefosse at ntani.firenze.linux.it (Tarapia Tapioco) Date: Fri, 25 Apr 2003 03:47:20 +0200 (CEST) Subject: Bad Elf. References: <5.1.0.14.0.20030424213652.00a4b4e0@mail.nex.com.au> Message-ID: <5d7fa7a17c2381320a959cd2f573f09d@firenze.linux.it> > This and a variety of other stuff, is showing up > in RAZOR2. Whichever fucking asshole out there is > reporting some of Fuhrer Rat's cypherpunk mail to > RAZOR or any other UE signature repository, needs > to stop now. Excellent idea. The rat's spewings will now be reported. From adam at cypherspace.org Thu Apr 24 20:15:01 2003 From: adam at cypherspace.org (Adam Back) Date: Fri, 25 Apr 2003 04:15:01 +0100 Subject: double-spending prevention w. spent coins In-Reply-To: <726015E0-76CB-11D7-B4FF-000393D91E36@fexl.com>; from patrick@fexl.com on Thu, Apr 24, 2003 at 11:10:20PM -0400 References: <20030424234721.A8027760@exeter.ac.uk> <726015E0-76CB-11D7-B4FF-000393D91E36@fexl.com> Message-ID: <20030425041501.A7984020@exeter.ac.uk> On Thu, Apr 24, 2003 at 11:10:20PM -0400, Patrick Chkoreff wrote: > All right, I can generally understand the purpose here, to make it > impossible to correlate an old coin with a new one issued in its place. > > That I can see. I was starting to get the impression that somehow the > Chaumian techniques were attempting to address the problem of > preventing double spends even when doing a long chain of spends without > contact with a server. In fact they are trying to address a more > modest goal than that, and double spends are still something that must > be detected by contact with the server. So actually using Brands credentials which have an off-line fraud tracing option you could if you wished exchange coins peer-to-peer amongst users, who eventually after some number of peer-to-peer spends deposit their coin back at the bank. The bank checks deposited coins and can tell which users double spent coins if any after the fact. What you do about double spending when you detect a given user has done it is a policy question for the bank -- eg fine user, prosecute user for fraud to recuperate costs etc. (You can also use the same protocol for online checking, so the recipient has the choice of covenience of using peer-to-peer without going via the bank, or the choice to deposit now and get a fresh coin and be sure there won't be any dispute resolution later.) Adam > With the Chaumian techniques, the random coin bits are generated on the > user side: > > http://munitions.vipul.net/documents/cyphernomicon/chapter12/12.5.html > > > "The way the process works, with the blinding, is like this. The user > > chooses a random x. ... > > So naturally the server cannot keep a list of the valid coins because > their specific bits appear to be invented out there in the wild. Hence > keeping the list of spent coins, since keeping a list of unspent coins > is clearly impossible. > > Well hell, that wasn't so hard. > > -- Patrick > http://fexl.com From mv at cdc.gov Fri Apr 25 09:31:16 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 25 Apr 2003 09:31:16 -0700 Subject: Quarantines may be justified [Santorum] Message-ID: <3EA962D4.530899A@cdc.gov> At 04:30 PM 4/23/03 -0700, Tim May wrote: >The Schelling point for such rights was agreed-upon a couple of >centuries ago with the protection of property rights. My house, my >rules. Your house, your rules. "If the Supreme Court says that you have the right to consensual (gay) sex within your home, then you have the right to bigamy, you have the right to polygamy, you have the right to incest, you have the right to adultery. You have the right to anything." -Senator Rick "Felch" Santorum You'd almost think Santorum understands freedom, wouldn't you? Albeit he should have expanded, "anything that doesn't consensually harm others". (E.g., voluntary masochism is moral.) [Adultery is a violation of a monogamy contract if that's what you've signed; a mere civil matter, yawn. Certainly marriage needn't be monogamous unless you enter a voluntary contract to that effect. Incest is questionable if the state has an interest in future citizens, however its definition (except in immediate family) is cultural. Einstein married his cousin. And of course, all kinds of known-mutants (folks with mental illness, folks with inherited physical problems, congressvermin) are allowed to breed freely --even subsidized to do so. So the State's argument that monogamy is required for *responsible* raising of offspring does not hold water. In fact, historically, bastards had no obligations from their father or mother; then their mothers became obligated; then their father too. Didn't stop Jesse Jackson's father from illigitimately siring him, didn't stop Jesse from siring his own bastard.] But, Santorum needs to be tried & hung for what he meant. From camera_lumina at hotmail.com Fri Apr 25 06:31:34 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 25 Apr 2003 09:31:34 -0400 Subject: Bad Elf. Message-ID: Greg Broiles wrote... "Oh, I can do better than that - "Whichever fucking asshole is sending me unwanted messages needs to stop now." "Shit, they haven't stopped. Why don't people listen when I boss them around?" Yeah, I was sacred too. If it doesn't stop maybe this guy will use bad words again! -TD >From: Greg Broiles >To: cypherpunks at lne.com >Subject: Re: Bad Elf. >Date: Thu, 24 Apr 2003 19:22:19 -0700 > >On Thu, Apr 24, 2003 at 05:44:25AM -0700, A.Melon wrote: > > > Pierre Lethier, 48, had been wanted by the French authorities since > > > September 2000 on suspicion that he helped illicitly divert Elf funds >to > > > secure the company's 1992 acquisition of the eastern German Leuna >refinery > > > complex. > > > > This and a variety of other stuff, is showing up > > in RAZOR2. Whichever fucking asshole out there is > > reporting some of Fuhrer Rat's cypherpunk mail to > > RAZOR or any other UE signature repository, needs > > to stop now. > >Oh, I can do better than that - "Whichever fucking asshole is sending me >unwanted messages needs to stop now." > >Shit, they haven't stopped. Why don't people listen when I boss them >around? > >Maybe trying to shift responsibility for solving my problems to others >via the use of anonymous passive-voice messages (passive-aggressive >voice?) isn't a good strategy after all. > >Spam databases which aren't designed to cope with false reports and/or >differences of opinion about what's spam are doomed. On the way to >their doom, they may take some of your inbound mail with them. > >The Cloudmark/Vipul's Razor people don't seem interested in describing >their trust metric system in a public forum, so it's hard to say much >about it beyond "apparently it's not working very well." > >You might try "man 5 razor-whitelist" if you don't like having cpunks >mail tossed in the trash with the spam. > >-- >Greg Broiles >gbroiles at parrhesia.com _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail From ben at algroup.co.uk Fri Apr 25 01:39:10 2003 From: ben at algroup.co.uk (Ben Laurie) Date: Fri, 25 Apr 2003 09:39:10 +0100 Subject: double-spending prevention w. spent coins (Re: [Lucrative-L] lucrative accounts revisited) In-Reply-To: References: Message-ID: <3EA8F42E.1010406@algroup.co.uk> Patrick Chkoreff wrote: > On Thursday, April 24, 2003, at 05:27 PM, Adam Back wrote: > If there is any problem of "linkability" in this scheme, please help me > see it. The server does not log any socket events or transaction > records of any kind. OK, if someone put a gun to my head and said "put > in some code to log everything" then they might be able to discern some > pattern like "this coin was issued to this IP address, and then three > days later that coin was swapped from this other IP address." OK, that > sounds like a potential problem, but I don't see how you can hide this > information from the server ITSELF. When you present a coin to the > server, it is going to know from which IP address it came, and I don't > see a way around that. Blinded coins prevent the server from knowing which IP address they are issued to (that is, it knows it issued _a_ coin to the address, but it doesn't know which one). When it sees an unblinded coin, yes, it knows which IP address that is presented by, but since it doesn't know who had it in the first place, that doesn't help. Of course, the unblinded coin is immediately replaced by a blinded one, thus restarting the cycle. > There is no linkability of personal identity in the system because > there is no personal identity in the system, period. The server has no > use for a public key from any user. Errr - so how do you get money into the system in the first place? Note that blinded coins solve this issue, too - the server can have a list of where all the money came from in the first place, but after that it knows nothing. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From mv at cdc.gov Fri Apr 25 10:54:38 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 25 Apr 2003 10:54:38 -0700 Subject: Censorship: state bans games that kill pigs Message-ID: <3EA9765E.CDB41660@cdc.gov> http://money.cnn.com/2003/04/18/commentary/game_over/column_gaming/index.htm Wash. to ban 'violent' game sales State law will levy $500 fines to anyone selling Grand Theft Auto to children. ... The bill passed the Senate 47-7 and is expected to be signed into law by Gov. Gary Locke. Rather than targeting games based on their ratings, the bill specifically mentions those that depict violence against law enforcement officials. We are all reporters, we are all book sellers. We are all first class objects. --Tim May --- And from the Ministry of Irony: WASHINGTON (CNN) -- The Bush administration has warned the Iranian government to stay out of Iraq and not interfere with the country http://www.cnn.com/2003/WORLD/meast/04/23/sprj.irq.war.main/index.html From kelsey.j at ix.netcom.com Fri Apr 25 07:56:19 2003 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Fri, 25 Apr 2003 10:56:19 -0400 Subject: Quarantines may be justified In-Reply-To: References: <5.2.0.9.0.20030422104433.045781d0@pop.ix.netcom.com> Message-ID: <5.2.0.9.0.20030425103313.0446e2a0@pop.ix.netcom.com> At 04:30 PM 4/23/03 -0700, Tim May wrote: ... >But in practice, in real practice out on the streets, this has never been >where the anti-smoking laws have been invoked. No state in the U.S., to my >knowledge, bans smoking outside, on public streets. Right, but that was what was being discussed--regulation of smoking on public property. (Which raises all kinds of interesting definitional issues, since that includes the county courthouse, the street in front of the courthouse, the river running through the middle of town, and the ocean several miles away. Nobody bans smoking in all those places, but I think almost everyone bans smoking in government buildings, and I've seen at least one city park (here in North Carolina!) where smoking is banned once you get off the parking lot.) ... [Discussing real-world antismoking laws, applied to "public places" as in places where the public happens to be--bars, restaurants, etc.] >And here the issue is about as nearly unambiguous as one can get: it is up >to the property owner to decide on smoking policies on his property. This >was as it once was, and it worked very well. Some restaurants barred >smoking, some permitted it, some set up different sections. Likewise, some >companies barrred smoking, some permitted it, some set up smoking lounges, etc. Yep. When only consenting adults are involved on private property, the state ought not to be involved. For some non-obvious dangerous activities, the state might legitimately require a warning of some kind (e.g., "DANGER--POISON"), though in practice this usually seems to devolve to attaching a warning label to everything, with the effect that you don't always know an ass-covering warning label from an honest-to-God, drink a teaspoon of this and you're a corpse, sort of warning label. And for some dangerous activities the state might legitimately restrict children from the activity, though second-hand smoke is a couple orders of magnitude too low of a risk for this to make sense. (And the other Schelling point is to let parents make decisions for their kids until the kids are being obviously abused or subjected to horrifying risks.) ... >The Schelling point for such rights was agreed-upon a couple of centuries >ago with the protection of property rights. My house, my rules. Your >house, your rules. >Examples like Sarin are not helpful, as they differ massively from the >annoyance of smoking. My point was that it's not obvious where the line gets drawn for (say) offensive smells or dangerous fumes, but it is obvious that there needs to be a line there somewhere. Sarin, tear gas, or skunk smell are pretty obvious examples of fumes that, if I give them off in a public place or waft them over to your property, ought to be actionable somehow. Fumes from various inhaled/smoked drugs are somewhere in a gray area. These gray areas exist in every area of life, and a lot of libertarians seem to miss them, because they don't fit cleanly into the list-of-rights-granted-by-God/Rand/TheConstitution model. (For some discussion by a libertarian who understands them very well, see David Friedman's wonderful book _Law's Order_.) >--Tim May --John Kelsey, kelsey.j at ix.netcom.com PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259 From mv at cdc.gov Fri Apr 25 11:26:47 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 25 Apr 2003 11:26:47 -0700 Subject: [Erosion of ISP liability-freedom]: schoolscandals.com bullied into closure Message-ID: <3EA97DE7.5D239D18@cdc.gov> Student Insult Web Site Closed Operators blame public outcry over postings of crude, malicious rumors. By Erika Hayasaki, Times Staff Writer A Web site that published crude and malicious rumors about Southern California middle and high school students was shut down Thursday after a public outcry from parents and students. Schoolscandals.com, a 3-year-old Web site run by Western Applications, a Nevada-based corporation, had featured links for chat rooms about nearly 100 Southern California middle and high schools with postings referring to students as "whores," "sluts" and "losers." Those chat rooms are now closed, and a message reads that the bulletin board has been suspended "until some method could be devised to control the content on the forum There is nothing any of us can do about it. We have no money, so we have no power." Ken Tennen, a West Hills attorney who represents the Web site owners, did not return telephone calls Thursday, although he told The Times last week that those who were calling for the site to be shut down were trying to "silence free speech." Ray Lopez, producer of the "John and Ken Show" on KFI-AM (640) radio, said they first aired a segment about the Web site last week after reading about it in The Times, and received hundreds of e-mails and telephone calls from angry students and parents. "High school students are really insecure to begin with, and something just needed to be done about this," Lopez said. One woman, whose son attends a Las Virgenes School District school and who had counseling after being ridiculed on the site, said she was thrilled that it was shut down. "I am glad the Web site is over and [my son] is glad it's done," she said. "He doesn't want to be hurt anymore, and he doesn't want other kids to be hurt." The message now on the site complains about the radio station's campaign against it. A 1996 federal law protects many Internet service providers from lawsuits about their content. Only those sites that hold the right to create and edit material on their sites can be held liable for content, said Mark Radcliffe, a cyberspace and new media law attorney. http://www.latimes.com/news/local/la-me-scandal25apr25,1,1974090.story?coll=la%2Dheadlines%2Dcalifornia ----- "Montag, why do you burn books ?" "It's a job like any other, pay is good and there is a lot of variety". -F451 From mv at cdc.gov Fri Apr 25 12:07:07 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 25 Apr 2003 12:07:07 -0700 Subject: Thanks for the living hell, and question about OpenSSL Message-ID: <3EA9875B.3C71F82B@cdc.gov> At 02:20 PM 4/25/03 -0400, someone claiming to be Patrick Chkoreff wrote: I was mistakenly thinking that because my sacred code did not >in fact record any IP-based transmission logs, users were safe as far >as anonymity and privacy were concerned. What I missed was that if >someone put a gun to my head Generally in security analysis you want to list threat models and how you resist (or not) them. >From this you can derive a spec. Often threats *not* considered provide easy attacks simply because the design didn't consider them. You will always find some attacks that will work, but are expensive for the adversary. Checked your keyboard for keystroke loggers recently, Mr. Scarfo? Swept your room for video bugs? Got a guy with a gun and a dog watching what gets pressed against the fingerprint scanner? And how much does he get paid? (CIA CI chief Aldritch was under $2e6, FBI CI mole Hanssen was cheaper, but his wife wasn't included in the deal, though his stripper got some.) This leads to the conclusion that security is economics + physics. The goal is to make attacks more expensive to your adversary, at "reasonable" cost to you. Subpeonas are cheap to some. ------ _Enemy of the State_ Easter Eggs: * In EotS, the birthdate of the evil spook (Thomas Reynolds, played by Jon Voight) is 9-11-40. (The movie was released in 1998.) * EotS was produced by "No Such Productions" * The screenwriter's surname is Marconi. From zenadsl6186 at zen.co.uk Fri Apr 25 04:45:08 2003 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Fri, 25 Apr 2003 12:45:08 +0100 Subject: Military Drops OpenBSD Funding Because of de Raadt's Antiwar Comment In-Reply-To: <3EA27941.5050400@algroup.co.uk> Message-ID: Ben Laurie wrote: >> There are potential problems ahead for OpenSSL in the UK. The EU dual-use/ >> (including crypto) export control regulations might be about to be >> implemented here, under the Export Control Act 2002,.. but it won't affect >> the actual releases, just talking about them beforehand... > > Amusing. Not. Incidentally, OpenSSL is (currently) hosted in > Switzerland, if that matters. > > Cheers, > > Ben. It looks like you'll need a licence (or registration) to run a mirror of the BSD's, Linuxes, etc.. Will probably apply in all EU countries soon. -- Peter Fairbrother From timcmay at got.net Fri Apr 25 12:58:02 2003 From: timcmay at got.net (Tim May) Date: Fri, 25 Apr 2003 12:58:02 -0700 Subject: Thanks for the living hell, and question about OpenSSL In-Reply-To: <9CC28A08-774A-11D7-ADBD-000393D91E36@fexl.com> Message-ID: <38F04F54-7758-11D7-B966-000A956B4C74@got.net> On Friday, April 25, 2003, at 11:20 AM, Patrick Chkoreff wrote: > Sincere thanks to everyone for the living hell I went through > yesterday. > > I do understand the rationale for blinding now. The math was never the > problem. I was mistakenly thinking that because my sacred code did not > in fact record any IP-based transmission logs, users were safe as far > as anonymity and privacy were concerned. What I missed was that if > someone put a gun to my head and said "Put in some code to keep > transmission logs and don't tell anybody or I'll kill your family," I > would in fact obey and the security of the system would be compromised > without anyone knowing. As RAH says, force monopolies are a bitch. More importantly, if there is any way for you to track digital money, then whether you _claim_ to be "not recording" or not is irrelevant. Without blinding (or similar), a system is just another "trust me" system. And "trust me" systems are not interesting. Not meaning to sound too harsh, but you need to think deeply about what cryptography is all about and why "trust me, I promise not to look" systems are not desirable or interesting. (The cipher equivalent of your "because my sacred code did not in fact record any IP-based transmission logs" is just the usual central key server example: "Digital Datawhack generates keys for its customers but does not in fact record them." Yeah, right.) --Tim May "A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the Public Treasury. From that moment on, the majority always votes for the candidate promising the most benefits from the Public Treasury with the result that a democracy always collapses over loose fiscal policy always followed by dictatorship." --Alexander Fraser Tyler From jya at pipeline.com Fri Apr 25 13:43:51 2003 From: jya at pipeline.com (John Young) Date: Fri, 25 Apr 2003 13:43:51 -0700 Subject: Quarantines may be justified [Santorum] In-Reply-To: <3EA962D4.530899A@cdc.gov> Message-ID: It is a fact that those who protest the loudest engage in what they protest against, which is why they scream for attention to their inversion. Saith Sigmund Freud, a pederast, little girls sometimes, boys will do, but best of all polymorphous perversion. Freud's insight is amply exhibited here, but also at DoD, State and Saturday AM radio huzzanahs to the peaceloving peoples of the world: meaning gold-plated CEOs, wealth hoarders, ragers against ill-blamed inheritors of the plundered planet. You hear somebody call for birth control among the heathen, to slaughter the procreaters, grab your wallet, chastity belt your cute little daughter for the sonsbitches who want it all are coming to hurt you and yours as if a birthright of supremacists. That's what Santorum is braying of his kind. From pbaker at verisign.com Fri Apr 25 13:58:06 2003 From: pbaker at verisign.com (Hallam-Baker, Phillip) Date: Fri, 25 Apr 2003 13:58:06 -0700 Subject: [Asrg] A New Plan for No Spam / Velocity Indicator Message-ID: All, I finally got the revision of my paper 'A Plan for No Spam' through legal and posted to the VeriSign Web Site. It is in PDF (sorry no HTML or plaintext version). http://www.verisign.com/resources/wp/spam/no_spam.pdf I would draw folks attention to the Velocity Indicator described in the Authentication section. This provides an overview of the trusted hardware scheme I devised a few months back. While this is a proprietary technology which we have applied for patent protection on and intend to enforce those rights the scheme requires trusted hardware as a precondition and so the license costs would fall on the harware vendor, not the software developer so the patent would not be a bar to open source implementations (unless there is a GNU CPU planned). This post does not waive the rights VeriSign has to that technology, etc. I will be publishing a fuller paper on the scheme in the large at a later date. However here is a brief summary: The trusted hardware base can be anything that is manufactured in controlled conditions. It could be a palladium class PC, but it could equally be simply a trusted bios, or a PDA feature, or it need not be a PC at all, it could be a peripheral such as a smartcard or even a cable modem, nat box, anything you like. In the simplest version of the scheme a private key, a certificate and the current time are loaded into the TCB during manufacture. To create a message the client asks the TCB to provide an authenticator token bound to the message in the usual fashion. This carries the 'velocity indicator' as an authenticated attribute. Each time a signature is created the velocity indicator is updated to reflect the current rate of signing (you could also have a count of the total signatures over the lifetime of the message). This could be the signatures in the past hour and the past day (say). When a recipient receives a message the velocity indicator and signature are checked. The probability that a message is spam is low if BOTH the signature binds to the specific delivery of the message to the user (i.e. has a valid to: field) and the velocity indicated is low. There are a couple of possible tweaks to protect anonymity. For example it is not necessary that the signature be bound to a particular key. You could use the key installed during manufacture to request new keys. You can even partition the box so you have separate counts for different signers (this could be appropriate for a bulk emailer box). If someone takes a box apart and extracts a key we revoke it - not such a big issue as you might think, the gaming studies we have done show that that would be a very poor strategy for an attacker. In essence what we have done is to reinvent the 'sender-pays' concept - hence my previous arguments against handing over actual cash. It is not necessary to have the expense of a transfer system with all the excessive mechanism to prevent fraud that would entail. All that is necessary is the scarcity property of money which we simulate in an entirely scalable fashion. Unlike hashcash and the like this scheme is not vulnerable to moore's law or assumptions of computational cost. The one big drawback is that is does depend on replacing the hardware of the Internet. This is not actually as big a deal as it sounds since it need not be the PC, it could be a cable modem or a NAT box or even a dongle. We could even sell/rent a box to an ISP that would be built on trusted hardware that would sign all the emails going through their mail servers with the velocity indicator being recorded on a per IP address basis. Bulk mailers that send out mailing lists etc have to be dealt with differently but they cannot conceal the fact they are generating large numbers of emails. There is also a layer to defend against certain obvious abuses and such but I will describe those separately since they don't depend on the trusted hardware. Here I have to untangle an issue that came up with the Borderware people who have had similar ideas to some we came up with but I could not talk about at the time. Phill _______________________________________________ Asrg mailing list Asrg at ietf.org https://www1.ietf.org/mailman/listinfo/asrg --- end forwarded text --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From timcmay at got.net Fri Apr 25 14:07:10 2003 From: timcmay at got.net (Tim May) Date: Fri, 25 Apr 2003 14:07:10 -0700 Subject: Censorship: state bans games that kill pigs In-Reply-To: <3EA9765E.CDB41660@cdc.gov> Message-ID: > Wash. to ban 'violent' book sales > State law will levy $500 fines to anyone selling violent books to > those under 21, or those adjudged violent, or those on a list..... > ... > The bill passed the Senate 47-7 and is expected to be signed into law > by This is not of course the actual text of the story, but it could be. We are getting closer and closer with each passing year to wholesale bans on writings, on expressed thoughts, on art, on music. The principle is the same. When a state actor claims to be able to ban speech, whether in books or magazines or video games, those involved should be dealt with appropriately. Trusting the courts is not enough. The Courts, including the Supreme Court, are themselves deeply implicated in unconstitutional police state measures. --Tim May "That the said Constitution shall never be construed to authorize Congress to infringe the just liberty of the press or the rights of conscience; or to prevent the people of the United States who are peaceable citizens from keeping their own arms." --Samuel Adams From timcmay at got.net Fri Apr 25 14:19:49 2003 From: timcmay at got.net (Tim May) Date: Fri, 25 Apr 2003 14:19:49 -0700 Subject: War Criminals or Illegal Combatants? Message-ID: Bottom Line: These so-called Americans have got to go. CNN is reporting that the Big Debate about the rounded-up Iraqi leadership is whether the many Liberated Illegal Regime Members, a la Tariq Aziz and the other 54 spades, hearts, clubs, and diamonds, are to be treated as "prisoners of war," and hence subject to the Geneva Conventions ("name, rank, serial number") or are to be treated as "illegal combatants" (torture, metal cages, withholding of food and water, sodium pentothal, shipment to Guantanamo Bay in metal boxes). When one is an "illegal combatant" in one's own country, we know the U.S. is run by characters out of Alice in Wonderland. I would say more, and more angrily, as I just did before deleting my paragraphs, except I don't desire a fatal visit by our Thought Police, aka the SS. What a fucking fascist country we have become. Fuck it dead. Piss on its corpse. Maybe something will then grow out of it. --Tim May, Occupied America "They that give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759. From patrick at fexl.com Fri Apr 25 11:20:37 2003 From: patrick at fexl.com (Patrick Chkoreff) Date: Fri, 25 Apr 2003 14:20:37 -0400 Subject: Thanks for the living hell, and question about OpenSSL Message-ID: <9CC28A08-774A-11D7-ADBD-000393D91E36@fexl.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sincere thanks to everyone for the living hell I went through yesterday. I do understand the rationale for blinding now. The math was never the problem. I was mistakenly thinking that because my sacred code did not in fact record any IP-based transmission logs, users were safe as far as anonymity and privacy were concerned. What I missed was that if someone put a gun to my head and said "Put in some code to keep transmission logs and don't tell anybody or I'll kill your family," I would in fact obey and the security of the system would be compromised without anyone knowing. As RAH says, force monopolies are a bitch. So I'm taking blinding under my wing and working out some example scenarios of exactly how a system might work. I want to be able to describe it to novices. For example, you go to the post office and ship 10 gold coins to such-and-such bank. After they receive the coins, you fire up this program on your computer and do this-and-that. Then to transmit value to your friend in Helsinki, you do this other thing over here. Then your friend in Helsinki fires up a program and does such-and-such, and three days later 7 gold coins appear on his doorstep. That kind of thing. Something that makes a roomful of people who know nothing about modular arithmetic brighten up and think "Hey, I really think I could *use* that." On a technical note, I really like what I see at http://openssl.org and I'm mucking around with it as a possible platform. Does anybody have any comments or concerns regarding the suitability of OpenSSL for the purposes we are discussing here? - -- Patrick http://fexl.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPql8dlA7g7bodUwLEQKZVACgsNa3EpC7JbZU8uG2HiSmwuj91MoAoL4Z h5uLPRjXdbdOtCCTsclCAy8X =YlsU -----END PGP SIGNATURE----- From mv at cdc.gov Fri Apr 25 14:33:48 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 25 Apr 2003 14:33:48 -0700 Subject: [Brinworld] PhoneCam vs. court; Publishing faces from the street Message-ID: <3EA9A9BB.EEE7EBBB@cdc.gov> Man fined for taking photo with phone A man has been fined for apparently taking a photograph of a defendant in court using a mobile phone, it emerged today http://www.ananova.com/news/story/sm_773538.html?menu=news.technology Teacher sets up drug dealer 'web watch' A teacher sick of drug dealers and addicts in his neighbourhood has taken the drastic measure of posting their pictures on the internet. John Messiter says he has decided to secretly photograph those terrorising the area and make their images public. http://www.ananova.com/news/story/sm_773853.html?menu=news.technology Interesting privacy/public and libel implications in the latter. From timcmay at got.net Fri Apr 25 15:32:42 2003 From: timcmay at got.net (Tim May) Date: Fri, 25 Apr 2003 15:32:42 -0700 Subject: double-spending prevention w. spent coins In-Reply-To: <5.1.1.6.2.20030424214841.02ce9738@idiom.com> Message-ID: On Thursday, April 24, 2003, at 10:10 PM, Bill Stewart wrote: > Depending on what you're trying to accomplish with your digital cash, > one mode or the other may be useful. Hettinga would probably contend > that > the first-use model is much cheaper and more efficient, > because it avoids the costs of creating and tracking user identities > and tieing it to the world in book-entry fashion. > If you're trying to use it for something like remailer tokens > rather than real cash, that's certainly the case. > > On the other hand, the identity-embedding models have tended to be > more prominent around Cypherpunks, partly because it has its own > technically interesting characteristics, and may have problems > that it can solve, but also because it prevents some kinds of fraud, > such as making it harder for the bank to claim that a coin has already > been spent. I have a _completely_ different impression of which model has been more prominent around Cypherpunks. I agree that Chaum and Brands have had more regime-friendly schemes, heavily involving identity revealing under some circumstances, but I would hardly say that they are either prominent Cypherpunks or that their approaches are prominent _around_ Cypherpunks. The earliest Chaum system, circa 1985-89, sought to preserve full 2-way untraceability via online clearing. Later Chaum systems--and Brands systems at all times, as I recall--made various compromises in what I think were ill-fated attempts to be more palatable to the various dictators in the world. I also disagree that a model where identity is embedded in digital money has more technically interesting characteristics than a pure, first-class system has. More cruft and more baroqueness, yes, as all such systems somehow requiring identity or "is-a-person" credentials, no matter how well disguised, have more cruft and baroqueness. A clean system requiring no identity would be much more interesting to see today. It's how bearer bonds and "markers" and various other forms of money (IOUs, chop marks, warehouse receipts, "pay to the holder of" forms) work. Systems based on identity, even when the identity is only findable via alleged double spending, are more like certain kinds of checks. This is also cleaner in that the security for not letting the digital money leak out (be copied) belongs where it should belong: with the holder. If the would-be double spender was merely careless with his digital money, by allowing the critical numbers to be seen by others, then he is justly punished by having another "get to the train station locker" before he did. If he _himself_ attempts to double spend...well, this is impossible in a system where the first presenter (first to the train locker) gets the money (contents of the locker). Online clearing also offers the best way to "ping" digital cash systems. (Which is the protection against a bank attempting with any regularity to make claims that money was already withdrawn, that a digital money token was already "spent.") From my 1994 Cyphernomicon (accessible via searching with Google, of course): "12.6.5. Double spending - Some approaches involve constantly-growing-in-size coins at each transfer, so who spent the money first can be deduced (or variants of this). And N. Ferguson developed a system allowing up to N expenditures of the same coin, where N is a parameter. [Howard Gayle reminded me of this, 1994-08-29] - "Why does everyone think that the law must immediately be invoked when double spending is detected?....Double spending is an informational property of digital cash systems. Need we find malicious intent in a formal property? The obvious moralism about the law and double spenders is inappropriate. It evokes images of revenge and retribution, which are stupid, not to mention of negative economic value." [Eric Hughes, 1994-08-27] (This also relates to Eric's good point that we too often frame crypto issue in terms of loaded terms like "cheating," "spoofing," and "enemies," when more neutral terms would carry less meaning-obscuring baggage and would not give our "enemies" (:-}) the ammunition to pass laws based on such terms.) 12.6.6. Issues + Chaum's double-spending detection systems - Chaum went to great lengths to develop system which preserve anonymity for single-spending instances, but which break anonymity and thus reveal identity for double- spending instances. I'm not sure what market forces caused him to think about this as being so important, but it creates many headaches. Besides being clumsy, it require physical ID, it invokes a legal system to try to collect from "double spenders," and it admits the extremely serious breach of privacy by enabling stings. For example, Alice pays Bob a unit of money, then quickly Alice spends that money before Bob can...Bob is then revealed as a "double spender," and his identity revealed to whomver wanted it...Alice, IRS, Gestapo, etc. A very broken idea. Acceptable mainly for small transactions. + Multi-spending vs. on-line clearing - I favor on-line clearing. Simply put: the first spending is the only spending. The guy who gets to the train locker where the cash is stored is the guy who gets it. This ensure that the burden of maintaining the secret is on the secret holder. --Tim May "He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you." -- Nietzsche From timcmay at got.net Fri Apr 25 15:51:15 2003 From: timcmay at got.net (Tim May) Date: Fri, 25 Apr 2003 15:51:15 -0700 Subject: Thanks for the living hell, and question about OpenSSL In-Reply-To: <74867AE0-7769-11D7-ADBD-000393D91E36@fexl.com> Message-ID: <6BC8B3A7-7770-11D7-B966-000A956B4C74@got.net> On Friday, April 25, 2003, at 03:01 PM, Patrick Chkoreff wrote: > The question of whether digital notes can circulate in the wild without > server contact but with the ability to identify double-spenders later > is up for grabs. Hettinga likes that feature for intrinsic reasons > having nothing to do with network reliability or ubiquity. I find it a > bit appealing myself because it can help support small social nets of > accountability. I have not reviewed the math in detail, but am I to > understand that under this protocol ONLY double-spenders can be > identified? That is, if you do not double-spend can you be guaranteed > anonymity from other recipients down the spend chain? > > Obviously those in the know share a common threat model that demands > blinding. Certainly that has serious implications for the server. In > a non-blinded system you can just store a small number of unspent coins > and the server can do tricks like include an lseek number in the coin > data to make lookup extremely fast. But nobody wants an non-blinded > system. Consequently, the server must store a large number of spent > coins and because coin identifiers are created randomly out in the wild > there is no convenient embedded lseek number. But yes, it is extremely > cool that you can get the bank's signature on X without actually > revealing X to the bank. Regarding "digital notes circulating in the wild without server contact," you need to look at some of the articles here (Cypherpunks) from around 1994-97 on "money changing." Cf. articles by Doug Barnes, Ian Goldberg, myself, and others. Accessible via Google. Basically, there is no reason why intermediaries will not develop who agree to take in digital money and issue new digital money, for a fee. The operation of making change is just this. In principle, and probably fairly quickly in practice, the connection with an "issuing bank" (whatever that strange thing may be) is not needed often. "Everyone a moneychanger" and "agnostic" systems work for reasons that would take a lot of time to get into. Several dozen articles, as noted above, get into this. Having a solid, robust, core system of first-class objects is a step we haven't had. The Mark Twain Bank system was too expensive to do experiments with (and didn't last long enough), and so on for other toy systems. --Tim May "He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you." -- Nietzsche From mv at cdc.gov Fri Apr 25 15:54:05 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 25 Apr 2003 15:54:05 -0700 Subject: Authenticating Meat [was Re: Thanks for the living hell] Message-ID: <3EA9BC8D.F000B6D0@cdc.gov> At 06:01 PM 4/25/03 -0400, Patrick Chkoreff wrote: >Major Variola (ret) wrote: > >> At 02:20 PM 4/25/03 -0400, someone claiming to be Patrick Chkoreff >> wrote: > >(-: The sig is valid for the key at http://fexl.com/keys/patrick.txt) I didn't doubt that it was. However, my caveat remains true, and you haven't proved anything additional. An entity claiming that name, and claiming to be not-a-bot, and apparently controlling the DNS entry at the server I checked today for fexl.com today, has signed a message. Yep, I believe [1] that. I'm not picking on you. Neither am I trying to be a dick; skeptical socratics sometimes appear so. Check the archives for extended discussion as to what, exactly, signing proves. On the other hand, *whatever* entity has been signing these messages collects the reputations associated with them *more reliably*[1] than merely posting under your name. Maybe you're a 14 year old girl pretending to be an FBI agent pretending to be a cryptographer :-) Making the leap from key-holder to meatspace entity is unsound unless something in meatspace demonstrates it. You're all bits from here. ----- [1] Note that these beliefs are moderated by unfounded trust in PGP implem & algs, that you've protected your private key, etc. But we'll grant that for now. ----- "With a laser printer, you can get away with anything" --a Quark-using confederate in the late 80s, referring to the widespread trust of finely printed documents at the time From nobody at remailer.privacy.at Fri Apr 25 07:08:05 2003 From: nobody at remailer.privacy.at (Anonymous) Date: Fri, 25 Apr 2003 16:08:05 +0200 (CEST) Subject: Quarantines may be justified In-Reply-To: <20030420154854.GA1151@cybershamanix.com> Message-ID: <1f834686c2e498cc7727a177a3d09acf@remailer.privacy.at> Harmon Seaver wrote on April 20th, 2003 at 10:48:54 -0500: > On Sun, Apr 20, 2003 at 05:25:55PM +0200, Tarapia Tapioco wrote: > > > Harmon Seaver wrote on April 19th, 2003 at 13:54:57 -0500: > > > > > On Sat, Apr 19, 2003 at 12:30:22PM -0400, stuart wrote: > > > > > > > Smoking in public, that's an easy one to pick on. But the argument > > > > holds no water, unfortunately. Find me RELIABLE, UNBIASED evidence that > > > > second-hand smoke is actually dangerous, and I'll agree to ban smoking. > > > > > > > > > > I could care less what any report says, I get an immediate sick feeling > > > from breathing tobacco smoke. And a great many other people do as well. > > > > Then don't go where there's tobacco smoke. > > Right. Where is that? It's absolutely impossible to walk or ride a bike down > a city street without breathing tobacco smoke. I've walked down many city streets, and I rarely find myself breating tobacco smoke. > I'm always amazed at how many so-called libertarians don't get the concept > that their rights end where my nose begins. Everyone should have the right to > enjoy whatever drug they choose -- as long as their use of it doesn't interfere > with other people's rights to not use it. > So you really think some drug addict has a right to stand on the street > getting his fix and at the same time forcing it upon everyone else in the > immediate vicinity? I'm amazed that anyone too stupid to understand such a > simple concept is even able to type on a keyboard. > By the same logic, it should be alright for me to mix up some LSD and DMSO > and carry it in a little squirtgun to spray smokers with, right? If you think you have the "right" to demand to not smell my tobacco smoke when you willingly enter the area, can I demand that I have the "right" not to smell your various body odors? -- Tom Veil From timcmay at got.net Fri Apr 25 16:13:49 2003 From: timcmay at got.net (Tim May) Date: Fri, 25 Apr 2003 16:13:49 -0700 Subject: Thanks for the living hell, and question about OpenSSL In-Reply-To: <960C10CA-776D-11D7-ADBD-000393D91E36@fexl.com> Message-ID: <927D46A5-7773-11D7-B966-000A956B4C74@got.net> On Friday, April 25, 2003, at 03:30 PM, Patrick Chkoreff wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Tim May wrote: > >> Not meaning to sound too harsh, but you need to think deeply about >> what >> cryptography is all about and why "trust me, I promise not to look" >> systems are not desirable or interesting. > > I'm writing "(unblind (sign (blind X))) = (sign x)" on the board one > hundred times. You don't need to take our word for it--you need to see why modern cryptography avoids trust issues almost completely. I suggest that you dig up Chaum's "Communications of the ACM" paper from 1985: "Transaction Systems to Make Big Brother Obsolete." I read it when it came out, and it triggered many ideas. It's online, or was as of a few years ago. Also, look at his paper on "Dining Cryptographers" to see how information-theoretically secure messages can be sent. Forget worrying about the details of various ciphers in Schneier's book, at least until you have grasped the essence of not relying on trust or "I promise not to look" b.s. schemes. BTW, a more abstract book is Oded Goldreich's "Foundations of Cryptography--Basic Tools," 2001. A little disorganized in places, but lots of core concepts. When you have fully grokked the way messages can be sent without any practical way of tracing their origin, as in the dining cryptographers example, your eyes will be opened. And zero-knowledge interactive proof systems (ZKIPS) will blow your mind. Never again will you argue in terms of "trust me" and "so long as they don't subpoena me" and "I promise not to look." (My simple explanation of ZKIPS in terms of demonstrating a Hamiltonian cycle for a graph is in the archives, from around 1992-3.) --Tim May "Al Qaida was never the real threat...Afghanistan is." "Aghanistan was never the real threat...Iraq is." "Iraq was never the real threat...Syria is." "Syria was never the real threat...stay tuned." From timcmay at got.net Fri Apr 25 16:53:13 2003 From: timcmay at got.net (Tim May) Date: Fri, 25 Apr 2003 16:53:13 -0700 Subject: Thanks for the living hell, and question about OpenSSL In-Reply-To: <6BC8B3A7-7770-11D7-B966-000A956B4C74@got.net> Message-ID: <137C0DA8-7779-11D7-B966-000A956B4C74@got.net> On Friday, April 25, 2003, at 03:51 PM, Tim May wrote: > Regarding "digital notes circulating in the wild without server > contact," you need to look at some of the articles here (Cypherpunks) > from around 1994-97 on "money changing." > > Cf. articles by Doug Barnes, Ian Goldberg, myself, and others. > Accessible via Google. > > Basically, there is no reason why intermediaries will not develop who > agree to take in digital money and issue new digital money, for a fee. > > The operation of making change is just this. > I should have also made clear that the digital notes do not circulate around and around, without server contact (redemption). For one thing, such circulation would a) expose the digital numbers to copying by intermediaries and b) defeat the idea of untraceability. And if the note were not redeemable, the "stuckee" would have no recourse unless the identity of the links were known (and measures could be taken, blah blah). It is best to think of a digital note as a _relationship_ between a and b: aRb. An arrow. A transfer relationship. Alice sends to Bob a digital money token. What he does with it is another transaction (canonically, he sends it to a bank, and, if it is redeemed, he is satisfied. He may also be a bank, or the digital money token may be a form of money he recognizes, as with a remailer token, a stamp). It is best not to think of there being any intermediate steps. That is, any two nodes linked by an arrow have no other nodes between them. The token does not get passed from hand to hand to hand, no matter how complex a series of transactions is. (To do so invites copying, which leads to the double spending problems so often discussed.) (Digression: Even actual folding money works this way, basically. Alice transfers money to Bob who transfers it to Charles, and so on. Of course, with digital money the same token is not transmitted this way. Each stage effectively reissues the money (or Bob "redeems" the money at a bank, which is a special, terminal case).) "Money" is a loaded term, conjuring up various and often-contradictory images of paper notes, bullion, coins, IOUs, personal checks, cashier's checks, warehouse receipts, bearer bonds, drugs, artwork, wire transfers, SWIFT transfers, etc. The relationship R for money is something which needs to be discussed at more length: there may be forms of R for small value or coin-like uses, for medium value banknote-like uses, or even for high value bearer bond-like or bank-like uses. Just as there are many forms of non-digital money, for various uses and with various levels of security and authentication, so too must one expect various kinds of digital money. First class objects are critically important here, but not in a "one size fits all" sense. (Not sure if this is clear or not...as I said, much more needs to be said.) One of the interesting properties of the relationship R is that it involves _belief_. This is really what money is all about. The fact that one's belief that a $20 banknote with the right Andrew Jackson portrait on it is "real money" is only an expression of one's belief that the odds of it not being accepted by some other party, or by the U.S. Treasury, is close to nil. In areas where banknotes are more commonly forged, and thus not accepted, such a belief would be naive. And so on for various other forms of money. Even digital money. Which gets us into reputations and ping systems (with blinding, an issuer can decide to "burn" (renege on) particular users, which makes repudiation difficult and not something banks which wish to stay in business will lightly do). Properties of these graphs (or, in certain interesting cases, lattices) are crucial to understanding digital money. --Tim May "The Constitution is a radical document...it is the job of the government to rein in people's rights." --President William J. Clinton From shaddack at ns.arachne.cz Fri Apr 25 08:19:52 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Fri, 25 Apr 2003 17:19:52 +0200 (CEST) Subject: Military Drops OpenBSD Funding Because of de Raadt's Antiwar Comment In-Reply-To: Message-ID: On Fri, 25 Apr 2003, Peter Fairbrother wrote: > It looks like you'll need a licence (or registration) to run a mirror of the > BSD's, Linuxes, etc.. > > Will probably apply in all EU countries soon. Do you have more informations about this, please? My Wise Government is doing their first and last to join that gang of thughs. I don't think that requiring registration for hosting free software is exactly consistent with their perpetual claims about how free they are and how much more free we will be when we will be assimilated... From justin at soze.net Fri Apr 25 10:41:04 2003 From: justin at soze.net (Justin) Date: Fri, 25 Apr 2003 17:41:04 +0000 Subject: Quarantines may be justified [Santorum] In-Reply-To: <3EA962D4.530899A@cdc.gov> References: <3EA962D4.530899A@cdc.gov> Message-ID: <20030425174104.GB25990@dreams.soze.net> At 2003-04-25 16:31 +0000, Major Variola (ret) wrote: > But, Santorum needs to be tried & hung for what he meant. Do you have plans to try and hang the Supreme Court Justices who upheld Sodomy laws in Bowers v Hardwick? What about the significant minority of Americans who'd completely agree with Santorum's remarks? The Justices involved with the majority opinion in Bowers, most notably ex-Justice Lewis Powell, need some S&M experience with Satan far more desperately than does Santorum. Santorum's just a patsy. -- Freedom's untidy, and free people are free to make mistakes and commit crimes and do bad things. They're also free to live their lives and do wonderful things. --Defense Secretariat, 2003-04-11 From patrick at fexl.com Fri Apr 25 15:01:24 2003 From: patrick at fexl.com (Patrick Chkoreff) Date: Fri, 25 Apr 2003 18:01:24 -0400 Subject: Thanks for the living hell, and question about OpenSSL In-Reply-To: Message-ID: <74867AE0-7769-11D7-ADBD-000393D91E36@fexl.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Major Variola (ret) wrote: > At 02:20 PM 4/25/03 -0400, someone claiming to be Patrick Chkoreff > wrote: (-: The sig is valid for the key at http://fexl.com/keys/patrick.txt) > I was mistakenly thinking that because my sacred code did not >> in fact record any IP-based transmission logs, users were safe as far >> as anonymity and privacy were concerned. What I missed was that if >> someone put a gun to my head > > Generally in security analysis you want to list threat models and how > you resist (or not) them. > From this you can derive a spec. ... > This leads to the conclusion that security is economics + physics. The > goal is > to make attacks more expensive to your adversary, at "reasonable" cost > to you. > > Subpeonas are cheap to some. True. From the thrashing I took yesterday, I conclude that subpoenas and other forceful means of system compromise are very cheap indeed. That assumes the system is big enough to matter to the bad guys, which is definitely false at initial rollout but from the looks of this crowd is likely to remain false forever if the system cannot guarantee protection against that threat. Everybody here wants an improvement over book-entry systems, but nobody will settle for anything less than fully blinded digital notes. The question of whether digital notes can circulate in the wild without server contact but with the ability to identify double-spenders later is up for grabs. Hettinga likes that feature for intrinsic reasons having nothing to do with network reliability or ubiquity. I find it a bit appealing myself because it can help support small social nets of accountability. I have not reviewed the math in detail, but am I to understand that under this protocol ONLY double-spenders can be identified? That is, if you do not double-spend can you be guaranteed anonymity from other recipients down the spend chain? Obviously those in the know share a common threat model that demands blinding. Certainly that has serious implications for the server. In a non-blinded system you can just store a small number of unspent coins and the server can do tricks like include an lseek number in the coin data to make lookup extremely fast. But nobody wants an non-blinded system. Consequently, the server must store a large number of spent coins and because coin identifiers are created randomly out in the wild there is no convenient embedded lseek number. But yes, it is extremely cool that you can get the bank's signature on X without actually revealing X to the bank. Certainly there are more detailed threats than forced compromise to consider. Some precautions you take just because you can -- lock and randomize memory for example. But whether you turn on internal churning mechanisms to prevent timing attacks, put ceramic caps on memory components, put boxes in Faraday cages, etc. is another story altogether. - -- Patrick http://fexl.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPqmwOVA7g7bodUwLEQIW2QCgqNLLeEA/PbOe3dgazARsXvEJJVoAoLYi nPzuhTdEBoXQs0BJ8ysLz92c =E5lc -----END PGP SIGNATURE----- From mv at cdc.gov Fri Apr 25 18:25:22 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 25 Apr 2003 18:25:22 -0700 Subject: Thanks for the living hell, and question about OpenSSL Message-ID: <3EA9E001.DE109161@cdc.gov> At 04:13 PM 4/25/03 -0700, Tim May wrote: >Forget worrying about the details of various ciphers in Schneier's >book, Indeed. I entered crypto interested in how ciphers worked. (Avalanche, my boy, avalanche). But all you need to know is what they do, and a few properties of noise. Similarly with PK ciphers. Just know that RSA lets you use insecure channels, and you don't have to be online. DH does same, but requires online-ness. Only a few need actually worry about implementation details. The more sophisticated protocols that use these components --Blind this, Dining that, Split it N ways, Sign here-- are the building blocks that app designers ought to know. Again, one needs to know what's possible with the protocols, not how to do them. [This is not to say that undergrads should not be exposed to them, much as they derive things in school which later they'll merely know exist, and can look up if necessary. Neither is it to denigrate those who study, invent, maybe improve these things.] Got Montgomery multiplication? From patrick at fexl.com Fri Apr 25 15:30:58 2003 From: patrick at fexl.com (Patrick Chkoreff) Date: Fri, 25 Apr 2003 18:30:58 -0400 Subject: Thanks for the living hell, and question about OpenSSL In-Reply-To: Message-ID: <960C10CA-776D-11D7-ADBD-000393D91E36@fexl.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tim May wrote: > Not meaning to sound too harsh, but you need to think deeply about what > cryptography is all about and why "trust me, I promise not to look" > systems are not desirable or interesting. I'm writing "(unblind (sign (blind X))) = (sign x)" on the board one hundred times. - -- Patrick http://fexl.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPqm3I1A7g7bodUwLEQLBtQCgxyXbUvKDtgfIM1yPdpy1CuynegMAnjWd NDt1h4fmiu1OBreIZdrc8CnV =deYX -----END PGP SIGNATURE----- From nobody at remailer.privacy.at Fri Apr 25 10:28:10 2003 From: nobody at remailer.privacy.at (Anonymous) Date: Fri, 25 Apr 2003 19:28:10 +0200 (CEST) Subject: Quarantines may be justified In-Reply-To: Message-ID: <418470244d3a1a238d731638ae9a6ac7@remailer.privacy.at> Thomas Shaddack wrote on April 15th, 2003 at 23:30:57 +0200: > On 14 Apr 2003, Tom Veil wrote: > > > If I want to keep secret the details of something I make, it is my right > > to do so. > > Then I have the right to appropriately dislike you, and to > reverse-engineer the "product", which is so shoddy that you are ashamed of > documenting its internals, and to publish it. I've never said that people should be legally punished for tinkering with the stuff they've bought, nor do I think they should. (snipped) > > Don't like it? Don't fucking buy it. > > THERE IS NO CHOICE! Well I guess that's tough, isn't it? There simply isn't much of a market for open, fully-documented products. Of course, you are free to make your own fully-documented, open-source products, or encourage those companies to make documentation available to implementers and administrators. > > Any communist maggots that murder, or attempt to murder people for merely > > keeping secret the details of the stuff they make and sell should be bound, > > gagged, tortured, then taken out back to have their skulls crushed with a > > sledgehammer until their brains start oozing out their ears. > > ...and after you kill off all the technicians with a peeve against the > money-hungry corporations (read: everyone who ever tried to do some real > work on a budget), you will pay through your nose for every hiccup, and > not only in money, but also in time loss and in being whined at for not > being able to do something immediately. I didn't say anything about killing technicians. I _did_ say things about killing people who would murder others for keeping secrets. > I could talk for long about "intellectual property", my pet peeve, but one > paragraph will do. There was no such concept for millenia. While protecting IP is a duly authorized power of the US government, the way it extends protection for periods of time sometimes spanning the entire course of an average human lifespan, is far beyond any reasonable interpretation of the "limited Times" proviso in Article I, Section 8, and such excessively long periods of protection should be ruled unconstitutional. As for the DMCA, it is simply an atrocity. Obviously unconstitutional. > And then you come and have the balls to defend the "right" of the > vendors to not reveal how crappy and unfinished is what they dare > to call a "product".) I defend the right of EVERYONE to try and keep stuff secret that they want to keep secret. Of course, tough shit if somebody discovers this secret in a non-coercive fashion. > Vendors, who keep crucial informations away from the customers, should be > shot. If you attempt to shoot people for the "crime" of keeping something secret, I will ally with them in efforts to liquidate you. > The ones, who try to sue the reverse engineers, should be boiled in > oil before being shot. This may be acceptable. Actually, the members of Congress who enabled these sorts of lawsuits should be liquidated. -- Tom Veil From patrick at fexl.com Fri Apr 25 16:49:23 2003 From: patrick at fexl.com (Patrick Chkoreff) Date: Fri, 25 Apr 2003 19:49:23 -0400 Subject: Correction In-Reply-To: <960C10CA-776D-11D7-ADBD-000393D91E36@fexl.com> Message-ID: <8A5D60C1-7778-11D7-ADBD-000393D91E36@fexl.com> > I'm writing "(unblind (sign (blind X))) = (sign x)" on the board one > hundred times. Waste of bandwidth I know, but it's bugging the hell out of me. Please upper-case that 'x'. -- Patrick From justin at soze.net Fri Apr 25 14:02:10 2003 From: justin at soze.net (Justin) Date: Fri, 25 Apr 2003 21:02:10 +0000 Subject: Censorship: state bans games that kill pigs In-Reply-To: References: <3EA9765E.CDB41660@cdc.gov> Message-ID: <20030425210210.GC25990@dreams.soze.net> At 2003-04-25 20:07 +0000, Thomas Shaddack wrote: > > Wash. to ban 'violent' game sales > > State law will levy $500 fines to anyone selling Grand Theft Auto to > > children. > > I think I know what will become the #1 CD of school playground "swap > meetings". Don't forget zero tolerance. If caught, they'll be suspended or expelled or transferred. I've never understood the concept of expulsion from public school before age 16. "You must go to school" then "you must not go to school" seems rather silly to me. I guess it's better to have them running around neighborhoods in gangs with real guns than going to school and using chicken strips to shoot at teachers. About the cd swapping, maybe their parents will go to jail, too. That's going to be really productive for shaping the child's or young teen's perception of society. -- Freedom's untidy, and free people are free to make mistakes and commit crimes and do bad things. They're also free to live their lives and do wonderful things. --Defense Secretariat, 2003-04-11 From patrick at fexl.com Fri Apr 25 18:54:33 2003 From: patrick at fexl.com (Patrick Chkoreff) Date: Fri, 25 Apr 2003 21:54:33 -0400 Subject: Thanks for the living hell, and question about OpenSSL In-Reply-To: Message-ID: <07244BFE-778A-11D7-ADBD-000393D91E36@fexl.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tim May wrote: >> I'm writing "(unblind (sign (blind X))) = (sign X)" on the board one >> hundred times. > > You don't need to take our word for it--you need to see why modern > cryptography avoids trust issues almost completely. No no, I'm not writing it out of blind obeisance. I actually see how and why blinding achieves anonymity and avoids the trust issue. When someone presents a note for redemption, the server literally has no way of knowing to whom that note was originally issued. All it knows, and all it can *possibly* know, is that it is a valid note that has not been redeemed. In the previous scheme I was simply not aware of this design goal. I did not even view my system as implying a promise not to look. I simply viewed it as a system that does not in fact look. But I see now why that's a problem, because (1) a system that does not look now can start looking tomorrow and (2) users have no way of knowing either way. So the promise of which you speak is in fact implied, as I know today after my cypher-hangover this morning. Nothing a four mile walk with the dog couldn't cure. > I suggest that you dig up Chaum's "Communications of the ACM" paper > from 1985: "Transaction Systems to Make Big Brother Obsolete." I read > it when it came out, and it triggered many ideas. It's online, or was > as of a few years ago. That's funny, it was a 1989 CACM article by J. Steensgaard-Madsen that triggered my ideas about purely function languages like Fexl. Classic stuff from the 80's. Thanks for the intriguing reference. > Also, look at his paper on "Dining Cryptographers" to see how > information-theoretically secure messages can be sent. > > Forget worrying about the details of various ciphers in Schneier's > book, at least until you have grasped the essence of not relying on > trust or "I promise not to look" b.s. schemes. Right, actually I'm scribbling out a system overview in terms of functions with specific properties independent of their implementation in modular arithmetic or anything else. Basic relationships like (encrypt (decrypt X)) = X, (unblind (sign (blind X))) = (sign X), (sign X) = (decrypt (hash X)). Definitions like a 'note' is . Identifying which functions are secret to whom and which are public. Generation procedures such as: given a public 'encrypt' function, generate a random pair of functions with specific desirable properties. All without reference to any specific number-theoretic + padding implementations. This helps me get a feel for the whole flow of the system and all it implies. That plus a strong platform like OpenSSL (I presume) should yield good application code. I'm not much of a GUI guy, so I may just do a reasonably substantial API layer, a tight set of user-side command line primitives, and a socket-based server program. Or I may just throw in the towel and burrow around in the Lucrative code, but I'm not much of a Java guy either. > BTW, a more abstract book is Oded Goldreich's "Foundations of > Cryptography--Basic Tools," 2001. A little disorganized in places, but > lots of core concepts. > > When you have fully grokked the way messages can be sent without any > practical way of tracing their origin, as in the dining cryptographers > example, your eyes will be opened. And zero-knowledge interactive proof > systems (ZKIPS) will blow your mind. Never again will you argue in > terms of "trust me" and "so long as they don't subpoena me" and "I > promise not to look." Again, I must stress that I was never *knowingly* advocating that users must "trust me." I was not aware until yesterday that "trust me" was, in fact, an implied premise in my system. Certainly if there was some meta-certain way for users to know that my system was not keeping records, it could work just fine. But there isn't, so it couldn't. > (My simple explanation of ZKIPS in terms of demonstrating a Hamiltonian > cycle for a graph is in the archives, from around 1992-3.) Sounds great. Thanks again. - -- Patrick http://fexl.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPqnm4FA7g7bodUwLEQKYrwCg96E4VRcEhFU2jfKspzN1qvY5pM4AoJgl QLFXpOib+vwB1WSDTiJQI/8X =vZt3 -----END PGP SIGNATURE----- From shaddack at ns.arachne.cz Fri Apr 25 13:07:07 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Fri, 25 Apr 2003 22:07:07 +0200 (CEST) Subject: Censorship: state bans games that kill pigs In-Reply-To: <3EA9765E.CDB41660@cdc.gov> Message-ID: > Wash. to ban 'violent' game sales > State law will levy $500 fines to anyone selling Grand Theft Auto to > children. I think I know what will become the #1 CD of school playground "swap meetings". Yet another feel-good law with no real impact! From timcmay at got.net Fri Apr 25 22:56:02 2003 From: timcmay at got.net (Tim May) Date: Fri, 25 Apr 2003 22:56:02 -0700 Subject: Making Money in Digital Money In-Reply-To: <20030426025046.A8088505@exeter.ac.uk> Message-ID: On Friday, April 25, 2003, at 06:50 PM, Adam Back wrote: > On Fri, Apr 25, 2003 at 03:32:42PM -0700, Tim May wrote: >> I have a _completely_ different impression of which model has been >> more prominent around Cypherpunks. > > Most people I've noticed prefer to avoid the "and then he goes to > jail" step because it invites regulation and government involvement, > is expensive and unappealing. It also involves a identifying > registration step to participate which is a barrier to entry. For now, I only want to say something about this. Not _exactly_ about this, but about the desire some players have to do certain things. These players being: -- some implementors -- and ESPECIALLY some start-up companies working to deploy systems (I don't necessarily mean ZK, but if the shoe fits....) -- and EVEN MORE ESPECIALLY most banks and financial institutions connected to these efforts And here's what they want to do: -- make money (a noble goal, but sometimes not realizable directly with an idea) -- avoid prosecution under the Freedom from Traitors Act, the Anti-Money Laundering Act, RICO, etc. I think it may just not be possible for some bright programmer to develop a solid digital money (henceforth, DM) system and deploy it while still making money, avoiding some kind of prosecution or lawsuit (civil lawsuits for many different reasons). A solid DM system, which Adam more or less included in his taxonomy of DM proposals, is a substantial threat to many special interests, to many governments, to various crime families (Corleone, Bush families), and so on. We've discussed the implications so many times it hardly bears repeating for me to even start on a laundry list. In many ways, the situation is a bit analogous to the dawn of printing, or to the dawn of radio. Entrenched interests affected, societal changes triggered. And while we don't have the Church to worry about today, we have millions of lawyers and regulators, ready to pounce on anything that has not been done before, ready to file lawsuits and RICO prosecutions at anything that smacks of tax evasion, money laundering, illegal financial support for outlawed religions, child porn, and on and on. Again, I won't compile a laundry list. If one thinks of "acceptable use policies," or Ebay's neverending dance with prosecutors and investigators over things bought and sold on their system, or Napster, the nightmare of having several floors full of lawyers to deal with these suits and prosecutions must be daunting to any established business thinking about providing untraceable DM. (Real money, real cash, would never get approval were it being introduced today, just as aspirin would never get FDA approval...perhaps a slight exaggeration, but the basic point is valid.) OK, where is this going? To cut to the chase: * Real DM will likely be introduced in a guerilla fashion, much as Pr0duct Cypher anonymously released Magic Money a decade ago. To this day, the identity of PC is unknown (though some folks think it must be a person with the initials _ _ ...naw, I'll leave the guessing off of the archives here!). * Releasing a DM system anonymously means no credit for the developer, except whatever satisfaction he gains from the work, from seeing the foundations shaken, and perhaps from a small group of friends who suspect it was his work. And he may be able to eventually prove authorship, or carefully set the release up so that he escapes prosecution. (Recall that PRZ was hounded and almost indicted for export of PGP when quite clearly he was not involved in the export, when that person named by Jim Warren (with initials _ _ ) was the one who apparently was a key player in the export. Consider the various RICO and Terrorism implications of a DM system which makes tax evasion, purchase of child porn, etc. suddenly very possible.) * In my view, not necessarily the view of everyone in the DM community, the Big Win for solid DM is in illegal markets, e.g., buying and selling child porn, bestiality, snuff images, etc., and in untaxed betting, buying and selling corporate information, and all the things which untraceability of a very strong form is needed for. Again, this laundry list of applications has been around for a long time. (I was invited to address a group in Redwood CIty at the home of Phil Salin in the summer of 1988, and outlined BlackNet, escrow accounts, contract killing markets, data havens, etc. The stuff mentioned in my Crypto Anarchist Manifesto, issued that summer.) All well known, and very controversial, applications. Applications the Feds will expend great amounts of money to try to stop. But it is this kind of an application that someone will be motivated to set up an untraceable DM account for...casual users will not even bother with PGP, let alone DM. * These applications are different from the "low value - low transaction cost" section of the scatter plot of "value of the information being hidden vs. cost to hide it" graph. At the low end, what I have sometimes called the "millicent ghetto," we have anonymous payments for subway travel, where the value of untraceability is fairly low and where the costs of getting it must then of course be proportionately low. This is the area where work on PDAs and smartcards touches on DM. Not very Cypherpunkly interesting, in my view. Higher on the value-cost graph might be remailer uses. Or buying Web pages. (Where one is willing to pay a few pennies per article to ensure that Big Brother can't compile dossiers.) And of course far to the right on the value axis and up on the cost axis are the uses where the cost of getting caught buying child porn, for example, is a multi-year prison sentence. Those in pedophile and similar trading rings are likely to be willing to pay a lot for protection. (Note that encryption, which they often use, is only one part of the total solution: their VISA bills and money orders are usually where they get caught. An untraceable DM system is needed. And, as we have discussed many times, much more than Chaum's "buyer is untraceable" is needed, as the FBI can set up stings to find the _sellers_. (For those squeamish with my use of child porn as an example should construct their own examples. ONe wag refers to sellers of images of "Women Without Veils" as a Western-friendly example. I like to cite selling birth control information: illegal in most Islamic countries. A DM system for such uses must be both buyer- and seller-untraceable. And probably bank-untraceable, though that's for another discussion.) * Anyone releasing such a strong DM system should be targeting the high end applications, where the needs for untraceability are very high and the willingess to pay the costs (in training, in network resources) is also high. * In my view, most who have looked to enter the DM market (such as Digicash, Mark Twain Bank, etc.) have shied-away from precisely the areas where untraceability meets a real market need. Most people don't care much about untraceability of tiny transactions (examples abound--even in my own case, I use my bank cards for nearly any purchase that is not small change). * But to release a product which meets these needs is to invite real trouble! (I met with two of the founders of Zero Knowledge entering the "untraceable mail" business several years ago. I outlined cases including users threatening the PM of Canada and of extortionists threatening to blow up a plane. And child porn. I argued that a company with a readily identifiable nexus of operation in a major city could not survive such uses...the archives contain a discussion of what we talked about.) * Note that "acceptable use policies" and "account cancellation" don't work for untraceable mail systems (except maybe after the fact, where a nym can be cancelled...not a huge obstacle when nym reputations are transferrable and where nyms are purchasable for $10 each per year, or somesuch...note that I'm not saying I liked the account orientation of Freedom Net, but even with their system the threat of account cancellation for violations of acceptable use policy was not terribly useful in this context). A digital money system where the DM may be "cancelled" will not fly. For various reasons. (Imagine your bank telling you that if they think you are violating their use policies they may simply seize your money and you'll be out of luck.) OK, again, where is this going? * It may be that pioneers in this area just won't be able to make any money. This is not new. Many discoveries did not enrich the discoverer. Sometimes they were recognized in their lifetimes, sometimes not. James Watt did not hold back on revealing his steam engine until he was assured that he would dominate the market. (Actually, James Burke used to do a lot of episodes on guys like Watt. I've forgotten whether or not Watt ever made a lot of money off of his invention...but I do know that the major steamship and machinery companies of the 1800s were not named after James Watt.) I believe David Chaum probably should have skipped the idea of having a company of his own and developing products which used his blinding techniques. He was already wealthy (and self-financed much of Digicash, as I understand the story, losing a lot of his own money in the process) so he could simply have licensed the patents and watched the fireworks. For those who really want to be the next Bill Gates, look elsewhere. There may be some bucks to be made, but with many problems. Even with some as relatively straightforward as PK crypto, it was touch and go for many years with RSA Security (according to my talks with Bidzos, and discussed in Levy's book "Crypto"), and it was fortuitous that a) software patents had just gotten rolling in time for them to capitalize on the confusion, and b) the rise of the Web in the mid-90s and the dot com boom happened in time for them to get rolling. (I don't follow their finances at all, so I don't know how well their business is doing.) Maybe the dot com crash is the best thing to have happened to our little community. Several years ago it seemed that everyone at a CP meeting was talking about the latest start-up company, or joining one, or starting one themselves. Now, things have come back to reality. And the reality is that someone or some group will combine enough protocols and algorithms, whether they are patented or licensed or not, and release a working DM system. Perhaps tied to an offshore bank, perhaps to something like PayPal, for redemption. And if they are smart, they'll stay anonymous. They for sure will not be a U.S.-based company, not if they are doing the things we want to see done. --Tim May From patrick at fexl.com Fri Apr 25 20:22:41 2003 From: patrick at fexl.com (Patrick Chkoreff) Date: Fri, 25 Apr 2003 23:22:41 -0400 Subject: Authenticating Meat In-Reply-To: Message-ID: <56FCA79E-7796-11D7-ADBD-000393D91E36@fexl.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Major Variola (ret) wrote: > I didn't doubt that it was. However, my caveat > remains true, and you haven't proved anything additional. Let me know when you're in the Jasper, Georgia area and we'll have a few beers. :-) > An entity claiming that name, and claiming to be > not-a-bot, and apparently controlling the DNS entry > at the server I checked today for fexl.com today, > has signed a message. Yep, I believe [1] that. That about sums up my digital identity, yes. The real Patrick is tied up in the cellar and I forced him to tell me his password. As the de Vere and Marlowe scholars might say, the works of Shakespeare were not written by Shakespeare, but by somebody else using that name. Not to compare myself with Shakespeare. All too often my words are full of sound and fury, signifying nothing. Like now. > I'm not picking on you. Neither am I trying to be a dick; > skeptical socratics sometimes appear so. Check the archives > for extended discussion as to what, exactly, signing proves. Will do, thanks. I have plenty of reading ahead of me. > On the other hand, *whatever* entity has been signing > these messages collects the reputations associated with > them *more reliably*[1] than merely posting under your > name. ... Well said. I find it utterly amazing that mere sequences of bits can accomplish this. > Maybe you're a 14 year old girl pretending to > be an FBI agent pretending to be a cryptographer :-) Oh God, so it's that obvious? I'm devastated. > Making the leap from key-holder to meatspace > entity is unsound unless something in meatspace demonstrates > it. All this talk about meatspace suggests we should have some spare ribs with those beers. Of course, writing style and personality can help expose private key hijacking and impersonation somewhat, though even that can be counterfeited. I can recognize a post by JP May with my eyes squinted, just looking at the shapes of the letters and paragraphs. But I bet I could do an utterly, mind-bogglingly good impersonation if I tried. > You're all bits from here. BE the bits. - -- Patrick http://fexl.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPqn7ilA7g7bodUwLEQIOBACg3TZd5QDrTRZrAfbQp5mL3zOmCSMAmweL SAuFYI7/FFp5ykM+uteVkrsZ =kNeU -----END PGP SIGNATURE----- From adam at cypherspace.org Fri Apr 25 18:50:46 2003 From: adam at cypherspace.org (Adam Back) Date: Sat, 26 Apr 2003 02:50:46 +0100 Subject: double-spending prevention w. spent coins In-Reply-To: ; from timcmay@got.net on Fri, Apr 25, 2003 at 03:32:42PM -0700 References: <5.1.1.6.2.20030424214841.02ce9738@idiom.com> Message-ID: <20030426025046.A8088505@exeter.ac.uk> On Fri, Apr 25, 2003 at 03:32:42PM -0700, Tim May wrote: > I have a _completely_ different impression of which model has been > more prominent around Cypherpunks. Most people I've noticed prefer to avoid the "and then he goes to jail" step because it invites regulation and government involvement, is expensive and unappealing. It also involves a identifying registration step to participate which is a barrier to entry. > I agree that Chaum and Brands have had more regime-friendly schemes, > heavily involving identity revealing under some circumstances, but I > would hardly say that they are either prominent Cypherpunks or that > their approaches are prominent _around_ Cypherpunks. The earliest Chaum > system, circa 1985-89, sought to preserve full 2-way untraceability via > online clearing. Later Chaum systems--and Brands systems at all times, > as I recall--made various compromises in what I think were ill-fated > attempts to be more palatable to the various dictators in the world. I think the controversy surrounding political friendliness was centered on properties which are not intrinsic but apparently selected by implementors or proponents: - there are five schemes we can look at: - chaum online (CON), chaum/ferguson offline (CFOFF), brands online (BON), brands offline (BOFF), brands p2p offline (BP2P), and wagner online (WON) - offline means payees can receive funds without connecting to the bank immediately to check validity; their remaining assurance of not accepting double-spent coins is that if a coin they receive is double spent the bank will learn who is responsible; all offline schemes also have an online deposit protocol for when the money is paid into the bank. - in fact offline coins generally can not be respent without exchanging for a fresh coin at the bank, so the offline function is perhaps better described as "delayed deposit". - for why this is the case consider bank -> U1 -> U2 -> U3 -> bank with 3 payer/payees U1, U2, U3; bank->U1 is withdrawal, U3-> bank is deposit, U1->U2 is pay, but U2->U3 isn't safe and here's why: - U2 can't convince U3 that he knows the private key for the coin because U2 does not have it to give him (U3 needs that proof to know that U2s identity is in the coin and will be revealed to the bank in case of double spending) - if U1 did give U2 his private key, so that U2 could convince U3 to accept his coin, then U2 could double spend and U1 would get blamed, so it is not in U1's interests to give U2 the coin private key - but in the special case of Brands offline, there is a peer-to-peer offline (which I called BP2P) which is a respendable offline option which allows safe offline peer-to-peer transfers. (The trick is in fact to cryptographically bind peer2peer coins (which grow at each exchange) to 0-value coins with the p2p recipient's identity in them. This trick only works with Brands offline I think, because CFOFF doesn't have a private key to bind with). - all of the systems provide unconditional payer anonymity (CON, COFF, BON, BOFF, BP2P, WON) And collusion proof robust payee and payer anonymity is inherently possible with all the systems by using accountless operation - this works generically on all systems. Basically the bank provides an interface to allow deposit of coins and getting back fresh blind coins. In fact for this Brands has an extra protocol option to allow this to be done in a single operation (so-called re-freshed coin -- same attributes, new blinding factors). This is not just an efficiency win, it has important privacy value: with this protocol the bank does not learn the coin attributes. In particular this means the bank would not learn the amount of the transaction, as one of the attributes will be the transaction value (ie it can not distinguish 1c from $1000). This I'd argue makes the Brands protocol much more pragmatically secure against flow analysis. (With Chaum the bank has a separate public key per coin denomination, and could to some extent statistically trace groups of coin denominations). Chosing not to offer accountless operation is a policy decision by implementors and proponents (the usual argument is to avoid the "blackmail attack" -- ie so an unwilling payer extorted can later collude with the bank to identify the extorter). However the side-effect (which is bad) is to make sting operations possible against anonymous sellers who are politicaly unpopular. As Tim has articulated before there are lots of good reasons a seller should be able to be robustly anonymous. Then are two approaches to extracting payee anonymity even if the bank makes the political decision to not support accountless operation which due to the math work as follows: 1. money changers - this works generically on all schemes -- basically an entity launders the money handing out fresh coins for used coins, optionally depositing the coins at the bank before handing out fresh coins. Typically it is supposed that the money changer would charge a commission. You do not have to trust the money changer with your privacy because you chose your own blinding factors. 2. payer cooperation -- this also works (to varying extents) with all schemes. - one approach to getting payee privacy is if the payer cooperates with the payee in an online fashion so that only the payee knows the blinding factors (essentially the payee acts as the withdrawer also, and the payer acts as a bit pipe). This protects the payee as the payer no longer has information allowing him to collude with the bank - the other side of adding payee privacy with this approach is presumably the payer would also like to retain his privacy - with Chaum's online protocol double blinding works because of the math, so the payer and payee can both be private without needing to trust the other party not to collude with the bank - with the other schemes the double blinding trick does not work which creates a privacy risk for the payer -- the payee can collude with the bank and identify the payer -- this essentially means that only one of the payer or payee can be robustly private at a time (if the bank refuses to offer accounless operation) So in summary the best and simplest way to generically get robust payer and payee privacy is accountless operation. If bank chooses to not offer this option, then Chaum online protocol has the best workaround (retaining payer privacy); however even it is quite inconvenient requiring both parties to be simultaneously online. This requires non-standard software, and interferes with usage pattern -- many normal uses may not require the online aspect -- eg email your payment. Forced to be online also practically reduces the privacy of both payer and payee against observers as interactive connections tend to offer less robust privacy. The money changer approach works also, but the bank may be able to recognize money changers by their high turn over and cancel their accounts, which you'd have to presume they would do if they intentionally did not offer accounless operation. Not satisfying in that there are no equi-functional work-arounds to the bank not offering accountless operation. > I also disagree that a model where identity is embedded in digital > money has more technically interesting characteristics than a pure, > first-class system has. More cruft and more baroqueness, yes, as all > such systems somehow requiring identity or "is-a-person" credentials, > no matter how well disguised, have more cruft and baroqueness. The protocols which offer the offline option where identity is revealed to bank if you double spend model do have more complex math. However you do get other extra features (in the case of Brands) such as single operation coin-refresh which has significant privacy value, and offer extra attributes which are useful for digital bearer bonds to convey information, and better efficiency, and you don't have to use the offline or p2p offline options -- they are just options. So I'd argue that Brands is just a more flexible, private and efficient system. Granted actually using the identity embedding offline option has problems -- but the lesson there is just don't use that option. Re. the side discussion about whether it's fair to call these tokens coins as the value lies in the double spend database rather than the coin, I had the same discussion with Bob some time ago, and I concur. I'd argue the p2p offline Brands option is more "coin" like in that you (personally) can spend the coin without relying on the double-spend database (providing the payee doesn't do an online deposit before accepting your payment). > A clean system requiring no identity would be much more interesting to > see today. It's how bearer bonds and "markers" and various other forms > of money (IOUs, chop marks, warehouse receipts, "pay to the holder of" > forms) work. Systems based on identity, even when the identity is only > findable via alleged double spending, are more like certain kinds of > checks. Another bad aspect of identity is that it afects usability -- everyone has to be a registered and identified user at the bank to participate, even if they allow accountless operation just to meet the offline double-spending system. This is bad for functionality as you'd like to be able to fully participate without ever registering with or identifying yourself to the bank. I suppose the argument for the offline p2p systems and why people find them tempting is that aside from the identity registration issue, it works much better with intermittently connected devices like PDAs etc, which may not at all times have TCP/IP connectivity. But if you were using offline p2p I'd think you'd only want to accept low value payments, or have a good reason to want the added privacy of high latency deposit to the extent that you'd be willing to accept the risk, and you'd think the bank would not want to accept liability unless they had really good identity verification if the coins were going to circulate for weeks before mass double spending might be noticed. (Though the higher the double-spending multiple, the sooner it will be noticed as on average someone will deposit two of them sooner.) The problem for the bank would be people who either managed to fake the identity system, or the odd nutter who comits identity suicide for a brief burst of unlimited credit -- such people could do a lot of damage. Adam From kelsey.j at ix.netcom.com Sat Apr 26 05:37:07 2003 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Sat, 26 Apr 2003 08:37:07 -0400 Subject: double-spending prevention w. spent coins In-Reply-To: <726015E0-76CB-11D7-B4FF-000393D91E36@fexl.com> References: <20030424234721.A8027760@exeter.ac.uk> Message-ID: <5.2.0.9.0.20030426001207.04449430@pop.ix.netcom.com> At 11:10 PM 4/24/03 -0400, Patrick Chkoreff wrote: ... >Bill Frantz wrote: > >>The server is in a position to keep track of the money transfer by >>recording the serial numbers of the old and new coins as the exchanges take >>place. The server is perfectly capable of making the linkage. If you >>don't trust the server, then you must believe that all your transfers are >>know. > >This is good too, Bill. > >All right, I can generally understand the purpose here, to make it >impossible to correlate an old coin with a new one issued in its place. Right. You actually can get reasonable anonymity with the kind of scheme you're proposing, assuming anonymous communications and heavy use of the system. When you get a coin issued, you just keep it in limbo for awhile, and then "spend" it with yourself, iterating until your paranoia level is satisfied. If the system is heavily used for real stuff, and the uses are over an anonymous communications network, there should be no way for the bank to tell when you're transferring the coin to yourself, vs. when you're transferring it to someone else. The bank can tell that you have coin X today, and that 20 iterations ago, that was coin Y. But that isn't going to give very much information about whether the coin is still in the possession of the same person. The user effectively pays for his level of anonymity with float, because he has to maintain a random, plausible spending pattern for enough transfers to leave the bank with very little information about whether his coins are his. Less paranoid users can use coins immediately, or after one or two iterations, for less security but faster access to their money. (It seems like I've seen this kind of idea discussed on cypherpunks before....) If you play with this protocol a bit, you can do a surprising amount with it--use multiple banks to allow unlinkability with your coins that is similar in strength to the anonymity you get with remailer networks, for example. (You still end up having to trust your bank not to steal the money, but that's pretty common.) ... >That I can see. I was starting to get the impression that somehow the >Chaumian techniques were attempting to address the problem of preventing >double spends even when doing a long chain of spends without contact with >a server. In fact they are trying to address a more modest goal than >that, and double spends are still something that must be detected by >contact with the server. In general, if I know enough to spend a coin once, I know enough to spend it several times. Every solution to this I've ever heard of comes down to one of: a. Embedding an identity in the coins in a way that comes out when they're double-spent, and handling double-spending offline by getting someone arrested. b. Using some locally trusted device on the spender's machine to prevent double-spending pre-emptively, e.g., because the code on your tamper-resistant token won't permit it. c. Checking the status of the coin online when the transaction is made. (Sometimes this is done only for some random subset of the coins, for efficiency.) The techniques for doing (a) are brilliant, but they still leave you with "and then someone goes to jail" as one of your protocol steps, which makes the protocols that use them a lot less interesting. And once you're doing online clearing, there's little point to messing around with the complicated stuff you have to do to get the spender's identity embedded in pairs of double-spent coins. >-- Patrick >http://fexl.com --John Kelsey, kelsey.j at ix.netcom.com PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259 From kelsey.j at ix.netcom.com Sat Apr 26 05:51:51 2003 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Sat, 26 Apr 2003 08:51:51 -0400 Subject: Thanks for the living hell, and question about OpenSSL In-Reply-To: <74867AE0-7769-11D7-ADBD-000393D91E36@fexl.com> References: Message-ID: <5.2.0.9.0.20030426084841.04414730@pop.ix.netcom.com> At 06:01 PM 4/25/03 -0400, Patrick Chkoreff wrote: ... >True. From the thrashing I took yesterday, I conclude that subpoenas >and other forceful means of system compromise are very cheap indeed. It's not that they're cheap, it's that they're cheaper than alternative attacks against blinded cash systems, where linking the coin and the withdrawer is information-theoretically prevented (e.g., the blinded coin carries zero information about the user). >- -- Patrick >http://fexl.com --John Kelsey, kelsey.j at ix.netcom.com PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259 From rah at shipwright.com Sat Apr 26 06:02:50 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 26 Apr 2003 09:02:50 -0400 Subject: Conflating "off-line" with "bearer" (was Re: double-spending prevention w. spent coins) In-Reply-To: <20030426025046.A8088505@exeter.ac.uk> References: <5.1.1.6.2.20030424214841.02ce9738@idiom.com> <20030426025046.A8088505@exeter.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm learning a lot this morning. Thank you Adam, for a splendid taxonomy. I'll take one more shot at this, though sooner or later you'd think I'd stop pissing in the wind. :-). At 2:50 AM +0100 4/26/03, Adam Back wrote: >Re. the side discussion about whether it's fair to call these tokens >coins as the value lies in the double spend database rather than the >coin, I had the same discussion with Bob some time ago, and I >concur. > >I'd argue the p2p offline Brands option is more "coin" like in that >you (personally) can spend the coin without relying on the >double-spend database (providing the payee doesn't do an online >deposit before accepting your payment). The value is controlled by the entity holding the token. The fact that you're actually calling it a "token", above, should give you a hint. Besides, even in book-entry transactions, the value of the asset is controlled by the holder of the asset, not the clearinghouse. That's the point to building transaction systems in the first place, that, and to do so without repudiation of the transaction. As I've said before, people have to think about what's happening financially, and stop conflating "off-line" with "bearer". The fact that a given protocol requires a double-spend database, but the database can *only* prevents non-repudiation, and, most important, can say *nothing* about *who* owns the asset in question *unless* they double spend, means that assets transacted using that protocol can be said to be held in bearer form, and, as such, are no different, financially, from assets transacted using a coin, or a note, or a bond, or a certificate -- or a token. Think of it as a financial Turing test. If it quacks, etc. Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 - not licensed for commercial use: www.pgp.com iQA/AwUBPqqC6MPxH8jf3ohaEQIZ6QCePGcrl2+Ur9yqdatuHX52VEaIJYwAoIf5 tKxVfYhVypQLRu0ktb29ZMKq =ONzc -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From adam at homeport.org Sat Apr 26 06:41:55 2003 From: adam at homeport.org (Adam Shostack) Date: Sat, 26 Apr 2003 09:41:55 -0400 Subject: Making Money in Digital Money In-Reply-To: References: <20030426025046.A8088505@exeter.ac.uk> Message-ID: <20030426134155.GA28448@lightship.internal.homeport.org> On Fri, Apr 25, 2003 at 10:56:02PM -0700, Tim May wrote: | * In my view, not necessarily the view of everyone in the DM community, | the Big Win for solid DM is in illegal markets, e.g., buying and | selling child porn, bestiality, snuff images, etc., and in untaxed | betting, buying and selling corporate information, and all the things | which untraceability of a very strong form is needed for. Again, this The online gaming industry and the adult entertainment industry both have very large problems with payment repudiation. Both understand that their customers have a desire for privacy. These industries will provide the bulk of your business for a while. So there are horsemen using it? Horsemen use cars, as we've pointed out for a long time. I think it's possible to solve the 4-player ecash problem using porn and gambling as your first merchants. Offer a substantial discount to players using ecash (which they make up in loss reduction). Do it in London, where they're not so moralistic and taxing as in the US, and where there's a single regulator. I've said it before, but I'll say it again: Law enforcement was not the large problem that you predicted for ZKS. The large problem was that the problem we were solving was that most people don't understand the privacy threat from internet monitoring. They don't understand how it works, they don't understand what can be gleaned, and so they're not really all that concerned. Related to this, what people think they know about internet privacy mostly revolves around cookies, credit cards, and identity theft, and thus Norton's personal firewall with a cookie manager sells well. However, I think that its possible to create a system that uses the real-time settlement to bring merchants suffering from fraud on board, uses privacy to bring the users on board, and uses fees to bring the banks on board. If only the patents were all expired.. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From rah at shipwright.com Sat Apr 26 06:58:20 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 26 Apr 2003 09:58:20 -0400 Subject: Non-linkability of blind-signature keys to bank-accounts (was Re: double-spending prevention w. spent coins) In-Reply-To: <20030426025046.A8088505@exeter.ac.uk> References: <5.1.1.6.2.20030424214841.02ce9738@idiom.com> <20030426025046.A8088505@exeter.ac.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vamping on Adam's post a little more... At 2:50 AM +0100 4/26/03, Adam Back wrote: >Another bad aspect of identity is that it afects usability -- >everyone has to be a registered and identified user at the bank to >participate, even if they allow accountless operation just to meet >the offline double-spending system. > >This is bad for functionality as you'd like to be able to fully >participate without ever registering with or identifying yourself to >the bank. My thinking about this has been that net-originated non-identity-linked self-signed ssh-style keys work better for internet bearer transaction methods like Chaum's blind signature protocols, and that, for the sake of security at least, they shouldn't be associated with the book-entry account/PIN/Password/SSL-PKI-Key required to convert an asset from book-entry form to internet bearer form. The result is, not-coincidentally, lower risk-adjusted transaction cost in the conversion of those assets form book-entry to bearer form, and, yes, the conversion is an identified one, because of the phase change between protocol-enforced and law-enforced financial operations. However, only to convert money into a bank-account balance, for instance, does one need to be identified to the financial system, which only makes sense, because that data is required to prevent transaction repudiation there. The result of independent self-signed keys is that people without accounts in the book-entry transaction system can still safely buy and sell digital goods on the net, at least, because the system, while using keys, is inherently accountless. It also grows an economy that can only reside on the net, which is desirable for lots of reasons. These tokens have to be moved on and off the net easily, and, more important, they have to be able to be *reserved* in book-entry form at the outset anyway. Notes, coins, whatever, are redeemed for dollars, for instance, transferred to your bank through the ACH system, or gold through GoldMoney/e-Gold, or equity through a securities depository, or whatever. Otherwise, they're meaningless, financially. Financial instruments have to be fungible *and* exchangeable or they don't exist, and the only other financially useful things to exchange them into, dollars in a bank or the PayPal system, for instance, are off-the-net book-entry assets. So, in the early stages of an internet bearer economy, we're looking at notes and coins that move around the net almost exactly the way that physical notes and coins do. People withdraw cash from a book-entry account, spend it on the net using different protocols than the ones they used for withdrawal, earn it with the same protocol they spent it, and deposit cash using the same way they withdrew it. The same can be said for bearer financial transactions, except that "cash" would be replaced with some kind of depository receipt (Steve Schear and I came up with "Unsponsored Network Depository Receipt" one afternoon on the phone), and "spend" would be replaced with "trade". At some point, an entirely bearer market evolves, with bearer assets (don't say it fast...) backed up by and exchangeable into other bearer assets, just like we do with book-entry assets now. A direct-to-the-net bearer bond issue would be underwritten by some financial entity on behalf of a borrower without needing to float a book-entry issue and then creating depository receipts to be held in internet bearer form. At that point, connections to existing book-entry systems would become as vestigial as capital market book-entry system connections are to physically delivered bearer certificates these days, in the same way that whole issues of stock are currently traded in book-entry form, but technically "owned" by a single firm, with a single certificate in a vault at the Depository Trust Company, for instance. Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 - not licensed for commercial use: www.pgp.com iQA/AwUBPqqQUcPxH8jf3ohaEQKW7QCfQgMhjNl11jc05vekRKS1/3PYn0oAn3bZ SsoEw3L3ImvAD5KxBTXPjRuY =W+n5 -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From timcmay at got.net Sat Apr 26 10:06:48 2003 From: timcmay at got.net (Tim May) Date: Sat, 26 Apr 2003 10:06:48 -0700 Subject: Making Money in Digital Money In-Reply-To: <20030426134155.GA28448@lightship.internal.homeport.org> Message-ID: <775AB29B-7809-11D7-865D-000A956B4C74@got.net> On Saturday, April 26, 2003, at 06:41 AM, Adam Shostack wrote: > I've said it before, but I'll say it again: Law enforcement was not > the large problem that you predicted for ZKS. The large problem was > that the problem we were solving was that most people don't understand > the privacy threat from internet monitoring. They don't understand > how it works, they don't understand what can be gleaned, and so > they're not really all that concerned. Related to this, what people > think they know about internet privacy mostly revolves around cookies, > credit cards, and identity theft, and thus Norton's personal firewall > with a cookie manager sells well. I don't believe ZKS ended up targeting the remailer niche ("space") we are interested in. In the years that Freedom nyms were being sold, how many were used to post to this list? How many were used to post to Usenet? A set nearly of measure zero. I assume _some customers_ were using Freedom...I just don't recall ever receiving a message from any of them, or seeing any of them on the lists and groups I frequent. So the uses I expected would expose the owners of Freedom to investigation for (just as operators of remailers have been exposed to being shut down for) never materialized. We will never know whether ZKS would have faced pressures when it was used for song-swapping or extortion threats or child porn, as the customer base never got large enough. (I still check in on www.zks.net occasionally to see what's going on. Stuff about firewalls and viruses.) --Tim May From timcmay at got.net Sat Apr 26 10:19:27 2003 From: timcmay at got.net (Tim May) Date: Sat, 26 Apr 2003 10:19:27 -0700 Subject: Censorship: state bans games that kill pigs In-Reply-To: <20030425210210.GC25990@dreams.soze.net> Message-ID: <3C0F4DB5-780B-11D7-865D-000A956B4C74@got.net> On Friday, April 25, 2003, at 02:02 PM, Justin wrote: > At 2003-04-25 20:07 +0000, Thomas Shaddack wrote: > >>> Wash. to ban 'violent' game sales >>> State law will levy $500 fines to anyone selling Grand Theft Auto to >>> children. >> >> I think I know what will become the #1 CD of school playground "swap >> meetings". > > Don't forget zero tolerance. If caught, they'll be suspended or > expelled or transferred. I've never understood the concept of > expulsion > from public school before age 16. "You must go to school" then "you > must not go to school" seems rather silly to me. I guess it's better > to > have them running around neighborhoods in gangs with real guns than > going to school and using chicken strips to shoot at teachers. About > the cd swapping, maybe their parents will go to jail, too. That's > going > to be really productive for shaping the child's or young teen's > perception of society. I have wondered what happens when a 14-year-old kid is picked up for truancy at the shopping mall and then explains that he was kicked out of school. As for putting more and more people in prison, this is what happens when prisons become corporate owned-and-operated profit centers and when the same folks who profit from the destruction of Iraq and then the lucrative rebuilding of Iraq are the ones launching the wars and ordering the rebuilding. As one of the noted fascists said, "Fascism _is_ corporatism." --Tim May From mv at cdc.gov Sat Apr 26 10:38:00 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Sat, 26 Apr 2003 10:38:00 -0700 Subject: Quarantines may be justified [Santorum] Message-ID: <3EAAC3F8.DF3F162E@cdc.gov> At 05:41 PM 4/25/03 +0000, Justin wrote: >At 2003-04-25 16:31 +0000, Major Variola (ret) wrote: > >> But, Santorum needs to be tried & hung for what he meant. > >Do you have plans to try and hang the Supreme Court Justices who upheld >Sodomy laws in Bowers v Hardwick? Violating the constitution is treason. Only state actors can violate the constitution. Maybe we can send them to Manzanera for re-education. >What about the significant minority >of Americans who'd completely agree with Santorum's remarks? I don't care if its a *majority*, the Constitution trumps democracy. Democracy is merely mob rule. Its merely the easiest govt to sell to the proles. Unfortunately it leads to looting and ignoring the Constitution when its enforcers are swayed by popinion. From mv at cdc.gov Sat Apr 26 10:49:52 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Sat, 26 Apr 2003 10:49:52 -0700 Subject: Authenticating Meat Message-ID: <3EAAC6C0.67F224C3@cdc.gov> At 11:22 PM 4/25/03 -0400, Patrick Chkoreff wrote: >All this talk about meatspace suggests we should have some spare ribs >with those beers. Ribs from sacred cows are the best. >Of course, writing style and personality can help expose private key >hijacking and impersonation somewhat, though even that can be >counterfeited. I can recognize a post by JP May with my eyes squinted, >just looking at the shapes of the letters and paragraphs. But I bet I >could do an utterly, mind-bogglingly good impersonation if I tried. Try John Young sometime, after those beers. And Hettinga is probably a perl script :-) But seriously, you've just mentioned what's called "textual analysis". Spelling errors and other idiosyncratic choices can be used to "pierce the veil" of anonymity. That's what did in Dr. Kaczynski, who pissed on the FBI for over a decade, until his brother recognized his text. Running text through automatic translators (engl->german-engl) has been suggested, but deeper signatures may remain. It probably wouldn't have helped Dr. K. --- "A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the Public Treasury. From that moment on, the majority always votes for the candidate promising the most benefits from the Public Treasury with the result that a democracy always collapses over loose fiscal policy always followed by dictatorship." --Alexander Fraser Tyler From fritz at rodent.frell.eu.org Sat Apr 26 02:39:54 2003 From: fritz at rodent.frell.eu.org (Tom Veil) Date: Sat, 26 Apr 2003 11:39:54 +0200 Subject: Kill MS, again, but sideways In-Reply-To: Message-ID: <290793907b7138211cc22dd86a561215@remailer.frell.eu.org> (This message was sent before, with the wrong subject and reference.) Thomas Shaddack wrote on April 15th, 2003 at 23:30:57 +0200: > On 14 Apr 2003, Tom Veil wrote: > > > If I want to keep secret the details of something I make, it is my right > > to do so. > > Then I have the right to appropriately dislike you, and to > reverse-engineer the "product", which is so shoddy that you are ashamed of > documenting its internals, and to publish it. I've never said that people should be legally punished for tinkering with the stuff they've bought, nor do I think they should. (snipped) > > Don't like it? Don't fucking buy it. > > THERE IS NO CHOICE! Well I guess that's tough, isn't it? There simply isn't much of a market for open, fully-documented products. Of course, you are free to make your own fully-documented, open-source products, or encourage those companies to make documentation available to implementers and administrators. > > Any communist maggots that murder, or attempt to murder people for merely > > keeping secret the details of the stuff they make and sell should be bound, > > gagged, tortured, then taken out back to have their skulls crushed with a > > sledgehammer until their brains start oozing out their ears. > > ...and after you kill off all the technicians with a peeve against the > money-hungry corporations (read: everyone who ever tried to do some real > work on a budget), you will pay through your nose for every hiccup, and > not only in money, but also in time loss and in being whined at for not > being able to do something immediately. I didn't say anything about killing technicians. I _did_ say things about killing people who would murder others for keeping secrets. > I could talk for long about "intellectual property", my pet peeve, but one > paragraph will do. There was no such concept for millenia. While protecting IP is a duly authorized power of the US government, the way it extends protection for periods of time sometimes spanning the entire course of an average human lifespan, is far beyond any reasonable interpretation of the "limited Times" proviso in Article I, Section 8, and such excessively long periods of protection should be ruled unconstitutional. As for the DMCA, it is simply an atrocity. Obviously unconstitutional. > And then you come and have the balls to defend the "right" of the > vendors to not reveal how crappy and unfinished is what they dare > to call a "product".) I defend the right of EVERYONE to try and keep stuff secret that they want to keep secret. Of course, tough shit if somebody discovers this secret in a non-coercive fashion. > Vendors, who keep crucial informations away from the customers, should be > shot. If you attempt to shoot people for the "crime" of keeping something secret, I will ally with them in efforts to liquidate you. > The ones, who try to sue the reverse engineers, should be boiled in > oil before being shot. This may be acceptable. Actually, the members of Congress who enabled these sorts of lawsuits should be liquidated. -- Tom Veil From emc at artifact.psychedelic.net Sat Apr 26 11:41:02 2003 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Sat, 26 Apr 2003 11:41:02 -0700 (PDT) Subject: Thanks for the living hell, and question about OpenSSL In-Reply-To: <927D46A5-7773-11D7-B966-000A956B4C74@got.net> Message-ID: <200304261841.h3QIf2r0025389@artifact.psychedelic.net> Tim May wrote: > You don't need to take our word for it--you need to see why modern > cryptography avoids trust issues almost completely. Like mathematicians saying "Trust Us, no algorithm exists which can factor the 309 digit product of two large distinct odd primes in a few seconds on a cheap PC?" Perhaps I'm missing something, but it seems to me that public key cryptography is fundamentally a trust-based system. With the rise of the Internet, and almost all crypto being done by people who do not physically meet to exchange keys, almost all crypto is public key crypto. Therefore, almost all cryptography (at the present moment) is based on trust. And it's trust based on the "It doesn't exist, because if it did, I'm so smart I would have found it by now" paradigm, which I've never regarded as being particularly reliable. (Insert comments about simple algorithms whose direct derivation lies just slightly beyond the limits of human ingenuity here.) With regard to the utility of digital cash. Digital cash will never be useful for funding retaliation against The State unless its use is so widespread that the problematical transactions are drowned out by noise. Since sheeple will always pick convenience over security, and The State, through regulation, controls what will be convenient, digital cash will never achieve widespread use. The wild success of PayPal, even as it embargos some customers cash for 6 months over their political views, and the long list of failed anonymous payment ventures, should drive this point home to even the most dense. -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From emc at artifact.psychedelic.net Sat Apr 26 12:04:10 2003 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Sat, 26 Apr 2003 12:04:10 -0700 (PDT) Subject: Fake News for Big Brother Message-ID: <200304261904.h3QJ4AQv025621@artifact.psychedelic.net> Here's a disturbing little footnote in the evolving story of complicity between news organizations and the government. It seems that not only will the news media provide AmeriKKKans with fluffy PG-rated coverage of the illegal and immoral invasion of Iraq, and the slaughter of thousands of people only trying to defend their homeland. The news media, will, in fact, print fake news supplied by the government, with full knowlege that it is false, to further an ongoing investigation. Case in point. http://www.seattleweekly.com/features/0317/news-dawdy.php This would be a good article to keep in mind when you hear media reports that Saddam's "Weapons of Mass Destruction" have finally been found. ----- NEWSPAPERS HAVE really only one obligation: to truthfully inform readers. Yet last week the King County Journal, a Bellevue-based daily serving the east and south suburbs, admitted failure to do even that in March 2002 when it printed a phony story about a suspicious fire that was actually staged by police to appear to be an arson. This story starts in January 2002, when Steven Sherer was convicted of killing his wife; her body was never found. The conviction didn't sit well with Sherer. From behind prison walls, prosecutors assert, he plotted to kill his former mother-in-law, his son, the prosecutor, and the prosecutor's four children. For starters, he contracted with his cellmate to torch the Bellevue home where his former mother-in-law and his son lived, preferably with them inside, according to court documents. Law enforcement officials found out and decided to stage an arson at Sherer's former mother-in-law's in order to dig up more information about Sherer's conspiracy. One problem: The cops needed to somehow prove to Sherer that the arson happened. So they contacted the King County Journal. Would the paper be willing to report the staged arson as if it were a real event so that they could have a clipping to pass along to Sherer? ... -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From frantz at pwpconsult.com Sat Apr 26 12:32:23 2003 From: frantz at pwpconsult.com (Bill Frantz) Date: Sat, 26 Apr 2003 12:32:23 -0700 Subject: Authenticating Meat In-Reply-To: <3EA9BC8D.F000B6D0@cdc.gov> Message-ID: At 3:54 PM -0700 4/25/03, Major Variola (ret) wrote: >Making the leap from key-holder to meatspace >entity is unsound unless something in meatspace demonstrates >it. You're all bits from here. The definitive fictional treatment is Vernor Vinge's, "True Names". BTW - Is the re-issue of this short story available? Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | Due process for all | Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. frantz at pwpconsult.com | American way. | Los Gatos, CA 95032, USA From birger at takatukaland.de Sat Apr 26 03:40:07 2003 From: birger at takatukaland.de (Birger =?ISO-8859-1?Q?T=F6dtmann?=) Date: 26 Apr 2003 12:40:07 +0200 Subject: CrypTool Message-ID: <1051353607.17276.60.camel@lomin> Hello, yesterday I attended a presentation about a software teaching people crypto. It's free, so I tested it a bit, and it's seemingly nice and fit to help students understand what good crypto is and what's not. It was invented by a guy working at Deutsche Bank who was horrified about the companies programmers coding new security schemes into the banks software packages on the fly without knowing a bit about crypto and underlying mathematics. The software since then has been shifted to a group at University of Darmstadt which is developing it right now. The software is available for W32 only (*sigh*) but in English as well as German: http://www.cryptool.com At the presentation they said that next steps in development will be new demonstrators ("how does TLS work") on the content side and on the organisational side the port to Unix. With that they hope they can get it Open Sourced. The software is intended for educational purposes, so right now they limited the key space for most algorithms to 20 bit. Well, until the source is released I guess.... ;-) Regards, Birger From hseaver at cybershamanix.com Sat Apr 26 11:05:35 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Sat, 26 Apr 2003 13:05:35 -0500 Subject: Censorship: state bans games that kill pigs In-Reply-To: <3C0F4DB5-780B-11D7-865D-000A956B4C74@got.net> References: <20030425210210.GC25990@dreams.soze.net> <3C0F4DB5-780B-11D7-865D-000A956B4C74@got.net> Message-ID: <20030426180535.GB18694@cybershamanix.com> On Sat, Apr 26, 2003 at 10:19:27AM -0700, Tim May wrote: > > I have wondered what happens when a 14-year-old kid is picked up for > truancy at the shopping mall and then explains that he was kicked out > of school. I'm wondering what the actual laws are across the country. I know when we lived in MN, state law said the kids only had to attend one day every fortnight to not be considered truant. That's how we were able to homeschool before it began to be allowed by the state. > > As for putting more and more people in prison, this is what happens > when prisons become corporate owned-and-operated profit centers and But, but, but -- isn't that the libertarian dream, to privatise all gov't functions? 8-) > when the same folks who profit from the destruction of Iraq and then > the lucrative rebuilding of Iraq are the ones launching the wars and > ordering the rebuilding. > Amazing how much of the "military" is now privatized. Even their training, from what I've read. > > As one of the noted fascists said, "Fascism _is_ corporatism." > Yup. > > --Tim May -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From bill.stewart at pobox.com Sat Apr 26 14:06:02 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Sat, 26 Apr 2003 14:06:02 -0700 Subject: Authenticating Meat In-Reply-To: References: <3EA9BC8D.F000B6D0@cdc.gov> Message-ID: <5.1.1.6.2.20030426133303.02d2de70@idiom.com> At 12:32 PM 04/26/2003 -0700, Bill Frantz wrote: >At 3:54 PM -0700 4/25/03, Major Variola (ret) wrote: > >Making the leap from key-holder to meatspace > >entity is unsound unless something in meatspace demonstrates > >it. You're all bits from here. > >The definitive fictional treatment is Vernor Vinge's, "True Names". > >BTW - Is the re-issue of this short story available? http://www.powells.com/subsection/ScienceFictionandFantasyV.html has Vinge books, including ISBN 0-312-86207-5, published by Tor, which is the collection with Vinge's novel and articles by a number of people including Tim, Chip Morningstar / Randy Farmer, RMS, and others. The original is on the net in several places - http://home.earthlink.net/~whitestones/truename/truename.html in mostly-pure-ASCII HTML with illustrations from one of the editions of the book. Back when cypherpunks were lamenting the fact that the book was out of print, and that publisher copyright issues were preventing reprints, I found a copy of that edition in a used bookstore and lent it to a heavyset bearded guy who never returned the hard copy. I have no idea if the events are related, though I've since found a copy of the original paperback which had different cover art... (:-) http://members.tripod.com/erythrina/ has interesting original artwork. From ravage at einstein.ssz.com Sat Apr 26 12:18:04 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sat, 26 Apr 2003 14:18:04 -0500 (CDT) Subject: Censorship: state bans games that kill pigs In-Reply-To: <3C0F4DB5-780B-11D7-865D-000A956B4C74@got.net> Message-ID: On Sat, 26 Apr 2003, Tim May wrote: > As one of the noted fascists said, "Fascism _is_ corporatism." As usual you get it ass backwards. Corporatism is fascism, fascism can and does exist without profit motives. Though, irrespective of actual motive, the fundamental human drive is 'fear' and inability to deal with it in a healthy emotional way. Seeing profit as the end instead of a means is the fundamental error of -all- CACL views. -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From patrick at lfcgate.com Sat Apr 26 13:20:19 2003 From: patrick at lfcgate.com (Patrick) Date: Sat, 26 Apr 2003 14:20:19 -0600 Subject: Thanks for the living hell, and question about OpenSSL In-Reply-To: <200304261841.h3QIf2r0025389@artifact.psychedelic.net> Message-ID: <00cd01c30c31$43534f90$0200a8c0@scylla> > Since sheeple will always pick convenience over security, and The State, > through regulation, controls what will be convenient, digital cash will > never achieve widespread use. Obstacles don't make something impossible. I refer you to http://inventors.about.com/library/inventors/bledison.htm : "Edison actually had to invent a total of seven system elements that were critical to the practical application of electric lights as an alternative to the gas lights that were prevalent in that day. These were the development of: the parallel circuit, a durable light bulb, an improved dynamo, the underground conductor network, the devices for maintaining constant voltage, safety fuses and insulating materials, and light sockets with on-off switches. " There are many compelling, legitimate, and legal uses for anonymous digital bearer instruments. Their utility far outweighs any negative side effects. If a State disagrees, there are 200 more to choose from. Patrick M http://lucrative.thirdhost.com/ From ravage at einstein.ssz.com Sat Apr 26 12:21:04 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sat, 26 Apr 2003 14:21:04 -0500 (CDT) Subject: Censorship: state bans games that kill pigs In-Reply-To: <20030426180535.GB18694@cybershamanix.com> Message-ID: On Sat, 26 Apr 2003, Harmon Seaver wrote: > > As for putting more and more people in prison, this is what happens > > when prisons become corporate owned-and-operated profit centers and > > > But, but, but -- isn't that the libertarian dream, to privatise all gov't > functions? 8-) Tim's practicing his backpedaling. > > As one of the noted fascists said, "Fascism _is_ corporatism." > > > > Yup. Nope. -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From ravage at einstein.ssz.com Sat Apr 26 12:36:23 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sat, 26 Apr 2003 14:36:23 -0500 (CDT) Subject: Some interesting quotes... Message-ID: The Earth should be regarded as the womb of life - but one cannot remain in the womb forever. Frank Tipler Though control, like birth control, is best undertaken as long as possible before the fact. Richard Mitchell When the people are being beaten by a stick, they are not much happier when it is called "the People's Stick." Michael Bakunin The question that will decide our destiny is not whether we shall expand into space. It is: shall we be one species or a million? A million species will not exhaust the ecological niches that are awaiting the arrival of intelligence. Freeman Dyson Green technology means we do not live in cans but adapt our plants and our animals and ourselves to live wild in the universe as we find it. Freeman Dyson Tyranny is always better organized than freedom. Charles Peguy One has to multiply thoughts to the point where there aren't enough policemen to control them. Stanislaw Jerzey Lec The corporation evolves to serve the interests of whoever controls it, at the expense of whoever it does not. William Dugger Those who profess to favor freedom, and yet deprecate agitation, are men who want rain without thunder and lightning. Frederick Douglass Man is an artifact designed for space travel. He is not designed to remain in his present biological state any more than a tadpole is designed to remain a tadpole. William Burroughs If we desire to form individuals capable of inventive thought and of helping the society of tomorrow to achieve progress, then it is clear that an education which is an active discovery of reality is superior. Jean Piaget Until lions have their historians, tales of the hunt shall always glorify the hunter. African Proverb Take from: GURPS: Transhuman Space: Deep Beyond Steve Jackson Games ISBN 1-55634-586-0 -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From mv at cdc.gov Sat Apr 26 14:37:07 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Sat, 26 Apr 2003 14:37:07 -0700 Subject: Secret Service Buffoons Message-ID: <3EAAFC03.93EF30C3@cdc.gov> [from the cryptography list..] Hi -- I just returned from the Post Office. And I don't mean SMTP, I mean ink on paper, with little self-adhesive micropayment certificates on the corner. The reason is that the US Secret Service asked me to mail them some info about an identity-theft scam. I offered to email the info, but the Special Agent said he didn't have email at work, and it was "not convenient" for him to check his email account at Yahoo. At that point I broke off the conversation, figuring that if they couldn't invest the effort of checking their email they wouldn't invest the effort of actually investigating the incident in question, so I wouldn't waste any more of their time or mine. To my surprise, the Special Agent called back and pleaded with me. He changed his story and said they had means of sending and receiving email, but they _weren't allowed_ to give out their email addresses. I know this is supposed to be the Secret Service, but keeping their email addresses secret is going a bit far IMHO. I would think most computer-security professionals would know how to set up a temporary and/or anonymous email address. I hope he enjoys transcribing the scammers' 350-character-long URLs from the paper I sent. I put the info on a secure web site and suggested he pull it down from there, but he declined that, too. The Special Agent was surprised to hear that I controlled multiple web sites. He didn't understand how that was possible. The Special Agent was surprised to hear that given an IP address, I could figure out what country it's in. He argued with me about this. The term "whois" meant nothing to him. Heretofore I didn't understand how identity- theft rings could operate so openly. One might have thought they would be afraid of stings, but evidently they're not. There's a lot of darkness here. I've set out a few candles, but I'm not sure it's going to be enough. From bill.stewart at pobox.com Sat Apr 26 14:45:46 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Sat, 26 Apr 2003 14:45:46 -0700 Subject: War Criminals or Illegal Combatants? In-Reply-To: Message-ID: <5.1.1.6.2.20030426142719.02cf52b0@idiom.com> At 02:19 PM 04/25/2003 -0700, Tim May wrote: >Bottom Line: These so-called Americans have got to go. > >CNN is reporting that the Big Debate about the rounded-up Iraqi leadership >is whether the many Liberated Illegal Regime Members, a la Tariq Aziz and >the other 54 spades, hearts, clubs, and diamonds, are to be treated as >"prisoners of war," and hence subject to the Geneva Conventions ("name, >rank, serial number") or are to be treated as "illegal combatants" >(torture, metal cages, withholding of food and water, sodium pentothal, >shipment to Guantanamo Bay in metal boxes). > >When one is an "illegal combatant" in one's own country, we know the U.S. >is run by characters out of Alice in Wonderland. They already invented that one for Afghanistan. It's one thing to treat Al Qaeda that way (an evil thing, of course), but it's quite another to treat the Taliban that way. They were the government of their country, and the US invaded them. The US government contends that it was justified because they were harboring and supporting Osama bin Laden, who made war on the US; if so, that may make them a government at war with us, in which case they should be treated as POWs, and if they're going to hang them like defeated Nazis war criminals, they're supposed to give them a Nuremberg-style trial first. But it doesn't give the US the right to torture them to death without a trial after the war's over. And if you're going to call somebody "illegal", that implies that you're following legal processes, which isn't happening here. Furthermore, the US government asserts that it has no requirement to follow US laws outside the US borders, and that Guantanamo Bay is a Legally Special Place, outside the laws of mankind, because US law doesn't apply there since it's not US territory, but Cuban law has no power there because it's occupied by the US military. Perhaps the pre-Castro Cuban government has legal authority there? Are there any old Mafiosi who want to claim it's theirs, or any old Batista-governent-in-exile geezers in Miami that are willing to order the Marines to follow old Cuban law? ~~~~ Are there still more IRA Republicans in Boston than Bush Republicans? Is it time to call the Bush Republicans "illegal combatants" for failing to stomp out the other Republicans? From mv at cdc.gov Sat Apr 26 15:05:13 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Sat, 26 Apr 2003 15:05:13 -0700 Subject: Finder's Keepers, Smartcards, Anon Cash [Re: double-spending prevention w. spent coins] Message-ID: <3EAB0299.348961B1@cdc.gov> One of the attributes that a digital currency system MAY have is whether someone who finds lost currency may spend it. Conventional cash has this property. So do tickets to performances, lottery tickets, bus tokens, prepaid phone cards etc.. A (tamper-resistant) smartcard may have this 'finders keepers' property, or may not. A lost, signed-but-payee-blank check has the property that finders can cash it, except if the (albeit stupid) loser goes "online" first. (Maybe you need to buy a fake ID to cash it anonymously, but its possible if its signed.) Clearly the most anonymous systems (cash) have the 'finders keepers' property, *necessarily*. But one can imagine anonymous systems that are useless to finders, e.g., a smartcard with a real PIN and/or fingerprint reader. In these cases, it is advantageous to the finder to return the smartcard in hope of a reward, IFF the loser makes this possible. Maybe there's a bizmodel in being a clearing house for lost locked smartcards, without trashing their potential "bearer" anonymity unless the loser tells the clearing house they've lost it. Sort of like calling a prepaid ("debit") credit card house if you've lost it (assuming prepaid credit card acceptance still requires going online) to get a replacement. From bill.stewart at pobox.com Sat Apr 26 15:12:59 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Sat, 26 Apr 2003 15:12:59 -0700 Subject: [Brinworld] PhoneCam vs. court; Publishing faces from the street In-Reply-To: <3EA9A9BB.EEE7EBBB@cdc.gov> Message-ID: <5.1.1.6.2.20030426144730.02d354b8@idiom.com> At 02:33 PM 04/25/2003 -0700, Major Variola (ret) wrote: >Teacher sets up drug dealer 'web watch' >A teacher sick of drug dealers and addicts in his neighbourhood has >taken the drastic measure of posting their pictures on the internet. > >John Messiter says he has decided to secretly photograph those >terrorising the area and make their images public. >http://www.ananova.com/news/story/sm_773853.html?menu=news.technology > >Interesting privacy/public and libel implications in the latter. There are two categories of people he's likely to photograph - Real drug dealers and users - Falsely accused drug dealers and users The latter should be able to sue him for libel, which is too easy in Britain, modulo a few issues about whether web photographs are libel or slander. Some of the former might also try that, but it's probably too risky, and the black market has other ways to provide legal services and conflict resolution to people who can't use official courts.... On the other hand, crack dealers are less likely to read the web much; if he were to print out posters and tack them up on lampposts, I'm not sure where "Joe Bloggs, Crack Dealer" would consider them to be annoying libel or free advertising. He says that he wasn't getting adequate response from the police when he called to complain about junkies hanging around, but that he doesn't blame the police, because the Government isn't giving them enough resources to deal with the problem. The site is http://www.crackcocaineincamden.co.uk , and the proprietor's media contact email is messyjay at hotmail.com . I was initially going to flame him for not having a clue about the fact that it's drug laws that cause the problem, but he's almost halfway to getting a clue: "This is not an anti-drugs site. It's an anti-crack site, an anti-heroin site, and most definitely an anti-people-who-do-crack-or-smack-in-the-entrance-to-my-home site" and he thinks that cannabis laws probably aren't necessary and that cannabis users don't cause the social problems that crack users do. His site also says that the UK has "Anti-Social Behaviour Orders" laws from 1998, which lets courts kick someone out of an area for a couple of years. This has its own set of dangers... From ravage at einstein.ssz.com Sat Apr 26 13:14:41 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sat, 26 Apr 2003 15:14:41 -0500 (CDT) Subject: Truth and Justice, Grapeshot and JDAMs, Money and Happiness In-Reply-To: Message-ID: On Sat, 26 Apr 2003, R. A. Hettinga wrote: > "Some people say that money can't buy happiness. I've found that it > usually does, and, when it doesn't, it buys the most interesting > substitutes." -- Rhett Butler, 'Gone with the Wind' It's a movie chucklehead. And did Rhett get his happiness in the end? No. -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From mv at cdc.gov Sat Apr 26 15:26:33 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Sat, 26 Apr 2003 15:26:33 -0700 Subject: Quarantines may be justified [Santorum] Message-ID: <3EAB0799.61851456@cdc.gov> At 08:51 PM 4/26/03 +0000, Justin wrote: >At 2003-04-26 17:38 +0000, Major Variola (ret) wrote: > >> At 05:41 PM 4/25/03 +0000, Justin wrote: >> >At 2003-04-25 16:31 +0000, Major Variola (ret) wrote: >> > >> >> But, Santorum needs to be tried & hung for what he meant. >> > >> >Do you have plans to try and hang the Supreme Court Justices who >> >upheld Sodomy laws in Bowers v Hardwick? >> >> Violating the constitution is treason. Only state actors can violate >> the constitution. > >Where'd you get that idea that private citizens can't violate the >Constitution? Take a look at 18USC241, 242. Regardless, federal judges >are certainly state actors, or at least they were when they committed >treason and a change of status shouldn't make them immune to >prosecution. Because the Constitution prohibits certain govt actions, not private. You can't post a sign on my property without my permission, but if the state allows signposting somewhere then they can't censor content. >> >What about the significant minority of Americans who'd completely >> >agree with Santorum's remarks? >> >> I don't care if its a *majority*, the Constitution trumps democracy. >> Democracy is merely mob rule. > >I'm well aware. I was only suggesting that there are many other people >beside the not-so-distinguished Senator from Pennsylvania who are in >desperate need of trial, rope, and tree. Its perfectly acceptable to agree with Santorum. It is unacceptable to initiate force to impose your tastes on others. Santorum speaks as one who can steer the State to initiate force. Mere voters don't. They get to pick which vermin to send to Congress, but these vermin are constrained by the Constitution, xor treasonous. >I'm confident that in a wide >sampling of religiously-motivated fanatics in the U.S., Who gives a whit if they don't like fudgepackers personally? That's a private affair. If they don't hire or associate with folks they don't like, reasonably or not, that's what liberty is about. "Hate speech", hate thought, private discrimination is not a crime. Its a difference of taste amongst free peoples interacting mutually consensually. Ergo no legal state interest. Unconstitutional actions by state actors is treason. From fm at st-kilda.org Sat Apr 26 08:02:46 2003 From: fm at st-kilda.org (Fearghas McKay) Date: Sat, 26 Apr 2003 16:02:46 +0100 Subject: Fwd: [Asrg] A New Plan for No Spam / Velocity Indicator Message-ID: --- begin forwarded text From rah at shipwright.com Sat Apr 26 13:06:38 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 26 Apr 2003 16:06:38 -0400 Subject: GC: Truth and Justice, Grapeshot and JDAMs, Money and Happiness In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lex vincula justitiae -- Roman Aphorism "Camels, fleas, and princes exist everywhere." -- Persian proverb "Some people say that money can't buy happiness. I've found that it usually does, and, when it doesn't, it buys the most interesting substitutes." -- Rhett Butler, 'Gone with the Wind' "Reality is not optional." -- Thomas Sowell Truth and Justice, Grapeshot and JDAMs, Money and Happiness Geodesic Capital Robert Hettinga Boston, 4/26/03 I tend to think in terms of finance and economics, and not law and politics. Well, not legislation or regulation, anyway; private agreement, private law, is actually necessary for civilization -- go read the most of the shattered cuneiform on the floor of the Baghdad Museum if you need a hint. Even though most people think you can't *do* either finance and economics without legislation and force monopoly, cypherpunks in particular understand that this not necessarily the case in a world of ubiquitous networks and strong financial cryptography. However, I'm not one to believe in grand conspiracies against Truth and Justice, either. Even if violent repression is used to preserve the status quo, the status quo is not immune to physical environmental change, and, ultimately, the economics of a given physical change is what makes most of the human world change. You have to *pay* the guys with guns, after all, or they won't kill people for you. So, I think that, financial "corn-laws" or no, internet financial cryptography must significantly change *finance*, that is, people have to *make* money, and lots of it, or it's just "art", for lack of a better word. It's not even politics, because it has no effect on reality. Like art, it just becomes an entertaining waste of time. Otherwise, one might as well plant fake bombs in a courthouse, or dump mercaptan on the doorstep of the IRS, or hoover out somebody's property records from Lexis and post it on a mail list. Or, for that matter, decide that you're only going to use internet bearer transaction technology to finance dope-dealers, or child-pornographers, or terrorists, or father-rapers, or any other shop-worn horseman the infocalypse is selling this week. There's no serious money in it, for starters, and, if you make *everybody* money, in theory at least, your market's bigger. :-). That's why I say that internet bearer protocols should be three orders of magnitude cheaper to use than book-entry protocols, even internet book-entry clearinghouses like PayPal -- or book-entry financial cryptography protocols like Peppercoin -- or nothing will happen, no matter what one's political intent is. In fact, I started IBUC because I thought that those three orders of magnitude were possible at a time when nobody else did, and I have the arrows in my back -- and the creditors sitting back there as well :-) -- to prove it. When I started the company, I thought that there was enough capital sloshing around out there to give financial progress a shove, and make lots of money by being there first, because in three or five years the barriers to entry would be completely down, and any cypherpunk worth his code could underwrite bearer instruments on the net. It turns out that there wasn't much capital out there, for internet payments, much less for internet bearer transactions. All of the money we raised was just before the bubble popped, from family, friends and friends of friends, and, just before I pretty much quit trying to raise money at all, Declan McCullagh had written an article on us that reminded me for all the world of that feral kid in Mad Max, walking across a burned-over post-apocalypse throwing that steel boomerang at fat guys with a leather fetish. Which, in hindsight, was prescient by about 4 months, since it was written in the middle of June 2001. Nonetheless, we managed to get some financial operations consulting work to keep the company afloat to keep thinking about it, though that dried up, too, just before, and certainly after September 11th. So, four (founded, by coincidence, I swear, on April 15, 1999) of those three to five years have come and gone, the technology and financial networks have just about grown into each other naturally, and, at the moment, we're trying to be at least that first cypherpunk, hopefully one of many. We'll see what happens. Which brings me to happiness. People do what is in their own interest at all times. Altruism is just another form of selfishness, for instance, because people's lives are finite and one's reputation can outlast one's life. Even if one uses a pseudonym, one's life, and death, may be more pleasurable because of some altruistic sacrifice or another, and you gotta die sooner or later anyway. As Ayn Rand herself said once, life may be too painful if someone you love isn't in it, so you'd rather give your life saving theirs. On the macro level, the US is not the strongest and richest nation-state in the world because it confiscated its wealth at the point of a tank-barrel or missile-silo. It is the strongest nation-state in the world because it *bought* those tanks, and missiles, because its citizenry *earned* the money that was confiscated, by taxation, and papered over with the outright fraud of "social welfare", to build those weapons, mostly because of some external threat, and in spite of the attendant graft and budget-packing. And all of *that* was possible because the US is, to date, the freest country, and thus the freest market, in the world. It is the best place in the world for free people to maximize their happiness. So far. To the extent that it continues to be so remains to be seen. It is, frankly, orthogonal to whatever an individual's immediate *political* motivations are, violent, or otherwise, hostile to the state, or otherwise. Only outright economic results matter, and free people make much more stuff than slaves do. Or at least the right kind of stuff, as Mancur Olson demonstrated in "Power and Prosperity", his book on the political economics of the Soviet state under Stalin. Personally, I believe that, contrary to what God-Fearing Conservatives and Reasonable Libertarians think, markets themselves actually cause freedom. You may be born "owning" yourself all you want, but freedom is not given to you by God, or anyone else. *Nothing*, really, is actually given to us. Freedom is not, as most people here and elsewhere believe, a "right". It may have to be *taken* occasionally, but usually it is just bought and paid for, sometimes with the blood of altruistic people, but most often with what people earn after they feed, house, and clothe themselves and their families: profit, in other words. Again, as they always are about representing some triumph of socialism, Star Trek is wrong. The Farenghis are the good guys. Acquisition *does* matter. :-). But it's more fundamental than that. Much more than the platitude says, freedom is *earned*, usually by doing something well enough that people leave you alone about other things, or you won't do what they want for them anymore, either passively by refusing to work, or actively, by force of arms. And, even if that somebody has a gun at your head, it's still in *their* interest to leave you alone otherwise, if they want to get what they're after from you. As Mancur Olsen says, a force monopolist, like any bandit, can't kill all the people he steals from, or he'll run out of people to rob. Olson also says that the optimum theft-rate for a force-monopolist is something shy of 50% before the economy starts to fall over, by the way. Sound familiar? Contrary to popular belief, the richest force monopolists in the world, the ones who are statistically most likely to live to spend their money and give it to their children and otherwise be left in peace, are the ones who are ostensibly *hired* to operate Western free-market democracies, as kleptocratic as those governments still are. We just saw a failed example of force monopolist a few weeks ago in Iraq, in fact, and we'll be seeing more soon, I expect. Like any bad parasite -- and force monopolism *is* parasitism, and make no mistake, it's not symbiosis as statists would have you believe -- Mr. Hussein so severely weakened his "host" population, physically and economically, that it could be easily killed, or at least violently captured. Hussein was probably bombarded into fine organic mush in the bargain. The fact that Iraq's population was "violently captured" -- and, one would think, set free -- by a still socialist-riddled nominal republic with the world's largest free-market economy was no accident, however. Whatever one's Jeffersonian, or, more apparently, Jacksonian, motives are about "fighting the power" with a cryptographic "revolution" -- or any other kind of "activism", technological, political, or otherwise -- as if it were some kind of gallant Confederate cavalry charge into massed Union grapeshot, or even Rhett Butler running the blockade of Savannah, whatever, the *only* way that this stuff will happen is by making *more* money than the alternative book-entry transaction execution, clearing and settlement technologies. *Much* more money. Whether they're entrenched, or not; violently defended, or not. Then, if necessary, we can just *hire* the B52s and JDAMs to pound *their* horse-drawn field artillery troops into fine organic mush instead. The stuff's not called financial cryptography for nothing, after all. Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 - not licensed for commercial use: www.pgp.com iQA/AwUBPqrmpsPxH8jf3ohaEQJ5BACeP3avfSFiYCkSa5sBHD8I/E3Qp1AAn1AN JFy2UfVi6mPagzH2CzOyf2h5 =h8k2 -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From kvanhorn at ksvanhorn.com Sat Apr 26 15:09:48 2003 From: kvanhorn at ksvanhorn.com (Kevin S. Van Horn) Date: Sat, 26 Apr 2003 17:09:48 -0500 Subject: The Freest Country? References:

Message-ID: <3EAB03AC.3000305@ksvanhorn.com> R. A. Hettinga wrote: >the US is, to date, the freest country, and thus the freest market, in the world. > Do you have some hard data to back up this assertion, or are you just repeating the brainwashing we Americans are fed from at least kindergarten forward? I don't know of any serious study of economic freedom that puts the U.S. in the number one spot. Every rating I've seen for the past ten years has put the U.S. at number four or worse. I haven't seen any serious attempt to quantify overall freedom, but even there I still have my doubts that the U.S. would rank number one by any reasonable measure. Yes, the U.S. looks great on paper, with that nice Constitution and Bill of Rights; too bad all those protections have been interpreted out of existence by the Supremes. Furthermore, the U.S. is the most powerful government in the world right now, which allows them to intrude much more severely into the lives of their subjects than many nominally less-free nations with (on paper) worse laws and fewer legal protections for the rights of individuals. From bill.stewart at pobox.com Sat Apr 26 17:38:20 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Sat, 26 Apr 2003 17:38:20 -0700 Subject: Finder's Keepers, Smartcards, Anon Cash [Re: double-spending prevention w. spent coins] In-Reply-To: <3EAB0299.348961B1@cdc.gov> Message-ID: <5.1.1.6.2.20030426170458.02d35600@idiom.com> At 03:05 PM 04/26/2003 -0700, Major Variola (ret) wrote: >Clearly the most anonymous systems (cash) >have the 'finders keepers' property, *necessarily*. Ok, Major Variola has demonstrated that he's either Not Tim, or is Tim trying to make it look like he's Not Tim :-) He's also Not Even Hettinga, nor Adam, nor Choate.... ... is that you, Lawrence? >But one can imagine anonymous systems that are useless to finders, >e.g., a smartcard with a real PIN and/or fingerprint reader. Fingerprint reader? No thanks; aside from their technical weaknesses, they're rather at cross-purposes to anonymous digital cash. Do not double-spend by looking into laser with remaining eyeball. You don't even need a smartcard; a data file format that uses some kind of password-based encryption is enough. Smart cards, or dumb cards, may or may not be a useful adjunct to some digital cash systems, but one of the big reasons for using digital cash instead of 500-Euro banknotes is for online transactions. Smartcards may let you use your digital cash at somebody else's cash reader, and may reduce the risk of software problems trashing your cash, but digicash isn't necessarily something most people will carry around. >In these cases, it is advantageous to the finder to return the >smartcard in hope of a reward, IFF the loser makes this possible. Now, *that's* an interesting suggestion. >Maybe there's a bizmodel in being a clearing house for lost locked >smartcards, without trashing their potential "bearer" anonymity unless >the loser tells the clearing house they've lost it. Not any time soon :-) It's much more likely that the issuing bank or the wallet vendor would be in this business than a third party, and there are problems like how to preserve the anonymity, how to know the card has enough cash in it to justify a reward (I suppose you can guess that from whether the owner sends in a reward offer to the clearinghouse), how to escrow the reward payments, etc. For some sets of applications, you could do just as well peer-to-peer; have the finder post to Blacknet that he possesses a card with a serial number that hashes to 02198734, the owner sends a few digits of the serial number or a keyed hash to confirm, and they agree on a mailbox to snail the card to and a reward price, maybe 50% paid before and after delivery or using an escrow service, Obviously, the serial number can't be revealed in transactions, so maybe it's just printed on the front, or maybe it's used in the encrypted file formats on the card as a PIN-strengthener or something. If you like creeping featurism, you can design the card interface to have multiple money compartments, including one that you use to store $20 to pay off finders of lost cards... Or you just limit use of smartcards to money you're willing to lose, or are only storing in the cards when you're planning to use it, e.g. downloading a few hundred bucks to take to your coke dealer which reduces the incentive for robbing you before you make the buy. From camera_lumina at hotmail.com Sat Apr 26 14:54:24 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sat, 26 Apr 2003 17:54:24 -0400 Subject: Kill MS, again, but sideways Message-ID: Tom Veil wrote... "Thomas Shaddack wrote on April 15th, 2003 at 23:30:57 +0200:" Yo Veil, what's the deal? A Starbucks too far away from your Unabomber shack? -TD _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus From timcmay at got.net Sat Apr 26 18:30:11 2003 From: timcmay at got.net (Tim May) Date: Sat, 26 Apr 2003 18:30:11 -0700 Subject: All trust is economics In-Reply-To: <200304261841.h3QIf2r0025389@artifact.psychedelic.net> Message-ID: On Saturday, April 26, 2003, at 11:41 AM, Eric Cordian wrote: > Tim May wrote: > >> You don't need to take our word for it--you need to see why modern >> cryptography avoids trust issues almost completely. > > Like mathematicians saying "Trust Us, no algorithm exists which can > factor > the 309 digit product of two large distinct odd primes in a few > seconds on > a cheap PC?" > > Perhaps I'm missing something, but it seems to me that public key > cryptography is fundamentally a trust-based system. With the rise of > the > Internet, and almost all crypto being done by people who do not > physically > meet to exchange keys, almost all crypto is public key crypto. > > Therefore, almost all cryptography (at the present moment) is based on > trust. > > And it's trust based on the "It doesn't exist, because if it did, I'm > so > smart I would have found it by now" paradigm, which I've never > regarded as > being particularly reliable. (Insert comments about simple algorithms > whose direct derivation lies just slightly beyond the limits of human > ingenuity here.) I'm surprised at you for thinking trust is some number that is either 0 or 1. All crypto is economics, and so is all trust. Consider two situations: Situation 1: "I have generated a key for you and will send it securely. You can trust me not to look at it and not to reveal it to anyone else....Well, not unless Saddam's men force me to, or not until John Ashcroft threatens to hold me as an illegal combatant if I don't cooperate. Or not until someone offers me $500 cash, no questions asked, for just a peek. Or not until I realize that this key is being used to further right wing Nazi causes. Or..." Situation 2: "Determining your private key requires an attacker to either monitor your keystrokes and bug your computer, so you'd better secure it, or it requires factoring a 309 decimal digit number associated and derivable from your public key. So far, the best algorithms have only factored a 137-digit number [for example] and no mathematicians have yet found cleverer ways. Great fame would await anyone who found a significantly faster method, even a Fields Medal, and yet no one has yet revealed one." Now I maintain there is a huge difference in the valuations placed on the "trust" in these two cases. If you wish to believe that Joe Sixpack saying he promises to keep your private key secret is on the same footing as the apparent difficulty of factoring very large numbers (and if 309 digits is deemed too small, only a tiny increase in key generation effort and later use to go to 500 decimal digits or even 1000) then you are of course welcome to your delusion. All crypto is economics. All trust is economics. --Tim May "In the beginning of a change the patriot is a scarce man, and brave, and hated and scorned. When his cause succeeds, the timid join him, for then it costs nothing to be a patriot." -- Mark Twain From timcmay at got.net Sat Apr 26 18:33:07 2003 From: timcmay at got.net (Tim May) Date: Sat, 26 Apr 2003 18:33:07 -0700 Subject: [Brinworld] PhoneCam vs. court; Publishing faces from the street In-Reply-To: <5.1.1.6.2.20030426144730.02d354b8@idiom.com> Message-ID: <327EB0FE-7850-11D7-865D-000A956B4C74@got.net> On Saturday, April 26, 2003, at 03:12 PM, Bill Stewart wrote: > At 02:33 PM 04/25/2003 -0700, Major Variola (ret) wrote: >> Teacher sets up drug dealer 'web watch' >> A teacher sick of drug dealers and addicts in his neighbourhood has >> taken the drastic measure of posting their pictures on the internet. >> >> John Messiter says he has decided to secretly photograph those >> terrorising the area and make their images public. >> http://www.ananova.com/news/story/sm_773853.html?menu=news.technology >> >> Interesting privacy/public and libel implications in the latter. > > There are two categories of people he's likely to photograph > - Real drug dealers and users > - Falsely accused drug dealers and users > The latter should be able to sue him for libel, which is too easy in > Britain, > modulo a few issues about whether web photographs are libel or slander. > Some of the former might also try that, but it's probably too risky, > and the black market has other ways to provide legal services and > conflict resolution to people who can't use official courts.... He doesn't have to "falsely accuse" _anyone_. All he does is to demonstrate (claim) that various people are at some location. Those who visit his site are free to draw their own conclusions. --Tim May "He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you." -- Nietzsche From nobody at remailer.privacy.at Sat Apr 26 09:50:10 2003 From: nobody at remailer.privacy.at (Anonymous) Date: Sat, 26 Apr 2003 18:50:10 +0200 (CEST) Subject: Censorship: state bans games that kill pigs In-Reply-To: <3EA9765E.CDB41660@cdc.gov> Message-ID: <6cc73c53bfe283cf32c7af8d67e2da37@remailer.privacy.at> Major Variola (ret) wrote on April 25th, 2003 at 10:54:38 -0700: > http://money.cnn.com/2003/04/18/commentary/game_over/column_ga > ming/index.htm > > Wash. to ban 'violent' game sales > State law will levy $500 fines to anyone selling Grand Theft Auto to > children. > ... > The bill passed the Senate 47-7 and is expected to be signed > into law by > > Gov. Gary Locke. Rather than targeting games based on their > ratings, the > > bill specifically mentions those that depict violence against law > enforcement officials. I look forward to purchasing _Grand Theft Auto: Vice City_ for the PC. It's good to teach kids how to snipe and kill Police State enforcers. BTW: Is Governor Gary Locke gasoline or diesel? -- Tom Veil From frissell at panix.com Sat Apr 26 16:21:40 2003 From: frissell at panix.com (Duncan Frissell) Date: Sat, 26 Apr 2003 19:21:40 -0400 (EDT) Subject: The Freest Country? In-Reply-To: <3EAB03AC.3000305@ksvanhorn.com> References:

<3EAB03AC.3000305@ksvanhorn.com> Message-ID: On Sat, 26 Apr 2003, Kevin S. Van Horn wrote: > Do you have some hard data to back up this assertion, or are you just > repeating the brainwashing we Americans are fed from at least > kindergarten forward? I don't know of any serious study of economic > freedom that puts the U.S. in the number one spot. Every rating I've > seen for the past ten years has put the U.S. at number four or worse. Econ Freedom of the World 2002 http://www.freetheworld.com/2002/1EFW02ch1.pdf US 3rd after HK & Singapore. Index of Econ Freedom 2003 http://cf.heritage.org/index/indexoffreedom.cfm US tied for 6th after HK, Sing, Lux, NZ, Ireland. HK & Sing have obvious general liberty probs. involving being an SR in a commie dictatorship in the case of HK and Confucian fascism (Disneyland with the Death Penalty) in the case of Sing. Lux. has address registration with the cops or the local government (I think). I don't know enough to compare overall liberty in NZ & Ire. but with Ire. in the EU now it's possible that we're #1. Shows a low standard for liberty in the world. DCF From timcmay at got.net Sat Apr 26 19:42:29 2003 From: timcmay at got.net (Tim May) Date: Sat, 26 Apr 2003 19:42:29 -0700 Subject: Anonglish (was: Re: Authenticating Meat) In-Reply-To: Message-ID: On Saturday, April 26, 2003, at 06:54 PM, Thomas Shaddack wrote: > On Sat, 26 Apr 2003, Major Variola (ret) wrote: >> But seriously, you've just mentioned what's called "textual analysis". >> Spelling errors and other idiosyncratic choices can be used >> to "pierce the veil" of anonymity. That's what did in Dr. Kaczynski, >> who pissed on the FBI for over a decade, until his brother recognized >> his text. > > Couldn't there be a standard English-based language, "Anonglish", with > a > subset of English grammatical rules, human-readable (though maybe with > its > own idiosyncrazies) and machine-parseable, which appearance would not > give > many more clues than that Anonglish was used? Something where grammar > rules would be few, strict, and easy to machine-check, spelling as > well, > and still be readable to anyone who knows "standard" English? Possibly > with a "translator" from "normal" English (of course with the > necessity to > read the translation, correct eventual semantical mistakes introduced > by > rearranging the words, and "anonspell-check" the result)? > > That would put textual analysis from comparing the errors > characteristic > for a given person to comparing of trains of thoughts, which is much > more > difficult, much less being a "reliable proof", and practically > impossible > for very short messages. REQUEST SPEC SOONEST. IDEA RELAYED BUPERS SUBJECT APPROVAL COMMAND. There are various synthetic languages, not the least of which is the form of "milspeak" used for quasi-literate military memos. But of course people aren't going to learn new human languages for such an ephemeral and mostly useless reason as to hide their textual clues. Kascinski got nailed because his rants were so long, running to many newspaper pages (as they were printed, at the FBI's request or his request, or both, I forget the details) and were filled with a lot more than just grammatical and stylistic clues: the rants had his political views, his analysis of history, etc. It's doubtful that K. would have had any interest in trying to write in some synthetic language, stripped of various stylistic choices and options. Or that we would want to. By the way, there was a book out a few years back by an academic who specializes in "forensic text analysis," e.g., analyzing the text of Shakespeare, Pynchon, etc. to do this kind of analysis. (He lived in Soquel, a town near me, and he analyzed letters by a "Wanda Tinasky" which were believed by some to be actually written by Thomas Pynchon, the famously reclusive author who, by coincidence (or not?) lived for a decade a couple of ridges over from me, in Aptos, also near Soquel. Small world. Google should turn up the author for those interested in finding the book. "We are at war with Oceania. We have always been at war with Oceania." "We are at war with Eurasia. We have always been at war with Eurasia." "We are at war with Iraq. We have always been at war with Iraq. "We are at war with France. We have always been at war with France." From jya at pipeline.com Sat Apr 26 19:55:12 2003 From: jya at pipeline.com (John Young) Date: Sat, 26 Apr 2003 19:55:12 -0700 Subject: The Freest Country? In-Reply-To: References: <3EAB03AC.3000305@ksvanhorn.com>

<3EAB03AC.3000305@ksvanhorn.com> Message-ID: The US is No. 1 in: 1. Percentage of population in jail. 2. Percentage of population in law enforcement. 3. Military spending. 4. Percentage of population in government. 5. Disparity between the rich and the poor. 6. Murders. 7. Crimes. 8. Number of laws. 9. Percentage of population who are lawyers. 10. Number of lawyers, judges, wardens and prison corporations. 11. Number of private cops. 12. Number of private spies. 13. Number of government spies. 14. Percentage of colleged educated out of work. 15. Number of people who have never worked a single day. 16. Number of stock market investors. 17. Number of people who have lost everything from stock cheats. 18. Number of billionaires. 19. Number of millionaires. 20. Number of female prostitutes. 21. Number of male prostitutes. 22. Number of child prostitutes. 23. Number of genital disease sufferers. 24. Number of institutionalized mental patients. 25. Number of persons in therapy. 26 Number of therapists. 27. Number religions, cults and their members. 28. Number of public relations firms. 29. Number of lobbyists. 30. Number of college professors. 31. Number of didacts. 32. Percentage of population who expect the government or somebody to take care of them from cradle to grave. 33. Percentage of population who think they are right when they say the US is the best. And many, many more, but that's not what gets spun about the bullshit leader of the free world. From eresrch at eskimo.com Sat Apr 26 19:55:24 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Sat, 26 Apr 2003 19:55:24 -0700 (PDT) Subject: Secret Service Buffoons In-Reply-To: <3EAAFC03.93EF30C3@cdc.gov> Message-ID: On Sat, 26 Apr 2003, Major Variola (ret) wrote: > To my surprise, the Special Agent called back > and pleaded with me. He changed his story and > said they had means of sending and receiving > email, but they _weren't allowed_ to give out > their email addresses. > > I know this is supposed to be the Secret > Service, but keeping their email addresses > secret is going a bit far IMHO. I would > think most computer-security professionals > would know how to set up a temporary and/or > anonymous email address. > > I hope he enjoys transcribing the scammers' > 350-character-long URLs from the paper I sent. > Shouldn't be too hard, seems they are used to pencil and paper :-) > I put the info on a secure web site and > suggested he pull it down from there, but > he declined that, too. Because you could pick off his login and trace him back :-) > The Special Agent was surprised to hear that > I controlled multiple web sites. He didn't > understand how that was possible. > > The Special Agent was surprised to hear that > given an IP address, I could figure out what > country it's in. He argued with me about this. > The term "whois" meant nothing to him. > > Heretofore I didn't understand how identity- > theft rings could operate so openly. One > might have thought they would be afraid of > stings, but evidently they're not. > > There's a lot of darkness here. I've set > out a few candles, but I'm not sure it's > going to be enough. More proof all our fears of the government actually being dangerous are totally false. They are incompetent beyond comprehension. I think I better go check out that movie "Brazil" again. Patience, persistence, truth, Dr. mike From measl at mfn.org Sat Apr 26 18:34:39 2003 From: measl at mfn.org (J.A. Terranson) Date: Sat, 26 Apr 2003 20:34:39 -0500 (CDT) Subject: How convenient... Message-ID: http://www.cnn.com/2003/WORLD/meast/04/26/sprj.irq.britain.iraq.ap/index.html Report: Iraq-al Qaeda link found LONDON (AP) -- Documents discovered in the bombed out headquarters of Iraq's intelligence service provide evidence of a direct link between Saddam Hussein's regime and Osama bin Laden's al Qaeda terrorist network, a newspaper reported Sunday. Papers found Saturday by journalists working for the Sunday Telegraph reveal that an al Qaeda envoy met with officials in Baghdad in March 1998, the newspaper reported. The paper quoted an unidentified Western intelligence official as saying the find was "sensational." The paper said the documents show that the purpose of the meeting was to establish a relationship between Baghdad and al Qaeda based on their mutual hatred of the United States and Saudi Arabia. The meeting went so well that it was extended by a week and ended with arrangements being discussed for bin Laden to visit Baghdad, the newspaper said. Journalists found a three-page file on bin Laden inside a folder lying in the rubble of one of the rooms of the intelligence headquarters, the paper said. "Iraqi agents at some point clumsily attempted to mask out all references to bin Laden, using white correcting fluid," the newspaper reported. "After carefully removing the dried fluid, however, the name is clearly legible three times in the documents." One of the pages, dated February 19, was marked "top secret and urgent" and referred to plans for the trip from Sudan of the unnamed envoy, who is described in the file as a trusted confidant of bin Laden's, the paper said. The document, signed, "MDA," which the newspaper said is a code name believed to belong to the director of one of the Iraqi intelligence sections, said the Iraqis sought to pay for the envoy's costs while in Iraq "to gain the knowledge of the message from bin Laden and to convey to his envoy an oral message from us to bin Laden." The message to bin Laden "would relate to the future of our relationship with him, bin Laden, and to achieve a direct meeting with him," the newspaper quoted the document as saying. The other documents confirm that the envoy traveled from Khartoum in Sudan to Baghdad in March 1998 and that he stayed at the al-Mansour Melia hotel. The documents do not mention whether any meeting took place between bin Laden and Iraqi officials, the newspaper said. Separately, The Sunday Times reported that its own journalists had found documents in the Iraqi foreign ministry that indicate that France gave Saddam Hussein's regime regular reports on its dealings with American officials. The newspaper said the documents reveal that Paris shared with Baghdad the contents of private transatlantic meetings and diplomatic traffic from Washington. One document, dated September 25, 2001, from Iraqi foreign minister Naji Sabri to Saddam's palace, was based on a briefing from the French ambassador in Baghdad and covered talks between presidents Jacques Chirac and George W. Bush. From justin at soze.net Sat Apr 26 13:51:34 2003 From: justin at soze.net (Justin) Date: Sat, 26 Apr 2003 20:51:34 +0000 Subject: Quarantines may be justified [Santorum] In-Reply-To: <3EAAC3F8.DF3F162E@cdc.gov> References: <3EAAC3F8.DF3F162E@cdc.gov> Message-ID: <20030426205134.GE25990@dreams.soze.net> At 2003-04-26 17:38 +0000, Major Variola (ret) wrote: > At 05:41 PM 4/25/03 +0000, Justin wrote: > >At 2003-04-25 16:31 +0000, Major Variola (ret) wrote: > > > >> But, Santorum needs to be tried & hung for what he meant. > > > >Do you have plans to try and hang the Supreme Court Justices who > >upheld Sodomy laws in Bowers v Hardwick? > > Violating the constitution is treason. Only state actors can violate > the constitution. Where'd you get that idea that private citizens can't violate the Constitution? Take a look at 18USC241, 242. Regardless, federal judges are certainly state actors, or at least they were when they committed treason and a change of status shouldn't make them immune to prosecution. > >What about the significant minority of Americans who'd completely > >agree with Santorum's remarks? > > I don't care if its a *majority*, the Constitution trumps democracy. > Democracy is merely mob rule. I'm well aware. I was only suggesting that there are many other people beside the not-so-distinguished Senator from Pennsylvania who are in desperate need of trial, rope, and tree. I'm confident that in a wide sampling of religiously-motivated fanatics in the U.S., Sen. Santorum would not rank even in the top thousand worst offenders. His comments, if anything, helped his opposition. I could hardly imagine the Supreme Court upholding the premise of Bowers v Hardwick this summer when they rule on the current case. Santorum's a harmless dinosaur. -- Freedom's untidy, and free people are free to make mistakes and commit crimes and do bad things. They're also free to live their lives and do wonderful things. --Defense Secretariat, 2003-04-11 From emc at artifact.psychedelic.net Sat Apr 26 20:54:01 2003 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Sat, 26 Apr 2003 20:54:01 -0700 (PDT) Subject: All trust is economics In-Reply-To: Message-ID: <200304270354.h3R3s19G028645@artifact.psychedelic.net> Tim writes: > I'm surprised at you for thinking trust is some number that is either 0 > or 1. The same could be said about "good" and "evil", yet in ordinary conversation, one doesn't use the words to refer to their zero values. Unqualified "trust" is somewhere between "more likely than not" and "absolutely certain." > All crypto is economics, and so is all trust. To a Jewish friend of mine, everything is marketing. I suppose it depends on ones perspective. :) > Consider two situations: > Situation 1: "I have generated a key for you and will send it > securely. You can trust me not to look at it and not to reveal it to > anyone else....Well, not unless Saddam's men force me to, or not until > John Ashcroft threatens to hold me as an illegal combatant if I don't > cooperate. Or not until someone offers me $500 cash, no questions > asked, for just a peek. Or not until I realize that this key is being > used to further right wing Nazi causes. Or..." Sounds like a good description of the difference between confidentiality and anonymity. I prefer the latter. > Situation 2: "Determining your private key requires an attacker to > either monitor your keystrokes and bug your computer, so you'd better > secure it, or it requires factoring a 309 decimal digit number > associated and derivable from your public key. This is the difference between wishful thinking and anonymity. > So far, the best algorithms have only factored a 137-digit number [for > example] and no mathematicians have yet found cleverer ways. Great fame > would await anyone who found a significantly faster method, even a > Fields Medal, and yet no one has yet revealed one." How silly. Factoring is like the Poincare Conjecture. Solving it doesn't let us do anything new and exciting, and nothing else we care about has a reduction into it. Fast factoring will be greeted by "oh, yes, of course", and the sound of mass yawning and moving on. In 10 years, "factor" will be a commodity microprocessor opcode. Is anyone even working on factoring any more? How long has it been since the last RSA Challenge number was factored? Seems like aeons. > Now I maintain there is a huge difference in the valuations placed on > the "trust" in these two cases. There is a huge difference in the valuation *YOU* place on the "trust" in these two cases. Valuation is hardly an absolutely quantifiable notion, completely independent of who is doing the valuating. I choose to avoid both situation 1 and situation 2 above. You avoid situation 1, and think you are safe in situation 2. You very well could be, but then again... > If you wish to believe that Joe Sixpack saying he promises to keep your > private key secret is on the same footing as the apparent difficulty of > factoring very large numbers (and if 309 digits is deemed too small, > only a tiny increase in key generation effort and later use to go to > 500 decimal digits or even 1000) then you are of course welcome to your > delusion. Yes, I believe Joe Sixpack saying that he promises to keep my key safe to be on the same footing as Joe Sixdiploma saying that because he can't figure out how to factor 309 digit numbers quickly, it must not be possible. Vanity, Vanity, All is Vanity. > All crypto is economics. All trust is economics. All RSA is faith-based crypto. -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From timcmay at got.net Sat Apr 26 21:18:37 2003 From: timcmay at got.net (Tim May) Date: Sat, 26 Apr 2003 21:18:37 -0700 Subject: The Freest Country? In-Reply-To: Message-ID: <51893672-7867-11D7-865D-000A956B4C74@got.net> On Saturday, April 26, 2003, at 08:43 PM, R. A. Hettinga wrote: > > Anyway, we all have the ultimate canary in a coal mine. If *Tim* > decides it's time to go, than the US is officially in the shitter and > it's time to grab the bug-out bag. Personal liberty is of course not the same thing as economic or business liberty, of course. It might be that Costa Rica, for example, would be a fine place to live with low income taxes (hypothetically) even if it not a great place to headquarter a corporation in. (I picked Costa Rica because it has a tropical climate, some Dutch hackers have a place there, a well known digital money advocate relocated there, and it has no standing army. By coincidence, Intel located an assembly plant there. But not its corporate headquarters, needless to say.) Selling my house, packing up my voluminous amount of stuff (or worse, discarding it), and moving to Costa Rica or the South of France, or, Allah forbid, moving onto an oil platform or gunnery turret or whatever, is not easy to do. Furthermore, Uncle Sugar thinks he has the right to take my assets for the first 10 years I'm no longer having other countries invaded on my behalf, no longer having negro welfare mothers breeding on my behalf, and no longer getting any of the so-called benefits of advanced civilization. Those who have exited the country have found the tax man hounding them for years. Probably if I were to leave the U.S. I'd do it the old-fashioned way: buy a lavish, well-protected seaside villa in Mexico and just pay off the local cops and politicians. How I'd get my money out of the U.S. without Uncle Sugar taking 35-50% for the aforementioned country invasions and welfare breeders is an unsolved problem. (Hint: Stuffed suitcases don't work, for various reasons.) [This space reserved for insertion of usual silliness about living out of suitcase, stuffed or not, and being a "perpetual tourist," which only works if one is below a certain net worth and if one likes to travel a lot.] Meanwhile, it's easier to have a lot of guns, some perimeter alarms, various sets of "documents" to facilitate escape from Airstrip One, and to minimize stock sales so as to minimize Uncle Sugar's theft. If I leave, I expect it will be one step ahead of the Thought Police, aka Ashcroft's Army. > > In the meantime, Young, as usual, writes great word salad, this time > about what a shitty country we are, but the still-warming pot is, at I still can't understand anything he writes. He's either actually a loon, as he portrays himself to be, or he thinks he's channeling James Joyce. --Tim May From jamesd at echeque.com Sat Apr 26 21:27:34 2003 From: jamesd at echeque.com (James A. Donald) Date: Sat, 26 Apr 2003 21:27:34 -0700 Subject: Making Money in Digital Money In-Reply-To: References: <20030426025046.A8088505@exeter.ac.uk> Message-ID: <3EAAF9C6.9787.1BF0228@localhost> -- On 25 Apr 2003 at 22:56, Tim May wrote: > I think it may just not be possible for some bright > programmer to develop a solid digital money (henceforth, DM) > system and deploy it while still making money, avoiding some > kind of prosecution or lawsuit (civil lawsuits for many > different reasons). > > [...] > > * Real DM will likely be introduced in a guerilla fashion, > much as Pr0duct Cypher anonymously released Magic Money a > decade ago. The mint cannot be anonymous. Needs reputation, and sizable wealth. Mint probably employs programmer, or is programmer. If the code is public domain, then there will be multiple mints, with some more willing to disregard hostile governments than others. I suggest the following introduction: Introduce for micropayment services (identity is too expensive for small payments, which is why credit cards fail below five dollars) Useful for antispam email charge, remailer user fees, file sharing networks (solving the free rider problem), pornography by the minute, and tips for videocam performers. Need some legal and profitable application to get the software fully developed, debugged, and people used to it. When people are using it for dimes, they will want to start using it for large sums, and then things get interesting. Dubai is currently the banker for people evading third world currency exchange restrictions. Once it is working in the micropayment ghetto, where credit cards are uncompetitive, there will be demand to break out of that ghetto, and where there is demand, there will be supply. Of course there have been many attempts to fill the micropayment niche, all of them miserable failures. I think this is due to the inherantly high costs of identity and revocability. If your payments are revocable, then you need identity, which costs, and you get involved in arbitration, which costs, and you cannot possibly afford to do that on a micropayment service. > * In my view, not necessarily the view of everyone in the DM > community, the Big Win for solid DM is in illegal markets, > e.g., buying and selling child porn, bestiality, snuff > images, etc. Child porn and bestiality are, like MP3s, a micropayment market. My hard drive keeps getting usenet child porn on it even though I try to prevent it. I download what I think is a Hellsing cartoon, and guess what? Among the many unviewed videos and images on my hard drive, there is probably enough child porn to put me away for fifty consecutive life sentences. My email spam is full of bestiality, even though I have numerous filtering rules designed to delete it. Surprisingly, I do not think I have seen any snuff spam -- which does not mean I am not getting it, it may be filtered by my anti porn spam rules. Just target file sharing, a legal market, according to the most recent judicial ruling, and some significant proportion of the files shared are going to be child porn etc. That is the users issue, not the banks. > * Anyone releasing such a strong DM system should be > targeting the high end applications, where the needs for > untraceability are very high and the willingess to pay the > costs (in training, in network resources) is also high. I disagree. Micropayments are legal. Useful if the same software has legal and illegal uses. Strong anonymity and consequent irrevocability has accepted legal, moral, and economic purpose in the micropayment field. > * In my view, most who have looked to enter the DM market > (such as Digicash, Mark Twain Bank, etc.) have shied-away > from precisely the areas where untraceability meets a real > market need. Mark Twain bank crippled their cash so they could stop pornographers from using it. > A digital money system where the DM may be "cancelled" will > not fly. For various reasons. (Imagine your bank telling you > that if they think you are violating their use policies they > may simply seize your money and you'll be out of luck.) Revocability. The various digital gold currencies are compelled to have an AUP and seize the money of people using their system when this AUP is violated, even though they very much do not want to, because of the very high costs involved. > * It may be that pioneers in this area just won't be able to > make any money. This is not new. Many discoveries did not > enrich the discoverer. Sometimes they were recognized in > their lifetimes, sometimes not. No money then crap software, crap software then lack of critical mass of users. Has to make money or no one will write software the ordinary end user will accept. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG WeQL5KAm368l/BB5FhdV3HRZwi0tcIoVVHe9WyGK 4JEJhGr9vM1Becp1QdyRiI3U4tkF26wqs75DTGtQA From timcmay at got.net Sat Apr 26 22:49:09 2003 From: timcmay at got.net (Tim May) Date: Sat, 26 Apr 2003 22:49:09 -0700 Subject: Fake News for Big Brother In-Reply-To: <20030426233754.A11085@cluebot.com> Message-ID: On Saturday, April 26, 2003, at 08:37 PM, Declan McCullagh wrote: > On Sat, Apr 26, 2003 at 12:04:10PM -0700, Eric Cordian wrote: >> The news media, will, in fact, print fake news supplied by the >> government, >> with full knowlege that it is false, to further an ongoing >> investigation. > > Yes, that may be the case. It certainly is here. But let's not forget > the fact that this incident has drawn sharp criticism from other > journalists. > > -Declan But the journalist and his editors are still alive. When they have been necklaced and lit, we can rest easier. Burning down the entire newspaper office would maybe be overkill, but, hey, what the hell. Fuck them dead. --Tim May From timcmay at got.net Sat Apr 26 23:03:51 2003 From: timcmay at got.net (Tim May) Date: Sat, 26 Apr 2003 23:03:51 -0700 Subject: Making Money in Digital Money In-Reply-To: <3EAAF9C6.9787.1BF0228@localhost> Message-ID: <04F0A904-7876-11D7-865D-000A956B4C74@got.net> On Saturday, April 26, 2003, at 09:27 PM, James A. Donald wrote: > -- > On 25 Apr 2003 at 22:56, Tim May wrote: >> I think it may just not be possible for some bright >> programmer to develop a solid digital money (henceforth, DM) >> system and deploy it while still making money, avoiding some >> kind of prosecution or lawsuit (civil lawsuits for many >> different reasons). >> >> [...] >> >> * Real DM will likely be introduced in a guerilla fashion, >> much as Pr0duct Cypher anonymously released Magic Money a >> decade ago. > > The mint cannot be anonymous. Needs reputation, and sizable > wealth. Mint probably employs programmer, or is programmer. Any given mint only needs the belief by its customers that it will honor (redeem) its tokens. Such a mint can, by demonstration, be as small as a corner store offering gift certificates. Naturally, the blinded nature of tokens means that customers can "ping" such mints as often as they like. (There is the "pack up, leave town, and burn customers" scam, as there always is with a bank or mint which has not yet redeemed all of its obligations. The best fix for this is to distribute monies at many such mints. It is unlikely, though remotely possible, that all of them or even most of them will abscond at the same time. Note that reputation per se does not stop this scam from happening even with meatspace banks. It is rare, however, as most banks deduce that getting a fraction of a continuing stream of business is more advantageous than absconding.) > Child porn and bestiality are, like MP3s, a micropayment > market. My hard drive keeps getting usenet child porn on it > even though I try to prevent it. I download what I think is a > Hellsing cartoon, and guess what? Among the many unviewed > videos and images on my hard drive, there is probably enough > child porn to put me away for fifty consecutive life sentences. > My email spam is full of bestiality, even though I have > numerous filtering rules designed to delete it. Surprisingly, > I do not think I have seen any snuff spam -- which does not > mean I am not getting it, it may be filtered by my anti porn > spam rules. Nonsense. What you are receiving for free is either tame stuff or is just a "free sample," for marketing purposes. Look at the reports on monies spent on actual busted child porn rings: these consumers are spending real money, not getting their stuff for free as spam. --Tim May From timcmay at got.net Sat Apr 26 23:11:58 2003 From: timcmay at got.net (Tim May) Date: Sat, 26 Apr 2003 23:11:58 -0700 Subject: Anonglish (was: Re: Authenticating Meat) In-Reply-To: <200304270058.59914.njohnsn@njohnsn.com> Message-ID: <270C1CC2-7877-11D7-865D-000A956B4C74@got.net> On Saturday, April 26, 2003, at 10:58 PM, Neil Johnson wrote: > You could try the Dialectizer > > http://rinkworks.com/dialect/ > > Example: > > On Saturday 26 April 2003 09:42 pm, Tim "Ahh Be Bad" May wrote, dig > dis: >> >> REQUEST SPEC SOONEST. IDEA RELAYED BUPERS SUBJECT APPROVAL COMMAND. >> >> >> Dere is various syndetic languages, not da damn least uh which be de >> fo'm uh "milrap" used fo' quasi-literate military memos. >> >> Looks a lot like the Ebonicizer, which, those who search the archives can confirm, I used a few times several years ago. Pity da fool! --Tim May From adam at cypherspace.org Sat Apr 26 15:21:27 2003 From: adam at cypherspace.org (Adam Back) Date: Sat, 26 Apr 2003 23:21:27 +0100 Subject: Making Money in Digital Money In-Reply-To: <775AB29B-7809-11D7-865D-000A956B4C74@got.net>; from timcmay@got.net on Sat, Apr 26, 2003 at 10:06:48AM -0700 References: <20030426134155.GA28448@lightship.internal.homeport.org> <775AB29B-7809-11D7-865D-000A956B4C74@got.net> Message-ID: <20030426232127.A8084118@exeter.ac.uk> On Sat, Apr 26, 2003 at 10:06:48AM -0700, Tim May wrote: > I don't believe ZKS ended up targeting the remailer niche ("space") we > are interested in. In the years that Freedom nyms were being sold, how > many were used to post to this list? How many were used to post to > Usenet? A set nearly of measure zero. I think the first mail system at ZKS was relatively unreliable, and complex for users to understand and use (setting up a nym as with nymserver/type I involved reply blocks, waiting for confirmation etc). It was reply block based, but reimplemented from scratch, not based on cyphperpunk type I code. Some of the issues were implications of the design (as with type I based reply blocks, some mail does not arrive; also reply blocks always seemed fragile to me), others were probably implementation issues. The 2nd gen mail system we built at ZKS (my design) had a different set of tradeoffs. I found a copy of the "Freedom 2.0 Mail System" white paper here: http://osiris.978.org/~brianr/crypto-research/anon/www.freedom.net/products/whitepapers/Freedom_2_Mail_System.pdf It was definately more reliable (the main business reason for doing it). Also there was no reply block pointing back at your real identity which is the main weakness of the reply-block design: it is a subpeona risk. Instead it was based on a pop server which you optionally connect to via the anonymous freedom network to achieve sender anonymity (or deliver via mixmaster if you prefer, it's accepts regular mail to interface with non-anonymous users), and via the freedom network again to achieve recipient pseudonymity. So these interactive connections are immediately forward-secret, and therefore you have much better protection against subpeona attack. However they are more vulnerable to all-powerful observer attacks who could probably figure out which pseudonym was which by sending lots of unique sized email and then watching traffic patterns flow through the network. So as you might expect different systems can be built which optimize against different types of threat. I'd argue the 2nd gen mail system would be much better against subpoena attack, but weaker against all-powerful passive adversaries. The typical thing an end user with strong desire for privacy would be concerned about (frivolous lawsuits related to online discussion groups, defamatio, privacy against law enforcement sting operations, etc) would be better protected; where as national security issues where you might imagine NSA or such could coordinate and implement the all-powerful passive adversary are less well protected against. > I assume _some customers_ were using Freedom...I just don't recall ever > receiving a message from any of them, or seeing any of them on the > lists and groups I frequent. I think there were more active users of the web browsing side of things than the pseudonymous mail for the reasons above. The version might have been better given time, but I think freedom network (and mail) was discontinued relatively soon after it's deployment. > (I still check in on www.zks.net occasionally to see what's going on. > Stuff about firewalls and viruses.) Yes. This is why I quit to do other stuff -- limited crypto stuff left, and no distributed trust anonymity or privacy left. ZKS still does have one anonymous networking type sytem called websecure which they are actively selling and have subscribers of. It's somewhat similar to anonymizer.com in that it is one hop only anonymous traffic for web browsing only. The differences (which make it probably more secure I'd argue) are that it doesn't rely on html re-writing which is a risky strategy to provide good assurance (periodically somone finds some html extension which anonymizer.com style html rewriting misses, until they fix it; or fuzzy parsing rules in browsers which allow you to slip URLs past the re-writer in a way that some browsers will fix up, but the re-writer doesn't recognize as a URL). Unfortunately the websecure approach is also Internet Explorer specific, relying on a browser helper object to hook in an SSL tunnel to the proxy (run by ZKS). It's described here: http://www.freedom.net/products/websecure/index.html the fact that it's a browser helper object doesn't hurt the appearance -- it doesn't really look like a download, the installation is quite rapid and seamless. (The rest as Tim says is a suite with options of a Personal Firewall, Anti-Virus and Parental Control.) The suite products are primarily sold (actually "rented" as a service for $x/month with profit share) via ISPs, preinstalled on hardware manufactureres machines etc. (What you get for your ongoing subscription is virus definition updates, firewall rule updates to cope with new applications, software updates, and the parental control involves ongoing use of a server). As you can see on the press release page they're quite successful at signing up ISPs onto this model: http://www.zeroknowledge.com/media/pressrel.asp with a fairly steady stream of new and fairly major ISPs. So, successful, but not hard-core cryptographically assured, distributed trust/zero-trust, privacy related. Adam From declan at well.com Sat Apr 26 20:37:54 2003 From: declan at well.com (Declan McCullagh) Date: Sat, 26 Apr 2003 23:37:54 -0400 Subject: Fake News for Big Brother In-Reply-To: <200304261904.h3QJ4AQv025621@artifact.psychedelic.net>; from emc@artifact.psychedelic.net on Sat, Apr 26, 2003 at 12:04:10PM -0700 References: <200304261904.h3QJ4AQv025621@artifact.psychedelic.net> Message-ID: <20030426233754.A11085@cluebot.com> On Sat, Apr 26, 2003 at 12:04:10PM -0700, Eric Cordian wrote: > The news media, will, in fact, print fake news supplied by the government, > with full knowlege that it is false, to further an ongoing investigation. Yes, that may be the case. It certainly is here. But let's not forget the fact that this incident has drawn sharp criticism from other journalists. -Declan From rah at shipwright.com Sat Apr 26 20:43:46 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 26 Apr 2003 23:43:46 -0400 Subject: The Freest Country? In-Reply-To: References:

<3EAB03AC.3000305@ksvanhorn.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kevin, I really do pay attention to this stuff, almost full time, and I read most of the same things that Duncan does. When you put them all together, we're close enough to the top for, heh, government work. At 7:21 PM -0400 4/26/03, Duncan Frissell wrote: >I don't know enough to compare overall liberty in NZ & Ire. but >with Ire. in the EU now it's possible that we're #1. Shows a low >standard for liberty in the world. Amen. We're sort of the Microsoft of free countries right now (I'm a Mac guy, myself...) it ain't pretty, the company's grabby and turfy, but most of the feature boxes get checked off, and it's what everyone's using at work. NZ's backsliding a bit, especially since 9/11, but I bet Peter can tell us more first hand if he's around. What Duncan said about Ireland, but they're fighting the good fight, and, hell, like Adam said, London's got a TAZ or two that doesn't completely suck, but, over all, the UK's in the same shoes we are securitywise, and anal probes accordingly. Meanwhile noose tightens. Like Doug said, "and then you go to jail" still is a bad error-handler for a protocol. Write code if you've got it to write. Anyway, we all have the ultimate canary in a coal mine. If *Tim* decides it's time to go, than the US is officially in the shitter and it's time to grab the bug-out bag. In the meantime, Young, as usual, writes great word salad, this time about what a shitty country we are, but the still-warming pot is, at the moment, the coolest place on the stove; certainly not the frying pan of the continental EU, much less the fire of the Third World, most of the XSU and Le Chine inclusive. All these cooking metaphors are making me hungry. Freedom: The New White Meat. (marginally better than "It's what's for dinner"?) Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 - not licensed for commercial use: www.pgp.com iQA/AwUBPqtR68PxH8jf3ohaEQIUlwCdFyfSp0D4hSKu+NFN2RpQmzBxT3kAoKi7 ibUc/ndN81rG5tOPOAZ4B6Gy =dWZi -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From adam at cypherspace.org Sat Apr 26 15:44:02 2003 From: adam at cypherspace.org (Adam Back) Date: Sat, 26 Apr 2003 23:44:02 +0100 Subject: more about anonymous mail (Re: Making Money in Digital Money) In-Reply-To: <20030426232127.A8084118@exeter.ac.uk>; from adam@cypherspace.org on Sat, Apr 26, 2003 at 11:21:27PM +0100 References: <20030426134155.GA28448@lightship.internal.homeport.org> <775AB29B-7809-11D7-865D-000A956B4C74@got.net> <20030426232127.A8084118@exeter.ac.uk> Message-ID: <20030426234402.A7988036@exeter.ac.uk> I wrote about freedom 2.0 mail system: > So these interactive connections are immediately forward-secret, and > therefore you have much better protection against subpeona attack. > However they are more vulnerable to all-powerful observer attacks who > could probably figure out which pseudonym was which by sending lots of > unique sized email and then watching traffic patterns flow through the > network. So a couple of other comments: - Ulf Moeller, Anton Stiglic and I published our thoughts about how someone could go about doing the passive adversary traffic analysis attacks on interactive systems such as the freedom anonymous network: Apr 01 - "Traffic Analysis Attacks and Trade-Offs in Anonymity Providing systems", Information Hiding 2001, Adam Back, Ulf Moeller and Anton Stiglic http://www.cypherspace.org/adam/pubs/traffic.pdf - and in fact the version 1 freedom mail system had other issues: the mail was not split up into fixed sized chunks (as it is with mixmaster), so it suffered the same vulnerabilities that type I based nymservers do: it was in addition equally vunlerable to traffic analysis. I'd take this version 1 freedom mail vulnerability to indiate that in essentially all respects version 2 was more secure than version 1; though some of the version 1 design-issues could have been fixed in similar ways that are proposed in the mixminion project. The mixminion project project (aka Type III remailer) design and implementation attempts to avoid these issues by merging reply block functionality into a mixmaster like fixed sized message mix net. Mixminion actually uses Single Use Reply Blocks (SURBs) to in addition reduce vulnerability to flooding attacks (where someone just sends lots of messages to see where they arrive as they flow down the reply block). The recipient I think is expected to send a few SURBs to nyms he communicates with, and to send SURBs to the nymserver to pick up mail from regular internet mail senders (who are not using the mixminion client). If I understand it is also planned that the mixminion / Type III protocol will be implemented within mixmaster as mixmaster version 4. (The current alpha mixminion code is a separate code base, written in python scripting language). The other good thing about mixminion / type III protocol is that finally type I remailers with their traffic analysis issues could be phased out. (Their remaining reason for existance was to support reply-block functionality for nymservers). Adam From bill.stewart at pobox.com Sat Apr 26 23:46:47 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Sat, 26 Apr 2003 23:46:47 -0700 Subject: Anonglish (was: Re: Authenticating Meat) In-Reply-To: <200304270058.59914.njohnsn@njohnsn.com> References:

Message-ID: <5.1.1.6.2.20030426234205.02d350e0@idiom.com> At 12:58 AM 04/27/2003 -0500, Neil Johnson wrote: >You could try the Dialectizer > > http://rinkworks.com/dialect/ One of the early web anonymizing systems was the Web Canadianizer, eh? It retrieved and dialectized web pages, and while it wasn't as thorough as the Anonymizer, it worked pretty well, eh? By the way, it's amusing and sad to see that one of the features of the current Zero Knowledge Systems products is a Content Filtering feature which not only blocks Sex and Violence but also Criminal Skills. Presumably this means that it would block any access to ZKS Freedom, the Anonymizer, and most other pages with Hacker information, unless they've hacked it to whitelist their own services. From rah at shipwright.com Sat Apr 26 20:56:18 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 26 Apr 2003 23:56:18 -0400 Subject: Fwd: [Asrg] A New Plan for No Spam / Velocity Indicator Message-ID: --- begin forwarded text From bill.stewart at pobox.com Sun Apr 27 00:05:01 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Sun, 27 Apr 2003 00:05:01 -0700 Subject: The Freest Country? In-Reply-To: <51893672-7867-11D7-865D-000A956B4C74@got.net> References: Message-ID: <5.1.1.6.2.20030426235327.02d35228@idiom.com> At 09:18 PM 04/26/2003 -0700, Tim May wrote: >[This space reserved for insertion of usual silliness about >living out of suitcase, stuffed or not, and being a "perpetual tourist," >which only works if one is below a certain net worth and if >one likes to travel a lot.] There are different kinds of perpetual tourism, some of which involve less travelling than others. I have friends who are believed by the Netherlands bureaucrats to be spending their time in Belgium, and by the Belgian bureaucrats to be over in the Netherlands. I think the apartment in the Netherlands is probably different than their official when-we're-not-outside-the-country address, and that their Belgian address is a mailbox, but I could have that backwards, and at least one of their addresses is probably owned by a corporation, and their net worth is probably in Switzerland or some such location, but while their net worth is fine, I think they're probably retired or at most "consulting" rather than doing full-time work. On the other hand, one nice thing about that area is that if they _do_ need to be out of the country, it's an hour or two across an unguarded border. I don't know if it's as easy to confuse the US and Canada about which country you're living in, and while the borders are permeable, they're a lot more thoroughly audited than they used to be, so maybe you need to spend more time on the ferryboat to Vancouver instead of driving or flying commercially. From njohnsn at njohnsn.com Sat Apr 26 22:29:09 2003 From: njohnsn at njohnsn.com (Neil Johnson) Date: Sun, 27 Apr 2003 00:29:09 -0500 Subject: All trust is economics In-Reply-To: <200304270354.h3R3s19G028645@artifact.psychedelic.net> References: <200304270354.h3R3s19G028645@artifact.psychedelic.net> Message-ID: <200304270029.09348.njohnsn@njohnsn.com> On Saturday 26 April 2003 10:54 pm, Eric Cordian wrote: > > Yes, I believe Joe Sixpack saying that he promises to keep my key safe to > be on the same footing as Joe Sixdiploma saying that because he can't > figure out how to factor 309 digit numbers quickly, it must not be > possible. > There are a lot more Joe Sixdiploma's that have tried figuring out how to factor 309 digit numbers and failed than Joe Sixpacks that have successfully kept their promise to keep a secret. > All RSA is faith-based crypto. Like I said, I have more faith in the math than human nature. -- Neil Johnson http://www.njohnsn.com PGP key available on request. From shaddack at ns.arachne.cz Sat Apr 26 15:36:17 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Sun, 27 Apr 2003 00:36:17 +0200 (CEST) Subject: Censorship: state bans games that kill pigs In-Reply-To: <20030425210210.GC25990@dreams.soze.net> Message-ID: On Fri, 25 Apr 2003, Justin wrote: > Don't forget zero tolerance. If caught, they'll be suspended or > expelled or transferred. Digital media have an advantage over drugs. They don't smell, can't be sniffed, a piss test won't reveal you played a "wrong" game, and you can store an ISO image in your iPod. Makes things more difficult to enforce. Another advantage is that the digital media could replace the drugs as "forbidden fruit", which is more healthy. Also, crackdowns on game-swappers could be perceived by public in much different way - while the Society is conditioned for decades that Drugs Are Bad, this is about "just silly games". With good management, this could be used to find public support for "zero tolerance to zero tolerance". A guerrila tactics, of maneuvering kids of local officials into stings, could make things interesting as well; kind of similar to planting books in the houses of firemen in Fahrenheit 451. > I've never understood the concept of expulsion from public school > before age 16. "You must go to school" then "you must not go to > school" seems rather silly to me. Cultural question: I never understood the concept of expulsion. How it works, why it is used? We never had it here (.cz). Can't it be one of the factors our juvenile criminality is quite lower? > I guess it's better to have them running around neighborhoods in gangs > with real guns than going to school and using chicken strips to shoot > at teachers. Suuuuuure. (We used the tubes from one kind of mechanical pencil as the guns and little paper balls as the ammo. Especially good if the target had dark hair and a certain kind of hairdo where they stuck.) > About the cd swapping, maybe their parents will go to jail, too. By what twist of law? Nobody can supervise ther children 24/7, not when the corporations are squeezing more and more "productivity" (read: work hours) from them. > That's going to be really productive for shaping the child's or young > teen's perception of society. Will teach them to hide their activities from the eyes of the ones with power. Could be the most useful thing they learn at school... From njohnsn at njohnsn.com Sat Apr 26 22:49:08 2003 From: njohnsn at njohnsn.com (Neil Johnson) Date: Sun, 27 Apr 2003 00:49:08 -0500 Subject: All trust is economics In-Reply-To: <200304270354.h3R3s19G028645@artifact.psychedelic.net> References: <200304270354.h3R3s19G028645@artifact.psychedelic.net> Message-ID: <200304270049.08522.njohnsn@njohnsn.com> On Saturday 26 April 2003 10:54 pm, Eric Cordian wrote: > > To a Jewish friend of mine, everything is marketing. > > I suppose it depends on ones perspective. :) > In a way, marketing is about convincing customers to trust (the value) your product or service enough to exchange something of they have of value for it. So we are back to economics. -- Neil Johnson http://www.njohnsn.com PGP key available on request. From njohnsn at njohnsn.com Sat Apr 26 22:58:59 2003 From: njohnsn at njohnsn.com (Neil Johnson) Date: Sun, 27 Apr 2003 00:58:59 -0500 Subject: Anonglish (was: Re: Authenticating Meat) In-Reply-To: References: Message-ID: <200304270058.59914.njohnsn@njohnsn.com> You could try the Dialectizer http://rinkworks.com/dialect/ Example: On Saturday 26 April 2003 09:42 pm, Tim "Ahh Be Bad" May wrote, dig dis: > > REQUEST SPEC SOONEST. IDEA RELAYED BUPERS SUBJECT APPROVAL COMMAND. > > > Dere is various syndetic languages, not da damn least uh which be de > fo'm uh "milrap" used fo' quasi-literate military memos. > > But uh course sucka's ain't goin' t'learn new human languages fo' such > an ephemeral and mostly useless reason as t'hide deir textual clues. > > Kascinski gots nailed cuz' his rants wuz so's long, runnin' t'many > newssheet pages (as dey wuz printed, at da damn FBI's request o' his > request, o' bod, ah' fo'get da damn details) and wuz filled wid some lot mo'e > dan plum grammatical and stylistic clues, dig dis: de rants had his political > views, his analysis uh histo'y, etc. Co' got d' beat! It's doubtful dat K. would gots > had any interest in tryin' t'scribble in some syndetic language, > stripped uh various stylistic choices and opshuns. > > Or dat we would wanna. > > By de way, dere wuz some scribblin' out some few years back by an academic who > specializes in "fo'ensic text analysis," e.g. What it is, Mama!, analyzin' de text of > Shakespeare, Pynchon, etc. Co' got d' beat! t'do dis kind'a analysis. (He lived in > Soquel, some town near me, and he analyzed letters by some "Wanda Tinax'y" > which wuz recon'd by some t'be actually written by Domas Pynchon, > de famously reclusive audo' who, by coincidence (o' not?) lived fo' a > decade some couple uh ridges upside from me, in Aptos, also near Soquel. > Small wo'ld. Google should turn down de audo' fo' dose interested in > findin' de scribblin'. > > > > > "We is at war wid Oceania. WORD! We gots always been at war wid Oceania. WORD!" > "We is at war wid Eurasia. WORD! We gots always been at war wid Eurasia. WORD!" > "We is at war wid Iraq. Ah be baaad... We gots always been at war wid Iraq. Ah be baaad... > "We is at war wid France. We gots always been at war wid France." -- Neil Johnson http://www.njohnsn.com PGP key available on request. From njohnsn at njohnsn.com Sat Apr 26 23:06:26 2003 From: njohnsn at njohnsn.com (Neil Johnson) Date: Sun, 27 Apr 2003 01:06:26 -0500 Subject: Anonglish (was: Re: Authenticating Meat) In-Reply-To: References: Message-ID: <200304270106.26618.njohnsn@njohnsn.com> Ohhh I just can't help it. On Setoordey 26 Epreel 2003 09:42 pm, Teem Mey vrute-a: > > REQOoEST SPEC SOONEST. IDEA RELEYED BOoPERS SOoBJECT EPPROFEL COMMEND. > > > Zeere-a ere-a fereeuoos synzeeteec lungooeges, nut zee leest ooff vheech is zee > furm ooff "meelspeek" used fur qooesee-leeterete-a meelitery memus. Um gesh dee bork, bork! > > Boot ooff cuoorse-a peuple-a eren't gueeng tu leern noo hoomun lungooeges fur sooch > un iphemerel und mustly useless reesun es tu heede-a zeeur textooel clooes. Um gesh dee bork, bork! > > Kesceenski gut neeeled becoose-a hees runts vere-a su lung, roonneeng tu muny > noospeper peges (es zeey vere-a preented, et zee FBI's reqooest oor hees > reqooest, oor but, I furget zee deteeels) und vere-a feelled veet a lut mure-a > thun joost gremmeteecel und styleestic clooes: zee runts hed hees puleeticel > feeoos, hees unelysees ooff heestury, itc. It's duoobtffool thet K. vuoold hefe-a > hed uny interest in tryeeng tu vreete-a in sume-a synzeeteec lungooege-a, > streepped ooff fereeuoos styleestic chueeces und oopshuns. Um gesh dee bork, bork! > > Oor thet ve-a vuoold vunt tu. > > By zee vey, zeere-a ves a buuk oooot a foo yeers beck by un ecedemeec vhu > speceeelizes in "furenseec text unelysees," i.g., unelyzeeng zee text ooff > Shekespeere-a, Pynchun, itc. tu du thees keend ooff unelysees. Um gesh dee bork, bork! (He-a leefed in > Suqooel, a toon neer me-a, und he-a unelyzed letters by a "Vunda Teenesky" > vheech vere-a beleeefed by sume-a tu be-a ectooelly vreettee by Thumes Pynchun, > zee femuoosly reclooseefe-a oothur vhu, by cueencidence-a (oor nut?) leefed fur a > decede-a a cuoople-a ooff reedges oofer frum me-a, in Eptus, elsu neer Suqooel. > Smell vurld. Bork bork bork! Guugle-a shuoold toorn up zee oothur fur thuse-a interested in > feending zee buuk. > > > > > "Ve-a ere-a et ver veet Ooceuneea. Ve-a hefe-a elveys beee et ver veet Ooceuneea." > "Ve-a ere-a et ver veet Iooreseea. Ve-a hefe-a elveys beee et ver veet Iooreseea." > "Ve-a ere-a et ver veet Ireq. Ve-a hefe-a elveys beee et ver veet Ireq. > "Ve-a ere-a et ver veet Frunce-a. Ve-a hefe-a elveys beee et ver veet Frunce-a." -- Neil Johnson http://www.njohnsn.com PGP key available on request. From njohnsn at njohnsn.com Sat Apr 26 23:08:00 2003 From: njohnsn at njohnsn.com (Neil Johnson) Date: Sun, 27 Apr 2003 01:08:00 -0500 Subject: Anonglish (was: Re: Authenticating Meat) In-Reply-To: References: Message-ID: <200304270108.00770.njohnsn@njohnsn.com> Sorry, there wasn't an option to translate into John Young dialect. :) -- Neil Johnson http://www.njohnsn.com PGP key available on request. From shaddack at ns.arachne.cz Sat Apr 26 18:54:19 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Sun, 27 Apr 2003 03:54:19 +0200 (CEST) Subject: Anonglish (was: Re: Authenticating Meat) In-Reply-To: <3EAAC6C0.67F224C3@cdc.gov> Message-ID: On Sat, 26 Apr 2003, Major Variola (ret) wrote: > But seriously, you've just mentioned what's called "textual analysis". > Spelling errors and other idiosyncratic choices can be used > to "pierce the veil" of anonymity. That's what did in Dr. Kaczynski, > who pissed on the FBI for over a decade, until his brother recognized > his text. Couldn't there be a standard English-based language, "Anonglish", with a subset of English grammatical rules, human-readable (though maybe with its own idiosyncrazies) and machine-parseable, which appearance would not give many more clues than that Anonglish was used? Something where grammar rules would be few, strict, and easy to machine-check, spelling as well, and still be readable to anyone who knows "standard" English? Possibly with a "translator" from "normal" English (of course with the necessity to read the translation, correct eventual semantical mistakes introduced by rearranging the words, and "anonspell-check" the result)? That would put textual analysis from comparing the errors characteristic for a given person to comparing of trains of thoughts, which is much more difficult, much less being a "reliable proof", and practically impossible for very short messages. From schear at attbi.com Sun Apr 27 07:43:49 2003 From: schear at attbi.com (Steve Schear) Date: Sun, 27 Apr 2003 07:43:49 -0700 Subject: Welcome Patrick (was Re: Making Money in Digital Money) In-Reply-To: <3EAAF9C6.9787.1BF0228@localhost> References: <20030426025046.A8088505@exeter.ac.uk> Message-ID: <5.2.1.1.0.20030427073531.043158d8@mail.attbi.com> At 09:27 PM 4/26/2003 -0700, James A. Donald wrote: > > * Real DM will likely be introduced in a guerilla fashion, > > much as Pr0duct Cypher anonymously released Magic Money a > > decade ago. > >The mint cannot be anonymous. Needs reputation, and sizable >wealth. Mint probably employs programmer, or is programmer. > >If the code is public domain, then there will be multiple >mints, with some more willing to disregard hostile governments >than others. I'm not sure if many on this list recognize that the one such person, Patrick, replied to the "RE: Thanks for the living hell, and question about OpenSSL" thread yesterday. His Lucrative, open source DBI, is the first serious cypherpunks mint/ewallet code produced since Pr0duct Cypher's attempt many years ago. Unlike the earlier stuff, its object oriented and uses some of the most current middleware tools and techniques. Those on the list who fashion themselves as more than armchair cypherpunks would do well to visit his site http://lucrative.thirdhost.com/ , join the Lucrative mail list and/or chat with him privately. >I suggest the following introduction: Introduce for >micropayment services (identity is too expensive for small >payments, which is why credit cards fail below five dollars) >Useful for antispam email charge, remailer user fees, file >sharing networks (solving the free rider problem), pornography >by the minute, and tips for videocam performers. Patrick will soon have a configurable toolkit to create an "everyman an mint/underwriter" available soon. Lucky has offered to provide offshore from U.S. hosting for test mint. >Need some legal and profitable application to get the software >fully developed, debugged, and people used to it. When people >are using it for dimes, they will want to start using it for >large sums, and then things get interesting. Dubai is >currently the banker for people evading third world currency >exchange restrictions. Once it is working in the micropayment >ghetto, where credit cards are uncompetitive, there will be >demand to break out of that ghetto, and where there is demand, >there will be supply. > >Of course there have been many attempts to fill the >micropayment niche, all of them miserable failures. I think >this is due to the inherantly high costs of identity and >revocability. If your payments are revocable, then you need >identity, which costs, and you get involved in arbitration, >which costs, and you cannot possibly afford to do that on a >micropayment service. > > > * In my view, not necessarily the view of everyone in the DM > > community, the Big Win for solid DM is in illegal markets, > > e.g., buying and selling child porn, bestiality, snuff > > images, etc. > >Child porn and bestiality are, like MP3s, a micropayment >market. My hard drive keeps getting usenet child porn on it >even though I try to prevent it. I download what I think is a >Hellsing cartoon, and guess what? Among the many unviewed >videos and images on my hard drive, there is probably enough >child porn to put me away for fifty consecutive life sentences. >My email spam is full of bestiality, even though I have >numerous filtering rules designed to delete it. Surprisingly, >I do not think I have seen any snuff spam -- which does not >mean I am not getting it, it may be filtered by my anti porn >spam rules. > >Just target file sharing, a legal market, according to the most >recent judicial ruling, and some significant proportion of the >files shared are going to be child porn etc. That is the users >issue, not the banks. > > > * Anyone releasing such a strong DM system should be > > targeting the high end applications, where the needs for > > untraceability are very high and the willingess to pay the > > costs (in training, in network resources) is also high. > >I disagree. Micropayments are legal. Useful if the same >software has legal and illegal uses. Strong anonymity and >consequent irrevocability has accepted legal, moral, and >economic purpose in the micropayment field. > > > * In my view, most who have looked to enter the DM market > > (such as Digicash, Mark Twain Bank, etc.) have shied-away > > from precisely the areas where untraceability meets a real > > market need. > >Mark Twain bank crippled their cash so they could stop >pornographers from using it. > > > A digital money system where the DM may be "cancelled" will > > not fly. For various reasons. (Imagine your bank telling you > > that if they think you are violating their use policies they > > may simply seize your money and you'll be out of luck.) > >Revocability. The various digital gold currencies are >compelled to have an AUP and seize the money of people using >their system when this AUP is violated, even though they very >much do not want to, because of the very high costs involved. > > > * It may be that pioneers in this area just won't be able to > > make any money. This is not new. Many discoveries did not > > enrich the discoverer. Sometimes they were recognized in > > their lifetimes, sometimes not. > >No money then crap software, crap software then lack of >critical mass of users. Has to make money or no one will write >software the ordinary end user will accept. > > --digsig > James A. Donald > 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG > WeQL5KAm368l/BB5FhdV3HRZwi0tcIoVVHe9WyGK > 4JEJhGr9vM1Becp1QdyRiI3U4tkF26wqs75DTGtQA we do not win the terrorism battle / with exclusion of liberties / an un-elected president / with a brand new atrocity / make way for war time opportunists / corporate interests and their proxies / exploitation of a tragedy / to serve their ideologies / corporate military complex / continues to abuse the world / death weapons for despots / sold by the red, white and blue -- Moral Crux, Stocks and Bombs From mv at cdc.gov Sun Apr 27 09:37:32 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 27 Apr 2003 09:37:32 -0700 Subject: Finder's Keepers, Smartcards, Anon Cash [Re: double-spending prevention w. spent coins] Message-ID: <3EAC074C.8060606@cdc.gov> At 05:38 PM 4/26/03 -0700, Bill Stewart wrote: >At 03:05 PM 04/26/2003 -0700, Major Variola (ret) wrote: >>Clearly the most anonymous systems (cash) >>have the 'finders keepers' property, *necessarily*. > > Ok, Major Variola has demonstrated that he's either Not Tim, > or is Tim trying to make it look like he's Not Tim :-) > He's also Not Even Hettinga, nor Adam, nor Choate.... > ... is that you, Lawrence? Perhaps this whole thing is just one person talking to himself, with Tim listening in! -Dr Evil, CP list Clearly I'm not talking about online systems here, where the online DB-query prevents double-spending, and protocols provide anonymity. I'm talking about those systems where you have a tamper-resistant device providing double-spend assurance. Yes, I know that a bank's secrets are not safe in Paul Kocher's back pocket. But lets assume a tamperproof system protected by a reasonable PIN. The stored-value smartcard in your pocket was bought off the shelf with cash and has no identifying info. >>But one can imagine anonymous systems that are useless to finders, >>e.g., a smartcard with a real PIN and/or fingerprint reader. > > Fingerprint reader? No thanks; aside from their technical weaknesses, > they're rather at cross-purposes to anonymous digital cash. > Do not double-spend by looking into laser with remaining eyeball. I'm aware of the problems with biometrics & street surgery. Ok, a PIN is fine. > You don't even need a smartcard; a data file format that uses > some kind of password-based encryption is enough. > Smart cards, or dumb cards, may or may not be a useful adjunct > to some digital cash systems, but one of the big reasons for using > digital cash instead of 500-Euro banknotes is for online transactions. > Smartcards may let you use your digital cash at somebody else's >cash reader, > and may reduce the risk of software problems trashing your cash, > but digicash isn't necessarily something most people will carry >around. Physical tokens are better user interfaces. You can also leverage their tamper-resistance as the origin of trust. Without going online for every transaction. Obviously there are pros and cons for different techs. (I don't see why a secure smartcard couldn't be used for online transactions if it has a convenient home-computer i/f; dedicated devices are more reliable, anyway.) >>In these cases, it is advantageous to the finder to return the >>smartcard in hope of a reward, IFF the loser makes this possible. > > Now, *that's* an interesting suggestion. Pay-to-bearer has finder's-keepers property, but the PIN can remove this property. I suppose this applies to online protocol based systems, e.g., if someone trojans your computer and copies your coins. Much like PGP does with private keys, requiring a passphrase to get to them. >>Maybe there's a bizmodel in being a clearing house for lost locked >>smartcards, without trashing their potential "bearer" anonymity unless >>the loser tells the clearing house they've lost it. > > Not any time soon :-) It's much more likely that the issuing bank > or the wallet vendor would be in this business than a third party, > and there are problems like how to preserve the anonymity, My claim is that anonymity can be present *unless* you want your card (with its stored-value) back. This is a feature that cash doesn't have. > Or you just limit use of smartcards to money you're willing to lose, Much like a leather wallet & paper cash; but smartcard-cash could be 'safer' with a PIN & (anonymity-busting) reward mechanism. Obviously you can't 'cancel' a smartcard like you can a lost credit card, since the smartcard transactions are not online. So you hope its found, instead of truly lost. When you lose paper cash, you don't care, its the same to you. From measl at mfn.org Sun Apr 27 07:44:44 2003 From: measl at mfn.org (J.A. Terranson) Date: Sun, 27 Apr 2003 09:44:44 -0500 (CDT) Subject: How convenient... In-Reply-To: <20030427112844.GH25990@dreams.soze.net> Message-ID: On Sun, 27 Apr 2003, Justin wrote: > I assume this means that nobody cares any longer about finding WoMD? I have seen several different wire stories in the last few days where Shrub's Thugs stated that "WMD may have been destroyed before the start of the war". I find it amazing that nobody in the press has stopped to ask the obvious questions, for instance, if all WMD were destroyed before the war (as Iraq stated), then (a) How is it that the US continually asserted that it knew for FACT that these weapons existed, and even claimed to KNOW the exact locations (but "wouldn't tell" Blix), and (b) if Iraq did in fact destroy all WMD, as he stated he did, and as we are now beginning to acknowledge, how do we "justify" [read: "make legal"] our recent BoyzWithToyz party? -- Yours, J.A. Terranson sysadmin at mfn.org From hseaver at cybershamanix.com Sun Apr 27 08:26:05 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Sun, 27 Apr 2003 10:26:05 -0500 Subject: The Freest Country? In-Reply-To: <5.1.1.6.2.20030426235327.02d35228@idiom.com> References: <5.1.1.6.2.20030426235327.02d35228@idiom.com> Message-ID: <20030427152605.GB27576@cybershamanix.com> On Sun, Apr 27, 2003 at 12:05:01AM -0700, Bill Stewart wrote: > > I don't know if it's as easy to confuse the US and Canada about > which country you're living in, and while the borders are permeable, > they're a lot more thoroughly audited than they used to be, > so maybe you need to spend more time on the ferryboat to Vancouver > instead of driving or flying commercially. I've known a couple of different people who were private pilots who always said the US/CA border is non-exiestent. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From rah at shipwright.com Sun Apr 27 08:18:06 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 27 Apr 2003 11:18:06 -0400 Subject: The Freest Country? In-Reply-To: <51893672-7867-11D7-865D-000A956B4C74@got.net> References: <51893672-7867-11D7-865D-000A956B4C74@got.net> Message-ID: At 9:18 PM -0700 4/26/03, Tim May wrote: >I still can't understand anything he writes. He's either actually a >loon, as he portrays himself to be, or he thinks he's channeling James >Joyce. Having met John Young once, I think I prefer the latter, he's certainly smart enough to do it.:-) Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From justin at soze.net Sun Apr 27 04:28:44 2003 From: justin at soze.net (Justin) Date: Sun, 27 Apr 2003 11:28:44 +0000 Subject: How convenient... In-Reply-To: References: