From ravage at einstein.ssz.com Tue Jul 1 04:36:02 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Tue, 1 Jul 2003 06:36:02 -0500 (CDT) Subject: [eff-austin] Wired: Ex-Intel Coder Wins E-Mail Case (fwd) Message-ID: ---------- Forwarded message ---------- Date: Mon, 30 Jun 2003 23:58:14 -0700 (PDT) From: Carl Webb To: eff-austin at effaustin.org, tlc-discuss at lists.cwrl.utexas.edu Subject: [eff-austin] Wired: Ex-Intel Coder Wins E-Mail Case ------------------------------------------------------------------------ Ex-Intel Coder Wins E-Mail Case http://www.wired.com/news/technology/0,1282,59450,00.html By Ryan Singel Sending e-mails to a company's employees, even when those messages are critical of the company, can't be considered trespassing, according to a decision released Monday by California's Supreme Court. In a 4-3 ruling applauded by free speech advocates, the court overturned a Court of Appeals decision that barred Ken Hamidi, a disgruntled former Intel employee, from e-mailing his former co-workers at the chipmaker. "The court understood that this case is about communication," said Lee Tien of the Electronic Frontier Foundation, which filed a friend of the court brief on Hamidi's behalf. "If the decision had gone the other way, the Internet's fundamental structure -- where everyone is connected to everyone -- would have been compromised. It would have Balkanized the Internet." Hamidi, who was fired in 1996 by Intel, sent a series of six e-mails to 30,000 Intel employees during the late 1990s. The messages criticized the company's labor practices, asking employees to join an anti-Intel group and urging them to look for jobs elsewhere. Intel sought a court order to stop the campaign, arguing that Hamidi's e-mails disrupted its workplace and trespassed on its network. The California Superior Court agreed with Intel in 1998, ordering Hamidi to stop sending e-mails. Hamidi appealed the decision, but in 2001, the Court of Appeals upheld the ruling that Hamidi was trespassing on Intel's servers. The lower courts justified the injunction against Hamidi based on the common law provision known as "trespass to chattels," which allows property owners to sue someone who misuses, but does not steal, their property. The Court of Appeals ruling held that meddling with another person's property was enough to warrant an injunction. The state Supreme Court rejected the appeals court's reasoning, saying that Hamidi's e-mails weren't trespassing since they didn't actually disrupt Intel's servers. The court declared in its majority opinion that "Hamidi did nothing but use the e-mail system for its intended purpose -- to communicate with employees." The court added, "The system worked as designed, delivering the messages without any physical or functional harm or disruption. These occasional transmissions cannot reasonably be viewed as impairing the quality or value of Intel's computer system." Hamidi's lawyers and supporters feared that if the lower court's decision had stood, individuals could be sued for hyperlinking to a Web page or sending a single unwanted e-mail. "The Court has soundly rejected the invitation to create a new rule with the potential to cripple the Internet as a network," said Gregory Lastowka, one of Hamidi's attorneys. "If a plaintiff wants to bring a claim of trespass to chattel, there must be some proof of damage to the communications equipment." Intel argued that the case was about private property, not free speech. Intel hasn't decided whether to appeal the ruling, said Chuck Mulloy, a company spokesman. "We're disappointed with the ruling," said Mulloy. "But we are studying the ruling to assess what options we have if Mr. Hamidi resumes his spamming of Intel." The carefully worded decision does not prevent companies from suing spammers for overloading their servers. "The functional burden on Intel's computers, or the cost in time to individual recipients, of receiving Hamidi's occasional advocacy messages cannot be compared to the burdens and costs caused ISPs and their customers by the ever-rising deluge of commercial e-mail," according to the court. The court also said that Intel couldn't stop Hamidi by arguing that the e-mails disrupted the workplace and affected productivity, writing that Intel could not "assert a property interest in its employees' time." The court did not, however, decide that the First Amendment required Intel to let Hamidi's e-mails reach its employees' mailboxes. After Hamidi's first mass e-mail, Intel engineers added mail filters that blocked Hamidi's missives based on their content and IP address. Hamidi evaded some of those filters by using different computers and scrambling words in the e-mails to avoid keyword filters. From bear at sonic.net Tue Jul 1 09:48:37 2003 From: bear at sonic.net (bear) Date: Tue, 1 Jul 2003 09:48:37 -0700 (PDT) Subject: Attacking networks using DHCP, DNS - probably kills DNSSEC In-Reply-To: <200307010901.h6191eA18488@medusa01.cs.auckland.ac.nz> Message-ID: On Tue, 1 Jul 2003, Peter Gutmann wrote: > Given that their goal is zero-configuration networking, I can see > that being required to provide a shared secret would mess things up > a bit for them. It'd be a bit like PKIX being asked to make > ease-of-use a consideration in their work, or OpenPGP to take X.509 > compatibility into account. I tend to agree... I don't think "zero-configuration" networking has a real possibility to create any safety zones beyond the immediate physical machine. After all, if you can plug it into any network and it just works, you can plug it into an insecure or subverted network and it'll just work. At the very least you've got to have a file of keys. Bear --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From camera_lumina at hotmail.com Tue Jul 1 08:37:06 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 01 Jul 2003 11:37:06 -0400 Subject: Warchalking and 802.11bag repeaters? Message-ID: This remionds me of something I've been wondering about, which may actually call for warchalking (though I'm sure warchalking is not being used for this yet). Here in NYC Verizon has already set up about 50 802.11b nodes on top of telephone booths, and when they're finished there will be about 150 city wide. Now one of these nodes is down the street (Wall Street), but its too far out of range for me to reach from my desk. The Starbucks across the street, however, is a different story. Now I'm wondering...if there existed an 802.11b repeater between Starbucks and the Verizon hotspot, then I could potentially send a friend working down by Wall and Water email or whatever without the message ever going wireline. (Is this correct? Of course it assumes that the IP shortest path is a wireless one.) Since any 802.11 repeaters that might ever come into being could be quite cheap, I can easily see private citizens installing them in order to connect 802.11 b/a/g islands together, bypassing the wireline infrastructure althogether. Warchalking would help such folks determine how far the hotspots actually are from one another, to see if a repeater is needed. -TD >From: Morlock Elloi >To: cypherpunks at lne.com >Subject: Re: Warchalking does not exist: a wager. >Date: Mon, 30 Jun 2003 22:34:30 -0700 (PDT) > > > Don't know about warchalking per se, gpsdrive and kismet work a lot >better, > > and people trade the waypoints/nodes. Makes a hundred times more sense > >I never figured out why does one need a map of grocery stores. You see a >store >with the OPEN sign and get your chocolate. > >802.11b works the same way, there are zillon drivers that give you a list >of >OPEN access points IN YOUR RANGE* and you simply pick one (some drivers >will >also test the connectivity to the backbone so you don't waste time with >firewalled ones.) > >And the purpose of chalk marks is ? > > > >* 18" grid dish does wonders ... all the city is in the range. > > > >===== >end >(of original message) > >Y-a*h*o-o (yes, they scan for this) spam follows: > >__________________________________ >Do you Yahoo!? >SBC Yahoo! DSL - Now only $29.95 per month! >http://sbc.yahoo.com _________________________________________________________________ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail From ravage at einstein.ssz.com Tue Jul 1 18:53:58 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Tue, 1 Jul 2003 20:53:58 -0500 (CDT) Subject: Geek.com Geek News - U.S. creates new cyber security division (fwd) Message-ID: http://64.55.181.130/news/geeknews/2003Jun/gee20030609020315.htm -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From pgut001 at cs.auckland.ac.nz Tue Jul 1 02:01:40 2003 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Tue, 1 Jul 2003 21:01:40 +1200 Subject: Attacking networks using DHCP, DNS - probably kills DNSSEC Message-ID: <200307010901.h6191eA18488@medusa01.cs.auckland.ac.nz> William Allen Simpson writes: >Would this be the DHCP working group that on at least 2 occasions when I was >there, insisted that secure DHCP wouldn't require a secret, since DHCP isn't >supposed to require "configuration"? Given that their goal is zero-configuration networking, I can see that being required to provide a shared secret would mess things up a bit for them. It'd be a bit like PKIX being asked to make ease-of-use a consideration in their work, or OpenPGP to take X.509 compatibility into account. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From bill.stewart at pobox.com Wed Jul 2 02:04:28 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Wed, 02 Jul 2003 02:04:28 -0700 Subject: test please ignore Message-ID: <5.1.1.6.2.20030702020307.02e3d550@idiom.com> Is it really quiet in here, or does the fact that I've been playing with procmail this evening have something to do with it? Thanks; Bill From eresrch at eskimo.com Wed Jul 2 06:23:01 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Wed, 2 Jul 2003 06:23:01 -0700 (PDT) Subject: Weapons of mass destruction In-Reply-To: <200307020214.h622EOR23140@medusa01.cs.auckland.ac.nz> Message-ID: On Wed, 2 Jul 2003, Peter Gutmann wrote: > -- Snip -- > > Go to www.google.com > > Type in "weapons of mass destruction" (including the quotes) and hit the "I'm > feeling lucky" button. > > Read the error page carefully. Yes, the connection of Rumsfeld to Strangelove is perfect! Patience, persistence, truth, Dr. mike From ravage at einstein.ssz.com Wed Jul 2 04:34:37 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 2 Jul 2003 06:34:37 -0500 (CDT) Subject: Ohio.com - US Developing Urban Surveillance System (fwd) Message-ID: http://www.ohio.com/mld/ohio/news/6211959.htm -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From ravage at einstein.ssz.com Wed Jul 2 04:35:26 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 2 Jul 2003 06:35:26 -0500 (CDT) Subject: [eff-austin] Fwd: SAVE THE DATE: AeA Event July 29 with Congressman Lamar Smith (fwd) Message-ID: ---------- Forwarded message ---------- Date: Tue, 01 Jul 2003 23:14:53 -0500 From: Bill Kleinebecker To: eff-austin at effaustin.org Subject: [eff-austin] Fwd: SAVE THE DATE: AeA Event July 29 with Congressman Lamar Smith >Join us for breakfast and an in-depth discussion on the business legacy >of the >Digital Millennium Copyright Act (DMCA), its impact on our industry, and the >current efforts underway in Congress to readdress such critical issues as Fair >Use rights and the DMCA's scope of protection. For more information, please >visit >http://www.aeanet.org/events/eventsStart.asp?meeting=AU070301 > >Keynote Speaker: U.S. Congressman Lamar Smith ~ Chairman of the >Subcommittee on >Courts, the Internet and Intellectual Property of the U. S. House Judiciary >Committee > >Guest Panelists: Sue Snyder, AMD and William Patry, Baker Botts LLP >Other Panelists to be announced soon > >Moderator: Thomas Felger, Baker Botts LLP > >Who should attend: High-Tech Company CXOs, General Counsels. > >Registration & Breakfast: 7:30 a.m. - 8:15 a.m. > >Program: 8:15 a.m. - 9:30 a.m. > >Location/Directions >Four Seasons Hotel >98 San Jacinto Blvd. >Austin, TX 78701 >Located at the intersection of San Jacinto & Cesar Chavez streets >Registration Information >Cost: $15 for AeA members, $25 for non-member. Self-parking is Complimentary. >To register, please contact Pam Devine at pam_devine at aeanet.org or (512) >474-4403. > >******************************************************************************* >Unsubscribe/Change of Address Option >You have indicated that you are interested in receiving this kind of >information from AeA via email. >To stop receiving this information, please send an email back saying >"Unsubscribe" and I will remove you from this distribution list. >To change your email address and contact info, login to >http://www.aeanet.org/ContactUpdate > >-------------------------------------- >Pam Devine >Coordinator, Member Services & Programs >AeA, Advancing the Business of Technology >1402 San Antonio St Ste 100, Austin TX 78701-1606 >Tel: (512) 474-4403 Fax: (512) 476-9908 >pam_devine at aeanet.org >http://www.aeanet.org > > > > >####030626115827PAMD | PAMD | 144#### From ravage at einstein.ssz.com Wed Jul 2 05:13:04 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 2 Jul 2003 07:13:04 -0500 (CDT) Subject: Slashdot | GPL May Not Work In German Legal System (fwd) Message-ID: http://yro.slashdot.org/yro/03/07/02/0245228.shtml?tid=117&tid=99 -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From ravage at einstein.ssz.com Wed Jul 2 05:14:02 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 2 Jul 2003 07:14:02 -0500 (CDT) Subject: The Register - Blocking Internet porn in Iran (fwd) Message-ID: http://www.theregister.co.uk/content/6/31515.html -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From ravage at einstein.ssz.com Wed Jul 2 05:15:50 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 2 Jul 2003 07:15:50 -0500 (CDT) Subject: New subatomic species found: Collision debris yields five-quark particle. (fwd) Message-ID: http://www.nature.com/nsu/030630/030630-4.html -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From declan at well.com Wed Jul 2 06:35:42 2003 From: declan at well.com (Declan McCullagh) Date: Wed, 2 Jul 2003 09:35:42 -0400 Subject: Is Hatch a Mormon or a crypto Satanist? In-Reply-To: <5.1.1.6.2.20030621111348.03329eb0@idiom.com>; from bill.stewart@pobox.com on Sat, Jun 21, 2003 at 11:24:30AM -0700 References: <3EF494B4.9AE84FC4@cdc.gov> <5.1.1.6.2.20030621111348.03329eb0@idiom.com> Message-ID: <20030702093542.A19112@cluebot.com> On Sat, Jun 21, 2003 at 11:24:30AM -0700, Bill Stewart wrote: > I've also found it was less trouble to get a beer and _dinner_ > late at night than in much of California, though perhaps they > have rules requiring bars to also be restaurants. I was in Salt Lake City just after the Olympics (and during the Paralympics) last year and, like you, didn't have any problem getting a beer with dinner. But late at night? Everything seemed to close around 10-11 pm. See: http://www.mccullagh.org/theme/winter-paralympics-2002.html -Declan From declan at well.com Wed Jul 2 06:36:44 2003 From: declan at well.com (Declan McCullagh) Date: Wed, 2 Jul 2003 09:36:44 -0400 Subject: Is Hatch a Mormon or a crypto Satanist? In-Reply-To: ; from camera_lumina@hotmail.com on Sat, Jun 21, 2003 at 03:40:35PM -0400 References: Message-ID: <20030702093644.B19112@cluebot.com> To go back to the Subject: line of this thread, I recall that Hatch is a former Mormon bishop. -Declan From timcmay at got.net Wed Jul 2 09:45:58 2003 From: timcmay at got.net (Tim May) Date: Wed, 2 Jul 2003 09:45:58 -0700 Subject: All quiet on the western front In-Reply-To: <20030702095559.D19112@cluebot.com> Message-ID: On Wednesday, July 2, 2003, at 06:55 AM, Declan McCullagh wrote: > Pretty quiet. I'm going through back messages now and only saw I think > three from July 1. > > -Declan > > > On Wed, Jul 02, 2003 at 02:04:28AM -0700, Bill Stewart wrote: >> Is it really quiet in here, or does the fact that I've been >> playing with procmail this evening have something to do with it? >> >> Thanks; Bill > But things have been quiet for months now, except for occasional bursts of Unix-related security cruft. I think it's related to "statism overload." And boredom. Things are objectively more statist and surveillance-oriented than when the Phil Zimmermann case and Clipper phone "energized a generation." But the reaction today is ho-hum. No emergency meetings, no guerilla activities. Hell, it's been months since I've seen any mention of a Cypherpunks meeting in the Bay Area. (A recurring problem for years, actually, since we stopped having meetings in a regular place. One never knows whether the next meeting will be at some coffee shop in Oakland or, ugh, at the Police Training Camp in San Francisco. In any case, driving 50 miles to Silicon Valley was a regular thing for me, but driving 100 miles to SF or Oakland is usually not in the cards for me. I haven't heard about any meetings since several months ago, so maybe they're not even happening up in SF or Berkeley, anyway.) But things are quite a bit worse than they were in 1992. Which, I suppose, is good for bringing on the collision of armies, or recruiting new warriors. But maybe not, given the apathy. Every day brings new reports of surveillance plans, suspensions of the Constitution, more statism. I think people are anesthetized, a la the boiling frog, to the developing statism. (Side note, worthy of a longer article: It may be literally a generational thing, as libertarianism tended to be. The anti-state "activists" of the 70s and 80s were influenced by the antiwar movement of the 60s, but were still somewhat libertarian. Many had read Heinlein, Rand, Rothbard, Hayek. The early Cypherpunks folks were generally conversant with the ideas, and receptive. I conjecture that the "new crop" is more into body piercings, skin art, and anti-globalism (when it comes to corporations and trade, but not when it comes to world government). In other words, Cypherpunks is like several other Baby Boom "degenerating research program.") I would predict that things are getting more statist and are coming to some kind of head. Except, why bother making any predictions? Robert Hettinga would make some snarky comment about my track record for predictions and Duncan Frissell would gush about how things are more free than ever, that the Perpetual Tourist need not worry about surveillance, tracking, new laws, and restrictions on movement. Here's just part of just today's harvest. I won't even call it "Brinworld," as many here do, as this kind of government surveillance has nothing in common with Brin's (misguided) idea of symmetrical surveillance. --begin excerpt-- U.S. Develops Urban Surveillance System Wed Jul 2, 1:46 AM ET By MICHAEL J. SNIFFEN, Associated Press Writer WASHINGTON - Police can envision limited domestic uses for an urban surveillance system the Pentagon (news - web sites) is developing but doubt they could use the full system which is designed to track and analyze the movement of every vehicle in a city. Dubbed "Combat Zones That See," the project is intended to help the U.S. military protect troops and fight in cities overseas. Scientists and privacy experts say the unclassified technology also could easily be adapted to keep tabs on Americans. The project's centerpiece would be groundbreaking computer software capable of automatically identifying vehicles by size, color, shape and license tag, or drivers and passengers by face. The proposed software also would provide instant alerts after detecting a vehicle with a license plate on a watchlist, or search months of records to locate and compare vehicles spotted near terrorist attacks, according to interviews and contracting documents reviewed by The Associated Press. The Defense Advanced Research Projects Agency, which develops technologies for fighting 21st century wars, is overseeing the project. Scientists and privacy experts who have seen face-recognition technology used at a Super Bowl and monitoring cameras in London are concerned about the potential impact of the emerging DARPA technologies if they are applied to civilians by commercial or government agencies outside the Pentagon. "Government would have a reasonably good idea of where everyone is most of the time," said John Pike, a Global Security.org defense analyst. From declan at well.com Wed Jul 2 06:55:59 2003 From: declan at well.com (Declan McCullagh) Date: Wed, 2 Jul 2003 09:55:59 -0400 Subject: test please ignore In-Reply-To: <5.1.1.6.2.20030702020307.02e3d550@idiom.com>; from bill.stewart@pobox.com on Wed, Jul 02, 2003 at 02:04:28AM -0700 References: <5.1.1.6.2.20030702020307.02e3d550@idiom.com> Message-ID: <20030702095559.D19112@cluebot.com> Pretty quiet. I'm going through back messages now and only saw I think three from July 1. -Declan On Wed, Jul 02, 2003 at 02:04:28AM -0700, Bill Stewart wrote: > Is it really quiet in here, or does the fact that I've been > playing with procmail this evening have something to do with it? > > Thanks; Bill From hseaver at cybershamanix.com Wed Jul 2 08:11:05 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Wed, 2 Jul 2003 10:11:05 -0500 Subject: test please ignore In-Reply-To: <5.1.1.6.2.20030702020307.02e3d550@idiom.com> References: <5.1.1.6.2.20030702020307.02e3d550@idiom.com> Message-ID: <20030702151105.GA15562@cybershamanix.com> On Wed, Jul 02, 2003 at 02:04:28AM -0700, Bill Stewart wrote: > Is it really quiet in here, or does the fact that I've been > playing with procmail this evening have something to do with it? > > Thanks; Bill Oh oh -- for some strange reason, all three messages in this thread got sent to my procmail spam file. I've noticed for awhile that the info message from lne.com always lands there as well, but not the real posts. Sigh! -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From hseaver at cybershamanix.com Wed Jul 2 08:17:43 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Wed, 2 Jul 2003 10:17:43 -0500 Subject: test please ignore In-Reply-To: <20030702151105.GA15562@cybershamanix.com> References: <5.1.1.6.2.20030702020307.02e3d550@idiom.com> <20030702151105.GA15562@cybershamanix.com> Message-ID: <20030702151743.GA15671@cybershamanix.com> On Wed, Jul 02, 2003 at 10:11:05AM -0500, Harmon Seaver wrote: > On Wed, Jul 02, 2003 at 02:04:28AM -0700, Bill Stewart wrote: > > Is it really quiet in here, or does the fact that I've been > > playing with procmail this evening have something to do with it? > > > > Thanks; Bill > > Oh oh -- for some strange reason, all three messages in this thread got sent > to my procmail spam file. I've noticed for awhile that the info message from > lne.com always lands there as well, but not the real posts. > Sigh! Ah, I see, it's the "please" in the subject line that does it. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From ptrei at rsasecurity.com Wed Jul 2 07:33:41 2003 From: ptrei at rsasecurity.com (Trei, Peter) Date: Wed, 2 Jul 2003 10:33:41 -0400 Subject: Is Hatch a Mormon or a crypto Satanist? Message-ID: > Declan McCullagh[SMTP:declan at well.com] > > To go back to the Subject: line of this thread, I recall that Hatch is > a former Mormon bishop. > > -Declan > In the LDS church, the title 'Bishop' is handed out pretty freely - I think it's roughly equivalent to 'lay preacher'. ...and it's not the only title subject to inflation. Those 17-year-old missionaries are properly addressed as 'Elder'. Peter Trei From ptrei at rsasecurity.com Wed Jul 2 07:55:49 2003 From: ptrei at rsasecurity.com (Trei, Peter) Date: Wed, 2 Jul 2003 10:55:49 -0400 Subject: test please ignore Message-ID: > Declan McCullagh[SMTP:declan at well.com] > > > Pretty quiet. I'm going through back messages now and only saw I think > three from July 1. > > -Declan > > > On Wed, Jul 02, 2003 at 02:04:28AM -0700, Bill Stewart wrote: > > Is it really quiet in here, or does the fact that I've been > > playing with procmail this evening have something to do with it? > > > > Thanks; Bill > Don't top post! I have 9 real messages from July 1. Peter Trei From ptrei at rsasecurity.com Wed Jul 2 08:35:06 2003 From: ptrei at rsasecurity.com (Trei, Peter) Date: Wed, 2 Jul 2003 11:35:06 -0400 Subject: Are the filters too restrictive on some CDRs? Message-ID: > Gabriel Rocha[SMTP:gabe at seul.org] wrote > > On Wed, Jul 02, at 10:55AM, Trei, Peter wrote: > | I have 9 real messages from July 1. > > What node do you subscribe to? I have three messages from July 1st. I > use lne. > I use minder.com, which does no filtering. The count is after throwing out spam, duplicates, and Professor Rat. Peter From jamesd at echeque.com Wed Jul 2 11:55:38 2003 From: jamesd at echeque.com (James A. Donald) Date: Wed, 02 Jul 2003 11:55:38 -0700 Subject: All quiet on the western front Message-ID: -- On 2 Jul 2003 at 9:45, Tim May wrote: > But things have been quiet for months now, except for > occasional bursts of Unix-related security cruft. The technology is known, it has become depressingly apparent that imminent world change by means of this technology is not in the cards right now, what is left to say? The cypherpunk agenda is in fact making progress in boring routine ways -- increasing real world use of encryption, various complicated boring routine measures to improve security. Digital currencies have plateaued by some measures, but I think uptake will continue. At present, digital currencies do not give you any privacy from the currency issuer, but in practice monitoring is expensive, and low monitoring issuers tend to out compete high monitoring issuers. No issues of Chaumian cash have succeeded, but Chaumian cash is the ultimate in low monitored, irreversible transactions, so as Hettinga is fond of arguing, the trend is in its favor, but immediate change is not in sight. With americans, and the english speaking west in general under attack, the tendency is to rally around the state. Anarchism is not as popular as it was, not as cools as it was, when enemies are trying to kill us, and the state is trying to kill our enemies. > Every day brings new reports of surveillance plans, > suspensions of the Constitution, more statism. It is war. > Side note, worthy of a longer article: It may be literally a > generational thing, as libertarianism tended to be. The > anti-state "activists" of the 70s and 80s were influenced by > the antiwar movement > of the 60s, but were still somewhat libertarian. Many had > read > Heinlein, Rand, Rothbard, Hayek. The early Cypherpunks folks > were generally conversant with the ideas, and receptive. I > conjecture that the "new crop" is more into body piercings, > skin art, and anti-globalism (when it comes to corporations > and trade, but not when it comes to world government). In > other words, Cypherpunks is like several other Baby Boom > "degenerating research program.") You are suffering from old fogyism. "Ah, teenagers today are so rotten and selfish, not like we were." This reminds me of the indignant complaints about the fact that at the recent woodstock, so many young women were naked and semi conscious on GHB. Do you remember the original woodstock? If you do remember, you were not there. You think the "reefer madness" hysteria was laughable? They recently gave some poor sucker a sentence of several hundred years for "raping" girls by giving GHB, although his home movies seem to show the alleged rape victims enthusiastically jumping him. The fact is that our generation turned into the generation we were revolting against, only ten times worse. That is what went wrong. Four times the hypocrisy, ten times the jail sentences. It started when those boring puritan Leninists took over SDS (Students for a democratic society) in 1963, 1964. All that terribly solemn do gooding in the 1962 Port Huron statement, and the next thing you know instead of "Sex drugs and rock and roll", we hear that heterosexuality constitutes sexism and Andrew Luster is being abducted from a foreign country as if he was general Noriega. If he had jumped out of the bushes, sawed a nine year old's arms and legs off, and then raped her, the government would not have had him kidnapped in order to get him. Teenagers have not changed, instead we have become those old fogies we revolted against. We did not realize that the port Huron statement turned us into young fogies, the doddering senile washed up old bolsheviks. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG zM6pUlk6ZJ3PNi5XRMFqgmuU2xj28x3t55x+IgFu 46aIWX5lC5VdjpVgTOT5JiMBx1VdJYnsZT/eVKQ2t From pgut001 at cs.auckland.ac.nz Tue Jul 1 19:14:24 2003 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Wed, 2 Jul 2003 14:14:24 +1200 Subject: Weapons of mass destruction Message-ID: <200307020214.h622EOR23140@medusa01.cs.auckland.ac.nz> -- Snip -- Go to www.google.com Type in "weapons of mass destruction" (including the quotes) and hit the "I'm feeling lucky" button. Read the error page carefully. -- Snip -- Peter. From declan at well.com Wed Jul 2 13:09:02 2003 From: declan at well.com (Declan McCullagh) Date: Wed, 02 Jul 2003 16:09:02 -0400 Subject: Reporter writing article on proffr/mattd and threats Message-ID: <5.2.1.1.0.20030702160220.039d55b8@mail.well.com> I received a phone call today from a newspaper reporter who's writing an article on mattd/proffr and wanted background on the cypherpunks group or movement, as he put it. The reporter -- who covers crime, law enforcement, and the courts -- wanted to know whether mattd/proffr was representative of the group or an outlier, and stressed that two other cypherpunks have been imprisoned for their actions in this area. Apparently mattd/proffr has been saying on cypherpunks that some federal prosecutors need killing. Then that post was indexed by Google, and now it is a prominent hit for the name of said prosecutor. (I say apparently because, thanks to the good graces of procmail, I haven't read any mattd/proffr posts in ages. This is what I gathered solely from the phone conversation.) Anyway, the Feds apparently are neither confirming nor denying that an investigation is in progress, except to say that they are "aware" of mattd/proffr's post. This is what I learned from the phone call. I have no firsthand knowledge. -Declan From measl at mfn.org Wed Jul 2 15:52:30 2003 From: measl at mfn.org (J.A. Terranson) Date: Wed, 2 Jul 2003 17:52:30 -0500 (CDT) Subject: mattd Needs Killing (was: Re: CDR: Reporter writing article on proffr/mattd and threats) In-Reply-To: <5.2.1.1.0.20030702160220.039d55b8@mail.well.com> Message-ID: On Wed, 2 Jul 2003, Declan McCullagh wrote: > I received a phone call today from a newspaper reporter who's writing an > article on mattd/proffr and wanted background on the cypherpunks group or > movement, as he put it. The reporter -- who covers crime, law enforcement, > and the courts -- wanted to know whether mattd/proffr was representative of > the group or an outlier, and stressed that two other cypherpunks have been > imprisoned for their actions in this area. I would tell your reporter friend (?) not to bother wasting his cycles on a lunatic. Whether or not he's still spewing his shit (like you I [attempt] to filter all his crap) is really irrelevent, since he's [by definition] not capable of spewing an actual "position". Do reporters write articles about street people who scream at walls? So why write one about a nutcase that somehow stumbled across cypherpunks? He's merely found an outlet where the word "kill" doesn't get much of a reaction, and he likely feels extra-manly using it, so... > Anyway, the Feds apparently are neither confirming nor denying that an > investigation is in progress, except to say that they are "aware" of > mattd/proffr's post. How could they *not* be? The fact that they haven't even bothered to arrest him says it all - even *they* realize that mattd is just a blathering psych patient in search of a rubber room. > This is what I learned from the phone call. I have no firsthand knowledge. Nice disclaimer... > > -Declan > > -- Yours, J.A. Terranson sysadmin at mfn.org "...we are part now of a dubious troika in the war against terror with Vladimir Putin and Ariel Sharon, two leaders who do not shrink in Palestine or Chechnya from carrying out acts of gratuitous and senseless acts of violence. We have become the company we keep." Christopher Hedges 15-year veteran of foreign war coverage for the New York Times From declan at well.com Wed Jul 2 14:55:36 2003 From: declan at well.com (Declan McCullagh) Date: Wed, 2 Jul 2003 17:55:36 -0400 Subject: Reporter writing article on proffr/mattd and threats In-Reply-To: <5.2.1.1.0.20030702160220.039d55b8@mail.well.com>; from declan@well.com on Wed, Jul 02, 2003 at 04:09:02PM -0400 References: <5.2.1.1.0.20030702160220.039d55b8@mail.well.com> Message-ID: <20030702175536.A26616@cluebot.com> While we're on this topic, some Supreme Court cases... -Declan --- http://laws.findlaw.com/us/249/211.html This is an indictment under the Espionage Act of June 15, 1917, c. 30, tit. 1, 3, 40 Stat. 219, as amended by the Act of May 16, 1918, c. 75, 1, 40 Stat. 553 (Comp. St. 1918, 10212c). It has been cut down to two counts, originally the third and fourth. The former of these alleges that on or about June 16, 1918, at Canton, Ohio, the defendant caused and incited and attempted to cause and incite insubordination, disloyalty, mutiny and refusal of duty in the military and naval forces of the United States and with intent so to do delivered, to an assembly of people, a public speech, set forth. The fourth count alleges that he obstructed and attempted to obstruct the recruiting and enlistment service of the United States and to that end and with that intent delivered the same speech, again set forth. [conviction upheld] http://laws.findlaw.com/us/394/705.html Petitioner's remark during political debate at small public gathering that if inducted into Army (which he vowed would never occur) and made to carry a rifle "the first man I want to get in my sights is L. B. J.," held to be crude political hyperbole which in light of its context and conditional nature did not constitute a knowing and willful threat against the President within the coverage of 18 U.S.C. 871 (a). http://laws.findlaw.com/us/395/444.html Appellant, a Ku Klux Klan leader, was convicted under the Ohio Criminal Syndicalism statute for "advocat[ing] . . . the duty, necessity, or propriety of crime, sabotage, violence, or unlawful methods of terrorism as a means of accomplishing industrial or political reform" and for "voluntarily assembl[ing] with any society, group or assemblage of persons formed to teach or advocate the doctrines of criminal syndicalism." Neither the indictment nor the trial judge's instructions refined the statute's definition of the crime in terms of mere advocacy not distinguished from incitement to imminent lawless action. Held: Since the statute, by its words and as applied, purports to punish mere advocacy and to forbid, on pain of criminal punishment, assembly with others merely to advocate the described type of action, it falls within the condemnation of the First and Fourteenth Amendments. Freedoms of speech and press do not permit a State to forbid advocacy of the use of force or of law violation except where such advocacy is directed to inciting or producing imminent lawless action and is likely to incite or produce such action. Whitney v. California, 274 U.S. 357 , overruled. http://laws.findlaw.com/us/403/15.html Appellant was convicted of violating that part of Cal. Penal Code 415 which prohibits "maliciously and willfully disturb[ing] the peace or quiet of any neighborhood or person . . . by . . . offensive conduct," for wearing a jacket bearing the words "Fuck the Draft" in a corridor of the Los Angeles Courthouse. The Court of Appeal held that "offensive conduct" means "behavior which has a tendency to provoke others to acts of violence or to in turn disturb the peace," and affirmed the conviction. Held: Absent a more particularized and compelling reason for its actions, the State may not, consistently with the First and Fourteenth Amendments, make the simple public display of this single four-letter expletive a criminal offense. Pp. 22-26. From jamesd at echeque.com Wed Jul 2 18:18:59 2003 From: jamesd at echeque.com (James A. Donald) Date: Wed, 2 Jul 2003 18:18:59 -0700 Subject: Reporter writing article on proffr/mattd and threats In-Reply-To: <5.2.1.1.0.20030702160220.039d55b8@mail.well.com> Message-ID: <3F032213.5523.AC02EE2@localhost> -- On 2 Jul 2003 at 16:09, Declan McCullagh wrote: > I received a phone call today from a newspaper reporter who's > writing an article on mattd/proffr and wanted background on > the cypherpunks group or movement, as he put it. The reporter > -- who covers crime, law enforcement, and the courts -- > wanted to know whether mattd/proffr was representative of the > group or an outlier, and stressed that two other cypherpunks > have been imprisoned for their actions in this area. > > Apparently mattd/proffr has been saying on cypherpunks that > some federal prosecutors need killing. I received email from a reporter on the same topic, I presume the same reporter. I am inclined to suspect that the reporter is a fed. Professor rat is too deranged to be a fed. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG QpKOGfzNlJmamdzP/r/pxQqV3fmG7S20DUKrN/LD 4IVIQeZR4glowWVdlvF9Coo4rpJD871QeP0Swloba From declan at well.com Wed Jul 2 15:40:36 2003 From: declan at well.com (Declan McCullagh) Date: Wed, 02 Jul 2003 18:40:36 -0400 Subject: SF meet: future of feta, port, sherry, gorgonzola at stake Message-ID: <5.2.1.1.0.20030702183933.04c15570@mail.well.com> COMMERCE UNDER SECRETARY ROGAN TO OPEN USPTO/WIPO CONFERENCE EXPLORING USE OF GEOGRAPHIC NAMES TO DESCRIBE FOOD AND WINE Use of Terms Bologna, Parmesan, Chablis, and Burgundy Could Be Prohibited, Adversely Affecting U.S. Food and Wine Industry Wednesday, July 9, 2003 9:30 a.m. The Palace Hotel 2 New Montgomery Street San Francisco, CA. Under Secretary of Commerce for Intellectual Property James E. Rogan will make opening remarks at a three-day symposium (July 9-11) on the use of geographical indications (GIs) to describe food and wine. The symposium, which is being co-hosted by the Department of Commercebs U.S. Patent and Trademark Office (USPTO) and the World Intellectual Property Organization (WIPO), will feature an international array of experts in the field from WIPO member states and the food and wine industries. The symposium is being held in anticipation of a World Trade Organization (WTO) meeting on GIs scheduled for Cancun, Mexico in September. It is expected that at the Cancun meeting, the European Union will call for terminating the use of certain generic terms to describe food and wine unless those products come from a specific geographic region. If the EU is successful, use of terms such as feta and gorgonzola for cheese, and port and sherry for wine - now considered generic in many WTO member nations - could be prohibited in the United States, resulting in consumer confusion and potentially injuring U.S. domestic and international commerce in food and wine. The symposium agenda is available at http://www.wipo.int/meetings/2003/geo-ind/en/program/. From sfurlong at acmenet.net Wed Jul 2 17:40:07 2003 From: sfurlong at acmenet.net (Steve Furlong) Date: Wed, 2 Jul 2003 20:40:07 -0400 Subject: All quiet on the western front In-Reply-To: <948c9fbf1fdbc0e1fb5bc9d85563efa2@erisiandiscord.de> References: <948c9fbf1fdbc0e1fb5bc9d85563efa2@erisiandiscord.de> Message-ID: <200307022040.07576.sfurlong@acmenet.net> On Wednesday 02 July 2003 20:15, Anonymous wrote: > There are very few in the general population that are cut to be true > dissenters and act upon it. Now this age brings in the additional > requirement: they have to also be decent engineers. As a result, > there are very few left. On the other hand, it doesn't take very many. -- Steve Furlong Computer Condottiere Have GNU, Will Travel "If someone is so fearful that, that they're going to start using their weapons to protect their rights, makes me very nervous that these people have these weapons at all!" -- Rep. Henry Waxman From juicy at melontraffickers.com Wed Jul 2 23:06:14 2003 From: juicy at melontraffickers.com (A.Melon) Date: Wed, 2 Jul 2003 23:06:14 -0700 (PDT) Subject: All quiet on the western front Message-ID: <948c9fbf1fdbc0e1fb5bc9d85563efa2@melontraffickers.com> Hi, Tim, I'm glad that you have a bout of lucidity. The government essentially won the crypto battle, marginalizing crypto proponents, quietly getting media and corporations under control when crypto is concerned, and generally rising the stakes. Those of you who have access to corporate product development documents that relate to communications know what I am talking about. CALEA etcl. It's there, it's real and I think that about 5-10% of development resources are taken by it. Most cypherpunks were relatively highly paid engineers with comfortable lives and some time on their hands, so while crypto was fashionable it was cool to hang out at meetings and have pipe dreams about taking on the state. Even then, scum like del Torto started to bank ahead and sell to the "freedom fighters" and "good cops". But then it got much worse. After the WTC theater, being present at essentially anti-state meetings was not considered totally benign. And also the salaries were gone, so this beer and TV Saturday alternative suddenly stopped being alternative at all. So we're back to the fact that highly paid engineers in crypto field are really not automatically revolutionaries. On the contrary. There are very few in the general population that are cut to be true dissenters and act upon it. Now this age brings in the additional requirement: they have to also be decent engineers. As a result, there are very few left. From bill.stewart at pobox.com Thu Jul 3 00:15:42 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Thu, 03 Jul 2003 00:15:42 -0700 Subject: SF meet: future of feta, port, sherry, gorgonzola at stake In-Reply-To: <5.2.1.1.0.20030702183933.04c15570@mail.well.com> Message-ID: <5.1.1.6.2.20030703000823.02e31af0@idiom.com> Great. First they take the Champagne, now they want the port and sherry, and feta cheese. Next it'll be the Chianti, and they'll find something wrong with fava beans as well. Worse than that, they'll make Americans stop eating Hamburgers, and the vast right wing conspiracy already banned French fries. (I'm actually rather surprised by feta cheese being on the list - my local Iranian grocery regularly has feta from France, Greece, Bulgaria, and one or two other places.) From mv at cdc.gov Thu Jul 3 00:16:28 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 03 Jul 2003 00:16:28 -0700 Subject: architecture as torture Message-ID: <3F03D84C.B6A03850@cdc.gov> http://www.smh.com.au/articles/2003/01/27/1043534004548.html From mv at cdc.gov Thu Jul 3 00:41:15 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 03 Jul 2003 00:41:15 -0700 Subject: Reporter writing article on proffr/mattd and threats Message-ID: <3F03DE1B.9A3CBFCD@cdc.gov> At 04:09 PM 7/2/03 -0400, Declan McCullagh wrote: >I received a phone call today from a newspaper reporter who's writing an >article on mattd/proffr and wanted background on the cypherpunks group or >movement, as he put it. The reporter -- who covers crime, law enforcement, >and the courts How does one authenticate that a voice on a phone is a reporter? Or is my sarcasm/wryness detector stuck? --- We are all reporters, we are all book sellers. We are all first class objects. --Tim May From mv at cdc.gov Thu Jul 3 01:00:12 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 03 Jul 2003 01:00:12 -0700 Subject: talking to coworkers = deemed exports Message-ID: <3F03E28C.6808C824@cdc.gov> http://www.eetimes.com/story/OEG20030623S0011 The Commerce Department considers some U.S. transfers of commercial technologies to foreign workers as exports. In some cases, U.S. companies may be required to obtain a deemed-export license before giving foreign-born employees access to sensitive technologies. [shades of the old crypto days, where you couldn't ask a colleage from another country to review your code.. this time its China, India they're freaking about] From discord-nobody at erisiandiscord.de Wed Jul 2 17:15:43 2003 From: discord-nobody at erisiandiscord.de (Anonymous) Date: Thu, 3 Jul 2003 02:14:43 +0159 (CEST) Subject: All quiet on the western front Message-ID: <948c9fbf1fdbc0e1fb5bc9d85563efa2@erisiandiscord.de> Hi, Tim, I'm glad that you have a bout of lucidity. The government essentially won the crypto battle, marginalizing crypto proponents, quietly getting media and corporations under control when crypto is concerned, and generally rising the stakes. Those of you who have access to corporate product development documents that relate to communications know what I am talking about. CALEA etcl. It's there, it's real and I think that about 5-10% of development resources are taken by it. Most cypherpunks were relatively highly paid engineers with comfortable lives and some time on their hands, so while crypto was fashionable it was cool to hang out at meetings and have pipe dreams about taking on the state. Even then, scum like del Torto started to bank ahead and sell to the "freedom fighters" and "good cops". But then it got much worse. After the WTC theater, being present at essentially anti-state meetings was not considered totally benign. And also the salaries were gone, so this beer and TV Saturday alternative suddenly stopped being alternative at all. So we're back to the fact that highly paid engineers in crypto field are really not automatically revolutionaries. On the contrary. There are very few in the general population that are cut to be true dissenters and act upon it. Now this age brings in the additional requirement: they have to also be decent engineers. As a result, there are very few left. From jy at jya.com Thu Jul 3 09:34:30 2003 From: jy at jya.com (John Young) Date: Thu, 03 Jul 2003 09:34:30 -0700 Subject: Reporter writing article on proffr/mattd and threats In-Reply-To: <3F03DE1B.9A3CBFCD@cdc.gov> Message-ID: It is a fact that proffr/mattd is Declan. Confirming the practice of cpunks confecting imaginary personas to vent their inner evildoing then protesting the vile behavior, disclaiming any contact with their perps. Then campaigning to have the shits banned from an putative open liars forum. That's what non-fiction was invented for, telling lies to uphold the truth -- which is itself a favorite conceit of the non-fictioneers. Facts, just the irrefutable facts, are the makings of reputations made in heaven and hell -- two more tools of the narrative trade pliers. Truth hoots. Prosecutors are hooters. If the facts don't convince grand juries, avid readers all, then cook up an expert to swear on a bible cookbook. From jya at pipeline.com Thu Jul 3 09:57:21 2003 From: jya at pipeline.com (John Young) Date: Thu, 03 Jul 2003 09:57:21 -0700 Subject: Web Privacy War Message-ID: WSJ today reports on the war between web privacy firms and the feds: http://cryptome.org/web-priv-war.htm Lance Cottrell and other privacy protection firms are featured -- does Anonymizer really bring in up to a $1M a year? Lance says he doesn't keep logs thus cannot respond to subpoenas. Other privacy firms are said to cooperate with the feds. One brags that national security trumps making money. As if they natsec is not the biggest money maker of all time, though homesec is coming on strong. Privsec in the race, though deniability is mandatory. It notes the demise of Zero Knowledge just before the Patriot Act started the boom in people seeking protection from official spies. Darn. But then we don't know what ZK is doing black with the contacts it eagerly gathered in its meetings with the feds. From camera_lumina at hotmail.com Thu Jul 3 07:47:13 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 03 Jul 2003 10:47:13 -0400 Subject: All quiet on the western front Message-ID: A. Melon wrote... "There are very few in the general population that are cut to be true dissenters and act upon it. Now this age brings in the additional requirement: they have to also be decent engineers. As a result, there are very few left." I agree with this assessment, but would also suggest that Tim May's old-fogeyism has some validity to it. As far as I'm concerned, the state has successfully bonded with big media to pretty much stifle a lot of critical thinking, particularly about what other Americans believe. We saw it with the war protests--despite the fact that the numbers were larger than during Vietnam, the media was successful in (first of all) convincing Americans that the vast majority of Americans supported the war/troops/president. After that, since most Americans believed the right thing was to support the war (because "everybody else supports it"), they then came to quasi-support it, or at least shut up about it. And still, no Osama, no Saddam, and no WMD, but only "kooks" and "commies" are screaming about it. Thus, to go back o your point, you're starting off with a small population of dissenters, so that once you pass down through the needs for engineering and math skills, you're left with very little. On the other hand, the only thing that's stopping me from coding up my "eJector" is a full time job and trying to live in the little spare time I have. So I guess I'm in the population you describe and will be, as long as I remain employed. But then again...if someone I actually know gets tortured or whatever, that could change at any minute. Then I'll be the REAL... -Tyler Durden >From: "A.Melon" >To: cypherpunks at lne.com >Subject: Re: All quiet on the western front >Date: Wed, 2 Jul 2003 23:06:14 -0700 (PDT) > >Hi, Tim, > >I'm glad that you have a bout of lucidity. > >The government essentially won the crypto battle, marginalizing crypto >proponents, quietly getting media and corporations under control when >crypto is concerned, and generally rising the stakes. Those of you who >have access to corporate product development documents that relate to >communications know what I am talking about. CALEA etcl. It's there, >it's real and I think that about 5-10% of development resources are >taken by it. > >Most cypherpunks were relatively highly paid engineers with >comfortable lives and some time on their hands, so while crypto was >fashionable it was cool to hang out at meetings and have pipe dreams >about taking on the state. Even then, scum like del Torto started to >bank ahead and sell to the "freedom fighters" and "good cops". > >But then it got much worse. After the WTC theater, being present at >essentially anti-state meetings was not considered totally benign. And >also the salaries were gone, so this beer and TV Saturday alternative >suddenly stopped being alternative at all. > >So we're back to the fact that highly paid engineers in crypto field >are really not automatically revolutionaries. On the contrary. > >There are very few in the general population that are cut to be true >dissenters and act upon it. Now this age brings in the additional >requirement: they have to also be decent engineers. As a result, there >are very few left. _________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail From jtrjtrjtr2001 at yahoo.com Fri Jul 4 01:54:08 2003 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Fri, 4 Jul 2003 01:54:08 -0700 (PDT) Subject: A firewall problem? In-Reply-To: <5.2.0.9.2.20030509165341.00b1efe8@frodo.hserus.net> Message-ID: <20030704085408.58470.qmail@web21207.mail.yahoo.com> hi, Wont the following cause a firewall breach- First we capture inbound packets to a firewall assuming we have a man in the middle(M). If (M) use block replay on packets he can inject bits and pieces of his own information to an inbound firewall and can go undetected? M doesn't alter the source and destination ip's and is perfectly acceptable to the firewall.Even a timestamp won't work since a packet is expected at any time. We can still re-calculate the CRC of Checksum field by the same attack and replace the old crc/checksum after changing various required bit positions. Do firewall programs use initialisation vectors and a chaning mode to prevent this attack? Regards Sarath. __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com From jtrjtrjtr2001 at yahoo.com Fri Jul 4 01:55:43 2003 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Fri, 4 Jul 2003 01:55:43 -0700 (PDT) Subject: A firewall problem? In-Reply-To: <5.2.0.9.2.20030509165341.00b1efe8@frodo.hserus.net> Message-ID: <20030704085543.42463.qmail@web21203.mail.yahoo.com> hi, Wont the following cause a firewall breach- First we capture inbound packets to a firewall assuming we have a man in the middle(M). If (M) use block replay on packets he can inject bits and pieces of his own information to an inbound firewall and can go undetected? M doesn't alter the source and destination ip's and is perfectly acceptable to the firewall.Even a timestamp won't work since a packet is expected at any time. We can still re-calculate the CRC of Checksum field by the same attack and replace the old crc/checksum after changing various required bit positions. Do firewall programs use initialisation vectors and a chaning mode to prevent this attack? Regards Sarath. __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com From sunder at sunder.net Fri Jul 4 07:53:16 2003 From: sunder at sunder.net (Sunder) Date: Fri, 4 Jul 2003 10:53:16 -0400 (edt) Subject: A firewall problem? In-Reply-To: <20030704085543.42463.qmail@web21203.mail.yahoo.com> Message-ID: I'm not 100% sure what you're talking about, but from what I got, it depends on the firewall type, and the location of the man in the middle. Various firewall types: Simple packet filters. Slightly smarter packet filters that also do NAT and keep track of connections - (this is needed for the NAT to work because it needs to change the src/dest ports to differentiate between hosts behind the NAT's. i.e. ipf, iptables, etc...) Application layer proxies (i.e. socks, etc.) but those that validate the traffic is what's its supposed to be. (stateful inspection.) Generally your attacker needs to own a router upstream from you to be sucessful in replay attacks. But if you use a secure encrypted transport, it gets much, much harder. (i.e. encrypt the payload, not just the headers.) If the attacker is just somewhere else on the wild internet, he can send you packets with forged src addresses, but he won't be able see the replies, so at most it's a denial of service on your machine. So your attacker needs to either use his real ip address (or one of a machine he already cracked) or he needs to own the router directly upstream from you (i.e. your ISP) so your packets don't have any path to go through but through him. If he's on your network, or directly upstream, he can do something called tcp-hijacking. There is some interesting related stuff here for you to research to get you answers regarding this: http://cs.baylor.edu/~donahoo/NIUNet/hijack.html There are possible ways around this issue, but would likely require an encrypted sessions (ipsec, ssl/tls, or ssh for example.) If you just have a simple packet filter, it's possible to use such things. If you have a hardened application layer proxy server that inspects packets, you can be a bit more secure. An important thing to implement is secure tcp sequence numbers. They make the sequence # predictions harder, so it's not so easy hijack the connections. But this depends on your OS and tcp/ip implementation: The best paper on this I've seen so far: http://razor.bindview.com/publish/papers/tcpseq.html And here's some security alerts regarding weak sequence #'s for example: http://www.linuxsecurity.com/articles/security_sources_article-2968.html http://www.cert.org/advisories/CA-2001-09.html Again, if your attacker owns the router directly upstream from you, that won't help very much because you can assume that they'd be able to intercept and alter packets in real time. This of course isn't trivial, but it is doable with fast enough hardware if located directly upstream from you. But it won't allow the attacker to hijack encrypted connections to known hosts, or hosts using properly signed (by a well known CA) SSL certificates. It will allow the attacker to do plenty of monkeying with your email (both inbound and outbound), DNS, and unencrypted web traffic, and possibly ssh sessions to machines you haven't logged into before (where you have to say "Yes, this is the machine I want to login to.") (He won't be able to do much against encrypted emails, but he can always frustrate you by deleting them or slightly altering them so they fail to decrypt, so if you're clueless, you'll go to plaintext believing that this encryption stuff is too much of a headache and it's unreliable, and he'll be able to monkey with the plaintext ones.) ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Fri, 4 Jul 2003, Sarad AV wrote: > hi, > > > Wont the following cause a firewall breach- > > > First we capture inbound packets to a firewall > assuming we have a man in the middle(M). > > If (M) use block replay on packets he can inject bits > and pieces of his own information to an inbound > firewall and can go undetected? > > M doesn't alter the source and destination ip's and is > perfectly acceptable to the firewall.Even a timestamp > won't work since a packet is expected at any time. > > We can still re-calculate the CRC of Checksum field by > the same attack and replace the old crc/checksum after > changing various required bit positions. > > Do firewall programs use initialisation vectors and a > chaning mode to prevent this attack? From jya at pipeline.com Fri Jul 4 13:38:57 2003 From: jya at pipeline.com (John Young) Date: Fri, 04 Jul 2003 13:38:57 -0700 Subject: Radiation Sniffer Message-ID: The radiation sniffer in NYC and proposed for elsewhere in the US is described in this DOE doc: http://www.eml.doe.gov/factsheets/HS_Platform.pdf Here's the aircraft monitoring program: http://www.eml.doe.gov/factsheets/rampscan.pdf There's more on a variety of homeland security monitoring programs at http://www.eml.doe.gov/factsheets/ EML is the DOE's Environmental Monitoring Laboratory located in NYC, whose history goes back to the earliest days of the nuclear age when it was set up to track medical and health effects of nuclear weapons. It now does worldwide monitoring of nuclear activities. Why is it located in NYC? Up on the 7th Floor of a non-descript office building, along with a batch of federal agencies such as a passport office, social security and what not. The classified work of the lab must account for the amazing entrance security you have to go through to get a passport renewed. Reminds of going to a plain-jane office building at an outer edge of DC a while back, heading for a meeting with a construction firm, when, bam, step inside the lobby and there you are facing a heavily armed phalanx of federal police and camouflaged soldiers. You ask the M-16 bristling receptionist about the firm and she barks for the team to surround the perp, demands ID, says you know where your are. Uh, sure, I say, this is the capital of the free world. Smart ass, she says, not any more. This country is ours. Show me what's in that bag. So I did. She screamed when it dawned on her what she was seeing in my tote. The troops jumped back as if electroshocked. Sir, she said, we would appreciate it if you would just leave. Yes, sir, the troops chorused, just please leave the premises, what's in that bag is not what we enlisted to handle. Here, I said, taking the device out of the tote, have a taste. No, no, no, they all yelped, and backed against the wall, legs shaking, weapons clattering to the floor, please take it away. Have mercy, sir. Well, I said, okay, if it scares you, and put away the gleaming jewel of kryptonite, titled fine print US Constitution, printed in China. From cypherpunks at salvagingelectrons.com Sat Jul 5 05:07:49 2003 From: cypherpunks at salvagingelectrons.com (Tim Meehan) Date: Sat, 05 Jul 2003 08:07:49 -0400 Subject: Brinword on again in Kelowna, BC: CanPrivComm's replacement drops police surveillence camera lawsuit Message-ID: Too bad George Radwanski didn't just bring his lunch to work more often. This was one of his more prominent causes, an important one, which his successor is just rolling over on. --- http://tinyurl.com/g30t The Toronto Star Jul. 5, 2003. 01:00 AM Radwanski stand-in cleans house Sidelines aides, ends pricey B.C. court challenge Staff co-operating with auditors: Robert Marleau TONDA MACCHARLES OTTAWA BUREAU OTTAWARobert Marleau, the man replacing former privacy commissioner George Radwanski, has moved quickly to overhaul the beleaguered office, halting a $250,000 court challenge to RCMP surveillance cameras yesterday and sidelining two of Radwanski's most controversial senior aides. Marleau, a former clerk of the Commons who is filling the job on an interim basis, said in an interview he dropped the high-profile court action in Kelowna, B.C., that Radwanski had undertaken as a crusade because it was not "a useful way of spending public funds." Marleau also accepted on Wednesday the resignation and early retirement of Art Lamarche, Radwanski's chief of corporate services. Marleau said there was no special incentive package offered to Lamarche to retire July 31; it was Lamarche's own decision. The interim privacy commissioner also ordered Dona Vallieres, Radwanski's director of communications and frequent travel companion, to take "special leave" with full pay pending the outcome of Auditor-General Sheila Fraser's financial probe. "When I came in, I took stock of the situation and thought it was in her best interests and our best interests while the audit was ongoing, and pending its results, that she go on special leave," Marleau said. He would not speculate on the likelihood of Vallieres returning to her job. "The audit will dictate the outcome," he said. Vallieres travelled extensively with her former boss to Paris, Madrid, London, Rome, New York and New Zealand among other destinations. Her expense claims show she often dined at the same Ottawa restaurants preferred by the ex-commissioner. A self-described sufferer of chronic fatigue syndrome, Vallieres had refused to appear before the Commons committee investigating Radwanski's expenses, saying she was ill. She did, however, appear at Radwanski's news conference the following day. Vallieres has declined interviews, but indignantly denied to a CTV reporter she had any improper relationship with Radwanski. In 2001-2002, documents show Radwanski claimed $182,777 in domestic and foreign travel expenses. Vallieres claimed a total of $129,542 for the same period. Marleau declined to reveal the salaries of Vallieres and Lamarche, who is on "special leave" with full pay until his July 31 retirement, but both are considered senior executives in the public service. Under recently announced pay increases, an executive's salary ranges from $102,200 to $165,000. The NDP's Pat Martin said he was pleased with the moves by Marleau, and said the results of the auditor general's investigation may mean future sanction for Radwanski's former aides. "(Canadians) should be comforted by the fact that any maladministration of public funds may be considered a criminal matter," he said. Neither Lamarche nor Vallieres returned the Star's calls yesterday. Marleau, and all senior officials in the privacy office, have already met with and provided documents to federal auditors from Fraser's office, and more interviews are set for Monday, he said. As well, a "broad" audit of staffing practices by the Public Service Commission is underway. "As far as I'm concerned, they have complete access," Marleau said. "I look forward to their findings." As for the Kelowna surveillance camera court challenge Radwanski had launched, Marleau said he made a "risk assessment" of the likelihood of success and the future legal costs, and believed it was "not reasonable" to proceed. Up to now, the merits of the case hadn't been argued, yet the challenge had already cost $250,000 to litigate, mostly in fees to Toronto lawyer Morris Manning. The challenge, Marleau said, was not "the best use of funds of this small office." The federal justice department opposed Radwanski's efforts to bring the matter to court, and Radwanski had lost his first bid for standing to intervene. Marleau said the office still has concerns about the privacy implications of surveillance cameras, and if it received a complaint from an individual Kelowna resident, which it has not, it would "pursue" the matter, and apply a test of "reasonableness" to the use of surveillance equipment. -- Tim Meehan, Communications Director Ontario Consumers for Safe Access to Recreational Cannabis tim at ocsarc.org * http://www.ocsarc.org * 416-854-6343 From mv at cdc.gov Sat Jul 5 09:03:00 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Sat, 05 Jul 2003 09:03:00 -0700 Subject: [Reverse panopticon] Govt Information Awareness Message-ID: <3F06F6B4.3A0AF073@cdc.gov> http://www.wired.com/news/privacy/0,1848,59495,00.html Researchers at the MIT Media Lab unveiled the Government Information Awareness, or GIA, website Friday. Using applications developed at the Media Lab, GIA collects and collates information about government programs, plans and politicians from the general public and numerous online sources. Currently the database contains information on more than 3,000 public figures. The premise of GIA is that if the government has a right to know personal details about citizens, then citizens have a right to similar information about the government. From mv at cdc.gov Sat Jul 5 09:19:33 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Sat, 05 Jul 2003 09:19:33 -0700 Subject: A firewall problem? Message-ID: <3F06FA95.9D9E04C7@cdc.gov> At 01:55 AM 7/4/03 -0700, Sarad AV wrote: >Wont the following cause a firewall breach- > >First we capture inbound packets to a firewall >assuming we have a man in the middle(M). > >If (M) use block replay on packets he can inject bits >and pieces of his own information to an inbound >firewall and can go undetected? > >M doesn't alter the source and destination ip's and is >perfectly acceptable to the firewall.Even a timestamp >won't work since a packet is expected at any time. > >We can still re-calculate the CRC of Checksum field by >the same attack and replace the old crc/checksum after >changing various required bit positions. > >Do firewall programs use initialisation vectors and a >chaning mode to prevent this attack? You are confusing a firewall with a protocol like IPsec that provides authentication and replay resistance (using crypto). A firewall is just a packet filter --if this field is that, do this. (Steve Bellovin has an online book about them you might enjoy.) Sometimes they're clever and look inside the streams, but this won't resist the attacks you're talking about. Various components of IPsec will. Read up on how it does that. ----- http://www.geocities.com/the_irvine_observer/ From timcmay at got.net Sat Jul 5 19:51:07 2003 From: timcmay at got.net (Tim May) Date: Sat, 5 Jul 2003 19:51:07 -0700 Subject: Idea: The ultimate CD/DVD auditing tool In-Reply-To: Message-ID: On Saturday, July 5, 2003, at 07:13 PM, Thomas Shaddack wrote: > Pondering. Vast majority of the CD/DVD "protection" methods is based on > various deviations from the standards, or more accurately, how such > deviations are (or aren't) handled by the drive firmware. > > However, we can sidestep the firmware. > > The drive contains the moving part with the head assembly. There is an > important output signal there: the raw analog signal bounced from the > disk and amplified. > > We can tap it and connect it to a highspeed digital oscilloscope card. > And > sample obscene amount of data from it. In comparison with fast-enough > ADCs, disk space is cheap. The problem can be in bandwidth, but for the > drive speed set up to possible minimum (or for "normal" players) the > contemporary machines should be sufficient. Real-time operating system > (maybe RTOS-Linux) may be necessary. No RTOS/Linux is needed for fast sampling, which has been happening for several decades now. Nor is a digital oscilloscope needed. (FWIW, I used a Nicolet digital oscilloscope, and also a LeCroy CAMAC digitizer, for some high-speed single-shot event capture--the strike of an alpha particle--nearly 25 years ago. The OS for our data collection computers were, variously, RSX-11M and VMS.) Video ADC cards are already vastly capable at sampling video streams. > > We get the record of the signal captured from the drive's head - raw, > with > everything - dirt, drop-outs, sector headers, ECC bits. The low-level > format is fairly well documented; now we have to postprocess the > signal. > Conversion from analog to digital data and then from the CD > representation > to 8-bit-per-byte should be fairly straightforward (at least for > someone > skilled with digital signal processing). Now we can identify the > individual sectors on the disc and extract them to a disc image file > that > we can handle later by normal means. So? Yes, this is all possible. Any moderately well-equipped lab can do this. So? > > If we'd fill this idea with water, would it leak? Where? Why? > I have no idea what you mean by "fill this idea with water," but by all means go ahead and rig up such a machine. Personally, I already make about 1-2 recordable DVDs per day, on average, without any hint of copy protection or Macrovision. I usually use the 3-hour speed on my DVD recorder, and can put one high-quality movie on the first part and then, by using a slightly slower speed, another movie on the remaining part. If "DVD quality" is needed, I record at the 2-hour setting. If "better than DVD quality" is needed, as from a DV camcorder source, I record at the 1-hour speed. If you build a machine which has even higher digitization rates, taken ahead of any DVD spec circuitry, you will get about what I am getting at the 1-hour setting. A very limited market for consumers to buy such machines. Video pirate labs very probably already have such rigs set up. --Tim May "Extremism in the pursuit of liberty is no vice."--Barry Goldwater From mv at cdc.gov Sat Jul 5 22:48:42 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Sat, 05 Jul 2003 22:48:42 -0700 Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: <3F07B83A.2C8391E2@cdc.gov> At 04:13 AM 7/6/03 +0200, Thomas Shaddack wrote: >Pondering. Vast majority of the CD/DVD "protection" methods is based on >various deviations from the standards, or more accurately, how such >deviations are (or aren't) handled by the drive firmware. > >However, we can sidestep the firmware. > >The drive contains the moving part with the head assembly. There is an >important output signal there: the raw analog signal bounced from the >disk and amplified. > >We can tap it and connect it to a highspeed digital oscilloscope card. This is a valid idea. You do have to get in there with delicate probes to read the amplified analog signal, its not available past the drive. The people who already do this are called test engineers for CD drive companies. Or the data-recovery techs for the NSA et al. I doubt that hardcore pirates bother, they may as well just do a single high quality ADC. That, as has been mentioned here before, is always the fatal flaw, even if you put the DAC in your DRM chip (and solve the resulting noise issues..) ---- "Yes, we know they have logic analyzers in Hong Kong" --a Sony engineer when confronted with weaknesses in the design of a DRM box From mv at cdc.gov Sat Jul 5 23:51:34 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Sat, 05 Jul 2003 23:51:34 -0700 Subject: DNA of relative indicts man, cuckolding ignored Message-ID: <3F07C6F6.B1BDBCD8@cdc.gov> Slashdot pointed to this story of a man indicted via his *relative's* DNA sample: http://news.bbc.co.uk/2/hi/uk_news/wales/3044282.stm But an interesting, unmentioned issue is this: in population DNA surveys you find that a lot of purported fathers *aren't*. So the possibility of indicting a cuckolded man on the basis of nominal (only) relatives is quite real. [list rel: tech DBs, errors, law, biosurveillance] From shaddack at ns.arachne.cz Sat Jul 5 19:13:32 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Sun, 6 Jul 2003 04:13:32 +0200 (CEST) Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: Pondering. Vast majority of the CD/DVD "protection" methods is based on various deviations from the standards, or more accurately, how such deviations are (or aren't) handled by the drive firmware. However, we can sidestep the firmware. The drive contains the moving part with the head assembly. There is an important output signal there: the raw analog signal bounced from the disk and amplified. We can tap it and connect it to a highspeed digital oscilloscope card. And sample obscene amount of data from it. In comparison with fast-enough ADCs, disk space is cheap. The problem can be in bandwidth, but for the drive speed set up to possible minimum (or for "normal" players) the contemporary machines should be sufficient. Real-time operating system (maybe RTOS-Linux) may be necessary. We get the record of the signal captured from the drive's head - raw, with everything - dirt, drop-outs, sector headers, ECC bits. The low-level format is fairly well documented; now we have to postprocess the signal. Conversion from analog to digital data and then from the CD representation to 8-bit-per-byte should be fairly straightforward (at least for someone skilled with digital signal processing). Now we can identify the individual sectors on the disc and extract them to a disc image file that we can handle later by normal means. We can push the idea a step further, making a stripped-down CD/DVD drive that would be able basically just to follow the spiral track with its head in constant linear velocity (easier to analyze than CAV) mode, with the ability to control the speed in accordance with how fast (and expensive) ADC, bus, and disks we have, and the possibility to interrupt/resume scanning anytimes in accordance with how much disk space we have (or to scan just a small area of the disc). As a welcomed side effect, not only we'd get a device for circumvention of just about any contemporary (and possibly a good deal of the future ones) optical media "protections", but we would also get a powerful tool for retrieving data from even very grossly damaged discs, for audit of behavior of CD/DVD writers and CD vendors (eg, if they don't attempt to sneak in something like a hidden serial number of the writer), and for access to all areas of the discs - including the eventual ones unreachable through the drive's own firmware. If we'd fill this idea with water, would it leak? Where? Why? From mv at cdc.gov Sun Jul 6 08:49:19 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 06 Jul 2003 08:49:19 -0700 Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: <3F0844FF.54E3EAD9@cdc.gov> At 03:08 PM 7/6/03 +0300, Sampo Syreeni wrote: >. A writing drive capable of working at such a low level >could be used to experiment with new encodings beyond what standard CD's >can do -- say, substituting CIRC with RSBC and gaining some extra room on >the disc, getting rid of the subchannels, a more intelligent coding of >disc addresses... Breaking compatibility wouldn't be too useful, but it >sure would be fun. And think of the ulcers you would cause the TLAs! Assuming they got your disks and not your custom drive... >Now you simply can't do it. There's a good reason why, viz: it would cost the drive developer to allow or export this flexibility. Since very few customers are sick enough :-) to want to invent their own incompatible formats it simply isn't worth their development-engineering time or end-product resources (eg gates) in such a commodity product. From morlockelloi at yahoo.com Sun Jul 6 12:18:24 2003 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Sun, 6 Jul 2003 12:18:24 -0700 (PDT) Subject: Idea: The ultimate CD/DVD auditing tool In-Reply-To: <3F0844FF.54E3EAD9@cdc.gov> Message-ID: <20030706191824.28449.qmail@web40614.mail.yahoo.com> > There's a good reason why, viz: it would cost the drive developer to allow > or export this flexibility. Since very few customers are sick enough This will go the same way as radio. First, you have hundreds of separate boxes, each doing some custom modulation/frequency gig (am, fm, shortwave, TV, cell, spread spectrum, whatever) and you had to have a separate apparatus for each instance. With software radio, you just have one box that can do it all (and it made all protection-by-custom-modulation obsolete ... I've seen it playing "protected" HDTV signals.) So it's easy to imagine universal "software" disc player/recorder that let's one do any modulation technique. Not that it would provide protection, because the same tools will be available to attackers, but at least the crypto may become more fun, going back to physical domain. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com From camera_lumina at hotmail.com Sun Jul 6 11:09:30 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sun, 06 Jul 2003 14:09:30 -0400 Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: As a basic idea it seems relatively workable. However, there's one detail that perhaps you might want to know about: "We can push the idea a step further, making a stripped-down CD/DVD drive that would be able basically just to follow the spiral track with its head in constant linear velocity" Unlike a vinyl record, the CD grooves don't form a spiral...they are concentric circles. Also, the beginning of the CD is towards the center, the end towards the edge. -TD >From: Thomas Shaddack >To: cypherpunks >Subject: Idea: The ultimate CD/DVD auditing tool >Date: Sun, 6 Jul 2003 04:13:32 +0200 (CEST) > >Pondering. Vast majority of the CD/DVD "protection" methods is based on >various deviations from the standards, or more accurately, how such >deviations are (or aren't) handled by the drive firmware. > >However, we can sidestep the firmware. > >The drive contains the moving part with the head assembly. There is an >important output signal there: the raw analog signal bounced from the >disk and amplified. > >We can tap it and connect it to a highspeed digital oscilloscope card. And >sample obscene amount of data from it. In comparison with fast-enough >ADCs, disk space is cheap. The problem can be in bandwidth, but for the >drive speed set up to possible minimum (or for "normal" players) the >contemporary machines should be sufficient. Real-time operating system >(maybe RTOS-Linux) may be necessary. > >We get the record of the signal captured from the drive's head - raw, with >everything - dirt, drop-outs, sector headers, ECC bits. The low-level >format is fairly well documented; now we have to postprocess the signal. >Conversion from analog to digital data and then from the CD representation >to 8-bit-per-byte should be fairly straightforward (at least for someone >skilled with digital signal processing). Now we can identify the >individual sectors on the disc and extract them to a disc image file that >we can handle later by normal means. > >We can push the idea a step further, making a stripped-down CD/DVD drive >that would be able basically just to follow the spiral track with its head >in constant linear velocity (easier to analyze than CAV) mode, with the >ability to control the speed in accordance with how fast (and expensive) >ADC, bus, and disks we have, and the possibility to interrupt/resume >scanning anytimes in accordance with how much disk space we have (or to >scan just a small area of the disc). > >As a welcomed side effect, not only we'd get a device for circumvention of >just about any contemporary (and possibly a good deal of the future ones) >optical media "protections", but we would also get a powerful tool for >retrieving data from even very grossly damaged discs, for audit of >behavior of CD/DVD writers and CD vendors (eg, if they don't attempt to >sneak in something like a hidden serial number of the writer), and for >access to all areas of the discs - including the eventual ones unreachable >through the drive's own firmware. > >If we'd fill this idea with water, would it leak? Where? Why? _________________________________________________________________ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail From decoy at iki.fi Sun Jul 6 05:08:54 2003 From: decoy at iki.fi (Sampo Syreeni) Date: Sun, 6 Jul 2003 15:08:54 +0300 (EEST) Subject: Idea: The ultimate CD/DVD auditing tool In-Reply-To: References: Message-ID: On 2003-07-06, Thomas Shaddack uttered to cypherpunks: >If we'd fill this idea with water, would it leak? Where? Why? It wouldn't leak, and I've never really understood why standard ATAPI drives don't allow access to the raw data. As you say, that sort of tool would have quite a number of applications besides piracy. For example, taking MP3 backups of my CD's, I already would have needed error concealment, a feature CD-ROM's do not implement when ripping audio. You can't implement that well without knowing where the error correction step failed, and that data isn't easily available. Also, I've always been fascinated by the fact that there's really no reason to follow the CD specs beyond 8/14 modulation other than compatibility. A writing drive capable of working at such a low level could be used to experiment with new encodings beyond what standard CD's can do -- say, substituting CIRC with RSBC and gaining some extra room on the disc, getting rid of the subchannels, a more intelligent coding of disc addresses... Breaking compatibility wouldn't be too useful, but it sure would be fun. Now you simply can't do it. -- Sampo Syreeni, aka decoy - mailto:decoy at iki.fi, tel:+358-50-5756111 student/math+cs/helsinki university, http://www.iki.fi/~decoy/front openpgp: 050985C2/025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 From cpunk at lne.com Sun Jul 6 20:00:01 2003 From: cpunk at lne.com (cpunk at lne.com) Date: Sun, 6 Jul 2003 20:00:01 -0700 Subject: Cypherpunks List Info Message-ID: <200307070300.h67301F4007397@gw.lne.com> Cypherpunks Mailing List Information Last updated: Sep 12, 2002 This message is also available at http://www.lne.com/cpunk Instructions on unsubscribing from the list can be found below. 0. Introduction The Cypherpunks mailing list is a mailing list for discussing cryptography and its effect on society. It is not a moderated list (but see exceptions below) and the list operators are not responsible for the list content. Cypherpunks is a distributed mailing list. A subscriber can subscribe to one node of the list and thereby participate on the full list. Each node (called a "Cypherpunks Distributed Remailer", although they are not related to anonymous remailers) exchanges messages with the other nodes in addition to sending messages to its subscribers. A message posted to one node will be received by the list subscribers on the other nodes, and vice-versa. 1. Filtering The various CDRs follow different policies on filtering spam and to a lesser extent on modifying messages that go to/from their subscribers. Filtering is done, on nodes that do it, to reduce the huge amount of spam that the cypherpunks list is subjected to. There are three basic flavors of filtering CDRs: "raw", which send all messages to their subscribers. "cooked" CDRs try to eliminate the spam on that's on the regular list by automatically sending only messages that are from cypherpunks list subscribers (on any CDR) or people who are replying to list messages. Finally there are moderated lists, where a human moderator decides which messages from the raw list to pass on to subscribers. 2. Message Modification Message modification policy indicates what modifications, if any, beyond what is needed to operate the CDR are done (most CDRs add a tracking X-loop header on mail posted to their subscribers to prevent mail loops). Message modification usually happens on mail going in or out to each CDR's subscribers. CDRs should not modify mail that they pass from one CDR to the next, but some of them do, and others undo those modifications. 3. Privacy Privacy policy indicates if the list will allow anyone ("open"), or only list members, or no one ("private") , to retrieve the subscribers list. Note that if you post, being on a "private" list doesn't mean much, since your address is now out there. It's really only useful for keeping spammers from harvesting addresses from the list software. Digest mode indicates that the CDR supports digest mode, which is where the posts are batched up into a few large emails. Nodes that support only digest mode are noted. 4. Anonymous posting Cypherpunks encourages anonymous posting. You can use an anonymous remailer: http://www.andrebacard.com/remail.html http://anon.efga.org/Remailers http://www.gilc.org/speech/anonymous/remailer.html or you can send posts to the list via cpunks_anon at einstein.ssz.com and your mail's headers will be stripped before posting. Note that this doesn't provide complete anonymity since the receiving site will still have log file entries showing the source of the mail (or you have to trust that they delete them). You also will be 'sharing' a reputation with the other entities that post through this alias, and some of them are spammers, so some subscribers will have this alias filtered. 5. Unsubscribing Unsubscribing from the cypherpunks list: Since the list is run from a number of different CDRs, you have to figure out which CDR you are subscribed to. If you don't remember and can't figure it out from the mail headers (hint: the top Received: line should tell you), the easiest way to unsubscribe is to send unsubscribe messages to all the CDRs listed below. How to figure out which CDR you are subscribed to: Get your mail client to show all the headers (Microsoft calls this "internet headers"). Look for the Sender or X-loop headers. The Sender will say something like "Sender: owner-cypherpunks at lne.com". The X-loop line will say something like "X-Loop: cypherpunks at lne.com". Both of these inticate that you are subscribed to the lne.com CDR. If you were subscribed to the algebra CDR, they would have algebra.com in them. Once you have figured out which CDR you're subscribed to, look in the table below to find that CDRs unsubscribe instructions. 6. Lunatics, spammers and nut-cases "I'm subscribed to a filtering CDR yet I still see lots of junk postings". At this writing there are a few sociopaths on the cypherpunks list who are abusing the lists openness by dumping reams of propaganda on the list. The distinction between a spammer and a subscriber is nearly always very clear, but the dictinction between a subscriber who is abusing the list by posting reams of propaganda and a subscriber who is making lots of controversial posts is not clear. Therefore, we tolerate the crap. Subscribers with a low crap tolerance should check out mail filters. Procmail is a good one, although it works on Unix and Unix-like systems only. Eudora also has a capacity for filtering mail, as do many other mail readers. An example procmail recipie is below, you will of course want to make your own decisions on which (ab)users to filter. # mailing lists: # filter all cypherpunks mail into its own cypherspool folder, discarding # mail from loons. All CDRs set their From: line to 'owner-cypherpunks'. # /dev/null is unix for the trash can. :0 * ^From.*owner-cypherpunks at .* { :0: * (^From:.*ravage at ssz\.com.*|\ ^From:.*jchoate at dev.tivoli.com.*|\ ^From:.*mattd at useoz.com|\ ^From:.*proffr11 at bigpond.com|\ ^From:.*jei at cc.hut.fi) /dev/null :0: cypherspool } 7. List of current CDRs All commands are sent in the body of mail unless otherwise noted. --------------------------------------------------------------------------- Algebra: Operator: Subscription: "subscribe cypherpunks" to majordomo at algebra.com Unsubscription: "unsubscribe cypherpunks" to majordomo at algebra.com Help: "help cypherpunks" to majordomo at algebra.com Posting address: cypherpunks at algebra.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- CCC: Operator: drt at un.bewaff.net Subscription: "subscribe [password of your choice]" to cypherpunks-request at koeln.ccc.de Unsubscription: "unsubscribe " to cypherpunks-request at koeln.ccc.de Help: "help" to to cypherpunks-request at koeln.ccc.de Web site: http://koeln.ccc.de/mailman/listinfo/cypherpunks Posting address: cypherpunks at koeln.ccc.de Filtering policy: This specific node drops messages bigger than 32k and every message with more than 17 recipients or just a line containing "subscribe" or "unsubscribe" in the subject. Digest mode: this node is digest-only NNTP: news://koeln.ccc.de/cbone.ml.cypherpunks Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Infonex: Subscription: "subscribe cypherpunks" to majordomo at infonex.com Unsubscription: "unsubscribe cypherpunks" to majordomo at infonex.com Help: "help cypherpunks" to majordomo at infonex.com Posting address: cypherpunks at infonex.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Lne: Subscription: "subscribe cypherpunks" to majordomo at lne.com Unsubscription: "unsubscribe cypherpunks" to majordomo at lne.com Help: "help cypherpunks" to majordomo at lne.com Posting address: cypherpunks at lne.com Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to lne CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. messages are demimed (MIME attachments removed) when posted through lne or received by lne CDR subscribers 2. leading "CDR:" in subject line removed 3. "Reply-to:" removed Privacy policy: private Info: http://www.lne.com/cpunk; "info cypherpunks" to majordomo at lne.com Archive: http://archives.abditum.com/cypherpunks/index.html (thanks to Steve Furlong and Len Sassaman) --------------------------------------------------------------------------- Minder: Subscription: "subscribe cypherpunks" to majordomo at minder.net Unsubscription: "unsubscribe cypherpunks" to majordomo at minder.net Help: "help" to majordomo at minder.net Posting address: cypherpunks at minder.net Filtering policy: raw Message Modification policy: no modification Privacy policy: private Info: send mail to cypherpunks-info at minder.net --------------------------------------------------------------------------- Openpgp: [openpgp seems to have dropped off the end of the world-- it doesn't return anything from sending help queries. Ericm, 8/7/01] Subscription: "subscribe cypherpunks" to listproc at openpgp.net Unsubscription: "unsubscribe cypherpunks" to listproc at openpgp.net Help: "help" to listproc at openpgp.net Posting address: cypherpunks at openpgp.net Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Ssz: Subscription: "subscribe cypherpunks" to majordomo at ssz.com Unsubscription: "unsubscribe cypherpunks" to majordomo at ssz.com Help: "help cypherpunks" to majordomo at ssz.com Posting address: cypherpunks at ssz.com Filtering policy: raw Message Modification policy: Subject line prepended with "CDR:" Reply-to cypherpunks at ssz.com added. Privacy policy: open Info: http://www.ssz.com/cdr/ --------------------------------------------------------------------------- Sunder: Subscription: "subscribe" to sunder at sunder.net Unsubscription: "unsubscribe" to sunder at sunder.net Help: "help" to sunder at sunder.net Posting address: sunder at sunder.net Filtering policy: moderated Message Modification policy: ??? Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- Pro-ns: Subscription: "subscribe cypherpunks" to majordomo at pro-ns.net Unsubscription: "unsubscribe cypherpunks" to majordomo at pro-ns.net Help: "help cypherpunks" to majordomo at pro-ns.net Posting address: cypherpunks at pro-ns.net Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to local CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. leading "CDR:" in subject line removed 2. "Reply-to:" removed Privacy policy: private Info: http://www.pro-ns.net/cpunk From jtrjtrjtr2001 at yahoo.com Mon Jul 7 02:19:28 2003 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Mon, 7 Jul 2003 02:19:28 -0700 (PDT) Subject: Finding collision resistant hash functions In-Reply-To: <5.2.0.9.2.20030509165341.00b1efe8@frodo.hserus.net> Message-ID: <20030707091928.46589.qmail@web21203.mail.yahoo.com> hi, Is there a polynomial time algorithm that will find collision hash functions or how are we supposed to find collision free hash functions?What exactly is the difficulty in finding collision free hash functions? Regards Sarath. __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com From decoy at iki.fi Sun Jul 6 16:33:06 2003 From: decoy at iki.fi (Sampo Syreeni) Date: Mon, 7 Jul 2003 02:33:06 +0300 (EEST) Subject: Idea: The ultimate CD/DVD auditing tool In-Reply-To: <3F0844FF.54E3EAD9@cdc.gov> References: <3F0844FF.54E3EAD9@cdc.gov> Message-ID: On 2003-07-06, Major Variola (ret) uttered to cypherpunks at lne.com: >There's a good reason why, viz: it would cost the drive developer to >allow or export this flexibility. But that's just the point. They need to have the raw signal available at one time or another. Picking it up and sending it down the line should be utterly trivial, too. It will have its price, but the price will also be negligible. Especially since the ATAPI protocol has steadily grown more complicated, which would suggest they are making libraries to handle it in a standardised fashion. If they have such a library, and the raw data, why shy away from yielding it to the user? I mean, the cost is far less than, say, implementing digital rippping capability in the first place, with the available chips. I'd guess either because of a) terminal stupidity or b) benefits to scale in making it sure people go with compatibility. As there probably have to be some limits to how stupid engineers capable of making things like writable CD's can be, I'd have to go with the second alternative. -- Sampo Syreeni, aka decoy - mailto:decoy at iki.fi, tel:+358-50-5756111 student/math+cs/helsinki university, http://www.iki.fi/~decoy/front openpgp: 050985C2/025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 From mv at cdc.gov Mon Jul 7 05:00:48 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 07 Jul 2003 05:00:48 -0700 Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: <3F0960F0.45EEDF26@cdc.gov> At 02:33 AM 7/7/03 +0300, Sampo Syreeni wrote: >On 2003-07-06, Major Variola (ret) uttered to cypherpunks at lne.com: > >>There's a good reason why, viz: it would cost the drive developer to >>allow or export this flexibility. > >I'd guess either because of a) terminal stupidity or b) benefits to scale >in making it sure people go with compatibility. As there probably have to >be some limits to how stupid engineers capable of making things like >writable CD's can be, I'd have to go with the second alternative. Frankly its obvious you haven't worked (or thought about the constraints) on a commercial product with a deadline / resource constraints or worked on something extremely cost sensitive like commodity drives/chipsets. Here, ponder this: why are there no oxygen sensor or manifold temperature or ignition-phase (etc) displays in ordinary cars? (Although there probably are in custom race cars) You know (much like the analog CD signal) they're being measured and used by the ECU. So, why not? Chew on that one for a while, grasshopper. Economics is applied physics. From mv at cdc.gov Mon Jul 7 05:09:46 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 07 Jul 2003 05:09:46 -0700 Subject: Finding collision resistant hash functions Message-ID: <3F09630A.148FCF@cdc.gov> At 02:19 AM 7/7/03 -0700, Sarad AV wrote: or how are we supposed to >find collision free hash functions?What exactly is the >difficulty in finding collision free hash functions? Because there are no collision *free* hash functions, there will always be several domain elements that map to the same range element. Assuming more domain elements than range elements, which is generally what people mean by hashing. You're not asking the right question, you need more constraints on the type of hash functions and their resistance to collisions. You're probably looking for functions that make it hard to intentionally find arguments that produce hashes identical to a given one. There's an incredibly dry taxonomically-inclined downloadable text on this somewhere but the margin of my screen is too small to contain the url. You'll first have to use language more precisely to get any use out of it. From mv at cdc.gov Mon Jul 7 05:14:26 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 07 Jul 2003 05:14:26 -0700 Subject: DNA of relative indicts man, cuckolding ignored Message-ID: <3F096422.55D7BD3C@cdc.gov> At 11:58 AM 7/7/03 +0100, Ben Laurie wrote: >Major Variola (ret.) wrote: >> So the possibility of indicting a cuckolded man on the basis >> of nominal (only) relatives is quite real. > >Only he was convicted because he confessed. Yes, of course, in this *particular* case. Which is irrelevent. The point is that there are undiscussed evidentiary problems using relatives' DNA, hinging on the assumption that "blood relatives actually share blood", in layspeak. From ravage at einstein.ssz.com Mon Jul 7 05:24:42 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Mon, 7 Jul 2003 07:24:42 -0500 (CDT) Subject: Austin Cypherpunks Physical Meet, Tue. July 8, 2003 Message-ID: Time: July 8, 2003 Second Tuesday of each month 7:00 - 9:00 pm (or later) Location: Central Market HEB Cafe 38th and N. Lamar Weather permitting we meet in the un-covered tables. If it's inclimate but not overly cold we meet in the outside covered section. Otherwise look for us inside the building proper. Identification: Look for the group with the "Applied Cryptography" book. It will have a red cover and is about 2 in. thick. Contact Info: http://einstein.ssz.com/cdr/index.html#austincpunks -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From nobody at dizum.com Sun Jul 6 22:30:05 2003 From: nobody at dizum.com (Nomen Nescio) Date: Mon, 7 Jul 2003 07:30:05 +0200 (CEST) Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: <24b93d1e279e96d4f59a360feab93ce2@dizum.com> Thomas Shaddup writes: > As a welcomed side effect, not only we'd get a device for circumvention of > just about any contemporary (and possibly a good deal of the future ones) > optical media "protections" This is only for the minimal forms of "protection" which are designed to work with existing CD/DVD players. If you look at the new audio formats like SACD, they use encrypted data. All your lasers won't do you any good unless you can pry a key (and the algorithm!) out of a consumer player, which won't be easy assuming it is in a tamper-resistant unit. And you can bet the industry won't make the mistake again of allowing software-based players, as they did with the DeCSS affair. In short, you're fighting yesterday's war. Try looking ahead a bit to see where the battlegrounds of the future will be contested. From eresrch at eskimo.com Mon Jul 7 08:04:46 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Mon, 7 Jul 2003 08:04:46 -0700 (PDT) Subject: Finding collision resistant hash functions In-Reply-To: <20030707091928.46589.qmail@web21203.mail.yahoo.com> Message-ID: On Mon, 7 Jul 2003, Sarad AV wrote: > Is there a polynomial time algorithm that will find > collision hash functions or how are we supposed to > find collision free hash functions?What exactly is the > difficulty in finding collision free hash functions? It can't be collision free if the number of input bits exceeds the number of output bits. Think about it, it should be obvious! Patience, persistence, truth, Dr. mike From bruen at coldrain.net Mon Jul 7 05:25:58 2003 From: bruen at coldrain.net (Stormwalker) Date: Mon, 7 Jul 2003 08:25:58 -0400 (EDT) Subject: DNA of relative indicts man, cuckolding ignored In-Reply-To: <3F096422.55D7BD3C@cdc.gov> Message-ID: The issue of knowing about other people based on one subject's DNA has been known for for several years. For example, if a a woman has the BRCA1 or BRCA2 gene (breast cancer), then so does her mother, sister(s) and daughter(s) because the gene is hereditary. Insurance companies can/have refused insurance coverage to the subject's relatives and the relatives have no idea why. Ethical issues have surfaced around the desire of the subject's relatives not wanting to know if they have a harmful, shared gene. If the subject tells her relatives abour her gene, then her relatives know that they have the gene. It's not like I told some them I broke my arm which only tells them a fact about me. The extension into law enforcement is an expected outcome. And there will be more. In my opinion, very few people understand the impact of human understanding of how life is constructed. The science is well understood, the engineering has just begun. We are taking conscious control of evolution, far past selective breeding and way past clones. cheers, bob On Mon, 7 Jul 2003, Major Variola (ret) wrote: > The point is that there are undiscussed evidentiary problems using > relatives' DNA, hinging on the assumption that "blood relatives > actually share blood", in layspeak. From alan at clueserver.org Mon Jul 7 08:45:03 2003 From: alan at clueserver.org (alan) Date: Mon, 7 Jul 2003 08:45:03 -0700 (PDT) Subject: Idea: The ultimate CD/DVD auditing tool In-Reply-To: Message-ID: On Mon, 7 Jul 2003, Tyler Durden wrote: > Do you have a reference? I don't remember reading that SACD was encrypted. > What I DO remember is that the reason there's no standard SACD or DVD-A > digital interface is because the Industry wants that digital interface to be > encrypted. Furthermore, people have come to expect that they should be able to play whatever disc shaped media in their computer. At some point there will need to be a software based player. But the real issue is that all of these DRM methods rely on "security by obscurity". Such methods eventually fail. Either the actual method is discovered and published or the DRM method fails in the marketplace and is never heard from again. From mv at cdc.gov Mon Jul 7 09:11:59 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 07 Jul 2003 09:11:59 -0700 Subject: DNA of relative indicts man, cuckolding ignored Message-ID: <3F099BCF.FC8B0619@cdc.gov> At 08:25 AM 7/7/03 -0400, Stormwalker wrote: >The issue of knowing about other people based on one subject's DNA >has been known for for several years. For example, if a a woman >has the BRCA1 or BRCA2 gene (breast cancer), then so does her mother, >sister(s) and daughter(s) because the gene is hereditary. Insurance >companies can/have refused insurance coverage to the subject's relatives >and the relatives have no idea why. Interesting, thanks. Even a brother's daughter could be refused. >Ethical issues have surfaced around the desire of the subject's >relatives not wanting to know if they have a harmful, shared gene. If >the subject tells her relatives abour her gene, then her relatives know >that they have the gene. It's not like I told some them I broke my arm >which only tells them a fact about me. Perhaps this is the basis for the social stigma of mentally ill relatives --it says something (probabilistic) about the speaker. Still, you'll find out when they end up in the hospital. Its useful knowledge to know your genes ---I know adopted people who regret not having any clue. I know that my prostate will explode when I get older. I'd like to know more. Sticking your head in the sand is rarely helpful. >In my opinion, very few people understand the impact of human >understanding of how life is constructed. The science is well understood, >the engineering has just begun. We are taking conscious control of >evolution, far past selective breeding and way past clones. Most descendants of germ-cell-fixed diabetes (etc) will probably not regret the tinkering of their ancestors, unless there are unintended side effects :-) But yeah, interesting times we live in. I've never heard anyone curse their ancestors for the genetic diseases they've inherited, probably because they wouldn't exist except for the ancestors. ("Damn, grandpa, couldn't you have married someone in better health?") Also little good cursing would do. Insurance companies are private entities, so IMHO its moral for them to gather intel (eg, checking blood for nicotine metabolites), or give discounts for folks who've had certain inherited diseases fixed in the future. Or eat better, drive safer, exchange fluids less promiscuously, whatever. I'm more worried about the State, which coerces with violence. From declan at well.com Mon Jul 7 07:35:58 2003 From: declan at well.com (Declan McCullagh) Date: Mon, 07 Jul 2003 10:35:58 -0400 Subject: Secret nanotech spy agency meeting Message-ID: <5.2.1.1.0.20030707103536.042b9050@mail.well.com> today... TECHNOLOGY National Academies Meeting of the Committee on Nanotechnology for the Intelligence Community. Closed session summary posted after the meeting Location: Keck Center of the National Academies, 500 5th St., NW, Washington, D.C.. Contact: James Killian, 202-334-1758; http://www.national-academies.org From mv at cdc.gov Mon Jul 7 11:41:06 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 07 Jul 2003 11:41:06 -0700 Subject: DNA of relative indicts man, cuckolding ignored Message-ID: <3F09BEC2.87CD430@cdc.gov> At 01:15 PM 7/7/03 -0400, Stormwalker wrote: >On Mon, 7 Jul 2003, Major Variola (ret) wrote: >> Interesting, thanks. Even a brother's daughter could be refused. > > The BRCA genes are only transmitted through the mother, but > there are many others that go through both lines. Could you explain how this could be? Any gene has a chance of continuing unless its on the father's Y he has only daughters. (Patrilineal surnames behave like this. I believe there's a "Cohen"-surname related gene set.) (Mitochondrial chromos of course are matrilineal always. For clones they come from the surrogate.) Males can always keep any maternal gene going, even if its not expressed. > Unintended side effects are all but guaranteed :( The tinkering > will resemble eugenics at the building block level. Eliminating genetic > diseases will be great, but introducing other things might not be, just > as eliminating some things might be bad. What's wrong with voluntary eugenics? The invention of agriculture started a policy of negative eugenics that culminates with the industrial welfare state paying stupids to breed, while others chose birth control. And banning somatic or germ line fixes to diseases, if you can do them, is as compassionate as banning insulin. Which isn't even a fix, just a workaround. If a germ line fix has an unintended side effect, you either undo it (revert back to being inclined towards diabetes, if this is preferable to the side effect, say) or you debug or patch it. Current & historical medicine is filled with such things for mere *temporary* meds that don't cure anything. "This nasal spray contains a vector with Service Pack 6 for the germ-line diabetes package installed by your grandfather" :-) From timcmay at got.net Mon Jul 7 11:51:39 2003 From: timcmay at got.net (Tim May) Date: Mon, 7 Jul 2003 11:51:39 -0700 Subject: DNA of relative indicts man, cuckolding ignored In-Reply-To: Message-ID: <0AD3AA14-B0AC-11D7-A65E-000A956B4C74@got.net> On Monday, July 7, 2003, at 10:15 AM, Stormwalker wrote: > On Mon, 7 Jul 2003, Major Variola (ret) wrote: > >> Insurance companies are private entities, so IMHO its moral for >> them to gather intel (eg, checking blood for nicotine metabolites), >> or give discounts for folks who've had certain inherited diseases >> fixed >> in the future. Or eat better, drive safer, exchange fluids less >> promiscuously, whatever. > > I have to disagree here. Medical insurance is not the same as life > or car insurance. It was all supposed to be a big pool that we would > draw on when needed. By skimmimng the cream, infant mortality rates > rise, along with a host of other problems. No, it was NOT "all supposed to be a big pool that we would draw on when needed." You seem to be confusing medical insurance with nationalized social medicine. Do I really need to explain this concept here, to subscribers here? Medical insurance is a risk arbitrage betting scheme just like all other insurance: the actor selling a policy (a contract) is making the bet that he will make more money than he pays out. If he finds out something that alters the expectation of some illness or disease or hazardous activity, then he adjusts the policy premiums accordingly (or even refuses to sell a policy at any price, for understandable reasons). By the way, any scheme to force everyone into the same insurance pool for the same premiums is profoundly antiliberty and is unconstitutional (violates all sorts of rights). "Opting out" of coverage is always fair. If I know I am not a rock climber, why would I pay for coverage for rock climbing falls? And if I know I am not engaging in queer sex or IV drug use, why would I pay for AIDS coverage/ (There are interesting scenarios for private testing for various genes or proclivities, followed by opting-out for the diseases one is highly unlikely to contract. This kind of "not paying for what you don't use" is a form of cherry-picking which only a total state could outlaw. Think about it.) --Tim May From ben at algroup.co.uk Mon Jul 7 03:58:10 2003 From: ben at algroup.co.uk (Ben Laurie) Date: Mon, 07 Jul 2003 11:58:10 +0100 Subject: DNA of relative indicts man, cuckolding ignored In-Reply-To: <3F07C6F6.B1BDBCD8@cdc.gov> References: <3F07C6F6.B1BDBCD8@cdc.gov> Message-ID: <3F095242.8090604@algroup.co.uk> Major Variola (ret.) wrote: > Slashdot pointed to this story of a man indicted via > his *relative's* DNA sample: > > http://news.bbc.co.uk/2/hi/uk_news/wales/3044282.stm > > But an interesting, unmentioned issue is this: in population > DNA surveys you find that a lot of purported fathers *aren't*. > So the possibility of indicting a cuckolded man on the basis > of nominal (only) relatives is quite real. Only he was convicted because he confessed. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From bruen at coldrain.net Mon Jul 7 10:15:04 2003 From: bruen at coldrain.net (Stormwalker) Date: Mon, 7 Jul 2003 13:15:04 -0400 (EDT) Subject: DNA of relative indicts man, cuckolding ignored In-Reply-To: <3F099BCF.FC8B0619@cdc.gov> Message-ID: On Mon, 7 Jul 2003, Major Variola (ret) wrote: > Interesting, thanks. Even a brother's daughter could be refused. The BRCA genes are only transmitted through the mother, but there are many others that go through both lines. > >Ethical issues have surfaced around the desire of the subject's > Perhaps this is the basis for the social stigma of mentally ill > relatives --it says something (probabilistic) about the speaker. With most genes there is not a 100% chance that any one person will suffer, although there are few. One measurement is the PPV, Positive Predictive Value, which gets to estimate the probability that the problem gene will actually cause the problem. Trouble is, it's real hard to get the PPV right. No one really knows how to do it, so the insurance companies just say to any possibility, no matter how remote. > Still, you'll find out when they end up in the hospital. Its useful > knowledge to know your genes ---I know adopted people who > regret not having any clue. I know that my prostate will explode > when I get older. I'd like to know more. Sticking your head > in the sand is rarely helpful. While I agree completely, you might be surprised at just how many people don't want to know and will get upset if you spoil the surprise by telling them. > >In my opinion, very few people understand the impact of human > >understanding of how life is constructed. The science is well > >understood, the engineering has just begun. We are taking conscious > >control of evolution, far past selective breeding and way past clones. > Most descendants of germ-cell-fixed diabetes (etc) will probably > not regret the tinkering of their ancestors, unless there are unintended > side effects :-) Unintended side effects are all but guaranteed :( The tinkering will resemble eugenics at the building block level. Eliminating genetic diseases will be great, but introducing other things might not be, just as eliminating some things might be bad. > But yeah, interesting > times we live in. I've never heard anyone curse their ancestors > for the genetic diseases they've inherited, probably because they > wouldn't exist except for the ancestors. ("Damn, grandpa, couldn't > you have married someone in better health?") Also little good > cursing would do. This already happens - selecting your mate has more procedures if youare in line for a spot as king somewhere. > Insurance companies are private entities, so IMHO its moral for > them to gather intel (eg, checking blood for nicotine metabolites), > or give discounts for folks who've had certain inherited diseases fixed > in the future. Or eat better, drive safer, exchange fluids less > promiscuously, whatever. I have to disagree here. Medical insurance is not the same as life or car insurance. It was all supposed to be a big pool that we would draw on when needed. By skimmimng the cream, infant mortality rates rise, along with a host of other problems. > I'm more worried about the State, which coerces with violence. Well, yes, but the corporations are becoming part of their own state... cheers, bob From mv at cdc.gov Mon Jul 7 14:23:06 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 07 Jul 2003 14:23:06 -0700 Subject: Genetic engineering [was: RE: DNA of relative indicts man, cuckol ding ignored] Message-ID: <3F09E4BA.96B1AB06@cdc.gov> At 03:59 PM 7/7/03 -0400, Trei, Peter wrote: >There are some things where nearly everyone will agree >a genetic fix is desirable - for example, suceptibility to >heart disease, cancer, dental caries, and myopia. Other >'vanity' fixes seem pretty harmless - being tall, busty, >or having a well-stuffed package. > >Its when we get to 'fixes' to behaviour and personality >that things start to get very hairy. Although your examples are important, anyone who has or has known someone with depression, schizophrenia, or ADD [1] will argue that *subjectively unpleasant* mental ills are as worth fixing as bad teeth. If not more so. I fear that those in >power will use genetic engineering as they have used >every other tool at their disposal - weapons, states, >laws, and governments - to maintain their position at >the expense of the overall welfare of the species, by >allowing improvements only to their own descendents, >while requiring changes to those out of power which >make it harder for them to change their status. Agreed, as with the rest of your post. There are real horrorshow future possibilities. One more point. What is "adaptive" depends on your environment. As I try to explain to my more pigmented wife (it comes up because my 3.8 year old is in the "why" phase) while I'd get skin cancer in tropical zones, she'd get rickets in more northerly areas. Extrapolate to personality properties like "inhibition" (recently shown to be persistant from 2 to 20 year olds ie genetic) "aggression", etc. [1] Please don't lets start the flame about chemical coercion in mandatory youth education camps. Real ADD fucks people up. Which is not to say that M.Y.E.C. are well designed nor that ADD treatments are abused. From billy at dadadada.net Mon Jul 7 12:12:28 2003 From: billy at dadadada.net (Billy) Date: Mon, 7 Jul 2003 15:12:28 -0400 Subject: DNA of relative indicts man, cuckolding ignored In-Reply-To: <0AD3AA14-B0AC-11D7-A65E-000A956B4C74@got.net> References: <0AD3AA14-B0AC-11D7-A65E-000A956B4C74@got.net> Message-ID: <20030707191228.GA1016@mail.dadadada.net> On Mon, Jul 07, 2003 at 11:51:39AM -0700, Tim May wrote: > And if I know I am not engaging in queer sex > or IV drug use, why would I pay for AIDS coverage/ You've got to be kidding... From ptrei at rsasecurity.com Mon Jul 7 12:59:21 2003 From: ptrei at rsasecurity.com (Trei, Peter) Date: Mon, 7 Jul 2003 15:59:21 -0400 Subject: Genetic engineering [was: RE: DNA of relative indicts man, cuckol ding ignored] Message-ID: > Major Variola (ret)[SMTP:mv at cdc.gov] writes: > > What's wrong with voluntary eugenics? The invention of > agriculture started a policy of negative eugenics that culminates > with the industrial welfare state paying stupids to breed, while > others chose birth control. And banning somatic or germ line > fixes to diseases, if you can do them, is as compassionate as > banning insulin. Which isn't even a fix, just a workaround. > > If a germ line fix has an unintended side effect, you either undo it > (revert back to being inclined towards diabetes, if this is preferable > to the side effect, say) or you debug or patch it. Current & historical > medicine is filled with such things for mere *temporary* meds that > don't cure anything. > > "This nasal spray contains a vector with Service Pack 6 for the > germ-line diabetes package installed by your grandfather" > > :-) > Once again, the main problem seems to be the 'thats icky' factor which most people have difficulty getting past. We're seeing it today in the hysteria over human cloning, we will see it in human genetic engineering. We saw it in the past in IVF reproduction, and in organ transplantation - for a while in Britain, cornea transplants were banned - the idea of 'looking through a dead mans eyes' was just too weird. Genetic engineering is a new area where man is seizing control from nature, and is now faced with choices which just didn't exist in the past. How individuals and societies should make these decisions is pretty much uncharted territory. For any proposed change, some people will think it's a bad idea, some people will think its great, and some people won't have an opinion. The proportions (and the reasons) will vary from decision to descision. There are some things where nearly everyone will agree a genetic fix is desirable - for example, suceptibility to heart disease, cancer, dental caries, and myopia. Other 'vanity' fixes seem pretty harmless - being tall, busty, or having a well-stuffed package. Its when we get to 'fixes' to behaviour and personality that things start to get very hairy. I fear that those in power will use genetic engineering as they have used every other tool at their disposal - weapons, states, laws, and governments - to maintain their position at the expense of the overall welfare of the species, by allowing improvements only to their own descendents, while requiring changes to those out of power which make it harder for them to change their status. One scenario: "Mr & Mrs Smith: The No Child Should Fear Act of 2015 requires that your proposed son have the 'bullying' gene deleted if he is to attend publicly funded schools. This is similar to the old requirements for vaccination - we don't want your son to endanger other children, do we? Of course, this also weakens any leadership ability he might have been able to exercise later in life, as well as his tendency to question authority, but if it saves one child from humiliation at the hands of a bully, its worth it. If you don't want to accept this change, you are of course free to send your child to private school, as do most leaders. If you can afford it, that is...." So, who gets to decide what changes are good, and for whom? I know what I want the answer to be, but I'm not certain that is the one that will come to pass. Peter Trei From s.schear at comcast.net Mon Jul 7 16:58:17 2003 From: s.schear at comcast.net (Steve Schear) Date: Mon, 07 Jul 2003 16:58:17 -0700 Subject: Idea: The ultimate CD/DVD auditing tool In-Reply-To: <24b93d1e279e96d4f59a360feab93ce2@dizum.com> Message-ID: <5.2.1.1.0.20030707165403.034786c0@mail.comcast.net> At 07:30 2003-07-07 +0200, Nomen Nescio wrote: >This is only for the minimal forms of "protection" which are designed to >work with existing CD/DVD players. If you look at the new audio formats >like SACD, they use encrypted data. All your lasers won't do you any >good unless you can pry a key (and the algorithm!) out of a consumer >player, which won't be easy assuming it is in a tamper-resistant unit. If you believe the article "Myths and Misconceptions about Hardware Hacking," http://www.cptwg.org/Assets/Presentations/ARDG/ARDGHardware_hack05-28-03.pdf , recently posted to the Content Protection Technical Working Group, access to affordable commercial technology for reverse engineering has given hardware hackers the upper hand. steve "There is no protection or safety in anticipatory servility." Craig Spencer From decoy at iki.fi Mon Jul 7 07:01:10 2003 From: decoy at iki.fi (Sampo Syreeni) Date: Mon, 7 Jul 2003 17:01:10 +0300 (EEST) Subject: Idea: The ultimate CD/DVD auditing tool In-Reply-To: <3F0960F0.45EEDF26@cdc.gov> References: <3F0960F0.45EEDF26@cdc.gov> Message-ID: On 2003-07-07, Major Variola (ret) uttered to cypherpunks at lne.com: >Here, ponder this: why are there no oxygen sensor or manifold temperature >or ignition-phase (etc) displays in ordinary cars? Because the wiring, displays, etc. do impose costs, most of all in design expense. You can't do it all in software. With CD drives you can, and it's quite likely it wouldn't constitute more than a page full of C if your existing codebase has any structure at all. So yes, I do understand about cost constraints. It's just that this particular feature wouldn't likely violate any of them, and would be a highly useful feature to a number of people. -- Sampo Syreeni, aka decoy - mailto:decoy at iki.fi, tel:+358-50-5756111 student/math+cs/helsinki university, http://www.iki.fi/~decoy/front openpgp: 050985C2/025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 From declan at well.com Mon Jul 7 14:03:54 2003 From: declan at well.com (Declan McCullagh) Date: Mon, 07 Jul 2003 17:03:54 -0400 Subject: Denver Post article on mattd/proffr/AP/Jim Bell/cypherpunks Message-ID: <5.2.1.1.0.20030707170236.04473010@mail.well.com> http://www.denverpost.com/Stories/0,1413,36~53~1497971,00.html ... The development of digital money, and encryption software restricting government's ability to monitor Internet activity, are common goals among the online anarchists and libertarians known as "cypherpunks." The ultimate purpose of Assassination Politics is to deter people from working for government agencies, corporate media outlets or institutions "beholden to the violence of the state," Taylor said. Professor Rat also has threatened a University of Ottawa law professor, a columnist for The Boston Globe and a Cincinnati police officer. ... The Post is withholding the names of the subjects of posts by Professor Rat to avoid promoting any specific threats. ... Eugene Volokh, a law professor at the University of California-Los Angeles and a First Amendment specialist, said the threats were probably criminal, given Taylor's description of the purpose of Assassination Politics. ... From mv at cdc.gov Mon Jul 7 19:34:50 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 07 Jul 2003 19:34:50 -0700 Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: <3F0A2DC9.69C35B56@cdc.gov> At 08:45 AM 7/7/03 -0700, alan wrote: >But the real issue is that all of these DRM methods rely on "security by >obscurity". Such methods eventually fail. Either the actual method is >discovered and published or the DRM method fails in the marketplace and is >never heard from again. Hilary R and Jack V are *far* more fucked than mere security-by-obscurity. Any human-consumable (analogue) input is readily recordable with a single, one-time ADC, and thereafter is toast. DRM is a fraud perpetrated by engineers on Hollywood suits. Good for employment though. From camera_lumina at hotmail.com Mon Jul 7 16:39:47 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 07 Jul 2003 19:39:47 -0400 Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: Do you have a reference? I don't remember reading that SACD was encrypted. What I DO remember is that the reason there's no standard SACD or DVD-A digital interface is because the Industry wants that digital interface to be encrypted. -TD >From: Nomen Nescio >To: cypherpunks at lne.com >Subject: Re: Idea: The ultimate CD/DVD auditing tool >Date: Mon, 7 Jul 2003 07:30:05 +0200 (CEST) > >Thomas Shaddup writes: > > As a welcomed side effect, not only we'd get a device for circumvention >of > > just about any contemporary (and possibly a good deal of the future >ones) > > optical media "protections" > >This is only for the minimal forms of "protection" which are designed to >work with existing CD/DVD players. If you look at the new audio formats >like SACD, they use encrypted data. All your lasers won't do you any >good unless you can pry a key (and the algorithm!) out of a consumer >player, which won't be easy assuming it is in a tamper-resistant unit. >And you can bet the industry won't make the mistake again of allowing >software-based players, as they did with the DeCSS affair. > >In short, you're fighting yesterday's war. Try looking ahead a bit to >see where the battlegrounds of the future will be contested. _________________________________________________________________ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail From mv at cdc.gov Mon Jul 7 19:41:45 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 07 Jul 2003 19:41:45 -0700 Subject: DNA of relative indicts man, cuckolding ignored Message-ID: <3F0A2F69.B906E601@cdc.gov> At 08:36 PM 7/7/03 -0400, Stormwalker wrote: > >> What's wrong with voluntary eugenics? The invention of agriculture >> started a policy of negative eugenics that culminates with the >> industrial welfare state paying stupids to breed, while others chose >> birth control. And banning somatic or germ line fixes to diseases, if >> you can do them, is as compassionate as banning insulin. Which isn't >> even a fix, just a workaround. > > I was thinking of eugenics where something was forced upon others, > which I do not think is desirable. Hey, I oppose *anything* which is forced upon others, even if *I* deem it as "good". > The invention of agriculture has not yet culminated. It gave/gives > people time to do other things. Yeah, like raise armies, feed bureaucraps, etc. Still, I don't hold it against the farmers. Besides, the dominant cultures are descendants of farmers. See the writings of Jared Diamond. > Good luck banning germ lines :) > >> If a germ line fix has an unintended side effect, you either undo it >> (revert back to being inclined towards diabetes, if this is preferable >> to the side effect, say) or you debug or patch it. Current & historical >> medicine is filled with such things for mere *temporary* meds that >> don't cure anything. > > Reverting may or not be possible. The products of some germ line > may like what they are and wil lnot revert, no matter what other > folks think. Well, if they *like* it, only violent coercion would cause reversion. I was thinking something like, the diabetes-fix package causes premature death or something bothersome like that. Obviously the "service pack 6 nasal spray" needs to refuse to install on folks without the proper prior install. Also it needs to avoid spurious installation on folks who don't want it ---maybe you have to take a snort of some antibiotic combo at the same time to activate it, which is a current technique used for turning on inserted genes. Later From mv at cdc.gov Mon Jul 7 19:57:48 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 07 Jul 2003 19:57:48 -0700 Subject: DNA of relative indicts man, cuckolding ignored Message-ID: <3F0A332C.CBFCC319@cdc.gov> At 08:53 PM 7/7/03 -0400, Stormwalker wrote: >On Mon, 7 Jul 2003, Tim May wrote: >> No, it was NOT "all supposed to be a big pool that we would draw on >> when needed." You seem to be confusing medical insurance with >> nationalized social medicine. > > No, I am not confusing medical insurance with socialized medicine > or anything else. I mentioned life insurance on purpose. That is a > bet on when I will die, they bet later, I bet earlier. Money can > be made - although never by me unless I cheat. Not at all. Much like gambling, sometimes you win "randomly" if you stop playing after that. "Random" is a word that means "ignorance" and both you and the insurer are ignorant about your true lifespan. You only play the life-insurance game once :-) > Medical insurance is about maintenence of our lives. You do not > need to participate, but I'll bet if you get hurt, you'll head > to the nearest emergency room. One person's need does not make another a slave. BTW One could argue that driver's insurance is *more* necessary than medical insurance, because to exist daily you need to drive. But again, need and slaves. > Well, you probably don't need to explain the problems of socialized > medicine, but I would like to hear about how you will do your own > X-Rays or chemotherapy. Some pay cash. You can do without car insurance if you post a bond. Others depend on *voluntary* charity --though nowadays this competes with compulsory (taxed) welfare. > Not any more. See life insurance. Also, please keep in mind that > insurance compnaies do not make their money from premiums, but > from investments of all the premiums they collect and hold. Your model > is not correct. You forget that if the insurer bets wrong, they have to pay up and cash in their investments. For certain investments, premature withdrawl costs more than sitting on the cash. Otherwise, like banks, or landlords with deposits, or other putatively free agents, insurers are free to do with their funds as they please. So long as they hold up their end of the contracts they've entered. >The rock climber will probably not have that > heart attack. FWIW, the rock climber's choice of ancestors (!) has more to do with their heart attack (etc) risk than their choice of avocation. >> (There are interesting scenarios for private testing for various genes >> or proclivities, followed by opting-out for the diseases one is highly >> unlikely to contract. This kind of "not paying for what you don't use" >> is a form of cherry-picking which only a total state could outlaw. >> Think about it.) > > This scenario of testing for specific genes is already underway. Stay > tuned. The flip side of Tim's comment is that you can pay extra for things you are at risk for. In a truly free market, insurers would offer packages customized to your risk. Genomic tendancy towards X? Pay more, get more ---including max payout. Little tendancy towards Y? Pay less. Rational people follow Pascal --you include probability in your reasoning about costs. Of course, in a free society, you are free to be irrational, too. (And consume whatever, and enjoy masochism, etc.) [oblig] Those who would constrain those freedoms have earned killing. From camera_lumina at hotmail.com Mon Jul 7 16:58:24 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 07 Jul 2003 19:58:24 -0400 Subject: Denver Post article on mattd/proffr/AP/Jim Bell/cypherpunks Message-ID: >"The posts made by Professor Rat fall under a relatively new category of >crime known >as "cyberstalking," >said Jim Doyle, a retired New York City >police sergeant who now works as a >cybercrimes consultant for a > >Connecticut company called Internet Crimes. >The statements made by Professor Rat constitute prosecutable offenses, he >said. >"The bottom line is what the victim feels," he said. "Is the victim >threatened? Is the victim alarmed? >Hey, that's a crime." Interesting logic here. Someone writes something not-so-nice about somebody on a list and now that person is being "cyberstalked" even though they're not a subscriber. And now, the stalk-ee is a victim of a crime. And now the person who said something "not-so-nice" has committed a crime. And this guy's a consultant? To whom, I wonder... Funny enough, I don't rmember seeing any of Prof Rat's posts, and I've never even killfiled him. -TD >From: Declan McCullagh >To: cypherpunks at lne.com >Subject: Denver Post article on mattd/proffr/AP/Jim Bell/cypherpunks >Date: Mon, 07 Jul 2003 17:03:54 -0400 > >http://www.denverpost.com/Stories/0,1413,36~53~1497971,00.html > >... > >The development of digital money, and encryption software restricting >government's ability to monitor Internet activity, are common goals among >the online anarchists and libertarians known as "cypherpunks." > >The ultimate purpose of Assassination Politics is to deter people from >working for government agencies, corporate media outlets or institutions >"beholden to the violence of the state," Taylor said. > >Professor Rat also has threatened a University of Ottawa law professor, a >columnist for The Boston Globe and a Cincinnati police officer. > >... > >The Post is withholding the names of the subjects of posts by Professor Rat >to avoid promoting any specific threats. > >... > >Eugene Volokh, a law professor at the University of California-Los Angeles >and a First Amendment specialist, said the threats were probably criminal, >given Taylor's description of the purpose of Assassination Politics. > >... _________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail From bruen at coldrain.net Mon Jul 7 17:36:36 2003 From: bruen at coldrain.net (Stormwalker) Date: Mon, 7 Jul 2003 20:36:36 -0400 (EDT) Subject: DNA of relative indicts man, cuckolding ignored In-Reply-To: <3F09BEC2.87CD430@cdc.gov> Message-ID: On Mon, 7 Jul 2003, Major Variola (ret) wrote: > At 01:15 PM 7/7/03 -0400, Stormwalker wrote: > >On Mon, 7 Jul 2003, Major Variola (ret) wrote: > >> Interesting, thanks. Even a brother's daughter could be refused. > > > > The BRCA genes are only transmitted through the mother, but > > there are many others that go through both lines. > > Could you explain how this could be? My apologies. This is a not what I meant to say. The brca genes can be passed through both paternal and maternal lines. > What's wrong with voluntary eugenics? The invention of agriculture > started a policy of negative eugenics that culminates with the > industrial welfare state paying stupids to breed, while others chose > birth control. And banning somatic or germ line fixes to diseases, if > you can do them, is as compassionate as banning insulin. Which isn't > even a fix, just a workaround. I was thinking of eugenics where something was forced upon others, which I do not think is desirable. The invention of agriculture has not yet culminated. It gave/gives people time to do other things. Good luck banning germ lines :) > If a germ line fix has an unintended side effect, you either undo it > (revert back to being inclined towards diabetes, if this is preferable > to the side effect, say) or you debug or patch it. Current & historical > medicine is filled with such things for mere *temporary* meds that > don't cure anything. Reverting may or not be possible. The products of some germ line may like what they are and wil lnot revert, no matter what other folks think. cheers, bob From bruen at coldrain.net Mon Jul 7 17:53:34 2003 From: bruen at coldrain.net (Stormwalker) Date: Mon, 7 Jul 2003 20:53:34 -0400 (EDT) Subject: DNA of relative indicts man, cuckolding ignored In-Reply-To: <0AD3AA14-B0AC-11D7-A65E-000A956B4C74@got.net> Message-ID: On Mon, 7 Jul 2003, Tim May wrote: > > I have to disagree here. Medical insurance is not the same as life > > or car insurance. It was all supposed to be a big pool that we would > > draw on when needed. By skimmimng the cream, infant mortality rates > > rise, along with a host of other problems. > No, it was NOT "all supposed to be a big pool that we would draw on > when needed." You seem to be confusing medical insurance with > nationalized social medicine. No, I am not confusing medical insurance with socialized medicine or anything else. I mentioned life insurance on purpose. That is a bet on when I will die, they bet later, I bet earlier. Money can be made - although never by me unless I cheat. Medical insurance is about maintenence of our lives. You do not need to participate, but I'll bet if you get hurt, you'll head to the nearest emergency room. The pool I speak of is simply that I may need the services now and you may need some later. We all have shared types of services and very specific service. I will most likely never need medical services for AIDS, but I have used them for broken bones. I will never need them for gyno or for giving birth services, but I may need them for prostrate problems. We all use them when we are born. > Do I really need to explain this concept here, to subscribers here? Well, you probably don't need to explain the problems of socialized medicine, but I would like to hear about how you will do your own X-Rays or chemotherapy. > Medical insurance is a risk arbitrage betting scheme just like all > other insurance: the actor selling a policy (a contract) is making the > bet that he will make more money than he pays out. If he finds out > something that alters the expectation of some illness or disease or > hazardous activity, then he adjusts the policy premiums accordingly (or > even refuses to sell a policy at any price, for understandable reasons). Not any more. See life insurance. Also, please keep in mind that insurance compnaies do not make their money from premiums, but from investments of all the premiums they collect and hold. Your model is not correct. > By the way, any scheme to force everyone into the same insurance pool > for the same premiums is profoundly antiliberty and is unconstitutional > (violates all sorts of rights). "Opting out" of coverage is always > fair. If I know I am not a rock climber, why would I pay for coverage > for rock climbing falls? And if I know I am not engaging in queer sex > or IV drug use, why would I pay for AIDS coverage/ This is a detour from my original proposition, but in answer to your question, you do not pay for rock climbing injuries. You pay for what you need and the rock climber pays for rock climbing risks. You may do something else risky or eat too many french fries that will cause a heart attack later. The rock climber will probably not have that heart attack. Opt out if you wish. I have opted out for a number of years by choice myself and have opted in as well. > (There are interesting scenarios for private testing for various genes > or proclivities, followed by opting-out for the diseases one is highly > unlikely to contract. This kind of "not paying for what you don't use" > is a form of cherry-picking which only a total state could outlaw. > Think about it.) This scenario of testing for specific genes is already underway. Stay tuned. cheers, bob From njohnsn at njohnsn.com Mon Jul 7 19:03:01 2003 From: njohnsn at njohnsn.com (Neil Johnson) Date: Mon, 7 Jul 2003 21:03:01 -0500 Subject: DNA of relative indicts man, cuckolding ignored In-Reply-To: References: Message-ID: <200307072103.01048.njohnsn@njohnsn.com> On Monday 07 July 2003 07:53 pm, Stormwalker wrote: > > Medical insurance is about maintenence of our lives. You do not > need to participate, but I'll bet if you get hurt, you'll head > to the nearest emergency room. The pool I speak of is simply that > I may need the services now and you may need some later. We all have > shared types of services and very specific service. I will most likely > never need medical services for AIDS, but I have used them for broken > bones. I will never need them for gyno or for giving birth services, > but I may need them for prostrate problems. We all use them when we are > born. > Bzzzzt. Tim is correct. Companies that provide medical insurance are betting that you will require $X dollars of medical treatment and then charge you $Y dollars hoping that $Y > $X (including the interest earned by investing $Y). The problem is that as you get older, the probability of you needing $$$ of medical treatment goes up and even higher if you engage in unhealthy practices (smoking, overeating, etc.). The gubmint's solution to this is what you are talking about... "Medicare". The fundamental assumption is that their are more healthy people than sick ones so that the premiums payed by the healthy people can be used to pay for medical care for the sick. Unfortunately, there are two things wrong with this assumption. 1) Amazing advances in medical technology that allow people who are sick to live longer, but are very expensive, which leads to 2) more older (and less healthy) people than young (and more healthy) people. If we are going to continue with the idea of Medicare then society has a whole must begin to make tough decisions on how to ration healthcare (ever heard of triage ?). Which makes more sense: Spend $X dollars on some 80 year old's heart/lung transplant so he can live another 10 years, or spend that money on make sure an unwed mother's baby is born healthy? (Note: either choice has it's own sets of costs and rewards). -- Neil Johnson http://www.njohnsn.com PGP key available on request. From timcmay at got.net Mon Jul 7 21:53:40 2003 From: timcmay at got.net (Tim May) Date: Mon, 7 Jul 2003 21:53:40 -0700 Subject: DNA of relative indicts man, cuckolding ignored In-Reply-To: Message-ID: <24C8AA58-B100-11D7-A65E-000A956B4C74@got.net> On Monday, July 7, 2003, at 05:53 PM, Stormwalker wrote: > On Mon, 7 Jul 2003, Tim May wrote: >>> I have to disagree here. Medical insurance is not the same as life >>> or car insurance. It was all supposed to be a big pool that we >>> would >>> draw on when needed. By skimmimng the cream, infant mortality rates >>> rise, along with a host of other problems. >> No, it was NOT "all supposed to be a big pool that we would draw on >> when needed." You seem to be confusing medical insurance with >> nationalized social medicine. > > No, I am not confusing medical insurance with socialized medicine > or anything else. I mentioned life insurance on purpose. That is a > bet on when I will die, they bet later, I bet earlier. Money can > be made - although never by me unless I cheat. > > Medical insurance is about maintenence of our lives. You do not > need to participate, but I'll bet if you get hurt, you'll head > to the nearest emergency room. The pool I speak of is simply that > I may need the services now and you may need some later. We all have > shared types of services and very specific service. I will most > likely > never need medical services for AIDS, but I have used them for > broken > bones. I will never need them for gyno or for giving birth services, > but I may need them for prostrate problems. We all use them when we > are > born. Medical insurance, car insurance, life insurance, home insurance, boat insurance, etc., are all just variations on a theme. When AAA Insurance meets with Joe Sixpack to discuss his health or life or earthquake insurance, they seek to collect enough information to have a reasonable chance of turning a profit on the deal. Else why would they exist as a business? They likely never have complete information, about fault lines, or fire hazards, or unhealthy behavior, but they can manage their risks reasonably well by standard statistical sampling and actuarial data methods. I won't waste my time further arguing your "medial insurance is different" point until you show you have some basic grounding in how the real economy works and can explain why you think medical insurance is somehow exempt from the normal profit/loss considerations. Saying that health care is important is not enough. It's just another purchased service, after all. > > >> Do I really need to explain this concept here, to subscribers here? > > Well, you probably don't need to explain the problems of socialized > medicine, but I would like to hear about how you will do your own > X-Rays or chemotherapy. First, I pay for my own such needs out of my own pocket. Many firms and well-off individuals are "self-insured." Insurance is not something magical, it's just a set of tradeoffs of risk and ability to pay. For those who cannot possibly raise the $100K for a seldom-needed operation, paying $5000 a year in premiums _may_ make sense. Because they perceive the consequences of not having the money to buy the operation, despite its unlikelihood, to be worth the payment each year. And so on, for a range of scenarios. Second, if I wished to have insurance I would buy it. That's how I would get x-rays or chemotherapy. Saying that because I do not share your views about socialized insurance I must plan on making my own x-ray machine or brewing my own cancer chemicals is not only silly, it is disingenuous. > >> Medical insurance is a risk arbitrage betting scheme just like all >> other insurance: the actor selling a policy (a contract) is making the >> bet that he will make more money than he pays out. If he finds out >> something that alters the expectation of some illness or disease or >> hazardous activity, then he adjusts the policy premiums accordingly >> (or >> even refuses to sell a policy at any price, for understandable >> reasons). > > Not any more. See life insurance. Also, please keep in mind that > insurance compnaies do not make their money from premiums, but > from investments of all the premiums they collect and hold. Your > model > is not correct. You're further gone than I thought. --Tim May "The State is the great fiction by which everyone seeks to live at the expense of everyone else." --Frederic Bastiat From sfurlong at acmenet.net Mon Jul 7 19:07:21 2003 From: sfurlong at acmenet.net (Steve Furlong) Date: Mon, 7 Jul 2003 22:07:21 -0400 Subject: Denver Post article on mattd/proffr/AP/Jim Bell/cypherpunks In-Reply-To: References: Message-ID: <200307072207.21276.sfurlong@acmenet.net> On Monday 07 July 2003 19:58, Tyler Durden wrote: > >"The bottom line is what the victim feels," he said. "Is the victim > >threatened? Is the victim alarmed? >Hey, that's a crime." > > Interesting logic here. Someone writes something not-so-nice about > somebody on a list and now that person is being "cyberstalked" even > though they're not a subscriber. And now, the stalk-ee is a victim of > a crime. And now the person who said something "not-so-nice" has > committed a crime. That standard is used increasingly often. I've had it used against me, more than a decade ago. Just fit this in with "conspiracy" and "attempt" and other fuzzy crimes; they're good for prosecutors because they don't demand hard evidence and juries in practice tend to side with the prosecution. ("If he didn't commit the crime, they wouldn't have arrested him.") Welcome to the new thought crime, where you don't even have to have thought the forbidden, thought; it's enough that someone thinks you thought it. > Funny enough, I don't rmember seeing any of Prof Rat's posts, and > I've never even killfiled him. Many of the nodes filter out mattd/proffr's posts. I think Jim Choate's node (see http://einstein.ssz.com/cdr) delivers his posts, along with viagra ads and other garbage. -- Steve Furlong Computer Condottiere Have GNU, Will Travel "If someone is so fearful that, that they're going to start using their weapons to protect their rights, makes me very nervous that these people have these weapons at all!" -- Rep. Henry Waxman From sfurlong at acmenet.net Mon Jul 7 19:09:30 2003 From: sfurlong at acmenet.net (Steve Furlong) Date: Mon, 7 Jul 2003 22:09:30 -0400 Subject: DNA of relative indicts man, cuckolding ignored In-Reply-To: <200307072103.01048.njohnsn@njohnsn.com> References: <200307072103.01048.njohnsn@njohnsn.com> Message-ID: <200307072209.30579.sfurlong@acmenet.net> On Monday 07 July 2003 22:03, Neil Johnson wrote: > ... Which makes more sense: Spend > $X dollars on some 80 year old's heart/lung transplant so he can live > another 10 years, or spend that money on make sure an unwed mother's > baby is born healthy? That's easy: spend it on the 80-year-old. He's more likely to vote than the unwed, and likely underage, mother. -- Steve Furlong Computer Condottiere Have GNU, Will Travel "If someone is so fearful that, that they're going to start using their weapons to protect their rights, makes me very nervous that these people have these weapons at all!" -- Rep. Henry Waxman From jtrjtrjtr2001 at yahoo.com Mon Jul 7 23:18:31 2003 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Mon, 7 Jul 2003 23:18:31 -0700 (PDT) Subject: [CI] Re: Finding collision resistant hash functions In-Reply-To: Message-ID: <20030708061831.46848.qmail@web21207.mail.yahoo.com> hi, --- Mike Rosing wrote: >It can't be collision free if the number of input > bits exceeds the number > of output bits. Think about it, it should be > obvious! Yes,the pigeon hole principle but that was not what i meant. Lets say we are using SHA-1 and i hash 2^80 messages.What I am looking for is a compression function such that the chances of collision in the message digest obtained by hashing these 2^80 messages is collision free or very low probability of collision.How do we make such a compression function? I am not hashing more than 2^160 to get the collisions as you had suggested. Regards Sarath. __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com From jtrjtrjtr2001 at yahoo.com Mon Jul 7 23:34:24 2003 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Mon, 7 Jul 2003 23:34:24 -0700 (PDT) Subject: collision resistant hash functions- In-Reply-To: <3F09630A.148FCF@cdc.gov> Message-ID: <20030708063425.7264.qmail@web21206.mail.yahoo.com> hi, --- "Major Variola (ret)" wrote: > Because there are no collision *free* hash > functions, > there will always be several domain elements that > map to the > same range element. Assuming more domain elements > than > range elements, which is generally what people mean > by hashing. yes-thats clear. > You're probably looking for functions that make it > hard to intentionally >find arguments that produce hashes identical to a >given one. Say I hash 2^80 messages using SHA-1. I want to be sure that no 2 messages will hash to the same MD or has a very low probability of hashing to the same MD.I was looking on how to build such compression functions. >You'll > first > have to use language more precisely to get any use > out of it. Yes-I will be careful. Regards Sarath. __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com From nobody at dizum.com Mon Jul 7 23:40:01 2003 From: nobody at dizum.com (Nomen Nescio) Date: Tue, 8 Jul 2003 08:40:01 +0200 (CEST) Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: Major Variola writes: > Any human-consumable (analogue) input is readily recordable with > a single, one-time ADC, and thereafter is toast. DRM is a fraud > perpetrated by engineers on Hollywood suits. Good for employment > though. There is a loss of quality if you go through an analog stage. Real and wannabe audiophiles will prefer the real thing, pure and undiluted by a reconversion phase. These are the people who are already swallowing the marketing line that the CD bandwidth limit of 22KHz is too low for good fidelity, despite being higher than they can hear. Consider how much more wine from Champagne is worth than that from a village just outside of the appelation limits. People want to feel that they are getting the authentic goods, and they'll pay for them. That's what the RIAA is counting on. From mv at cdc.gov Tue Jul 8 08:56:29 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 08 Jul 2003 08:56:29 -0700 Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: <3F0AE9AD.BDD32E1@cdc.gov> At 08:40 AM 7/8/03 +0200, Nomen Nescio wrote: >Major Variola writes: > >> Any human-consumable (analogue) input is readily recordable with >> a single, one-time ADC, and thereafter is toast. DRM is a fraud >> perpetrated by engineers on Hollywood suits. Good for employment >> though. > >There is a loss of quality if you go through an analog stage. There are some very nice DAC <--> ADC chains and some well shielded cables. The real problem with the old analogue world was *successive* copying. One conversion is fine almost always. Real and >wannabe audiophiles will prefer the real thing, pure and undiluted by >a reconversion phase. These are the people who are already swallowing >the marketing line that the CD bandwidth limit of 22KHz is too low for >good fidelity, despite being higher than they can hear. Take a look at the quality of the .MP3s that give Hillary the shits. Take a look at the psychoacoustic compromises in even the best MP3 standard. Consider that music is often listened to on small computer speakers with fan noise, or in cars with road noise and horrible acoustic chamber properties. Even those who listen with headphones seem to enjoy MP3s. >Consider how much more wine from Champagne is worth than that from a >village just outside of the appelation limits. People want to feel >that they are getting the authentic goods, and they'll pay for them. >That's what the RIAA is counting on. Then I would not buy stock in RIAA-type companies, nor would I extend credit to their employees. I guess we'll see. From mv at cdc.gov Tue Jul 8 09:00:43 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 08 Jul 2003 09:00:43 -0700 Subject: [CI] Re: Finding collision resistant hash functions Message-ID: <3F0AEAAB.54E31E99@cdc.gov> At 11:18 PM 7/7/03 -0700, Sarad AV wrote: >Lets say we are using SHA-1 and i hash 2^80 >messages.What I am looking for is a compression >function such that the chances of collision in the >message digest obtained by hashing these 2^80 messages >is collision free or very low probability of >collision.How do we make such a compression function? You don't need one with a good hash function. Consider a hash made out of a block cipher digesting the input. A block cipher has the property that any one bit difference in input will change half the output bits on average. There's nothing gained by increasing the input entropy (compressing). From timcmay at got.net Tue Jul 8 09:33:58 2003 From: timcmay at got.net (Tim May) Date: Tue, 8 Jul 2003 09:33:58 -0700 Subject: DNA of relative indicts man, cuckolding ignored In-Reply-To: Message-ID: On Tuesday, July 8, 2003, at 02:55 AM, Vincent Penquerc'h wrote: >> When AAA Insurance meets with Joe Sixpack to discuss his >> health or life >> or earthquake insurance, they seek to collect enough information to >> have a reasonable chance of turning a profit on the deal. Else why >> would they exist as a business? > > But there is a necessary asymmetry here. If you could determine > with good precision whether someone will be affected by an illness, > when, how much, etc, then this wouldn't work, save for superstition > on the part of Joe Sixpack. Since the contract is based on a bet on > the likelihood of premium/payouts balance, the more you can find > out about the future of the insured person's organism future, the > closer the premiums will match the payouts, reliably. *IF* you can > determine this, of course. Sure, this is what "price discovery" is all about, in many contexts and in many markets. "Reasoning with incomplete information" is the basis for just about everything. Animals reason without complete information, insurance companies reason without complete information, we all do. I don't claim either party in an insurance contract knows the future, or even knows the probabilities of things happening. > So the goal will be for the insurer to > get access to as much info as possible to assess how to set the > premiums, while preventing the insured from knowing as much, so > there is still the uncertainty and the value of "peace of mind" > gotten by the insured, and that's worth something too. > The converse is also true. And both raise the problem of assessment > of the data - how does the insurer get the data (getting DNA from > the would be insured ? with the insured's knowledge or not ? From > the contract clause that subordinates the insurance to the supplying > of the data by the insured ? Will credit bureaus expand to cover > this kind of thing ?) > If there is total symmetry, insurance loses its point entirely. Knowing a lot about DNA still doesn't mean the future is known...when or if pregnancies will occur, when or if a fall from a cliff will occur, or, obviously, when some rare disease will appear. Insurers already seek maximum information. This is their "right" (in the sense that the signing of an insurance contract is a mutually uncoerced transaction). > Could we see a gradual disappearance of some sorts of insurance > for events that cease to be probabilistic ? > Just musing. All of it already happens, but I'm curious about the > limit of it (in the mathemetical sense) when the precision of the > prediction tends towards infinity. As I said, many corporations choose to self-insure. Partly because they can carry the costs of coverage of rare events themselves, partly because they have excellent estimates of what ranges of events are likely to occur. Insurance has been in a process of evolutionary learning and better estimation for decades, even centuries. It shows no signs of going away. In fact, better estimation of risks has generally led to more and more refined kinds of insurance, even niche market insurance. Let me give an example: A friend of mine just told me that his very elderly parents had to be flown home, with a medical attendant, from St. Petersburg, Russia to San Francisco. I don't know the full details, as his comment was in an e-mail message, but I know his parents were on some kind of Baltic Sea cruise. My friend said the emergency flight home was very expensive, but that his father had for the first time purchased "trip insurance," so the costs are covered. This kind of insurance didn't exist in the 1950s, that's for sure. More information means someone thinks they can make a buck making a certain kind of bet. Sometimes they bet wrong, except betting wrong is part of the scheme. The larger issue is that these transactions be uncoerced. The crypto significance may be a bit abstract, but it's related to selective disclosure of information, e.g., uncovering one of a series of covered coins, or showing a hand of cards. Alice and Bob play various games, sometimes buying disclosure of bits of information. "All crypto is economics" is just another way of saying the world and people in it do not have perfect information about the state of others, about their intents, about the future. Both investors and actuaries are in the business of trying to estimate and predict better than others. --Tim May "Ben Franklin warned us that those who would trade liberty for a little bit of temporary security deserve neither. This is the path we are now racing down, with American flags fluttering."-- Tim May, on events following 9/11/2001 From camera_lumina at hotmail.com Tue Jul 8 07:01:04 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 08 Jul 2003 10:01:04 -0400 Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: Nobody wrote... "There is a loss of quality if you go through an analog stage. Real and wannabe audiophiles will prefer the real thing, pure and undiluted by a reconversion phase. These are the people who are already swallowing the marketing line that the CD bandwidth limit of 22KHz is too low for good fidelity, despite being higher than they can hear." I'm in that category. And as someone who basically grew up in Carnegie Hall and the Metropolitan Opera, I trust my ears (I saw the opera Wozzeck twice by the time I was 17). There are engineering reasons for this that I'm willing to discuss, though the discussion will be tedious for engineers, and impossible to understand for non-engineers. Far easier will be for you to go and listen to a CD player that can upsample standard CD to 24bits/196kHz. The difference is not by any means subtle. As an audiophile (Krell+Levinson+Thiel gear at home), I definitely don't want to grab an analog signal. Doing that the signal is sure to retain characteristics of the extracting gear. But the vast majority of P2P kids won't care one iota that their file was analog for half a second. -TD >From: Nomen Nescio >To: cypherpunks at lne.com >Subject: Re: Idea: The ultimate CD/DVD auditing tool >Date: Tue, 8 Jul 2003 08:40:01 +0200 (CEST) > >Major Variola writes: > > > Any human-consumable (analogue) input is readily recordable with > > a single, one-time ADC, and thereafter is toast. DRM is a fraud > > perpetrated by engineers on Hollywood suits. Good for employment > > though. > >There is a loss of quality if you go through an analog stage. Real and >wannabe audiophiles will prefer the real thing, pure and undiluted by >a reconversion phase. These are the people who are already swallowing >the marketing line that the CD bandwidth limit of 22KHz is too low for >good fidelity, despite being higher than they can hear. > >Consider how much more wine from Champagne is worth than that from a >village just outside of the appelation limits. People want to feel >that they are getting the authentic goods, and they'll pay for them. >That's what the RIAA is counting on. _________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail From eresrch at eskimo.com Tue Jul 8 10:47:59 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Tue, 8 Jul 2003 10:47:59 -0700 (PDT) Subject: Idea: The ultimate CD/DVD auditing tool In-Reply-To: <875335371.20030708130006@realhappy.net> Message-ID: On Tue, 8 Jul 2003, stuart wrote: > Now, when DRM gets into windows, I'm sure Virtual Audio Cable will stop > working, RealAudio will stop making linux clients (why bother?), RIAA > will (try to) make CDs that can only be played with windows clients, > etc. Then someone will crack the formats of the audio streams and the > CDs, and round and round she goes, where she stops, nobody knows. > > As things are now, it's easy to get the digital signal before it reaches > the DAC, you don't need to go to DAC -> ADC, you don't need to plug your > line-out to your line-in and degrade your signal. > > If the RIAA get their content to only work on Windows-type boxes, and if > MS gets DRM to work in their Windows, things will become much more > difficult. But these are big ifs that can quite possibly be circumvented > even if they do come to fruition. There's always high-end sound cards > that don't even use analog. > > DRM is not going to stop file sharing. > They're trying to catch smoke with nets. Yup, check out this dvd unit: http://www.220-electronics.com/dvd/daewoo5800.htm where it says: "Custom modification with code free automatic and manual selection of regions and macrovision disabled. Excellent quality dvd player with all the features." and "Price just reduced by over $100. Was 249.00 Now only $129.00 The Daewoo 5800 custom modification has been designed to make life a lot less complicated. It has superb Audio and video components outperforming major brands such as Sony, Panasonic and Pioneer. " So it won't be long before bypass systems will be commercially available. At least in some parts of the _free_ world. Patience, persistence, truth, Dr. mike From Vincent.Penquerch at artworks.co.uk Tue Jul 8 02:55:39 2003 From: Vincent.Penquerch at artworks.co.uk (Vincent Penquerc'h) Date: Tue, 8 Jul 2003 10:55:39 +0100 Subject: DNA of relative indicts man, cuckolding ignored Message-ID: > When AAA Insurance meets with Joe Sixpack to discuss his > health or life > or earthquake insurance, they seek to collect enough information to > have a reasonable chance of turning a profit on the deal. Else why > would they exist as a business? But there is a necessary asymmetry here. If you could determine with good precision whether someone will be affected by an illness, when, how much, etc, then this wouldn't work, save for superstition on the part of Joe Sixpack. Since the contract is based on a bet on the likelihood of premium/payouts balance, the more you can find out about the future of the insured person's organism future, the closer the premiums will match the payouts, reliably. *IF* you can determine this, of course. So the goal will be for the insurer to get access to as much info as possible to assess how to set the premiums, while preventing the insured from knowing as much, so there is still the uncertainty and the value of "peace of mind" gotten by the insured, and that's worth something too. The converse is also true. And both raise the problem of assessment of the data - how does the insurer get the data (getting DNA from the would be insured ? with the insured's knowledge or not ? From the contract clause that subordinates the insurance to the supplying of the data by the insured ? Will credit bureaus expand to cover this kind of thing ?) If there is total symmetry, insurance loses its point entirely. Could we see a gradual disappearance of some sorts of insurance for events that cease to be probabilistic ? Just musing. All of it already happens, but I'm curious about the limit of it (in the mathemetical sense) when the precision of the prediction tends towards infinity. -- Vincent Penquerc'h From timcmay at got.net Tue Jul 8 11:04:26 2003 From: timcmay at got.net (Tim May) Date: Tue, 8 Jul 2003 11:04:26 -0700 Subject: Idea: The ultimate CD/DVD auditing tool In-Reply-To: <875335371.20030708130006@realhappy.net> Message-ID: <9C88EC34-B16E-11D7-A65E-000A956B4C74@got.net> On Tuesday, July 8, 2003, at 10:00 AM, stuart wrote: > On Tuesday, July 8, 2003, Tyler came up with this... > >> Nobody wrote... > >> "There is a loss of quality if you go through an analog stage. Real >> and >> wannabe audiophiles will prefer the real thing, pure and undiluted by >> a reconversion phase. These are the people who are already swallowing >> the marketing line that the CD bandwidth limit of 22KHz is too low for >> good fidelity, despite being higher than they can hear." > >> characteristics of the extracting gear. But the vast majority of P2P >> kids >> won't care one iota that their file was analog for half a second. > > But you don't need to go to analog at all. > I mean, aren't we using computers here? > > Using VSound for Linux (which I have used) and Virtual Audio Cable for > Windows (which I haven't used) you can tap the signal before it even > hits the sound card. I use VSound to make usable sound files from > realaudio files. Both sites even say a sound card isn't even necessary. > I don't know, I haven't tried that. Agreed, many options for directly grabbing the data. However, most people don't care about minor analog stages. Audiophiles and videophiles are not the primary consumers of this stuff, as evidenced by the mountains of MP3s not even sampled as well as they could be (64 kbps being the norm) and by the DIVX files shipped around the Web. And videos 10x-compressed to fit on CD-Rs. The people bootlegging CDs and DVDs are not usually the people with the 40-inch plasma screens. Video pirates in Asia routinely use covert camcorders to grab weird-ass angles of first-run movies. And their DVD stall customers cheerfully pay them the equivalent of two dollars for their DVDs. Compared to this, sampling from an analog signal is heaven. I have my own collection of about 30 DVD+Rs, each containing 1-2 full-length videos. By the end of this year, I should have several hundred movies added to my collection. The video quality is perfectly fine for me, and I like good quality. Until I move to HDTV and blue ray DVD, the quality is excellent. And even with HDTV and blue ray, so long as component video connections (a la progressive scan cables) are available, nearly perfect sampling will still be easy to do. (Which is why Hollywood would like the HDTV sets to be sealed, with only digital inputs. Except that they tried this trick with twiddling with the specs of past HD generations. A lot of HDTV receivers and monitors are already out there, and changing the spec yet again and making the suckers, er, "early adopters," have to scrap their systems is not going to go over very well.) > > DRM is not going to stop file sharing. > They're trying to catch smoke with nets. Indeed. --Tim May (.sig for Everything list background) Corralitos, CA. Born in 1951. Retired from Intel in 1986. Current main interest: category and topos theory, math, quantum reality, cosmology. Background: physics, Intel, crypto, Cypherpunks Friends, After more than 7 years with my got.net e-mail address, "tcmay at got.net", the amount of unsolicited e-mail I am getting on a daily basis has escalated sharply in recent months. So my new address is "timcmay at got.net" Please make a note of it and change your address books...if you wish to reach me in the future! Mail to my old address will be forwarded to my new adress for a few weeks, but then will start bouncing. P.S. I plan to make strong efforts to stop my new address from being harvested by spammers, such as using "timcmay at got.removethis.net" in Usenet posts. I hope this works. --Tim, timcmay at got.net From timcmay at got.net Tue Jul 8 11:18:21 2003 From: timcmay at got.net (Tim May) Date: Tue, 8 Jul 2003 11:18:21 -0700 Subject: Idea: The ultimate CD/DVD auditing tool In-Reply-To: Message-ID: <8E2A647C-B170-11D7-A65E-000A956B4C74@got.net> On Tuesday, July 8, 2003, at 10:40 AM, Peter Fairbrother wrote: > > A curiosity, only tenuously related - I just came across a Feb 1994 > copy of > Elector magazine, with plans for a S/PDIF copybit eliminator (for > SCMS). > Seems people have been defeating copy protection for a while.. > I've owned an "Audio Alchemy" SCMS-stripper since 1991, when I bought my first DAT machine. It cost about $99, was about the size of a deck of cards, and stripped the SCMS bits out of the digital bitstream. A later DAT machine I bought, a Tascam portable pro deck, has the SCMS stripped by default. (It takes in digital signals and writes to the DAT with the SCMS code set to "unlimited number of digital copies allowed.") Likewise, a professional CD writer I own (HHB) bypasses SCMS. (Not just allowing a digital copy to be made, but making the resulting CD-R copyable freely.) A friend of mine bought his DVD player on EBay: it bypasses all region coding (i.e., it makes all DVDs "region-free"). Region coding is a different issue, but part of the DRM universe. Until George W. Bush and the Carlyle Group start putting money into these things and thus discover that SCMS strippers are terrorist tools, such tools will likely continue to be available. "Use a logic analyzer, go to jail." --Tim May "He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you." -- Nietzsche From bruen at coldrain.net Tue Jul 8 08:30:27 2003 From: bruen at coldrain.net (Stormwalker) Date: Tue, 8 Jul 2003 11:30:27 -0400 (EDT) Subject: DNA of relative indicts man, cuckolding ignored In-Reply-To: <200307072103.01048.njohnsn@njohnsn.com> Message-ID: On Mon, 7 Jul 2003, Neil Johnson wrote: > On Monday 07 July 2003 07:53 pm, Stormwalker wrote: > > > > > Medical insurance is about maintenence of our lives. You do not > > need to participate, but I'll bet if you get hurt, you'll head > > to the nearest emergency room. The pool I speak of is simply that > > I may need the services now and you may need some later. We all have > > shared types of services and very specific service. I will most likely > > never need medical services for AIDS, but I have used them for broken > > bones. I will never need them for gyno or for giving birth services, > > but I may need them for prostrate problems. We all use them when we are > > born. > > > > Bzzzzt. Tim is correct. Companies that provide medical insurance are betting > that you will require $X dollars of medical treatment and then charge you $Y > dollars hoping that $Y > $X (including the interest earned by investing $Y). Correct to a point. As businesses, their primary goal is to make a profit. Providing goods/services is a by-product. Please don't assume I like insurance companies, especially when they are in between me and medical services. I would be happier self-insuring and paying for the spikes in cost along the way. I was merely pointing out that, although the insurance providers and others, see the industry as a busines (read quarterly/annual timeframes), this is an incorrect way of looking at it. It is incorrect because our lives go past the annual profit and should be viewed over a much longer time span. By comparing my behavior today with the behavior of others, you get a distorted picture of what is happening. The business is happy with that picture because there is always someone to point a finger at, today. > The problem is that as you get older, the probability of you needing $$$ of > medical treatment goes up and even higher if you engage in unhealthy > practices (smoking, overeating, etc.). This is true to a point, but the facts are a little different. The stats show a spike in deaths at age 50 and 65, which is the basis for SS retirement age, and for over 50 folks it's 66 and increasing. The spikes are caused by bad behavior, bad genes and bad luck, but have been reliable for a long time. > The gubmint's solution to this is what you are talking about... "Medicare". > The fundamental assumption is that their are more healthy people than sick > ones so that the premiums payed by the healthy people can be used to pay for > medical care for the sick. Pyramid scheme. > Unfortunately, there are two things wrong with this assumption. 1) Amazing > advances in medical technology that allow people who are sick to live longer, > but are very expensive, which leads to 2) more older (and less healthy) > people than young (and more healthy) people. Again, true to a point. It turns out once the sickly have been weeded out (50 & 65), the 80+ people are *generally* in good health when compared to the rest of the population in spite the creation of the living dead segment. Keep in mind that young people stress the medical system as well as the old. Giving birth is not cheap, for example. Neither is pediatric care. If you are going analyze the costs, you need to look at all of them, not a just piece at time. Why should I pay for an AIDS patient? Well, why should I pay for women giving birth, except when it's my child? cheers, bob From mv at cdc.gov Tue Jul 8 12:16:36 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 08 Jul 2003 12:16:36 -0700 Subject: idea: brinworld meets the credit card Message-ID: <3F0B1894.9AB25F99@cdc.gov> Authentication is "Something you have / know / are." A simple plastic credit card + PIN provides the first two, including a photo provides the third "something you are". A face is more often checked than the readily forgable signature, in live authentication. But as cameras become ubiquitous (e.g., in cell phones) some extra security could be obtained for *remote* authentication by sending a trusted photo of the account holder plus a live picture of the card user. A picture glued into the card could be forged, but a smartcard (with more data area than a magstripe) could include a picture of the account holder, so a thief has no idea what to look like. But the vendor can check the encrypted smartcard face to the face on the phone or webcam. For high-value remote transactions, where you pay someone to check faces, this might be viable in a few years. In a few years after that, machines might be able to check faces more cheaply, as reliably. The live face-check with embedded digital photos is already standard practice on high-security building-entry cards (and passports?), with the guard comparing the card-embedded face to the one before him. Ubiquitous cameras will bring that face-check to remote transactions, reducing cost due to lower fraud. Thoughts? From mv at cdc.gov Tue Jul 8 12:33:56 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 08 Jul 2003 12:33:56 -0700 Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: <3F0B1CA4.2E660C94@cdc.gov> At 02:55 PM 7/8/03 -0400, Billy wrote: >On Tue, Jul 08, 2003 at 01:26:46PM -0400, Trei, Peter wrote: >> While the ear can't hear above 22KHz, signal above that *can* >> effect the perceived sound, by heterodyne effects. For example, >> if you play a single tone of 28KHz, or a single tone of 30 KHz, >> you can't hear them. Play them together, however, and you >> *can* hear a beat frequency of 2KHz. > >Bullshit detector buzzing. >Is this *really* true? Have you tried it? I haven't, but it does ring true. You'd get 2 Khz as well as other intermodulation products. Standard EE stuff. You've read about the company trying to sell highly localized speakers? They modulate two intense ultrasound beams, and the air does the nonlinear mixing where they meet. In the audiophile, lower-intensity case, the ears' nonlinearity would do it. Interesting info, Peter. From stuart at realhappy.net Tue Jul 8 10:00:06 2003 From: stuart at realhappy.net (stuart) Date: Tue, 8 Jul 2003 13:00:06 -0400 Subject: Idea: The ultimate CD/DVD auditing tool In-Reply-To: References: Message-ID: <875335371.20030708130006@realhappy.net> On Tuesday, July 8, 2003, Tyler came up with this... > Nobody wrote... > "There is a loss of quality if you go through an analog stage. Real and > wannabe audiophiles will prefer the real thing, pure and undiluted by > a reconversion phase. These are the people who are already swallowing > the marketing line that the CD bandwidth limit of 22KHz is too low for > good fidelity, despite being higher than they can hear." > characteristics of the extracting gear. But the vast majority of P2P kids > won't care one iota that their file was analog for half a second. But you don't need to go to analog at all. I mean, aren't we using computers here? Using VSound for Linux (which I have used) and Virtual Audio Cable for Windows (which I haven't used) you can tap the signal before it even hits the sound card. I use VSound to make usable sound files from realaudio files. Both sites even say a sound card isn't even necessary. I don't know, I haven't tried that. VSound is archived at http://www.zorg.org/vsound but is no longer maintained by the author, who is Australian and scared of Australia's version of the DMCA, because this tool can obviously be used to circumvent copyright protection. Then again, so can a 3-inch 1/8mm to 1/8mm cable, but audio cable manufacturers are poor targets, while solitary programmers are much better at drawing the ire of anti-copyright circumvention death squads. Now, when DRM gets into windows, I'm sure Virtual Audio Cable will stop working, RealAudio will stop making linux clients (why bother?), RIAA will (try to) make CDs that can only be played with windows clients, etc. Then someone will crack the formats of the audio streams and the CDs, and round and round she goes, where she stops, nobody knows. As things are now, it's easy to get the digital signal before it reaches the DAC, you don't need to go to DAC -> ADC, you don't need to plug your line-out to your line-in and degrade your signal. If the RIAA get their content to only work on Windows-type boxes, and if MS gets DRM to work in their Windows, things will become much more difficult. But these are big ifs that can quite possibly be circumvented even if they do come to fruition. There's always high-end sound cards that don't even use analog. DRM is not going to stop file sharing. They're trying to catch smoke with nets. -- stuart Don't put your faith in gods. But you can believe in turtles. -Terry Pratchett (Small Gods)- From ptrei at rsasecurity.com Tue Jul 8 10:26:46 2003 From: ptrei at rsasecurity.com (Trei, Peter) Date: Tue, 8 Jul 2003 13:26:46 -0400 Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: > Tyler Durden[SMTP:camera_lumina at hotmail.com] wrote: > > Nobody wrote... > > "There is a loss of quality if you go through an analog stage. Real and > wannabe audiophiles will prefer the real thing, pure and undiluted by > a reconversion phase. These are the people who are already swallowing > the marketing line that the CD bandwidth limit of 22KHz is too low for > good fidelity, despite being higher than they can hear." > > I'm in that category. And as someone who basically grew up in Carnegie > Hall > and the Metropolitan Opera, I trust my ears (I saw the opera Wozzeck twice > > by the time I was 17). > > There are engineering reasons for this that I'm willing to discuss, though > > the discussion will be tedious for engineers, and impossible to understand > > for non-engineers. Far easier will be for you to go and listen > to a CD player that can upsample standard CD to 24bits/196kHz. The > difference is not by any means subtle. > > As an audiophile (Krell+Levinson+Thiel gear at home), I definitely don't > want to grab an analog signal. Doing that the signal is sure to retain > characteristics of the extracting gear. But the vast majority of P2P kids > won't care one iota that their file was analog for half a second. > > -TD > I'll ditto that - my brother is an extremist audiophile - he writes reviews for the high-end stuff (google "Mike Trei"). Many (by no means all) top end audophiles prefer all-analog equipment, and direct-cut vinyl records (ie, the master disk was cut directly at the performance, without a magtape master). I've listened to some of this stuff, and it just blows digital away. The general attitude is that while low-end digital beats low-end analog, high-end analog beats high-end digital. Digital places a distinct floor on how bad the quality can be, but it also puts a ceiling on it. The data capacity of a vinyl groove is a lot higher than a CD pit-track, but you need very good equipment to use it. While the ear can't hear above 22KHz, signal above that *can* effect the perceived sound, by heterodyne effects. For example, if you play a single tone of 28KHz, or a single tone of 30 KHz, you can't hear them. Play them together, however, and you *can* hear a beat frequency of 2KHz. Peter Trei From ericm at lne.com Tue Jul 8 13:36:10 2003 From: ericm at lne.com (Eric Murray) Date: Tue, 8 Jul 2003 13:36:10 -0700 Subject: idea: brinworld meets the credit card In-Reply-To: <3F0B1894.9AB25F99@cdc.gov>; from mv@cdc.gov on Tue, Jul 08, 2003 at 12:16:36PM -0700 References: <3F0B1894.9AB25F99@cdc.gov> Message-ID: <20030708133610.A23283@slack.lne.com> On Tue, Jul 08, 2003 at 12:16:36PM -0700, Major Variola (ret) wrote: > Authentication is "Something you have / know / are." [..] > A picture glued into the card could be forged, but a > smartcard (with more data area than a magstripe) > could include a picture of the account holder, > so a thief has no idea what to look like. But the vendor can > check the encrypted smartcard face to the face on the phone > or webcam. For high-value remote transactions, where you > pay someone to check faces, this might be viable in a few years. > In a few years after that, machines might be able to check faces > more cheaply, as reliably. > > The live face-check with embedded digital photos is already standard > practice > on high-security building-entry cards (and passports?), > with the guard comparing the card-embedded face to the one before him. > Ubiquitous cameras will bring that face-check to remote transactions, > reducing cost due to lower fraud. > > Thoughts? How does it allow the merchant to view the picture while preventing the thief from doing so? Saying "it's encrypted" is, at best, sweeping a very large problem under a small rug. Who holds the key? How does the card or the user authenticate a real merchant vs. a thief posing as a merchant? Those are the hard problems. No one in biometrics has yet been able to solve them in a general way. Eric From bruen at coldrain.net Tue Jul 8 11:49:40 2003 From: bruen at coldrain.net (Stormwalker) Date: Tue, 8 Jul 2003 14:49:40 -0400 (EDT) Subject: DNA of relative indicts man, cuckolding ignored In-Reply-To: Message-ID: Okay, I will make one last stab at showing why medical/health insurance is different from other forms of insurance, then, unless something really new appears, let it drop. I don't want to waste anyone's time and it was not that important to me in the first place. I have no love for any insurance provider. My attempt to understand does not imply approval. What I consider to be important and relevant, is the next 10 or so years where the engineering phase resulting from the mapping/sequencing of human genome will get into high gear. We will all be able to know more about each other than ever before and be able to manipulate the building blocks of life. This will have a major impact on all of us. Now, for the insurance stuff. If I take out boat insurance and my boat sinks, I collect for the boat (assuming my policy was written that way and I did nothing to invalidate it). The parties involved are myself and the insurance company. If I take out life insurance, when I die, my beneficiary collects from the insurance company, only because I am dead and cannot collect myself. If my car is wrecked, I collect from the insurance company (I or they may have to pay a lien holder). In the medical insurance game, I pay a premium to the insurance company. When I need to collect (ie use medical services) I go to a physician or hospital and they get paid for providing services by the insurer. I do not collect money for breaking my arm or catching the flu. It is not enough to call all insurance games the same just because the profit motive exists for all of them. That's like saying baseball and basketball are the same because they both use balls. The difference is in the existance of the third party (medical professionals), required because it is life maintenance, not a simple betting game like the other insurance games. If my boat is only damaged, I can collect the money and fix it myself or not, as I please. The same is not true of health insurance. Imagine that I break my arm, then insist that I be paid whatever it would have cost to fix it. I could decide to fix it myself or not fix it at all. Or take the money and go my choice of healer. Because of this structure, I do not accept that insurance companies need to know anything beyond the minimum about me. They know how to price it without detailed personal information. If this is not clear enough, so be it. Lastly, medical insurance is often (not always) coerced. For example, in a divorce case, especially with kids involved, one or both parents will be required to carry it. If you want to be full time student in Massachusetts, you are required to carry it (and telling me to give up my choice of being a student is still being coerced.). If you want a job in Massachusetts, you can only choose which provider you want. Not to carry it is not a choice. This may not be true in other states, but it is true in some. I used to live in Mass. cheers, bob From billy at dadadada.net Tue Jul 8 11:55:26 2003 From: billy at dadadada.net (Billy) Date: Tue, 8 Jul 2003 14:55:26 -0400 Subject: Idea: The ultimate CD/DVD auditing tool In-Reply-To: References: Message-ID: <20030708185526.GA12797@mail.dadadada.net> On Tue, Jul 08, 2003 at 01:26:46PM -0400, Trei, Peter wrote: > While the ear can't hear above 22KHz, signal above that *can* > effect the perceived sound, by heterodyne effects. For example, > if you play a single tone of 28KHz, or a single tone of 30 KHz, > you can't hear them. Play them together, however, and you > *can* hear a beat frequency of 2KHz. Bullshit detector buzzing. Is this *really* true? Have you tried it? The beat frequency is an amplitude envelope around the 30kHz tone (think AM). No part of its spectrum falls within audible range. It shouldn't be audible at all. From morlockelloi at yahoo.com Tue Jul 8 15:12:30 2003 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Tue, 8 Jul 2003 15:12:30 -0700 (PDT) Subject: idea: brinworld meets the credit card In-Reply-To: <20030708133610.A23283@slack.lne.com> Message-ID: <20030708221230.93457.qmail@web40613.mail.yahoo.com> > Those are the hard problems. No one in biometrics > has yet been able to solve them in a general way. And the merchant example is the wrong application. The merchant doesn't care WHO you are - that's a false premise. Merchant cares if you can pay. Now, that's a completely solvable issue. Of course, we know who and why is trying to misrepresent this. All other applications of biometrics boil down to threatening with punishment (we know who you are, behave or else ...) - and then the biometrics ceases to be in the interest of the eyeball holder. Even granting door access to "employees" fits this category. You don't let "any qualified mathematician willing to work" to enter the lab - you let in only those that you know where they live, have signed contracts with them, etc. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com From timcmay at got.net Tue Jul 8 15:14:04 2003 From: timcmay at got.net (Tim May) Date: Tue, 8 Jul 2003 15:14:04 -0700 Subject: Idea: The ultimate CD/DVD auditing tool In-Reply-To: Message-ID: <7C91536E-B191-11D7-A65E-000A956B4C74@got.net> On Tuesday, July 8, 2003, at 01:39 PM, Anonymous via the Cypherpunks Tonga Remailer wrote: >>> As an audiophile (Krell+Levinson+Thiel gear at home), I definitely >>> don't >>> want to grab an analog signal. Doing that the signal is sure to >>> retain >>> characteristics of the extracting gear. But the vast majority of P2P >>> kids >>> won't care one iota that their file was analog for half a second. >>> >>> -TD >>> >> I'll ditto that - my brother is an extremist audiophile - he writes >> reviews for the high-end stuff (google "Mike Trei"). Many (by >> no means all) top end audophiles prefer all-analog equipment, >> and direct-cut vinyl records (ie, the master disk was cut directly >> at the performance, without a magtape master). I've listened to >> some of this stuff, and it just blows digital away. > > What else do you expect, when any audiophile who denies that inaudible > frequencies make the music "warmer" proves himself to be a philistine > with ears of tin? > > Remember, it was the fashion and clothing EXPERTS who were the most > insistent that the emperor's new clothes were absolutely marvelous. > The harshness of a digital bitstream can be softened by operating LED clocks in the same room as the bitstream. The Tice Clock, for example, works by plugging in to any electrical socket in the room where the listener is located...of course, all that matters is that he _sees_ the Tice Clock plugged-in, and remembers that he paid $399 for this piece of wondrous technology, for the effect to work. That the bitstream as measured with a logic analyzer is unchanged with any of these "digital enhancers" is beside the point. Monster Cable, by the way, is doing a nice business selling Extra Special, Oxygen-Free Copper Shielded, Insulated with Rubber Hand-Rolled on the Thighs of Taiwanese Virgins cables for _USB_. Yep, for USB. Never mind that the bitstream either is there or it isn't...some people think they get superior data with special $80 cables. As for hearing heterodyning in 28 KHz and 30 KHz signals, maybe. CD players have brickwall filters to of course block such frequencies. Some analog groove-based systems can have some kind of signal up there at those frequencies, but not much. Very, very few microphones are rated at 22-25 KHz, so I have to wonder just where this signal is coming from. If not coming from actual musical instruments, and detected by the microphones, why bother? Sure, we may as well push the CD spec up to 24 KHz or so. That will probably even satisfy Neil Young. --Tim May From ptrei at rsasecurity.com Tue Jul 8 12:52:54 2003 From: ptrei at rsasecurity.com (Trei, Peter) Date: Tue, 8 Jul 2003 15:52:54 -0400 Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: > Billy[SMTP:billy at dadadada.net] > > > On Tue, Jul 08, 2003 at 01:26:46PM -0400, Trei, Peter wrote: > > While the ear can't hear above 22KHz, signal above that *can* > > effect the perceived sound, by heterodyne effects. For example, > > if you play a single tone of 28KHz, or a single tone of 30 KHz, > > you can't hear them. Play them together, however, and you > > *can* hear a beat frequency of 2KHz. > > Bullshit detector buzzing. > Is this *really* true? Have you tried it? > > The beat frequency is an amplitude envelope around the 30kHz tone > (think AM). No part of its spectrum falls within audible range. > It shouldn't be audible at all. > Not personally, but The Net holds all knowledge. People are making real products using this technique. For example.... Here's a neat application - 'audio spotlights'. The directionality of a speaker is a function of the ratio of its diameter to the wavelength of the sound produced - by using an ultrasonic speaker with audible beat frequencies, you can make a small, very directional speaker: http://www.bostonaes.org/archives/2003/Jan/ http://www.acoustics.org/press/133rd/2pea.html Peter Trei From billy at dadadada.net Tue Jul 8 12:58:24 2003 From: billy at dadadada.net (Billy) Date: Tue, 8 Jul 2003 15:58:24 -0400 Subject: Idea: The ultimate CD/DVD auditing tool In-Reply-To: References: Message-ID: <20030708195824.GB13250@mail.dadadada.net> On Tue, Jul 08, 2003 at 03:52:54PM -0400, Trei, Peter wrote: > Billy [SMTP:billy at dadadada.net] wrote: > > Bullshit detector buzzing. > > Is this *really* true? Have you tried it? > > Not personally, but The Net holds all knowledge. >... > http://www.bostonaes.org/archives/2003/Jan/ > http://www.acoustics.org/press/133rd/2pea.html Very interesting.. Thanks! From mv at cdc.gov Tue Jul 8 16:09:24 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 08 Jul 2003 16:09:24 -0700 Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: <3F0B4F24.F0330D53@cdc.gov> At 03:14 PM 7/8/03 -0700, Tim May wrote: >As for hearing heterodyning in 28 KHz and 30 KHz signals, maybe. CD >players have brickwall filters to of course block such frequencies. >Some analog groove-based systems can have some kind of signal up there >at those frequencies, but not much. Regular vinyl is (was) also recorded with all kinds of filters, too, including the lowpass ones. If you cut vinyl (or metal) through a signal chain that didn't impose the filtering, perhaps the ultrasonics would remain, which is perhaps the analogophiles claim. You would need a special vinyl cutter though. Some of the filtering imposed on vinyl was to not fry the cutter, or otherwise deal with its inertia. (BTW, I thought your Monster USB cable was a prank.. its not.. some folks just don't get digital..) From timcmay at got.net Tue Jul 8 16:59:42 2003 From: timcmay at got.net (Tim May) Date: Tue, 8 Jul 2003 16:59:42 -0700 Subject: Idea: The ultimate CD/DVD auditing tool In-Reply-To: <3F0B4F24.F0330D53@cdc.gov> Message-ID: <3E329276-B1A0-11D7-A65E-000A956B4C74@got.net> On Tuesday, July 8, 2003, at 04:09 PM, Major Variola (ret) wrote: > At 03:14 PM 7/8/03 -0700, Tim May wrote: >> As for hearing heterodyning in 28 KHz and 30 KHz signals, maybe. CD >> players have brickwall filters to of course block such frequencies. >> Some analog groove-based systems can have some kind of signal up there >> at those frequencies, but not much. > > Regular vinyl is (was) also recorded with all kinds of filters, too, > including the lowpass ones. > > If you cut vinyl (or metal) through a signal chain that didn't > impose the filtering, perhaps the ultrasonics would remain, > which is perhaps the analogophiles claim. You would need > a special vinyl cutter though. Some of the filtering imposed > on vinyl was to not fry the cutter, or otherwise deal with its inertia. > > (BTW, I thought your Monster USB cable was a prank.. its not.. > some folks just don't get digital..) > Yes, they are real. I perhaps should have inserted a "this is not a joke," but I didn't think to. When I was the judge in the First Internet Witch Trial, one of the examples I used was how believing something doesn't make it so, despite what the believers think (though the psychological effects may be real). An example being some audiophile nonsense, such as the Tice Clock (which is/was also real...some people bought the snake oil about how an LED clock plugged in could "soften the harshness of digital." With the Tice Clock, with the Monster USB cables, one can examine the effects on bit error rates, and even look at timing jitter (a claim some manufacturers of snake oil make). For any of us with a remotely scientific bent, seeing that the bitstream is unchanged, that the bit error rate is unchanged, is pretty convincing evidence that no matter what we _think_ we hear, especially in non-double blind listening tests, there simply _is_ no difference. And yet there are people who claim to hear differences between 5 dollar digital cables and thousand dollar digital cables, even when the bitstreams are identical. (And even if they are not, they are within the capture window of the next digital gadget, and hence are for all intents and purposes absolutely identical.) One might as well sell "Monster Cable Power Cords for PCs," claiming they make the Pentium 4 "perform more accurately." Actually, I'll bet the tweaks are already buying special power cords for their Athlon 2200+ homebrews. Most so-called high end tube amps do in fact sound different, perhaps "better," perhaps not. This is of course because tubes are usually rich in odd-order harmonics. That $4000 Krell tube amp is actually _coloring_ the sound. So much for 20-bit DACs in the signal source: the amp is altering the sound at about the 6th or 8th or whatever most significant bit. Bob Carver and a few others have "emulated the tube sound" so well with DSPs that double-blind tests using audiophiles cannot tell the difference, and where the waveforms look identical. From zenadsl6186 at zen.co.uk Tue Jul 8 10:40:08 2003 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Tue, 08 Jul 2003 18:40:08 +0100 Subject: Idea: The ultimate CD/DVD auditing tool In-Reply-To: Message-ID: Tyler Durden wrote: > As a basic idea it seems relatively workable. However, there's one detail > that perhaps you might want to know about: > > "We can push the idea a step further, making a stripped-down CD/DVD drive > that would be able basically just to follow the spiral track with its head > in constant linear velocity" > > > Unlike a vinyl record, the CD grooves don't form a spiral...they are > concentric circles. Also, the beginning of the CD is towards the center, the > end towards the edge. > > Eh? It's a spiral. The constant linear velocity applies to the scan velocity (1.3 m/s at 1x), not the head velocity, which might cause problems. Also the spiral track/ holes in the centre aren't accurate enough to follow the track without real-time correction, done by some complex optical tricks and feedback loops. However, it should be quite easy to get a signal from somewhere in the CD player (especially from early ones which split the functions between lots of chips), probably best would be from the EFM (eight to fourteen modulation) or frame output. This will include all the interesting subcodes etc., plus sync and C1/C2 parity bytes. That's a fairly clean (it's digital, but with errors) signal at about 2.1 Mb/s at 1x speed, so it shouldn't be hard to capture and analyse in real time :). However, you will still have to do the CIRC decoding. If you are feeling adventurous you could just take a signal from the laser head, and do the timing, EFM, circ etc yourself. That will give you the pits, plus the errors, plus a lot (!) of work. Not recommended really, unlees you need it for some (anti?) copy-protection purpose. As for getting the player to actually follow the track on a protected disc, again the solution is probably to go for an older player and hack about. I used to repair them (a long time ago, when it was worth doing), it should be quite easy (though I'm no expert on CD copy protection). There was a mod involving just putting a few volts on one chip lead on an early Sony model, but I can't remember enough details to find a ref. A curiosity, only tenuously related - I just came across a Feb 1994 copy of Elector magazine, with plans for a S/PDIF copybit eliminator (for SCMS). Seems people have been defeating copy protection for a while.. -- Peter Fairbrother From eresrch at eskimo.com Tue Jul 8 19:15:20 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Tue, 8 Jul 2003 19:15:20 -0700 (PDT) Subject: Idea: The ultimate CD/DVD auditing tool In-Reply-To: Message-ID: On Wed, 9 Jul 2003, Peter Fairbrother wrote: > the nyquist/lindquist/someone-else-who-was-pissed sampling theorems are > based on the possibility of mathematically extracting frequencies from > digital information in a STEADY_STATE situation. > > That doesn't mean that a speaker will properly reproduce those frequencies. Nor does it mean the op amp driving the speakers will follow them either. High speed and power are a hard combination to build. > Consider the dynamics of energy transfer. A digital signal at > near-1/2-sampling frequency will have two datum points. The transitiion > between them will be dramatic! the possibilities of energy transfer will not > be comparable to an analogue sinusoidal waveform. > > And that's why good analogue is better then good digital. It's definitly why you need fast digital. To reproduce 20+ kHz you should use a 200kHz sample rate and have a nice filter stage before the power amp. "good digital" can do more things than good analog because the final output is good analog in both cases. The speaker driver is pure analog by definition. To produce 65kHz (for cats) my present boss prefers a 1 MHz sample rate. The guys who do bats think it's good enough for 200kHz, but my boss won't do bats - much too complex. We've got a 25 bit dac which updates at 1 MHz, but we still need a nice filter and analog output stage for 120 dB clean signals. (I'm only getting 100 dB because it costs too much to really do the best possible.) Clearly a digital system can be built that can create any wave form a speaker can follow, and it's easier to control than an analog system. The human hearing system is capable of noticing phase relations at 100kHz rates. So any sample rate faster than 200kHz is outside the range of human detection. Cats can notice phase shifts in the 200kHz range, and bats are out in the 400kHz range. Biological systems *are* impressive. But digital vs analog is a silly argument, the final stage is analog. Patience, persistence, truth, Dr. mike From netkita at earthlink.net Tue Jul 8 16:34:35 2003 From: netkita at earthlink.net (netkita at earthlink.net) Date: Tue, 8 Jul 2003 19:34:35 -0400 Subject: pegasus Message-ID: <3F0B1CCB.18726.A3649CF@localhost> How do add the name of a person or group to the information folder that holds all my email addresses of persons that I email to on a regular basis . ` D From nobody at cypherpunks.to Tue Jul 8 13:39:11 2003 From: nobody at cypherpunks.to (Anonymous via the Cypherpunks Tonga Remailer) Date: Tue, 8 Jul 2003 22:39:11 +0200 (CEST) Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: > > As an audiophile (Krell+Levinson+Thiel gear at home), I definitely don't > > want to grab an analog signal. Doing that the signal is sure to retain > > characteristics of the extracting gear. But the vast majority of P2P kids > > won't care one iota that their file was analog for half a second. > > > > -TD > > > I'll ditto that - my brother is an extremist audiophile - he writes > reviews for the high-end stuff (google "Mike Trei"). Many (by > no means all) top end audophiles prefer all-analog equipment, > and direct-cut vinyl records (ie, the master disk was cut directly > at the performance, without a magtape master). I've listened to > some of this stuff, and it just blows digital away. What else do you expect, when any audiophile who denies that inaudible frequencies make the music "warmer" proves himself to be a philistine with ears of tin? Remember, it was the fashion and clothing EXPERTS who were the most insistent that the emperor's new clothes were absolutely marvelous. From ravage at einstein.ssz.com Tue Jul 8 20:40:08 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Tue, 8 Jul 2003 22:40:08 -0500 (CDT) Subject: New Quantum Crypto Tested Over 100km, Sets New Record (fwd) Message-ID: http://www.idg.net/ic_1326014_9720_1-5072.html -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From nobody at dizum.com Tue Jul 8 14:40:06 2003 From: nobody at dizum.com (Nomen Nescio) Date: Tue, 8 Jul 2003 23:40:06 +0200 (CEST) Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: <5913323ed6e456730fd10250f6a3edc1@dizum.com> Tyler Durden leaves the fight club and writes: > Do you have a reference? I don't remember reading that SACD was encrypted. > What I DO remember is that the reason there's no standard SACD or DVD-A > digital interface is because the Industry wants that digital interface to be > encrypted. The detailed technical specs are apparently secret, but an overview of the multi-layered SACD copy protection is at http://www.sacd.philips.com/b2b/downloads/content_protection.pdf. If you don't like PDFs, most of the same information is at http://www.disctronics.co.uk/technology/dvdaudio/dvdaud_sacd.htm. Alan Clueless writes: > Furthermore, people have come to expect that they should be able to play > whatever disc shaped media in their computer. At some point there will > need to be a software based player. Both of the documents above specifically deny that software based players will be allowed. I get the impression that the decryption will always be done in hardware, and if a PC is ever able to play one of these gadgets, it will be a Palladium system or something similar that can be locked down. Steve Shear writes: > If you believe the article "Myths and Misconceptions about Hardware > Hacking," > http://www.cptwg.org/Assets/Presentations/ARDG/ARDGHardware_hack05-28-03.pdf > , recently posted to the Content Protection Technical Working Group, access > to affordable commercial technology for reverse engineering has given > hardware hackers the upper hand. That's mostly about how hardware hackers can use modern chips and custom PC boards without spending more than a few hundred dollars. Fine, but it's a long way from that to being able to pull an algorithm and/or device key out of a chip which has been designed to make that difficult. From zenadsl6186 at zen.co.uk Tue Jul 8 17:24:42 2003 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Wed, 09 Jul 2003 01:24:42 +0100 Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: okay I'm a bit pissed now. actually i'm raging pissed! Wheeee!!! the nyquist/lindquist/someone-else-who-was-pissed sampling theorems are based on the possibility of mathematically extracting frequencies from digital information in a STEADY_STATE situation. That doesn't mean that a speaker will properly reproduce those frequencies. Consider the dynamics of energy transfer. A digital signal at near-1/2-sampling frequency will have two datum points. The transitiion between them will be dramatic! the possibilities of energy transfer will not be comparable to an analogue sinusoidal waveform. And that's why good analogue is better then good digital. Doug Self etc. did some work on ultra-fast analogue systems in the mid 90's, and designed some amps that were and are regarded as pretty good - but afaik he didn't get the theory right. YAAAAHHH!-- Peter Fairbrother From zenadsl6186 at zen.co.uk Tue Jul 8 18:47:40 2003 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Wed, 09 Jul 2003 02:47:40 +0100 Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: I wrote: the nyquist/lindquist/someone-else-who-was-pissed sampling theorems are based on the possibility of mathematically extracting frequencies from digital information in a STEADY_STATE situation. That doesn't mean that a speaker will properly reproduce those frequencies. Consider the dynamics of energy transfer. A digital signal at near-1/2-sampling frequency will have two datum points. The transitiion between them will be dramatic! the possibilities of energy transfer will not be comparable to an analogue sinusoidal waveform. .... and i missed a bit or two. Consider the entropic uncertainty of a signal that has two-and-a-bit datums, against a sine wave. Start from zero, and go to such a waveform. Is it a constant-amplitude sine wave at frequency z? or a decaying sine at a frequency (z-at)? There's more, and it's to do with the limits of fourier and sampling theory. Say you have a wave at a frequency of z that's sampled according to nyquist theory. can you distinguish it from a wave of a frequency z - delta z? It can be done, but it takes a while, and a good few samples to do it. And a good analogue system will do it quicker. someone (hopefully not me, i haven't the time just now) can probably apply wavelet theory and get all this from steady-state theory, and tie it up in a nice package. -- Peter Fairbrother From jtrjtrjtr2001 at yahoo.com Wed Jul 9 02:59:59 2003 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Wed, 9 Jul 2003 02:59:59 -0700 (PDT) Subject: [CI] Re: Finding collision resistant hash functions In-Reply-To: <3F0AEAAB.54E31E99@cdc.gov> Message-ID: <20030709095959.36417.qmail@web21202.mail.yahoo.com> hi, >There's nothing gained by > increasing > the input entropy (compressing http://www.itl.nist.gov/fipspubs/fip180-1.htm For t = 0 to 79 do TEMP = (A)<<5 + f(B,C,D) + E + Wt + Kt; E = D; D = C; C = B<<30; B = A; A = TEMP; Thats what I meant by the compression function. I am not trying to increase the input entropy. I was looking for such a compression function such that the chances of collision in the message digest obtained by hashing these 2^80 messages is collision free or very low probability of collision or in other words I dont want the birthday attack to work on it. If i hash 2^80 messages they should be equidistibuted in such a manner that it does not affect the security of the algorithm. --- "Major Variola (ret)" wrote: > At 11:18 PM 7/7/03 -0700, Sarad AV wrote: >A block cipher has the property that any > one bit difference in input will change half the > output > bits on average. thank you. Sarath. __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com From ravage at einstein.ssz.com Wed Jul 9 05:11:51 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 9 Jul 2003 07:11:51 -0500 (CDT) Subject: The Register - We've found the perfect solution to spam (fwd) Message-ID: http://www.theregister.co.uk/content/55/31638.html -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From ravage at einstein.ssz.com Wed Jul 9 05:12:08 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 9 Jul 2003 07:12:08 -0500 (CDT) Subject: News: Wal-Mart cancels 'smart-shelf' trial (fwd) Message-ID: http://zdnet.com.com/2100-1103_2-1023934.html -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From john at kozubik.com Wed Jul 9 07:30:46 2003 From: john at kozubik.com (John Kozubik) Date: Wed, 9 Jul 2003 07:30:46 -0700 (PDT) Subject: Genetic engineering [was: RE: DNA of relative indicts man, cuckol ding ignored] In-Reply-To: Message-ID: <20030709072259.T75326-100000@kozubik.com> On Mon, 7 Jul 2003, Trei, Peter wrote: > Its when we get to 'fixes' to behaviour and personality > that things start to get very hairy. I fear that those in > power will use genetic engineering as they have used > every other tool at their disposal - weapons, states, > laws, and governments - to maintain their position at > the expense of the overall welfare of the species, by > allowing improvements only to their own descendents, > while requiring changes to those out of power which > make it harder for them to change their status. > > One scenario: > > "Mr & Mrs Smith: The No Child Should Fear Act of > 2015 requires that your proposed son have the > 'bullying' gene deleted if he is to attend publicly > funded schools. This is similar to the old requirements > for vaccination - we don't want your son to endanger > other children, do we? I have long believed that the constitution of the United States (through an ammendment) should include protection against involuntary mental tampering. It should, for instance, be a constitutional right for a child not to take their Ritalin, or for an insane man not to take his meds in order to stand trial (a recent court case whose outcome I do not know). Along this line, perhaps a more general anti-tampering ammendment could include protection against the coercion that you describe above. I feel that no parent should be forced to alter their child in any way - before or after the birth. ----- John Kozubik - john at kozubik.com - http://www.kozubik.com From mv at cdc.gov Wed Jul 9 10:23:55 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Wed, 09 Jul 2003 10:23:55 -0700 Subject: MRAM, persistance of memory Message-ID: <3F0C4FAB.FB644298@cdc.gov> The persistance of memory could be a problem if your melting clocks are swarmed by spooky ants. Wired has an article on magetic RAM http://wired.com/news/technology/0,1282,59559,00.html that fails to mention security implications. Obviously nonvolitile RAM presents a different security risk than RAM that forgets when powered off. Will future OSes have provisions to keep certain data out of MRAM banks, if MRAM doesn't completely displace DRAM? I doubt it. And shutting off your virtual memory swapping --useful today because of the gobs of DRAM machines have-- will no longer be useful for security. Not so obviously to the layman is how many times MRAM must be overwritten to keep the TLAs away. (Exactly analogous to scrubbing a disk.) While this is trivial to do for user-space, if the OS keeps copies of sensitive info this might require more than a huge malloc() & overwrites before shutdown. From s.schear at comcast.net Wed Jul 9 10:43:15 2003 From: s.schear at comcast.net (Steve Schear) Date: Wed, 09 Jul 2003 10:43:15 -0700 Subject: Grey-World Message-ID: <5.2.1.1.0.20030709104110.04782420@mail.comcast.net> An excellent site for those interested in tunneling, covert channels, network related steganographic methods developments. http://gray-world.net/ "There is no protection or safety in anticipatory servility." Craig Spencer From ericm at lne.com Wed Jul 9 10:43:33 2003 From: ericm at lne.com (Eric Murray) Date: Wed, 9 Jul 2003 10:43:33 -0700 Subject: MRAM, persistance of memory In-Reply-To: <3F0C4FAB.FB644298@cdc.gov>; from mv@cdc.gov on Wed, Jul 09, 2003 at 10:23:55AM -0700 References: <3F0C4FAB.FB644298@cdc.gov> Message-ID: <20030709104333.A30503@slack.lne.com> On Wed, Jul 09, 2003 at 10:23:55AM -0700, Major Variola (ret.) wrote: > Wired has an article on magetic RAM > http://wired.com/news/technology/0,1282,59559,00.html > that fails to mention security implications. Obviously > nonvolitile RAM presents a different security risk than > RAM that forgets when powered off. Will future OSes > have provisions to keep certain data out of MRAM banks, > if MRAM doesn't completely displace DRAM? > I doubt it. I doubt it as well. DRAM also has power-off memory persistence and nearly everyone in security ignores that as well. But not the spooks : "The FEI-374i-DRS is a data recovery system that captures and preserved digital data, in its original format, directly from the Dynamic Random Access Memory (DRAM) of Digital Telephone Answering Machines (DTAMs) ... The FEI-374i-DRS is an indispensable tool for forensic investigators required to evaluate residual audio and tag information retained in today's DRAM-based DTAMs." http://www.nomadics.com/374idrs.htm Eric From mv at cdc.gov Wed Jul 9 10:59:39 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 09 Jul 2003 10:59:39 -0700 Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: <3F0C580B.6D8BC82@cdc.gov> At 07:15 PM 7/8/03 -0700, Mike Rosing wrote: >To produce 65kHz (for cats) my present boss prefers a 1 MHz sample rate. Do cats buy a lot of audiophile equiptment :8=|| >The human hearing system is capable of noticing phase relations at 100kHz >rates. Actually I thought humans are insensitive to phase relations, modulo inter-aural timing at low frequencies for spatial location. Perhaps that is what you meant? But spatial location isn't the same as the frequency-fetishing audiophiles go for. To do that well you need casts of the outer ear too. You doing owl-type studies on auditory localization? Audio-visual mapping and plasticity? Making the cats wear funky glasses? From mv at cdc.gov Wed Jul 9 11:07:31 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 09 Jul 2003 11:07:31 -0700 Subject: [CI] Re: Finding collision resistant hash functions Message-ID: <3F0C59E3.A0C05263@cdc.gov> At 02:59 AM 7/9/03 -0700, Sarad AV wrote: >hi, >> MV: >>There's nothing gained by >> increasing >> the input entropy (compressing > >I was looking for such a compression function such >that the chances of collision in the message digest >obtained by hashing these 2^80 messages is collision >free or very low probability of collision or in other >words I dont want the birthday attack to work on it. > >If i hash 2^80 messages they should be equidistibuted >in such a manner that it does not affect the security >of the algorithm. Again, unless you know something about the distribution of your input AND their interaction with your chosen hash function, you gain nothing by remapping (compression or otherwise) your input. And again, a good hash function will disperse your input randomly, regardless of its clustering. So pick a crypto-like hash function (which guarantees random dispersion) and use it. You can't do better unless you "cheat" and know your input before you pick a hash function. And picking pathological inputs (to cause collisions) will be hard. e.g., hash=0 while (input) hash = hash ^ DES( input, fixed_key ) return hash The only reason to compress would be to cut down the number of DES operations, useful only if compression is cheaper than DES. From eresrch at eskimo.com Wed Jul 9 11:45:43 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Wed, 9 Jul 2003 11:45:43 -0700 (PDT) Subject: Idea: The ultimate CD/DVD auditing tool In-Reply-To: <3F0C580B.6D8BC82@cdc.gov> Message-ID: On Wed, 9 Jul 2003, Major Variola (ret) wrote: > Do cats buy a lot of audiophile equiptment :8=|| Nope. That's why I have a job (for another couple of months anyway, till the grant runs out.) > Actually I thought humans are insensitive to phase relations, modulo > inter-aural timing at low frequencies for spatial location. Perhaps > that > is what you meant? But spatial location isn't the same as the > frequency-fetishing > audiophiles go for. To do that well you need casts of the outer ear > too. No, if you put 2 clicks out that are 10 usec's apart on right and left, most people can pick out which side came first. 90% of the time anyway. > You doing owl-type studies on auditory localization? Audio-visual > mapping > and plasticity? Making the cats wear funky glasses? Yup. they sew coils into their eyes. For humans they use contacts :-) PETA is definitly a problem :-) Patience, persistence, truth, Dr. mike From mv at cdc.gov Wed Jul 9 13:55:32 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 09 Jul 2003 13:55:32 -0700 Subject: Idea: The ultimate CD/DVD auditing tool (meow) Message-ID: <3F0C8143.4B44F692@cdc.gov> At 11:45 AM 7/9/03 -0700, Mike Rosing wrote: >On Wed, 9 Jul 2003, Major Variola (ret) wrote: >> Actually I thought humans are insensitive to phase relations, modulo >> inter-aural timing at low frequencies for spatial location. Perhaps >> that >> is what you meant? But spatial location isn't the same as the >> frequency-fetishing >> audiophiles go for. To do that well you need casts of the outer ear >> too. > >No, if you put 2 clicks out that are 10 usec's apart on right and >left, most people can pick out which side came first. 90% of the >time anyway. Yes this is for localization ---clicks are broadband, you need to identify which freq components are used. I still think humans can't discriminate the phase of a tone. In fact, MP3s use this to cut bits. >> You doing owl-type studies on auditory localization? Audio-visual >> mapping >> and plasticity? Making the cats wear funky glasses? > >Yup. they sew coils into their eyes. For humans they use contacts :-) >PETA is definitly a problem :-) Gaak. I was thinking prism-glasses maybe bolted on that translate the vis field. Its ok for undergrads so its ok for cats. After the experiments, the cats will be ok, as I assume they're sufficiently plastic, unless you do brain staining on them. :-( Or your policy is the Tim McVeigh treatment. Cool stuff, though my domestic feline wants to know where you live. PS: have you identified the "can opener sound" brain-center yet? ---- Cats manage biometrics and reputation better than most human systems.. From camera_lumina at hotmail.com Wed Jul 9 11:26:18 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 09 Jul 2003 14:26:18 -0400 Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: Tim May wrote... >Most so-called high end tube amps do in fact sound different, perhaps >"better," perhaps not. This is of course because tubes are usually rich in >odd-order harmonics. That $4000 Krell tube amp is actually _coloring_ the >sound. So much for 20-bit DACs in the signal source: the amp is altering >the sound at about the 6th or 8th or whatever most significant bit. A couple of corrections, then the comment. First is that tubes boost the even order harmonics, making the sound much richer and fuller sounding. Also, the Krell is digital, not tube. But your point is correct, but also well-known within audiophile circles. In fact, single-end triode style tube amps (which hit the market about 10 years ago) have really rotten measureables, but they have continued to grow in popularity because of the the allegedly "live/lush" sound. (Another odd thing about them is that they have extremely low output powers--12W, 8W and 6W are common!) Everyone knows they are basically nearly random tone-control gizmos, but no one cares at this point. As for 24/96 (or 24/192), like I said there are real engineering reasons for doing this, but in the end there's not much reason to argue if you haven't heard. Go listen to a standard CD played on an upsampling machine and you will know in no uncertain terms that the sound is considerably better/fuller/realler. (A hint as to why can be seen when you look a square wave reproduced in 16/22 vs 24/96.) As for audiophile voodoo there's a lot out there, but there's a pretty easy way to differentiate voodoo from real (though 'inexplicable') high-end stuff. The voodoo dissappears within a year or two, but the real stuff keeps going. -TD A PS about double-blind: There's been lots of them done, some confirming audiophile expectations some contradicting. Some of the disparity is due to who the blindees are: high-end listening is a skill that is basically self-taught. Some of the high-end tweeks have differences that are not discernable to nonGolden ears (and some tweaks are obviously pure snakeoil). _________________________________________________________________ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail From eresrch at eskimo.com Wed Jul 9 14:32:53 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Wed, 9 Jul 2003 14:32:53 -0700 (PDT) Subject: Idea: The ultimate CD/DVD auditing tool (meow) In-Reply-To: <3F0C8143.4B44F692@cdc.gov> Message-ID: On Wed, 9 Jul 2003, Major Variola (ret) wrote: > Yes this is for localization ---clicks are broadband, you need to > identify which freq components are used. I still think > humans can't discriminate the phase of a tone. In fact, MP3s > use this to cut bits. They can tell relative phase, but it takes a lot of training. > After the experiments, the cats > will be ok, as I assume they're sufficiently > plastic, unless you do brain staining on them. :-( Or your policy is > the > Tim McVeigh treatment. both. They spend a year training the cats, then a year or 2 collecting data, then brain stain, then vaporize. Each cat is worth about $1M when it's all done, and it's got a lot of skull missing while it's alive. But it's well protected with a lot of aluminum and epoxy :-) > Cool stuff, though my domestic feline wants to know where you live. > > PS: have you identified the "can opener sound" brain-center yet? I think you better keep it far away! And no, they don't play with higher order systems. The low level stuff is hard enough!! > Cats manage biometrics and reputation better than most human systems.. :-) Patience, persistence, truth, Dr. mike From camera_lumina at hotmail.com Wed Jul 9 11:35:16 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 09 Jul 2003 14:35:16 -0400 Subject: Idea: The ultimate CD/DVD auditing tool Message-ID: "Actually I thought humans are insensitive to phase relations, modulo inter-aural timing at low frequencies for spatial location. Perhaps that is what you meant? But spatial location isn't the same as the frequency-fetishing audiophiles go for." Au contrare...frequency accuracy vs spatial resolution is the classic Uncertainty principal in high end. A real high-end system present the ear with a truly 3-D soundscape...some instruments are clearly in the foreground, some are clearly in the background, and some are even higher than others. With a good recording, the hall ambience is also there. Put a great live recording on a great high-end sound system and "you are there". -TD >From: "Major Variola (ret)" >To: "cypherpunks at lne.com" >Subject: Re: Idea: The ultimate CD/DVD auditing tool >Date: Wed, 09 Jul 2003 10:59:39 -0700 > >At 07:15 PM 7/8/03 -0700, Mike Rosing wrote: > >To produce 65kHz (for cats) my present boss prefers a 1 MHz sample >rate. > >Do cats buy a lot of audiophile equiptment :8=|| > > >The human hearing system is capable of noticing phase relations at >100kHz > >rates. > >Actually I thought humans are insensitive to phase relations, modulo >inter-aural timing at low frequencies for spatial location. Perhaps >that >is what you meant? But spatial location isn't the same as the >frequency-fetishing >audiophiles go for. To do that well you need casts of the outer ear >too. > >You doing owl-type studies on auditory localization? Audio-visual >mapping >and plasticity? Making the cats wear funky glasses? _________________________________________________________________ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail From decoy at iki.fi Wed Jul 9 05:32:47 2003 From: decoy at iki.fi (Sampo Syreeni) Date: Wed, 9 Jul 2003 15:32:47 +0300 (EEST) Subject: Idea: The ultimate CD/DVD auditing tool In-Reply-To: <3F0B1CA4.2E660C94@cdc.gov> References: <3F0B1CA4.2E660C94@cdc.gov> Message-ID: On 2003-07-08, Major Variola (ret) uttered to cypherpunks at lne.com: >I haven't, but it does ring true. You'd get 2 Khz as well as other >intermodulation products. Provided there's a nonlinearity, effective in the ultrasonic range, somewhere. Mere interference (which is what we usually refer to as "beats") doesn't give rise to intermodulation. The beat, it isn't an audible frequency per se, but double the frequency you'd need to amplitude modulate a sinusoid halfway between the original sinusoids to get an equivalent result. >You've read about the company trying to sell highly localized speakers? >They modulate two intense ultrasound beams, and the air does the >nonlinear mixing where they meet. You can do it with a single beam, too. MIT's Sonic Spotlight is one example, but there are better developed applications on the market. However, you need huge amplitudes to get the air to distort. (I've heard numbers in the 130-150dB range.) >In the audiophile, lower-intensity case, the ears' nonlinearity would do >it. I don't think it would. Before the nonlinearity gets to do its job, the sound needs to be conducted to the inner ear. But it probably won't be -- our ossicles and the tympanic membrane are too massive to operate in that frequency range. So I agree if the amplitudes are extreme, but otherwise I doubt it. -- Sampo Syreeni, aka decoy - mailto:decoy at iki.fi, tel:+358-50-5756111 student/math+cs/helsinki university, http://www.iki.fi/~decoy/front openpgp: 050985C2/025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 From ravage at einstein.ssz.com Wed Jul 9 17:52:08 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 9 Jul 2003 19:52:08 -0500 (CDT) Subject: [9fans] security hole (fwd) Message-ID: ---------- Forwarded message ---------- Date: Wed, 9 Jul 2003 20:07:05 -0400 From: David Presotto To: 9fans at cse.psu.edu Subject: [9fans] security hole I plugged a security hole in Plan 9. It involved the state of a process after it did a newns(). Newns() is used to create a new namespace, usually after a process has changed uid (like when someone attaches to a server: telnet, ssh, ...). Newns opens a file, called a namespace file, that describes the new namespace and then follows the instructions inside (see /lib/namespace). Newns(2) creates a new namespace, but until the process calling newns does a chdir through /, it's local directory is still in the old name space. If the process then navigates the name space using relative commands (chdir(".."), open("../lib/profile")) it is walking the space using the priviledges of the OLD user id. Because of the way namespaces are usually set up, this doesn't normally happen. All the normal namespace files themselves do a chdir to /usr/$user effectively leaving the old namespace before newns returns. However, if either there wasn't such a chdir in the namespace file, i.e., if you've removed it for your installation or /usr/$user (and also /usr/none) doesn't exist then it was possible for a user to log in (for example via telnet or ssh) and end up in a directory like /usr/bootes in which they still had the rights of bootes. Neither situation applied to the labs since we have a /usr/none but one user in Japan (YAMANASHI Takeshi ) discovered it when he created an account with no home dir. I changed newns() to fix the problem. It now always leaves you chdir'd into a directory in the current namespace. It does that by first seeing if the namespace file has already caused a chdir through the root. If not, it effectively does a chdir(getpwd). If that fails, it does a chdir("/"). This is a change in semantics. I haven't found (by inspection) any programs that would be bothered by it but please tell me if you see anything fishy since I'm about to update sources with the change. I've been running our servers here with the change for a few days and all seems well. From camera_lumina at hotmail.com Wed Jul 9 18:03:51 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 09 Jul 2003 21:03:51 -0400 Subject: Idea: The ultimate CD/DVD auditing tool (meow) Message-ID: Somebody wrote... >Yes this is for localization ---clicks are broadband, you need to >identify which freq components are used. I still think >humans can't discriminate the phase of a tone. An interesting thing to try is to play with the "phase" button on many high-end gear. This supposedly matters for low frequencies, but despite my unarguably golden ears, I'm still not convinced I can hear the difference. My Thiel speakers, however, claim to be "phase coherent", and that seems to be an entirely different matter. In other words, the different frequency components of a sound are transmitted in correct phase relationships (ie, true to the original sound), and the result is a (sometimes) astonishing level of spacial detail. Of course, non-audiophiles will poo-poo that claim, but even they will hear that the Thiels are far more accurate than the crap that's sold in Circuit City or whatever. So I figure I may as well believe Jim Thiel's claim that phase coherence is important in a speaker. -TD >From: Mike Rosing >To: "cypherpunks at lne.com" >Subject: Re: Idea: The ultimate CD/DVD auditing tool (meow) >Date: Wed, 9 Jul 2003 14:32:53 -0700 (PDT) > >On Wed, 9 Jul 2003, Major Variola (ret) wrote: > > > Yes this is for localization ---clicks are broadband, you need to > > identify which freq components are used. I still think > > humans can't discriminate the phase of a tone. In fact, MP3s > > use this to cut bits. > >They can tell relative phase, but it takes a lot of training. > > > After the experiments, the cats > > will be ok, as I assume they're sufficiently > > plastic, unless you do brain staining on them. :-( Or your policy is > > the > > Tim McVeigh treatment. > >both. They spend a year training the cats, then a year or 2 collecting >data, then brain stain, then vaporize. Each cat is worth about $1M when >it's all done, and it's got a lot of skull missing while it's alive. >But it's well protected with a lot of aluminum and epoxy :-) > > > Cool stuff, though my domestic feline wants to know where you live. > > > > PS: have you identified the "can opener sound" brain-center yet? > >I think you better keep it far away! And no, they don't play with >higher order systems. The low level stuff is hard enough!! > > > Cats manage biometrics and reputation better than most human systems.. > >:-) > >Patience, persistence, truth, >Dr. mike _________________________________________________________________ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail From netkita at earthlink.net Wed Jul 9 18:56:53 2003 From: netkita at earthlink.net (netkita at earthlink.net) Date: Wed, 9 Jul 2003 21:56:53 -0400 Subject: pegasus Message-ID: <3F0C8FA5.16373.30D50C9@localhost> How do i use my privite and public keyrings to encrypt email. I think that I have the file part and then use as an attatchment ok Thanks From ravage at einstein.ssz.com Wed Jul 9 21:51:47 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 9 Jul 2003 23:51:47 -0500 (CDT) Subject: Idea: The ultimate CD/DVD auditing tool (meow) In-Reply-To: Message-ID: On Wed, 9 Jul 2003, Tyler Durden wrote: > Somebody wrote... > > >Yes this is for localization ---clicks are broadband, you need to > >identify which freq components are used. I still think > >humans can't discriminate the phase of a tone. > > An interesting thing to try is to play with the "phase" button on many > high-end gear. This supposedly matters for low frequencies, but despite my > unarguably golden ears, I'm still not convinced I can hear the difference. Then your ears are not golden, period. A standard test of audio systems in PA's for example is related to 'speaker phase' (ie all the cones move out or in together at the same time). This is tested by putting a click on the line and then standing between pairs of speakers. It is quite easy to tell when the speakers are in phase. The same can be said for music (and no you don't need expensive high end equipment), garble the phase and things like echo become very(!!!) wierd. You just have to have the experience to know what to 'look' for. A very(!) simple test to demonstrate/test your phase sensitivity (using even very low quality equipment) is to connect a speaker between the R and L channels (in essence it is driven by diff between the two channels). This tends to highlight the phase disparity between the two channels significantly enhancing the 'depth' of the music. Put a switch in there and then have a friend enable/disable the speaker without your knowledge. Then indicate what you think is the 'third speaker' setting. If you can't tell nearly 100% of the time then any money on high end equipment is a waste of your budget. This trick (was very popular in the 70's, especially for us Quadraphonic fans) was what eventually led to the sub-woofer we all know and love today (I do wish somebody would do something about those damn rattling cars though). -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From ravage at einstein.ssz.com Wed Jul 9 22:12:36 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 10 Jul 2003 00:12:36 -0500 (CDT) Subject: Idea: The ultimate CD/DVD auditing tool In-Reply-To: Message-ID: On Wed, 9 Jul 2003, Tyler Durden wrote: > Tim May wrote... > > >Most so-called high end tube amps do in fact sound different, perhaps > >"better," perhaps not. This is of course because tubes are usually rich in > >odd-order harmonics. That $4000 Krell tube amp is actually _coloring_ the > >sound. So much for 20-bit DACs in the signal source: the amp is altering > >the sound at about the 6th or 8th or whatever most significant bit. > > A couple of corrections, then the comment. First is that tubes boost the > even order harmonics, making the sound much richer and fuller sounding. Actually it depends on the type of tube, triodes as compared to a pentode for example 'color' a signal in different ways. There are also geometry issues that filter the harmonics in different ways for different types of tubes. So a blanket statement such as 'all tubes boost even order harmonics' is gibberish. Further, to correct Tim's audio bullshit, -EVERYTHING- colors the music. There is -NOTHING- in the pipe from initial performance to end user experience that is 'perfectly flat'. Unless you were there when it was done you'll -never- get close to what actually happened. Changing the speakers will change the music, putting fiberglass in the cabinet changes the music, changing the cables from Copper to Gold makes a audible difference in some cases. Another fine point to make in regard to things like distortion and THD, considering the average performance amp is about 3-5x -higher- in THD (for example) the distinction between audio performance above a certain threashold (that is primarily listener dependent) is a waste (and really a tad dellusional). > Also, the Krell is digital, not tube. Which means it colors it differently is all. YMMV...big surprise. > But your point is correct, but also well-known within audiophile circles. In > fact, single-end triode style tube amps (which hit the market about 10 years > ago) have really rotten measureables, but they have continued to grow in > popularity because of the the allegedly "live/lush" sound. First off single ended Triodes have been around a lot(!) more than 10 years. Secondly the term you want is 'warm' in reference to a tube amp, it's been around since at least the 50's. Using a term like 'live' to describe a sound simply means somebody has never compared (for example) a Fender to a Marshall amp and understood why the same 'live' performance sounds so different (and you can use the same speaker stack for either head). > As for 24/96 (or 24/192), like I said there are real engineering reasons for > doing this, but in the end there's not much reason to argue if you haven't > heard. Go listen to a standard CD played on an upsampling machine and you > will know in no uncertain terms that the sound is considerably > better/fuller/realler. (A hint as to why can be seen when you look a square > wave reproduced in 16/22 vs 24/96.) You mean the wave is actually more 'square' because the higher sampling rate better matches the original signal?....Duh. > As for audiophile voodoo there's a lot out there, but there's a pretty easy > way to differentiate voodoo from real (though 'inexplicable') high-end > stuff. The voodoo dissappears within a year or two, but the real stuff keeps > going. As somebody who has been involved in audio (both listening and performance) for many years (30+) that is simple bullshit. The Voodoo that sells keeps on going, and going, and going,... > A PS about double-blind: There's been lots of them done, some confirming > audiophile expectations some contradicting. Some of the disparity is due to > who the blindees are: high-end listening is a skill that is basically > self-taught. Bullshit, you're born with good ears or your not. There is not a single thing one can do to change that. If you have good ears and train them then you get what you pay for. If you got bad ears, pick another field to work in. > Some of the high-end tweeks have differences that are not > discernable to nonGolden ears (and some tweaks are obviously pure snakeoil). And a -lot- of those golden ear differences are just ego or marketing hype. -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From ravage at einstein.ssz.com Wed Jul 9 22:25:22 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 10 Jul 2003 00:25:22 -0500 (CDT) Subject: Slashdot | Russians Order Mobile Phone Encryption Removed (fwd) Message-ID: http://slashdot.org/articles/03/07/10/0036232.shtml?tid=158&tid=99 -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From ravage at einstein.ssz.com Wed Jul 9 22:25:39 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 10 Jul 2003 00:25:39 -0500 (CDT) Subject: Slashdot | Webcaster Alliance Threatens To Sue RIAA (fwd) Message-ID: http://yro.slashdot.org/yro/03/07/09/2037258.shtml?tid=123&tid=99 -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From mv at cdc.gov Thu Jul 10 04:22:26 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Thu, 10 Jul 2003 04:22:26 -0700 Subject: we jammin, we hope you like jammin too Message-ID: <3F0D4C72.2D277832@cdc.gov> U.S. satellite feeds to Iran jammed http://www.msnbc.com/news/936772.asp?0cv=CB10 (Note that the "difficulty" of finding the jammer is disinfo... the NRO / NSA knows *exactly* where the jammers are, probably the color of their hats. Note that the US fomenting civil war with its agitprop is only mentioned obliquely.) From ravage at einstein.ssz.com Thu Jul 10 05:05:19 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 10 Jul 2003 07:05:19 -0500 (CDT) Subject: The Register - RFID Spy-chippers leak confidential data on the web (fwd) Message-ID: http://www.theregister.co.uk/content/55/31654.html -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From ravage at einstein.ssz.com Thu Jul 10 05:06:02 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 10 Jul 2003 07:06:02 -0500 (CDT) Subject: Dizzy over Lizzie (Metro Times Detroit) - Student finds new method to factor quadratics (fwd) Message-ID: http://www.metrotimes.com/editorial/story.asp?id=5077 -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From ericm at lne.com Thu Jul 10 08:27:03 2003 From: ericm at lne.com (Eric Murray) Date: Thu, 10 Jul 2003 08:27:03 -0700 Subject: MRAM, persistance of memory In-Reply-To: ; from shaddack@ns.arachne.cz on Thu, Jul 10, 2003 at 04:45:58PM +0200 References: <20030709104333.A30503@slack.lne.com> Message-ID: <20030710082703.A6934@slack.lne.com> On Thu, Jul 10, 2003 at 04:45:58PM +0200, Thomas Shaddack wrote: > On Wed, 9 Jul 2003, Eric Murray wrote: > > I doubt it as well. DRAM also has power-off memory persistence > > and nearly everyone in security ignores that as well. > > > > But not the spooks : > > > > "The FEI-374i-DRS is a data recovery system that captures and preserved > > digital data, in its original format, directly from the Dynamic Random > > Access Memory (DRAM) of Digital Telephone Answering Machines (DTAMs) > > .. > > The FEI-374i-DRS is an indispensable tool for forensic investigators > > required to evaluate residual audio and tag information retained in > > today's DRAM-based DTAMs." > > > > http://www.nomadics.com/374idrs.htm > > The system doesn't seem to be able to recover data from powered-off DRAM. [..] It's still interesting. > It is impossible to get access to the voltage on the DRAM cell capacitors > (at least if the chip is in its case and we can access only its pins). We > can only see if it is in the range for H or L. And after a power-down (or > even a sufficiently long period without a refresh of the given cell) the > cell capacitor loses voltage steadily, reaching the level of L (or maybe > H?) within at most couple seconds. I would not bet on that for sensitive data. See Peter Gutmans and Ross Anderson's papers on RAM memory remanance. Eric From mv at cdc.gov Thu Jul 10 09:19:00 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 10 Jul 2003 09:19:00 -0700 Subject: MRAM, persistance of memory Message-ID: <3F0D91F4.375E6977@cdc.gov> At 04:45 PM 7/10/03 +0200, Thomas Shaddack wrote: >run stripped-down Linux? Maybe something based on ARM or MIPS >architecture?) I'm familiar with 100 Mhz 32b MIPS cores that cost about $10 and include 2 ethernet i/faces. Intended for cheap SOHO routers, etc. Newer variants include IPsec support (e.g., a DES engine) for the same price. They'll run Linux. ARM's advantage is in power consumption, AFAIK, which doesn't always matter. I can see other reasons for hacking an answering machine ---encrypting stored messages, implementing/augmenting your own DTMF decision tree, allowing some to leave longer messages than others, even machines that call another number to forward. (I once worked on a commercial system that implemented a POTS i/f as boards in a Wintel machine, its (perhaps now extinct) niche was cheapening international phone calls.) Cheapo fax/soundcards are able to do ring detection, pick up, etc. Probably a fun project, the POTS i/f won't go away soon. From camera_lumina at hotmail.com Thu Jul 10 06:23:26 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 10 Jul 2003 09:23:26 -0400 Subject: Idea: The ultimate CD/DVD auditing tool (meow) Message-ID: "Then your ears are not golden, period." Harumph! But you misunderstand what the phase button does. If the speakers are wired out of phase anybody can hear that. Actually, it's a quite interesting thing to hear...nothing is really localizable. But the phase button inverts the absolute phase of the signal coming out of both speakers. In other words, with a bass drum hit do the speaker cones move outward at the initial strike or inward (as they are not supposed to). Supposedly this difference can be heard, but my speakers start rolling off below 100Hz, so I suspect that's why I have a very hard time discerning the absolute phase difference when I hit the button. -TD >From: Jim Choate >To: >Subject: Re: Idea: The ultimate CD/DVD auditing tool (meow) >Date: Wed, 9 Jul 2003 23:51:47 -0500 (CDT) > >On Wed, 9 Jul 2003, Tyler Durden wrote: > > > Somebody wrote... > > > > >Yes this is for localization ---clicks are broadband, you need to > > >identify which freq components are used. I still think > > >humans can't discriminate the phase of a tone. > > > > An interesting thing to try is to play with the "phase" button on many > > high-end gear. This supposedly matters for low frequencies, but despite >my > > unarguably golden ears, I'm still not convinced I can hear the >difference. > >Then your ears are not golden, period. > >A standard test of audio systems in PA's for example is related to >'speaker phase' (ie all the cones move out or in together at the same >time). This is tested by putting a click on the line and then standing >between pairs of speakers. It is quite easy to tell when the speakers are >in phase. The same can be said for music (and no you don't need expensive >high end equipment), garble the phase and things like echo become very(!!!) >wierd. You just have to have the experience to know what to 'look' for. > >A very(!) simple test to demonstrate/test your phase sensitivity (using >even very low quality equipment) is to connect a speaker between the R and >L channels (in essence it is driven by diff between the two channels). >This tends to highlight the phase disparity between the two channels >significantly enhancing the 'depth' of the music. Put a switch in there >and then have a friend enable/disable the speaker without your knowledge. >Then indicate what you think is the 'third speaker' setting. If you can't >tell nearly 100% of the time then any money on high end equipment is a >waste of your budget. This trick (was very popular in the 70's, especially >for us Quadraphonic fans) was what eventually led to the sub-woofer we all >know and love today (I do wish somebody would do something about those >damn rattling cars though). > > > -- > ____________________________________________________________________ > > We are all interested in the future for that is where you and I > are going to spend the rest of our lives. > > Criswell, "Plan 9 from Outer Space" > > ravage at ssz.com jchoate at open-forge.org > www.ssz.com www.open-forge.org > -------------------------------------------------------------------- _________________________________________________________________ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail From frantz at pwpconsult.com Thu Jul 10 11:10:58 2003 From: frantz at pwpconsult.com (Bill Frantz) Date: Thu, 10 Jul 2003 11:10:58 -0700 Subject: MRAM, persistence of memory In-Reply-To: <3F0C4FAB.FB644298@cdc.gov> Message-ID: At 10:23 AM -0700 7/9/03, Major Variola (ret.) wrote: >And shutting off your virtual memory swapping >--useful today because of the gobs of DRAM machines have-- >will no longer be useful for security. Encrypted swap is a crypto sweet spot, because it has perhaps the easiest key management of any crypto system. It seems that the BSD systems have it while Linux still thinks it is difficult. See: http://www.openbsd.org/papers/swapencrypt.ps Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | "A Jobless Recovery is | Periwinkle -- Consulting (408)356-8506 | like a Breadless Sand- | 16345 Englewood Ave. frantz at pwpconsult.com | wich." -- Steve Schear | Los Gatos, CA 95032, USA From discord-nobody at erisiandiscord.de Thu Jul 10 04:25:42 2003 From: discord-nobody at erisiandiscord.de (Anonymous) Date: Thu, 10 Jul 2003 13:24:42 +0159 (CEST) Subject: Field improvised knives, FBI FTU, concealable weapons Message-ID: From ravage at einstein.ssz.com Thu Jul 10 14:27:49 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 10 Jul 2003 16:27:49 -0500 (CDT) Subject: Field improvised knives, FBI FTU, concealable weapons In-Reply-To: Message-ID: On Thu, 10 Jul 2003, Anonymous wrote: > 1. The pop-top steel lid on a can e.g., of catfood forms a sharp > edge when removed. (I have a permenant scar on a finger > attesting to this.) If half the disc were grasped in a cloth > it could be more effective than several of the items you list. Negative, bend it in half and get two edges for the price of one. > 2. Similarly, the steel lid on e.g., a tuna can forms a sharp (and > flatter, and slightly more rigid) edge when removed with a can opening > tool. If you have the can opening tool it is a weapon as well, great for making big gaping puncture wounds. > A can opening tool can be very small, e.g., the military-style > can openers, which by itself is not dangerous. Bullshit. A strike to the throat just above the shoulder blade, into the eyes, slash into the fingers or heal, lips/ears, etc. -EVERYTHING- is a weapon. A 'weapon' is nothing more than a STATE OF MIND. It is the intent to do harm. > 3. Even a beverage can, e.g., from a beer purchased in flight, can be > ripped into a sharp edge, although the thinness of the (typically soft > aluminum) metal makes this less effective than the above. The flat circular tops and bottoms are prefered, but a piece of the sidewall is effective just like a small razor blade (hint: fold the piece in half). > 4. The large knitting (crochet) needles which I believe > the TSA admits could be filed into a sharp point, producing > a spike as effective as some you list. As these are typically > aluminum, abrading them into a point would not be difficult. Actually all sizes are good. You can use crochet hooks as well, hurt like hell pulling that baby out. > 5. It is possible that a skilled knife maker could chip a glass > bottle into a knife while in the restroom, producing something > comparable to the obsidian knife you list. The production process > might be noisy however, unlike the above. Chip a bottle into a knife? Doofus, just break the bottle and use the pieces. If you want to be stealthy don't use the kneck/bottom as a handle, use a piece from the side just like a razor (hold betwix thumb and first two fingers). > Comment, which you will no doubt ignore: > Given the facility with which weapons are improvised or concealed, Like a pencil, a rolled up magazine, a plastic credit card (it will cut if wielded in such a manner), a shoe string as a garrot, etc. Your opponents body can be used as a weapon against itself as well (eg strangle somebody with their own arm, or break it and then stab them with the lower bone shard). > it might be a better idea to stop motivating the > actors, as distasteful as that might be to some in power. But that would mean they'd have to treat them as equals, and they can't have that now.... -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From ravage at einstein.ssz.com Thu Jul 10 14:30:15 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 10 Jul 2003 16:30:15 -0500 (CDT) Subject: 'Phantom' game console is really a copyright protection device (fwd) Message-ID: http://newsforge.com/newsforge/03/07/09/2042207.shtml?tid=8 -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From shaddack at ns.arachne.cz Thu Jul 10 07:45:58 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Thu, 10 Jul 2003 16:45:58 +0200 (CEST) Subject: MRAM, persistance of memory In-Reply-To: <20030709104333.A30503@slack.lne.com> Message-ID: On Wed, 9 Jul 2003, Eric Murray wrote: > I doubt it as well. DRAM also has power-off memory persistence > and nearly everyone in security ignores that as well. > > But not the spooks : > > "The FEI-374i-DRS is a data recovery system that captures and preserved > digital data, in its original format, directly from the Dynamic Random > Access Memory (DRAM) of Digital Telephone Answering Machines (DTAMs) > .. > The FEI-374i-DRS is an indispensable tool for forensic investigators > required to evaluate residual audio and tag information retained in > today's DRAM-based DTAMs." > > http://www.nomadics.com/374idrs.htm The system doesn't seem to be able to recover data from powered-off DRAM. The specs say it can recover files that were erased. The DRAM-based DTAMs use the DRAM as a RAM disk. For some reason unknown to us (may be conspiracy with TLA, but Occam's razor says it's mere negligence/laziness) the designers don't overwrite the memory region that pertains to an erased file, only deallocate it, leaving the data there. I suppose the DRAM refresh circuits are backed up with a small battery to cover brief blackouts. It is impossible to get access to the voltage on the DRAM cell capacitors (at least if the chip is in its case and we can access only its pins). We can only see if it is in the range for H or L. And after a power-down (or even a sufficiently long period without a refresh of the given cell) the cell capacitor loses voltage steadily, reaching the level of L (or maybe H?) within at most couple seconds. Seems the device is nothing more than a logic analyzer connected to the DRAM pins. This is a nice illustration of the problem with comercial vendors and closed-architecture devices they peddle. If we'd have access to the firmware of the DTAMs, writing extensions for storing data in (at least somehow) encrypted format and their overwriting after deletion won't be a big problem. Hope the price of embeddable computer "cores" will continue to fall. (Apropos, whats the current cost of the cheapest cores able to run stripped-down Linux? Maybe something based on ARM or MIPS architecture?) From timcmay at got.net Thu Jul 10 17:47:22 2003 From: timcmay at got.net (Tim May) Date: Thu, 10 Jul 2003 17:47:22 -0700 Subject: MRAM, persistance of memory In-Reply-To: <20030710082703.A6934@slack.lne.com> Message-ID: <3B6DC694-B339-11D7-A65E-000A956B4C74@got.net> On Thursday, July 10, 2003, at 08:27 AM, Eric Murray wrote: > On Thu, Jul 10, 2003 at 04:45:58PM +0200, Thomas Shaddack wrote: > >> It is impossible to get access to the voltage on the DRAM cell >> capacitors >> (at least if the chip is in its case and we can access only its >> pins). We >> can only see if it is in the range for H or L. And after a power-down >> (or >> even a sufficiently long period without a refresh of the given cell) >> the >> cell capacitor loses voltage steadily, reaching the level of L (or >> maybe >> H?) within at most couple seconds. > > I would not bet on that for sensitive data. > See Peter Gutmans and Ross Anderson's papers on RAM memory remanance. We were reading remnant state information in DRAMs back in the mid-70s. When a DRAM is powered back up after some period without power there are "remnants" which are not really electrons (which thermalize into the substrate in a matter of microseconds) but which cause "preferential turn-on or turn-off" in the cells, due to shifts in threshold voltage. (This is why irradiation of the DRAMs with gammas can sometimes "freeze" the stored data pattern.) Intel was the inventor of DRAM and we led the market (along with Mostek) for most of the 1970s. We had some really cool tools for seeing the internal states of DRAMs, before, during, and after things we did to the devices. Powering them off and watching the states they came back up in was child's play. This effect, of seeing DRAMs "wake up" in preferred states, is a very subtle effect. And no doubt it varies amongst vendors and even between design and process steppings of the same vendor's part. I would not want to be the forensic data analyst trying to do this, but I expect sometimes they do. The "recover data from voice answering machines" gadget is no doubt much lower tech. Most answering machines are battery-backed (duh), so a forensics expert can keep power maintained and even use the battery-backed store to keep the DRAMs nominally refreshed. But I thought most modern answering machines which don't use tapes are in fact using flash, not DRAMs. Am I wrong on this? Flash is of course an entirely different story. --Tim May From ravage at einstein.ssz.com Fri Jul 11 05:00:10 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Fri, 11 Jul 2003 07:00:10 -0500 (CDT) Subject: ID cards (UK): A highly organised minority (that can be safely ignored) (fwd) Message-ID: http://www.theinquirer.net/?article=10441 -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From ravage at einstein.ssz.com Fri Jul 11 05:05:37 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Fri, 11 Jul 2003 07:05:37 -0500 (CDT) Subject: PCWorld.com - Cybersecurity Laws Expected (fwd) Message-ID: http://www.pcworld.com/news/article/0,aid,111535,00.asp -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From s.schear at comcast.net Fri Jul 11 09:10:45 2003 From: s.schear at comcast.net (Steve Schear) Date: Fri, 11 Jul 2003 09:10:45 -0700 Subject: Software radio article in Guardian Message-ID: <5.2.1.1.0.20030711090915.0466dbb8@mail.comcast.net> GNURadio gets a nice mention. http://www.guardian.co.uk/online/story/0,3605,994679,00.html "There is no protection or safety in anticipatory servility." Craig Spencer From Michael.J.Smith at unisys.com Fri Jul 11 09:44:23 2003 From: Michael.J.Smith at unisys.com (Smith, Michael J.) Date: Fri, 11 Jul 2003 11:44:23 -0500 Subject: Credit Card fraud gets simple Message-ID: Abstract: Credit card theft is now automated via irc bots, even the CVV2. http://www.honeynet.org/papers/profiles/cc-fraud.pdf Cheers --Mike From adam.lydick at verizon.net Fri Jul 11 15:59:58 2003 From: adam.lydick at verizon.net (Adam Lydick) Date: 11 Jul 2003 15:59:58 -0700 Subject: idea: brinworld meets the credit card In-Reply-To: <3F0B1894.9AB25F99@cdc.gov> References: <3F0B1894.9AB25F99@cdc.gov> Message-ID: <1057962421.25636.10.camel@lorien> You might find "facecerts" interesting. http://www.computer.org/proceedings/dcc/1896/18960435.pdf This is more for face-to-face checking, however. For your remote scenario some sort of one-way hash to verify the image might be intersting. It would have to allow for fuzzy matching after hashing (for obvious reasons). I think this just raises the bar a tiny bit though, as an attacker could stalk their victim before stealing their card to get an idea about what appearance to forge. (or capture webcam traffic before lifting the card / identity info) Cheers, Adam Lydick On Tue, 2003-07-08 at 12:16, Major Variola (ret) wrote: > Authentication is "Something you have / know / are." > > A simple plastic credit card + PIN provides the first > two, > including a photo provides the third "something you are". > A face is more often checked than the readily forgable > signature, in live authentication. > > But as cameras become ubiquitous > (e.g., in cell phones) some extra security could be obtained > for *remote* authentication by sending a trusted photo of the > account holder plus a live picture of the card user. > > A picture glued into the card could be forged, but a > smartcard (with more data area than a magstripe) > could include a picture of the account holder, > so a thief has no idea what to look like. But the vendor can > check the encrypted smartcard face to the face on the phone > or webcam. For high-value remote transactions, where you > pay someone to check faces, this might be viable in a few years. > In a few years after that, machines might be able to check faces > more cheaply, as reliably. > > The live face-check with embedded digital photos is already standard > practice > on high-security building-entry cards (and passports?), > with the guard comparing the card-embedded face to the one before him. > Ubiquitous cameras will bring that face-check to remote transactions, > reducing cost due to lower fraud. > > Thoughts? From ravage at einstein.ssz.com Sat Jul 12 05:52:51 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sat, 12 Jul 2003 07:52:51 -0500 (CDT) Subject: A Web Site Causes Unease in Police (fwd) Message-ID: http://www.nytimes.com/2003/07/12/national/12NET.html?ex=1058587200&en=f58b93fbf29e6015&ei=5062&partner=GOOGLE -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From netkita at earthlink.net Sat Jul 12 11:27:24 2003 From: netkita at earthlink.net (netkita at earthlink.net) Date: Sat, 12 Jul 2003 14:27:24 -0400 Subject: defcon kwy signing party Message-ID: <3F101ACC.20649.639FFC1@localhost> Anyone initiating a defcon signing part this year. D From declan at well.com Sat Jul 12 12:09:59 2003 From: declan at well.com (Declan McCullagh) Date: Sat, 12 Jul 2003 15:09:59 -0400 Subject: defcon kwy signing party In-Reply-To: <3F101ACC.20649.639FFC1@localhost>; from netkita@earthlink.net on Sat, Jul 12, 2003 at 02:27:24PM -0400 References: <3F101ACC.20649.639FFC1@localhost> Message-ID: <20030712150958.A7768@cluebot.com> I dunno how many folks on the list are going to Defcon (if previous years that I've been are any indication, not a whole heck of a lot). But if there's a gathering, I'll show up. -Declan On Sat, Jul 12, 2003 at 02:27:24PM -0400, netkita at earthlink.net wrote: > Anyone initiating a defcon signing part this year. > > > D From measl at mfn.org Sat Jul 12 18:49:18 2003 From: measl at mfn.org (J.A. Terranson) Date: Sat, 12 Jul 2003 20:49:18 -0500 (CDT) Subject: Big Brother Gets A Brain Message-ID: Recently, I found myself discussing the British fascination with cameras with an American LEO (local cop on a bunch of state and federal task forces - your basic all around law enforcement officer). I was mildly surprised by his assertion that in the US, every person in any major metropolitan area is caught by a government owned surveillance camera at least three times a day. What *blew me away* was that he maintains that we are all recorded by privately owned cameras many more times than that, and that they actively seek out, as a matter of routine practice, these private cameras for the solving of publicly committed crimes. The below article is even more interesting in this light. -- Yours, J.A. Terranson sysadmin at mfn.org "Every living thing dies alone." Donnie Darko -------------------------------------------------------- http://www.globalsecurity.org/org/news/2003/030715-big-brother01.htm Big Brother Gets A Brain In-Depth Coverage By Noah Shachtman The cameras are already in place. The computer code is being developed at a dozen or more major companies and universities. And the trial runs have already been planned. Everything is set for a new Pentagon program to become perhaps the federal government's widest reaching, most invasive mechanism yet for keeping us all under watch. Not in the far-off, dystopian future. But here, and soon. The military is scheduled to issue contracts for Combat Zones That See, or CTS, as early as September. The first demonstration should take place before next summer, according to a spokesperson. Approach a checkpoint at Fort Belvoir, Virginia, during the test and CTS will spot you. Turn the wheel on this sprawling, 8,656-acre army encampment, and CTS will record your action. Your face and license plate will likely be matched to those on terrorist watch lists. Make a move considered suspicious, and CTS will instantly report you to the authorities. Fort Belvoir is only the beginning for CTS. Its architects at the Pentagon say it will help protect our troops in cities like Baghdad, where for the past few weeks fleeting attackers have been picking off American fighters in ones and twos. But defense experts believe the surveillance effort has a second, more sinister, purpose: to keep entire cities under an omnipresent, unblinking eye. This isn't some science fiction nightmare. Far from it. CTS depends on parts you could get, in a pinch, at Kmart. "There's almost a 100 percent chance that it will work," said Jim Lewis, who heads the Technology and Public Policy Program at the Center for Strategic and International Studies, "because it's just connecting things that already exist." As currently configured, the old-line cameras speckled throughout every major city aren't that much of a privacy concern. Yes, there are lenses everywhere--several thousand just in Manhattan. But they see so much, it's almost impossible for snoops to sift through all the footage and find what's important. CTS would coordinate the cameras, gathering their views in a single information storehouse. The goal, according to a recent Pentagon presentation to defense contractors, is to "track everything that moves." "This gives the U.S. government capabilities Big Brother only pretended to have," said John Pike, director of Globalsecurity.org, a defense think tank. "Before, we said Big Brother's watching. But he really wasn't, because there was too much to watch." CTS could help soldiers spot dangers as they navigate perilous urban areas, Pentagon researchers insist. That's not how defense analysts like Pike see it. The program "seems to have more to do with domestic surveillance than a foreign battlefield," he said, "and more to do with the Department of Homeland Security than the Department of Defense." "Right now, this may be a military program," added Lewis. "But when it gets up and running, there's going to be a huge temptation to apply it to policing at home"--to keep tabs on ordinary citizens, whether or not they've done something wrong. Traditionally, the authorities have collected information only on people who might be connected to a crime. If there was a murder in the East Village, the cops didn't bring in all of St. Mark's Place; they interrogated only the people who might have information about the killer. Even the most extreme abuses of law enforcement power--like J. Edgar Hoover's domestic spying on political activists--homed in on very specific individuals, or groups, that he imagined as threats to the state. He didn't put the whole state under watch. September 11 changed that. Now, the idea is to find out as much as possible about as many people as possible. After all, the logic goes, the country can't afford to sit back and wait to be attacked. Almost anyone could play a part in a terrorist plot. So the government has to keep tabs on almost everyone. CTS, a $12 million, three-year program, is emerging as a potential centerpiece of that initiative. "Before, it was 'let's catch the bad guys and bring them to trial after stuff happens,' " Lewis said. "Now it's 'let's look for patterns and stop [an attack] before it happens.' " That's why Attorney General John Ashcroft pushed for a program to turn a million civilians into citizen-spies, snooping on their neighbors. That's why the USA Patriot Act now allows for wiretaps without warrants. And it's why the Pentagon has begun researching an array of high-tech tools to pry into average people's lives. CTS is the brainchild of DARPA, the Pentagon's Defense Advanced Research Projects Agency. That's the group of minds behind the notoriously invasive Total (sorry, "Terrorism") Information Awareness uber-database. TIA's backers say the project will be carefully targeted, but privacy advocates say it could compile in a single place an unprecedented amount of information about you--your school transcripts, medical records, credit card bills, e-mail, and so much more. "LifeLog," currently in the early planning stage at DARPA, would twist all these bits into narrative "threads," giving officials a chance to watch events develop. Along the way, LifeLog's developers would like to capture the name of every TV show you watch, every magazine you read. Still, watching your data trail just isn't the same as actually watching your physical tail. You can change your e-mail address, and start paying cash. But you can't run away from yourself. And that's the missing piece CTS could provide--an almost instant ability to track, moment by moment, where you are and what you're doing. "Before, there was a reasonable expectation of privacy when you were walking down the street," Lewis said. "Now that's something that will have to be adjusted." That's not all that will change. As everybody who's ever mugged for the camera knows, people act differently when they're being watched. Sometimes, that's not such a bad thing. Web-surfing habits are monitored on the job, so you wait until you're home to download porn. On the street, you can be a little less skittish, knowing your neighbors, your beat cops, your corner store owners are keeping an eye on you. But being watched by a faceless, inaccessible government minder, that's something altogether different. In 1791, the English philosopher Jeremy Bentham proposed a jail, circular in shape. The warden would sit in a dark observation booth in the middle; the prisoners would sit in well-lit, inward-facing cells along the circumference. Under the constant threat of being watched, the jailed would change their behavior, Bentham theorized, bending their activities to the warden's rules. Two centuries later, England has 2.5 million security cameras spread throughout the country, by some estimates. Several cities, like the port town of King's Lynn, are covered by the lenses. "It's exactly what Bentham predicted," said Simon Davies, director of Privacy International, a British civil liberties group. "The kids there are giving up going onto the street. They say it's almost like being in a glass-paneled room, with their parents on the other side. They're forced into smaller and smaller areas so they can be kids in private." Putting people under electronic watch induces a kind of split personality, said Bill Brown, who leads tours of Manhattan's spy cams as part of his duties with the Surveillance Camera Players. The authorities want people to obey the law, to behave rationally. But video surveillance does the exact opposite. It makes people feel--correctly--like they're constantly being watched, like they're paranoid. "And that's not a rational state at all," Brown said. "It's a mental condition." Stalin and Saddam did their best. They tried hard to keep under surveillance as many of their citizens as they could. But these efforts could never succeed completely. There was always a "fundamental barrier--the ratio of watchers to the watched," said John Pike of Globalsecurity.org. "You couldn't have everybody working for the secret police," he continued. "The thing that's so singularly seductive about automatic video surveillance is that it breaks that fundamental barrier down." CTS will keep watch by equipping each camera with a processor, like the one in your computer. The chips will have programmed into them "video understanding algorithms" that can distinguish one car from another. At each checkpoint, the car's speed, time of arrival, color, size, license plate, and shape are all instantly passed on to a central server. If the early tests identifying cars go well, software that recognizes a person's face and style of walk could also be added. By sharing only this refined data--instead of the raw video itself--CTS should keep fragile computer networks from becoming overloaded with hours and hours of meaningless footage. Everybody knows how much of a pain it can be to get a video clip in your e-mail inbox, instead of a simple text message. Now imagine how much worse the problem would get if thousands and thousands of such clips were being sent back and forth, all day, every day. CTS would help government networks avoid that burden, with each camera transmitting a mere 8 kilobits per second, instead of the 200 or so kilobits needed for high-resolution video. CTS would also keep the snoops who stare at the monitors from being overwhelmed. "We have enough cameras, but not enough people to watch the video feeds," said Tom Strat, who's heading up CTS for DARPA's Information Exploitation Office. If all's well, CTS cameras might send back to headquarters only basic data or the occasional low-resolution image. But when there's something fishy going down--like a car speeding away unexpectedly, or a briefcase left in a train station--the images could come sharper, and more quickly. Proto-CTS programs from contractors Northrop Grumman and the Sarnoff Corporation would interrupt the gray monotony of surveillance footage, setting red boxes aflash around the suspect person or object. "It focuses your attention right there," said Bruce De Witte of Northrop. But CTS would do more than change what investigators see. It would also give them a record of everything that happens in a city's public places, potential evidence for prosecutors and terrorist hunters. In its presentation to industry, DARPA said it wanted CTS to be able to find the common threads between a shooting at a bus stop one month and a bombing at a disco the next. In theory, CTS could take an inventory of all of the cars around the bus stop and near the disco immediately before and after the incidents. Then it could examine where those cars went, to see if there were any vehicles in common--or if a car acted as a sort of messenger between two others. The forensic process could be further enhanced by one of DARPA's analysis programs, like LifeLog or Total Information Awareness. After mining license plate numbers from the footage, investigators could identify the car owners. And then dig into the owners' Web-surfing trails, to see if there were any visits to explosive-making sites. And scan e-mail accounts for virulent language. And plumb credit card receipts for big fertilizer purchases. To the uninitiated, storing and sharing all this information might seem like insurmountably complex tasks. And according to Strat, the CTS manager, the ability to network surveillance cameras over a wide area is "not right around the corner." Defense and technology analysts have a different view. "(CTS) is pretty creepy. And the creepiest part about it is that it's not all that sophisticated," said Lee Tien, a senior staff attorney with the privacy-rights proponent Electronic Frontier Foundation. DARPA has mandated that the CTS demonstrations be done only with readily available, "off the shelf" equipment--the kind of stuff you could get at Spyville.com. You could find slightly less diesel versions of the gear at Amazon.com. So getting the cameras will be easy. What may be harder is handing off information--a description of a suspicious vehicle, say--from one camera to the next. These lenses will be separated by hundreds, even thousands, of meters. And "appearances can change dramatically" in those distances, Johns Hopkins University senior research scientist Chris Diehl said. Slight variations in light or in the camera's angle can make a car look very different to a mechanical eye. "If you read the literature, there really isn't a proven method" for solving this problem, he said. Yet this obstacle seems surmountable. In a CTS simulation conducted by software developer Alphatech, a car could be tracked over 10 kilometers with accuracy of 90 percent or better with cameras placed 400 meters apart. The percentage went up, of course, as the cameras moved closer together. CTS is but one of an array of private and public sector programs to sort through the ever expanding amount of surveillance imagery. University of California at San Diego's Computer Vision and Robotics Research lab just received a $600,000 grant from a Defense Department counterterror group for a CTS-like project. At Los Alamos National Laboratory, Stephen Brumby is using genetic algorithms--programs that are bred from smaller components of code--to automatically analyze satellite pictures. At the Sarnoff Corporation, a project dubbed Video Flashlight would morph cameras' views into a single three-dimensional model. Using a joystick, a security officer could maneuver through this simulated world as though playing a game of Half Life or Grand Theft Auto. In order for Video Flashlight to work, however, it would have to use stationary cameras. CTS doesn't have that limitation; it's supposed to function with drones and other battlefield sensors. That's one of the reasons Globalsecurity.org's John Pike thinks the program could have a legitimate military function--"to the extent that it is relevant to urban operations, as opposed to the running of a well-oiled police state." Combat in cities "tends to quickly degenerate into small firefights," Pike explained. It's a lot harder to know what's happening in a crowded city than it is in an open desert. Radios cut out quicker; drones and satellites have a harder time peering through the concrete canyons and narrow passageways of urban life. CTS could restore some of that sight, giving U.S. generals a "broader situational awareness." This assumes, of course, that CTS has anything to do with urban combat. If it does, it'd be a surprise to some of the businesses bidding for the CTS contract. "The primary application is for homeland security," said Tom Lento, a spokesman for the Sarnoff Corporation. "The whole theme here is homeland security," added Northrop Grumman's De Witte. Strat disagreed. "DARPA's mission is not to do homeland security," he said. In a presentation to industry, DARPA noted, "CTS technology will be demonstrated only within the observable boundaries of government installations where video surveillance is expressly permitted, and operational deployment areas outside the United States where it is consistent with all local laws." But in an interview, Strat did admit that "there's a chance that some of this technology might work its way" into domestic surveillance programs. In the test at Fort Belvoir this year the aim is to track 90 percent of all of cars within the target area for any given 30-minute period. The paths of 1 million vehicles should be stored and retrievable within three seconds. A year after that, CTS is supposed to move on to testing in an urban combat setting, where it will gather information from 100 mobile sensors, like drone spy planes and "video ropes" containing dozens of tiny cameras. Shortly thereafter, CTS could be keeping tabs on a city near you. "This is coming whether we like it or not," said Jim Lewis, with the Center for Strategic and International Studies. "It's not how do we stop the tidal wave. It's how do we manage it." Copyright 2003, VV Publishing Corporation From cpunk at lne.com Sun Jul 13 20:00:00 2003 From: cpunk at lne.com (cpunk at lne.com) Date: Sun, 13 Jul 2003 20:00:00 -0700 Subject: Cypherpunks List Info Message-ID: <200307140300.h6E3008C030164@gw.lne.com> Cypherpunks Mailing List Information Last updated: Sep 12, 2002 This message is also available at http://www.lne.com/cpunk Instructions on unsubscribing from the list can be found below. 0. Introduction The Cypherpunks mailing list is a mailing list for discussing cryptography and its effect on society. It is not a moderated list (but see exceptions below) and the list operators are not responsible for the list content. Cypherpunks is a distributed mailing list. A subscriber can subscribe to one node of the list and thereby participate on the full list. Each node (called a "Cypherpunks Distributed Remailer", although they are not related to anonymous remailers) exchanges messages with the other nodes in addition to sending messages to its subscribers. A message posted to one node will be received by the list subscribers on the other nodes, and vice-versa. 1. Filtering The various CDRs follow different policies on filtering spam and to a lesser extent on modifying messages that go to/from their subscribers. Filtering is done, on nodes that do it, to reduce the huge amount of spam that the cypherpunks list is subjected to. There are three basic flavors of filtering CDRs: "raw", which send all messages to their subscribers. "cooked" CDRs try to eliminate the spam on that's on the regular list by automatically sending only messages that are from cypherpunks list subscribers (on any CDR) or people who are replying to list messages. Finally there are moderated lists, where a human moderator decides which messages from the raw list to pass on to subscribers. 2. Message Modification Message modification policy indicates what modifications, if any, beyond what is needed to operate the CDR are done (most CDRs add a tracking X-loop header on mail posted to their subscribers to prevent mail loops). Message modification usually happens on mail going in or out to each CDR's subscribers. CDRs should not modify mail that they pass from one CDR to the next, but some of them do, and others undo those modifications. 3. Privacy Privacy policy indicates if the list will allow anyone ("open"), or only list members, or no one ("private") , to retrieve the subscribers list. Note that if you post, being on a "private" list doesn't mean much, since your address is now out there. It's really only useful for keeping spammers from harvesting addresses from the list software. Digest mode indicates that the CDR supports digest mode, which is where the posts are batched up into a few large emails. Nodes that support only digest mode are noted. 4. Anonymous posting Cypherpunks encourages anonymous posting. You can use an anonymous remailer: http://www.andrebacard.com/remail.html http://anon.efga.org/Remailers http://www.gilc.org/speech/anonymous/remailer.html or you can send posts to the list via cpunks_anon at einstein.ssz.com and your mail's headers will be stripped before posting. Note that this doesn't provide complete anonymity since the receiving site will still have log file entries showing the source of the mail (or you have to trust that they delete them). You also will be 'sharing' a reputation with the other entities that post through this alias, and some of them are spammers, so some subscribers will have this alias filtered. 5. Unsubscribing Unsubscribing from the cypherpunks list: Since the list is run from a number of different CDRs, you have to figure out which CDR you are subscribed to. If you don't remember and can't figure it out from the mail headers (hint: the top Received: line should tell you), the easiest way to unsubscribe is to send unsubscribe messages to all the CDRs listed below. How to figure out which CDR you are subscribed to: Get your mail client to show all the headers (Microsoft calls this "internet headers"). Look for the Sender or X-loop headers. The Sender will say something like "Sender: owner-cypherpunks at lne.com". The X-loop line will say something like "X-Loop: cypherpunks at lne.com". Both of these inticate that you are subscribed to the lne.com CDR. If you were subscribed to the algebra CDR, they would have algebra.com in them. Once you have figured out which CDR you're subscribed to, look in the table below to find that CDRs unsubscribe instructions. 6. Lunatics, spammers and nut-cases "I'm subscribed to a filtering CDR yet I still see lots of junk postings". At this writing there are a few sociopaths on the cypherpunks list who are abusing the lists openness by dumping reams of propaganda on the list. The distinction between a spammer and a subscriber is nearly always very clear, but the dictinction between a subscriber who is abusing the list by posting reams of propaganda and a subscriber who is making lots of controversial posts is not clear. Therefore, we tolerate the crap. Subscribers with a low crap tolerance should check out mail filters. Procmail is a good one, although it works on Unix and Unix-like systems only. Eudora also has a capacity for filtering mail, as do many other mail readers. An example procmail recipie is below, you will of course want to make your own decisions on which (ab)users to filter. # mailing lists: # filter all cypherpunks mail into its own cypherspool folder, discarding # mail from loons. All CDRs set their From: line to 'owner-cypherpunks'. # /dev/null is unix for the trash can. :0 * ^From.*owner-cypherpunks at .* { :0: * (^From:.*ravage at ssz\.com.*|\ ^From:.*jchoate at dev.tivoli.com.*|\ ^From:.*mattd at useoz.com|\ ^From:.*proffr11 at bigpond.com|\ ^From:.*jei at cc.hut.fi) /dev/null :0: cypherspool } 7. List of current CDRs All commands are sent in the body of mail unless otherwise noted. --------------------------------------------------------------------------- Algebra: Operator: Subscription: "subscribe cypherpunks" to majordomo at algebra.com Unsubscription: "unsubscribe cypherpunks" to majordomo at algebra.com Help: "help cypherpunks" to majordomo at algebra.com Posting address: cypherpunks at algebra.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- CCC: Operator: drt at un.bewaff.net Subscription: "subscribe [password of your choice]" to cypherpunks-request at koeln.ccc.de Unsubscription: "unsubscribe " to cypherpunks-request at koeln.ccc.de Help: "help" to to cypherpunks-request at koeln.ccc.de Web site: http://koeln.ccc.de/mailman/listinfo/cypherpunks Posting address: cypherpunks at koeln.ccc.de Filtering policy: This specific node drops messages bigger than 32k and every message with more than 17 recipients or just a line containing "subscribe" or "unsubscribe" in the subject. Digest mode: this node is digest-only NNTP: news://koeln.ccc.de/cbone.ml.cypherpunks Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Infonex: Subscription: "subscribe cypherpunks" to majordomo at infonex.com Unsubscription: "unsubscribe cypherpunks" to majordomo at infonex.com Help: "help cypherpunks" to majordomo at infonex.com Posting address: cypherpunks at infonex.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Lne: Subscription: "subscribe cypherpunks" to majordomo at lne.com Unsubscription: "unsubscribe cypherpunks" to majordomo at lne.com Help: "help cypherpunks" to majordomo at lne.com Posting address: cypherpunks at lne.com Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to lne CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. messages are demimed (MIME attachments removed) when posted through lne or received by lne CDR subscribers 2. leading "CDR:" in subject line removed 3. "Reply-to:" removed Privacy policy: private Info: http://www.lne.com/cpunk; "info cypherpunks" to majordomo at lne.com Archive: http://archives.abditum.com/cypherpunks/index.html (thanks to Steve Furlong and Len Sassaman) --------------------------------------------------------------------------- Minder: Subscription: "subscribe cypherpunks" to majordomo at minder.net Unsubscription: "unsubscribe cypherpunks" to majordomo at minder.net Help: "help" to majordomo at minder.net Posting address: cypherpunks at minder.net Filtering policy: raw Message Modification policy: no modification Privacy policy: private Info: send mail to cypherpunks-info at minder.net --------------------------------------------------------------------------- Openpgp: [openpgp seems to have dropped off the end of the world-- it doesn't return anything from sending help queries. Ericm, 8/7/01] Subscription: "subscribe cypherpunks" to listproc at openpgp.net Unsubscription: "unsubscribe cypherpunks" to listproc at openpgp.net Help: "help" to listproc at openpgp.net Posting address: cypherpunks at openpgp.net Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Ssz: Subscription: "subscribe cypherpunks" to majordomo at ssz.com Unsubscription: "unsubscribe cypherpunks" to majordomo at ssz.com Help: "help cypherpunks" to majordomo at ssz.com Posting address: cypherpunks at ssz.com Filtering policy: raw Message Modification policy: Subject line prepended with "CDR:" Reply-to cypherpunks at ssz.com added. Privacy policy: open Info: http://www.ssz.com/cdr/ --------------------------------------------------------------------------- Sunder: Subscription: "subscribe" to sunder at sunder.net Unsubscription: "unsubscribe" to sunder at sunder.net Help: "help" to sunder at sunder.net Posting address: sunder at sunder.net Filtering policy: moderated Message Modification policy: ??? Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- Pro-ns: Subscription: "subscribe cypherpunks" to majordomo at pro-ns.net Unsubscription: "unsubscribe cypherpunks" to majordomo at pro-ns.net Help: "help cypherpunks" to majordomo at pro-ns.net Posting address: cypherpunks at pro-ns.net Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to local CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. leading "CDR:" in subject line removed 2. "Reply-to:" removed Privacy policy: private Info: http://www.pro-ns.net/cpunk From blancw at cnw.com Sun Jul 13 22:01:09 2003 From: blancw at cnw.com (Blanc) Date: Sun, 13 Jul 2003 22:01:09 -0700 Subject: Message from JimBob Message-ID: Jim would like everyone to read this newest version of his lawsuit, at: http://cryptome.org/jdb-v-usa-106.htm Word Perfect version: http://cryptome.org/jdb-v-usa-106.wpd (633KB) .. Blanc From adam at homeport.org Sun Jul 13 19:56:43 2003 From: adam at homeport.org (Adam Shostack) Date: Sun, 13 Jul 2003 22:56:43 -0400 Subject: Credit Card fraud gets simple In-Reply-To: References: Message-ID: <20030714025643.GA33636@lightship.internal.homeport.org> On Fri, Jul 11, 2003 at 11:44:23AM -0500, Smith, Michael J. wrote: | Abstract: Credit card theft is now automated via irc bots, even the CVV2. | | http://www.honeynet.org/papers/profiles/cc-fraud.pdf This is unsuprising. The interesting question is how much of the cost will consumers eat vs merchants? Will 3DSET, where you authenticate to your bank, catch on, or be seen as too annoying? What, if anything, is poised to replace credit cards? Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From shields at msrl.com Mon Jul 14 09:40:57 2003 From: shields at msrl.com (Michael Shields) Date: Mon, 14 Jul 2003 16:40:57 +0000 Subject: MRAM, persistence of memory In-Reply-To: (Bill Frantz's message of "Thu, 10 Jul 2003 11:10:58 -0700") References: Message-ID: <871xwtnjs6.fsf@mulligatwani.msrl.com> In message , Bill Frantz wrote: > Encrypted swap is a crypto sweet spot, because it has perhaps the easiest > key management of any crypto system. It seems that the BSD systems have it > while Linux still thinks it is difficult. It is not yet in the mainline Linux kernel, but implementations are available (e.g. the widely used "cryptoloop"). -- Shields. From mv at cdc.gov Mon Jul 14 20:11:01 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 14 Jul 2003 20:11:01 -0700 Subject: MRAM, persistence of memory Message-ID: <3F1370C5.D255BBC3@cdc.gov> At 01:51 AM 7/15/03 +0300, Sampo Syreeni wrote: >On 2003-07-14, Michael Shields uttered to Bill Frantz: > >>> Encrypted swap is a crypto sweet spot, because it has perhaps the easiest >>> key management of any crypto system. It seems that the BSD systems have it >>> while Linux still thinks it is difficult. >At this stage I think a small question is in order. Is there any Big Red >Button software out there to complement this level of paranoia? > >What I mean is, after you've got everything in your system under >industrial strength crypto, you have exactly one weak spot, that being a >whole lot of people charging through your door when your system is already >running hot and accessible. At that point the only thing that can save you >is a one-touch mechanism to effect a swift (i.e. at most two or three >seconds), dirty, no-matter-what shutdown, with guaranteed loss of key >material. > >Is there open source software out there to effect that sort of thing? Its called the power button. Which is why MRAM is a different security risk. One could design software such that only the least required is decrypted at any one time, which would minimize the risk from persistant memory after you offed the power. There would probably be a serious performance hit in such software, but tradeoffs are what the game is about. From decoy at iki.fi Mon Jul 14 15:51:12 2003 From: decoy at iki.fi (Sampo Syreeni) Date: Tue, 15 Jul 2003 01:51:12 +0300 (EEST) Subject: MRAM, persistence of memory In-Reply-To: <871xwtnjs6.fsf@mulligatwani.msrl.com> References: <871xwtnjs6.fsf@mulligatwani.msrl.com> Message-ID: On 2003-07-14, Michael Shields uttered to Bill Frantz: >> Encrypted swap is a crypto sweet spot, because it has perhaps the easiest >> key management of any crypto system. It seems that the BSD systems have it >> while Linux still thinks it is difficult. > >It is not yet in the mainline Linux kernel, but implementations are >available (e.g. the widely used "cryptoloop"). At this stage I think a small question is in order. Is there any Big Red Button software out there to complement this level of paranoia? What I mean is, after you've got everything in your system under industrial strength crypto, you have exactly one weak spot, that being a whole lot of people charging through your door when your system is already running hot and accessible. At that point the only thing that can save you is a one-touch mechanism to effect a swift (i.e. at most two or three seconds), dirty, no-matter-what shutdown, with guaranteed loss of key material. Is there open source software out there to effect that sort of thing? -- Sampo Syreeni, aka decoy - mailto:decoy at iki.fi, tel:+358-50-5756111 student/math+cs/helsinki university, http://www.iki.fi/~decoy/front openpgp: 050985C2/025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 From ravage at einstein.ssz.com Tue Jul 15 05:23:34 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Tue, 15 Jul 2003 07:23:34 -0500 (CDT) Subject: Slashdot | UCB Researchers Critique DRM, Compulsory Licensing (fwd) Message-ID: http://yro.slashdot.org/yro/03/07/14/2312227.shtml?tid=141&tid=188 -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From mv at cdc.gov Tue Jul 15 09:05:57 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 15 Jul 2003 09:05:57 -0700 Subject: MRAM, persistence of memory Message-ID: <3F142665.5A4FFCB0@cdc.gov> At 09:29 AM 7/15/03 -0400, Sunder wrote: >So, the best way to avoid that situation and not being able to reach the >big red switch, is simply not to attract their attention in the first >place by not following the footsteps of Jim Bell. :) Stego + broadcast is indeed your friend. >A more likely, and far more important, scenario to worry about is the >black bag job whereby a hardware keystroke recorder can get installed >without your knowledge... > >There may be ways to prevent/detect this... Software (open or closed >source) alone won't help very much. Epoxy and other conformal coatings are also your friends. From sunder at sunder.net Tue Jul 15 06:29:21 2003 From: sunder at sunder.net (Sunder) Date: Tue, 15 Jul 2003 09:29:21 -0400 (edt) Subject: MRAM, persistence of memory In-Reply-To: Message-ID: You could get one of those power strips with a power button intented to be operated by foot. Provided you've encrypted everything on your system including all network traffic and swap, pushing the big red switch should do the trick. :) Not exactly an open source solution, but it may well be effective. In all likelyhood the flashbang armored ninjas with automatics, night vision, "get the fuck on the floor and shut the fuck up bitch" entry will happen while you're asleep, so you won't have time to hit the big red button anyway. So, the best way to avoid that situation and not being able to reach the big red switch, is simply not to attract their attention in the first place by not following the footsteps of Jim Bell. :) A more likely, and far more important, scenario to worry about is the black bag job whereby a hardware keystroke recorder can get installed without your knowledge... There may be ways to prevent/detect this... Software (open or closed source) alone won't help very much. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Tue, 15 Jul 2003, Sampo Syreeni wrote: > At this stage I think a small question is in order. Is there any Big Red > Button software out there to complement this level of paranoia? From mv at cdc.gov Tue Jul 15 10:35:39 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Tue, 15 Jul 2003 10:35:39 -0700 Subject: MPAA vs. Net anonymity, AB 1143 Message-ID: <3F143B6B.2A887D68@cdc.gov> Studios Stage Fight Against Internet Bill By Jon Healey, Times Staff Writer The Hollywood studios are fighting a behind-the-scenes battle in Sacramento to derail a bill they say would promote online piracy though the bill has little to do with downloading movies. Actually, the fight may have more to do with who's behind the legislation: the Electronic Frontier Foundation, a civil liberties and technology advocacy group that frequently opposes the studios' anti-piracy initiatives. The measure by Assemblyman Joe Simitian (D-Palo Alto) would help Internet users maintain the anonymity they have in chat rooms and elsewhere on the Internet when sued in state court for something they said or did online. Passed by the Assembly on June 2 and scheduled for a Senate Judiciary Committee hearing today, AB 1143 would require Internet services to notify customers of subpoenas seeking their identities and give customers 30 days to challenge the requests in court. Because it would apply to lawsuits in state courts, the bill wouldn't affect people accused of pirating movies or other copyrighted works online. Copyright cases are heard in federal court. http://www.latimes.com/business/la-fi-mpaa15jul15,1,5900411.story?coll=la-home-todays-times From timcmay at got.net Tue Jul 15 12:08:20 2003 From: timcmay at got.net (Tim May) Date: Tue, 15 Jul 2003 12:08:20 -0700 Subject: Sealing wax In-Reply-To: <3F142665.5A4FFCB0@cdc.gov> Message-ID: On Tuesday, July 15, 2003, at 09:05 AM, Major Variola (ret) wrote: > At 09:29 AM 7/15/03 -0400, Sunder wrote: >> So, the best way to avoid that situation and not being able to reach > the >> big red switch, is simply not to attract their attention in the first >> place by not following the footsteps of Jim Bell. :) > > Stego + broadcast is indeed your friend. > >> A more likely, and far more important, scenario to worry about is the >> black bag job whereby a hardware keystroke recorder can get installed >> without your knowledge... >> >> There may be ways to prevent/detect this... Software (open or closed >> source) alone won't help very much. > > Epoxy and other conformal coatings are also your friends. > Thinking about this brief comment, I assume MV means sealing a PC to make black bag opening more apparent. But this suggest a return to _sealing wax_. Seriously. A dab of sealing wax (available in most stationery stores, save for Staples, Office Depot, OfficeMax, Paper Barn, StaplerWorld, Nothing But Rubber Bands, and other warehouses masquerading as stationery stores) over the side panels and other access points, even over the floppy and CD-ROM ports (carefully!), and a distinctive signet ring or other such seal-making device could be quite easy to use. (As we all know, CIA and other spook agency "flaps and seals" specialists are well-versed in duplicating such seals...but probably only after collecting good information. An FBI black bag job is likely to encounter the sealing wax and seal and be unable to duplicate it. There may be tools now to take a fairly good impression, perhaps with a fast-setting polymer, and then make a convincing duplicate of the seal. All crypto is economics, though, and simple seals probably work against most attackers.) There are other methods: -- keep key material on a USB or PCMCIA flash card dongle. -- wear this around your neck or otherwise make it secure against girlfriends, wives, others who may try to copy it -- use a small handheld PC (like the HP machines) or Palm OS device as the "front-end" for security apps: at the simplest level, use it to store very long keys which don't get typed-in, but instead are cut-and-pasted in a way to bypass the keyboard driver completely. Note: It is common in military crypto for their to be different levels of "security tokens" to increase physical security. Rarely are the keys to the kingdom gotten merely by sitting down and typing stuff into a computer. For one thing, this encourages people to get lazy and write the passwords and keys down on Post-It notes or on pieces of tape stuck to the underside of paperclip holders or other entropically-obvious things. For another thing, it makes remote attacks or keystroke logging much more of an attack mode. Finally, the rigamarole or ritual of having physical tokens on chains around one's neck tends to make the process of security seem more serious, which can cause more care to be taken. (All of this slows down the process. The rigamarole that a shipboard crypto shack will put up with is not the same as what Joe Sixpack will put up, as we all know. RSA-like crypto makes crypto a lot less expensive to deploy, but it's wrong to think it makes it a no-brainer, point-and-click process....except in things like SSL, where it does a specialized job without human involvement.) -- the usual point about having a network with a secure machine locked up very well in a closet or safe (I have a large gun safe, which I usually run a small heating element into to prevent condensing conditions...I have toyed with the idea of putting a small PC running on 25-40 watts, or less, into this gun safe, with only a power cord and Ethernet wire coming out). -- and the usual point about having cameras watching the areas where the PCs and keyboards are located. (Yeah, maybe the black bag types can find and disable the cameras, but then Alice knows something unusual happened. But odds are pretty good they _can't_ find all of the cameras or microphones or sensors, especially in a building with many PCs and wires and other gadgets. They can cut the power, but smart folks have things on battery backups, or self-powered, or on laptops left plugged-in and able to run for 3-4 hours without AC power, etc.) Were I setting up such a system, all sorts of inexpensive ideas suggest themselves. By the way, I recommend the novels of Thomas Perry, especially "Pursuit," "Vanishing Act," and his others in the "Jane Whitefield" series. All four novels of his I have read so far deal centrally with issues of people trying to escape those tracking them, kind of a private version of the Witness Security Program (popularly called "Witness Protection"). The novels are filled with good ideas, and a few glaring misses, about changing identity, avoiding patterns, etc. If there's a weakness in his novels, it's that not enough modern technology is used. I cringe when I see his characters not even using readily-available throwaway cellphones to stay in contact, or not even setting up Hotmail accounts to communicate. (He favors postal dead drops, which in at least one of the novels allows an attacker to find out the home and name of another....a determined opponent, like the government, would know the names and addresses quickly.) Still, his series fits with the kind of security awareness and hypervigilance we often discuss. --Tim May From s.schear at comcast.net Tue Jul 15 14:10:54 2003 From: s.schear at comcast.net (Steve Schear) Date: Tue, 15 Jul 2003 14:10:54 -0700 Subject: Will 'Distributed Cloud' Network Structures Prevent Censorship? Message-ID: <5.2.1.1.0.20030715140857.046b56e8@mail.comcast.net> Bennett Haselton believes that de-centralized information storage and transmission systems - so called 'Distributed Cloud' networks like Peekabooty, FreeNet and Gnutella - will not prevent Internet censorship in the long run. He has written a short essay http://www.peacefire.org/techpapers/distributed-cloud.html pointing out the flaws he perceives in these systems. Ian Clarke, the architect of the FreeNet project, responds here http://slashdot.org/~Sanity/journal/37275, defending Distributed Cloud systems and their abilities to prevent censorship, protect the identities of their users, and shield users from legal liability. steve "There is no protection or safety in anticipatory servility." Craig Spencer From mv at cdc.gov Tue Jul 15 14:42:56 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 15 Jul 2003 14:42:56 -0700 Subject: Sealing wax, funny looking dogtags Message-ID: <3F147560.26A0B7A@cdc.gov> At 12:08 PM 7/15/03 -0700, Tim May wrote: >On Tuesday, July 15, 2003, at 09:05 AM, Major Variola (ret) wrote: >> Epoxy and other conformal coatings are also your friends. >> >Thinking about this brief comment, I assume MV means sealing a PC to >make black bag opening more apparent. Both more apparent and more physically difficult. >But this suggest a return to _sealing wax_. Seriously. :-) Only modern sealing waxes don't melt, adhere extremely well, and make tampering evident. They also mean the Adversary has to spend a lot more time... maybe more than one visit. >(As we all know, CIA and other spook agency "flaps and seals" >specialists are well-versed in duplicating such seals... Yes. but probably >only after collecting good information. An FBI black bag job is likely >to encounter the sealing wax and seal and be unable to duplicate it. You seem to think I thought the epoxy would be used like a seal, with the signet ring and all, visually verified when you sit down. That's too lame, any hobbyist whose good with casting can dupe it. I just meant that if Scarfo had epoxied his keyboard to his chassis properly, (and epoxied the keyboard, etc.) he might still be free (to pick shitty passphrases, it turned out). And some "sealing waxes" such as those used on nuclear weapons and verification devices, are very difficult to duplicate. Given, they require special equipment to read. (Fine reflector particles dispersed in clear epoxies) Or, as has been discussed here before, if Nico did his crypto work on a handheld that stayed with him. (An epoxy-sealed one, of course.) Your suggestions re USB, PCMCIA, etc. are in the same line. Better, because they're smaller. However, I don't know of a card that you can *shower* with, which is frankly what's required. It can't ever leave you. A keychain fob is not good enough. Even a finger ring gets removed sometimes. >(All of this slows down the process. The rigamarole that a shipboard >crypto shack will put up with is not the same as what Joe Sixpack will >put up Yes, but Scarfo's DirOpSec should have been able to convince him that at the hourly rate the Company pays him, he should put up with it :-) He can surf for porn on a different machine. As long as he knows to use different passwords there... >-- the usual point about having a network with a secure machine locked >up very well in a closet or safe (I have a large gun safe, which I >usually run a small heating element into to prevent condensing >conditions...I have toyed with the idea of putting a small PC running >on 25-40 watts, or less, into this gun safe, with only a power cord and >Ethernet wire coming out). I like the dual use of keeping a security-sensitive PC in a gun safe which also keeps the guns dry :-) You could have the door opening silence the PC, too. A nice lead lining will keep the black bag x-ray team (they'll borrow a unit from the bomb squad) from seeing much. >Still, his series fits with the kind of security awareness and >hypervigilance we often discuss. "The ultimate in paranoia is not when everyone is against you but when everything is against you." PKD (and quite apropos here) From sunder at sunder.net Tue Jul 15 14:47:23 2003 From: sunder at sunder.net (Sunder) Date: Tue, 15 Jul 2003 17:47:23 -0400 (edt) Subject: Sealing wax, funny looking dogtags In-Reply-To: <3F147560.26A0B7A@cdc.gov> Message-ID: On Tue, 15 Jul 2003, Major Variola (ret) wrote: > I just meant that if Scarfo had epoxied his keyboard to his chassis > properly, (and epoxied the keyboard, etc.) he might still be free > (to pick shitty passphrases, it turned out). Um, then they would have gone with the hidden pinhole camera somewhere that has a view of the keyboard. > the PC, too. A nice lead lining will keep the black bag x-ray team > (they'll borrow a unit from the bomb squad) from seeing much. Or you make nice layered cutouts so when they do xray the locker they can see interesting things... :) like "fuck off!" :) From shaddack at ns.arachne.cz Tue Jul 15 09:24:02 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Tue, 15 Jul 2003 18:24:02 +0200 (CEST) Subject: MRAM, persistence of memory In-Reply-To: Message-ID: > In all likelyhood the flashbang armored ninjas with automatics, night > vision, "get the fuck on the floor and shut the fuck up bitch" entry will > happen while you're asleep, so you won't have time to hit the big red > button anyway. Take a relay and connect it to a door switch. When they open the door without authorization[1], the power to the machines is switched off. Then the ninjas' with their typical noisy entry will switch off the system themselves, without you having to touch the Red Button. [1] can be an ID button, can be a wireless ID token (advantage: the reader and the whole identification action can be invisible), can be a keypad, can be an arbitrary complex biometric ID, or any combination of the above, for a low-tech approach can be a reed relay under the wallpaper and a magnet touched to the given spot on the wall The system can be easily coupled with a common-grade burglar alarm, further increasing the range of conditions the shutdown can be triggered with. (Optionally with several levels, depending on the tradeoff between the recoverability from a false alarm and the consequences of missing the alarm: power-down, erase of a long key (unlocked by a passphrase) from NVRAM, physical destruction of the disk array once forceful penetration of outer zones (triggering sequentially the previous lower events in reaction) is followed by physical breach of the server room door or walls (or the so often woefully neglected ceiling and floor).) > So, the best way to avoid that situation and not being able to reach the > big red switch, is simply not to attract their attention in the first > place by not following the footsteps of Jim Bell. :) True. But once the adversary becomes totally information-aware, it will be rather difficult to not attract attention. > A more likely, and far more important, scenario to worry about is the > black bag job whereby a hardware keystroke recorder can get installed > without your knowledge... Another reason for employing a security system. > There may be ways to prevent/detect this... Software (open or closed > source) alone won't help very much. May be the crucial part of implementing the security system. Eg, as an embedded system handling signals from webcams, distributed over the building as several nodes (instead of a central one), mimicking the nerve system of insect. From ravage at einstein.ssz.com Tue Jul 15 16:41:33 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Tue, 15 Jul 2003 18:41:33 -0500 (CDT) Subject: Cracking Data Hiding (fwd) Message-ID: Stego taking a hit....??????? http://www.sciencedaily.com/releases/2003/07/030715090813.htm -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From tpublic at tno.org Tue Jul 15 18:48:56 2003 From: tpublic at tno.org (John Q. Public) Date: Tue, 15 Jul 2003 18:48:56 -0700 (PDT) Subject: [AntiSocial] Re: CRYPTO-GRAM, July 15, 2003 In-Reply-To: Message-ID: On Tue, 15 Jul 2003, J.A. Terranson wrote: | On Tue, 15 Jul 2003, Bruce Schneier wrote: | | > [This is the strangest piece of mail I have ever received, by several | > orders of magnitude. I reprint it here solely for entertainment purposes.] Would someone please refill Carolyn Meinel's prescriptions? From measl at mfn.org Tue Jul 15 18:28:16 2003 From: measl at mfn.org (J.A. Terranson) Date: Tue, 15 Jul 2003 20:28:16 -0500 (CDT) Subject: CRYPTO-GRAM, July 15, 2003 In-Reply-To: <4.2.2.20030715060643.01f6ff00@127.0.0.1> Message-ID: On Tue, 15 Jul 2003, Bruce Schneier wrote: > [This is the strangest piece of mail I have ever received, by several > orders of magnitude. I reprint it here solely for entertainment purposes.] > ... It might be a hoax, > but the writing seems too authentic. It's hard to fake delusional > paranoia that well.] And you find the sharing of this woman's problems has legitimate "Entertainment" value? She is not the *only* disturbed person represented by your email. -- Yours, J.A. Terranson sysadmin at mfn.org "Every living thing dies alone." Donnie Darko From shaddack at ns.arachne.cz Tue Jul 15 11:58:05 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Tue, 15 Jul 2003 20:58:05 +0200 (CEST) Subject: MRAM, persistence of memory In-Reply-To: Message-ID: On Tue, 15 Jul 2003, Sampo Syreeni wrote: > There are plenty of examples like printer buffers, They shall be on encrypted partition, if possible by a session key (as they are temporary files which we won't need after next powerup), which gets lost after powerdown. > random pools, Why not initialize them after each powerup with fresh data from a hardware generator? > already keyed smartcards, ...whose status gets lost with powerdown, > anything you're currently showing on-screen (I wouldn't be surprised if > that could be read after sustained powerdown), An issue (though I don't know how serious) with CRTs, where there could be detectable residual charge, but with a bit of luck that could get undetectable in just couple seconds in normal room temperatures. > any battery backed memory, IMPORTANT issue. But as NVRAM is a kind of permanent storage, nothing unencrypted shall touch it anyway. > off-the-shelf peripherals which do not admit crypto, If we consider them plaintext, it doesn't matter here if they contain crypto or not. > and so on. Probably > we'd also want to make the machine as dead as possible, shutting down any > remote power-on features, Why? The adversary can power up the machine once he gets physical access, anyway. By then, though, he shouldn't get anything more than a machine with data with either missing session key (and hence unrecoverable) or encrypted data missing the key that has to be supplied by the user to complete the power-up. > network connections (otherwise retries might go > on for a fair while), ...which is no harm, as the data should be encrypted and without the key, lost to the powerdown, they won't reveal anything than that there was some connection in progress. Which is something the adversary most likely knows anyway; before physical intrusions, passive surveillance usually takes place. Keyword: Carnivore. > open phone lines, ...hung up by power loss to the modems... > whathaveyou. Everything must lose critical inner state with the powerdown. Everything that carries plaintext data has to be power-dependent. > That's why we might need software, and not just the power switch. That's why we need the software designed to cope with the possibility of unpredictable power-down. There should be no dependability on proper function of software at the moment of the power-down itself, as we need to keep the system as reliable (and as simple) as possible. Remember that years in jail, and possibly even lives, are in stake. The software could be able to communicate with the hardware though, issuing "locks" to prevent power-down in the middle of a critical operation (eg, writing to disk) and delay it a little. The locks should be issued for maximum time of some few 100s milliseconds, expiring in hardware if not cancelled from the software. There should be a period of allowed shutdown every period (100s msec?) even in the worst possible combination of issued locks. This should prevent damage to data during an emergency shutdown event while not compromising the security due to software bug (eg, forgotten unlock). The delay time has to be determined to the worst possible combination of events, to not allow the best-trained best-equipped adversary to prevent the machine from shutting down in that time. > I can also imagine situations where we'd want to be able to perform > manual shutdowns remotely. That's the simple part. Just take the output of the computer (or an external device, eg. a cellphone, a radio receiver, anything suitable) and use it as one of the event inputs of the power-down system. You raise the event (tell the computer over SSH, send a SMS, broadcast a tone...), the computer shuts down. From decoy at iki.fi Tue Jul 15 11:33:50 2003 From: decoy at iki.fi (Sampo Syreeni) Date: Tue, 15 Jul 2003 21:33:50 +0300 (EEST) Subject: MRAM, persistence of memory In-Reply-To: References: Message-ID: On 2003-07-15, Thomas Shaddack uttered: >Take a relay and connect it to a door switch. Precisely. It's not just about manual shutdown, but all surprise shutdowns. Also, I'm afraid of the possibility that simply switching the power off might not do the trick -- we don't care about how dirty the system state will become short of dataloss outside the current working set, but we do need to be sure all crypto and plaintext I/O relevant state is properly purged from memory and peripherals. There are plenty of examples like printer buffers, random pools, already keyed smartcards, anything you're currently showing on-screen (I wouldn't be surprised if that could be read after sustained powerdown), any battery backed memory, off-the-shelf peripherals which do not admit crypto, and so on. Probably we'd also want to make the machine as dead as possible, shutting down any remote power-on features, network connections (otherwise retries might go on for a fair while), open phone lines, whathaveyou. That's why we might need software, and not just the power switch. I can also imagine situations where we'd want to be able to perform manual shutdowns remotely. -- Sampo Syreeni, aka decoy - mailto:decoy at iki.fi, tel:+358-50-5756111 student/math+cs/helsinki university, http://www.iki.fi/~decoy/front openpgp: 050985C2/025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 From s.schear at comcast.net Tue Jul 15 22:00:27 2003 From: s.schear at comcast.net (Steve Schear) Date: Tue, 15 Jul 2003 22:00:27 -0700 Subject: The 3rd Annual Nigerian EMail Conference Message-ID: <5.2.1.1.0.20030715220018.046f5938@mail.comcast.net> http://j-walk.com/other/conf/index.htm "There is no protection or safety in anticipatory servility." Craig Spencer From decoy at iki.fi Tue Jul 15 16:15:01 2003 From: decoy at iki.fi (Sampo Syreeni) Date: Wed, 16 Jul 2003 02:15:01 +0300 (EEST) Subject: Sealing wax, funny looking dogtags In-Reply-To: <3F147560.26A0B7A@cdc.gov> References: <3F147560.26A0B7A@cdc.gov> Message-ID: On 2003-07-15, Major Variola (ret) uttered: >And some "sealing waxes" such as those used on nuclear weapons and >verification devices, are very difficult to duplicate. Given, they >require special equipment to read. Then you replace both seal and reader. I mean, meanwhile the only person capable of discerning anything from anything rots in jail, anyways. -- Sampo Syreeni, aka decoy - mailto:decoy at iki.fi, tel:+358-50-5756111 student/math+cs/helsinki university, http://www.iki.fi/~decoy/front openpgp: 050985C2/025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 From ravage at einstein.ssz.com Wed Jul 16 05:02:31 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 16 Jul 2003 07:02:31 -0500 (CDT) Subject: Senate to Kill Pentagon Surveillance Bill (washingtonpost.com) (fwd) Message-ID: http://www.washingtonpost.com/wp-dyn/articles/A61146-2003Jul15.html -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From ravage at einstein.ssz.com Wed Jul 16 05:03:23 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 16 Jul 2003 07:03:23 -0500 (CDT) Subject: News: DMCA gives blueprint for Chile deal (fwd) Message-ID: http://zdnet.com.com/2100-1105_2-1026116.html -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From roy at rant-central.com Wed Jul 16 05:11:35 2003 From: roy at rant-central.com (Roy M. Silvernail) Date: Wed, 16 Jul 2003 08:11:35 -0400 Subject: The ideal computer for your gun safe Message-ID: <200307160811.35240.roy@rant-central.com> Since it's been mentioned several times, here's a good candidate for your gun safe computer: the CerfCube. http://www.intrinsyc.com/products/cerfcube405EP/ $399. I have an older one that's been running for 2 years and 4 updates. Mine runs Linux, but they do a WinCE version, too. From timcmay at got.net Wed Jul 16 08:49:25 2003 From: timcmay at got.net (Tim May) Date: Wed, 16 Jul 2003 08:49:25 -0700 Subject: Security for Mafiosos and Freedom Fighters Message-ID: <13C1A438-B7A5-11D7-A65E-000A956B4C74@got.net> Several good suggestions in this thread about securing machines and keyboards against FBI black bag jobs and the like. (By the way, the USB flashdrive (a 256 MB FlashHopper) I have on my keychain--my physical keychain!--is probably waterproof. The USB port has a little plastic cover which slides on snugly. Until I eventually misplace it, I am using it. I expect the thing is showerproof, though I don't intend to test it. Water resistance can be tested nondestructively with things like Fluorinert, of course. Also, surfers and kayakers often have O-ring sealed gizmos they wear under their wet suits, coming in different sizes. It would be trivial to find one to hold either a USB flashdrive or a Compact Flash card.) The larger issue is a business/consulting opportunity: The collection of "lore" on resisting bugs and intercepts and bad security measures is not something the average Mafioso or freedom fighter is much interested in learning himself. Just as specialists are used to sweep rooms for bugs, the same should apply to helping Vito Corleone beef up his computer system. --- "Have LAN, will Travel." Security Consultants, Inc. will provide you, your family, and your associates with a computer and communications package which is resistant to FBI or CIA wiretaps, black bag jobs, Van Eyck interception, and remote surveillance. We will evaluate your current system, your needs, and design a system for you. This will included throwaway cellphones, easy to use but robust encryption, steganography, access to offshore accounts, physical security for the computers, digital dead drops, use of untraceable remailers, personal security devices (such as USB flash drives storing sensitive material), and set up of t.v. cameras under your control for monitoring snooping, intrusion, and even dishonest associates and family. Security Consultants does not currently handle weapons issues, but all your other bases are belong to us. --- I mean this somewhat whimsically, but the fact is that this kind of security consulting will become more and more important as even mobsters move into the information age. (When I was developing some of the ideas prior to the formation of Cypherpunks, one of the interesting news items was about how a guy on the run from the Feds was using an early bulletin board system--I think it was GEnie, but it may have been Prodigy--to communicate with his wife in chat rooms.) In a free society, those who provide services like roofing or plumbing or security needs are of course not implicated in the possible crimes or other activities of their customers. A guy who builds a security fence for Don Corleone is not guilty of aiding and abetting. But we have not had a free society for many decades, and it is more than possible that RICO and Espionage statutes would be interpreted by government to say that assisting someone like Aldrich Ames in improving his tradecraft is ipso facto part of a conspiracy. Or the spooks could demand that Security Consultants, Inc. place "special" networks and cameras... Issues of trust and fear. (When the Mob finds out this has been done and snatches one of the children of the company and returns the child as a "turkey," with both arms, both legs, the nose, the ears, and the tongue precisely and surgically removed, others in the industry may realize the dangers of crossing the Mob.) --Tim May, Occupied America "They that give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759. From camera_lumina at hotmail.com Wed Jul 16 06:33:56 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 16 Jul 2003 09:33:56 -0400 Subject: Sealing wax & eKeyboard Message-ID: This reminds me of another thing that occurred to me, but as I'm no computer engineer I can't tell how much of a defense it would be. (At the very least a nice stopgap for a while...) To get around keystroke loggers, it would be nice to have some fom of onscreen keyboard, perhaps available over the web. The keyboard would likely work only with the mouse (making it slow to use, of course), and each time the keyboard appears (and at periodic intervals) the keyboard scrambles its keys. I suspect it would be MUCH harder to figure out what has been typed. -TD >From: Tim May >To: cypherpunks at lne.com >Subject: Sealing wax >Date: Tue, 15 Jul 2003 12:08:20 -0700 > >On Tuesday, July 15, 2003, at 09:05 AM, Major Variola (ret) wrote: > >>At 09:29 AM 7/15/03 -0400, Sunder wrote: >>>So, the best way to avoid that situation and not being able to reach >>the >>>big red switch, is simply not to attract their attention in the first >>>place by not following the footsteps of Jim Bell. :) >> >>Stego + broadcast is indeed your friend. >> >>>A more likely, and far more important, scenario to worry about is the >>>black bag job whereby a hardware keystroke recorder can get installed >>>without your knowledge... >>> >>>There may be ways to prevent/detect this... Software (open or closed >>>source) alone won't help very much. >> >>Epoxy and other conformal coatings are also your friends. >> > >Thinking about this brief comment, I assume MV means sealing a PC to make >black bag opening more apparent. > >But this suggest a return to _sealing wax_. Seriously. > >A dab of sealing wax (available in most stationery stores, save for >Staples, Office Depot, OfficeMax, Paper Barn, StaplerWorld, Nothing But >Rubber Bands, and other warehouses masquerading as stationery stores) over >the side panels and other access points, even over the floppy and CD-ROM >ports (carefully!), and a distinctive signet ring or other such seal-making >device could be quite easy to use. > >(As we all know, CIA and other spook agency "flaps and seals" specialists >are well-versed in duplicating such seals...but probably only after >collecting good information. An FBI black bag job is likely to encounter >the sealing wax and seal and be unable to duplicate it. There may be tools >now to take a fairly good impression, perhaps with a fast-setting polymer, >and then make a convincing duplicate of the seal. All crypto is economics, >though, and simple seals probably work against most attackers.) > >There are other methods: > >-- keep key material on a USB or PCMCIA flash card dongle. > >-- wear this around your neck or otherwise make it secure against >girlfriends, wives, others who may try to copy it > >-- use a small handheld PC (like the HP machines) or Palm OS device as the >"front-end" for security apps: at the simplest level, use it to store very >long keys which don't get typed-in, but instead are cut-and-pasted in a way >to bypass the keyboard driver completely. > >Note: It is common in military crypto for their to be different levels of >"security tokens" to increase physical security. Rarely are the keys to the >kingdom gotten merely by sitting down and typing stuff into a computer. For >one thing, this encourages people to get lazy and write the passwords and >keys down on Post-It notes or on pieces of tape stuck to the underside of >paperclip holders or other entropically-obvious things. For another thing, >it makes remote attacks or keystroke logging much more of an attack mode. >Finally, the rigamarole or ritual of having physical tokens on chains >around one's neck tends to make the process of security seem more serious, >which can cause more care to be taken. > >(All of this slows down the process. The rigamarole that a shipboard crypto >shack will put up with is not the same as what Joe Sixpack will put up, as >we all know. RSA-like crypto makes crypto a lot less expensive to deploy, >but it's wrong to think it makes it a no-brainer, point-and-click >process....except in things like SSL, where it does a specialized job >without human involvement.) > >-- the usual point about having a network with a secure machine locked up >very well in a closet or safe (I have a large gun safe, which I usually run >a small heating element into to prevent condensing conditions...I have >toyed with the idea of putting a small PC running on 25-40 watts, or less, >into this gun safe, with only a power cord and Ethernet wire coming out). > >-- and the usual point about having cameras watching the areas where the >PCs and keyboards are located. > >(Yeah, maybe the black bag types can find and disable the cameras, but then >Alice knows something unusual happened. But odds are pretty good they >_can't_ find all of the cameras or microphones or sensors, especially in a >building with many PCs and wires and other gadgets. They can cut the power, >but smart folks have things on battery backups, or self-powered, or on >laptops left plugged-in and able to run for 3-4 hours without AC power, >etc.) > >Were I setting up such a system, all sorts of inexpensive ideas suggest >themselves. > >By the way, I recommend the novels of Thomas Perry, especially "Pursuit," >"Vanishing Act," and his others in the "Jane Whitefield" series. All four >novels of his I have read so far deal centrally with issues of people >trying to escape those tracking them, kind of a private version of the >Witness Security Program (popularly called "Witness Protection"). The >novels are filled with good ideas, and a few glaring misses, about changing >identity, avoiding patterns, etc. > >If there's a weakness in his novels, it's that not enough modern technology >is used. I cringe when I see his characters not even using >readily-available throwaway cellphones to stay in contact, or not even >setting up Hotmail accounts to communicate. (He favors postal dead drops, >which in at least one of the novels allows an attacker to find out the home >and name of another....a determined opponent, like the government, would >know the names and addresses quickly.) > >Still, his series fits with the kind of security awareness and >hypervigilance we often discuss. > > >--Tim May _________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus From timcmay at got.net Wed Jul 16 11:15:30 2003 From: timcmay at got.net (Tim May) Date: Wed, 16 Jul 2003 11:15:30 -0700 Subject: Sealing wax & eKeyboard In-Reply-To: Message-ID: <7BE81E36-B7B9-11D7-A65E-000A956B4C74@got.net> On Wednesday, July 16, 2003, at 10:15 AM, Sunder wrote: > > And TEMPEST monitoring equipment (or again, a hidden pinhole camera > behind > you, or a transmitter hidden in your monitor) won't see what's on your > screen because???? From a purely optical perspective, pinhole cameras have terrible spatial resolution. I doubt a pinhole camera behind a user, probably on a wall 10 feet behind the user, could resolve 12-point type. Resolving a large "virtual keyboard" on a screen would be a lot easier, of course. We've talked many times about using laptops, heads-up displays (like the Sony glasses), and even putting mesh bags over a user and his laptop. Actual Faraday cage rooms are not really needed. All security is economics, so I would think a lot of bang for the buck happens with solving the most pressing problems people have with security: leaving their machines unattended, not using any crypto at all, writing passphrases down on Post-It notes, not checking for audio bugs, etc. --Tim May "We are at war with Oceania. We have always been at war with Oceania." "We are at war with Eurasia. We have always been at war with Eurasia." "We are at war with Iraq. We have always been at war with Iraq. "We are at war with France. We have always been at war with France." From sunder at sunder.net Wed Jul 16 10:15:06 2003 From: sunder at sunder.net (Sunder) Date: Wed, 16 Jul 2003 13:15:06 -0400 (edt) Subject: Sealing wax & eKeyboard In-Reply-To: Message-ID: And TEMPEST monitoring equipment (or again, a hidden pinhole camera behind you, or a transmitter hidden in your monitor) won't see what's on your screen because???? ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Wed, 16 Jul 2003, Tyler Durden wrote: > To get around keystroke loggers, it would be nice to have some fom of > onscreen keyboard, perhaps available over the web. The keyboard would likely > work only with the mouse (making it slow to use, of course), and each time > the keyboard appears (and at periodic intervals) the keyboard scrambles its > keys. From sunder at sunder.net Wed Jul 16 10:23:02 2003 From: sunder at sunder.net (Sunder) Date: Wed, 16 Jul 2003 13:23:02 -0400 (edt) Subject: Sealing wax & eKeyboard In-Reply-To: Message-ID: Geez! You guys have the DUMBEST ideas ever! For fuck's sake, go and RTFA! (For the dumb: READ THE FUCKING ARCHIVES!) Anything displayed on your screen is visible to the guy across the street with a TEMPEST detector unless you work in a Faraday cage. Failing that a hidden pinhole camera, or an RF transmitter attached to your cable -- hell these are available for hobbist use right now: x10.com has small devices that you can use to broadcast video from one room to another. Getting the same done for VGA, XVGA, etc. shouldn't be any harder. Using IR or RF is one of the stupidest things you could possibly do. Think! IR and RF are detectable from a distance! Ok, some IR auth is ok, provided it's in a sealed chamber and no photons leak out. i.e. think of a two cylinders, sealed at the ends where the cables go, where one fits inside the other... sort of like fiber optic cables and connectors. No leaks. Direct contact's obviously fine, so long as your alleged attacker can't tap into it. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Wed, 16 Jul 2003, Thomas Shaddack wrote: > However, this will work around the keyboard loggers, but will cause > development of eg. programs saving the screenshots at the moment of a > mouseclick. (Which is definitely more detectable - by storing bulk amounts > of data - than just a plain keylogger, disadvantaging the adversary > somehow.) Also won't protect against ceiling cams, if they'd have enough > resolution to see the screen clearly enough. > > Couldn't there be some challenge-response device, eg. over IrDA or radio > waves or direct contact (eg, iButton DS1955B or DS1957B), which would be > unlocked by something like a PIN code? How to avoid the leakage of the PIN > and subsequent seizure of the device then? From Freematt357 at aol.com Wed Jul 16 11:21:17 2003 From: Freematt357 at aol.com (Freematt357 at aol.com) Date: Wed, 16 Jul 2003 14:21:17 EDT Subject: Sealing wax & eKeyboard Message-ID: <1ed.d4993a4.2c46f19d@aol.com> Sighb&You know fellows this is why Isser Harel, Mossadbs fabled spy chief was noted for face to face meetings that were prearranged as he didnbt trust electronic communication. He incidentally liked to use public transit to get here and there even while conducting various operations- Like the abduction from Argentina of Adolf Eichmann. Regards, Matt Gaylor- From camera_lumina at hotmail.com Wed Jul 16 11:52:28 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 16 Jul 2003 14:52:28 -0400 Subject: Sealing wax & eKeyboard Message-ID: "Anything displayed on your screen is visible to the guy across the street with a TEMPEST detector unless you work in a Faraday cage. " No, no you have the whole thing wrong. As May recently stated, "crypto is economics". It's one thing for "them" to set up a camera to look at some Arab guy's computer down on Atlantic Ave in Brooklyn. It's an entirely different thing if, by using a virtual keyboard, "they" have to do the same thing for millions of people. (And in case it's not obvious, the cost probably won' be in the hardware but in the installation costs, and the fact that the probability of detection of such efforts is nonzero, thus nullifying their "investment".) If I have a plan to smash a plane into the Empire State building, I'll probably work harder to hide it. If I'm sharing mp3's on Kazaa or whatever and I don't want to have RIAA make an example out of me, that virtual keyboard may be just right. The real danger of crypto and, I'd argue, a virtual keyboard in this case, is that by spending tiny fractions of money we can make it prohibitively costly for "them" to monitor a large number of transactions. Forget unbreakability. Forget Faraday cages (you don't have anything that important to hide anyway). Cheap, easy and scalable is the only way to bumrush this show. -TD >From: Sunder >To: Thomas Shaddack >CC: Tyler Durden , timcmay at got.net, >cypherpunks at minder.net >Subject: Re: Sealing wax & eKeyboard >Date: Wed, 16 Jul 2003 13:23:02 -0400 (edt) > >Geez! You guys have the DUMBEST ideas ever! For fuck's sake, go and >RTFA! (For the dumb: READ THE FUCKING ARCHIVES!) > >Anything displayed on your screen is visible to the guy across the street >with a TEMPEST detector unless you work in a Faraday cage. Failing that a >hidden pinhole camera, or an RF transmitter attached to your cable -- hell >these are available for hobbist use right now: x10.com has small devices >that you can use to broadcast video from one room to another. Getting the >same done for VGA, XVGA, etc. shouldn't be any harder. > >Using IR or RF is one of the stupidest things you could possibly >do. Think! IR and RF are detectable from a distance! > >Ok, some IR auth is ok, provided it's in a sealed chamber and no photons >leak out. i.e. think of a two cylinders, sealed at the ends where the >cables go, where one fits inside the other... sort of like fiber optic >cables and connectors. No leaks. > >Direct contact's obviously fine, so long as your alleged attacker can't >tap into it. > >----------------------Kaos-Keraunos-Kybernetos--------------------------- > + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ > \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ ><--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ > /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ > + v + : The look on Sadam's face - priceless! >--------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ > >On Wed, 16 Jul 2003, Thomas Shaddack wrote: > > > However, this will work around the keyboard loggers, but will cause > > development of eg. programs saving the screenshots at the moment of a > > mouseclick. (Which is definitely more detectable - by storing bulk >amounts > > of data - than just a plain keylogger, disadvantaging the adversary > > somehow.) Also won't protect against ceiling cams, if they'd have enough > > resolution to see the screen clearly enough. > > > > Couldn't there be some challenge-response device, eg. over IrDA or radio > > waves or direct contact (eg, iButton DS1955B or DS1957B), which would be > > unlocked by something like a PIN code? How to avoid the leakage of the >PIN > > and subsequent seizure of the device then? _________________________________________________________________ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail From sunder at sunder.net Wed Jul 16 12:01:22 2003 From: sunder at sunder.net (Sunder) Date: Wed, 16 Jul 2003 15:01:22 -0400 (edt) Subject: Sealing wax & eKeyboard In-Reply-To: Message-ID: On Wed, 16 Jul 2003, Tyler Durden wrote: > "Anything displayed on your screen is visible to the guy across the street > with a TEMPEST detector unless you work in a Faraday cage. " > > No, no you have the whole thing wrong. As May recently stated, "crypto is > economics". Well, ok, it "all depends on your security model" is certainly the 1st factor to consider with how much you're willing to spend on it being a constraint to that. If your threat model is simply to have generic good security incase someone steals your machine, then so long as all your files are encrypted, the theif just gets whatever the hardware is worth at "it fell of a truck" prices, and no more. If your threat model is the fully armed and armorded ninja attack at 3:00am -- which was what I gathered was what Sampo's originally presented question, then you can assume your attacker would have enough resources to pull off a TEMPEST van across the street, etc. So do you want crypto to keep a rogue government out of your fiels, or keep your kid sister from reading your email? etc... An on screen virtual keyboard is much easier to see than a real keyboard even by a shitty pinhole camera. A real keyboard would have to be viewed from above, otherwise, all you can do is infer the keystrokes - which gives you a hint of what they are for a passphrase, but not much else. On screen keyboard can be seen much easier and your mouse pointer gives you away. So it all depends on who "they" is. Either way, if "they" believe you are a nice jucy target, and their chances to net lots of data off your machine are high, they will park the TEMPEST SUV outside your door. Not much question of that... If "they" are watching everyone for patterns and you don't stick out like a sore thumb, there's not much need for any of the above. > Empire State building, I'll probably work harder to hide it. If I'm sharing > mp3's on Kazaa or whatever and I don't want to have RIAA make an example out > of me, that virtual keyboard may be just right. No, virtual keyboard won't save your ass. Your ISP will had it over on a plate along with trimmings (traffic logs, etc.) If you're sharing MP3's on Kazaa, you're easy to find, and logs are proof enough. All the RIAA troll has to do is download one song off your IP, prove it came from your IP, and get the ISP to give them logs, and you're toast. Doesn't matter that your hard drive has since been wiped or encrypted or is unreadable. Using crypto to protect files you have already shared with the public is neurotic as a security measure. > The real danger of crypto and, I'd argue, a virtual keyboard in this case, > is that by spending tiny fractions of money we can make it prohibitively > costly for "them" to monitor a large number of transactions. And if you do and are noticed, "they" will spend that money because you will be an obvious and clear target. If they can get away with "why don't you just show us what you have - what do you have something to hide?" line to cow sheeple into giving them access, in their mind, you'd be the one to make their careers. > Forget > unbreakability. Forget Faraday cages (you don't have anything that important > to hide anyway). Cheap, easy and scalable is the only way to bumrush this > show. Again, what's your threat model, who is your attacker, how much are you willing to spend on it? ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ From frantz at pwpconsult.com Wed Jul 16 15:28:10 2003 From: frantz at pwpconsult.com (Bill Frantz) Date: Wed, 16 Jul 2003 15:28:10 -0700 Subject: Security for Mafiosos and Freedom Fighters In-Reply-To: <13C1A438-B7A5-11D7-A65E-000A956B4C74@got.net> Message-ID: At 8:49 AM -0700 7/16/03, Tim May wrote: >(By the way, the USB flashdrive (a 256 MB FlashHopper) I have on my >keychain--my physical keychain!--is probably waterproof. The USB port >has a little plastic cover which slides on snugly. Until I eventually >misplace it, I am using it. I expect the thing is showerproof, though I >don't intend to test it. Water resistance can be tested >nondestructively with things like Fluorinert, of course. Also, surfers >and kayakers often have O-ring sealed gizmos they wear under their wet >suits, coming in different sizes. It would be trivial to find one to >hold either a USB flashdrive or a Compact Flash card.) Ever since I heard that manufacturers were cleaning assembled boards with soap and water I have wondered just how much you need to protect electronic circuits from water. You obviously don't want to allow them to stay damp so they corrode, but immersion for a time (up to weeks) followed by a fresh water rinse and drying might not be so bad. Do any hardware experts have an opinion? Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | "A Jobless Recovery is | Periwinkle -- Consulting (408)356-8506 | like a Breadless Sand- | 16345 Englewood Ave. frantz at pwpconsult.com | wich." -- Steve Schear | Los Gatos, CA 95032, USA From Vincent.Penquerch at artworks.co.uk Wed Jul 16 08:05:36 2003 From: Vincent.Penquerch at artworks.co.uk (Vincent Penquerc'h) Date: Wed, 16 Jul 2003 16:05:36 +0100 Subject: Sealing wax & eKeyboard Message-ID: > To get around keystroke loggers, it would be nice to have some fom of > onscreen keyboard, perhaps available over the web. The > keyboard would likely > work only with the mouse (making it slow to use, of course), > and each time > the keyboard appears (and at periodic intervals) the keyboard > scrambles its > keys. The aptly named Tinfoil Hat Linux does this for GPG passphrase input :) -- Vincent Penquerc'h From timcmay at got.net Wed Jul 16 16:20:26 2003 From: timcmay at got.net (Tim May) Date: Wed, 16 Jul 2003 16:20:26 -0700 Subject: Water in chips In-Reply-To: Message-ID: <14F99A32-B7E4-11D7-A65E-000A956B4C74@got.net> On Wednesday, July 16, 2003, at 03:28 PM, Bill Frantz wrote: > At 8:49 AM -0700 7/16/03, Tim May wrote: >> (By the way, the USB flashdrive (a 256 MB FlashHopper) I have on my >> keychain--my physical keychain!--is probably waterproof. The USB port >> has a little plastic cover which slides on snugly. Until I eventually >> misplace it, I am using it. I expect the thing is showerproof, though >> I >> don't intend to test it. Water resistance can be tested >> nondestructively with things like Fluorinert, of course. Also, surfers >> and kayakers often have O-ring sealed gizmos they wear under their wet >> suits, coming in different sizes. It would be trivial to find one to >> hold either a USB flashdrive or a Compact Flash card.) > > Ever since I heard that manufacturers were cleaning assembled boards > with > soap and water I have wondered just how much you need to protect > electronic > circuits from water. You obviously don't want to allow them to stay > damp > so they corrode, but immersion for a time (up to weeks) followed by a > fresh > water rinse and drying might not be so bad. Do any hardware experts > have > an opinion? DI water (deionized water) is used at various stages to rinse boards, wafers, plated devices, etc. Soap and water is often used for cleaning bare PCBs, but this is long before the chips go in. After wave soldering (PCBs fed on conveyer belt above hot solder bath, soldering the devices to the board in one continuous process) the flux and dross and gunk is washed off with special soaps (e.g., high acid content soaps) and water. But the water is certainly not left on the boards, not left to dry and cause spotting, etc. Alcohol and other rinses are used. We used to use vapor degreasers a lot, and TCE, before it got restricted. As for the effects of water on packaged chips, they vary. Moisture intrusion usually comes when a "driving force" exists for some long amount of time, e.g., '85/85" (85 per cent relative humidity, 85 C, for some number of hours or days). External corrosion is also possible. (One of the first things I devised for Intel was dubbed the "water drop test." Still in use, 28 years later.) My point about not wanting to immerse my flash drive is related to why I would no immerse any other piece of electronics unless I had a compelling reason to do so. --Tim May, Occupied America "They that give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759. From mv at cdc.gov Wed Jul 16 16:53:57 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 16 Jul 2003 16:53:57 -0700 Subject: Sealing wax & eKeyboard Message-ID: <3F15E595.84EE20EF@cdc.gov> (resent) At 11:15 AM 7/16/03 -0700, Tim May wrote: >We've talked many times about using laptops, heads-up displays (like >the Sony glasses), and even putting mesh bags over a user and his >laptop. Actual Faraday cage rooms are not really needed. Don't forget the 3M screen-addons which are basically a miniature venetian blinds. They prevent others from reading your screen at off-angles. Very useful if you run your laptop on an airplane. Even if you take private notes at a meeting. From s.schear at comcast.net Wed Jul 16 16:54:11 2003 From: s.schear at comcast.net (Steve Schear) Date: Wed, 16 Jul 2003 16:54:11 -0700 Subject: Funding for TIA All But Dead Message-ID: <5.2.1.1.0.20030716165326.03e4e898@mail.comcast.net> The controversial Terrorism Information Awareness program, which would troll Americans' personal records to find terrorists before they strike, may soon face the same fate Congress meted out to John Ashcroft in his attempt to create a corps of volunteer domestic spies: death by legislation. http://www.wired.com/news/politics/0,1283,59606,00.html "There is no protection or safety in anticipatory servility." Craig Spencer From shaddack at ns.arachne.cz Wed Jul 16 08:27:51 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Wed, 16 Jul 2003 17:27:51 +0200 (CEST) Subject: Sealing wax & eKeyboard In-Reply-To: Message-ID: On Wed, 16 Jul 2003, Tyler Durden wrote: > This reminds me of another thing that occurred to me, but as I'm no computer > engineer I can't tell how much of a defense it would be. (At the very least > a nice stopgap for a while...) > > To get around keystroke loggers, it would be nice to have some fom of > onscreen keyboard, perhaps available over the web. The keyboard would likely > work only with the mouse (making it slow to use, of course), and each time > the keyboard appears (and at periodic intervals) the keyboard scrambles its > keys. Been done. Something like that is included in Tinfoilhat Linux distribution, see http://tinfoilhat.shmoo.com/ Another thing for keyboard-based data input is Sneaky Pete, a Java app http://packetstorm.icx.fr/java/sneaky.tar.gz (from http://packetstorm.icx.fr/java/indexdate.shtml - original project homepage is dead). And I suppose there are more. However, this will work around the keyboard loggers, but will cause development of eg. programs saving the screenshots at the moment of a mouseclick. (Which is definitely more detectable - by storing bulk amounts of data - than just a plain keylogger, disadvantaging the adversary somehow.) Also won't protect against ceiling cams, if they'd have enough resolution to see the screen clearly enough. Couldn't there be some challenge-response device, eg. over IrDA or radio waves or direct contact (eg, iButton DS1955B or DS1957B), which would be unlocked by something like a PIN code? How to avoid the leakage of the PIN and subsequent seizure of the device then? > I suspect it would be MUCH harder to figure out what has been typed. At least for a while, yes. From timcmay at got.net Wed Jul 16 18:51:20 2003 From: timcmay at got.net (Tim May) Date: Wed, 16 Jul 2003 18:51:20 -0700 Subject: Funding for TIA All But Dead In-Reply-To: <5.2.1.1.0.20030716165326.03e4e898@mail.comcast.net> Message-ID: <29F37088-B7F9-11D7-A65E-000A956B4C74@got.net> On Wednesday, July 16, 2003, at 04:54 PM, Steve Schear wrote: > The controversial Terrorism Information Awareness program, which would > troll Americans' personal records to find terrorists before they > strike, may soon face the same fate Congress meted out to John > Ashcroft in his attempt to create a corps of volunteer domestic spies: > death by legislation. > > http://www.wired.com/news/politics/0,1283,59606,00.html > "In other news, the Senate Select Committee on Children's and Workplace Safety met today to consider the Total Safety Awareness Bill. Newly-appointed Commissioner of Child Safety, John Poindexter, declared that TSA will "finally make the streets safe for children." He dismissed any concern that this bill is just a rehashing of the failed Total Information Awareness program." --Tim May "The only purpose for which power can be rightfully exercised over any member of a civilized community, against his will, is to prevent harm to others. His own good, either physical or moral, is not a sufficient warrant." --John Stuart Mill From ravage at einstein.ssz.com Wed Jul 16 16:53:59 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 16 Jul 2003 18:53:59 -0500 (CDT) Subject: Security for Mafiosos and Freedom Fighters In-Reply-To: Message-ID: On Wed, 16 Jul 2003, Bill Frantz wrote: > Ever since I heard that manufacturers were cleaning assembled boards with > soap and water I have wondered just how much you need to protect electronic > circuits from water. You obviously don't want to allow them to stay damp > so they corrode, but immersion for a time (up to weeks) followed by a fresh > water rinse and drying might not be so bad. Do any hardware experts have > an opinion? If you can avoid it, do so. Otherwise I'd suggest that a few hours to a couple days might not be too bad, longer periods are going to be problematic. Especially as depth increases. 33ft is 1atm, I wouldn't trust anything submerged below that period. Saltwater is a killer. However, if you do get water (or Coke, Dr. Pepper, Beer, Margarita's,, Jalapeno dip, etc.) on a board then dry it off. If it's been more than a very quick dip I'd want it to spend 24hrs under a heat lamp (but limit max Temp to 90F). Silica Gell in a closed box w/ the board for 24hrs can also work. Irrespective of how you dry it, your next step is a alcky swab. It's hydrophilic and evaporates with no residue. At that point connect to power, find a monkey to hit the big red switch, and see if the magic smoke comes out... -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From shaddack at ns.arachne.cz Wed Jul 16 11:15:13 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Wed, 16 Jul 2003 20:15:13 +0200 (CEST) Subject: Sealing wax & eKeyboard In-Reply-To: Message-ID: > Geez! You guys have the DUMBEST ideas ever! For fuck's sake, go and > RTFA! (For the dumb: READ THE FUCKING ARCHIVES!) Behold your dogs of war for a moment more, please. :) > Anything displayed on your screen is visible to the guy across the street > with a TEMPEST detector unless you work in a Faraday cage. So far, this is orders of magnitude more expensive than a keylogger. I am not aware there is too high amount of the receiver units in use (nor I suppose they are easy to operate by a non-specialist), so the number of targets being threatened this way is much more limited than if some software or comparably cheap hardware is used. For now, at least. Then there is the shielding... > Failing that a hidden pinhole camera, or an RF transmitter attached to > your cable -- hell these are available for hobbist use right now: > x10.com has small devices that you can use to broadcast video from one > room to another. Getting the same done for VGA, XVGA, etc. shouldn't > be any harder. Specified it as a threat. But this is what physical security is for. Again, this brings the threat of being discovered. Also, a TSCM sweep can reduce the risk. > Using IR or RF is one of the stupidest things you could possibly > do. Think! IR and RF are detectable from a distance! > > Ok, some IR auth is ok, provided it's in a sealed chamber and no photons > leak out. i.e. think of a two cylinders, sealed at the ends where the > cables go, where one fits inside the other... sort of like fiber optic > cables and connectors. No leaks. Use challenge-response. Immune against replay attack. With proper algorithm, reasonably immune against cryptographic attack on intercepted transactions. If it works over the Wild Wild Net, it should work over an IR/RF connection as well. > Direct contact's obviously fine, so long as your alleged attacker can't > tap into it. True. Again, physical security / tamperproofness issue. From camera_lumina at hotmail.com Wed Jul 16 18:38:22 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 16 Jul 2003 21:38:22 -0400 Subject: Sealing wax & eKeyboard Message-ID: I don't think a virtual keyboard is necessarily a bad idea in this case. I live in a densely populated neighborhood in NYC. SOmeone is ALWAYS in my home, and in the rare cases nobody's here we turn on our alarm. This does not mean some visual surveillance of my keyboard is impossible, but it greatly reduces the number of parties with the desire and resources to attempt such a surveillance. And the reason this matters is because I can download such a virtual keyboard for pennies (thus causing the need for VERY costly forms of surveillance by nullifying keystroke loggers), and cause the cost of surveillance to rise probably far more than exponentially. This is a good thing (from my point of view!) in and of itself, but imagine if a large number of people thought this way, encrypting even the most trivial of communications. -TD >From: Sunder >To: Tyler Durden >CC: shaddack at ns.arachne.cz, timcmay at got.net, cypherpunks at minder.net >Subject: Re: Sealing wax & eKeyboard >Date: Wed, 16 Jul 2003 15:01:22 -0400 (edt) > > >On Wed, 16 Jul 2003, Tyler Durden wrote: > > > "Anything displayed on your screen is visible to the guy across the >street > > with a TEMPEST detector unless you work in a Faraday cage. " > > > > No, no you have the whole thing wrong. As May recently stated, "crypto >is > > economics". > >Well, ok, it "all depends on your security model" is certainly the 1st >factor to consider with how much you're willing to spend on it being a >constraint to that. > >If your threat model is simply to have generic good security incase >someone steals your machine, then so long as all your files are encrypted, >the theif just gets whatever the hardware is worth at "it fell of a >truck" prices, and no more. > >If your threat model is the fully armed and armorded ninja attack at >3:00am -- which was what I gathered was what Sampo's originally presented >question, then you can assume your attacker would have enough resources to >pull off a TEMPEST van across the street, etc. > >So do you want crypto to keep a rogue government out of your fiels, or >keep your kid sister from reading your email? etc... > >An on screen virtual keyboard is much easier to see than a real keyboard >even by a shitty pinhole camera. A real keyboard would have to be viewed >from above, otherwise, all you can do is infer the keystrokes - which >gives you a hint of what they are for a passphrase, but not much else. >On screen keyboard can be seen much easier and your mouse pointer gives >you away. > >So it all depends on who "they" is. Either way, if "they" believe you are >a nice jucy target, and their chances to net lots of data off your machine >are high, they will park the TEMPEST SUV outside your door. Not much >question of that... > >If "they" are watching everyone for patterns and you don't stick out like >a sore thumb, there's not much need for any of the above. > > > Empire State building, I'll probably work harder to hide it. If I'm >sharing > > mp3's on Kazaa or whatever and I don't want to have RIAA make an example >out > > of me, that virtual keyboard may be just right. > >No, virtual keyboard won't save your ass. Your ISP will had it over on a >plate along with trimmings (traffic logs, etc.) If you're sharing MP3's >on Kazaa, you're easy to find, and logs are proof enough. All the RIAA >troll has to do is download one song off your IP, prove it came from >your IP, and get the ISP to give them logs, and you're toast. Doesn't >matter that your hard drive has since been wiped or encrypted or is >unreadable. > >Using crypto to protect files you have already shared with the public is >neurotic as a security measure. > > > The real danger of crypto and, I'd argue, a virtual keyboard in this >case, > > is that by spending tiny fractions of money we can make it prohibitively > > costly for "them" to monitor a large number of transactions. > >And if you do and are noticed, "they" will spend that money because you >will be an obvious and clear target. If they can get away with "why don't >you just show us what you have - what do you have something to hide?" line >to cow sheeple into giving them access, in their mind, you'd be the one to >make their careers. > > > Forget > > unbreakability. Forget Faraday cages (you don't have anything that >important > > to hide anyway). Cheap, easy and scalable is the only way to bumrush >this > > show. > >Again, what's your threat model, who is your attacker, how much are you >willing to spend on it? > > >----------------------Kaos-Keraunos-Kybernetos--------------------------- > + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ > \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ ><--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ > /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ > + v + : The look on Sadam's face - priceless! >--------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ > > > _________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail From njohnsn at njohnsn.com Wed Jul 16 20:13:08 2003 From: njohnsn at njohnsn.com (Neil Johnson) Date: Wed, 16 Jul 2003 22:13:08 -0500 Subject: Funding for TIA All But Dead In-Reply-To: <29F37088-B7F9-11D7-A65E-000A956B4C74@got.net> References: <29F37088-B7F9-11D7-A65E-000A956B4C74@got.net> Message-ID: <200307162213.08329.njohnsn@njohnsn.com> On Wednesday 16 July 2003 08:51 pm, Tim May wrote: > On Wednesday, July 16, 2003, at 04:54 PM, Steve Schear wrote: > > The controversial Terrorism Information Awareness program, which would > > troll Americans' personal records to find terrorists before they > > strike, may soon face the same fate Congress meted out to John > > Ashcroft in his attempt to create a corps of volunteer domestic spies: > > death by legislation. > > > > http://www.wired.com/news/politics/0,1283,59606,00.html > > "In other news, the Senate Select Committee on Children's and Workplace > Safety met today to consider the Total Safety Awareness Bill. > Newly-appointed Commissioner of Child Safety, John Poindexter, declared > that TSA will "finally make the streets safe for children." He > dismissed any concern that this bill is just a rehashing of the failed > Total Information Awareness program." > DOD Lackey: "Sorry Mr. Rumsfield, we won't be able to the money for this from the Homeland Security Budget". Don: "Damn! Oh well just put the stuff in in next year's black program budget. I guess we'll have to scratch a X-35FDRFS thingy, but we already had budgeted for twice as many as we really need. Nice try though!" DOD: Yes Sir Mr. Rumsfield ! -- Neil Johnson http://www.njohnsn.com PGP key available on request. From ravage at einstein.ssz.com Wed Jul 16 20:32:37 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 16 Jul 2003 22:32:37 -0500 (CDT) Subject: Slashdot | WiFi Hotspots Elude RIAA Dragnet (fwd) Message-ID: http://yro.slashdot.org/yro/03/07/17/0010225.shtml?tid=141&tid=188 -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From ravage at einstein.ssz.com Wed Jul 16 20:32:52 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 16 Jul 2003 22:32:52 -0500 (CDT) Subject: Slashdot | Intrusion Tolerance - Security's Next Big Thing? (fwd) Message-ID: http://slashdot.org/articles/03/07/17/002250.shtml?tid=126&tid=172 -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From mv at cdc.gov Wed Jul 16 23:06:43 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Wed, 16 Jul 2003 23:06:43 -0700 Subject: Swiss cheese by Microsoft Message-ID: <3F163CF3.F4E00BDE@cdc.gov> Microsoft Admits Flaw in Windows Software WASHINGTON - Microsoft Corp. acknowledged a critical vulnerability Wednesday in nearly all versions of its flagship Windows operating system software, the first such design flaw to affect its latest Windows Server 2003 software. ... Microsoft said corporate firewalls commonly block the type of data connections that hackers outside a company would need for these attacks. The flaw affects Windows technology used to share data files across computer networks. [Yes but a virus can exploit from *within* the system.] ... But four Polish researchers, known as the "Last Stage of Delirium Research Group," said they discovered how to bypass the additional protections Microsoft added, just three months after the software went on sale. [Gotta love that acronym..] ------ Router attack, ca. 1954: Bikers disable a town's router infrastructure in _The Wild Ones_. Her name is Dorothy, she runs a plugboard, she runs off scared. From jtrjtrjtr2001 at yahoo.com Wed Jul 16 23:45:18 2003 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Wed, 16 Jul 2003 23:45:18 -0700 (PDT) Subject: Sealing wax & eKeyboard(Tempest for eliza) In-Reply-To: Message-ID: <20030717064518.95142.qmail@web21203.mail.yahoo.com> hi, We can give a tempest demo just with a radio .There is a fun project called tempest for eliza which gives an insight of the computer security. Tempest for Eliza is a program that uses your computer monitor to send out AM short wave radio signals. You can then hear computer generated music in your radio. it teaches you that your computer can be observed. Tempest for Eliza works with every monitor, every resolution. you don't have to be root. http://freshmeat.net/projects/tempestforeliza/?topic_id=71%2C43 http://www.erikyyy.de/tempest/ Regards Sarath. --- Tyler Durden wrote: > "Anything displayed on your screen is visible to the > guy across the street > with a TEMPEST detector unless you work in a Faraday > cage. " > > No, no you have the whole thing wrong. As May > recently stated, "crypto is > economics". It's one thing for "them" to set up a > camera to look at some > Arab guy's computer down on Atlantic Ave in > Brooklyn. It's an entirely > different thing if, by using a virtual keyboard, > "they" have to do the same > thing for millions of people. (And in case it's not > obvious, the cost > probably won' be in the hardware but in the > installation costs, and the fact > that the probability of detection of such efforts is > nonzero, thus > nullifying their "investment".) If I have a plan to > smash a plane into the > Empire State building, I'll probably work harder to > hide it. If I'm sharing > mp3's on Kazaa or whatever and I don't want to have > RIAA make an example out > of me, that virtual keyboard may be just right. > > The real danger of crypto and, I'd argue, a virtual > keyboard in this case, > is that by spending tiny fractions of money we can > make it prohibitively > costly for "them" to monitor a large number of > transactions. Forget > unbreakability. Forget Faraday cages (you don't have > anything that important > to hide anyway). Cheap, easy and scalable is the > only way to bumrush this > show. > > -TD > > > > > > > >From: Sunder > >To: Thomas Shaddack > >CC: Tyler Durden , > timcmay at got.net, > >cypherpunks at minder.net > >Subject: Re: Sealing wax & eKeyboard > >Date: Wed, 16 Jul 2003 13:23:02 -0400 (edt) > > > >Geez! You guys have the DUMBEST ideas ever! For > fuck's sake, go and > >RTFA! (For the dumb: READ THE FUCKING ARCHIVES!) > > > >Anything displayed on your screen is visible to the > guy across the street > >with a TEMPEST detector unless you work in a > Faraday cage. Failing that a > >hidden pinhole camera, or an RF transmitter > attached to your cable -- hell > >these are available for hobbist use right now: > x10.com has small devices > >that you can use to broadcast video from one room > to another. Getting the > >same done for VGA, XVGA, etc. shouldn't be any > harder. > > > >Using IR or RF is one of the stupidest things you > could possibly > >do. Think! IR and RF are detectable from a > distance! > > > >Ok, some IR auth is ok, provided it's in a sealed > chamber and no photons > >leak out. i.e. think of a two cylinders, sealed at > the ends where the > >cables go, where one fits inside the other... sort > of like fiber optic > >cables and connectors. No leaks. > > > >Direct contact's obviously fine, so long as your > alleged attacker can't > >tap into it. > > > >----------------------Kaos-Keraunos-Kybernetos--------------------------- > > + ^ + :25Kliters anthrax, 38K liters botulinum > toxin, 500 tons of /|\ > > \|/ :sarin, mustard and VX gas, mobile > bio-weapons labs, nukular /\|/\ > ><--*-->:weapons.. Reasons for war on Iraq - GWB > 2003-01-28 speech. \/|\/ > > /|\ :Found to date: 0. Cost of war: > $800,000,000,000 USD. \|/ > > + v + : The look on Sadam's face - > priceless! > >--------_sunder_ at _sunder_._net_------- > http://www.sunder.net ------------ > > > >On Wed, 16 Jul 2003, Thomas Shaddack wrote: > > > > > However, this will work around the keyboard > loggers, but will cause > > > development of eg. programs saving the > screenshots at the moment of a > > > mouseclick. (Which is definitely more detectable > - by storing bulk > >amounts > > > of data - than just a plain keylogger, > disadvantaging the adversary > > > somehow.) Also won't protect against ceiling > cams, if they'd have enough > > > resolution to see the screen clearly enough. > > > > > > Couldn't there be some challenge-response > device, eg. over IrDA or radio > > > waves or direct contact (eg, iButton DS1955B or > DS1957B), which would be > > > unlocked by something like a PIN code? How to > avoid the leakage of the > >PIN > > > and subsequent seizure of the device then? > > _________________________________________________________________ > Tired of spam? Get advanced junk mail protection > with MSN 8. > http://join.msn.com/?page=features/junkmail > __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com From justin-cypherpunks at soze.net Wed Jul 16 17:39:46 2003 From: justin-cypherpunks at soze.net (Justin) Date: Thu, 17 Jul 2003 00:39:46 +0000 Subject: Sealing wax & eKeyboard In-Reply-To: References:

Message-ID: <20030717003946.GH10846@dreams.soze.net> Sunder (2003-07-16 17:23Z) wrote: > Anything displayed on your screen is visible to the guy across the street > with a TEMPEST detector unless you work in a Faraday cage. Failing that a > hidden pinhole camera, or an RF transmitter attached to your cable -- hell > these are available for hobbist use right now: x10.com has small devices > that you can use to broadcast video from one room to another. Getting the > same done for VGA, XVGA, etc. shouldn't be any harder. > > Using IR or RF is one of the stupidest things you could possibly > do. Think! IR and RF are detectable from a distance! If you want to get picky, a clever brain could probably figure out keystrokes from across the street with a laser mic if the target has a loud keyboard, considering each key will probably make a slightly different sound. I'd think an attacker could determine spacebar hits, at least, and pauses, which alone might lead to a complete keystroke log. [demime 0.97c removed an attachment of type application/pgp-signature] From ravage at einstein.ssz.com Thu Jul 17 05:01:37 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 17 Jul 2003 07:01:37 -0500 (CDT) Subject: The Register - Congress threatens two hi-tech Gestapo programs (fwd) Message-ID: http://www.theregister.co.uk/content/6/31791.html -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From sunder at sunder.net Thu Jul 17 06:56:27 2003 From: sunder at sunder.net (Sunder) Date: Thu, 17 Jul 2003 09:56:27 -0400 (edt) Subject: Sealing wax & eKeyboard In-Reply-To: Message-ID: On Thu, 17 Jul 2003, Trei, Peter wrote: > Lets not forget optical TEMPEST - remember a few months ago, > when it was demonstrated that the image on a CRT could > be reconstructed just from the light it reflected on walls? The > point where the electron beam is hitting the phosphors is > much brighter than the rest of the screen, and by syncing a > fast photodetector to monitor scan rates, you can reconstruct > the image on a screen in a distant room just by viewing the > backwash light through a telescope. Absolutely. Which is why people worried about security in this manner, should move to LCD's. Not just for weakening TEMPEST signals, but also for defeating optical TEMPEST... (and saving power.) However I have to say that from a purely user point of view, I like the way CRT's look much better than LCD's. CRT's tend to be richer and brighter than LCD's, and their refresh rates are much better... LCD's are still suceptible to TEMPEST monitoring, though there are far less emissions since there isn't this great big nuclear particle accelerator sitting infront of you :) (what? electrons are nuclear particles. :) But the signals from poorly shielded VGA cables can still be picked up (as can those of keyboards, and other hardware.) Other tricks include using more than one monitor (make sure they're all the same brand/model, attached to video cards that are identical and operating at the same resolution, depth, and refresh rate, and displaying random junk, etc. + using tempest fonts on the non-decoy system.) Better yet, use a notebook computer on battery power (so that power saving mode comes intoplay) with several decoys as they'd (generally) dump much less RF. You could also add some shielding, but it's unlikely to help very much... I actually played with a fox & hound kit one day. For those who never had to run ethernet (CAT 3,5,5e,etc.) or phone cable, this consists of a pair of tools: a tone injector that makes lots of noise, and a detector. The detector can pick up not just the signal from the tone injector, but also lovely things such as 60Hz hum, phone conversations (in analog phones anyhow), etc... You can also learn to "hear" the different sounds various things like 100BTx make and distinguish from - say, 10BT, or cable TV, etc... with a cheap proble that doesn't filter... I did find that when used on a keyboard, with some cheaper keyboards anyway, you can "hear" the keystrokes and the key scanning pattern, and that the individual keys are certainly distinctive enough - you could probably hook this thing up to a sound card and figure out which keys send what RF pattern... So with the right recorder/relay/decoder hidden under someone's desk, you could capture their keystrokes without disturbing epoxy or taking the keyboard apart. (As with all bugs, you'd need a power suply, some way to intercept the data, and either some way to record the data, or relay it. Relaying it, and hooking into existing power is better than just recording it or using a battery as a source, because you don't need a 2nd blag bag job to remove your bug and dump the data.) Of course if the bug transmits, it can be picked up in a sweep, but if the PC is on, the guy doing the sweep might not realize that there's a bug since the PC is a noise source... YMMV, etc. So all this talk of expoying keyboards down is somewhat naive in light of this. Not to say that if you, hypothetically speaking, were in a position to have a well funded, and determined set of enemies who were out to get your data, that using expoxy to glue down your keyboard wouldn't frustrate them, but rather to point out that there are other means and methods that would more than ruin your day. :) The path of least resistance, again, is not to attract the attention of such enemies in the first place. But hey, if your threat model is your kid sister or RIAA, then much less thought is perfectly fine. [As with all my posts, "you" is always a fictional character, and in this one, "you" switches from the guy trying to steal data to the guy trying to protect data, YMMV, #include ] From ptrei at rsasecurity.com Thu Jul 17 07:01:50 2003 From: ptrei at rsasecurity.com (Trei, Peter) Date: Thu, 17 Jul 2003 10:01:50 -0400 Subject: Sealing wax & eKeyboard Message-ID: > ---------- > From: Tyler Durden[SMTP:camera_lumina at hotmail.com] > Sent: Wednesday, July 16, 2003 9:38 PM > To: sunder at sunder.net > Cc: shaddack at ns.arachne.cz; timcmay at got.net; cypherpunks at minder.net > Subject: Re: Sealing wax & eKeyboard > > I don't think a virtual keyboard is necessarily a bad idea in this case. I > > live in a densely populated neighborhood in NYC. SOmeone is ALWAYS in my > home, and in the rare cases nobody's here we turn on our alarm. This does > not mean some visual surveillance of my keyboard is impossible, but it > greatly reduces the number of parties with the desire and resources to > attempt such a surveillance. And the reason this matters is because I can > download such a virtual keyboard for pennies (thus causing the need for > VERY > costly forms of surveillance by nullifying keystroke loggers), and cause > the > cost of surveillance to rise probably far more than exponentially. This is > a > good thing (from my point of view!) in and of itself, but imagine if a > large > number of people thought this way, encrypting even the most trivial of > communications. > > -TD > > Lets not forget optical TEMPEST - remember a few months ago, when it was demonstrated that the image on a CRT could be reconstructed just from the light it reflected on walls? The point where the electron beam is hitting the phosphors is much brighter than the rest of the screen, and by syncing a fast photodetector to monitor scan rates, you can reconstruct the image on a screen in a distant room just by viewing the backwash light through a telescope. Peter From zenadsl6186 at zen.co.uk Thu Jul 17 04:12:12 2003 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Thu, 17 Jul 2003 12:12:12 +0100 Subject: Security for Mafiosos and Freedom Fighters In-Reply-To: Message-ID: Bill Frantz wrote: > Ever since I heard that manufacturers were cleaning assembled boards with > soap and water I have wondered just how much you need to protect electronic > circuits from water. You obviously don't want to allow them to stay damp > so they corrode, but immersion for a time (up to weeks) followed by a fresh > water rinse and drying might not be so bad. Do any hardware experts have > an opinion? A long time ago I used to teach an "intro to computing" class. many students were older people who were afraid to physically touch a keyboard - partly just because it was unfamiliar, because it meant they were actually, now, starting on the road to learning, because they feared to "break something", or because they thought they might get a shock (I kid you not). I digress. One way of making them feel more comfortable was to "accidently" spill a drink on a keyboard, than immerse it in a sink, rinse, and hang out to dry. Sometimes I used a hairdrier to reuse the keyboard during the lesson, but mostly I just left it overnight to dry. That gave some at least of them some confidence that it was ok to touch the keyboard. I've also washed an iMac (which had fallen in the sea) by immersion in tap water and careful drying, the CD needed more care (drying with IPA), I took out the hard drive first and was careful with that, also cleaned all connectors with solvent cleaner, but it worked ok afterwards. BTW, do NOT do this with crappy Apple keyboards! They are membrane-based and will be destroyed. They are also hard to open for repair, and when I asked an Apple chap about them he said "You should never drink near a keyboard". What crap! I give no guarantee that it won't destroy your keyboard, but it won't hurt most keyboards. -- Peter Fairbrother BTW, m-o-o-t uses a randomised virtual keyboard with TEMPEST (both EM and optical) resistant fonts. It's okay for inputting keys, but it's a hassle for inputting text. Which means that your keys might be safe from keyloggers (both hardware and software), but your plaintext isn't. Sigh. I'm trying to improve it by putting the "senhorita" letters in one block and the rest elsewhere (not for key input obviously), and you do learn where the keys are after a while, but it's still a hassle. From mv at cdc.gov Thu Jul 17 12:46:43 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 17 Jul 2003 12:46:43 -0700 Subject: Optical Tempest? I have my doubts... Message-ID: <3F16FD23.60A2C1FC@cdc.gov> At 03:15 PM 7/17/03 -0400, Tyler Durden wrote: >I dunno...I'm thinking that optical tempest is probably bullshit 99% of the >time, but what do I know? There was an article on optical tempest based on reading modem-LEDs, which are sometimes modulated with the data stream. For Mhz rates it works. >But I still don't believe that specular reflection of smallish type from a >monitor will have anything that is recoverable. Of course, this is going to >be dependent on the quality of the wall material, but for most not-so-even >plaster/drywall painted surfaces, I just can't believe the appopriate >spacial frequencies of the image are not scattered after that kind of >reflection. The idea of reading the *matte* reflection of the CRT beam is possible. But its not *spatial* frequency, its using intensity vs. time. At any one instant you have a single 1-D measurement. This exploits the fact, as stated, that the phosphor is brightest under the (scanning) beam. There is no spatial info present. You simply need a sensitive (contrast is low) and fast (raster rate) optical measurement. >The conspiracy theorist is telling me there's some reason they floated the >optical tempest story, though I can't quite figure out what that reason >is... Its the Windowshade division of the Anti-Illuminati ---- Irony: Jewish Zealots were famous for offing (Jewish) Roman collaborators. 100 generations later, Arabic Zealots whack (Arabic) ZionistCrusader collaborators. "Pro-American Mayor, Son Killed in Iraq" ---- Of course Iraq isn't another Vietnam. They don't know how to make good pho hoa. From eresrch at eskimo.com Thu Jul 17 12:48:47 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Thu, 17 Jul 2003 12:48:47 -0700 (PDT) Subject: Optical Tempest? I have my doubts... In-Reply-To: Message-ID: On Thu, 17 Jul 2003, Tyler Durden wrote: > The conspiracy theorist is telling me there's some reason they floated the > optical tempest story, though I can't quite figure out what that reason > is... The main purpose is for academic gain. If you'd looked at the paper a bit, you'd have read it took about 1/2 an hour to reconstruct the image from one screen. It is a proof of principle concept, enough so that multi-billion dollar espionage agencies can think about it. At 30 fps for a game, forget it. But for a slow typist who has to go get a cup of coffee because the phone rang.... It does make the game more interesting, but it's mighty easy to defeat. Patience, persistence, truth, Dr. mike From mv at cdc.gov Thu Jul 17 13:24:13 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Thu, 17 Jul 2003 13:24:13 -0700 Subject: 1st amend: fiction != reality, words not kiddy pr0n Message-ID: <3F1705EC.3622CB16@cdc.gov> Appeals Court Dismisses Ohio Man's Guilty Plea in Obscenity Case Involving Fictitious Stories COLUMBUS, Ohio (AP) - A state appeals court on Thursday dismissed the guilty plea of a man imprisoned for writing fictitious stories of child torture and molestation. Lawyers specializing in the First Amendment believe Brian Dalton was the first person in the United States successfully prosecuted for child pornography that involved fictional writings, not images. The 10th Ohio District Court of Appeals in Columbus ruled that Dalton received ineffective legal assistance. Dalton had argued that his former lawyer didn't inform him of the legal implications of a guilty plea or ask for an immediate dismissal on First Amendment grounds. The 3-0 ruling sends the case back to Franklin County Common Pleas Court. Dalton could still be tried but prosecutors have not said whether they would seek to do so. Ray Vasvari, the American Civil Liberties Union's state legal director in Cleveland, called the decision an "important recognition for not only freedom of speech but freedom of thought." Dalton, 24, of Columbus, pleaded guilty in July 2001 to pandering obscenity involving a minor, which falls under Ohio's pornography law. He later asked to withdraw the plea so he could challenge the constitutionality of the law, but Franklin County Common Pleas Judge Nodine Miller refused. ACLU attorneys then appealed. Miller had sentenced Dalton to seven years, plus 4 1/2 years from a 1998 child pornography conviction on the grounds he violated probation by possessing the journal. The 14-page journal contained stories about three children - ages 10 and 11 - being caged in a basement, molested and tortured. Prosecutors acknowledged the stories were pure fiction. The journal was found by Dalton's probation officer during a routine search of his home. Dalton was charged under Ohio's 1989 child porn law, which bans possession of obscene material involving children. He was not charged under Ohio's obscenity law, which requires dissemination and not just possession. The appeals court found that Dalton's defense attorney, Isabella Dixon, misunderstood the two charges against her client. Both charges were based on the journal and involved fictitious events, the court found. Dixon, it said, had erroneously believed one of the charges was based on a letter Dalton wrote describing sexual molestation of a young cousin, a real person. "This misunderstanding was significant because of the important differences in the constitutional protections afforded the private possession of pornographic depictions of real children and similar depictions of fictional children," Judge William Klatt said, writing for the majority. A message was left with Dixon seeking comment. http://ap.tbo.com/ap/breaking/MGAQA2U49ID.html From wolf at priori.net Thu Jul 17 13:33:28 2003 From: wolf at priori.net (Meyer Wolfsheim) Date: Thu, 17 Jul 2003 13:33:28 -0700 (PDT) Subject: Optical Tempest? I have my doubts... In-Reply-To: Message-ID: On Thu, 17 Jul 2003, Mike Rosing wrote: > On Thu, 17 Jul 2003, Tyler Durden wrote: > > > The conspiracy theorist is telling me there's some reason they floated the > > optical tempest story, though I can't quite figure out what that reason > > is... > > The main purpose is for academic gain. If you'd looked at the paper a > bit, you'd have read it took about 1/2 an hour to reconstruct the image > from one screen. It is a proof of principle concept, enough so that > multi-billion dollar espionage agencies can think about it. At 30 fps > for a game, forget it. But for a slow typist who has to go get a cup > of coffee because the phone rang.... > > It does make the game more interesting, but it's mighty easy to defeat. For what it's worth, a "secure viewer" that displayed text in red on a black background should make an optical tempest attack much more difficult. -MW- From camera_lumina at hotmail.com Thu Jul 17 12:15:28 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 17 Jul 2003 15:15:28 -0400 Subject: Optical Tempest? I have my doubts... Message-ID: I dunno...I'm thinking that optical tempest is probably bullshit 99% of the time, but what do I know? My Optical specialities are ultrafast and optical networking. But I still don't believe that specular reflection of smallish type from a monitor will have anything that is recoverable. Of course, this is going to be dependent on the quality of the wall material, but for most not-so-even plaster/drywall painted surfaces, I just can't believe the appopriate spacial frequencies of the image are not scattered after that kind of reflection. The conspiracy theorist is telling me there's some reason they floated the optical tempest story, though I can't quite figure out what that reason is... -TD >From: Peter Fairbrother >To: >Subject: Re: Security for Mafiosos and Freedom Fighters >Date: Thu, 17 Jul 2003 12:12:12 +0100 > >Bill Frantz wrote: > > > Ever since I heard that manufacturers were cleaning assembled boards >with > > soap and water I have wondered just how much you need to protect >electronic > > circuits from water. You obviously don't want to allow them to stay >damp > > so they corrode, but immersion for a time (up to weeks) followed by a >fresh > > water rinse and drying might not be so bad. Do any hardware experts >have > > an opinion? > >A long time ago I used to teach an "intro to computing" class. many >students >were older people who were afraid to physically touch a keyboard - partly >just because it was unfamiliar, because it meant they were actually, now, >starting on the road to learning, because they feared to "break something", >or because they thought they might get a shock (I kid you not). I digress. > >One way of making them feel more comfortable was to "accidently" spill a >drink on a keyboard, than immerse it in a sink, rinse, and hang out to dry. >Sometimes I used a hairdrier to reuse the keyboard during the lesson, but >mostly I just left it overnight to dry. That gave some at least of them >some >confidence that it was ok to touch the keyboard. > >I've also washed an iMac (which had fallen in the sea) by immersion in tap >water and careful drying, the CD needed more care (drying with IPA), I took >out the hard drive first and was careful with that, also cleaned all >connectors with solvent cleaner, but it worked ok afterwards. > > >BTW, do NOT do this with crappy Apple keyboards! They are membrane-based >and >will be destroyed. They are also hard to open for repair, and when I asked >an Apple chap about them he said "You should never drink near a keyboard". >What crap! > > >I give no guarantee that it won't destroy your keyboard, but it won't hurt >most keyboards. > >-- >Peter Fairbrother > > >BTW, m-o-o-t uses a randomised virtual keyboard with TEMPEST (both EM and >optical) resistant fonts. It's okay for inputting keys, but it's a hassle >for inputting text. > >Which means that your keys might be safe from keyloggers (both hardware and >software), but your plaintext isn't. Sigh. I'm trying to improve it by >putting the "senhorita" letters in one block and the rest elsewhere (not >for >key input obviously), and you do learn where the keys are after a while, >but >it's still a hassle. _________________________________________________________________ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail From ptrei at rsasecurity.com Thu Jul 17 12:44:03 2003 From: ptrei at rsasecurity.com (Trei, Peter) Date: Thu, 17 Jul 2003 15:44:03 -0400 Subject: Optical Tempest? I have my doubts... Message-ID: > Durden[SMTP:camera_lumina at hotmail.com] wrote: > > I dunno...I'm thinking that optical tempest is probably bullshit 99% of > the > time, but what do I know? My Optical specialities are ultrafast and > optical > networking. > > But I still don't believe that specular reflection of smallish type from a > > monitor will have anything that is recoverable. Of course, this is going > to > be dependent on the quality of the wall material, but for most not-so-even > > plaster/drywall painted surfaces, I just can't believe the appopriate > spacial frequencies of the image are not scattered after that kind of > reflection. > > The conspiracy theorist is telling me there's some reason they floated the > > optical tempest story, though I can't quite figure out what that reason > is... > > -TD > > > > > >BTW, m-o-o-t uses a randomised virtual keyboard with TEMPEST (both EM and > >optical) resistant fonts. It's okay for inputting keys, but it's a hassle > >for inputting text. > > > >Which means that your keys might be safe from keyloggers (both hardware > and > >software), but your plaintext isn't. Sigh. I'm trying to improve it by > >putting the "senhorita" letters in one block and the rest elsewhere (not > >for > >key input obviously), and you do learn where the keys are after a while, > >but > >it's still a hassle. > Please don't top-post. Optical TEMPEST of the type we've been discussing has nothing to do with specular reflection. As your CRT screen is raster-scanned, the point at which the electron beam is pointing at any given moment is much brighter than the rest of the screen. That the screen seems uniformly illuminated is a result of your persistance of vision. Optical tempest records the brightness of the light reflecting off the wall behind the user as a function of time. This can be used to reconstruct the brightness of each pixel on the screen, since they are refreshed sequentially in raster order. Peter Trei From ravage at einstein.ssz.com Thu Jul 17 16:34:48 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 17 Jul 2003 18:34:48 -0500 (CDT) Subject: Use of smart cards for wi-fi user ident (fwd) Message-ID: http://www.idg.net/ic_1326548_9720_1-5072.html -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From shaddack at ns.arachne.cz Thu Jul 17 15:07:40 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Fri, 18 Jul 2003 00:07:40 +0200 (CEST) Subject: De-shredding the shreds Message-ID: Summary: Technology allows taking the "noodles" of shredded document, scanning them, and reconstructing the pages with various degrees of manual and automated effort. New approaches are necessary for high-security operations. Source: New York Times Author: Douglas Heingartner Title: Picking up the pieces URL: http://www.nytimes.com/2003/07/17/technology/circuits/17shre.html Highlight: Mr. Brassil's project at Hewlett Packard, aimed at tracing the source of shredded document by the micromarks on the shreds, both of vanilla shredders and by custom-modifying the shredders to leave a defined signature on the strips. http://www.hpl.hp.com/techreports/2002/HPL-2002-215.html (abstract) http://www.hpl.hp.com/techreports/2002/HPL-2002-215.pdf Full text: Picking Up the Pieces By DOUGLAS HEINGARTNER BERLIN -- THROUGHOUT the 1980's, Sascha Anderson, a poet, musician and literary impresario, was one of the leading voices to speak out against the East German government and its dreaded secret police, the Stasi. But his credibility gradually evaporated after the Communist government's collapse as rumors about him acquired the weight of proof: he had been informing on his dissident compatriots all along. He had been told that his Stasi file had been destroyed. In fact, it was manually reconstructed from some of the millions of shreds of paper that panicked Stasi officials threw into garbage bags during the regime's final days in the fall of 1989. Now, if all goes as planned by the German government, the remaining contents of those 16,000 bags will also be reconstructed. Advanced scanning technology makes it possible to reconstruct documents previously thought safe from prying eyes, sometimes even pages that have been ripped into confetti-size pieces. And although a great deal of sensitive information is stored digitally these days, recent corporate scandals have shown that the paper shredder is still very much in use. "People perceive it as an almost perfect device," said Jack Brassil, a researcher for Hewlett-Packard who has worked on making shredded documents traceable. If people put a document through a shredder, "they assume that it's fundamentally unrecoverable," he said. "And that's clearly not true." In its crudest form, the art of reconstructing shredded documents has been around for as long as shredders have. After the takeover of the United States Embassy in Tehran in 1979, Iranian captors laid pieces of documents on the floor, numbered each one and enlisted local carpet weavers to reconstruct them by hand, said Malcolm Byrne of the National Security Archive at George Washington University. "For a culture that's been tying 400 knots per inch for centuries, it wasn't that much of a challenge," he said. The reassembled documents were sold on the streets of Tehran for years. That episode helped convince the United States government to update its procedures for destroying documents. The expanded battery of techniques now includes pulping, pulverizing and chemically decomposing sensitive data. Yet these more complex methods are not always at hand in an emergency, which is why the vagaries of de-shredding will be of interest to intelligence officials for some time to come. "It's been an area of interest for a very long time," said William Daly, a former F.B.I. investigator who is a vice president at Control Risks Group, a security consulting firm. "The government is always trying to keep ahead of the curve." Like computer encryption and hacking, "it's kind of a cat-and-mouse game, keeping one step ahead," he said. "That's why the government is always looking at techniques to help them ensure their documents are destroyed properly." Modern image-processing technology has made the rebuilding job a lot easier. A Houston-based company, ChurchStreet Technology, already offers a reconstruction service for documents that have been conventionally strip-shredded into thin segments. The company's founder, Cody Ford, says that reports of document shredding in recent corporate scandals alerted him to a gap in the market. "Within three months of the Enron collapse at end of 2001, we had a service out to electronically reconstruct strip shreds," he said. The Stasi archives are a useful reference point for researchers tackling the challenge, though perhaps more for the scale than the sophistication of the shredding. Most of the Stasi papers were torn by hand because the flimsy East German shredding machines collapsed under the workload. The hastily stored bags of ripped paper were quickly discovered and confiscated. In 1995 the German government commissioned a team in the Bavarian town of Zirndorf to reassemble the torn Stasi files one by one. Yet by 2001, the three dozen archivists had gone through only about 300 bags, so officials began a search for another way to piece together the remaining 33 million pages a bit faster. Four companies remain candidates for the job, including Fraunhofer IPK of Berlin, part of the Fraunhofer Gesellschaft research institute, which helped develop the MP3 music format. The institute is drafting plans to sort, scan and archive the millions of pages within five years, drawing on expertise in office automation, image processing, biometrics and handwriting analysis as well as sophisticated software. "It's more than just the algorithms about the puzzles," said Bertram Nickolay, the head of the security and testing technologies department. Indeed, the archive is a massive grab bag of randomly torn documents, many with handwritten and typewritten text on the same page. Combining all these technologies in a project of this scope "is on the borders of what's possible," Mr. Nickolay said. His system's accuracy rate is about 80 percent. "It will take time for the algorithms to be optimized," Mr. Nickolay said, noting that handwriting analysis began with accuracy levels of around 50 percent, and are now at 90 percent and above. Some of the companies competing for the job concentrated on the shape, color and perforations of the shreds, while other contenders opted for semantically driven systems, which looked for keywords and likely text matches. The Fraunhofer plan is to combine its smart scanning software with the know-how of the Zirndorf archivists, who have amassed years of experience working with these tiny pieces of history. After all the shreds have been scanned (at 200 dots per inch), the interactive software will suggest possible matches, which an operator can accept or reject. While Fraunhofer IPK eventually plans to use a similar technique, several companies say they can do so already. ChurchStreet's software analyzes the graphical patterns that go to the edge of each piece. First, workers paste the random shreds onto standard sheets of paper, which takes three to seven minutes per page. The pages are scanned, and software analyzes the shreds for possible matches. Mr. Ford, the company founder, said the ChurchStreet service can recover up to 70 percent of a document's content, although he stressed that the goal was to get blocks of information rather than to re-create the original formatting. The blocks are presented to the client, who determines where they might belong in the overall scheme. "We don't make any guesswork about reconstruction," Mr. Ford said. "We make no assumptions." ChurchStreet, whose clients are mainly law agencies and private law firms, charges roughly $2,000 to reconstruct a cubic foot of strip-shreds. A cubic foot of shreds is generally less than 100 pages. Mr. Ford said ChurchStreet would soon offer a service to reconstruct cross-shredded documents - that is, those cut in two directions - for $8,000 to $10,000 per cubic foot. A common standard in cross-shredding is particles one thirty-second by seven-sixteenths of an inch, which results in thousands of grain-like shreds per page. Cross-shredding makes the job a lot trickier, but not for lack of processing power. "The problem is not whether it's possible with the software, which is possible," said Werner Vvgeli, the managing director of the German office of SER Solutions, a company in Dulles, Va., that also competed for the contract to reconstruct the Stasi documents. "The problem is how to scan these documents." Fred Cohen, a security consultant who reconstructed many pages while working at Sandia National Laboratories, also sees limits. "When you get down to very small shreds, then the numbers start to eat you," he said. "You start to get to where there isn't enough text per shred to be of any use. You've got a completely black shred; whether it's the middle of the cross of a t or the dot of an i, you can't tell." Adding to the challenge, the smaller the pieces are, the farther apart they can fall, and thus the less likely they are to cluster in a conveniently retrievable form. Security experts also say that using large type (for less text per shred), and feeding the paper into a shredder perpendicular to the direction of the text (so no complete phrases stay together) makes shredding less vulnerable. Professional document reconstructions are generally recognized by the courts in much the way that fingerprint or handwriting evidence is. An expert may not be able to vouch for the accuracy of the information on a given page, said Mr. Daly, the former F.B.I. investigator, but he can testify that a reconstructed document "was at one time one piece of paper that was cut into little pieces of paper, and now it's back into one piece of paper." Mr. Daly added that investigators often use reassembled pages as part of a larger forensic puzzle. "Once we have a hard-copy document, we can then go back and look at databases and put in search criteria, and to be able to actually come up with the original electronic version," he said. "One becomes a pathway to the other." The demand for such investigative services is clear. "I probably get a call every month," said Robert Johnson of the National Association for Information Destruction, an American trade group, from clients looking for "a way to reverse the process." Other projects, like Mr. Brassil's at Hewlett-Packard, focus on designing a shredder that leaves telltale traces on the documents it destroys, allowing them to be pinpointed later. In Germany, meanwhile, a decision about whether to proceed with the reconstruction of Stasi documents is not expected before September. Mr. Vvgeli of SER Solutions, whose firm withdrew from bidding for the project, said he doubted that financing would materialize. "These documents contain lots of information that might be dangerous to a few politicians who are still active, still in power," he said. "So there's no political majority for any such investment." Sascha Anderson, the dissident discredited by the files, is among those who hope the project goes forward. "Of course I would have preferred that they weren't found," he said by phone from Frankfurt. "But I realize that it's a unique chance for a society to have access to this information." And since he was exposed, he said, he has been able to sleep better: "I've ultimately been freed of my burden by history." From zenadsl6186 at zen.co.uk Thu Jul 17 16:25:14 2003 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Fri, 18 Jul 2003 00:25:14 +0100 Subject: Sealing wax & eKeyboard In-Reply-To: Message-ID: Peter Fairbrother (me) wrote (in a different thread): > BTW, m-o-o-t uses a randomised virtual keyboard with (both EM and optical) > TEMPEST resistant fonts. It's okay for inputting keys, but it's a hassle > for inputting text. > > Which means that your keys might be safe from keyloggers (both hardware and > software), but your plaintext isn't. Sigh. I'm trying to improve it by > putting the "senhorita" letters in one block and the rest elsewhere (not for > key input obviously), and you do learn where the keys are after a while, but > it's still a hassle. (senhorita contains the 9 most-commonly-used-in-English letters, tho' not in order) There is another problem - assuming the TEMPEST gear or camera can't see the randomised resistant letters, if it can follow the cursor then it's just a simple substitution cypher to get plaintext (assuming the gear can get clicks). I thought of having a large cursor grid, with resistant symbols on each grid place, and changing the position of the operative symbol every so often - how often? - but I don't know how to get such a large cursor - any ideas? X on OpenBSD preferred. Any better ideas? -- Peter Fairbrother From mv at cdc.gov Fri Jul 18 04:32:59 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Fri, 18 Jul 2003 04:32:59 -0700 Subject: Unsubtle Wetwork Message-ID: <3F17DAEB.E32723FE@cdc.gov> Weapons Adviser Named as Possible Source for BBC Story Disappears; Man's Body Found LONDON (AP) - Police searching for a missing Ministry of Defense adviser, who was named by the government as the possible source for a disputed news report on Iraqi arms, said Friday they have found a man's body near his home. http://ap.tbo.com/ap/breaking/MGABVMP3AID.html Maybe he's just hanging out with Ritter in upstate NY... From mv at cdc.gov Fri Jul 18 05:13:15 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 18 Jul 2003 05:13:15 -0700 Subject: Optical Tempest? I have my doubts... Message-ID: <3F17E45B.505718AA@cdc.gov> At 01:33 PM 7/17/03 -0700, Meyer Wolfsheim wrote: > >For what it's worth, a "secure viewer" that displayed text in red on a >black background should make an optical tempest attack much more >difficult. Why? On a black background you have higher contrast, which you don't want here. The eye is most sensitive to greenish, so if you are trying to reduce the signal, use barely visible green. On a nearly-same-luminance green background. Green on green or gray on gray is *low contrast*. That's what you want. (You may as well use gray on gray, assume the adversary has color vision, and might even have the CIE chart on your monitor phosphor. The different RGB phosphors also have different decay times, which smears the signal if the adversary has no color vision) Possibly dither the text. You might also have brighter lines or areas on the screen to obscure the signal from the less-bright e-beamed text areas. Actual distribution should depend on the decay over time of the phosphor (you want the bright "distractors" to be as bright as the text-pixel even though the distractor is no longer illuminated by the e beam). You also want some incandescants and fluorescant lights, the latter running off batteries (with switching converters) so they run out of phase and frequency with the ones on wall current. Optical jamming. Or just close the windowshade and put a towel under the door gap. (Others may think you're [sm|t]oking, however.. and with the multiple, multitinted fluorescants, they'll think you're growing too) Or use a box. (I once did med-imaging related vision experiments... the setup was a Sun with a calibrated greyscale monitor, in a medical office, behind the receptionists until we got more space... we had a giant cardboard box over the monitor & subject to control ambient light.. which stayed while I was programming it too.. it amused the patients who came in to see their cardiologist to see a guy working with his head in a big box.. probably would have been more disconcerting if the MD was a psychiatrist :-) From timcmay at got.net Fri Jul 18 09:32:26 2003 From: timcmay at got.net (Tim May) Date: Fri, 18 Jul 2003 09:32:26 -0700 Subject: Unsubtle Wetwork In-Reply-To: <3F17DAEB.E32723FE@cdc.gov> Message-ID: <6AFEFEBE-B93D-11D7-A65E-000A956B4C74@got.net> On Friday, July 18, 2003, at 04:32 AM, Major Variola (ret.) wrote: > Weapons Adviser Named as Possible Source for BBC Story Disappears; > Man's > Body Found > > LONDON (AP) - Police searching for a missing Ministry of Defense > adviser, who was named by the government as the possible source for a > disputed news report on Iraqi arms, said Friday they have found a man's > body near his home. > > http://ap.tbo.com/ap/breaking/MGABVMP3AID.html > > > Maybe he's just hanging out with Ritter in upstate > NY... 'Unsubtle" is often what the spooks prefer: like the Mob, they are just as interested in sending a message as in silencing a witness. In this case, the message going out is "don't speak against the Official Version." Blair faces much more serious troubles than he would be in for ordering a hostile witness whacked. And, charitably, he may not even have ordered the hit. The intelligence agencies in Britain and the U.S. look to be hip-deep in forgeries of documents, concoction of evidence, and subornation of perjury. They may be killing witnesses just to protect their own asses. CIA Director Tenet is now looking to be they guy who has been told to fall on his sword. If he gets a cushy job with the Carlyle Group, expect him to remain silent. If he is sent into exile in Ohio or Indiana, he may write a book...if he lives. But, hey, George Bush is happy about the daily deaths of U.S. soldiers. As he said recently "Bring it on!" "We gonna open a can of Texas whoop-ass on them bad boys." Seriously, this clusterfuck is unfolding nicely. U.S. occupation troops are spread so thin in Kosovo, Afghanistan, and Iraq that there are now plans being developed to activate National Guard units to relieve them (115 F in full body armor is not pleasant). And the number of countries under occupation may soon increase: Liberia and other African hell-holes are targets. A half-trillion dollar deficit this year, added to the 5 or 6 trillion dollar total deficit (*). (* the official deficit, not counting the total lack of reserves/money for Socialist Insecurity, bond indebtedness, pension guarantees, loan guarantees, and other unfunded liabilities; some estimates place the real deficit at about $30 trillion, i.e., $30 thousand billion. With about 100 million taxpayers in the U.S., each owes $300,000. Needless to say, this owed amount, on average, is substantially more than their complete assets, on average. Even with the "official" indebtedness, the amount owed (if one accepts a national debt as a personal indebtedness) is upwards of $60,000. I use the larger amount because the U.S. government actually _has_ incurred that debt, officially reported or not.) And yet we are occupying countries which have nothing to do with our national interests. Kosovo...not our problem. Afghanistant...not our problem. Iraq. And soon, Liberia and maybe Ivory Coast, Sierra Leone, and Nigeria. And then there's the Perpetual Occupation of Korea. Meanwhile, scientists who might have spoken out on the forgeries and hype about the Iraq war are getting the message. Just as microbiologists did a few years ago when half a dozen microbiologists vanished. Just as other weapons experts did after Gerald Bull was executed. --Tim May "They played all kinds of games, kept the House in session all night, and it was a very complicated bill. Maybe a handful of staffers actually read it, but the bill definitely was not available to members before the vote." --Rep. Ron Paul, TX, on how few Congresscritters saw the USA-PATRIOT Bill before voting overwhelmingly to impose a police state From timcmay at got.net Fri Jul 18 11:40:33 2003 From: timcmay at got.net (Tim May) Date: Fri, 18 Jul 2003 11:40:33 -0700 Subject: Unsubtle Wetwork In-Reply-To: <3F183C7C.8060503@email-tc3.5sigcmd.army.mil> Message-ID: <50A96F54-B94F-11D7-A65E-000A956B4C74@got.net> On Friday, July 18, 2003, at 11:29 AM, Thoenen, Peter CIV Sprint wrote: > Tim May wrote: > > " U.S. occupation troops are spread so thin in > Kosovo,.....Kosovo...not our problem" > > Having spent the better part of last year working in Kosovo, I > wouldn't exactly call the forces there thin. NATO forces (non-US) are > a majority of the peacekeeping occupiers and more and more of the > mission is getting turned over to the EU (allowing for slow US > withdrawal). With Serbia, Croatia, and Bosnia eagerly sucking the EU > and US cocks to get into the EU and NATO, the US in the Balkans is if > anything over strength. "the US in the Balkans is if anything over strength" does NOT contradict the "spread too thin" point, which is about the number of troops the U.S. has available to deply, the need for replacements, etc. The fact that U.S. soldiers in all of these places who were expecting to be relieved have instead been told they will stay at least several more months, perhaps another year, is the point. As for the general Yugoslavia situation, we supported the wrong sides in the Balkans. Not that supporting _any_ side in that European war was any of our business. --Tim May "To those who scare peace-loving people with phantoms of lost liberty, my message is this: Your tactics only aid terrorists." --John Ashcroft, U.S. Attorney General From rvh40 at insightbb.com Fri Jul 18 11:03:17 2003 From: rvh40 at insightbb.com (Randall) Date: 18 Jul 2003 14:03:17 -0400 Subject: [johnmacsgroup] Thompson: Kingdom of Fear - 2003 Message-ID: ----snip--snip--snip---- >From "Kingdom Of Fear " 2003 By Hunter S. Thompson Let's face it, the yo-yo president of the U.S.A. knows nothing. He is a dunce. He does what he is told to do, says what he is told to say, poses the way he is told to pose. He is a fool. No. Nonsense. The president cannot be a Fool. Not at this moment in time, when the last living vestiges of the American Dream are on the line. This is not the time to have a bogus rich kid in charge of the White House. Which is, after all, our house. That is our headquarters, it is where the heart of America lives. So if the president lies and acts giddy about other people's lives, if he wantonly and stupidly endorses mass murder by definition, a loud and meaningless animal with no functional intelligence and no balls. To say this goofy child president is looking more and more like Richard Nixon in the summer of 1974 would be a flagrant insult to Nixon. Whoops! Did I say that? Is it even vaguely possible that some New Age Republican whore-beast of a false president could actually make Richard Nixon look like a Liberal? The capacity of these vicious assholes we elected to be in charge of our lives for four years to commit terminal damage to our lives and our souls and our loved ones is far beyond Nixon's. Shit! Nixon was the creator of many of the once-proud historical landmarks that these dumb bastards are savagely destroying now: the Clean Air Act of 1970; Campaign Finance Reform; the endangered species act; a Real-Politik dialogue with China; and on and on. The prevailing quality of life in America-by any accepted methods of measuring-was inarguably freer and more politically open under Nixon than it is today in this evil year of our Lord 2002. The Boss was a certified monster who deserved to be impeached and banished. He was a truthless creature of former FBI Director J. Edgar Hoover, a foul human monument to corruption and depravity on a scale that dwarfs any other public official in American history. But Nixon was at least smart enough to understand why so many honorable patriotic U.S. citizens despised him. He was a Liar. The truth was not in him. Nixon believed, as he said many times, that if the president of the United States does it, it can't be illegal. But Nixon never understood the much higher and meaner truth of Bob Dylan's warning that "To live outside the law you must be honest." The difference between an outlaw and a war criminal is the difference between a pedophile and a Pederast: The pedophile is a person who thinks about sexual behavior with children, and the Pederast does these things. He lays hands on innocent children, he penetrates them and changes their lives forever. Being the object of a pedophile's warped affections is a Routine feature of growing up in America, and being a victim of a Pederast's crazed "love" is part of dying. Innocence is no longer an option. Once penetrated, the child becomes a Queer in his own mind, and that is not much different than murder. Richard Nixon crossed the line when he began murdering foreigners in the name of "family values"- and George Bush crossed it when he sneaked into office and began killing brown skinned children in the name of Jesus and the American people. When Muhammad Ali declined to be drafted and forced to kill "gooks" in Vietnam he said, "I ain't got nothin' against them Viet Cong. No Cong ever called me Nigger." I agreed with him, according to my own personal ethics and values. He was right. If we all had a dash of Muhammad Ali's eloquent courage, this country and the world would be a better place today because of it. Okay. That's it for now. Read it and weep....See you tomorrow, folks. You haven't heard the last of me. I am the one who speaks for the spitit of freedom and decency in you. Shit. Somebody has to do it. We have become a Nazi monster in the eyes of the whole world-a nation of bullies and bastards who would rather kill than live peacefully. We are not just Whores for power and oil, but killer whores with hate and fear in our hearts. We are human scum, and that is how history will judge us... No redeeming social value. Just whores. Get out of our way, or we'll kill you. Well, shit on that dumbness. George W. Bush does not speak for me or my son or my mother or my friends or the people I respect in this world. We didn't vote for these cheap, greedy little killers who speak for America today- and we will not vote for them again in 2002. Or 2004. Or ever. Who does vote for these dishonest shitheads? Who among us can be happy and proud of having all this innocent blood on our hands? Who are these swine? These flag-sucking half-wits who get fleeced and fooled by stupid little rich kids like George Bush? They are the same ones who wanted to have Muhammad Ali locked up for refusing to kill "gooks". They speak for all that is cruel and stupid and vicious in the American character. They are racists and hate mongers among us-they are the Ku Klux Klan. I piss down the throats of these Nazis. And I am too old to worry about whether they like it or not. Fuck them. -- "There's nothing you could point to in the Bush Administration with pride. Nothing. There is no way any rational, reasonable person can say that the Bush Administration has been good for America." ---- Janeane Garofalo ------------------------ Yahoo! Groups Sponsor ---------------------~--> Buy No Snore & Get a Good Night's Sleep. Natural Oral Spray -- $24.95 (1 bottle, 1 month supply, with sweet almond oil, eucalyptus oil & more). http://www.challengerone.com/t/l.asp?cid=2881&lp=h515.html http://us.click.yahoo.com/2oMABA/nuYGAA/ySSFAA/XgSolB/TM ---------------------------------------------------------------------~-> To unsubscribe from this group, send an email to: johnmacsgroup-unsubscribe at yahoogroups.com Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From proclus at gnu-darwin.org Fri Jul 18 14:39:12 2003 From: proclus at gnu-darwin.org (proclus at gnu-darwin.org) Date: Fri, 18 Jul 2003 17:39:12 -0400 (EDT) Subject: Fwd: Re: Unsubtle Wetwork Message-ID: <20030718213805.4F09498083@gnu-darwin.org> Thanks you for your interesting notes, and this is my first post. My best current theory is that the "real mole" killed Kelly as a diversion. Now that Gilligan has changed his story, he has been discredited, but at least he lives. With Kelly dead, it may be harder to trace to their sources the lies that the Government told, and Campbell & Co. will be sleeping better at night. Anyway, everyone has a favorite conspiracy theory. If this is too far off topic, feel free to reply in private or direct me to another list. Regards, proclus http://www.gnu-darwin.org/ On 18 Jul, Tim May wrote: > -- Visit proclus realm! http://proclus.tripod.com/ -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GMU/S d+@ s: a+ C++++ UBULI++++$ P+ L+++(++++) E--- W++ N- !o K- w--- !O M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e++++ h--- r+++ y++++ ------END GEEK CODE BLOCK------ [demime 0.97c removed an attachment of type APPLICATION/pgp-signature] From peter.thoenen at email-tc3.5sigcmd.army.mil Fri Jul 18 11:29:16 2003 From: peter.thoenen at email-tc3.5sigcmd.army.mil (Thoenen, Peter CIV Sprint) Date: Fri, 18 Jul 2003 20:29:16 +0200 Subject: Unsubtle Wetwork In-Reply-To: <6AFEFEBE-B93D-11D7-A65E-000A956B4C74@got.net> References: <6AFEFEBE-B93D-11D7-A65E-000A956B4C74@got.net> Message-ID: <3F183C7C.8060503@email-tc3.5sigcmd.army.mil> Tim May wrote: " U.S. occupation troops are spread so thin in Kosovo,.....Kosovo...not our problem" Having spent the better part of last year working in Kosovo, I wouldn't exactly call the forces there thin. NATO forces (non-US) are a majority of the peacekeeping occupiers and more and more of the mission is getting turned over to the EU (allowing for slow US withdrawal). With Serbia, Croatia, and Bosnia eagerly sucking the EU and US cocks to get into the EU and NATO, the US in the Balkans is if anything over strength. Of course hard line nationalists could take advantage of the overextended US forces, but honestly not likely to happen. Recent history (after the Cold War) seems to suggest that whole "Enemy of my enemy is my friend" concept doesn't work when the US is that enemy. Time and time again the enemies of the US (or folk who are not our enemies but also know the US would prevent them from doing sovereign things such as invading Taiwan) never seem to coordinate among themselves to take advantage of the situation. World wide terrorist cells seem to be pretty good at it but they also direct their energies at multiple targets, not just the USA (e.g. the IRA/PLA/FARC all cross train with each other and use each others specialists from time to time but all have 3 concentrate on different local enemies). Hostile foreign governments though just can't seem to band together. What Bush didn't realize at the time (and now the US Media is whining about) is that countries that didn't support him during the war would also not support him after the war. His hostile foreign diplomacy before the Iraq puppet state (pissing off two of the three largest Non-US peacekeeping forces (France / Germany)) is forcing the US to provide nearly all of the Iraq occupation force instead of handing it off to our *allies* as we have in the past. The standard US occupation plan for the last 12 years has been Invade->Conquer->Hand off ~70% of peacekeeping to other countries. This just isn't going to work this time and Bush in his arrogance can't understand why. Even Kosovo (NATO action, UN did NOT approve) got UN support immediately following the end of hostilities. Bush doesn't even seem to be trying to garner support for a postfacto UN resolution on Iraq giving in the air of legitimacy. -Peter ** STD CYA DISCL: This message in no way represents the views of Sprint or the US Army. It is solely the personal opinion of the sender ** From rah at shipwright.com Fri Jul 18 19:34:16 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 18 Jul 2003 22:34:16 -0400 Subject: Kingdom of Fear - 2003 Message-ID: --- begin forwarded text From njohnsn at njohnsn.com Sat Jul 19 05:28:26 2003 From: njohnsn at njohnsn.com (Neil Johnson) Date: Sat, 19 Jul 2003 07:28:26 -0500 Subject: Kingdom of Fear - 2003 In-Reply-To: References: Message-ID: <200307190728.26507.njohnsn@njohnsn.com> On Friday 18 July 2003 09:34 pm, R. A. Hettinga wrote: > --- begin forwarded text > > From "Kingdom Of Fear " 2003 > By Hunter S. Thompson > Most deleted. > racists and hate mongers among us-they are the Ku Klux Klan. I piss down > the throats of these Nazis. And I am too old to worry about whether they > like it or not. > > Fuck them. Whoa! Hunter S. Thompson <=> Tim May. Separated at birth ? :) -- Neil Johnson http://www.njohnsn.com PGP key available on request. From camera_lumina at hotmail.com Sat Jul 19 07:18:27 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sat, 19 Jul 2003 10:18:27 -0400 Subject: Defeating Optical Tempest will be easy... Message-ID: Well, from what I'm understanding of so-called optical tempest, I'm not sure most of the usual thinking will apply. First of all, anyone know what the most energetic wavelengths are in the CRT's output? (I have no idea.) Is it in the visible range? It may not be. Thus contrast in the visible range may not equal contrast in the freqency range that 'OT' will be using. Also, and I'm not sure what this implies yet, but the screen-emitted beam has lowest energy after hitting a letter, which is black. Thus this tempest device must be particularly sensitive to the "white" background in order to makeout the letters as the sweep comes through (and is blocked by the letters). And now that I think of it, I'm still not convinced that this does not amount to specular reflection, even though we are now talking about the "ballistic" beam...remember in order to determine what a letter is detecting a -decrease- in the beam's reflected energy will be the key in reading a letter. Oh wait...the answer to defeating optical tempest is simple: have white letters on a black background. And after they've caught up with that trick, alternate the background colors at random intervals (white on black, black on white, etc...). Optical Tempest will only work under VERY ideal circumstances. I wouldn't worry about it. -TD _________________________________________________________________ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 From eccmaili at math.uwaterloo.ca Sat Jul 19 08:55:14 2003 From: eccmaili at math.uwaterloo.ca (ECC 2003) Date: Sat, 19 Jul 2003 11:55:14 -0400 (EDT) Subject: Final announcement for ECC 2003 Message-ID: --------------------------------------------------------------------- THE 7TH WORKSHOP ON ELLIPTIC CURVE CRYPTOGRAPHY (ECC 2003) University of Waterloo, Waterloo, Ontario, Canada August 11, 12 & 13 2003 FINAL ANNOUNCEMENT July 19, 2003 ********************************************************************* NOTES: 1) Please note that the deadline for registration is August 1. 2) The last lecture at ECC 2003 will end at 3:00 pm on Wednesday (Aug 13). This will give participants sufficient time to catch flights scheduled to leave Toronto after 7:00 pm. There are hourly flights from Toronto to Ottawa for those who wish to attend SAC 2003. 3) If you would like to be removed from this mailing list please reply with a brief note. You will be immediately removed from the list. ********************************************************************* ********************************************************************* ECC 2003 is the seventh in a series of annual workshops dedicated to the study of elliptic curve cryptography and related areas. The main themes of ECC 2003 will be: - The discrete logarithm problem. - Efficient parameter generation and point counting. - Provably secure cryptographic protocols. - Efficient software and hardware implementation. - Side-channel attacks. - Deployment of elliptic curve cryptography. It is hoped that the meeting will continue to encourage and stimulate further research on the security and implementation of elliptic curve cryptosystems and related areas, and encourage collaboration between mathematicians, computer scientists and engineers in the academic, industry and government sectors. Attendees of ECC 2003 might also wish to attend SAC 2003 (Ottawa, Aug 14-15) and CRYPTO 2003 (Santa Barbara, Aug 17-21). The last lecture at ECC 2003 will end at 3:00 pm on Wednesday (Aug 13). This will give participants sufficient time to catch flights scheduled to leave Toronto after 7:00 pm. There are hourly flights from Toronto to Ottawa. SPONSORS: Certicom Corp. MITACS Motorola The Fields Institute University of Essen University of Waterloo ORGANIZERS: Gerhard Frey (University of Essen) Darrel Hankerson (Auburn University) Alfred Menezes (University of Waterloo) Christof Paar (Ruhr-Universitat Bochum) Edlyn Teske (University of Waterloo) Scott Vanstone (University of Waterloo) SPEAKERS: Hans Dobbertin (Ruhr-Universitat Bochum, Germany) Florian Hess (University of Bristol, UK) Hugo Krawczyk (Technion, Israel, and IBM Research, USA) Tanja Lange (Ruhr-Universitat Bochum, Germany) Reynald Lercier (Centre d'Electronique de L'Armement, France) Ben Lynn (Stanford University, USA) William Martin (National Security Agency, USA) Christof Paar (Ruhr-Universitat Bochum, Germany) John Proos (University of Waterloo, Canada) Jean-Jacques Quisquater (Universite Catholique de Louvain, Belgium) Pankaj Rohatgi (IBM Research, USA) Victor Shoup (New York University, USA) Jerome A. Solinas (National Security Agency, USA) Edlyn Teske (University of Waterloo, Canada) Nicolas Theriault (University of Toronto, Canada) Eran Tromer (Weizmann Institute of Science, Israel) CONFERENCE PROGRAMME: All lectures will take place in Room 1302 of the Davis Center, University of Waterloo ==================== Monday, August 11 ==================== 8:00 - 9:00 am: Coffee and registration 9:00 - 10:00 am: William Martin: High confidence software and systems, an NSA perspective 10:00 - 10:30 am: Mid-morning coffee break 10:30 - 11:30 am: Hans Dobbertin: To be announced 11:30 - 12:30 pm: Eran Tromer: Hardware-based implementation of factoring algorithms 12:30 - 2:00 pm: lunch 2:00 - 3:00 pm: Hugo Krawczyk: Design and analysis of authenticated Diffie-Hellman protocols 3:00 - 4:00 pm: Victor Shoup: Practical verifiable encryption and decryption of discrete logarithms 4:00 - 4:30 pm: Afternoon coffee break 4:30 - 5:30 pm: Pankaj Rohatgi: Power, EM and all that: Is your crypto device really secure? 6:00 pm: Reception at the Waterloo Inn 7:00 pm: Banquet at the Waterloo Inn ===================== Tuesday, August 12 ===================== 8:00 - 9:00 am: Morning coffee 9:00 - 10:00 am: Jean-Jacques Quisquater: 2 or 3 side-channels for ECC 10:00 - 10:30 am: Mid-morning coffee break 10:30 - 11:30 am: Tanja Lange: Efficient arithmetic on (hyper-)elliptic curves over finite fields 11:30 - 12:30 pm: Christof Paar: Hyperelliptic curve cryptosystems for embedded applications 12:30 - 2:00 pm: lunch 2:00 - 3:00 pm: Reynald Lercier: Algorithmic aspects of Mestre's p-adic point counting ideas 3:00 - 4:00 pm: Ben Lynn: Applications of bilinear maps 4:00 - 4:30 pm: Afternoon coffee break 4:30 - 5:30 pm: Jerome A. Solinas: ID-based digital signature algorithms 5:30 - 7:00 pm: Cocktail Reception (Davis Centre, University of Waterloo) ======================= Wednesday, August 13 ======================= 8:00 - 9:00 am: Morning coffee 9:00 - 10:00 am: John Proos: Security in the presence of decryption failures 10:00 - 10:30 am: Mid-morning coffee break 10:30 - 11:30 am: Nicolas Theriault: Index calculus attack for hyperelliptic curves of small genus 11:30 - 1:00 pm: lunch 1:00 - 2:00 pm: Florian Hess: The GHS attack revisited 2:00 - 3:00 pm: Edlyn Teske: Weak fields for ECC REGISTRATION: There will be a registration fee this year of $250 Cdn or $170 US ($150 Cdn or $100 US for full-time graduate students). Sorry, but we cannot accept payment in Euros. PLEASE REGISTER AS SOON AS POSSIBLE AS SPACE IS LIMITED FOR THIS WORKSHOP; REGISTRATION IS ON A FIRST-COME FIRST-SERVE BASIS. We cannot process a registration until all fees are paid in full. The deadline for all fees to be paid and registration completed has been set for the 1st of August, 2003. However, you are encouraged to register earlier than Aug 1 since some hotels have a cutoff date of June 29. To register, complete, in full, the attached REGISTRATION FORM and return it along with your payment to: Mrs. Adrienne Richter, C&O Dept., University of Waterloo, Waterloo, Ontario, Canada N2L 3G1. You can also send your registration form by fax (519-725-5441) or by email (ecc2003 at math.uwaterloo.ca). Confirmation of your registration will be sent by email when payment is received in full. ------------------------cut from here--------------------------------- ECC 2003 CONFERENCE REGISTRATION FORM Fullname: _________________________________________________________ Affiliation: _________________________________________________________ Address: _________________________________________________________ _________________________________________________________ _________________________________________________________ _________________________________________________________ _________________________________________________________ E-Mail Address: _________________________________________________________ Telephone #: _________________________________________________________ Registration Fee: Please check the appropriate box: [ ] Registration .......$250.00 CAD ..............$________ [ ] Registration .......$170.00 USD ..............$________ [ ] Full-time Student ..$150.00 CAD ..............$________ [ ] Full-time Student ..$100.00 USD ..............$________ Registration Fee includes Banquet: Attending [ ] Yes [ ] No Vegetarian [ ] Yes [ ] No TOTAL AMOUNT PAYABLE: ............................$________ **Make Cheque/Money Order Payable to: ECC 2003 Credit Card Payments: [ ] Visa [ ] MasterCard Cardholder's Name: ________________________________________________ Card Number: ______________________________________________________ Expiration Date: __________________________________________________ Signature: ________________________________________________________ Additional Information: ___________________________________________ -------------------------cut from here------------------------------- TRAVEL: Kitchener-Waterloo is approximately 100 km/60 miles from Pearson International Airport in Toronto. Ground transportation to Kitchener-Waterloo can be pre-arranged with Airways Transit. TRANSPORTATION TO AND FROM TORONTO AIRPORT PROVIDED BY AIRWAYS TRANSIT It is advisable to book your transportation between the Pearson Airport, Toronto, and Waterloo in advance to receive the advance booking rate of $38 CAD per person, one way, with Airways Transit (open 24 hours a day). Please quote "ECC2003" when making your reservation. Airways is a door-to-door service; they accept cash (Cdn or US funds), MasterCard, Visa and American Express. Upon arrival: Terminal 1: proceed to Ground Transportation Booth, Arrivals Level. Terminal 2: proceed to Airways Transit desk, Arrivals Level, Area E. Terminal 3: proceed to Ground Transportation Booth, Arrivals Level, between Doors B and C. You can make a reservation through their web site: www.airwaystransit.com Or, you can complete the form below and send by mail or fax (519-886-2141) well in advance of your arrival to Airways Transit. They will not fax confirmations: your fax transmission record is confirmation of your reservation. -------------------------cut from here--------------------------------- AIRWAYS TRANSIT ADVANCE BOOKING FORM - ECC 2003 ARRIVAL INFORMATION: ____________________________________________________________ Surname First name ____________________________________________________________ Toronto Arrival Date Airline Flight # ____________________________________________________________ Arrival Time Arriving From ____________________________________________________________ Destination in Kitchener/Waterloo No. in party DEPARTURE INFORMATION: ____________________________________________________________ Surname First name ____________________________________________________________ Toronto Departure Date Airline Flight # ____________________________________________________________ Departure Time Flight # Destination ____________________________________________________________ Pickup From No. in party ____________________________________________________________ Signature Date Send or Fax to: Airways Transit 99A Northland Road Waterloo, Ontario Canada, N2V 1Y8 Fax: (519) 886-2141 Telephone: (519) 886-2121 -----------------------------cut form here-------------------------------- ACCOMMODATIONS: There is a limited block of rooms set aside on a first-come first-serve basis at the Waterloo Inn for the evenings of August 10, 11, 12 and 13, and at the Comfort Inn for the evenings of August 9, 10, 11, 12 and 13. Please note that the Waterloo Inn is sold out for the evening of August 9. COMFORT INN Address: 190 Weber Street North, Waterloo, Ontario, Canada N2J 3H4 Phone: (519) 747-9400 Rate: $80 Cdn plus taxes/night for a single or double room Please quote "ECC 2003" when making your reservation Availability: Evenings of August 9, 10, 11, 12, 13 Cut-off date: July 7, 2003 WATERLOO INN Address: 475 King Street North, Waterloo, Ontario, Canada N2J 2Z5 Phone: (519) 884-0222 Fax: (519) 884-0321 Toll Free: 1-800-361-4708 Website: www.waterlooinn.com Rate: $118 Cdn plus taxes/night for a single or double room Please quote "ECC 2003" when making your reservation Availability: Evenings of August 10, 11, 12, 13 Cut-off date: June 29, 2003 Other hotels close to the University of Waterloo are: UNIVERSITY OF WATERLOO CONFERENCE CENTRE (on-campus accommodation; no air conditioning) Ron Eydt Village, Box 16610, Waterloo, Ontario, Canada N3J 4C1 Phone: 519-884-5400, 519-746-7599 Website: www.conferences.uwaterloo.ca (see "Room Registration") Approx rate: $52 Cdn plus taxes/night DESTINATION INN 547 King Street North, Waterloo, Ontario, Canada N2L 5Z7 Phone: (519) 884-0100 Website: www.destinationinn.com Approx rate: $73 Cdn plus taxes/night BEST WESTERN INN St. Jacobs Country Inn 50 Benjamin Road East, Waterloo, Ontario, Canada N2V 2J9 Phone: (519) 884-9295 Website: www.stjacobscountryinn.com Approx rate: $129 Cdn plus taxes/night THE WATERLOO HOTEL 2 King Street North, Waterloo, Ontario, Canada N2J 2W7 Phone: (519) 885-2626 Website: www.countryinns.org/inn_waterloo.html Approx rate: $120-160 Cdn plus taxes/night HOTEL TO CONFERENCE TRANSPORTATION: A shuttle to/from the campus will be available each day of the conference from the Waterloo Inn and Comfort Inn only. Place and times for pickup and drop-off will be emailed to registrants a week before the workshop. FURTHER INFORMATION: For further information or to return your Registration, please contact: Mrs. Adrienne Richter Department of Combinatorics & Optimization University of Waterloo Waterloo, Ontario, Canada N2L 3G1 e-mail: ecc2003 at math.uwaterloo.ca Fax: (519) 725-5441 Phone: (519) 888-4027 --------------------------------------------------------------------- --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sat Jul 19 09:06:26 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 19 Jul 2003 12:06:26 -0400 Subject: Final announcement for ECC 2003 Message-ID: --- begin forwarded text From measl at mfn.org Sat Jul 19 10:50:07 2003 From: measl at mfn.org (J.A. Terranson) Date: Sat, 19 Jul 2003 12:50:07 -0500 (CDT) Subject: FC: John Gilmore: I was ejected from a plane for wearing "Suspected Terrorist" button Message-ID: "You can see the button at: http://eminism.org/store/button-racism.html" Errr... No, you can't. It appears they have removed this selection. Very interesting :-/ -- Yours, J.A. Terranson sysadmin at mfn.org "Every living thing dies alone." Donnie Darko From proclus at gnu-darwin.org Sat Jul 19 12:46:31 2003 From: proclus at gnu-darwin.org (proclus at gnu-darwin.org) Date: Sat, 19 Jul 2003 15:46:31 -0400 (EDT) Subject: Unsubtle Wetwork In-Reply-To: Message-ID: <20030719194640.358D899A37@gnu-darwin.org> It now appears to be a suicide, or _very_ subtle wetwork indeed! http://news.google.com/url?q=http://www.nytimes.com/2003/07/20/international/worldspecial/20KELL.html%3Fex%3D1059278400%26amp%3Ben%3Dfeb83d7800250089%26amp%3Bei%3D5062%26amp%3Bpartner%3DGOOGLE No surprise that Blair would like the Kelly tragedy put to rest. After all, much of the government has Kelly's blood on their hands (figuratively speaking). Oh how they were hoping that it was suicide, so that the truth is beside the point. There are now many facts that Blair and the US warmongers would like to have laid to rest. Then again, what is a little murder after you have unleashed devastating war on the world. ;-\ Regards, proclus http://www.gnu-darwin.org/ -- Visit proclus realm! http://proclus.tripod.com/ -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GMU/S d+@ s: a+ C++++ UBOULI++++$ P+ L+++(++++) E--- W++ N- !o K- w--- !O M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e++++ h--- r+++ y++++ ------END GEEK CODE BLOCK------ [demime 0.97c removed an attachment of type APPLICATION/pgp-signature] From proclus at gnu-darwin.org Sat Jul 19 12:48:17 2003 From: proclus at gnu-darwin.org (proclus at gnu-darwin.org) Date: Sat, 19 Jul 2003 15:48:17 -0400 (EDT) Subject: Unsubtle Wetwork Message-ID: <20030719194824.74AD699A4C@gnu-darwin.org> It now appears to be a suicide, or _very_ subtle wetwork indeed! http://news.google.com/url?q=http://www.nytimes.com/2003/07/20/international/worldspecial/20KELL.html%3Fex%3D1059278400%26amp%3Ben%3Dfeb83d7800250089%26amp%3Bei%3D5062%26amp%3Bpartner%3DGOOGLE No surprise that Blair would like the Kelly tragedy put to rest. After all, much of the government has Kelly's blood on their hands (figuratively speaking). Oh how they were hoping that it was suicide, so that the truth is beside the point. There are now many facts that Blair and the US warmongers would like to have laid to rest. Then again, what is a little murder after you have unleashed devastating war on the world. ;-\ Regards, proclus http://www.gnu-darwin.org/ -- Visit proclus realm! http://proclus.tripod.com/ -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GMU/S d+@ s: a+ C++++ UBOULI++++$ P+ L+++(++++) E--- W++ N- !o K- w--- !O M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e++++ h--- r+++ y++++ ------END GEEK CODE BLOCK------ [demime 0.97c removed an attachment of type APPLICATION/pgp-signature] From proclus at gnu-darwin.org Sat Jul 19 13:33:37 2003 From: proclus at gnu-darwin.org (proclus at gnu-darwin.org) Date: Sat, 19 Jul 2003 16:33:37 -0400 (EDT) Subject: old encryption paper Message-ID: <20030719203350.3A74F99AA5@gnu-darwin.org> What were you doing on 9/11? I was in the act of packaging our first build of GnuPG for the Distribution when the planes hit. It took me a couple of days to clear my head abit and write the GNU-Darwin encryption position paper. When a drumbeat for post-9/11 encryption bans started in the US Congress the very day after the attack, I wrote faster and got help from smart people on the "Free Dmitry" list and elsewhere. Any remarks about any of this? http://www.gnu-darwin.org/war.html IMHO, it is exactly this kind of commentary which scuttled an attack on free encryption software in the wake of the attack. Moreover, the monolith authentication schemes were also laid to rest or driven underground, despite the fact that certain profiteering vendor/stakeholders had inside access in Washington. It might have been a very different Internet today. Most of the commentary about the paper has been positive, except for some criticism of pursuing private keys with warrants. Gosh, I think my head was not as clear as I thought on that point, a fact that time and experience has fortunately remedied. ;-} Anyway, all comments welcome. Regards, proclus http://www.gnu-darwin.org/ -- Visit proclus realm! http://proclus.tripod.com/ -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GMU/S d+@ s: a+ C++++ UBOULI++++$ P+ L+++(++++) E--- W++ N- !o K- w--- !O M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e++++ h--- r+++ y++++ ------END GEEK CODE BLOCK------ [demime 0.97c removed an attachment of type APPLICATION/pgp-signature] From jya at pipeline.com Sat Jul 19 16:48:01 2003 From: jya at pipeline.com (John Young) Date: Sat, 19 Jul 2003 16:48:01 -0700 Subject: Unsubtle Wetwork In-Reply-To: <20030719194640.358D899A37@gnu-darwin.org> References: Message-ID: Perhaps a suicide but if so it was induced by Kelly's treatment, not only by the goofus members of parliament, but more likely by the Ministry of Defence threatening to punish him for violation of the draconian Official Secrets Act. The Brits for all their admirable humor about vulgarity -- the new GCHQ called a "gaping anus" -- can be vile sonsofbitches when it comes to demanding obedience to authority, with the OSA a prime weapon to assure proper behavior or else. Beyond that there can be truly devastating social outcast penalties, and the worst of all, blackest of humor, withholding royal honors. Too bad the British realm never had to experience the cleansing guillotine -- by the populace not by the authorities. Due to that lack, and the USA's similar lack of final justice, pea-brained officials can get away with official murder, destruction of lives, lying and cheating for personal gain while holding office, or best, after leaving office. Foster's "suicide" for the Clintons, like Kelly's, is a sign that the time is ever ripe to execute the Tim May Final Option in lieu of believing what appears in the media, is told to surviving families, is joked about in the private clubs of capitals around the globe. At least the Reds owned up to their ideological perfidy, unlike those who truly believe in superiority, that is those who best represent inferior humans. No wonder the sonsofbitches fear assassination politics, not just the Jim Bell laughable version, the hard-eyed kind that comes in the night without warning. From s.schear at comcast.net Sat Jul 19 17:28:16 2003 From: s.schear at comcast.net (Steve Schear) Date: Sat, 19 Jul 2003 17:28:16 -0700 Subject: Fwd: [IP] Gilmore bounced from plane; and Farber censors Gilmore's email Message-ID: <5.2.1.1.0.20030719172806.046514c8@mail.comcast.net> >To: dave at farber.net, gnu >Subject: "Suspected Terrorist" button gets Gilmore ejected from airplane >Date: Fri, 18 Jul 2003 21:46:43 -0700 >From: John Gilmore > >[For IP.] > >Dave, you already know about my opposition to useless airport >security crap. I'm suing John Ashcroft, two airlines, and various >other agencies over making people show IDs to fly -- an intrusive >measure that provides no security. (See http://freetotravel.org). >But I would be hard pressed to come up with a security measure more >useless and intrusive than turning a plane around because of a >political button on someone's lapel. > >My sweetheart Annie and I tried to fly to London today (Friday) on >British Airways. We started at SFO, showed our passports and got >through all the rigamarole, and were seated on the plane while it >taxied out toward takeoff. Suddenly a flight steward, Cabin Service >Director Khaleel Miyan, loomed in front of me and demanded that I >remove a small 1" button pinned to my left lapel. I declined, saying >that it was a political statement and that he had no right to censor >passengers' political speech. The button, which was created by >political activist Emi Koyama, says "Suspected Terrorist". Large >images of the button and I appear in the cover story of Reason >Magazine this month, and the story is entitled "Suspected Terrorist". >You can see the button at: > > http://eminism.org/store/button-racism.html > >(Reason hasn't put the current issue online yet, for some reason.) > >The steward returned with Capt. Peter Hughes. The captain requested, >and then demanded, that I remove the button (they called it a >"badge"). He said that I would endanger the aircraft and commit a >federal crime if I did not take it off. I told him that it was a >political statement and declined to remove it. > >They turned the plane around and brought it back to the gate, delaying >300 passengers on a full flight. > >We were met at the jetway by Carol Spear, Station Manager for BA at >SFO. She stated that since the captain had told her he was refusing >to transport me as a passenger, she had no other course but to take me >off the plane. I offered no resistance. I reminded her of the court >case that United lost when their captain removed a Middle Eastern man >who had done nothing wrong, merely because "he made me uncomfortable". >She said that she had no choice but to uphold the captain and that we >could sort it out in court later, if necessary. She said that my >button was in "poor taste". > >Later, after consulting with (unspecified) security people, Carol said >that if we wanted to fly on the second and last flight of the day, we >would be required to remove the button and put it into our checked >luggage (or give it to her). And also, our hand-carried baggage would >have to be searched to make sure that we didn't carry any more of >these terrorist buttons onto the flight and put them on, endangering >the mental states of the passengers and crew. > >I said that I understood that she had refused me passage on the first >flight because the captain had refused to carry me, but I didn't >understand why I was being refused passage on the second one. I >suggested that BA might have captains with different opinions about >free speech, and that I'd be happy to talk with the second captain to >see if he would carry me. She said that the captain was too busy to >talk with me, and that speaking broadly, she didn't think BA had any >captains who would allow someone on a flight wearing a button that >said "Suspected Terrorist". She said that BA has discretion to >decline to fly anyone. (And here I had thought they were a common >carrier, obliged to carry anyone who'll pay the fare, without >discrimination.) She said that passengers and crew are nervous about >terrorism and that mentioning it bothers them, and that is grounds to >exclude me. I suggested that if they wanted to exclude mentions of >terrorists from the airplane, then they should remove all the >newspapers from it too. > >I asked whether I would be permitted to fly if I wore other buttons, >perhaps one saying "Hooray for Tony Blair". She said she thought that >would be OK. I said, how about "Terrorism is Evil". She said that I >probably wouldn't get on. I started to discuss other possible >buttons, like "Oppose Terrorism", trying to figure out what kinds of >political speech I would be permitted to express in a BA plane, but >she said that we could stand there making hypotheticals all night and >she wasn't interested. Ultimately, I was refused passage because >I would not censor myself at her command. > >After the whole interaction was over, I offered to tell her, just for >her own information, what the button means and why I wear it. She was >curious. I told her that it refers to all of us, everyone, being >suspected of being terrorists, being searched without cause, being >queued in lines and pens, forced to take our shoes off, to identify >ourselves, to be x-rayed and chemically sniffed, to drink our own >breast milk, to submit to indignities. Everyone is a suspected >terrorist in today's America, including all the innocent people, and >that's wrong. That's what it means. The terrorists have won if we >turn our country into an authoritarian theocracy "to defeat >terrorism". I suggested that British Airways had demonstrated that >trend brilliantly today. She understood but wasn't sympathetic -- >like most of the people whose individual actions are turning the >country into a police state. > >Annie asked why she, Annie, was not allowed to fly. She wasn't >wearing or carrying any objectionable buttons. Carol said it's >because of her association with me. I couldn't have put it better >myself -- guilt by association. I asked whether Annie would have been >able to fly if she had checked in separately, and got no answer. >(Indeed it was I who pointed out to the crew that Annie and I were >traveling together, since we were seated about ten rows apart due to >the full flight. I was afraid that they'd take me off the plane >without her even knowing.) > >Annie later told me that the stewardess who had gone to fetch her said >that she thought the button was something that the security people had >made me wear to warn the flight crew that I was a suspected >terrorist(!). Now that would be really secure. > >I spoke with the passengers around me before being removed from the >plane, and none of them seemed to have any problem with sitting next >to me for 10 hours going to London. None of them had even noticed the >button before the crew pointed it out, and none of them objected to it >after seeing it. It was just the crew that had problems, as far as I >could tell. > > John Gilmore > >PS: For those who know I don't fly in the US because of the ID demand: >I'm willing to show a passport to travel to another country. I'm not >willing to show ID -- an "internal passport" -- to fly within my own >country. "There is no protection or safety in anticipatory servility." Craig Spencer From proclus at gnu-darwin.org Sat Jul 19 14:40:45 2003 From: proclus at gnu-darwin.org (proclus at gnu-darwin.org) Date: Sat, 19 Jul 2003 17:40:45 -0400 (EDT) Subject: Unsubtle Wetwork In-Reply-To: Message-ID: <20030719214054.BD22D99AEC@gnu-darwin.org> On 19 Jul, John Young wrote: > > Foster's "suicide" for the Clintons, like Kelly's, is a sign that the > time is ever ripe to execute the Tim May Final Option in lieu of > believing what appears in the media, is told to surviving families, > is joked about in the private clubs of capitals around the globe. While I share some of Tim's apparent outrage, I am definitely not enthusiastic about the prospect of repulsive violent counter-action, which would actually be counter-productive in my opinion. It is the cycle of violence that is the problem, which is exacerbated greatly by the actions of the US administration. Anyway, I haven't been lurking for more that a few weeks, so I'm sorry if I misjudge any of you. Is there a web archive for the group? Regards, proclus http://www.gnu-darwin.org/ -- Visit proclus realm! http://proclus.tripod.com/ -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GMU/S d+@ s: a+ C++++ UBOULI++++$ P+ L+++(++++) E--- W++ N- !o K- w--- !O M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e++++ h--- r+++ y++++ ------END GEEK CODE BLOCK------ [demime 0.97c removed an attachment of type APPLICATION/pgp-signature] From nobody at dizum.com Sat Jul 19 10:40:04 2003 From: nobody at dizum.com (Nomen Nescio) Date: Sat, 19 Jul 2003 19:40:04 +0200 (CEST) Subject: FREENET 0.5.2!! DRUGS!! GUNS!! PORNOGRAFY!!! YANKEE GO HOME!! Message-ID: DRUGS !! GUNS !! PORNOGRAFY !! YANKEE GO HOME !! HANDS OFF Saddam Hussein !!!!! if you want drugs, guns, alcohol, pornografy lolitas, bukkake schoolgirl, you can find this here - http://www.freenetproject.org !! WARNING!!! only on the Freenet you may find this "illegal" things!!! http://www.freenetproject.org All of Terrorism on the railroad track !!! if you want join the Alkaida organization you need to go this link http://www.freenetproject.org !! WHOLE ANTI JEFF GORDON / ROBB LONDON THEME ON THIS ADDRESS http://www.freenetproject.org !!!!! HURRY UP !!! This Address Can Soon Close!! http://www.freenetproject.org http://www.freenetproject.org http://www.freenetproject.org From sunder at sunder.net Sat Jul 19 18:14:30 2003 From: sunder at sunder.net (Sunder) Date: Sat, 19 Jul 2003 21:14:30 -0400 (edt) Subject: Unsubtle Wetwork In-Reply-To: Message-ID: Yes supposedly, he went out to one of his regular walks and was found with a slash wrist. Something I'd imagine someone bent on offing themselves would have a) a reason to do it (and be depressed or showing signs of something being wrong), b) wouldn't go out on their normal walk which they'd do every day, c) would do it in their home, or some place private, and d) would have a note, e) would have left a will, f) be giving away money and possessions to others ahead of time, etc... Where was the knife, or razor or whatever "he used?" Was the cut done in a way that he could have done it himself? I think I remember it was on his left wrist, but am not sure, if so, was he a righty, etc.... The normal walk is a very good indicator of just what "this" was. Someone who wanted to kill him could easily use this as a predictable pattern as to when and where to grab him and kill him. Maybe he was drugged so he wouldn't struggle and be able to get help before getting his wrist slashed, etc. This was extremely badly done, regardless of how many "independent inquiries" Mr. Blair launches to cover it up^H^H^H^H^H^H^H^H^H investigate it, it's very blatant, and unbelieveable. I'd tend to agree that this was done to send a message out, and the suicide and "inquiry" B.S. will be about as useful as the JFK assasination board, with far less of a media eye on it. Either way, Blair's credibility with the whole Iraq and Nukes is fucked. This "suicide" adds a huge dark streak to his career... Then again, he might just be as Slick as Willie, and Mr. Kelly could become another Vince Foster... time will tell... ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Sat, 19 Jul 2003, John Young wrote: > Perhaps a suicide but if so it was induced by Kelly's treatment, > not only by the goofus members of parliament, but more likely > by the Ministry of Defence threatening to punish him for violation > of the draconian Official Secrets Act. From netkita at earthlink.net Sun Jul 20 00:34:35 2003 From: netkita at earthlink.net (netkita at earthlink.net) Date: Sun, 20 Jul 2003 03:34:35 -0400 Subject: Brit death Message-ID: <3F1A0DCB.466.1E015BE2@localhost> I can't remember EVER hearing of someone slashing just ONE wrist. It is a given that both are done.Sounds too odd to be true. D From sfurlong at acmenet.net Sun Jul 20 06:03:50 2003 From: sfurlong at acmenet.net (Steve Furlong) Date: Sun, 20 Jul 2003 09:03:50 -0400 Subject: Cypherpunks archive In-Reply-To: <20030719214054.BD22D99AEC@gnu-darwin.org> References: <20030719214054.BD22D99AEC@gnu-darwin.org> Message-ID: <200307200903.50807.sfurlong@acmenet.net> On Saturday 19 July 2003 17:40, proclus at gnu-darwin.org wrote: > . Is there a web archive for the > group? http://archives.abditum.com/cypherpunks/ gets the (filtered) LNE feed. It's automatically maintained on my box and I don't check it that often, so if it seems hosed just mail me. I don't know of any archives of the unfiltered feed; the two I'd had bookmarked are dead. Jim Choate, do you archive SSZ? -- Steve Furlong Computer Condottiere Have GNU, Will Travel "If someone is so fearful that, that they're going to start using their weapons to protect their rights, makes me very nervous that these people have these weapons at all!" -- Rep. Henry Waxman From s.schear at comcast.net Sun Jul 20 09:16:17 2003 From: s.schear at comcast.net (Steve Schear) Date: Sun, 20 Jul 2003 09:16:17 -0700 Subject: [Dewayne-Net] RE: [IP] Gilmore bounced from plane; and Farber censors Gilmore's email Message-ID: <5.2.1.1.0.20030720091608.044ac410@mail.comcast.net> At 11:08 2003-07-19 -0700, you wrote: >[Note: This comment comes from reader Dave Hughes. DLH] > >At 10:16 -0700 7/19/03, Dave Hughes wrote: >>From: "Dave Hughes" >>To: >>Subject: RE: [Dewayne-Net] [IP] Gilmore bounced from plane; and >>Farber censors Gilmore's email >>Date: Sat, 19 Jul 2003 10:16:12 -0700 >>MIME-Version: 1.0 >> >>This, of course, is the same John Gilmore - whose wealth from being a >>original designer of Sun systems permits him to tilt at political >>windmills by lawsuits - is the same guy who, after I was invited by >>Glenn Tenney to make a presentation from a West Point >>military-background point-of-view soon about 9/11 soon after it happened >>at the Hacker's Conference, in a plenary room full of perhaps 300 >>hackers, said words to the effect 'We all know that 9/11 was a >>conspiracy by the Bush Administration who flew the airplanes into the >>twin towers.' >> >>Which immediately caused such an uproar in the, crowd, many of whom (but >>only some - since the Hackers Conference is usually in California and >>dominated by scads of flaming liberals) Its been my experience that many of my friends who attend these events tend to be more "classical liberals", that is, libertarians. >>were still raw emotionally after >>the massacre of 9/11, and I might even say outspokenly in the support of >>the Administration in the time of unknown future Terrorists threats, >>damned near came over the seats in the audience and attacked him. He >>made lots of those in attendance very angry. (Not me, I learned long ago >>from my military background to suffer the rantings of fools from either >>the extreme left or the right without getting upset) >> >>British Airways may have called Gilmore's insistence on wearing the >>in-your-face badge 'poor taste' - I would simply brand it, as many of >>Gilmore's outrageous pronouncements, the use of 'very bad judgment.' Yes, its often 'bad judgement' to express widely held, but seldom spoken, POVs. >>Guess he's never heard of US court's limitations against using 'free >>speech' as a defense against the consequences of falsely yelling 'Fire' >>in a crowded theater. Except when there really is a fire, which is certainly the case here. steve "There is no protection or safety in anticipatory servility." Craig Spencer From mv at cdc.gov Sun Jul 20 12:31:22 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 20 Jul 2003 12:31:22 -0700 Subject: Unsubtle Wetwork Message-ID: <3F1AEE09.78BCB57F@cdc.gov> At 03:48 PM 7/19/03 -0400, proclus at gnu-darwin.org wrote: >It now appears to be a suicide, or _very_ subtle wetwork indeed! And the "ice" on Wellstone's plane was believable too. And Ritter's folly was just a personal thing. Disagreement = death. You need to watch _Enemy of the State_ again. From mv at cdc.gov Sun Jul 20 12:45:28 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 20 Jul 2003 12:45:28 -0700 Subject: [Dewayne-Net] RE: [IP] Gilmore bounced from plane; and Farber censors Gilmore's email Message-ID: <3F1AF158.8139A44A@cdc.gov> At 09:16 AM 7/20/03 -0700, Steve Schear wrote: >>>Guess he's never heard of US court's limitations against using 'free >>>speech' as a defense against the consequences of falsely yelling 'Fire' >>>in a crowded theater. > >Except when there really is a fire, which is certainly the case here. > >steve :-) It would have been quite amusing for JG to wear a "Those who sacrifice liberty for security.." button (or T-shirt, rather a lot of text for a button) and get kicked off. His button must not have been attached with a standard pin, they could have disallowed the pointy pin, on the basis of pointyness, not the message attached to it. On the matter of free speech, "Fuck the TSA" would be pretty well protected by the "Fuck the Draft" precedent, at least in the (federal-territory) airport, if not the plane itself. --- Of course there are limits in regards to freedom of speech. They are as follows: "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances." Everything else is, of course, allowed. -Sunder From Freematt357 at aol.com Sun Jul 20 09:56:08 2003 From: Freematt357 at aol.com (Freematt357 at aol.com) Date: Sun, 20 Jul 2003 12:56:08 EDT Subject: FC: John Gilmore: I was ejected from a plane for wearing "Suspected Terro... Message-ID: <165.22ef8003.2c4c23a8@aol.com> In a message dated 7/19/2003 9:47:57 PM Eastern Daylight Time, measl at mfn.org writes: "You can see the button at: http://eminism.org/store/button-racism.html" There's a picture of John Gilmore wearing the button in the Aug. issue of Reason Magazine. Good article too. This event happened after the article appeared, but I think it is the same button as in Reason. Regards, Matt- From rah at shipwright.com Sun Jul 20 11:19:07 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 20 Jul 2003 14:19:07 -0400 Subject: The Quisling Effect Message-ID: http://www.backwoodshome.com/columns/wolfe0307.html The Quisling Effect Government is not the only destroyer of freedom By Claire Wolfe Miller Smithton* is a federally licensed firearms dealer. When he wanted to give his own son a hunting rifle for his birthday, he had to run a criminal background check on the young man. "I felt like a worm," Miller told me. "Like a traitor to my own values and my own family. But what else could I do?" K.J. "Cage" Linton* is a 911 emergency dispatcher and a man concerned about the creeping loss of freedom and privacy in the world. If you call him because your father is having a heart attack or your daughter has broken her leg playing soccer, Cage will calmly ask for your full name, date of birth, and other information. (This is aside from what already appears on his computer screen from the E911 service.) You, in your urgency, give him the information. And this freedom-loving man, without informing you of a thing, enters you into a law-enforcement database. Cage works in a rural county, where he has routinely entered his own friends, neighbors, and family members into this database of crooks and creeps. He knows that all sorts of government employees have free access to the database and use it as a juicy source of both local gossip and leads for investigation. But he's got to stick you in it. It's his job. Juan Fuentes was just a man minding his own business. On the morning of August 23, 2000 three neighbor children, Jessica, Anna, and Vanessa Carpenter, rushed up pounding his door. Anna was bleeding from dozens of puncture wounds. All three were desperate. A naked intruder had broken into their home and was at that moment savaging their little brother and sister with a pitchfork. The girls begged Fuentes to get his gun and save the little ones' lives. But Fuentes said no. It wasn't that he was afraid to confront the intruder; with his rifle he could easily have dropped a pitchfork wielder. No, it was the government he was more terrified of. They'll take my gun away if I do that, he told the desperate girls, whose brother and sister were dying horribly at that moment. To compound the horror, the girls' own father, John Carpenter, had locked away the family pistol in obedience to California's "child-safe" storage laws. All five Carpenter children knew how to shoot and how to handle guns safely, but because their father feared the law more than he feared an armed intruder, they couldn't save themselves or each other. We've all heard about the frog in the kettle. Turn the heat up under him gradually enough and he'll sit there until he boils to death. It's become the most common metaphor to describe our gradual loss of freedom. We never ask, "Who's turning up the heat under us froggies?" because the answer is so obvious. It's government, of course. And it is. But there's something else that's causing the heat to rise and freedom to evaporate into air. It's going on in all three stories above and in daily life around us. Call it the Quisling Effect. Most everybody knows what a quisling is: a turncoat, a Judas, a Benedict Arnold. Specifically, the American Heritage Dictionary defines it as "a traitor who serves as the puppet of the enemy occupying his or her country." The word "quisling" has a naturally slimy sound. Even if you didn't know what it meant, you'd know it was something unsavory, undesirable, or at best, something weak. Not many people realize that (as with martinet, sandwich, and boycott), the word came to us from a man's name. Vidkun Quisling was a twentieth-century Norwegian politician and head of Norway's home-grown form of Nazism, the Nasjonal Samling (National Unity) Party. He went so far as to urge Hitler to invade his country in hopes of becoming Norway's supreme leader. Hitler did. And Quisling did -- for exactly five days. The Nazis quickly placed him in a figurehead position while one of their own actually ran the country. Within months of the war's end, Quisling got his just desserts. He was executed by firing squad. And a new word entered the dictionary, not only in English, but in many other languages. The identification of Quisling with dirty deeds is so strong that when I encountered an article that mentioned humanitarian acts Quisling had committed in the 1920s, it was as if I'd just read, "Ted Bundy heroically feeds the poor in Calcutta," or "Jeffrey Dahmer rescues kitten from burning building." But maybe Bundy did send a few bucks to Mother Teresa. And Dahmer, by many accounts, wasn't entirely a horrible guy, aside from that inconvenient penchant for murdering and eating his lovers. And yes, before he entered the dictionary so odiously, Quisling was actually a respected man. Even the blackest of us is not all black. And it doesn't take a long look into our own hearts to admit that the whitest of us look more like the pile of laundry that was washed 10 times in Brand X than the pile that was laundered with the good stuff in the old commercial. In each of the three incidents that open this article, people made pragmatic decisions that went against their own better principles. They did so for all the ordinary, perfectly excusable daily reasons -- because they feared to break the law, because it was their job, because they didn't want to make waves, because it was a compromise that got them through the day. When their actions were done only to obey a law, they could, with justification, claim the government "made" them do it. Except in a rare tragic case like the deaths of the Carpenter children, the negative consequences are miniscule and life goes on. But it isn't only "the government" that is causing freedom to boil away around us. Though major and minor manifestations of The Quisling Effect, we sell out our own freedom and the freedom of our children, our neighbors, and our friends. Gradually. Oh, so gradually. But sell it we do. We are participants, willing or otherwise, in our own destruction. Businesses -- those proud products of our allegedly free market -- also sell out freedom. And they are bigger culprits than we. Sometimes they do it because corporations, by their very structure and nature, have a lot in common with the state. As one friend of mine always put it, "Every corporation wants to be a government when it grows up." Businesses often help condition us to daily regimentation, to trading our privacy for perks, and to going along to get along. That, I suppose, is an unavoidable, unintended (?) consequence of the post-Industrial revolution. But businesses increasingly manifest The Quisling Effect for the very same reasons we private people do: to avoid making waves, to be allowed to do business as usual under the eye of an ever-stronger state, or to appease the real or imagined demands of the "authorities." (In the latter case, it might be more apt to apply a different WWII analogy, and accuse them of The Chamberlain Effect; but that's another story.) How typical is this? Your ISP meekly enables all e-mail and Web activity to be easily monitored by the FBI, not because the law says they must, but because the FBI unilaterally decrees that they should. Online commerce companies, led by the 800-pound mine canary eBay, announce that they will turn over any customer record to any law enforcement agent, without asking for a subpoena, search warrant, or even an explanation of probable cause. Saks department store sends a notice to charge account customers, saying it will no longer accept more than $350 in cash payments. Even though that amount is far, far below the federal government's own "suspicious" cash reporting limits, Saks is scared, Saks has decided to be overly cautious. Saks' lawyers have no doubt advised the company to prepare for a future in which even $400 is a sign that a loyal Saks customer is a terrorist or drug dealer. Banks demand detained information about you and the origins of your deposits. Following 9-11, one supermarket chain, in a "patriotic" gesture, even turned over its entire database of customer purchasing records to the federal government for "anti-terrorism" records. (And yes, the type of food you buy and how you buy it really is part of the government's profiling of your terrorist potential.) In some cases, the thousands of companies who do such things really are bowing to the law (even when the law isn't constitutional). But in most cases, they're merely complying with fishy agency interpretations of regulations or cravenly, pathetically trying to look compliant and cooperative in general so that they themselves won't become targets of the FBI, IRS, or Department of Homeland Security. It must have been a lot like this in Stalinist Russia. But nevertheless, in each case, these businesses are following their own momentary self interest -- just as we are when we run a background check or enter a caller's name in a database. In relationships with "security scared" businesses, your legal rights, or for that matter their own long-term self interest (assuming freedom is in the long-term interest of every private enterprise), are easy casualties. Saks doesn't care about your freedom. Nor should it have to, in the best of all worlds. Its main concern is with its own survival, as it should be. In a free market, its survival would depend largely on how well it served customers. In this world, survival depends more and more on how well a company kowtows to regulators or law enforcers. And like virtually all corporations (and most individuals), Saks' little hive-mind will simply adapt to present conditions in whatever way it thinks will best ensure its own survival. (The very concept that the federal government has a right to order private businesses to do anything is another matter. But we've long ago accepted that state of affairs as normal, however abnormal and unfree it really is.) If this is the way institutions behave, then we can't expect much better from individuals who, no matter how much they love freedom and still want a nice, uncomplicated daily life. In fact, Miller Smithton, my gun-dealer friend, pointed out that there's even a corollary to The Quisling Effect in which we not only make conscious decisions that trade away freedom, but we begin adopting the psychology of the unfree in our daily lives. For instance, Smithson told me he finds himself sneaking his perfectly legal machine guns from his house to his car and back so that his yuppie neighbors won't see him. He's not doing anything wrong, owning and using these machine guns. Nor is he hiding the guns because he's afraid his neighbors are going to steal such valuable stuff. He just doesn't want to cope with the almost-inevitable suspicion -- complete with reports to the ATF -- that being seen with absolutely legal weapons might bring down on him. So, he submits. Not only in his rational choices, but in his attitudes and way of life. Go back for a moment to the definition of a quisling: "a traitor who serves as the puppet of the enemy occupying his or her country." If you believe that the behemoth now squatting on the banks of the Potomac is constitutional or in some other fashion legitimate, then the definition of quisling doesn't apply to anyone who bows to that government's will -- even when, by bowing or "complying," we diminish our own and our children's freedom. By those terms, the loss of freedom itself is "legitimate," and heaven help us all. But if you believe that the ever-consuming, ever-growing creature now spreading itself across the land is, rather, an alien living off the traditions of freedom as it destroys its own host, if you believe that the security state, the surveillance state, and the control state are truly occupying forces that don't belong in this land and aren't good for it, for you, for your progeny, or for the future ... then clearly all who cooperate with it manifest The Quisling Effect. Some of us bear a large responsibility for selling our own freedom. Some a lot less. But hardly anybody walks among us who isn't responsible in some way for cooperating with the freedom-consuming occupier. Unfortunately, there's no solution -- for the moment, at least. There is no incentive for your banker or your ISP to stand up and say, "Hey, wait a minute, this is wrong and we're going to fight it." And for both businesses and individuals, there is almost no motivation, beyond sheer stubbornness and increasingly archaic principles, to do anything else but comply. If froggie is getting hotter in the pot, government is ultimately at fault. If froggie stays in the pot instead of jumping out, froggie is also responsible. But with millions of quisling froggies out there helping turn the heat up and up and up ... where, really, is the most sincerely freedom loving froggie to go, even if he decides to take the giant leap? Straight from the boiling pot into a world of hot-hot burners. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From measl at mfn.org Sun Jul 20 14:07:58 2003 From: measl at mfn.org (J.A. Terranson) Date: Sun, 20 Jul 2003 16:07:58 -0500 (CDT) Subject: A day in the life Message-ID: Well, summer is here, and I've just come off > two weeks without a day off, so, I thought Itake this wonderful day, and use it like "normal" people might. You know, a nice breakfast with my wife somewhere, maybe a little casino time. The standard speil. But today turned out to be George Orwell Day instead. Submitted for your inevitable nodding of heads, and grumbling of "well, of course! What did you expect!" replies. Breakfast was kind of cool actually - thanks for asking. We trotted off to the local Ameristar casino's Open Trough, er, "Buffet". The food was universally overcooked, sometimes to the point of knife-resistance, but the great dessert bar more than made up for it. And it's relatively inexpensive. Recommended for when lots of food at a low price is all you care about. Not recommended for impressing anyone with your gastronomic knowledge ;-) After breakfast however, we decided to spend some time, and likely the ~300.00 we had on us, at their casino. Mind you, this may be the first time I've been to *this* casino, but it's nowhere *near* my first time in *any* casino. This is far, far, FAR from the norms I'm used to. Like good little state-sponsored-units, we stood in line for a few minutes, waiting to show our ID and begin our excersize in negative economics. When our turn came, however, I presented my ID, and was met with a blank stare. She looked at the ID. She looked at me. Back to the ID. I'm getting ready for the SWAT team to make their entrance at this point. "Sir, Where's your Amerstar Winners Card"? "Huh?" "Don't you have a Winners Card?" "I don't do loyalty cards. Thank you for thinking of me though." "Sir, you can't get in without a Winners Card" So much for a day at the casino. Thank you Ameristar! You saved me about $300.00 today. For those of you who are wondering, yes, you need detailed ID to get one of their loyalty cards. And while I wasn't able to get in to verify what I saw standing in line, it looks like they track you table by table with these cards. So, being $300.00 richer, and having worked for over two weeks without a break, *and* being 250 miles over my oil-change limit, I figured, aw, you know what I figured! Now, let me start off with some background here. I've gone to the same mechanic for almost 6 years now - for tires, oil, you name it. The only thing he doesn't get is the brakes, and then only cause my Subaru has some kind of brakes-from-hell that even he says can't be serviced safely without going to the dealer. This mechanic, who runs the shop for the local Dobb's chain, is great. Never had a problem. Never had to show ID either. Doesn't care if Telecheck likes me or not, he just takes the money, and gets my business. And he gets a *lot* of it. His business is thriving, and he recently added 4 new bays to his shop, and started taking Sundays off - hence, my problem. So, we took the scenic route home, figuring there would have to be a oilchange shop somewhere along the way. And there were several. The first two were closed, but finally, we found a JiffyLube open and waiting. With two bays. And no line (baaaaddd sign on a wonderful day like this). But I *need* the damn oil change, so in we go. "Good Afternoon Sir. What can we help you with today?" "Hi. Oil change please. Synthetic blend please. No extras, just an oil change" "Sure, leave the keys in the car, and step over to the counter, and John will be right with you". When I got out of the car, the kid who was going to do the actual work wanted to know if I had a loyalty card he could punch/swipe/whatever. Nope. "Well sir, just give me your name and address, and I'll get you a card". "Thanks, but I don't want a card." "They're absolutely free sir!" "I know. Thanks, but I don't want a card" "I can't change your oil without a card" "You're kidding. Aren't you?" "Sir, I need a card." "John Smith. 123 Anywhere Street. Anycity, Arkasas. 12345". "Phone?" I almost died laughing when he asked. I mean, where's Monty Python? Behind the storage shed? "314-555-1234" "Thank you sir. If you care to have a seat in the waiting room, we'll call you when it's ready. Into the waiting room we go. With the little 8 inch TV mounted 12 feet in the air, where nobody can actually see it, even though we have to listen to it [at warp-volume]. There's some super overacted action-drama going on, lot's of shooting, a car chase, and a guy jumping into an airplane which is taking off - he jumped from a moving car to the plane - allin the ten minutes we were waiting. Thank god I threw out the television in '90. Finally, a guy comes out from the shop. "Sir, if you'll follow me, we can go over your car for a minute." This is the upsell - I can just see it coming. Wipers? Air filter? We walk over to a monitor sitting in this big red box made up to look like a diagnostic center. It's really just a sales terminal in a big red box, sporting some pretty pictures of the products this guy is trying to talk you into buying. "Sir, would you like some engine cleaner? You should have it once a year." "No, I just want the oil change. no wipers. No engine cleaners. Nothing but an oil change" "Sir. I'm just doing my job - I have to ask you all these questions, since I can't check you out and close out your ticket without asking." Yes, he is an automaton. He just can't take a blanket "no" and punch that into each request, so we went down the whole list of radiator flushes, transmission fluid checks and replacements, hoses, filters, etc. Finally, *thankfully*, we're done: he tells me I can go to the register to pay. "Sir. The total comes to $46.00". As he says this, he notices that the screen hasn't filled in my name, address, etc., from the swipe of the loyalty card. "Sir, I need your last name." "Terranson." "Your first name?" "Whatever makes you happy. Pick one." He looks lost. So lost. "John?" "That's a nice name. Use it." "Address?" "123 Anywhere St." He dutifully types it in... "City?" "Pick one." We wait. He looks at me waiting, looking even more lost and confused. Finally, I can take it no more, and I blurt out an answer, hoping beyond hope that he'll "get it". "New Caledonia." "State?" "Mexico." "Phone?" "123-555-1234" "Sir, would you like a Jiffy Card for next time, so you won't have to wait while we get this information? Oh god... So I have seen two separate businesses today who are just shooting themselves in the head over the acquisition of data in the face of obvious refusal. While the Jiffy Lube is the more obscene example from a bang-for-the-buck perspective, the casino was (for me) the real shocker: casinos have, from day one, been very careful to protect privacy. You ever try to bring in a camera? Forget it! To have a casino turn me away for lack of a loyalty card strikes me as, wel, preposterous! I cannot [literally] give you hundreds of dollars, asking nothing in return but a chance to gaze longingly at the asses of the floor wait staff, without divulging my entire pedigree? Have we, as a society, completely lost all touch with reality??? Those poor kids at the Jiffy Lube - obviously they *have* to get this data for the corporate office, but they too exhibit an amazing amount of programming here. Not *one* of them had enough of a clear head to simply fill in "refused", or "John Smith" on his own. We have taken a real national resource, our youth, and trained them to act as mindless droids, devoid of even the minimum reasoning powers possessed by small insects, and I am, inexplicably, astounded. I am what anyone with an IQ of 12 or higher would call a hard core cynic. But even I am surprised. Appalled even. And oddly embarrassed to find that things are not as bad as I constantly claim, but they are *worse* - MUCH worse than that. They are... I don't *know* what they are - but whatever it is, it is truly fucking evil... -- Yours, J.A. Terranson sysadmin at mfn.org "Every living thing dies alone." Donnie Darko From mv at cdc.gov Sun Jul 20 17:46:11 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Sun, 20 Jul 2003 17:46:11 -0700 Subject: Iraqi vs. Chechen efficiency Message-ID: <3F1B37D2.CC5B65CE@cdc.gov> I read somewhere that the Russkies lose about 8 invaders a day in Chechnya. The Iraqis need to increase their productivity. Maybe take over a theatre or something. Have a nice day. From eresrch at eskimo.com Sun Jul 20 19:24:54 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Sun, 20 Jul 2003 19:24:54 -0700 (PDT) Subject: Unsubtle Wetwork In-Reply-To: <299e7d75acc918b478a1ab31de1070d6@remailer.metacolo.com> Message-ID: On Sun, 20 Jul 2003, Anonymous Sender wrote: > Those who actually earn their standard of living (ie. their business is > not contigent, directly or indirectly, upon US military supremacy) are > the minority. This is the most fundamental transformation of the US > society - massive recruitment by the government. Can't be. The US govmn't budget is only a few percent of GDP. The majority _can't_ depend on government, or it'll collapse. Witness FSU. And back to the brit, why did it take 2 days to "identify the body"? Was the face missing? If so, did he blow his head off before or after slitting his wrist :-) Patience, persistence, truth, Dr. mike From eresrch at eskimo.com Sun Jul 20 19:32:50 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Sun, 20 Jul 2003 19:32:50 -0700 (PDT) Subject: Iraqi vs. Chechen efficiency In-Reply-To: <3F1B37D2.CC5B65CE@cdc.gov> Message-ID: On Sun, 20 Jul 2003, Major Variola (ret.) wrote: > I read somewhere that the Russkies lose about 8 invaders > a day in Chechnya. The Iraqis need to increase their > productivity. Maybe take over a theatre or something. > > Have a nice day. The Chechen's have had a dozen years more practice. How much practice the Iraqi's get before the US populace changes it's mind remains to be seen. It took a long time for Vietnam. Fortunatly, I can watch from a distance. Patience, persistence, truth, Dr. mike From eresrch at eskimo.com Sun Jul 20 19:41:03 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Sun, 20 Jul 2003 19:41:03 -0700 (PDT) Subject: A day in the life In-Reply-To: Message-ID: On Sun, 20 Jul 2003, J.A. Terranson wrote: [great story snipped] > Those poor kids at the Jiffy Lube - obviously they *have* to get this data > for the corporate office, but they too exhibit an amazing amount of > programming here. Not *one* of them had enough of a clear head to simply > fill in "refused", or "John Smith" on his own. We have taken a real national > resource, our youth, and trained them to act as mindless droids, devoid of > even the minimum reasoning powers possessed by small insects, and I am, > inexplicably, astounded. > > I am what anyone with an IQ of 12 or higher would call a hard core > cynic. But even I am surprised. Appalled even. And oddly embarrassed to > find that things are not as bad as I constantly claim, but they are *worse* - > MUCH worse than that. They are... I don't *know* what they are - but > whatever it is, it is truly fucking evil... More likely the kids were tripping on acid with a nice hash over coat. They weren't there at all, you just imagined them :-) Patience, persistence, truth, Dr. mike From cpunk at lne.com Sun Jul 20 20:00:00 2003 From: cpunk at lne.com (cpunk at lne.com) Date: Sun, 20 Jul 2003 20:00:00 -0700 Subject: Cypherpunks List Info Message-ID: <200307210300.h6L300qc020157@gw.lne.com> Cypherpunks Mailing List Information Last updated: Sep 12, 2002 This message is also available at http://www.lne.com/cpunk Instructions on unsubscribing from the list can be found below. 0. Introduction The Cypherpunks mailing list is a mailing list for discussing cryptography and its effect on society. It is not a moderated list (but see exceptions below) and the list operators are not responsible for the list content. Cypherpunks is a distributed mailing list. A subscriber can subscribe to one node of the list and thereby participate on the full list. Each node (called a "Cypherpunks Distributed Remailer", although they are not related to anonymous remailers) exchanges messages with the other nodes in addition to sending messages to its subscribers. A message posted to one node will be received by the list subscribers on the other nodes, and vice-versa. 1. Filtering The various CDRs follow different policies on filtering spam and to a lesser extent on modifying messages that go to/from their subscribers. Filtering is done, on nodes that do it, to reduce the huge amount of spam that the cypherpunks list is subjected to. There are three basic flavors of filtering CDRs: "raw", which send all messages to their subscribers. "cooked" CDRs try to eliminate the spam on that's on the regular list by automatically sending only messages that are from cypherpunks list subscribers (on any CDR) or people who are replying to list messages. Finally there are moderated lists, where a human moderator decides which messages from the raw list to pass on to subscribers. 2. Message Modification Message modification policy indicates what modifications, if any, beyond what is needed to operate the CDR are done (most CDRs add a tracking X-loop header on mail posted to their subscribers to prevent mail loops). Message modification usually happens on mail going in or out to each CDR's subscribers. CDRs should not modify mail that they pass from one CDR to the next, but some of them do, and others undo those modifications. 3. Privacy Privacy policy indicates if the list will allow anyone ("open"), or only list members, or no one ("private") , to retrieve the subscribers list. Note that if you post, being on a "private" list doesn't mean much, since your address is now out there. It's really only useful for keeping spammers from harvesting addresses from the list software. Digest mode indicates that the CDR supports digest mode, which is where the posts are batched up into a few large emails. Nodes that support only digest mode are noted. 4. Anonymous posting Cypherpunks encourages anonymous posting. You can use an anonymous remailer: http://www.andrebacard.com/remail.html http://anon.efga.org/Remailers http://www.gilc.org/speech/anonymous/remailer.html or you can send posts to the list via cpunks_anon at einstein.ssz.com and your mail's headers will be stripped before posting. Note that this doesn't provide complete anonymity since the receiving site will still have log file entries showing the source of the mail (or you have to trust that they delete them). You also will be 'sharing' a reputation with the other entities that post through this alias, and some of them are spammers, so some subscribers will have this alias filtered. 5. Unsubscribing Unsubscribing from the cypherpunks list: Since the list is run from a number of different CDRs, you have to figure out which CDR you are subscribed to. If you don't remember and can't figure it out from the mail headers (hint: the top Received: line should tell you), the easiest way to unsubscribe is to send unsubscribe messages to all the CDRs listed below. How to figure out which CDR you are subscribed to: Get your mail client to show all the headers (Microsoft calls this "internet headers"). Look for the Sender or X-loop headers. The Sender will say something like "Sender: owner-cypherpunks at lne.com". The X-loop line will say something like "X-Loop: cypherpunks at lne.com". Both of these inticate that you are subscribed to the lne.com CDR. If you were subscribed to the algebra CDR, they would have algebra.com in them. Once you have figured out which CDR you're subscribed to, look in the table below to find that CDRs unsubscribe instructions. 6. Lunatics, spammers and nut-cases "I'm subscribed to a filtering CDR yet I still see lots of junk postings". At this writing there are a few sociopaths on the cypherpunks list who are abusing the lists openness by dumping reams of propaganda on the list. The distinction between a spammer and a subscriber is nearly always very clear, but the dictinction between a subscriber who is abusing the list by posting reams of propaganda and a subscriber who is making lots of controversial posts is not clear. Therefore, we tolerate the crap. Subscribers with a low crap tolerance should check out mail filters. Procmail is a good one, although it works on Unix and Unix-like systems only. Eudora also has a capacity for filtering mail, as do many other mail readers. An example procmail recipie is below, you will of course want to make your own decisions on which (ab)users to filter. # mailing lists: # filter all cypherpunks mail into its own cypherspool folder, discarding # mail from loons. All CDRs set their From: line to 'owner-cypherpunks'. # /dev/null is unix for the trash can. :0 * ^From.*owner-cypherpunks at .* { :0: * (^From:.*ravage at ssz\.com.*|\ ^From:.*jchoate at dev.tivoli.com.*|\ ^From:.*mattd at useoz.com|\ ^From:.*proffr11 at bigpond.com|\ ^From:.*jei at cc.hut.fi) /dev/null :0: cypherspool } 7. List of current CDRs All commands are sent in the body of mail unless otherwise noted. --------------------------------------------------------------------------- Algebra: Operator: Subscription: "subscribe cypherpunks" to majordomo at algebra.com Unsubscription: "unsubscribe cypherpunks" to majordomo at algebra.com Help: "help cypherpunks" to majordomo at algebra.com Posting address: cypherpunks at algebra.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- CCC: Operator: drt at un.bewaff.net Subscription: "subscribe [password of your choice]" to cypherpunks-request at koeln.ccc.de Unsubscription: "unsubscribe " to cypherpunks-request at koeln.ccc.de Help: "help" to to cypherpunks-request at koeln.ccc.de Web site: http://koeln.ccc.de/mailman/listinfo/cypherpunks Posting address: cypherpunks at koeln.ccc.de Filtering policy: This specific node drops messages bigger than 32k and every message with more than 17 recipients or just a line containing "subscribe" or "unsubscribe" in the subject. Digest mode: this node is digest-only NNTP: news://koeln.ccc.de/cbone.ml.cypherpunks Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Infonex: Subscription: "subscribe cypherpunks" to majordomo at infonex.com Unsubscription: "unsubscribe cypherpunks" to majordomo at infonex.com Help: "help cypherpunks" to majordomo at infonex.com Posting address: cypherpunks at infonex.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Lne: Subscription: "subscribe cypherpunks" to majordomo at lne.com Unsubscription: "unsubscribe cypherpunks" to majordomo at lne.com Help: "help cypherpunks" to majordomo at lne.com Posting address: cypherpunks at lne.com Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to lne CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. messages are demimed (MIME attachments removed) when posted through lne or received by lne CDR subscribers 2. leading "CDR:" in subject line removed 3. "Reply-to:" removed Privacy policy: private Info: http://www.lne.com/cpunk; "info cypherpunks" to majordomo at lne.com Archive: http://archives.abditum.com/cypherpunks/index.html (thanks to Steve Furlong and Len Sassaman) --------------------------------------------------------------------------- Minder: Subscription: "subscribe cypherpunks" to majordomo at minder.net Unsubscription: "unsubscribe cypherpunks" to majordomo at minder.net Help: "help" to majordomo at minder.net Posting address: cypherpunks at minder.net Filtering policy: raw Message Modification policy: no modification Privacy policy: private Info: send mail to cypherpunks-info at minder.net --------------------------------------------------------------------------- Openpgp: [openpgp seems to have dropped off the end of the world-- it doesn't return anything from sending help queries. Ericm, 8/7/01] Subscription: "subscribe cypherpunks" to listproc at openpgp.net Unsubscription: "unsubscribe cypherpunks" to listproc at openpgp.net Help: "help" to listproc at openpgp.net Posting address: cypherpunks at openpgp.net Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Ssz: Subscription: "subscribe cypherpunks" to majordomo at ssz.com Unsubscription: "unsubscribe cypherpunks" to majordomo at ssz.com Help: "help cypherpunks" to majordomo at ssz.com Posting address: cypherpunks at ssz.com Filtering policy: raw Message Modification policy: Subject line prepended with "CDR:" Reply-to cypherpunks at ssz.com added. Privacy policy: open Info: http://www.ssz.com/cdr/ --------------------------------------------------------------------------- Sunder: Subscription: "subscribe" to sunder at sunder.net Unsubscription: "unsubscribe" to sunder at sunder.net Help: "help" to sunder at sunder.net Posting address: sunder at sunder.net Filtering policy: moderated Message Modification policy: ??? Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- Pro-ns: Subscription: "subscribe cypherpunks" to majordomo at pro-ns.net Unsubscription: "unsubscribe cypherpunks" to majordomo at pro-ns.net Help: "help cypherpunks" to majordomo at pro-ns.net Posting address: cypherpunks at pro-ns.net Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to local CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. leading "CDR:" in subject line removed 2. "Reply-to:" removed Privacy policy: private Info: http://www.pro-ns.net/cpunk From john at kozubik.com Sun Jul 20 23:36:27 2003 From: john at kozubik.com (John Kozubik) Date: Sun, 20 Jul 2003 23:36:27 -0700 (PDT) Subject: Fwd: [IP] Gilmore bounced from plane; and Farber censors Gilmore's email In-Reply-To: <5.2.1.1.0.20030719172806.046514c8@mail.comcast.net> Message-ID: <20030720230703.K75326-100000@kozubik.com> On Sat, 19 Jul 2003, Steve Schear wrote: > >remove a small 1" button pinned to my left lapel. I declined, saying > >that it was a political statement and that he had no right to censor > >passengers' political speech. The button, which was created by Where do these ridiculous ideas come from ? If I own a piece of private property, like an airplane (or an entire airline) for instance, I can impose whatever senseless and arbitrary conditions on your use of it as I please. In reality, I personally would allow his button, and other political speech, etc., but that is not _necessarily_ so. BA refuses to transport him with the button ? BA requires that he submit DNA to fly ? BA requires all passengers to fly nude and recite the hokey-pokey ? All within their rights(*) as the renters of their private property. If you don't like it, don't purchase their service. They have no obligation to serve you, and you have no right to use their service. If their conditions and your needs happen to intersect, then contract them for service - if not, please move along. > >They turned the plane around and brought it back to the gate, delaying > >300 passengers on a full flight. Too bad for you, and not something I would do if I ran the airline, but it is their property and they can do whatever they please(*) with it ... and not be acting in bad faith when they do so long as they stay within the bounds of your contract/agreement with them, which I suspect includes no language concerning political speech, etc. > >trend brilliantly today. She understood but wasn't sympathetic -- > >like most of the people whose individual actions are turning the > >country into a police state. And what is your alternative ? I note that you are attempting to appropriate the property rights of others (albeit in a small way) through a court decision (ie. guns) under the auspices of your perceived "right" to use their property as you see fit. How do the folks at Reason Magazine feel about that ? I read the article, and I am curious to see reader reaction to it ... most likely most will be distracted by the "drinking your own breast milk" horror stories. > >PS: For those who know I don't fly in the US because of the ID demand: > >I'm willing to show a passport to travel to another country. I'm not > >willing to show ID -- an "internal passport" -- to fly within my own > >country. All fine and good - and I appreciate your efforts at uncovering the secret directives and generally resisting the erosion of liberties, however it bothers me greatly that when the obvious is pointed out - that if the _private airlines_ become unburdened by the ID requirement, they will simply require it themselves - that you consider this unjust as well. Further, you invoke some "right" of yours to impose your will on these private property owners. It is difficult to imagine how "blah blah employee number four Sun Microsystems blah blah" is capable of this kind of cognitive dissonance. (*) Within the bounds of the law. Please don't respond with ridiculous queries: "can BA murder you on the plane?!" "can BA rape you?!" ----- John Kozubik - john at kozubik.com - http://www.kozubik.com From anonymous at remailer.metacolo.com Sun Jul 20 16:50:04 2003 From: anonymous at remailer.metacolo.com (Anonymous Sender) Date: Sun, 20 Jul 2003 23:50:04 +0000 (UTC) Subject: Unsubtle Wetwork Message-ID: <299e7d75acc918b478a1ab31de1070d6@remailer.metacolo.com> >(* the official deficit, not counting the total lack of reserves/money >for Socialist Insecurity, bond indebtedness, pension guarantees, loan >guarantees, and other unfunded liabilities; some estimates place the >real deficit at about $30 trillion, i.e., $30 thousand billion. With >about 100 million taxpayers in the U.S., each owes $300,000. Needless >to say, this owed amount, on average, is substantially more than their >complete assets, on average. Even with the "official" indebtedness, the >amount owed (if one accepts a national debt as a personal indebtedness) >is upwards of $60,000. I use the larger amount because the U.S. >government actually _has_ incurred that debt, officially reported or >not.) This is slightly off the topic ... Some calculations done before by people who understand money flows (and are not at the same time priests of the Official Economy) show similar results. To me, this is a plausible explanation for the current domestic support of the US government. A majority of population (75% ? 90% ?) actually lives on ability of the US government to incur this debt and, having sufficient military power, not have to pay it back. The collusion with the government is much deeper than simple power of propaganda. Those who actually earn their standard of living (ie. their business is not contigent, directly or indirectly, upon US military supremacy) are the minority. This is the most fundamental transformation of the US society - massive recruitment by the government. From bill.stewart at pobox.com Mon Jul 21 00:08:37 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Mon, 21 Jul 2003 00:08:37 -0700 Subject: Jude Milhon has passed away Message-ID: <5.1.1.6.2.20030721000649.04c216e0@idiom.com> Forwarded from another list.... >Date: Sun, 20 Jul 2003 16:35:28 -0700 (PDT) >From: Linda Hull >Subject: Jude Milhon has passed away > >To those who knew her...I thought I would mention >that Jude has passed away. > >To those who did not know her, she was the woman >who coined the phrase cypherpunk. Jude was also an >editor at Mondo 2000, among many other things. >http://abcnews.go.com/sections/tech/WiredWomen/wiredwomen000223.html > >She had been fighting cancer and was losing her >battle; last night she embraced the inevitable >by taking her own life. > >In all honesty, I never met her, though I had >often heard of her. It strikes me that she >finished her life the way she had always seemed >to live it - an empowered woman. > >Condolences to her friends and family. > >__________________________________ From measl at mfn.org Sun Jul 20 22:25:29 2003 From: measl at mfn.org (J.A. Terranson) Date: Mon, 21 Jul 2003 00:25:29 -0500 (CDT) Subject: ScanMail Message: To Sender, sensitive content found and action taken. (fwd) Message-ID: One has to wonder that the USPTO would be monitoring this list with a dirty words filter in place. How would they ever see *nay* emails??? -- Yours, J.A. Terranson sysadmin at mfn.org "Every living thing dies alone." Donnie Darko ---------- Forwarded message ---------- Date: Mon, 21 Jul 2003 01:21:21 -0400 From: System Attendant To: measl at mfn.org Subject: ScanMail Message: To Sender, sensitive content found and action taken. Trend SMEX Content Filter has detected sensitive content. Place = cypherpunks at ssz.com; antisocial at mfn.org; ; cypherpunks at einstein.ssz.com Sender = measl at mfn.org Subject = A day in the life Delivery Time = July 21, 2003 (Monday) 01:21:19 Policy = Dirty Words1 Action on this mail = Quarantine message Warning message from administrator: Sender, Content filter has detected a sensitive e-mail. From bill.stewart at pobox.com Mon Jul 21 00:25:35 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Mon, 21 Jul 2003 00:25:35 -0700 Subject: A day in the life In-Reply-To: <20030721030103.GN13976@dreams.soze.net> References:

Message-ID: <5.1.1.6.2.20030721001808.04c76f50@idiom.com> At 03:01 AM 07/21/2003 +0000, Justin wrote: >J.A. Terranson (2003-07-20 21:07Z) wrote: > > So I have seen two separate businesses today who are just shooting > themselves > > in the head over the acquisition of data in the face of obvious refusal. >.... >I'm surprised they didn't ask for your SSN ... as an index for the database... > >I've adopted a SSN I use for idiots like that. I don't know whether >it's assigned, but it's in the valid range. Isn't that just terrible. Please don't do that. You might pick a number belonging to some poor working guy and mess up his credit or yours. I read on the net that Richard Nixon's SSN is 567-68-0515, and then there's that usual 078-thing from fake SSN cards in wallets. From rah at shipwright.com Sun Jul 20 22:12:05 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 21 Jul 2003 01:12:05 -0400 Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online Message-ID: The New York Times July 21, 2003 A 'Funky A.T.M.' Lets You Pay for Purchases Made Online By TERESA RIORDAN the 1997 science-fiction movie "The Velocity Trap," the interstellar banking system is so decimated by electronic crime that the only way to exchange money is in cold hard cash. Armored federal banking ships have to shuttle currency from planet to planet. Carl Amos, an inventor in Atlanta, also anticipates a return to the cash economy but without the computer-generated visual effects. Mr. Amos recently patented a way to pay for online transactions with bills and coins rather than credit or banking cards. "In upwards of three-quarters of the world, most money transactions are cash only," said Mr. Amos, who envisions a big market for his invention. Basically, what Mr. Amos has patented is a new combination of existing technologies. His patent, No. 6,554,184, covers a modified A.T.M. that not only dispenses money but, like a vending machine, accepts cash, which can be used to transfer money from one person to another or to pay for online purchases. "It's a method patent, a new way of doing business," Mr. Amos said. "These are off-the-shelf components. All I had to do was build the machine and write the software." Mr. Amos is a rare breed: an independent inventor who actually makes a living off his inventions. A former electrical engineer at I.B.M. , he left corporate life to develop his idea for a holographic lens. Since he patented the lens in 1994, he estimates, he has received about $1 million in royalties. Mr. Amos, one of six children, grew up on a farm in Ohio, where he set up his own skunk works in a shed. Not all his inventions were successful. One was a parachute to be worn while leaping off the garage. "I survived, obviously," Mr. Amos said. "My siblings survived, too, thank goodness." Mr. Amos said his latest invention, should it become widely available, would obviate the need for services provided by Western Union and other money-transfer companies. Another big market in the United States, Mr. Amos said, might be teenagers. Though they do not usually have their own credit cards, they usually have cash and are more than willing to spend it to download music or games. Mr. Amos also said his system should appeal to those who were worried about identity theft on the Internet or who simply wanted the privacy it provided. Gamblers may be interested in the technology. Many credit-card companies, for example, will not authorize payments to gambling sites. Nor will PayPal, the biggest third-party payment option on the Internet. Tom Turano, a law partner specializing in banking patents at Testa Hurwitz & Thibeault in Boston, called the invention a "cute idea." "It's like a funky A.T.M.," Mr. Turano said. But the patent itself, he said, is "fairly narrow" and may be easy for others to come up with similar inventions that do not infringe the patent. Mr. Amos, who is represented by a licensing firm in Connecticut, said he was approaching banks about licensing his patent. "Western Union and Moneygram haven't called me yet," Mr. Amos said. "But I don't expect them to." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From shaddack at ns.arachne.cz Sun Jul 20 17:17:30 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Mon, 21 Jul 2003 02:17:30 +0200 (CEST) Subject: Defeating Optical Tempest will be easy... In-Reply-To: Message-ID: On Sat, 19 Jul 2003, Tyler Durden wrote: > First of all, anyone know what the most energetic wavelengths are in the > CRT's output? (I have no idea.) Is it in the visible range? It may not be. There is some minuscule proportion of X-rays produced by CRT displays. Could be there any (however theoretical) possibility of X-ray tempest? I don't suppose there would be much of practical use of that, though. From justin-cypherpunks at soze.net Sun Jul 20 20:01:03 2003 From: justin-cypherpunks at soze.net (Justin) Date: Mon, 21 Jul 2003 03:01:03 +0000 Subject: A day in the life In-Reply-To: References: Message-ID: <20030721030103.GN13976@dreams.soze.net> J.A. Terranson (2003-07-20 21:07Z) wrote: > So I have seen two separate businesses today who are just shooting themselves > in the head over the acquisition of data in the face of obvious > refusal. But isn't that because TPTB have decided they want their own person-database (if only for the citizens of YourCity, YourState and people who frequent it), but don't want to pay real money to get a good one? I'm surprised they didn't ask for your SSN ... as an index for the database... I've adopted a SSN I use for idiots like that. I don't know whether it's assigned, but it's in the valid range. Isn't that just terrible. Some day, some data miner with my "ssn" is going to have a coronary when the "unique" key fields collide. I can only hope the wretched soul would pull a Nietzsche and live out the rest of life in a quasi-unresponsive state, a small penalty given the consequences of the new world order s/he helped create. Even better if the data miner is a power company or telephone company employee. From jdocwra at earthlink.net Mon Jul 21 06:34:12 2003 From: jdocwra at earthlink.net (John) Date: Mon, 21 Jul 2003 06:34:12 -0700 Subject: unsubscribe Message-ID: unsubscribe cypherpunks From sfurlong at acmenet.net Mon Jul 21 04:04:04 2003 From: sfurlong at acmenet.net (Steve Furlong) Date: Mon, 21 Jul 2003 07:04:04 -0400 Subject: Fwd: [IP] Gilmore bounced from plane; and Farber censors Gilmore's email In-Reply-To: <20030720230703.K75326-100000@kozubik.com> References: <20030720230703.K75326-100000@kozubik.com> Message-ID: <200307210704.04124.sfurlong@acmenet.net> On Monday 21 July 2003 02:36, John Kozubik wrote: > On Sat, 19 Jul 2003, Steve Schear wrote: > > >remove a small 1" button pinned to my left lapel. I declined, > > > saying that it was a political statement and that he had no right > > > to censor passengers' political speech. The button, which was > > > created by > > Where do these ridiculous ideas come from ? If I own a piece of > private property, like an airplane (or an entire airline) for > instance, I can impose whatever senseless and arbitrary conditions on > your use of it as I please. Look up "common carrier". > I note that you are attempting to > appropriate the property rights of others (albeit in a small way) > through a court decision (ie. guns) under the auspices of your > perceived "right" to use their property as you see fit. I'm generally agreed with you here, but regulated industries are so far from the libertarian ideal that there's little point to applying it to real-life cases such as this. -- Steve Furlong Computer Condottiere Have GNU, Will Travel "If someone is so fearful that, that they're going to start using their weapons to protect their rights, makes me very nervous that these people have these weapons at all!" -- Rep. Henry Waxman From mv at cdc.gov Mon Jul 21 08:22:10 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 21 Jul 2003 08:22:10 -0700 Subject: Fwd: [IP] Gilmore bounced from plane; and Farber censors Gilmore's email Message-ID: <3F1C0522.D7424726@cdc.gov> At 11:36 PM 7/20/03 -0700, John Kozubik wrote: >On Sat, 19 Jul 2003, Steve Schear wrote: > >> >remove a small 1" button pinned to my left lapel. I declined, saying >> >that it was a political statement and that he had no right to censor >> >passengers' political speech. The button, which was created by > >Where do these ridiculous ideas come from ? If I own a piece of private >property, like an airplane (or an entire airline) for instance, I can >impose whatever senseless and arbitrary conditions on your use of it as I >please. Yes. Except that you entered into a contract to transport a human in exchange for money. No where in the contract was "banned speech" mentioned. Suppose that instead two men were kicked off a flight for holding hands, or a woman & offspring for breast-feeding. That would be a violation of the transportation contract. Because such behavior does not endanger the flight or passengers. (Although all behaviors cannot be enumerated, under a "reasonable" common-law interpretation of the contract, passive speech (vs. say screaming the whole flight) is harmless.) Private property rights, of course. But contract law too. From mv at cdc.gov Mon Jul 21 08:24:03 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 21 Jul 2003 08:24:03 -0700 Subject: Defeating Optical Tempest will be easy... Message-ID: <3F1C0593.59CB87C1@cdc.gov> At 02:17 AM 7/21/03 +0200, Thomas Shaddack wrote: >On Sat, 19 Jul 2003, Tyler Durden wrote: >There is some minuscule proportion of X-rays produced by CRT displays. Produced by the ebeam decelerating on the shadow mask, but adsorbed by the glass. From justin-cypherpunks at soze.net Mon Jul 21 01:44:40 2003 From: justin-cypherpunks at soze.net (Justin) Date: Mon, 21 Jul 2003 08:44:40 +0000 Subject: A day in the life In-Reply-To: <5.1.1.6.2.20030721001808.04c76f50@idiom.com> References:

<5.1.1.6.2.20030721001808.04c76f50@idiom.com> Message-ID: <20030721084440.GP13976@dreams.soze.net> Bill Stewart (2003-07-21 07:25Z) wrote: > Please don't do that. You might pick a number belonging to some poor > working guy and mess up his credit or yours. Fair enough, at least when responding to requests for SSN from entities that can affect credit. They tend to be in the minority anyway. From bart0 at earthlink.net Mon Jul 21 09:15:02 2003 From: bart0 at earthlink.net (Harry Bartholomew) Date: Mon, 21 Jul 2003 09:15:02 -0700 Subject: A day in the life In-Reply-To: <5.1.1.6.2.20030721001808.04c76f50@idiom.com> Message-ID: My SS# begins 078- Issued in NY in the 50's Harry Bartholomew 7/21/2003 12:25:35 AM, Bill Stewart wrote: > > >At 03:01 AM 07/21/2003 +0000, Justin wrote: >>J.A. Terranson (2003-07-20 21:07Z) wrote: >> > So I have seen two separate businesses today who are just shooting >> themselves >> > in the head over the acquisition of data in the face of obvious refusal. >>.... >>I'm surprised they didn't ask for your SSN ... as an index for the database... >> >>I've adopted a SSN I use for idiots like that. I don't know whether >>it's assigned, but it's in the valid range. Isn't that just terrible. > >Please don't do that. You might pick a number belonging to some poor >working guy >and mess up his credit or yours. > >I read on the net that Richard Nixon's SSN is 567-68-0515, >and then there's that usual 078-thing from fake SSN cards in wallets. From camera_lumina at hotmail.com Mon Jul 21 06:35:31 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 21 Jul 2003 09:35:31 -0400 Subject: A day in the life...NY Times today Message-ID: "We have taken a real national resource, our youth, and trained them to act as mindless droids, devoid of even the minimum reasoning powers possessed by small insects, and I am, inexplicably, astounded." Hence the photo on the first page of today's NY Times. -TD >From: "J.A. Terranson" >To: cypherpunks at ssz.com >CC: antisocial at mfn.org >Subject: A day in the life >Date: Sun, 20 Jul 2003 16:07:58 -0500 (CDT) > >Well, summer is here, and I've just come off > two weeks without a day off, >so, I thought Itake this wonderful day, and use it like "normal" people >might. You know, a nice breakfast with my wife somewhere, maybe a little >casino time. The standard speil. But today turned out to be George Orwell >Day instead. > >Submitted for your inevitable nodding of heads, and grumbling of "well, of >course! What did you expect!" replies. > >Breakfast was kind of cool actually - thanks for asking. We trotted off to >the local Ameristar casino's Open Trough, er, "Buffet". The food was >universally overcooked, sometimes to the point of knife-resistance, but the >great dessert bar more than made up for it. And it's relatively >inexpensive. Recommended for when lots of food at a low price is all you >care about. Not recommended for impressing anyone with your gastronomic >knowledge ;-) > >After breakfast however, we decided to spend some time, and likely the >~300.00 we had on us, at their casino. Mind you, this may be the first >time >I've been to *this* casino, but it's nowhere *near* my first time in *any* >casino. This is far, far, FAR from the norms I'm used to. > >Like good little state-sponsored-units, we stood in line for a few minutes, >waiting to show our ID and begin our excersize in negative economics. When >our turn came, however, I presented my ID, and was met with a blank stare. > >She looked at the ID. She looked at me. Back to the ID. > >I'm getting ready for the SWAT team to make their entrance at this point. > >"Sir, Where's your Amerstar Winners Card"? >"Huh?" >"Don't you have a Winners Card?" >"I don't do loyalty cards. Thank you for thinking of me though." >"Sir, you can't get in without a Winners Card" > >So much for a day at the casino. Thank you Ameristar! You saved me about >$300.00 today. > >For those of you who are wondering, yes, you need detailed ID to get one of >their loyalty cards. And while I wasn't able to get in to verify what I >saw >standing in line, it looks like they track you table by table with these >cards. > >So, being $300.00 richer, and having worked for over two weeks without a >break, *and* being 250 miles over my oil-change limit, I figured, aw, you >know what I figured! > >Now, let me start off with some background here. I've gone to the same >mechanic for almost 6 years now - for tires, oil, you name it. The only >thing he doesn't get is the brakes, and then only cause my Subaru has some >kind of brakes-from-hell that even he says can't be serviced safely without >going to the dealer. > >This mechanic, who runs the shop for the local Dobb's chain, is great. >Never >had a problem. Never had to show ID either. Doesn't care if Telecheck >likes >me or not, he just takes the money, and gets my business. And he gets a >*lot* of it. His business is thriving, and he recently added 4 new bays to >his shop, and started taking Sundays off - hence, my problem. > >So, we took the scenic route home, figuring there would have to be a >oilchange shop somewhere along the way. And there were several. The first >two were closed, but finally, we found a JiffyLube open and waiting. With >two bays. And no line (baaaaddd sign on a wonderful day like this). But >I >*need* the damn oil change, so in we go. > >"Good Afternoon Sir. What can we help you with today?" >"Hi. Oil change please. Synthetic blend please. No extras, just an oil >change" >"Sure, leave the keys in the car, and step over to the counter, and John >will >be right with you". > >When I got out of the car, the kid who was going to do the actual work >wanted >to know if I had a loyalty card he could punch/swipe/whatever. Nope. > >"Well sir, just give me your name and address, and I'll get you a card". >"Thanks, but I don't want a card." >"They're absolutely free sir!" >"I know. Thanks, but I don't want a card" >"I can't change your oil without a card" >"You're kidding. Aren't you?" >"Sir, I need a card." >"John Smith. 123 Anywhere Street. Anycity, Arkasas. 12345". >"Phone?" > >I almost died laughing when he asked. I mean, where's Monty Python? >Behind >the storage shed? > >"314-555-1234" > >"Thank you sir. If you care to have a seat in the waiting room, we'll call >you when it's ready. > >Into the waiting room we go. With the little 8 inch TV mounted 12 feet in >the air, where nobody can actually see it, even though we have to listen to >it [at warp-volume]. There's some super overacted action-drama going on, >lot's of shooting, a car chase, and a guy jumping into an airplane which is >taking off - he jumped from a moving car to the plane - allin the ten >minutes >we were waiting. Thank god I threw out the television in '90. > >Finally, a guy comes out from the shop. > >"Sir, if you'll follow me, we can go over your car for a minute." > >This is the upsell - I can just see it coming. Wipers? Air filter? > >We walk over to a monitor sitting in this big red box made up to look like >a >diagnostic center. It's really just a sales terminal in a big red box, >sporting some pretty pictures of the products this guy is trying to talk >you >into buying. > >"Sir, would you like some engine cleaner? You should have it once a year." >"No, I just want the oil change. no wipers. No engine cleaners. Nothing >but an oil change" >"Sir. I'm just doing my job - I have to ask you all these questions, since >I >can't check you out and close out your ticket without asking." > >Yes, he is an automaton. He just can't take a blanket "no" and punch that >into each request, so we went down the whole list of radiator flushes, >transmission fluid checks and replacements, hoses, filters, etc. Finally, >*thankfully*, we're done: he tells me I can go to the register to pay. > >"Sir. The total comes to $46.00". As he says this, he notices that the >screen hasn't filled in my name, address, etc., from the swipe of the >loyalty >card. >"Sir, I need your last name." >"Terranson." >"Your first name?" >"Whatever makes you happy. Pick one." > >He looks lost. So lost. > >"John?" >"That's a nice name. Use it." >"Address?" >"123 Anywhere St." >He dutifully types it in... >"City?" >"Pick one." > >We wait. He looks at me waiting, looking even more lost and >confused. Finally, I can take it no more, and I blurt out an answer, >hoping >beyond hope that he'll "get it". > >"New Caledonia." >"State?" >"Mexico." >"Phone?" >"123-555-1234" > >"Sir, would you like a Jiffy Card for next time, so you won't have to wait >while we get this information? > >Oh god... > > >So I have seen two separate businesses today who are just shooting >themselves >in the head over the acquisition of data in the face of obvious >refusal. While the Jiffy Lube is the more obscene example from a >bang-for-the-buck perspective, the casino was (for me) the real >shocker: casinos have, from day one, been very careful to protect >privacy. You ever try to bring in a camera? Forget it! To have a casino >turn me away for lack of a loyalty card strikes me as, wel, preposterous! >I >cannot [literally] give you hundreds of dollars, asking nothing in return >but >a chance to gaze longingly at the asses of the floor wait staff, without >divulging my entire pedigree? Have we, as a society, completely lost all >touch with reality??? > >Those poor kids at the Jiffy Lube - obviously they *have* to get this data >for the corporate office, but they too exhibit an amazing amount of >programming here. Not *one* of them had enough of a clear head to simply >fill in "refused", or "John Smith" on his own. We have taken a real >national >resource, our youth, and trained them to act as mindless droids, devoid of >even the minimum reasoning powers possessed by small insects, and I am, >inexplicably, astounded. > >I am what anyone with an IQ of 12 or higher would call a hard core >cynic. But even I am surprised. Appalled even. And oddly embarrassed to >find that things are not as bad as I constantly claim, but they are *worse* >- >MUCH worse than that. They are... I don't *know* what they are - but >whatever it is, it is truly fucking evil... > > >-- >Yours, >J.A. Terranson >sysadmin at mfn.org > > "Every living thing dies alone." > Donnie Darko _________________________________________________________________ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail From ptrei at rsasecurity.com Mon Jul 21 07:03:47 2003 From: ptrei at rsasecurity.com (Trei, Peter) Date: Mon, 21 Jul 2003 10:03:47 -0400 Subject: A day in the life Message-ID: > Bill Stewart[SMTP:bill.stewart at pobox.com] wrote: > > At 03:01 AM 07/21/2003 +0000, Justin wrote: > >J.A. Terranson (2003-07-20 21:07Z) wrote: > > > So I have seen two separate businesses today who are just shooting > > themselves > > > in the head over the acquisition of data in the face of obvious > refusal. > >.... > >I'm surprised they didn't ask for your SSN ... as an index for the > database... > > > >I've adopted a SSN I use for idiots like that. I don't know whether > >it's assigned, but it's in the valid range. Isn't that just terrible. > > Please don't do that. You might pick a number belonging to some poor > working guy > and mess up his credit or yours. > > I read on the net that Richard Nixon's SSN is 567-68-0515, > and then there's that usual 078-thing from fake SSN cards in wallets. > No real SSN starts with the digit 9. Choose a random string, but make the first digit '9'. Peter From Freematt357 at aol.com Mon Jul 21 07:14:19 2003 From: Freematt357 at aol.com (Freematt357 at aol.com) Date: Mon, 21 Jul 2003 10:14:19 EDT Subject: [IP] Gilmore bounced from plane; and Farber censors Gilmore's email Message-ID: <55.448e713d.2c4d4f3b@aol.com> In a message dated 7/21/2003 2:56:45 AM Eastern Daylight Time, john at kozubik.com writes: It is difficult to imagine how "blah blah employee number four Sun Microsystems blah blah" is capable of this kind of cognitive dissonance. (John) helped to build and launch one of the most exciting and innovative education programs ever developed. Clearly, (he is) extraordinary. --William J. Bennett, Former Secretary of Education Gambling buddy of Bill? Regards, Matt- From jack at junkfoodforthought.com Mon Jul 21 07:50:41 2003 From: jack at junkfoodforthought.com (Jack) Date: Mon, 21 Jul 2003 10:50:41 -0400 Subject: Help Wanted: Internet Spy Message-ID: Interesting ad seen at http://www.rand.org/jobs: ***** Posting Title: Research Programmer Location: (S) Santa Monica Reference: 001241 Job Description: Research Programmer RAND is seeking a Research Programmer to work on various information technology, security and assurance projects in our Santa Monica office. It is preferred that the individual have familiarity with various applied psychological measures that can be used to help with information protection systems. Under general supervision, the research programmer will be expected to search, monitor and track information and software tools that relate and leverage off these measures in the context of information security. More generally, the position requires skills in searching for highly technical, computer-related information and programs within a variety of Internet and Web sources, and organizing and structuring this material in a database for a project's use. Educational Requirements: Bachelors degree (or equivalent experience) in Mathematics, Economics, Statistics, Computer Science, Engineering, or other quantitative or computer discipline. Master preferred. Coursework or experience must cover research methods, policy analysis, and critical infrastructure protection. Specific technical skills required: Thorough technical knowledge of current computer operating systems (e.g., Linux, Solaris, Open BSD, Windows), and programming languages (e.g., Lisp, Prolog, C, Perl). Must be extremely proficient in such Internet and Web technologies as anonymizing sites, IRC and "chat rooms," and downloading and investigating properties of hacker "toolkits" and related software. Ability to organize and structure information within a database for project use is mandatory. Related experience required: 3 - 5 years Type of experience required/preferred: Applicant should have excellent interpersonal skills, be able to conduct independent investigations of online sites, and participate in online dialogs (IRC, chats) by gaining the trust of relevant persons. Experience with the content and participants of such computer security conferences as the Black Hat Briefings, DEFCON, and CANSECWest/core03 would be useful. A security clearance is not required, but is desirable. Location: Santa Monica # distributed via : no commercial use without permission # is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: majordomo at bbs.thing.net and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: nettime at bbs.thing.net --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From hseaver at cybershamanix.com Mon Jul 21 09:39:33 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Mon, 21 Jul 2003 11:39:33 -0500 Subject: A day in the life...NY Times today In-Reply-To: References: Message-ID: <20030721163933.GA27482@cybershamanix.com> On Mon, Jul 21, 2003 at 09:35:31AM -0400, Tyler Durden wrote: > "We have taken a real national > resource, our youth, and trained them to act as mindless droids, devoid of > even the minimum reasoning powers possessed by small insects, and I am, > inexplicably, astounded." > > Hence the photo on the first page of today's NY Times. > > -TD And for us non-new yorkers, what was that? -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From DaveHowe at gmx.co.uk Mon Jul 21 03:41:42 2003 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Mon, 21 Jul 2003 11:41:42 +0100 Subject: Fwd: [IP] Gilmore bounced from plane; and Farber censors Gilmore's email References: <20030720230703.K75326-100000@kozubik.com> Message-ID: <00eb01c34f74$ac9432e0$c71121c2@exchange.sharpuk.co.uk> John Kozubik wrote: > Where do these ridiculous ideas come from ? If I own a piece of > private property, like an airplane (or an entire airline) for > instance, I can impose whatever senseless and arbitrary conditions on > your use of it as I please. Not really - there are quite clear rules in most societies against discrimination of various sorts when you offer a public service. If you say to passenger xxx "you can't fly with me because I don't like your haircut/face/tattoo" then odds are good that you will get away with it. If you say to passenger xxx "you can't fly on *this* plane because I belive you are a security risk" and you are the captain, then you are guaranteed to get away with it (no matter how undeserved it is) but may get hell from head office later. If you say to *every* black passenger (or jew, or muslim) "you can't fly with my airline" or even "your ticket will cost double because I don't like you" then you will get slapped down, and rightly so. Of course, if you have a private plane and invite a few friends to miami with you (or even the entire bar) except for any blacks, jews or muslims that might be wanting to come along, then that's fine - the plane is your private property and the Political Correctness Police can go play someplace else. Its when you are offering a public service that the rules change. All the above said - if a particular captain finds a 1" badge saying "suspected terrorist" sufficiently convincing that he then suspects you are a terrorist, he is in his rights to throw you off his plane. Certainly the cabin steward has no such right though, and is probably some dickless little jobsworth that gets a kick from being able to order passengers about. That a blanket ban on his travel (and further, that of his wife) was imposed, simply for possession of the badge, is clearly wrong and anti-terrorist-fever gone mad. I also don't understand how a "federal crime" can be committed on a english airplane - I thought the legal fiction was that from boarding the plane to disembarking (and sometimes not even then, if you are transferring between flights without ever legally "landing") you were in the sovereign territory of whatever flag the airline is registered under? Oh, and as to the "murder" bit, IIRC the captain of a ship or plane may legally kill you if he believes this is required for the safety of his vessel and passengers as a whole - I would hate to see the paperwork though unless you were actually standing there with a bomb and a gun at the time :) > All fine and good - and I appreciate your efforts at uncovering the > secret directives and generally resisting the erosion of liberties, > however it bothers me greatly that when the obvious is pointed out - > that if the _private airlines_ become unburdened by the ID > requirement, they will simply require it themselves - that you > consider this unjust as well. If any one airline decides to impose a blanket requirement (all passengers must show ID) then that is fine. If all airlines decide to do so independently (or even as a joint response to a situation) then that is fine, but probably could do with a little scrutiny to make sure it really was their idea. However, false ID is easily enough obtained. If the federal government decides to impose (or even "strongly recommend") such a scheme, and further provides a list of "no fly" people (purely on name, so you can't tell if the joe bloggs you have at your desk is a terrorist threat, someone who wrote a purple-ink letter to the president last year, or some other joe bloggs who is really unlucky in his choice of name) then this is a major erosion of liberties, a deeply frightening development, or both. From ericm at lne.com Mon Jul 21 11:44:53 2003 From: ericm at lne.com (Eric Murray) Date: Mon, 21 Jul 2003 11:44:53 -0700 Subject: A day in the life In-Reply-To: ; from measl@mfn.org on Sun, Jul 20, 2003 at 04:07:58PM -0500 References: Message-ID: <20030721114453.A25104@slack.lne.com> On Sun, Jul 20, 2003 at 04:07:58PM -0500, J.A. Terranson wrote: [ID experience at giant mega-corp casino] [ID experience at Jiffy-loob] If you patronize only corporate mega-stores, this is what you get. None of the (locally-owned) resturants I eat breakfast at do any loyalty card bullshit, they happily accept anonymous cash and the food is wonderful. The vendors at the local farmer's market take cash too. The local stores in the chain of bicycle stores I sometimes go to for tires and parts do sometimes ask me if I want to be on their buyers club thing, I just say no and that's fine with them. You need to shop at stores run by humans. If you have to patronize a mega-corp, stick up for yourself. They insist because it works on most people. There is no need to baaah along with the sheep. Eric From ptrei at rsasecurity.com Mon Jul 21 10:08:46 2003 From: ptrei at rsasecurity.com (Trei, Peter) Date: Mon, 21 Jul 2003 13:08:46 -0400 Subject: A day in the life Message-ID: > Harry Bartholomew[SMTP:bart0 at earthlink.net] > > My SS# begins 078- > Issued in NY in the 50's > > Harry Bartholomew > > 7/21/2003 12:25:35 AM, Bill Stewart wrote: > > > > > > >At 03:01 AM 07/21/2003 +0000, Justin wrote: > >>J.A. Terranson (2003-07-20 21:07Z) wrote: > >> > So I have seen two separate businesses today who are just shooting > >> themselves > >> > in the head over the acquisition of data in the face of obvious > refusal. > >>.... > >>I'm surprised they didn't ask for your SSN ... as an index for the > database... > >> > >>I've adopted a SSN I use for idiots like that. I don't know whether > >>it's assigned, but it's in the valid range. Isn't that just terrible. > > > >Please don't do that. You might pick a number belonging to some poor > >working guy > >and mess up his credit or yours. > > > >I read on the net that Richard Nixon's SSN is 567-68-0515, > >and then there's that usual 078-thing from fake SSN cards in wallets. > From: http://www.cpsr.org/cpsr/privacy/ssn/SSN-addendum.html#FakeNumbers Making a 9-digit number up at random is a bad idea, as it may coincide with someone's real number and cause them some amount of grief. It's better to use a number like 078-05-1120, which was printed on "sample" cards inserted in thousands of new wallets sold in the 40's and 50's. It's been used so widely that both the IRS and SSA recognize it immediately as bogus, while most clerks haven't heard of it. There were at least 40 different people in the Selective Service database at one point who gave this number as their SSN. The Social Security Administration recommends that people showing Social Security cards in advertisements use numbers in the range 987-65-4320 through 987-65-4329. There are several patterns that have never been assigned, and which therefore don't conflict with anyone's real number. They include numbers with any field all zeroes, and numbers with a first digit of 8 or 9. - end quote - Peter Trei From adam at homeport.org Mon Jul 21 10:28:04 2003 From: adam at homeport.org (Adam Shostack) Date: Mon, 21 Jul 2003 13:28:04 -0400 Subject: Heathrow employees leap out of kettle Message-ID: <20030721172803.GA45689@lightship.internal.homeport.org> http://silicon.com/news/164-500001/1/5237.html?rolling=1 > Staff were angered by the roll out of swipe cards which effectively > enable bosses to monitor their comings and goings and effectively > re-introduced the practice of clocking-on and clocking-off. [...] > Around 100,000 travellers and holidaymakers were left stranded at > the world's busiest international airport by the unofficial action > over the weekend. Of course, the rest of us are not so privledged. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From sunder at sunder.net Mon Jul 21 10:30:20 2003 From: sunder at sunder.net (Sunder) Date: Mon, 21 Jul 2003 13:30:20 -0400 (edt) Subject: NYT: Report on USA Patriot Act Alleges Civil Rights Violations Message-ID: http://www.nytimes.com/2003/07/21/politics/21JUST.html?hp WASHINGTON, July 20 . A report by internal investigators at the Justice Department has identified dozens of recent cases in which department employees have been accused of serious civil rights and civil liberties violations involving enforcement of the sweeping federal antiterrorism law known as the USA Patriot Act. The inspector general's report, which was presented to Congress last week and is awaiting public release, is likely to raise new concern among lawmakers about whether the Justice Department can police itself when its employees are accused of violating the rights of Muslim and Arab immigrants and others swept up in terrorism investigations under the 2001 law. The report said that in the six-month period that ended on June 15, the inspector general's office had received 34 complaints of civil rights and civil liberties violations by department employees that it considered credible, including accusations that Muslim and Arab immigrants in federal detention centers had been beaten. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ From camera_lumina at hotmail.com Mon Jul 21 11:34:43 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 21 Jul 2003 14:34:43 -0400 Subject: A day in the life...NY Times today Message-ID: > > Hence the photo on the first page of today's NY Times. > > > > -TD > > And for us non-new yorkers, what was that? Well, I couldn't read the caption, but from across the aisle I saw a picture of a US soldier holding a gun on an unarmed Muslim man in a ditch, who was holding his hands up and looking not super happy. I assume the photo was not taken in Topeka, Kansas... -TD _________________________________________________________________ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail From rah at shipwright.com Mon Jul 21 12:02:53 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 21 Jul 2003 15:02:53 -0400 Subject: Help Wanted: Internet Spy Message-ID: --- begin forwarded text From mv at cdc.gov Mon Jul 21 16:22:21 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 21 Jul 2003 16:22:21 -0700 Subject: Defeating Optical Tempest will be easy... Message-ID: <3F1C75AD.F591A070@cdc.gov> At 07:49 PM 7/21/03 +0100, Peter Fairbrother wrote: >a_b_sorbed. Absorb is a widely used word meaning 3to drink in, to soak up,2 >both literally and figuratively. Adsorb is a specialized technical term, >meaning only 3to collect a condensed gas or liquid on a surface.2 Thank you. Have a hard time keeping them straight. Probably a textual clue that will undermine my pseudo-anonymity some day :-) >The glass of CRT's absorbs so much of the X-rays that it might be hard to >detect a signal at all at any distance, but then the signal is not swamped >by noise from the not-immediately-illuminated areas, unlike the optical >emissions. Yes but anything that picks up the weak X-ray will be sensitive to other normal background ionizing. With a proportional counter like a scintillator/PMT combo, where you could discriminate different types of radiation on the basis of pulse height, but you'll be down in the photomultiplier tube's noise. And as a cosmic ray secondary slows down it can generate x-rays. Maybe if the Adversary is allowed cryogenic detectors in the next room over... he still has to deal with the attenuating coefficient for drywall, etc. And again, I think basically nothing gets through the glass. >"0.5 milliroentgens per hour at a distance of five (5) centimeters from any >point on the external surface of the receiver" is the US legal limit[*], and >low voltage (and thus very low x-ray emission) crt monitors are common now, >if not a de-facto standard. That's pretty hot, actually. A glass vial of 5 gms U Acetate is only twice that, a few mm from the alpha-window of a GM detector. And the broad face of a CRT means 1/R^2 doesn't apply until you get some distance away... more like 1/R for an infinite slab. >However, I expect shot noise to be a limiting factor here. Unfortunately, >the Roentgen is such a wierd unit it's not that easy to convert it to >photons and do the math! Since the signal is rastering at MHz, you can't very well integrate ionizing radiation over long times, as you could to say detect the betas coming out of a jar of salt substitute (potassium). Roentgens are defined as producing a certain amount of ionization in dry air. The photons doing the ionizing would range from the 10's of keV for X-rays to MeV for gammas. (Careful with that brightness control Eugene!) An ion pair takes about 37 eV to form. Compare with visible light's very small range, blue to red. >I use 180:210:210[**] (r:g:b) text on a 255:255:255 window background at >present, with very light wallpaper, though I speckle both slightly. It's a >little hard to read, but much better than some other suggested combinations. I hope you don't do this all the time... >[*]< Probably far too high for safety! Originally for TV's, where the >viewing distance is much higher. But most modern monitors will emit much >less than that. I hope! > As do TVs. Nowadays its the Radon daughters attracted to the charged glass that will be giving you your RDA (Radiation Daily Allowance.. RDA is a Yank FDA pun) Also some of the TV radiation was from HV tubes inside the box; that was solved by first using leaded glass (hack!) and then more elegantly by getting rid of tubes. From measl at mfn.org Mon Jul 21 16:05:00 2003 From: measl at mfn.org (J.A. Terranson) Date: Mon, 21 Jul 2003 18:05:00 -0500 (CDT) Subject: A day in the life...NY Times today In-Reply-To: Message-ID: On Mon, 21 Jul 2003, Tyler Durden wrote: > "We have taken a real national > resource, our youth, and trained them to act as mindless droids, devoid of > even the minimum reasoning powers possessed by small insects, and I am, > inexplicably, astounded." > > Hence the photo on the first page of today's NY Times. For those of us not on the Right Coast, please provide a link to the photo. I looked at various NYT web pages, but saw nothing that looked to be what you were trying to reference :-( > > -TD > -- Yours, J.A. Terranson sysadmin at mfn.org "Every living thing dies alone." Donnie Darko From john at kozubik.com Mon Jul 21 18:06:08 2003 From: john at kozubik.com (John Kozubik) Date: Mon, 21 Jul 2003 18:06:08 -0700 (PDT) Subject: Fwd: [IP] Gilmore bounced from plane; and Farber censors Gilmore's email In-Reply-To: <3F1C0522.D7424726@cdc.gov> Message-ID: <20030721180412.N60664-100000@kozubik.com> On Mon, 21 Jul 2003, Major Variola (ret) wrote: > >Where do these ridiculous ideas come from ? If I own a piece of > private > >property, like an airplane (or an entire airline) for instance, I can > >impose whatever senseless and arbitrary conditions on your use of it as > I > >please. > > Yes. > Except that you entered into a contract to transport a human in exchange > > for money. No where in the contract was "banned speech" mentioned. If there are no provisions whatever for discretionary removal, then BA was wrong to remove Gilmore - they broke their agreement. However, I'll bet if you read _all_ the fine print, somewhere there exists in the contract/agreement a provision for just that. ----- John Kozubik - john at kozubik.com - http://www.kozubik.com From measl at mfn.org Mon Jul 21 16:07:02 2003 From: measl at mfn.org (J.A. Terranson) Date: Mon, 21 Jul 2003 18:07:02 -0500 (CDT) Subject: A day in the life...NY Times today In-Reply-To: Message-ID: On Mon, 21 Jul 2003, Tyler Durden wrote: > "We have taken a real national > resource, our youth, and trained them to act as mindless droids, devoid of > even the minimum reasoning powers possessed by small insects, and I am, > inexplicably, astounded." > > Hence the photo on the first page of today's NY Times. > > -TD Uggghhh. I hate replying to myself - never mind, I think I found it :-(. Yes. Exactly so. My point holds... -- Yours, J.A. Terranson sysadmin at mfn.org "Every living thing dies alone." Donnie Darko From zenadsl6186 at zen.co.uk Mon Jul 21 11:49:03 2003 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Mon, 21 Jul 2003 19:49:03 +0100 Subject: Defeating Optical Tempest will be easy... In-Reply-To: <3F1C0593.59CB87C1@cdc.gov> Message-ID: Major Variola (ret) wrote: > At 02:17 AM 7/21/03 +0200, Thomas Shaddack wrote: >> On Sat, 19 Jul 2003, Tyler Durden wrote: >> There is some minuscule proportion of X-rays produced by CRT displays. > > Produced by the ebeam decelerating on the shadow mask, but adsorbed > by the glass. > a_b_sorbed. Absorb is a widely used word meaning 3to drink in, to soak up,2 both literally and figuratively. Adsorb is a specialized technical term, meaning only 3to collect a condensed gas or liquid on a surface.2 The glass of CRT's absorbs so much of the X-rays that it might be hard to detect a signal at all at any distance, but then the signal is not swamped by noise from the not-immediately-illuminated areas, unlike the optical emissions. "0.5 milliroentgens per hour at a distance of five (5) centimeters from any point on the external surface of the receiver" is the US legal limit[*], and low voltage (and thus very low x-ray emission) crt monitors are common now, if not a de-facto standard. However, I expect shot noise to be a limiting factor here. Unfortunately, the Roentgen is such a wierd unit it's not that easy to convert it to photons and do the math! A light background on a CRT screen image will give out enough delayed light to give problems in the s/n ratio of an optical TEMPEST attack. It's much easier to "see" white text on a black background than black text on a white background. I use 180:210:210[**] (r:g:b) text on a 255:255:255 window background at present, with very light wallpaper, though I speckle both slightly. It's a little hard to read, but much better than some other suggested combinations. [*]< Probably far too high for safety! Originally for TV's, where the viewing distance is much higher. But most modern monitors will emit much less than that. I hope! > [**]< I replaced the black in Marcus's anti-em-tempest fonts with 180:210:210, and varied the other colours in proportion. > -- Peter Fairbrother From sfurlong at acmenet.net Mon Jul 21 17:12:36 2003 From: sfurlong at acmenet.net (Steve Furlong) Date: Mon, 21 Jul 2003 20:12:36 -0400 Subject: Cypherpunks archive In-Reply-To: References: Message-ID: <200307212012.36152.sfurlong@acmenet.net> On Monday 21 July 2003 19:49, someone wrote: > Can you make the raw mbox archive available, or do you have that? > If it's less than about 200 meg, I can also receive it as an > attachment, if you're sadistic with your mail server. Let me think about it, and maybe ask some of the list members. The HTML that appears on the web page is sanitized a bit to prevent address harvesting. Not that c-punks' addresses are that hard to obtain other ways, but when I started the archive several people emphatically stated that they wanted the sanitizing. Maybe I'll write a short script to sanitize the addresses in the mbox. That'll take a while to develop, to make sure I don't miss anything and because my spare time is limited for the next month and a half. If I do make the mboxes available, they'll be available as .gz's off my top cypherpunks page. I'll post to the list if I do it. List members: any preferences? SRF -- Steve Furlong Computer Condottiere Have GNU, Will Travel "If someone is so fearful that, that they're going to start using their weapons to protect their rights, makes me very nervous that these people have these weapons at all!" -- Rep. Henry Waxman From decoy at iki.fi Mon Jul 21 10:34:09 2003 From: decoy at iki.fi (Sampo Syreeni) Date: Mon, 21 Jul 2003 20:34:09 +0300 (EEST) Subject: [IP] Gilmore bounced from plane; and Farber censors Gilmore's email In-Reply-To: <3F1C0522.D7424726@cdc.gov> References: <3F1C0522.D7424726@cdc.gov> Message-ID: On 2003-07-21, Major Variola (ret) uttered: >Private property rights, of course. But contract law too. I wouldn't forget the more stringent standards of nonexclusivity and isonomy we'd want to apply to our dealings with public authorities, either. I mean, I have real trouble seeing how BA could have arrived at such ghastly safety guidelines absent some help from the powers that be. -- Sampo Syreeni, aka decoy - mailto:decoy at iki.fi, tel:+358-50-5756111 student/math+cs/helsinki university, http://www.iki.fi/~decoy/front openpgp: 050985C2/025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 From sfurlong at acmenet.net Mon Jul 21 18:04:37 2003 From: sfurlong at acmenet.net (Steve Furlong) Date: Mon, 21 Jul 2003 21:04:37 -0400 Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online In-Reply-To: References: Message-ID: <200307212104.37725.sfurlong@acmenet.net> On Monday 21 July 2003 01:12, R. A. Hettinga wrote: > t&position=> > > A 'Funky A.T.M.' Lets You Pay for Purchases Made Online I worked on a commercial digital money system a few years ago. One of their business models was almost identical to Amos': stick cash in a kiosk to get electronic money. It'd be interesting to see how that system plays with Amos' patent. (I won't be able to observe directly, as I was fired from that company because I'm an incompetent slacker (boss's view) or because the boss was a jack-booted jackass (my view).) -- Steve Furlong Computer Condottiere Have GNU, Will Travel "If someone is so fearful that, that they're going to start using their weapons to protect their rights, makes me very nervous that these people have these weapons at all!" -- Rep. Henry Waxman From hseaver at cybershamanix.com Tue Jul 22 04:16:30 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Tue, 22 Jul 2003 06:16:30 -0500 Subject: Fisk articles Message-ID: <20030722111630.GA28715@cybershamanix.com> Does anyone have access to the fulltext articles by Robert Fisk like this one on alleged torture in US internment camps in Iraq: http://news.independent.co.uk/world/fisk/story.jsp?story=426520 that the Independant offers on a subscription basis? -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From cryptomjs at eudoramail.com Tue Jul 22 08:05:26 2003 From: cryptomjs at eudoramail.com (Mark Saarelainen) Date: Tue, 22 Jul 2003 08:05:26 -0700 Subject: I remind everybody to drink a bottle of wisky a day ... Message-ID: You get a kind ofa good feeling then.... Need a new email address that people can remember Check out the new EudoraMail at http://www.eudoramail.com From mv at cdc.gov Tue Jul 22 09:10:03 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 22 Jul 2003 09:10:03 -0700 Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online Message-ID: <3F1D61DB.38131150@cdc.gov> At 10:25 AM 7/22/03 -0400, Sunder wrote: >> I worked on a commercial digital money system a few years ago. One of >> their business models was almost identical to Amos': stick cash in a >> kiosk to get electronic money. It'd be interesting to see how that >> system plays with Amos' patent. > >It's not going to be anonymous at all. Remember, ATM's are always >protected by cameras. If the digicash isn't anonymous, it's worthless. Yes to all points. Of course, this is why a bandana/burkha/ski mask is a good thing to carry when approaching an ATM. Better if they're IR opaque. Best not to do this if the ATM is attached to a bank though, for the sake of the guards' underwear :-) From declan at well.com Tue Jul 22 06:22:36 2003 From: declan at well.com (Declan McCullagh) Date: Tue, 22 Jul 2003 09:22:36 -0400 Subject: old encryption paper In-Reply-To: <20030719203350.3A74F99AA5@gnu-darwin.org>; from proclus@gnu-darwin.org on Sat, Jul 19, 2003 at 04:33:37PM -0400 References: <20030719203350.3A74F99AA5@gnu-darwin.org> Message-ID: <20030722092236.A5731@cluebot.com> On Sat, Jul 19, 2003 at 04:33:37PM -0400, proclus at gnu-darwin.org wrote: > IMHO, it is exactly this kind of commentary which scuttled an attack > on free encryption software in the wake of the attack. Moreover, the > monolith authentication schemes were also laid to rest or driven Well, no. This kind of commentary made folks on mailing lists like these feel warm and fuzzy and made some other tech types realize what was at stake. But Sen. Judd Gregg's proposal failed because of lack of support from his colleagues and opposition from well-connected industry lobbyists, not people writing about "GNU-Darwin" (probably not one congresscritter knows what that means anyway, or cares). -Declan From ptrei at rsasecurity.com Tue Jul 22 06:37:59 2003 From: ptrei at rsasecurity.com (Trei, Peter) Date: Tue, 22 Jul 2003 09:37:59 -0400 Subject: Cypherpunks archive Message-ID: I'd very much like to see the archives in a downloadable form. Peter > ---------- > From: Steve Furlong[SMTP:sfurlong at acmenet.net] > Sent: Monday, July 21, 2003 8:12 PM > To: cypherpunks at lne.com > Subject: Re: Cypherpunks archive > > On Monday 21 July 2003 19:49, someone wrote: > > Can you make the raw mbox archive available, or do you have that? > > If it's less than about 200 meg, I can also receive it as an > > attachment, if you're sadistic with your mail server. > > Let me think about it, and maybe ask some of the list members. The HTML > that appears on the web page is sanitized a bit to prevent address > harvesting. Not that c-punks' addresses are that hard to obtain other > ways, but when I started the archive several people emphatically stated > that they wanted the sanitizing. > > Maybe I'll write a short script to sanitize the addresses in the mbox. > That'll take a while to develop, to make sure I don't miss anything and > because my spare time is limited for the next month and a half. > > If I do make the mboxes available, they'll be available as .gz's off my > top cypherpunks page. I'll post to the list if I do it. > > > List members: any preferences? > > > SRF > > -- > Steve Furlong Computer Condottiere Have GNU, Will Travel > > "If someone is so fearful that, that they're going to start using > their weapons to protect their rights, makes me very nervous that > these people have these weapons at all!" -- Rep. Henry Waxman From mv at cdc.gov Tue Jul 22 09:52:23 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Tue, 22 Jul 2003 09:52:23 -0700 Subject: A tiny bit of karma for BA Message-ID: <3F1D6BC6.8CE5C822@cdc.gov> http://story.news.yahoo.com/news?tmpl=story&u=/afp/20030722/ts_afp/britain_air_strike_company_ba_030722122901 LONDON (AFP) - British Airways was battling to clear a backlog of frustrated passengers stranded at London's Heathrow Airport, some of whom had been stuck there for four days after a wildcat strike by check-in staff. From sunder at sunder.net Tue Jul 22 07:25:59 2003 From: sunder at sunder.net (Sunder) Date: Tue, 22 Jul 2003 10:25:59 -0400 (edt) Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online In-Reply-To: <200307212104.37725.sfurlong@acmenet.net> Message-ID: On Mon, 21 Jul 2003, Steve Furlong wrote: > On Monday 21 July 2003 01:12, R. A. Hettinga wrote: > > >t&position=> > > > > A 'Funky A.T.M.' Lets You Pay for Purchases Made Online > > I worked on a commercial digital money system a few years ago. One of > their business models was almost identical to Amos': stick cash in a > kiosk to get electronic money. It'd be interesting to see how that > system plays with Amos' patent. It's not going to be anonymous at all. Remember, ATM's are always protected by cameras. If the digicash isn't anonymous, it's worthless. > (I won't be able to observe directly, > as I was fired from that company because I'm an incompetent slacker > (boss's view) or because the boss was a jack-booted jackass (my view).) Shit happens. Just be happy you're not working at IBM. It was leaked that they're outsourcing to India, etc... see: http://www.theinquirer.net/?article=10613 ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ From eresrch at eskimo.com Tue Jul 22 10:40:20 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Tue, 22 Jul 2003 10:40:20 -0700 (PDT) Subject: Fisk articles In-Reply-To: <20030722111630.GA28715@cybershamanix.com> Message-ID: On Tue, 22 Jul 2003, Harmon Seaver wrote: > Does anyone have access to the fulltext articles by Robert Fisk like this one > on alleged torture in US internment camps in Iraq: > http://news.independent.co.uk/world/fisk/story.jsp?story=426520 that the > Independant offers on a subscription basis? No, but you can buy them one at a time if you like. I'm waiting till I get some extra cash so I can subscribe, ever since they moved Fisk over to the pay column I've been missing a lot of good stories. I think it's worth paying for, I just have to justify it to my wife :-) Patience, persistence, truth, Dr. mike From DaveHowe at gmx.co.uk Tue Jul 22 04:24:28 2003 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Tue, 22 Jul 2003 12:24:28 +0100 Subject: Fwd: [IP] Gilmore bounced from plane; and Farber censors Gilmore's email References: <20030721180412.N60664-100000@kozubik.com> Message-ID: <012301c35043$d2c96230$c71121c2@exchange.sharpuk.co.uk> John Kozubik wrote: > On Mon, 21 Jul 2003, Major Variola (ret) wrote: > >>> Where do these ridiculous ideas come from ? If I own a piece of >>> private property, like an airplane (or an entire airline) for >>> instance, I can impose whatever senseless and arbitrary conditions >>> on your use of it as I please. >> >> Yes. >> Except that you entered into a contract to transport a human in >> exchange >> >> for money. No where in the contract was "banned speech" mentioned. > > If there are no provisions whatever for discretionary removal, then > BA was wrong to remove Gilmore - they broke their agreement. > However, I'll bet if you read _all_ the fine print, somewhere there > exists in the contract/agreement a provision for just that. well, there are the following (from http://www.britishairways.com/travel/genconcarr/public/en_gb ): ------------------------------------------------- Our right to refuse to carry you or to ban you from travel a) Our right to refuse to carry you We may decide to refuse to carry you or your baggage if one or more of the following has happened or we reasonably believe may happen. 1) If carrying you or your baggage may put the safety of the aircraft or the safety or health of any person in the aircraft in danger. 2) If carrying you or your baggage may affect the comfort of any person in the aircraft. 3) If you are drunk or under the influence of drink or drugs. 4) If you are, or we reasonably believe you are, in unlawful possession of drugs. 5) If your mental or physical state is a danger or risk to you, the aircraft or any person in it. 6) If you have refused to allow a security check to be carried out on you or your baggage. 7) If you have not obeyed the instructions of our ground staff or a member of the crew of the aircraft relating to safety or security. 8) If you have used threatening, abusive or insulting words towards our ground staff or a member of the crew of the aircraft. 9) If you have behaved in a threatening, abusive, insulting or disorderly way towards a member of our ground staff or a member of the crew of the aircraft. 10) If you have deliberately interfered with a member of the crew of the aircraft carrying out their duties. 11) If you have put the safety of either the aircraft or any person in it in danger. 12) If you have made a hoax bomb threat. 13) If you have committed a criminal offence during the check-in or boarding processes or on board the aircraft. 14) If you have not, or do not appear to have, valid travel documents. 15) If you try to enter a country for which your travel documents are not valid. 16) If the immigration authority for the country you are travelling to, or for a country in which you have a stopover, has told us (either orally or in writing) that it has decided not to allow you to enter that country, even if you have, or appear to have, valid travel documents. 17) If you destroy your travel documents during the flight. 18) If you have refused to allow us to photocopy your travel documents. 19) If you have refused to give your travel documents to a member of the crew of the aircraft, when we have asked you to do so. 20) If you ask the relevant government authorities for permission to enter a country in which you have landed as a transit passenger. 21) If carrying you would break government laws, regulations, or orders. 22) If you have refused to give us information which a government authority has asked us to provide about you. 23) If you have not presented a valid ticket. 24) If you have not paid the fare (including any taxes, fees or charges) for your journey. 25) If you have presented a ticket acquired illegally. 26) bIf you have presented a ticket which you did not buy from us or our authorised agents. 27) If you have presented a ticket which was not issued by us or our authorised agents. 28) If you have presented a ticket which has been reported as being lost or stolen. 29) If you have presented a counterfeit ticket. 30) If you have presented a ticket with an alteration made neither by us nor our authorised agents. 31) If you have presented a spoiled, torn or damaged ticket or a ticket which has been tampered with. 32) If you cannot prove you are the person named in the ticket. 33) If you have changed your transportation without our agreement as set out in clause 3c. 34) If you have failed to present your ticket or your boarding pass or your travel documents to us when reasonably asked to do so. 35) If you have failed to complete the check-in process by the check-in deadline. 36) If you have failed to arrive at the boarding gate on time. 37) If you have behaved in a way mentioned above on or in connection with a previous flight and we believe you may repeat this behaviour. b) Our right to refuse to carry you when we have banned you from our route network 1) We will be entitled to refuse to carry you or your baggage if we have given you a banning notice and you have bought your ticket while the ban applies. 2) By a banning notice we mean a written notice we have given to you informing you that you are banned from being carried on our route network. (This means you are banned from travelling on all flights we operate.) This notice will give the date when the ban comes into force and the period for which it applies. A banning notice will also ask you not to buy a ticket or ask or allow anyone to do so for you. 3) If you try to travel while a banning notice is in force, we will refuse to carry you and you will be entitled to an involuntary fare refund. -------------------------------------------------------- There are no obvious grounds for discressionary removal based on wearing a badge (or being married to a habitual badge-wearer) but the "banning notice" thing looks to be a blanket refusal option written up to look like something else - I don't read this as saying you have to have met the section (a) criteria for them to issue a banning notice, in which case they can refuse you for no reason at all provided they put it in writing. From hseaver at cybershamanix.com Tue Jul 22 11:17:44 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Tue, 22 Jul 2003 13:17:44 -0500 Subject: Fisk articles In-Reply-To: References: <20030722111630.GA28715@cybershamanix.com> Message-ID: <20030722181744.GA28993@cybershamanix.com> On Tue, Jul 22, 2003 at 10:40:20AM -0700, Mike Rosing wrote: > On Tue, 22 Jul 2003, Harmon Seaver wrote: > > > Does anyone have access to the fulltext articles by Robert Fisk like this one > > on alleged torture in US internment camps in Iraq: > > http://news.independent.co.uk/world/fisk/story.jsp?story=426520 that the > > Independant offers on a subscription basis? > > No, but you can buy them one at a time if you like. I'm waiting till > I get some extra cash so I can subscribe, ever since they moved Fisk over > to the pay column I've been missing a lot of good stories. I think it's > worth paying for, I just have to justify it to my wife :-) Yeah, I know I can, but I'm so broke I can barely pay attention. Too bad the local library doesn't have a sub to the Independant. 8-( -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From hseaver at cybershamanix.com Tue Jul 22 11:39:41 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Tue, 22 Jul 2003 13:39:41 -0500 Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online In-Reply-To: References: <200307212104.37725.sfurlong@acmenet.net> Message-ID: <20030722183941.GB28993@cybershamanix.com> On Tue, Jul 22, 2003 at 10:25:59AM -0400, Sunder wrote: > On Mon, 21 Jul 2003, Steve Furlong wrote: > > > (I won't be able to observe directly, > > as I was fired from that company because I'm an incompetent slacker > > (boss's view) or because the boss was a jack-booted jackass (my view).) > > Shit happens. Just be happy you're not working at IBM. It was leaked > that they're outsourcing to India, etc... > > see: http://www.theinquirer.net/?article=10613 Remember when the manufacturing jobs starting going south and they said "don't worry, this is an information economy now, and they'll all be information workers"? Not that I believed that at all, but now that all the information jobs are going south (or rather east and west), what are they claiming people will do here? Other than work at Hardee's, I mean. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From emc at artifact.psychedelic.net Tue Jul 22 14:31:15 2003 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Tue, 22 Jul 2003 14:31:15 -0700 (PDT) Subject: Fwd: [IP] Gilmore bounced from plane; and Farber censors Gilmore's email In-Reply-To: <1303.202.27.185.71.1058907896.squirrel@www.crypt.gen.nz> Message-ID: <200307222131.h6MLVFvc032087@artifact.psychedelic.net> > I felt sorry for the other 300 people on the plane who had their flight > delayed for some guy with a small badge on his chest, and a big chip on > his shoulder. The other 300 people on the plane had their flight delayed by the actions of the carrier, not by the actions of Gilmore. You are falling for the usual mental trap here of viewing authority as some sort of inviolate physical law, and transferring responsibilty onto the victim for "making them do it." You should watch that in the future. I mean, a 1 inch button, for Christ's sake. They must have had to use a magnifying glass to read the slogan. -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From sunder at sunder.net Tue Jul 22 11:52:58 2003 From: sunder at sunder.net (Sunder) Date: Tue, 22 Jul 2003 14:52:58 -0400 (edt) Subject: Fisk articles In-Reply-To: <20030722111630.GA28715@cybershamanix.com> Message-ID: No, but googling around I found this gem: http://www.amnestyusa.org/news/2003/iraq06302003.html ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Tue, 22 Jul 2003, Harmon Seaver wrote: > Does anyone have access to the fulltext articles by Robert Fisk like this one > on alleged torture in US internment camps in Iraq: > http://news.independent.co.uk/world/fisk/story.jsp?story=426520 that the > Independant offers on a subscription basis? > > -- > Harmon Seaver > CyberShamanix > http://www.cybershamanix.com From sunder at sunder.net Tue Jul 22 12:25:35 2003 From: sunder at sunder.net (Sunder) Date: Tue, 22 Jul 2003 15:25:35 -0400 (edt) Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online In-Reply-To: <3F1D61DB.38131150@cdc.gov> Message-ID: I wonder if some sort of infrared LED laden bandana be made for the benefit of the cameras. :) Maybe something like those scrolling blackboard things that say stuff... It could say things like "I'm ANONYMOUS, Neener neener, nya, nya, nya" I wonder what the guards would do then? ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Tue, 22 Jul 2003, Major Variola (ret) wrote: > Yes to all points. Of course, this is why a bandana/burkha/ski mask > is a good thing to carry when approaching an ATM. > Better if they're IR opaque. Best not to > do this if the ATM is attached to a bank though, for the sake > of the guards' underwear :-) From camera_lumina at hotmail.com Tue Jul 22 13:41:47 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 22 Jul 2003 16:41:47 -0400 Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online Message-ID: "Remember when the manufacturing jobs starting going south and they said "don't worry, this is an information economy now, and they'll all be information workers"? Not that I believed that at all, but now that all the information jobs are going south (or rather east and west), what are they claiming people will do here? Other than work at Hardee's, I mean." Well, there should be some Telecom contracts coming out of Iraq soon. And when those dry up maybe we'll find some more terrorists in, say, some of the 'stans. -TD >From: Harmon Seaver >To: cypherpunks at lne.com >Subject: Re: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online >Date: Tue, 22 Jul 2003 13:39:41 -0500 > >On Tue, Jul 22, 2003 at 10:25:59AM -0400, Sunder wrote: > > On Mon, 21 Jul 2003, Steve Furlong wrote: > > > > > (I won't be able to observe directly, > > > as I was fired from that company because I'm an incompetent slacker > > > (boss's view) or because the boss was a jack-booted jackass (my >view).) > > > > Shit happens. Just be happy you're not working at IBM. It was leaked > > that they're outsourcing to India, etc... > > > > see: http://www.theinquirer.net/?article=10613 > > Remember when the manufacturing jobs starting going south and they said >"don't worry, this is an information economy now, and they'll all be >information >workers"? Not that I believed that at all, but now that all the information >jobs >are going south (or rather east and west), what are they claiming people >will do >here? Other than work at Hardee's, I mean. > > >-- >Harmon Seaver >CyberShamanix >http://www.cybershamanix.com _________________________________________________________________ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail From adam.lydick at verizon.net Tue Jul 22 17:01:43 2003 From: adam.lydick at verizon.net (Adam Lydick) Date: 22 Jul 2003 17:01:43 -0700 Subject: curious about covert channels Message-ID: <1058918502.16528.6.camel@lorien> Had a random thought and was curious if anyone had an opinion on this: Would message-ID, and other realated mail headers that contain pseudo-random data, make a good covert channel? Eg: instead of choosing a pseudo-random value for the message ID, encrypt a block of data of the same length as the ID with a preshared secret key. Issues that spring to mind: * small, you would need quite a few overt messages to transfer anything sizeable over the covert channel. * Is it possible to tell the difference between pseudo-randomly picked values (typical mail client), encrypted data (depending on algorithm), and real randomness? (I suppose this could make the channel detectable) Thanks, Adam Lydick From hseaver at cybershamanix.com Tue Jul 22 15:08:59 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Tue, 22 Jul 2003 17:08:59 -0500 Subject: Fwd: [IP] Gilmore bounced from plane; and Farber censors Gilmore's email In-Reply-To: <1303.202.27.185.71.1058907896.squirrel@www.crypt.gen.nz> References: <20030721180412.N60664-100000@kozubik.com> <012301c35043$d2c96230$c71121c2@exchange.sharpuk.co.uk> <1303.202.27.185.71.1058907896.squirrel@www.crypt.gen.nz> Message-ID: <20030722220859.GA29101@cybershamanix.com> On Wed, Jul 23, 2003 at 09:04:56AM +1200, Kerry Thompson wrote: > I felt sorry for the other 300 people on the plane who had their flight > delayed for some guy with a small badge on his chest, and a big chip on > his shoulder. Fuck that noise -- it should happen every single flight until the jackass pilots/crew get the message. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From morlockelloi at yahoo.com Tue Jul 22 20:17:39 2003 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Tue, 22 Jul 2003 20:17:39 -0700 (PDT) Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online In-Reply-To: Message-ID: <20030723031739.55749.qmail@web40612.mail.yahoo.com> > >If the digicash isn't anonymous, it's worthless. > > I'd argue to the contrary. First, "most people have nothing to hide". > The folks will want digicash for reasons other than anonymity, as argued You are misusing the term "cash". What you are describing are essentially "internet debit cards." While it is attractive to insert word "cash" into any harebrained "net money" scheme, exactly because of positive associations with CASH, it is misleading and deceptive. Cash means off-line clearing and anonymous. If it is complicated to understand, open your wallet, take a banknote out of it and ponder what it is for a minute. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From jtrjtrjtr2001 at yahoo.com Tue Jul 22 23:56:50 2003 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Tue, 22 Jul 2003 23:56:50 -0700 (PDT) Subject: Dna samples of world leaders Message-ID: <20030723065650.82911.qmail@web21201.mail.yahoo.com> hi, Yesterdays briefing on the death of saddams sons-the bodies were said to be send for positive identification through dna tests.How are these samples obtained anyway?Royal Saloons,Royal Doctors,Visits to the US during peace times?What more effecient methods are used? Sarath. __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From sfurlong at acmenet.net Wed Jul 23 00:20:26 2003 From: sfurlong at acmenet.net (Steve Furlong) Date: Wed, 23 Jul 2003 03:20:26 -0400 Subject: Dna samples of world leaders In-Reply-To: <20030723065650.82911.qmail@web21201.mail.yahoo.com> References: <20030723065650.82911.qmail@web21201.mail.yahoo.com> Message-ID: <200307230320.26189.sfurlong@acmenet.net> On Wednesday 23 July 2003 02:56, Sarad AV wrote: > Yesterdays briefing on the death of saddams sons-the > bodies were said to be send for positive > identification through dna tests.How are these samples > obtained anyway?Royal Saloons,Royal Doctors,Visits to > the US during peace times?What more effecient methods > are used? Samples from known relatives, I'd guess, along with any other means that comes to hand. -- Steve Furlong Computer Condottiere Have GNU, Will Travel "If someone is so fearful that, that they're going to start using their weapons to protect their rights, makes me very nervous that these people have these weapons at all!" -- Rep. Henry Waxman From decoy at iki.fi Tue Jul 22 17:29:39 2003 From: decoy at iki.fi (Sampo Syreeni) Date: Wed, 23 Jul 2003 03:29:39 +0300 (EEST) Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online In-Reply-To: References: Message-ID: On 2003-07-22, Sunder uttered: >If the digicash isn't anonymous, it's worthless. I'd argue to the contrary. First, "most people have nothing to hide". The folks will want digicash for reasons other than anonymity, as argued by this particular "inventor" (I've wanted to handle my cash automatically eversince I got my first debit card). Second, once the cash is online, it's considerably easier to pool it, confuse the authorities about it, connect it to the existing anonymity infrastructure, build secondary services which allow its origin to be completely masked, and so on. These sorts of hacks can well bridge the gap between ordinary cash/credit and truly anonymous online specie. They aren't the final solution, but they can help overcome the chicken and egg problem inherent in all digicash. -- Sampo Syreeni, aka decoy - mailto:decoy at iki.fi, tel:+358-50-5756111 student/math+cs/helsinki university, http://www.iki.fi/~decoy/front openpgp: 050985C2/025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 From decoy at iki.fi Tue Jul 22 18:01:24 2003 From: decoy at iki.fi (Sampo Syreeni) Date: Wed, 23 Jul 2003 04:01:24 +0300 (EEST) Subject: [IP] Gilmore bounced from plane; and Farber censors Gilmore's email In-Reply-To: <1303.202.27.185.71.1058907896.squirrel@www.crypt.gen.nz> References: <20030721180412.N60664-100000@kozubik.com> <012301c35043$d2c96230$c71121c2@exchange.sharpuk.co.uk> <1303.202.27.185.71.1058907896.squirrel@www.crypt.gen.nz> Message-ID: On 2003-07-23, Kerry Thompson uttered: >I felt sorry for the other 300 people on the plane who had their flight >delayed for some guy with a small badge on his chest, and a big chip on >his shoulder. Sure it's nasty that the flight was delayed. But was it John's fault? Likely not -- he seems to have behaved well within his rights, morally speaking. Quite unlike the flight crew. (IOW, BA seems like the least cost avoider in this particular dispute.) Naturally there should be refunds and amends, but those should probably come from the crew's pockets. Not John's. Furthermore, the terms of contract posted earlier seem far too vague and limiting to meet the usual standards of valid contract under a naove interpretation of Common Law. (IANAL, but both good will and meeting of minds appear to fail.) If so, BA ought to be in serious trouble. In the ideal world they would lose in court, and have to either reevaluate their guidelines or state them more explicitly. In the first case, everybody would be happy, with John off the hook. In the second, they should meet with widespread public outrage, a thorough-going boycott, huge financial losses and the unavoidable backdrop to simpler terms of contract. Otherwise: bankruptcy. -- Sampo Syreeni, aka decoy - mailto:decoy at iki.fi, tel:+358-50-5756111 student/math+cs/helsinki university, http://www.iki.fi/~decoy/front openpgp: 050985C2/025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 From eresrch at eskimo.com Wed Jul 23 06:09:15 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Wed, 23 Jul 2003 06:09:15 -0700 (PDT) Subject: Fisk articles In-Reply-To: <20030722181744.GA28993@cybershamanix.com> Message-ID: On Tue, 22 Jul 2003, Harmon Seaver wrote: > Yeah, I know I can, but I'm so broke I can barely pay attention. Too bad the > local library doesn't have a sub to the Independant. 8-( I'm looking for a new job. If I'm lucky, I'll get a "real" one and can send you some Fisk fix :-) Patience, persistence, truth, Dr. mike From s.schear at comcast.net Wed Jul 23 08:27:52 2003 From: s.schear at comcast.net (Steve Schear) Date: Wed, 23 Jul 2003 08:27:52 -0700 Subject: Leech politics could be bad for your health Message-ID: <5.2.1.1.0.20030723082601.0448ffc0@mail.comcast.net> Could your political beliefs determine how long you live? New research from sociologist Dr William Cockerham and colleagues from the University of Alabama in the United States has found that differences in attitudes to looking after your body and your health are predicted by your political allegiances. It seems those who believe the state should take responsibility for most aspects of life also tend to eschew personal responsibility for taking care of themselves. As a result, they are more likely to engage in lifestyles hazardous to their health, including drinking to excess and not exercising. http://thescotsman.co.uk/health.cfm?id=765012003 steve "Il dulce far niente" The sweetness of doing nothing My unemployment motto From cypher at crypt.gen.nz Tue Jul 22 14:04:56 2003 From: cypher at crypt.gen.nz (Kerry Thompson) Date: Wed, 23 Jul 2003 09:04:56 +1200 (NZST) Subject: Fwd: [IP] Gilmore bounced from plane; and Farber censors Gilmore's email In-Reply-To: <012301c35043$d2c96230$c71121c2@exchange.sharpuk.co.uk> References: <20030721180412.N60664-100000@kozubik.com> <012301c35043$d2c96230$c71121c2@exchange.sharpuk.co.uk> Message-ID: <1303.202.27.185.71.1058907896.squirrel@www.crypt.gen.nz> Dave Howe said: > John Kozubik wrote: [snip] > There are no obvious grounds for discressionary removal based on wearing > a badge (or being married to a habitual badge-wearer) but the "banning > notice" thing looks to be a blanket refusal option written up to look > like something else - I don't read this as saying you have to have met > the section (a) criteria for them to issue a banning notice, in which > case they can refuse you for no reason at all provided they put it in > writing. True, but Gilmore clearly refused an order from the Captain despite his view that the order to remove the badge was in breach of some rights that he thought he had. At this point of refusal the presence of a badge becomes secondary, and Gilmore has probably breached a few rules, such as : > 7) If you have not obeyed the instructions of our ground staff or a member > of the crew of the aircraft relating to safety or security. .. and maybe : > 9) If you have behaved in a threatening, abusive, insulting or disorderly > way towards a member of our ground staff or a member of the crew of the > aircraft. if you could class Gilmore's actions as disorderly. .. and : > 10) If you have deliberately interfered with a member of the crew of the > aircraft carrying out their duties. where the duties could have been those of the flight assistant to have the badge removed. I felt sorry for the other 300 people on the plane who had their flight delayed for some guy with a small badge on his chest, and a big chip on his shoulder. From camera_lumina at hotmail.com Wed Jul 23 06:18:41 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 23 Jul 2003 09:18:41 -0400 Subject: Fwd: [IP] Gilmore bounced from plane; and Farber censors Gilmore's email Message-ID: Eric Cordia wrote... "I mean, a 1 inch button, for Christ's sake. They must have had to use a magnifying glass to read the slogan." Actually, that's an interesting point. Let's first of all remember that Gilmore was allowed onto the plane in the first place, so airport security didn't care or notice. And it doesn't seem that onboard Gilmore was causing a ruckus or creating the sense of insecurity. And I'm willing to bet that none of the staff actually felt/believed that the guy was a threat (let's assume they have the right to remove somebody that perceived to be a threat). So clearly this was punitive. No don't get me wrong, I would have thought the guy was a little bit of dick for "spooking the straights", and I would have been tempted (note the word tempted) to punch that button off of him so we didn't have to turn around. But it sounds like a rehash of the mall incident...had he walked onto the flight with a button that said "I support our troops", he wouldn't have been thrown off. Thus everyone has become a kind of thought cop....but what they're enforcing is not the collective perceived reality, but what most people believe the collective perceived reality is supposed to be. There're cracks already though, and the fact that NY Times ran that photo on the front page the other day means a lot, actually... -TD >From: Eric Cordian >To: cypherpunks at minder.net >Subject: Re: Fwd: [IP] Gilmore bounced from plane; and Farber censors >Gilmore's email >Date: Tue, 22 Jul 2003 14:31:15 -0700 (PDT) > > > I felt sorry for the other 300 people on the plane who had their flight > > delayed for some guy with a small badge on his chest, and a big chip on > > his shoulder. > >The other 300 people on the plane had their flight delayed by the actions >of the carrier, not by the actions of Gilmore. > >You are falling for the usual mental trap here of viewing authority as >some sort of inviolate physical law, and transferring responsibilty onto >the victim for "making them do it." > >You should watch that in the future. > >I mean, a 1 inch button, for Christ's sake. They must have had to use a >magnifying glass to read the slogan. > >-- >Eric Michael Cordian 0+ >O:.T:.O:. Mathematical Munitions Division >"Do What Thou Wilt Shall Be The Whole Of The Law" _________________________________________________________________ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail From timcmay at got.net Wed Jul 23 09:42:07 2003 From: timcmay at got.net (Tim May) Date: Wed, 23 Jul 2003 09:42:07 -0700 Subject: Dna samples of world leaders In-Reply-To: <20030723065650.82911.qmail@web21201.mail.yahoo.com> Message-ID: <995120CC-BD2C-11D7-8D66-0003930F2360@got.net> On Tuesday, July 22, 2003, at 11:56 PM, Sarad AV wrote: > hi, > > Yesterdays briefing on the death of saddams sons-the > bodies were said to be send for positive > identification through dna tests.How are these samples > obtained anyway?Royal Saloons,Royal Doctors,Visits to > the US during peace times?What more effecient methods > are used? > Hair samples, dandruff, etc. A bunch of reports over the past several months that the houses and villas of Hussein and his family had been gone over carefully for traces of hair, old shaving razors, skin particles, etc. Even if doctors and such have not been bribed or coerced into providing blood samples, lots of ways to track DNA. All a matter of economics, as usual. --Tim May From mv at cdc.gov Wed Jul 23 09:58:48 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 23 Jul 2003 09:58:48 -0700 Subject: Dna samples of world leaders Message-ID: <3F1EBEC8.302D9ECF@cdc.gov> At 11:56 PM 7/22/03 -0700, Sarad AV wrote: >Yesterdays briefing on the death of saddams sons-the >bodies were said to be send for positive >identification through dna tests.How are these samples >obtained anyway?Royal Saloons,Royal Doctors,Visits to >the US during peace times?What more effecient methods >are used? > >Sarath. A guy was busted by using DNA from an envelope he licked in response to a "sting" letter from the police (but not appearing so). A guy was caught because his *son's* DNA was on file. Go dump-diving in places where his trash is dumped. And at his relatives houses. Befriend/employ someone where he/they get their bloodwork done. Cleaning people who dust where he sits. His barber. His launderer. Wonder how they got their dentalcharts. They'll have to show us the beef if they want to be believed. Of course, Bush and Rummy holding their heads on sticks will have to be edited from US markets... The first rule of missile fighting: the one who brings the full-auto rifle loses. From Freematt357 at aol.com Wed Jul 23 07:44:51 2003 From: Freematt357 at aol.com (Freematt357 at aol.com) Date: Wed, 23 Jul 2003 10:44:51 EDT Subject: [IP] Gilmore bounced from plane; and Farber censors Gilmore's email Message-ID: <198.1d8cf494.2c4ff963@aol.com> In a message dated 7/23/2003 9:23:58 AM Eastern Daylight Time, camera_lumina at hotmail.com writes: Actually, that's an interesting point. Let's first of all remember that Gilmore was allowed onto the plane in the first place, so airport security didn't care or notice. You are correct, and this means that the TSA Nazis failed to adequately identify a potential security threat. The button being discovered by British Airways. Remember 9/11 was a failure of our alphabet agencies for adequately protecting us, and naturally in response we've run to protection to another new alphabet agency, how sad. http://www.freeohio.us/pamphlets/airport.pdf Regards, Matt- From sunder at sunder.net Wed Jul 23 08:42:06 2003 From: sunder at sunder.net (Sunder) Date: Wed, 23 Jul 2003 11:42:06 -0400 (edt) Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online In-Reply-To: Message-ID: You do have somewhat of a point, but consider this. Real cash is anonymous. If you want to do electronic payments that are non-anonymous you can simply use a credit card or debit card (or something like paypal, egold), or for larger quanitities you can do wire transfers - so why would we need yet another a non-anonymous "cash" that isn't cash? Just because it's cool and we can call it electronic cash? What's the point? Why would you bother building it? Why would anyone bother using it? Confusing the authorities is a dumb thing to consider as a reason. They will smarten up pretty quickly if they think you're doing something illegal, and it won't make any difference what cool technical toys you have used. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Wed, 23 Jul 2003, Sampo Syreeni wrote: > On 2003-07-22, Sunder uttered: > > >If the digicash isn't anonymous, it's worthless. > > I'd argue to the contrary. First, "most people have nothing to hide". > The folks will want digicash for reasons other than anonymity, as argued > by this particular "inventor" (I've wanted to handle my cash automatically > eversince I got my first debit card). Second, once the cash is online, > it's considerably easier to pool it, confuse the authorities about it, > connect it to the existing anonymity infrastructure, build secondary > services which allow its origin to be completely masked, and so on. From netkita at earthlink.net Wed Jul 23 08:53:34 2003 From: netkita at earthlink.net (netkita at earthlink.net) Date: Wed, 23 Jul 2003 11:53:34 -0400 Subject: Remember 9/11 In-Reply-To: <198.1d8cf494.2c4ff963@aol.com> Message-ID: <3F1E773E.21886.2F3C9666@localhost> This I feel is very unfair. While I do think that the Fbi and Secret Service could be closed and their tasks combined and given over to the NSA ,Marines and other law enforcement agencies, I think that overall the agencies did the best they could. It is hard to break cells. If you remember historically that the Weathermen aka the Weather underground succeeded because of their overwhelming similarities. therefore they bonded. They were of diverse religions BUT .. they were all of the same socio economic background,educated same politics,same age. It is very hard to infiltrate cells if not impossible. Cells consist of only 5 or less people and do not know the activities of others.Therefore if the other cells do not know the activities of others , then how can a law enforcement agency. 23 Jul 2003 at 10:44, Freematt357 at aol.com wrote: > > Remember 9/11 was a failure of our alphabet agencies for adequately protecting us, and naturally in response we've run to protection to > another new alphabet agency, how sad. From sunder at sunder.net Wed Jul 23 09:42:35 2003 From: sunder at sunder.net (Sunder) Date: Wed, 23 Jul 2003 12:42:35 -0400 (edt) Subject: Dna samples of world leaders In-Reply-To: <995120CC-BD2C-11D7-8D66-0003930F2360@got.net> Message-ID: Bah! Saddam has become the new Eric Goldstien since Osama Bin Ladin is quieter. Perhaps the CIA's voice lab is better at cloning his voice? hence the poor quality audio tapes? I wonder how hard it is to capture a person's phoenems and feed it to a good quality speech synth? I wonder if recording it on a cheap tape with a microphone will remove all traces of it being fake. The hard part will of course be getting the inflections right. Perhaps if you tie a speech recognition system with a speech synth, the recognition system might be able to detect inflection, tone, and rate, and provide hints to the synth? Wouldn't even have to work in real time. Hey, if they were willing to push Hans Blix around until he called the bastards and reported all the pressure to "find something" and offed David Kelley, why not something like a Saddam Vactor? I'm sure they could even sprinkle the old DNA samples around some shack in the woods of Iran or Saudi Arabia or something, along with some uranium or anthrax samples and aluminu cylinders, as proof that they were harboring him as a prelude to another invasion. Why the fuck not? 50 states isn't enough, and North America's getting too crowded, let's take over the entire Middle East... After that, let's take over France too and make them say "EMAIL" and eat only McDonalds' cheeseburgers and drink only Budwiser. But that can wait until after we mine all of Liberia's diamonds... hey we can't afford another war just yet, need to make money first... The sky's the limit, just vote for Bush again, and after him Condoleeza Rice can be our first female president with Ashcroft as VP. We can be very politically correct that way. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Wed, 23 Jul 2003, Tim May wrote: > Hair samples, dandruff, etc. A bunch of reports over the past several > months that the houses and villas of Hussein and his family had been > gone over carefully for traces of hair, old shaving razors, skin > particles, etc. > > Even if doctors and such have not been bribed or coerced into providing > blood samples, lots of ways to track DNA. All a matter of economics, as > usual. > > --Tim May From ajuels at rsasecurity.com Wed Jul 23 09:51:27 2003 From: ajuels at rsasecurity.com (Juels, Ari) Date: Wed, 23 Jul 2003 12:51:27 -0400 Subject: [fc-announce] FC '04: Call for Papers Message-ID: Call for Papers and Presentations Financial Cryptography '04 9-12 February 2004 Key West, Florida, USA Conference Web site: http://ifca.ai/fc04 Important dates: Conference: 9-12 February 2004 Submission deadline 1 September 2003 23h59 GMT Author notification 15 November 2003 Pre-proceedings version due 15 December 2003 Original papers and presentations on all aspects of financial-data security and secure digital commerce are solicited for submission to the Eight Annual Conference on Financial Cryptography (FC '04). FC '04 will bring together researchers and practitioners in the financial, legal, cryptologic, and data-security fields to foster cooperation and exchange of ideas. In addition to novel scientific research as in previous years, the program for FC '04 will include sessions on digital finance and economics and on secure financial systems and digital-cash architectures. For the systems and finance sessions, submissions must have a visible bearing on financial-security issues, but need not be exclusively concerned with cryptography or security. Possible topics for submission to the various sessions include: Research Sessions: Submissions accepted to the research portion of the conference will be published in full in the conference proceedings (up to 15 pages in total). Systems and Finance Sessions: For the systems and finance portions of the conference, the primary emphasis is on presentation. For accepted submissions in these sessions, a one-page abstract will be published in the conference proceedings. Submissions to the systems portion of the conference may include architectural descriptions and/or accounts of industry or technical experience with implementations of secure digital commerce systems. Presentations may concern commercial systems, academic prototypes, or open-source projects for any of the topics listed above. Where appropriate, software or hardware demonstrations are encouraged as part of the presentations in these sessions. Contributions to the systems and the finance sessions of the conference need not necessarily include novel contributions in the realm of scientific research, nor must they concern financial cryptography or security exclusively. They must, however, reflect careful thought and effort and provide valuable, up-to-date experience that is relevant to practitioners in the fields of financial cryptography and security. Submissions to these sessions may consist of a short summary of work of one to six (1-6) pages in length. Instructions for Authors: Complete papers (or complete extended abstracts) must be received by 23h59 GMT on 1 September 2003. All papers must be submitted electronically. (In exceptional circumstances, paper submissions can be accepted, but special arrangements must be made with the program chair prior to 1 August 2003.) Papers must be formatted in standard PostScript, PDF format, or MS Word, and should be submitted electronically according to the instructions at http://www.ifca.ai/fc04/ prior to the deadline. Submissions in other formats will be rejected. Papers should be submitted electronically according to the instructions at . Papers may be submitted through the submission form available at . Submissions to the research portion of the conference may include at most fifteen (15) single-spaced standard pages in length. Submissions to the systems and finance portions of the conference must be short summaries of work consisting of at most six (6) single-spaced standard pages in length. (As indicated above, for accepted submissions in these latter sessions, a corresponding one-page abstract will be published in the conference proceedings.) Author names and affiliations on submissions must be explicit. In other words, submitted papers should not be anonymized. Submissions must include on the first page the title of the paper, the names and affiliations of all author, a brief abstract, a list of topical keywords, and a conference-session category (research, finance, or systems). Papers must describe original work. For the research portion of the conference, submission of previously published material and simultaneous submission of papers to other conferences or workshops with proceedings is not permitted. Authors of research papers found to be doubly submitted risk having all their submissions withdrawn from consideration as well as other appropriate sanctions. The conference proceedings containing all accepted submissions will be published in the Springer-Verlag Lecture Notes in Computer Science (LNCS) series after the conference. A pre-proceedings containing preliminary versions of the papers will be distributed at the conference. For accepted submissions, at least one author must attend the conference and present. In addition, authors of accepted submissions must prepare the pre-proceedings and final proceedings version - a full paper or one-page abstract, as appropriate -- and sign an IFCA copyright form . Questions about paper or panel submissions should be directed to the program chair (ajuels at rsasecurity.com). _______________________________________________ fc-announce mailing list fc-announce at ifca.ai http://mail.ifca.ai/mailman/listinfo/fc-announce --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From Freematt357 at aol.com Wed Jul 23 09:56:16 2003 From: Freematt357 at aol.com (Freematt357 at aol.com) Date: Wed, 23 Jul 2003 12:56:16 EDT Subject: Remember 9/11 Message-ID: <1c0.ce0cd79.2c501830@aol.com> In a message dated 7/23/2003 11:57:54 AM Eastern Daylight Time, netkita at earthlink.net writes: This I feel is very unfair. While I do think that the Fbi and Secret Service could be closed and their tasks combined and given over to the NSA ,Marines and other law enforcement agencies, I think that overall the agencies did the best they could. This is utter bullshit. The US knew that Bin Laden was a threat and had been conducting covert operations with NSA against him for some number of years prior to 9/11. NSA was erasing the various bank databases that Bin Laden's funds were in and they were messing around with his wire transfers. Hell, Intel was even playing taped conversations of Bin Laden with his mother to impress Congress all prior to 9/11. Bin Laden choose the WTC as a symbol of American financial imperialism and as a punishment to our screwing with him...The failure IMHO is that rather than in engaging in largely harassing techniques-We should have gone after him in much as the same fashion as we are today-It isn't like we didn't have ample warning. What I'm saying for the hearing impaired is that our Intel agencies made the threat worse by playing games that enraged the attacker (Bin Laden) rather than neutralizing the threat. Regards, Matt Gaylor- From mv at cdc.gov Wed Jul 23 13:13:15 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Wed, 23 Jul 2003 13:13:15 -0700 Subject: kinko spying: criminal caught Scarfing keydata Message-ID: <3F1EEC5A.7666553A@cdc.gov> Kinko's spy case: Risks of renting PCs NEW YORK (AP) -- For more than a year, unbeknownst to people who used Internet terminals at Kinko's stores in New York, Juju Jiang was recording what they typed, paying particular attention to their passwords. Jiang had secretly installed, in at least 14 Kinko's copy shops, software that logs individual keystrokes. He captured more than 450 user names and passwords, and used them to access and open bank accounts online. http://www.cnn.com/2003/TECH/internet/07/23/cybercafe.security.ap/index.html From measl at mfn.org Wed Jul 23 11:20:53 2003 From: measl at mfn.org (J.A. Terranson) Date: Wed, 23 Jul 2003 13:20:53 -0500 (CDT) Subject: Remember 9/11 In-Reply-To: <3F1E773E.21886.2F3C9666@localhost> Message-ID: On Wed, 23 Jul 2003 netkita at earthlink.net wrote: > This I feel is very unfair. While I do think that the Fbi and Secret Service could be closed and > their tasks combined and given over to the NSA ,Marines and other law enforcement > agencies, Excuse me? When did the Marines and the NSA become Law Enforcement Agencies? > less people and do not know the activities of others.Therefore if the other cells do not know > the activities of others , then how can a law enforcement agency. This at least I can buy into. By definition, a cell which is properly run should be immune from the prying eyes of law enforcement. That why the structure was developed. Nevertheless, it stands as a failure for our counterintel folks, since it is, by definition, their job to find ways into these cells. > 23 Jul 2003 at 10:44, Freematt357 at aol.com wrote: > > > > Remember 9/11 was a failure of our alphabet agencies for adequately > protecting us, and naturally in response we've run to protection to > > another new alphabet agency, how sad. > -- Yours, J.A. Terranson sysadmin at mfn.org "Every living thing dies alone." Donnie Darko From frantz at pwpconsult.com Wed Jul 23 14:24:47 2003 From: frantz at pwpconsult.com (Bill Frantz) Date: Wed, 23 Jul 2003 14:24:47 -0700 Subject: Dna samples of world leaders In-Reply-To: <4fedac1f754fe807edda22e458823854@dizum.com> Message-ID: At 1:40 PM -0700 7/23/03, Nomen Nescio wrote: >> Yesterdays briefing on the death of saddams sons-the > >What is most troubling is that USG assumes (correctly ?) that >assassinating relatives of enemies of the state will be welcomed >by the public. I think the evidence is strong that they were as bad as Sadam. If Sadam was an "enemy of the state", then they were too. I also think that assassinate is the wrong word to use to describe what happens to someone when an army says, "Come out with your hands up", and instead they come out shooting. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | "A Jobless Recovery is | Periwinkle -- Consulting (408)356-8506 | like a Breadless Sand- | 16345 Englewood Ave. frantz at pwpconsult.com | wich." -- Steve Schear | Los Gatos, CA 95032, USA From bill.stewart at pobox.com Wed Jul 23 15:56:46 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Wed, 23 Jul 2003 15:56:46 -0700 Subject: kinko spying: criminal caught Scarfing keydata In-Reply-To: <3F1EEC5A.7666553A@cdc.gov> Message-ID: <5.1.1.6.2.20030723155509.0c5c6ef8@idiom.com> The real question is whether the FBI's keyloggers caught Jiang's passwords, or whether it was the NSA or Mossad caught the FBI's keyloggers catching Jiang's keylogger catching other passwords. At 01:13 PM 07/23/2003 -0700, Major Variola (ret.) wrote: >Kinko's spy case: Risks of renting PCs > > NEW YORK (AP) -- For more than a > year, unbeknownst to people who used > Internet terminals at Kinko's stores in > New York, Juju Jiang was recording > what they typed, paying particular > attention to their passwords. > > Jiang had secretly installed, in at least 14 > Kinko's copy shops, software that logs > individual keystrokes. He captured more > than 450 user names and passwords, and > used them to access and open bank > accounts online. > >http://www.cnn.com/2003/TECH/internet/07/23/cybercafe.security.ap/index.html From sunder at sunder.net Wed Jul 23 14:17:08 2003 From: sunder at sunder.net (Sunder) Date: Wed, 23 Jul 2003 17:17:08 -0400 (edt) Subject: Dna samples of world leaders In-Reply-To: Message-ID: Right, just because Shrubb-ya and Blair lied to get congress to approve a war on Iraq so he could steal the oil, it doesn't mean that Saddam was a saint and that his human rights violations (read: torture, murder, rape, pillage) could be dismissed, and he didn't deserve to be forced off the throne. The Hussein bunch got what they deserved. Fuck'em. What's disturbing is that "we" put that motherfucker in power, and supplied him with the means to carry out his attrocies against his own people, we fueld the fires of the Iran/Iraq war by feeding both sides with weapons and intel, and so on. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Wed, 23 Jul 2003, Bill Frantz wrote: > I think the evidence is strong that they were as bad as Sadam. If Sadam > was an "enemy of the state", then they were too. > > I also think that assassinate is the wrong word to use to describe what > happens to someone when an army says, "Come out with your hands up", and > instead they come out shooting. From ben at algroup.co.uk Wed Jul 23 11:41:54 2003 From: ben at algroup.co.uk (Ben Laurie) Date: Wed, 23 Jul 2003 19:41:54 +0100 Subject: Fwd: [IP] Gilmore bounced from plane; and Farber censors Gilmore's email In-Reply-To: <1303.202.27.185.71.1058907896.squirrel@www.crypt.gen.nz> References: <20030721180412.N60664-100000@kozubik.com> <012301c35043$d2c96230$c71121c2@exchange.sharpuk.co.uk> <1303.202.27.185.71.1058907896.squirrel@www.crypt.gen.nz> Message-ID: <3F1ED6F2.6050109@algroup.co.uk> Kerry Thompson wrote: > Dave Howe said: > >>John Kozubik wrote: > > [snip] > >>There are no obvious grounds for discressionary removal based on wearing >>a badge (or being married to a habitual badge-wearer) but the "banning >>notice" thing looks to be a blanket refusal option written up to look >>like something else - I don't read this as saying you have to have met >>the section (a) criteria for them to issue a banning notice, in which >>case they can refuse you for no reason at all provided they put it in >>writing. > > > True, but Gilmore clearly refused an order from the Captain despite his > view that the order to remove the badge was in breach of some rights that > he thought he had. At this point of refusal the presence of a badge > becomes secondary, and Gilmore has probably breached a few rules, such as > : > > >>7) If you have not obeyed the instructions of our ground staff or a member >>of the crew of the aircraft relating to safety or security. > > > . The safety or security issue being what? > and maybe : > > >>9) If you have behaved in a threatening, abusive, insulting or disorderly >>way towards a member of our ground staff or a member of the crew of the >>aircraft. > > > if you could class Gilmore's actions as disorderly. Could you? I think not. > . and : > > >>10) If you have deliberately interfered with a member of the crew of the >>aircraft carrying out their duties. > > > where the duties could have been those of the flight assistant to have the > badge removed. Give me a break. > I felt sorry for the other 300 people on the plane who had their flight > delayed for some guy with a small badge on his chest, and a big chip on > his shoulder. Yeah, never stand up for your rights if it might delay you. I'm with you, brother. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From rah at shipwright.com Wed Jul 23 18:25:33 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 23 Jul 2003 21:25:33 -0400 Subject: [fc-announce] FC '04: Call for Papers Message-ID: --- begin forwarded text From nobody at dizum.com Wed Jul 23 13:40:09 2003 From: nobody at dizum.com (Nomen Nescio) Date: Wed, 23 Jul 2003 22:40:09 +0200 (CEST) Subject: Dna samples of world leaders Message-ID: <4fedac1f754fe807edda22e458823854@dizum.com> > Yesterdays briefing on the death of saddams sons-the What is most troubling is that USG assumes (correctly ?) that assassinating relatives of enemies of the state will be welcomed by the public. From sfurlong at acmenet.net Thu Jul 24 03:19:50 2003 From: sfurlong at acmenet.net (Steve Furlong) Date: Thu, 24 Jul 2003 06:19:50 -0400 Subject: kinko spying: criminal caught Scarfing keydata In-Reply-To: <5.1.1.6.2.20030723155509.0c5c6ef8@idiom.com> References: <5.1.1.6.2.20030723155509.0c5c6ef8@idiom.com> Message-ID: <200307240619.50852.sfurlong@acmenet.net> On Wednesday 23 July 2003 18:56, Bill Stewart wrote: > The real question is whether the FBI's keyloggers caught Jiang's > passwords, or whether it was the NSA or Mossad caught the FBI's > keyloggers catching Jiang's keylogger catching other passwords. > > New York, Juju Jiang was recording ^^^^ How many clues do you need? Obviously the J-U-E-S are behind it all. -- Steve Furlong Computer Condottiere Have GNU, Will Travel "If someone is so fearful that, that they're going to start using their weapons to protect their rights, makes me very nervous that these people have these weapons at all!" -- Rep. Henry Waxman From sfurlong at acmenet.net Thu Jul 24 03:42:24 2003 From: sfurlong at acmenet.net (Steve Furlong) Date: Thu, 24 Jul 2003 06:42:24 -0400 Subject: Jerk with a t-shirt In-Reply-To: References: Message-ID: <200307240642.24776.sfurlong@acmenet.net> On Wednesday 23 July 2003 09:18, Tyler Durden wrote: > But it sounds like a rehash of the mall incident You don't know what you're talking about. This happened just a few miles from me, so perhaps I've paid closer attention than you have. T-shirt man wasn't merely minding his own business while wearing an offensive shirt. He was stepping in front of people and haranguing them in front of a large anchor store in the mall. After a while he was asked to leave by a store employee, so he took himself to the food court and repeated the procedure. After complaints from several mall patrons, a security guard asked T-shirt man to either knock it off or leave. T-shirt man refused, growing more and more aggressive, and eventually the local cops came along and arrested him. (I may have fudged some details, as I'm working from memory, but I don't think I screwed up anything important.) OK, so far it could be the spontaneous actions of one guy. But, even though the story wasn't reported until the late news that evening, there was a large (hundreds, IIRC) crowd of protesters when the mall opened the next morning. This might not sound like much to someone used to NYC crowds, but by the standards of this area that was a huge crowd. I guess it _could_ have been a spontaneous rising of a populace fed up with jack-booted thug harrassment of dissenting opinion. But the more I hear about it, the more this sounds like a planned operation. -- Steve Furlong Computer Condottiere Have GNU, Will Travel "If someone is so fearful that, that they're going to start using their weapons to protect their rights, makes me very nervous that these people have these weapons at all!" -- Rep. Henry Waxman From jr0280 at albany.edu Thu Jul 24 05:38:24 2003 From: jr0280 at albany.edu (Jack Reed) Date: Thu, 24 Jul 2003 08:38:24 -0400 Subject: Jerk with a t-shirt In-Reply-To: <200307240642.24776.sfurlong@acmenet.net> References:

Message-ID: <5.2.1.1.0.20030724082703.00b7aea0@mail.albany.edu> At 06:42 AM 7/24/2003 -0400, Steve Furlong wrote: >On Wednesday 23 July 2003 09:18, Tyler Durden wrote: > > > But it sounds like a rehash of the mall incident > >You don't know what you're talking about. This happened just a few miles >from me, so perhaps I've paid closer attention than you have. T-shirt >man wasn't merely minding his own business while wearing an offensive >shirt. He was stepping in front of people and haranguing them in front >of a large anchor store in the mall. After a while he was asked to >leave by a store employee, so he took himself to the food court and >repeated the procedure. After complaints from several mall patrons, a >security guard asked T-shirt man to either knock it off or leave. I live in this area too and this is far different than the one I heard. The description of events that I heard was that he was bothering *no one*, simply walking around wearing a shirt. The mall did make that claim but I haven't heard anyone else say he was bothering anyone. The newspaper story said they mall had one complaint about him, not "many." Also, the subsequent patrons wearing "Give peace a chance" where booted too and they were definitely not bothering anyone. Only when public pressure came to bear did they relent. >T-shirt man refused, growing more and more aggressive, and eventually >the local cops came along and arrested him. (I may have fudged some >details, as I'm working from memory, but I don't think I screwed up >anything important.) Let's see, you believe you're engaging in protected speech, rent-a-cops come and tell you to stop, and you don't believe you have to. If you're going to lie down if you believe you have a valid argument then that's really weak. I happen to agree with those who said that since he was on private property the property owners had every right to boot him off. I just think you should do a little more fact-checking before you post. Jack From declan at well.com Thu Jul 24 06:08:39 2003 From: declan at well.com (Declan McCullagh) Date: Thu, 24 Jul 2003 09:08:39 -0400 Subject: Congresscritters want to be more... permanent Message-ID: <5.2.1.1.0.20030724090719.0452fd68@mail.well.com> POLITICS News conference to announce bipartisan legislation for a constitutional ammendment to increase the term of House members from 2 years to 4 years. Participants: Rep. Charles Stenholm, D-Texas, and Rep. Roscoe Bartlett, R-Md.= Location: House Radio/TV Gallery, U.S. Capitol. 3:30 p.m. Contact: Anne Keller, 202-225-6605 or 202-225-2721 From emc at artifact.psychedelic.net Thu Jul 24 09:16:30 2003 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Thu, 24 Jul 2003 09:16:30 -0700 (PDT) Subject: Dead Body Theatre Message-ID: <200307241616.h6OGGUk3006619@artifact.psychedelic.net> I just noticed all news channels on the boob tube are showing endless repetitions of what the US alleges are the dead bodies of Saddam Hussein's sons. We all know how easy it is to make realistic fake pictures now that everything is digital, so I was thinking what a cool hack it would be to Photoshop some similar pictures of the Bush daughters, and post them on the Internet for everyone to enjoy. Now that the new standard for pre-emptive war is to murder the legitimate leader of another sovereign nation and his entire family, an "artist's rendering" of Shrub reaping what he sows would surely be an excellent political statement. -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From camera_lumina at hotmail.com Thu Jul 24 06:52:10 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 24 Jul 2003 09:52:10 -0400 Subject: Jerk with a t-shirt Message-ID: "This happened just a few miles from me, so perhaps I've paid closer attention than you have. T-shirt man wasn't merely minding his own business while wearing an offensive shirt. He was stepping in front of people and haranguing them in front of a large anchor store in the mall. After a while he was asked to leave by a store employee, so he took himself to the food court and repeated the procedure. After complaints from several mall patrons, a security guard asked T-shirt man to either knock it off or leave." Well I haven't heard the story told this way before. If this were the case, he should be removed no matter what T-shirt he was wearing. As for the "private property" issues, I'm still not convinced they're cut-and-dry (though in some cases maybe they are). If nothing else, the demonstration the following morning lets the local thugs know that consensus reality these days does not equate benevolence with US foreign policy. Thus, the barely-made-it-out-of-high-school managers of the Mall's Security will know that anti-war T-shirts may not be any more controversial than pro-war t-shirts, despite what the TV has instructed them. -TD >From: Steve Furlong >To: cypherpunks at lne.com >Subject: Jerk with a t-shirt >Date: Thu, 24 Jul 2003 06:42:24 -0400 > >On Wednesday 23 July 2003 09:18, Tyler Durden wrote: > > > But it sounds like a rehash of the mall incident > >You don't know what you're talking about. This happened just a few miles >from me, so perhaps I've paid closer attention than you have. T-shirt >man wasn't merely minding his own business while wearing an offensive >shirt. He was stepping in front of people and haranguing them in front >of a large anchor store in the mall. After a while he was asked to >leave by a store employee, so he took himself to the food court and >repeated the procedure. After complaints from several mall patrons, a >security guard asked T-shirt man to either knock it off or leave. >T-shirt man refused, growing more and more aggressive, and eventually >the local cops came along and arrested him. (I may have fudged some >details, as I'm working from memory, but I don't think I screwed up >anything important.) > >OK, so far it could be the spontaneous actions of one guy. But, even >though the story wasn't reported until the late news that evening, >there was a large (hundreds, IIRC) crowd of protesters when the mall >opened the next morning. This might not sound like much to someone used >to NYC crowds, but by the standards of this area that was a huge crowd. >I guess it _could_ have been a spontaneous rising of a populace fed up >with jack-booted thug harrassment of dissenting opinion. But the more I >hear about it, the more this sounds like a planned operation. > >-- >Steve Furlong Computer Condottiere Have GNU, Will Travel > >"If someone is so fearful that, that they're going to start using >their weapons to protect their rights, makes me very nervous that >these people have these weapons at all!" -- Rep. Henry Waxman _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail From rah at shipwright.com Thu Jul 24 07:13:09 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 24 Jul 2003 10:13:09 -0400 Subject: Accuris launches "Tap In A Box" Message-ID: Accuris - Product News Item Accuris launches "Tap In A Box" Accuris has recently launched "Tap in A Box" as a low-cost method to enable smaller ISPs to comply with their country's Lawful Interception requirements. Key Product Elements 7 Management System 7 Interception Capability 7 Hardware Components 7 System Installation 7 Delivery and on-site system test included 7 All relevant cables, connectors supplied 7 Technical Support 7 Warranty 7 Help desk 7 Call logging & problem management 7 Lines of support 7 Response times 7 Notifications 7 Optional Extras 7 Increased network capacity upgrade 7 Additional Tap Points 7 Upgrade to Enterprise solution 7 Professional Services 7 Additional support cover 7 Training Management System This system provides secure access to warrant/interception management features as well as control of interception point configuration. Interception Capability The basic number of tap points is 2 single Fast Ethernet points. The traffic interception types consist of TCP/IP, SMTP, POP3 and Radius. Additional services will be catered for in maintenance releases, as required by legislation. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From Vincent.Penquerch at artworks.co.uk Thu Jul 24 02:14:20 2003 From: Vincent.Penquerch at artworks.co.uk (Vincent Penquerc'h) Date: Thu, 24 Jul 2003 10:14:20 +0100 Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online Message-ID: > Just because it's cool and we can call it electronic cash? What's the > point? Why would you bother building it? Why would anyone > bother using > it? Ah, to make money off it of course! Advertize it, and people will use it. Maybe. For a time. And when it wears off, you launch another one. Sure, it's pointless technically, but so are many gimmicks that are commercially viable, if only for a limited time. And maybe the LEAs are actually even pushing it as a way to easily catch clueless criminals :) -- Vincent Penquerc'h From rah at shipwright.com Thu Jul 24 07:17:36 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 24 Jul 2003 10:17:36 -0400 Subject: Accuris - Challenges Facing You Message-ID: Accuris - Challenges Facing You The current situation has left operators facing a considerable list of challenges: As the services you offer your customers increase so too do the number of Interception services and therefore the workload on your company should a manual approach continue to be adopted. The EU law imposes a legal duty on all operators to meet many standards in the Interception network including: 7 Integrity - The target must not be able to detect that the traffic is being intercepted. 7 Quality - The quality of the real-time Interception delivered to the Law Enforcement Monitoring Facility (LEMF) must be of the same level as that delivered to the target. 7 Performance - The operator must be able to implement urgent requests within minutes. 7 Lawful - Interceptions must commence and terminate at the exact start/end date and time referred to on the Interception warrant. 7 Security - Only individuals who have been appropriately screened and require access to Interception data should have this ability. In an increasingly global economy LEAs are increasingly requesting Interceptions from operators outside their home county. It is important to ensure that the handover interface you use to an LEMF is based on a commonly used standard. In the telecommunications business this usually means compliance to either ETSI or CALEA. Potential Implications 7Interception warrants are issued by the courts and need to be complied with exactly in order to ensure that the Interceptions carried out are in fact lawful rather than unlawful. 7Manual processes are costly, inefficient and prone to error. 7Provision of Interception on any service you offer may be required under the terms of your license. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu Jul 24 07:18:07 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 24 Jul 2003 10:18:07 -0400 Subject: Accuris - Data Network Interception Message-ID: Accuris - Data Network Interception LMD-IP The LMD-IP is Accuris' IP mediation product, it mediates between the ISP's network and the Law Enforcement Monitoring Facility, delivering intercepted target traffic according to the relevant national standard. LMD-IP has been built on a component-based architecture, enabling the distribution of components where necessary to handle the intercept volumes and to tailor with the ISP's network. Features 7 Automatic activation/de-activation on all appropriate interception points. 7 Delivery of content and intercept related information in compliance with TIIT standards. 7 Support for warrant management. 7 Discrete billing capability. 7 Support for all Ethernet-based IP services (10MB/sec, 100MB/sec or 1GB/sec.) 7 Support for ATM and POS Benefits 7 Fully compliant with TIIT. 7 Passive interception ensures no impact on your network services. 7 Facility to manage multiple logical domains. 7 Architecture supports future value-added applications. 7 No software interception limits. 7 A product roadmap that is in step with the TIIT & ETSI standards as they evolve. 7 Deployed on non-proprietary hardware and software thus reducing operating and deployment costs. Common management system controls all interception services ensuring increased security and reduced operating costs. The Product The LMD-IP consists of five key components: 7 Intercept Management 7 Target Access Point (TAP) 7 Network Filter 7 Service Filter 7 Delivery Intercept Management This component is responsible for the activation/de-activation of the interception on the ISP's network at the start/end time indicated on the warrant. It passes the target's IP address to the Network and Service Filters and the appropriate LEMF delivery address to the Delivery module. TAP TAP splitters or layer 2 splitting can be used to replicate the IP data stream. This passive mechanism has the dual benefit of ensuring that the ISP's network is unaffected and that the target is unaware of the interception of the service. Prior to deployment, Accuris engineers assist ISP staff in determining the most efficient location to place TAPs on the network. Network Filter The Network Filter intelligently selects the IP packets of interest i.e. where the source/destination IP address is that of a registered IP target or a dial-in user is attempting to logon. Once identified this packet is then sent to the appropriate service filter. Service Filter The Service Filter is responsible for re-constituting the IP datagrams into their native service e.g. SMTP, POP3, etc. Delivery The delivery module is responsible for delivering the intercepted data and/or intercept related events to the LEMF according to the applicable national standard. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu Jul 24 07:21:03 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 24 Jul 2003 10:21:03 -0400 Subject: Accuris - Company History Message-ID: Accuris - Company History Accuris is a specialist provider of lawful interception solutions in the communications field. Based in Dublin, Ireland - the software capital of Europe - Accuris continues to lead the market in its niche field. Established in 1997 as a product provider in the telecommunications arena, Accuris grew rapidly as a result of the input from its founders - KPN, Eircom and Telia. In 2002 the company was purchased by a group of investors and charged with becoming the European leader in Lawful Interception, as well as extending its expertise in other areas of the telecommunications sector. Accuris has a core specialist workforce that provides the full range of services from initial consultancy through development and ongoing customer support. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jya at pipeline.com Thu Jul 24 10:34:13 2003 From: jya at pipeline.com (John Young) Date: Thu, 24 Jul 2003 10:34:13 -0700 Subject: Jerk with a t-shirt In-Reply-To: <5.2.1.1.0.20030724082703.00b7aea0@mail.albany.edu> References: <200307240642.24776.sfurlong@acmenet.net>

Message-ID: The rights of property owners, especially commercial property, are not as absolute as sometimes argued. Due to the public services provided by governmental authorities, tax perqs not the least, property owners are required to abide a diverse range of laws and regulations to provide assurance that people on the property are safe. These people include the property owner, family members, employees, customers and others who may not be capable of judging what is safe. Similarly, retail property owners are obliged to provide assurances to customers that they are safe as prescribed by zoning, building and health codes. To be sure there is a lucrative industry of professionals who advise property owners how to skirt these requirements -- public relations mongers, lobbyists, lawyers, zoning consultants, architects, engineers, planners, politicians, so-called public interest groups, bribers, liars, cheaters, the mob, whores, pimps, and so on. Most of these are lightly or unregulated, even those ostensibly licensed to protect the public interest are happy to front for those whose only interest is criminal profit. Keep this in mind: whenever someone argues for the right to do what they want on their property they are blowing shit in your face while picking your pocket and placing you and your beloved mongrels in danger through a smart-ass range of distancing, exculpatory mechanisms, not least several of the constitutional amendments which were set up for just that purpose by the original continental landscape thieves and which are forever being updated to keep the our-screw-you-laws-are-fair-laws racket running smoothly. Thanks to two centuries of warping law and culture to bias stolen property owners, no property owner takes full risk these days, but some will have you killed if you question that, that's what the justice and national security mob is paid handsomely to enforce. Department of Homeland Security looks to be the greatest ever privacy and property expropriation since the national security apparatus was set up after WW2, stolen from the public in the name of protecting it, given over to the homesec contractors, mediated by the homesec slicksters. "Homeland" is the false positive, as was "national defense." >I happen to agree with those who said that since he was on private property >the property owners had every right to boot him off. I just think you >should do a little more fact-checking before you post. > >Jack From sunder at sunder.net Thu Jul 24 08:15:30 2003 From: sunder at sunder.net (Sunder) Date: Thu, 24 Jul 2003 11:15:30 -0400 (edt) Subject: Dna samples of world leaders In-Reply-To: <5.1.1.6.2.20030723130545.02dabbf8@idiom.com> Message-ID: Yes, brain fart. :) s/b Emmanuel Goldstein. Doh! Need more coffee... Yup, but you don't have to splice a tape, you can do it all digitally these days, then create a signle low quality audiotape recorded so poorly that your analyst won't be able to acurately say yes or not. The real question is whether or not you can have a speech synth that can put out convincing inflections, pauses, um's ah's, coughs, etc. to the point that it sounds like a human with emotions, not a machine. You can get the samples from existing speeches/addresses and extract just the phonemes. Your speech synth's output shouldn't sound like a bunch of clips of words of course. :) I don't know how many phonemes would be required for a convinging Iraqi leader... For English there's like 30 something... If you get them all at the same tone from the same speech, you're set. If you've ever played with MacOS's speech synth, they have some that are somewhat realistic human voices, but they still speak with out human sounding rythms - rather they sound like a human trying to imitate a computer a la old Star Trek episodes. Add the inflections to get emotion like sounds, and increase the quality of the synth so you don't hear machine artifacts, and you're set. It's not an easy problem, but neither is it impossible. As to DNA: Uh, I was talking about Sadam's palaces - lots of skin flakes, clothes, hairs in combs, etc to be had there. Ok, well that presumes that sufficient samples were collected before the nice palace parties. :) ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Wed, 23 Jul 2003, Bill Stewart wrote: > At 12:42 PM 07/23/2003 -0400, Sunder wrote: > >Bah! Saddam has become the new Eric Goldstien since Osama Bin Ladin is > >quieter. > > I'm guessing you're mixing up Emmanuel Goldstein, from 1984 > and Eric Corley aka Emmanuel Goldstein, from 2600 ? > It might be hard to splice together a tape that would > fool a forensic expert into thinking the tape was really > an authentic recording by the same person who was speaking on > several other known-to-be-authentic recordings. > It's not at all hard to put together a press release from > an ostensible forensic expert claiming that a tape > is or isn't authentic, or even to find an expert who'll say it. > It's probably not too hard to put together a tape with > the speech you want and a set of claimed-to-be-known-authentic samples > that the expert can compare with the voice on the tape, > if the expert doesn't have good independent samples of his own. > > After all, your objective isn't to fool the experts - > it's to fool the public, or rather to make sure that the public > that you've already fooled continues to stay fooled. > As Bush said, "fool me once, shame on... shame on.. " > > > Besides, to get the DNA samples, they just checked with > Illuminati Headquarters - you thought that when world leaders > sign their employment contracts in blood, it's only for decoration? From mv at cdc.gov Thu Jul 24 11:26:38 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 24 Jul 2003 11:26:38 -0700 Subject: Dead Body Theatre Message-ID: <3F2024DE.7E1092C9@cdc.gov> At 06:00 PM 7/24/03 +0100, Dave Howe wrote: >the new standard, I suspect a suicide bombing of >the white house (killing all the staff and the shrub) would now be "ok" >provided they shouted 'surrender or die' first, yes? Dude, if Julius Caesar had magnetometers we might all be speaking Italian now. The one with the bigger guns makes the rules. Which is why those with smaller guns don't play by those rules. Just because the UN fnord hasn't been given the paperwork or Congress hasn't made the required fnord legal declaration, don't think there isn't a war on. Or several. From sunder at sunder.net Thu Jul 24 09:09:58 2003 From: sunder at sunder.net (Sunder) Date: Thu, 24 Jul 2003 12:09:58 -0400 (edt) Subject: Congresscritters want to be more... permanent In-Reply-To: <5.2.1.1.0.20030724090719.0452fd68@mail.well.com> Message-ID: Isn't that akin to when they vote themselves raises? :) ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Thu, 24 Jul 2003, Declan McCullagh wrote: > POLITICS > News conference to announce bipartisan legislation for a constitutional > ammendment to increase the term of House members from 2 years to 4 > years. > Participants: Rep. Charles Stenholm, D-Texas, and Rep. Roscoe > Bartlett, R-Md.= > Location: House Radio/TV Gallery, U.S. Capitol. 3:30 p.m. > Contact: Anne Keller, 202-225-6605 or 202-225-2721 From timcmay at got.net Thu Jul 24 12:50:35 2003 From: timcmay at got.net (Tim May) Date: Thu, 24 Jul 2003 12:50:35 -0700 Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online In-Reply-To: Message-ID: <17C50F20-BE10-11D7-8D66-0003930F2360@got.net> On Thursday, July 24, 2003, at 11:16 AM, Sampo Syreeni wrote: > On 2003-07-23, Sunder uttered: > >> If you want to do electronic payments that are non-anonymous you can >> simply use a credit card or debit card (or something like paypal, >> egold), >> or for larger quanitities you can do wire transfers - so why would we >> need yet another a non-anonymous "cash" that isn't cash? > > I only objected to the notion that all digicash needs to be anonymous > in > order to be desirable. I didn't say this particular system amounts to > desirable weak digicash. To that end it would likely make far more > sense > in the short term e.g. to marry Visa Electronic to PayPal. In the long > term multiple cooperating PayPal-like entities could then be used to > build > mixnets, making the digicash strongly anonymous. This continuing confusion, by many people, about what "digicash" is shows the problem with using nonspecific terms. In fact, "digicash" strongly suggests David Chaum's "Digicash," not some name for all forms of credit cards, ATMs, debit cards, PayPal, wire transfer, Mondex, and a scad of other systems that may use bits and electronic signals. Conventionally, on this list and in the press about "digital cash," digital cash means something which has the untraceable and/or anonymous features of "cash" while being transferred digitally. It is NOT a Visa system or a PayPal account or a wire instruction to the Cayman Islands. I choose not to call "untraceable/anonymous digital cash" by any of the marketing-oriented catchwords like "Digicash," "BearerBucks," "E-coins," "MeterMoney," whatever. So, I strongly agree with your point that not all electronic forms of money need to be anonymous (untraceable) in order to be useful. HOWEVER, our interest is in the untraceable/anonymous. There are no doubt active groups discussing PayPal, VISA, MasterCard, DiscoverCard, etc. But they have nothing to do with Cypherpunks. We should also fight the use of sloppy language in the press when mundane electronic funds transfer systems are called "digital cash." --Tim May From camera_lumina at hotmail.com Thu Jul 24 13:09:39 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 24 Jul 2003 16:09:39 -0400 Subject: Dead Body Theatre Message-ID: Oooh! A very amusing notion. I'm wondering, however, if in terms of analogies showing two of the -Sr- Bush's sons in the photos might be more appropo (ie, Jeb & Dubya)...though I admit showing the daughters has more sheer shock and "fuck-you" value. -TD >From: Eric Cordian >To: cypherpunks at minder.net >Subject: Dead Body Theatre >Date: Thu, 24 Jul 2003 09:16:30 -0700 (PDT) > >I just noticed all news channels on the boob tube are showing endless >repetitions of what the US alleges are the dead bodies of Saddam Hussein's >sons. > >We all know how easy it is to make realistic fake pictures now that >everything is digital, so I was thinking what a cool hack it would be to >Photoshop some similar pictures of the Bush daughters, and post them on >the Internet for everyone to enjoy. > >Now that the new standard for pre-emptive war is to murder the legitimate >leader of another sovereign nation and his entire family, an "artist's >rendering" of Shrub reaping what he sows would surely be an excellent >political statement. > >-- >Eric Michael Cordian 0+ >O:.T:.O:. Mathematical Munitions Division >"Do What Thou Wilt Shall Be The Whole Of The Law" _________________________________________________________________ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail From sunder at sunder.net Thu Jul 24 14:52:06 2003 From: sunder at sunder.net (Sunder) Date: Thu, 24 Jul 2003 17:52:06 -0400 (edt) Subject: Dead Body Theatre In-Reply-To: Message-ID: Nah, if you want sheer fuck you value photoshop them smoking crack pipes while in an all out lezbo scene (make sure the other girls are of color - preferably looking like they're from the middle east, some with strap-ons)... include a gratiutous male donkey in there too. Throw Jeb in there for good measure - blowing the donkey. If that doesn't shock his Xian-Fundie heart, I don't know what will. :) ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Thu, 24 Jul 2003, Tyler Durden wrote: > Oooh! A very amusing notion. > > I'm wondering, however, if in terms of analogies showing two of the -Sr- > Bush's sons in the photos might be more appropo (ie, Jeb & Dubya)...though I > admit showing the daughters has more sheer shock and "fuck-you" value. From DaveHowe at gmx.co.uk Thu Jul 24 10:00:55 2003 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Thu, 24 Jul 2003 18:00:55 +0100 Subject: Dead Body Theatre References: <200307241616.h6OGGUk3006619@artifact.psychedelic.net> Message-ID: <01a001c35205$2704dc90$c71121c2@exchange.sharpuk.co.uk> Eric Cordian wrote: > Now that the new standard for pre-emptive war is to murder the > legitimate leader of another sovereign nation and his entire family, > an "artist's rendering" of Shrub reaping what he sows would surely be > an excellent political statement. I am not sure these two were murdered as saddam's sons (although obviously they were, and were no doubt given priority over equally worthy targets) but as authority figures in the former government. That they were also (if they could be captured) bloody useful hostages against actions by their father probably didn't go without notice either. However, if strafeing an occupied house with helecopter gunships, rocket launchers and heavy machine guns after a cursory "surrender or die" is ignored, based on military intel (which as the WMD fiasco shows is worthless if the PR spin department are demanding raw access to unfiltered intel and filtering, not on reliability but on closeness of match to the desired outcome) is to be the new standard, I suspect a suicide bombing of the white house (killing all the staff and the shrub) would now be "ok" provided they shouted 'surrender or die' first, yes? From shaddack at ns.arachne.cz Thu Jul 24 09:21:04 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Thu, 24 Jul 2003 18:21:04 +0200 (CEST) Subject: Jerk with a t-shirt In-Reply-To: <200307240642.24776.sfurlong@acmenet.net> Message-ID: On Thu, 24 Jul 2003, Steve Furlong wrote: > I guess it _could_ have been a spontaneous rising of a populace fed up > with jack-booted thug harrassment of dissenting opinion. But the more I > hear about it, the more this sounds like a planned operation. In the age of cellphones and email, fast ad-hoc organizations of many people aren't as difficult as they used to be. I believe a good book about this could be Howard Rheingold: Smart Mobs. Especially in the case of already pre-stirred subpopulation, in this case the anti-war part, fast crowding could be initiated by a relatively small cause. From sfurlong at acmenet.net Thu Jul 24 15:46:48 2003 From: sfurlong at acmenet.net (Steve Furlong) Date: Thu, 24 Jul 2003 18:46:48 -0400 Subject: Congresscritters want to be more... permanent In-Reply-To: References: Message-ID: <200307241846.48863.sfurlong@acmenet.net> On Thursday 24 July 2003 12:09, Sunder wrote: > Isn't that akin to when they vote themselves raises? :) What raises? That would be unconstitutional, and they'd never do that. What they get are cost of living adjustments. -- Steve Furlong Computer Condottiere Have GNU, Will Travel "If someone is so fearful that, that they're going to start using their weapons to protect their rights, makes me very nervous that these people have these weapons at all!" -- Rep. Henry Waxman From timcmay at got.net Thu Jul 24 18:48:00 2003 From: timcmay at got.net (Tim May) Date: Thu, 24 Jul 2003 18:48:00 -0700 Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online In-Reply-To: Message-ID: <05C0AB66-BE42-11D7-8D66-0003930F2360@got.net> On Thursday, July 24, 2003, at 03:17 PM, Sampo Syreeni wrote: > On 2003-07-24, Tim May uttered: > >> HOWEVER, our interest is in the untraceable/anonymous. > > Duh! > You were gibbering about how "digicash" includes PayPal, ATMs, Visa, and other forms of transfers which are only "digital" in that computers are used. You need to think carefully about what blinding is all about. Calling Visa and PayPal "digicash" shows fundamental ignorance. Nitwit. But very typical of the "new generation of rilly, rilly dumb cypherpunks." --Tim May From timcmay at got.net Thu Jul 24 18:55:27 2003 From: timcmay at got.net (Tim May) Date: Thu, 24 Jul 2003 18:55:27 -0700 Subject: Dead Body Theatre In-Reply-To: Message-ID: <0FFE190A-BE43-11D7-8D66-0003930F2360@got.net> On Thursday, July 24, 2003, at 05:52 PM, J.A. Terranson wrote: > On Thu, 24 Jul 2003, Dave Howe wrote: > >> However, if strafeing an occupied house with helecopter gunships, >> rocket >> launchers and heavy machine guns after a cursory "surrender or die" is >> ignored, based on military intel (which as the WMD fiasco shows is >> worthless if the PR spin department are demanding raw access to >> unfiltered >> intel and filtering, not on reliability but on closeness of match to >> the >> desired outcome) is to be the new standard, I suspect a suicide >> bombing of >> the white house (killing all the staff and the shrub) would now be >> "ok" >> provided they shouted 'surrender or die' first, yes? > > Hell, this has been the norm for a very long time. The rest of the > world > knows this as an American No-Knock Drug Warrant. > Fucking idiot. Did you notice you have once again copied two nodes of the CP list? This is not the first time. Idiot. Someone ought to necklace you. --Tim May From timcmay at got.net Thu Jul 24 18:57:18 2003 From: timcmay at got.net (Tim May) Date: Thu, 24 Jul 2003 18:57:18 -0700 Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online In-Reply-To: <20030725001110.GC9659@dreams.soze.net> Message-ID: <523133AB-BE43-11D7-8D66-0003930F2360@got.net> On Thursday, July 24, 2003, at 05:11 PM, Justin wrote: > Tim May (2003-07-24 19:50Z) wrote: > >> We should also fight the use of sloppy language in the press when >> mundane electronic funds transfer systems are called "digital cash." > > Is there anything to fight? > > The only instance of "digital cash" on google news (there's one > reference to "digital cash registers", which I'm not counting) is an > article about proffr's "x needs killing" comments. The article doesn't > abuse the term "digital cash", though it does abuse the term > "listserv". > > The term doesn't appear in print often enough to matter, IMO. > > PLONK. Way too many fools on Cypherpunks these last several months. Maybe it's time to kill it. --Tim May From eresrch at eskimo.com Thu Jul 24 19:25:30 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Thu, 24 Jul 2003 19:25:30 -0700 (PDT) Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online In-Reply-To: <523133AB-BE43-11D7-8D66-0003930F2360@got.net> Message-ID: On Thu, 24 Jul 2003, Tim May wrote: > PLONK. > > Way too many fools on Cypherpunks these last several months. Maybe > it's time to kill it. Excellent idea! Since nobody on the list agrees with you any more, you can eliminate a ton of noise from all the spammers across the globe. My in box will not regret it. :-) Patience, persistence, truth, Dr. mike From measl at mfn.org Thu Jul 24 17:52:06 2003 From: measl at mfn.org (J.A. Terranson) Date: Thu, 24 Jul 2003 19:52:06 -0500 (CDT) Subject: Dead Body Theatre In-Reply-To: <01a001c35205$2704dc90$c71121c2@exchange.sharpuk.co.uk> Message-ID: On Thu, 24 Jul 2003, Dave Howe wrote: > However, if strafeing an occupied house with helecopter gunships, rocket > launchers and heavy machine guns after a cursory "surrender or die" is > ignored, based on military intel (which as the WMD fiasco shows is > worthless if the PR spin department are demanding raw access to unfiltered > intel and filtering, not on reliability but on closeness of match to the > desired outcome) is to be the new standard, I suspect a suicide bombing of > the white house (killing all the staff and the shrub) would now be "ok" > provided they shouted 'surrender or die' first, yes? Hell, this has been the norm for a very long time. The rest of the world knows this as an American No-Knock Drug Warrant. -- Yours, J.A. Terranson sysadmin at mfn.org "Every living thing dies alone." Donnie Darko From camera_lumina at hotmail.com Thu Jul 24 17:44:32 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 24 Jul 2003 20:44:32 -0400 Subject: Seminars not to miss in July and August 2003 Message-ID: Wow! This is either an identity sweep initiated by TSAs, or we're somehow on some interesting radar screens. Any truth to the rumor that 'Tim May' is actually a nym for bin Laden? -TD >From: "Settec" >Reply-To: "Settec" >To: camera_lumina at hotmail.com >Subject: Seminars not to miss in July and August 2003 >Date: Thu, 24 Jul 2003 20:10:56 +0300 > >Dear Clients, > >Due to a technical problem with our web hosting, which allows only those >connecting from the free number of starnet in Egypt 07770666 to view our >web site, and due to the shortage of time, we are announcing in text mode >the following three coming up seminars in July and August of 2003: > >Seminar: Environmental Register (How to do it, The components, the >measurements) as per requirements of law number 4 for the year 1994 > GaSLa GaHmFm (c_fdGJe ! ^mGSGJe f_m]mI EZOGOe ) ]m VfA GaaGFMI GaJd]mPmI >a^Gdfd GaHmFI Q^c 4 aSdI 1994 fXQ^ J^mmc GaEdHZGKGJ Ga[GRmI cd GacUGOQ >GaKGHJI >Date: July 29 - 30, 2003 >City: Alexandria >Venue: Plaza Hotel >Web site: http://www.settecltd.com/en/2003/jul2930.htm > http://www.settecltd.com/ar/2003/jul2930.htm > > >Seminar: The Egyptian Customs Law number 66 for the year 1963 and the >latest amendments > ^Gdfd GaLcGQ_ Q^c 66 aSdI 1963 f]^G aGMOK GaJZOmaGJ >Date: July 29 - 30, 2003 >City: Cairo >Venue: Meridien Heliopolis >Web site: http://www.settecltd.com/en/2003/jul2930d.htm > http://www.settecltd.com/ar/2003/jul2930d.htm > > >Seminar: New Unified Labor Law # 12 for the year 2003 > ^Gdfd GaZca GacfMO GaLOmO Q^c 12 aSdI 2003 >Date: August 18 - 19, 2003 >City: Cairo >Venue: Meridien Heliopolis >Web site: http://www.settecltd.com/en/2003/aug1819.htm > http://www.settecltd.com/ar/2003/jul2930d.htm > >For full information on the seminars, prices, and available promotions, >please contact Mr. Essam Mahmoud at the below numbers. > >======================================================================================================== > >SETTEC > >Address: Agooza Police Tower, Nawal St., Agooza, Giza, Egypt > >Tel./Fax: +2 (02) 3387527 - 3362040 - 7614343 >Mobile: +2 (012) 3228395 >US Fax: +1 772 365 0405 >e-mail: settec at link.net >web page: www.settecltd.com > >======================================================================================================= > >To unsubscribe from Settec Newsletter send a blank message to >settec at starnet.com.eg with subject "Unsubscribe" >Your request will be performed within two business day > >======================================================================================================= > > > > > > > > > _________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail From rah at shipwright.com Thu Jul 24 18:01:42 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 24 Jul 2003 21:01:42 -0400 Subject: One-Click Treason Message-ID: TCS: Tech Central Station - Where Free Markets Meet Technology One-Click Treason By Tom W. Bell 07/24/2003 Accusations of treason fly when a nation goes to war. Sometimes, those claims stick. After World War II, the U.S. punished several of its citizens for having served as paid Axis propagandists. Recent terrorist attacks on the U.S. have triggered new cries of "Treason!" Could successful prosecutions follow? As the Constitution defines it, treason includes "adhering to" enemies of the U.S. and "giving them Aid and Comfort." Courts have already told us that paid propagandists meet the test. An American serving as a paid propagandist of the al-Qaida network would thus run a high risk of punishment for treason. The same would likely hold true of anyone who, owing allegiance to the U.S. , spoke on behalf of and in the pay of an anti-U.S. terrorist organization. The War on Terrorists will probably not generate any treason prosecutions of paid propagandists, however. Contemporary terrorist networks favor less formal -- we might say "packet-switched" -- operations. Terrorist enemies of the U.S. thus tend to distribute their propaganda via volunteers from the press, in the street, or on the internet. Could such volunteer propagandists suffer punishment for treason? Here, the law of treason hides a treacherous hole. Courts have not said whether volunteer propagandists for enemies of the U.S. commit treason against it. The volume of volunteer pro-terrorist propaganda alone makes that legal uncertainty worrisome. The growing ease of adding to that flood of speech makes the legal gap dangerous. Advances in telecommunications have made it astonishingly easy to publish unpaid, volunteer, freelance propaganda. Because she relied on short-wave radio signals sent from powerful transmitters overseas, Axis Sally needed Nazi help to broadcast to the U.S. Today, in contrast, a domestic "al-Qaida Al" could, with a single click on his weblog interface, bombard the world with anti-U.S. polemic. Does that mean that every domestic blogger who criticizes U.S. foreign policy thereby commits treason? Of course not. The Constitution requires treasonous speakers to "adhere to" U.S. enemies. Most critics of their country want to help it. As the Supreme Court explained in Cramer v. United States , a treasonous speaker must "intellectually or emotionally favor the enemy and harbor sympathies or convictions disloyal to this country's policy or interest . . .." A domestic blogger like al-Qaida Al might easily qualify on that count. The Constitution also requires that a treasonous act give "Aid and Comfort" to enemies of the U.S. Can mere speech do that? Here, again, Cramer v. U.S. offers guidance. The Supreme Court included "making a speech critical of the government or opposing its measures" among the acts that could aid and comfort an enemy. Again, al-Qaida Al might do that; bloggers already do. Suppose, then, that our imagined blogger owes allegiance to the U.S. , sympathizes with al-Qaida, harbors convictions disloyal to the U.S. , and uses his blog to express those views. Does he thereby commit treason? Although language from Cramer v. U.S. suggests that he does, that case speaks only to the prosecution of a paid propagandist. It thus does not control the hypothetical case of U.S. v. al-Qaida Al. And, as other courts have observed, al-Qaida Al has a free speech right to express his opinion. Treason law has not yet bridged the gap between paid and independent propagandists. If al-Qaida Al blogs as a paid agent of the al-Qaida conspiracy, he probably commits treason. If he speaks in complete independence of al-Qaida direction, he almost certainly enjoys immunity from prosecution. Between those solid edges fall a number of cases, including directed but unpaid propaganda, undirected but coordinated propaganda, and sympathetically republished propaganda. How should we decide whether those types of propaganda qualify as "treasonous speech" or "free speech"? One rule leaps to the fore: Require evidence of a binding obligation between a supposed traitor and a U.S. enemy. Their obligation would not have to be in writing, involve money, or make the accused an agent. At the least, though, al-Qaida Al's prosecutors would have to show that he had promised aid and comfort to a U.S. enemy. Free speech rights would win greater protection if prosecutors also had to show that defendant Al had gained something in the exchange. It would not have to be money; a promise of almost anything would suffice as consideration for the deal. Perhaps as little as Osama bin Laden's (allegedly) personal "thank you" would do, or a hypertext link on the (alleged) al-Qaida homepage. It would not do, though, to prove only that al-Qaida Al had emailed a promise of help to reliance at al-qaida.net . Prosecutors would have to show that Al got a reply and reached a deal. Courts may soon face the chasm-splitting treason law. They will then have to walk the legal tightrope between paid and independent propaganda, balancing the power to prosecute treason against the right to speak freely. To give that distinction a solid footing, to protect our liberties from a terrible fall, courts should follow contract law. Tom Bell is a professor at Chapman University School of Law and adjunct scholar at the Cato Institute. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From decoy at iki.fi Thu Jul 24 11:16:35 2003 From: decoy at iki.fi (Sampo Syreeni) Date: Thu, 24 Jul 2003 21:16:35 +0300 (EEST) Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online In-Reply-To: References: Message-ID: On 2003-07-23, Sunder uttered: >If you want to do electronic payments that are non-anonymous you can >simply use a credit card or debit card (or something like paypal, egold), >or for larger quanitities you can do wire transfers - so why would we >need yet another a non-anonymous "cash" that isn't cash? I only objected to the notion that all digicash needs to be anonymous in order to be desirable. I didn't say this particular system amounts to desirable weak digicash. To that end it would likely make far more sense in the short term e.g. to marry Visa Electronic to PayPal. In the long term multiple cooperating PayPal-like entities could then be used to build mixnets, making the digicash strongly anonymous. As for Morlock Elloi's objection, what you have on your bank account *is* money, and debit cards simply a technological quirk which allows us to access it. Furthermore, any medium of indirect exchange is by definition money and at least Merriam-Webster defines cash as "ready money". So we might define cash as the most liquid form a money available. After that we can claim that in the presence of ubiquitous debit capability and a steadily growing aversion towards those using paper money, the latter is not in fact cash at all, but a less liquid cash (bits on a mainframe) substitute used when we're willing to pay a premium (in convenience and depreciation) for anonymity. -- Sampo Syreeni, aka decoy - mailto:decoy at iki.fi, tel:+358-50-5756111 student/math+cs/helsinki university, http://www.iki.fi/~decoy/front openpgp: 050985C2/025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 From sfurlong at acmenet.net Thu Jul 24 19:12:16 2003 From: sfurlong at acmenet.net (Steve Furlong) Date: Thu, 24 Jul 2003 22:12:16 -0400 Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online In-Reply-To: <17C50F20-BE10-11D7-8D66-0003930F2360@got.net> References: <17C50F20-BE10-11D7-8D66-0003930F2360@got.net> Message-ID: <200307242212.16564.sfurlong@acmenet.net> On Thursday 24 July 2003 15:50, Tim May wrote: > In fact, "digicash" strongly suggests David Chaum's "Digicash," That assumes the reader or listener has heard of Digicash, or of Chaum. Not an assumption I'd be comfortable making. > I choose not to call "untraceable/anonymous digital cash" by any of > the marketing-oriented catchwords like "Digicash," "BearerBucks," > "E-coins," "MeterMoney," whatever. I tend to use "electronic money" when discussing coin- or account-based systems, anonymous or not, with the unwashed masses. It conveys the meaning well enough to serve as an opening wedge to a better description, and it's general enough that it shouldn't offend the sensibilities of those few people who do understand the subject in depth. And it hasn't been gobbled up by any company, so far as I know. -- Steve Furlong Computer Condottiere Have GNU, Will Travel "If someone is so fearful that, that they're going to start using their weapons to protect their rights, makes me very nervous that these people have these weapons at all!" -- Rep. Henry Waxman From justin at soze.net Thu Jul 24 17:11:10 2003 From: justin at soze.net (Justin) Date: Fri, 25 Jul 2003 00:11:10 +0000 Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online In-Reply-To: <17C50F20-BE10-11D7-8D66-0003930F2360@got.net> References: <17C50F20-BE10-11D7-8D66-0003930F2360@got.net> Message-ID: <20030725001110.GC9659@dreams.soze.net> Tim May (2003-07-24 19:50Z) wrote: > We should also fight the use of sloppy language in the press when > mundane electronic funds transfer systems are called "digital cash." Is there anything to fight? The only instance of "digital cash" on google news (there's one reference to "digital cash registers", which I'm not counting) is an article about proffr's "x needs killing" comments. The article doesn't abuse the term "digital cash", though it does abuse the term "listserv". The term doesn't appear in print often enough to matter, IMO. http://news.google.com/news?hl=en&q=%22digital+cash%22&btnG=Search+News http://www.denverpost.com/Stories/0,1413,36~53~1497971,00.html -- Freedom's untidy, and free people are free to make mistakes and commit crimes and do bad things. They're also free to live their lives and do wonderful things. --Rumsfeld, 2003-04-11 From timcmay at got.net Fri Jul 25 00:46:09 2003 From: timcmay at got.net (Tim May) Date: Fri, 25 Jul 2003 00:46:09 -0700 Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online In-Reply-To: <200307242212.16564.sfurlong@acmenet.net> Message-ID: <0E0C3BFB-BE74-11D7-8D66-0003930F2360@got.net> On Thursday, July 24, 2003, at 07:12 PM, Steve Furlong wrote: > On Thursday 24 July 2003 15:50, Tim May wrote: > >> In fact, "digicash" strongly suggests David Chaum's "Digicash," > > That assumes the reader or listener has heard of Digicash, or of Chaum. > Not an assumption I'd be comfortable making. Agreed, making the assumption that readers here have heard of Chaum or understand the basic idea of blinded transactions (or dining cryptographers, or oblivious transfer, or any of the other building blocks) is no longer warranted. I expect many of the persyns of peircing now spewing on the list are, like, thinking "that's, like, _so_ nineties." As for thinking very general readers or listeners, those not even on the list, are capable of understanding Chaum or Digicash, that's a fool's errand. The average nontechnical person knows nothing about how crypto works, and attempting to explain a DC-Net or a blinded transfer is no more useful to them than just telling them the currency is based on "magic beans." The point is not that laymen need to understand Digicash, but that calling things like ATM cards and Visa cards "digicash" does a disservice to the important ideas of why Chaum's and Brands' and similar systems worked. Hey, maybe it's actually the case that some of the people here who are referring to electronic debit cards as "digicash" just don't have a clue about what blinding is and why it makes for truly untraceable tokens. > I tend to use "electronic money" when discussing coin- or account-based > systems, anonymous or not, with the unwashed masses. It conveys the > meaning well enough to serve as an opening wedge to a better > description, and it's general enough that it shouldn't offend the > sensibilities of those few people who do understand the subject in > depth. And it hasn't been gobbled up by any company, so far as I know. I stopped any efforts to explain the true importance of electronic/digital money/cash a long time ago. A waste of time. Not too surprising, as getting even the basic idea requires some passing familiarity with things like how RSA works. When I read Chaum's 1985 CACM paper I already knew about RSA and "hard" directions for problems (trapdoor functions), and yet I still had to read and reread the paper and draw little pictures for myself. Thinking someone can absorb the gist via a purely verbal description is just not plausible. I have seen David Chaum attempt to do this with an audience of computer professionals....my impression from the later questions from the audience is that his explanation simply didn't get them over the "hump" to the stage of realizing the key concept. No more so than popularizations of relativity actually ever got the masses to understand relativity. There is much that could be said about whether this difficulty is why we don't have untraceable, Chaum-style forms of money (I don't think this is the reason). Regardless, wishing won't make it so, and so wishing that people would "grok" the importance of blinding without having spent at least a few hours brushing up on RSA and exponentiation and all that and then following an explanation very, very closely....well, wishing won't make it so. So it's best to ignore the "unwashed masses" and their inability to understand untraceable money. More troubling is that so many _here_ don't seem to "get it." --Tim May From decoy at iki.fi Thu Jul 24 15:17:47 2003 From: decoy at iki.fi (Sampo Syreeni) Date: Fri, 25 Jul 2003 01:17:47 +0300 (EEST) Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online In-Reply-To: <17C50F20-BE10-11D7-8D66-0003930F2360@got.net> References: <17C50F20-BE10-11D7-8D66-0003930F2360@got.net> Message-ID: On 2003-07-24, Tim May uttered: >HOWEVER, our interest is in the untraceable/anonymous. Duh! -- Sampo Syreeni, aka decoy - mailto:decoy at iki.fi, tel:+358-50-5756111 student/math+cs/helsinki university, http://www.iki.fi/~decoy/front openpgp: 050985C2/025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 From ccooper at klohn.com Fri Jul 25 05:10:37 2003 From: ccooper at klohn.com (Cooper, Carlo) Date: Fri, 25 Jul 2003 05:10:37 -0700 Subject: Fisk articles Message-ID: > -----Original Message----- > From: Harmon Seaver [mailto:hseaver at cybershamanix.com] > Sent: Tuesday, 22 July 2003 7:17 AM > To: cypherpunks at lne.com > Subject: Fisk articles > > > Does anyone have access to the fulltext articles by Robert > Fisk like this one > on alleged torture in US internment camps in Iraq: > http://news.independent.co.uk/world/fisk/story.jsp?story=42652 0 that the Independant offers on a subscription basis? I think this is the same story @ counterpunch.org http://www.counterpunch.org/fisk07242003.html cya carlo. From jtrjtrjtr2001 at yahoo.com Fri Jul 25 06:01:10 2003 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Fri, 25 Jul 2003 06:01:10 -0700 (PDT) Subject: Dead Body Theatre In-Reply-To: <01a001c35205$2704dc90$c71121c2@exchange.sharpuk.co.uk> Message-ID: <20030725130110.40576.qmail@web21201.mail.yahoo.com> May be the information provided by the informant was wrong and it ended up that a 14 year kid along with 3 iraqi adults got killed and in order to prevent further outrage among iraqi's,the white house decided on playing its cards to its advantage.They didn't confirm their DNA test as yet-funny. Regards Sarath. --- Dave Howe wrote: > Eric Cordian wrote: > > Now that the new standard for pre-emptive war is > to murder the > > legitimate leader of another sovereign nation and > his entire family, > > an "artist's rendering" of Shrub reaping what he > sows would surely be > > an excellent political statement. > I am not sure these two were murdered as saddam's > sons (although obviously > they were, and were no doubt given priority over > equally worthy targets) > but as authority figures in the former government. > That they were also (if > they could be captured) bloody useful hostages > against actions by their > father probably didn't go without notice either. > However, if strafeing an occupied house with > helecopter gunships, rocket > launchers and heavy machine guns after a cursory > "surrender or die" is > ignored, based on military intel (which as the WMD > fiasco shows is > worthless if the PR spin department are demanding > raw access to unfiltered > intel and filtering, not on reliability but on > closeness of match to the > desired outcome) is to be the new standard, I > suspect a suicide bombing of > the white house (killing all the staff and the > shrub) would now be "ok" > provided they shouted 'surrender or die' first, yes? > __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From postgres at jal.org Fri Jul 25 05:08:41 2003 From: postgres at jal.org (Jamie Lawrence) Date: Fri, 25 Jul 2003 07:08:41 -0500 Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online In-Reply-To: <0E0C3BFB-BE74-11D7-8D66-0003930F2360@got.net> References: <200307242212.16564.sfurlong@acmenet.net> <0E0C3BFB-BE74-11D7-8D66-0003930F2360@got.net> Message-ID: <20030725120841.GH1073@jal.clueinc.net> On Fri, 25 Jul 2003, Tim May wrote: > There is much that could be said about whether this difficulty is why > we don't have untraceable, Chaum-style forms of money (I don't think > this is the reason). Regardless, wishing won't make it so, and so > wishing that people would "grok" the importance of blinding without > having spent at least a few hours brushing up on RSA and exponentiation > and all that and then following an explanation very, very > closely....well, wishing won't make it so. > > So it's best to ignore the "unwashed masses" and their inability to > understand untraceable money. As far as it goes, I'm willing to bet that many of the unwashed masses who hold a mortgage don't actually understand how it was calculated, much like there are many insurance policy holders who don't understand actuarial statistics. (As far as it goes, except in the broad terms of understanding statistics, I fall in to the latter category. I once tried to read up on how insurance risks are calculated, and simply couldn't get through the text, without more reason to. A friend who works in reinsurance still laughs at me over this.) Same story in securities and mutual funds. Or, for that matter, SMTP. As a further example, a very intelligent person, very successful in chosen pursuits, asked me how secure the new Visa cards with online passwords were. The ones that are being advertised all over TV. It took a fair amount of explaining to get across that they don't protect the user of the card, they protect the merchant and the bank. Once the "lightbulb came on", she was annoyed at having been taken in by an ad, and completely forgot to care whether or not the protocol is 'secure'. I'm not sure that understanding matters for broad adoption of a financial instrument. The sales pitch does matter. > More troubling is that so many _here_ don't seem to "get it." True, but this list has always been made up of mostly nitwits. > --Tim May -j -- Jamie Lawrence jal at jal.org Be aloof, there's been a sudden population explosion of lerts. From s.schear at comcast.net Fri Jul 25 08:40:33 2003 From: s.schear at comcast.net (Steve Schear) Date: Fri, 25 Jul 2003 08:40:33 -0700 Subject: R.I.P. (was: Re: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online) In-Reply-To: <523133AB-BE43-11D7-8D66-0003930F2360@got.net> References: <20030725001110.GC9659@dreams.soze.net> Message-ID: <5.2.1.1.0.20030725081344.048dac40@mail.comcast.net> At 18:57 2003-07-24 -0700, Tim May wrote: >On Thursday, July 24, 2003, at 05:11 PM, Justin wrote: > >>Tim May (2003-07-24 19:50Z) wrote: >> >>>We should also fight the use of sloppy language in the press when >>>mundane electronic funds transfer systems are called "digital cash." >> >>Is there anything to fight? >> >>The only instance of "digital cash" on google news (there's one >>reference to "digital cash registers", which I'm not counting) is an >>article about proffr's "x needs killing" comments. The article doesn't >>abuse the term "digital cash", though it does abuse the term "listserv". >> >>The term doesn't appear in print often enough to matter, IMO. >> > >PLONK. > >Way too many fools on Cypherpunks these last several months. Maybe it's >time to kill it. I think its been dead for some time now. Most of those on the list are The motto "cypherpunks should have written code" is emblazoned across the tombstone. As some of you know there have been a number of aborted attempts, few serious, to build a digital cash (Chaumian sense) code base from which to catalyze useful commercial ventures. During the go-go '90s all the talented coders on this list were off chasing the bubble rainbow and had no time for such pipe dreams. Now that many are un- or under-employed there still doesn't seem to be any activity by those active on this list in this critical infrastructure area. All the recent work that is being done (e.g., Orlin Grabbe's ALTA/DMT http://orlingrabbe.com/redirect.htm, Patrick McCuller's Lucrative http://lucrative.thirdhost.com, YodelBank http://yodelbank.com/, InvisibelNet http://invisiblenet.net) has been undertaken by real cypherpunks, a few monitor this list but rarely if ever post. I can only conclude that with the exceptions of the early CPs, who helped build the first remailers and such, most list members now are losers and sycophants. Time to move over for the next crop of motivated libertarian cypherpunks. The cypherpunks are dead, long live the cypherpunks! steve "We are much beholden to Machiavelli and others that write what men do, not what they ought to do." -Francis Bacon From odlyzko at dtc.umn.edu Fri Jul 25 07:30:11 2003 From: odlyzko at dtc.umn.edu (Andrew Odlyzko) Date: Fri, 25 Jul 2003 09:30:11 -0500 (CDT) Subject: FYI: paper on privacy and price discrimination Message-ID: The paper "Privacy, Economics, and Price Discrimination on the Internet," to appear in the Proc. 5th International Conference on eCommerce, is now available on my Web page. I thought it might be of interest to you, and apologize for the spam if it is not. Best regards, Andrew Odlyzko full paper URL: http://www.dtc.umn.edu/~odlyzko/doc/privacy.economics.pdf Privacy, Economics, and Price Discrimination on the Internet Andrew Odlyzko Digital Technology Center University of Minnesota Minneapolis, Minnesota odlyzko at umn.edu http://www.dtc.umn.edu/~odlyzko Abstract: The rapid erosion of privacy poses numerous puzzles. Why is it occurring, and why do people care about it? This paper proposes an explanation for many of these puzzles in terms of the increasing importance of price discrimination. Privacy appears to be declining largely in order to facilitate differential pricing, which offers greater social and economic gains than auctions or shopping agents. The thesis of this paper is that what really motivates commercial organizations (even though they often do not realize it clearly themselves) is the growing incentive to price discriminate, coupled with the increasing ability to price discriminate. It is the same incentive that has led to the airline yield management system, with a complex and constantly changing array of prices. It is also the same incentive that led railroads to invent a variety of price and quality differentiation schemes in the 19th century. Privacy intrusions serve to provide the information that allows sellers to determine buyers' willingness to pay. They also allow monitoring of usage, to ensure that arbitrage is not used to bypass discriminatory pricing. Economically, price discrimination is usually regarded as desirable, since it often increases the efficiency of the economy. That is why it is frequently promoted by governments, either through explicit mandates or through indirect means. On the other hand, price discrimination often arouses strong opposition from the public. There is no easy resolution to the conflict between sellers' incentives to price discriminate and buyers' resistance to such measures. The continuing tension between these two factors will have important consequences for the nature of the economy. It will also determine which technologies will be adopted widely. Governments will likely play an increasing role in controlling pricing, although their roles will continue to be ambiguous. Sellers are likely to rely to an even greater extent on techniques such as bundling that will allow them to extract more consumer surplus and also to conceal the extent of price discrimination. Micropayments and auctions are likely to play a smaller role than is often expected. In general, because of the strong conflicting influences, privacy is likely to prove an intractable problem that will be prominent on the the public agenda for the foreseeable future. --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From s.schear at comcast.net Fri Jul 25 09:50:47 2003 From: s.schear at comcast.net (Steve Schear) Date: Fri, 25 Jul 2003 09:50:47 -0700 Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online Message-ID: <5.2.1.1.0.20030725095026.04980598@mail.comcast.net> At 00:46 2003-07-25 -0700, Tim May wrote: >On Thursday, July 24, 2003, at 07:12 PM, Steve Furlong wrote: > >>On Thursday 24 July 2003 15:50, Tim May wrote: >> >>>In fact, "digicash" strongly suggests David Chaum's "Digicash," >> >>That assumes the reader or listener has heard of Digicash, or of Chaum. >>Not an assumption I'd be comfortable making. > >Agreed, making the assumption that readers here have heard of Chaum or >understand the basic idea of blinded transactions (or dining >cryptographers, or oblivious transfer, or any of the other building >blocks) is no longer warranted. I expect many of the persyns of peircing >now spewing on the list are, like, thinking "that's, like, _so_ nineties." > >As for thinking very general readers or listeners, those not even on the >list, are capable of understanding Chaum or Digicash, that's a fool's >errand. The average nontechnical person knows nothing about how crypto >works, and attempting to explain a DC-Net or a blinded transfer is no more >useful to them than just telling them the currency is based on "magic beans." I've used the graphics and explanations that were in Digicash's Users Guide with non-technicals to great effect. They portrayed blinding using envelope, wax seal and wax token. The token was placed in the envelope and sent to the mint. The envelope represented the blinding function performed by the user's SW. The wax seal: the mint's digital signature pressed onto the envelope and "by pressure" into the enclosed coin which has not been seen by the mint. And the wax token, once removed from the envelope, the un-blinded coin. steve From camera_lumina at hotmail.com Fri Jul 25 06:59:52 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 25 Jul 2003 09:59:52 -0400 Subject: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online Message-ID: "So it's best to ignore the "unwashed masses" and their inability to understand untraceable money." That's precisely the wrong conclusion, assuming everything else you wrote in this post is correct. If one accepts that most young people don't understand the notion or implications of truely digital "cash", then one's tactics must change considerably. If de-empowering some aspects of the State is your goal, a new constrant is that your methods must not rely on anyone giving a crap about your goals, or possibly of digital cash. This does not mean that these ideas are destined to flounder, but instead it may mean that for them to have life they must find it somewhere where people can understand their usefulness. For instance, I can easily see some notions of untraceable digital cash finding applications over certain kinds of P2P networks. But if you continue to discuss the issue in the abstract, or purely in the context of de-stating the state, the youngins won't pay attention long enough for them to recognize why this may be useful to them. Eventually, however, they'll find the need for these ideas and do their homework. -TD >From: Tim May >To: cypherpunks at lne.com >Subject: Re: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online >Date: Fri, 25 Jul 2003 00:46:09 -0700 > >On Thursday, July 24, 2003, at 07:12 PM, Steve Furlong wrote: > >>On Thursday 24 July 2003 15:50, Tim May wrote: >> >>>In fact, "digicash" strongly suggests David Chaum's "Digicash," >> >>That assumes the reader or listener has heard of Digicash, or of Chaum. >>Not an assumption I'd be comfortable making. > >Agreed, making the assumption that readers here have heard of Chaum or >understand the basic idea of blinded transactions (or dining >cryptographers, or oblivious transfer, or any of the other building blocks) >is no longer warranted. I expect many of the persyns of peircing now >spewing on the list are, like, thinking "that's, like, _so_ nineties." > >As for thinking very general readers or listeners, those not even on the >list, are capable of understanding Chaum or Digicash, that's a fool's >errand. The average nontechnical person knows nothing about how crypto >works, and attempting to explain a DC-Net or a blinded transfer is no more >useful to them than just telling them the currency is based on "magic >beans." > >The point is not that laymen need to understand Digicash, but that calling >things like ATM cards and Visa cards "digicash" does a disservice to the >important ideas of why Chaum's and Brands' and similar systems worked. > >Hey, maybe it's actually the case that some of the people here who are >referring to electronic debit cards as "digicash" just don't have a clue >about what blinding is and why it makes for truly untraceable tokens. > > >>I tend to use "electronic money" when discussing coin- or account-based >>systems, anonymous or not, with the unwashed masses. It conveys the >>meaning well enough to serve as an opening wedge to a better >>description, and it's general enough that it shouldn't offend the >>sensibilities of those few people who do understand the subject in >>depth. And it hasn't been gobbled up by any company, so far as I know. > >I stopped any efforts to explain the true importance of electronic/digital >money/cash a long time ago. A waste of time. Not too surprising, as getting >even the basic idea requires some passing familiarity with things like how >RSA works. When I read Chaum's 1985 CACM paper I already knew about RSA and >"hard" directions for problems (trapdoor functions), and yet I still had to >read and reread the paper and draw little pictures for myself. > >Thinking someone can absorb the gist via a purely verbal description is >just not plausible. I have seen David Chaum attempt to do this with an >audience of computer professionals....my impression from the later >questions from the audience is that his explanation simply didn't get them >over the "hump" to the stage of realizing the key concept. No more so than >popularizations of relativity actually ever got the masses to understand >relativity. > >There is much that could be said about whether this difficulty is why we >don't have untraceable, Chaum-style forms of money (I don't think this is >the reason). Regardless, wishing won't make it so, and so wishing that >people would "grok" the importance of blinding without having spent at >least a few hours brushing up on RSA and exponentiation and all that and >then following an explanation very, very closely....well, wishing won't >make it so. > >So it's best to ignore the "unwashed masses" and their inability to >understand untraceable money. > >More troubling is that so many _here_ don't seem to "get it." > >--Tim May _________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail From s.schear at comcast.net Fri Jul 25 10:26:59 2003 From: s.schear at comcast.net (Steve Schear) Date: Fri, 25 Jul 2003 10:26:59 -0700 Subject: R.I.P. (was: Re: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online) In-Reply-To: References: <5.2.1.1.0.20030725081344.048dac40@mail.comcast.net> <523133AB-BE43-11D7-8D66-0003930F2360@got.net> <20030725001110.GC9659@dreams.soze.net> Message-ID: <5.2.1.1.0.20030725102419.04985f10@mail.comcast.net> At 12:41 2003-07-25 -0700, you wrote: >Oh, like Uday and Qusay, you can't kill this immortal fucker, >nobody got the guts to plow a TOW in it. Instead, thousands of >gutless have hari-kiried by exiting the battle for well.com >nutlick where the dead live in perfect, silent synchrony, so that >is a no-brain, no-work option. Sit still, children, repeat this. Translation please :-) I don't understand or speak Consciousness Stream 1.0 steve "The most dangerous man to any government is the man who is able to think things out for himself, without regard to the prevailing superstitions and taboos. Almost inevitably he comes to the conclusion that the government he lives under is dishonest, insane, and intolerable." --H. L. Mencken From eresrch at eskimo.com Fri Jul 25 10:30:46 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Fri, 25 Jul 2003 10:30:46 -0700 (PDT) Subject: R.I.P. (was: Re: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online) In-Reply-To: Message-ID: On Fri, 25 Jul 2003, John Young wrote: > The old days, don't believe them, cypherpunks was and is toxic > to serious makeovers and shutdowns and lock-outs, and, never > forget that PLONKS are cries of shut the fuck up and listen to me. > Pluck the PLONKS, if you don't get them you aint earning your > stay. PLONKERS little-man your wee-wees. > > Hiccups a fogey one hand hanging on the bar rail, the other > rooting the floor vomit for a chawtabaccy cud ricochet from > the spit bucket. > Right on dude! Patience, persistence, truth, Dr. mike From jya at pipeline.com Fri Jul 25 12:41:30 2003 From: jya at pipeline.com (John Young) Date: Fri, 25 Jul 2003 12:41:30 -0700 Subject: R.I.P. (was: Re: A 'Funky A.T.M.' Lets You Pay for Purchases Made Online) In-Reply-To: <5.2.1.1.0.20030725081344.048dac40@mail.comcast.net> References: <523133AB-BE43-11D7-8D66-0003930F2360@got.net> <20030725001110.GC9659@dreams.soze.net> Message-ID: