From mv at cdc.gov Mon Sep 1 08:41:34 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 01 Sep 2003 08:41:34 -0700 Subject: Responding to orders which include a secrecy requirement Message-ID: <3F5368AE.B6F24BC0@cdc.gov> At 12:02 PM 8/31/03 -0700, Tim May wrote: >He said: "An ISP is free to say "anyone requesting a tap is required to >pay a fee," just as any ISP is free to say that it will handle >installation of special Carnivore equipment for a certain fee." > >A customer of the ISP is certainly _not_ the one requesting a tap. And >he is certainly not the one installing Carnivore equipment. If you rent your house, and the renters cause you to get billed for something they do, you can certainly pass on the cost to the renter. If you get a ticket in a rented car, you (not the car owner) reimburse the owner. If your ISP gets a lot of complaints about your usage, they *could* pass on the cost to you. An ISP could regard its court-ordered hassles (or other hassles, eg attacks launched from your node) as your fault. From mv at cdc.gov Mon Sep 1 08:44:41 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 01 Sep 2003 08:44:41 -0700 Subject: Responding to orders which include a secrecy requirement Message-ID: <3F536969.D1763B0E@cdc.gov> At 08:06 PM 8/31/03 -0700, Tim May wrote: > >The Mob doesn't actually have to kill too many stoolies for it to be >widely known that ratting can be a very dangerous business. > Ask David Kelly. Or his associates. Reputation is a tool. From mv at cdc.gov Mon Sep 1 08:46:45 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 01 Sep 2003 08:46:45 -0700 Subject: Responding to orders which include a secrecy requirement Message-ID: <3F5369E5.5E2D728F@cdc.gov> At 01:54 AM 9/1/03 -0400, An Metet wrote: >Here's a clue. If and when crypto anarchy ever becomes a reality, >Tim May is going to be one of the first ones killed. He's pissed off >too many people. Once they can get retribution anonymously, his days >are numbered. What, exactly, has Tim done that wrongs others? Publishing bits doesn't matter. Change the channel. Coercion (under threat of violence) matters. Sticks and stones. From mv at cdc.gov Mon Sep 1 08:51:38 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 01 Sep 2003 08:51:38 -0700 Subject: DoS of spam blackhole lists Message-ID: <3F536B0A.5A98476F@cdc.gov> At 11:03 AM 9/1/03 +0200, Andrew Thomas wrote: >> b) realize that the distributed method you suggest already >> exists - it is called procmail(*). >Procmail serves no purpose by itself. It requires no small >amount of effort on the part of the administrator to utilise >for any type of systems implmentation, and thus administrators >with limited time (common in smaller companies) will rather rely >on (flawed) projects than self-initiated implementations. The "overworked small netadmin" will simply use someone else's scripts. Not hard. >> (*) or you could setup a dummy email account on all > >The above is useful information. Specifically, the recognition >of duplicate mail receipts is a concept that is new to me, though You're behind then. Putting "harvest this and get blocked" email bait is common practice, eg on websites with addresses. I don't suppose you've ever heard of fake streets in maps (cartographic watermarks) to detect copying? From morlockelloi at yahoo.com Mon Sep 1 10:53:19 2003 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Mon, 1 Sep 2003 10:53:19 -0700 (PDT) Subject: Responding to orders which include a secrecy requirement In-Reply-To: Message-ID: <20030901175319.96505.qmail@web40611.mail.yahoo.com> What Tim is (correctly) observing here is that a working challenge to the force monopoly is a very effective way to modify behaviour. Where Tim is wrong, though, is that he may have anything resembling a working challenge. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From andrewt at nmh.co.za Mon Sep 1 02:03:36 2003 From: andrewt at nmh.co.za (Andrew Thomas) Date: Mon, 1 Sep 2003 11:03:36 +0200 Subject: DoS of spam blackhole lists In-Reply-To: <20030829133328.R36493-100000@kozubik.com> Message-ID: <001001c37067$f3f8d820$0101a8c0@gfserver> John: ... > a) admit that your stupid, self-appointed-netcop blacklists > and self-righteous spam projects are inherently flawed, and ... > Please spend your sophomore year working on something besides > "self-appointed-spam-netcop-site-of-the-week". ... >..., and don't require > some asshole swooping in to save us with his miraculous spews > database. ... I fail to see how the above is at all necessary in responding to the statement. Either a) an explanation, or b) a link to an explanation as to why you have these opinions would have been far more useful than the above troll. > b) realize that the distributed method you suggest already > exists - it is called procmail(*). Procmail serves no purpose by itself. It requires no small amount of effort on the part of the administrator to utilise for any type of systems implmentation, and thus administrators with limited time (common in smaller companies) will rather rely on (flawed) projects than self-initiated implementations. > (*) or you could setup a dummy email account on all > web-published documents, and delete any email that arrives in > both mailboxes, or you could implement a challenge/response > mechanism for all new senders. All three mechanisms > mentioned are distributed, independent The above is useful information. Specifically, the recognition of duplicate mail receipts is a concept that is new to me, though that would require that both email addresses would receive an equal amount of 'publicity' on newsgroups, mailing lists, etc in order that they are both acquired by a potential spammer. The latter idea I have heard before. If you have a preferred implementation however, which one it is and why is information that I would find useful. A. -- Andrew G. Thomas Hobbs & Associates Chartered Accountants (SA) (o) +27-(0)21-683-0500 (f) +27-(0)21-683-0577 (m) +27-(0)83-318-4070 From wolf at priori.net Mon Sep 1 12:03:00 2003 From: wolf at priori.net (Meyer Wolfsheim) Date: Mon, 1 Sep 2003 12:03:00 -0700 (PDT) Subject: "Terror Reading" In-Reply-To: Message-ID: On Sun, 31 Aug 2003, Anonymous wrote: > >Some librarians are probably now thinking they have a patriotic duty to > >see what people are reading and to report any "suspicious" behavior. > >Part of the intent of the Patriot Act and the Library Awareness Program > >was to bamboozle the nation's librarians into acting as the kind of > >"ward watchers" that were once so common in the Soviet Union (the > >babushkas who sat on each floor of apartment buildings and filed > >reports on the comings and goings of their flock). > > The purpose of this is purely a show and indoctrination. > > 1. No self-respecting terrorist would go to a fucking library to do > terror reading (maybe there is something positive here - I think that > we should get protected by pigs from extremely dumb terorists.) The risk is not one "terrorists" have to fear. The biggest problem with the librarian narc program is the same as most of these anti-terrorism measures: completely innocent people are harassed, arrested, or placed under suspicion. You won't catch a terrorist learning to be evil at a library, but you might wrongfully snare an innocent citizen who happens to have an interest in "bad" books. How long until this program is extended to include anyone checking out any book that some part of the US law enforcement body deems bad? If you read Pikhal, do you end up on a watch list? -MW- From roy at rant-central.com Mon Sep 1 09:03:50 2003 From: roy at rant-central.com (Roy M. Silvernail) Date: Mon, 1 Sep 2003 12:03:50 -0400 Subject: DoS of spam blackhole lists Message-ID: <200309011203.50156.roy@rant-central.com> On Monday 01 September 2003 05:03, Andrew Thomas wrote: > The above is useful information. Specifically, the recognition > of duplicate mail receipts is a concept that is new to me, though > that would require that both email addresses would receive an > equal amount of 'publicity' on newsgroups, mailing lists, etc > in order that they are both acquired by a potential spammer. That 'publicity' may be easier to come by than you think. I migrated to my present domain from a much older one just 4 months ago. Now, a quick check of my spam folder shows that fully 5% of the received spam is directed to the new domain address. Considering that the old domain had a 7-year history, I'd say the harvest bots are working harder than one might otherwise think. From hseaver at cybershamanix.com Mon Sep 1 13:13:26 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Mon, 1 Sep 2003 15:13:26 -0500 Subject: "Terror Reading" In-Reply-To: References: Message-ID: <20030901201326.GA3551@cybershamanix.com> On Mon, Sep 01, 2003 at 12:03:00PM -0700, Meyer Wolfsheim wrote: > On Sun, 31 Aug 2003, Anonymous wrote: > > > >Some librarians are probably now thinking they have a patriotic duty to > > >see what people are reading and to report any "suspicious" behavior. First of all, the entire library community is outraged at being put in this position, and, in fact, the American Library Assoc. is suing Asskruft and the fedzis over it. Secondly, I personally know a great many librarians, holding an MLIS myself and having worked in several libraries, and all the librarians I know are very pissed about this and have no interest in cooperating if at all possible. > > >Part of the intent of the Patriot Act and the Library Awareness Program > > >was to bamboozle the nation's librarians into acting as the kind of > > >"ward watchers" that were once so common in the Soviet Union (the > > >babushkas who sat on each floor of apartment buildings and filed > > >reports on the comings and goings of their flock). > > > > The purpose of this is purely a show and indoctrination. > > > > 1. No self-respecting terrorist would go to a fucking library to do > > terror reading (maybe there is something positive here - I think that > > we should get protected by pigs from extremely dumb terorists.) > > The risk is not one "terrorists" have to fear. The biggest problem with > the librarian narc program is the same as most of these anti-terrorism > measures: completely innocent people are harassed, arrested, or placed > under suspicion. > So far I only know of one instance of the pigs coming to a library and demanding info on a patron. And it wasn't the fedzis, it was the local pigs and they weren't after a terrorist, they were after some poor souls library records because they suspected him of something to do with drugs. And I'll bet you that the vast majority of pig demands on libraries are in the same vein. This one was on the web: "The Virginia Public Library received a request for patron records from the Deputy Sheriff. The staff member informed the officer he would need to talk to the Director. Director Nancy Maxwell stated that she would check with the city attorney. When he could not be located in time, she contacted ALS and was advised to give them the information requested since it was accompanied by a court order." http://www.arrowhead.lib.mn.us/compass/minutes/august02.html > You won't catch a terrorist learning to be evil at a library, but you > might wrongfully snare an innocent citizen who happens to have an interest > in "bad" books. > > How long until this program is extended to include anyone checking out any > book that some part of the US law enforcement body deems bad? If you read > Pikhal, do you end up on a watch list? Yup. That's their main interest. Fuck terrorists -- the pigs are only interested if there is something to steal at the bust, like drugs or money, or there might be property to grab. Just try and get them to do anything about regular crime like enforcing disturbing the peace or drunk and disorderly. So, of course, that's what they are using the unpatriot act for. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From measl at mfn.org Mon Sep 1 15:45:50 2003 From: measl at mfn.org (J.A. Terranson) Date: Mon, 1 Sep 2003 17:45:50 -0500 (CDT) Subject: Responding to orders which include a secrecy requirement In-Reply-To: Message-ID: I wasn't even going to answer the absurd "hypothetical", but since it's now in play... On Mon, 1 Sep 2003, Sunder wrote: > In that case, I would suspect the ISP itself would have incoming/outgoing > feeds from other ISP's. Obviously, every ISP does. > If that single moral objector ISP refuses to > allow carnivores, the other, not quite as moral ISP's might be persuaded > to allow it, in which case the fedZ get what they want, just one > traceroute hop further up the chain. Perhaps not all of them, but perhaps > enough of them... Duh! Maybe I should have been clearer: the feds didn't show us at any of the small guys (AFAIK), such as the regional or small nationals - they showed up at the large multinationals (of which the one I work at was likely the smallest, with a mere 48 countries of footprint). They clearly understood that sniffing my peering/transit pipes wasn't technically *possible* (yet) - what they were interested in was sniffing my regional POPs, with [relatively] low speed OC3/OC12 pipes. To rephrase it: they were interested in *my* customers, not the traffic from other companies (they had other field officers at the other NSPs). > That's the thing about the internet - your packets must travel through > other ISP's (unless you're communicating with other nodes hosted by that > single ISP which is unlikely). It's a lot more likely than you seem to realize. The internet is a collection of aggregation points (ISPs): get the individual aggregations, and the rest is as visible as a reconstructed RAID5 stripe. > From the fedZ point of view, you need not > tap each and every single ISP. You can tap upstream, and still get the > data without tipping off the target, or his moral objector friends at her > ISP. This type of thing certainly goes on, but not in the vaccum cleaner world of large pipes. This is only technically feasible for targetted investigations. > At some point every ISP goes through MCI, Sprint, and AT&T, and don't > forget the local (phone company) loops. The loops are too far out on the edge to be useful for anyone but the loop owner themselves, and there are *way* too many [ever changing] paths out of any individual ASN - the aggregation point is where this kind of action *must* happen. > > Assuming that such a moral objector ISP would exist, As I noted: much to my amazement, many do exist. > it would be foolish > to assume that it would provide much of a measure of protection against > tapping cleartext transmissions. > Hence, encryption is important. Want > privacy and security? It's up to you to provide it: encrypt. Agrred. Encryption, properly implemented and executed, is the only real path to privacy. -- Yours, J.A. Terranson sysadmin at mfn.org "Every living thing dies alone." Donnie Darko From timcmay at got.net Mon Sep 1 17:48:14 2003 From: timcmay at got.net (Tim May) Date: Mon, 1 Sep 2003 17:48:14 -0700 Subject: "Terror Reading" In-Reply-To: Message-ID: <22922970-DCDF-11D7-87EC-000A956B4C74@got.net> On Monday, September 1, 2003, at 12:03 PM, Meyer Wolfsheim wrote: > The risk is not one "terrorists" have to fear. The biggest problem with > the librarian narc program is the same as most of these anti-terrorism > measures: completely innocent people are harassed, arrested, or placed > under suspicion. > > You won't catch a terrorist learning to be evil at a library, but you > might wrongfully snare an innocent citizen who happens to have an > interest > in "bad" books. > > How long until this program is extended to include anyone checking out > any > book that some part of the US law enforcement body deems bad? If you > read > Pikhal, do you end up on a watch list? The chilling effect is that libraries will get the message and remove "seditious" and "questionable" books. I'm not spending much time in public libraries, favoring the UCSC Science Library, but I'll bet that after 9/11 a lot of the old stand-by books on rocketry, explosives, hydroponic gardening, etc. were removed by helpful librarians. (A "lot" meaning at least 5% of the libraries doing at least some removal of books. In some states, if not in large cities.) Librarians are our first defense against terrorism! Ignorance is strength. --Thought Criminal "We are at war with Oceania. We have always been at war with Oceania." "We are at war with Eurasia. We have always been at war with Eurasia." "We are at war with Iraq. We have always been at war with Iraq. "We are at war with France. We have always been at war with France." From sunder at sunder.net Mon Sep 1 15:05:20 2003 From: sunder at sunder.net (Sunder) Date: Mon, 1 Sep 2003 18:05:20 -0400 (edt) Subject: Responding to orders which include a secrecy requirement In-Reply-To: <20030830061014.A30391@slack.lne.com> Message-ID: Indeed. Despite all of Tim's rage, we're still just rats in a cage, and despite Tim's urging of necklacing ISP owners, or other foam at the mouth arm-chair solutions, Occam's razor still supplies the better, and cleaner solutions: If your MTA has it, turn on the START TLS option. If it doesn't, either compile it in, or get a new MTA for your server. Also add GPG/PGP, and hard drive encryption, to both your client and the server. (Since the discussion is about ISP's, we can assume that you own the server either hosted by or fed by your ISP - if you don't - i.e. you're on a dial-up PPP, you're at the ISP's mercy anyway, and the ISP can read/forge your mail unless you PGP every piece of email.) Don't have secure IMAP/POP capabilities? Use ssh as a secure tunnel to transport IMAP/POP/SMTP from the client into the server. Even when your client lives on the same network segment as the server. If you don't realize why this is useful, get clued in as quickly as you can. Of course, as usual, this discussion will next focus on physical security (hint for the above paragraph for those in need of a clue), then detecting black bag operations, with the usual "Read the Fucking Archives" coming from the usual source(s). And you know what? This indeed has already been dealt with, so yes, by all means, "Read the fucking archives" does apply. So go and read the fucking archives - all of you. That's your homework. Do it! There will be a quiz tomorrow! Be sure to bring your #2 pencils! :) ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Sat, 30 Aug 2003, Eric Murray wrote: > This is a problem that's better solved with crypto. From sunder at sunder.net Mon Sep 1 15:20:43 2003 From: sunder at sunder.net (Sunder) Date: Mon, 1 Sep 2003 18:20:43 -0400 (edt) Subject: Responding to orders which include a secrecy requirement In-Reply-To: <5.2.1.1.0.20030831112323.040e1008@mail.comcast.net> Message-ID: In that case, I would suspect the ISP itself would have incoming/outgoing feeds from other ISP's. If that single moral objector ISP refuses to allow carnivores, the other, not quite as moral ISP's might be persuaded to allow it, in which case the fedZ get what they want, just one traceroute hop further up the chain. Perhaps not all of them, but perhaps enough of them... Duh! That's the thing about the internet - your packets must travel through other ISP's (unless you're communicating with other nodes hosted by that single ISP which is unlikely). From the fedZ point of view, you need not tap each and every single ISP. You can tap upstream, and still get the data without tipping off the target, or his moral objector friends at her ISP. At some point every ISP goes through MCI, Sprint, and AT&T, and don't forget the local (phone company) loops. Assuming that such a moral objector ISP would exist, it would be foolish to assume that it would provide much of a measure of protection against tapping cleartext transmissions. Hence, encryption is important. Want privacy and security? It's up to you to provide it: encrypt. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Sun, 31 Aug 2003, Steve Schear wrote: > Well maybe. What if a US ISP is incorporated with all foreign residents > and no local employees (only trusted local contractors). No one to serve > legal notice upon. ISP is housed in a standalone building which is owned > outright (no landlord to serve). Site is monitored 24/7 via Internet and > satellite links with remote controlled self-destruct devices (which to be > effective must be capable of destroying the entire building). From justin-cypherpunks at soze.net Mon Sep 1 12:42:52 2003 From: justin-cypherpunks at soze.net (Justin) Date: Mon, 1 Sep 2003 19:42:52 +0000 Subject: [AntiSocial] Syracuse U tracks the Department of Homeland Security (fwd) In-Reply-To: References: Message-ID: <20030901194252.GA1098@dreams.soze.net> J.A. Terranson (2003-09-01 04:33Z) wrote: > which, curiously, shows Boulder with zero full-time DHS employees but > San Miguel (Telluride) with 7! That must be where all the terrorists ski. -- No man is clever enough to Times are bad. Children no longer know all the evil he does. obey their parents, and everyone -Francois de la Rochefoucauld is writing a book. -Cicero From justin-cypherpunks at soze.net Mon Sep 1 12:49:04 2003 From: justin-cypherpunks at soze.net (Justin) Date: Mon, 1 Sep 2003 19:49:04 +0000 Subject: Responding to orders which include a secrecy requirement In-Reply-To: References: Message-ID: <20030901194904.GB1098@dreams.soze.net> An Metet (2003-09-01 05:54Z) wrote: > Here's a clue. If and when crypto anarchy ever becomes a reality, > Tim May is going to be one of the first ones killed. He's pissed off > too many people. Once they can get retribution anonymously, his days > are numbered. Are we talking about the tendency of the general population to kill anyone who pisses them off, or yours? -- No man is clever enough to Times are bad. Children no longer know all the evil he does. obey their parents, and everyone -Francois de la Rochefoucauld is writing a book. -Cicero From ravage at einstein.ssz.com Mon Sep 1 20:46:28 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Mon, 1 Sep 2003 22:46:28 -0500 (CDT) Subject: [cdr] Test [No Reply] Message-ID: X-Anonymous Submissions: cpunks_anon at ssz.com -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ravage at einstein.ssz.com Mon Sep 1 20:50:30 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Mon, 1 Sep 2003 22:50:30 -0500 (CDT) Subject: [cdr] Test #2 [No Reply] Message-ID: -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ravage at einstein.ssz.com Mon Sep 1 21:01:10 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Mon, 1 Sep 2003 23:01:10 -0500 (CDT) Subject: [cdr] SSZ CDR Policy Change Message-ID: Greetings, We are closing the cypherpunks at ssz.com address to non-subscriber submissions. Actual subscriptions will remain open and unregulated. We have provided an alternate email address for specific submissions where sender anonymity is to be preserved, cpunks-anon at ssz.com. The list traffic will remain otherwise unmoderated and will mirror any and all traffic on the CDR backbone. These changes take place immediately. There were two basic reasons for this: 1. My thesis that any community will fractionate into 'tribes' that will preserve their particular 'view' of 'reality' has been demonstrated. This provides yet another point to the contrary for the validity of Crypto-Anarcho-Capitalistic-Libertarian (CACL) societal claims. The various policies of processes of the current nodes stands on primary evidence to the 'tribalization' tendency of human psychology. 2. I no long see a positive reason to leave the submissions open without consideration. The load on my time and system simply no longer justify such effort in light of #1. Don't worry, the SSZ CDR isn't going away...And we intend to continue to kick CACL butt! -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From nobody at cypherpunks.to Mon Sep 1 14:26:27 2003 From: nobody at cypherpunks.to (Anonymous via the Cypherpunks Tonga Remailer) Date: Mon, 1 Sep 2003 23:26:27 +0200 (CEST) Subject: Philips "CRYPTO1" stream cipher Message-ID: <1d6ffbf74d19a2471c0caaf3d243928d@cypherpunks.to> Does anyone have any source code or algos for Philips "CRYPTO1" stream cipher as used in their MIFARE products? From emc at artifact.psychedelic.net Tue Sep 2 00:21:36 2003 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Tue, 2 Sep 2003 00:21:36 -0700 (PDT) Subject: "Terror Reading" In-Reply-To: <3EA00E07-DB1A-11D7-87EC-000A956B4C74@got.net> Message-ID: <200309020721.h827Lbws010859@artifact.psychedelic.net> Tim wrote: > Even the owner of my ISP is narcing me out. > Read what he wrote recently to a Net.Nazi who wanted my speech limited: > "I'm sorry that Tim is being a bother again. He has a long history of > being obnoxious and threatening. So far, he has not broken any laws. We > have talked to the authorities about him on numerous occasions. They > have chosen to watch but not act. Please feel free to notify me if he > does anything that is beyond rude and actually violates any laws and I > will immediately inform the authorities." > Thank You > Don Frederickson (co-owner and CEO of got.net, Santa Cruz) Every police state is enabled by the actions of thousands of little peons (like Don Frederickson here), who insert themselves into things that are none of their business, in order that they may feel that they are important in the new scheme of things. Indeed, baggage screeners, librarians, and operators of small mom and pop ISPs do more damage to individual freedom than the uniformed jackboots do. I am reminded of that scene in Roman Polanski's movie in which the hero staggers out of the apartment where he has been hiding, and is pursued out the building by a middle-aged woman screaming - "Stop him, He's a Jew!" Replace suspected Jew by Terrorist, Child Molester, Drug Dealer, or Money Launderer, and you basically have the current climate for neighbor on neighbor snooping here in AmeriKKKa. Indeed, the hallmark of the Neocon climate of fear we current live under is the successful exportation of the technology of critic silencing formerly found only in areas such as Holocaust Promotion or the Sex Abuse Agenda to every facet of our everyday lives. The new rule for personal political speech seems to be - "Don't tip your hand until you have the firepower to defend yourself." -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From s.schear at comcast.net Tue Sep 2 12:47:34 2003 From: s.schear at comcast.net (Steve Schear) Date: Tue, 02 Sep 2003 12:47:34 -0700 Subject: JAP back doored Message-ID: <5.2.1.1.0.20030902124730.047290f8@mail.comcast.net> http://www.heise.de/newsticker/data/jk-02.09.03-005/ German police have searched and seized the rooms (dorm?) of one of the JAP developers. They were on the look for data that was logged throughout the period when JAP had to log specific traffic. The JAP-people say that the seizure was not conform with German law. They suggest that the police was afraid that they wouldn't gain the right to use this data before a normal court. So they "stole" it to make things clear. And since the JAP team did cooperate with them the previous time they now have the logs to get seized. I'll bet the logs weren't encrypted. Fools. steve Anarchy may not be a better form of government, but it's better than no government at all. From pcw2 at flyzone.com Tue Sep 2 11:45:43 2003 From: pcw2 at flyzone.com (Peter Wayner) Date: Tue, 2 Sep 2003 14:45:43 -0400 Subject: Searching for uncopyable key made of sparkles in plastic Message-ID: Several months ago, I read about someone who was making a key that was difficult if not "impossible" to copy. They mixed sparkly things into a plastic resin and let them set. A camera would take a picture of the object and pass the location of the sparkly parts through a hash function to produce the numerical key represented by this hunk of plastic. That numerical value would unlock documents. This was thought to be very difficult to copy because the sparkly items were arranged at random. Arranging all of the sparkly parts in the right sequence and position was thought to be beyond the limits of precision for humans. Can anyone give me a reference to this paper/project? Thanks! -Peter From dog3 at eruditium.org Tue Sep 2 11:46:55 2003 From: dog3 at eruditium.org (Cubic Dog) Date: Tue, 02 Sep 2003 14:46:55 -0400 Subject: Needed a WiFi "FidoNet" In-Reply-To: <5.2.1.1.0.20030831113332.04108ac0@mail.comcast.net> References: <5.2.1.1.0.20030831113332.04108ac0@mail.comcast.net> Message-ID: <3F54E59F.40906@eruditium.org> Steve Schear wrote: > It would seems that the means may soon be at hand for using WiFi, or > WiFi-like, equipment to create ad hoc, meshed, non-commercial networks. The means are at hand, have been at hand for quite a few years in the form of packet radio, and now of course, as you say, wi-fi. Folks an I used to pipedream about a xtra-net or hyper-net that was completely non-commercial, completely censor-free shadow internet running on top of the internet. The idea being to tunnel IPv6 over IPv4 over packet radio and the occasional "real" internet where wireless networks can't span. Running a distributed hack of named and a shared trust base of nic records. This would use the unallocated IP space. In order to host a node you had to relay for all all nodes. In order to participate, you had to actually be familiar with and utilise netiquette. Not a big deal, Linux and FreeBSD make it all completely possible. But like many utopian visions, not too likely. From ravi at thingmagic.com Tue Sep 2 12:59:05 2003 From: ravi at thingmagic.com (Ravi Pappu) Date: Tue, 2 Sep 2003 15:59:05 -0400 Subject: Searching for uncopyable key made of sparkles in plastic Message-ID: Peter, That paper was the result of my dissertation. The reference is Physical-One Way Functions R. Pappu, B. Recht, J. Taylor, N. Gershenfeld Science, vol. 297, pp. 2026-2030, 20 September 2002 The actual paper is available from http://web.media.mit.edu/~pappu/htm/publications.htm The current issue of RSA's Cryptobytes has a more detailed article. http://www.rsasecurity.com/rsalabs/cryptobytes/ Best, Ravi --------- Ravi Pappu ravi at thingmagic.com / off: +1.617.758.4136 / fax: +1.707.215.0156 ThingMagic LLC, One Broadway 14th Floor, Cambridge, MA 02142. USA. http://www.thingmagic.com Please note new mobile phone #: 617-642-6681 --------- --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From adam at homeport.org Tue Sep 2 13:19:02 2003 From: adam at homeport.org (Adam Shostack) Date: Tue, 2 Sep 2003 16:19:02 -0400 Subject: JAP back doored In-Reply-To: <5.2.1.1.0.20030902124730.047290f8@mail.comcast.net> References: <5.2.1.1.0.20030902124730.047290f8@mail.comcast.net> Message-ID: <20030902201901.GA37648@lightship.internal.homeport.org> On Tue, Sep 02, 2003 at 12:47:34PM -0700, Steve Schear wrote: | http://www.heise.de/newsticker/data/jk-02.09.03-005/ | | German police have searched and seized the rooms (dorm?) of one of the JAP | developers. They were on the look for data that was logged throughout the | period when JAP had to log specific traffic. The JAP-people say that the | seizure was not conform with German law. They suggest that the police was | afraid that they wouldn't gain the right to use this data before a normal | court. So they "stole" it to make things clear. And since the JAP team did | cooperate with them the previous time they now have the logs to get seized. | | I'll bet the logs weren't encrypted. Fools. That's the cool bit about playing by the law; they can ignore it, ruin people's lives, and then get a month off with pay while their actions are investigated. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From morlockelloi at yahoo.com Tue Sep 2 16:34:22 2003 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Tue, 2 Sep 2003 16:34:22 -0700 (PDT) Subject: Searching for uncopyable key made of sparkles in plastic In-Reply-To: Message-ID: <20030902233422.81119.qmail@web40609.mail.yahoo.com> > Several months ago, I read about someone who was making a key that > was difficult if not "impossible" to copy. They mixed sparkly things > into a plastic resin and let them set. A camera would take a picture This boils down to difficulty of faking the analog interface. Anything that regular camera captures the attacker can also capture and reproduce it for the benefit of the camera. This means that camera has to be able to distinguish between the real thing and images of the real thing. This probably means going beyond optical image and somehow detecting 3D coordinates of particles, forcing the attacker to actually construct a new physical key carrier. At the current level of technology and economy, it's cheaper to hire an unemployed hardware engineer (no, s/w engs are not qualified,) to look at the key than to construct a 3D particle-sensing camera. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From rah at shipwright.com Tue Sep 2 13:51:50 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 2 Sep 2003 16:51:50 -0400 Subject: Searching for uncopyable key made of sparkles in plastic Message-ID: --- begin forwarded text From bbrow07 at students.bbk.ac.uk Tue Sep 2 09:20:11 2003 From: bbrow07 at students.bbk.ac.uk (ken) Date: Tue, 02 Sep 2003 17:20:11 +0100 Subject: "domestic terrorism", fat lazy amerikans & ducks References: Message-ID: <3F54C33B.7040809@students.bbk.ac.uk> I'm keeping this one. It's tendng to the condition of poetry. John Young wrote: [...] > Commies, now there's a diversion fabricated in the propaganda > mills by ideological word-toolers of capitalists and socialists, > heeding the marketplace rule 1: concoct a worse evil to send > the pack howling at phantasms while draining their savings, cutting > back their jobs, sending their sons off to slaughter pens, or, to put > it more vulgarly, the free hand of the market lifting wallets and > crushnig lives while the media-mesmerized yokels stare bug-eyed > shitless at angels and devils paraded from pulpits to chickenhawk > feeding lots. [...] From bbrow07 at students.bbk.ac.uk Tue Sep 2 09:52:14 2003 From: bbrow07 at students.bbk.ac.uk (ken) Date: Tue, 02 Sep 2003 17:52:14 +0100 Subject: JAP back doored References: <20030822023113.37311.qmail@web40613.mail.yahoo.com> Message-ID: <3F54CABE.9080800@students.bbk.ac.uk> This piece of political PR was sent to a mailing list intended for internal reporting of computer problems at a university, so was obviously automatically grabbed. Maybe someone sold them a list of ac.uk addresses. Dr Sean Gabb wrote: > 2nd September 2003 > > Dear Educator, > > We are writing to ask whether you would like to receive > the future publications of the Libertarian Alliance by email. > > The Libertarian Alliance is the UK's premier radical > libertarian group. [...snip...] > Yours sincerely, > Dr. Chris R. Tame > Director The Libertarian Alliance I'd have thought Gabb & Tame (if it is them & not some spoof) were sussed enough to realise that spamming just makes you look like a prat. Ken Brown From bbrow07 at students.bbk.ac.uk Tue Sep 2 10:11:46 2003 From: bbrow07 at students.bbk.ac.uk (ken) Date: Tue, 02 Sep 2003 18:11:46 +0100 Subject: Look who's spamming now. [was falsely Re: JAP back doored] References: <20030822023113.37311.qmail@web40613.mail.yahoo.com> <3F54CABE.9080800@students.bbk.ac.uk> Message-ID: <3F54CF52.8040409@students.bbk.ac.uk> Whoops - apologies for stupid posting here caused by /me/ being a prat with my mail program. Though the message body it isn't entirely off-topic here - the subject line is quite unrelated to it. Mea culpa. Ken ken wrote: > This piece of political PR was sent to a mailing list intended for > internal reporting of computer problems at a university, so was > obviously automatically grabbed. Maybe someone sold them a list of ac.uk > addresses. > > Dr Sean Gabb wrote: > > 2nd September 2003 > > > > Dear Educator, > > > > We are writing to ask whether you would like to receive > > the future publications of the Libertarian Alliance by email. > > > > The Libertarian Alliance is the UK's premier radical > > libertarian group. > > [...snip...] > > > Yours sincerely, > > Dr. Chris R. Tame > > Director The Libertarian Alliance > > I'd have thought Gabb & Tame (if it is them & not some spoof) were > sussed enough to realise that spamming just makes you look like a prat. > > Ken Brown From shaddack at ns.arachne.cz Tue Sep 2 12:59:09 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Tue, 2 Sep 2003 21:59:09 +0200 (CEST) Subject: Searching for uncopyable key made of sparkles in plastic In-Reply-To: Message-ID: On Tue, 2 Sep 2003, Peter Wayner wrote: > Can anyone give me a reference to this paper/project? Is it the MIT project with a laser and glass balls in epoxide resin? http://slashdot.org/articles/02/09/20/1217221.shtml?tid=172 http://www.nature.com/nsu/020916/020916-15.html From shaddack at ns.arachne.cz Tue Sep 2 16:00:21 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Wed, 3 Sep 2003 01:00:21 +0200 (CEST) Subject: Random musing about words and spam Message-ID: Spammers recently adopted tactics of using randomly generated words, eg. "wryqf", in both the subject and the body of the message. These "pseudowords" are random, which makes them different from real words that are made of syllables. Could the pseudowords be easily detected by their characteristics, eg. presence of syllables, wovel-consonant sequences/ratio, something like that? This could shift the balance of force in spam detection again, until the adversary will be forced to adopt the tactics of generating the random words from syllables instead of characters. Presence of pseudowords then could be added as one of spam characteristics. From john at kozubik.com Wed Sep 3 01:05:08 2003 From: john at kozubik.com (John Kozubik) Date: Wed, 3 Sep 2003 01:05:08 -0700 (PDT) Subject: Random musing about words and spam In-Reply-To: Message-ID: <20030903005446.H36493-100000@kozubik.com> Hello, On Wed, 3 Sep 2003, Thomas Shaddack wrote: > Spammers recently adopted tactics of using randomly generated words, eg. > "wryqf", in both the subject and the body of the message. These > "pseudowords" are random, which makes them different from real words that > are made of syllables. > > Could the pseudowords be easily detected by their characteristics, eg. > presence of syllables, wovel-consonant sequences/ratio, something like > that? This could shift the balance of force in spam detection again, until > the adversary will be forced to adopt the tactics of generating the random > words from syllables instead of characters. Presence of pseudowords then > could be added as one of spam characteristics. I have, for a year or so now, been wondering about all the odd character strings I am finding in the subjects and body of my spam, and I too thought about keying on these for detection. However, I immediately abandoned the idea, as a quick glance over the content of my legitimate email - to and from developers, technical mailing lists, etc., revealed that almost all of my legitimate email also contains seemingly random bits of gibberish and pseudowords. Try to write the logic that distinguishes this: if_gre in the tree passes the mbuf to netisr_dispatch(), which in turn calls if_handoff(), which does something similar. (hackers at freebsd.org) from this: dyeiluykxoer dyeiluykcqkutknig dyeiluykkrpmhrku dyeiluykngeqx dyeiluykoybim dyeiluykbihlyrelg dyeiluyktwucinmdyeiluykwenmttwvm (actual spam) I must reiterate that, given the relentless efficiency of spam-spiders, merely publishing a shadow email address on all web documents that your real email address reside on, and deleting all email sent to both accounts is my current favorite anti-spam mechanism. Simple to DIY, and requires no centralization. ----- John Kozubik - john at kozubik.com - http://www.kozubik.com From jamesd at echeque.com Wed Sep 3 08:27:18 2003 From: jamesd at echeque.com (James A. Donald) Date: Wed, 3 Sep 2003 08:27:18 -0700 Subject: Getting certificates. In-Reply-To: <20021004134621.A7820@slack.lne.com> References: <3D9DF516.ED30A66A@cdc.gov>; from mv@cdc.gov on Fri, Oct 04, 2002 at 01:07:50PM -0700 Message-ID: <3F55A5E6.27889.21A7796@localhost> -- SSH server public/private keys are widely deployed. PKI public keys are not. Reason is that each SSH server just whips up its own keys without asking anyone's permission, or getting any certificates. Outlook and outlook express support digital signing and encryption -- but one must first get a certificate. So I go to Thawte to get my free certificate, and find that Thawte is making an alarmingly great effort to link certificates with true name information, and with the beast number that your government has assigned to you, which imposes large costs both on Thawte, and on the person seeking the certificate, and also has the highly undesirable effect that using these certificates causes major loss of privacy, by enabling true name and beast number contact tracing of people using encryption. Now what I want is a certificate that merely asserts that the holder of the certificate can receive email at such and such an address, and that only one such certificate has been issued for that address. Such a certification system has very low costs for issuer and recipient, and because it is a nym certificate, no loss of privacy. Is there any web page set up to automatically issue such certificates? The certs that IE and outlook express accept oddly do not seem to have any provision for defining what the certificate certifies. This seems a curious and drastic omission from a certificate format. Since there is no provision to define what a certificate certifies, one could argue that any certification authority that certifies anything other than a true name connected to a state issued id number, the number of the beast, is guilty of fraud. This would seem to disturbingly limit the usefulness and application of such certificates. It also, as anyone who tries to get a free certificate from Thawte will discover, makes it difficult, expensive, and inconvenient to get certificates. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 7rl5qfyPL81rhIdYUGyx/+C8WqCcrYTgFcl1rLUX 4F/YurXISWTFVDuUgRsBx/0QJKrnyQcX24+wmb5i3 From shaddack at ns.arachne.cz Wed Sep 3 01:44:53 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Wed, 3 Sep 2003 10:44:53 +0200 (CEST) Subject: Random musing about words and spam In-Reply-To: <20030903005446.H36493-100000@kozubik.com> Message-ID: On Wed, 3 Sep 2003, John Kozubik wrote: > Try to write the logic that distinguishes this: > > if_gre in the tree passes the mbuf to netisr_dispatch(), which in turn > calls if_handoff(), which does something similar. > > (hackers at freebsd.org) > > from this: > > dyeiluykxoer dyeiluykcqkutknig dyeiluykkrpmhrku dyeiluykngeqx > dyeiluykoybim dyeiluykbihlyrelg dyeiluyktwucinmdyeiluykwenmttwvm > > (actual spam) Quality vs quantity. The ratio of machine-generated words to real-looking ones. The first one has far more negative hits than positive ones, the second one has all positive. (However, this is easy to beat by using randomly selected dictionary words instead. The following step is using a syntactical parser on the level of sentences. The countermove is borrowing random paragraphs of otherwise meaningful text from random websites. Following move is employing of semantical parsers, and then we're waist-deep in artificial intelligence and natural language analysis. It will end there anyway.) Won't work too reliably on its own, at least in the simple version, but could help a Bayesian filter to make a decision. > I must reiterate that, given the relentless efficiency of spam-spiders, > merely publishing a shadow email address on all web documents that your > real email address reside on, and deleting all email sent to both accounts > is my current favorite anti-spam mechanism. Simple to DIY, and requires > no centralization. This approach assumes you are able to detect duplicates (which may be difficult to do if each spam sent out would be different, eg. using different sets of pseudowords - which is already being done in some cases, from the day antispam systems based on hashes of known spams were introduced), and depends on the duplicates actually reaching your both addresses within reasonable timeframe. From andrewt at nmh.co.za Wed Sep 3 02:36:49 2003 From: andrewt at nmh.co.za (Andrew Thomas) Date: Wed, 3 Sep 2003 11:36:49 +0200 Subject: Random musing about words and spam In-Reply-To: Message-ID: <000401c371fe$ebc7d640$0101a8c0@gfserver> Thomas: > > I must reiterate that, given the relentless efficiency of > > spam-spiders, merely publishing a shadow email address on all web > > documents that your real email address reside on, and deleting all > > email sent to both accounts is my current favorite anti-spam > > mechanism. Simple to DIY, and requires no centralization. > > This approach assumes you are able to detect duplicates > (which may be difficult to do if each spam sent out would be > different, eg. using different sets of pseudowords - which is > already being done in some cases, from the day antispam > systems based on hashes of known spams were introduced), and > depends on the duplicates actually reaching your both > addresses within reasonable timeframe. If one of the addresses was not ever used for legitimate purposes, then blocking all addresses that sent to this address should be an effective filter. Also, with the low cost of storage today, storing message hashes of known spam wouldn't take much space (not to say that this would be a good way of identifying spam). I was pondering recently the usage of a "web of trust"-type system whereby one could use communal whitelists with decreasing trust going outward as well as the opportunity to selected trusted sources - perhaps using authentication authorities for PK's as authoratitive whitelists, or not, as per ones choice. (Since PK's require identification for the issue of certs, it at least provides some chain of evidence. However, this negates the opportunity for anonymity). How feasible are implementations of such 'distributed' whitelists? (I'm assuming that entries from non-whitelist identified emails are permitted to send through on a challenge-response basis, and that once identified, users have the opportunity to add to such whitelist). And, is it possible to indentify a bit of information as coming from a trusted source, without identifying that trusted source and without resorting to the use of a TTP? -- Andrew G. Thomas Hobbs & Associates Chartered Accountants (SA) (o) +27-(0)21-683-0500 (f) +27-(0)21-683-0577 (m) +27-(0)83-318-4070 From 0x90 at invisiblenet.net Wed Sep 3 13:05:02 2003 From: 0x90 at invisiblenet.net (Lance James) Date: Wed, 3 Sep 2003 13:05:02 -0700 Subject: Public Peer Review requests! Message-ID: <015b01c37256$a9e5f600$ca42420a@lancexp> InvisibleNet has formed the Invisible Internet Project (I2P) to support the efforts of those trying to build a more free society by offering them an uncensorable, anonymous, and secure communication system. I2P is a development effort producing a variable latency, fully distributed, autonomous, scalable, anonymous, resilient, and secure network. The goal is to be able to operate successfully in arbitrarily hostile environments - even when an organization with unlimited financial and political resources attacks it. I2P is not a filesharing app. I2P is essentially an anonymizing and secure replacement IP stack, running on top of the existing network. There has already been progress made in writing applications on top of the network to enable generic TCP/IP applications to tunnel through the network transparently, as well as to enable nym lookup and management - two applications which, when paired together, would allow any web browser to point at http://www.[yournym].iip/ and communicate with your webserver anonymously and securely. There are many more ideas for what I2P could be used for, and its certain we won't think of the most interesting ones. I2P is an absurdly ambitious effort. Depending on what mailing lists you read or people you talk with, they'll either say its impossible or just insanely hard. To be perfectly frank, I2P by itself doesn't contribute anything really significant to the CS/P2P research community, but it does take the great work of other projects and research efforts - such as freenet, iip, kademlia, mnet, tarzan, the remailers, and many, many more - and attempts to apply good software engineering techniques to provide hard anonymity and security in a variable latency network. "Variable latency" is repeated so often because I2P doesn't try to operate with a one size fits all set of anonymity and security constraints, and different people will require different tradeoffs. Bin Laden will probably not be able to pull off live streaming video, but Joe and Jane Sixpack and should be able to. Is I2P ready to download and run with? No. So why bother mentioning it? Because we need more critical eyes to make sure we address the right issues the right ways. We think we've got things pegged so that it'll not only work, but also be secure and anonymous. We're moving forward on the development path towards getting an alpha network release out the door, but we need these specs reviewed for flaws that we've missed. Of course, we also need lots of other things, from coders to documenters to QA to network simulators to CS people, but it is your eyeballs that we're calling out for today. What we have ready for review: - Invisible Internet Network Protocol (I2NP) spec[1], describing how network "routers" operate and what messages they send to other routers - Common Data Structures spec[2], describing the serialization of objects described in other specs, as well as the encryption algorithms used. - Invisible Internet Client Protocol (I2CP) spec[3], describing a simple local client protocol for making use of the network. - Polling HTTP Transport spec[4], an example transport protocol for use with I2NP to allow actual communication between routers, regardless of firewall, NAT, or HTTP proxy. We also have the 0.2 release of a software development kit (I2P SDK)[5], which includes everything necessary to design, develop, and test applications to run over the network, as well as all of the above specs. It includes a Java client API implementing I2CP, a sample application (ATalk, a one to one chat app that supports file transfer), a Java router, and a Python router. There are also C and Python client API implementations of I2CP are on the way. These router are "local only" - meaning they don't talk to other routers. This can be used in the same way we can build normal networked applications - by running the server on the local machine and pointing the applications at it. We've been keeping this quiet because its too easy to hype up a vaporware product and we wanted to wait until there was something worth reading about before saying anything. So please read these specs and send in your comments - either to info at invisiblenet.net or to the iip-dev mailing list[6]. Perhaps even jump on that list if you want to discuss things (archives are linked to from the web page), browse the wiki[7], or join us on IIP for development meetings - every tuesday at 9P GMT in #iip- dev (archives[8] since meeting 48 are pretty much I2P specific). Thanks for your time, and we look forward to any responses. - The InvisibleNet team [1] http://www.invisiblenet.net/i2p/I2NP_spec.pdf [2] http://www.invisiblenet.net/i2p/datastructures.pdf [3] http://www.invisiblenet.net/i2p/I2CP_spec.pdf [4] http://www.invisiblenet.net/i2p/polling_http_transport.pdf [5] http://www.invisiblenet.net/i2p/I2P_SDK.zip [6] http://www.invisiblenet.net/iip/devMailinglist.php [7] http://wiki.invisiblenet.net/iip-wiki?I2P [8] http://wiki.invisiblenet.net/iip-wiki?Meetings --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From rah at shipwright.com Wed Sep 3 10:07:06 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 3 Sep 2003 13:07:06 -0400 Subject: Money launderers go online Message-ID: Australian IT Money launderers go online Simon Hayes SEPTEMBER 02, 2003 LEGISLATION may be needed to help police and the Tax Office keep track of transactions made using internet-based payment services, a government watchdog has warned. Officials from Austrac, which monitors the financial system and identifies suspicious transactions, said there were many legitimate uses for internet-based payments systems, but they could be misused to provide an outlet for money laundering or tax evasion. It was not a concern with alternative payment systems "but with the potential to ensure that our law enforcement, revenue and national security programs don't suffer", Austrac director Neil Jensen said. "In the current system there's a chance it's not caught by the legislation." Alternative online payments systems are growing in popularity, particularly as a means of paying for internet auctions. "All of these things developing now need to be looked at, and looked at carefully," Mr Jensen said. Austrac officials told a recent hearing of the joint parliamentary committee on the Australian Crime Commission that the growing "array of alternative payment systems", such as the popular e-gold, escaped reporting requirements that caught bank-based transactions. Deputy director Liz Atkins told the committee that systems such as e-gold, which allows users to secure a cash deposit against gold held in a US vault and then use it to make online purchases, were being used to evade Austrac's network. "E-gold and other, similar types of mechanisms have been of great interest, particularly to the Australian Taxation Office," she said. "People use them to avoid our reporting mechanisms on international funds transactions. "It is quite easy to use these mechanisms by buying e-gold and then having credit cards or debit cards on international accounts so that our reporting systems are completely avoided. "There is quite a lot of concern within the broader law-enforcement agencies, including revenue and regulatory agencies, about these sorts of mechanisms." Ms Atkins said web payment systems, in conjunction with foreign credit cards, could help Australians avoid reporting transactions. Mr Jensen said Austrac could track part of the transaction, since funds had to pass through the banking system to be deposited in the account, but it was limited in what it could do after the deposit was made. New laws might be needed to bring non-bank payment systems under control, he said. Australian Institute of Criminology research deputy director Russell Smith said the internet had made it far easier for people to avoid the traditional banking system. Although most alternative payments systems were US-based and subject to strict regulation, much offshore banking took place in less regulated countries. "Part of the problem is harmonising regulations so different countries have similar controls," he said. "Some rogue states don't become involved, and thus can be used for criminal purposes." This report appears on australianIT.com.au. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From shields at msrl.com Wed Sep 3 08:00:35 2003 From: shields at msrl.com (Michael Shields) Date: Wed, 03 Sep 2003 15:00:35 +0000 Subject: Searching for uncopyable key made of sparkles in plastic In-Reply-To: <20030902233422.81119.qmail@web40609.mail.yahoo.com> (Morlock Elloi's message of "Tue, 2 Sep 2003 16:34:22 -0700 (PDT)") References: <20030902233422.81119.qmail@web40609.mail.yahoo.com> Message-ID: <87ekyxj4rw.fsf@mulligatwani.msrl.com> In message <20030902233422.81119.qmail at web40609.mail.yahoo.com>, Morlock Elloi wrote: > Anything that regular camera captures the attacker can also capture and > reproduce it for the benefit of the camera. Please read the paper. What's sent is not a picture of the token, but a hash of a picture of the pattern produced by a laser shining through the token. Because the laser scatters through the token in three dimensions it is difficult to model or reproduce the token. By varying the angle of the laser you can produce a large number of possible patterns, too many to be stored -- it's claimed this can be as much as 7 TB of data. So you can have a useful level of security even with untrusted token readers, and an extremely high level of security with trusted token readers. -- Shields. From Vincent.Penquerch at artworks.co.uk Wed Sep 3 07:37:14 2003 From: Vincent.Penquerch at artworks.co.uk (Vincent Penquerc'h) Date: Wed, 3 Sep 2003 15:37:14 +0100 Subject: Random musing about words and spam Message-ID: > However, I immediately abandoned the idea, as a quick glance over the > content of my legitimate email - to and from developers, > technical mailing > lists, etc., revealed that almost all of my legitimate email > also contains > seemingly random bits of gibberish and pseudowords. You can still do it and use such a rule with SpamAssassin or others, while keeping a low score so that it slightly influences the results but not too much. Haven't tried it, but Bayesian filters might score good on that kind of real text with random whole phrases, as tech email usually mixes the two together (most spams I get that use these code letters do it all at once, not interspersed with other normal text). -- Vincent Penquerc'h From s.schear at comcast.net Wed Sep 3 15:58:21 2003 From: s.schear at comcast.net (Steve Schear) Date: Wed, 03 Sep 2003 15:58:21 -0700 Subject: Reputation research Message-ID: <5.2.1.1.0.20030903155738.03a137b0@mail.comcast.net> http://databases.si.umich.edu/reputations/ "We are much beholden to Machiavelli and others that write what men do, not what they ought to do." -Francis Bacon From gshively at pivx.com Wed Sep 3 17:31:34 2003 From: gshively at pivx.com (Geoff Shively) Date: Wed, 3 Sep 2003 17:31:34 -0700 Subject: Blaster / Power Outage Follow up Message-ID: As suggested the day of the blackout, SCADA / DCS security was a primary factor in the blackouts. --MSBlast's Effect on the Blackout (29 August 2003) The MSBlast worm apparently slowed some communications lines that connect data centers used to manage the power grid, abetting the "cascading effect" of the blackout that hit the north-east, mid-west and parts of Canada last month. The worm didn't harm the systems, but did slow down the speed at which networks communicated. A Bush administration advisor said that the worm also "hampered efforts to ... restore power in a timely manner." http://www.computerworld.com/printthis/2003/0,4814,84510,00.html Correct after all, this is the second admission of blaster affecting the power systems, one from the Bush administration and one from First Energy. Cheers, Geoff Shively, CHO PivX Solutions, LLC http://www.pivx.com ----- End forwarded message ----- From DaveHowe at gmx.co.uk Wed Sep 3 10:18:50 2003 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Wed, 3 Sep 2003 18:18:50 +0100 Subject: Getting certificates. References: <3D9DF516.ED30A66A@cdc.gov>; from mv@cdc.gov on Fri, Oct 04, 2002 at 01:07:50PM -0700 <3F55A5E6.27889.21A7796@localhost> Message-ID: <025701c3723f$730aa750$c71121c2@exchange.sharpuk.co.uk> > Outlook and outlook express support digital signing and > encryption -- but one must first get a certificate. > > Now what I want is a certificate that merely asserts that the > holder of the certificate can receive email at such and such an > address, and that only one such certificate has been issued for > that address. Such a certification system has very low costs > for issuer and recipient, and because it is a nym certificate, > no loss of privacy. then generate one. it won't be accepted as legitimate by the majority of clients though - you would have to get each one to approve you manually (like you would with a pgp key, but without the WoT to help you) keys can be generated using OpenSSL, or if you aren't a fan of command line tools, EBCrypt can generate them from VB; there is a mini-ca script here: http://groups.yahoo.com/group/WSH-CA/files/Current/ if you want to play with it :) From nobody at cypherpunks.to Wed Sep 3 11:16:17 2003 From: nobody at cypherpunks.to (Anonymous via the Cypherpunks Tonga Remailer) Date: Wed, 3 Sep 2003 20:16:17 +0200 (CEST) Subject: Getting certificates. Message-ID: On Wed, 3 Sep 2003, James A. Donald wrote: > -- > SSH server public/private keys are widely deployed. PKI public > keys are not. Reason is that each SSH server just whips up its > own keys without asking anyone's permission, or getting any > certificates. > > Outlook and outlook express support digital signing and > encryption -- but one must first get a certificate. > > So I go to Thawte to get my free certificate, and find that > Thawte is making an alarmingly great effort to link > certificates with true name information, and with the beast > number that your government has assigned to you, which imposes > large costs both on Thawte, and on the person seeking the > certificate, and also has the highly undesirable effect that > using these certificates causes major loss of privacy, by > enabling true name and beast number contact tracing of people > using encryption. > > Now what I want is a certificate that merely asserts that the > holder of the certificate can receive email at such and such an > address, and that only one such certificate has been issued for > that address. Such a certification system has very low costs > for issuer and recipient, and because it is a nym certificate, > no loss of privacy. > > Is there any web page set up to automatically issue such > certificates? > > The certs that IE and outlook express accept oddly do not seem > to have any provision for defining what the certificate > certifies. > > This seems a curious and drastic omission from a certificate > format. > > Since there is no provision to define what a certificate > certifies, one could argue that any certification authority > that certifies anything other than a true name connected to a > state issued id number, the number of the beast, is guilty of > fraud. This would seem to disturbingly limit the usefulness > and application of such certificates. It also, as anyone who > tries to get a free certificate from Thawte will discover, > makes it difficult, expensive, and inconvenient to get > certificates. > > --digsig > James A. Donald Here is an interesting post regarding the CA issue: http://lists.spack.org/pipermail/wordup/2003/000684.html You may want to look at http://www.cacert.org. It may do what you want. From jamesd at echeque.com Wed Sep 3 23:25:13 2003 From: jamesd at echeque.com (James A. Donald) Date: Wed, 3 Sep 2003 23:25:13 -0700 Subject: Getting certificates. Message-ID: <3F567859.22603.5301E@localhost> -- James A. Donald: > > Outlook and outlook express support digital signing and > > encryption -- but one must first get a certificate. > > > > Now what I want is a certificate that merely asserts that > > the holder of the certificate can receive email at such and > > such an address, and that only one such certificate has > > been issued for that address. Such a certification system > > has very low costs for issuer and recipient, and because it > > is a nym certificate, no loss of privacy. Dave Howe > then generate one. it won't be accepted as legitimate by the > majority of clients though That scarcely matters. Almost no one uses PKI client certificates. All client certificates in actual use are rejected by default, and one always has to explicitly tell the client to accept. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG KkjE3D30eoM+hwpAF+AM2EZj/DxNiCTm2v0ALwuy 4UbHmZOBy/WI0yibAaB4UHUypY1guhHUSbQ/cFNPO From jamesd at echeque.com Wed Sep 3 23:25:13 2003 From: jamesd at echeque.com (James A. Donald) Date: Wed, 3 Sep 2003 23:25:13 -0700 Subject: Getting certificates. Message-ID: <3F567859.9000.53097@localhost> -- 3 Sep 2003 at 20:16, Anonymous via the Cypherpunks wrote: > Here is an interesting post regarding the CA issue: > > http://lists.spack.org/pipermail/wordup/2003/000684.html > > You may want to look at http://www.cacert.org. It may do what > you want. Their free client certificates are no different from Thawte's. True name, with the number of the beast branded upon it. The giveaway is that they want to get their CA preloaded into outlook express and IE. To get that, one must first worship the beast. Establishing true names, however, is too much like hard work, which is why very few people have been prepared to do it. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG tvYlPJRcqo6WpcnJV+UoskrpqMAjhfJBgGyIDKtO 4lu+EE81UdLOihMlOIZFKZbPYYYlp9BIfRfdHBM7K From timcmay at got.net Thu Sep 4 00:53:38 2003 From: timcmay at got.net (Tim May) Date: Thu, 4 Sep 2003 00:53:38 -0700 Subject: Using Virus/Worm comments to implicate others Message-ID: Reading about the Romanian student arrested today for allegedly releasing one of the "Blaster" variants, I was struck by how easy it would be to "bring a shitstorm down" on someone by inserting comments into the virus code. --excerpt-- Second Suspect Arrested for Internet Virus Wed Sep 3, 5:54 PM ET By JIM KRANE, AP Technology Writer Police in Romania on Wednesday arrested a 24-year-old former student in connection with a computer-crippling Internet worm, according to a computer security company that aided police. ... Company analysts traced Ciobanu through some Romanian-language text inside the virus that eventually led them to a Web page containing Ciobanu's home address and telephone number, Vicol said. ... --end excerpt-- Tim again: This is not the first time an arrest has been made based on comments in virus/worm code. Sometimes the comments are about professors, sometimes about girlfriends, sometimes about local food and other trivia. It would be easy to implicate someone, for at least the initial months of house arrest (as with Parsons, the American kid also arrested for an alleged Blaster release), by scattering incriminating comments. Getting incriminating evidence onto their home or office computers is not as easy, but we can all think of ways this could be done. Absent verifiable signatures on such code (who would sign such a thing with a traceably sig?), conviction may be difficult. A charged person could claim he was "set up." Still, acquittal is months or years down the road, after great expense. I'll bet we see something along these lines soon. --Tim May "They played all kinds of games, kept the House in session all night, and it was a very complicated bill. Maybe a handful of staffers actually read it, but the bill definitely was not available to members before the vote." --Rep. Ron Paul, TX, on how few Congresscritters saw the USA-PATRIOT Bill before voting overwhelmingly to impose a police state From ericm at lne.com Thu Sep 4 07:56:32 2003 From: ericm at lne.com (Eric Murray) Date: Thu, 4 Sep 2003 07:56:32 -0700 Subject: Getting certificates. In-Reply-To: <3F55A5E6.27889.21A7796@localhost>; from jamesd@echeque.com on Wed, Sep 03, 2003 at 08:27:18AM -0700 References: <3D9DF516.ED30A66A@cdc.gov>; <20021004134621.A7820@slack.lne.com> <3F55A5E6.27889.21A7796@localhost> Message-ID: <20030904075632.A13137@slack.lne.com> On Wed, Sep 03, 2003 at 08:27:18AM -0700, James A. Donald wrote: > -- > SSH server public/private keys are widely deployed. PKI public > keys are not. Reason is that each SSH server just whips up its > own keys without asking anyone's permission, or getting any > certificates. ..which means that it still requires an OOB authentication. (or blinding typing 'yes' and ignoring the consequences). But that's another subject. > Now what I want is a certificate that merely asserts that the > holder of the certificate can receive email at such and such an > address, and that only one such certificate has been issued for > that address. Such a certification system has very low costs > for issuer and recipient, and because it is a nym certificate, > no loss of privacy. Verisign had for a number of years an email-only cert. That is, they verified that the email address had someone or something that answered email. I beleive that they called this a 'Class 1' cert. > The certs that IE and outlook express accept oddly do not seem > to have any provision for defining what the certificate > certifies. > > This seems a curious and drastic omission from a certificate > format. X.509, PKIX et.al. allow a CA to insert a pointer to a certificate practice statement, which can define what the certificate certifies. > and application of such certificates. It also, as anyone who > tries to get a free certificate from Thawte will discover, > makes it difficult, expensive, and inconvenient to get > certificates. Thwate's making free certs difficult has nothing to do with the usefulness of certs or X.509 or true names or whatever, and everything to do with maximizing profit. Since each cert carries a fixed risk of legal issues (i.e being sued because they certified X who wasn't X) Verisign/Thwate want to sell a comparatively few expensive certs instead of a lot of cheap certs. Eric From DaveHowe at gmx.co.uk Thu Sep 4 02:20:35 2003 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Thu, 4 Sep 2003 10:20:35 +0100 Subject: Using Virus/Worm comments to implicate others References: Message-ID: <00fb01c372c5$ce828590$c71121c2@exchange.sharpuk.co.uk> Tim May wrote: > Reading about the Romanian student arrested today for allegedly > releasing one of the "Blaster" variants, I was struck by how easy it > would be to "bring a shitstorm down" on someone by inserting comments > into the virus code. oh joy - yet another way to joe-job someone. From ericm at lne.com Thu Sep 4 10:34:16 2003 From: ericm at lne.com (Eric Murray) Date: Thu, 4 Sep 2003 10:34:16 -0700 Subject: [gshively@pivx.com: Blaster / Power Outage Follow up] Message-ID: <20030904103416.A15509@slack.lne.com> ----- Forwarded message from Geoff Shively ----- From camera_lumina at hotmail.com Thu Sep 4 11:07:04 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 04 Sep 2003 14:07:04 -0400 Subject: Using Virus/Worm comments to implicate others Message-ID: Dave Howe wrote... >Tim May wrote: > > Reading about the Romanian student arrested today for allegedly > > releasing one of the "Blaster" variants, I was struck by how easy it > > would be to "bring a shitstorm down" on someone by inserting comments > > into the virus code. >oh joy - yet another way to joe-job someone. Not unimportant...this means that if you don't like, say, George Dubya, then all "they" have to do is put your name into a comment inside a worm (along with a threat against his life), and then woosh! You'll be eating Cuban food and no one will know what happened to you. -TD _________________________________________________________________ Get 10MB of e-mail storage! Sign up for Hotmail Extra Storage. http://join.msn.com/?PAGE=features/es From shaddack at ns.arachne.cz Thu Sep 4 10:15:33 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Thu, 4 Sep 2003 19:15:33 +0200 (CEST) Subject: Random musing about words and spam In-Reply-To: <20030903005446.H36493-100000@kozubik.com> Message-ID: On Wed, 3 Sep 2003, John Kozubik wrote: > I must reiterate that, given the relentless efficiency of spam-spiders, > merely publishing a shadow email address on all web documents that your > real email address reside on, and deleting all email sent to both accounts > is my current favorite anti-spam mechanism. Simple to DIY, and requires > no centralization. There is a high potential to falsely block innocent addresses. The most common reason these days will be a worm activity. To quote from spamNEWS 09/02/03: ooooo SOBIG.F OBESERVATION - Lockergnome 8/31/2003 http://click.wh5.com/redirect.php?c=17825&u=46r9niwjatrv4g6m I observed back on Tuesday that my Symantec SMTP gateway was stopping SoBig.F subject lines coming from spammers (i.e., blocked via DNSBL) at over 3 times the rate that I was seeing them from Joe user types. Further, I noticed that they were sending even more SoBig.F emails than they were spam. So, why would spammers who make their living be generating emails allow their servers to be compromised? They didn't. They are doing this on purpose and I have a theory for this. I call it my echo theory. Say that, as a spammer, you know one or more of the addresses in your database is to a spam trap - but you don't know which one. You generate LOTS of SoBig.F emails on purpose, using your database for the forged-from addresses. Now, JoeUser has his server or client antivirus filter setup to send a reply when it encounters a virus (which is a very BAD thing, after Klez taught us about the virtues of forged addresses). Dutifully, JoeUser's email server or client automatically sends a helpful note off to "SpamTrap," informing them that they are infected. Often these replies even extol how much smarter they are than "SpamTrap" because they caught it, but "SpamTrap" did not. Heck, let's even send an email to the postmaster at SpamBait's ISP, telling him / her how much better the BrandX filter is that JoeUser is using... but I digress. The email server at SpamBait's ISP sees an email to SpamTrap and says "Ah hah, JoeUser's ISP must obviously be a spammer, so load his IP address into our DNSBL servers." JoeUser now sends a legitimate email to me SmartUser at IuseDNSBL.com and it, of course, bounces. JoeUser now calls me and asks why he was blacklisted. After some diligent effort on my part, I find that DNSBL.SpamBait.com is saying half of my customers and suppliers are spammers. I have a business to run, so I turn off DNSBL on my gateway and - lo and behold - all of the spammers emails that were being blocked due to DNSBL are no allowed to come though. That is my echo theory. That is why spammers are using half their bandwidth to send SoBig.F. [Thanks to reader Stephen Whitis for the tip - ed.] From sfurlong at acmenet.net Thu Sep 4 18:02:30 2003 From: sfurlong at acmenet.net (Steve Furlong) Date: Thu, 4 Sep 2003 21:02:30 -0400 Subject: Random musing about words and spam In-Reply-To: References: Message-ID: <200309042102.30612.sfurlong@acmenet.net> On Tuesday 02 September 2003 19:00, Thomas Shaddack wrote: > Spammers recently adopted tactics of using randomly generated words, > eg. "wryqf", in both the subject and the body of the message. ... > Could the pseudowords be easily detected by their characteristics, ... > Presence of pseudowords then could be added as one of spam > characteristics. Wouldn't work for me. For one thing, I'm a programmer; as John Kozubik noted, identifiers in code look a lot like random strings. For another, I routinely receive email in non-English languages. Not only European languages, which probably have characteristics close enough to English to do matching, but also in Chinese and Korean. And Lojban, too, which itself looks an awful lot like random strings. (And getting legit mail from .cn and .kr prevents me from just blocking the entire TLDs of those national spam factories. My life sucks.) -- Steve Furlong Computer Condottiere Have GNU, Will Travel "If someone is so fearful that, that they're going to start using their weapons to protect their rights, makes me very nervous that these people have these weapons at all!" -- Rep. Henry Waxman From ericm at lne.com Thu Sep 4 21:09:11 2003 From: ericm at lne.com (Eric Murray) Date: Thu, 4 Sep 2003 21:09:11 -0700 Subject: Random musing about words and spam In-Reply-To: <200309042102.30612.sfurlong@acmenet.net>; from sfurlong@acmenet.net on Thu, Sep 04, 2003 at 09:02:30PM -0400 References: <200309042102.30612.sfurlong@acmenet.net> Message-ID: <20030904210911.A22918@slack.lne.com> On Thu, Sep 04, 2003 at 09:02:30PM -0400, Steve Furlong wrote: > On Tuesday 02 September 2003 19:00, Thomas Shaddack wrote: > > Spammers recently adopted tactics of using randomly generated words, > > eg. "wryqf", in both the subject and the body of the message. > ... > > Could the pseudowords be easily detected by their characteristics, > ... > > Presence of pseudowords then could be added as one of spam > > characteristics. Many of them space the code words away from the rest of the subject text, i.e. "Subject: what if it were true? 5258pf2" I think this is to hide the code word since many mail readers only show 40-60 characters of the Subject. I've been id'ing spam by looking for excess whitespace in the Subject line for a couple years (it's one of about 200 checks my program makes). I'm sure other spam-recognition software does this as well. Eric From jamesd at echeque.com Thu Sep 4 22:48:55 2003 From: jamesd at echeque.com (James A. Donald) Date: Thu, 4 Sep 2003 22:48:55 -0700 Subject: Getting certificates. In-Reply-To: <20030904075632.A13137@slack.lne.com> References: <3F55A5E6.27889.21A7796@localhost>; from jamesd@echeque.com on Wed, Sep 03, 2003 at 08:27:18AM -0700 Message-ID: <3F57C157.17850.27FF2D@localhost> -- James A. Donald wrote: > > SSH server public/private keys are widely deployed. PKI > > public keys are not. Reason is that each SSH server just > > whips up its own keys without asking anyone's permission, > > or getting any certificates. On 4 Sep 2003 at 7:56, Eric Murray wrote: > ..which means that it still requires an OOB authentication. > (or blinding typing 'yes' and ignoring the consequences). But > that's another subject. Not true. Think about what would happen if you tried a man in the middle attack on an SSH server. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 7gudzWOPw/HkajoOG7yWwmYaxnKW/46q33B4RUjZ 4usr8rXpuPWxtPIYUZL34w+oimAMMBUkruTg8Ipgn From mv at cdc.gov Fri Sep 5 09:01:51 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 05 Sep 2003 09:01:51 -0700 Subject: Random musing about words and spam Message-ID: <3F58B36F.7F569483@cdc.gov> At 09:09 PM 9/4/03 -0700, Eric Murray wrote: >(it's one of >about 200 checks my program makes). Can we assume that the spam is generated by regexp-type programs? If so, are there good methods for inferring the regexp from examples, and using this to infer spamfiltering rules? Good project for a machine learning type. From mv at cdc.gov Fri Sep 5 09:25:33 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Fri, 05 Sep 2003 09:25:33 -0700 Subject: Best social engineering of the year? Message-ID: <3F58B8FC.173CF47F@cdc.gov> http://www.smh.com.au/articles/2003/09/04/1062548967124.html On the night of Wednesday, August 27, two men dressed as computer technicians and carrying tool bags entered the cargo processing and intelligence centre at Sydney International Airport. The men, described as being of Pakistani-Indian-Arabic appearance, took a lift to the third floor of the Charles Ulm building in Link Road, next to the customs handling depot and the Qantas Jet Base. They presented themselves to the security desk as technicians sent by Electronic Data Systems, the outsourced customs computer services provider which regularly sends people to work on computers after normal office hours. After supplying false names and signatures, they were given access to the top-security mainframe room. They knew the room's location and no directions were needed. Inside, they spent two hours disconnecting two computers, which they put on trolleys and wheeled out of the room, past the security desk, into the lift and out of the building. The brazen theft has prompted Australia's top security agencies to conduct emergency damage audits amid fears that terrorists may have gained access to highly sensitive intelligence from the computers. From ericm at lne.com Fri Sep 5 10:47:10 2003 From: ericm at lne.com (Eric Murray) Date: Fri, 5 Sep 2003 10:47:10 -0700 Subject: SSH MITM (was Re: Getting certificates) In-Reply-To: <3F57C157.17850.27FF2D@localhost>; from jamesd@echeque.com on Thu, Sep 04, 2003 at 10:48:55PM -0700 References: <3F55A5E6.27889.21A7796@localhost>; <20030904075632.A13137@slack.lne.com> <3F57C157.17850.27FF2D@localhost> Message-ID: <20030905104709.A29777@slack.lne.com> On Thu, Sep 04, 2003 at 10:48:55PM -0700, James A. Donald wrote: > > On 4 Sep 2003 at 7:56, Eric Murray wrote: > > ..which means that it [ssh-- ericm] still requires an OOB authentication. > > (or blinding typing 'yes' and ignoring the consequences). But > > that's another subject. > > Not true. Think about what would happen if you tried a man in > the middle attack on an SSH server. you'd get the victim's session: http://www.monkey.org/%7Edugsong/dsniff/ Abstract dsniff is a collection of tools for network auditing and penetration [..] sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI. also see http://sysadmin.oreilly.com/news/silverman_1200.html for discussion. From ravage at einstein.ssz.com Fri Sep 5 13:18:16 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Fri, 5 Sep 2003 15:18:16 -0500 (CDT) Subject: [cdr] The Register - Garage door manufacturers battle over DMCA (fwd) Message-ID: http://www.theregister.co.uk/content/7/32684.html -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From nec-admin at shirky.com Fri Sep 5 12:57:49 2003 From: nec-admin at shirky.com (nec-admin at shirky.com) Date: Fri, 5 Sep 2003 15:57:49 -0400 (EDT) Subject: [NEC] 2.9: Fame vs Fortune: Micropayments and Free Content Message-ID: NEC @ Shirky.com, a mailing list about Networks, Economics, and Culture Published periodically / # 2.9 / September 5, 2003 Subscribe at http://shirky.com/nec.html Archived at http://shirky.com Social Software weblog at http://corante.com/many/ In this issue: - Introduction - Essay: Fame vs. Fortune: Micropayments and Free Content (Also at http://www.shirky.com/writings/fame_vs_fortune.html) - Notes: historyflow: Software from IBM Danah Boyd on Friendster Club Nexus ETech CFP T-Mobile and Starbucks Don't Get Wifi * Introduction ======================================================= This essay, Fame vs. Fortune, is an attempt to fuse two earlier themes: the uselessness of micropayments, and the difficulty of charging users directly. -clay * Essay ============================================================== Fame vs Fortune: Micropayments and Free Content http://www.shirky.com/writings/fame_vs_fortune.html Micropayments, small digital payments of between a quarter and a fraction of a penny, made (yet another) appearance this summer with Scott McCloud's online comic, The Right Number, [http://www.scottmccloud.com/comics/trn/intro.html] accompanied by predictions of a rosy future for micropayments. [http://www.google.com/search?q=mccloud+bitpass]. To read The Right Number, you have to sign up for the BitPass micropayment system [http://www.bitpass.com/learn/]; once you have an account, the comic itself costs 25 cents. BitPass will fail, as FirstVirtual, Cybercoin, Millicent, Digicash, Internet Dollar, Pay2See, and many others have in the decade since Digital Silk Road, [http://www.agorics.com/Library/dsr.html] the paper that helped launch interest in micropayments. These systems didn't fail because of poor implementation; they failed because the trend towards freely offered content is an epochal change, to which micropayments are a pointless response. The failure of BitPass is not terribly interesting in itself. What is interesting is the way the failure of micropayments, both past and future, illustrates the depth and importance of putting publishing tools in the hands of individuals. In the face of a force this large, user-pays schemes can't simply be restored through minor tinkering with payment systems, because they don't address the cause of that change -- a huge increase the power and reach of the individual creator. - Why Micropayment Systems Don't Work The people pushing micropayments believe that the dollar cost of goods is the thing most responsible for deflecting readers from buying content, and that a reduction in price to micropayment levels will allow creators to begin charging for their work without deflecting readers. This strategy doesn't work, because the act of buying anything, even if the price is very small, creates what Nick Szabo calls mental transaction costs, the energy required to decide whether something is worth buying or not, regardless of price. [http://szabo.best.vwh.net/micropayments.html] The only business model that delivers money from sender to receiver with no mental transaction costs is theft, and in many ways, theft is the unspoken inspiration for micropayment systems. Like the "salami slicing" exploit in computer crime, [http://www.yourwindow.to/information-security/gl_salamislicing.htm] micropayment believers imagine that such tiny amounts of money can be extracted from the user that they will not notice, while the overall volume will cause these payments to add up to something significant for the recipient. But of course the users do notice, because they are being asked to buy something. Mental transaction costs create a minimum level of inconvenience that cannot be removed simply by lowering the dollar cost of goods. Worse, beneath a certain threshold, mental transaction costs actually rise, a phenomenon is especially significant for information goods. It's easy to think a newspaper is worth a dollar, but is each article worth half a penny? Is each word worth a thousandth of a penny? A newspaper, exposed to the logic of micropayments, becomes impossible to value. If you want to feel mental transaction costs in action, sign up for the $3 version of BitPass, then survey the content on offer. [http://www.bitpass.com/share/sites/] Would you pay 25 cents to view a VR panorama of the Matterhorn? Are Powerpoint slides on "Ten reasons why now is a great time to start a company?" worth a dime? (and if so, would each individual reason be worth a penny?) Mental transaction costs help explain the general failure of micropayment systems. (See Odlyzko [http://www.dtc.umn.edu/~odlyzko/doc/case.against.micropayments.pdf], Shirky [http://oreillynet.com/pub/a/p2p/2000/12/19/micropayments.html], and Szabo [http://szabo.best.vwh.net/micropayments.html] for a fuller accounting of the weaknesses of micropayments.) The failure of micropayments in turn helps explain the ubiquity of free content on the Web. - Fame vs Fortune and Free Content Analog publishing generates per-unit costs -- each book or magazine requires a certain amount of paper and ink, and creates storage and transportation costs. Digital publishing doesn't. Once you have a computer and internet access, you can post one weblog entry or one hundred, for ten readers or ten thousand, without paying anything per post or per reader. In fact, dividing up front costs by the number of readers means that content gets _cheaper_ as it gets more popular, the opposite of analog regimes. The fact that digital content can be distributed for no additional cost does not explain the huge number of creative people who make their work available for free. After all, they are still investing their time without being paid back. Why? The answer is simple: creators are not publishers, and putting the power to publish directly into their hands does not make them publishers. It makes them artists with printing presses. This matters because creative people crave attention in a way publishers do not. Prior to the internet, this didn't make much difference. The expense of publishing and distributing printed material is too great for it to be given away freely and in unlimited quantities -- even vanity press books come with a price tag. Now, however, a single individual can serve an audience in the hundreds of thousands, as a hobby, with nary a publisher in sight. This disrupts the old equation of "fame and fortune." For an author to be famous, many people had to have read, and therefore paid for, his or her books. Fortune was a side-effect of attaining fame. Now, with the power to publish directly in their hands, many creative people face a dilemma they've never had before: fame vs fortune. - Substitutability and the Deflection of Use The fame vs fortune choice matters because of substitutability, the willingness to accept one thing as a substitute for another. Substitutability is neutralized in perfect markets. For example, if someone has even a slight preference for Pepsi over Coke, and if both are always equally available in all situations, that person will never drink a Coke, despite being only mildly biased. The soft-drink market is not perfect, but the Web comes awfully close: If InstaPundit [http://www.instapundit.com/] and Samizdata [http://www.samizdata.net/blog/] are both equally easy to get to, the relative traffic to the sites will always match audience preference. But were InstaPundit to become less easy to get to, Samizdata would become a more palatable substitute. Any barrier erodes the user's preferences, and raises their willingness to substitute one thing for another. This is made worse by the asymmetry between the author's motivation and the reader's. While the author has one particular thing they want to write, the reader is usually willing to read anything interesting or relevant to their interests. Though each piece of written material is unique, the universe of possible choices for any given reader is so vast that uniqueness is not a rare quality. Thus any barrier to a particular piece of content (even, as the usability people will tell you, making it one click further away) will deflect at least some potential readers. Charging, of course, creates just such a barrier. The fame vs fortune problem exists because the web makes it possible to become famous without needing a publisher, and because any attempt to derive fortune directly from your potential audience lowers the size of that audience dramatically, as the added cost encourages them to substitute other, free sources of content. - Free is a Stable Strategy For a creator more interested in attention than income, free makes sense. In a regime where most of the participants are charging, freeing your content gives you a competitive advantage. And, as the drunks say, you can't fall off the floor. Anyone offering content free gains an advantage that can't be beaten, only matched, because the competitive answer to free -- "I'll pay you to read my weblog!" -- is unsupportable over the long haul. Free content is thus what biologists call an evolutionarily stable strategy. It is a strategy that works well when no one else is using it -- it's good to be the only person offering free content. It's also a strategy that continues to work if everyone is using it, because in such an environment, anyone who begins charging for their work will be at a disadvantage. In a world of free content, even the moderate hassle of micropayments greatly damages user preference, and increases their willingness to accept free material as a substitute. Furthermore, the competitive edge of free content is increasing. In the 90s, as the threat the Web posed to traditional publishers became obvious, it was widely believed that people would still pay for filtering. As the sheer volume of free content increased, the thinking went, finding the good stuff, even if it was free, would be worth paying for because it would be so hard to find. In fact, the good stuff is becoming _easier_ to find as the size of the system grows, not harder, because collaborative filters like Google and Technorati rely on rich link structure to sort through links. So offering free content is not just an evolutionary stable strategy, it is a strategy that improves with time, because the more free content there is the greater the advantage it has over for-fee content. - The Simple Economics of Content People want to believe in things like micropayments because without a magic bullet to believe in, they would be left with the uncomfortable conclusion that what seems to be happening -- free content is growing in both amount and quality -- is what's actually happening. The economics of content creation are in fact fairly simple. The two critical questions are "Does the support come from the reader, or from an advertiser, patron, or the creator?" and "Is the support mandatory or voluntary?" The internet adds no new possibilities. Instead, it simply shifts both answers strongly to the right. It makes all user-supported schemes harder, and all subsidized schemes easier. It likewise makes collecting fees harder, and soliciting donations easier. And these effects are multiplicative. The internet makes collecting mandatory user fees much harder, and makes voluntarily subsidy much easier. Weblogs, in particular, represent a huge victory for voluntarily subsidized content. The weblog world is driven by a million creative people, driven to get the word out, willing to donate their work, and unhampered by the costs of xeroxing, ink, or postage. Given the choice of fame vs fortune, many people will prefer a large audience and no user fees to a small audience and tiny user fees. This is not to say that creators cannot be paid for their work, merely that mandatory user fees are far less effective than voluntary donations, sponsorship, or advertising. Because information is hard to value in advance, for-fee content will almost invariably be sold on a subscription basis, rather than per piece, to smooth out the variability in value. Individual bits of content that are even moderately close in quality to what is available free, but wrapped in the mental transaction costs of micropayments, are doomed to be both obscure and unprofitable. - What's Next? This change in the direction of free content is strongest for the work of individual creators, because an individual can produce material on any schedule they like. It is also strongest for publication of words and images, because these are the techniques most easily mastered by individuals. As creative work in groups creates a good deal of organizational hassle and often requires a particular mix of talents, it remains to be seen how strongly the movement towards free content will be for endeavors like music or film. However, the trends are towards easier collaboration, and still more power to the individual. The open source movement has demonstrated that even phenomenally complex systems like Linux can be developed through distributed volunteer labor, and software like Apple's iMovie allows individuals to do work that once required a team. So while we don't know what ultimate effect the economics of free content will be on group work, we do know that the barriers to such free content are coming down, as they did with print and images when the Web launched. The interesting questions regarding free content, in other words, have nothing to do with bland "End of Free" predictions, or unimaginative attempts at restoring user-pays regimes. The interesting questions are how far the power of the creator to publish their own work is going to go, how much those changes will be mirrored in group work, and how much better collaborative filters will become in locating freely offered material. While we don't know what the end state of these changes will be, we do know that the shift in publishing power is epochal and accelerating. -=- * Notes ============================================================== - historyflow: Software from IBM Martin Wattenberg and Fernanda Viegas, in IBM's Collaborative User Experience lab have created a tool called historyflow that lets you see the history of a wiki page. They turned the tool loose on the wikipedia.org, the collaborative encyclopedia project, and the history flow site has many of their observations on observed patterns for the formation of encyclopedia entries on contentious subjects like Abortionh or Islam. Its an astonishing X-ray of long-term social patterns in action, and because its so visual, it is hard to describe in an acsii-only format, so I'll point you to the site, and to my longer (and picture-strewn) observations elsewhere. historyflow: http://www.research.ibm.com/history/ My more detailed observations about historyflow: http://www.corante.com/many/20030801.shtml#49472 - Danah Boyd on Friendster Friendster, the social networking service, has been causing a lot of stir recently with its new "no fakes" policy. The site, a kind of "sixdegrees with dating" affair that has grown like wildfire among the under-30 set, had been home to a number of amusing but fictional users, including Jesus, the City of San Francisco, Pure Evil, and a Giant Squid. These fakesters were both amusing and effective -- two people who listed the City of San Francisco as a friend would then be connected through this shared affinity. However, Jon Abrams, the Friendster CEO, disliked the Fakesters, as he felt they trivialized the site, and began to weed out the fake profiles, creating an immediate and public backlash. The fight between users who used the site to create something valuable to them and the community owner who wanted a more placid group of users is an old old story, but like many old stories, its still interesting to see how it plays out. The backlash is going on as I write, and no one is doing a beter job of covering it from various angles than Danah Boyd, who has runs a weblog called connected selves, on social networking services: http://www.zephoria.org/snt/ - Club Nexus HP researchers Lada A. Adamic, Orkut Buyukkokten, and Eytan Adar wrote a paper about social clustering in Club Nexus, a service for Stanford University's online population. Because Club Nexus users left such a rich metadata trail, they were able to test a number of assertions about social congres that had previously been made only as generalities. In addition to uncovering the expected gross patterns (power laws, clustering, small worlds networks, low hop-counts between people, etc), they were able to make refined observations about what sorts of affinities correlate with high clustering (the higher the listed ratio is above 1, the stronger the correlation with social clustering): We found further that, in general, activities or interests that are shared by a smaller subset of people showed stronger association ratios than very generic activities or interests that could be enjoyed by many. For example, raving (1.64), ballroom dancing (1.61), and Latin dancing (1.49) showed stronger association in the social activity category than barbecuing (1.20), partying (1.18), or camping (1.11) [...] In sports in particular, multi-player team or niche sports were better predictors of social contacts than sports that could be pursued individually or casually. Among water sports, synchronized swimming, diving, crew, and wake boarding were better predictors than boating, fishing, swimming or windsurfing. In the land sports category, team sports, in particular women's team sports such as lacrosse and field hockey were better predictors than soccer (often played casually as opposed to in a competitive college team), tennis, or racquetball. [...] We observed that niche book, movie, and music genres were more predictive of friendship than generic ones. Gay and lesbian books, read by 63 users, had a ratio of 4.37, followed by professional and technical, teen, and computer books. In contrast, the general category of 'fiction & literature' had a ratio of 1.09. Well worth a read: http://www.firstmonday.dk/issues/issue8_6/adamic/index.html - ETech CFP O'Reilly's Emerging Technology Conference is happening in February, and the Call for Papers is up now. The topics are: Interfaces and Services - Sherlock, Watson, and Dashboard; micro-content viewers and RSS; laptop, palmtop, hiptop, and cellphone interfaces; web services. Social Software - Software for describing and exploring social connections, FOAF (friend-of-a-friend networks), Flash Mobs, MeetUp, and related applications. Untethered - WiFi, Bluetooth, and cellular networks; Rendezvous, SMS, and ad hoc networking; Symbian and J2ME mobile development environments. Location - GPS/GIS technologies and devices, location based services, navigational devices, geospacial annotation tools, and visualization software. Hardware - Hardware hacks and mobile devices, sensor arrays, RFID tags, TinyOS, and sub-micro computing. Business Models - Who is putting a stake in the ground and attempting to build the new applications, network, and online culture -- and how are they doing it? You can submit a conference or tutorial proposal here: http://conferences.oreillynet.com/cs/et2004/create/e_sess - T-Mobile and Starbucks Don't Get Wifi More proof, as if any were needed, that the economics of Wifi are interfering with plans to offer metered commercial access. I have a T-Mobile Wifi account, 300 mins for $50, so that when I'm away from free APs, I can at least drop into a Starbucks, order up a doppio, and check my mail. Today, T-Mobile informed me when I logged in that that deal was over, dead, forget it, they're sorry they ever mentioned it. Instead, they were offering me a "convenient" Day-Pass, for the low, low rate of $10/24 hour period. Meaning, of course, that if you spend even as much as an hour logged in at a Starbucks, the cost per minute has almost tripled, to 16 cents a minute from 6. Worse, if you just want to go in, grab a cup of coffee and check your mail under the old "10 minute minimum" regime, that will now cost a dollar a minute. I could have elective surgery for a dollar a minute. This is Iridium or those back-of-the-seat airphones all over again. Any pricing plan that is even moderately convenient shows up on the spreadsheets at HQ as being less than a rocket ride to riches, so they come up with the two-fisted brainstorm of making it less convenient to use, then slapping a "Now with new expensiveness!" sticker on it. I smell a business school case study in the making -- don't take products with vanishingly small marginal cost and make them too expensive for your target audience to want to use. * End ==================================================================== This work is licensed under the Creative Commons Attribution License. The licensor permits others to copy, distribute, display, and perform the work. In return, licensees must give the original author credit. To view a copy of this license, visit http://creativecommons.org/licenses/by/1.0 or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. 2003, Clay Shirky _______________________________________________ NEC - Clay Shirky's distribution list on Networks, Economics & Culture NEC at shirky.com http://shirky.com/nec.html --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jamesd at echeque.com Fri Sep 5 20:25:50 2003 From: jamesd at echeque.com (James A. Donald) Date: Fri, 5 Sep 2003 20:25:50 -0700 Subject: Getting certificates. Message-ID: <3F58F14E.6332.4CB5B84@localhost> -- James A. Donald: > > > > SSH server public/private keys are widely deployed. > > > > PKI public keys are not. Reason is that each SSH > > > > server just whips up its own keys without asking > > > > anyone's permission, or getting any certificates. Eric Murray: > > > ..which means that it [ssh-- ericm] still requires an OOB > > > authentication. (or blinding typing 'yes' and ignoring > > > the consequences). But that's another subject. James A. Donald: > > Not true. Think about what would happen if you tried a > > man in the middle attack on an SSH server. On 5 Sep 2003 at 10:47, Eric Murray wrote: > you'd get the victim's session: No you will not, because the "victim"'s ssh client will immediately detect that the uncertified public key is different from the last time he logged in -- which is why he will not be a victim. In practice, certification is only useful for governments to monitor us, which is why so few people use it -- not because they are worried about government monitoring, but because there no benefit in it for the end user. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG iPa66kCgZYuVbwU8o3SYbR0jE6eUaJfpnOK8I7gd 4GzIVQBL8Is5mMcQ0VkDC+3TEoasePfzJK+k+NbRk From ericm at lne.com Sat Sep 6 08:17:57 2003 From: ericm at lne.com (Eric Murray) Date: Sat, 6 Sep 2003 08:17:57 -0700 Subject: more SSH MITM In-Reply-To: <3F58F14E.6332.4CB5B84@localhost>; from jamesd@echeque.com on Fri, Sep 05, 2003 at 08:25:50PM -0700 References: <3F58F14E.6332.4CB5B84@localhost> Message-ID: <20030906081757.A7502@slack.lne.com> On Fri, Sep 05, 2003 at 08:25:50PM -0700, James A. Donald wrote: > Eric Murray: > > > > ..which means that it [ssh-- ericm] still requires an OOB > > > > authentication. (or blinding typing 'yes' and ignoring > > > > the consequences). But that's another subject. > > James A. Donald: > > > Not true. Think about what would happen if you tried a > > > man in the middle attack on an SSH server. > > On 5 Sep 2003 at 10:47, Eric Murray wrote: > > you'd get the victim's session: > > No you will not, because the "victim"'s ssh client will > immediately detect that the uncertified public key is different > from the last time he logged in By checking the key against the IP address of the server. This is easily spoofed. The links I included in my last post pointed to a tool to do just that (plus MITM the ssh protocol). But even worse, there is no way to ensure that the key the client has is really the server's key in the first place. The client gets that key the first time it connects....the user is shown a fingerprint of the key and asked to type 'yes' if the user thinks that it's the server's key. What the user is supposed to do here is to have obtained the key or its fingerprint in a secure fashion outside the ssh protocol. But very few people do. They just type 'yes' and accept it. Hence my original statement. This makes a MITM attack easy, the attacker simply needs to have his attack in place when the victim expects the server to have a new key. He gives his key in place of the servers key, the victim never checks, and away we go. Certificates have their own problems, but bare public keys are weak unless your system provides a good useable OOB authentication. SSH as normally used doesn't. Eric From ericm at lne.com Sat Sep 6 08:28:13 2003 From: ericm at lne.com (Eric Murray) Date: Sat, 6 Sep 2003 08:28:13 -0700 Subject: Random musing about words and spam In-Reply-To: <3F58B36F.7F569483@cdc.gov>; from mv@cdc.gov on Fri, Sep 05, 2003 at 09:01:51AM -0700 References: <3F58B36F.7F569483@cdc.gov> Message-ID: <20030906082813.B7502@slack.lne.com> On Fri, Sep 05, 2003 at 09:01:51AM -0700, Major Variola (ret) wrote: > Can we assume that the spam is generated by regexp-type programs? > > If so, are there good methods for inferring the regexp from examples, > and using this to infer spamfiltering rules? > > Good project for a machine learning type. My unscientific observations are that there's at least 6 or 8 different formats. Some are pretty long, i.e.: >Subject: RE: your medications fygbzdwvyyjqvvpnj uyaecf ixoimctgdtrn kwqs mxatjr (that one could be encrypted text) others are short or have only numbers. My favorite spam-obfuscation technique is where they break up key words with HTML comments, i.e. penis. (that won't show if you are using a mail reader that interprets HTML... read the source). Eric From ravage at einstein.ssz.com Sat Sep 6 08:48:30 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sat, 6 Sep 2003 10:48:30 -0500 (CDT) Subject: [cdr] Re: Random musing about words and spam In-Reply-To: <20030906082813.B7502@slack.lne.com> Message-ID: On Sat, 6 Sep 2003, Eric Murray wrote: > On Fri, Sep 05, 2003 at 09:01:51AM -0700, Major Variola (ret) wrote: > > > Can we assume that the spam is generated by regexp-type programs? > > > > If so, are there good methods for inferring the regexp from examples, > > and using this to infer spamfiltering rules? > > > > Good project for a machine learning type. > > My unscientific observations > are that there's at least 6 or 8 different formats. > > Some are pretty long, i.e.: > > >Subject: RE: your medications fygbzdwvyyjqvvpnj uyaecf ixoimctgdtrn kwqs mxatjr > > (that one could be encrypted text) > > others are short or have only numbers. > > My favorite spam-obfuscation technique is where they break up key words > with HTML comments, i.e. penis. > (that won't show if you are using a mail reader that > interprets HTML... read the source). There are many patterns to these emails. We've got the 'legitimate' spam, and then there is the spam that gets sent to the list by members who subscribe the list to the spammers. Then theres emails which are spam sitting in peoples inbox that gets retransmitted by viruses, worms, and trojans. They may have started out as spam but they've been hijacked for more nepharious purposes. Usually these have lots of garbbled text in them. Then ther are emails like the previous which are just 'snow' to blind the users. Another is non-english text. We've been seeing a lot more of these over the last six months or so. We've also been seeing lists of words being sent to email addresses. The purpose is to dictionary attack the various security passwords on the list. It wouldn't surprise me one bit considering the human mind if a lot of the spam we get isn't from non-spammers themselves. Priming the pump so to speak. -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From jamesd at echeque.com Sat Sep 6 13:36:09 2003 From: jamesd at echeque.com (James A. Donald) Date: Sat, 6 Sep 2003 13:36:09 -0700 Subject: more SSH MITM In-Reply-To: <20030906081757.A7502@slack.lne.com> References: <3F58F14E.6332.4CB5B84@localhost>; from jamesd@echeque.com on Fri, Sep 05, 2003 at 08:25:50PM -0700 Message-ID: <3F59E2C9.5179.29687A@localhost> -- James A. Donald: > > > > Think about what would happen if you tried a man in the > > > > middle attack on an SSH server. Eric Murray: > By checking the key against the IP address of the server. > This is easily spoofed. The links I included in my last post > pointed to a tool to do just that (plus MITM the ssh > protocol). Not it is not. > But even worse, there is no way to ensure that the key the > client has is really the server's key in the first place. The > client gets that key the first time it connects....the user > is shown a fingerprint of the key and asked to type 'yes' if > the user thinks that it's the server's key. For this to happen, the attacker must solicit the the victim to log on to a site he has never logged onto before, or redirect him to logon to a site he has never logged onto before. In this situation, the SSH uncertified public keys work far better than Verisign's certified keys -- for example the spam email urging us to log on to "e-golb.com" or "e-go1d.com" would fail if https used ssh style public keys, because the user would get a "new site" dialog, tipping him off that something was up, and that he should check what is going on. Thus under this attack, ssh uncertified keys work far better than https certified keys. > What the user is supposed to do here is to have obtained the > key or its fingerprint in a secure fashion outside the ssh > protocol. But very few people do. They just type 'yes' and > accept it. Hence my original statement. Far safer to do that than to rely on https certified keys, as lots of people discovered who logged into "e-go1d.com" or "BankOpAmerica.com" > This makes a MITM attack easy, the attacker simply needs to > have his attack in place when the victim expects the server > to have a new key. The victim never expects the server to have a new key, and in the unlikely event he did expect it the out of band mechanism notifying him of the new key is under the sites control, not the attackers. All these attacks that you confidently declare are supposedly so easy on ssh also work against https, and work a great deal better. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG yAguzlpuklHQyVv9VSbkoIWDQYXm/25Gqmt7qnEG 4IYMTLFaNCAaKYXvO9t7lJdAG8LlfXr2/TYbrx58W From ravage at einstein.ssz.com Sat Sep 6 15:08:17 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sat, 6 Sep 2003 17:08:17 -0500 (CDT) Subject: [cdr] Slashdot | RIAA Parses 'P2P' As 'Peer 2 Porn' (fwd) Message-ID: Oh crap! http://yro.slashdot.org/yro/03/09/06/1911237.shtml?tid=103&tid=153&tid=158&tid=99 -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ravage at einstein.ssz.com Sat Sep 6 15:12:36 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sat, 6 Sep 2003 17:12:36 -0500 (CDT) Subject: [cdr] Carlisle Barracks blocks Web site (fwd) Message-ID: http://pennlive.com/news/patriotnews/index.ssf?/xml/story.ssf/html_standard.xsl?/base/news/106284064888450.xml -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ravage at einstein.ssz.com Sat Sep 6 15:15:37 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sat, 6 Sep 2003 17:15:37 -0500 (CDT) Subject: [cdr] Mercury News | 09/06/2003 | Sobering report on jobs (fwd) Message-ID: The free market is dead, long live the free market! http://www.siliconvalley.com/mld/mercurynews/business/6707114.htm -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From timcmay at got.net Sat Sep 6 19:32:10 2003 From: timcmay at got.net (Tim May) Date: Sat, 6 Sep 2003 19:32:10 -0700 Subject: Cathedra and the Bizarre: Why Free Stuff is Good In-Reply-To: Message-ID: <7B698739-E0DB-11D7-87EC-000A956B4C74@got.net> [Note: This is just a typical list article. I make no claim that this is polished and is some article along the lines of Eric Raymond's "Cathedral and the Bazaar." My punning title is not meant to imply this. I've had a glass of wine, have something I want to say, and am saying it. It may even overlap with Raymond's article...it's been years since I've looked at it. Don't forward this article to other lists, OK?] I'm not much interested in the machinations of the micropayment/digital cash markets, for reasons which should be clear. But I've certainly seen something very similar being played-out in the _language_ market (what marketdroids would call "space"). All of the interesting languages now generating a lot of buzz, and substantial communities, are essentially "free." Or non-profit, or open source, or whatever one wishes to call them. Some examples: * Python. I'm not a Python person, but a lot of my friends are. And the community is substantial. Could this have come out of a corporate division with a committee of corporate managers and some grunts to do the implementation? * Perl. An earlier success in the same tradition. * E, the capability-oriented language. Again, free. * The last four languages I have downloaded and spent time with are all free: - Squeak, a version of Smalltalk, available on nearly every platform (generates bytecodes read by a VM, so writing the VM for a platform means Squeak runs on it). Associated with the Xerox PARC group which developed Smalltalk (including Alan Kay, Ted Kaehler, Dan Ingalls, etc.), then by Apple, then Disney, now scattered. Nominally open-source. - OCaml, the object-oriented version of Caml, standing for "Categorically-abstract ML"). A variant of ML (Milner's "meta language"), coming mostly from France. (One of the CPunks list members who cracked a famous challenge, Damien D., was one of the principal developers. Julian Assange, also a list member at one time, was also involved.) - Haskell, the category theory-oriented pure functional language. Mostly associated with Yale University, Glasgow U., Oregon Graduate institute, Chalmers in Sweden, and many hundreds of academic researchers. - Self, the derivative of Smalltalk developed by several Stanford-affiliated people. Now mostly at Sun, with parts of the technology in Java Hotspot, and in the free language Squeak, a version of Smalltalk. There are other examples. The obvious example is Unix, in its variants including Linux, despite the attempt by SCO to collect $1000 per CPU or whatever silly number they have floated in their lawsuits. We free marketers, we believers in profits and property and contracts, we must acknowledge that most of the really good stuff in computer science, aside from the hardware, is often free. (Caveat: I use and enjoy immensely Mac OS X, which is not free. The software itself is very _close_ to being free, but the link to Mac hardware costs a bit more. Still, I enjoy it enough to pay for it. Nearly everything else I use on my Macs is free or very, very close to being free.) But "free" arises for some reasons which are readily-understandable to Hayekians and Randians and those interested in markets and capitalism: * the creators are anticipating rewards _other_ than salaries from employers, e.g., -- fame ("Yes, I am Guido") -- job opportunities ("I wrote Digital Datawhaque, the leading open source frobbolizer") -- publish or perish -- simple pleasure or some mission (applies to several Cypherpunks projects...) Others have written at great length about how Unix took over the world over the past 25 years, about why Unix won out over VMS and a dozen or two other proprietary OSes. I'll look at just one language, one of the the four above: Haskell. (For the curious, www.haskell.org.) The developers of Haskell don't get paid through sales. They are professors, associate professors, lecturers, their students, and anyone trying to "make a mark" in computing. They are generally brainier than mere engineers or programmers hired by BigCo Software Factory, Inc. to produce software. They write papers, which are peer-reviewed and which are mercilessly criticized if flaky. So the big names in Haskell are the people who contributed really important ideas. (The same applies to Python, OCaml, etc.) Sometimes someone tries to do such a thing "for profit." In the "space" of functional or OO languages I talk about above, two such examples stand out: Erlang and Clean. Erlang is an in-house, proprietary system at Ericsson, the cell phone company, and Clean is a product of some German or Dutch company. As neither are readily downloadable, the academic and student communities with each are virtually nil (pun intended). The large communities, and probable large adoptions by corporations later, are in the free stuff areas. I don't even think the important defining characteristic is that the thing be "open source." The important thing is "free." Free as in no hassles, no licenses, play around, copy it for your friends, write about it without fears of being contacted by lawyers, and so on. Free. Unencumbered. (Yeah, there are various kinds of licenses having to do with whether products based on the freebie can be sold for profit. Another topic. To first order, the important reason people play with the things is because they are free. And to students and home users, this is what's important.) Does this have any relevance to Cypherpunks? Just the obvious one: any digital money system needs to be free, or open source, to be widely adopted by our kind of people. Any money which is later made will likely come from one of the above reasons (fame, job opportunities, publish or perish, or pleasure/mission) or from being in a position to exploit the technology, e.g., by operating a digital money system. Attempting to hold onto the "intellectual property" (cough) and then profit from carefully licensing it out to others is usually a lose. The results with Digicash speak for themselves. Had David Chaum, a man I respect a great deal, freely published and distributed his ideas, he would likely today have a lot more fame and fortune. --Tim May From rah at shipwright.com Sat Sep 6 17:59:12 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 6 Sep 2003 20:59:12 -0400 Subject: [NEC] 2.9: Fame vs Fortune: Micropayments and Free Content Message-ID: --- begin forwarded text From shaddack at ns.arachne.cz Sat Sep 6 22:00:59 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Sun, 7 Sep 2003 07:00:59 +0200 (CEST) Subject: more SSH MITM In-Reply-To: <3F59E2C9.5179.29687A@localhost> Message-ID: On Sat, 6 Sep 2003, James A. Donald wrote: > Thus under this attack, ssh uncertified keys work far better > than https certified keys. Central certification authority has its risks and advantages. Remembering the fingerprints of known keys and alerting for the new or changed ones has its advantages too. Why we shouldn't have it all? Why there couldn't be a system that would keep the database of known keys and report changes and new keys, like SSH does, and at the same give the possibility to sign the keys by several CAs? Effectively turning the hierarchy with potentially vulnerable top to a much-less-vulnerable web structure? That way you could get a key certified by Verisign, Thawte, and a handful of small private CAs of various groups and people, and its fingerprint remembered by the clients. If one of the CAs gets compromised, no problem as the other certificates still hold. If a server key gets changed, or there is a confusion-attack in progress ("BankOpAmerica"), the clients are immediately aware of it. Could be SSL modified to allow more CAs for one certificate? If it isn't a good idea, why? From cripto at ecn.org Sat Sep 6 23:50:36 2003 From: cripto at ecn.org (Anonymous) Date: Sun, 7 Sep 2003 08:50:36 +0200 (CEST) Subject: Making fake e-gold sites submit... Message-ID: <6fd2a4833203e38aaec8a62443fe1f98@ecn.org> save on desktop as anything.html as plain text. Then run. me

From morlockelloi at yahoo.com Sun Sep 7 11:09:47 2003 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Sun, 7 Sep 2003 11:09:47 -0700 (PDT) Subject: Charted death of cypherpunks Message-ID: <20030907180947.19600.qmail@web40606.mail.yahoo.com> http://recall.archive.org/?query=cypherpunks&search=go&afterMonth=1&afterYear=1996&beforeMonth=Today&beforeYear=%A0 (the above URL should be all in one line, of course) ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From mv at cdc.gov Sun Sep 7 11:46:14 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 07 Sep 2003 11:46:14 -0700 Subject: The Catheter and the Blizzard Message-ID: <3F5B7CF5.F45422B5@cdc.gov> >>The obvious example is Unix, in its variants including Linux, despite the attempt by SCO to collect $1000 per CPU or whatever silly number they have floated in their lawsuits.<< Anyone discussing this particular bit of corporate hallucination is encouraged to put Frank Zappa's "Penguin in Bondage" track on their phonograph... From discord-nobody at erisiandiscord.de Sun Sep 7 03:20:43 2003 From: discord-nobody at erisiandiscord.de (Anonymous) Date: Sun, 7 Sep 2003 12:19:43 +0159 (CEST) Subject: Making fake e-gold sites submit... Message-ID: <6fd2a4833203e38aaec8a62443fe1f98@erisiandiscord.de> save on desktop as anything.html as plain text. Then run. me

From jamesd at echeque.com Sun Sep 7 12:47:44 2003 From: jamesd at echeque.com (James A. Donald) Date: Sun, 7 Sep 2003 12:47:44 -0700 Subject: more SSH MITM In-Reply-To: References: <3F59E2C9.5179.29687A@localhost> Message-ID: <3F5B28F0.16033.5237294@localhost> -- On 7 Sep 2003 at 7:00, Thomas Shaddack wrote: > Central certification authority has its risks and advantages. > Remembering the fingerprints of known keys and alerting for > the new or changed ones has its advantages too. Why we > shouldn't have it all? > > Why there couldn't be a system that would keep the database > of known keys and report changes and new keys, like SSH does, > and at the same give the possibility to sign the keys by > several CAs? Effectively turning the hierarchy with > potentially vulnerable top to a much-less-vulnerable web > structure? Ideally a client that mediates interactions should get trust information from all relevant sources, and flag the user when there is something unusual about an interaction. However the more sources, the harder it is for mere software to figure out what is meaningful and relevant, and therefore the greater the risk that one will wind up continually throwing irrelevant dialog boxes at the user, which the user eventually learns to click through and ignore. It is hard to do what you propose. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG McThKMMEVOKkdz4RWIcbMuoi2/6QWYqfbndp1rrO 4NHj3GqtByVC9gs20vzoMmlt0cJTw1eJUCwsGHG/S From emc at artifact.psychedelic.net Sun Sep 7 12:49:05 2003 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Sun, 7 Sep 2003 12:49:05 -0700 (PDT) Subject: Cathedra and the Bizarre: Why Free Stuff is Good In-Reply-To: <7B698739-E0DB-11D7-87EC-000A956B4C74@got.net> Message-ID: <200309071949.h87Jn5kT007752@artifact.psychedelic.net> Tim Philosophizes: > All of the interesting languages now generating a lot of buzz, and > substantial communities, are essentially "free." Or non-profit, or open > source, or whatever one wishes to call them. Some examples: I believe "Free" to be very different than "Open Source", particularly open source under viral licensing agreements like the GPL. My perfect example of free software is the quadratic formula. I don't have to pay anyone to use it. I may use it for any purpose whatsoever, including commercial applications. Using it does not obligate me in any way, or legally encumber any product which includes it. The knowlege of it is so widespread that were it to be lost, someone would quickly reconstruct it and spread it around again. IT has lots of free things. Most computer science is free. I don't have to mail Andrew Tanenbaum a check if I write an OS, even if I use his book to design it. Knuth's books are free. etc... I'm a big fan of free. Free works. Free is like Pandora's box. Once opened, the stuff cannot be put back in. Ever. I am less of a fan of schemes like the GPL, which seek to impose a set of contagious terms on anything touched by the knowlege. > But "free" arises for some reasons which are readily-understandable to > Hayekians and Randians and those interested in markets and capitalism: > * the creators are anticipating rewards _other_ than salaries from > employers, e.g., True scientific inquiry is always driven purely by intellectual curiosity. Salary is just how you eat and pay the bills. Understanding the essential nature of apparently complex things is its own reward. > -- fame ("Yes, I am Guido") "Yes, I am Paracelsus. Would you believe I've been cooking this large vat of feces for 6 months?" > -- job opportunities ("I wrote Digital Datawhaque, the leading open > source frobbolizer") "I showed the correspondence between Tarot Trumps and Paths on the Tree of Life." > -- publish or perish "I wrote the Copronomicon." > -- simple pleasure or some mission (applies to several Cypherpunks > projects...) "We must stop discrimination against Druids." Of course my point here is that with minor exceptions, most really great innovations are unappreciated by the public, and may in fact go unappreciated by all but a very small number of people working in ones subspecialty at the time they are announced. So I think the non-tangible rewards from employers argument for innovation fails. Smart people do innovative things because of their intrinsic coolness, even if no one else in the world can appreciate them. > The large communities, and probable large adoptions by corporations > later, are in the free stuff areas. I don't even think the important > defining characteristic is that the thing be "open source." The > important thing is "free." Free as in no hassles, no licenses, play > around, copy it for your friends, write about it without fears of being > contacted by lawyers, and so on. Free. Unencumbered. > (Yeah, there are various kinds of licenses having to do with whether > products based on the freebie can be sold for profit. If you can't do whatever you like with it, it's not free. Period. > Just the obvious one: any digital money system needs to be free, or > open source, to be widely adopted by our kind of people. Secure anonymous digital money will never win out over easy to use, good buddies with Homeland Security systems like Paypal in the wide adoption Olympics. This is a dead horse that continues to be beaten on this list. > Had David Chaum, a man I respect a great deal, freely published and > distributed his ideas, he would likely today have a lot more fame and > fortune. Chaum's ideas were the JPEG Arithmetic Coding of the digital money spec. They suffered from two faults. One, they had legal restrictions. Two, other things that were almost as good didn't have legal restrictions. If Chaum wanted fame and fortune, he should have started eBay. -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From njohnsn at njohnsn.com Sun Sep 7 14:44:47 2003 From: njohnsn at njohnsn.com (Neil Johnson) Date: Sun, 7 Sep 2003 16:44:47 -0500 Subject: Cathedra and the Bizarre: Why Free Stuff is Good In-Reply-To: <200309071949.h87Jn5kT007752@artifact.psychedelic.net> References: <200309071949.h87Jn5kT007752@artifact.psychedelic.net> Message-ID: <200309071644.47342.njohnsn@njohnsn.com> There's another reason (The one ESR states in his essay). "Scratching the Itch" You are working on A and run into a problem B, you can't find an canned solution to B so you come up one your self. You don't care about B, you are more concerned about A so you give B away. Turns out solving B is a bigger deal to the rest of us than A. -- Neil Johnson http://www.njohnsn.com PGP key available on request. From anmetet at freedom.gmsociety.org Sun Sep 7 16:44:23 2003 From: anmetet at freedom.gmsociety.org (An Metet) Date: Sun, 7 Sep 2003 19:44:23 -0400 Subject: a study in efectiveness of medication in Corralitos area Message-ID: http://recall.archive.org/?query=tim+may&search=go&afterMonth=1&afterYear=1996&beforeMonth=Today&beforeYear=%A0 From cpunk at lne.com Sun Sep 7 20:00:00 2003 From: cpunk at lne.com (cpunk at lne.com) Date: Sun, 7 Sep 2003 20:00:00 -0700 Subject: Cypherpunks List Info Message-ID: <200309080300.h88300rX024908@gw.lne.com> Cypherpunks Mailing List Information Last updated: Sep 12, 2002 This message is also available at http://www.lne.com/cpunk Instructions on unsubscribing from the list can be found below. 0. Introduction The Cypherpunks mailing list is a mailing list for discussing cryptography and its effect on society. It is not a moderated list (but see exceptions below) and the list operators are not responsible for the list content. Cypherpunks is a distributed mailing list. A subscriber can subscribe to one node of the list and thereby participate on the full list. Each node (called a "Cypherpunks Distributed Remailer", although they are not related to anonymous remailers) exchanges messages with the other nodes in addition to sending messages to its subscribers. A message posted to one node will be received by the list subscribers on the other nodes, and vice-versa. 1. Filtering The various CDRs follow different policies on filtering spam and to a lesser extent on modifying messages that go to/from their subscribers. Filtering is done, on nodes that do it, to reduce the huge amount of spam that the cypherpunks list is subjected to. There are three basic flavors of filtering CDRs: "raw", which send all messages to their subscribers. "cooked" CDRs try to eliminate the spam on that's on the regular list by automatically sending only messages that are from cypherpunks list subscribers (on any CDR) or people who are replying to list messages. Finally there are moderated lists, where a human moderator decides which messages from the raw list to pass on to subscribers. 2. Message Modification Message modification policy indicates what modifications, if any, beyond what is needed to operate the CDR are done (most CDRs add a tracking X-loop header on mail posted to their subscribers to prevent mail loops). Message modification usually happens on mail going in or out to each CDR's subscribers. CDRs should not modify mail that they pass from one CDR to the next, but some of them do, and others undo those modifications. 3. Privacy Privacy policy indicates if the list will allow anyone ("open"), or only list members, or no one ("private") , to retrieve the subscribers list. Note that if you post, being on a "private" list doesn't mean much, since your address is now out there. It's really only useful for keeping spammers from harvesting addresses from the list software. Digest mode indicates that the CDR supports digest mode, which is where the posts are batched up into a few large emails. Nodes that support only digest mode are noted. 4. Anonymous posting Cypherpunks encourages anonymous posting. You can use an anonymous remailer: http://www.andrebacard.com/remail.html http://anon.efga.org/Remailers http://www.gilc.org/speech/anonymous/remailer.html or you can send posts to the list via cpunks_anon at einstein.ssz.com and your mail's headers will be stripped before posting. Note that this doesn't provide complete anonymity since the receiving site will still have log file entries showing the source of the mail (or you have to trust that they delete them). You also will be 'sharing' a reputation with the other entities that post through this alias, and some of them are spammers, so some subscribers will have this alias filtered. 5. Unsubscribing Unsubscribing from the cypherpunks list: Since the list is run from a number of different CDRs, you have to figure out which CDR you are subscribed to. If you don't remember and can't figure it out from the mail headers (hint: the top Received: line should tell you), the easiest way to unsubscribe is to send unsubscribe messages to all the CDRs listed below. How to figure out which CDR you are subscribed to: Get your mail client to show all the headers (Microsoft calls this "internet headers"). Look for the Sender or X-loop headers. The Sender will say something like "Sender: owner-cypherpunks at lne.com". The X-loop line will say something like "X-Loop: cypherpunks at lne.com". Both of these inticate that you are subscribed to the lne.com CDR. If you were subscribed to the algebra CDR, they would have algebra.com in them. Once you have figured out which CDR you're subscribed to, look in the table below to find that CDRs unsubscribe instructions. 6. Lunatics, spammers and nut-cases "I'm subscribed to a filtering CDR yet I still see lots of junk postings". At this writing there are a few sociopaths on the cypherpunks list who are abusing the lists openness by dumping reams of propaganda on the list. The distinction between a spammer and a subscriber is nearly always very clear, but the dictinction between a subscriber who is abusing the list by posting reams of propaganda and a subscriber who is making lots of controversial posts is not clear. Therefore, we tolerate the crap. Subscribers with a low crap tolerance should check out mail filters. Procmail is a good one, although it works on Unix and Unix-like systems only. Eudora also has a capacity for filtering mail, as do many other mail readers. An example procmail recipie is below, you will of course want to make your own decisions on which (ab)users to filter. # mailing lists: # filter all cypherpunks mail into its own cypherspool folder, discarding # mail from loons. All CDRs set their From: line to 'owner-cypherpunks'. # /dev/null is unix for the trash can. :0 * ^From.*owner-cypherpunks at .* { :0: * (^From:.*ravage at ssz\.com.*|\ ^From:.*jchoate at dev.tivoli.com.*|\ ^From:.*mattd at useoz.com|\ ^From:.*proffr11 at bigpond.com|\ ^From:.*jei at cc.hut.fi) /dev/null :0: cypherspool } 7. List of current CDRs All commands are sent in the body of mail unless otherwise noted. --------------------------------------------------------------------------- Algebra: Operator: Subscription: "subscribe cypherpunks" to majordomo at algebra.com Unsubscription: "unsubscribe cypherpunks" to majordomo at algebra.com Help: "help cypherpunks" to majordomo at algebra.com Posting address: cypherpunks at algebra.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- CCC: Operator: drt at un.bewaff.net Subscription: "subscribe [password of your choice]" to cypherpunks-request at koeln.ccc.de Unsubscription: "unsubscribe " to cypherpunks-request at koeln.ccc.de Help: "help" to to cypherpunks-request at koeln.ccc.de Web site: http://koeln.ccc.de/mailman/listinfo/cypherpunks Posting address: cypherpunks at koeln.ccc.de Filtering policy: This specific node drops messages bigger than 32k and every message with more than 17 recipients or just a line containing "subscribe" or "unsubscribe" in the subject. Digest mode: this node is digest-only NNTP: news://koeln.ccc.de/cbone.ml.cypherpunks Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Infonex: Subscription: "subscribe cypherpunks" to majordomo at infonex.com Unsubscription: "unsubscribe cypherpunks" to majordomo at infonex.com Help: "help cypherpunks" to majordomo at infonex.com Posting address: cypherpunks at infonex.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Lne: Subscription: "subscribe cypherpunks" to majordomo at lne.com Unsubscription: "unsubscribe cypherpunks" to majordomo at lne.com Help: "help cypherpunks" to majordomo at lne.com Posting address: cypherpunks at lne.com Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to lne CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. messages are demimed (MIME attachments removed) when posted through lne or received by lne CDR subscribers 2. leading "CDR:" in subject line removed 3. "Reply-to:" removed Privacy policy: private Info: http://www.lne.com/cpunk; "info cypherpunks" to majordomo at lne.com Archive: http://archives.abditum.com/cypherpunks/index.html (thanks to Steve Furlong and Len Sassaman) --------------------------------------------------------------------------- Minder: Subscription: "subscribe cypherpunks" to majordomo at minder.net Unsubscription: "unsubscribe cypherpunks" to majordomo at minder.net Help: "help" to majordomo at minder.net Posting address: cypherpunks at minder.net Filtering policy: raw Message Modification policy: no modification Privacy policy: private Info: send mail to cypherpunks-info at minder.net --------------------------------------------------------------------------- Openpgp: [openpgp seems to have dropped off the end of the world-- it doesn't return anything from sending help queries. Ericm, 8/7/01] Subscription: "subscribe cypherpunks" to listproc at openpgp.net Unsubscription: "unsubscribe cypherpunks" to listproc at openpgp.net Help: "help" to listproc at openpgp.net Posting address: cypherpunks at openpgp.net Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Ssz: Subscription: "subscribe cypherpunks" to majordomo at ssz.com Unsubscription: "unsubscribe cypherpunks" to majordomo at ssz.com Help: "help cypherpunks" to majordomo at ssz.com Posting address: cypherpunks at ssz.com Filtering policy: raw Message Modification policy: Subject line prepended with "CDR:" Reply-to cypherpunks at ssz.com added. Privacy policy: open Info: http://www.ssz.com/cdr/ --------------------------------------------------------------------------- Sunder: Subscription: "subscribe" to sunder at sunder.net Unsubscription: "unsubscribe" to sunder at sunder.net Help: "help" to sunder at sunder.net Posting address: sunder at sunder.net Filtering policy: moderated Message Modification policy: ??? Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- Pro-ns: Subscription: "subscribe cypherpunks" to majordomo at pro-ns.net Unsubscription: "unsubscribe cypherpunks" to majordomo at pro-ns.net Help: "help cypherpunks" to majordomo at pro-ns.net Posting address: cypherpunks at pro-ns.net Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to local CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. leading "CDR:" in subject line removed 2. "Reply-to:" removed Privacy policy: private Info: http://www.pro-ns.net/cpunk From jamesd at echeque.com Sun Sep 7 20:50:35 2003 From: jamesd at echeque.com (James A. Donald) Date: Sun, 7 Sep 2003 20:50:35 -0700 Subject: Cathedra and the Bizarre: Why Free Stuff is Good In-Reply-To: <200309071949.h87Jn5kT007752@artifact.psychedelic.net> References: <7B698739-E0DB-11D7-87EC-000A956B4C74@got.net> Message-ID: <3F5B9A1B.26930.6DD809F@localhost> -- On 7 Sep 2003 at 12:49, Eric Cordian wrote: > Secure anonymous digital money will never win out over easy > to use, good buddies with Homeland Security systems like > Paypal in the wide adoption Olympics. Non anonymous digital money is inherently reversible. For many purposes, this is a good thing. For other purposes, damn near intolerable. Reversibility imposes large costs on issuer, buyer, and seller. Reversibility imposes on all participants not merely the possibility of tracking identity, but the necessity to track identity, which is expensive and a major pain in the ass. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG w43FmWVSVxGrGkglKwhrbDlYPv+GcqZ9RzftUTCi 4nRt4abzGjha5XY7VEVcS7IDx7m9vN9VBDIRElHh7 From mv at cdc.gov Mon Sep 8 08:07:55 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 08 Sep 2003 08:07:55 -0700 Subject: More recall.archive.org fun Message-ID: <3F5C9B4B.69052677@cdc.gov> Enter "george w bush" and look at the categories to the right. From s.schear at comcast.net Mon Sep 8 10:11:56 2003 From: s.schear at comcast.net (Steve Schear) Date: Mon, 08 Sep 2003 10:11:56 -0700 Subject: Digital cash and campaign finance reform Message-ID: <5.2.1.1.0.20030908094314.03b64c40@mail.comcast.net> Everyone knows that money is the life blood of politics. The topic of campaign finance reform in the U.S. has been on and off the front burner of the major media, for decades. Although the ability of citizens and corporations to support the candidates and parties of their choice can be a positive political force, the ability of political contributors to buy access and influence legislation is probably the major source of governmental corruption. Despite some, apparently, honest efforts at limiting these legal payoffs there has been little real progress. The challenge is to encourage "neutral" campaign contributions. Perhaps technology could lend a hand. One of the features of Chaimian digital cash is unlinkability. Normally, this has been viewed from the perspective of the payer and payee not wishing to be linked to a transaction. But it also follows that that the payee can be prevented from learning the identity of the payee even if they wished. Since the final payee in politics is either the candidate or the party, this lack of knowledge could make it much more difficult for the money to be involved in influence peddling and quid pro quo back room deals. By combining a mandated digital cash system for contributions, a cap on the size of each individual contribution (perhaps as small as $100), randomized delays (perhaps up to a few weeks) in the "posting" of each transaction to the account of the counter party, it could create mix conditions which would thwart the ability of contributors to easily convince candidates and parties that they were the source of particular funds and therefore entitled to special treatment. Comments? steve A foolish Constitutional inconsistency is the hobgoblin of freedom, adored by judges and demagogue statesmen. - Steve Schear From timcmay at got.net Mon Sep 8 11:15:31 2003 From: timcmay at got.net (Tim May) Date: Mon, 8 Sep 2003 11:15:31 -0700 Subject: Digital cash and campaign finance reform In-Reply-To: <5.2.1.1.0.20030908094314.03b64c40@mail.comcast.net> Message-ID: <6EADEAE6-E228-11D7-87EC-000A956B4C74@got.net> On Monday, September 8, 2003, at 10:11 AM, Steve Schear wrote: > Everyone knows that money is the life blood of politics. The topic of > campaign finance reform in the U.S. has been on and off the front > burner of the major media, for decades. Although the ability of > citizens and corporations to support the candidates and parties of > their choice can be a positive political force, the ability of > political contributors to buy access and influence legislation is > probably the major source of governmental corruption. Despite some, > apparently, honest efforts at limiting these legal payoffs there has > been little real progress. The challenge is to encourage "neutral" > campaign contributions. Perhaps technology could lend a hand. > > One of the features of Chaimian digital cash is unlinkability. > Normally, this has been viewed from the perspective of the payer and > payee not wishing to be linked to a transaction. But it also follows > that that the payee can be prevented from learning the identity of the > payee even if they wished. Since the final payee in politics is > either the candidate or the party, this lack of knowledge could make > it much more difficult for the money to be involved in influence > peddling and quid pro quo back room deals. > > By combining a mandated digital cash system for contributions, a cap > on the size of each individual contribution (perhaps as small as > $100), randomized delays (perhaps up to a few weeks) in the "posting" > of each transaction to the account of the counter party, it could > create mix conditions which would thwart the ability of contributors > to easily convince candidates and parties that they were the source of > particular funds and therefore entitled to special treatment. > > Comments? All a contributor who wishes to be "credited" with having contributed has to do is "encode" his identity or that of his organization in the _amount_ of the contribution. This can be done out-of-band, even posted on a Website: "Remember, gun owners! Show your support by contributing _exactly_ $91.37 to the candidates we recommend." The pile of contributions of $91.37 would be just as sure (actually, only about 99% sure, for obvious statistical reasons) an indication of what the campaign donations were about as having a name attached. (Sort of a higher-precision parallel to the practice of paying soldiers with $2 bills so that local merchants would really understand just how important the local military base was to their business.) And if the system is unlinkable, then of course the contributions need not be N contributions from N different people. They could be N contributions of "91.37" from one contributor, a contributor who sends the politician an out-of-band (e-mail) message telling him exactly what to expect. There are other ways to thwart this idea. And this use of digital cash got talked about a lot here several years ago. Having Big Brother run a "mix" where all such unlinkable contributions are pooled and then disbursed is an obvious fix (but then no need for digital cash...ordinary checks and money orders and cash accomplish the same thing, once Big Brother is the one holding and disbursing the cash). Also, it will never fly for just general social reasons. Not only would such a system also be usable for untraceable payoffs (a feature for our kind of people, but a problem for some others), but the complaint would be heard that the computer-illiterate would not have equal access, blah blah. Also, the issue with campaign reform has And needless to say, the entire concept of "campaign reform" is profoundly contrary to the Bill of Rights. Everyone involved in limiting political speech via "campaign reform" deserves to be tried and hanged. I'd really hate to see a digital cash company firebombed because of its involvement with the forces of darkness. In any case, campaign finance reform is essentially uninteresting and statist. --Tim May "Dogs can't conceive of a group of cats without an alpha cat." --David Honig, on the Cypherpunks list, 2001-11 From froomkin at law.miami.edu Mon Sep 8 10:57:18 2003 From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law) Date: Mon, 8 Sep 2003 13:57:18 -0400 (EDT) Subject: Digital cash and campaign finance reform In-Reply-To: <5.2.1.1.0.20030908094314.03b64c40@mail.comcast.net> Message-ID: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=60331 http://papers.ssrn.com/sol3/papers.cfm?abstract_id=272787 http://www.cfp2000.org/papers/franklin.pdf http://www.yale.edu/yup/books/092628.htm On Mon, 8 Sep 2003, Steve Schear wrote: > Everyone knows that money is the life blood of politics. The topic of > campaign finance reform in the U.S. has been on and off the front burner of > the major media, for decades. Although the ability of citizens and > corporations to support the candidates and parties of their choice can be a > positive political force, the ability of political contributors to buy > access and influence legislation is probably the major source of > governmental corruption. Despite some, apparently, honest efforts at > limiting these legal payoffs there has been little real progress. The > challenge is to encourage "neutral" campaign contributions. Perhaps > technology could lend a hand. > > One of the features of Chaimian digital cash is unlinkability. Normally, > this has been viewed from the perspective of the payer and payee not > wishing to be linked to a transaction. But it also follows that that the > payee can be prevented from learning the identity of the payee even if they > wished. Since the final payee in politics is either the candidate or the > party, this lack of knowledge could make it much more difficult for the > money to be involved in influence peddling and quid pro quo back room deals. > > By combining a mandated digital cash system for contributions, a cap on the > size of each individual contribution (perhaps as small as $100), randomized > delays (perhaps up to a few weeks) in the "posting" of each transaction to > the account of the counter party, it could create mix conditions which > would thwart the ability of contributors to easily convince candidates and > parties that they were the source of particular funds and therefore > entitled to special treatment. > > Comments? > > steve > > > A foolish Constitutional inconsistency is the hobgoblin of freedom, adored > by judges and demagogue statesmen. > - Steve Schear > > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com > -- Please visit http://www.icannwatch.org A. Michael Froomkin | Professor of Law | froomkin at law.tm U. Miami School of Law, P.O. Box 248087, Coral Gables, FL 33124 USA +1 (305) 284-4285 | +1 (305) 284-6506 (fax) | http://www.law.tm -->It's very hot here.<-- --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From iang at systemics.com Mon Sep 8 11:34:25 2003 From: iang at systemics.com (Ian Grigg) Date: Mon, 08 Sep 2003 14:34:25 -0400 Subject: Digital cash and campaign finance reform References: <5.2.1.1.0.20030908094314.03b64c40@mail.comcast.net> Message-ID: <3F5CCBB1.65BC13E4@systemics.com> Steve Schear wrote: > By combining a mandated digital cash system for contributions, a cap on the > size of each individual contribution (perhaps as small as $100), randomized > delays (perhaps up to a few weeks) in the "posting" of each transaction to > the account of the counter party, it could create mix conditions which > would thwart the ability of contributors to easily convince candidates and > parties that they were the source of particular funds and therefore > entitled to special treatment. How would you audit such a system? I'm not that up on political cash, but I would have expected that there would be a need to figure out where money was coming from, by some interested third party at least. Also there would be a need to prove that the funds were getting there, otherwise, I'd be the first to jump in there and run the mix. Or, the mint. iang From ashwood at msn.com Mon Sep 8 16:51:04 2003 From: ashwood at msn.com (Joseph Ashwood) Date: Mon, 8 Sep 2003 16:51:04 -0700 Subject: Digital cash and campaign finance reform References: <5.2.1.1.0.20030908094314.03b64c40@mail.comcast.net> Message-ID: <017601c37664$1c86a860$6601a8c0@JOSEPHAS> ----- Original Message ----- From: "Steve Schear" To: ; [anonymous funding of politicians] > Comments? Simple attack: Bob talks to soon to be bought politician. "Tomorrow you'll recieve a donation of $50k, you'll know where it came from." Next day, buyer makes 500 $100 donations (remember you can't link him to any transaction), 50k arrives through the mix. Politician knows where it came from, but no one can prove it. By implementing this we'll see a backwards trend. It will be harder to prove the buyout (actually impossible), but the involved parties will know exactly who did the paying. Right now you can actually see a similar usage in the Bustamante (spelling?) campaign in the California Recall Election, the Native Americans donated $2M to him in spite of a limit of ~22k by donating from several people. Same method only now we know who did the paying. Joe Trust Laboratories Changing Software Development http://www.trustlaboratories.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From bill.stewart at pobox.com Mon Sep 8 18:00:37 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Mon, 08 Sep 2003 18:00:37 -0700 Subject: Digital cash and campaign finance reform In-Reply-To: <5.2.1.1.0.20030908094314.03b64c40@mail.comcast.net> References: <5.2.1.1.0.20030908094314.03b64c40@mail.comcast.net> Message-ID: <3F5D2635.3040406@pobox.com> Steve - The whole thing is a crock, and the problems aren't technical. None of the proposed users of the system have any desire to use it, except perhaps as a front for other activities, and the people who'd want them to make them use it are just meddlers. It's funny how any time you bring up the First Amendment in the context of tobacco advertising or internet pornography, they say "Oh, no, it's not about that, it's about *political* speech", but if you bring it up in the context of actual political speech, well then, oh, no, the First Amendment is about not arresting ranters on soapboxes in the park, or letting people print newspapers as long as there's official identifying information about the printer, but it's *certainly* not about actually letting people fund *electoral* speech, because elections are *way* too important to let unapproved members of the *public* influence the outcomes.... The couple of papers that Michael Froomkin referenced are pretty much the canonical references to the approach you're talking about, but just because there are academics proposing it doesn't mean it isn't still a total crock. Now, if you're talking about *real* campaign finance reform, as in permitting people to engage in free speech even if it requires money to transmit that speech to their intended recipients, fully anonymous digital cash is useful for that, in the obvious ways, and payer-anonymous payee-disclosing digital cash has its uses as well, if you like to be able to trace the people you're paying, and anonymous and pseudonymous publishing are also obviously useful, and then of course there's Blacknet if you want the real info on candidates. You don't need 100% technical guarantees of anonymity for most political work; the public can usually guess that "Paid for by Californians for Motherhood and Apple Pie" is probably the prison guards' union, or the major opponent of the candidate that the negative TV ad was about, or whatever, but unless there's a lawsuit or actual investigative reporter, nobody's going to bother tracking them down. Unfortunately, softmoney.com got snapped up a few years ago; I'd been planning to set it up as a site for donating your two cents to John McCain, when he was ranting about banning it. "paid for by Californians Against Bogus Campaign Financing Regulations, John Doe #238, Treasurer" From sfurlong at acmenet.net Mon Sep 8 15:52:32 2003 From: sfurlong at acmenet.net (Steve Furlong) Date: Mon, 8 Sep 2003 18:52:32 -0400 Subject: Digital cash and campaign finance reform In-Reply-To: <3F5CCBB1.65BC13E4@systemics.com> References: <5.2.1.1.0.20030908094314.03b64c40@mail.comcast.net> <3F5CCBB1.65BC13E4@systemics.com> Message-ID: <200309081852.32705.sfurlong@acmenet.net> On Monday 08 September 2003 14:34, Ian Grigg wrote: > Steve Schear wrote: > How would you audit such a system? I'm not that up > on political cash, but I would have expected that there > would be a need to figure out where money was coming > from, by some interested third party at least. Would you need to audit it? So long as the contributions can't be tied to a quid-pro-quo arrangement, let the candidates collect as much as they can. > Also there would be a need to prove that the funds > were getting there, otherwise, I'd be the first to > jump in there and run the mix. Or, the mint. Yah, that's a bigger problem. I guess the first step is, establish a digital bank with at least the credibility and trustworthiness of an ordinary, audited and regulated bank. But without the auditing and regulation because, well, this is the internet age. -- Steve Furlong Computer Condottiere Have GNU, Will Travel "If someone is so fearful that, that they're going to start using their weapons to protect their rights, makes me very nervous that these people have these weapons at all!" -- Rep. Henry Waxman From s.schear at comcast.net Mon Sep 8 20:39:47 2003 From: s.schear at comcast.net (Steve Schear) Date: Mon, 08 Sep 2003 20:39:47 -0700 Subject: Digital cash and campaign finance reform In-Reply-To: <017601c37664$1c86a860$6601a8c0@JOSEPHAS> References: <5.2.1.1.0.20030908094314.03b64c40@mail.comcast.net> Message-ID: <5.2.1.1.0.20030908203710.053fc828@mail.comcast.net> At 04:51 PM 9/8/2003 -0700, Joseph Ashwood wrote: >----- Original Message ----- >From: "Steve Schear" >To: ; >[anonymous funding of politicians] > > Comments? > >Simple attack: Bob talks to soon to be bought politician. "Tomorrow you'll >recieve a donation of $50k, you'll know where it came from." >Next day, buyer makes 500 $100 donations (remember you can't link him to any >transaction), 50k arrives through the mix. Politician knows where it came >from, but no one can prove it. Not so fast. I said the mix would delay and randomize the arrival of payments. So, some of the contributions would arrive almost immediately others/many might take weeks to arrive. steve "...for every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken From mixmaster at remailer.privacy.at Mon Sep 8 12:32:41 2003 From: mixmaster at remailer.privacy.at (privacy.at Anonymous Remailer) Date: Mon, 8 Sep 2003 21:32:41 +0200 (CEST) Subject: another fake e-gold site needs data Message-ID: <12037908d2e7d751a6177e238adf5022@remailer.privacy.at> ...Lots of data... Save as plain text anything.html on desktop and drop onto a browser. me

From ashwood at msn.com Mon Sep 8 22:32:51 2003 From: ashwood at msn.com (Joseph Ashwood) Date: Mon, 8 Sep 2003 22:32:51 -0700 Subject: Digital cash and campaign finance reform References: <5.2.1.1.0.20030908094314.03b64c40@mail.comcast.net> <5.2.1.1.0.20030908203710.053fc828@mail.comcast.net> Message-ID: <022a01c37693$d277c300$6601a8c0@JOSEPHAS> ----- Original Message ----- From: "Steve Schear" Subject: Re: Digital cash and campaign finance reform > At 04:51 PM 9/8/2003 -0700, Joseph Ashwood wrote: > >----- Original Message ----- > >From: "Steve Schear" > >To: ; > >[anonymous funding of politicians] > > > Comments? > > > >Simple attack: Bob talks to soon to be bought politician. "Tomorrow you'll > >recieve a donation of $50k, you'll know where it came from." > >Next day, buyer makes 500 $100 donations (remember you can't link him to any > >transaction), 50k arrives through the mix. Politician knows where it came > >from, but no one can prove it. > > Not so fast. I said the mix would delay and randomize the arrival of > payments. So, some of the contributions would arrive almost immediately > others/many might take weeks to arrive. You act like they aren't already used to addressing that "problem." I'll go back to the Bustamante, simply because it is convenient right now. Bustamante recieved a multi-million dollar donation from the Native Americans, this was not done through a single check, that would be illegal, instead it was done through multiple smaller checks, each of which ends up randomized and delayed in processing (USPS is wonderful source of randomness), so the actual occurance of the donations is scattered acros several days, from several accounts, by several people, and I'm sure Bustamante never even looked to see who the donations were actually from, just that the full amount arrived. The "problem" that you found, is already addressed, and already not a problem. Joe Trust Laboratories Changing Software Development http://www.trustlaboratories.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From shaddack at ns.arachne.cz Mon Sep 8 19:40:21 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Tue, 9 Sep 2003 04:40:21 +0200 (CEST) Subject: Determining gender of anonymous author - article link Message-ID: http://www.toledoblade.com/apps/pbcs.dll/article?AID=/20030908/NEWS08/109080101 Maybe it's already known here. Has implications in identifying an author in anonymous/pseudonymous communication. From hseaver at cybershamanix.com Tue Sep 9 06:12:32 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Tue, 9 Sep 2003 08:12:32 -0500 Subject: cats In-Reply-To: <6EADEAE6-E228-11D7-87EC-000A956B4C74@got.net> References: <5.2.1.1.0.20030908094314.03b64c40@mail.comcast.net> <6EADEAE6-E228-11D7-87EC-000A956B4C74@got.net> Message-ID: <20030909131232.GA22487@cybershamanix.com> On Mon, Sep 08, 2003 at 11:15:31AM -0700, Tim May wrote: > "Dogs can't conceive of a group of cats without an alpha cat." --David > Honig, on the Cypherpunks list, 2001-11 Cats always have an alpha cat. And they often have pissing contests to determine the pecking order. This is just as true of house cats as it is of lions. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From timcmay at got.net Tue Sep 9 09:24:54 2003 From: timcmay at got.net (Tim May) Date: Tue, 9 Sep 2003 09:24:54 -0700 Subject: CAPPS II -- The Latest "Red Scare" Message-ID: <250B8072-E2E2-11D7-87EC-000A956B4C74@got.net> "The new Transportation Security Administration system seeks to probe deeper into each passenger's identity than is currently possible, comparing personal information against criminal records and intelligence information. Passengers will be assigned a color code -- green, yellow or red -- based in part on their city of departure, destination, traveling companions and date of ticket purchase. "Most people will be coded green and sail through. But up to 8 percent of passengers who board the nation's 26,000 daily flights will be coded "yellow" and will undergo additional screening at the checkpoint, according to people familiar with the program. An estimated 1 to 2 percent will be labeled "red" and will be prohibited from boarding. These passengers also will face police questioning and may be arrested." Charming. Now people face "arrest" (Washington Post story claim) for merely be tagged as a Red. Get tagged as a Red, perhaps based on "intelligence" like Usenet postings, mailing list activity, political activity, and airlines are ordered to bar use of their services. And arrest follows. I know the ACLU is already having a field day with this. I wonder what the charges justifying arrest will be? "Your honor, this man was flagged "Red" by our computers. We request one million dollars bail. He's a flight risk....cough." No wonder the airlines are facing bankruptcy. Except Big Brother is bailing them out, semi-nationalizing them (probably giving big pieces of control to Halliburton and other Bush crony companies...even Hitler was not this transparent). --Tim May Join the boycott against Delta Airlines for their support of the Big Brotherish "CAPPS II" citizen-unit tracking program. http://www.boycottdelta.org http://boycottdelta.org/images/deltaeyebanner.gif With our help, Delta Airlines may be joining United and US Air in the bankruptcy scrap heap. From timcmay at got.net Tue Sep 9 09:28:46 2003 From: timcmay at got.net (Tim May) Date: Tue, 9 Sep 2003 09:28:46 -0700 Subject: Digital cash and campaign finance reform In-Reply-To: <5.2.1.1.0.20030908203710.053fc828@mail.comcast.net> Message-ID: On Monday, September 8, 2003, at 08:39 PM, Steve Schear wrote: > At 04:51 PM 9/8/2003 -0700, Joseph Ashwood wrote: >> ----- Original Message ----- >> From: "Steve Schear" >> To: ; >> [anonymous funding of politicians] >> > Comments? >> >> Simple attack: Bob talks to soon to be bought politician. "Tomorrow >> you'll >> recieve a donation of $50k, you'll know where it came from." >> Next day, buyer makes 500 $100 donations (remember you can't link him >> to any >> transaction), 50k arrives through the mix. Politician knows where it >> came >> from, but no one can prove it. > > Not so fast. I said the mix would delay and randomize the arrival of > payments. So, some of the contributions would arrive almost > immediately others/many might take weeks to arrive. > Why are you not addressing the more direct attack, the one I described yesterday? "The contributions you receive for $87.93 came from our members." Unless the amounts are consolidated by a third party or dithered (so much for digital money being what it claims to be), this covert channel bypasses the nominal name-stripping. --Tim May "According to the FBI, there's a new wrinkle in prostitution: suburban teenage girls are now selling their white asses at the mall to make money to spend at the mall. ... Now, you see, the joke here, of course, is on White America, which always felt superior to blacks, and showed that with their feet, moving out of urban areas. "White flight," they called it. Whites feared blacks. They feared if they raised their kids around blacks, the blacks would turn their daughters and prostitutes. And now, through the miracle of MTV, damned if it didn't work out that way! " --Bill Maher, "Real Time with Bill Maher," HBO, 15 August 2003 From s.schear at comcast.net Tue Sep 9 09:30:08 2003 From: s.schear at comcast.net (Steve Schear) Date: Tue, 09 Sep 2003 09:30:08 -0700 Subject: Digital cash and campaign finance reform In-Reply-To: <5.1.1.6.0.20030909093705.0279bbf8@getmail.amir.herzberg.na me> References: <5.2.1.1.0.20030908094314.03b64c40@mail.comcast.net> Message-ID: <5.2.1.1.0.20030909091116.0373fe68@mail.comcast.net> At 06:31 PM 9/9/2003 +0200, Amir Herzberg wrote: >Steve suggested (see below) that anonymous cash may be useful to hide the >identities of contributors from the party/candidate they contribute to. >I'm afraid this won't work: e-cash protocols are not trying to prevent a >`covert channel` between the payer and payee, e.g. via the choice of >random numbers or amounts. Furthermore even if the e-cash system had such >a feature, it would be of little help, since (a) there will be plenty of >other ways the payer can convince the payee that it made the contribution >and (b) in reality, candidates will have to return the favors even without >knowing for sure they got the money - kind of `risk management` - I'm not >sure what we want is to allow big contributors to gain favors while not >really making as big a contribution as they promised... I think that is exactly what we want. When multiple, creditable, contributors approach a candidate (who have different, perhaps opposing agendas) and tell them they have made substantial contributions to the campaign what will the candidate do when the bank account figures don't add up and it comes time for delivering on requests from these contributors? You know that once special interests understand that the candidates can't tell who contributed many attempt to cheat. The result could be to greatly reduce special interest campaign contributions and their power in government. It could make for an interesting study in game theory. steve A foolish Constitutional inconsistency is the hobgoblin of freedom, adored by judges and demagogue statesmen. - Steve Schear From mv at cdc.gov Tue Sep 9 09:35:24 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Tue, 09 Sep 2003 09:35:24 -0700 Subject: Your papers please [what color is John Gilmore?] Message-ID: <3F5E014B.4B11A4C7@cdc.gov> Most people will be coded green and sail through. But up to 8 percent of passengers who board the nation's 26,000 daily flights will be coded "yellow" and will undergo additional screening at the checkpoint, according to people familiar with the program. An estimated 1 to 2 percent will be labeled "red" and will be prohibited from boarding. These passengers also will face police questioning and may be arrested. http://www.washingtonpost.com/ac2/wp-dyn/A45434-2003Sep8?language=printer From timcmay at got.net Tue Sep 9 10:37:22 2003 From: timcmay at got.net (Tim May) Date: Tue, 9 Sep 2003 10:37:22 -0700 Subject: Digital cash and campaign finance reform In-Reply-To: <3F5E06BB.2040406@students.bbk.ac.uk> Message-ID: <44F6DD16-E2EC-11D7-87EC-000A956B4C74@got.net> On Tuesday, September 9, 2003, at 09:58 AM, ken wrote: > Tim May wrote: > >> In any case, campaign finance reform is essentially uninteresting and >> statist. > > Yes Tim, but as we happen to live in places where states make laws and > employ men with guns to hurt us if we disobey those laws then we do > have an interest (in the other sense) in who gets to run the organs of > the state. > > If you live next to the zoo you may be uninterested in the design of > the lion's cage but you sure as hell aren't disinterested in it. > I wouldn't want to live near a death camp, either, but that doesn't mean I would think designing better gas chambers is a noble or interesting thing to do (well, maybe for ten million or so statists and inner city welfare mutants, but that's for another post). Designing systems to thwart free speech is not noble, and not very interesting. (Campaign finance laws are thwartings of free speech, clearly.) --Tim May "That government is best which governs not at all." --Henry David Thoreau From s.schear at comcast.net Tue Sep 9 11:47:19 2003 From: s.schear at comcast.net (Steve Schear) Date: Tue, 09 Sep 2003 11:47:19 -0700 Subject: Digital cash and campaign finance reform In-Reply-To: References: <5.2.1.1.0.20030908203710.053fc828@mail.comcast.net> Message-ID: <5.2.1.1.0.20030909114314.04a30ec0@mail.comcast.net> At 09:28 AM 9/9/2003 -0700, Tim May wrote: >On Monday, September 8, 2003, at 08:39 PM, Steve Schear wrote: > >>At 04:51 PM 9/8/2003 -0700, Joseph Ashwood wrote: >>>----- Original Message ----- >>>From: "Steve Schear" >>>To: ; >>>[anonymous funding of politicians] >>> > Comments? >>> >>>Simple attack: Bob talks to soon to be bought politician. "Tomorrow you'll >>>recieve a donation of $50k, you'll know where it came from." >>>Next day, buyer makes 500 $100 donations (remember you can't link him to any >>>transaction), 50k arrives through the mix. Politician knows where it came >>>from, but no one can prove it. >> >>Not so fast. I said the mix would delay and randomize the arrival of >>payments. So, some of the contributions would arrive almost immediately >>others/many might take weeks to arrive. > >Why are you not addressing the more direct attack, the one I described >yesterday? > >"The contributions you receive for $87.93 came from our members." > >Unless the amounts are consolidated by a third party or dithered (so much >for digital money being what it claims to be), this covert channel >bypasses the nominal name-stripping. Sorry, I replied to this but apparently forgot to cc cypherpunks.... Limiting each individual contribution to fixed amounts (say $1, $5, $10, $20 and $100) should close that loophole. >--Tim May > >"According to the FBI, there's a new wrinkle in prostitution: suburban >teenage girls are now selling their white asses at the mall to make money >to spend at the mall. I guess I must not look like a potential client 'cause no young 'ho ever came up to me and solicited for a 'party'. steve A foolish Constitutional inconsistency is the hobgoblin of freedom, adored by judges and demagogue statesmen. - Steve Schear From warschad at excite.com Tue Sep 9 09:14:28 2003 From: warschad at excite.com (Dan Warschawski) Date: Tue, 9 Sep 2003 12:14:28 -0400 (EDT) Subject: Sr Network Security Engineers Message-ID: All, lots of questions in reference to the positions below so a blanket on what to expect for compensation: Thanks Employee will have opportunity to participate in a 401k program 2 Weeks annual leave Full medical and Dental Tuition Reimbursement Program All travel will be provided by the customer Salary range will be in excess of $200k (negotiable) Job Location Baghdad, Iraq Job Description Our organization is now seeking individuals who are looking for a chance to exceed in a high paced, high stressed environment. This is a 1 year contract with the possibility of continued employment after term. This position is located in Baghdad Iraq supporting US And Coalition forces. Seeking Senior Network Engineers to evaluate and assess network security posture on Combined Joint Task Force (CJTF) Iraq networks. The Engineers will be key advisors on all aspects of network security to include policy development and implementation. In addition the engineers will use all available tools to implement an aggressive security posture across the CJTF. The Engineers will provide hands-on network installation and support for WAN operations and LANs as required by the customer. This includes, installing, configuring, and maintaining multiple firewalls, IDS, and Border routers across the entire theater of operations. An extensive knowledge of the following is required Cisco IOS, ACL?s both standard and extended. Firewalls in particular Symantec Enterprise Firewalls, Symantec Velociraptor, Sidwinder, PIX. Intrusion Detection systems on multiple platforms. In addition the ability to implement and understand the use of TCPDUMP and WINDUMP is required. Job Qualifications Must have: Secret security clearance, with ability to obtain TS. Needs: BS in engineering or hard science; CCNP required 3 yrs Cisco router configuration experience, Cisco IOS use; CCSP preferred. 3Years experience in firewall configuration; 7 years networking, including TCP\IP BGP, OSPF, EIGRP. Must have an in-depth understanding of at least one of the following platforms, Symantec Enterprise Firewall, Symantec Velociraptor, Sidwinder, PIX. Must have a demonstrated ability to deploy and manage Cisco Secure IDS, SNORT, and ISS RealSecure The most personalized portal on the Web! ----- End forwarded message ----- From timcmay at got.net Tue Sep 9 12:17:18 2003 From: timcmay at got.net (Tim May) Date: Tue, 9 Sep 2003 12:17:18 -0700 Subject: Digital cash and campaign finance reform In-Reply-To: <5.2.1.1.0.20030909114314.04a30ec0@mail.comcast.net> Message-ID: <3AE04F68-E2FA-11D7-87EC-000A956B4C74@got.net> On Tuesday, September 9, 2003, at 11:47 AM, Steve Schear wrote: > At 09:28 AM 9/9/2003 -0700, Tim May wrote: >> Why are you not addressing the more direct attack, the one I >> described yesterday? >> >> "The contributions you receive for $87.93 came from our members." >> >> Unless the amounts are consolidated by a third party or dithered (so >> much for digital money being what it claims to be), this covert >> channel bypasses the nominal name-stripping. > > Sorry, I replied to this but apparently forgot to cc cypherpunks.... On this topic, I very strongly suggest to people that they not carry on conversations on both open lists and moderated lists. Also, I thought Perrypunks was a "no politics, crypto only" list? Debating how to do campaign finance reform is heavily political, and very light on cryptography, math, etc. > > Limiting each individual contribution to fixed amounts (say $1, $5, > $10, $20 and $100) should close that loophole. > There are too many loopholes to close. You also don't address the other point I raised, that if an "untraceable campaign contribution system" is in fact unlinkable to the donor, then Warren Buffett is able to donate $10 million, all in "unlinkable" contributions. (Nothing wrong with this, of course, but it sure does contradict the "only small contributions" intent of the various statist rules about campaigns.) So, why work on a system which is guaranteed to fail, by its nature? And guaranteed to fail for social reasons, when it is pointed out that inner city negroes rarely have access to PCs or digital money systems and that the system thus skews toward techies and those with computers? --Tim May --Tim May "Stupidity is not a sin, the victim can't help being stupid. But stupidity is the only universal crime; the sentence is death, there is no appeal, and execution is carried out automatically and without pity." --Robert A. Heinlein From emc at artifact.psychedelic.net Tue Sep 9 12:19:01 2003 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Tue, 9 Sep 2003 12:19:01 -0700 (PDT) Subject: Attention Sheeple Message-ID: <200309091919.h89JJ2C9007992@artifact.psychedelic.net> Saw this while browsing the Web this morning. I loved it. http://www.strike-the-root.com/3/donahue/donahue2.html ----- Want to See the World Implode by Jim Donahue I'd like to see some real hell unleashed in the upcoming year. I want a briefcase full of weaponized toxins to explode in front of the New York Stock Exchange. I want to see political assassinations take place all over Amerika, melee assassinations, live on television during a press conference. I want power outages to roll their way through the countryside, from Boston to D.C. to Miami to Dallas to Los Angeles to San Francisco to Seattle and back again. I want the economy to collapse into a pile of green ashes. I want 401(k) plans and IRAs and mutual fund investments to disappear. I want the twelve Federal Reserve Bank branches to go up in flames. I want new laws, more laws, bigger laws. I want laws that prohibit smoking in public, in private, on the high seas, and on the moon. I want drug laws that will put a high school student in the electric chair for smoking a joint. ... -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From mv at cdc.gov Tue Sep 9 12:40:57 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 09 Sep 2003 12:40:57 -0700 Subject: cats Message-ID: <3F5E2CC9.E9BA73BA@cdc.gov> At 08:12 AM 9/9/03 -0500, Harmon Seaver wrote: >On Mon, Sep 08, 2003 at 11:15:31AM -0700, Tim May wrote: >> "Dogs can't conceive of a group of cats without an alpha cat." --David >> Honig, on the Cypherpunks list, 2001-11 > > > Cats always have an alpha cat. And they often have pissing contests to >determine the pecking order. This is just as true of house cats as it is of >lions. First, many cats (e.g., mountain lions) do not form social groups beyond the mother raising the cubs. Female African lions reportedly do hang out together. Second, if you examine the context of the original post, the statement was a metaphor about leaderless ("anarchic") assemblies such as this list. In particular, the Feds (dogs) haven't historically understood that this list is the equivalent of a grad lounge or spontaneous beach party: there are multiple conversations, no one is moderating or otherwise choreographing squat. When cats encounter each other by chance, they may assert dominance, (linguistic pissing contests are not unheard of here :-) but their lives are not structured around following, or smelling the higher-up's ass. --- "While acknowledging himself an Anarchist, he does not state to what branch of the organization he belongs" ---Discussing Leon Czolgosz' shooting of President William McKinley From bill.stewart at pobox.com Tue Sep 9 14:27:23 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Tue, 09 Sep 2003 14:27:23 -0700 Subject: Your papers please [what color is John Gilmore?] In-Reply-To: <3F5E014B.4B11A4C7@cdc.gov> References: <3F5E014B.4B11A4C7@cdc.gov> Message-ID: <3F5E45BB.5070908@pobox.com> What color is John? He's Tie-Dyed, of course... You were expecting a single category they knew what to do with? Major Variola (ret.) wrote: > Most people will be coded green and sail through. But up to 8 > percent of passengers who board the nation's 26,000 daily flights will > be coded "yellow" and will undergo additional screening at the > checkpoint, according to people familiar with the program. An estimated > 1 to 2 percent will be labeled "red" and will be prohibited from > boarding. These passengers also will face police questioning and may be > arrested. > > http://www.washingtonpost.com/ac2/wp-dyn/A45434-2003Sep8?language=printer From camera_lumina at hotmail.com Tue Sep 9 13:47:07 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 09 Sep 2003 16:47:07 -0400 Subject: CAPPS II -- The Latest "Red Scare" Message-ID: "Get tagged as a Red, perhaps based on "intelligence" like Usenet postings, mailing list activity, political activity, and airlines are ordered to bar use of their services. And arrest follows." Serves you right. You and your constant criticisms of our divine and God-appointed protectors and leaders will certainly cause your privileges to be revoked. And in case you haven't yet learned: Stop expressing yourself and everything will be OK. Shut up, keep your head down and stay with the pack. -TD >From: Tim May >To: cypherpunks at lne.com >Subject: CAPPS II -- The Latest "Red Scare" >Date: Tue, 9 Sep 2003 09:24:54 -0700 > >"The new Transportation Security Administration system seeks to probe >deeper into each passenger's identity than is currently possible, >comparing personal information against criminal records and intelligence >information. Passengers will be assigned a color code -- green, yellow or >red -- based in part on their city of departure, destination, traveling >companions and date of ticket purchase. > >"Most people will be coded green and sail through. But up to 8 percent of >passengers who board the nation's 26,000 daily flights will be coded >"yellow" and will undergo additional screening at the checkpoint, >according to people familiar with the program. An estimated 1 to 2 percent >will be labeled "red" and will be prohibited from boarding. These >passengers also will face police questioning and may be arrested." > >washpost/20030909/ts_washpost/a45434_2003sep8> > > >Charming. Now people face "arrest" (Washington Post story claim) for >merely be tagged as a Red. > >Get tagged as a Red, perhaps based on "intelligence" like Usenet postings, >mailing list activity, political activity, and airlines are ordered to bar >use of their services. And arrest follows. > >I know the ACLU is already having a field day with this. I wonder what the >charges justifying arrest will be? "Your honor, this man was flagged "Red" >by our computers. We request one million dollars bail. He's a flight >risk....cough." > >No wonder the airlines are facing bankruptcy. Except Big Brother is >bailing them out, semi-nationalizing them (probably giving big pieces of >control to Halliburton and other Bush crony companies...even Hitler was >not this transparent). > > >--Tim May > > >Join the boycott against Delta Airlines for their support of the Big >Brotherish "CAPPS II" citizen-unit tracking program. > >http://www.boycottdelta.org >http://boycottdelta.org/images/deltaeyebanner.gif > >With our help, Delta Airlines may be joining United and US Air in the >bankruptcy scrap heap. _________________________________________________________________ Express yourself with MSN Messenger 6.0 -- download now! http://www.msnmessenger-download.com/tracking/reach_general From ashwood at msn.com Tue Sep 9 17:07:56 2003 From: ashwood at msn.com (Joseph Ashwood) Date: Tue, 9 Sep 2003 17:07:56 -0700 Subject: [cdr] Re: Digital cash and campaign finance reform References: <3AE04F68-E2FA-11D7-87EC-000A956B4C74@got.net> Message-ID: <013001c3772f$bcbf0770$6601a8c0@JOSEPHAS> ----- Original Message ----- From: "Tim May" Subject: [cdr] Re: Digital cash and campaign finance reform > There are too many loopholes to close. I think that's the smartest thing any one of us has said on this topic. Joe From roy at rant-central.com Tue Sep 9 14:52:22 2003 From: roy at rant-central.com (Roy M. Silvernail) Date: Tue, 9 Sep 2003 17:52:22 -0400 Subject: CAPPS II -- The Latest "Red Scare" In-Reply-To: References: Message-ID: <200309091752.22430.roy@rant-central.com> On Tuesday 09 September 2003 16:47, Tyler Durden wrote: > Stop expressing yourself and everything will be OK. Shut up, keep your head > down and stay with the pack. All hail mediocrity! From adam at homeport.org Tue Sep 9 14:55:24 2003 From: adam at homeport.org (Adam Shostack) Date: Tue, 9 Sep 2003 17:55:24 -0400 Subject: Your papers please [what color is John Gilmore?] In-Reply-To: <3F5E45BB.5070908@pobox.com> References: <3F5E014B.4B11A4C7@cdc.gov> <3F5E45BB.5070908@pobox.com> Message-ID: <20030909215523.GA63777@lightship.internal.homeport.org> First answer: He's in red, no green, argggh! Second answer: We've changed the name of the program to ITAR so his lawsuit goes back to square 1! That's the plan! Third answer: CAPPS was just a clever distraction, the real program remains classified. Please step over here. Adam On Tue, Sep 09, 2003 at 02:27:23PM -0700, Bill Stewart wrote: | What color is John? He's Tie-Dyed, of course... | | You were expecting a single category they knew what to do with? | | Major Variola (ret.) wrote: | > Most people will be coded green and sail through. But up to 8 | >percent of passengers who board the nation's 26,000 daily flights will | >be coded "yellow" and will undergo additional screening at the | >checkpoint, according to people familiar with the program. An estimated | >1 to 2 percent will be labeled "red" and will be prohibited from | >boarding. These passengers also will face police questioning and may be | >arrested. | > | >http://www.washingtonpost.com/ac2/wp-dyn/A45434-2003Sep8?language=printer -- "It is seldom that liberty of any kind is lost all at once." -Hume From bbrow07 at students.bbk.ac.uk Tue Sep 9 09:58:35 2003 From: bbrow07 at students.bbk.ac.uk (ken) Date: Tue, 09 Sep 2003 17:58:35 +0100 Subject: Digital cash and campaign finance reform References: <6EADEAE6-E228-11D7-87EC-000A956B4C74@got.net> Message-ID: <3F5E06BB.2040406@students.bbk.ac.uk> Tim May wrote: > In any case, campaign finance reform is essentially uninteresting and > statist. Yes Tim, but as we happen to live in places where states make laws and employ men with guns to hurt us if we disobey those laws then we do have an interest (in the other sense) in who gets to run the organs of the state. If you live next to the zoo you may be uninterested in the design of the lion's cage but you sure as hell aren't disinterested in it. From amir at herzberg.name Tue Sep 9 09:31:16 2003 From: amir at herzberg.name (Amir Herzberg) Date: Tue, 09 Sep 2003 18:31:16 +0200 Subject: Digital cash and campaign finance reform In-Reply-To: <5.2.1.1.0.20030908094314.03b64c40@mail.comcast.net> Message-ID: <5.1.1.6.0.20030909093705.0279bbf8@getmail.amir.herzberg.name> Steve suggested (see below) that anonymous cash may be useful to hide the identities of contributors from the party/candidate they contribute to. I'm afraid this won't work: e-cash protocols are not trying to prevent a `covert channel` between the payer and payee, e.g. via the choice of random numbers or amounts. Furthermore even if the e-cash system had such a feature, it would be of little help, since (a) there will be plenty of other ways the payer can convince the payee that it made the contribution and (b) in reality, candidates will have to return the favors even without knowing for sure they got the money - kind of `risk management` - I'm not sure what we want is to allow big contributors to gain favors while not really making as big a contribution as they promised... Best, Amir Herzberg At 10:11 08/09/2003 -0700, Steve Schear wrote: >Everyone knows that money is the life blood of politics. The topic of >campaign finance reform in the U.S. has been on and off the front burner >of the major media, for decades. Although the ability of citizens and >corporations to support the candidates and parties of their choice can be >a positive political force, the ability of political contributors to buy >access and influence legislation is probably the major source of >governmental corruption. Despite some, apparently, honest efforts at >limiting these legal payoffs there has been little real progress. The >challenge is to encourage "neutral" campaign contributions. Perhaps >technology could lend a hand. > >One of the features of Chaimian digital cash is unlinkability. Normally, >this has been viewed from the perspective of the payer and payee not >wishing to be linked to a transaction. But it also follows that that the >payee can be prevented from learning the identity of the payee even if >they wished. Since the final payee in politics is either the candidate or >the party, this lack of knowledge could make it much more difficult for >the money to be involved in influence peddling and quid pro quo back room >deals. > >By combining a mandated digital cash system for contributions, a cap on >the size of each individual contribution (perhaps as small as $100), >randomized delays (perhaps up to a few weeks) in the "posting" of each >transaction to the account of the counter party, it could create mix >conditions which would thwart the ability of contributors to easily >convince candidates and parties that they were the source of particular >funds and therefore entitled to special treatment. > >Comments? > >steve > > >A foolish Constitutional inconsistency is the hobgoblin of freedom, adored >by judges and demagogue statesmen. >- Steve Schear > >--------------------------------------------------------------------- >The Cryptography Mailing List >Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From morlockelloi at yahoo.com Tue Sep 9 18:38:24 2003 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Tue, 9 Sep 2003 18:38:24 -0700 (PDT) Subject: cats In-Reply-To: <3F5E2CC9.E9BA73BA@cdc.gov> Message-ID: <20030910013824.67937.qmail@web40606.mail.yahoo.com> Well, cats *do* have a quite strict hierarchy which is far from ad-hoc establishment of the pecking order. So the analogy dosn't hold with cat behavioral experts. However, if cats could perform anonymized hissing, biting and scratching, then I'm sure that cypherpunk maillist would be a good analogy for cat behavior. > Second, if you examine the context of the original post, the statement > was a metaphor about leaderless ("anarchic") assemblies such > as this list. In particular, the Feds (dogs) haven't historically > understood that this list is the equivalent of a grad lounge or spontaneous > beach party: > there are multiple conversations, no one is moderating or otherwise > choreographing > squat. When cats encounter each other by chance, they may assert > dominance, > (linguistic pissing contests are not unheard of here :-) > but their lives are not structured around following, or smelling the > higher-up's ass. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From jya at pipeline.com Tue Sep 9 20:32:47 2003 From: jya at pipeline.com (John Young) Date: Tue, 09 Sep 2003 20:32:47 -0700 Subject: GSM Crack Paper In-Reply-To: <20030909215523.GA63777@lightship.internal.homeport.org> References: <3F5E45BB.5070908@pobox.com> <3F5E014B.4B11A4C7@cdc.gov> <3F5E45BB.5070908@pobox.com> Message-ID: "Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communications," by Elad Barkan, Eli Biham, Nathan Keller http://cryptome.org/gsm-crack-bbk.pdf (18 Pages, 234KB) Abstract. In this paper we present a very practical cipher-text only cryptanalysis of GSM encrypted communications, and various active attacks on the GSM protocols. These attacks can even break into GSM networks that use "unbreakable" ciphers. We describe a ciphertext-only attack on A5/2 that requires a few dozen milliseconds of encrypted off-the-air cellular conversation and finds the correct key in less than a second on a personal computer. We then extend this attack to a (more complex) ciphertext-only attack on A5/1. We describe new attacks on the protocols of networks that use A5/1, A5/3, or even GPRS. These attacks are based on security flaws of the GSM protocols, and work whenever the mobile phone supports A5/2. We emphasize that these attacks are on the protocols, and are thus applicable whenever the cellular phone supports a weak cipher, for instance they are also applicable using the cryptanalysis of A5/1. Unlike previous attacks on GSM that require unrealistic information, like long known plaintext periods, our attacks are very practical and do not require any knowledge of the content of the conversation. These attacks allow attackers to tap conversations and decrypt them either in real-time, or at any later time. We also show active attacks, such as call hijacking, altering data messages and call theft. From bradneuberg at yahoo.com Tue Sep 9 20:43:04 2003 From: bradneuberg at yahoo.com (Brad Neuberg) Date: Tue, 9 Sep 2003 20:43:04 -0700 (PDT) Subject: [p2p-hackers] Project Announcement: P2P Sockets Message-ID: Hi everyone. I just posted the web site, source code, and two tutorials for the Peer-to-Peer Sockets Project at http://p2psockets.jxta.org. The source code represents a working, 1.0 beta 1 release, with several pieces of software, such as Jetty and XML-RPC Client and Server libraries, already ported onto this new API. I have spent the last month and a half working full time on this. Here are some more details on the project: ------------------------ Are you interested in: * returning the end-to-end principle to the Internet? * an alternative peer-to-peer domain name system that bypasses ICANN and Verisign, is completely decentralized, and responds to updates much quicker than standard DNS? * an Internet where everyone can create and consume network services, even if they have a dynamic IP address or no IP address, are behind a Network Address Translation (NAT) device, or blocked by an ISP's firewall? * a web where every peer can automatically start a web server, host an XML-RPC service, and more and quickly make these available to other peers? * easily adding peer-to-peer functionality to your Java socket and server socket applications? * having your servlets and Java Server Pages work on a peer-to-peer network for increased reliability, easier maintenence, and exciting new end-user functionality? * playing with a cool technology? If you answered yes to any of the above, then welcome to the Peer-to-Peer Sockets project! The Peer-to-Peer Sockets Project reimplements Java's standard Socket, ServerSocket, and InetAddress classes to work on a peer-to-peer network rather than on the standard TCP/IP network. "Aren't standard TCP/IP sockets and server sockets already peer-to-peer?" some might ask. Standard TCP/IP sockets and server sockets are theoretically peer-to-peer but in practice are not due to firewalls, Network Address Translation (NAT) devices, and political and technical issues with the Domain Name System (DNS). The P2P Sockets project deals with these issues by re-implementing the standard java.net classes on top of the Jxta peer-to-peer network. Jxta is an open-source project that creates a peer-to-peer overlay network that sits on top of TCP/IP. Ever peer on the network is given an IP-address like number, even if they are behind a firewall or don't have a stable IP address. Super-peers on the Jxta network run application-level routers which store special information such as how to reach peers, how to join sub-groups of peers, and what content peers are making available. Jxta application-level relays can proxy requests between peers that would not normally be able to communicate due to firewalls or NAT devices. Peers organize themselves into Peer Groups, which scope all search requests and act as natural security containers. Any peer can publish and create a peer group in a decentralized way, and other peers can search for and discover these peer groups using other super-peers. Peers communicate using Pipes, which are very similar to Unix pipes. Pipes abstract the exact way in which two peers communicate, allowing peers to communicate using other peers as intermediaries if they normally would not be able to communicate due to network partitioning. Jxta is an extremely powerful framework. However, it is not an easy framework to learn, and porting existing software to work on Jxta is not for the faint-of-heart. P2P Sockets effectively hides Jxta by creating a thin illusion that the peer-to-peer network is actually a standard TCP/IP network. If a peer wishes to become a server they simply create a P2P server socket with the domain name they want and the port other peers should use to contact them. P2P clients open socket connections to hosts that are running services on given ports. Hosts can be resolved either by domain name, such as "www.nike.laborpolicy", or by IP address, such as "44.22.33.22". Behind the scenes these resolve to JXTA primitives rather than being resolved through DNS or TCP/IP. For example, the host name "www.nike.laborpolicy" is actually the NAME field of a Jxta Peer Group Advertisement. P2P sockets and server sockets work exactly the same as normal TCP/IP sockets and server sockets. The benefits of taking this approach are many-fold. First, programmers can easily leverage their knowledge of standard TCP/IP sockets and server sockets to work on the Jxta peer-to-peer network without having to learn about Jxta. Second, all of the P2P Sockets code subclasses standard java.net objects, such as java.net.Socket, so existing network applications can quickly be ported to work on a peer-to-peer network. The P2P Sockets project already includes a large amount of software ported to use the peer-to-peer network, including a web server (Jetty) that can receive requests and serve content over the peer-to-peer network; a servlet and JSP engine (Jetty and Jasper) that allows existing servlets and JSPs to serve P2P clients; an XML-RPC client and server (Apache XML-RPC) for accessing and exposing P2P XML-RPC endpoints; an HTTP/1.1 client (Apache Commons HTTP-Client) that can access P2P web servers; a gateway (Smart Cache) to make it possible for existing browsers to access P2P web sites; and a WikiWiki (JSPWiki) that can be used to host WikiWikis on your local machine that other peers can access and edit through the P2P network. Even better, all of this software works and looks exactly as it did before being ported. The P2P Sockets abstraction is so strong that porting each of these pieces of software took as little as 30 minutes to several hours. Everything included in the P2P sockets project is open-source, mostly under BSD-type licenses, and cross-platform due to being written in Java. Because P2P Sockets are based on Jxta, they can easily do things that ordinary server sockets and sockets can't handle. First, creating server sockets that can fail-over and scale is easy with P2P Sockets. Many different peers can start server sockets for the same host name and port, such as "www.nike.laborpolicy" on port 80. When a client opens a P2P socket to "www.nike.laborpolicy" on port 80, they will randomly connect to one of the machines that is hosting this port. All of these server peers might be hosting the same web site, for example, making it very easy to partition client requests across different server peers or to recover from losing one server peer. This is analagous to DNS round-robining, where one host name will resolve to many different IP addresses to help with load-balancing. Second, since P2P Sockets don't use the DNS system, host names can be whatever you wish them to. You can create your own fanciful endings, such as "www.boobah.cat" or "www.cynthia.goddess", or application-specific host names, such as "Brad GNUberg" or "Fidget666" for an instant messaging system. Third, the service ports for a given host name can be distributed across many different peers around the world. For example, imagine that you have a virtual host for "www.nike.laborpolicy". One peer could be hosting port 80, to serve web pages; another could be hosting port 2000, for instant messaging, and a final peer could be hosting port 3000 for peers to subscribe to real-time RSS updates. Hosts now become decentralized coalitions of peers working together to serve requests. Two tutorials are available: * Introduction to Peer-to-Peer Sockets - http://www.codinginparadise.org/p2psockets/1.html * How to Create Peer-to-Peer Web Servers, Servlets, JSPs, and XML-RPC Clients and Servers - http://www.codinginparadise.org/p2psockets/2.html Download P2PSockets-1.0-beta1.zip, (released 9-5-2003) which contains the core package and extensions both compiled and in source form, at http://www.codinginparadise.org/p2psockets/P2PSockets-1.0-beta1.zip Thanks, Brad GNUberg bkn3 at columbia.edu _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- [demime 0.97c removed an attachment of type application/pgp-signature] From measl at mfn.org Tue Sep 9 19:42:18 2003 From: measl at mfn.org (J.A. Terranson) Date: Tue, 9 Sep 2003 21:42:18 -0500 (CDT) Subject: [cdr] CAPPS-II: Green/Yellow or Red for freight? Message-ID: http://www.cnn.com/2003/US/Southwest/09/09/plane.stowaway/index.html Man shipped from New York to Texas in crate Tuesday, September 9, 2003 Posted: 10:31 PM EDT (0231 GMT) WASHINGTON (CNN) -- Federal officials are investigating how a man managed to hide inside a crate that was flown by a major cargo carrier from New York to Dallas, Texas. Charles McKinley wanted to go to his father's house in Dallas and decided to "ship himself rather than pay for a ticket," said Transportation Security Administration spokeswoman Suzanne Luber. McKinley secured himself in the crate, apparently with some help, along with his computer and some clothes. The incident highlighted a potential hole in aviation security. Luber shipped himself through cargo carrier Kitty Hawk Inc., which said it was told by the shipping firm, Pilot Air Freight, that the crate was loaded with computer monitors. The crate, marked as containing computer equipment, was picked up at a company called Metrotech in the Bronx, New York, and driven to John F. Kennedy International Airport, and then to Newark, New Jersey, where it was placed on a Kitty Hawk cargo plane, she said. "The plane actually went to Buffalo. From Buffalo it went to Fort Wayne, Indiana. There was a change of planes onto another Kitty Hawk cargo plane, and he ended up at DFW [Dallas/Fort Worth International Airport]," Luber said. He was then driven to the intended address, which was his father's house in De Soto, a suburb 14 miles south of Dallas. Carl Smith, assistant chief of the De Soto Police Department, said that when the deliveryman went to remove the box from the truck he noticed a person inside. Authorities believe Smith had moved something he had been using to cover himself, so the driver was able to see him through a slit in the crate. "At that time, the young man kicked one side of the crate out, crawled out, got his box, and walked around to the back of the house," Smith said. The driver contacted police. McKinley is being held at the Dallas County Sheriff's Department, Smith said. Authorities have not released his age, but news reports said he is 25. Luber said authorities detained McKinley on outstanding warrants for theft of a check and a traffic violation. The TSA is working with the FBI and the U.S. attorney's office to investigate and determine if there are any federal charges for this incident. "We've made significant improvements in cargo security, but we do have more, more to go," Luber said. TSA teams have examined cargo carriers and the airport facilities they use to load packages "to determine strengths and weaknesses in cargo security," she said. The TSA has a cargo security advisory committee that is expected to provide recommendations for additional security as early as October 1, she said. "The bottom line is just like passenger security there's not just one single silver bullet," Luber said. "We're taking a layered approach. "Should Congress ask us, we are ready to train cargo pilots as federal flight deck officers." Federal flight deck officers are armed with guns in the cockpit. Richard Phillips, chairman and chief executive officer of Pilot Air Freight, said his company rigidly adhered to TSA procedures, keeping the crate off a passenger plane and placing no travelers at risk. "It is unfortunate that one individual would choose to flaunt air regulations," he said. A spokesman for Kitty Hawk Cargo added, "This is a very unusual incident." CNN correspondent Patti Davis contributed to this report. From hseaver at cybershamanix.com Tue Sep 9 20:04:14 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Tue, 9 Sep 2003 22:04:14 -0500 Subject: cats In-Reply-To: <3F5E2CC9.E9BA73BA@cdc.gov> References: <3F5E2CC9.E9BA73BA@cdc.gov> Message-ID: <20030910030414.GA23335@cybershamanix.com> On Tue, Sep 09, 2003 at 12:40:57PM -0700, Major Variola (ret) wrote: > At 08:12 AM 9/9/03 -0500, Harmon Seaver wrote: > >On Mon, Sep 08, 2003 at 11:15:31AM -0700, Tim May wrote: > >> "Dogs can't conceive of a group of cats without an alpha cat." > --David > >> Honig, on the Cypherpunks list, 2001-11 > > > > > > Cats always have an alpha cat. And they often have pissing contests > to > >determine the pecking order. This is just as true of house cats as it > is of > >lions. > > First, many cats (e.g., mountain lions) do not form social groups beyond > > the mother raising the cubs. Female African lions reportedly do hang > out together. > > Second, if you examine the context of the original post, the statement > was a metaphor about leaderless ("anarchic") assemblies such > as this list. In particular, the Feds (dogs) haven't historically > understood > that this list is the equivalent of a grad lounge or spontaneous beach > party: > there are multiple conversations, no one is moderating or otherwise > choreographing > squat. Yes, I'm well aware of what it's trying to say, but it's really a very poor analogy based on a faulty premise. > When cats encounter each other by chance, they may assert > dominance, Not "may" -- they always do, just as dogs do. And not just in first meetings, it continues virtually forever, including sometimes all-out fighting, but sometimes too subtle for most humans to even be aware of. > (linguistic pissing contests are not unheard of here :-) > but their lives are not structured around following, or smelling the > higher-up's ass. > We have three or four distinct groups of cats living here that we feed. Two in the house, two in the garage/greenhouse who once lived in the house but could not resolve the dominance issue between one male in the house and one alpha female now in the greenhouse. Then there are the more or less permanent two females that live on and under the front porch, who also have serious unresolved issues with the Mama Fritz of the greenhouse (who does get outside during the day). Dominance also goes down the line, watching the 3 young offspring of one of the porch ladies makes that pretty clear, one of those bosses the other two, but all are subservient to the two older females, and their mother, Shy, clearly bosses Bobbette, the other older female. Neither of them take crap from Mama Fritzi, in fact one day I watched Bobbette whup Mama's butt, but that hasn't deterred Mama one iota. And then we have the feral toms who come to the permanent bin feeder on the porch as well, who have their own inter-relationships. If you read any texts on cat behavior, you'll find dominance a well studied attribute. Most say there is *always* an alpha cat, even if it isn't apparent to the casual observer. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From mark at tweakt.net Tue Sep 9 19:31:32 2003 From: mark at tweakt.net (Mark Renouf) Date: 09 Sep 2003 22:31:32 -0400 Subject: GPG Sig test Message-ID: <1063161092.4940.24.camel@localhost> Can someone verify this message? Someone told me that my signatures were coming up invalide for some reason. I just created a new key recently (old one expired months ago). I just uploaded it to keyserver.pgp.net Thanks! -- Mark Renouf [demime 0.97c removed an attachment of type application/pgp-signature which had a name of signature.asc] From frantz at pwpconsult.com Tue Sep 9 22:55:10 2003 From: frantz at pwpconsult.com (Bill Frantz) Date: Tue, 9 Sep 2003 22:55:10 -0700 Subject: GPG Sig test In-Reply-To: <1063161092.4940.24.camel@localhost> Message-ID: At 7:31 PM -0700 9/9/03, Mark Renouf wrote: >Can someone verify this message? Someone told me that my signatures were >coming up invalide for some reason. I just created a new key recently >(old one expired months ago). I just uploaded it to keyserver.pgp.net > >Thanks! > >-- >Mark Renouf > >[demime 0.97c removed an attachment of type application/pgp-signature >which had a name of signature.asc] For some reason this mail tickled my sense of humor. Try sending the message without MIME. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | "A Jobless Recovery is | Periwinkle -- Consulting (408)356-8506 | like a Breadless Sand- | 16345 Englewood Ave. frantz at pwpconsult.com | wich." -- Steve Schear | Los Gatos, CA 95032, USA From morlockelloi at yahoo.com Wed Sep 10 08:41:40 2003 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Wed, 10 Sep 2003 08:41:40 -0700 (PDT) Subject: [p2p-hackers] Project Announcement: P2P Sockets (fwd from bradneuberg@yahoo.com) In-Reply-To: <20030910102122.GB28331@leitl.org> Message-ID: <20030910154140.53334.qmail@web40603.mail.yahoo.com> > stable IP address. Super-peers on the Jxta network run > application-level routers which store special > information such as how to reach peers, how to join So these super peers are reliable, non-vulnerable, although everyone knows where they are, because .... ? ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From rah at shipwright.com Wed Sep 10 06:19:28 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 10 Sep 2003 09:19:28 -0400 Subject: Mexican Town Forgoes Law for Order Message-ID: The Washington Post washingtonpost.com Mexican Town Forgoes Law for Order Mayor Abolishes Traffic Fines in a Bid to End Bribery by Police Officers By Kevin Sullivan Washington Post Foreign Service Monday, September 8, 2003; Page A15 ECATEPEC, Mexico -- Park where you like, speed if you want to, run a red light, don't bother renewing your driver's license and let that seat belt flap in the wind. Nobody's going to bust you as long as Mayor Eruviel Avila Villegas is in charge. Avila's first official act when he took office last month was to abolish parking and traffic fines in this city of 2.5 million people just north of Mexico City. Avila, 34, a soft-spoken lawyer with curly hair, is nobody's anarchist. He's just looking for radical new ways to solve one of Mexico's most annoying problems: cops demanding bribes. The mayor's theory is that if police officers can't threaten drivers with tickets, they can't shake them down. "We are renewing and revolutionizing our city," he said. "People will always speed. They will always park illegally. But this way they won't have to pay bribes." Many Ecatepec residents said they feel liberated by the policy, which gives them at least a temporary respite from the money-grubbing officers who are among the great nuisances of daily life in Mexico. "This isn't a gift -- this is something we deserve," said a delighted Guadalupe Flores, 38, who works in a hotel in this working-class city. Police are less happy, some for obvious reasons, and others because they said they fear chaos when unchecked human nature is the only law on the streets. "People know we can't do anything and they laugh in our faces," said officer Erasmo Rosas Buenrostro, who has been armed with nothing more than a whistle since Avila confiscated all the ticket books in town and piled them up on his desk in city hall. It is impossible to calculate the cost of corruption in Mexican life, although Francisco Barrio, who was known as Mexico's anti-corruption "czar" when he was federal comptroller, estimated that it could be as high as 9 percent of the gross domestic product. The head of Pemex, the state oil monopoly, has said corruption costs the company $1 billion a year. Bribes are paid for everything from getting a car inspected to persuading the phone repairman to come before Christmas. A survey by Transparency Mexico, the local branch of Transparency International, showed there were at least 200 million shakedowns a year, two for each of Mexico's 100 million people. As officials have become more open about the economic and social costs of police corruption, several initiatives have been launched, including the purging of entire police forces and starting over in some towns. In Mexico City, police chief Marcelo Ebrard recently began paying his officers a cash bonus for making an arrest. The idea is to make being clean more lucrative than being dirty. But with police typically earning just a few hundred dollars a month, and with no pension when they retire, officers on the beat still tend to behave as if every driver were an ATM. In Ecatepec, Avila said, a dozen of the city's 177 traffic officers simply stopped showing up for work when the new policy was announced on Aug. 19. Police here earn an average of about $420 a month, but some were adding as much as $2,000 a month to their salaries with bribes from drivers, several officers said. They said those who disappeared have probably moved to other cities and taken jobs in police departments that still tolerate bribery as a way to beef up low salaries. Ecatepec is a sprawling city of humble barrios where those lucky enough to have work commute by bus to jobs in Mexico City. It is part of the leathery hide of poor, tough cities that ring the capital in Mexico state. Avila said it's the kind of place that requires radical new ideas to root out nasty old habits. He dismissed criticism that the policy would bring chaos to the streets, saying, "I don't think anybody's going to say, 'Let's go to Ecatepec because they don't have laws.' " He said drunken driving and other criminal offenses would still be punished. He said he believed people would behave responsibly without the threat of fines for routine traffic offenses, and he said the policy so far seems to be working. Avila is not worried about losing revenue from traffic fines. "For every peso that went into the city's coffers, five went into the pockets of the police," he said. "The social benefit of doing this is greater than what we lose in revenue." Avila said that if the anti-bribery scheme works, he plans to extend it to other city departments; his next step will be to eliminate most city building permits. "We should trust our people and give them a chance," Avila said. "If they don't respond well, we'll have to go back to the old way." One day recently, a long line of cars was parked next to the town square, exactly where the roadway is painted with huge yellow and white "NO PARKING" signs. Jose Cruz Hinojosa, 39, said he was picking up his daughter from school and would not be illegally parked for long. Cruz said he definitely liked the mayor's campaign to wipe out corruption, but added, "This one change is not going to stop it." Traffic police officer Manuel Hernandez stood just up the street, shaking his head. He said he would certainly have ticketed Cruz and the others a few weeks ago, but now he can't. "The people know they can run red lights, they can do anything they want," Hernandez said, with obvious disgust. "It's not good, but what can we do?" Avila said he doesn't mind a few angry officers because he is determined to improve the image of his city and its police department. He has his work cut out for him. Earlier this year, 42 Ecatepec officers were arrested and charged with selling drugs to children. Officers have been charged in recent years with the murder of a 10-year-old they were trying to kidnap for ransom and a string of robberies that left 17 people dead. Last year, Ecatepec also became the punch line to a national joke when it was disclosed that Avila's predecessor had given himself a salary of almost $540,000 a year. When Avila took office, he immediately reduced his salary to $108,000 a year, fired the old police chief and set out on his zero-tolerance anti-bribery policy. In many ways, Avila is also part of a national effort to change the image of his political party, the Institutional Revolutionary Party, or PRI. Corruption and mismanagement became endemic in Mexico during the PRI's 71-year single-party rule, which ended when Vicente Fox was elected president in 2000. Since then, the PRI has tried to polish its image and, thanks in part to Fox's sputtering attempts at government reforms, won big in national midterm elections in July. In Ecatepec, the PRI has taken back the reform agenda: Avila's overpaid predecessor was from Fox's National Action Party, or PAN. Avila is trying to soften the blow to police officers by increasing other benefits. He said he is doubling the value of the monthly packet of basic foodstuffs that each officer receives to $100. He said he will change officers' hours -- now 24 hours on, 24 hours off -- to regular eight-hour shifts. And he said the city will begin paying for uniforms and repairs to patrol cars. As in many Mexican cities, the officers here have had to cover these costs. "The police don't have the trust of the people," Avila said. "I want to give them the means to be honest." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From ravage at einstein.ssz.com Wed Sep 10 07:25:14 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 10 Sep 2003 09:25:14 -0500 (CDT) Subject: [cdr] CNN.com - Judge: Pop-up ads a 'burden' but legal - Sep. 9, 2003 (fwd) Message-ID: http://www.cnn.com/2003/TECH/internet/09/09/judge.popups.reut/index.html -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ravage at einstein.ssz.com Wed Sep 10 07:25:56 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 10 Sep 2003 09:25:56 -0500 (CDT) Subject: [cdr] China to stop police torturing suspects (fwd) Message-ID: http://www.theinquirer.net/?article=11480 -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From mv at cdc.gov Wed Sep 10 09:38:40 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Wed, 10 Sep 2003 09:38:40 -0700 Subject: unintended consequences: Davis recall leads to US internal passports Message-ID: <3F5F5390.B6682C07@cdc.gov> Licenses as IDs at airports questioned WASHINGTON  Federal officials and lawmakers raised serious concerns Tuesday about the continued use of driver's licenses at airports and U.S. borders in light of California's new law allowing illegal immigrants to obtain the widely accepted means of identification. "If driver's licenses are given to people who are illegally in the country, then that puts extra burdens and difficulties on our inspectors at the border," Hutchinson said. "If you don't have integrity in the driver's licenses that are issued, then it really undermines the whole premise of allowing U.S. citizens to travel abroad and come back with limited proof of U.S. citizenship, without a passport." The wisdom of using driver's licenses for identification was also questioned Tuesday in a congressional watchdog report that found that fraudulent licenses are passing muster at airports, border crossings and motor-vehicle offices. The full report by the General Accounting Office has been classified for security reasons. But in public testimony prepared for the Senate Finance Committee, Robert Cramer, director of GAO's office of special investigations, warned about relying on driver's licenses for identification. Davis had refused to sign such a law before, citing homeland security concerns. His about-face was questioned by some as a move to garner support in the Latino community. excerpts from http://www2.ocregister.com/ocrweb/ocr/article.do?id=56388§ion=NEWS&subsection=NEWS&year=2003&month=9&day=10 From ravage at einstein.ssz.com Wed Sep 10 09:12:21 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 10 Sep 2003 11:12:21 -0500 (CDT) Subject: [cdr] An IRC server is available... Message-ID: Hi, Open Forge, LLC is making a IRC server available on kraken.open-forge.com on port 6667 available for use. The current channels include a #cypherpunks. For more information please visit the SSZ & Open Forge homepages. -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From rah at shipwright.com Wed Sep 10 08:32:29 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 10 Sep 2003 11:32:29 -0400 Subject: Anyone Remember Zero Knowledge Systems? Message-ID: Cryptonomicon.Net - Anyone Remember Zero Knowledge Systems? Date: Wednesday, September 10 @ 11:15:00 EDT Topic: Commercial Operations / Services It seems that a day doesn't go by that there's new news about the RIAA suing another file swapper. First it's college students, then it's 12-year old honor students, and we hear that they're going after senior citizens next. With ISPs either volunteering or being forced to divulge subscriber information, it's a wonder that there isn't a technology to help shield user's online privacy with respect to their file swapping activities. Well... actually there is, and it's been around for a couple of years. We don't normally do commercial endorsements here, but when we see so much chatter from people on newsgroups talking about privacy protecting technology, we figured we should probably chime in. Way back in the late 90's a company called Zero Knowledge Systems was formed to develop privacy enhancing technology for the Internet. Their flagship product Freedom.Net was a giant onion-skin routing cloud with encrypted links. The idea was that someone desiring privacy would open an encrypted link with a Freedom.Net node and send it's internet requests through that node. That node in turn would encrypt the request and route it through another semi-randomly selected node using a different encryption key. This process would repeat until the request exited the cloud of encrypted packet routers and hits the target of it's destination. The response to the request would return via a similar convoluted, encrypted path. At the time, Freedom.Net was being pitched as a tool for human rights workers, whistleblowers, or even parents who don't want identifying information about their children being collected by heartless corporations intent on selling their kids the latest Anime action figures. Unfortunately, they never quite made a compelling enough argument for mass adoption of their system and eventually morphed the company into a manufacturer or more conventional privacy tools. Freedom still exists as a product, thought it is aimed at web users, only runs on Windows clients, and routes requests through proxy servers owned by Zero Knowledge Systems. It is interesting to ponder what would happen if the Freedom network were widely deployed and routing file swapping packets. One key feature of the original Freedom network was that routing nodes could (and would) be placed in different legal jurisdictions. Assuming that node operators actually logged packet traffic, organizations like the RIAA would be forced to subpoena node operators in multiple countries; a process humorously referred to as "Jurisdictional Arbitrage." Imagine a world where your file swapping software also included a Freedom-like client that routed your request through a maze of encrypting routers. The routers themselves could be placed in different countries. This could make for big headaches when the RIAA moves to subpoena logs of file swapper's activities. They couldn't get the logs from the ISPs because there's no way the ISP could peek in the traffic stream to identify offending content. They could try to put a sniffer on a US-based encrypting network node, but there's likely little information that could be gathered from this; the "payload" of a packet is encrypted with a key that the intermediate routers don't know. About the only place the RIAA could attack would be the servers. After all, all the encryption in the world won't help you if you publicize the IP address of your file store. I'm sure what keeps the record industry executives up at night is the worry that somewhere in the middle of the backwoods of Colombia or in the occupied territories of Israel / Palestine there are extra-territorial jurisdictions that can't be served with papers. Honestly, do you really want to be the process server that goes in to serve papers on FARC guerillas? The future is unclear, but while we start thinking about critical infrastructure, maybe we could think about a way to protect the record companies from financial ruin at the hands of FARC or HAMAS. Yes, I know there are several out there who would like to help destroy the RIAA and all they stand for. Yes, they are behaving in a manner indistinguishable from bastards. But they're our bastards, and if they are to be "taken down," there's a legal process for doing so. It's well known that Hollywood has much better political representation than Silicon Valley. What would happen if KaZaa or Gnutella or Sharmin Networks started operating an encrypted network? Would the RIAA move to outlaw encryption? Maybe the entertainment companies would buy the ISPs and block encrypted content from traversing their network. In any event, we see a whole new chapter in the privacy wars brewing. Don't say you weren't warned. This article comes from Cryptonomicon.Net http://www.cryptonomicon.net/ The URL for this story is: http://www.cryptonomicon.net//modules.php?name=News&file=article&sid=455 -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From timcmay at got.net Wed Sep 10 11:45:41 2003 From: timcmay at got.net (Tim May) Date: Wed, 10 Sep 2003 11:45:41 -0700 Subject: unintended consequences: Davis recall leads to US internal passports In-Reply-To: <3F5F5390.B6682C07@cdc.gov> Message-ID: On Wednesday, September 10, 2003, at 09:38 AM, Major Variola (ret.) wrote: > Licenses as IDs at airports questioned > > WASHINGTON  Federal officials and lawmakers raised serious concerns > Tuesday about the continued use of driver's licenses at airports and > U.S. borders in light of California's new law allowing illegal > immigrants to obtain the widely accepted means of identification. > > "If driver's licenses are given to people who are illegally in the > country, then that puts extra burdens and difficulties on our > inspectors > at the border," Hutchinson said. "If you don't have integrity in the > driver's licenses that are issued, then it really undermines the whole > premise of allowing U.S. citizens to travel abroad and come back with > limited proof of U.S. citizenship, without a passport." There has never been any "integrity" (in OS/capabilities/verification terms) in the driver's license issuance. Not in any of the three states I have requested and gotten DLs in has there ever been the slightest attempt to verify who I say I am (lacking is-a-person credentials, this would be difficult anyway). > > The wisdom of using driver's licenses for identification was also > questioned Tuesday in a congressional watchdog report that found that > fraudulent licenses are passing muster at airports, border crossings > and > motor-vehicle offices. The full report by the General Accounting Office > has been classified for security reasons. But in public testimony > prepared for the Senate Finance Committee, Robert Cramer, director of > GAO's office of special investigations, warned about relying on > driver's > licenses for identification. > > Davis had refused to sign such a law before, citing homeland security > concerns. His about-face was questioned by some as a move to garner > support in the Latino community. > Our first Mexican governor expects to add an estimated 525,000 former illegal aliens to the Democrap voter base in California. BTW, having briefly volunteered at a "register to vote" table a while back, I can assure you all that we never asked for any ID whatsoever upon taking the completed forms, that many of those who registered were obviously too recent in arrival in the U.S. to be legally qualifed to be citizens, let alone voters, and that many of those I "registered" (*) had essentially no knowledge of anything political. (* I did not actually "register" them...that happens somewhere back when the form I collected from them is processed by the DP center and entered into the big computer. Do the staffers in Sacramento make efforts to verify addresses or to cross-check with Immigration and Naturalization? Do you want to buy a bridge? Once the forms are sent in, registration is a foregone conclusion.) --Tim May From bill.stewart at pobox.com Wed Sep 10 11:53:12 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Wed, 10 Sep 2003 11:53:12 -0700 Subject: unintended consequences: Davis recall leads to US internal passports In-Reply-To: <3F5F5390.B6682C07@cdc.gov> References: <3F5F5390.B6682C07@cdc.gov> Message-ID: <3F5F7318.4070403@pobox.com> Major Variola (ret.) wrote: > Licenses as IDs at airports questioned > > WASHINGTON  Federal officials and lawmakers raised serious concerns > Tuesday about the continued use of driver's licenses at airports and > U.S. borders in light of California's new law allowing illegal > immigrants to obtain the widely accepted means of identification. California's law against Driving While Speaking Spanish is only about 10 years old, and was a Pete Wilson thing. It happened about when I moved here - did other states start doing similar things in the mean time? The Feds started bullying states into collecting SSNs when issuing drivers' licenses in the mid 80s, ostensibly as a way of preventing duplicate registrations, but I hadn't heard they'd been doing this. > Davis had refused to sign such a law before, citing homeland security > concerns. His about-face was questioned by some as a move to garner > support in the Latino community. "Homeland Security"? Back when Pete Wilson was State Reptile, he was at least only claiming it was to make it hard for illegal immigrants to come here and compete for jobs and get welfare, but wasn't pretending they were a threat. > excerpts from > http://www2.ocregister.com/ocrweb/ocr/article.do?id=56388§ion=NEWS&subsection=NEWS&year=2003&month=9&day=10 From bradneuberg at yahoo.com Wed Sep 10 12:18:51 2003 From: bradneuberg at yahoo.com (Brad Neuberg) Date: Wed, 10 Sep 2003 12:18:51 -0700 (PDT) Subject: [p2p-hackers] Project Announcement: P2P Sockets (fwd from bradneuberg@yahoo.com) (fwd from morlockelloi@yahoo.com) Message-ID: --- Eugen Leitl wrote: > ----- Forwarded message from Morlock Elloi > ----- > > From: Morlock Elloi > Date: Wed, 10 Sep 2003 08:41:40 -0700 (PDT) > To: cypherpunks at lne.com > Subject: Re: [p2p-hackers] Project Announcement: P2P > Sockets (fwd from > bradneuberg at yahoo.com) > > > stable IP address. Super-peers on the Jxta network > run > > application-level routers which store special > > information such as how to reach peers, how to > join > > So these super peers are reliable, non-vulnerable, > although everyone knows > where they are, because .... ? > These super peers are known as Rendezvous peers in the Jxta world. They are as reliable and non-vulnerable as one could hope for, though I doubt they are perfect; I am building above the existing Jxta infrastructure for these. "Everyone" knows about them by using a common boostrap server to bootstrap into the Jxta network to gain the addresses of a few Rendezvous nodes. Rendezvous nodes then propagate information about their existence to other Rendezvous nodes at various times. Network partitions are certainly possible, and the requirement for a common bootstrap server is fragile. Jxta, and therefore P2P Sockets, currently has no protections against malicious/byzantine peers; it has relatively good protections against peers that fail non-maliciously. Brad Neuberg _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- [demime 0.97c removed an attachment of type application/pgp-signature] From eugen at denver065.server4free.de Wed Sep 10 03:21:22 2003 From: eugen at denver065.server4free.de (Eugen Leitl) Date: Wed, 10 Sep 2003 12:21:22 +0200 Subject: [p2p-hackers] Project Announcement: P2P Sockets (fwd from bradneuberg@yahoo.com) Message-ID: <20030910102122.GB28331@leitl.org> ----- Forwarded message from Brad Neuberg ----- From dgerow at afflictions.org Wed Sep 10 10:48:17 2003 From: dgerow at afflictions.org (Damian Gerow) Date: Wed, 10 Sep 2003 13:48:17 -0400 Subject: Anyone Remember Zero Knowledge Systems? In-Reply-To: References: Message-ID: <20030910174817.GB79006@afflictions.org> Thus spake R. A. Hettinga (rah at shipwright.com) [10/09/03 11:51]: > Imagine a world where your file swapping software also included a > Freedom-like client that routed your request through a maze of encrypting > routers. The routers themselves could be placed in different countries. > This could make for big headaches when the RIAA moves to subpoena logs of > file swapper's activities. They couldn't get the logs from the ISPs > because there's no way the ISP could peek in the traffic stream to > identify offending content. They could try to put a sniffer on a US-based > encrypting network node, but there's likely little information that could > be gathered from this; the "payload" of a packet is encrypted with a key > that the intermediate routers don't know. Sounds like Freenet: --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From mv at cdc.gov Wed Sep 10 14:02:45 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 10 Sep 2003 14:02:45 -0700 Subject: unintended consequences: Davis recall leads to US internal passports Message-ID: <3F5F9175.946C5A7@cdc.gov> At 11:53 AM 9/10/03 -0700, Bill Stewart wrote: >California's law against Driving While Speaking Spanish is only >about 10 years old, and was a Pete Wilson thing. >It happened about when I moved here - did other states start >doing similar things in the mean time? >The Feds started bullying states into collecting SSNs >when issuing drivers' licenses in the mid 80s, >ostensibly as a way of preventing duplicate registrations, >but I hadn't heard they'd been doing this. Interesting. I didn't know the history. What is morbidly fascinating is how the driver's license is/has become the internal passport. And now, when it is being brought back to a certification that one "knows how to drive", the scum who manipulated it into an internal passport are shiiting bricks. As a Ca driver, I'm in favor of it ---we have to pay for uninsured drivers insurace or risk collisions with them. As someone who won't be going to Mexico, I don't care if they require real passports (instead of a Ca driver's license) to re-enter the country. If the US wants to get real borders, that's fine with me. If they want to deport illegals, that's fine too, so long as they don't violate civil rights doing it. (Hint: stopping people on the street because they look foreign is not acceptable. The INS was doing that in Orange or San Diego county recently. I wrote to some mexican activist reminding them that no one in this country needs to speak to pigs, if you're not driving.) \begin{rant} Illegals (and unlicensed pharmacists) also drive an anonymity industry: credit-card-like debit cards that don't require proof of income, just cash; prepaid phones that don't require a billing address, etc. I've read that to enter a Fed building you need "ID". I'm curious what happens if you haven't got it. Adrian Lamo had his card. I'm currently ignoring the conscription notices I get from the local jury droids; if I *volunteer* someday (after reviewing fija.org) I'll be sure to be without ID. Also heard on the tube that 60K fake IDs are caught at the border annually. Wonder how many aren't caught. NIB magnets are probably overkill, but it was the first and last useful swipe my license's magstrip will see... From bill.stewart at pobox.com Wed Sep 10 15:38:21 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Wed, 10 Sep 2003 15:38:21 -0700 Subject: unintended consequences: Davis recall leads to US internal passports In-Reply-To: <3F5F9175.946C5A7@cdc.gov> References: <3F5F9175.946C5A7@cdc.gov> Message-ID: <3F5FA7DD.7010900@pobox.com> Major Variola (ret) wrote: > I've read that to enter a Fed building you need "ID". I'm curious > what happens if you haven't got it. Adrian Lamo had his card. > I'm currently ignoring the conscription notices I get from the > local jury droids; if I *volunteer* someday (after reviewing > fija.org) I'll be sure to be without ID. I don't remember if the Santa Clara County court asked me for ID when I was last there as a prospective juror. (And it's probably a bit too much cognitive dissidence for them if you simultaneously want a parking pass for your car and don't have your DL because you took the bus :-) But if you're ignoring jury conscription notices at times that it's not seriously interfering with your business activities, you should go check out FIJA.org. Remember that under the common law, a juror has the power and responsibility to judge the law as well as the facts of the case, even though judges and clerks will generally tell you otherwise. This means that if somebody's on trial for prohibition violations, you can and should vote Not Guilty if you think Prohibition is a bad law. That's a large part of how the Fugitive Slave Laws got overturned, and helped with the demise of alcohol prohibition. Of course, if a court figures out that you understand this, and doesn't immediately decide that you're not their type of juror, they'll probably stick you on traffic accident cases or something where there's no moral principle of state-vs-citizen conflict, just a boring who-hit-whose-car kind of conflict. From mv at cdc.gov Wed Sep 10 15:49:18 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 10 Sep 2003 15:49:18 -0700 Subject: Anyone Remember Zero Knowledge Systems? Message-ID: <3F5FAA6E.8D520AD6@cdc.gov> At 05:44 PM 9/10/03 -0400, Adam Shostack wrote: >The problem with running Napster over Freedom was bandwidth costs. >Users may be more willing to pay today, given the clear risk of paying >$10,000 or more in fines. I'm sure that ZKS would be happy to sell >someone a commercial use license. Depends on the price, and how readily it can be adapted to P2P nets. The need certainly increases with the lawsuits. The folks profiting from P2P (eg Sharman networks) will have to include IP anonymity features in future releases. Else folks don't share, ergo their tool is useless, and no eyeballs to sell to the advertizers. The punitive fines will drive anonymity, or Sharman collapses. Since ZKS et al. were existence proofs that it can be done, and the techniques largely known, it probably will happen, with or without ZKS' code. Sorta like Hiroshima as an existance proof and neutron physics as the techniques. As an aside, I'm surprised the BSA hasn't joined in. --- "Clearly the purpose of cutting grass is to encourage the grass." Edward Teller, _Memoirs_, p 355 From timcmay at got.net Wed Sep 10 17:14:10 2003 From: timcmay at got.net (Tim May) Date: Wed, 10 Sep 2003 17:14:10 -0700 Subject: unintended consequences: Davis recall leads to US internal passports In-Reply-To: <3F5F9175.946C5A7@cdc.gov> Message-ID: On Wednesday, September 10, 2003, at 02:02 PM, Major Variola (ret) wrote: > > I've read that to enter a Fed building you need "ID". I'm curious > what happens if you haven't got it. Adrian Lamo had his card. > I'm currently ignoring the conscription notices I get from the > local jury droids; if I *volunteer* someday (after reviewing > fija.org) I'll be sure to be without ID. Ironically, I was preparing myself for such an eventuality. I even Googled for reports on "jury "i.d."" and similar variants. I found no reports of legal hassles for people not having I.D. when called for for grand or petit jury duty, or for otherwise being ordered to enter a government building. I was called for jury duty--admittedly a County of California building, not a Federal Protectorate building. But I had a hunch they might ask for "proof" that I was the person called, or not let me into the court room without I.D., etc. I was mentally preparing to leave my D.L. and wallet back in my car (or even to take a bus for a few blocks, without license) and then tell the guarddroids: "No, I don't have a Driver's License...I'm not in my car right now, as you can see. My Driver's License is for when I'm _driving_." My plan was not to file a Gilmore-type lawsuit, just respond to any demands for I.D. with a shrug. And then a departure, with the names of the guarddroids noted so I could later tell the authorities that I am not required to carry I.D. except when entering the U.S., driving a vehicle, and a few other similar things. My younger brother, who has been on various juries, told me they never asked for any I.D. (He's a registered Republican and has been called several times in his adult life. I'm a registered Libertarian and have not actually been called to serve since 1973, when I was still registered Republican. I smell something fishy.) In any case, I was in the last "group" (31 of 31) which had to phone the courthouse to see if we were to be actually told to be present physically. The last couple of groups got excused. So my 30-year record of not serving on a jury has been upheld. > > > NIB magnets are probably overkill, but it was the first and last > useful swipe my license's magstrip will see... > By the way, in case others didn't hear about this, smart card readers are apparently now considered "paraphernalia." Or at least grounds for expensive lawsuits (until those filing suit are countersued successfully). It seems a couple of subscribers to a satellite t.v. service (who shall remain nameless, as it is my provider and they probably Google for mentions of their name) bought a smart card reader/writer. Big Satellite Company sent them a lawsuit, claiming they were pirating Big Satellite Co's smartcards. All without any proof, at least none unveiled so far. The two guys said they are hobbyists and have "legitimate" reasons to buy openly available smart card reader/writers. (And they really don't have to say _what_ they are doing or planning to do with the card readers. Unless the gadgets are actually declared illegal, they are legal to own. And Big Sat Co has to have actual evidence, not mere suspicion. Of course, they are free to cancel the satellite service for these two guys.) "Buy a smart card reader, go to jail." --Tim May "According to the FBI, there's a new wrinkle in prostitution: suburban teenage girls are now selling their white asses at the mall to make money to spend at the mall. ... Now, you see, the joke here, of course, is on White America, which always felt superior to blacks, and showed that with their feet, moving out of urban areas. "White flight," they called it. Whites feared blacks. They feared if they raised their kids around blacks, the blacks would turn their daughters and prostitutes. And now, through the miracle of MTV, damned if it didn't work out that way! " --Bill Maher, "Real Time with Bill Maher," HBO, 15 August 2003 From timcmay at got.net Wed Sep 10 17:21:44 2003 From: timcmay at got.net (Tim May) Date: Wed, 10 Sep 2003 17:21:44 -0700 Subject: unintended consequences: Davis recall leads to US internal passports In-Reply-To: <3F5FA7DD.7010900@pobox.com> Message-ID: On Wednesday, September 10, 2003, at 03:38 PM, Bill Stewart wrote: > > But if you're ignoring jury conscription notices at times that > it's not seriously interfering with your business activities, > you should go check out FIJA.org. > Remember that under the common law, a juror has the power > and responsibility to judge the law as well as the facts of the case, > even though judges and clerks will generally tell you otherwise. > > This means that if somebody's on trial for prohibition violations, > you can and should vote Not Guilty if you think Prohibition is a bad > law. > That's a large part of how the Fugitive Slave Laws got overturned, > and helped with the demise of alcohol prohibition. > > Of course, if a court figures out that you understand this, > and doesn't immediately decide that you're not their type of juror, > they'll probably stick you on traffic accident cases or something > where there's no moral principle of state-vs-citizen conflict, > just a boring who-hit-whose-car kind of conflict. > How would they even know one's views on this thing you're talking about? (I'm not sure I know the name of this thing you're talking about, especially because I decided a long time ago not to carefully investigate this thing you're talking about, and especially not to carefully remember the name of this thing you're talking about, just so that I could honestly shrug and say "No, I don't know what that thing you're talking about is about.") Also, my experience in 1973 with a jury trial (the last time I was registered Republican, the last time I served on a jury) was that the jurors were of course selected for a specific trial. I don't think your model works, where they quiz the prospective jurors and then shunt the un-PC off to traffic court. Basically, one doesn't have to answer _any_ questions until voir dire for the specific case has begun. And then it's best to just play dumb about that thing you mentioned, or find a reason to mention that thing you talked about if one's intent is to be immediately drop-kicked out of the jury pool. (Which ends one's involvement...there is no "stick you on traffic accident cases" exception.) But that thing you mentioned is curious...I seem to have forgotten about it already. --Tim May ""Guard with jealous attention the public liberty. Suspect everyone who approaches that jewel. Unfortunately, nothing will preserve it but downright force. Whenever you give up that force, you are ruined." --Patrick Henry From ravage at einstein.ssz.com Wed Sep 10 15:44:07 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 10 Sep 2003 17:44:07 -0500 (CDT) Subject: [cdr] Inferno: securityfocus.com.securityjobss || Iraq Sr Network Security Engineers (fwd) Message-ID: ---------- Forwarded message ---------- Date: Tue, 9 Sep 2003 13:18:42 -0500 To: hell at ssz.com Subject: Inferno: securityfocus.com.securityjobss || Iraq Sr Network Security Engineers Interesting... ----- Forwarded message from Dan Warschawski ----- From adam at homeport.org Wed Sep 10 14:44:58 2003 From: adam at homeport.org (Adam Shostack) Date: Wed, 10 Sep 2003 17:44:58 -0400 Subject: Anyone Remember Zero Knowledge Systems? In-Reply-To: References: Message-ID: <20030910214458.GA82112@lightship.internal.homeport.org> On Wed, Sep 10, 2003 at 11:32:29AM -0400, R. A. Hettinga wrote: | | | Cryptonomicon.Net - | | Anyone Remember Zero Knowledge Systems? | Date: Wednesday, September 10 @ 11:15:00 EDT | Topic: Commercial Operations / Services | Unfortunately, they never quite made a compelling enough argument | for mass adoption of their system and eventually morphed the company | into a manufacturer or more conventional privacy tools. Freedom still | exists as a product, thought it is aimed at web users, only runs on | Windows clients, and routes requests through proxy servers owned by | Zero Knowledge Systems. Freedom Websecure is a different protocol set from Freedom.net. Websecure runs on linux, see http://websecure4linux.sourceforge.net/ The Freedom.net code is available for non-commercial use, see http://slashdot.org/articles/02/02/16/0320238.shtml?tid=158 or the shmoo group cvs server, http://cvs.shmoo.com/view/projects/freedom-server/ The problem with running Napster over Freedom was bandwidth costs. Users may be more willing to pay today, given the clear risk of paying $10,000 or more in fines. I'm sure that ZKS would be happy to sell someone a commercial use license. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From ravage at einstein.ssz.com Wed Sep 10 15:45:41 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 10 Sep 2003 17:45:41 -0500 (CDT) Subject: [cdr] Inferno: USPTO p0wn3d (fwd) Message-ID: ---------- Forwarded message ---------- Date: Tue, 9 Sep 2003 11:29:32 -0500 (CDT) Subject: Inferno: USPTO p0wn3d It seems that the veritable US Patent and Trademark Office, promulgator of such wonderful ideas as sweeping patents on basic software algorithms, seems to have revealed more of its true colors in recent statements. In defending U.S. opposition to a recent World Intellectual Property Organization (WIPO) meeting on "open collaborative models to develop public goods" and after significant Microsoft lobbying, Lois Boland, director of international relations for the USPTO is quoted as saying: "open-source software runs counter to the mission of WIPO which is to promote intellectual-property rights...To hold a meeting which has as its purpose to disclaim or waive such rights seems to us to be contrary to the goals of WIPO." Lessig is furious: http://www.lessig.org/blog/archives/001436.shtml "The Quiet War Over Open-Source" http://www.washingtonpost.com/ac2/wp-dyn?pagename=article&node=&contentId=A23422-2003Aug20¬Found=true linked from http://www.effaustin.org/ The meeting has been quashed. But the idear seems quite rooted. From ravage at einstein.ssz.com Wed Sep 10 15:56:26 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 10 Sep 2003 17:56:26 -0500 (CDT) Subject: [cdr] Slashdot | RIAA Sued For Amnesty Offer (fwd) Message-ID: http://yro.slashdot.org/yro/03/09/10/2222214.shtml?tid=123&tid=141&tid=188&tid=99 -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From jya at pipeline.com Wed Sep 10 22:29:58 2003 From: jya at pipeline.com (John Young) Date: Wed, 10 Sep 2003 22:29:58 -0700 Subject: unintended consequences: Davis recall leads to US internal passports In-Reply-To: References: <3F5FA7DD.7010900@pobox.com> Message-ID: Don't ever respond to a jury summons by showing up or calling in. If you do then you'll forever be in the sucker-responsive data base. The warnings in summons are shinola shit, effective only on those who are indoctrinated to fear official warnings printed on paper. If you get a summons in the form of a subpoena, served by an official, and you accept it in person, that is different, that is grounds to initiate action to overthrow law and order, to sidle to the jury room and piss on the the following-are-prohibited sign, to go nuts, to be unreliable, to be not-jury worthy. The simply mailed kind of summons are ignorable. There is no benefit, anymore, to serving on a jury for it only to legitimates a bloated justice system which most often serves itself, not justice. The justice crowd is no longer answerable to the citizens it was intended, and paid handsomely, to serve. No doubt, if you have nothing better to do, then go forth and be treated as a sub-human by the jury-calling adminstrators who act especially trained to make citizens despise government, until appearing before a judge who will make citizens hate, nay, lust to guillotine, tax-suckers. Period. From ravage at einstein.ssz.com Wed Sep 10 20:52:12 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 10 Sep 2003 22:52:12 -0500 (CDT) Subject: [cdr] CNN.com - U.S. refuses judge's order in Moussaoui trial - Sep. 10, 2003 (fwd) Message-ID: http://www.cnn.com/2003/LAW/09/10/moussaoui.trial/index.html -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From cypherpunks at gurski.org Wed Sep 10 19:59:31 2003 From: cypherpunks at gurski.org (Michael Gurski) Date: Wed, 10 Sep 2003 22:59:31 -0400 Subject: GPG Sig test In-Reply-To: References: <1063161092.4940.24.camel@localhost> Message-ID: <20030911025931.GB16625@gurski.org> On Tue, Sep 09, 2003 at 10:55:10PM -0700, Bill Frantz wrote: > >[demime 0.97c removed an attachment of type application/pgp-signature > >which had a name of signature.asc] > > For some reason this mail tickled my sense of humor. > > Try sending the message without MIME. Wasn't stripped here, and once I had the key, it verified fine. Probably due to preferring to do my own filtering than letting someone else decide for me, I guess. (The sig on this message will likely be stripped by your feed to, then) -- Michael A. Gurski (opt. [first].)[last]@pobox.com http://www.pobox.com/~[last] 1024R/39B5BADD PGP: 34 93 A9 94 B1 59 48 B7 17 57 1E 4E 62 56 45 70 1024D/1166213E GPG: 628F 37A4 62AF 1475 45DB AD81 ADC9 E606 1166 213E 4096R/C0B4F04B GPG: 5B3E 75D7 43CF CF34 4042 7788 1DCE B5EE C0B4 F04B Views expressed by the host do not reflect the staff, management or sponsors. "The Constitution shall never be construed. . . to prevent the people of the United States who are peaceable citizens from keeping their own arms." --Samuel Adams [demime 0.97c removed an attachment of type application/pgp-signature] From measl at mfn.org Wed Sep 10 21:06:55 2003 From: measl at mfn.org (J.A. Terranson) Date: Wed, 10 Sep 2003 23:06:55 -0500 (CDT) Subject: unintended consequences: Davis recall leads to US internal passports In-Reply-To: Message-ID: On Wed, 10 Sep 2003, John Young wrote: > Don't ever respond to a jury summons by showing up or calling > in. If you do then you'll forever be in the sucker-responsive data > base. For many years I believed that failing to accept jury duty was simply the wrong thing to do - by serving, I had hoped that I might find myself in a position where I could prevent a true miscarriage from fucking over some poor shmoe. Or, given the right case, possibly help keep an honest to god bad guy (as in rapist/murderer/) off the streets for a while. Because of this misguided belief, I responded to all of the various jury summonses that came in. But, as John noted above, the more I responded to, the more I got, until at the very end (yes, you *can* stop them from coming - read on), I was finally confronted with almost one per month (fed/state/locals all get their shots, and they can do it over and over again if you don't get selected). As infuriating as the barrage of summonses was, what really stuck in my craw was that I was simply not "juror material". Once I was asked what I did for a living, I rarely saw a second question before being stricken, and those that did arrive were invariably the "have you ever been a victim of a crime yourself?" - say yes, and you're done: go home, thanks for showing up, see you tomorrow to play this game again. By the time that I, in my amazing density, finally realized that trying to "do the right thing" was pointless, I was staring at an almost career in Jurydom! It was totally out of control, and when I dared to mention to the droids that I wanted out as I had been there just 6 weeks before, I was told that that was just tough, and please have a seat over there Juror 135... No manner of pleading or kvetching had any effect whatsoever. I even tried to complain to one of the judges, who kindly reminded me that she would be quite pleased to make my stay in her court a little longer if I didn't STFU... Finally, in desperation, I answered the next summons with a mission. When asked the standard questions as to disqualifying information, I answered that "Sure, I can serve. I finished my time, and my parole is up next month". After getting the "you've gotta be kidding" look over the glasses, I was of course asked as to the reason for my unfortunate status: Aggravated sodomy and attempted vehicular homicide, "But it really wasn't my fault - she was just *asking* for it". Sent home, never got another summons from *anyone*. If anyone tells you they don't share list information, they're lying their ass off. -- Yours, J.A. Terranson sysadmin at mfn.org "Every living thing dies alone." Donnie Darko From measl at mfn.org Wed Sep 10 21:22:29 2003 From: measl at mfn.org (J.A. Terranson) Date: Wed, 10 Sep 2003 23:22:29 -0500 (CDT) Subject: [cdr] Re: Anyone Remember Zero Knowledge Systems? In-Reply-To: <3F5FAA6E.8D520AD6@cdc.gov> Message-ID: On Wed, 10 Sep 2003, Major Variola (ret) wrote: > As an aside, I'm surprised the BSA hasn't joined in. Funny you should mention that... While RIAA/IDSA/etc. have been long standing users of DMCA, producing several dozen subpoenas on a good week (at my day job) for many months now, this week was notable for a new player: Symantec. And they have come out of the gate with a vengeance, producing 6 on the first day, and another 4 on their second! The software folks are *not* far behind. And they are all playing for keeps. -- Yours, J.A. Terranson sysadmin at mfn.org "Every living thing dies alone." Donnie Darko From njohnsn at njohnsn.com Wed Sep 10 21:51:27 2003 From: njohnsn at njohnsn.com (Neil Johnson) Date: Wed, 10 Sep 2003 23:51:27 -0500 Subject: unintended consequences: Davis recall leads to US internal passports In-Reply-To: References: <3F5FA7DD.7010900@pobox.com> Message-ID: <200309102351.27729.njohnsn@njohnsn.com> I have a pretty good excuse (As I duck behind a flame retardant barrier.. :) ) My brother-in-law and his wife are law-enforcement officers. Seems that implies that I may have some bias against defendants. Neither the prosecution or the defense want to deal with it. Most people I know who end up on juries end up in civil cases. They never get actually get to participate in the trial, they just have to show up for selection then visit or call the court house daily and are eventually told they're are excused because the parties usually settle out-of-court and have been using the threat of going to trial as a negotiating tactic. -- Neil Johnson http://www.njohnsn.com PGP key available on request. From roy at rant-central.com Thu Sep 11 03:16:51 2003 From: roy at rant-central.com (Roy M. Silvernail) Date: Thu, 11 Sep 2003 06:16:51 -0400 Subject: [cdr] Re: Anyone Remember Zero Knowledge Systems? In-Reply-To: References: Message-ID: <200309110616.51545.roy@rant-central.com> On Thursday 11 September 2003 00:22, J.A. Terranson wrote: > Funny you should mention that... > > While RIAA/IDSA/etc. have been long standing users of DMCA, producing > several dozen subpoenas on a good week (at my day job) for many months now, > this week was notable for a new player: Symantec. And they have come out > of the gate with a vengeance, producing 6 on the first day, and another 4 > on their second! Interesting! Google doesn't find anything substantial on 'symantec dmca'. Just what is Symantec going after? From mv at cdc.gov Thu Sep 11 08:36:26 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Thu, 11 Sep 2003 08:36:26 -0700 Subject: Fatherland Security agents above the law? Message-ID: <3F60967A.B144430D@cdc.gov> U.S. agents also sought, without warrant or subpoena, to obtain ABCNEWS field tapes. Two agents showed up at night at the San Diego home of a freelance cameraman, Jeff Freeman, who worked on the project. "They first identified themselves as FBI agents, which it turns out they weren't," said Freeman. "They wanted to know if I still had the tapes I had shot for ABC and if I could turn them over." http://abcnews.go.com/sections/wnt/Primetime/sept11_uranium030910.html From mv at cdc.gov Thu Sep 11 10:39:33 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Thu, 11 Sep 2003 10:39:33 -0700 Subject: RIAA lawsuits harming public knowledge of law Message-ID: <3F60B34B.BBE2BF09@cdc.gov> Saw this in an editorial: "Sure, technically, it's stealing. But so is dubbing a tape, which we all did back when cassette tapes were all the rage. " http://www.thenews-messenger.com/news/stories/20030911/localnews/239711.html It is unfortunate that the RIAA's terrorism has caused people to forget their rights, established in law and precedent, to "dub tapes" and time-shift broadcasts. This is a form of "chilling effects". Its akin to "cops" type shows illustrating sheeple consenting to searches they needn't agree to ---it teaches uncivic unAmerican behavior to the clueless. --- Mohommed Atta -An Army of One From timcmay at got.net Thu Sep 11 10:41:26 2003 From: timcmay at got.net (Tim May) Date: Thu, 11 Sep 2003 10:41:26 -0700 Subject: Fatherland Security agents above the law? In-Reply-To: <3F60967A.B144430D@cdc.gov> Message-ID: <2AD424F6-E47F-11D7-87EC-000A956B4C74@got.net> On Thursday, September 11, 2003, at 08:36 AM, Major Variola (ret.) wrote: > U.S. agents also sought, without warrant or subpoena, to obtain ABCNEWS > field tapes. Two agents showed up at night at the San Diego home of a > freelance cameraman, Jeff Freeman, who worked on the project. > > "They first identified themselves as FBI agents, which it turns out > they > weren't," said Freeman. "They wanted to know if I still had the tapes I > had shot for ABC and if I could turn them over." > > http://abcnews.go.com/sections/wnt/Primetime/sept11_uranium030910.html > > The whole story, ranging from the depleted uranium to the reporters being "concerned" (that it got through), to the "this is very serious...we will look into filing smuggling charges" to the "we want the tapes" nonsense. A bunch of points: * depleted uranium (DU) is essentially pure U-238, with very low specific activity (decay rate); removal of the 2-3% of the higher specific activity U-235 lessens the overall decay rate of the original metal substantially. * it is very easily shielded. True, the gammas are fairly penetrating, but can be shielded in various easy ways. (For example, sailboat keels are often made of lead...simply drill some holes in the keel, put the DU in the holes, cap the holes with lead. And sailboat keels are deep underwater, making even use of a gamma ray spectrometer a chore. For that matter, some high tech keels now use DU. DUh, so to speak.) * the reaction of the reporters to what they did was "Look, we managed to get some dangerous uranium in through one of millions of shipping containers entering the U.S. at Long Beach!" No analysis. * the reaction of the bureaucrats was unsurprising: declare that the crime is being looked into, round up all the parties for questioning, mutter darkly about how the U.S. Attorney may prosecute, natter about national security, flash some phony credentials, detain a few scientists, then move on to the next manufactured hype crisis. All very typical and why the National Security State is such a sick joke. --Tim May From mv at cdc.gov Thu Sep 11 10:44:02 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Thu, 11 Sep 2003 10:44:02 -0700 Subject: [Brinworld] UK firms tout camera phone blinding tech Message-ID: <3F60B462.9B1C182E@cdc.gov> Safe Haven works by transmitting a signal in a localised environment such as a school, swimming pool, office facility or factory, which "disables the camera functionality of devices in the nearby environment", the companies claim. The snag is that Safe Haven technology needs to be integrated at the time of manufacture into new devices or installed as a Java download update to suitable equipment already in the market. "You need to have an approved camera," Blagden admitted, adding that the incorporation of Sade Haven technology is unlikely to affect handset prices. http://www.theregister.com/content/68/32783.html ---- "Can you hear me now?" --UBL From mv at cdc.gov Thu Sep 11 11:01:35 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 11 Sep 2003 11:01:35 -0700 Subject: [cdr] Inferno: USPTO p0wn3d (fwd) Message-ID: <3F60B87F.F8EF1479@cdc.gov> At 05:45 PM 9/10/03 -0500, Jim Choate wrote: >"open-source software runs counter to the mission of WIPO which is to >promote intellectual-property rights...To hold a meeting which has as its >purpose to disclaim or waive such rights seems to us to be contrary to >the goals of WIPO." Not surprising. Any beast that sees its habitat being destroyed will react this way. At the least, not running a conference for it; and perhaps lobbying beyond their charter. One imagines the Telegraph Union vigorously opposed the introduction of telephones. And think of the National Security (tm) implications of peer-to-peer communications like telephony! ------- One man's blowback is another man's feedback From mv at cdc.gov Thu Sep 11 11:08:31 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 11 Sep 2003 11:08:31 -0700 Subject: unintended consequences: Davis recall leads to US internal passports Message-ID: <3F60BA1F.769FF841@cdc.gov> At 03:38 PM 9/10/03 -0700, Bill Stewart wrote: >(And it's probably a bit too much cognitive dissidence for them >if you simultaneously want a parking pass for your car >and don't have your DL because you took the bus :-) The DL stays in the car, the only place it is needed. I've heard that during voir dire you're asked if you know about nullification. If so, you're out. I enjoy what Sakharov termed "reactance", ie, when compelled I resist, if asked I may comply. Where I come from the constitutional ban on illegal taking, slavery, and the trumping of the constitution over states (the 14th IIRC) matter. So I regard the nastygrams as offers to volunteer. When I do volunteer, I'll bring a stack of fija.org info to distribute anonymously. Its the patriotic thing to do. ------ "We have no clue. ... Our computer is not happy. " Grid operators, Aug 14 03 From mv at cdc.gov Thu Sep 11 11:26:49 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 11 Sep 2003 11:26:49 -0700 Subject: Fatherland Security agents above the law? Message-ID: <3F60BE69.A1886A4A@cdc.gov> At 10:41 AM 9/11/03 -0700, Tim May wrote: >* depleted uranium (DU) is essentially pure U-238, with very low >specific activity (decay rate); removal of the 2-3% of the higher >specific activity U-235 lessens the overall decay rate of the original >metal substantially. Commericial airliners often contain tens of kilograms of DU as ballast. Ref: _Living with Radiation_, by Frame & Kolb. They often carry medical or other isotopes during civilian flights too. There are rules for distributing those containers so no one passenger gets too much extra dose. DU gives off plenty of alphas. (Thus you don't want to breathe DU dust, which will also heavy-metal your kidneys in the short term.) But they're stopped by anything, including aluminum foil-- lead pipe is overkill. The only way to detect shielded DU is gammas, to identify it you need gamma spectroscopy. The neutron analysis being done at some ports of entry only works on fissile materials. The Fatherland Security troops are publicly embaressed and showing their brown shirts. --- Of course Pierre Curie didn't die from radiation poisoning, he was hit by a horse drawn cart. From camera_lumina at hotmail.com Thu Sep 11 09:30:56 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 11 Sep 2003 12:30:56 -0400 Subject: ABC Smuggles depleted Uranium into US... Message-ID: I think that it's becomming clear that in order for Americans to feel safe US troops should morph into an international Police force. Next stop: Indonesia! -TD "The ABCNEWS suitcase containing the uranium was placed in a teak trunk along with other furniture put in a container in Jakarta, Indonesia, a city considered by U.S. authorities to be one of the most active al Qaeda hot spots in the world. The container was shipped to Los Angeles in late July, just one week before the bombing of the Jakarta Marriott Hotel that killed 12 people. Homeland Security Secretary Tom Ridge has claimed major improvements in port security, in part because of enhanced vigilance overseas. "So that our borders become the last line of defense, not our first line of defense," Ridge said in a speech last week. He said the United States was increasing security "thousands of miles away, long before a container is first loaded on a ship." But in Jakarta, ABCNEWS producers David Scott and Rhonda Schwartz found that the chest in which they had placed the depleted uranium was never opened or inspected before being sent on to Los Angeles. " _________________________________________________________________ Get a FREE computer virus scan online from McAfee. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 From morlockelloi at yahoo.com Thu Sep 11 16:31:22 2003 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Thu, 11 Sep 2003 16:31:22 -0700 (PDT) Subject: [p2p-hackers] Project Announcement: P2P Sockets In-Reply-To: <20030911173716.GB28578@leitl.org> Message-ID: <20030911233122.60944.qmail@web40613.mail.yahoo.com> > infrastructure for these. "Everyone" knows about them > by using a common boostrap server to bootstrap into > the Jxta network to gain the addresses of a few > Rendezvous nodes. Rendezvous nodes then propagate So they are subject to lawsuits. Anyone running them can be traced and persuaded by the local force monopoly to stop running them. I see this just as shifting vulnerability point from the current one (ISPs, ICANN) to a new one, equally traceable. What this can buy is few months of confusion. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From camera_lumina at hotmail.com Thu Sep 11 13:59:11 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 11 Sep 2003 16:59:11 -0400 Subject: Fatherland Security agents above the law? Message-ID: "The Fatherland Security troops are publicly embaressed and showing their brown shirts." Well, I'm not convinced you guys have detected the right intended message here. Basically, the real message may be: "it's impossible to protect Americans through local policies alone". In other words, there's no serious desire high-up to truly seal our ports in the short run. American perceived insecurity will allow "us" to eventually move into places like Indonesia, in order to "defend" our ports. The fact that it may actually be impossible to screen everything coming in is immaterial. No wait...it's beneficial. -TD >From: "Major Variola (ret)" >To: "cypherpunks at lne.com" >Subject: Re: Fatherland Security agents above the law? >Date: Thu, 11 Sep 2003 11:26:49 -0700 > >At 10:41 AM 9/11/03 -0700, Tim May wrote: > >* depleted uranium (DU) is essentially pure U-238, with very low > >specific activity (decay rate); removal of the 2-3% of the higher > >specific activity U-235 lessens the overall decay rate of the original > >metal substantially. > >Commericial airliners often contain tens of >kilograms of DU as ballast. Ref: _Living with Radiation_, >by Frame & Kolb. They often carry medical or other >isotopes during civilian flights too. There are rules for >distributing those containers so no one passenger gets >too much extra dose. > >DU gives off plenty of alphas. (Thus you don't want to breathe >DU dust, which will also heavy-metal your kidneys in the >short term.) But they're stopped by anything, including aluminum >foil-- lead pipe is overkill. The only way to detect shielded DU >is gammas, to identify it you need gamma spectroscopy. >The neutron analysis being done at some ports of entry >only works on fissile materials. > >The Fatherland Security troops are publicly embaressed and showing >their brown shirts. > >--- >Of course Pierre Curie didn't die from radiation >poisoning, he was hit by a horse drawn cart. _________________________________________________________________ Get 10MB of e-mail storage! Sign up for Hotmail Extra Storage. http://join.msn.com/?PAGE=features/es From njohnsn at njohnsn.com Thu Sep 11 16:46:36 2003 From: njohnsn at njohnsn.com (Neil Johnson) Date: Thu, 11 Sep 2003 18:46:36 -0500 Subject: Fatherland Security agents above the law? In-Reply-To: References: Message-ID: <200309111846.36416.njohnsn@njohnsn.com> ABC could have just as easily shipped an empty container from New York to Newark and claimed that government security failed. To be a true test: ABC should have involved some true al Qaeda operatives in order to see if US Security personnel would become aware of the shipment through intelligence efforts. or Shipped it using a forged "From:" address of an organization remotely linked with al Qaeda. Of course then the FBI would have had something to REALLY visit with ABC about... Another sheeple "scare" tatic by the media. -- Neil Johnson http://www.njohnsn.com PGP key available on request. From eugen at denver065.server4free.de Thu Sep 11 10:37:16 2003 From: eugen at denver065.server4free.de (Eugen Leitl) Date: Thu, 11 Sep 2003 19:37:16 +0200 Subject: [p2p-hackers] Project Announcement: P2P Sockets (fwd from bradneuberg@yahoo.com) (fwd from morlockelloi@yahoo.com) (fwd from bradneuberg@yahoo.com) Message-ID: <20030911173716.GB28578@leitl.org> ----- Forwarded message from Brad Neuberg ----- From patrick at lfcgate.com Thu Sep 11 19:22:17 2003 From: patrick at lfcgate.com (Patrick) Date: Thu, 11 Sep 2003 20:22:17 -0600 Subject: [Lucrative-L] ponderance of the day Message-ID: Question: What kind of filter do you use in your Java pot? Answer: A Bloom filter. Lucrative is in SourceForge, awaiting use by anyone clever enough to seize it. In the meantime, I am putting a lot of effort into finding permanent employment, so updates are coming quite slowly. Anyone who wants quicker action on Lucrative--the source is out there. Lucratively, Patrick The Lucrative Project: http://lucrative.thirdhost.com ...................................................... To subscribe or unsubscribe from this discussion list, write to lucrative-l-request at lucrative.thirdhost.com with just the word "unsubscribe" in the message body (or, of course, "subscribe") --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jamesd at echeque.com Thu Sep 11 22:59:43 2003 From: jamesd at echeque.com (James A. Donald) Date: Thu, 11 Sep 2003 22:59:43 -0700 Subject: Anyone Remember Zero Knowledge Systems? In-Reply-To: Message-ID: <3F60FE5F.8520.2D01BEE@localhost> -- On 10 Sep 2003 at 11:32, R. A. Hettinga wrote: > It is interesting to ponder what would happen if the Freedom > network were widely deployed and routing file swapping > packets. One key feature of the original Freedom network was > that routing nodes could (and would) be placed in different > legal jurisdictions. Assuming that node operators actually > logged packet traffic, organizations like the RIAA would be > forced to subpoena node operators in multiple countries; a > process humorously referred to as "Jurisdictional Arbitrage." Freenet and frost are already doing this. http://jtcfrost.sourceforge.net/ If the music companies continue to try to hold back the tide, this may be the best thing yet for encryption. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG vpu+9/zR0VeZ9yrq0tX02mDo/qom+zk9HNCpvzBg 4Rh7IsRRuJOCzDjntfegD+tPUHk1v3tChnWdvMo2f --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From rah at shipwright.com Thu Sep 11 20:15:46 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 11 Sep 2003 23:15:46 -0400 Subject: [Lucrative-L] ponderance of the day Message-ID: --- begin forwarded text From ravage at einstein.ssz.com Fri Sep 12 05:25:38 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Fri, 12 Sep 2003 07:25:38 -0500 (CDT) Subject: [cdr] Inferno: USPTO p0wn3d (fwd) In-Reply-To: <3F60B87F.F8EF1479@cdc.gov> Message-ID: I didn't write that, only passed it along. On Thu, 11 Sep 2003, Major Variola (ret) wrote: > At 05:45 PM 9/10/03 -0500, Jim Choate wrote: > >"open-source software runs counter to the mission of WIPO which is to > >promote intellectual-property rights...To hold a meeting which has as > its > >purpose to disclaim or waive such rights seems to us to be contrary to > >the goals of WIPO." > > Not surprising. Any beast that sees its habitat being destroyed will > react this way. At the least, not running a conference for it; and > perhaps > lobbying beyond their charter. > > One imagines the Telegraph Union vigorously opposed the introduction > of telephones. And think of the National Security (tm) implications of > peer-to-peer communications like telephony! > > ------- > One man's blowback is another man's feedback > -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ravage at einstein.ssz.com Fri Sep 12 06:32:39 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Fri, 12 Sep 2003 08:32:39 -0500 (CDT) Subject: Another Cypherpunks Investigation? Message-ID: Hi, I had an interesting experience yesterday. I got to talk to a person claiming to be with the DoJ in Philly (if memory serves). Apparently they are investigating one or more posts in the Aug. time frame for something. They were interested in a subpeona regarding technical information about the list. The person didn't make it clear exactly who they were investigating. The questions were focused on how the mailing list worked and where there was editorial opportunity. They were also interested in mail and network logs for that time frame (which I don't normally keep past 3-4 days). I was very carefull to explain that IP spoofing was easy to do so that the veracity or reliability of the logs was in question. I'm deciding not to provide the persons name and contact info since I'm not sure what the effect would be. I requested they talk with my lawyer in regards to future information and that I wasn't interested in getting involved. That's about all I have on the topic at this time. -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ravage at einstein.ssz.com Fri Sep 12 06:36:21 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Fri, 12 Sep 2003 08:36:21 -0500 (CDT) Subject: What's up with the Cypherpunks archive? Message-ID: Hi, Is it really so that there are no up to date archives? Venona seems to have stopped a while back. Just curious. -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From mv at cdc.gov Fri Sep 12 09:49:58 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Fri, 12 Sep 2003 09:49:58 -0700 Subject: Schneier favoring drivers licenses for info superhighway? Message-ID: <3F61F935.366A3E88@cdc.gov> http://www2.ocregister.com/ocrweb/ocr/article.do?id=56662§ion=BUSINESS&subsection=BUSINESS&year=2003&month=9&day=12 So why not institute mandatory education before people can go online? After all, motorists must obtain licenses before they can legally hit the road, and computers are much more complicated. "It could be a four-year college degree, a one-month course. It might be a good idea," said Bruce Schneier, chief technology officer for Counterpane Internet Security Inc. Or it might be a bad idea. "The downside is everybody you know won't be able to have a computer anymore, and I like being able to send e-mail to friends," Schneier said. From mv at cdc.gov Fri Sep 12 09:52:59 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Fri, 12 Sep 2003 09:52:59 -0700 Subject: open WiFi defense to RIAA Message-ID: <3F61F9EB.1FBE89C1@cdc.gov> It should be massive fun when the RIAA sues someone who has an open WiFi network inhabited by unknown users. We await this defense. Doubleplus fun if the RIAA victim doesn't know he's sharing his bandwidth. We also anticipate someone being sued for downloading a rip of a song they have a vinyl. Ie, that they have legal rights to own a more convenient copy of. From rah at shipwright.com Fri Sep 12 07:20:00 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 12 Sep 2003 10:20:00 -0400 Subject: Quantum Computing Has Limits Message-ID: FNL is here , but the text of the cited issue hasn't shown up there yet. Cheers, RAH ------- Technology Review: Quantum Computing Has Limits Technology Research News  September 11, 2003 There are many long-term research efforts aimed at eventually producing a quantum computer, which would use the traits of atomic particles like electrons, photons and atoms to compute. Although it is extremely difficult to use such infinitesimally small parts, the weird quantum trait of entanglement would allow calculations to be carried out all at once on a series of numbers, making quantum computers fantastically fast. In theory, they could solve large problems that could never be solved by classical computers, including breaking all security codes. Quantum computers are not likely to ever replace classical computers for everyday use, however. Researchers from the University of Arkansas and Texas A&M University have shown that quantum computers, while theoretically useful for very large problems, are likely to always need very large amounts of power. According to their calculations, the statistical nature of quantum data, the practical requirements of inputting data into systems capable of carrying out entanglement, and the difficulty of error correction, or checking data, make quantum computers less efficient than classical computers for all but a few types of problems. The work appeared in the September, 2003 issue of Fluctuation and Noise Letters . -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From bill.stewart at pobox.com Fri Sep 12 11:56:18 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Fri, 12 Sep 2003 11:56:18 -0700 Subject: unintended consequences: Davis recall leads to US internal passports In-Reply-To: References: Message-ID: <3F6216D2.4000708@pobox.com> J.A. Terranson wrote: > On Wed, 10 Sep 2003, John Young wrote: > > >>Don't ever respond to a jury summons by showing up or calling >>in. If you do then you'll forever be in the sucker-responsive data base. Well, as the button says, "Any 12 people who can't get off jury duty aren't *my* peers" Aside from FIJA being an important political statement, if you're not interested in that kind of thing, bringing their literature with you to hand out to your fellow potential jurors (*before* you're hauled into the courtroom for a specific trial, so as not to be harassed for jury tampering) is generally a way to get yourself out of the process. But yes, otherwise, whatever it was that Tim forgot about, no, I don't remember that stuff, unless they ask really precise questions during voir dire. The last time I was in the potential-jurors pool, it was a case I'd have been tossed out of instantly during voir dire if they'd gotten to me (they went through about 50-60 people, and I was about #75 on the list.) The prosecutor was making sure that all of the potential jurors understood that police never lied, and that just because the accused was a 5-foot-tall 90-pound quiet-looking woman didn't mean that she couldn't have interfered with a cop during a family dispute situation, and I'd have had to answer the question about whether I'd been arrested for or convicted of a crime with something like "Well, the police agreed to drop the charges of interfering with an officer in return for me agreeing not to sue them"; the defense lawyer might not have liked me either :-) From rah at shipwright.com Fri Sep 12 09:19:44 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 12 Sep 2003 12:19:44 -0400 Subject: Satellite Tracking of Suspects Requires a Warrant, Court Rules Message-ID: Didn't they do this kind of thing to Jim Bell? Cheers, RAH ------- The New York Times September 12, 2003 Satellite Tracking of Suspects Requires a Warrant, Court Rules By THE ASSOCIATED PRESS LYMPIA, Wash., Sept. 11 (AP) - The police cannot attach a Global Positioning System tracker to a suspect's vehicle without a warrant, the Washington Supreme Court said today in the first such ruling in the nation. The court refused, however, to overturn the murder conviction of the man who brought the appeal, William B. Jackson, who unknowingly led the police to the shallow grave of his 9-year-old daughter in 1999 after a G.P.S. device was attached to his vehicle. Spokane County deputies had a warrant for the tracking device used in that case, although prosecutors argued they did not need one. "Use of G.P.S. tracking devices is a particularly intrusive method of surveillance," Justice Barbara Madsen wrote in the unanimous decision, "making it possible to acquire an enormous amount of personal information about the citizen under circumstances where the individual is unaware that every single vehicle trip taken and the duration of every single stop may be recorded by the government." Justice Madsen raised the prospect of citizens' being tracked to "the strip club, the opera, the baseball game, the `wrong' side of town, the family planning clinic, the labor rally." The closely watched case had evoked worries about the police using the satellite tracking devices to watch citizens' every move. Doug Honig, a spokesman for the American Civil Liberties Union of Washington, said the ruling was the first of its kind in the country. Attaching a tracking device to a car is "the equivalent of placing an invisible police officer in a person's back seat," Mr. Honig said. "Our state Constitution has very strong protections for privacy. Some other states also have very strong protections for privacy. This will be a strong precedent for them to look at and for any law enforcement agency around the country." The Spokane County deputy prosecutor, Kevin Korsmo, pronounced himself satisfied that Mr. Jackson's conviction had been upheld. But he said the court had expanded privacy rights for criminal suspects. Mr. Korsmo said that in previous cases involving surveillance by more conventional means, like binoculars or the naked eye, the Supreme Court held that there was no right of privacy for what a person did in public. In the Jackson case, the defendant sought to have the warrant thrown out, arguing that it was based on the slimmest of premises: If he was guilty, he might return to the scene of the crime. Prosecutors contended that the warrant was proper and that they did not even need a warrant; they contended that the device was equivalent to tailing Mr. Jackson in an unmarked car. The court agreed that the warrant was valid, but rejected the comparison between the device and tailing. "The devices in this case were in place for approximately 2.5 weeks," Justice Madsen wrote. "It is unlikely that the sheriff's department could have successfully maintained uninterrupted 24-hour surveillance throughout this time by following Jackson." A call to Mr. Jackson's lawyer was not immediately returned. Mr. Jackson reported his daughter missing the day she died. He was arrested nearly a month later after investigators used the G.P.S. system to map his routes to the burial site. He acknowledged burying his daughter but denied killing her. He said he panicked after finding her body in her bed. He was convicted of murder and sentenced to 56 years in prison. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From s.schear at comcast.net Fri Sep 12 13:00:02 2003 From: s.schear at comcast.net (Steve Schear) Date: Fri, 12 Sep 2003 13:00:02 -0700 Subject: Satellite Tracking of Suspects Requires a Warrant, Court Rules In-Reply-To: References: Message-ID: <5.2.1.1.0.20030912125914.04244cf8@mail.comcast.net> At 01:05 PM 9/12/2003 -0700, John Young wrote: >The agents who installed the criminal tracking device >and interpreted (doctored) the data, were in the courtroom >and smiled broadly at Jim's futile challenge of conventional >wisdom. > >It is possible that there was no device and the whole rig >was made up in the narc lab, using physical tailing as >the source of info needed to confect digital, ie, neutral, evidence. >This follows, naturally, the fact that agents' testimony is >not believed by anyone any more, so often do they lie. "In the halls of justice, the only justice is in the halls. -- Lenny Bruce From jya at pipeline.com Fri Sep 12 13:05:50 2003 From: jya at pipeline.com (John Young) Date: Fri, 12 Sep 2003 13:05:50 -0700 Subject: Satellite Tracking of Suspects Requires a Warrant, Court Rules In-Reply-To: Message-ID: Yes, GPS tracking was allegedly done to Jim, and its illegality is one of the points of his appeal. He claims that the legal basis for installing the device and data-spotting his movements were flawed. And that there were problems as well with interpretation of the data. Jim tried to argue this during his trial but neither his defense attorney or the judge would allow the argument, so sacred is the blind belief that the official use of the tracking technology is so content neutral, so credible, as if fingerprints, lie detector, DNA, or criminal crypto. The agents who installed the criminal tracking device and interpreted (doctored) the data, were in the courtroom and smiled broadly at Jim's futile challenge of conventional wisdom. It is possible that there was no device and the whole rig was made up in the narc lab, using physical tailing as the source of info needed to confect digital, ie, neutral, evidence. This follows, naturally, the fact that agents' testimony is not believed by anyone any more, so often do they lie. Lying technology has not yet had its truth told, or at not yet believed that it is no better than official lying. George Maschke has made some headway against the polygraph (www.polygraph.org) and fingerprints are not as convincing as they once were, fakes being easy to make, although DNA is a runaway train, and biometrics are believed to be FUD-free. Hoot, hoot. Bob Hettinga wrote: >Didn't they do this kind of thing to Jim Bell? From jal at jal.org Fri Sep 12 10:26:45 2003 From: jal at jal.org (Jamie Lawrence) Date: Fri, 12 Sep 2003 13:26:45 -0400 Subject: open WiFi defense to RIAA In-Reply-To: <3F61F9EB.1FBE89C1@cdc.gov> References: <3F61F9EB.1FBE89C1@cdc.gov> Message-ID: <20030912172645.GF22510@clueinc.net> On Fri, 12 Sep 2003, Major Variola (ret.) wrote: > We also anticipate someone being sued for downloading a rip > of a song they have a vinyl. Ie, that they have legal rights to > own a more convenient copy of. RIAA has anticipated this ploy. The argument goes that one only has the right to rip one's own recordings; bits from other's recordings are not licensed. Not commenting on buggy whips, genies, bottles, or the law, -j -- Jamie Lawrence jal at jal.org "Humans are at least as numerous as pigeons, their brains are not significantly costlier than pigeon brains, and for many tasks they are actually superior." -Richard Dawkins From dgerow at afflictions.org Fri Sep 12 11:08:00 2003 From: dgerow at afflictions.org (Damian Gerow) Date: Fri, 12 Sep 2003 14:08:00 -0400 Subject: [cdr] Re: GPG Sig test In-Reply-To: References: <1063161092.4940.24.camel@localhost> Message-ID: <20030912180759.GE89520@afflictions.org> Thus spake Bill Frantz (frantz at pwpconsult.com) [10/09/03 22:27]: > >[demime 0.97c removed an attachment of type application/pgp-signature > >which had a name of signature.asc] > > For some reason this mail tickled my sense of humor. > > Try sending the message without MIME. *Please*, for the sake of all that is good and sane, stick with PGP/MIME signatures. Configure your demime to *not* strip attachments of application/pgp-signature. I know there's two strong camps, but I *hate* inline PGP with a passion. It clutters up the message, and most people (and mail clients) don't have the sense to strip out the PGP cruft when quoting. From timcmay at got.net Fri Sep 12 14:55:07 2003 From: timcmay at got.net (Tim May) Date: Fri, 12 Sep 2003 14:55:07 -0700 Subject: Another Cypherpunks Investigation? In-Reply-To: Message-ID: On Friday, September 12, 2003, at 06:32 AM, Jim Choate wrote: > Hi, > > I had an interesting experience yesterday. I got to talk to a person > claiming to be with the DoJ in Philly (if memory serves). Apparently > they > are investigating one or more posts in the Aug. time frame for > something. > They were interested in a subpeona regarding technical information > about the > list. > > The person didn't make it clear exactly who they were investigating. > The > questions were focused on how the mailing list worked and where there > was > editorial opportunity. They were also interested in mail and network > logs > for that time frame (which I don't normally keep past 3-4 days). I was > very carefull to explain that IP spoofing was easy to do so that the > veracity or reliability of the logs was in question. > > I'm deciding not to provide the persons name and contact info since I'm > not sure what the effect would be. I requested they talk with my > lawyer in > regards to future information and that I wasn't interested in getting > involved. > > That's about all I have on the topic at this time. > I was curious about which messages in August could be of interest. Seeing none (via the lne.com feed I am subscribed to), I searched via Google for various articles mentioning "cypherpunks" and variations on "philadelphia," "pittsburgh," and "pennsylvania." And I narrowed the search to posts in July and August. I got some almost immediate hits (no pun intended). I've made it easy for anyone to find them via Google. Search on this search string: pittsburgh "professor rat" Search also on some of the names in the first article which pops up, i.e., on: "Mary Beth Buchanan" My comment is that this "Professor Rat," whose posts I have not seen for as long as lne.com has been my feed, is probably in some real difficulty. His posts are very direct threats, not veiled in any of the vague, political "politicians ought to be given a fair trial and then hanged" or even the "I hope Washington is nuked" sorts. (One rule of thumb I use is to never, ever use actual names of burrowcrats. Except for a few at the top, I don't even make any effort to remember the names. It's hard to be charged with making a direct, credible threat when no specific person is either named or alluded to.) Were he in the U.S., I'd expect he'd face serious charges. Being that he's in Australia, as far as I know, I doubt extradition will occur. And even if he were prosecuted, by Oz or by the U.S., his various articles indicate "mental disturbance" could be a winning defense, with him ordered to get back on his Prozac or Zoloft or whatever. The questions being asked of Jim may have to do with the Feds making the only prosecution they can make: that those passing on such threats via mailing lists are somehow guilty of some crime. This is just speculation on my part. If so, the case may hinge on issues of "common carrier" status. Also, I believe Congress passed a bill explicitly saying that sysops are not liable for the e-mail passing through their systems...Declan will likely have the latest on this. Anyway, I'll bet good money this is the series of messages in question. Nothing else I have seen either rises to this level or seems to involve Pennsylvania in any significant way. --Tim May From ericm at lne.com Fri Sep 12 15:06:25 2003 From: ericm at lne.com (Eric Murray) Date: Fri, 12 Sep 2003 15:06:25 -0700 Subject: GPG Sig test In-Reply-To: <20030912180759.GE89520@afflictions.org>; from dgerow@afflictions.org on Fri, Sep 12, 2003 at 02:08:00PM -0400 References: <1063161092.4940.24.camel@localhost> <20030912180759.GE89520@afflictions.org> Message-ID: <20030912150625.A17892@slack.lne.com> On Fri, Sep 12, 2003 at 02:08:00PM -0400, Damian Gerow wrote: > Configure your demime to *not* strip attachments of > application/pgp-signature. If someone knows how, please tell me. Eric From alfred_huger at symantec.com Fri Sep 12 14:27:41 2003 From: alfred_huger at symantec.com (Alfred Huger) Date: Fri, 12 Sep 2003 15:27:41 -0600 Subject: Wired misquote [Symantec want's to criminalize full-disclosure] Message-ID: I am posting this In reference to the recent Wired article which Richard Smith posted to this list. Symantec fully supports information sharing on threats and vulnerabilities and believes it is an important tool for consumers and IT professionals to gain a measure of early warning of potential attacks. The Bugtraq mailing list, maintained as an independent entity under the SecurityFocus brand, remains one of the most respected and open sources for security information and early alerting by security professionals worldwide and full disclosure is *critical to the integrity of the Bugtraq community*. With regards to cyber crime we need more and higher quality resources for law enforcement to work on computer forensics, and we need cooperation from government and industry to assist prosecutors in building cases against attackers. Given the increase in the number of security threats and the availability of online tools we also believe that the industry should focus on training and educating today???s youth about the ethics of computer crime and its affects and impact on victims. These are not simply my words but also an official Symantec statement. Cheers, -al Alfred Huger Senior Director Engineering Symantec Security Response ----- End forwarded message ----- [demime 0.97c removed an attachment of type application/pgp-signature] From camera_lumina at hotmail.com Fri Sep 12 12:38:25 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 12 Sep 2003 15:38:25 -0400 Subject: Fatherland Security agents above the law? Message-ID: The US government, US media, and the American populace seemed to have created a bizarre little symbiosis for themselves. It now goes like this: An incident occurs, real or "could be real, really soon", manufactured by the media. Two people on 34th and 8th indicate on newscamera that they are scared and don't feel secure. Media reports on how people are not secure. Government leaders see media report on how "people are scared" and perform security-enhancing activites, including overseas. Overeseas, or at home, "an incident occurs"... And so on. Soon I'll install a security camera in th' crapper to make sure no terrorists get me while I'm on the can. -TD >From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) >To: camera_lumina at hotmail.com, cypherpunks at minder.net >Subject: Re: Fatherland Security agents above the law? >Date: Fri, 12 Sep 2003 18:10:24 +1200 > >"Tyler Durden" writes: > > >"The Fatherland Security troops are publicly embaressed and showing their > >brown shirts." > > > >Well, I'm not convinced you guys have detected the right intended message > >here. > > > >Basically, the real message may be: "it's impossible to protect Americans > >through local policies alone". > >I thought it was "The news media will do anything for a story, even if they >have to manufacture it themselves". Given that the US is currently >obsessed >with terrorism, creating a sensationalist story related to it is a >sure-fire >winner, even if the more accurate wording of "ABC ships expensive yacht >ballast to US" would get less attention. > >(Come to think of it, I'm sure I could raise at least a moderate stink over > here by letting it slip that some of the America's Cup yachts that were >here > earlier in the year may have had (shock, horror!) dangerous radioactive > uranium in their keels, in violation of the government's anti-nuclear > stance). > >Peter. _________________________________________________________________ Express yourself with MSN Messenger 6.0 -- download now! http://www.msnmessenger-download.com/tracking/reach_general From shaddack at ns.arachne.cz Fri Sep 12 06:59:14 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Fri, 12 Sep 2003 15:59:14 +0200 (CEST) Subject: [Brinworld] UK firms tout camera phone blinding tech In-Reply-To: <3F60B462.9B1C182E@cdc.gov> References: <3F60B462.9B1C182E@cdc.gov> Message-ID: > Safe Haven works by transmitting a signal in a localised environment > such as a school, swimming pool, office facility or factory, which > "disables the camera functionality of devices in the nearby > environment", the companies claim. If there will be a dedicated receiver circuit in the phone, operating on other than cellular frequencies, it will be fairly trivial to shield or jam or damage it. (Some countries, I think something Far-Eastern, want legislation to force the manufacturers to make the handset emit loud tone when taking the picture. A tiny switch enabling/disabling the transducer takes care of it rather easily. A non-tech approach could be to make the same tone popular as a ringtone, psychologically immunizing people against paying special attention to it.) If it will be a firmware update, it is matter of couple days or at most weeks until rogue firmware versions with blocking disabled pop up all around - especially if one of the blocked functions will be SMS messages in schools. From emc at artifact.psychedelic.net Fri Sep 12 16:36:39 2003 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Fri, 12 Sep 2003 16:36:39 -0700 (PDT) Subject: Another Cypherpunks Investigation? In-Reply-To: Message-ID: <200309122336.h8CNadof006677@artifact.psychedelic.net> Tim writes: > My comment is that this "Professor Rat," whose posts I have not seen > for as long as lne.com has been my feed, is probably in some real > difficulty. His posts are very direct threats, not veiled in any of the > vague, political "politicians ought to be given a fair trial and then > hanged" or even the "I hope Washington is nuked" sorts. "Professor Rat" goes to his own folder in my Procmail script. I occasionally skim it, but mostly I just delete it when it expands to many megabytes. I hope this isn't going to be another one of those cases where some federal judge reads list messages completely out of context, and concludes that some plot is afoot to blow up the federal government. Perhaps Professor Rat is a federal agent hoping to bait some list member into publicly cheering when he criticizes high-ranking public officials. Or perhaps Professor Rat just made the mistake of playing Paintball on the weekends while subscribed to the Cypherpunks list. > (One rule of thumb I use is to never, ever use actual names of > burrowcrats. Except for a few at the top, I don't even make any effort > to remember the names. It's hard to be charged with making a direct, > credible threat when no specific person is either named or alluded to.) Allusions work, like "the coke-snorting C student who drove his car drunk into somebody's hedge." I wouldn't necessarily leap to the conclusion Professor Rat lives in Australia. Perhaps he just has has a shell there. -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From measl at mfn.org Fri Sep 12 15:46:52 2003 From: measl at mfn.org (J.A. Terranson) Date: Fri, 12 Sep 2003 17:46:52 -0500 (CDT) Subject: Another Cypherpunks Investigation? In-Reply-To: Message-ID: On Fri, 12 Sep 2003, Tim May wrote: > Were he in the U.S., I'd expect he'd face serious charges. Being that > he's in Australia, as far as I know, I doubt extradition will occur. I disagree (although I would not have several years ago). The FBI has been learning to use international extradition over the last two years or so, and are actually getting to be quite good at it from what I hear. > And even if he were prosecuted, by Oz or by the U.S., his various > articles indicate "mental disturbance" could be a winning defense, with > him ordered to get back on his Prozac or Zoloft or whatever. I would dearly love to see this idiot named an "enemy combatant", if for no other reason that to laugh my ass off. To paraphrase both Tim *and* Mattd: "Proffr Needs Killing" - rlmao! > The questions being asked of Jim may have to do with the Feds making > the only prosecution they can make: that those passing on such threats > via mailing lists are somehow guilty of some crime. This is just > speculation on my part. If these are indeed the types of questions being asked, I would be very surprised. While *anonymous* remailers are very definitely on their radar, I cannot see any reason why a CDR node would be of interest (other than to establish the actual delivery chain). As someone who works closely with a bunch of these guys, I can state with authority that the FBI is technically, um, less than what the public thinks they are. A LOT less, at least technically. Nevertheless, the guys (and gals) they hire are generally a good cross-section of smart and educated middle classers, who are quite capable of learning what they need to know. I would guess that the operational questions were just that - attempts to understand the operation of the CDR system. > If so, the case may hinge on issues of "common carrier" status. Highly unlikely - CCS is a concept they are all familiar with, and it quite obviously does not apply here. > Also, I > believe Congress passed a bill explicitly saying that sysops are not > liable for the e-mail passing through their systems...Declan will > likely have the latest on this. No, I think you are referring to the side effect of the Prodigy Decision. Either way though, you are correct that your average sysop enjoys some limited immunities here. > Anyway, I'll bet good money this is the series of messages in question. > Nothing else I have seen either rises to this level or seems to involve > Pennsylvania in any significant way. You sure there were no SPAM travel guides making outrageously prosecutable claims that Pennsylvania was a Good Place To Visit? > --Tim May -- Yours, J.A. Terranson sysadmin at mfn.org "Every living thing dies alone." Donnie Darko From pgut001 at cs.auckland.ac.nz Thu Sep 11 23:10:24 2003 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Fri, 12 Sep 2003 18:10:24 +1200 Subject: Fatherland Security agents above the law? Message-ID: <200309120610.h8C6AOh22705@cs.auckland.ac.nz> "Tyler Durden" writes: >"The Fatherland Security troops are publicly embaressed and showing their >brown shirts." > >Well, I'm not convinced you guys have detected the right intended message >here. > >Basically, the real message may be: "it's impossible to protect Americans >through local policies alone". I thought it was "The news media will do anything for a story, even if they have to manufacture it themselves". Given that the US is currently obsessed with terrorism, creating a sensationalist story related to it is a sure-fire winner, even if the more accurate wording of "ABC ships expensive yacht ballast to US" would get less attention. (Come to think of it, I'm sure I could raise at least a moderate stink over here by letting it slip that some of the America's Cup yachts that were here earlier in the year may have had (shock, horror!) dangerous radioactive uranium in their keels, in violation of the government's anti-nuclear stance). Peter. From bill.stewart at pobox.com Fri Sep 12 18:12:44 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Fri, 12 Sep 2003 18:12:44 -0700 Subject: [Brinworld] UK firms tout camera phone blinding tech In-Reply-To: References: <3F60B462.9B1C182E@cdc.gov> Message-ID: <3F626F0C.9050107@pobox.com> Thomas Shaddack wrote: >>Safe Haven works by transmitting a signal in a localised environment >>such as a school, swimming pool, office facility or factory, which >>"disables the camera functionality of devices in the nearby >>environment", the companies claim. > > If there will be a dedicated receiver circuit in the phone, operating on > other than cellular frequencies, it will be fairly trivial to shield or > jam or damage it. That's overkill. If this thing is ever actually deployed, it'll be a feature that _asks_ a Safe-Haven-equipped camera phone not to take pictures here, and if you happen to have that kind of phone, it won't take pictures there. The solution to this is not to carry a special jammer device if you want to take pictures where people don't want it - it's to carry a digital camera (and besides, those get much better pictures - the one gsm cameraphone I've tried had only a 352x288 CCD in it, in spite of not being a cheap phone.) Alternatively, if you want to transmit pictures there as well as taking them, buy a phone now that doesn't have that feature, or buy a PDA with a camera and some kind of wireless card. Aside from places that want to protect privacy or prudishness, one obvious market for Safe Haven is police agencies that want to be able to bash people without being on live video. On the other hand, they'd probably be just as happy with a cell phone jammer, which also prevents live voice transmission, and therefore not only blocks strategic remote recordkeepers, but also blocks tactical coordination by a crowd's instigators. From ravage at einstein.ssz.com Fri Sep 12 16:39:50 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Fri, 12 Sep 2003 18:39:50 -0500 (CDT) Subject: [cdr] Re: Another Cypherpunks Investigation? In-Reply-To: Message-ID: Somethings broke in the backbone relay, the CDR has split. I sent the note out and didn't see Tim's response, but do see JAT's. Cool ;) On Fri, 12 Sep 2003, J.A. Terranson wrote: > > On Fri, 12 Sep 2003, Tim May wrote: > > > > > Were he in the U.S., I'd expect he'd face serious charges. Being that > > he's in Australia, as far as I know, I doubt extradition will occur. > > I disagree (although I would not have several years ago). > > The FBI has been learning to use international extradition over the last two > years or so, and are actually getting to be quite good at it from what I > hear. > > > And even if he were prosecuted, by Oz or by the U.S., his various > > articles indicate "mental disturbance" could be a winning defense, with > > him ordered to get back on his Prozac or Zoloft or whatever. > > I would dearly love to see this idiot named an "enemy combatant", if for no > other reason that to laugh my ass off. To paraphrase both Tim *and* > Mattd: "Proffr Needs Killing" - rlmao! > > > The questions being asked of Jim may have to do with the Feds making > > the only prosecution they can make: that those passing on such threats > > via mailing lists are somehow guilty of some crime. This is just > > speculation on my part. > > If these are indeed the types of questions being asked, I would be very > surprised. While *anonymous* remailers are very definitely on their radar, I > cannot see any reason why a CDR node would be of interest (other than to > establish the actual delivery chain). As someone who works closely with a > bunch of these guys, I can state with authority that the FBI is technically, > um, less than what the public thinks they are. A LOT less, at least > technically. Nevertheless, the guys (and gals) they hire are generally a > good cross-section of smart and educated middle classers, who are quite > capable of learning what they need to know. I would guess that the > operational questions were just that - attempts to understand the operation > of the CDR system. > > > > If so, the case may hinge on issues of "common carrier" status. > > Highly unlikely - CCS is a concept they are all familiar with, and it quite > obviously does not apply here. > > > Also, I > > believe Congress passed a bill explicitly saying that sysops are not > > liable for the e-mail passing through their systems...Declan will > > likely have the latest on this. > > No, I think you are referring to the side effect of the Prodigy > Decision. Either way though, you are correct that your average sysop enjoys > some limited immunities here. > > > Anyway, I'll bet good money this is the series of messages in question. > > Nothing else I have seen either rises to this level or seems to involve > > Pennsylvania in any significant way. > > You sure there were no SPAM travel guides making outrageously prosecutable > claims that Pennsylvania was a Good Place To Visit? > > > --Tim May > > > -- > Yours, > J.A. Terranson > sysadmin at mfn.org > > "Every living thing dies alone." > Donnie Darko > -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From nobody at cypherpunks.to Fri Sep 12 10:02:43 2003 From: nobody at cypherpunks.to (Anonymous via the Cypherpunks Tonga Remailer) Date: Fri, 12 Sep 2003 19:02:43 +0200 (CEST) Subject: e-gold script to run from whitehat Message-ID:

From ravage at einstein.ssz.com Fri Sep 12 18:37:53 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Fri, 12 Sep 2003 20:37:53 -0500 (CDT) Subject: [discuss] TV ALERT: TechTV Music Wars (fwd) Message-ID: ---------- Forwarded message ---------- Date: Fri, 12 Sep 2003 18:59:31 -0500 From: David Nunez To: discuss at effaustin.org Subject: [discuss] TV ALERT: TechTV Music Wars Hey kids, TechTV (Austin Digital Cable 239) is hosting a 2.5 hour special tonight at 7:00 on file sharing issues, RIAA legal activities, etc. They are replaying it tomorrow night at 5:00PM and again Monday at 12:00P and 5:00PM. I'll be taping it and will figure out the "right way" to share. Via TechTV.com (techtv.com/musicwars): Musicians, industry experts, and file traders break down the complicated issues surrounding digital music. Watch today at 8 p.m., tomorrow at 6 p.m., and Monday 9/15 at 1 p.m. Eastern. By Steve Enders Admit it: You're freaked out. The Recording Industry Association of America (RIAA) is suing music downloaders as young as 12 years old. The organization has already busted college students for downloading. Subpoenas have been served seeking information on grandparents, mothers, and fathers. No one is safe, and many don't even know they've done anything wrong. Friday, TechTV brings you "Music Wars," a special that gets you up to speed on how we arrived at this point -- and where digital music is headed. Don't miss this exclusive look at the state of music as only TechTV can explain it. "Music Wars" also sets the stage for "Music Wars: Open Mike," TechTV's live, town hall forum featuring industry executives, legal experts, and artists. If you're a music fan, or if you're just interested in the groundbreaking legal issues surrounding the download debate, this is a night of television you won't want to miss. You'll meet the ultimate music fans, people who have shaped their lives around the prevalence of digital music. You'll meet artists including Liz Phair, Michelle Branch, and others who have put everything at stake by making their music so readily available online. You'll be surprised by their varying opinions and openness with TechTV. We'll take you behind the scenes of the major legal music services available online, the services trying to fill the vacuum left by the glut of P2P software, and the trade of illegal, copyright music. Finally, you'll meet the queen of KaZaA, Nikki Hemming. "Tech Live" reporter Jim Goldman sat down with Hemming in her Australian headquarters to discuss the ramifications of what she's helped create, and the industry she's helped inflame. Featured 'Music Wars' Segments Celebrities Sing, Squawk, Swap >From Ben Affleck to Sonic Youth, celebrities and music artists sound off on file-swapping, and others just sound good. Check out our recent interviews and in-studio performances. Peer-to-Peer Explained Amazing what some computer code can do. It's the software that nearly brought the music industry to its knees. It's also the software that has prompted the industry to come back fighting -- gloves off -- and file hundreds of lawsuits. The software known as Napster, written by a 17 year old, has evolved since 1999. See where it's been and where it's going, and find out why the music industry would like to see it stopped. Download 101 Incoming students normally start college with a tour around campus. At the University of California, Berkeley, incoming freshmen are getting a lesson in downloading music from P2P networks. The message: Do it at your own risk. We visit orientation to see what the program is all about. The Artists Speak Liz Phair, Michelle Branch, Charlie Daniels, The Samples. They're musicians with a diverse range of sounds, styles, and songs. They're loved by millions around the world. They've also seen millions of their songs downloaded from the Internet. But their opinions on file sharing are as different as their music. The Legal Alternative When the RIAA began filing lawsuits against song swappers this week, it also encouraged music fans to get their music the legal way using services provided by Apple, BuyMusic.com, and Rhapsody. The services offer thousands of good-quality songs, but are they the solution music fans really want? Posted September 9, 2003 David Nunez david at davidnunez.com --------------------------------------------------------------------- To unsubscribe, e-mail: discuss-unsubscribe at effaustin.org For additional commands, e-mail: discuss-help at effaustin.org From sfurlong at acmenet.net Fri Sep 12 17:53:02 2003 From: sfurlong at acmenet.net (Steve Furlong) Date: Fri, 12 Sep 2003 20:53:02 -0400 Subject: What's up with the Cypherpunks archive? In-Reply-To: References: Message-ID: <200309122053.02566.sfurlong@acmenet.net> On Friday 12 September 2003 09:36, Jim Choate wrote: > Is it really so that there are no up to date archives? Venona seems > to have stopped a while back. http://archives.abditum.com/cypherpunks/ _But_ my server has been very unreliable lately. I'm planning on moving the archives to a different box soon, maybe this weekend. -- Steve Furlong Computer Condottiere Have GNU, Will Travel "If someone is so fearful that, that they're going to start using their weapons to protect their rights, makes me very nervous that these people have these weapons at all!" -- Rep. Henry Waxman From jamesd at echeque.com Fri Sep 12 21:34:43 2003 From: jamesd at echeque.com (James A. Donald) Date: Fri, 12 Sep 2003 21:34:43 -0700 Subject: [cdr] Re: Another Cypherpunks Investigation? In-Reply-To: References: Message-ID: <3F623BF3.2309.7A8A783@localhost> -- On 12 Sep 2003 at 17:46, J.A. Terranson wrote: > The FBI has been learning to use international extradition > over the last two years or so, and are actually getting to be > quite good at it from what I hear. This would greatly surprise me, for government bureaucracies are notoriously incompetent at dealing with anyone they cannot have pistol whipped. If police bureaucracy X has busted someone for their own reasons, they may well hand him over to police bureacracy Y, but police bureaucracy X is not going to bust someone because police bureacracy Y wants him. If Professor rat had killed a cop, or seriously pissed off an important politician, the FBI might get its act together enough and swallow its pride sufficiently to manage a successful extradition, but for this sort of minor crap, nothing will happen. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG XmSLOgHTIX7igiupnUZhy6VfVZRNQh4hsbrOXBMG 4WS9OF42DQA+DowPFP7Z5UXhBISFqDUt0ssgL4sf3 From doreillyi at sympatico.ca Fri Sep 12 19:38:27 2003 From: doreillyi at sympatico.ca (Declan O'Reilly) Date: Fri, 12 Sep 2003 22:38:27 -0400 Subject: [discuss] TV ALERT: TechTV Music Wars (fwd) In-Reply-To: References: Message-ID: <1063420701.26698.8.camel@dhcppc2> Hope I am doing this right , first time poster Jim Choate wrote > TechTV (Austin Digital Cable 239) is hosting a 2.5 hour special tonight > at 7:00 on file sharing issues, RIAA legal activities, etc. They are > replaying it tomorrow night at 5:00PM and again Monday at 12:00P and > 5:00PM. I'll be taping it and will figure out the "right way" to share. > What an aggravating show , most disapointing. But then I am not really surprised. On the one side ,you had persons from EMI , Mavrick , and Ira Dean from some country band , and on the other , you had John Perry Barlow from the EFF , as Well as Chuck D. The show was moderated by Leo Laporte ,and interviews done by Mickela Perria(sp). So , the usual suspects spouting their own opinions ,and party lines. The upshot is that the recording industry is still fighting a rear guard action , wishing to move the downloading over to a pay per download biz model. Declan O'Reilly From nobody at cypherpunks.to Fri Sep 12 15:50:10 2003 From: nobody at cypherpunks.to (Anonymous via the Cypherpunks Tonga Remailer) Date: Sat, 13 Sep 2003 00:50:10 +0200 (CEST) Subject: MIME-encrustations. Message-ID: <0fca420779f91c860017c593c43a3f24@cypherpunks.to> Regarding the use of the mutt-specific MIME-encrusted PGP message format on mailing lists, I think Jon Callas (author of the OpenPGP RFC) sums up the issues best: http://www.imc.org/ietf-openpgp/mail-archive/msg03786.html From jtrjtrjtr2001 at yahoo.com Sat Sep 13 01:10:45 2003 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Sat, 13 Sep 2003 01:10:45 -0700 (PDT) Subject: Schneier favoring drivers licenses for info superhighway? In-Reply-To: <3F61F935.366A3E88@cdc.gov> Message-ID: <20030913081045.91968.qmail@web21207.mail.yahoo.com> I think its a joke taken out of context by the media. Sarath. --- "Major Variola (ret.)" wrote: > http://www2.ocregister.com/ocrweb/ocr/article.do?id=56662§ion=BUSINESS&subsection=BUSINESS&year=2003&month=9&day=12 > > So why not institute mandatory education before > people can go online? > After all, motorists must obtain licenses before > they can legally hit > the road, and computers are much more complicated. > > "It could be a four-year college degree, a one-month > course. It might be > a good idea," said Bruce Schneier, chief technology > officer for > Counterpane Internet Security Inc. > > Or it might be a bad idea. > > "The downside is everybody you know won't be able to > have a computer > anymore, and I like being able to send e-mail to > friends," Schneier > said. > __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From mv at cdc.gov Sat Sep 13 09:55:28 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Sat, 13 Sep 2003 09:55:28 -0700 Subject: Mary Beth Buchanan, raping the constitution Message-ID: <3F634BFE.21279287@cdc.gov> "Obscenities have always been a priority of the attorney general," said Mary Beth Buchanan, U.S. attorney for western Pennsylvania. "[A]nd he has asked each U.S. attorney to make that our priority as well." Buchanan is the lead prosecutor on the case against Zacari http://www.abcnews.go.com/sections/wnt/US/porno030828.html Seems she's in bed with Ashcroft, with no compunction about raping the 1st. (Which may or may not have to do with Prof. R's fascination with her; we don't follow that). Or she may be reviled as a domestic terrorist for her role in the persecution of a glasswares vendor http://216.239.41.104/search?q=cache:Q2lzFGs63RMJ:marijuana.newstrove.com/+%22mary+beth+buchanan%22&hl=en&ie=UTF-8 Perhaps life, liberty, and the pursuit of happiness is too much for her. Or perhaps she merely enjoys initiating violence against those involved in mutually consensual transactions she disapproves of. Perhaps Prof R for all his too precise meanderings is at least bringing someone deserving into the public light. ---- "Did you really think that we want those laws to be observed? . . . We want them broken. You'd better get it straight that it's not a bunch of boy scouts that you're up against - and then you'll know that this is not the age for beautiful gestures. We're after power and we mean it. . . . . There's no way to rule innocent men. The only power any government has is the power to crack down on criminals. Well, when there aren't enough criminals one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws. Who wants a nation of law-abiding citizens? What's there in that for anyone? But just pass the kind of laws that can neither be observed nor enforced nor objectively interpreted - and you create a nation of lawbreakers - and then you cash in on the guilt. Now that's the system, . . . that's the game, and once you understand it, you'll be much easier to deal with." From Atlas Shrugged, by Ayn Rand. From jamesd at echeque.com Sat Sep 13 10:05:59 2003 From: jamesd at echeque.com (James A. Donald) Date: Sat, 13 Sep 2003 10:05:59 -0700 Subject: Another Cypherpunks Investigation? In-Reply-To: References: <3F623BF3.2309.7A8A783@localhost> Message-ID: <3F62EC07.5506.A5876C2@localhost> -- On 13 Sep 2003 at 11:08, J.A. Terranson wrote: > The feebs are in a position right now where it's not a matter > of "swallowing their pride", but rather a "corporate mandate" > if you will: they have been *ordered* to make these types of > extraditions happen. Government bureacracies get lots of orders. Not much happens. And this, of course, assumes that Professor Rat is real, rather than an american agent provocateur sshing to Australia. For an Australian, he seems oddly obsessed with US figures. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG zb5ULu5a2zdPSF1Vfo8bPJ0R0cJqrQ61rnxVj/Tj 4nufrybHbKgybBIdtfJ82JGuKJKCsCTsrFYCwEp0p From ravage at einstein.ssz.com Sat Sep 13 08:16:47 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sat, 13 Sep 2003 10:16:47 -0500 (CDT) Subject: [SDBUG] cypherpunk wargames (local) (fwd) Message-ID: I ran across this while doing some tactical wargame research ;) http://www.sdbug.org/pipermail/sdbug/2002-October/002336.html -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From timcmay at got.net Sat Sep 13 10:46:50 2003 From: timcmay at got.net (Tim May) Date: Sat, 13 Sep 2003 10:46:50 -0700 Subject: Another Cypherpunks Investigation? In-Reply-To: Message-ID: <4116BBB2-E612-11D7-87EC-000A956B4C74@got.net> On Saturday, September 13, 2003, at 10:36 AM, Tyler Durden wrote: > Tim May wrote... > > "The questions being asked of Jim may have to do with the Feds making > the only prosecution they can make: that those passing on such threats > via mailing lists are somehow guilty of some crime. This is just > speculation on my part." > > I thought the Feds questions to Jim Choate had more to do with > anti-spam enforcement.... > Assuming this is not some silly joke comment, First, the Feds have no significant "anti-spam enforcement" role. Anti-spam laws, such as they exist now, are not being criminally enforced, hence a DOJ role is unlikely. Second, the Pennsylvania connection is unlikely for an anti-spam action, even if some poor soul in Penn. got spammed via a subscription list (meaning, likely no basis for complaint!). Third, nothing in Choate's message mentioned spam or anything in detail. So why you would think the issue was related to "anti-spam enforcement" is a mystery to me. Fourth, the search results I got were pretty convincing to me that a direct death threat was leveled against a government official, by name. The message even referred to waiting for her as she jogged by (or somesuch language, see the posting about Mary Beth Buchanan for details). The Feds take these kinds of posts a _lot_ more seriously than they do anti-spam measures, which likely don't even have the status of being actual criminal laws, at least not yet. And the recipients of a mailing list have no basis for claiming they were spammed through a list they voluntarily signed up for. Q.E.D. --Tim May "I think the root of the problem is that we tend to organize ourselves into tribes. Then people in the tribe are our friends, and people outside are our enemies. I think it happens like this: Someone uses Perl, and likes it, and then they use it some more. But then something strange happens. They start to identify themselves with Perl, as if Perl were part of their body, or vice versa. They're part of the Big Perl Tribe. They want other people to join the Tribe. If they meet someone who doesn't like Perl, it's an insult to the Tribe and a personal affront to them." --Mark Dominus, "Why I Hate Advocacy," 2000 From measl at mfn.org Sat Sep 13 09:08:37 2003 From: measl at mfn.org (J.A. Terranson) Date: Sat, 13 Sep 2003 11:08:37 -0500 (CDT) Subject: [cdr] Re: Another Cypherpunks Investigation? In-Reply-To: <3F623BF3.2309.7A8A783@localhost> Message-ID: On Fri, 12 Sep 2003, James A. Donald wrote: > On 12 Sep 2003 at 17:46, J.A. Terranson wrote: > > The FBI has been learning to use international extradition > > over the last two years or so, and are actually getting to be > > quite good at it from what I hear. > > This would greatly surprise me, for government bureaucracies > are notoriously incompetent at dealing with anyone they cannot > have pistol whipped. As I understand it, they're simply having similar agencies from other countries doing the appropriate PW, followed by an extradition from those countries willing to do so. > If police bureaucracy X has busted someone for their own > reasons, they may well hand him over to police bureacracy Y, > but police bureaucracy X is not going to bust someone because > police bureacracy Y wants him. There has been a lot of change in this area over the last two years. > If Professor rat had killed a cop, or seriously pissed off an > important politician, the FBI might get its act together enough > and swallow its pride sufficiently to manage a successful > extradition, but for this sort of minor crap, nothing will > happen. The feebs are in a position right now where it's not a matter of "swallowing their pride", but rather a "corporate mandate" if you will: they have been *ordered* to make these types of extraditions happen. Of course, the next [obvious] question is where did I get this information? From work: we had an incident that resulted in an FBI call and international players from third world countries. If it's just Mattd they're looking for, then I too doubt that he's worth putting the wheels in motion for, but if it's something they consider "real", I have absolutely no doubt that they are now in a position to successfully complete an international extradition > --digsig > James A. Donald > 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG > XmSLOgHTIX7igiupnUZhy6VfVZRNQh4hsbrOXBMG > 4WS9OF42DQA+DowPFP7Z5UXhBISFqDUt0ssgL4sf3 -- Yours, J.A. Terranson sysadmin at mfn.org "Every living thing dies alone." Donnie Darko From camera_lumina at hotmail.com Sat Sep 13 10:36:34 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sat, 13 Sep 2003 13:36:34 -0400 Subject: Another Cypherpunks Investigation? Message-ID: Tim May wrote... "The questions being asked of Jim may have to do with the Feds making the only prosecution they can make: that those passing on such threats via mailing lists are somehow guilty of some crime. This is just speculation on my part." I thought the Feds questions to Jim Choate had more to do with anti-spam enforcement.... -TD >From: Tim May >To: cypherpunks at lne.com >Subject: Re: Another Cypherpunks Investigation? >Date: Fri, 12 Sep 2003 14:55:07 -0700 > >On Friday, September 12, 2003, at 06:32 AM, Jim Choate wrote: > >>Hi, >> >>I had an interesting experience yesterday. I got to talk to a person >>claiming to be with the DoJ in Philly (if memory serves). Apparently they >>are investigating one or more posts in the Aug. time frame for something. >>They were interested in a subpeona regarding technical information about >>the >>list. >> >>The person didn't make it clear exactly who they were investigating. The >>questions were focused on how the mailing list worked and where there was >>editorial opportunity. They were also interested in mail and network logs >>for that time frame (which I don't normally keep past 3-4 days). I was >>very carefull to explain that IP spoofing was easy to do so that the >>veracity or reliability of the logs was in question. >> >>I'm deciding not to provide the persons name and contact info since I'm >>not sure what the effect would be. I requested they talk with my lawyer in >>regards to future information and that I wasn't interested in getting >>involved. >> >>That's about all I have on the topic at this time. >> > >I was curious about which messages in August could be of interest. Seeing >none (via the lne.com feed I am subscribed to), I searched via Google for >various articles mentioning "cypherpunks" and variations on "philadelphia," >"pittsburgh," and "pennsylvania." And I narrowed the search to posts in >July and August. > >I got some almost immediate hits (no pun intended). I've made it easy for >anyone to find them via Google. Search on this search string: > > >pittsburgh "professor rat" > >Search also on some of the names in the first article which pops up, i.e., >on: > >"Mary Beth Buchanan" > > > >My comment is that this "Professor Rat," whose posts I have not seen for as >long as lne.com has been my feed, is probably in some real difficulty. His >posts are very direct threats, not veiled in any of the vague, political >"politicians ought to be given a fair trial and then hanged" or even the "I >hope Washington is nuked" sorts. > >(One rule of thumb I use is to never, ever use actual names of burrowcrats. >Except for a few at the top, I don't even make any effort to remember the >names. It's hard to be charged with making a direct, credible threat when >no specific person is either named or alluded to.) > >Were he in the U.S., I'd expect he'd face serious charges. Being that he's >in Australia, as far as I know, I doubt extradition will occur. And even if >he were prosecuted, by Oz or by the U.S., his various articles indicate >"mental disturbance" could be a winning defense, with him ordered to get >back on his Prozac or Zoloft or whatever. > >The questions being asked of Jim may have to do with the Feds making the >only prosecution they can make: that those passing on such threats via >mailing lists are somehow guilty of some crime. This is just speculation on >my part. > >If so, the case may hinge on issues of "common carrier" status. Also, I >believe Congress passed a bill explicitly saying that sysops are not liable >for the e-mail passing through their systems...Declan will likely have the >latest on this. > >Anyway, I'll bet good money this is the series of messages in question. >Nothing else I have seen either rises to this level or seems to involve >Pennsylvania in any significant way. > >--Tim May _________________________________________________________________ Compare Cable, DSL or Satellite plans: As low as $29.95. https://broadband.msn.com From njohnsn at njohnsn.com Sat Sep 13 12:03:01 2003 From: njohnsn at njohnsn.com (Neil Johnson) Date: Sat, 13 Sep 2003 14:03:01 -0500 Subject: Always check the lug nuts !! Message-ID: <200309131403.01807.njohnsn@njohnsn.com> http://www.spaceref.com/news/viewsr.html?pid=10299 Evidently, they were trying to move the satelite from a horizontal to vertical position. However, engineers from a another project had removed the 24 bolts needed to secure the plate to the movement mechanism, and nobody thought to check for the bolts before attempting to moving the satelite. -- Neil Johnson http://www.njohnsn.com PGP key available on request. From measl at mfn.org Sat Sep 13 12:10:36 2003 From: measl at mfn.org (J.A. Terranson) Date: Sat, 13 Sep 2003 14:10:36 -0500 (CDT) Subject: Another Cypherpunks Investigation? In-Reply-To: <3F62EC07.5506.A5876C2@localhost> Message-ID: On Sat, 13 Sep 2003, James A. Donald wrote: > And this, of course, assumes that Professor Rat is real, rather > than an american agent provocateur sshing to Australia. For an > Australian, he seems oddly obsessed with US figures. I haven't seen his stuff in ages - procmail was my friend until last week, when I finally gave up on ssz. Now, lne is my friend: Mattd can spew till he's purple, and I'll never know if he's fixated on US or EU topics. I really don't care enough to even accept his mails here. It's interesting to note that Mattd is the only person I have ever thrown into the permanent bit-bucket, an act so heinous, I swore I would never do it. I guess I'm either growing up, or growing old: while I still think that shitcanning a poster is an evil act in and of itself, I've also come to believe that it *can* be justified sometimes. Like any other form of killing... Hey Tim: can I get a " needs killing"? I think I finally understand it in it's entirety :-( > --digsig > James A. Donald > 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG > zb5ULu5a2zdPSF1Vfo8bPJ0R0cJqrQ61rnxVj/Tj > 4nufrybHbKgybBIdtfJ82JGuKJKCsCTsrFYCwEp0p -- Yours, J.A. Terranson sysadmin at mfn.org "Every living thing dies alone." Donnie Darko From jya at pipeline.com Sat Sep 13 15:11:09 2003 From: jya at pipeline.com (John Young) Date: Sat, 13 Sep 2003 15:11:09 -0700 Subject: Another Cypherpunks Investigation? In-Reply-To: <3F62EC07.5506.A5876C2@localhost> References: <3F623BF3.2309.7A8A783@localhost> Message-ID: James Donald wrote: >And this, of course, assumes that Professor Rat is real, rather >than an american agent provocateur sshing to Australia. For an >Australian, he seems oddly obsessed with US figures. Based on when Rat began to post, and the gush of charges allegedly made against him elsewhere and in the US, James would appear to be probably right about the nut-case being an agent provocateur, either government run or self-appointed. Self-appointed provocateurs all too often wind up working for the authorities once they gain access to or credibility with enemies of the state. Still, some may recall that CJ was charged similarly, but still went to jail. Not that going to jail clears a rat, rather it may indicate a deeper deception. What happens to a person during jail, facing charges, being questioned, seemingly cleared, then reappearing behaving even more provocatively, fits the pattern of the agent provocateur. But inducing a party to behave like an agent provocateur is a methodology oft used by handlers of agents. Smearing a genuine dissident with charges of being a government agent is also a hoary technique. Fostering dissent is the favorite way governments assure their survival by being forever vigilante, forever being needed to protect the unwary, forever cooking up new threats to the homeland. Indeed without dissent, especially vociferous and verging on violence, governments might wither, as commies and fascists well know and backscratch each other. Professor Rat does indeed appear to be a pro, reminds of the gang that pokied Jim Bell before 9/11, and now are eager to keep the counter-cyber-terrorism careers aflowering. Witness Jessica Stern and a host of others, feeding and being fed by the justice cartel worldwide, pleased as shit at the bountiful evidence-provocation-fabricator: the Net. If cypherpunks did not exist, prosecutors and rats would have to invent it, in the narc lab, oops, DARPA. From anonymous at panta-rhei.dyndns.org Sat Sep 13 19:26:17 2003 From: anonymous at panta-rhei.dyndns.org (Anonymous) Date: 14 Sep 2003 02:26:17 -0000 Subject: Killing the persecutors of "Extreme Associates" Message-ID: Prosecutors, U.S. Attorneys and Attorneys General who seek to throw people in prison for half a century for the "crime" of producing a porn movie with the "wrong" type of storyline all need to be gang-raped to the theme of _The O'Reilly Factor_ by large-penised men, before having themselves, their families and their children doused with jet fuel and burned alive, September 11th style. "'Shall make no law' means _NO LAW_. Got it, bitch?" If not, perhaps somebody should take a Sharpie, use it to write out the relevant text of the First Amendment on a piece of plain white paper, affix it to a baseball bat with tape or another suitable adhesive, and then smash aforementioned baseball bat over the heads of these U.S. Attorneys and high- ranking "Justice" Department officials until they either get the idea, or get their skulls crushed to such a degree that bloodied brain tissue ends up splattered all over the walls of their offices. Robert Zicari and Janet Romano should seriously consider putting out contracts on the heads of some Feds. From netkita at earthlink.net Sun Sep 14 12:15:47 2003 From: netkita at earthlink.net (netkita at earthlink.net) Date: Sun, 14 Sep 2003 15:15:47 -0400 Subject: Cypherpunks in jail or prison Message-ID: <3F648623.19668.E360459@localhost> To date how many members of the Cypherpunks mailing list are in the can so to speak and what are the category of offenses that the government wishes to blame them with? What are the dates or at least the years that they were arrested? Thanks in Advance, Deirdre From satan at spawnofhell.com Sun Sep 14 16:37:53 2003 From: satan at spawnofhell.com (Satanus Supremus) Date: 14 Sep 2003 18:37:53 -0500 Subject: Killing the persecutors of "Extreme Associates" In-Reply-To: References: Message-ID: <1063582673.2638.32.camel@entropy.darkesthour.com> Umm, errr...alright I think you meant "walls of their orifices". You are forgiven. On Sat, 2003-09-13 at 21:26, Anonymous wrote: > Prosecutors, U.S. Attorneys and Attorneys General who seek to throw people > in prison for half a century for the "crime" of producing a porn movie with > the "wrong" type of storyline all need to be gang-raped to the theme of > _The O'Reilly Factor_ by large-penised men, before having themselves, their > families and their children doused with jet fuel and burned alive, September > 11th style. > > "'Shall make no law' means _NO LAW_. Got it, bitch?" > > If not, perhaps somebody should take a Sharpie, use it to write out the > relevant text of the First Amendment on a piece of plain white paper, affix > it to a baseball bat with tape or another suitable adhesive, and then smash > aforementioned baseball bat over the heads of these U.S. Attorneys and high- > ranking "Justice" Department officials until they either get the idea, or > get their skulls crushed to such a degree that bloodied brain tissue ends up > splattered all over the walls of their offices. > > Robert Zicari and Janet Romano should seriously consider putting out contracts > on the heads of some Feds. From cpunk at lne.com Sun Sep 14 20:00:00 2003 From: cpunk at lne.com (cpunk at lne.com) Date: Sun, 14 Sep 2003 20:00:00 -0700 Subject: Cypherpunks List Info Message-ID: <200309150300.h8F300xE003127@gw.lne.com> Cypherpunks Mailing List Information Last updated: Sep 12, 2002 This message is also available at http://www.lne.com/cpunk Instructions on unsubscribing from the list can be found below. 0. Introduction The Cypherpunks mailing list is a mailing list for discussing cryptography and its effect on society. It is not a moderated list (but see exceptions below) and the list operators are not responsible for the list content. Cypherpunks is a distributed mailing list. A subscriber can subscribe to one node of the list and thereby participate on the full list. Each node (called a "Cypherpunks Distributed Remailer", although they are not related to anonymous remailers) exchanges messages with the other nodes in addition to sending messages to its subscribers. A message posted to one node will be received by the list subscribers on the other nodes, and vice-versa. 1. Filtering The various CDRs follow different policies on filtering spam and to a lesser extent on modifying messages that go to/from their subscribers. Filtering is done, on nodes that do it, to reduce the huge amount of spam that the cypherpunks list is subjected to. There are three basic flavors of filtering CDRs: "raw", which send all messages to their subscribers. "cooked" CDRs try to eliminate the spam on that's on the regular list by automatically sending only messages that are from cypherpunks list subscribers (on any CDR) or people who are replying to list messages. Finally there are moderated lists, where a human moderator decides which messages from the raw list to pass on to subscribers. 2. Message Modification Message modification policy indicates what modifications, if any, beyond what is needed to operate the CDR are done (most CDRs add a tracking X-loop header on mail posted to their subscribers to prevent mail loops). Message modification usually happens on mail going in or out to each CDR's subscribers. CDRs should not modify mail that they pass from one CDR to the next, but some of them do, and others undo those modifications. 3. Privacy Privacy policy indicates if the list will allow anyone ("open"), or only list members, or no one ("private") , to retrieve the subscribers list. Note that if you post, being on a "private" list doesn't mean much, since your address is now out there. It's really only useful for keeping spammers from harvesting addresses from the list software. Digest mode indicates that the CDR supports digest mode, which is where the posts are batched up into a few large emails. Nodes that support only digest mode are noted. 4. Anonymous posting Cypherpunks encourages anonymous posting. You can use an anonymous remailer: http://www.andrebacard.com/remail.html http://anon.efga.org/Remailers http://www.gilc.org/speech/anonymous/remailer.html or you can send posts to the list via cpunks_anon at einstein.ssz.com and your mail's headers will be stripped before posting. Note that this doesn't provide complete anonymity since the receiving site will still have log file entries showing the source of the mail (or you have to trust that they delete them). You also will be 'sharing' a reputation with the other entities that post through this alias, and some of them are spammers, so some subscribers will have this alias filtered. 5. Unsubscribing Unsubscribing from the cypherpunks list: Since the list is run from a number of different CDRs, you have to figure out which CDR you are subscribed to. If you don't remember and can't figure it out from the mail headers (hint: the top Received: line should tell you), the easiest way to unsubscribe is to send unsubscribe messages to all the CDRs listed below. How to figure out which CDR you are subscribed to: Get your mail client to show all the headers (Microsoft calls this "internet headers"). Look for the Sender or X-loop headers. The Sender will say something like "Sender: owner-cypherpunks at lne.com". The X-loop line will say something like "X-Loop: cypherpunks at lne.com". Both of these inticate that you are subscribed to the lne.com CDR. If you were subscribed to the algebra CDR, they would have algebra.com in them. Once you have figured out which CDR you're subscribed to, look in the table below to find that CDRs unsubscribe instructions. 6. Lunatics, spammers and nut-cases "I'm subscribed to a filtering CDR yet I still see lots of junk postings". At this writing there are a few sociopaths on the cypherpunks list who are abusing the lists openness by dumping reams of propaganda on the list. The distinction between a spammer and a subscriber is nearly always very clear, but the dictinction between a subscriber who is abusing the list by posting reams of propaganda and a subscriber who is making lots of controversial posts is not clear. Therefore, we tolerate the crap. Subscribers with a low crap tolerance should check out mail filters. Procmail is a good one, although it works on Unix and Unix-like systems only. Eudora also has a capacity for filtering mail, as do many other mail readers. An example procmail recipie is below, you will of course want to make your own decisions on which (ab)users to filter. # mailing lists: # filter all cypherpunks mail into its own cypherspool folder, discarding # mail from loons. All CDRs set their From: line to 'owner-cypherpunks'. # /dev/null is unix for the trash can. :0 * ^From.*owner-cypherpunks at .* { :0: * (^From:.*ravage at ssz\.com.*|\ ^From:.*jchoate at dev.tivoli.com.*|\ ^From:.*mattd at useoz.com|\ ^From:.*proffr11 at bigpond.com|\ ^From:.*jei at cc.hut.fi) /dev/null :0: cypherspool } 7. List of current CDRs All commands are sent in the body of mail unless otherwise noted. --------------------------------------------------------------------------- Algebra: Operator: Subscription: "subscribe cypherpunks" to majordomo at algebra.com Unsubscription: "unsubscribe cypherpunks" to majordomo at algebra.com Help: "help cypherpunks" to majordomo at algebra.com Posting address: cypherpunks at algebra.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- CCC: Operator: drt at un.bewaff.net Subscription: "subscribe [password of your choice]" to cypherpunks-request at koeln.ccc.de Unsubscription: "unsubscribe " to cypherpunks-request at koeln.ccc.de Help: "help" to to cypherpunks-request at koeln.ccc.de Web site: http://koeln.ccc.de/mailman/listinfo/cypherpunks Posting address: cypherpunks at koeln.ccc.de Filtering policy: This specific node drops messages bigger than 32k and every message with more than 17 recipients or just a line containing "subscribe" or "unsubscribe" in the subject. Digest mode: this node is digest-only NNTP: news://koeln.ccc.de/cbone.ml.cypherpunks Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Infonex: Subscription: "subscribe cypherpunks" to majordomo at infonex.com Unsubscription: "unsubscribe cypherpunks" to majordomo at infonex.com Help: "help cypherpunks" to majordomo at infonex.com Posting address: cypherpunks at infonex.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Lne: Subscription: "subscribe cypherpunks" to majordomo at lne.com Unsubscription: "unsubscribe cypherpunks" to majordomo at lne.com Help: "help cypherpunks" to majordomo at lne.com Posting address: cypherpunks at lne.com Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to lne CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. messages are demimed (MIME attachments removed) when posted through lne or received by lne CDR subscribers 2. leading "CDR:" in subject line removed 3. "Reply-to:" removed Privacy policy: private Info: http://www.lne.com/cpunk; "info cypherpunks" to majordomo at lne.com Archive: http://archives.abditum.com/cypherpunks/index.html (thanks to Steve Furlong and Len Sassaman) --------------------------------------------------------------------------- Minder: Subscription: "subscribe cypherpunks" to majordomo at minder.net Unsubscription: "unsubscribe cypherpunks" to majordomo at minder.net Help: "help" to majordomo at minder.net Posting address: cypherpunks at minder.net Filtering policy: raw Message Modification policy: no modification Privacy policy: private Info: send mail to cypherpunks-info at minder.net --------------------------------------------------------------------------- Openpgp: [openpgp seems to have dropped off the end of the world-- it doesn't return anything from sending help queries. Ericm, 8/7/01] Subscription: "subscribe cypherpunks" to listproc at openpgp.net Unsubscription: "unsubscribe cypherpunks" to listproc at openpgp.net Help: "help" to listproc at openpgp.net Posting address: cypherpunks at openpgp.net Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Ssz: Subscription: "subscribe cypherpunks" to majordomo at ssz.com Unsubscription: "unsubscribe cypherpunks" to majordomo at ssz.com Help: "help cypherpunks" to majordomo at ssz.com Posting address: cypherpunks at ssz.com Filtering policy: raw Message Modification policy: Subject line prepended with "CDR:" Reply-to cypherpunks at ssz.com added. Privacy policy: open Info: http://www.ssz.com/cdr/ --------------------------------------------------------------------------- Sunder: Subscription: "subscribe" to sunder at sunder.net Unsubscription: "unsubscribe" to sunder at sunder.net Help: "help" to sunder at sunder.net Posting address: sunder at sunder.net Filtering policy: moderated Message Modification policy: ??? Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- Pro-ns: Subscription: "subscribe cypherpunks" to majordomo at pro-ns.net Unsubscription: "unsubscribe cypherpunks" to majordomo at pro-ns.net Help: "help cypherpunks" to majordomo at pro-ns.net Posting address: cypherpunks at pro-ns.net Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to local CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. leading "CDR:" in subject line removed 2. "Reply-to:" removed Privacy policy: private Info: http://www.pro-ns.net/cpunk From mv at cdc.gov Sun Sep 14 20:43:40 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Sun, 14 Sep 2003 20:43:40 -0700 Subject: Power Grab: Ashcroft overturns 4th Amend Message-ID: <3F65356B.605E89C8@cdc.gov> Administration Calls for Unprecedented Subpoena Powers http://www.latimes.com/news/nationworld/nation/la-na-subpoena14sep14,1,689004.story?coll=la-home-todays-times Unlike in ordinary criminal investigations, Ashcroft would not need the approval of a grand jury or a judge to order witnesses to appear for questioning. "The attendance of witnesses and the production of records may be required from any place in any state or in any territory or other place subject to the jurisdiction of the United States at any designated place of hearing," the administration's bill says. ... The bill includes a "nondisclosure requirement" as well. "If the Attorney General certifies [there] may result a danger to the national security, no person shall disclose to any other person that a subpoena was received or records were provided," it says. Grand juries operate in secret as well. And though they are often seen as a rubber stamp for the government, Cole said the mere presence of the jurors restrains prosecutors. "There is a real difference when a prosecutor knows 23 citizens are there observing what's going on," he said ... The administration proposal was introduced in the House last week by Rep. Tom Feeney (R-Fla.). Hmm, other Rep.tiles from Fla get turned into boots. And they're not even raping the constitution. From camera_lumina at hotmail.com Sun Sep 14 19:06:44 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sun, 14 Sep 2003 22:06:44 -0400 Subject: Wall Street Protest Message-ID: Walked by an interesting protest outside the stock exchange last week. In the "pen" in front were probably no more than 600 people attending a protest against the well-named "Patriot Act", and against Bush, Cheney, Rumsfeld and their policies. WHat was interesting was that, despite the relatively small numbers (I've seen crowds 5 times that size allowed for other stuff), police were not letting anyone into the area without an ID of some kind....I heard them saying there was already "too many people there". (And by "area" I mean from Broadway east, one block north of Wall South, and I don't know where the other borders were...I'd bet someone who knew the area could probably find a route in, but you'd have to get up through those wierd SE streets like "Beaver" and so on. A form of censorship? Definitely...like I've said...I've seen LOTS more people allowed for other stuff (even Nader). There was plenty of room even in the pen (Broad Street has been closed in front of the stock exchange since 9/11/01...there's a series of barracades.) Now obviously, the "authorities" would probably claim (if push came to shove) that this particular group posed a greater risk than other groups. (Or in NYC, depending on who was asking, they'd probably cite some specific laws that pointed to their right to 'cap' the event at the levels it was attended at at the time, and deny this group was being given special treatment.) Anyone see this on the news? I don't remember any major news trucks out there...I wonder if their quote somehow excluded them also, assuming they'd be interested (and they might be, if the numbers were much larger). So...an interesting strategy: A big anti-government rally is planned. Cops show up early and deliberately make large numbers impossible. News folks (already pre-disposed not to cover such an event) find even more reason not to be interested given the small numbers. Sheeple continue to watch TV and see no coverage of dissent, and assume there is no dissent. Sheeple, assuming everyone else supports the war, now support the war. _________________________________________________________________ Send and receive larger attachments with Hotmail Extra Storage. http://join.msn.com/?PAGE=features/es From mv at cdc.gov Mon Sep 15 11:16:47 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 15 Sep 2003 11:16:47 -0700 Subject: snooping cell phone pictures via URLs? Message-ID: <3F66020E.9B90EC31@cdc.gov> I received a few URLs pointing to cell phone pictures stored at pictures.sprintpcs.com. The URLs contained long seemingly-random strings, though with my sample (of 2) I only saw 5 identical characters in the same locations. Has anyone done any less casual cryptanalysis on these kind of URLs? One wonders how much protection from (non-sprintpcs.com and ISP) snoopers that the "random" strings actually provide. ---- A fool and their bits are soon mirrored worldwide. From mv at cdc.gov Mon Sep 15 12:33:47 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Mon, 15 Sep 2003 12:33:47 -0700 Subject: Police state Message-ID: <3F66141B.533297BF@cdc.gov> Good article at http://wired.com/news/conflict/0,2100,60440,00.html on abuses of anti-terrorism (tm) laws. ----- The unit of coercivity for magstrips is being changed to the "Ashcroft" From mv at cdc.gov Mon Sep 15 12:35:12 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Mon, 15 Sep 2003 12:35:12 -0700 Subject: Police state Message-ID: <3F661470.F23A248F@cdc.gov> Good article at http://wired.com/news/conflict/0,2100,60440,00.html on abuses of anti-terrorism (tm) laws. ----- The unit of coercivity for magstrips is being changed to the "Ashcroft" From timcmay at got.net Mon Sep 15 13:25:52 2003 From: timcmay at got.net (Tim May) Date: Mon, 15 Sep 2003 13:25:52 -0700 Subject: Mexifornia Driver's License Message-ID: From bill.stewart at pobox.com Mon Sep 15 16:07:02 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Mon, 15 Sep 2003 16:07:02 -0700 Subject: Mexifornia Driver's License In-Reply-To: References: Message-ID: <3F664616.3010505@pobox.com> Tim May wrote: > http://vikingphoenix.com/immigration/davis_sign_illegal.htm Does anybody remember 10+ years ago when a "Driver's License" wasn't quite a National ID Card or a Citizenship Credential or a Probably-Not-A-Deadbeat-Dad Right-to-Work Card, or a Homeland Security Internal Passport, or an Identity Theft Leverage Device, but merely intended to indicate that you knew how to drive? (OK, and that it was therefore ok for you to drink :-) There was a bit of control added in the mid 80s to reduce the extent to which people could ditch bad driving records by moving or by having multiple licenses simultaneously, but it was basically about driving. Pete Wilson, who as the CA electrical system market failure demonstrates, was a Social Conservative type Republican rather than a Fiscal Responsibility or Small Government type Republican, decided that it wasn't safe for people to drive while speaking Spanish, so he got the CA legislature to ban it. They gradually either became more liberal or more Spanish or influenced by different pressure groups and tried to change it, and Gray Davis at first opposed it before deciding he needed the votes of Mexican-Americans who were US citizens and changed his mind, and now people who should know better are ragging on him about it. I immigrated here to California about the time they were waffling back and forth about whether to require citizenship papers to be in order to get a driver's license or whether they'd accept a New Jersey driver's license. From eugen at denver065.server4free.de Mon Sep 15 08:13:28 2003 From: eugen at denver065.server4free.de (Eugen Leitl) Date: Mon, 15 Sep 2003 17:13:28 +0200 Subject: Wired misquote [Symantec want's to criminalize full-disclosure] (fwd from alfred_huger@symantec.com) Message-ID: <20030915151328.GA15244@leitl.org> ----- Forwarded message from Alfred Huger ----- From rah at shipwright.com Mon Sep 15 14:41:37 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 15 Sep 2003 17:41:37 -0400 Subject: "Quicksilver": It's about time... Message-ID: Monday, September 15, 2003, 12:00 A.M. Pacific It's about time: So what upcoming product launch are geeks most excited about? Not the new version of Microsoft Office. It's probably fine. But techdom is really champing at the bit for the Sept. 23 release of "Quicksilver," the latest book from Seattle author Neal Stephenson, who has been described as the hacker Hemingway. "Quicksilver" is the long-awaited follow-up to Stephenson's 1999 bestseller "Cryptonomicon," which ranged through the genesis of computers, World War II cryptography and modern Web privacy and security issues. Among Quicksilver's characters is a brilliant scientist and contemporary of Isaac Newton. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From dgerow at afflictions.org Mon Sep 15 15:12:49 2003 From: dgerow at afflictions.org (Damian Gerow) Date: Mon, 15 Sep 2003 18:12:49 -0400 Subject: GPG Sig test In-Reply-To: <20030912150625.A17892@slack.lne.com> References: <1063161092.4940.24.camel@localhost> <20030912180759.GE89520@afflictions.org> <20030912150625.A17892@slack.lne.com> Message-ID: <20030915221248.GD13332@afflictions.org> Thus spake Eric Murray (ericm at lne.com) [13/09/03 04:32]: > If someone knows how, please tell me. Well, according to , he says that demime is /designed/ to break and remove attachments. So if you modify it, you'll need to maintain it -- he won't accept patches for it. Which is unfortunate. The very fact that he refuses to accept patches for this, and doesn't give you the option of not removing it, makes me think you should use a different MIME cleanser (AlterMIME? Anomy Sanitizer? procmail?). If you stick some code in at the top that checks for $head{'content-type',0} containing application/pgp (see around line 1820 for details on matching), and exit if that condition matches, then you should be able to work around it. From timcmay at got.net Mon Sep 15 19:50:09 2003 From: timcmay at got.net (Tim May) Date: Mon, 15 Sep 2003 19:50:09 -0700 Subject: Versign creates man-in-the-middle attack on DNS In-Reply-To: <200309152124.23720.njohnsn@njohnsn.com> Message-ID: <7C171386-E7F0-11D7-87EC-000A956B4C74@got.net> On Monday, September 15, 2003, at 07:24 PM, Neil Johnson wrote: > Just a few hours ago Versign modified the Internet's root DNS servers > to > respond to ANY DNS lookup that doesn't resolve in a real hostname to > return > the IP address of one their servers where they claim to have a search > engine. > > For example, if you access http://www.thisisjunk55666.com , you will > get a > Verisign page, not a "Host can not be found error". > > This means that many anti-spam checks will fail among other issues. > > They will also intercept mail to mistyped email hosts (They claim to > reject > the mail, but not after having collected the From and To address). > > This really bites. I didn't get a Verisign page...I go the usual error. "Could not open the page http://www.thisisjunk55666.com/ because the server www.thisisjunk55666.com could not be found." --Tim May "We are at war with Oceania. We have always been at war with Oceania." "We are at war with Eurasia. We have always been at war with Eurasia." "We are at war with Iraq. We have always been at war with Iraq. "We are at war with France. We have always been at war with France." From njohnsn at njohnsn.com Mon Sep 15 19:24:23 2003 From: njohnsn at njohnsn.com (Neil Johnson) Date: Mon, 15 Sep 2003 21:24:23 -0500 Subject: Versign creates man-in-the-middle attack on DNS Message-ID: <200309152124.23720.njohnsn@njohnsn.com> Just a few hours ago Versign modified the Internet's root DNS servers to respond to ANY DNS lookup that doesn't resolve in a real hostname to return the IP address of one their servers where they claim to have a search engine. For example, if you access http://www.thisisjunk55666.com , you will get a Verisign page, not a "Host can not be found error". This means that many anti-spam checks will fail among other issues. They will also intercept mail to mistyped email hosts (They claim to reject the mail, but not after having collected the From and To address). This really bites. -- Neil Johnson http://www.njohnsn.com PGP key available on request. From njohnsn at njohnsn.com Mon Sep 15 19:56:36 2003 From: njohnsn at njohnsn.com (Neil Johnson) Date: Mon, 15 Sep 2003 21:56:36 -0500 Subject: Versign creates man-in-the-middle attack on DNS In-Reply-To: <7C171386-E7F0-11D7-87EC-000A956B4C74@got.net> References: <7C171386-E7F0-11D7-87EC-000A956B4C74@got.net> Message-ID: <200309152156.36769.njohnsn@njohnsn.com> On Monday 15 September 2003 09:50 pm, Tim May wrote: > > I didn't get a Verisign page...I go the usual error. > > "Could not open the page http://www.thisisjunk55666.com/ because the > server www.thisisjunk55666.com could not be found." Try: http://www.bfafasfas.com Word on the North American Network Operators Group (NANOG) mailing list is that some major ISP's are null routing the address of the verisign server in protest. The DNS name for the site you are redirected to is http://sitefinder.verisign.com . It's IP Address is 64.94.110.11 If you can't get to the Address, it has probably been null-routed. There is an article on slashdot already: http://slashdot.org/article.pl?sid=03/09/16/0034210 -- Neil Johnson http://www.njohnsn.com PGP key available on request. From njohnsn at njohnsn.com Mon Sep 15 20:00:47 2003 From: njohnsn at njohnsn.com (Neil Johnson) Date: Mon, 15 Sep 2003 22:00:47 -0500 Subject: Versign creates man-in-the-middle attack on DNS In-Reply-To: <7C171386-E7F0-11D7-87EC-000A956B4C74@got.net> References: <7C171386-E7F0-11D7-87EC-000A956B4C74@got.net> Message-ID: <200309152200.47038.njohnsn@njohnsn.com> Official notice from verisign. Today VeriSign is adding a wildcard A record to the .com and .net zones. The wildcard record in the .net zone was activated from 10:45AM EDT to 13:30PM EDT. The wildcard record in the .com zone is being added now. We have prepared a white paper describing VeriSign's wildcard implementation, which is available here: http://www.verisign.com/resources/gd/sitefinder/implementation.pdf By way of background, over the course of last year, VeriSign has been engaged in various aspects of web navigation work and study. These activities were prompted by analysis of the IAB's recommendations regarding IDN navigation and discussions within the Council of European National Top-Level Domain Registries (CENTR) prompted by DNS wildcard testing in the .biz and .us top-level domains. Understanding that some registries have already implemented wildcards and that others may in the future, we believe that it would be helpful to have a set of guidelines for registries and would like to make them publicly available for that purpose. Accordingly, we drafted a white paper describing guidelines for the use of DNS wildcards in top-level domain zones. This document, which may be of interest to the NANOG community, is available here: http://www.verisign.com/resources/gd/sitefinder/bestpractices.pdf Matt -- Matt Larson VeriSign Naming and Directory Services -- Neil Johnson http://www.njohnsn.com PGP key available on request. From adam at homeport.org Mon Sep 15 19:03:38 2003 From: adam at homeport.org (Adam Shostack) Date: Mon, 15 Sep 2003 22:03:38 -0400 Subject: Mexifornia Driver's License In-Reply-To: <3F664616.3010505@pobox.com> References: <3F664616.3010505@pobox.com> Message-ID: <20030916020338.GA71889@lightship.internal.homeport.org> On Mon, Sep 15, 2003 at 04:07:02PM -0700, Bill Stewart wrote: | Tim May wrote: | > http://vikingphoenix.com/immigration/davis_sign_illegal.htm | | Does anybody remember 10+ years ago when a "Driver's License" | wasn't quite a National ID Card or a Citizenship Credential Yeah. The real problem with all these other uses is that they create a negative feedback loop: the more useful the card is, the more people are motivated to get involved in "fradulent issue," and the more rationalizations there are for DMV employees to engage in it. So we spend more and more to secure the cards, and the only people who win are the hologram manufacturers. Unfortunately, the people actually relying on the cards don't realize this as fast as the users of the system. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From bill.stewart at pobox.com Tue Sep 16 02:18:17 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Tue, 16 Sep 2003 02:18:17 -0700 Subject: Verisign's Wildcard A-Records and DNSSEC Plans? In-Reply-To: <200309152200.47038.njohnsn@njohnsn.com> References: <7C171386-E7F0-11D7-87EC-000A956B4C74@got.net> <200309152200.47038.njohnsn@njohnsn.com> Message-ID: <3F66D559.6060300@pobox.com> Matt - I'm interested in finding out Verisign's plans for DNSSEC support for the *.com and *.net wildcards. Are there obvious semantics for securing them? What does it mean to say that "64.94.110.11" is or is not certified by .com as the address for bad-example-12345.com , or that something else is? Is it really the same as a wild-card that points to real sites? Your Best Practices says that it's not incompatible with DNSSEC, but doesn't say anything about whether you're using it or suggesting others do. (For other readers, "64.94.110.11" is the IP address I got from running "dig a '*.com'" to look at the wildcard DNS response.) By the way, http://64.94.110.11 returns a nice friendly web page telling me that there's no web server at 64.94.110.11 :-) Has there been any security analysis of the effects of putting a large chunk of Javascript in the response page? I didn't see Mozilla listed in the collection of browsers the Javascript was looking for; perhaps I'm under the radar or perhaps it's handling it as Netscape (or I missed it in the non-human-readable formatting.) What are the security implications of the wildcard servers getting compromised or DDOSed? In the past, if my browser or email tried to go to nonexistent-example.com, it'd get a reject from my system's DNS resolver and fail; now it starts up a TCP connection to your machines, so I have to worry about what your machines will say, and what happens if I can't reach your Internap connection for some reason. Is it appropriate to have the address be Verisign's? Or should you be using some special address from IANA? (I suppose it only takes 15 minutes to change if you change your mind...) Thanks; Bill Stewart bill.stewart at pobox.com > Official notice from verisign. > > Today VeriSign is adding a wildcard A record to the .com and .net > zones. The wildcard record in the .net zone was activated from > 10:45AM EDT to 13:30PM EDT. The wildcard record in the .com zone is > being added now. We have prepared a white paper describing VeriSign's > wildcard implementation, which is available here: > > http://www.verisign.com/resources/gd/sitefinder/implementation.pdf > > By way of background, over the course of last year, VeriSign has been > engaged in various aspects of web navigation work and study. These > activities were prompted by analysis of the IAB's recommendations > regarding IDN navigation and discussions within the Council of > European National Top-Level Domain Registries (CENTR) prompted by DNS > wildcard testing in the .biz and .us top-level domains. Understanding > that some registries have already implemented wildcards and that > others may in the future, we believe that it would be helpful to have > a set of guidelines for registries and would like to make them > publicly available for that purpose. Accordingly, we drafted a white > paper describing guidelines for the use of DNS wildcards in top-level > domain zones. This document, which may be of interest to the NANOG > community, is available here: > > http://www.verisign.com/resources/gd/sitefinder/bestpractices.pdf > > Matt > -- > Matt Larson > VeriSign Naming and Directory Services From morlockelloi at yahoo.com Tue Sep 16 08:38:29 2003 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Tue, 16 Sep 2003 08:38:29 -0700 (PDT) Subject: Verisign's Wildcard A-Records and DNSSEC Plans? In-Reply-To: <3F66D559.6060300@pobox.com> Message-ID: <20030916153829.23459.qmail@web40610.mail.yahoo.com> > What does it mean to say that "64.94.110.11" is or is not > certified by .com as the address for bad-example-12345.com , > or that something else is? Is it really the same as a > wild-card that points to real sites? Your Best Practices says that At this point it is immaterial what Verisign will or will not do. They followed the predictable course based on their capabilities and the assessment that the response from some imaginary "community" is irrelevant. The actual damage is breaking network diagnostic procedures and spam filtering, increasing chance of undetected lost e-mail (their SMTP does not always bounce) and increased danger of mistyped domain names - as now such typo in http client leads to exposure to possibly adversarial html (which is why they started it all in the first place.) By this time it should be obvious to everyone that in the near future they will establish targeted advertizing depending on what the mistyped URL looks like - and probably sell or rent the "typo name space" - ie. Airborne Express could buy *f?*e?*d?*e?*x?*.com address space, so fredex.com would lead to airborne's web site. And then there is a very small step from there to schemes where, for instance, for basic $15-25/yr name rental your domain will be yours only in 90% of cases. Other 10% will be sold. For $100/yr you will be guaranteed 99.5% of the ownership. Of course, only platinum premium accounts, at $100K/yr, will have 100% ownership. That is the problem when a centralized technical solution relies on the legal system (and they almost always do.) What is important is how and if will this accelerate alternate solutions for name space management. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From sguthery at rcn.com Tue Sep 16 05:45:59 2003 From: sguthery at rcn.com (Scott Guthery) Date: Tue, 16 Sep 2003 08:45:59 -0400 Subject: Versign creates man-in-the-middle attack on DNS References: Message-ID: <046301c37c50$7aa3d110$6501a8c0@vagabond> Let's see ... you type in a URL that isn't working and you are immediately bound by a long list of conditions ... AGREEMENT TO BE BOUND. By using the service(s) provided by VeriSign under these Terms of Use, you acknowledge that you have read and agree to be bound by all terms and conditions here in and documents incorporated by reference. Makes the RIAA look like Mother Teresa. Cheers, Scott ----- Original Message ----- From: "R. A. Hettinga" To: cypherpunks at lne.com X-Orig-To: "Philodox Clips" Sent: Tuesday, September 16, 2003 12:37 AM Subject: Re: Versign creates man-in-the-middle attack on DNS > > --- begin forwarded text > > > Status: U > Date: Tue, 16 Sep 2003 15:04:51 +1200 (NZST) > Subject: Re: Versign creates man-in-the-middle attack on DNS > From: "Kerry Thompson" > To: "Tim May" > Cc: cypherpunks at lne.com > User-Agent: SquirrelMail/1.4.1 > Sender: owner-cypherpunks at lne.com > > Tim May said: > > > > I didn't get a Verisign page...I go the usual error. > > > > "Could not open the page http://www.thisisjunk55666.com/ because the > > server www.thisisjunk55666.com could not be found." > > > > Try http://www.thisisjunk55666.net - I think .com hasn't been switched or > hasn't propagated yet. > > Result is an ugly Verisign search engine page. > > Kerry > > --- end forwarded text > > > -- > ----------------- > R. A. Hettinga > The Internet Bearer Underwriting Corporation > 44 Farquhar Street, Boston, MA 02131 USA > "... however it may deserve respect for its usefulness and antiquity, > [predicting the end of the world] has not been found agreeable to > experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From pcw2 at flyzone.com Tue Sep 16 07:28:53 2003 From: pcw2 at flyzone.com (Peter Wayner) Date: Tue, 16 Sep 2003 10:28:53 -0400 Subject: P!=NP futures undergo heavy trading In-Reply-To: References: Message-ID: The futures where people betting on the existence of a proof on whether P!=NP are currently generating the second highest volume on the Foresight Exchange. Only the California recall is higher. http://www.ideosphere.com/fx-bin/Claim?claim=P!NP Any insight? From Freematt357 at aol.com Tue Sep 16 09:30:01 2003 From: Freematt357 at aol.com (Freematt357 at aol.com) Date: Tue, 16 Sep 2003 12:30:01 EDT Subject: Sex-diary writer expected to leave jail Message-ID: <197.1facf938.2c989489@aol.com> Publication: The Columbus Dispatch; Date: Sep 16, 2003; Section: Metro; Page: 22 Sex-diary writer expected to leave jail By Jeb Phillips THE COLUMBUS DISPATCH http://ee.dispatch.com/Repository/ml.asp?Issue=TCD/2003/09/16&ID=Ar02203& Mode=HTML For AOL users: http://ee.dispatch.com/Repository/ml.asp?Issue=TCD/2003/09/16& ID=Ar02203&Mode=HTML B B B B A man whose conviction for writing about private fantasies of raping and torturing children was overturned was expected to be released from jail today. B B B B Brian Dalton posted bail yesterday afternoon, not long after Franklin County Common Pleas Judge David E. Cain set it at $50,000. B B B B Cain told Dalton, 24, that he could have no contact with minors, no access to the Internet and that he was under house arrest and parental supervision. B B B B Paperwork for his jail release was being completed early this morning. B B B B Prosecutors had asked for at least a $100,000 bond. B B B B "Evidence shows that defendant has admitted prior sex offenses and that he poses a significant risk to re-offend,bb prosecutors wrote to Cain. " Defendant literally mulls over the idea of sex with children when he sees them on the street.bb B B B B Dalton never has been convicted of abusing children. He pleaded guilty in 2001 to pandering obscenity. B B B B His mother had found a diary stating his fantasies about children and given it to his probation officer. B B B B Dalton said the children were imaginary. At the time, he was on probation for possession of child pornography. B B B B Dalton pleaded guilty to the pandering charge, which drew international attention. Critics said the charge and his imprisonment violated his First Amendment right of self-expression. He tried to withdraw his plea twice, but Common Pleas Judge Nodine Miller rejected his requests. B B B B She sentenced him to seven years for pandering, plus 4B= years for violating his probation. B B B B The Franklin County Court of Appeals overturned his conviction in July, citing ineffective counsel. B B B B Benson A. Wolman, one of the lawyers who filed the appeal for Dalton, repeated yesterday an argument he has made for months. B B B B "He ought not to be in jail on wild charges that are contrary to the First Amendment,bb he said. B B B B Franklin County Prosecutor Ron ObBrien declined to talk about the bond. His office has asked the Ohio Supreme Court to review the lower appealscourt decision, and Wolman said Daltonbs response to the Supreme Court is due Sept. 29. B B B B If the Ohio Supreme Court passes on the case, Dalton still can be retried before Cain. B B B B jeb.phillips at dispatch.com __________________________________________________________________________ Distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. --- From s.schear at comcast.net Tue Sep 16 12:55:27 2003 From: s.schear at comcast.net (Steve Schear) Date: Tue, 16 Sep 2003 12:55:27 -0700 Subject: Neocon flashbacks Message-ID: <5.2.1.1.0.20030916125414.031938b0@mail.comcast.net> http://www.newamericancentury.org/statementofprinciples.htm Notice the date and signatures... ....if America were tempted to ''become the dictatress of the world, she would be no longer the ruler of her own spirit.'' What empires lavish abroad, they cannot spend on good republican government at home: on hospitals or roads or schools. A distended military budget only aggravates America's continuing failure to keep its egalitarian promise to itself. -- John Quincy Adams (extended) From cypher at crypt.gen.nz Mon Sep 15 20:04:51 2003 From: cypher at crypt.gen.nz (Kerry Thompson) Date: Tue, 16 Sep 2003 15:04:51 +1200 (NZST) Subject: Versign creates man-in-the-middle attack on DNS In-Reply-To: <7C171386-E7F0-11D7-87EC-000A956B4C74@got.net> References: <200309152124.23720.njohnsn@njohnsn.com> <7C171386-E7F0-11D7-87EC-000A956B4C74@got.net> Message-ID: <2335.202.27.185.71.1063681491.squirrel@www.crypt.gen.nz> Tim May said: > > I didn't get a Verisign page...I go the usual error. > > "Could not open the page http://www.thisisjunk55666.com/ because the > server www.thisisjunk55666.com could not be found." > Try http://www.thisisjunk55666.net - I think .com hasn't been switched or hasn't propagated yet. Result is an ugly Verisign search engine page. Kerry From jas at extundo.com Tue Sep 16 08:58:29 2003 From: jas at extundo.com (Simon Josefsson) Date: Tue, 16 Sep 2003 17:58:29 +0200 Subject: Verisign's Wildcard A-Records and DNSSEC Plans? In-Reply-To: <3F66D559.6060300@pobox.com> (Bill Stewart's message of "Tue, 16 Sep 2003 02:18:17 -0700") References: <7C171386-E7F0-11D7-87EC-000A956B4C74@got.net> <200309152200.47038.njohnsn@njohnsn.com> <3F66D559.6060300@pobox.com> Message-ID: Bill Stewart writes: > Matt - I'm interested in finding out Verisign's plans for > DNSSEC support for the *.com and *.net wildcards. > Are there obvious semantics for securing them? Bill, I'm not Matt, but you may want to refer to the DNSSEC standard, it answers your question: . Wildcards work fine with DNSSEC. I believe DNSSEC is the least of our worries, since DNSSEC is not used in production, and likely won't be in its current incarnation anyway. Wildcards in DNS at the TLD level are already used (e.g. '.nu'), so that isn't something new, and the consequences are fairly well known. What is new is, on the other hand, is the buggy SMTP server that respond to all non-registered hosts. Analyzing the consequences this has for various anti-spam approaches might be an interesting exercise. Same goes for other protocols that, like SMTP, behave differently depending on if a host doesn't exist or refuse the connection. Regards, Simon From zenadsl6186 at zen.co.uk Tue Sep 16 12:47:18 2003 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Tue, 16 Sep 2003 20:47:18 +0100 Subject: Power Grab: Ashcroft overturns 4th Amend In-Reply-To: <3F65356B.605E89C8@cdc.gov> Message-ID: Major Variola (ret.) wrote: > Administration Calls for Unprecedented Subpoena Powers > > http://www.latimes.com/news/nationworld/nation/la-na-subpoena14sep14,1,689004. > story?coll=la-home-todays-times > > Unlike in ordinary criminal investigations, Ashcroft would not need the > approval of a grand jury or a judge to order witnesses to appear for > questioning. > > "The attendance of witnesses and the production of records may be > required from any place in any state or in any territory or other place > subject to the jurisdiction of the United States at any designated place > of hearing," the administration's bill says. > > ... > The bill includes a "nondisclosure requirement" as well. "If the > Attorney General certifies [there] may result a danger to the national > security, no person shall disclose to any other person that a subpoena > was received or records were provided," it says. > > Grand juries operate in secret as well. And though they are often seen > as a rubber stamp for the government, Cole said the mere presence of the > jurors restrains prosecutors. "There is a real difference when a > prosecutor knows 23 citizens are there observing what's going on," he > said > > ... > > The administration proposal was introduced in the House last week by > Rep. Tom Feeney (R-Fla.). > > Hmm, other Rep.tiles from Fla get turned into boots. And they're not > even raping > the constitution. McCarthy? The tee-shirt is mostly methane now. -- Peter Fairbrother From nobody at mail.jmbcv.net Tue Sep 16 20:43:10 2003 From: nobody at mail.jmbcv.net (JMBCV) Date: Wed, 17 Sep 2003 04:43:10 +0100 Subject: Trusted Computing news Message-ID: <6209a301159244020fcc1c1030712d4a@mail.jmbcv.net> New Scientist reports on a new document released by the Trusted Computing Group, http://www.trustedcomputinggroup.org/. This is the reconstitued and renamed TCPA, which triggered such controversy a year ago. The article, http://www.newscientist.com/news/news.jsp?id=ns99994171, reports: The US music industry's legal clampdown on online music piracy could soon be supplemented by technical measures that will make it harder to make unauthorised copies of digital files. A new set of programming standards, released by a consortium of the world's largest software and hardware companies on Tuesday, specify methods for developing software for hardware security modules increasingly being built into many personal computers. The Trusted Computing Group's new security standards promise to shore up personal computer security by linking software to tamper-resistant hardware modules in which cryptographic keys and other tools are stored. This could be used to increase the security of files or authenticate messages. The new document, described in the press release at https://www.trustedcomputinggroup.org/press/news/TSS_IDF_release_final_sept_12_2003.pdf, is an API for the Trusted Software Stack (TSS), which will interface to the secure hardware component, called a TPM (trusted platform module). In other news, Sun Microsystems has announced that it is joining the TCG. Amazingly, Whit Diffie, a well known privacy advocate with cypherpunk leanings, is quoted in the press release: "As the world becomes more connected, secure computing is fundamental to protecting our critical infrastructure, our enterprise networks, and our personal computers." said Dr. Whitfield Diffie, Chief Security Officer, Sun Microsystems. "Sun is committed to security and open standards. We're excited to join TCG as a Promoter Member and help to move security into the technologies on which the future depends." Back in April, Diffie was questioning the goals of Trusted Computing, http://www.eetimes.com/story/OEG20030415S0013. Wonder what changed his mind? A final note, Ross Anderson's so-called Trusted Computing FAQ was updated last month to version 1.1, http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html. It's still full of utterly unsupported allegations, such as the claim that TCPA was going to delete "pirated" applications and documents. And of course there is no apology for those charges which he has had to eliminate or water down from the first version of the FAQ. Read at your own risk; it's not exactly a "no spin zone". --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From mv at cdc.gov Wed Sep 17 07:31:17 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 17 Sep 2003 07:31:17 -0700 Subject: Verisign's Wildcard A-Records and DNSSEC Plans? Message-ID: <3F687034.66111CCE@cdc.gov> At 08:38 AM 9/16/03 -0700, Morlock Elloi wrote: >and probably sell or rent the "typo name space" - ie. Airborne Express could >buy *f?*e?*d?*e?*x?*.com address space, so fredex.com would lead to airborne's >web site. You need to include adjacent-letter permutations at least, in that there regexp. Barbed wire is selling nicely out here on the linguistic range. I keep ahearin' that there's gonna be a rush on punctuation, and I can't doubt it eventually, but I'mma gonna wait meself. PS: Also you saw the /. mention of how words are readable if you permute inner letters? ------ Personally I use a dotted quad and an alternate port.. From bert at web2peer.com Wed Sep 17 09:29:43 2003 From: bert at web2peer.com (Bert) Date: Wed, 17 Sep 2003 09:29:43 -0700 (PDT) Subject: [p2p-hackers] p2p sharing & access-control Message-ID: One of my recent interests has been p2p file sharing in an access-controlled environment instead of the current "free for all" paradigm. This area is deserving of attention because of obvious applications in p2p for the enterprise as well as emerging "darknets" intended to be invitation only. The question I've been thinking about is how to support (efficient) search in such settings. Currently, when we search for access controlled files we must individually authenticate and search each relevant repository. But in a massively distributed environment, how do you know what repositories are relevant? And even if you did, searching all of them independently would be too much trouble. An alternative is to have every information provider allow its content to be indexed by a centralized index host, but the trust & security requirements of such a host would be too high to be practical. We've written a paper that addresses this problem and proposes an alternative solution. The idea is to build a specialized index structure that does not reveal any specific details about the content being shared. As such it is suitable for storage on untrusted nodes, e.g. typical (super) peers in a p2p network. The paper is entitled "Privacy-Preserving Indexing of Documents on the Network", and you can download it from here: http://www.almaden.ibm.com/cs/people/bayardo/userv/ Hope you find it interesting. _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- ----- End forwarded message ----- [demime 0.97c removed an attachment of type application/pgp-signature] From camera_lumina at hotmail.com Wed Sep 17 07:45:31 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 17 Sep 2003 10:45:31 -0400 Subject: Sex-diary writer expected to leave jail Message-ID: Although something deep down in my gut would LIKE to push this guy into a trash compactor, it seems particularly odd that the courts/society view this writing as somehow equating with impending action. Actually, it's quite possible that these writings might be the very thing preventing him from "needing" to do anything in real life. Writing is known to have this function in many writers...ie, of sublimating urges that might otherwise be acted upon. So this is something far more insidious than mere thought-policing. The state has declared that it has the right to define what symbols mean, as well as what the function of art/writing/whatever is. So I guess talking about how Mike Hawash was railroaded will equate with driving an airplane into a large NYC skycraper.... Nothing new for folks on this list, I guess.... -TD >From: Freematt357 at aol.com >To: cypherpunks at lne.com >Subject: Sex-diary writer expected to leave jail >Date: Tue, 16 Sep 2003 12:30:01 EDT > >Publication: The Columbus Dispatch; >Date: Sep 16, 2003; >Section: Metro; Page: 22 > > >Sex-diary writer expected to leave jail > >By Jeb Phillips THE COLUMBUS DISPATCH > > >HREF="http://ee.dispatch.com/Repository/ml.asp?Issue=TCD/2003/09/16&ID=Ar02203&Mode=HTML">http://ee.dispatch.com/Repository/ml.asp?Issue=TCD/2003/09/16&ID=Ar02203& >Mode=HTML > > > >For AOL users: HREF="http://ee.dispatch.com/Repository/ml.asp?Issue=TCD/2003/09/16&ID=Ar02203&Mode=HTML">http://ee.dispatch.com/Repository/ml.asp?Issue=TCD/2003/09/16& >ID=Ar02203&Mode=HTML > > > > >B B B B A man whose conviction for writing about private fantasies of >raping and >torturing children was overturned was expected to be released from jail >today. > > >B B B B Brian Dalton posted bail yesterday afternoon, not long after >Franklin >County Common Pleas Judge David E. Cain set it at $50,000. > >B B B B Cain told Dalton, 24, that he could have no contact with minors, no >access to the Internet and that he was under house arrest and parental >supervision. > > >B B B B Paperwork for his jail release was being completed early this >morning. > >B B B B Prosecutors had asked for at least a $100,000 bond. > >B B B B "Evidence shows that defendant has admitted prior sex offenses and >that >he poses a significant risk to re-offend,bb prosecutors wrote to Cain. " >Defendant literally mulls over the idea of sex with children when he sees >them on >the street.bb > >B B B B Dalton never has been convicted of abusing children. He pleaded >guilty in >2001 to pandering obscenity. > >B B B B His mother had found a diary stating his fantasies about children >and >given it to his probation officer. > >B B B B Dalton said the children were imaginary. At the time, he was on >probation >for possession of child pornography. > >B B B B Dalton pleaded guilty to the pandering charge, which drew >international >attention. Critics said the charge and his imprisonment violated his First >Amendment right of self-expression. He tried to withdraw his plea twice, >but >Common Pleas Judge Nodine Miller rejected his requests. > >B B B B She sentenced him to seven years for pandering, plus 4B= years for >violating his probation. > >B B B B The Franklin County Court of Appeals overturned his conviction in >July, >citing ineffective counsel. > >B B B B Benson A. Wolman, one of the lawyers who filed the appeal for >Dalton, >repeated yesterday an argument he has made for months. > >B B B B "He ought not to be in jail on wild charges that are contrary to >the >First Amendment,bb he said. > >B B B B Franklin County Prosecutor Ron ObBrien declined to talk about the >bond. >His office has asked the Ohio Supreme Court to review the lower >appealscourt >decision, and Wolman said Daltonbs response to the Supreme Court is due >Sept. >29. > >B B B B If the Ohio Supreme Court passes on the case, Dalton still can be >retried >before Cain. > >B B B B jeb.phillips at dispatch.com > >__________________________________________________________________________ >Distributed without profit to those who have expressed a prior interest in >receiving the included information for research and educational purposes. >--- _________________________________________________________________ Get 10MB of e-mail storage! Sign up for Hotmail Extra Storage. http://join.msn.com/?PAGE=features/es From rah at shipwright.com Wed Sep 17 08:08:05 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 17 Sep 2003 11:08:05 -0400 Subject: Post-copyright: Digital Cash and Compulsory Licensing? (was Re: [Slashdot] Stories for 2003-09-17) In-Reply-To: References: Message-ID: from the old-wine-in-new-bottles dept. Cheers, RAH ------- At 11:24 AM +0000 9/17/03, slashdot at slashdot.org wrote: >+--------------------------------------------------------------------+ >| Post-copyright: Digital Cash and Compulsory Licensing? | >| from the dream-on dept. | >| posted by michael on Tuesday September 16, @15:16 (money) | >| http://slashdot.org/article.pl?sid=03/09/16/188259 | >+--------------------------------------------------------------------+ > >[0]gojomo writes "AaronSw offers a compelling idea: [1]use anonymous >transferable digital cash to allocate the monies collected for creators >in a compulsory licensing scheme, to avoid some of the potential problems >[2]outlined [3]by [4]other [5]compulsory [6]critiques. LawMeme calls it a >"[7]Proto Whuffie" but expects fake artists to sign up for the loot. I >might call it "[8]voucher socialism" -- but that's not necessarily a bad >thing." > >Discuss this story at: > http://slashdot.org/comments.pl?sid=03/09/16/188259 > >Links: > 0. http://gojomo.blogspot.com > 1. http://www.aaronsw.com/weblog/001036 > 2. http://www.aaronsw.com/weblog/001016 > 3. http://epeus.blogspot.com/2003_06_01_epeus_archive.html#105643720859547400 > 4. http://www.utdallas.edu/~liebowit/intprop/complpff.pdf > 5. http://research.yale.edu/lawmeme/modules.php?name=News&file=article&sid=1190 > 6. http://www.sims.berkeley.edu/~fredrik/research/papers/EvaluatingDRM.html > 7. http://research.yale.edu/lawmeme/modules.php?name=News&file=article&sid=1208&mode=&order=0&thold=0 > 8. http://gojomo.blogspot.com/#106373171922274440 -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From ericm at lne.com Wed Sep 17 11:19:19 2003 From: ericm at lne.com (Eric Murray) Date: Wed, 17 Sep 2003 11:19:19 -0700 Subject: Verisign's Wildcard A-Records and DNSSEC Plans? In-Reply-To: ; from jas@extundo.com on Tue, Sep 16, 2003 at 05:58:29PM +0200 References: <7C171386-E7F0-11D7-87EC-000A956B4C74@got.net> <200309152200.47038.njohnsn@njohnsn.com> <3F66D559.6060300@pobox.com> Message-ID: <20030917111919.A26496@slack.lne.com> ISC is releasing a new BIND to deal with the Verisign land-grab: http://www.bayarea.com/mld/mercurynews/business/6791550.htm From Freematt357 at aol.com Wed Sep 17 08:49:09 2003 From: Freematt357 at aol.com (Freematt357 at aol.com) Date: Wed, 17 Sep 2003 11:49:09 EDT Subject: Sex-diary writer expected to leave jail Message-ID: <127.3117cb8d.2c99dc75@aol.com> In a message dated 9/17/03 10:57:55 AM Eastern Daylight Time, camera_lumina at hotmail.com writes: > Actually, it's quite > possible that these writings might be the very thing preventing him from > "needing" to do anything in real life. Writing is known to have this > function in many writers...ie, of sublimating urges that might otherwise be > acted upon. > This Brian Dalton weirdo being local I've read all the media coverage and he was encouraged to write his fantasies down in a diary by his therapist- The parents found the diary and went to the authorities stupidly thinking that they'd try to get him additional help- the help came in the form of charges of pandering obscenity, although he didn't show the diary to anyone. I have a friend who won a county prosecutor election about ten years ago, and he told me the prevailing theory on child predators is that no therapy works and the best strategy is to try to get them the maximum time in jail thus keeping them from being able to abuse more children. Of course this case has obviously violated the first amendment, this guy didn't abuse actual children, just wrote a rather sick and twisted story about keeping kids locked in cages in a basement for sexual entertainment. Knowing the power structure as I do they care jack shit about the constitution, but rather about practical ways to keep predators off the street. I noted that the Dalton was also ordered to have no Internet access, which is interesting as he didn't do an Internet crime. His diary was in handwritten print form. Regards, Matt- From eugen at denver065.server4free.de Wed Sep 17 10:02:09 2003 From: eugen at denver065.server4free.de (Eugen Leitl) Date: Wed, 17 Sep 2003 19:02:09 +0200 Subject: [p2p-hackers] p2p sharing & access-control (fwd from bert@web2peer.com) (fwd from eugen@leitl.org) Message-ID: <20030917170209.GD20383@leitl.org> ----- Forwarded message from Bert ----- From ravage at einstein.ssz.com Thu Sep 18 07:29:34 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 18 Sep 2003 09:29:34 -0500 (CDT) Subject: CNN.com - Fair is fair, even to monkeys - Sep. 17, 2003 (fwd) Message-ID: http://www.cnn.com/2003/TECH/science/09/17/jealous.monkeys.ap/index.html -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ravage at einstein.ssz.com Thu Sep 18 07:30:25 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 18 Sep 2003 09:30:25 -0500 (CDT) Subject: BayNews9.com - News - Public suicide at rock concert (fwd) Message-ID: http://www.baynews9.com/site/NewsStory.cfm?storyid=24731 -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ravage at einstein.ssz.com Thu Sep 18 07:30:44 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 18 Sep 2003 09:30:44 -0500 (CDT) Subject: The Register - Extopian co-founder locks horns with Orlowski (fwd) Message-ID: http://www.theregister.co.uk/content/35/32902.html -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From mv at cdc.gov Thu Sep 18 09:30:58 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Thu, 18 Sep 2003 09:30:58 -0700 Subject: Duck Freedom Fighter (Terrorists), Euler SUV Graffiti Message-ID: <3F69DDC2.FB56EFE0@cdc.gov> This is *not* a spoof. http://www.latimes.com/news/local/la-me-foiegras18sep18,1,7982772.story?coll=la-headlines-california Activists Take Ducks From Foie Gras Shed FARMINGTON, Calif.  With only the dim light of a half-moon to guide them, four self-proclaimed "duck freedom fighters" made their way early Wednesday across an abandoned field, around dilapidated, foul-smelling chicken pens, and over a narrow passage through a large manure-filled pond. ... Soon, four Peking-Muscovy ducks were free. ------------ http://www.latimes.com/news/local/la-me-hummer18sep18,1,5051975.story?coll=la-home-leftrail Man Claims Role in SUV Firebombings Communicating via three e-mails and in two telephone interviews over the last three days, the man provided details of the attack that authorities said were known only by investigators and those involved in the incidents. He refused to give his name, say where he lives or agree to be interviewed in person. The caller said that he and others vandalized and set fire to Hummers and other SUVs Aug. 22 to draw attention to pollution caused by the vehicles. Law enforcement sources, however, said details of the attacks match previously unreported evidence. Details obtained from the man in the telephone interviews include:  A math formula  Euler's Theorem  was spray painted on one of the SUVs as a way of distinguishing the participants' work. "We thought it would be nice to have something a little kooky just in case this happened," he said, adding that he finds the formula "beautiful." From ravage at einstein.ssz.com Thu Sep 18 07:57:21 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 18 Sep 2003 09:57:21 -0500 (CDT) Subject: Big Brother is watching you 24/7 | csmonitor.com (fwd) Message-ID: http://www.csmonitor.com/2003/0918/p20s02-bogn.html -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ravage at einstein.ssz.com Thu Sep 18 07:57:55 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 18 Sep 2003 09:57:55 -0500 (CDT) Subject: Scientific American: Public Not Welcome -- Libraries cut off access to the scientific literature (fwd) Message-ID: http://www.sciam.com/article.cfm?chanID=sa004&articleID=00061239-BAD6-1F58-905980A84189EEDF -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ravage at einstein.ssz.com Thu Sep 18 07:58:34 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 18 Sep 2003 09:58:34 -0500 (CDT) Subject: BW Online | September 16, 2003 | Needed: A Security Blanket for the Net (fwd) Message-ID: http://www.businessweek.com/technology/content/sep2003/tc20030916_6815_tc129.htm -- -- ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ravage at einstein.ssz.com Thu Sep 18 08:21:39 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 18 Sep 2003 10:21:39 -0500 (CDT) Subject: Inferno: fwd: those hysterical librarians (fwd) Message-ID: ---------- Forwarded message ---------- Date: Thu, 18 Sep 2003 10:07:08 -0500 (CDT) Subject: Inferno: fwd: those hysterical librarians ---------- Forwarded message ---------- Date: Wed, 17 Sep 2003 17:43:56 -0500 Subject: those hysterical librarians "Ashcroft Mocks Librarians and Others Who Oppose Parts of Counterterrorism Law" http://www.nytimes.com/2003/09/16/politics/16LIBR.html And, in case you missed it, a related "News in Brief" story from The Onion: Revised Patriot Act Will Make It Illegal To Read Patriot Act WASHINGTON, DC-President Bush spoke out Monday in support of a revised version of the 2001 USA Patriot Act that would make it illegal to read the USA Patriot Act. "Under current federal law, there are unreasonable obstacles to investigating and prosecuting acts of terrorism, including the public's access to information about how the federal police will investigate and prosecute acts of terrorism," Bush said at a press conference Monday. "For the sake of the American people, I call on Congress to pass this important law prohibiting access to itself." Bush also proposed extending the rights of states to impose the death penalty "in the wake of Sept. 11 and stuff." From tyler at waterken.com Thu Sep 18 08:17:00 2003 From: tyler at waterken.com (Tyler Close) Date: Thu, 18 Sep 2003 11:17:00 -0400 Subject: Verisign's Wildcard A-Records and DNSSEC Plans? In-Reply-To: <20030916153829.23459.qmail@web40610.mail.yahoo.com> References: <20030916153829.23459.qmail@web40610.mail.yahoo.com> Message-ID: On Tuesday 16 September 2003 11:38, Morlock Elloi wrote: > That is the problem when a centralized technical solution relies on the > legal system (and they almost always do.) > > What is important is how and if will this accelerate alternate solutions > for name space management. For the WWW, an alternate solution has already been proposed and implemented. You can find an HTTP server, client and browser that function using a decentralized designation and authentication model at: http://www.waterken.com/dev/YURL/ The acceleration part depends upon the participation of others, such as yourself. The YURL model is currently being discussed in a thread that includes both the web-calculus list and the cap-talk list. You can join the web-calculus list at: http://mail.waterken.com:8080/mailman/listinfo/web-calculus and the cap-talk list at: http://www.eros-os.org/mailman/listinfo/cap-talk or we could extend the discussion to this list. The current thread is a continuation of the moderator terminated thread you may have seen on the cryptography list. This termination prevented the many misunderstandings from being addressed. You can find a FAQ on these misunderstandings at: http://www.waterken.com/dev/YURL/FAQ/ Tyler -- The union of REST and capability-based security: http://www.waterken.com/dev/Web/ From mv at cdc.gov Thu Sep 18 12:11:07 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Thu, 18 Sep 2003 12:11:07 -0700 Subject: Spectacles by Brin, Mexi-ID oked Message-ID: <3F6A034A.2E9D44CA@cdc.gov> http://news.bbc.co.uk/2/hi/technology/3111004.stm The sunglasses developed at the Hewlett Packard labs in Bristol in the west of England sport a camera that constantly takes images of what a wearer sees. The camera also has an off-switch to preserve privacy. http://ap.tbo.com/ap/breaking/MGAC85K0RKD.html WASHINGTON (AP) - The Treasury Department said Thursday it will leave in place rules that allow financial institutions to accept Mexican identification cards, called matricula consular, which often are used by undocumented immigrants to open bank accounts. From morlockelloi at yahoo.com Thu Sep 18 13:06:28 2003 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Thu, 18 Sep 2003 13:06:28 -0700 (PDT) Subject: Duck Freedom Fighter (Terrorists), Euler SUV Graffiti In-Reply-To: <3F69DDC2.FB56EFE0@cdc.gov> Message-ID: <20030918200628.64224.qmail@web40604.mail.yahoo.com> And who will free the chicken ? Fucking racists. > Activists Take Ducks From Foie Gras Shed > > FARMINGTON, Calif.  With only the dim light of a half-moon to guide > them, four self-proclaimed "duck freedom fighters" made their way early > Wednesday across an abandoned field, around dilapidated, foul-smelling > chicken pens, and over a narrow passage through a large manure-filled > pond. > > ... > Soon, four Peking-Muscovy ducks were free. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From rah at shipwright.com Thu Sep 18 13:50:37 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 18 Sep 2003 16:50:37 -0400 Subject: Science, Politics, and the New Utopians Message-ID: Tech Central Station Science, Politics, and the New Utopians By Yuval Levin Published 09/18/2003 In a thoughtful recent article on TCS, Eugene Miller offered a map of the ongoing technology debates , dividing participants past and present into their differing views regarding the harms and benefits of technology, and the need for and possible efficacy of regulatory controls. Among other things, Miller's helpful and clarifying map affords an opportunity for some reflection on the historical relationship between modern science and modern politics, and on the present state of that relationship in America.  What follows is a cursory (and therefore necessarily partial and overly general) review of one element of the history of that relationship. It seeks to trace the career of a certain utopian scientism that has followed closely on the heels of advances in science and technology over the years, and that may again be rearing its head. By digging through some history and theory in search of this attitude, we might learn something about the nuances of the contemporary technology debates.  The Birth of the Modern  Modern politics and modern science have been closely joined since birth, because both defined themselves against the ancient attitude toward man and nature. The ancients understood both nature and politics to be defined by the ends or the purposes of things. "The nature of a thing is its end," Aristotle writes in his Politics , "for what each thing is when fully developed, we call its nature." The classical study of political life, therefore, aims always at a sense of a fully developed and ideal polity, and understands real men and women as strivers toward that perfection. The state exists because without it human beings could not perfect themselves. The study of nature, meanwhile, aimed at a sense of the world in its full flower, and understood individual objects as representatives of ideal categories, and parts based on the roles they play in the harmonious whole.  The moderns began by rejecting all of this. Politics, in the terms of Machiavelli, Hobbes, and Locke, takes its cue not from the end of things but from their beginning. The study of political life begins with a picture of one man, alone, in his natural state, and seeks to understand his needs and wants. The state exists because without it human beings would set upon each other's lives and property and would destroy each other; and politics is guided not by human potential but by human necessities and desires. Put this way, modern politics might sound rather low and dark, but it is not: indeed, this way of thinking is the foundation of modern liberty, and likely the greatest source of human happiness and prosperity in history.  The modern study of nature takes much the same approach. It understands wholes in terms of parts, and not the other way around; it rejects teleology and ideal categories in favor of materialist causality; and it studies the world based on what it has become, more than what it is becoming. It proceeds by experiments which, like the "state of nature" thought-experiments of Locke and Hobbes, seek to understand the ordinary by placing it in extreme and extraordinary circumstances. There is a deep-seated kinship between modern atomism and modern individualism. And the founders of modern science understood the connection. "We are beholden to Machiavelli and writers of that kind," wrote Francis Bacon, "who openly and unmasked declare what men do in fact, and not what they ought to do."  Modern science, far more than modern political philosophy, almost immediately ignited a profound enthusiasm, and even a certain utopianism, among its followers. It offered what ancient and medieval science could not: practical feasible approaches to addressing real material problems. It offered power. And it worked!  Moreover, combined with the newly diminished purposes of politics -- survival and prosperity -- some believed modern science might simply end the need for the messiness and unpleasantness of political life altogether. After all, it could probably offer safety, health, and power better than politics could. This certainly seems like the subtle message of Rene Descartes' Discourse on Method (published in 1637), in which he first complains about politicians and academics, and then offers his scientific method as useful "not only for the invention of an infinity of artifices which would enable us to enjoy, without any pain, the fruits of the earth and all the commodities found there, but also and principally for the conservation of health, which is without doubt the primary good and the foundation of all other goods of this life." The new science, not the old politics, is the way to the good life, and along with health and wealth, it could also bring greater peace, he proposes. A! ll that the benevolent scientist will ask in return for this bounty, Descartes writes, is that the community "furnish the expenses he needs, and otherwise prevent his leisure from being taken up by anybody's importunity." Give me funding, and freedom, and leave me alone. A familiar cry, to this day.  This very modern notion, which holds science above politics as the route to peace, health, and fortune, did not appeal to everyone, and indeed the fathers of modern liberty -- like Machiavelli, Hobbes, and Locke -- had a much more complicated view of the origin of war and strife. But as the new science proved itself in practical test after practical test, the excitement surrounding it grew, and the utopian zeal infected ever more adherents. It appealed especially to those most intent on rejecting the ways of medieval thought: in politics, in science, and in religion. The new science seemed like a way to throw out all the old superstitions, and replace them with a neat, materialist, rational method of solving all real problems. This was the great ambition of Voltaire, and of the French philosophes and encyclopedists who followed him.  They were driven by a profound faith in reason, which led them to reject -- with venomous fervor -- both political and religious authority. "Men will not be free," wrote the prominent encyclopedist Denis Diderot, "until the last king is strangled with the entrails of the last priest." The French Revolution sought to achieve just that, and its hopeless (and bloody) utopian ambitions were motivated, among other things, by the dream of a science of politics that might emulate physics or chemistry in rationality and exactitude. This was the epitome of scientism (which Merriam Webster defines as "an exaggerated trust in the efficacy of the methods of natural science applied to all areas of investigation.")  Early Conservative reaction against the French Revolution, from men like Edmund Burke and Alexander Hamilton, had much to do with a revulsion at precisely this starry-eyed utopianism and cold-hearted rationalism -- the notion that a precise technique could replace the prudent muddling through of everyday political life.  But even in the wake of the murderous revolution, such zeal did not fade. Auguste Comte, in the early 19 th century, argued quite explicitly for the replacement of politics by a kind of rational science. "The general situation of political science today," he wrote, "is exactly analogous to that of astrology in relation astronomy, of alchemy in relation to chemistry, and the cure-all in relation to medicine." He foresaw a science of politics -- which he called the "social physics" -- which might rationally calculate all our problems away.  Utopia and Its Enemies  Comte then made the leap that would characterize this form of utopianism for centuries. The new science would mean that the governing of society would be taken over by social engineers, and every detail of the polity's life would be planned and organized. "The aim and purpose of such an organization," Comte writes, "are so clear and determined that there is no longer any room for arbitrariness of men or even of laws." The new science, he argued, should define for each person "the entire system of ideas and habits necessary for initiating individuals into the social order under which they must live."  The zeal of scientism now directed itself to the replacement of laws by a rational order, enforced with the authority of the state, and drawing on the allure of technical expertise. The leap from here to the oppressive "scientific" historicism of the Marxists is not simple, but it is surely apparent. At Marx's funeral, Engels gave him the greatest compliment he could muster, calling him "a man of science."  This is not real modern science, though. In dragging their methods from the natural world to the political, the technocratic utopians abandoned any insistence on genuine empiricism, or methods of verification. They kept only the reflected glamour of so-called "scientific laws," the authority of "technical" language and methods, and the magic of quantification. The horrors propounded under this flag should not taint the name of scientific knowledge and technology.  But the story of the murderous utopianisms of the 20 th century should nonetheless teach us a lesson about the danger of allowing the promise of science to blind us to the necessity of politics. Essentially all of the most destructive utopian fantasies of that dark age -- from the eugenics of early 20 th century American progressives, to the historical science of the communists, to the genetic theories of the Nazis and beyond -- advanced themselves under the banner of what they called science, and succeeded as they did because too many people were open to the proposition that science held all the answers, and could provide relief from the pain and the trouble of politics.  Ironically, that very belief, and that very utopian zeal, led to the birth of the most oppressive and intrusive governments in human history, culminating in the Soviet state. By the middle of the 20 th century, the focus of most utopian fancies was government.  In America, where classical liberal ideals had settled in most deeply, this murderous experiment elicited a strong reaction. In the post-war years, a coalition of conservatives and libertarians joined together to advocate a firm stance against the Soviets, both ideologically and geopolitically.  The conservatives reacted most deeply against the ends of the project: the utopian ideals, which struck them as inhuman, profoundly misguided, and certain to end badly. Their reaction had the flavor of Edmund Burke's early response to the French revolution.  Libertarians (and in both cases I generalize, of course) tended to respond against the means of the Communist state: authoritarian government, oppressive economic planning, the total denial of freedom of conscience. They were in essence vindicating the original faith of the enlightenment, reacting against authority and rejecting government as a source of all-encompassing solutions.  The two sets of concerns were by no means mutually exclusive, and the two groups fought the good fight together, even seeming at times to meld into one, most prominently perhaps in the persons of Barry Goldwater and Ronald Reagan. The movement was generally called conservatism, and the most die-hard libertarians never did pledge allegiance to it, but it owed a great deal of its animating spirit to the rugged individualism and reasoned economics of the libertarians.  The New Utopians  That battle having largely been won, however, divisions are again appearing between conservatives and libertarians in America, and we can learn something of the reason why from their slightly differing reactions to the utopian nightmares of the last century.  Most Conservatives opposed utopianism as such. Many libertarians did too, and they championed an ethic of humility toward large complicated systems like societies and economies. But some libertarians, in rejecting communism, were fundamentally opposed to authoritarianism, not utopianism. They did not, and do not, essentially oppose the underlying zeal for science that -- carried too far -- made totalitarianism possible.  Today, in some limited but prominent libertarian circles, utopianism is back. The focus of its hopes and energies is not government, of course, but rather, once more, modern science -- in this case particularly biomedical science and biotechnology. Advances in biotechnology in recent decades, and the plausible promise of much more significant advances to come, has convinced some that the way to radical liberation leads through the laboratory. In its extreme form, the desire for this liberation has been expressed as a genuine wish to escape our human bonds -- in transhumanism and extropianism. In more moderate forms, it shows up as a profound enthusiasm for new biomedical possibilities beyond medicine, and an ardent committed desire to hold back all attempts at political regulation of biotechnological techniques.  To be sure, this does not appear to raise the prospect of a new social physics. Biotech is real science, not the misbegotten technocracy of the French philosophes and of Marx. But real though it may be, utopian dreams based upon it are still dangerous.  Like Descartes and Voltaire, and other early enthusiasts, the more extreme adherents of the new utopian scientism have high hopes indeed for the project. Converging Technologies for Improving Human Performance , a report released this year by the National Science Foundation, offers a glimpse of this worldview. New technologies for radically improving and remaking human performance, the report argues, will initiate a process of "changing the societal fabric towards a new structure." If it is not held back by ignorant critics, the report continues, the convergence of nanotechnology, biotechnology, information technology, and cognitive science, may bring to pass "a golden age that [will] be an epochal turning point in human history." Indeed, in the familiar parlance of modern utopians, the report promises more than technology: "technological convergence could become the framework for human convergence -- the twenty-first century could end in world peace, universal prosperity, a! nd evolution to a higher level of compassion and accomplishment."  This is madness, of course, and this sort of talk certainly marks the extreme edge of the new utopianism. Not many libertarians think this way. But in more measured and more reasonable ways, many do seem to accept the proposition that science should in principle be above politics, and that science offers a way toward something like the ideal libertarian society: where power and choice are in the hands of individuals, and a world of endless possibilities lays open before each of us. Even those libertarian observers who are far from utopian ( Reason magazine's Ronald Bailey -- a serious, insightful, and knowledgeable writer on the subject -- comes to mind) often incline to see in science the promise of true liberation, and to downplay all worries about extreme uses, misuses, and abuses. The true libertarian scientism takes these inclinations to extremes.  Some of today's libertarians therefore appear to offer an example of what Thomas Sowell calls the "unconstrained" vision of human affairs, which argues that there is really no limit to what human beings can achieve (in this case through science, rather than politics.) But of course Sowell had mostly libertarians in mind when he described his "constrained" vision, which operates from a sense of human limits and humility about the power of mankind, and from a faith in ordered liberty.  Like most utopians, this newest lot believes that their ideal will be realized without coercion or force, without discord and malevolence, because what it offers is what everyone wants, or should want.  Perhaps they're right. But an important element of the conservative reaction against certain biotechnological advances has had to do with a profound mistrust of all utopian visions, and so with a distaste for the utopian flavor of the project, and a trembling before the awful prospect of so great a source of power as biotechnology run amok.  Advocates of unrestricted biotechnology do not pay enough heed to this feature of their opposition, and so too easily mistake their critics for simple-minded religious fundamentalists or heavy-booted authoritarians. They think they are still facing Voltaire's enemies. But in many cases, they are facing a conservative suspicion of big promises, and a desire to moderate the zeal of the enthusiasts by mooring their project to the firm soil of some familiar moderating institutions: including, it is true, political oversight.  It is likely that the critics of biotechnology are over-reacting in certain respects. But that is what conservatives do: they over-react, and by so doing they restrain the over-action of the progressive strains of modern life who seek always after the allure of the new, and who will trample on the old to get it. The interplay of these two forces is what keeps modern societies functioning, and the interplay is most legitimately and productively acted out in the democratic political arena. And so the fight goes on.  American libertarians on the whole have a healthy (and at times maybe excessive) skepticism about human power when it is exercised by governments and polities. But somehow they have not applied the same skepticism to the potential for a far greater and more extreme exercise of the power of man over man, through science. They (or, to be precise, a subset among them) are the new utopians -- strident, rationalist, atheist, materialist proponents of a technical substitute for political authority. But they are also deeply committed to liberty, and this makes them different and better than most of the cold-blooded dreamers of old. We could certainly do worse.  Yuval Levin is a senior editor of The New Atlantis magazine, and a member of the staff of the President's Council on Bioethics. All views expressed here are his own.  -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From s.schear at comcast.net Thu Sep 18 21:26:22 2003 From: s.schear at comcast.net (Steve Schear) Date: Thu, 18 Sep 2003 21:26:22 -0700 Subject: Plain talk from Bush Message-ID: <5.2.1.1.0.20030918212202.0414e818@mail.comcast.net> Either Bush's ignorance or hubris is showing again. You decide. In the CNBC interview, Mr. Bush also criticized China for manipulating its currency in order to boost sales of Chinese exports. The president told CNBC's Ron Insana that Treasury Secretary John W. Snow had failed during recent talks in Beijing to persuade China to tie its currency value to the market. "We don't think we're being treated fairly when a currency is controlled by the government," Mr. Bush said. "We believe the currency ought to be controlled by the market and ought to reflect the true values of the respective economies." "The State is the great fiction by which everyone seeks to live at the expense of everyone else." --Frederic Bastiat From measl at mfn.org Thu Sep 18 21:33:34 2003 From: measl at mfn.org (J.A. Terranson) Date: Thu, 18 Sep 2003 23:33:34 -0500 (CDT) Subject: Inferno: fwd: those hysterical librarians (fwd) In-Reply-To: Message-ID: On Thu, 18 Sep 2003, Jim Choate wrote: > ---------- Forwarded message ---------- > Date: Wed, 17 Sep 2003 17:43:56 -0500 > Subject: those hysterical librarians > > "Ashcroft Mocks Librarians and Others Who Oppose Parts of Counterterrorism Law" > http://www.nytimes.com/2003/09/16/politics/16LIBR.html > > And, in case you missed it, a related "News in Brief" story from The Onion: > > Revised Patriot Act Will Make It Illegal To Read Patriot Act WASHINGTON, > DC-President Bush spoke out Monday in support of a revised version of the > 2001 USA Patriot Act that would make it illegal to read the USA Patriot > Act. "Under current federal law, there are unreasonable obstacles to > investigating and prosecuting acts of terrorism, including the public's > access to information about how the federal police will investigate and > prosecute acts of terrorism," Bush said at a press conference Monday. > "For the sake of the American people, I call on Congress to pass this > important law prohibiting access to itself." Bush also proposed extending > the rights of states to impose the death penalty "in the wake of Sept. 11 > and stuff." I had a very interesting conversation today with a pair of cops who work under the PA - a real mindblower. While the ALA, ACLU, and everyone else I can think of is screaming for the PA to be withdrawn, preferably *now*, I found it interesting that the cops had pretty much the same opinion, although for different reasons. LEAs, according to these guys, were able to get a *lot* more information, with a lot less hassle, *prior* to the PA. The reasoning went something like this: Before the PA, they could grab a routine subpoena, "practically preprinted, from damn near any prosecutor [they] could find", serve it on a library/bank/, and get anything they wanted. Now, they have to get an "investigative subpoena" (I believe I remember this term correctly, but if not, anyone with more accurate info please correct me), and have this subpoena signed off on by both a federal persecutor *and* a federal judge in the correct district, and then serve on the appropriate party: and this new "investigative subpoena" can request far less data than the old ones, as they have to be strictly PA-compliant. Needless to say, the thought that LEOs find the the PA to be "way to restrictive compared to before" struck me as one of the most bizzarre things I'd ever heard. But they were quite adamant that given a choice, they would gladly go back to the "old way". The only thing that could possibly, IMHO, make this more understandable, was that the two LEAs I was speaking to were not themselves fedz. I find it exquisitely amusing that I and my neighbor LEOs share the common goal of seeing the PA rot in hell :-) -- Yours, J.A. Terranson sysadmin at mfn.org "Every living thing dies alone." Donnie Darko From mv at cdc.gov Fri Sep 19 09:49:56 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Fri, 19 Sep 2003 09:49:56 -0700 Subject: Judges taste for kiddy prawns (1st, 4th amends, hacking for pigs) Message-ID: <3F6B33B4.DDD60B93@cdc.gov> Ex-Judge May Testify in O.C. Porn Case Testimony by Ronald C. Kline could affect ruling to admit evidence found on workplace computer. By Christine Hanley, Times Staff Writer Former Orange County Judge Ronald C. Kline may be called to the witness stand to explain why he didn't realize his courthouse computer could be searched for child pornography  especially since he helped draft the rules for such searches. Kline is expected to be asked Monday to explain his role on the Orange County Superior Court's Technology Committee, which developed the policy that warned judges and court staff that their computers were not their property and could be searched. The hearing could prove pivotal as prosecutors try to salvage a child pornography case that has all but collapsed since Kline was arrested. The case has drawn national attention, particularly as Kline waged a reelection campaign while facing the charges. He later quit the race and gave up his seat on the bench. Judge Consuelo B. Marshall has already tossed out evidence  including diary entries about his sexual desires and more than 1,500 pornographic images of young boys  that support six of the seven charges. In her decision earlier this summer, she ruled that Kline's right to privacy was violated by a Canadian man who was working for police when he hacked into the computers used by Kline at home and at work. Prosecutors are appealing that decision, but first Marshall must rule on whether to suppress the handful of e-mails, pornographic images and diary entries allegedly found on Kline's courthouse computer. Those items support a single count of possessing child pornography  the lone criminal charge facing Kline. Kline's attorneys argue that the government's attempt to save the evidence collected on his work computer is misleading. The question of whether Kline knew about the policy is moot, they say, because his computer wouldn't have been searched without the information provided by the Canadian hacker. "The chambers computer search was the fruit of the primary illegality; as such, it must be suppressed," said lead defense attorney Paul S. Meyer. But prosecutors contend police did not need a search warrant to inspect Kline's computer. They argue the court's own policy warned judicial officers and other staffers that their computers were not their property and could be monitored for questionable activity at any time. The eight-page policy warns computer users that access to sexually explicit and other offensive information is strictly prohibited and that "e-mail, Internet access and personal computers are provided for business use and not a public forum, and as such does not provide for First Amendment Freedom of Speech guarantees." At the same time, it also states that management may be required "based on a subpoena" to release computer files to law enforcement agencies in a criminal investigation. Prosecutors have filed a copy of the policy, as well as declarations from Richard Droll, the chief technology officer of Orange County Superior Court since 1993, and Kathleen E. O'Leary, an associate justice of California's 4th Appellate District. Droll confirms that Kline was on the Technology Committee and attended meetings in 1996 when the policy was drafted and later when it was revised. O'Leary, who was presiding judge of the Orange County court system when the policy was imposed, sent a memo to the staff on Oct. 13, 1998, which was distributed via e-mail and to office mailboxes. One of her intents, she said, was to remind staffers that "management retained the right to inspect and examine computers and their contents if necessary." But Superior Court Judge John M. Watson, the head of the civil panel who has been subpoenaed to testify, says he believes that any judge's work computer is  and should be  protected by the Fourth Amendment, regarding search and seizure of property. http://www.latimes.com/news/local/la-me-kline19sep19,1,4891037.story?coll=la-headlines-california From ravage at einstein.ssz.com Fri Sep 19 08:15:29 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Fri, 19 Sep 2003 10:15:29 -0500 (CDT) Subject: Dead Address Test (no reply plz) Message-ID: -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From tyler at waterken.com Fri Sep 19 07:24:42 2003 From: tyler at waterken.com (Tyler Close) Date: Fri, 19 Sep 2003 10:24:42 -0400 Subject: Verisign's Wildcard A-Records and DNSSEC Plans? In-Reply-To: <20030919094822.GE19859@leitl.org> References: <20030916153829.23459.qmail@web40610.mail.yahoo.com> <20030919094822.GE19859@leitl.org> Message-ID: On Friday 19 September 2003 05:48, Eugen Leitl wrote: > The publishers knows the cryptographic hash of the document, and can > submit it to full-text indexing search services. Each P2P node should > come with a search engine, which uses part of the store space to keep > an index. The httpsy scheme is not intended for P2P distribution of immutable content. Look at something like Mnet for that. The httpsy scheme is intended for hosting of active computing agents, like say an e-gold account. These two problems are very different and have different solutions. Tyler -- The union of REST and capability-based security: http://www.waterken.com/dev/Web/ From eugen at denver065.server4free.de Fri Sep 19 02:48:22 2003 From: eugen at denver065.server4free.de (Eugen Leitl) Date: Fri, 19 Sep 2003 11:48:22 +0200 Subject: Verisign's Wildcard A-Records and DNSSEC Plans? In-Reply-To: References: <20030916153829.23459.qmail@web40610.mail.yahoo.com> Message-ID: <20030919094822.GE19859@leitl.org> On Thu, Sep 18, 2003 at 11:17:00AM -0400, Tyler Close wrote: > On Tuesday 16 September 2003 11:38, Morlock Elloi wrote: > > That is the problem when a centralized technical solution relies on the > > legal system (and they almost always do.) > > > > What is important is how and if will this accelerate alternate solutions > > for name space management. Machines can handle numerical addresses, as a stop-gap measure search engines (hardcoded into browsers) obviate the need to memorize URIs. Though there are several competing search engines, this is of course still mostly a single point of failure. We here all probably agree that the days of open online publishing are counted, and that traffic-remixing P2P (which, by tweaking parameters could be used to implement a BlackNet) networks will rapidly displace the WWW, once a usable system appears on the scene. The publishers knows the cryptographic hash of the document, and can submit it to full-text indexing search services. Each P2P node should come with a search engine, which uses part of the store space to keep an index. Denial of service can be counteracted by agoric load levelling, and prestige accounting. If you provide shitty service, your node gets consulted less and less, and your requests are processed with lower and lower priority. If you push out documents, you have to provide store, bandwidth and crunch, building an impeccable prestige over a long periods of time. Given the recent history, it looks hard to develop a usable system which gets all of the above right, so it will obviously take a while. I haven't spent much time reading up on YURLs, so I can't comment on that. What's the local consensus on the Waterken feller? [demime 0.97c removed an attachment of type application/pgp-signature] From gil_hamilton at hotmail.com Fri Sep 19 09:36:37 2003 From: gil_hamilton at hotmail.com (Gil Hamilton) Date: Fri, 19 Sep 2003 16:36:37 +0000 Subject: JetBlue Shared Passenger Data Message-ID: http://www.wired.com/news/privacy/0,1848,60489,00.html wherein JetBlue helps you bend over while TSA unbuckles... - GH _________________________________________________________________ Try MSN Messenger 6.0 with integrated webcam functionality! http://www.msnmessenger-download.com/tracking/reach_webcam From ravage at einstein.ssz.com Sat Sep 20 07:38:32 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sat, 20 Sep 2003 09:38:32 -0500 (CDT) Subject: The Register - eBay to Fees: come and get what you want (fwd) Message-ID: Another example of why CACL [1] approaches don't work. Claims that business are not as bad as the government are bogus because they fail to realize that both are activities of people and people are the cause of problem. The evils of man are not a function of government, business, or whatever. They rest solely on the human mind. http://www.theregister.co.uk/content/6/32936.html [1] Crypto-Anarchy, Anarcho-Capitalist, Capitalist, Libertarian And note the 'big C' on capitalist....the distinction is whether the commerce is the means or the ends. Big C capitalism it is the ends and human lifetimes are the means. -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From mv at cdc.gov Sat Sep 20 09:52:54 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Sat, 20 Sep 2003 09:52:54 -0700 Subject: careful with that nym, eugene Message-ID: <3F6C85E5.EC3B33D3@cdc.gov> The man who e-mailed The Times and claimed credit for the attacks used the name Tony Marsden, which he said was a pseudonym. The man also said that one of his hobbies was math and that he and his accomplices had painted Euler's Theorem on the side of one of the cars. FBI Searches Computers at Caltech in Hummer Probe The man said he used the name Tony Marsden because he had known people named Tony and Marsden. There is a Caltech professor named Jerrold E. Marsden who co-wrote a textbook titled "Vector Calculus" with Anthony J. Tromba. Jerrold Marsden was on vacation in Northern California this week. On Friday, he told The Times that he had not been contacted by the FBI or Caltech. http://www.latimes.com/news/local/la-me-hummer20sep20,1,1054265.story?coll=la-headlines-california (Next time try Marion Hornyak or Thomas Finney...) From ravage at einstein.ssz.com Sat Sep 20 10:51:02 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sat, 20 Sep 2003 12:51:02 -0500 (CDT) Subject: The Register - eBay to Fees: come and get what you want (fwd) In-Reply-To: <20030920150641.GA10485@diamond.madduck.net> Message-ID: On Sat, 20 Sep 2003, martin f krafft wrote: > also sprach Jim Choate [2003.09.20.1638 +0200]: > > http://www.theregister.co.uk/content/6/32936.html > > Don't want to open a can of worms here, but is cypherpunks secondary > function to be Jim's link distribution list? I mean, we all know The > Register and we all look around. And this is still the best you can come up with. You'll fit right in with Tim, Declan, and the rest of the CACL crowd. -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From roy at rant-central.com Sat Sep 20 10:51:52 2003 From: roy at rant-central.com (Roy M. Silvernail) Date: Sat, 20 Sep 2003 13:51:52 -0400 Subject: The Register - eBay to Fees: come and get what you want (fwd) In-Reply-To: <20030920150641.GA10485@diamond.madduck.net> References: <20030920150641.GA10485@diamond.madduck.net> Message-ID: <200309201351.52879.roy@rant-central.com> On Saturday 20 September 2003 11:06, martin f krafft wrote: > also sprach Jim Choate [2003.09.20.1638 +0200]: > > http://www.theregister.co.uk/content/6/32936.html > > Don't want to open a can of worms here, but is cypherpunks secondary > function to be Jim's link distribution list? I mean, we all know The > Register and we all look around. You're new here, aren't you? That can of worms has been opened many times before. Think of it as nature teaching you to learn about filter rules. From madduck at madduck.net Sat Sep 20 08:06:41 2003 From: madduck at madduck.net (martin f krafft) Date: Sat, 20 Sep 2003 17:06:41 +0200 Subject: The Register - eBay to Fees: come and get what you want (fwd) In-Reply-To: References: Message-ID: <20030920150641.GA10485@diamond.madduck.net> also sprach Jim Choate [2003.09.20.1638 +0200]: > http://www.theregister.co.uk/content/6/32936.html Don't want to open a can of worms here, but is cypherpunks secondary function to be Jim's link distribution list? I mean, we all know The Register and we all look around. -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net at madduck invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! weekend, where are you? [demime 0.97c removed an attachment of type application/pgp-signature] From mv at cdc.gov Sat Sep 20 17:23:23 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Sat, 20 Sep 2003 17:23:23 -0700 Subject: Walker: NAT means you are a consumer, not a peer Message-ID: <3F6CEF7B.E485E6E7@cdc.gov> (from /.) http://www.fourmilab.ch/speakfree/eol/ has a good rant by John Walker on how NAT turns users into consumers. Also Speak Freely maintenance is ending. Sic transit unix to PC secure vox. Note that PGPfone devel ended a while ago, unsupporting PC to Mac secvox. Nautilus is AFAIK PC to PC only. John is also pessimistic about 1. IPv6 deployment and 2. the return of NAT'd broadband users to non-consumer (ie, potential server aka publisher) status. As always, Walker is worth a read. ------ "The right to be left alone - the most comprehensive of rights, and the right most valued by civilized men." -- Supreme Court Justice Louis Brandeis From emc at artifact.psychedelic.net Sat Sep 20 18:27:03 2003 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Sat, 20 Sep 2003 18:27:03 -0700 (PDT) Subject: Drunken US Troops Kill Rare Tiger Message-ID: <200309210127.h8L1R3ev016277@artifact.psychedelic.net> News services are reporting that US Troops, who have been holding regular drunken parties at the Baghdad Zoo, have shot and killed the Zoo's rare Bengal tiger. It seems not only civilians are in danger from US Troops in the Occupied Iraqi Territories. In my opinion, the tiger was worth more than all the US Troops currently occupying Iraq. An occupation in violation of international law as part of Shrub's unprovoked War of Aggression to settle his family grudge with Saddam Hussein, control the world's oil supply, and take out one of the two regimes that refused to pressure the Palestinians to make peace on Israel's terms. A few years ago, I said there were no civilians in Israel, and therefore no retaliation by the Palestinians against Israeli military aggression could be considered a terrorist act. If AmeriKKKa freely re-elects Shrub, because Americans admire his bullying the rest of the world, and the American people freely support and fund such activities as the Pax AmeriKKKana, and unprovoked wars of aggression, then it's probably true there are no civilians in AmeriKKKa either. I no longer consider 9/11 a terrorist act. Some URLs on the tiger... http://us.rediff.com/news/2003/sep/20iraq1.htm http://www.sky.com/skynews/article/0,,30200-12796568,00.html -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From timcmay at got.net Sat Sep 20 19:32:27 2003 From: timcmay at got.net (Tim May) Date: Sat, 20 Sep 2003 19:32:27 -0700 Subject: Liquidating the Mud People In-Reply-To: <200309210127.h8L1R3ev016277@artifact.psychedelic.net> Message-ID: On Saturday, September 20, 2003, at 06:27 PM, Eric Cordian wrote: > News services are reporting that US Troops, who have been holding > regular > drunken parties at the Baghdad Zoo, have shot and killed the Zoo's rare > Bengal tiger. > > It seems not only civilians are in danger from US Troops in the > Occupied > Iraqi Territories. Even the Evil Baathists had the sense and respect to keep the zoos and other institutions running. Now that the cowboys and good ole boys have taken over, it's target practice on civilians and shooting caged tigers. And worse things. And we are paying an average of $3000 per year per taxpayer, charged to our collective credit cards of course, to pay for Dick Cheney's company to grow richer, for George Bush's oil interests to benefit, and for the creation of a state more inimical to American interests than anything a guy living in the mountains of Afghanistan could ever have imagined. Which was probably the intent all along for those who support and benefit from the National Security State. But, the other side of me is chortling. A clusterfuck which is unfolding nicely. Deaths of imperialist soldiers on a daily basis, thefts of the electoral process by their Democrap opponents back home, more unwinding of U.S. support, and the growing prospects for some true strikes at the heartland. What's not to like? (Just steer clear of the major population centers which are pawns in this game.) Me, I don't fly on Jet CIA Blue or Delta Delta Operations, or any other of the Big Brother-controlled airlines. (And now they are financially suffering and want citizen-unit taxes to bail them out...any airline which takes tax subsidies deserves to have its airplanes blown out of the sky....KA_BOOOOOOM.) And I rarely leave Santa Cruz these days. And I keep my claymores in good shape and my perimeter alarms armed. This fascist and communist nation has danced to the tune of the Mud People too long. --Tim May From mv at cdc.gov Sat Sep 20 22:58:21 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Sat, 20 Sep 2003 22:58:21 -0700 Subject: Drunken US Troops Kill Rare Tiger Message-ID: <3F6D3DFD.8D85E1E6@cdc.gov> At 06:27 PM 9/20/03 -0700, Eric Cordian wrote: >News services are reporting that US Troops, who have been holding regular >drunken parties at the Baghdad Zoo, have shot and killed the Zoo's rare >Bengal tiger. 1. The grunt found out that cats have no alpha cats 2. Nothing like boozing it up in a Moslem (ex)nation. At *least* the grunt wasn't *stoned* on cannabis or something evil like that. At 10:04 PM 9/9/03 -0500, Harmon Seaver wrote: > We have three or four distinct groups of cats living here that we feed. Two >in the house, two in the garage/greenhouse who once lived in the house but could >not resolve the dominance issue between one male in the house and one alpha >female now in the greenhouse. Then there are the more or less permanent two >females that live on and under the front porch, who also have serious unresolved >issues with the Mama Fritz of the greenhouse (who does get outside during the >day). Dominance also goes down the line, watching the 3 young offspring of one >of the porch ladies makes that pretty clear, one of those bosses the other two, Do you use PROMIS for Felines or the latest Orion Scientific codes to manage these relationships? Just curious; Ellison is on the phone trying to sell Oracle ID for cats. ..... If the chinese muslim priestgrunt was spying for Usama, maybe Wen-Ho was selling bahklava recipes to Saddam? From nobody at dizum.com Sat Sep 20 15:10:01 2003 From: nobody at dizum.com (Nomen Nescio) Date: Sun, 21 Sep 2003 00:10:01 +0200 (CEST) Subject: Cryptome: Torch Concepts threatening Cypherpunks Message-ID: <14e32ced4a3c05d8cd490dddbb06c697@dizum.com> http://cryptome.org/jetblue-spy.htm The attorney for Torch Concepts has sent cease and desist letters to Bill Scannell and Len Sassaman for offering the Torch Concepts file, the "smoking gun" in the Jet Blue privacy violation scandal. The file is currently still available on Len Sassaman's website, as well as Cryptome. From ravage at einstein.ssz.com Sat Sep 20 22:24:02 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sun, 21 Sep 2003 00:24:02 -0500 (CDT) Subject: Austin Cypherpunks Montly Social Message-ID: Time: October 14, 2003 Second Tuesday of each month 7:00 - 9:00 pm (or later) Location: Central Market HEB Cafe 38th and N. Lamar Weather permitting we meet in the un-covered tables. If it's inclimate but not overly cold we meet in the outside covered section. Otherwise look for us inside the building proper. Identification: Look for the group with the "Applied Cryptography" book. It will have a red cover and is about 2 in. thick. Contact Info: http://einstein.ssz.com/cdr There is an irc channel that is available 24/365 at irc.open-forge.org on port 6667. This resource is made available by the good graces of Open Forge, LLC. The mailing list can be joined by sending an email to majordomo at ssz.com with 'subscribe austin-cpunks' in the body. News & Events: The H18 Plan 9 efforts are well underway with three three (3) boxes available in Austin (more on the way) and other boxes in places like Russia, Spain, and Portugal. We are currently working on kernel patches that allow an increased pool of cpu servers to be available to user processes. Another P9 effort is integrating RSA into the factotum. We've got several wireless nodes available now and will be upgrading the SSZ node in particular in the next couple of weeks. We're expanding our system from just 802.11b to include a, b, & g. There will be a road trip to Dallas on Oct. 4 for the 1st Saturday Computer Sale that is held each month. From ravage at einstein.ssz.com Sat Sep 20 22:31:58 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sun, 21 Sep 2003 00:31:58 -0500 (CDT) Subject: Weekly Hangar 18 Social Message-ID: Asymmetric Clustering... Distributed Name Space... Global Sign-on... Guerrilla Networking... Open Source Technology... Do these words make your heart beat faster and your breath go shallow? If so then perhaps you should become involved with Hangar 18. We are a tit-for-tat group of computer hobbyist of a wide range of skills intent on building the next computing infra-structure using Open Source technology. We don't focus on any one form of technology but instead focus on real world applications in grid or large scale distributed computing. Time: Oct. 25, 2003 (last Thu. of month) Every Thursday, excluding national holidays 7:00 - 9:00 pm (or later) http://open-forge.org Location: The location varies from week to week so be sure to check with an active Hangar 18 member (or join the mailing list!) for more information. The last Thursday of each month we meet at the Robot Group. Please contact them directly for directions, per their request. http://robotgroup.net Identification: We'll be the group with the Plan 9 stuff...;) Homepage: http://open-forge.org/hangar18/ Mailing List: Send 'majordomo at open-forge.org' an email which has in the body 'subscribe hangar18-general' and nothing else. You should be subscribed to the list and recieve a notification back from the server. There are a variety of mailing lists currently available. Internet Relay Chat: kraken.open-forge.org 6667 The Open Forge group tries to meet each evening at 10PM (Austin, Tx.). The server is available for use 24/365. Austin Contacts: Open Forge, LLC helpdesk: 512-695-4126 (24/365) vmb: 512-451-7087 help at open-forge.com Events & News: There is a 1st Saturday Sale road trip scheduled for Oct. 4. We'll be starting a re-write of the installation How To over the next week or so. Look for it around the first couple of Oct. From madduck at madduck.net Sat Sep 20 16:04:48 2003 From: madduck at madduck.net (martin f krafft) Date: Sun, 21 Sep 2003 01:04:48 +0200 Subject: The Register - eBay to Fees: come and get what you want (fwd) In-Reply-To: <200309201351.52879.roy@rant-central.com> References: <20030920150641.GA10485@diamond.madduck.net> <200309201351.52879.roy@rant-central.com> Message-ID: <20030920230448.GA11551@diamond.madduck.net> also sprach Roy M. Silvernail [2003.09.20.1951 +0200]: > > You're new here, aren't you? > Not at all, I just never came across this discussion. I have pretty strong filters on cypherpunks, letting through only new threads and replies to threads that interest me. Now Choate is also a reason to delete a new thread. > That can of worms has been opened many times before. Think of it > as nature teaching you to learn about filter rules. I kinda knew the answer before I posted... -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net at madduck invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! quidquid latine dictum sit, altum viditur. [demime 0.97c removed an attachment of type application/pgp-signature] From rah at shipwright.com Sun Sep 21 02:35:49 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 21 Sep 2003 05:35:49 -0400 Subject: Do Police Need A Warrant In Order To Use Global Positioning System Technology? Message-ID: FindLaw's Writ - Aronson: ---- Do Police Need A Warrant In Order To Use Global Positioning System Technology? A Recent Washington Court Said Yes, But It's Wrong By BARTON ARONSON baronson at findlaw.com ---- Wednesday, Sep. 17, 2003 Last week, the Supreme Court of Washington became one of the first states to address whether, when the police use Global Positioning System (GPS) technology to track a suspect's movements, they need a warrant to do so. The Court held the answer was yes. Like many search and seizure cases, State v. Jackson is an awkward attempt to fit new law enforcement techniques into old jurisprudential boxes. This time, the Court would have been better off paying more attention to the boxes: in finding that the police did need a warrant, the court seem transfixed by the novelty of the technological to the exclusion of the rights it was supposed to be protecting. The Facts of Jackson In October 1999, William Jackson reported that his nine-year-old daughter was missing from his home. Suspicion quickly focused on Jackson himself, but the police lacked the evidence for an arrest. They did, however, have enough for warrants to search Jackson's vehicles, which were duly impounded by the Spokane police. Before returning Jackson's 1995 Ford pickup, the police sought and were granted a warrant to attach a Global Positioning System (GPS) device to the truck. The device allowed the police to track Jackson's movements without any effort greater than logging onto their computers and downloading the GPS device's data stream. They returned the truck to Jackson, but did not tell him that the devices had been installed. The first warrant was for ten days, which the judge extended for ten more. During that time, the police used the GPS device to track Jackson's vehicle to two remote locations and a storage unit. At one of those remote locations, the police found plastic bags, duct tape, and hair and blood samples. At the other, they found Jackson's daughter buried in a shallow grave. Jackson was convicted of first-degree murder. Washington Law on Search and Seizure On appeal, Jackson argued that the police did not have probable cause for the warrant. In so doing, he invoked a provision of the Washington state constitution that differs from - and is more protective of privacy than - the Fourth Amendment of the U.S. Constitution. An intermediate court ruled that the police didn't need a warrant for the GPS device, and so never decided whether there was probable cause; the Washington Supreme Court ruled that the police did, in fact, need the warrant, but ruled that it was supported by probable cause. While Washington is one of the first states to address this issue, it won't be the last. And apart from the precise technology at issue, the dispute between the state's appellate courts illustrates two different approaches to the intersection of technological innovation and the law of search and seizure. The Law of Search and Seizure and the Definition of a "Search" There is no "right to privacy" in the U.S. Constitution - at least, not in so many words. But the Fourth Amendment, which forbids "unreasonable searches and seizures," has long been understood to protect our reasonable expectations of privacy by requiring law enforcement, before violating those expectations and trenching on that privacy, to get a warrant. By interposing a neutral party - a judge - between law enforcement and the rest of us, the warrant requirement is supposed to ensure public order while preventing abuses of executive power. But the police only need a warrant if they conduct a "search." And as the law stands, there is no search if all the police do is see what you, voluntarily, expose to public viewing. So, if you keep your collection of roach clips and rolling papers safely under lock and key indoors, the police would need a warrant to go into your home and look for it. But if, having decided to kick the habit, you hold a sale in your front yard and put your drug paraphernalia in bins marked "$1," $2," and so on, and the police walk by to inspect the merchandise, they've conducted no "search" in finding your stuff. All of William Jackson's movements that were tracked by the GPS device were "public," in the sense that other people could have watched them without entering private homes or property. If the police had decided to follow Jackson in their cruisers as he drove to his storage locker and his daughter's grave, he could not have forbidden the police from following him or demanded to see a warrant. He drove on public roads, and went to public - albeit remote - places. Changing Technology and Changing Search and Seizure Law But the police didn't just follow Jackson - they tracked him using relatively new and sophisticated technology. Most people are vaguely aware of GPS technology, but it's probably fair to say Jackson, like almost all of the rest of us, has not pondered its uses in monitoring the movements of crime suspects. It would not be surprising to learn that the notion that his truck had a homing device never entered Jackson's mind. Search and seizure law has always accounted for technological innovations. If you "hide" your drug paraphernalia by putting it on your front door step at night, you could, conceivably, tell the judge that you reasonably expected privacy because, after all, it was dark and no one could see it. But if the police walk by and shine a flashlight on your stuff, the judge is likely to find they conducted no "search" at all. While the opinions in this area are by no means a model of consistency, the mantra for the courts is that technology may enhance an officer's senses without resulting in a search. But if the technology intrudes where the officer's senses could never go (think of a wiretap), then the officer will need a warrant. Old Categories, New Technologies, and the Conviction of William Jackson William Jackson's case is one of many at the intersection where our expectations of privacy meet new technologies. On the one hand, everything Jackson did was, in one sense, "public." On the other, the police detected his movements using unusual and sophisticated means, and the court was clearly troubled by the complete picture of Jackson's life that the GPS device could generate by comprehensively tracking his movements. Finally, the Court saw this distinction: "the GPS device does not merely augment the officers' senses, but rather provides a technological substitute for traditional visual tracking." How to resolve the tension? The answer will vary from case to case, but here, the state supreme court seems to have fixated on the technology and forgotten the interests involved. Start with the notion that there is no question, none at all, that the police can follow your movements in public. They can do so, moreover, while trying to conceal their identity, by driving in unmarked cars, not following too closely, and regularly switching vehicles. And they can certainly do it for a couple of weeks before you'd have any legal right to complain. If the sheriff's office had tracked William Jackson this way, his appeal would have merited a single paragraph from the courts of appeals rather than two lengthy opinions. Jackson, of course, hoped his movements would go undetected - that's why he buried his daughter in the woods rather than on his own property or some more public place. But he had no reasonable expectation of privacy in the woods. He didn't own the property and could not prevent others from following him there or finding it on their own. Whatever his hopes, they were not legitimate expectations in the sense that he could do anything to ensure the privacy he craved. All of this focuses on Jackson's expectations, because that's what matters. The state supreme court forgot that when it noted that "it is unlikely that the sheriff's department could have successfully maintained uninterrupted 24-hour surveillance." Predicating our expectations on the limited resources of law enforcement is a bad idea, for several reasons. The police have nearly unfettered discretion in deciding how to use their resources. Some crimes will have higher priorities than others; here, for example, Jackson's daughter was missing ,and therefore possibly still alive. What expectations would be "reasonable" under these circumstances? Would the result be different if the GPS device had led the police to Jackson's daughter's body in the first 24 hours? Moreover, the supreme court just might be wrong about whether the police could pull this off. Sometimes the police do try to follow people for days or weeks on end, and sometimes they succeed. Sometimes the police are in the right place at the right time; often they are not. But since most crime will go undetected most of the time, it is difficult to see how this scrutiny on police resources will lead to intelligible rules for determining when the police have conducted a search and when they have not. Fortunately, guessing about what the police can or cannot do - a fruitless inquiry - is not how we protect privacy rights. The state supreme court should have stayed focused on what mattered: Jackson's expectations. None of this is intended to take lightly the extraordinary power that police have to use - and abuse - in the pursuit of crime. And there is nothing wrong, in principle, with a court saying that when technologies race ahead of our expectations, the police may need a warrant while we get used to the notion - if we get used to the notion - that we've lost a little bit more privacy. But the word "technology" is not to be incanted by courts as a reason for abandoning basic principles of search and seizure law. And one of those principles is that, as a matter of law, you cannot hide in plain sight. Barton Aronson is an attorney in Washington, D.C.. Prior to that, he was a prosecutor in Washington, D.C., and an Assistant District Attorney in Massachusetts. The opinions expressed in this article are his own. Company |Privacy Policy |Disclaimer Copyright ' 1994-2003 Find Law  -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sun Sep 21 03:01:52 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 21 Sep 2003 06:01:52 -0400 Subject: "Useless Eaters" Message-ID: I'm shocked, simply shocked, to have the origin of the term "useless eaters" pointed out to me in another context: http://www.google.com/search?q=%22useless+eaters%22+nazi&ie=UTF-8&oe=UTF-8 "A good artist borrows. A great one steals." --Pablo Picasso Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "When the hares made speeches in the assembly and demanded that all should have equality, the lions replied, "Where are your claws and teeth?" -- attributed to Antisthenes in Aristotle, 'Politics', 3.7.2 From rah at shipwright.com Sun Sep 21 03:03:52 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 21 Sep 2003 06:03:52 -0400 Subject: Neo-Cons, Fundies, Feddies,Con-Artists (was re: "Useless Eaters") Message-ID: The "other context", more or less... Cheers, RAH who's hanging out on the irtheory list for no good reason and is, apparently, Ruthless Machiavellian... :-). ------- PressInfo 189, Neo-Cons, Fundies, Feddies, and Con-Artists  PressInfo # 189 September 18, 2003 By Francis A. Boyle , TFF Associate Originally posted on the 'AALS Section on Minority Grps. mailing list' It is now a matter of public record that immediately after the terrible tragedy of 11 September 2001, U.S. Secretary of War Donald Rumsfeld and his pro-Israeli "Neoconservative" Deputy Paul Wolfowitz began to plot, plan, scheme and conspire to wage a war of aggression against Iraq by manipulating the tragic events of September 11th in order to provide a pretext for doing so.(1) Of course Iraq had nothing at all to do with September 11th or supporting Al-Qaeda. But that made no difference to Rumsfeld, Wolfowitz, their Undersecretary of War Douglas Feith, Undersecretary of State John Bolton, and the numerous other pro-Israeli Neo-Cons inhabiting the Bush Jr. administration. These pro-Israeli Neo-Cons had been schooled in the Machiavellian/Nietzschean theories of Professor Leo Strauss who taught political philosophy at the University of Chicago in its Department of Political Science. The best exposN of Strauss's pernicious theories on law, politics, government, for elitism, and against democracy can be found in two scholarly books by the Canadian Professor of Political Philosophy Shadia B. Drury.(2) I entered the University of Chicago in September of 1968 shortly after Strauss had retired. But I was trained in Chicago's Political Science Department by Strauss's foremost protNgN, co-author, and later literary executor Joseph Cropsey. Based upon my personal experience as an alumnus of Chicago's Political Science Department (A.B., 1971, in Political Science), I concur completely with Professor Drury's devastating critique of Strauss. I also agree with her penetrating analysis of the degradation of the American political process that has been inflic! ted by Chicago's Straussian Neo-Con cabal. (3) The University of Chicago routinely trained me and innumerable other students to become ruthless and unprincipled Machiavellians. That is precisely why so many neophyte Neo-Con students gravitated towards the University of Chicago or towards Chicago Alumni at other universities. Years later, the University of Chicago became the "brains" behind the Bush Jr. Empire and his Ashcroft Police State. Attorney General John Ashcroft received his law degree from the University of Chicago in 1967. Many of his lawyers at the Bush Jr. Department of Injustice are members of the right-wing, racist, bigoted, reactionary, and totalitarian Federalist Society (aka "Feddies"), (4) which originated in part at the University of Chicago. Feddies wrote the USA Patriot Act (USAPA) I and the draft for USAPA II, which constitute the blueprint for establishing an American Police State. (5) Meanwhile, the Department of Injustice's own F.B.I. is still covering up the U.S. governmental origins of the post! 11 September 2001 anthrax attack on Washington D.C. that enabled Ashcroft and his Feddies to stampede the U.S. Congress into passing USAPA I into law. (6) Integrally related to and overlapping with the Feddies are members of the University of Chicago "School" of Law-and-Kick-Them-in-the-Groin-Economics (e.g., Richard Posner, Frank Easterbrook, Richard Epstein,etc.), which in turn was founded upon the Market Fundamentalism of Milton Friedman, now retired but long-time Professor of Economics at the University of Chicago. Friedman and his "Chicago Boys" have raped, robbed, looted, plundered, and pillaged economies and their respective peoples all over the developing world. (7) This Chicago gang of academic con-artists and charlatans are proponents of the Nazi Doctrine of "useless eaters." Pursuant to Friedman's philosophy of Market Fundamentalism, the "privatization" of Iraq and its Oil Industry are already underway for the primary benefit of the U.S. energy companies (e.g., Halliburton, formerly under Vice President Dick Cheney) that had already interpenetrated the Bush Jr. administration as well as the Bush Family itself. Enron! . Although miseducated (8) at Yale and Harvard Business School, the "Ivies" proved to be too liberal for Bush Jr. and his fundamentalist Christian supporters, whose pointman and spearcarrier in the Bush Jr. administration was Ashcroft, a Fundie himself. The Neo-Cons and the Fundies contracted an "unholy alliance" in support of Bush Jr. For their own different reasons, both gangs also worked hand-in-hand to support Israel's genocidal Prime Minister Ariel Sharon, an internationally acknowledged war criminal. (9) According to his own public estimate and boast before the American Enterprise Institute, President Bush Jr. hired about 20 Straussians to occupy key positions in his administration, intentionally taking offices where they could push American foreign policy in favor of Israel and against its chosen enemies such as Iraq, Iran, Syria, and the Palestinians. (10) Most of the Straussian Neo-Cons in the Bush Jr. administration and elsewhere are Israel-firsters: What is "good" for Israel is by definition "good" for the United States. Dual loyalties indeed. (11) In addition, it was the Chicago Straussian cabal of pro-Israeli Neo-Cons who set up a special "intelligence" unit within the Pentagon that was responsible for manufacturing many of the bald-faced lies, deceptions, half-truths, and sheer propaganda that the Bush Jr. administration then disseminated to the lap-dog U.S. news media (12) in order to generate public support for a war of aggression against Iraq for the benefit of Israel and in order to steal Iraq's oil. (13) To paraphrase advice Machiavelli once rendered to his Prince in Chapter XVIII of that book: Those who want to deceive will always find those willing to be deceived. (14) As I can attest from my personal experience as an alumnus of the University of Chicago Department of Political Science, the Bible of Chicago's Neo-Con Straussian cabal is Machiavelli's The Prince . We students had to know our Machiavelli by heart and rote at the University of Chicago. As for the University of Chicago overall, its biblical Gospel is Allan Bloom's The Closing of the American Mind (1987). (15) Of course Bloom was another protNgN of Strauss, as well as a mentor to Wolfowitz. In his Bloom-biographical novel Ravelstein (2000) Saul Bellow, formerly on the University of Chicago Faculty, outed his self-styled friend Bloom as a hedonist, pederast, and most promiscuous homosexual who died of AIDS. All this was common knowledge at the University of Chicago, where Bloom is still worshiped and his elitist screed against American higher-education still revered on a pedestal. In Ravelstein Wolfowitz appeared as Bloom's protNgN Philip Gorman, leaking national security secrets to his mentor during the Bush Sr. war against Iraq. Strauss hovered around the novel as Bloom's mentor and guru Professor Davarr. Strauss/Davarr is really the Nminence grise of Ravelstein . With friends like Bellow, Bloom did not need enemies. On the basis of Ravelstein alone, Wolfowitz warrants investigation by the F.B.I. Just recently the University of Chicago officially celebrated its Bush Jr. Straussian Neo-Con cabal, highlighting Wolfowitz Ph.D. '72, Ahmad Chalabi, Ph.D. '69 (the CIA's Iraqi puppet), Abram Shulsky, A.M. '68, Ph.D. '72 (head of the Pentagon's special "intelligence" unit), Zalmay Khalilzad, Ph.D. '79 (Bush Jr's roving pro-consul for Afghanistan and then Iraq), as well as faculty members Bellow, X '39, and Bloom, A.B. '49, A.M. '53, Ph.D. '55, together with Strauss. According to the University of Chicago Magazine , Bloom's rant "helped popularize Straussian ideals of democracy." (16) It is correct to assert that Bloom's book helped to popularize Straussian "ideas," but they were blatantly anti-democratic, Machiavellian, Nietzschean, and elitist to begin with. Only the University of Chicago would have the unmitigated Orwellian gall to publicly assert that Strauss and Bloom cared one whit about democracy, let alone comprehended the "ideals of democracy." Does anyone seriously believe that a pro-Israeli Chicago/Strauss/Bloom product such as Wolfowitz could care less about democracy in Iraq? Or for that matter anyone in the Bush Jr. administration? After they stole the 2000 presidential election from the American People in Florida and before the Republican-controlled U.S. Supreme Court, some of whom were Feddies? (17) Justice Clarence Thomas is a Straussian to boot. (18) At the behest of its Straussian Neo-Con Political Science Department, in 1979 the entire University of Chicago went out of its way to grant the "first Albert Pick Jr. Award for Outstanding Contributions to International Understanding" to Robert "Mad Bomber" McNamara. (19) In other words, the University of Chicago itself maliciously strove to rehabilitate one of the greatest international war criminals in the post-World War II era. (20) Do not send your children to the University of Chicago where they will grow up to become warmongers like Wolfowitz or totalitarians like Ashcroft! The University of Chicago is an intellectual and moral cesspool.  Endnotes 1. See, e.g., Rahul Mahajan, Full Spectrum Dominance 108 (2003). 2. Shadia B. Drury, The Political Ideas of Leo Strauss (1988); Leo Strauss and the American Right (1999). See also Alain Frachon & Daniel Vernet, The Strategist and the Philosopher: Leo Strauss and Albert Wohlstetter , Le Monde, April 16, 2003, translated into English by Norman Madarasz on Counterpunch.org., June 2, 2003. 3. See also David Brock, Blinded by the Right (2002). 4. George E. Curry & Trevor W. Coleman, Hijacking Justice , Emerge, October 1999, at 42; Jerry M. Landay, The Conservative Cabal That's Transforming American Law , Washington Monthly, March 2000, at 19; People for the American Way, The Federalist Society (August 2001); Institute for Democracy Studies, The Federalist Society and the Challenge to a Democratic Jurisprudence (January 2001). 5. Francis A. Boyle, Bush's Banana Republic , Counterpunch.org, Oct. 11, 2002. 6. Francis A. Boyle, Biowarfare, Terror Weapons and the U.S.: Home Brew? , Counterpunch.org, April 25, 2002. 7. See Greg Palast, The Best Democracy Money Can Buy (2003), at 5 et seq. 8. See Chomsky on Miseducation (Donald Macedo ed. 2000). 9. Francis A. Boyle, Take Sharon to The Hague , Counterpunch.org, June 6, 2002. 10. White House Press Release, President Discusses the Future of Iraq , Washington Hilton Hotel, Feb. 26, 2003. 11. Nasser H. Aruri, Dishonest Broker, 193-216 (2003). See also Tanya Reinhart, Israel/Palestine (2002); Cheryl A. Rubenberg, The Palestinians (2003). 12. Norman Solomon, The Habits of Highly Deceptive Media (1999); Noam Chomsky, Media Control (1997). 13. Seymour M. Hersh, Selective Intelligence , New Yorker, May 8, 2003; Michael Lind, T he Weird Men Behind George W. Bush's War , New Statesman - London, April 7, 2003; Julian Borger, The Spies Who Pushed for War , The Guardian, July 17, 2003. 14. Machiavelli, The Prince 147 (M. Musa trans. & ed. 1964): ". . . and men are so simple-minded and so dominated by their present needs that one who deceives will always find one who will allow himself to be deceived." This Bilingual Edition of The Prince by Mark Musa was the one preferred by Joseph Cropsey to teach us students. 15. But see Lawrence W. Levine, The Opening of the American Mind (1996). 16. Between the Lines , University of Chicago Magazine, June 2003, at 54 17. Vincent Bugliosi, The Betrayal of America (2001); Greg Palast, The Best Democracy Money Can Buy 11-81 (2003). 18. Gerhard Sporl, The Leo-Conservatives , Der Spiegel, Aug. 4, 2003. 19. McNamara Receives Pick Award Amid Protests , University of Chicago Magazine, Summer 1979, at 4. 20. Noam Chomsky, Rethinking Camelot (1993); Robert S. McNamara, In Retrospect (1995).  ' TFF 2003  Tell a friend about this article Send to: From: Message and your name  You are welcome to reprint, copy, archive, quote or re-post this item, but please retain the source.  Would you - or a friend - like to receive TFF PressInfo by email?     SPECIALS  Photo galleries Nonviolence Forum TFF News Navigator Become a TFF Friend TFF Online Bookstore Reconciliation project Make an online donation Foundation update and more TFF Peace Training Network Make a donation via bank or postal giro Menu below  Home New PressInfo TFF Forums Features Publications Kalejdoskop Links  The Transnational Foundation for Peace and Future Research Vegagatan 25, S - 224 57 Lund, Sweden Phone + 46 - 46 - 145909  Fax + 46 - 46 - 144512 http://www.transnational.org  comments at transnational.org ' TFF 1997-2003  -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From hseaver at cybershamanix.com Sun Sep 21 04:41:12 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Sun, 21 Sep 2003 06:41:12 -0500 Subject: Drunken US Troops Kill Rare Tiger In-Reply-To: <3F6D3DFD.8D85E1E6@cdc.gov> References: <3F6D3DFD.8D85E1E6@cdc.gov> Message-ID: <20030921114112.GA14429@cybershamanix.com> On Sat, Sep 20, 2003 at 10:58:21PM -0700, Major Variola (ret) wrote: > At 06:27 PM 9/20/03 -0700, Eric Cordian wrote: > >News services are reporting that US Troops, who have been holding > regular > >drunken parties at the Baghdad Zoo, have shot and killed the Zoo's rare > > >Bengal tiger. > > 1. The grunt found out that cats have no alpha cats Or rather that he just wasn't it. > 2. Nothing like boozing it up in a Moslem (ex)nation. At *least* the > grunt > wasn't *stoned* on cannabis or something evil like that. > Of course, if he'd been smoking hashish instead of drinking, he'd never even considered walking into that tiger's den. > At 10:04 PM 9/9/03 -0500, Harmon Seaver wrote: > > We have three or four distinct groups of cats living here that we > feed. Two > >in the house, two in the garage/greenhouse who once lived in the house > but could > >not resolve the dominance issue between one male in the house and one > alpha > >female now in the greenhouse. Then there are the more or less permanent > two > >females that live on and under the front porch, who also have serious > unresolved > >issues with the Mama Fritz of the greenhouse (who does get outside > during the > >day). Dominance also goes down the line, watching the 3 young offspring > of one > >of the porch ladies makes that pretty clear, one of those bosses the > other two, > > > Do you use PROMIS for Felines or the latest Orion Scientific codes to > manage > these relationships? Just curious; Ellison is on the phone trying to > sell Oracle ID > for cats. > I am just their lowly servant. They call me Katmandoo. > ..... > If the chinese muslim priestgrunt was spying for Usama, maybe Wen-Ho was > selling > bahklava recipes to Saddam? Sounds like all he had was his pastoring notes -- like where, in the maze of tiger cages, the individuals he worked with lived, and who, in the gulag heirarchy, he needed to talk to about them. Although ya' never know with them inscrutable muslims, and him being an inscrutable oriental besides. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From Freematt357 at aol.com Sun Sep 21 06:11:18 2003 From: Freematt357 at aol.com (Freematt357 at aol.com) Date: Sun, 21 Sep 2003 09:11:18 EDT Subject: Liquidating the Mud People Message-ID: In a message dated 9/20/03 10:36:31 PM Eastern Daylight Time, timcmay at got.net writes: > Me, I don't fly on Jet CIA Blue or Delta Delta Operations, or any other > of the Big Brother-controlled airlines. (And now they are financially > suffering and want citizen-unit taxes to bail them out... Any prediction when the police state fascism of the air will be exported to the interstate highway system? Personally I won't fly either, as I want to be treated as a customer and I refuse to be treated as a suspect. As a suspect the airlines can eat my seat. However, I refuse to be hog-tied so I travel around the US on the ground- I've encountered two travel concerns- One on I-10 outside of El Paso at a border patrol checkpoint- The Border Patrolman wanted to know where I had been and where I was going and what I had been doing...In short, intrusive none of their business questions. That time I was traveling from Phoenix to the French Quarter of New Orleans- The Fed wanted to know why I was using the southern route, so I said why not? At the time they were searching some hapless teenage boy's pickup so they waved me through. Interestingly I visited Mexico that trip and when I reentered the US I didn't even have to show ID. The guys at Customs and Immigration just waved me through after asking me where I'm from, albeit I look American. The other was at a Canadian border crossing on my way to Montreal. The Maple leafers have a database of American gun owners, as the customs guy asked me "You have a pistol?" to which I replied no. He asked again not believing me "You don't have a pistol???" Upon which I replied that is correct I don't have a pistol, I have pistols plural. My buddy traveling with me announced in a loud voice so the entire station could hear, of course we have pistols, and rifles too- That's what free people have and that's one of the reason's I'd never move to Canada. Naturally my car got searched with a fine toothed comb, but I added I wouldn't be stupid enough to bring my pistol. I spent considerable effort cleaning my car of any stray ammo, thinking what sort of post 9/11 hell I'd me in if they found a .308 or errant 9 mm. Speaking with Canadian customs however I discovered that I could have legally imported 5,000 rounds of ammo. Apparently people do so for hunting trips. Noteworthy is the unguarded St. Lawrence River with unguarded boats moored alongside the shore. We traveled alongside it on both sides of the border and thought how trivially easy it would be to cross undetected. It's not like the government efforts have to make sense. Regards, Matt Gaylor- From mv at cdc.gov Sun Sep 21 16:55:47 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 21 Sep 2003 16:55:47 -0700 Subject: Drunken US Troops Kill Rare Tiger Message-ID: <3F6E3A83.69E28C9A@cdc.gov> At 06:35 PM 9/21/03 -0400, Tyler Durden wrote: >"I no longer consider 9/11 a terrorist act." > >Fuck. I've been nearing a similar conclusion, though from an entirely >different, uh, line of approach. Though I don't consider having quite >crossed that line yet. > >I guess in the end we are responsible for the actions our government takes. >And if we remain ignorant and continue to benefit (and do nothing to stop >it), then we are responsible, particularly when our military represents an >outrageously assymetric invasionary force. If you pay taxes, you are a terrorist. Even if you pay them under threat of violence, as most do. 9/11 was a commando/specops operations against an invader on par with Rome. If the US were invaded by troops from Arabia, one would expect that American Patriots (tm) would perform similar military actions. What part of "beware foreign entanglements" does Congress have a comprehension problem with? Give part of germany to the jews, and give palestine back to the arabs, and blame the history of British imperialism. Buy whatever oil, hash, carpets you find on the free market. ---- Trade with all, make treaties with none, and beware of foreign entanglements. -George Washington From camera_lumina at hotmail.com Sun Sep 21 15:35:42 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sun, 21 Sep 2003 18:35:42 -0400 Subject: Drunken US Troops Kill Rare Tiger Message-ID: "I no longer consider 9/11 a terrorist act." Fuck. I've been nearing a similar conclusion, though from an entirely different, uh, line of approach. Though I don't consider having quite crossed that line yet. I guess in the end we are responsible for the actions our government takes. And if we remain ignorant and continue to benefit (and do nothing to stop it), then we are responsible, particularly when our military represents an outrageously assymetric invasionary force. On the "left wing liberal" NPR I heard some army dude interviewed. He openly referred to Iraq's #1 oil pumping station as "The Crown Jewel", and discussed a military action to capture it in terms of a dollar value--"This was a $6 billion dollar target" or some such thing. Let's say that 9/11 may have been a terrorist act, but Bush & pals are rendering it an ever purer act of war with each passing day. -TD >From: Eric Cordian >To: cypherpunks at minder.net >Subject: Drunken US Troops Kill Rare Tiger >Date: Sat, 20 Sep 2003 18:27:03 -0700 (PDT) > >News services are reporting that US Troops, who have been holding regular >drunken parties at the Baghdad Zoo, have shot and killed the Zoo's rare >Bengal tiger. > >It seems not only civilians are in danger from US Troops in the Occupied >Iraqi Territories. > >In my opinion, the tiger was worth more than all the US Troops currently >occupying Iraq. An occupation in violation of international law as part >of Shrub's unprovoked War of Aggression to settle his family grudge with >Saddam Hussein, control the world's oil supply, and take out one of the >two regimes that refused to pressure the Palestinians to make peace on >Israel's terms. > >A few years ago, I said there were no civilians in Israel, and therefore >no retaliation by the Palestinians against Israeli military aggression >could be considered a terrorist act. > >If AmeriKKKa freely re-elects Shrub, because Americans admire his bullying >the rest of the world, and the American people freely support and fund >such activities as the Pax AmeriKKKana, and unprovoked wars of aggression, >then it's probably true there are no civilians in AmeriKKKa either. > >I no longer consider 9/11 a terrorist act. > >Some URLs on the tiger... > >http://us.rediff.com/news/2003/sep/20iraq1.htm >http://www.sky.com/skynews/article/0,,30200-12796568,00.html > >-- >Eric Michael Cordian 0+ >O:.T:.O:. Mathematical Munitions Division >"Do What Thou Wilt Shall Be The Whole Of The Law" _________________________________________________________________ Instant message in style with MSN Messenger 6.0. Download it now FREE! http://msnmessenger-download.com From camera_lumina at hotmail.com Sun Sep 21 15:45:21 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sun, 21 Sep 2003 18:45:21 -0400 Subject: Encrypted search? Message-ID: Got a crypto question here. Let's say I push out a list I'd like to keep secret to some client machine. The user of that machine must enter some ID or other piece of information. I want the client machine to perform a search of that ID vs the contents of a list (again, resident locally on that machine), but I don't want the user to be able to see the other entries of that list. Possible? Remember, after the initial push of data out to the client machine, no more messages are exchanged. This means the list must be sent in encrypted form. When the search is performed, the "stupid" thing to do (I think...someone correct me) is to take the user's ID, encrypt it, and then determine if matches an encypted member of the list (and I don't see encrypted each entry individually as a desirable thing). I am assuming that this allows a savvy user to reverse-engineer the encryption. Another option is one I don't have the background at this stage to understand. Let's assume the entire list has been encrypted in one shot. Is there some function such that when this encrypted list is convolved with the user ID a "Yes" or "no" can be obtained (indicating presence or absence from the list)? If the answer is yes, I'd also like to know if knowing this is farily basic to most encryption professionals sphere of knowledge... -TD _________________________________________________________________ Get McAfee virus scanning and cleaning of incoming attachments. Get Hotmail Extra Storage! http://join.msn.com/?PAGE=features/es From camera_lumina at hotmail.com Sun Sep 21 15:55:21 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sun, 21 Sep 2003 18:55:21 -0400 Subject: Liquidating the Mud People Message-ID: Matt Gaylor wrote... "That's what free people have and that's one of the reason's I'd never move to Canada. Naturally my car got searched with a fine toothed comb, but I added I wouldn't be stupid enough to bring my pistol. I spent considerable effort cleaning my car of any stray ammo, thinking what sort of post 9/11 hell I'd me in if they found a .308 or errant 9 mm. Speaking with Canadian customs however I discovered that I could have legally imported 5,000 rounds of ammo. Apparently people do so for hunting trips." I'm wondering if after writing this you started putting 2+2...guns are legal in Canada...go see "Bowling for Columbine"...apparently, many Canadians have guns, but they just don't use them to kill people very often. -TD >From: Freematt357 at aol.com >To: timcmay at got.net, cypherpunks at lne.com >Subject: Re: Liquidating the Mud People >Date: Sun, 21 Sep 2003 09:11:18 EDT > >In a message dated 9/20/03 10:36:31 PM Eastern Daylight Time, >timcmay at got.net >writes: > > > Me, I don't fly on Jet CIA Blue or Delta Delta Operations, or any other > > of the Big Brother-controlled airlines. (And now they are financially > > suffering and want citizen-unit taxes to bail them out... > >Any prediction when the police state fascism of the air will be exported to >the interstate highway system? Personally I won't fly either, as I want to >be >treated as a customer and I refuse to be treated as a suspect. As a >suspect >the airlines can eat my seat. > >However, I refuse to be hog-tied so I travel around the US on the ground- >I've encountered two travel concerns- One on I-10 outside of El Paso at a >border >patrol checkpoint- The Border Patrolman wanted to know where I had been and >where I was going and what I had been doing...In short, intrusive none of >their >business questions. That time I was traveling from Phoenix to the French >Quarter of New Orleans- The Fed wanted to know why I was using the southern >route, so I said why not? At the time they were searching some hapless >teenage >boy's pickup so they waved me through. Interestingly I visited Mexico that >trip >and when I reentered the US I didn't even have to show ID. The guys at >Customs >and Immigration just waved me through after asking me where I'm from, >albeit >I look American. > >The other was at a Canadian border crossing on my way to Montreal. The >Maple >leafers have a database of American gun owners, as the customs guy asked me >"You have a pistol?" to which I replied no. He asked again not believing me >"You don't have a pistol???" Upon which I replied that is correct I don't >have a >pistol, I have pistols plural. My buddy traveling with me announced in a >loud >voice so the entire station could hear, of course we have pistols, and >rifles >too- That's what free people have and that's one of the reason's I'd never >move to Canada. Naturally my car got searched with a fine toothed comb, >but I >added I wouldn't be stupid enough to bring my pistol. I spent considerable >effort cleaning my car of any stray ammo, thinking what sort of post 9/11 >hell >I'd me in if they found a .308 or errant 9 mm. Speaking with Canadian >customs >however I discovered that I could have legally imported 5,000 rounds of >ammo. >Apparently people do so for hunting trips. Noteworthy is the unguarded St. >Lawrence River with unguarded boats moored alongside the shore. We >traveled >alongside it on both sides of the border and thought how trivially easy it >would >be to cross undetected. It's not like the government efforts have to make >sense. > >Regards, Matt Gaylor- _________________________________________________________________ Instant message during games with MSN Messenger 6.0. Download it now FREE! http://msnmessenger-download.com From timcmay at got.net Sun Sep 21 19:18:42 2003 From: timcmay at got.net (Tim May) Date: Sun, 21 Sep 2003 19:18:42 -0700 Subject: Drunken US Troops Kill Rare Tiger In-Reply-To: <3F6E3A83.69E28C9A@cdc.gov> Message-ID: <1653213A-ECA3-11D7-87EC-000A956B4C74@got.net> On Sunday, September 21, 2003, at 04:55 PM, Major Variola (ret) wrote: > At 06:35 PM 9/21/03 -0400, Tyler Durden wrote: >> "I no longer consider 9/11 a terrorist act." >> >> Fuck. I've been nearing a similar conclusion, though from an entirely >> different, uh, line of approach. Though I don't consider having quite >> crossed that line yet. >> >> I guess in the end we are responsible for the actions our government > takes. >> And if we remain ignorant and continue to benefit (and do nothing to > stop >> it), then we are responsible, particularly when our military >> represents > an >> outrageously assymetric invasionary force. > > If you pay taxes, you are a terrorist. Even if you pay them under > threat > of violence, as most do. America is the world's leading terrorist state. "My name is Tim, and men with guns take a lot of money from me each year. I am a terrorist." > > 9/11 was a commando/specops operations against an invader on par > with Rome. If the US were invaded by troops from Arabia, one would > expect that American Patriots (tm) would perform similar military > actions. As horrible as 9/11 was for the 3000 or so victims and their families, it was not much more than hundreds of thousands of victims of American terrorism have suffered around the world. I'm glad I wasn't a victim...but, then, I figured out many years ago that living in a Schelling point for reprisals against American terrorism was not a smart thing to do. And I discovered that helping Delta and Jet Blue go bankrupt through not flying was smarter than being a sitting duck victim of Spec Ops vs. Al Qaida turf wars. > Give part of germany to the jews, and give palestine back to the arabs Give the Jew invaders of Palestine a 10-minute lesson in swimming, hand them a pair of water wings, and tell them to swim for their lives. With luck, only one in 100 will make it to the point where Do-Gooder rescuer ships make them welfare burdens on America. --Tim May "We should not march into Baghdad. To occupy Iraq would instantly shatter our coalition, turning the whole Arab world against us and make a broken tyrant into a latter- day Arab hero. Assigning young soldiers to a fruitless hunt for a securely entrenched dictator and condemning them to fight in what would be an unwinable urban guerilla war, it could only plunge that part of the world into ever greater instability." --George H. W. Bush, "A World Transformed", 1998 From cpunk at lne.com Sun Sep 21 20:00:00 2003 From: cpunk at lne.com (cpunk at lne.com) Date: Sun, 21 Sep 2003 20:00:00 -0700 Subject: Cypherpunks List Info Message-ID: <200309220300.h8M3004j020562@slack.lne.com> Cypherpunks Mailing List Information Last updated: Sep 12, 2002 This message is also available at http://www.lne.com/cpunk Instructions on unsubscribing from the list can be found below. 0. Introduction The Cypherpunks mailing list is a mailing list for discussing cryptography and its effect on society. It is not a moderated list (but see exceptions below) and the list operators are not responsible for the list content. Cypherpunks is a distributed mailing list. A subscriber can subscribe to one node of the list and thereby participate on the full list. Each node (called a "Cypherpunks Distributed Remailer", although they are not related to anonymous remailers) exchanges messages with the other nodes in addition to sending messages to its subscribers. A message posted to one node will be received by the list subscribers on the other nodes, and vice-versa. 1. Filtering The various CDRs follow different policies on filtering spam and to a lesser extent on modifying messages that go to/from their subscribers. Filtering is done, on nodes that do it, to reduce the huge amount of spam that the cypherpunks list is subjected to. There are three basic flavors of filtering CDRs: "raw", which send all messages to their subscribers. "cooked" CDRs try to eliminate the spam on that's on the regular list by automatically sending only messages that are from cypherpunks list subscribers (on any CDR) or people who are replying to list messages. Finally there are moderated lists, where a human moderator decides which messages from the raw list to pass on to subscribers. 2. Message Modification Message modification policy indicates what modifications, if any, beyond what is needed to operate the CDR are done (most CDRs add a tracking X-loop header on mail posted to their subscribers to prevent mail loops). Message modification usually happens on mail going in or out to each CDR's subscribers. CDRs should not modify mail that they pass from one CDR to the next, but some of them do, and others undo those modifications. 3. Privacy Privacy policy indicates if the list will allow anyone ("open"), or only list members, or no one ("private") , to retrieve the subscribers list. Note that if you post, being on a "private" list doesn't mean much, since your address is now out there. It's really only useful for keeping spammers from harvesting addresses from the list software. Digest mode indicates that the CDR supports digest mode, which is where the posts are batched up into a few large emails. Nodes that support only digest mode are noted. 4. Anonymous posting Cypherpunks encourages anonymous posting. You can use an anonymous remailer: http://www.andrebacard.com/remail.html http://anon.efga.org/Remailers http://www.gilc.org/speech/anonymous/remailer.html or you can send posts to the list via cpunks_anon at einstein.ssz.com and your mail's headers will be stripped before posting. Note that this doesn't provide complete anonymity since the receiving site will still have log file entries showing the source of the mail (or you have to trust that they delete them). You also will be 'sharing' a reputation with the other entities that post through this alias, and some of them are spammers, so some subscribers will have this alias filtered. 5. Unsubscribing Unsubscribing from the cypherpunks list: Since the list is run from a number of different CDRs, you have to figure out which CDR you are subscribed to. If you don't remember and can't figure it out from the mail headers (hint: the top Received: line should tell you), the easiest way to unsubscribe is to send unsubscribe messages to all the CDRs listed below. How to figure out which CDR you are subscribed to: Get your mail client to show all the headers (Microsoft calls this "internet headers"). Look for the Sender or X-loop headers. The Sender will say something like "Sender: owner-cypherpunks at lne.com". The X-loop line will say something like "X-Loop: cypherpunks at lne.com". Both of these inticate that you are subscribed to the lne.com CDR. If you were subscribed to the algebra CDR, they would have algebra.com in them. Once you have figured out which CDR you're subscribed to, look in the table below to find that CDRs unsubscribe instructions. 6. Lunatics, spammers and nut-cases "I'm subscribed to a filtering CDR yet I still see lots of junk postings". At this writing there are a few sociopaths on the cypherpunks list who are abusing the lists openness by dumping reams of propaganda on the list. The distinction between a spammer and a subscriber is nearly always very clear, but the dictinction between a subscriber who is abusing the list by posting reams of propaganda and a subscriber who is making lots of controversial posts is not clear. Therefore, we tolerate the crap. Subscribers with a low crap tolerance should check out mail filters. Procmail is a good one, although it works on Unix and Unix-like systems only. Eudora also has a capacity for filtering mail, as do many other mail readers. An example procmail recipie is below, you will of course want to make your own decisions on which (ab)users to filter. # mailing lists: # filter all cypherpunks mail into its own cypherspool folder, discarding # mail from loons. All CDRs set their From: line to 'owner-cypherpunks'. # /dev/null is unix for the trash can. :0 * ^From.*owner-cypherpunks at .* { :0: * (^From:.*ravage at ssz\.com.*|\ ^From:.*jchoate at dev.tivoli.com.*|\ ^From:.*mattd at useoz.com|\ ^From:.*proffr11 at bigpond.com|\ ^From:.*jei at cc.hut.fi) /dev/null :0: cypherspool } 7. List of current CDRs All commands are sent in the body of mail unless otherwise noted. --------------------------------------------------------------------------- Algebra: Operator: Subscription: "subscribe cypherpunks" to majordomo at algebra.com Unsubscription: "unsubscribe cypherpunks" to majordomo at algebra.com Help: "help cypherpunks" to majordomo at algebra.com Posting address: cypherpunks at algebra.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- CCC: Operator: drt at un.bewaff.net Subscription: "subscribe [password of your choice]" to cypherpunks-request at koeln.ccc.de Unsubscription: "unsubscribe " to cypherpunks-request at koeln.ccc.de Help: "help" to to cypherpunks-request at koeln.ccc.de Web site: http://koeln.ccc.de/mailman/listinfo/cypherpunks Posting address: cypherpunks at koeln.ccc.de Filtering policy: This specific node drops messages bigger than 32k and every message with more than 17 recipients or just a line containing "subscribe" or "unsubscribe" in the subject. Digest mode: this node is digest-only NNTP: news://koeln.ccc.de/cbone.ml.cypherpunks Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Infonex: Subscription: "subscribe cypherpunks" to majordomo at infonex.com Unsubscription: "unsubscribe cypherpunks" to majordomo at infonex.com Help: "help cypherpunks" to majordomo at infonex.com Posting address: cypherpunks at infonex.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Lne: Subscription: "subscribe cypherpunks" to majordomo at lne.com Unsubscription: "unsubscribe cypherpunks" to majordomo at lne.com Help: "help cypherpunks" to majordomo at lne.com Posting address: cypherpunks at lne.com Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to lne CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. messages are demimed (MIME attachments removed) when posted through lne or received by lne CDR subscribers 2. leading "CDR:" in subject line removed 3. "Reply-to:" removed Privacy policy: private Info: http://www.lne.com/cpunk; "info cypherpunks" to majordomo at lne.com Archive: http://archives.abditum.com/cypherpunks/index.html (thanks to Steve Furlong and Len Sassaman) --------------------------------------------------------------------------- Minder: Subscription: "subscribe cypherpunks" to majordomo at minder.net Unsubscription: "unsubscribe cypherpunks" to majordomo at minder.net Help: "help" to majordomo at minder.net Posting address: cypherpunks at minder.net Filtering policy: raw Message Modification policy: no modification Privacy policy: private Info: send mail to cypherpunks-info at minder.net --------------------------------------------------------------------------- Openpgp: [openpgp seems to have dropped off the end of the world-- it doesn't return anything from sending help queries. Ericm, 8/7/01] Subscription: "subscribe cypherpunks" to listproc at openpgp.net Unsubscription: "unsubscribe cypherpunks" to listproc at openpgp.net Help: "help" to listproc at openpgp.net Posting address: cypherpunks at openpgp.net Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Ssz: Subscription: "subscribe cypherpunks" to majordomo at ssz.com Unsubscription: "unsubscribe cypherpunks" to majordomo at ssz.com Help: "help cypherpunks" to majordomo at ssz.com Posting address: cypherpunks at ssz.com Filtering policy: raw Message Modification policy: Subject line prepended with "CDR:" Reply-to cypherpunks at ssz.com added. Privacy policy: open Info: http://www.ssz.com/cdr/ --------------------------------------------------------------------------- Sunder: Subscription: "subscribe" to sunder at sunder.net Unsubscription: "unsubscribe" to sunder at sunder.net Help: "help" to sunder at sunder.net Posting address: sunder at sunder.net Filtering policy: moderated Message Modification policy: ??? Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- Pro-ns: Subscription: "subscribe cypherpunks" to majordomo at pro-ns.net Unsubscription: "unsubscribe cypherpunks" to majordomo at pro-ns.net Help: "help cypherpunks" to majordomo at pro-ns.net Posting address: cypherpunks at pro-ns.net Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to local CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. leading "CDR:" in subject line removed 2. "Reply-to:" removed Privacy policy: private Info: http://www.pro-ns.net/cpunk From shaddack at ns.arachne.cz Sun Sep 21 13:28:29 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Sun, 21 Sep 2003 22:28:29 +0200 (CEST) Subject: Walker: NAT means you are a consumer, not a peer In-Reply-To: <3F6CEF7B.E485E6E7@cdc.gov> References: <3F6CEF7B.E485E6E7@cdc.gov> Message-ID: > (from /.) http://www.fourmilab.ch/speakfree/eol/ > has a good rant by John Walker on how NAT turns > users into consumers. That's partially true, but the situation isn't that bad yet, and there are countermeasures available for some cases. See eg. http://www.pdos.lcs.mit.edu/~baford/nat/draft-ford-natp2p-00.txt Walker's assesment is probably distorted by disproportional amount of NAT-related questions on the support board. Not too long ago, I incorporated binding to a defined UDP source IP:port to my sfParanoidPatch for Linux version. This could alleviate some NAT-related problems, and let Windows version developers to get inspired how to do it too. What's sorely missing is some kind of easy diagnostics, a simple packet sniffer showing the incoming/outgoing packets and a server that when asked over TCP (eg, as a CGI script) would send back a short burst of SpeakFreely-like UDP traffic, in order to detect if incoming traffic is possible. > Also Speak Freely maintenance is ending. Not really. The project is moved to Sourceforge. The only thing ending is Walker's involvement. Now we can only hope that the project will be adopted by someone with strong-enough organization and leadership skills. > Sic transit unix to PC secure vox. Note that PGPfone devel ended a > while ago, unsupporting PC to Mac secvox. Nautilus is AFAIK PC to PC > only. There is a need for secure cross-platform VoIP software. With a bit of luck, SF won't die. There are already talks between the hopefully new developers about architecture of new generation of SpeakFreely. > John is also pessimistic about 1. IPv6 deployment and 2. the return of > NAT'd broadband users to non-consumer (ie, potential server aka > publisher) status. If I remember correctly, IPv6 rollout is government-supported in eg. Japan, and there are considerations over Europe. If the critical mass will be reached, others will follow. Matter of time. The consumer/publisher differentiation won't be as easy. Even "pure" consumers have desire to run server-like applications; webcams, VoIP, Interget gaming. If there still be some differentiation between ISPs and content providers, there will be a reason - especially on saturated markets - to cater to the wishes of groups like gamers. And once there are methods for piercing holes in NAT for UDP, suitable for games, the same methods are suitable for VoIP, so for SpeakFreely as well. > As always, Walker is worth a read. Without doubts. From ashwood at msn.com Mon Sep 22 00:20:19 2003 From: ashwood at msn.com (Joseph Ashwood) Date: Mon, 22 Sep 2003 00:20:19 -0700 Subject: Encrypted search? References: Message-ID: <005701c380da$ae8407a0$6601a8c0@JOSEPHAS> ----- Original Message ----- From: "Tyler Durden" To: Sent: Sunday, September 21, 2003 3:45 PM Subject: Encrypted search? > Got a crypto question here. > > Let's say I push out a list I'd like to keep secret to some client machine. > The user of that machine must enter some ID or other piece of information. I > want the client machine to perform a search of that ID vs the contents of a > list (again, resident locally on that machine), but I don't want the user to > be able to see the other entries of that list. > > Possible? Remember, after the initial push of data out to the client > machine, no more messages are exchanged. This means the list must be sent in > encrypted form. Actually sending the list in encrypted form will create holes, the key is to not send the list, but to send the information that allows a member to see that they are on the list. > > When the search is performed, the "stupid" thing to do (I think...someone > correct me) is to take the user's ID, encrypt it, and then determine if > matches an encypted member of the list (and I don't see encrypted each entry > individually as a desirable thing). I am assuming that this allows a savvy > user to reverse-engineer the encryption. Correct that won't work. A smarter idea would be to use the user ID and password to key encryption of a quantity (see Unix password system which is very similar, but lacked the presence of the user ID). > Another option is one I don't have the background at this stage to > understand. Let's assume the entire list has been encrypted in one shot. Is > there some function such that when this encrypted list is convolved with the > user ID a "Yes" or "no" can be obtained (indicating presence or absence from > the list)? I believe the answer is no, at least not without leaking large quantities of information. It is possible I am wrong, but there are simpler, more straight forward solutions. > Based on my interpretation of the problem there are a number of solutions. One fairly straight forward one is: Assuming you have a single file to protect (or a single group of files), and don't need to protect the number of people who have access, the simple solution is to use a method very similar to PGP, but without the key identifiers. While this is just a quick sketch the file undergoes approximately the following: establish public keys for each member of the group (e.g. hash(passphrase, username) = priv, use priv as private key in ECC, everyone can use the same group) Choose 2 random keys (K1, K2), and 2 random IVs for CBC (IV1, IV2) MAC the plaintext file using CBC-MAC, key is K2, IV = IV2 postpend the MAC to the file Encrypt the file using K1 in CBC mode, IV = IV1 For each member in the group take their public key, and construct a shared secret (your choice how), that shared secret is used as the key to encrypt K1 and K2, this (known length) encrypted value is PersonalText[i] The new file format is: number of members of group (n) PersonalText[0] ... PersonalText[n] IV1 IV2 encrypted file On each access the accessing person iterates through the PersonalText list, for each decrypted value (remember there is no authenticator on the value to save room, and raise the cost of determining membership in bulk) perform a full decrypt and MAC verification, if the MAC verifies the decryption is correct. This is rather similar to what PGP and others use for multi-target encryption, but to speed the process they include key ids of some kind, that is effectively the only change (assuming proper choices for omissions). Proving the security of this is more difficult as there is a possibility that the correlations given by PersonalText[0,n] may provide improved methods of breakage, this can be addressed using hashes and random numbers in the PersonalText. However assuming ECC is equivalent to DH key agreement (almost certainly), the determination of whether a given PersonalText[i] is for User U is a simple variation of the Decision Diffie-Hellman problem. > If the answer is yes, I'd also like to know if knowing this is farily basic > to most encryption professionals sphere of knowledge... Probably not, until they realize that it can be solved with a reuse of PGP-type messages without key ids, at which point it should be well within their knowledge. Joseph Ashwood Trust Laboratories Changing Software Development http://www.trustlaboratories.com From shaddack at ns.arachne.cz Sun Sep 21 17:56:30 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Mon, 22 Sep 2003 02:56:30 +0200 (CEST) Subject: Walker: NAT means you are a consumer, not a peer In-Reply-To: <200309220045.h8M0jbZ14500@cs.auckland.ac.nz> References: <200309220045.h8M0jbZ14500@cs.auckland.ac.nz> Message-ID: On Mon, 22 Sep 2003, Peter Gutmann wrote: > >>Also Speak Freely maintenance is ending. > >Not really. The project is moved to Sourceforge. > Isn't that synonymous with "Speak Freely maintenance is ending"? Not entirely. Sourceforge projects can be roughly divided to two categories: maintained, and unmaintained. :) From jtrjtrjtr2001 at yahoo.com Mon Sep 22 04:37:26 2003 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Mon, 22 Sep 2003 04:37:26 -0700 (PDT) Subject: Drunken US Troops Kill Rare Tiger In-Reply-To: Message-ID: <20030922113726.72528.qmail@web21202.mail.yahoo.com> hi, Vote for some one who promises freedom,democracy and development. Is that so hard? Sarath. --- Tyler Durden wrote: > > I guess in the end we are responsible for the > actions our government takes. > And if we remain ignorant and continue to benefit > (and do nothing to stop > it), then we are responsible, particularly when our > military represents an > outrageously assymetric invasionary force. __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From mv at cdc.gov Mon Sep 22 07:41:26 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Mon, 22 Sep 2003 07:41:26 -0700 Subject: "Wiretapping has been privatized" [Mexico] Message-ID: <3F6F0A16.F69AACB1@cdc.gov> Mexico Sees Big Brother on the Loose http://www.latimes.com/news/nationworld/world/la-fg-bug22sep22,1,5195976.story?coll=la-home-todays-times From mv at cdc.gov Mon Sep 22 08:27:23 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 22 Sep 2003 08:27:23 -0700 Subject: Drunken US Troops Kill Rare Tiger Message-ID: <3F6F14DB.878E3F47@cdc.gov> At 07:18 PM 9/21/03 -0700, Tim May wrote: > >> Give part of germany to the jews, and give palestine back to the arabs > >Give the Jew invaders of Palestine a 10-minute lesson in swimming, hand >them a pair of water wings, and tell them to swim for their lives. > >With luck, only one in 100 will make it to the point where Do-Gooder >rescuer ships make them welfare burdens on America. America shouldn't have been / shouldn't be involved in any of the overseas wars or the resulting injustices. It was a Euro/Brit problem. As far as I can tell, the EuroXian guilt after WWII was shed by sending the Jews to a slice of desert that the Brits had conquered previously. "Two wrongs not making a right" doesn't seem to have occurred to them. Funny how this was never described during my American education. Its quite simple, albeit suppressed. It therefore seems fairer to give a slice of EuroLand to the folks that the Euros felt guilty about mistreating. Its on the same ocean, and there's more water there too. This is also totally kosher historically, the victors of war often repartition the losers' lands (to say nothing of enslaving them..) Its a bummer that this would have to be done 60 years too late, displacing some Euros, but hey, maybe three wrongs make things right? --- Will trade one Vanunu trading card for a Pollard.. From jamesd at echeque.com Mon Sep 22 08:43:44 2003 From: jamesd at echeque.com (James A. Donald) Date: Mon, 22 Sep 2003 08:43:44 -0700 Subject: The world turned upside down. In-Reply-To: References: <200309210127.h8L1R3ev016277@artifact.psychedelic.net> Message-ID: <3F6EB640.5359.50E20@localhost> -- For a long time the US has been the center of the world monetary system, and the US dollar the base money of which all others are derivatives. The primary way of doing transactions on the internet is by credit card, with the headquarters and computers located in the USA. The secondary way is by paypal, located in the USA. Paypal and credit card requires information that ultimately links to your true name and social security number, and people in those peripheral and backward countries that do not yet have their system of government issued identity well integrated to that of the USA, for example Poland, cannot use Paypal. The US government makes a big profit out of this, effectively gaining an interest free loan on each dollar it prints, and it also leverages it into a source of power. Those it disapproves of are cut off from the mainstream money system. Now if one cuts a few terrorists off from the money system, no problem, but when one cuts off large numbers of terrorists, suspected terrorists, suspected child pornographers, suspected money launderers, suspected tax dodgers, and the entire population of Poland, who is being cut off? The terrorists or the US? Well people, I think the money system has just turned upside down. The money launderers are not being cut off from the US led international monetary system. Instead the US is being cut off from the money launderer led international monetary system. The two most popular no-true-name accounts are e-gold an moneybookers. I googled for web pages containing both the word "egold" and the word "moneybookers". Got lots of hits, seems that lots of quite ordinary people are finding it cheaper or more convenient to mediate international transactions through computers that are not located in the US and whose accounts are not coupled to true names. The great majority of people and money are still going through the US led system, and since people are reluctant to change, that will continue for a long time. But they no longer have to, and for most people in the world, there is no longer a good reason why they should. A no-true-name account is inherently cheaper than a true-name account, because of the high cost of managing true names. The early adopters seem to be largely people who are sensitive to the cost of setting up accounts. However, a no-true-name account still faces the problem that it is reversible, dragging the issuer into the arbitration business, which most issuers are not competent to do. All users have to pay a transaction cost reflecting arbitration costs, whether they want their transactions to be arbitrable or not. The solution to that cost, is chaumian money. The fact that no-true-name money seems to be beating true-name money leads me hope that economics can beat inertia and regulation. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG ForgDjc+maghCgZHGp2ILgpQ1EJ4weji+guNpA6d 4V0E4la174KcnGEHgMo0C/zJlMQlOcMwzRGJ+HQ5W From Freematt357 at aol.com Mon Sep 22 05:47:10 2003 From: Freematt357 at aol.com (Freematt357 at aol.com) Date: Mon, 22 Sep 2003 08:47:10 EDT Subject: Liquidating the Mud People Message-ID: <78.47a126f6.2ca0494e@aol.com> In a message dated 9/21/03 6:55:47 PM Eastern Daylight Time, camera_lumina at hotmail.com writes: > I'm wondering if after writing this you started putting 2+2...guns are > legal > in Canada...go see "Bowling for Columbine"...apparently, many Canadians have > > guns, but they just don't use them to kill people very often. > Only certain guns are legal for the socialists to the North, basically hunting bolt actions and shotguns. Incidentally such guns are usually many more times more powerful than most pistols. Ohio and Florida are the main source of illegal guns in Canada, so me being a gun owner from Ohio with a house in Florida, I got extra scrutiny. Quite a testament to their databases. One of the women customs agents spoke of their distaste for pistols, so in reply I mentioned that just last week I shot a Para-Ordinance .45 belonging to a buddy. Para-Ordinace is a gun manufactor from Ontario. While in Toronto I read that some employees from Para were caught selling gun parts to whoever wanted them- It appears that gun control doesn't work for them either. You can travel to Canada with a rifle, you just have to declare it along with the serial number which they record and where you're going to hunt or camp or whatnot. Regards, Matt- From pcw at flyzone.com Mon Sep 22 05:50:54 2003 From: pcw at flyzone.com (Peter Wayner) Date: Mon, 22 Sep 2003 08:50:54 -0400 Subject: No subject Message-ID: Lately, there has been some discussion on mailing lists and blogs about the fact that srcabmling the oredr of ltetres in Egnilsh deson't afefct raebditly. I decided to write some code to experiment with it. You can try out the Java applet here: http://www.wayner.org/books/discrypt2/wordsteg.php Source code is available protected by the LGPL. It builds upon an earlier experiment here: http://www.wayner.org/books/discrypt2/sorted.php Please write if you have questions, thoughts, comments, etc. Peter Wayner p3 at wayner.org From mv at cdc.gov Mon Sep 22 09:46:51 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 22 Sep 2003 09:46:51 -0700 Subject: Duck Freedom Fighter (Terrorists), Euler SUV Graffiti Message-ID: <3F6F277B.9C458F0D@cdc.gov> At 03:05 PM 9/22/03 +0100, ken wrote: >Major Variola (ret.) wrote: >> This is *not* a spoof. > >Why should we think it a spoof? Maybe the USA is just catchiung >up. In my home town, Brighton in Enlgand, people calling >themselves the ALF used to do this sort of thing pretty regularly >in the late 70s and in the 80s. Once they let some cattle free in >the street from a local abattoir. One *might* think it a spoof because the ALFers rescued 4 overweight ducks. Had they been, say, a couple of tracheotomized lab beagles, or something else furry with big brown eyes, the PR would have been better. And letting the cattle roam a street is not going to save them, unless the street is in India. The ducks were taken to vets and will be taken care of. I realize that some UK ALFers are a bit more effective. The local ELFers are at least making more of a financial dent ---toast some West Covina Hummers, recycle the carbon in some San Diego houses under construction. Auntie Arson would be proud. Of course, they get called domestic terrorists, having harmed *zero* animals (incl. simians), while some of our revered congressvermin have killed people. (Its ok, they were just gooks, and they had government permission; well, except for that congressvermin who recently ran down a motorcyclist; and Ted Kennedy of course; and all the indirect violence the congressvermin create.) Its all about as amusing as the ending of "12 monkeys"... --- "all the normalities of the social contract are abandoned in war" Jack Valenti MPAA pres, in LATimes on Kerry's war crimes "If we are thieves, so were the members of the Underground Railroad who freed the slaves of the South; And if we are vandals, so were those who destroyed forever the gas chambers of Buchanwald and Auschwitz." -- X (ALF) "I didn't claw my way to the top of the food chain to eat vegetables" -Anon The Lord is my shepherd, I shall not want He makes me down to lie Through pastures green He leadeth me the silent waters by. With bright knives He releaseth my soul. He maketh me to hang on hooks in high places. He converteth me to lamb cutlets, For lo, He hath great power, and great hunger. From ptrei at rsasecurity.com Mon Sep 22 06:58:52 2003 From: ptrei at rsasecurity.com (Trei, Peter) Date: Mon, 22 Sep 2003 09:58:52 -0400 Subject: Liquidating the Mud People Message-ID: > Tyler Durden[SMTP:camera_lumina at hotmail.com] > > Matt Gaylor wrote... > > "That's what free people have and that's one of the reason's I'd never > move to Canada. Naturally my car got searched with a fine toothed comb, > but > I > added I wouldn't be stupid enough to bring my pistol. I spent considerable > effort cleaning my car of any stray ammo, thinking what sort of post 9/11 > hell > I'd me in if they found a .308 or errant 9 mm. Speaking with Canadian > customs > however I discovered that I could have legally imported 5,000 rounds of > ammo. > Apparently people do so for hunting trips." > > I'm wondering if after writing this you started putting 2+2...guns are > legal > in Canada...go see "Bowling for Columbine"...apparently, many Canadians > have > guns, but they just don't use them to kill people very often. > Long weapons can be brought into Canada from the US with just a little paperwork. Handguns are a different story. Peter Trei From emc at artifact.psychedelic.net Mon Sep 22 10:07:38 2003 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Mon, 22 Sep 2003 10:07:38 -0700 (PDT) Subject: Democracy and Freedom Message-ID: <200309221707.h8MH7cmh019520@artifact.psychedelic.net> Freedom is the ability to conduct ones affairs, and pursue ones goals, without interference from government. Democracy is the right of the government to impose the will of 51% of your neighbors on you by force every time the neighbors don't like what you are doing. I am constantly surprised and amazed that there are people on this list who think democracy and freedom are the same thing. The ideal government is dictatorship, under the ideal dictator. -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From DaveHowe at gmx.co.uk Mon Sep 22 02:11:10 2003 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Mon, 22 Sep 2003 10:11:10 +0100 Subject: Encrypted search? References: Message-ID: <002001c380e9$78d339f0$c71121c2@exchange.sharpuk.co.uk> Tyler Durden wrote: > When the search is performed, the "stupid" thing to do (I > think...someone correct me) is to take the user's ID, encrypt it, and > then determine if matches an encypted member of the list (and I don't > see encrypted each entry individually as a desirable thing). I am > assuming that this allows a savvy user to reverse-engineer the > encryption. What you do is hash the ID, then compare it to the list of hashed entries, using the ID as the key to decrypt the data associated with that entry while that isn't subject to reverse engineering, the abuse it *is* open to is random guessing of IDs (every "success" gives someone else's record, with failures having no penalty) Adding a password (and combining it with the ID to give your key) will address some of that, but really you need to encrypt each entry individually to prevent someone simply decompiling your code and obtaining your full data list. > Another option is one I don't have the background at this stage to > understand. Let's assume the entire list has been encrypted in one > shot. Is there some function such that when this encrypted list is > convolved with the user ID a "Yes" or "no" can be obtained > (indicating presence or absence from the list)? no. if you trial encrypt the sample ID for comparison, you hand them the key to the whole list. From ravage at einstein.ssz.com Mon Sep 22 09:04:25 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Mon, 22 Sep 2003 11:04:25 -0500 (CDT) Subject: Boston.com / News / Nation / Bush calls Kennedy's Iraq criticism `uncivil' (fwd) Message-ID: http://www.boston.com/news/nation/articles/2003/09/22/bush_calls_kennedys_iraq_criticism_uncivil_boston_globe?mode=PF -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From eugen at denver065.server4free.de Mon Sep 22 03:03:16 2003 From: eugen at denver065.server4free.de (Eugen Leitl) Date: Mon, 22 Sep 2003 12:03:16 +0200 Subject: Walker: NAT means you are a consumer, not a peer In-Reply-To: References: <200309220045.h8M0jbZ14500@cs.auckland.ac.nz> Message-ID: <20030922100316.GC10262@leitl.org> On Mon, Sep 22, 2003 at 02:56:30AM +0200, Thomas Shaddack wrote: > Not entirely. Sourceforge projects can be roughly divided to two > categories: maintained, and unmaintained. :) When Walker announced SF's EOL he mentioned lack of successor developers capable of filling his shoes. Since then, unsurprisingly http://sourceforge.net/projects/speak-freely-u only shows one developer, namely, John Walker. SF is small enough to fit into an embedded Linux firewall (some of which have DynDNS clients embedded, e.g. Allnet's), and can be trivially patched to use gpg to set up session keys. The NAT traversal does not occur in the NAT device itself, obviously. Maybe somebody here has connections to hardware manufacturers who would be able to add a POTS jack to a firewall, and produces worthwhile quantities. Sounds like a business plan that might work. [demime 0.97c removed an attachment of type application/pgp-signature] From pgut001 at cs.auckland.ac.nz Sun Sep 21 17:45:37 2003 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Mon, 22 Sep 2003 12:45:37 +1200 Subject: Walker: NAT means you are a consumer, not a peer Message-ID: <200309220045.h8M0jbZ14500@cs.auckland.ac.nz> Thomas Shaddack writes: >>Also Speak Freely maintenance is ending. > >Not really. The project is moved to Sourceforge. Isn't that synonymous with "Speak Freely maintenance is ending"? Peter :-). From ptrei at rsasecurity.com Mon Sep 22 10:15:24 2003 From: ptrei at rsasecurity.com (Trei, Peter) Date: Mon, 22 Sep 2003 13:15:24 -0400 Subject: Drunken US Troops Kill Rare Tiger Message-ID: > Major Variola (ret)[SMTP:mv at cdc.gov] > > As far as I can tell, the EuroXian guilt after WWII > was shed by sending the Jews to a slice of desert that the Brits > had conquered previously. "Two wrongs not making a right" doesn't > seem to have occurred to them. [...] > Its a bummer that this would have to be done 60 years too late, > displacing some Euros, but hey, maybe three wrongs make things right? > Two wrongs do not make a right, but three rights do make a left :-) Peter Trei From camera_lumina at hotmail.com Mon Sep 22 10:17:06 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 22 Sep 2003 13:17:06 -0400 Subject: Drunken US Troops Kill Rare Tiger Message-ID: Hey... "Don't blame me, I voted for Kodos." -Homer Simpson >From: Sarad AV >To: cypherpunks at lne.com >Subject: Re: Drunken US Troops Kill Rare Tiger >Date: Mon, 22 Sep 2003 04:37:26 -0700 (PDT) > >hi, > >Vote for some one who promises freedom,democracy and >development. Is that so hard? > >Sarath. > > >--- Tyler Durden wrote: > > > > I guess in the end we are responsible for the > > actions our government takes. > > And if we remain ignorant and continue to benefit > > (and do nothing to stop > > it), then we are responsible, particularly when our > > military represents an > > outrageously assymetric invasionary force. > > > > > >__________________________________ >Do you Yahoo!? >Yahoo! SiteBuilder - Free, easy-to-use web site design software >http://sitebuilder.yahoo.com _________________________________________________________________ Share your photos without swamping your Inbox. Get Hotmail Extra Storage today! http://join.msn.com/?PAGE=features/es From s.schear at comcast.net Mon Sep 22 13:46:11 2003 From: s.schear at comcast.net (Steve Schear) Date: Mon, 22 Sep 2003 13:46:11 -0700 Subject: Political cartoon says it all: Saddam falls Message-ID: <5.2.1.1.0.20030922134604.041786f0@mail.comcast.net> http://www.courier-journal.com/nick/2003/09/0912.html "The guerrilla wins by not losing, the army loses by not winning" -- Henry Kissinger From andrewt at nmh.co.za Mon Sep 22 05:11:05 2003 From: andrewt at nmh.co.za (Andrew Thomas) Date: Mon, 22 Sep 2003 14:11:05 +0200 Subject: Drunken US Troops Kill Rare Tiger In-Reply-To: <20030922113726.72528.qmail@web21202.mail.yahoo.com> Message-ID: <001201c38102$9c895730$0101a8c0@nmh.local> > Vote for some one who promises freedom,democracy and > development. Is that so hard? Freedom means what to you? Getting to vote once every four or five years on what direction your country is going to take? What if freedom means an anarchive un-state? Being forced to subjugate your views to those of others on the basis of your geographical locality, while being prevented from gathering with others who may share your political views in sufficient numbers such as to be able to succesfully secede is not freedom. What is development? Market liberalisation? Socialism? Statism or the removal of the state aparatus? In statist, capitalist democracy, reduce or increase taxes? Remove or increase social welfare and support? Permit or restrict immigration? If you are sold on blanket, unqualified terms such as 'freedom', 'development' and 'democracy', and are willing to accept the empty rhetoric espoused by most politicians without critical analysis, then you'd probably make a good subject of the current system. Or am I wrong? -- Andrew G. Thomas From frissell at panix.com Mon Sep 22 11:15:06 2003 From: frissell at panix.com (Duncan Frissell) Date: Mon, 22 Sep 2003 14:15:06 -0400 (EDT) Subject: Drunken US Troops Kill Rare Tiger In-Reply-To: <200309210127.h8L1R3ev016277@artifact.psychedelic.net> References: <200309210127.h8L1R3ev016277@artifact.psychedelic.net> Message-ID: On Sat, 20 Sep 2003, Eric Cordian wrote: > In my opinion, the tiger was worth more than all the US Troops currently > occupying Iraq. Maybe the tiger "shot" first. > If AmeriKKKa freely re-elects Shrub, because Americans admire his bullying > the rest of the world, and the American people freely support and fund > such activities as the Pax AmeriKKKana, and unprovoked wars of aggression, > then it's probably true there are no civilians in AmeriKKKa either. I'm sure that the opposition shares that view already. And I may agree. Unfortunately if true, then that means that "the enemy peoples" are also all combatants and the US would be justified (as in a naval battle with no civilians) of ending the whole thing in 30 minutes by applying some advanced physics to enemy landscapes. Rough on the oil market though. DCF From paulhart at redchocolate.ca Mon Sep 22 11:56:43 2003 From: paulhart at redchocolate.ca (Paul Hart) Date: Mon, 22 Sep 2003 14:56:43 -0400 Subject: The world turned upside down. In-Reply-To: <3F6EB640.5359.50E20@localhost> Message-ID: <81E53CA6-ED2E-11D7-9DFC-000393CC268A@redchocolate.ca> On Monday, September 22, 2003, at 11:43 AM, James A. Donald wrote: > The two most popular no-true-name accounts are e-gold an > moneybookers. > Do you know of any other good online paypal-esque services that have some level of reputation? I was looking through the details at moneybookers, and it appears you can't do more than EUR15000 in transactions per quarter, which is far too little for the purposes I have in mind. All suggestions welcomed. Paul From bbrow07 at students.bbk.ac.uk Mon Sep 22 07:02:45 2003 From: bbrow07 at students.bbk.ac.uk (ken) Date: Mon, 22 Sep 2003 15:02:45 +0100 Subject: Encrypted search? References: Message-ID: <3F6F0105.3090903@students.bbk.ac.uk> Tyler Durden wrote: > Let's say I push out a list I'd like to keep secret to some client > machine. The user of that machine must enter some ID or other piece of > information. I want the client machine to perform a search of that ID vs > the contents of a list (again, resident locally on that machine), but I > don't want the user to be able to see the other entries of that list. [...] > When the search is performed, the "stupid" thing to do (I > think...someone correct me) is to take the user's ID, encrypt it, and > then determine if matches an encypted member of the list (and I don't > see encrypted each entry individually as a desirable thing). I am > assuming that this allows a savvy user to reverse-engineer the encryption. This is, roughly, how traditional Unix password security works. Reverse-engineering the encryption may or may not be possible, and ought not to matter if you have used a strong enough method and long enough keys. And anyway, if this is running on the client machine then they already have a program that can do the work. What is possible is brute-forcing by encrypting the whole dictionary and trying every word one by one. If your algorithm is strong enough, your key long enough, and above all if the space from which the plaintext is taken is large enough, than this sort of approach can be made sort of safe enough for most applications. But why bother? From bbrow07 at students.bbk.ac.uk Mon Sep 22 07:05:44 2003 From: bbrow07 at students.bbk.ac.uk (ken) Date: Mon, 22 Sep 2003 15:05:44 +0100 Subject: Duck Freedom Fighter (Terrorists), Euler SUV Graffiti References: <3F69DDC2.FB56EFE0@cdc.gov> Message-ID: <3F6F01B8.3000201@students.bbk.ac.uk> Major Variola (ret.) wrote: > This is *not* a spoof. Why should we think it a spoof? Maybe the USA is just catchiung up. In my home town, Brighton in Enlgand, people calling themselves the ALF used to do this sort of thing pretty regularly in the late 70s and in the 80s. Once they let some cattle free in the street from a local abattoir. From shaddack at ns.arachne.cz Mon Sep 22 07:30:34 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Mon, 22 Sep 2003 16:30:34 +0200 (CEST) Subject: Encrypted search? In-Reply-To: References: Message-ID: On Sun, 21 Sep 2003, Tyler Durden wrote: > Got a crypto question here. > > Let's say I push out a list I'd like to keep secret to some client machine. > The user of that machine must enter some ID or other piece of information. I > want the client machine to perform a search of that ID vs the contents of a > list (again, resident locally on that machine), but I don't want the user to > be able to see the other entries of that list. Sounds quite like a web access filtering problem. > Possible? Remember, after the initial push of data out to the client > machine, no more messages are exchanged. This means the list must be sent in > encrypted form. Try a list of hashes of the IDs. Of course this would work only if the bruteforcing of the index would be impractical; eg, it may somehow work for longer email addresses, but probably won't work for phone numbers. > When the search is performed, the "stupid" thing to do (I think...someone > correct me) is to take the user's ID, encrypt it, and then determine if > matches an encypted member of the list (and I don't see encrypted each entry > individually as a desirable thing). I am assuming that this allows a savvy > user to reverse-engineer the encryption. Good hash (MD5, SHA1, etc. - their other advantage is that their code is out there and you don't have to write it) can't be reversed. However, they can be bruteforced, if the input set isn't impractically big (eg, a set of phone numbers from one area code is less than 10,000 possibilities, which is trivial to take, calculate a hash for every one of them, and check if the database contains it). > Another option is one I don't have the background at this stage to > understand. Let's assume the entire list has been encrypted in one shot. Is > there some function such that when this encrypted list is convolved with the > user ID a "Yes" or "no" can be obtained (indicating presence or absence from > the list)? Yes. Hash is there / hash is not there. > If the answer is yes, I'd also like to know if knowing this is farily basic > to most encryption professionals sphere of knowledge... I suppose so. Similar approach is used for accelerating searches in long lists of data. Maybe there is better approach, my crypto-fu isn't good enough yet to do more than kibitzing. From lists at crimbles.demon.co.uk Mon Sep 22 08:45:09 2003 From: lists at crimbles.demon.co.uk (David Crookes) Date: Mon, 22 Sep 2003 16:45:09 +0100 Subject: Drunken US Troops Kill Rare Tiger In-Reply-To: <20030922113726.72528.qmail@web21202.mail.yahoo.com> References: <20030922113726.72528.qmail@web21202.mail.yahoo.com> Message-ID: <200309221645.09497.lists@crimbles.demon.co.uk> On Monday 22 September 2003 12:37 pm, Sarad AV wrote: > > Vote for some one who promises freedom,democracy These two don't co-exist too well if you're idle. From Freematt357 at aol.com Mon Sep 22 14:05:13 2003 From: Freematt357 at aol.com (Freematt357 at aol.com) Date: Mon, 22 Sep 2003 17:05:13 EDT Subject: "Spin State" cyberpunk? Message-ID: <112.28ccf829.2ca0be09@aol.com> On page 61 of the November issue of Analog there is an ad for the book, "Spin State" by Chris Moriarty (www.bantamdell.com). The book is alleged to be "A thrilling high-end upgrade of cyberpunk." Has anybody read it? Of some suspicion is Brin's recommendation "Science fiction for grownups who want some 'wow' with their 'what-if.'" The ad writes about the book; "UN Peacekeeper Major Catherine Li is hiding secrets about her past. And in a post-human universe of emergent AIs, genetic constructs, and illegal wetware, one misstep in her hunt for a killer could literally blow her mind." If anybody has the read the book or knows if the book is pro-freedom please let me know. Regards, Matt Gaylor- From sunder at sunder.net Mon Sep 22 14:19:09 2003 From: sunder at sunder.net (Sunder) Date: Mon, 22 Sep 2003 17:19:09 -0400 (edt) Subject: Drunken US Troops Kill Rare Tiger In-Reply-To: <20030922113726.72528.qmail@web21202.mail.yahoo.com> Message-ID: They *ALL* promise freedom, democracy, and development. It's voting for someone who delivers thems instead of opression, fascism, and theft that's the problem. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Mon, 22 Sep 2003, Sarad AV wrote: > hi, > > Vote for some one who promises freedom,democracy and > development. Is that so hard? From roy at rant-central.com Mon Sep 22 17:28:06 2003 From: roy at rant-central.com (Roy M. Silvernail) Date: Mon, 22 Sep 2003 20:28:06 -0400 Subject: Elngsih (was "") In-Reply-To: References: Message-ID: <200309222028.06490.roy@rant-central.com> On Monday 22 September 2003 18:39, Thomas Shaddack wrote: > > Please write if you have questions, thoughts, comments, etc. > > Could be the l33t sp3ak next generation for the cases when the > communication is monitored by automated tools for keywords. Could foil > both alerting on keywords and keyword searching on intercepted and stored > material (unless the keyword search would look also for all the possible > permutations of the words). No, the channel is better than that. The true keywords aren't even in the message. Only some stego binary codes that are translated after recovery, so one need not even be as obvious as "Pick up the 2 cases of beer at Simon's on the way home." Srue, it's obvoius if you try to sutff too much itno one cleratxet, but that would be a rookie mistake. From timcmay at got.net Mon Sep 22 20:30:08 2003 From: timcmay at got.net (Tim May) Date: Mon, 22 Sep 2003 20:30:08 -0700 Subject: Drunken US Troops Kill Rare Tiger In-Reply-To: Message-ID: <3B60CB10-ED76-11D7-87EC-000A956B4C74@got.net> On Monday, September 22, 2003, at 02:19 PM, Sunder wrote: > They *ALL* promise freedom, democracy, and development. It's voting > for > someone who delivers thems instead of opression, fascism, and theft > that's > the problem. > Anyone who claims to deliver "democracy, and development" needs to be assassinated. As for delivering "freedom," they can butt out of the election as a first step. --Tim May From mv at cdc.gov Mon Sep 22 21:14:34 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 22 Sep 2003 21:14:34 -0700 Subject: Elngsih (was "") Message-ID: <3F6FC8A9.E51A9B39@cdc.gov> At 08:28 PM 9/22/03 -0400, Roy M. Silvernail wrote: >On Monday 22 September 2003 18:39, Thomas Shaddack wrote: >> Could be the l33t sp3ak next generation for the cases when the >> communication is monitored by automated tools for keywords. Could foil >> both alerting on keywords and keyword searching on intercepted and stored >> material (unless the keyword search would look also for all the possible >> permutations of the words). You don't actually think that Folks Who Care use interesting keywords, do you? You *at least* use codebooks. As Dr. Teller wrote, "its a boy". >No, the channel is better than that. The true keywords aren't even in the >message. Correct. The text-stego channel is *much* more subtle. In fact, it doesn't even require the recent perceptual-linguistic fnidnig, fascinating as it may be. Only some stego binary codes that are translated after recovery, so >one need not even be as obvious as "Pick up the 2 cases of beer at Simon's on >the way home." Srue, it's obvoius if you try to sutff too much itno one >cleratxet, but that would be a rookie mistake. Folks, you 1. compress 2. encrypt 3. stego, in that order. You probably use an ECC in between 2 & 3; this is vital if Mallory messes with your spelling [1]. You probably also add misspelling "chaff" just to make it harder for the adversary to undo the stego. (E.g., you're using a keyed PRNG to determine which words to misspell. So you misspell others too. You use your choice of misspellings to encode the cargo. Maybe have multiple misspellings map to 0 or 1.) Note that its harder to do this in Hebrew, since it has a higher bit:symbol ratio, thanks to vwl drppng. The notion of using "bmob" or "hroien" in a message to avoid keyword nets is just *comical*. (Note that ammo, beer, and weed cannot be stego'd this way :-) Note that these newfangled blog thingss are very good broadcasting (ie, traffic-analysis resistant) media, assuming you write something interesting enough to have a nontrivial audience. So, more traditionally, are posts to usenet or lists like this. [1] In wartime, censors *gisted* letters, tossing out your wordage. --- "One of these centuries, the brutes, private or public, who believe that they can rule their betters by force, will learn the lesson of what happens when brute force encounters mind and force." - Ragnar Danneskold, from Atlas Shrugged From mv at cdc.gov Mon Sep 22 22:00:37 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Mon, 22 Sep 2003 22:00:37 -0700 Subject: Ca passes car data recorder privacy law Message-ID: <3F6FD374.D52ECD76@cdc.gov> WASHINGTON, Sept. 22  California today adopted the nation's first law meant to protect the privacy of drivers whose cars are equipped with "black boxes," or data recorders that can be used to gather vital information on how a vehicle is being driven in the last seconds before a crash. Gov. Gray Davis signed the law, which takes effect on July 1, requiring carmakers to disclose the existence of such devices and forbidding access to the data without either a court order or the owner's permission, unless it is for a safety study in which the information cannot be traced back to the car. More than 25 million cars and trucks have the boxes that measure speed, air-bag deployment and the use of brakes, seat belts and turn signals. But California's privacy law is the first of its kind, says Thomas M. Kowalick, co-chairman of a committee convened by the Institute of Electrical and Electronics Engineers to set standards for the boxes. Most of the recorders are on General Motors vehicles, but Ford and others have deployed some. Other manufacturers have plans to do the same. http://www.nytimes.com/2003/09/23/politics/23CRAS.html?ex=1064894400&en=145314b44e6194ec&ei=5062&partner=GOOGLE From shaddack at ns.arachne.cz Mon Sep 22 15:39:32 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Tue, 23 Sep 2003 00:39:32 +0200 (CEST) Subject: Elngsih (was "") In-Reply-To: References: Message-ID: > Please write if you have questions, thoughts, comments, etc. Could be the l33t sp3ak next generation for the cases when the communication is monitored by automated tools for keywords. Could foil both alerting on keywords and keyword searching on intercepted and stored material (unless the keyword search would look also for all the possible permutations of the words). From ravage at einstein.ssz.com Tue Sep 23 08:06:51 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Tue, 23 Sep 2003 10:06:51 -0500 (CDT) Subject: The Register - Jury convicts DirecTV pirate on DMCA charges (fwd) Message-ID: http://www.theregister.co.uk/content/55/32977.html -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ravage at einstein.ssz.com Tue Sep 23 08:07:07 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Tue, 23 Sep 2003 10:07:07 -0500 (CDT) Subject: Guardian Unlimited | Special reports | Bush covers up climate research (fwd) Message-ID: http://www.guardian.co.uk/usa/story/0,12271,1046388,00.html -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ravage at einstein.ssz.com Tue Sep 23 08:45:12 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Tue, 23 Sep 2003 10:45:12 -0500 (CDT) Subject: Researchers develop a 'smart' payment card that can easily be programmed to restrict spending (fwd) Message-ID: http://www.eurekalert.org/pub_releases/2003-09/uop-rda092303.php -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ravage at einstein.ssz.com Tue Sep 23 11:28:45 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Tue, 23 Sep 2003 13:28:45 -0500 (CDT) Subject: Inferno: _Triangle of Death_ (fwd) Message-ID: ---------- Forwarded message ---------- Date: Tue, 23 Sep 2003 12:42:01 -0500 (CDT) Subject: Inferno: _Triangle of Death_ New book coming out about the Kennedy Assassination attempts to "present compelling evidence that President Kennedy was killed Nov. 22, 1963, as the result of a massive conspiracy between the CIA-installed government of South Vietnam, the French global heroin syndicate and the New Orleans Mafia." It apparently presents quite a bit of new information. http://worldnetdaily.com/news/article.asp?ARTICLE_ID=34742 From ravage at einstein.ssz.com Tue Sep 23 11:45:45 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Tue, 23 Sep 2003 13:45:45 -0500 (CDT) Subject: CNN.com - Anti-Bush protesters sue Secret Service - Sep. 23, 2003 (fwd) Message-ID: http://www.cnn.com/2003/LAW/09/23/protest.lawsuit.ap/index.html -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From jwashburn at whittmanhart.com Tue Sep 23 12:40:06 2003 From: jwashburn at whittmanhart.com (John Washburn) Date: Tue, 23 Sep 2003 14:40:06 -0500 Subject: Q on associative binary operation Message-ID: <9A1CCCE54805534C80F5BD0FC19D1E6B13052D@chi-exch02.ffhq.ffconsulting.net> The term is non-Abelian. You are deeply confusing the concept of operation and relationship. Normally this is not a problem. But, if you are going to use the terms associative and transitive, then you must keep the 2 concepts distinct. Group theory 101. First, relationships. A relationship ~ on the members {a,b,c} of a (possibly infinite) set S is: Reflexive: if a~a for all a in S Symmetric: if a~b, is true then b~a is true for all a and b in S Transitive: if a~b and b~c are true then a~c is true for all a,b,c in S An equivalence relationship is a relationship which is Reflexive, Symmetric and Transitive. You are denoting an equivalence relationship with the = symbol. Second, operations/operators. An operation (maps/combines/mixes) 1 or more elements of a (possibly infinite) set S to a single element of S. The most common types of operations are: Unitary: one element mapped to 1 element. E.g. the negation, conjugation or exponentiation operations. Binary: two elements mapped to 1 element. E.g. addition, multiplication, subtraction, division, convolution operators. More than 2: At this point the operator is generally called a mapping. A binary, operation, *, can have none, some or all of the following properties: Closure: For all a and b in S the a*b is also in S Associative: For all a, b, and c in S the (a*b)*c is equivalent to a*(b*c). Note the dependence on a relationship to define this property of an operator. Commutative: For all a and b in S, (a*b) is equivalent to (b*a). Note again, the dependence on a relationship to define this property of an operator. Groups require only 5 things: A set of at least one element. (The 1-element group is the trivial group) A single, binary operation which operates on the elements of the set. The binary operation is closed. The binary operation is associative. There exists at least one element, e, of the set (an identity element) for the operation such that for all a in S e*a=a*e=a. Where = is some equivalence relation); If the group, by some chance, has an operator which is also commutative, the group is Abelian. If the operation is not commutative, then the group is non-Abelian. Add an additional commutative, operation (and identity element) and the group becomes a ring. If the second operation happens to be invertible the ring, becomes a field. See: http://mathworld.wolfram.com/Group.html http://mathworld.wolfram.com/Ring.html http://mathworld.wolfram.com/FieldAxioms.html http://mathworld.wolfram.com/AbelianGroup.html for more details. -----Original Message----- From: Tyler Durden [mailto:camera_lumina at hotmail.com] Sent: Thursday, August 28, 2003 2:36 PM To: timcmay at got.net; cypherpunks at minder.net Subject: Re: Q on associative binary operation Yeah, kinda bizarre. There's also an ambiguity that prevents one from saying Q is associative. Is the table defined for both directions of *? In other words, is the table meant to imply values for both x*y (ie, left*top) as well as y*x (top*left)? For most objects x*y will not equal y*x (indeed, one may be undefined as in the case of matrix multiplication). Anyone remember the group theoretic term for these kinds of groups? -TD >From: Tim May >To: cypherpunks at lne.com >Subject: Re: Q on associative binary operation Date: Thu, 28 Aug 2003 >10:41:51 -0700 > >On Thursday, August 28, 2003, at 12:14 AM, Sarad AV wrote: > >>hi, >> >>Table shown is completed to define 'associative' >>binary operation * on S={a,b,c,d}. >> >>*|a|b|c|d >>--------- >>a|a|b|c|d >>--------- >>b|b|a|c|d >>--------- >>c|c|d|c|d >>--------- >>d|d|c|c|d >> >> >>The operation * is associative iff (a*b)*c=a*(b*c) for >>all a,b,c element of set S. >> >>So can (a*d)*d=a*(d*d)=d considered as associative >>over * for this case as per definition? >> > >This looks like a homework assignment for a class. > >If a, b, c, and d are all arbitrary symbols, most substitutions (such as a >= 2, b = 5, etc.) certainly will _not_ give (a*d)*d=a*(d*d)=d as a true >statement. Only special values of a and d will make that true. (For >example, a = 1 and d = 1 makes (1*1)*1=1*(1*1)=1. Other values may as well. >Finding them is up to you. > >Lastly, your English is again unclear. "So can (a*d)*d=a*(d*d)=d considered >as associative over * for this case as per definition?" isn't a proper >English sentence. > >Why do you keep posing these problems to the list? Are they homework >problems? Do you think the list is just too quiet and needs ill=phrased >puzzlers to keep it occupied? > >Did you ever do the coin flip experiment we suggested you do? > >Are you an AI which has failed the Turing Test and escaped? > > >--Tim May _________________________________________________________________ Enter for your chance to IM with Bon Jovi, Seal, Bow Wow, or Mary J Blige using MSN Messenger http://entertainment.msn.com/imastar From ravage at einstein.ssz.com Tue Sep 23 15:22:42 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Tue, 23 Sep 2003 17:22:42 -0500 (CDT) Subject: Slashdot | California Tries Spam Ban (fwd) Message-ID: http://yro.slashdot.org/yro/03/09/23/2035204.shtml?tid=103&tid=111&tid=126&tid=99 -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From rah at shipwright.com Tue Sep 23 18:50:09 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 23 Sep 2003 21:50:09 -0400 Subject: Fairmont State (West Virginia) offering computer security major Message-ID: Clarksburg Exponent Telegram Fairmont State offering computer security major by Jennifer Biller STAFF WRITER FAIRMONT -- For anyone who suffered through the recent Blaster Worm computer virus, it's obvious that computer security is a necessity. Fairmont State College is addressing this niche by offering a new major in computer security. The program is in response to increased computer virus attacks and security attacks on systems nationwide. Students can earn a bachelor of science in computer security by completing courses such as network security, cryptography (enciphering and deciphering messages in secret code), computer vulnerability assessment and legal and ethical issues. "Computer science is becoming more and more important, not just because of viruses but because of having to protect large computer networks from threats," said Alicia Kime, FSC associate professor of computer science. "Most schools are offering courses in this now," she said. "We're offering a major." The program is a joint effort of the college, the West Virginia High Technology Consortium Foundation and DSD Laboratories/Backbone Security.com. Donald Tobin, associate professor of computer science, is teaching the security courses. Tobin earned a bachelor of science degree from the University of Texas, a master of science degree from Boston University, and is completing a doctorate in computer science from the University of Idaho. "It's a program we hope to grow each year," Tobin said. "It's unique, and I came here to help create the program." Students will learn the intricacies of protecting commercial, state and federal information systems. More and more, even personal computers are in danger of viruses and security breaches, Tobin said. "People don't understand the risk they take just by being on the Internet," he said. "It's a large problem, and it's not going to get any better." Students will get the chance to complete internships out in the field before graduation, Tobin said. For more information on earning a degree in computer security, contact the college at (800) 641-5678. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From weinmann at cdc.informatik.tu-darmstadt.de Tue Sep 23 15:02:32 2003 From: weinmann at cdc.informatik.tu-darmstadt.de (Ralf-P. Weinmann) Date: Wed, 24 Sep 2003 00:02:32 +0200 Subject: Encrypted search? In-Reply-To: ; from camera_lumina@hotmail.com on Sun, Sep 21, 2003 at 06:45:21PM -0400 References: Message-ID: <20030924000232.B8003@cdc-ultra5.cdc.informatik.tu-darmstadt.de> On Sun, Sep 21, 2003 at 06:45:21PM -0400, Tyler Durden wrote: > Got a crypto question here. > > Let's say I push out a list I'd like to keep secret to some client machine. > The user of that machine must enter some ID or other piece of information. I > want the client machine to perform a search of that ID vs the contents of a > list (again, resident locally on that machine), but I don't want the user to > be able to see the other entries of that list. Have a look at "Searchable Public Key Encryption" by Boneh et al [1] and Song, Wagner and Perring's paper "Practical Techniques for Searches on Encrypted Data" [2]. Cheers, Ralf [1] D. Boneh, G. Di Crescenzo, R. Ostrovsky and G. Persiano, Searchable Public Key Encryption, IACR ePrint 2003/195 http://eprint.iacr.org/2003/195/ [2] D. Song, D. Wagner and A. Perrig, Practical Techniques for Searches on Encrypted Data, in Proc. of the 2000 IEEE symposium on Security and Privacy (S&P 2000). -- Ralf-P. Weinmann From jtrjtrjtr2001 at yahoo.com Wed Sep 24 06:30:39 2003 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Wed, 24 Sep 2003 06:30:39 -0700 (PDT) Subject: Drunken US Troops Kill Rare Tiger In-Reply-To: <5.2.0.9.0.20030923155842.053b6470@pop.ix.netcom.com> Message-ID: <20030924133039.34929.qmail@web21204.mail.yahoo.com> hi, You may then need to pass a bill that gives you the right to kick them out of office if they don't fullfill atleast 50% of what they promised in a given time frame. Sarath. --- John Kelsey wrote: > At 04:37 AM 9/22/03 -0700, you wrote: > >hi, > > > >Vote for some one who promises freedom,democracy > and > >development. Is that so hard? > > They all *promise* that. > > >Sarath. > > --John Kelsey, kelsey.j at ix.netcom.com > PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA > F259 > > __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com From pcw2 at flyzone.com Wed Sep 24 04:45:17 2003 From: pcw2 at flyzone.com (Peter Wayner) Date: Wed, 24 Sep 2003 07:45:17 -0400 Subject: Encrypted search? In-Reply-To: <002001c380e9$78d339f0$c71121c2@exchange.sharpuk.co.uk> References: <002001c380e9$78d339f0$c71121c2@exchange.sharpuk.co.uk> Message-ID: At 10:11 AM +0100 9/22/03, Dave Howe wrote: >Tyler Durden wrote: >> When the search is performed, the "stupid" thing to do (I >> think...someone correct me) is to take the user's ID, encrypt it, and >> then determine if matches an encypted member of the list (and I don't >> see encrypted each entry individually as a desirable thing). I am >> assuming that this allows a savvy user to reverse-engineer the >> encryption. >What you do is hash the ID, then compare it to the list of hashed entries, >using the ID as the key to decrypt the data associated with that entry >while that isn't subject to reverse engineering, the abuse it *is* open to >is random guessing of IDs (every "success" gives someone else's record, >with failures having no penalty) >Adding a password (and combining it with the ID to give your key) will >address some of that, but really you need to encrypt each entry >individually to prevent someone simply decompiling your code and obtaining >your full data list. > >> Another option is one I don't have the background at this stage to >> understand. Let's assume the entire list has been encrypted in one >> shot. Is there some function such that when this encrypted list is >> convolved with the user ID a "Yes" or "no" can be obtained >> (indicating presence or absence from the list)? >no. >if you trial encrypt the sample ID for comparison, you hand them the key >to the whole list. Yes, these are all good solutions. If you want a case study of how this might help a company like Amazon, go here: http://www.wayner.org/books/td/u1.php --------------------------------------- My new books: _Policing Online Games_ (http://www.wayner.org/books/pog/) _Java RAMBO Manifesto_ (http://www.wayner.org/books/rambo/) From ravage at einstein.ssz.com Wed Sep 24 07:42:05 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 24 Sep 2003 09:42:05 -0500 (CDT) Subject: CNN.com - MSN to close chat rooms - Sep. 24, 2003 (fwd) Message-ID: http://www.cnn.com/2003/TECH/internet/09/24/microsoft.chat/index.html -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ravage at einstein.ssz.com Wed Sep 24 07:42:37 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 24 Sep 2003 09:42:37 -0500 (CDT) Subject: CNN.com - Report: U.S. youth fail civics basics - Sep. 23, 2003 (fwd) Message-ID: http://www.cnn.com/2003/EDUCATION/09/23/civics.education.ap/index.html -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ravage at einstein.ssz.com Wed Sep 24 07:42:51 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 24 Sep 2003 09:42:51 -0500 (CDT) Subject: Slashdot | EU Parliament Approves Software Patents (fwd) Message-ID: http://yro.slashdot.org/yro/03/09/24/1253227.shtml?tid=155&tid=185&tid=99 -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ravage at einstein.ssz.com Wed Sep 24 07:46:35 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 24 Sep 2003 09:46:35 -0500 (CDT) Subject: Diebold takes down blackboxvoting.org (fwd) Message-ID: Who said there were significant differences in corporations and governments...Oh yeah, CACL did....I guess they were wrong...again. http://www.theinquirer.net/?article=11743 -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From camera_lumina at hotmail.com Wed Sep 24 07:06:10 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 24 Sep 2003 10:06:10 -0400 Subject: Drunken US Troops Kill Rare Tiger Message-ID: Don't forget that in ancient greece the populace could vote any leader into exile. My brother believes we should be able to vote any publically elected official directly into jail, no questions asked. -TD >From: Sarad AV >To: cypherpunks at lne.com >Subject: Re: Drunken US Troops Kill Rare Tiger >Date: Wed, 24 Sep 2003 06:30:39 -0700 (PDT) > >hi, > >You may then need to pass a bill that gives you the >right to kick them out of office if they don't >fullfill atleast 50% of what they promised in a given >time frame. > > >Sarath. > > >--- John Kelsey wrote: > > At 04:37 AM 9/22/03 -0700, you wrote: > > >hi, > > > > > >Vote for some one who promises freedom,democracy > > and > > >development. Is that so hard? > > > > They all *promise* that. > > > > >Sarath. > > > > --John Kelsey, kelsey.j at ix.netcom.com > > PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA > > F259 > > > > > > >__________________________________ >Do you Yahoo!? >Yahoo! SiteBuilder - Free, easy-to-use web site design software >http://sitebuilder.yahoo.com _________________________________________________________________ Frustrated with dial-up? Get high-speed for as low as $29.95/month (depending on the local service providers in your area). https://broadband.msn.com From sunder at sunder.net Wed Sep 24 08:23:47 2003 From: sunder at sunder.net (Sunder) Date: Wed, 24 Sep 2003 11:23:47 -0400 (edt) Subject: Drunken US Troops Kill Rare Tiger In-Reply-To: <20030924133039.34929.qmail@web21204.mail.yahoo.com> Message-ID: And just how are you going to get the kongress-kritters to pass a bill that would allow the public to push them and other poly-ticks out of office if they don't perform? That's like asking them to pass a bill that would limit them from getting raises, soft money, etc... ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Wed, 24 Sep 2003, Sarad AV wrote: > hi, > > You may then need to pass a bill that gives you the > right to kick them out of office if they don't > fullfill atleast 50% of what they promised in a given > time frame. From declan at well.com Wed Sep 24 09:57:09 2003 From: declan at well.com (Declan McCullagh) Date: Wed, 24 Sep 2003 11:57:09 -0500 Subject: Drunken US Troops Kill Rare Tiger In-Reply-To: ; from sunder@sunder.net on Wed, Sep 24, 2003 at 11:23:47AM -0400 References: <20030924133039.34929.qmail@web21204.mail.yahoo.com> Message-ID: <20030924115709.B23298@baltwash.com> On Wed, Sep 24, 2003 at 11:23:47AM -0400, Sunder wrote: > And just how are you going to get the kongress-kritters to pass a bill > that would allow the public to push them and other poly-ticks out of > office if they don't perform? That's like asking them to pass a bill that > would limit them from getting raises, soft money, etc... Or restrict political spam. Fat chance. -Declan From sunder at sunder.net Wed Sep 24 08:59:17 2003 From: sunder at sunder.net (Sunder) Date: Wed, 24 Sep 2003 11:59:17 -0400 (edt) Subject: Drunken US Troops Kill Rare Tiger In-Reply-To: Message-ID: Bread and Circuses? :) ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Wed, 24 Sep 2003, Tyler Durden wrote: > Don't forget that in ancient greece the populace could vote any leader into > exile. > My brother believes we should be able to vote any publically elected > official directly into jail, no questions asked. From adam.lydick at verizon.net Wed Sep 24 13:33:52 2003 From: adam.lydick at verizon.net (Adam Lydick) Date: Wed, 24 Sep 2003 13:33:52 -0700 Subject: Elngsih (was "") In-Reply-To: References: Message-ID: <1064435632.641.18.camel@elessar> Interesting idea, but it seems like that would be easy enough to foil. Why not just put the "inner" characters in a canonical order when scanning? (searching via google or another strict keyword-based search engine is another matter) Then you can cheaply match on a single form regardless of how they have permuted the word. I think the existing techniques that I've seen on the binaries channels on usenet and some of the spam I've been getting lately are already more effective. They just inject noise characters and use creative phonetic spellings. Maybe reducing the "words" to an improved soundex-like hash would be a more effective technique for dealing with this issue. Anyone know of any work in this area? (spell-checker research would probably yield the most results) Adam Lydick On Mon, 2003-09-22 at 15:39, Thomas Shaddack wrote: > Could be the l33t sp3ak next generation for the cases when the > communication is monitored by automated tools for keywords. Could foil > both alerting on keywords and keyword searching on intercepted and stored > material (unless the keyword search would look also for all the possible > permutations of the words). From ravage at einstein.ssz.com Wed Sep 24 11:52:07 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 24 Sep 2003 13:52:07 -0500 (CDT) Subject: U.S. court blocks anti-telemarketing list - Sep. 24, 2003 (fwd) Message-ID: http://money.cnn.com/2003/09/24/technology/ftc_donotcall/index.htm?cnn=yes -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ravage at einstein.ssz.com Wed Sep 24 11:52:36 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 24 Sep 2003 13:52:36 -0500 (CDT) Subject: The Register - European Parliament castrates software patent regs (fwd) Message-ID: http://www.theregister.co.uk/content/4/33016.html -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From rah at shipwright.com Wed Sep 24 11:48:19 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 24 Sep 2003 14:48:19 -0400 Subject: DC Security Geeks Talk: Analysis of an Electronic Voting System Message-ID: Cryptonomicon.Net - DC Security Geeks Talk on September 24th Date: Wednesday, September 24 @ 08:10:00 EDT Topic: Events / Special Interest Groups Talk: Analysis of an Electronic Voting System Speaker: Tadayoshi Kohno (JHU and UCSD) Date: Wed, Sept. 24 @ 7:30PM Location: Virginia Tech Falls Church Campus Abstract: Recent election problems have sparked great interest in managing the election process through the use of electronic voting systems. While computer scientists, for the most part, have been warning of the perils of such action, vendors have forged ahead with their products, claiming increased security and reliability. Many municipalities have adopted electronic systems, and the number of deployed systems is rising. For these new computerized voting systems, neither source code nor the results of any third-party certification analyses have been available for the general population to study, because vendors claim that secrecy is a necessary requirement to keep their systems secure. Recently, however, the source code purporting to be the software for a voting system from a major manufacturer appeared on the Internet. This manufacturer's systems were used in Georgia's state-wide elections in 2002, and the company just announced that the state of Maryland awarded them an! order valued at up to $55.6 million to deliver touch screen voting systems. This unique opportunity for independent scientific analysis of voting system source code demonstrates the fallacy of the closed-source argument for such a critical system. Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts. We highlight several issues including unauthorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats, and poor software development processes. For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal. Furthermore, we show that even the most serious of our outsider attacks could have been discovered without the source code. In the face of such attacks, the usual worries about insider threats are not the only concerns; outsiders can do the damage. That said, we demonstrate that the insider threat is also quite considerable. We conclude that, as a socie! ty, we must carefully consider the risks inherent in electronic voting, as it places our very democracy at risk. This was joint work with Adam Stubblefield, Avi Rubin, and Dan Wallach. Bio: Tadayoshi (Yoshi) Kohno is a doctoral student at the University of California at San Diego Cryptography and Security Laboratory. He is also affiliated with the Johns Hopkins University Information Security Institute. Prior to entering graduate school, Yoshi worked as a cryptography and computer security consultant with Counterpane Systems (now Counterpane Internet Security) and with Cigital. This article comes from Cryptonomicon.Net http://www.cryptonomicon.net/ The URL for this story is: http://www.cryptonomicon.net//modules.php?name=News&file=article&sid=463 -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From ravage at einstein.ssz.com Wed Sep 24 15:37:13 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 24 Sep 2003 17:37:13 -0500 (CDT) Subject: Drunken US Troops Kill Rare Tiger In-Reply-To: <20030924115709.B23298@baltwash.com> Message-ID: On Wed, 24 Sep 2003, Declan McCullagh wrote: > On Wed, Sep 24, 2003 at 11:23:47AM -0400, Sunder wrote: > > And just how are you going to get the kongress-kritters to pass a bill > > that would allow the public to push them and other poly-ticks out of > > office if they don't perform? That's like asking them to pass a bill that > > would limit them from getting raises, soft money, etc... The process is easy, built right into the Constitution. Get 3/4 of the states to pass an amendment and wallah, you got what you want and the feds can't do anything about it. -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From mupeb at book-wyrm.com Wed Sep 24 16:46:19 2003 From: mupeb at book-wyrm.com (Sonia Fuentes) Date: Wed, 24 Sep 2003 18:46:19 -0500 Subject: Attention ! buy ACGU.PK ! Message-ID: <01c382f6$0d430e90$c3337f47@mupeb> Rumor News: Tuesday Sept 25, 2007. Asset Capital Group. Inc. (ACGU.PK) said to have focus upon locating and investing in small, profitable enterprises with promising growth potential. The Company intends to invest in companies in a wide range of categories, including manufacturing, environmental clean-up, financial services and other areas. Sym: ACGU.PK Current Price: $1.15 Short Term: $2 Recommendation: Agressive Buy/Hold Don't wait for the news to come out and lose the opportunity to get in front of the general investing public. Asset Capital Group is in a multibillion dollar industry where they are gaining market share rapidly. Expect quick flip of up to 300% if bought now! Contact your broker on Tuesday Sept 25 for ACGU.PK From mv at cdc.gov Thu Sep 25 09:46:13 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 25 Sep 2003 09:46:13 -0700 Subject: DC Security Geeks Talk: Analysis of an Electronic Voting System Message-ID: <3F731BD5.320DA9D6@cdc.gov> At 02:48 PM 9/24/03 -0400, R. A. Hettinga wrote: > > >Cryptonomicon.Net - > >Talk: Analysis of an Electronic Voting System Someone needs to inject a story about e-voting fraud into the popular imagination. Is Tom Clancy available? Maybe an anonymous, detailed, plausible, (but secretly fictional) blog describing how someone did this in their podunk county... then "leak" this to a news reporter.. Failure to be *able* to assure that this *didn't* happen in that podunk county would make an important point. ---- "On two occasions, I have been asked [by members of Parliament], 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able to rightly apprehend the kind of confusion of ideas that could provoke such a question." -- Charles Babbage --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From pgut001 at cs.auckland.ac.nz Wed Sep 24 14:58:33 2003 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Thu, 25 Sep 2003 09:58:33 +1200 Subject: End of the line for Ireland's dotcom star Message-ID: <200309242158.h8OLwXl14159@cs.auckland.ac.nz> Anonymous via the Cypherpunks Tonga Remailer writes: >Why is it that none of those 100-odd companies with keys in the browsers are >doing anything with them? Verisign has such a central role in the >infrastructure, but any one of those other companies could compete. Why isn't >anyone undercutting Verisign's prices? Look what happened with Thawte when it >adopted this strategy: Mark Shuttleworth got to visit Mir! Maybe that was a >one shot deal, but clearly these keys are not being utilized up to their >economic potential. > >Is there some behind the scenes coercion? Contractual limitations? Will >Microsoft pull the keys if someone tries to compete with Verisign? What's the >deal? No-one ever got fired for buying Verisign. Unfortunately in order to understand that buying your certs from anything but the cheapest CA present is a waste of money, you need a certain amount of understanding of how PKI (or at least certificate manufacturing, as currently practiced) works. Verisign have invested an enormous amount of time and money into communicating the message that it ain't secure if it doesn't say Verisign, and that's been very effective. I have, very occasionally, run into people who've told me how they managed to locate a CA that sold them their certs for $29.95/year instead of $495/year, but this is very much the exception to the rule. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From ravage at einstein.ssz.com Thu Sep 25 08:10:01 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 25 Sep 2003 10:10:01 -0500 (CDT) Subject: Yahoo! News - Panel to Close Pentagon Terror-Spy Office (fwd) Message-ID: http://news.yahoo.com/news?tmpl=story2&cid=542&u=/ap/20030925/ap_on_go_ca_st_pe/pentagon_spying_1&printer=1 -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From timcmay at got.net Thu Sep 25 11:29:19 2003 From: timcmay at got.net (Tim May) Date: Thu, 25 Sep 2003 11:29:19 -0700 Subject: Inferno: Akila Al-Hashimi assassinated (fwd) In-Reply-To: Message-ID: <2D63A050-EF86-11D7-87EC-000A956B4C74@got.net> On Thursday, September 25, 2003, at 10:56 AM, Trei, Peter wrote: >> Jim Choate[SMTP:ravage at einstein.ssz.com] wrote: >> >> ---------- Forwarded message ---------- >> Date: Thu, 25 Sep 2003 11:06:45 -0500 (CDT) >> Subject: Inferno: Akila Al-Hashimi assassinated >> >> A representative on the US appointed Governing Council in Iraq has >> died of >> wounds from an assassination attempt this past Saturday. She was one >> of >> three women representatives on the 25-member council. Strangely >> enough, >> we are only hearing word of this assassination attempt today in the >> West; >> now that she has in fact died it is newsworthy, I suppose? Or perhaps >> just inconcealable. >> >> > I don't have much trust in the US media, but this is nonsense. The > assasination attempt was covered by the NYT among others. I heard about > it on the radio at the weekend, and it was on Yahoo News. > > Peter Trei > > --------------------------- > http://www.nytimes.com/2003/09/21/international/middleeast/21IRAQ.html > > BAGHDAD, Iraq, Sept. 20 - In the first attempt to assassinate a > member of Iraq's interim government, nine gunmen this morning > shot and critically wounded Akila al-Hashemi, one of three women > on the governing body, as she was being driven to work by a driver > and three bodyguards. > Her shooting was widely reported when it happened a few days ago, on CNN, leading newspapers, and presumably on other networks. One of her bodyguards was killed, and her brother was either injured or killed, I don't recall. Lots of footage of her planning to be the first useful idiot, er, politician, to serve in both the U.S.-funded Saddam regime and the U.S.-funded post-Saddam regime. Perhaps these networks and newspapers are not carried on Choate Prime, the parallel world that is strangely different from our own. --Tim May From ravage at einstein.ssz.com Thu Sep 25 10:07:19 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 25 Sep 2003 12:07:19 -0500 (CDT) Subject: Inferno: Neal Stephenson's _Quicksilver_ follow-up (fwd) Message-ID: ---------- Forwarded message ---------- Date: Thu, 25 Sep 2003 00:01:03 -0500 (CDT) Subject: Inferno: Neal Stephenson's _Quicksilver_ follow-up I didn't notice this when I was looking at the site this afternoon, but: Stephenson will be @ Book People here in Austin: Wednesday, October 01, 2003 07:00 PM Neal Stephenson, will be promoting Quicksilver Appears on/at: BOOKPEOPLE/Speaking/Signing 603 North Lamar, Austin, TX 78703 Tel: 512-472-4288 and the site has a chapter excerpt: http://www.harpercollins.com/catalog/excerpt_xml.asp?isbn=0380977427 and details on several of his past works: http://www.harpercollins.com/catalog/book_search.asp?a=authorid&b=18676 From ravage at einstein.ssz.com Thu Sep 25 10:07:53 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 25 Sep 2003 12:07:53 -0500 (CDT) Subject: Inferno: Akila Al-Hashimi assassinated (fwd) Message-ID: ---------- Forwarded message ---------- Date: Thu, 25 Sep 2003 11:06:45 -0500 (CDT) Subject: Inferno: Akila Al-Hashimi assassinated A representative on the US appointed Governing Council in Iraq has died of wounds from an assassination attempt this past Saturday. She was one of three women representatives on the 25-member council. Strangely enough, we are only hearing word of this assassination attempt today in the West; now that she has in fact died it is newsworthy, I suppose? Or perhaps just inconcealable. Riverbend briefly discusses the attempt in her Sunday September 21st blog entry: http://riverbendblog.blogspot.com/ Here is a sampling of western coverage: http://www.theage.com.au/articles/2003/09/25/1064083125418.html http://www.theaustralian.news.com.au/common/story_page/0,5744,7376906%255E2703,00.html http://www.cnn.com/2003/WORLD/meast/09/25/sprj.irq.main/index.html From ravage at einstein.ssz.com Thu Sep 25 10:53:59 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 25 Sep 2003 12:53:59 -0500 (CDT) Subject: CNN.com - House votes for do-not-call registry - Sep. 25, 2003 (fwd) Message-ID: "50 million Americans can't be wrong." Let's see, there are 300M Americans...this is a logical flaw, an appeal to the majority when in fact it isn't even a majority. http://www.cnn.com/2003/ALLPOLITICS/09/25/congress.no.call/index.html Now let me make this clear I support the do-not-call list, in fact I believe it should be the defacto and people should have to sign up to be called, not the other way around. Such an approach would resolve the 'unsolicted' issues as well. As usual we have the cart in front of the horse. -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ravage at einstein.ssz.com Thu Sep 25 11:08:42 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 25 Sep 2003 13:08:42 -0500 (CDT) Subject: Inferno: Akila Al-Hashimi assassinated (fwd) In-Reply-To: Message-ID: On Thu, 25 Sep 2003, Trei, Peter wrote: > I don't have much trust in the US media, but this is nonsense. The > assasination attempt was covered by the NYT among others. I heard about > it on the radio at the weekend, and it was on Yahoo News. Thanks, I fed it back upstream. -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ravage at einstein.ssz.com Thu Sep 25 11:25:59 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 25 Sep 2003 13:25:59 -0500 (CDT) Subject: CNN.com - House votes for do-not-call registry - Sep. 25, 2003 (fwd) In-Reply-To: <005a01c38390$fe9d5940$e75f1b09@warehouse> Message-ID: On Thu, 25 Sep 2003, Pete Capelli wrote: > You are assuming that each phone number represents only one person, which in > most cases is incorrect. No I am not, the fine senator is. Get your facts straight, like who actually says what. -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From ptrei at rsasecurity.com Thu Sep 25 10:56:46 2003 From: ptrei at rsasecurity.com (Trei, Peter) Date: Thu, 25 Sep 2003 13:56:46 -0400 Subject: Inferno: Akila Al-Hashimi assassinated (fwd) Message-ID: > Jim Choate[SMTP:ravage at einstein.ssz.com] wrote: > > ---------- Forwarded message ---------- > Date: Thu, 25 Sep 2003 11:06:45 -0500 (CDT) > Subject: Inferno: Akila Al-Hashimi assassinated > > A representative on the US appointed Governing Council in Iraq has died of > wounds from an assassination attempt this past Saturday. She was one of > three women representatives on the 25-member council. Strangely enough, > we are only hearing word of this assassination attempt today in the West; > now that she has in fact died it is newsworthy, I suppose? Or perhaps > just inconcealable. > > I don't have much trust in the US media, but this is nonsense. The assasination attempt was covered by the NYT among others. I heard about it on the radio at the weekend, and it was on Yahoo News. Peter Trei --------------------------- http://www.nytimes.com/2003/09/21/international/middleeast/21IRAQ.html BAGHDAD, Iraq, Sept. 20 - In the first attempt to assassinate a member of Iraq's interim government, nine gunmen this morning shot and critically wounded Akila al-Hashemi, one of three women on the governing body, as she was being driven to work by a driver and three bodyguards. [...] From pcapelli at capelli.org Thu Sep 25 11:15:04 2003 From: pcapelli at capelli.org (Pete Capelli) Date: Thu, 25 Sep 2003 14:15:04 -0400 Subject: CNN.com - House votes for do-not-call registry - Sep. 25, 2003 (fwd) References: Message-ID: <005a01c38390$fe9d5940$e75f1b09@warehouse> You are assuming that each phone number represents only one person, which in most cases is incorrect. ----- Original Message ----- From: "Jim Choate" To: Cc: Sent: Thursday, September 25, 2003 1:53 PM Subject: CNN.com - House votes for do-not-call registry - Sep. 25, 2003 (fwd) > "50 million Americans can't be wrong." Let's see, there are 300M > Americans...this is a logical flaw, an appeal to the majority when in fact > it isn't even a majority. > > http://www.cnn.com/2003/ALLPOLITICS/09/25/congress.no.call/index.html From roy at rant-central.com Thu Sep 25 14:58:34 2003 From: roy at rant-central.com (Roy M. Silvernail) Date: Thu, 25 Sep 2003 17:58:34 -0400 Subject: DC Security Geeks Talk: Analysis of an Electronic Voting System In-Reply-To: <3F731BD5.320DA9D6@cdc.gov> References: <3F731BD5.320DA9D6@cdc.gov> Message-ID: <200309251758.34360.roy@rant-central.com> On Thursday 25 September 2003 12:46, Major Variola (ret) wrote: > Someone needs to inject a story about e-voting fraud into the popular > imagination. > Is Tom Clancy available? Maybe an anonymous, detailed, plausible, (but > secretly fictional) > blog describing how someone did this in their podunk county... then > "leak" this to a news reporter.. Think http://aflightrisk.com/. Take advantage of a blog's temporal immediacy and pick an election somewhere. Then chronicle the "fraud" as it progresses. > Failure to be *able* to assure that this *didn't* happen in that podunk > county would make an important point. I believe you are correct. From error at lostinthenoise.net Thu Sep 25 09:16:54 2003 From: error at lostinthenoise.net (error) Date: 25 Sep 2003 18:16:54 +0200 Subject: CIPE tunnels Message-ID: <1064506613.424.122.camel@eris> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For those of you interested in CIPE tunnels: http://www.securityfocus.com/archive/1/339035/2003-09-22/2003-09-28/0 It's a disaster so far. - -- error -----BEGIN PGP SIGNATURE----- iD8DBQE/cxTfKvrsP0edi7gRAuoJAKC4SG6evZgkXwyMR9x0ks9591KVkwCeONaZ 6jpC6P7cZaXxys3V3scwO0Y= =D3KF -----END PGP SIGNATURE----- From nobody at mail.futureworlds.it Thu Sep 25 15:47:38 2003 From: nobody at mail.futureworlds.it (futureworlds) Date: Fri, 26 Sep 2003 00:47:38 +0200 (CEST) Subject: Critique of CyberInsecurity report Message-ID: <272c589c936931da10912b11eaeaef3f@mail.futureworlds.it> The CyberInsecurity essay is available at http://www.ccianet.org/papers/cyberinsecurity.pdf. A few comments: Overall, this is a terrible analysis with a misguided solution which, if adopted, would only make things worse. It is shocking to see the well known figures who have allowed their names to be attached to this document. Apparently hatred of Microsoft runs so deep that people are unable to think critically when presented with an analysis that attacks the company. We saw the same thing with the absurd lies and exaggerations about Palladium last year. > The threats to international security posed by Windows are significant, > and must be addressed quickly. We discuss here in turn the problem in > principle, Microsoft and its actions in relation to those principles, and > the social and economic implications for risk management and policy. The > points to be made are enumerated at the outset of each section, and > then discussed. Let's look at these three portions. The "problem in principle", according to the report, is the existence of a monoculture, which should be addressed by diversification. There are nonsense figures in here that claim to quantify the "power" of the net, using absurd, handwavey formulations like Metcalfe's Law or Reed's Law. (Reed's so-called Law is a joke, predicting that the Internet will be 228 quadrillion times more "powerful" in 10 years if the number of systems increases 50% per year!) This is not logic, this is not reason, it is just rhetoric. But the fundamental problem with the analysis here, which is what makes the report's recommendation so misguided, is that claim that diversification will somehow solve the problem. In fact, diversification will make it worse, as a moment's thought should make clear. Let's suppose that the government stepped in, and the kind, wise government bureaucrats we all know and love so well decided to aid disadvantaged operating systems. This affirmative action program is so effective that after many years, Microsoft has only a third of the market; Macs have another third; and Linux has most of the remaining third. Wow, the problem is solved, right? Wrong. With the number of systems on the net growing rapidly, any realistic extrapolation leaves the number of Windows systems as being even larger than today. Hence we face at least as much exposure as at present, which the evidence has shown is more than enough to cause tremendous economic damage. And in fact, it is worse, because any flaws in the Mac or Linux OSs will now be just as dangerous as for Windows! What we will face is a situation where the *weakest* of the widely used OS's will determine the risk factor for the system as a whole. This is not the kind of redundancy which reduces risk. There is no effective way that the presence of other architectures is going to prevent a virus or worm from being able to spread just as rapidly as today. That error is the most fundamental in the report, but let's turn to their analysis of Microsoft's dominance, where again they have utterly missed the obvious truth. The report claims that the reason for Microsoft's dominance in OS is due to what it calls application lock-in, which is a nasty way of saying that people prefer Windows because they want to use applications that are only available on that architecture. This part is obviously true. But the report tries to link this to the claim that this is all due to Microsoft's strategy to tightly integrate applications and the operating system, which is absurd. In the first place, many of the most popular applications which drive people to choose Windows aren't even from Microsoft. Games, business software, web utilities, there are thousands of popular programs which are only available on the Windows architecture. These programs aren't built into the OS, but instead the companies making this software have chosen Windows because it is popular, has good development tools, and in the early days was easier to write for (remember that up until a few years ago, the Mac lacked preemptive multitasking, and Linux wasn't even a blip on the radar). In the second place, Microsoft does in fact make some of its most popular applications available on the Mac. Office and its predecessors, and IE have been available for many years on that platform. These apps are not locked to the OS as the report claims. And in the third place, the real reason why Microsoft preferentially supports Windows is not due to technical integration with the OS, but for the obvious economic reason that the Windows OS is made by the same company as Windows apps, so it makes sense for the latter to support the former. This fact is so utterly obvious that it is astonishing that the report manages to miss it. > The natural strategy for a monopoly is user-level lock-in and Microsoft > has adopted this strategy. Even if convenience and automaticity for the > low-skill/no-skill user were formally evaluated to be a praiseworthy > social benefit, there is no denying the latent costs of that social > benefit: lock-in, complexity, and inherent risk. Here the report manages to touch upon a particularly important point, but as usual to miss its significance. The point is that Microsoft's security vulnerabilities are due to the fact that it is making its software easy to use. But that is one of the main reasons it is so successful! Believe it or not, people like software that is usable and has features they need. Doing so is difficult and makes software more complex. By adopting this strategy, Microsoft has inevitably acquired security vulnerabilities over the years. What the report misses, then, is that any other OS or company which adopts the same strategy is going to face the same problem. But companies are going to be forced to make their software easier to use and more complex in order to compete with Microsoft, even if the report's recommendations were adopted. This is going to add to the problem noted above, that the other OS's are going to have security vulnerabilities as well, once they are widely used. What the authors appear to really want is to somehow change software development methodology so that security takes precedence over features. As a security professional who has worked for many years on consumer products, I am well aware of the tension that exists within corporations between these two competing goals. It is perhaps understandable that others in our field are trying to win this argument by government fiat. The authors are in effect saying that they know better than the end users what is important; that if customers prefer that their word processors are functional, their wishes would be overridden in order to make the programs more secure. Even if we accept this argument (the morality of which is highly questionable), forcing Microsoft to port Office to Linux isn't going to do a single thing to accomplish it! As noted above, the only effect is going to be more pressure on the newly enfranchised OS's to become more like Microsoft in order to compete, that is, to add features and complexity. Ultimately, those are the preferences of the people buying the computers, and no amount of pontificating by the authors of this report is going to change those economic incentives. Turning to the third section of the report, the authors contradict themselves by claiming that Microsoft will not change its habits, while at the end of the second section they just listed several important changes. Microsoft's trustworthy computing initiative, its introduction of delays in product release in order to address security goals, and its work towards a secure computing base are all changes that indicate that Microsoft is taking a much more serious attitude towards security. But rather than give the company a chance to see what it can do in terms of making its products more secure, the report proposes to force Microsoft to reorient its development efforts towards making Mac and Linux versions of all its software, as if that will solve anything: > Microsoft should be required to support a long list of applications > (Microsoft Office, Internet Explorer, plus their server applications and > development tools) on a long list of platforms. Microsoft should either > be forbidden to release Office for any one platform, like Windows, > until it releases Linux and Mac OS X versions of the same tools that > are widely considered to have feature parity, compatibility, and so forth. The arrogance of this proposal is beyond belief. One of the most successful companies in the world, one which even the report admits has specialized in making software easy to use and meeting the needs and requirements of end users, is expected to reorient its development efforts and port its massive software base to a "long list" of platforms. No consideration is given to the costs of this government-imposed mandate. No concern is expressed about the impact on end users who have come to appreciate Microsoft's increasingly functional applications. Ironically, no one even seems to realize that resources spent doing these ports may well detract from Microsoft's current efforts to refocus on security improvements! Forcing the company to change direction like this is likely to weaken security, not improve it. The lack of any strong evidence that these drastic measures will improve the security of the net as a whole demonstrates that this is an ideological report rather than a technical one. Hand-waving about diversification does not answer the point. Realistically, even if the net does become more diversified (which will probably happen, gradually and naturally, without Draconian government regulation), we are still going to have a relatively limited number of architectures that are popular. That's just the way markets work; there is only a limited amount of public attention to go around, and in most markets there are only a few companies which claim the majority of the market share. The result is that we will have a system where, as pointed out above, not one but several architectures are each widespread enough to bring the net to its knees when an exploit is discovered. This network will only be as strong as its weakest link. Diversity, in this context, is a risk factor, not a risk mediator. In summary, this report is misguided and mistaken on so many levels that it is astonishing that such well respected figures were willing to put their names to it. The analysis is flawed or missing. The recommendations are harsh, extreme and premature. And ultimately their proposals will only serve to make the problem worse, not better. From ravage at einstein.ssz.com Fri Sep 26 02:15:10 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Fri, 26 Sep 2003 04:15:10 -0500 (CDT) Subject: Slashdot | Author of Paper Critical of Microsoft is Fired (fwd) Message-ID: http://slashdot.org/articles/03/09/26/029252.shtml?tid=109&tid=126&tid=172&tid=187 -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From kluss at ziplip.com Fri Sep 26 05:12:01 2003 From: kluss at ziplip.com (kluss at ziplip.com) Date: Fri, 26 Sep 2003 05:12:01 -0700 (PDT) Subject: unsubscripe list Message-ID: From kluss at ziplip.com Fri Sep 26 05:13:06 2003 From: kluss at ziplip.com (kluss at ziplip.com) Date: Fri, 26 Sep 2003 05:13:06 -0700 (PDT) Subject: No Subject Message-ID: unsubscribe list From ravage at einstein.ssz.com Fri Sep 26 03:21:57 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Fri, 26 Sep 2003 05:21:57 -0500 (CDT) Subject: CNN.com - French card deck names 'most dangerous' U.S. leaders - Sep. 26, 2003 (fwd) Message-ID: http://www.cnn.com/2003/WORLD/europe/09/25/france.us.carddeck.ap/index.html -- -- God exists because mathematics is consistent, and the Devil exist because we can't prove it. Andre Weil, in H. Eves, Mathematical Circles Adieu ravage at ssz.com jchoate at open-forge.com www.ssz.com www.open-forge.com From shaddack at ns.arachne.cz Thu Sep 25 22:11:46 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Fri, 26 Sep 2003 07:11:46 +0200 (CEST) Subject: CIPE tunnels In-Reply-To: <1064506613.424.122.camel@eris> References: <1064506613.424.122.camel@eris> Message-ID: > It's a disaster so far. A good-looking alternative (if we can't or don't want to use IPsec) is OpenVPN, . Uses UDP for tunneling, so should be able to cope even when the ISP firewalls IPsec packets (eg, if VPN is against their TOS for residential accounts). From ereed at novell.com Fri Sep 26 06:42:22 2003 From: ereed at novell.com (Ed Reed) Date: Fri, 26 Sep 2003 07:42:22 -0600 Subject: DC Security Geeks Talk: Analysis of an Electronic Voting System Message-ID: Grisham might be better - it's the legal wrangling that would tie up people's imagination, more than the technical. >>> "Major Variola (ret)" 9/25/2003 12:46:13 PM >>> At 02:48 PM 9/24/03 -0400, R. A. Hettinga wrote: > > >Cryptonomicon.Net - > >Talk: Analysis of an Electronic Voting System Someone needs to inject a story about e-voting fraud into the popular imagination. Is Tom Clancy available? Maybe an anonymous, detailed, plausible, (but secretly fictional) blog describing how someone did this in their podunk county... then "leak" this to a news reporter.. Failure to be *able* to assure that this *didn't* happen in that podunk county would make an important point. ---- "On two occasions, I have been asked [by members of Parliament], 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able to rightly apprehend the kind of confusion of ideas that could provoke such a question." -- Charles Babbage --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From adam at cypherspace.org Fri Sep 26 12:47:51 2003 From: adam at cypherspace.org (Adam Back) Date: Fri, 26 Sep 2003 12:47:51 -0700 Subject: free hosting for cpunkly projects... Message-ID: <20030926194751.GA22396@dual.cypherspace.org> remops and cpunks: http://www.1and1.com are offering: 512 MB disk space ssh and ftp access pop, mail etc. 5GB/month free bandwidth cgi/php/mysql free for 3 years as an advertising ploy to get into small business / personal web posting. They use a computerized phone call back to prevent people being silly and registering thousands of accounts, so you have to give them your phone#. (And that works for US and Canadian numbers only). But they don't require a credit card (unless you start buying extras). btw They also have the cheapest domain registration I've seen so far at $6/year. You also don't have to transfer your domain to them in order to host there, you can just point your existing domain's DNS to them, and they also will optionally keep your existing MX in their DNS so your mail is handled however it was before. Well just thought remops and cpunks might find some interesting uses or it would be a bonus to people working on crypto / remailer coding, or internet service type stuff to have some serious hosting to work with or do dev work in. (They have gcc, pgp, ssh etc installed). They seem quite serious hosting-wise and I got a 12 hr turn around on a fix for a system /etc/csh.cshrc bug that was preventing me changing my shell to tcsh which is pretty impressive. (Most hosting shops wouldn't bother answering or would fob you off, or your query would not get anywhere near someone clue-full enough to understand never mind tweak and fix the minor problem). Their bandwidth is supposed to be pretty good too as they have 12Gbits connectivity. Claim to have been in business for 11 years. 3 years free seems pretty generous (most free offers are a few months or 1 year tops). The offer is available only until 31st Dec this year. >From what I could see from the two I did (one for someone else) based on serial number on account it looks like they might be signing up around 1000 accounts per day. So I could imagine they might pull the offer also if they got too much take up! Have phun. Adam From rah at shipwright.com Fri Sep 26 09:53:10 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 26 Sep 2003 12:53:10 -0400 Subject: Dan Geer Fired (was re: Technology Firm With Ties to Microsoft Fires Executive Over Criticism) Message-ID: Sep 25, 2003 Technology Firm With Ties to Microsoft Fires Executive Over Criticism By Ted Bridis The Associated Press WASHINGTON (AP) - The chief technology officer for a technology firm that works closely with Microsoft Corp. lost his job after he helped write a study critical of the insecurity of Microsoft software. Daniel E. Geer Jr., an expert with nearly three decades studying technology and computer security, learned Thursday he was no longer employed by AtStake Inc. of Cambridge, Mass. AtStake declined to say whether Geer resigned or was fired. Spokeswoman Lona Therrien said Microsoft did not call for Geer's dismissal, which AtStake said was effective two days ago. Microsoft also said it was not involved in the decision. But critics said Geer's firing was reflective of Microsoft's far-reaching ability in Washington and across the technology industry to silence experts who complain about weaknesses in its software or its aggressive business practices. The Justice Department struggled years ago to find technology executives willing to testify against Microsoft in its antitrust trial. Geer could not be reached immediately for comment, but one person familiar with Geer's situation said he was fired in a call Thursday morning from AtStake executives. AtStake has worked closely with Microsoft in the past, examining some of its software blueprints for security problems and providing consulting services. AtStake's announcement came one day after Geer and six other experts published a report complaining that the U.S. government relies too heavily on software from Microsoft. It argued that the widespread dominance of Windows has created an unhealthy "monoculture" inadequately resistant to viruses and attacks by hackers. Geer was identified Wednesday in a conference call with journalists as AtStake's technology officer and the lead author of the report, which was funded by the Washington-based Computer and Communications Industry Association, a trade group whose members include some of Microsoft's biggest corporate rivals. "The values and opinions of the report are not in line with AtStake's views," the company said in a statement. It said Geer's participation working on the report was "not sanctioned." "Security is much more complicated than focusing on this one issue," said Chris Wysopal, AtStake's director of research and development. "We think the way the (CCIA) paper is positioned ... is just not the answer." Wysopal said experts within AtStake debate about security issues internally but that Geer represented his views as the company's consensus. "We value diversity of opinions here," Wysopal said. Bruce Schneier, the chief technology officer for Counterpane Systems Inc., worked with Geer on the report. He said security experts contacted to help work on the report critical of Microsoft indicated their support but couldn't participate publicly. "There is a huge chilling effect based on Microsoft's monopoly position," Schneier said. "It's unfortunate that AtStake put its private agenda ahead of intellectual integrity." The CCIA trade group also ran into trouble Thursday when it sought to send a paid announcement about its critical Microsoft report to 140,000 subscribers of popular trade magazines for chief security officers and chief information officers. The publisher for CIO and CSO magazines, CXO Media Inc., offers such announcements "to target a specific market segment of our audience by designing a list of prospects for direct mail and e-mail purposes." But in this case, the subject was too touchy. "We find it is too sensitive of material to send out. I'm sorry to be the bearer of bad news, but I have to deny your request," according to an e-mail from the publisher obtained by The Associated Press. "We need to try to provide some balance on these issues, and this seemed a little one-sided," CXO spokeswoman Karen Fogerty said. --- On the Net: AtStake Inc.: www.atstake.com Microsoft Corp. www.microsoft.com CXO Media Inc.: www.cio.com CCIA: www.ccianet.org AP-ES-09-25-03 1629EDT This story can be found at: http://ap.tbo.com/ap/breaking/MGASNQR81LD.html -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From amerritt at spasticmutant.com Fri Sep 26 13:01:00 2003 From: amerritt at spasticmutant.com (Spastic Mutant) Date: Fri, 26 Sep 2003 13:01:00 -0700 (PDT) Subject: [s-t] File sharing vs Bandwidth sharing Message-ID: The RIAA dropped its lawsuit against the sculptor who had a Mac and couldn't possibly have used Kazaa to download songs. http://www.cnn.com/2003/LAW/09/24/tech.lawsuit.ap/index.html So then I started thinkin'... But what if, say, I had a wireless access point on my cable or DSL modem setup and allowed friends and neighbors (maybe even warchalker strangers) to use it for whatever they chose? I certainly can't stop them from downloading music, I'm just allowing them to use my link. If I never downloaded songs or even had a host capable of running Kazaa, like this person, am I still off the hook? And if I'm responsible for that, wouldn't that make my ISP responsible too? I'm doing what they are doing, I'm just not taking names - I don't track who uses my WAP. Even if I just keep a list of wireless MAC addresses, that still doesn't really translate into anything of use to a prosecutor. If an open WAP means that the owner is subject to major criminal prosecution based on the behavior of the other people using it, then is there now an implicit requirement that all WAPs be secured, like a car or a gun? What are the legal responsibilities of a wireless access point owner/provider, and are people who own WAPs aware of them? If I implement the security protocols and someone breaks into my supposedly secure wireless network anyway, and is able to access bandwidth, am I still responsible for their downloads even if I implemented the standard precautions? Or is it like a swimming pool, an "attractive nuisance", for which the swimming pool owner is responsible for the drowning of neighborhood children even though he puts a six foot fence around it? Anne Marie -- When the poor steal from the middle class, it's called robbery. When the middle class steal from the rich, it's called embezzlement. When the rich steal from the poor, it's called Business. --Anne Marie Merritt, Nov 2, 1996 ----- End forwarded message ----- [demime 0.97c removed an attachment of type application/pgp-signature] From Vincent.Penquerch at artworks.co.uk Fri Sep 26 08:50:55 2003 From: Vincent.Penquerch at artworks.co.uk (Vincent Penquerc'h) Date: Fri, 26 Sep 2003 16:50:55 +0100 Subject: Critique of CyberInsecurity report Message-ID: > Wow, the problem is solved, right? > > Wrong. With the number of systems on the net growing rapidly, any > realistic extrapolation leaves the number of Windows systems as being > even larger than today. Hence we face at least as much exposure as > at present, which the evidence has shown is more than enough to cause > tremendous economic damage. You miss out on the fact that, if Windows has, say, 90% of the machines (disregarding differences between desktop/server/whatever), the damage would, with your metric, be three times as large as the cost you point at, which would affect a third of the machines (with numbers higher than today, but still less that what they would be with 90% of machines running MS). > And in fact, it is worse, because any flaws in the Mac or Linux OSs > will now be just as dangerous as for Windows! What we will face is a > situation where the *weakest* of the widely used OS's will determine > the risk factor for the system as a whole. Yes, you are right: when you don't put all your eggs in the same basket, you have *more* risk to get crushed eggs. But, in return, you have less risk of losing *all* your eggs. The point is to contain worst case cost, at the expense of having more likely minimum cost. > chosen Windows because it is popular, has good development tools, and > in the early days was easier to write for (remember that up until a few > years ago, the Mac lacked preemptive multitasking, and Linux wasn't even > a blip on the radar). Windows 2000 was only a few years ago too. Windows NT 3 and 4 were not desktopo OSes, used only on servers. And I worked in a company that had the misfortune of running an NT 3 server. Preemptive multitasking does not imply stability, as this experience showed, though I won't claim our experience was typical. There was BeOS too, which could have been widely available save for MS having the computer makers' ear (firmly grasped in an iron fist). But you still have a fair point on this point, and I agree at varying degrees with the rest of your points, except where you come back to: > The result is that we will have a system where, as pointed out above, > not one but several architectures are each widespread enough to bring > the net to its knees when an exploit is discovered. This network will > only be as strong as its weakest link. Diversity, in this context, is > a risk factor, not a risk mediator. For serial systems, not parallel ones. Encryption is a serial one. Redundancy using different systems is not: you need to destroy all branches to bring the system down (though I do not deny that you can bring the quality of service down by bringing a node down, depending on the degree of redundancy). Of course, the above holds for a more or less homogeneous distribution of the different (here) OSes. Otherwise, you have a connected graph of monocultures, and the first argument applies. -- Vincent Penquerc'h From sunder at sunder.net Fri Sep 26 14:30:53 2003 From: sunder at sunder.net (Sunder) Date: Fri, 26 Sep 2003 17:30:53 -0400 (edt) Subject: Critique of CyberInsecurity report In-Reply-To: <20030926201055.GN13725@leitl.org> Message-ID: Look, the answers are excruciatingly simple: 1. your email should not execute. 2. your web browser should not be able to run script that can access anything other than contect that came from that server - or in the least that domain -- especially not your hard drive. Things like ActiveX are a security nightmare. 3. your machine should not serve any services to the outside world that it doesn't need to. It doesn't matter what OS you run, the above are all still true. Do that, the 90% of insecurity goes away. Add buffer overflow protections, and another 5% goes away. Add parameter checking to libraries, good security permissions on file systems and other objects, and things like per process capabilities limitations, and another 4% goes away. If you run a network of unhardened Macs, Linux boxes, FreeBSD or even OpenBSD boxes, you may as well hang up a sign that says "break in please." All of this has been previously dealt with elsewhere, and it isn't that hard to grok. The only reason to cricize the redmond beast that should not be is points 1-3. The paragraph following it hasn't been implemented anywhere that's widely in use. Things like SE Linux and OBSD have attempted some of them and succeeded, but they're not as widely used as they should be. Worrying about what percentage of machines are hetro vs homogenous is a waste of time. Do you run Linux or MacOS X? Did you bother to upgrade OpenSSH last week? No? Is ssh open for anyone on the internet to access? Well then, you're fucked, and you're not even running Windows! If someone breaks into a windows 95 machine on your network whose owner has access to files vital to your company's existance, the potential to break into the server is already there. Don't just harden SOME machines and your firewall, harden them all. A simple activeX component off some rogue web page is enough to take over a lame little win9x machine. Example: Ever seen WebX? - it's like PCAnywhere, or VNC or TimbukTu, only it works over the web. A user just goes to a web page, and a user at the other end can take over their machine because IE allows such software to run! Ok, at least WebX is a commercial product designed to provide tech support, and asks if it's ok to allow it, but if it's technically possible to do it for legitimate reasons, it's technically feasable to do it for rogue reasons too. Worms aren't the only problems out there. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ From eugen at leitl.org Fri Sep 26 13:10:55 2003 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 26 Sep 2003 22:10:55 +0200 Subject: Critique of CyberInsecurity report In-Reply-To: <272c589c936931da10912b11eaeaef3f@mail.futureworlds.it> References: <272c589c936931da10912b11eaeaef3f@mail.futureworlds.it> Message-ID: <20030926201055.GN13725@leitl.org> On Fri, Sep 26, 2003 at 12:47:38AM +0200, futureworlds wrote: > Overall, this is a terrible analysis with a misguided solution which, > if adopted, would only make things worse. It is shocking to see the Please describe, how exactly it would be worse. We're kinda curious. > well known figures who have allowed their names to be attached to this > document. Apparently hatred of Microsoft runs so deep that people are > unable to think critically when presented with an analysis that attacks > the company. We saw the same thing with the absurd lies and exaggerations > about Palladium last year. It's a *tiny* *little* bit premature to conclude that, don't you think? Now your rhetoric does strike me as pro-establishment, if not outright as a Redmond mole. Kindly go insert your troll stick elsewhere. > Let's look at these three portions. The "problem in principle", > according to the report, is the existence of a monoculture, which should > be addressed by diversification. There are nonsense figures in here Nonsense, my ass. Go ask your nearest friendly biologist and immunologist/epidemiologist about the value of diversity. > that claim to quantify the "power" of the net, using absurd, handwavey > formulations like Metcalfe's Law or Reed's Law. (Reed's so-called Law is > a joke, predicting that the Internet will be 228 quadrillion times more > "powerful" in 10 years if the number of systems increases 50% per year!) > This is not logic, this is not reason, it is just rhetoric. If you don't see that the value of the network increases with its size what exactly are you doing in that thar Innurnet here? Ah, you just don't understand this nonlinear metric thing. I see. Just log it, if it will make you more comfortable. > But the fundamental problem with the analysis here, which is what > makes the report's recommendation so misguided, is that claim that > diversification will somehow solve the problem. In fact, diversification > will make it worse, as a moment's thought should make clear. Don't put all your eggs in one basket. If it breaks, all will be lost. Dilute susceptible system with inert (immune) ones. That'll take care of kinetics (local loop systems are tighly coupled, so there's a distance even though there's a 95% global connectivity). Hardly takes a five-sigma egghead to grok it, right? > Let's suppose that the government stepped in, and the kind, wise > government bureaucrats we all know and love so well decided to aid > disadvantaged operating systems. This affirmative action program is so Disadvantaged? Sure, open source has eaten a few industry branches alive, and now we've got a monopolist shitting their pants because they know they can't compete on the middle run. Yawn. Goverments are adopting it, resulting in fax effect? Good, that will accelerate the inevitable. > effective that after many years, Microsoft has only a third of the market; Half a decade sounds about right. You'll see a lot more players than just *BSD derivates in the dominating 2/3rds, though. > Macs have another third; and Linux has most of the remaining third. > Wow, the problem is solved, right? Just three systems are not enough diversity by far. Ten would be better. It'd be nice to have it run on diversified hardware as well, and offer stack protection and several iterations of security-conscientous redesign steps. However, worse is better, so we'll probably see only a slight improvement over the status quo. It would sure be nice to see liability for commercial software products, though. > Wrong. With the number of systems on the net growing rapidly, any > realistic extrapolation leaves the number of Windows systems as being > even larger than today. Hence we face at least as much exposure as > at present, which the evidence has shown is more than enough to cause > tremendous economic damage. Bullcrap once again. A fraction of all systems will be taken out, with a much slower kinetics due to phlegmatizing aspect of dilution (look up phlegmatization in HE chain reaction context). Moreover, the mission critical stuff *will* be running hardened systems after a few rounds of current worm roulette. Everybody else would be taken of circulation. Let's see how much pressure business need to start adapting rational strategies instead of the current snakeoil jacuzzi. (Probably, a lot). > And in fact, it is worse, because any flaws in the Mac or Linux OSs > will now be just as dangerous as for Windows! What we will face is a > situation where the *weakest* of the widely used OS's will determine > the risk factor for the system as a whole. I'm distinctly underwhelmed with the logic of the remainder of the diatribe, so I won't address it. [demime 0.97c removed an attachment of type application/pgp-signature] From jamesd at echeque.com Sat Sep 27 09:05:41 2003 From: jamesd at echeque.com (James A. Donald) Date: Sat, 27 Sep 2003 09:05:41 -0700 Subject: Critique of CyberInsecurity report In-Reply-To: References: <20030926201055.GN13725@leitl.org> Message-ID: <3F7552E5.29151.9861C8D@localhost> -- On 26 Sep 2003 at 17:30, Sunder wrote: > Ever seen WebX? - it's like PCAnywhere, or VNC or TimbukTu, > only it works over the web. A user just goes to a web page, > and a user at the other end can take over their machine > because IE allows such software to run! > > Ok, at least WebX is a commercial product designed to provide > tech support, and asks if it's ok to allow it, but if it's > technically possible to do it for legitimate reasons, it's > technically feasable to do it for rogue reasons too. IE first checks that the software is digitally signed, and then asks the user do you want to run this software signed by so and so. Then IE allows it to run. You do not just go to the web page. You go to the web page and IE asks if this is OK. Of course there are lots and lots of web pages that say "Hey, click here to view me naked -- just click yes to all the stupid dialogs that come up" --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG EVBFXSY8i4yhJTutdCL23/zyQbi/geQCUHZqoCr7 4J07R9CO6/ynTCaqgsY63x7wtTEVaTRpK5nt5xMio From sunder at sunder.net Sat Sep 27 10:58:20 2003 From: sunder at sunder.net (Sunder) Date: Sat, 27 Sep 2003 13:58:20 -0400 (edt) Subject: Critique of CyberInsecurity report In-Reply-To: <3F7552E5.29151.9861C8D@localhost> Message-ID: Yup, and also don't forget all the security holes in IE that would allow even more enjoyable fun stuff... things that are(were?) exploited by scumware sites such as Xupiter that installed themselves into IE and allowed pop-up ads from hell. [Sorry about the previous message, had lots of typos in there... should have proofread it before sending. :) ] ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Sat, 27 Sep 2003, James A. Donald wrote: > -- > On 26 Sep 2003 at 17:30, Sunder wrote: > > Ever seen WebX? - it's like PCAnywhere, or VNC or TimbukTu, > > only it works over the web. A user just goes to a web page, > > and a user at the other end can take over their machine > > because IE allows such software to run! > > > > Ok, at least WebX is a commercial product designed to provide > > tech support, and asks if it's ok to allow it, but if it's > > technically possible to do it for legitimate reasons, it's > > technically feasable to do it for rogue reasons too. > > IE first checks that the software is digitally signed, and then > asks the user do you want to run this software signed by so and > so. Then IE allows it to run. > > You do not just go to the web page. You go to the web page and > IE asks if this is OK. > > Of course there are lots and lots of web pages that say "Hey, > click here to view me naked -- just click yes to all the stupid > dialogs that come up" > > --digsig > James A. Donald > 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG > EVBFXSY8i4yhJTutdCL23/zyQbi/geQCUHZqoCr7 > 4J07R9CO6/ynTCaqgsY63x7wtTEVaTRpK5nt5xMio From timcmay at got.net Sat Sep 27 20:00:17 2003 From: timcmay at got.net (Tim May) Date: Sat, 27 Sep 2003 20:00:17 -0700 Subject: DC Security Geeks Talk: Analysis of an Electronic Voting System In-Reply-To: Message-ID: On Friday, September 26, 2003, at 06:42 AM, Ed Reed wrote: > Grisham might be better - it's the legal wrangling that would tie up > people's imagination, more than the technical. > >>>> "Major Variola (ret)" 9/25/2003 12:46:13 PM >>> > At 02:48 PM 9/24/03 -0400, R. A. Hettinga wrote: >> > modules.php?name=News&file=print&sid=463> > >> >> Cryptonomicon.Net - >> >> Talk: Analysis of an Electronic Voting System > > Someone needs to inject a story about e-voting fraud into the popular > imagination. > Is Tom Clancy available? Maybe an anonymous, detailed, plausible, > (but > secretly fictional) > blog describing how someone did this in their podunk county... then > "leak" this to a news reporter.. > Failure to be *able* to assure that this *didn't* happen in that > podunk > county would make > an important point. > There have already been reports of "electronic votes" being reported, mysteriously, before the election precincts closed. We know the results are often fixed, but reporting the results before the polls are closed sorts of makes the point obvious even to the sheeple. But, like the current hullaballoo about spam and telemarketing, the larger issues are not being discussed. Providing more sound bites about why Washington needs to be more successfully targeted by Al Qaida, with a lot more destruction than the paltry efforts we saw on 9/11, is boring. The focus of this list in recent months on political lobbying activities is wrong-headed. We need to be working on ways to make Big Brother powerless, either through technology or through destroying his nests and his tens of millions of helpers. The death of twenty million enablers and welfare addicts will be a very good thing. Burn, corpses, burn!! --Tim May From mv at cdc.gov Sun Sep 28 00:02:47 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Sun, 28 Sep 2003 00:02:47 -0700 Subject: When the brownshirts come for your underwear Message-ID: <3F768797.59CA9D20@cdc.gov> http://www.regen.org/raid.htm This is the commune of the guy charged and released for toasting some Hummers. Getting RichardJewell'ed by the FBI. Oh yes, he is "a peace activist who has protested the war in Iraq and actions of the Bush administration" which is surely coincidental. CNN interviewed him 11pm Sat, and he's getting a lawyer. This interview was a few minutes before Declan talked about spam (and mentioned Eudora on CNN!) From mv at cdc.gov Sun Sep 28 00:40:23 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 28 Sep 2003 00:40:23 -0700 Subject: Terror status: urine-colored Message-ID: <3F769067.B2C90276@cdc.gov> These Passenger Stability Indicators Include : Social Security Number, Length-of-Residence, Income, and Home Ownership. Two Additional Elements If Available Would Likely Be Good Indicators: Namely, Miles Flown Annually and Lifetime. "Homeland Security - Airline Passenger Risk Assessment" Torchconcepts.com ------- Would unplanned urban construction just before the '04 elections help or hurt Bush? Our machines are thrashing on the national-coherency vs. impotency-realization mass-psysim code. From mv at cdc.gov Sun Sep 28 01:13:07 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 28 Sep 2003 01:13:07 -0700 Subject: vehicle tracking from inductive signatures Message-ID: <3F769813.2DB68B23@cdc.gov> The loops in the road are, after all, analogue: A general vehicle reidentification system using inductive loop signatures to uniquely but anonymously track individual vehicles, has been formulated and tested in recent years at the University of California, Irvine. By using non-obtrusive and anonymous tracking methods, individual vehicles can be identified and correlated over numerous identification stations, and very specific real-time data can be obtained for each tracked vehicle. UCI-ITS-WP-02-12 Anonymous Vehicle Tracking for Real-Time Traffic Surveillance Cheol Oh 1 Stephen G. Ritchie August 2002 Institute of Transportation Studies University of California, Irvine Irvine, CA 92697-3600, U.S.A. From mv at cdc.gov Sun Sep 28 13:46:19 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Sun, 28 Sep 2003 13:46:19 -0700 Subject: Patriot act power grab in progress Message-ID: <3F77489A.B31CDEDB@cdc.gov> WASHINGTON, Sept. 27  The Bush administration, which calls the USA Patriot Act perhaps its most essential tool in fighting terrorists, has begun using the law with increasing frequency in many criminal investigations that have little or no connection to terrorism. http://news.yahoo.com/news?tmpl=story2&cid=68&u=/nyt/20030927/ts_nyt/ususesterrorlawtopursuecrimesfromdrugstoswindling&printer=1 --- M. Atta: An Army of One From zooko at zooko.com Sun Sep 28 16:12:19 2003 From: zooko at zooko.com (Zooko) Date: 28 Sep 2003 19:12:19 -0400 Subject: [mnet-devel] progress implementing emergent networks Message-ID: Myers reported (I think) that his twisted Chord network passes a unit test where you start with two separate Chord networks and introduce one node from the first net to one node from the other, and then the two nets merge. Meanwhile, I've finished implementing a version of ent (based on Kademlia) which keeps only one node per k-bucket, and fixed several bugs, but there remains some bug that I haven't investigated (I'm out of time) which causes it to fail the basic "contruct a network, publish a block, fetch the block" unit test. (Please, someone fix it, as I'm probably busy this week.) I just wanted to comment that there is no way known (to me at least) for Kademlia to pass the unit test that Myers is using on his Chord net -- merging two separate nets into one. Kademlia can't do that AFAIK. (This is one way of observing the "Kademlia doesn't self-heal" problem.) I also wanted to mention that Chord can sometimes fail, too, if the nets happen to line up so that the resulting merged Chord net is "loopy". The Liben-Nowell paper [1] explains how to fix that. --Z [1] http://citeseer.nj.nec.com/553810.html ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ mnet-devel mailing list mnet-devel at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mnet-devel ----- End forwarded message ----- [demime 0.97c removed an attachment of type application/pgp-signature] From cpunk at lne.com Sun Sep 28 20:00:01 2003 From: cpunk at lne.com (cpunk at lne.com) Date: Sun, 28 Sep 2003 20:00:01 -0700 Subject: Cypherpunks List Info Message-ID: <200309290300.h8T301EO023951@slack.lne.com> Cypherpunks Mailing List Information Last updated: Sep 12, 2002 This message is also available at http://www.lne.com/cpunk Instructions on unsubscribing from the list can be found below. 0. Introduction The Cypherpunks mailing list is a mailing list for discussing cryptography and its effect on society. It is not a moderated list (but see exceptions below) and the list operators are not responsible for the list content. Cypherpunks is a distributed mailing list. A subscriber can subscribe to one node of the list and thereby participate on the full list. Each node (called a "Cypherpunks Distributed Remailer", although they are not related to anonymous remailers) exchanges messages with the other nodes in addition to sending messages to its subscribers. A message posted to one node will be received by the list subscribers on the other nodes, and vice-versa. 1. Filtering The various CDRs follow different policies on filtering spam and to a lesser extent on modifying messages that go to/from their subscribers. Filtering is done, on nodes that do it, to reduce the huge amount of spam that the cypherpunks list is subjected to. There are three basic flavors of filtering CDRs: "raw", which send all messages to their subscribers. "cooked" CDRs try to eliminate the spam on that's on the regular list by automatically sending only messages that are from cypherpunks list subscribers (on any CDR) or people who are replying to list messages. Finally there are moderated lists, where a human moderator decides which messages from the raw list to pass on to subscribers. 2. Message Modification Message modification policy indicates what modifications, if any, beyond what is needed to operate the CDR are done (most CDRs add a tracking X-loop header on mail posted to their subscribers to prevent mail loops). Message modification usually happens on mail going in or out to each CDR's subscribers. CDRs should not modify mail that they pass from one CDR to the next, but some of them do, and others undo those modifications. 3. Privacy Privacy policy indicates if the list will allow anyone ("open"), or only list members, or no one ("private") , to retrieve the subscribers list. Note that if you post, being on a "private" list doesn't mean much, since your address is now out there. It's really only useful for keeping spammers from harvesting addresses from the list software. Digest mode indicates that the CDR supports digest mode, which is where the posts are batched up into a few large emails. Nodes that support only digest mode are noted. 4. Anonymous posting Cypherpunks encourages anonymous posting. You can use an anonymous remailer: http://www.andrebacard.com/remail.html http://anon.efga.org/Remailers http://www.gilc.org/speech/anonymous/remailer.html or you can send posts to the list via cpunks_anon at einstein.ssz.com and your mail's headers will be stripped before posting. Note that this doesn't provide complete anonymity since the receiving site will still have log file entries showing the source of the mail (or you have to trust that they delete them). You also will be 'sharing' a reputation with the other entities that post through this alias, and some of them are spammers, so some subscribers will have this alias filtered. 5. Unsubscribing Unsubscribing from the cypherpunks list: Since the list is run from a number of different CDRs, you have to figure out which CDR you are subscribed to. If you don't remember and can't figure it out from the mail headers (hint: the top Received: line should tell you), the easiest way to unsubscribe is to send unsubscribe messages to all the CDRs listed below. How to figure out which CDR you are subscribed to: Get your mail client to show all the headers (Microsoft calls this "internet headers"). Look for the Sender or X-loop headers. The Sender will say something like "Sender: owner-cypherpunks at lne.com". The X-loop line will say something like "X-Loop: cypherpunks at lne.com". Both of these inticate that you are subscribed to the lne.com CDR. If you were subscribed to the algebra CDR, they would have algebra.com in them. Once you have figured out which CDR you're subscribed to, look in the table below to find that CDRs unsubscribe instructions. 6. Lunatics, spammers and nut-cases "I'm subscribed to a filtering CDR yet I still see lots of junk postings". At this writing there are a few sociopaths on the cypherpunks list who are abusing the lists openness by dumping reams of propaganda on the list. The distinction between a spammer and a subscriber is nearly always very clear, but the dictinction between a subscriber who is abusing the list by posting reams of propaganda and a subscriber who is making lots of controversial posts is not clear. Therefore, we tolerate the crap. Subscribers with a low crap tolerance should check out mail filters. Procmail is a good one, although it works on Unix and Unix-like systems only. Eudora also has a capacity for filtering mail, as do many other mail readers. An example procmail recipie is below, you will of course want to make your own decisions on which (ab)users to filter. # mailing lists: # filter all cypherpunks mail into its own cypherspool folder, discarding # mail from loons. All CDRs set their From: line to 'owner-cypherpunks'. # /dev/null is unix for the trash can. :0 * ^From.*owner-cypherpunks at .* { :0: * (^From:.*ravage at ssz\.com.*|\ ^From:.*jchoate at dev.tivoli.com.*|\ ^From:.*mattd at useoz.com|\ ^From:.*proffr11 at bigpond.com|\ ^From:.*jei at cc.hut.fi) /dev/null :0: cypherspool } 7. List of current CDRs All commands are sent in the body of mail unless otherwise noted. --------------------------------------------------------------------------- Algebra: Operator: Subscription: "subscribe cypherpunks" to majordomo at algebra.com Unsubscription: "unsubscribe cypherpunks" to majordomo at algebra.com Help: "help cypherpunks" to majordomo at algebra.com Posting address: cypherpunks at algebra.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- CCC: Operator: drt at un.bewaff.net Subscription: "subscribe [password of your choice]" to cypherpunks-request at koeln.ccc.de Unsubscription: "unsubscribe " to cypherpunks-request at koeln.ccc.de Help: "help" to to cypherpunks-request at koeln.ccc.de Web site: http://koeln.ccc.de/mailman/listinfo/cypherpunks Posting address: cypherpunks at koeln.ccc.de Filtering policy: This specific node drops messages bigger than 32k and every message with more than 17 recipients or just a line containing "subscribe" or "unsubscribe" in the subject. Digest mode: this node is digest-only NNTP: news://koeln.ccc.de/cbone.ml.cypherpunks Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Infonex: Subscription: "subscribe cypherpunks" to majordomo at infonex.com Unsubscription: "unsubscribe cypherpunks" to majordomo at infonex.com Help: "help cypherpunks" to majordomo at infonex.com Posting address: cypherpunks at infonex.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Lne: Subscription: "subscribe cypherpunks" to majordomo at lne.com Unsubscription: "unsubscribe cypherpunks" to majordomo at lne.com Help: "help cypherpunks" to majordomo at lne.com Posting address: cypherpunks at lne.com Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to lne CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. messages are demimed (MIME attachments removed) when posted through lne or received by lne CDR subscribers 2. leading "CDR:" in subject line removed 3. "Reply-to:" removed Privacy policy: private Info: http://www.lne.com/cpunk; "info cypherpunks" to majordomo at lne.com Archive: http://archives.abditum.com/cypherpunks/index.html (thanks to Steve Furlong and Len Sassaman) --------------------------------------------------------------------------- Minder: Subscription: "subscribe cypherpunks" to majordomo at minder.net Unsubscription: "unsubscribe cypherpunks" to majordomo at minder.net Help: "help" to majordomo at minder.net Posting address: cypherpunks at minder.net Filtering policy: raw Message Modification policy: no modification Privacy policy: private Info: send mail to cypherpunks-info at minder.net --------------------------------------------------------------------------- Openpgp: [openpgp seems to have dropped off the end of the world-- it doesn't return anything from sending help queries. Ericm, 8/7/01] Subscription: "subscribe cypherpunks" to listproc at openpgp.net Unsubscription: "unsubscribe cypherpunks" to listproc at openpgp.net Help: "help" to listproc at openpgp.net Posting address: cypherpunks at openpgp.net Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Ssz: Subscription: "subscribe cypherpunks" to majordomo at ssz.com Unsubscription: "unsubscribe cypherpunks" to majordomo at ssz.com Help: "help cypherpunks" to majordomo at ssz.com Posting address: cypherpunks at ssz.com Filtering policy: raw Message Modification policy: Subject line prepended with "CDR:" Reply-to cypherpunks at ssz.com added. Privacy policy: open Info: http://www.ssz.com/cdr/ --------------------------------------------------------------------------- Sunder: Subscription: "subscribe" to sunder at sunder.net Unsubscription: "unsubscribe" to sunder at sunder.net Help: "help" to sunder at sunder.net Posting address: sunder at sunder.net Filtering policy: moderated Message Modification policy: ??? Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- Pro-ns: Subscription: "subscribe cypherpunks" to majordomo at pro-ns.net Unsubscription: "unsubscribe cypherpunks" to majordomo at pro-ns.net Help: "help cypherpunks" to majordomo at pro-ns.net Posting address: cypherpunks at pro-ns.net Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to local CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. leading "CDR:" in subject line removed 2. "Reply-to:" removed Privacy policy: private Info: http://www.pro-ns.net/cpunk From mv at cdc.gov Mon Sep 29 11:42:07 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 29 Sep 2003 11:42:07 -0700 Subject: Wipe your Lamo notes now Message-ID: <3F787CFF.AE48DDC0@cdc.gov> http://www.securityfocus.com/columnists/187 The Subpoenas are Coming! By Mark Rasch Sep 29 2003 05:00AM PT Frequent readers of this space know that I am no apologist for hackers like Adrian Lamo, who, in the guise of protection, access others' computer systems without authorization, and then publicize these vulnerabilities. When Lamo did this to the New York Times, he violated two of my cardinal rules: Don't make enemies with people appointed for life by the President of the United States; and don't make enemies of people who buy their ink by the gallon. Now, in the scope of prosecuting Lamo, the FBI is doing the hacker one better by violating both of these precepts in one fell swoop. The Bureau recently sent letters to a handful of reporters who have written stories about the Lamo case -- whether or not they have actually interviewed Lamo. The letters warn them to expect subpoenas for all documents relating to the hacker, including, apparently, their own notes, e-mails, impressions, interviews with third parties, independent investigations, privileged conversations and communications, off the record statements, and expense and travel reports related to stories about Lamo. In short, everything. The notices make no mention of the protections of the First Amendment, Department of Justice regulations that restrict the authority to subpoena information from journalists, or the New York law that creates a "newsman's shield" against disclosure of certain confidential information by reporters. Instead, the FBI has threatened to put these reporters in jail unless they agree to preserve all of these records while they obtain a subpoena for them under provisions amended by the USA-PATRIOT Act. The FBI doesn't want the reporters talking to anyone, because that would supposedly harm the ongoing criminal investigation. The government also officiously informed the reporters that this is an "official criminal investigation" and asks that they not disclose the request to preserve documents, or the contents of the letter, to anyone -- presumably including their editors, directors, or lawyers -- under the implied threat of prosecution for obstruction of justice. That's why you're reading about the letters for the first time here. They do this despite the fact that, had they actually obtained and issued a subpoena for these documents, the federal criminal procedure rules would have prohibited the imposition of any obligation of secrecy unless the Justice Department obtained a "gag" order on the press -- a rare event indeed. All of this began the day after the Attorney General advised all United States Attorney's Offices to prosecute each and every criminal offense with the harshest possible penalties, instead of the previous policy of prosecuting cases with the penalties that most accurately reflect the seriousness of the offense. Thus, journalists be forewarned -- your government may be seeking to throw the book at you! Believe it or not, this isn't even the worst of it. Patriot Games The demand that journalists preserve their notes is being made under laws that require ISP's and other "providers of electronic communications services" to preserve, for example, e-mails stored on their service, pending a subpoena, under a statute modified by the USA-PATRIOT Act. The purpose of that law was to prevent the inadvertent destruction of ephemeral electronic records pending a subpoena. For example, you could tell an ISP that you were investigating a hacking case, and that they should preserve the audit logs while you ran to the local magistrate for a subpoena. It was never intended to apply to journalist's records. Similarly, the letters go on to inform the reporters that the FBI intends to get an order for production of records under the Electronic Communication Transactional Records Act, a statute that applies only to ISPs. Citing that law, they insist that the journalist is mandated to preserve records for at least the next three months and possibly longer. This demand is all the more egregious in that it comes more than a year after the articles and interviews first appeared -- after any actual Internet logs would have been routinely deleted. [...] _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) From sunder at sunder.net Mon Sep 29 10:03:28 2003 From: sunder at sunder.net (Sunder) Date: Mon, 29 Sep 2003 13:03:28 -0400 (edt) Subject: [Politech] California elections official starts "verifiable voting" blog In-Reply-To: <6.0.0.22.2.20030929013333.01fd6428@mail.well.com> Message-ID: Appropos voting: a very disturbing article is here: http://www.theinquirer.net/default.aspx?article=11811 --------------------------------------------------------------------- Who plans to steal the 2004 US elections? Some people have it figured out By Egan Orion: Monday 29 September 2003, 06:04 AFTER THE VOTING MESS in Florida during the 2000 elections, the US Congress passed the "Help America Vote Act". They should have more accurately entitled it the "Help Steal America's Vote Act" instead. However, at least one journalist has cottoned on to what's happening, and it is simply outrageous. We reprint by permission Chris Floyd's dynamite article at CounterPunch exposing these sordid facts. <> It's a shell game, with money, companies and corporate brands switching in a blur of buy-outs and bogus fronts. It's a sinkhole, where mobbed-up operators, paid-off public servants, crazed Christian fascists, CIA shadow-jobbers, war-pimping arms dealers--and presidential family members--lie down together in the slime. It's a hacker's dream, with pork-funded, half-finished, secretly-programmed computer systems installed without basic security standards by politically-partisan private firms, and protected by law from public scrutiny. It's how America, the "world's greatest democracy," casts its votes. And it's why George W. Bush will almost certainly be the next president of the United States--no matter what the people of the United States might want. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ From bill at scannell.org Mon Sep 29 11:25:33 2003 From: bill at scannell.org (Bill Scannell) Date: Mon, 29 Sep 2003 13:25:33 -0500 Subject: David Stempler: TSA's Fake Passenger Advocate? In-Reply-To: Message-ID: At a press conference held on the 26th of September 2003, TSA chief James Loy needed someone to extol the virtues of the CAPPS II internal border control system. His choice: 'passenger advocate' David S. Stempler , head of the Air Travelers Association. Stempler obliged, saying that CAPPS II testing was a fine idea and that "(w)hatever's going to be done will have to be done in secret". If Stempler sounds like a boot-licking toady, it's because he probably is: his association appears to be little more than a front for the Cendant Corporation, whose Galileo subsidiary stands to gain a new profit center if CAPPS II is implemented. http://www.dontspyon.us/stempler.html 777 --- 777 777 --- 777 "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin From rah at shipwright.com Mon Sep 29 12:02:42 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 29 Sep 2003 15:02:42 -0400 Subject: Johns Hopkins Physics Lab System Detects Digital Video Tampering Message-ID: Of course, if it's is just signed-frame video, "prior art" doesn't begin to describe this. Cheers, RAH ------ Science Daily Source :šš Johns Hopkins University Date :šš 2003-09-29 Johns Hopkins APL Creates System To Detect Digital Video Tampering The Johns Hopkins University Applied Physics Laboratory (APL) in Laurel, Md., has opened the door to using reliable digital video as evidence in court by developing a system that identifies an attempt to alter digital video evidence. "It's not too hard to make changes to digital video," says Tom Duerr, APL's project manager. "But our system quickly and conclusively detects any alterations made to the original tape." For the past two years, Duerr has led development of the project for the United States Postal Inspection Service. "We're satisfied that our system can accurately detect tampering and now we're building a working prototype that can be attached to a camcorder," says Nick Beser, lead engineer for the project. "Our authenticator provides proof of tampering when the human eye can't detect it. You might theorize that a change has been made, but this system takes the theory out of that determination." The U.S. Postal Inspection Service, the federal law enforcement agency that safeguards the U.S. Postal Service, its employees and assets, and ensures the integrity of the mail, uses video surveillance and cutting edge technology as investigative tools in many of its cases. "We are looking forward to field testing the prototype developed by APL," says Dennis Jones, assistant postal inspector in charge of the agency's Forensic & Technical Services Division. "Being able to present a certifiable digital recording in court in support of our investigative efforts will minimize court challenges over the admissibility of such evidence. This system could reinforce the public's confidence in the work of law enforcement professionals." Securing the System The authentication system computes secure computer-generated digital signatures for information recorded by a standard off-the-shelf digital video camcorder. While recording, compressed digital video is simultaneously written to digital tape in the camcorder and broadcast from the camera into the Digital Video Authenticator (currently a laptop PC). There the video is separated into individual frames and three digital signatures are generated per frame -- one each for video, audio, and camcorder/DVA control data -- at the camcorder frame rate. Public-key cryptography is used to create unique signatures for each frame. The "keys" are actually parameters from mathematical algorithms embedded in the system. Duerr says, "The keys, signature, and original data are mathematically related in such a way that if any one of the three is modified, the fact that a change took place will be revealed in the verification process." One key, called a "private" key, is used to generate the signatures and is destroyed when the recording is complete. The second, a "public" key, is used for verification. To provide additional accountability, a second set of keys is generated that identifies the postal inspector who made the recording. This set of keys is embedded in a secure physical token that the inspector inserts into the system to activate the taping session. The token also signs the Digital Video Authenticator's public key, ensuring that the public key released with the video signatures was created by the inspector and can be trusted. The signatures that are generated for the recording make it easy to recognize tampering. If a frame has been added it won't have a signature and will be instantly detected. If an original frame is altered, the signature won't match the new data and the frame will fail verification. The method is so perceptive that tampering with even a single bit (an eighth of a byte) of a 120,000-byte video frame is enough to trigger an alert. After an event is recorded, the signatures and the signed public key are transferred to a removable storage device and secured along with the original tape in case the authenticity of a tape is challenged. When finished, the Digital Video Authenticator is expected to be within the size and cost range of consumer-grade digital camcorders. It will be attached to, rather than embedded in, a video camera, which allows it to be transferred to different cameras when current ones become obsolete. Comparison of signatures with recorded video and analysis of the results will be accomplished in separate software that will run on a desktop PC. Prototype development will include peer review by other researchers and potential users and is expected to be completed by 2005. In addition to Postal Inspection Service use, the system could serve state and local law enforcement needs and possibly corporate and other business venues. ### The Applied Physics Laboratory, a division of The Johns Hopkins University, meets critical national challenges through the innovative application of science and technology. For more information, visit http://www.jhuapl.edu . This story has been adapted from a news release issued by Johns Hopkins University. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From mv at cdc.gov Mon Sep 29 15:39:28 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 29 Sep 2003 15:39:28 -0700 Subject: Motorola Security Chips Message-ID: <3F78B4A0.1A738F4A@cdc.gov> At 03:58 PM 9/29/03 -0400, Tyler Durden wrote: >These seem to be actual chips. Anyone know of companies selling Crypto apps >for Network processors? What do you mean "crypto apps"? In some cases you can get support for the crypto hardware in a version of say VxWorks etc which makes it easier. Perhaps you can get as much as full IPSec since RTOS companies often sell IP stacks too. Particularly important when say your SOHO OEM customer doesn't have massive resources or expertise. "Buy our chips, we'll get WindRiver to give you price break, all you do is recompile with #define NUMPORTS set to the number of RJ-45s on the thing" Core or edge, baby? NPU is a marketroid term. What's called a "network processor" might range from an Intel IXP w/ hardware AES (and everything else including mbuf ops), that can do line-rate SONET, for a few hundred $; or an IDT 100 Mhz MIPS with a DES core and ethernet i/f glued on for $10 for your 10Mbps home router. All of them come with some kind of software and/or partnerships with software/OS vendors --hard to sell silicon without that. At least, drivers for common OS. The hardware vendor's problem is this: You have all these transistors to do something with. May as well add crypto to netstuff, just like graphics ops got added to gamestuff. Transistors are free and integrating functions might give you an edge over the competition for a while. When was the last time you shopped for a floating-point co-processor? Eventually innovation becomes a "checkbox" item. Eventually chips will come with cup-holders and power-mirrors. If so, which is deemed more secure by >Cypherpunks...software apps on network processors or outboard chips? (Am I >correct in assuming that a crypto app on a network processor is not any >easier to view or examine that a crypto ASIC?) You add hardware accelerators on chips with other functions to increase crypto-app *performance*. Rarely, you/NSA buy it because its immutable, so you avoid certain problems. (Problems mostly solved by integrated ROMs for your CPU.) Mostly you buy for performance. *Any* black box is less trustworthy than code you can read; however, have you read your OS or compiler recently? Before you claim that others have, Have you realized that trust isn't transitive yet? And are you sure your "generic" black-box CPU (that runs your ever-so-carefully hand-inspected code) hasn't any interesting tricks hidden inside? F00F! If you want complete transparency, use a soft CPU core on an FPGA so nothing (but the FPGA fabric) is opaque. As a paran^H^H^H^Hcypherpunk, you might design your system to use a few FPGAs (purchased from different vendors as anonymously as possible) identically configured and have them vote. Don't have them vote using Diebold machinery, though :-) >Motorola Locks Down Chips > >-------------------------------------------------------------------------------- > >Motorola Inc. (NYSE: MOT - message board) has become the latest vendor to >integrate security into its microprocessors, continuing the trend of putting >encryption acceleration on-chip. ... >Naturally, processor companies believe they can further speed things up -- >and save OEMs a bit of money -- by merging the co-processors into their own >chips. Broadcom Corp. (Nasdaq: BRCM - message board), Integrated Device >Technology Inc. (IDT) (Nasdaq: IDTI - message board), and PMC-Sierra Inc. >(Nasdaq: PMCS - message board) are adding security to their microprocessors; >and Agere Systems Inc. (NYSE: AGR.A) and Intel Corp. (Nasdaq: INTC - message >board) have done the same with some of their network processors (see Vendors >Add Security to MIPS Chips and Intel Moves on Security ). From eugen at leitl.org Mon Sep 29 06:52:43 2003 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 29 Sep 2003 15:52:43 +0200 Subject: [mnet-devel] progress implementing emergent networks (fwd from zooko@zooko.com) Message-ID: <20030929135243.GA27130@leitl.org> Is anyone monitoring the anonymous p2p scene? Care for a short summary of developments in the last half a year? ----- Forwarded message from Zooko ----- From camera_lumina at hotmail.com Mon Sep 29 12:58:31 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 29 Sep 2003 15:58:31 -0400 Subject: Motorola Security Chips Message-ID: These seem to be actual chips. Anyone know of companies selling Crypto apps for Network processors? If so, which is deemed more secure by Cypherpunks...software apps on network processors or outboard chips? (Am I correct in assuming that a crypto app on a network processor is not any easier to view or examine that a crypto ASIC?) -TD Motorola Locks Down Chips -------------------------------------------------------------------------------- Motorola Inc. (NYSE: MOT - message board) has become the latest vendor to integrate security into its microprocessors, continuing the trend of putting encryption acceleration on-chip. The company announced eight new varieties of its PowerQuicc processors today, grouped under the family names MPC885 and MPC8272. Four of the eight include security. Specifically, Motorola is enhancing some of its PowerQuicc chips with the encryption functions found in its S1 line of security co-processors, which the company introduced in 2000. (see Motorola Processors Integrate Security ). The idea is to speed up security processing. Encryption involves doing math with unusually large numbers, a task that can bog down a general-purpose processor. So, several companies, including Cavium Networks Inc., Corrent Corp., and Hifn Inc. (Nasdaq: HIFN - message board), have developed specialty hardware for the task. These chips are often called co-processors, as they're meant to sit alongside a microprocessor. Naturally, processor companies believe they can further speed things up -- and save OEMs a bit of money -- by merging the co-processors into their own chips. Broadcom Corp. (Nasdaq: BRCM - message board), Integrated Device Technology Inc. (IDT) (Nasdaq: IDTI - message board), and PMC-Sierra Inc. (Nasdaq: PMCS - message board) are adding security to their microprocessors; and Agere Systems Inc. (NYSE: AGR.A) and Intel Corp. (Nasdaq: INTC - message board) have done the same with some of their network processors (see Vendors Add Security to MIPS Chips and Intel Moves on Security ). PowerQuicc tends toward a lower-end market than those processors, however. The product line, consisting of a few dozen chips, spans applications from access modems to edge-network equipment. In addition to the usual speed and cost arguments, Motorola is hoping to gain an edge from its greater experience with ATM and Ethernet. "We can attack kind of the next-generation security processors," says Matthew Short, head of security applications for Motorola's networking and computing systems group. The integration trend doesn't necessarily mean the end of co-processors. Motorola and Broadcom plan to continue selling their co-processors. And Short notes that chips such as Corrent's will continue to serve high-end applications, where integration becomes too cumbersome. "Corrent's kind of a different beast. It's pretty high-end. We even recommend them to go with C-Port," he says, referring to Motorola's line of network processors. The new PowerQuicc chips are due to begin sampling next month, with volume production slated for the second quarter of 2004.  Craig Matsumoto, Senior Editor, Light Reading _________________________________________________________________ From timcmay at got.net Mon Sep 29 16:15:49 2003 From: timcmay at got.net (Tim May) Date: Mon, 29 Sep 2003 16:15:49 -0700 Subject: Wipe your Lamo notes now In-Reply-To: <3F787CFF.AE48DDC0@cdc.gov> Message-ID: On Monday, September 29, 2003, at 11:42 AM, Major Variola (ret) wrote: > http://www.securityfocus.com/columnists/187 > > The Subpoenas are Coming! > By Mark Rasch Sep 29 2003 05:00AM PT > > ... > The Bureau recently sent letters to a handful of reporters who have > written > stories about the Lamo case -- whether or not they have actually > interviewed Lamo. The letters warn them to expect subpoenas for all > documents relating to the hacker, including, apparently, their own > notes, > e-mails, impressions, interviews with third parties, independent > investigations, privileged conversations and communications, off the > record > statements, and expense and travel reports related to stories about > Lamo. > > In short, everything. Hypocrisy is the name of the game in Washington, as in all imperial cities. Robert Novak, a reporter, revealed the name of a clandestine CIA operative, which is said to be a felony (the revealing of a name, that is). Will he face jail time, or does he get one of those special "exemptions for reporters"? Long time readers here know that I argue we are all reporters, we are all writers, we are all ministers, we are all preachers. There are no special rights for "badged" or "licensed" reporters, writers, ministers, witch doctors. If it's a felony for _me_ to say "Sources tell me that Valerie Plame, the wife of Ambassador Joseph Wilson, has been a CIA covert operative since 1980," it is a felony for Robert Novak to do so. And yet he will not be prosecuted, while Jim Bell was prosecuted essentially for "outing" the names of some lower-ranking investigators. (As for the Plame case, Novak will not be prosecuted, because he's a loyal Republican and Ashcroft won't touch loyal Republicans. But were I to talk about Plame's role in assisting with CIA-sponsored diamond smuggling in Niger and Gabon, and her involvement with the death squads in South Africa in the early 80s, I could expect a visit from the Thought Police. So I won't talk about these things. Novak can talk about her, we cannot.) And in the Lamo case, reporters who clam up will face Patriot Act consequences. Will Robert Novak and Karl Rove get the same Patriot Act treatment? Don't be silly. Washington is corruption on earth. The Great Satan needs to be destroyed with a 40 megaton bomb. Corruption on earth. --Tim May From myers at maski.org Mon Sep 29 19:05:27 2003 From: myers at maski.org (Myers W. Carpenter) Date: Mon, 29 Sep 2003 22:05:27 -0400 Subject: [p2p-hackers] Re: desiderata and open issues in ent Message-ID: On Thu, Sep 25, 2003 at 04:23:24PM -0400, Zooko wrote: > Networking researchers and Internet hackers like to talk about "solving the > NAT problem", but I suspect that the people who actually make the decisions > consider it to be a feature and not a problem. I suspect that at this point the people who actually make the decisions are about as clueless as Aunt Millie (sorry Aunt Millie). Actually, if you want to look at the main decision-maker-by-default, Microsoft, you see that they are pushing NAT traversal. Why? Because it allows them to have neat features like Video/Voice Conf. (which was actually the key reason we got these UPnP routers at work). Also take a look at their Three Degrees project. Key dependency for this is IPv6 and Teredo [1]. I'm tempted to see if this could be used within Mnet. I think it's a good idea to take the bull by the horns now and add in support for these technologies. Put an indicator on your app to show the user what kind of connection they have. For example a yellow indicator or, if you are Peekabooty, a big frowning bear (maybe he could spit at you and call you names?) when you can't accept incoming connections. Make them feel like they aren't getting the full deal. Make the user want it to the point that the other people who make decisions (you know "THEM") can't just slip this one by. myers 1 - "Teredo, also known as IPv4 network address translator (NAT) traversal for IPv6" http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechno l/winxppro/maintain/Teredo.asp _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- [demime 0.97c removed an attachment of type application/pgp-signature] From shaddack at ns.arachne.cz Mon Sep 29 21:55:29 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Tue, 30 Sep 2003 06:55:29 +0200 (CEST) Subject: Motorola Security Chips In-Reply-To: References: Message-ID: On Mon, 29 Sep 2003, Tyler Durden wrote: > These seem to be actual chips. Anyone know of companies selling Crypto apps > for Network processors? If so, which is deemed more secure by > Cypherpunks...software apps on network processors or outboard chips? (Am I > correct in assuming that a crypto app on a network processor is not any > easier to view or examine that a crypto ASIC?) You don't have to rely on a proprietary, potentially compromised solution; there are open-source FPGA cores in the wild that can do lots of things for you. Eg, . With a bit of luck, situation on the free cores market will gradually improve further. From eugen at leitl.org Tue Sep 30 02:30:27 2003 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 30 Sep 2003 11:30:27 +0200 Subject: [s-t] File sharing vs Bandwidth sharing (fwd from amerritt@spasticmutant.com) Message-ID: <20030930093027.GK27130@leitl.org> ----- Forwarded message from Spastic Mutant ----- From sunder at sunder.net Tue Sep 30 08:30:51 2003 From: sunder at sunder.net (Sunder) Date: Tue, 30 Sep 2003 11:30:51 -0400 (edt) Subject: Johns Hopkins Physics Lab System Detects Digital Video Tampering In-Reply-To: Message-ID: And what stops an attacker from taking that digital video, stripping off the RSA(?) signatures (I'll assume it's just signed), editing it, creating another, random, one time private key, "destroying" that private key after resigning it, and offering it up as unedited?!?!?!?! They've either obviously not relesed all the details about this method, since you have no way to validate that the presented public key was created by their camcorder. So how would you prove that something came from a particular camera? Do you cripple the private key somehow to be able to identify it? Do you sign it twice? If you do, then a more permanent private key lives in the camcorder and can be extracted to also produce fake keys, etc... Either that, or this gets a nice wonderful SNAKE OIL INSIDE sticker slapped on it. :) Even more obvious: What stops an attacker from taking the camcorder apart, disconnecting the CCD output, then hooking up an unsigned edited video signal to it, and recording as a signed video? IMHO, it has an aroma rich with viperidae lipids. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Mon, 29 Sep 2003, R. A. Hettinga wrote: > Of course, if it's is just signed-frame video, "prior art" doesn't begin to describe this. > > Cheers, > RAH > ------ > > > > Science Daily > > Source : > Johns Hopkins University > > Date : > 2003-09-29 > > One key, called a "private" key, is used to generate the signatures and is destroyed when the recording is complete. The second, a "public" key, is used for verification. To provide additional accountability, a second set of keys is generated that identifies the postal inspector who made the recording. This set of keys is embedded in a secure physical token that the inspector inserts into the system to activate the taping session. The token also signs the Digital Video Authenticator's public key, ensuring that the public key released with the video signatures was created by the inspector and can be trusted. From eugen at leitl.org Tue Sep 30 02:39:48 2003 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 30 Sep 2003 11:39:48 +0200 Subject: [p2p-hackers] Re: desiderata and open issues in ent (fwd from myers@maski.org) Message-ID: <20030930093948.GL27130@leitl.org> ----- Forwarded message from "Myers W. Carpenter" ----- From camera_lumina at hotmail.com Tue Sep 30 10:05:54 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 30 Sep 2003 13:05:54 -0400 Subject: Wipe your Lamo notes now Message-ID: Tim May wrote... "If it's a felony for _me_ to say "Sources tell me that Valerie Plame, the wife of Ambassador Joseph Wilson, has been a CIA covert operative since 1980," it is a felony for Robert Novak to do so." Hum. Particularly in the era of the Internet and blogs. Even if "The Press" should have some special treatment, the clear and obvious thing to do is to set up an Internet Press of some minimal sort, and start "reporting". -TD >From: Tim May >To: cypherpunks at lne.com >Subject: Re: Wipe your Lamo notes now >Date: Mon, 29 Sep 2003 16:15:49 -0700 > >On Monday, September 29, 2003, at 11:42 AM, Major Variola (ret) wrote: > >>http://www.securityfocus.com/columnists/187 >> >>The Subpoenas are Coming! >>By Mark Rasch Sep 29 2003 05:00AM PT >> >>... > >>The Bureau recently sent letters to a handful of reporters who have >>written >>stories about the Lamo case -- whether or not they have actually >>interviewed Lamo. The letters warn them to expect subpoenas for all >>documents relating to the hacker, including, apparently, their own >>notes, >>e-mails, impressions, interviews with third parties, independent >>investigations, privileged conversations and communications, off the >>record >>statements, and expense and travel reports related to stories about >>Lamo. >> >>In short, everything. > >Hypocrisy is the name of the game in Washington, as in all imperial cities. > >Robert Novak, a reporter, revealed the name of a clandestine CIA operative, >which is said to be a felony (the revealing of a name, that is). Will he >face jail time, or does he get one of those special "exemptions for >reporters"? > >Long time readers here know that I argue we are all reporters, we are all >writers, we are all ministers, we are all preachers. There are no special >rights for "badged" or "licensed" reporters, writers, ministers, witch >doctors. > >If it's a felony for _me_ to say "Sources tell me that Valerie Plame, the >wife of Ambassador Joseph Wilson, has been a CIA covert operative since >1980," it is a felony for Robert Novak to do so. > >And yet he will not be prosecuted, while Jim Bell was prosecuted >essentially for "outing" the names of some lower-ranking investigators. > >(As for the Plame case, Novak will not be prosecuted, because he's a loyal >Republican and Ashcroft won't touch loyal Republicans. But were I to talk >about Plame's role in assisting with CIA-sponsored diamond smuggling in >Niger and Gabon, and her involvement with the death squads in South Africa >in the early 80s, I could expect a visit from the Thought Police. So I >won't talk about these things. Novak can talk about her, we cannot.) > >And in the Lamo case, reporters who clam up will face Patriot Act >consequences. > >Will Robert Novak and Karl Rove get the same Patriot Act treatment? Don't >be silly. > >Washington is corruption on earth. The Great Satan needs to be destroyed >with a 40 megaton bomb. > >Corruption on earth. > >--Tim May _________________________________________________________________ Help protect your PC. Get a FREE computer virus scan online from McAfee. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963