From njohnsn at njohnsn.com Sat Jan 1 07:37:18 2005
From: njohnsn at njohnsn.com (Neil Johnson)
Date: Sat, 01 Jan 2005 09:37:18 -0600
Subject: Talking Back to Power: China's 'Haves' Stir the 'Have Nots' to
Violence
Message-ID: <1104593838.23571.6.camel@njohnsn.com>
I'm not really RAH, but I play him on cypherpunks ;-)
http://www.nytimes.com/2004/12/31/international/asia/31china.html?
ex=1105532792&ei=1&en=61c003ece2c2eadb
The Great Divide | Talking Back to Power: China's 'Haves' Stir the 'Have
Nots' to Violence
December 31, 2004
By JOSEPH KAHN
WANZHOU, China, Dec. 24 - The encounter, at first, seemed
purely pedestrian. A man carrying a bag passed a husband
and wife on a sidewalk. The man's bag brushed the woman's
pants leg, leaving a trace of mud. Words were exchanged. A
scuffle ensued.
Easily forgettable, except that one of the men, Yu Jikui,
was a lowly porter. The other, Hu Quanzong, boasted that he
was a ranking government official. Mr. Hu beat Mr. Yu using
the porter's own carrying stick, then threatened to have
him killed.
For Wanzhou, a Yangtze River port city, the script was
incendiary. Onlookers spread word that a senior official
had abused a helpless porter. By nightfall, tens of
thousands of people had swarmed Wanzhou's central square,
where they tipped over government vehicles, pummeled
policemen and set fire to city hall.
Minor street quarrel provokes mass riot. The Communist
Party, obsessed with enforcing social stability, has few
worse fears. Yet the Wanzhou uprising, which occurred on
Oct. 18, is one of nearly a dozen such incidents in the
past three months, many touched off by government
corruption, police abuse and the inequality of the riches
accruing to the powerful and well connected.
"People can see how corrupt the government is while they
barely have enough to eat," said Mr. Yu, reflecting on the
uprising that made him an instant proletarian hero - and
later forced him into seclusion. "Our society has a short
fuse, just waiting for a spark."
Though it is experiencing one of the most spectacular
economic expansions in history, China is having more
trouble maintaining social order than at any time since the
Tiananmen Square democracy movement in 1989.
Police statistics show the number of public protests
reached nearly 60,000 in 2003, an increase of nearly 15
percent from 2002 and eight times the number a decade ago.
Martial law and paramilitary troops are commonly needed to
restore order when the police lose control.
China does not have a Polish-style Solidarity labor
movement. Protests may be so numerous in part because they
are small, local expressions of discontent over layoffs,
land seizures, use of natural resources, ethnic tensions,
misspent state funds, forced immigration, unpaid wages or
police killings. Yet several mass protests, like the one in
Wanzhou, show how people with different causes can seize an
opportunity to press their grievances together.
The police recently arrested several advocates of peasant
rights suspected of helping to coordinate protest
activities nationally. Those are worrying signs for the
one-party state, reflexively wary of even the hint of
organized opposition.
Wang Jian, a researcher at the Communist Party's training
academy in Changchun, in northeast China, said the number
and scale of protests had been rising because of "frictions
and even violent conflicts between different interest
groups" in China's quasi market economy.
"These mass incidents have seriously harmed the country's
social order and weakened government authority, with
destructive consequences domestically and abroad," Mr. Wang
wrote in a recent study.
China's top leaders said after their annual planning
session in September that the "life and death of the party"
rests on "improving governance," which they define as
making party officials less corrupt and more responsive to
public concerns.
But the only accessible outlet for farmers and workers to
complain is the network of petition and appeals offices, a
legacy of imperial rule. A new survey by Yu Jianrong, a
leading sociologist at the Chinese Academy of Social
Sciences in Beijing, found that petitions to the central
government had increased 46 percent in 2003 from the year
before, but that only two-hundredths of 1 percent of those
who used the system said it worked.
Last month, as many as 100,000 farmers in Sichuan Province,
frustrated by months of fruitless appeals against a dam
project that claimed their land, took matters into their
own hands. They seized Hanyuan County government offices
and barred work on the dam site for days. It took 10,000
paramilitary troops to quell the unrest.
Also in November, in Wanrong County, Shanxi Province, in
central China, two policemen were killed when enraged
construction workers attacked a police station after a
traffic dispute. Days later, in Guangdong Province, in the
far south, riots erupted and a toll booth was burned down
after a woman claimed she had been overcharged to use a
bridge. In mid-December, a village filled with migrant
workers in Guangdong erupted into a frenzy of violence
after the police caught a 15-year-old migrant stealing a
bicycle and beat him to death. Up to 50,000 migrants rioted
there, Hong Kong newspapers reported.
Wanzhou officials initially treated their riot in October
as a fluke. They ordered Mr. Hu to declare on television
that he is a fruit vendor, not a public official, and that
his confrontation with Mr. Yu was a mistake. The police
arrested a dozen people and declared social order restored.
But the uprising alarmed Beijing, which told local
officials they would be sacked if they failed to prevent
recurrences, according to Chinese journalists briefed on
the matter. Luo Gan, the member of the Politburo Standing
Committee who is in charge of law and order, issued
national guidelines warning that "sudden mass incidents"
were increasing and calling for tighter police measures.
More than a dozen people interviewed in Wanzhou, part of
Chongqing Municipality, described the city as tense. All
said that they still believed that Mr. Hu was indeed an
official and that the government concocted a cover story to
calm things down. They say the anger excited by the riot
awaits only a new affront.
The Chance Encounter
Like many farmers in the steeply graded hills along the
Yangtze, Mr. Yu, 57, supplements his income hauling loads
up and down city roads - grain, fertilizer, air
conditioners, anything that he can balance on a bamboo pole
and hoist on his slender shoulder. Sweaty and dirty,
porters put their low-paying profession on parade. They are
often referred to simply as bian dan, or pole men.
Mr. Yu's lot is better than some others. He has another
sideline collecting hair cuttings off the floors of beauty
salons and barber shops, packing them in big burlap bags
and selling them to wig-makers down south.
On Oct. 18, he spent several hours collecting hair from
upscale salons along Baiyan Road, a busy shopping street
that runs near the government square downtown. His load was
light - two bags of loose locks - and he scurried down the
sidewalk to lunch.
"Hey, pole man, you got dirt all over my pants!" he heard a
woman shout. When he turned to face her, the man by her
side, Mr. Hu, was glaring at him.
"What are you looking at, bumpkin?" Mr. Yu recalls Mr. Hu
saying.
Mr. Yu is mild mannered, with a slightly raffish grin
stained yellow from chain smoking. Mr. Hu, wearing a coat
and tie and leather shoes, looked like he might be
important. Mr. Yu said he should have let the moment pass.
He did not.
"I work like this so that my daughter and son can dress
better than I do, so don't look down on me," he recalled
saying. Then he added, "I sell my strength just as a
prostitute sells her body."
Mr. Yu said he was drawing a general comparison. Mr. Hu and
his young wife, Zeng Qingrong, apparently thought he had
insinuated something else. She jerked his shirt collar and
slapped his ear. Mr. Hu picked up Mr. Yu's fallen pole and
struck him in the legs and back repeatedly.
Perhaps for the benefit of the crowd, Mr. Hu shouted that
it was Mr. Yu, sprawled on the pavement, who was in big
trouble.
"I'm a public official," Mr. Hu said, according to Mr. Yu
and other eyewitnesses. "If this guy causes me more
problems, I'll pay 20,000 kuai" - about $2,500 - "and have
him knocked off."
Those words never appeared in the state-controlled media.
But is difficult to find anyone in Wanzhou today who has
not heard some version of Mr. Hu's bluster: The putative
official - he has been identified in the rumor mill as the
deputy chief of the local land bureau - had boasted that he
could have a porter killed for $2,500. It was a call to
arms.
Mr. Hu's threat, spread by mobile phones, text messages and
the swelling crowd, encapsulated a thousand bitter
grievances.
"I heard him say those exact words," said Wen Jiabao,
another porter who says he witnessed the confrontation. "It
proves that it's better to be rich than poor, but that
being an official is even better than being rich."
Xiang Lin, a 18-year-old auto mechanic, had seen China's
rising wealth when he worked near Shanghai. But when he
returned home to Wanzhou, he felt frustrated that his plan
to open a repair shop foundered. He was drawn downtown by
the excitement.
"Don't officials realize that we would not have any
economic development in Wanzhou without the porters?" Mr.
Xiang asked.
Cai Shizhong, a taxi driver, was angered when the
authorities created a company to control taxi licenses,
which he says cost him thousands of dollars but brought no
benefits. The police also fine taxi drivers left and right,
he said.
"If you drive a private car, they leave you alone because
you might be important," Mr. Cai said. "If you drive a
taxi, they find any excuse to take your money."
Peng Daosheng's home was flooded by the rising reservoir of
the Three Gorges Dam. He was supposed to receive $4,000 in
compensation as well as a new home. But his new apartment
is smaller and less well located, and the cash never
arrived.
"The officials take all the money for themselves," said Mr.
Peng, who spent eight hours protesting that night. "I guess
that's why that guy had $2,500 to kill someone."
It took the police more than four hours to remove Mr. Hu
and Mr. Yu from the scene. The crowd surrounded police cars
and refused to budge, afraid the police would cover up the
beating, and even punish Mr. Yu.
"People knew the matter would never be resolved fairly
behind closed doors," Mr. Yu said.
Even after the police formed a cordon around two cars - one
for Mr. Hu and his wife, another for Mr. Yu - the crowd
smashed the windows of the car carrying the couple. It was
nearly 5 p.m. before the vehicles crawled through the
assembled masses.
A Loss of Control
The police may have hoped that removing the main actors
from the scene would defuse the tension. Instead, the crowd
rampaged. At 6 p.m., a police van was surrounded and the
policeman inside was beaten with bricks. Seven or eight
people tipped the car over, stuffed toilet paper into the
gas tank and set it ablaze, according to witnesses and a
police report.
When a fire truck arrived, the fire fighters were forced
out and their truck commandeered. A driver smashed it into
brick wall, then backed up and repeated the move to render
the truck immobile.
"They lost control at once," recalled Mr. Cai, the taxi
driver, who wandered through the crowd that day. "Suddenly
the police were nobody and the people were in charge."
The local government never published an estimate of how
many people took part in the protest. But unofficial
estimates by Chinese journalists on the scene ranged from
30,000 to 70,000, enough to stop all traffic downtown and
fill the government square.
By 8 p.m., the rally focused on the 20-story headquarters
of the Wanzhou District Government, with its blue-tinted
windows and imposing terrace facing the square. The crowd
chanted, "Hand over the assassin!" Riot-police officers in
full protective gear - but carrying no guns - held the
terrace. Officials with loudspeakers urged the crowd to
disperse, promising that the incident would be handed
according to law.
But the mob now followed its own law. An assembly line
formed from a nearby construction site. Concrete building
slabs were ferried along the line, then shattered with
sledgehammers to make projectiles. Front-line rioters
hurled the rocks at the police - tentatively at first, then
in volleys.
Under the barrage, the police retreated. Protesters charged
the terrace, shattered the windows and doors of government
headquarters and surged inside.
Official documents were scattered. Protesters dumped
computers and office furniture off the terrace. Soon, a
raging fire illuminated the square with its flickering
orange glow.
Li Jian, 22, took part in the plunder. A young peasant, he
had found a city job as a short-order cook. But he longed
to study computers, said his father, Li Wanfa. The family
bought an old computer keyboard so the young man could
learn typing.
"He wanted to go to high school but the school said his
cultural level was not high enough," Mr. Li said. "They
said a country boy like him should be a cook."
The police arrested young Mr. Li scurrying through the
melee with a Legend-brand computer that belonged to the
government, according to an arrest notice.
Yet even at the height of the incident, rioters set limits.
They did not attack any of the restaurants or department
stores along the government square, focusing their wrath on
symbols of official power.
By midnight, the crowd dwindled on its own. When
paramilitary troops finally arrived on the scene after 3
a.m., there were only a few thousand hard-core protesters
left.
"Most people went home," said Mr. Peng, the man whose home
had been flooded by the dam. "But the armed police were
fierce. They beat you even if you kneeled down before
them."
The Tensions Persist
The local government praised its own handling of the riot.
An assessment published three days afterward in The Three
Gorges City News, the daily paper of the Wanzhou Communist
Party, also declared the uprising had no lasting
ramifications.
"The district government displayed its strong governing
ability at a crucial moment," the report said. "This
incident was caused by a handful of agitators with ulterior
motives who whipped up a street-side dispute into a mass
riot."
The uprising did dissipate as quickly as it emerged. Baiyan
Road now bustles with afternoon shoppers. After work,
dancers bundled against the damp chill use government
square as an outdoor ballroom, a synthesized two-step beat
filling the night air.
Yet the underlying tensions did not disappear.
When the
Wan Min Cotton Textile Factory declared bankruptcy in
mid-December, scores of policemen occupied the factory
grounds to prevent a riot. The next day, a handful of
workers from the factor went to city hall to protest.
Several hundred uniformed police surrounded them.
Mr. Xiang, the auto mechanic, was arrested for throwing
stones and taken into custody. One day, returning from the
cold showers inmates were required to take in the unheated
jail, guards told him to kneel. One elbowed him in the back
and several others kicked him in the gut.
As he lay prostrate, a prison supervisor said: "Nothing
happened to you here, did it? You're a smart kid."
He could not eat for two days.
"We were all brothers
inside," he said of his fellow detainees. "The officials
despise the ordinary people and are not afraid to bully
them."
Then there's Mr. Yu. He missed the riot that occurred in
his name, but has been under pressure ever since. The
government kept him isolated in a hospital for nearly two
weeks, even though bruises on his legs and the stitches he
needed above his eye had healed.
His daughter and son were told to take a vacation, paid by
the government, to avoid contact with the news media. "They
told us not to talk or it would hurt the city," Mr. Yu said
in his first interview.
Yet he said what really shook him was the reaction to the
statement he made to Wanzhou television on Oct. 20, two
days after the riot. The government told him to appear - he
was still under guard - and had prepared questions in
advance.
"They told me to emphasize the importance of law and
order," he said. "I was told just to answer the questions
and not to say anything else."
What he said on the evening news sounded innocuous enough.
"Let this be handled by law," Mr. Yu told viewers.
"Everyone should stay at home."
So he was unprepared for the backlash.
Relatives of those
arrested criticized him for propagandizing for the
government, saying their kin felt betrayed. Neighbors
warned him not to plant rice this year because his enemies
would just rip it out. His wife says she wants to move
because she has heard too many threats.
Mr. Yu is understandably confused.
"First an official
tries to break my legs because I am a dirty porter," he
said. "Now the common people want to break my legs because
I spoke for the government."
Chris Buckley contributed reporting for this article.
From eugen at leitl.org Sat Jan 1 05:09:42 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Sat, 1 Jan 2005 14:09:42 +0100
Subject: Single Government ID Moves Closer to Reality
Message-ID: <20050101130942.GD9221@leitl.org>
Link: http://slashdot.org/article.pl?sid=04/12/30/239240
Posted by: samzenpus, on 2004-12-31 01:38:00
from the papers-please dept.
[1]NewbieV writes "The Washington Post [2]is reporting that "federal
officials are developing government-wide identification card standards
for federal employees and contractors to prevent terrorists, criminals
and other unauthorized people from getting into government buildings
and computer systems." The project is known as the [3]Personal
Identity Verification Project, and is being managed by the National
Institute of Standards and Technology (NIST)."
[4]Click Here
References
1. http://victorabrahamsen&gmail,com/
2.
http://www.washingtonpost.com/ac2/wp-dyn/A35071-2004Dec29?language=printer
3. http://csrc.nist.gov/piv-project/
4.
http://ads.osdn.com/?ad_id=5717&alloc_id=12468&site_id=1&request_id=5751521&o
p=click&page=%2farticle%2epl
----- End forwarded message -----
--
Eugen* Leitl leitl
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
From eugen at leitl.org Sat Jan 1 05:11:53 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Sat, 1 Jan 2005 14:11:53 +0100
Subject: [p2p-hackers] Common interest, finding trading partners (fwd
from mllist@vaste.mine.nu)
Message-ID: <20050101131153.GE9221@leitl.org>
----- Forwarded message from Vaste -----
From rah at shipwright.com Sat Jan 1 15:02:38 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sat, 1 Jan 2005 18:02:38 -0500
Subject: Talking Back to Power: China's 'Haves' Stir the 'Have Nots'
to Violence
In-Reply-To: <1104593838.23571.6.camel@njohnsn.com>
References: <1104593838.23571.6.camel@njohnsn.com>
Message-ID:
At 9:37 AM -0600 1/1/05, Neil Johnson wrote:
>I'm not really RAH, but I play him on cypherpunks ;-)
Except that he doesn't post cryptosocialist luddite leveller blather,
except in jest, and at least he puts angle brackets around his links so
they don't break, viz,
>http://www.nytimes.com/2004/12/31/international/asia/31china.html?
>ex=1105532792&ei=1&en=61c003ece2c2eadb
:-)
Cheers,
RAH
-------
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From jamesd at echeque.com Sat Jan 1 18:26:09 2005
From: jamesd at echeque.com (James A. Donald)
Date: Sat, 01 Jan 2005 18:26:09 -0800
Subject: Talking Back to Power: China's 'Haves' Stir the 'Have Nots'
to Violence
In-Reply-To: <1104593838.23571.6.camel@njohnsn.com>
Message-ID: <41D6EB41.27013.8AE506D@localhost>
The title of this post is misleading: The protest is anti
government, and pro property rights.
For example:
> [...] "People can see how corrupt the government is while they
> barely have enough to eat," said Mr. Yu, reflecting on the
> uprising that made him an instant proletarian hero
If he was a "proletarian" hero, he would say "the capitalists".
Instead he said "the government".
> [...]
>
> Last month, as many as 100,000 farmers in Sichuan Province,
> frustrated by months of fruitless appeals against a dam
> project that claimed their land, took matters into their own
> hands. [...]
Gee. They took the defense of their own property rights into their
own hands.
> "I work like this so that my daughter and son can dress
> better than I do, so don't look down on me,"
They are rioting for economic mobility, not for a classless society,
but for a society where classes are not hereditary.
> "I heard him say those exact words," said Wen Jiabao,
> another porter who says he witnessed the confrontation. "It
> proves that it's better to be rich than poor, but that being
> an official is even better than being rich."
The bad guys are not the rich, but those who obtain wealth through
poliical power.
> Cai Shizhong, a taxi driver, was angered when the
> authorities created a company to control taxi licenses,
> which he says cost him thousands of dollars but brought no
> benefits.
The bad deeds of the bad guys are economic regulation
> Peng Daosheng's home was flooded by the rising reservoir of
> the Three Gorges Dam. He was supposed to receive $4,000 in
> compensation as well as a new home. But his new apartment is
> smaller and less well located, and the cash never arrived.
The bad deeds of the bad guys are violation of property rights
without fair compensation.
> Li Jian, 22, took part in the plunder. A young peasant, he
> had found a city job as a short-order cook. But he longed to
> study computers, said his father, Li Wanfa. The family
> bought an old computer keyboard so the young man could learn
> typing.
>
> "He wanted to go to high school but the school said his
> cultural level was not high enough," Mr. Li said. "They said
> a country boy like him should be a cook."
Again, the call for social mobility, equality of opportunity, not
equality.
> They did not attack any of the restaurants or department
> stores along the government square, focusing their wrath on
> symbols of official power.
A riot against the state, not against the rich.
From jya at pipeline.com Sun Jan 2 15:43:56 2005
From: jya at pipeline.com (John Young)
Date: Sun, 02 Jan 2005 15:43:56 -0800
Subject: SIGINT and COMSEC Discussion Group
Message-ID:
A. writes:
I have just launched a new discussion group related to hardware
discussion for signal analysis and communications security systems:
http://groups-beta.google.com/group/sigint/
From eugen at leitl.org Sun Jan 2 14:48:30 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Sun, 2 Jan 2005 23:48:30 +0100
Subject: Coast Guard to Track Ships Using Buoys
Message-ID: <20050102224830.GX9221@leitl.org>
Link: http://slashdot.org/article.pl?sid=05/01/01/182224
Posted by: michael, on 2005-01-01 20:19:00
from the feeling-safer-already dept.
[1]nomrniceguy writes "The Coast Guard plans to use dozens of [2]buoys
off the U.S. coast to extend the reach of a security system that
monitors large vessels heading in and out of ports. The buoys are
intended to extend the network's reach -- the Guard now receives the
automated data only when a vessel is within about 25 miles of a port.
The floating transmitters will relay the information from hundreds of
miles off shore, from the middle of Lake Superior and off coastlines
from Alaska to Maine."
[3]Click Here
References
1. http://www.igc.org/jobs.html
2. http://www.cnn.com/2004/US/12/30/port.security.ap/index.html
3.
http://ads.osdn.com/?ad_id=5717&alloc_id=12468&site_id=1&request_id=4003996&o
p=click&page=%2farticle%2epl
----- End forwarded message -----
--
Eugen* Leitl leitl
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
From nobody at dizum.com Sun Jan 2 17:20:04 2005
From: nobody at dizum.com (Nomen Nescio)
Date: Mon, 3 Jan 2005 02:20:04 +0100 (CET)
Subject: SIGINT and COMSEC Discussion Group
Message-ID: <0d335916ac756fbc9ffab544cf3b70de@dizum.com>
On 2 Jan 2005 at 15:43, John Young wrote:
> A. writes:
>
> I have just launched a new discussion group related to hardware
> discussion for signal analysis and communications security systems:
>
>
> http://groups-beta.google.com/group/sigint/
Why would we use a "groups beta" at google's when there's a big and
proven yahoogroups that's been around for ages (under various names)?
From rah at shipwright.com Mon Jan 3 07:01:01 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 3 Jan 2005 10:01:01 -0500
Subject: How to Build a Global Internet Tsunami Warning System in a
Month
Message-ID:
PBS: I, Cringely -- The Pulpit
How to Build a Global Internet Tsunami Warning System in a Month
By Robert X. Cringely
A friend of mine is missing in southern Asia.
She isn't missing in the sense that anyone saw her swept away by this
week's horrible tsunami, but she and her entire family haven't been heard
from, either so of course, I am worried. That worry makes real for me a
disaster of such horrific proportions that without a personal connection,
it simply can't be real to most of us. By the time all the bodies have been
counted and estimated, probably 100,000 people will have died. If cholera
follows, as it tends to in that part of the world, another 40,000 or more
could follow. That's a lot of people, 140,000 -- enough people that we
ought to do something to make sure it doesn't happen again. So of course,
there is lots of talk about tsunami warning systems and global cooperation,
but I think that's just going about solving the problem the wrong way. We
don't need governments and huge sensor arrays to warn people on the beach
about the next huge wave approaching at 400 miles-per-hour. Thanks to the
Internet, we can probably do it by ourselves.
Here's the problem with big multi-government warning systems. First, we
have a disaster. Then, we have a conference on the disaster, then plans are
proposed, money is appropriated, and three to five years later, a test
system is ready. It isn't the final system, of course, but it still
involves vast sensor arrays both above and below the surface of the ocean,
satellite communication, and a big honking computer down in the bowels of
the Department of Commerce or maybe at NASA. That's just the detection
part. The warning part involves multilateral discussions with a dozen
nations, a treaty, more satellite communication, several computer networks,
several television and radio networks, and possibly a system of emergency
transmitters. Ten years, a few million dollars and we're ready.
We can't rely on governments to do this kind of work anymore. They just
take too darned long and spend too much money for what you get. Besides,
since governments are almost totally reactive, what they'll build is a
warning system for precisely the tsunami we just had -- a tsunami bigger
than any in that region since the eruption of Krakatoa in 1883. One could
argue (and some experts probably will) that it might even be a waste of
money to build a warning system for a disaster that might not happen for
another 121 years.
What we need is a tsunami warning system not just for parts of Asia, but
for anywhere in the world that might be subject to such conditions. And
that decision about what beaches to protect ought to come not from
Washington, D.C., or Jakarta, or any other capital city, but from the beach
people, themselves. If you are concerned about a giant tidal wave taking
out your village, it might be a good idea to build your own warning system,
you retired engineer, you Radio Shack manager, you harbor master, you radio
amateur, you nerd with a suntan.
It can be done.
The Tsunami Warning System (TWS) in the Pacific Ocean shows us how such a
warning system can be run with the cooperation of 26 countries. Maybe we
can do the same thing, just without all that cooperation. TWS is based on
crunching two kinds of data -- seismic activity and changes in sea level
measured by tide gauges. Most tsunamis begin with an earthquake, the
severity and epicenter of which can tell a lot about whether a tsunami is
likely, how strong it will be, and in what direction it is likely to go.
>From the TWS, the first warning is based purely on such seismic data. But
once the big wave starts rolling it will have an effect on the level of the
sea, itself, which is routinely monitored by weather stations of many
types. This additional data gives a better idea of how bad the wave is
really going to be, so in the TWS system, it is used to justify expanding
the warning to other communities beyond those warned purely on the basis of
seismic data.
Depending on where the originating earthquake is, the tsunami can be
minutes or hours from crashing into a beach. This week's wave took about 90
minutes to reach Sri Lanka, just over 600 miles from the epicenter. That
not only means the wave was traveling at over 400 miles-per-hour, it also
means that had a warning system been in place, there would easily have been
time to get the people who were affected in Sri Lanka to higher ground.
So to start, we need raw seismic data. If you take a look at the fourth of
this week's links, you'll see that plenty of such data are available.
Thanks to the Pacific Northwest Seismograph Network, here is one place
where you can find real time data from 199 seismographs around the world.
There are also links to a dozen regional operations that consolidate such
data. The data is available. Tide gauge data is available, too, though
there is less of it, and aggregation will require more effort, so I say
let's just stick to seismic data for our warning system.
Here's where we need the help of a tsunami expert, someone who can help us
calculate the size and direction of a likely tsunami based on the available
seismic data. Fortunately, there has been quite a bit of work done in this
area of study (see link #5), and appropriate computer codes that can be run
on a personal computer either exist or can be derived, perhaps by
reflexively evaluating seismic data from known tsunami events. But remember
that what we care about here is not global tsunami warning but LOCAL
tsunami warning (Is it going to hit MY beach?), so the required seismic
data sources can pretty easily be limited to those with an uninterrupted
aspect of the target beach, which means half a dozen seismographs, not 199.
Since the basic question is fairly simple -- "Is my beach going to be hit
by a destructive tsunami and when?" -- and the required data sources are
limited, I figure we won't need a supercomputer.
The seismographs are online, we gather the data using XML, continuously
crunch it using the codes I am assuming already exist, then we need the
warning, which I would flash on the screen of my PC down at the surf shop
using a Javascript widget built with Konfabulator, the most beautiful
widget generator of all. Looking just like a TV weather map, the widget
would flash a warning and even include a countdown timer just like in the
movies.
You don't need an international consortium to build such a local tsunami
warning system. You don't even need broadband. The data is available,
processing power is abundant and cheap. With local effort, there is no
reason why every populated beach on earth can't have a practical tsunami
warning system up and running a month from now. That's Internet time for
you, but in this case, its application can protect friends everywhere from
senseless and easily avoidable death.
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From mv at cdc.gov Mon Jan 3 13:45:47 2005
From: mv at cdc.gov (Major Variola (ret))
Date: Mon, 03 Jan 2005 13:45:47 -0800
Subject: How to Build a Global Internet Tsunami Warning System in a
Month
Message-ID: <41D9BD0B.8CFEE899@cdc.gov>
At 10:01 AM 1/3/05 -0500, R.A. Hettinga wrote:
>
>
>PBS: I, Cringely -- The Pulpit
>
>How to Build a Global Internet Tsunami Warning System in a Month
1. 150 K asians is nothing.
2. You will see > 10,000 K dead worldwide from the next H5N1 flu coming
from
your friendly local chinese duck/pig farmer. In under 6 months, which
BTW
is the time it takes to make a vaccine.
3. Homebrew warning systems will face the same problems as eg pro
volcano warning systems: too many false alarms and no one cares.
You might do better educating the beachfolk that when the water recedes
and they can see the coral, they ought to stop gawking and run.
But, hey, its a cool project, have fun.
From udhay at pobox.com Mon Jan 3 02:00:19 2005
From: udhay at pobox.com (Udhay Shankar N)
Date: Mon, 03 Jan 2005 15:30:19 +0530
Subject: Conspiracy Theory O' The Day
Message-ID:
I just got a batch of spam: perfectly justified blocks of random-looking
characters. Makes me wonder if somebody is trying to train Bayesian filters
to reject PGP messages.
Udhay
--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
--- end forwarded text
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From dailyarticle at mises.org Tue Jan 4 06:19:54 2005
From: dailyarticle at mises.org (Mises Daily Article)
Date: Tue, 4 Jan 2005 09:19:54 -0500
Subject: The Genius and Struggle of PayPal
Message-ID:
The Genius and Struggle of PayPal
by William L. Anderson
[Posted January 4, 2005]
The PayPal Wars: Battles with eBay, the Media, and the Rest of Planet
Earth. Eric M. Jackson, World Ahead Publishing, Los Angeles, California,
344 pages, $27.95.
Almost five years have passed since the heady days of the dot.com boom, an
era that began as the "New Economy" and ended in yet another recession and
the collapse of stock prices that in 1999 seemed to have no upward limits.
In hindsight, we can see that the "New Economy" was nothing more than the
shotgun wedding of the obvious commercial possibilities of the Internet and
the irresponsible, expansionary monetary policies of Alan Greenspan's
Federal Reserve System, not a marvelous invention created by Bill Clinton
through the magic of raising income tax rates.
That the dot.com boom turned into a bust does not take away from many of
the real success stories of that time, one of them being the emergence of
PayPal, which helped revolutionize the way payments could be made using the
Internet. The original vision that the creators of PayPal (Peter Thiel, a
hedge fund manager, and Max Levchin, an engineer who originally was from
the Ukraine) had in mind was a system that would permit people around the
world not only to be able to pay each other via the Internet, but also to
be able to protect themselves when their governments were inflating their
currencies.
"World Domination" was the theme of this venture, beginning in 1999, in
Silicon Valley. Like so many other "high-tech" companies that bloomed in
the San Francisco Bay Area during the 1990s, it had the famed "no collar"
business culture that made these firms the darlings of an adoring media
that later would turn against them en masse when the "New Economy"
collapsed like the house of inflationary cards that it was. PayPal, unlike
many of the others, like Pets.com, Webvan.com, and etoys.com, hung on,
grew, and finally prospered, thanks in no small part to a refugee from the
"Old Economy," Eric M. Jackson, who has authored this book. While Jackson's
book is far from an exercise in megalomania (in fact, Jackson is one of the
more humble authors I have read recently), he was the one who steered
PayPal to its most famous moorings: the mechanism of payment choice for
hundreds of thousands of people who use the on-line auction services of
eBay.
Before going on, let me say that The PayPal Wars is valuable not only
because it gives the reader an inside view of the entrepreneurial madness
that was Silicon Valley, but also because Jackson understands the larger
picture of which PayPal was a part. He understands the nature of boom and
bust (this despite the fact that he received an economics degree from the
decidedly mainstream program of Stanford University), pointing out the role
of the Federal Reserve System in this latest sorry economic episode. That
alone is enough to make the book worth reading.
Furthermore, Jackson understands the predatory nature of the regulatory
system that nearly brought down the company after it successfully completed
its initial public offering (IPO) in 2002, a feat notable in itself, given
the hostile climate that developed after many of the dot.coms went bust.
State and federal regulators, as clearly demonstrated in this book,
contributed nothing to the quality and "safety" of the product, that being
a relatively safe and secure mechanism for using the Internet to make
payments.
Before the regulators came the fierce competition from other companies
wanting to duplicate�or at least closely resemble�the PayPal system, as it
should be. Such competition made PayPal more innovative and nimble, a trait
that was enhanced by the innovative and nimble corporate culture that the
company developed, something those interested in Austrian Economics would
appreciate, given the primacy of the entrepreneur in the Austrian system.
Yet, despite the challenges from competitors, the invasion of Russian
organized crime rings that almost brought down the firm through fraudulent
accounts, and the pack mentality of the news media, as Jackson points out,
government ultimately slowed and nearly stopped the whole enterprise. The
state-enforced roadblocks came through predatory regulators and politicians
like Elliot Spitzer, the state attorney general of New York, who graciously
took time from his shakedown of Wall Street firms to squeeze some "free"
cash from PayPal. The second state-enforced barrier came from the trial
lawyers acting through class action suits, a mechanism set up by government
courts that enriches lawyers and ultimately impoverishes businesses and
consumers.
The story begins with Thiel recruiting Jackson, in November 1999, to his
new firm using that "New Economy" incentive, the stock option. Jackson at
that time was a young analyst locked in the bowels of the firm formerly
known as Arthur Andersen. At the time, it must have seemed a foolish move,
what with PayPal being an unknown startup and Andersen being one of the
best-established firms in the world. (Who would have imagined that in five
years hence, PayPal would be a world-wide name and Andersen eviscerated by
John Ashcroft's Department of Justice on bogus criminal charges for the
crime of being the unlucky firm to be handling the Enron account?)
Jackson's arrival at PayPal proved to be something out of Silicon Valley
stereotypes. He writes:
I introduced myself to the receptionist, who had no idea that I was
expected. . . . My concern grew. Three people in the company who should
have known about my job offer seemed completely stumped. Could Peter
(Thiel) have changed his mind? . . . I had no idea what was going on. (pp.
17�18)
Nor did the initial conditions he faced at Confinity (the official name of
the company that gave us PayPal), where the environment was thoroughly
unstructured, ease his anxiety:
What have I gotten myself into? I pondered as I tested the password to my
new Confinity e-mail account on a borrowed computer. I had no job
description, my colleagues didn't know who I was, and there wasn't even a
desk for me in the building! At least Andersen gave its new hires a place
to sit. (p. 20)
The company brass finally found a place for Jackson to sit�in the
"ping-pong room"�and the young Stanford economics graduate soon found out
he would be involved in marketing PayPal. The idea behind Confinity's
signature product was disarmingly simple. While there were many ways for
individuals to transfer money to each other, all had limitations. Wire
transfers could be costly and required knowledge of both bank accounts,
which is information that could easily find its way into the wrong hands.
Credit cards are convenient, but few individuals have setups where they can
handle the plastic, that being the purvey of businesses who deal in volume.
But Thiel's inspiration was far more encompassing than just developing a
convenient payment system for small merchants and traders. Jackson recalls
a conversation during which Thiel explained his vision:
The need PayPal answers is monumental. Everyone in the world needs money�to
get paid, to trade, to live. Paper money is an ancient technology and an
inconvenient means of payment. You can run out of it. It wears out. It can
get lost or stolen. In the twenty-first century, people need a form of
money that's more convenient and secure, something that can be accessed
from anywhere with a PDA (palm pilot) or an Internet connection.
Of course, what we're calling "convenient" for American users will be
revolutionary in the developing world. Many of these countries' governments
play fast and loose with their currencies. . . . They use inflation and
sometimes wholesale currency devaluations, like we saw in Russia and
several Southeast Asian countries last year, to take wealth away from their
citizens. Most of the ordinary people there never have an opportunity to
open an offshore account or to get their hands on more than a few bills of
a stable currency like U.S. dollars.
The $64 question is this: How did this grand vision of an alternative way
of holding and trading money ultimately become the mechanism of choice for
traders using eBay? The credit there goes to Jackson, who while surfing
the Internet came upon eBay and realized that most of the small traders and
sellers using that site were limited to using the mail to transfer payments
in the form of checks, since the average household is not set up to handle
credit cards.
It was not long before Jackson convinced his superiors to use eBay, and
soon it accounted for about 70 percent of PayPal's transactions. However,
there were two problems that soon followed. The first was finding a way to
make the system profitable. PayPal did not charge for small users (the
company did introduce transactions fees for "business" users), instead
making its money through the "float" in which it was able to temporarily
hold the money before the final transactions were completed. Dependence
upon the "float," however, proved to be a loser and the company struggled
with a mechanism that would enable it to collect fees yet not drive away
its loyal customers.
The second problem dealt with duplicate services. For example, eBay
developed Billpoint, its own online payment mechanism, and other similar
services soon popped up, most of them being backed up by large banks.
Furthermore, eBay used a number of tactics in an attempt to steer its
customers toward Billpoint and away from PayPal, only to find that the
decentralized and nimble crew at Confinity always found a way around the
private barriers.
To deal with one competitor's threat�coming from X.com�Confinity ultimately
merged with the firm, creating a marriage that was made elsewhere than
Heaven. While Confinity was loosely structured with an entrepreneurial
spirit, X.com was more "top down" in structure, decision making dominated
by Elon Musk, a capable but sometimes bull-headed CEO who imposed policies
that seemed to come more from the comic strip "Dilbert" than the honest
give-and-take of business analysis. For example, Musk was stuck on the "X"
name to be given to PayPal (X-PayPal) despite its negative connotations.
Writes Jackson:
While compiling research to support the continued use of the PayPal name, I
tracked down a videotape of several focus groups held by an X.com
researcher hired the prior summer. The participants in the groups
unsurprisingly disparaged the X brand. Women complained that it seemed
pornographic, and middle-aged men remarked that it sounded too much like
Generation X, comments similar to what we'd heard during the several focus
groups held by Confinity. The tapes provided no rationale whatsoever for
the use of the X brand. . . .
The official write-up from the research answered the question. In almost
Orwellian fashion, the summary claimed that the participants liked the
X.com name and identified it with "brand X," which supposedly stood for the
underdog or the sympathetic little guy. (p. 131)
I include this passage not to disparage Musk but rather to point out that
even in the profit-making world of business, reports sometimes are written
to please the top brass, not deal with real consumer preferences. However,
unlike government, where such reports are commonplace and the authors and
originators of failed policies rarely must pay for telling half-truths or
outright lies, Musk ultimately paid for his bad vision. He was removed from
his CEO position by the company's board of directors almost immediately
after he announced that X.com was going to discontinue PayPal. The
commercial marketplace�that entity regularly denounced by the political
classes�rewards truth and punishes lying (or "spin," as politicians like to
call it).
The next challenge came from Russian mafiosos, who were tapping the PayPal
accounts on a regular basis, creating large fraud losses. Again, the nimble
corporate culture came to the rescue, as the PayPal teams found ways to
circumvent the criminals without largely inconveniencing their customers.
(Contrast this with the way the Transportation Security Administration
largely inconveniences airline passengers to conduct what clearly are
ineffectual methods to prevent terrorist hijackings. A gaggle of lawyers
soon appeared to sue PayPal because some customers had trouble accessing
their accounts; no one sues the TSA just like no one sued the FAA or other
U.S. Government agencies after the 9/11 attacks. Only the airlines found
themselves in court.)
After suffering losses its first few years, PayPal finally began to show a
small profit, and it was able to attract the investors who ultimately were
willing to purchase its stock following the company's IPO in early 2002.
Not surprisingly, the prospect of a new firm coming into the public arena
drew not only media coverage, but "entrepreneurial" lawyers and government
regulators. Lawyers found ways to bring class action suits while government
officials like Elliot Spitzer found ways to demand payments from the
company for nonexistent regulatory violations in order to gain permission
to operate within their states.
In the end, however, PayPal "won." That is, the idea survived and the
company survived as well. However, soon after the IPO was completed, the
principals decided to sell it to eBay, which quickly jettisoned its
ineffective Billpoint and used PayPal as one of its payment mechanisms.
Jackson and others who had thrived in the open culture of Confinity (and
later X.com) found the "old economy" top-down, MBA-oriented culture of eBay
too much to handle and left for other ventures.
I have gone through the story, but have not commented on my opinion of this
book. Is it worth reading? Absolutely. Does it have a useful and important
story to tell? Yes, indeed it does. (I must admit that I liked it so much
that I plan to make it required reading for my MBA students beginning in
the fall of 2005.)
The genius of The PayPal Wars is more than it's being an interesting
business story. In the end, it is a wonderful exposition of Austrian
Economics, even if that is not what the author intends. We see
entrepreneurship, government regulation, and the boom-and-bust business
cycles in action, presented in a manner in which the author not only sees
the immediate "small" picture, but the larger picture at the same time. It
definitely is worth taking the time to read, and those who do will better
understand those madcap days in which people mistakenly believed that the
laws of economics had been overthrown forever.
_______________________
William Anderson, an adjunct scholar of the Mises Institute, teaches
economics at Frostburg State University. Send
him MAIL. See his
Mises.org Articles
Archive. Comment on the blog.
In response to many requests, it is now possible to set your credit-card
contribution to the Mises Institute to be recurring. You can easily set
this up on-line with a donation starting at $10 per month. See the
Membership Page. This is one way to
ensure that your support for the Mises Institute is ongoing.
[Print Friendly Page]
Mises Email List Services
Join the Mises Institute
Mises.org Store
Home | About |
Email List |
Search |
Contact Us |
Periodicals |
Articles |
Games & Fun
FAQ |
EBooks |
Resources |
Catalog |
Contributions |
Freedom Calendar
You are subscribed as: rah at ibuc.com
Manage
your
account. Unsubscribe
here
or send email to this
address.
--- end forwarded text
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From rah at shipwright.com Tue Jan 4 06:53:59 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 4 Jan 2005 09:53:59 -0500
Subject: California Bans a Large-Caliber Gun, and the Battle Is On
Message-ID:
The New York Times
January 4, 2005
California Bans a Large-Caliber Gun, and the Battle Is On
By CAROLYN MARSHALL
AN FRANCISCO, Jan. 3 - California has become the first state to ban a
powerful .50-caliber long-range rifle that gun control advocates portray as
a military firearm that could easily fall into the hands of terrorists bent
on assassination or shooting down an airplane.
Under the ban, which was signed into law by Gov. Arnold Schwarzenegger in
September and took effect on Jan. 1, it is now illegal to manufacture,
sell, distribute or import a weapon known as the .50-caliber BMG, or
Browning machine gun rifle, a single-shot weapon widely used not only by
law enforcement officers and the military but, more recently, by civilian
sport shooters as well.
The new law limits possession to those who already own the rifle; they
have until April 30, 2006, to register it or face a misdemeanor charge.
Gun rights advocates fear that the California legislation will prompt
other states to follow - similar efforts have been undertaken in New York,
Connecticut, Illinois, Massachusetts and Virginia, but have failed - and
enthusiasts are already devising ways to alter the gun and so circumvent
the law without breaking it.
Another result of the law is that in the weeks before it took effect,
people rushing to buy the limited supplies of .50 BMG's descended on gun
shops throughout California. Now that it is in force, some of the gun's
out-of-state makers and distributors have threatened not to sell any of
their firearms or services here.
"We all think it's the first step toward banning sniper rifles," said
Michael Fournier, owner of the Gun Exchange, a shop in San Jose. "They keep
chipping away a little at a time. Eventually they'll try to get them all."
A lawyer for the California Rifle and Pistol Association, a lobby that
fought the legislation, said that for the first time gun control advocates
had managed "to demonize" a firearm that gun proponents and lawmaker allies
say has never been used to commit a crime in the United States.
The lawyer, Chuck Michel, said the .50 BMG, which weighs 30 pounds and can
cost $2,000 to $8,000, was typically bought by collectors, shooting range
enthusiasts and skilled competitors.
"Criminals don't carry around very pricey, very heavy rifles," Mr. Michel
said. "They want handguns they can conceal."
The .50 BMG rifle, patented in 1987 by Barrett Firearms Manufacturing of
Murfreesboro, Tenn., was designed as a sniper weapon for law enforcement
and the military; it was widely used by American troops during the Persian
Gulf war of 1991.
Manufacturers say the rifle is accurate at a range of up to 2,000 yards,
more than a mile. It fires bullets five and a half inches long described as
powerful enough to rip through armor, much less the thin aluminum skin that
covers commercial airliners.
"They can pierce the skin of an aircraft," said Daniel R. Vice, a lawyer
with the Brady Campaign to Prevent Gun Violence, a central supporter of the
law. "It could be used to shoot down an airplane. And we certainly don't
want to wait until a terrorist buys one before we ban it."
The legislation's author, Assemblyman Paul Koretz, a Democrat from West
Hollywood, concedes that street criminals would most likely view the .50
BMG as too much gun for the typical robbery or drive-by shooting. Rather,
the law is intended to help keep the weapon out of the hands of
"terrorists, general nut cases and survivalists," Mr. Koretz said, citing
government reports suggesting that it had been used in assassinations
overseas and that at least 25 had been bought by Osama bin Laden.
Mr. Michel, the lawyer for the gun rights group, said that adopting the ban
in the name of fighting terrorism was without merit.
"The terrorist can get a nuclear dirty bomb or a shoulder-mounted rocket
launcher," he said. "The .50-caliber is just a peashooter in comparison."
But while there is no conclusive evidence that the .50 BMG rifle has ever
been used in the United States to commit a felony, it has nonetheless been
seized from American criminals' arsenals. A 1999 briefing paper from the
General Accounting Office, predecessor of the Government Accountability
Office, Congress's investigative arm, said, "We have established a nexus to
terrorist groups, outlaw motorcycle gangs, international drug cartels,
domestic drug dealers, religious cults, militia groups, potential assassins
and violent criminals."
A side effect of the new law is the ill will it has instilled toward Mr.
Schwarzenegger among gun rights advocates. Many of them supported him for
governor, and maintain that his signing the legislation was an act of
betrayal.
"You know what we call him?" said Jerry Sloan, assistant manager of
Precision Arms, a shop in Escondido. "Benedict Arnold."
Terri Carbaugh, a spokeswoman for the governor, said Mr. Schwarzenegger, a
Republican, had made his position clear during his campaign.
"It's a military-type weapon," Ms. Carbaugh said of the .50 BMG, "and he
believes the gun presents a clear and present danger to the general public."
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From rah at shipwright.com Tue Jan 4 07:19:46 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 4 Jan 2005 10:19:46 -0500
Subject: The Genius and Struggle of PayPal
Message-ID:
--- begin forwarded text
From jya at pipeline.com Tue Jan 4 10:30:31 2005
From: jya at pipeline.com (John Young)
Date: Tue, 04 Jan 2005 10:30:31 -0800
Subject: California Bans a Large-Caliber Gun, and the Battle Is On
In-Reply-To:
Message-ID:
A timely report. A documentary is due out shortly which
includeds the likely assassination of officials with such
army-of-one weapons.
Sniping is the chink in VIP protection armor. Why? Because
ego-driven assholes lust to be seen, and best, photographed
outside the armoring of vehicles, aircraft and structures.
The very targeting head shot snipers are trained to patiently
wait for are the ones photographers are paid to arrange just so,
Sergeant York turkey-calling, "over here sir."
Who was the freedom fighter who smilingly welcomed death
by public appearance. Archduke, Reagan, JFK, Masouf, or Abe
himself.
All those pissed off, well-tested snipers from Operation Iraqi
Freedom on all sides. The Secret Service claims you cannot
spot a serious assassin ahead of time, that braggarts and
threateners are not the real thing -- sorry 'bout that outing
Tim.
More at US Secret Service National Threat Assessment Center:
http://www.secretservice.gov/ntac.shtml
From steve49152 at yahoo.ca Tue Jan 4 08:27:47 2005
From: steve49152 at yahoo.ca (Steve Thompson)
Date: Tue, 4 Jan 2005 11:27:47 -0500 (EST)
Subject: [IP] Cell phones for eavesdropping
Message-ID: <20050104162747.23442.qmail@web51810.mail.yahoo.com>
--- "Major Variola (ret)" wrote:
> >From: Gadi Evron
> >Subject: Cell phones for eavesdropping - finally some public "chatter"
>
> Of course, the low-budget govt snoops go for the basestations
> and landline links.
Oh, I don't know about that. What would it cost a small to medium sized
'security firm' to hire a couple of decent EEs with decent RF expertise?
Given five years and a decent budget, I bet that you could mock-up a
system to capture cell-phone calls in progress so long as you were in
range of the target's phone. I suspect that the protocols for setup and
teardown of cell calls, not to mention the OOB handoff signals, aren't so
complex that one couldn't intercept them in real-time with cheap off the
shelf hardware. Hell, we all know that encryption, where it exists in the
cell-net as a capability, has gone unused to this day.
> The pending cell phone virus which calls 911 should be a real hoot.
I bet that depends on whether the Java VM in modern phones is secure or
not.
> I wonder if cell virii can carry a voice payload which they can
> inject as well. Or do we have to wait a few (viral) generations
> for that?
Depends on how much RAM you've got in your phone, I guess. The ABCs
probably have the complete specifications for most phones, software and
hardware, and so may be able to arbitrarily fuck with any given model to
their heart's content -- given sufficient motivation, however you might
characterise that...
What's your threat model?
Regards,
Steve
______________________________________________________________________
Post your free ad now! http://personals.yahoo.ca
From kelsey.j at ix.netcom.com Tue Jan 4 09:06:57 2005
From: kelsey.j at ix.netcom.com (John Kelsey)
Date: Tue, 4 Jan 2005 12:06:57 -0500 (GMT-05:00)
Subject: How to Build a Global Internet Tsunami Warning System in a
Month
Message-ID: <25224543.1104858417620.JavaMail.root@huey.psp.pas.earthlink.net>
>From: "Major Variola (ret)"
>Sent: Jan 3, 2005 4:45 PM
>To: "cypherpunks at al-qaeda.net"
>Subject: Re: How to Build a Global Internet Tsunami Warning System in a Month
...
>3. Homebrew warning systems will face the same problems as eg pro
>volcano warning systems: too many false alarms and no one cares.
The best defense would seem to be a population with a lot of TVs and radios. At least after the first tsunami hit, the news would quickly spread, and there were several hours between when the waves arrived at different shores. (And a 9.0 earthquake on the seafloor, or even a 7.0 earthquake on the seafloor, is a rare enough event that it's not crazy to at least issue a "stay off the beach" kind of warning.) My first take on this is that it's an example of the many ways that it's better to be in a rich country than a poor one. Major natural disasters are a lot bloodier in poor countries, for lots of infrastructure reasons (good communications to get out the warning, good roads to evacuate on, resources available for disaster planning long before the disaster hits, building codes or best practices that require some resistance to known disasters, etc.).
--John
From kelsey.j at ix.netcom.com Tue Jan 4 09:16:06 2005
From: kelsey.j at ix.netcom.com (John Kelsey)
Date: Tue, 4 Jan 2005 12:16:06 -0500 (GMT-05:00)
Subject: California Bans a Large-Caliber Gun, and the Battle Is On
Message-ID: <23364006.1104858966957.JavaMail.root@huey.psp.pas.earthlink.net>
Interesting questions: How hard is it for someone to actually hit an airplane with a rifle bullet? How often do airplane maintenance people notice bulletholes?
My understanding is that a single bullethole in a plane is not likely to do anything serious to its operation--the hole isn't big enough to depressurize the cabin of a big plane, and unless it hits some critical bits of the plane, it's not going to cause mechanical problems. I don't think the bigger .50 round would fundamentally change that. So this could be one of those things that just happens from time to time, without getting much press. (Most people have never heard of phantom controllers either, but they're a real phenomenon, and they seem at least as dangerous as some nut with a rifle taking potshots at landing planes.)
--John
From jrandom at i2p.net Tue Jan 4 12:54:48 2005
From: jrandom at i2p.net (jrandom)
Date: Tue, 4 Jan 2005 12:54:48 -0800
Subject: [i2p] weekly status notes [jan 4]
Message-ID:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi y'all, time for our first weekly status notes of 2005
* Index
1) Net status
2) 0.4.2.6
3) 0.5
4) jabber @ chat.i2p
5) ???
* 1) Net status
Over the last week, things have been pretty interesting on the net -
on nye, there were some comments posted to a popular website talking
about i2p-bt and we've had a small burst of new users. At the
moment there are between 120-150 routers on the net, though that
peaked at 160 a few days ago. The network held its own though, with
high capacity peers picking up the excess load without much
disruption to other peers. Some users running without bandwidth
limits on really fast links have reported throughput of 2-300KBps,
while those with less capacity use the usual low 1-5KBps.
I think I remember Connelly mentioning that he was seeing 300+
different routers over the course of a few days after new years, so
there has been significant churn. On the other hand, we now have a
steady 120-150 users online, unlike the previous 80-90, which is a
reasonable increase. We still do *not* want it to grow too much
yet though, as there are known implementation issues that still need
to be done. Specifically, until the 0.6 release [1], we're going to
want to stay below 2-300 peers to keep the number of threads at a
reasonable level. However, if someone wants to help out
implementing the UDP transport, we can get there much faster.
In the last week, I've watched the stats put out by the i2p-bt
trackers and there have been gigs of large files transferred, with
some reports of 80-120KBps. IRC has had more bumps than usual
since those comments were posted on that website, but its still on
the order of hours between disconnect. (from what I can tell, the
router that irc.duck.i2p is on has been running pretty close to its
bandwidth limit, which would explain things)
[1] http://www.i2p.net/roadmap#0.6
* 2) 0.4.2.6
There have been some fixes and new features added to CVS since the
0.4.2.5 release that we're going to want to roll out soon,
including reliability fixes for the streaming lib, improved
resiliance to IP address change, and the bundling of ragnarok's
addressbook implementation.
If you haven't heard of the addressbook or haven't used it, the
short story is that it will magically update your hosts.txt file
by periodically fetching and merging changes from some anonymously
hosted locations (default being http://dev.i2p/i2p/hosts.txt and
http://duck.i2p/hosts.txt). You won't need to change any files,
touch any configuration, or run any extra applications - it'll be
deployed inside the I2P router as a standard .war file.
Of course, if you *do* want to get down and dirty with the
addressbook, you are more than welcome to - see Ragnarok's site [2]
for the details. People who already have the addressbook deployed
in their router will need to do a little tap dancing during the
0.4.2.6 upgrade, but it'll work with all your old config settings.
[2] http://ragnarok.i2p/
* 3) 0.5
Numbers, numbers, numbers! Well, as I've said before, the 0.5
release will be revamping how the tunnel routing works, and progress
is being made on that front. For the last few days I've been
implementing the new encryption code (and unit tests), and once
they're working I'll post up a doc describing my current thoughts on
how, what, and why the new tunnel routing will operate. I'm getting
the encryption implemented for it now instead of later so that
people can review what it means in a concrete sense, as well as find
problems areas and suggestions for improvement. I'm hoping to have
the code working by the end of the week, so maybe there'll be more
docs posted this weekend. No promises though.
* 4) jabber @ chat.i2p
jdot has started up a new jabber server, and it seems to work pretty
well for both one on one conversations and group chat. check out
the info on the forum [3]. the i2p dev discussion channel will
still be the irc #i2p, but its always nice to have alternatives.
[3] http://forum.i2p.net/viewtopic.php?t=229
* 5) ???
Ok, thats about all I have to mention at the moment - I'm sure
there's lots more going on that other people want to bring up
though, so swing on by the meeting in 15m @ the usual place [4] and
tell us whats up!
=jr
[4] irc://irc.{duck,baffled}.i2p/#i2p
irc://iip/#i2p
irc://irc.freenode.net/#i2p
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB2wGXGnFL2th344YRAuAkAJwPh8frN6Caof0unduGzijXFyFDnwCfXD/8
ZQXQmqk6EIx184r2Zi7poZg=
=+oCL
-----END PGP SIGNATURE-----
_______________________________________________
i2p mailing list
i2p at i2p.net
http://i2p.dnsalias.net/mailman/listinfo/i2p
----- End forwarded message -----
--
Eugen* Leitl leitl
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
From ptrei at rsasecurity.com Tue Jan 4 10:41:15 2005
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Tue, 4 Jan 2005 13:41:15 -0500
Subject: California Bans a Large-Caliber Gun, and the Battle Is On
Message-ID: <017630AA6DF2DF4EBC1DD4454F8EE29704776BE4@rsana-ex-hq1.NA.RSA.NET>
John Kelsey wrote
> Interesting questions: How hard is it for someone to
> actually hit an airplane with a rifle bullet? How often do
> airplane maintenance people notice bulletholes?
Damn hard. There's a reason winghunters use shotguns,
and anti-aircraft guns are full auto.
The only way an attacker would have a chance is to
stand at the end of the runway, and fire while the
plane passes overhead. I have heard of police
choppers and ultra lights being fired on from the
ground, but never a commercial flight in the US.
The scenario the gun-grabbers posit is someone
doing this with tracer rounds. Commercial aircraft
do not have self-sealing tanks, and if the attacker
is incredibly lucky he might be able to start a fire.
50 BMG can be effectively used in anti-material roles,
but firing on planes in the air is not one of them.
Barrett actually tried to make an shoulder-fired AA
model at one point, but abandoned it as impractical.
As has been pointed out, 50 BMG rifles have never
been used in the commission of a felony. They are
being demonized because they Look Scary (check out
www.barrettrifles.com).
Peter Trei
From measl at mfn.org Tue Jan 4 12:17:57 2005
From: measl at mfn.org (J.A. Terranson)
Date: Tue, 4 Jan 2005 14:17:57 -0600 (CST)
Subject: =?X-UNKNOWN?Q?Re=3A_AOL_Help_=3A_About_AOL=AE_PassCode?=
In-Reply-To:
References:
Message-ID: <20050104141549.X42460@ubzr.zsa.bet>
Hey RAH, don't forget to include the 182000 hours free download image. Or
the AOL user agreement. Or their logo. I mean, we wouldn't want to be
*uninformed* or anything, right?
Shit, you make a rotten Choate substitute.
--
Yours,
J.A. Terranson
sysadmin at mfn.org
0xBD4A95BF
Civilization is in a tailspin - everything is backwards, everything is
upside down- doctors destroy health, psychiatrists destroy minds, lawyers
destroy justice, the major media destroy information, governments destroy
freedom and religions destroy spirituality - yet it is claimed to be
healthy, just, informed, free and spiritual. We live in a social system
whose community, wealth, love and life is derived from alienation,
poverty, self-hate and medical murder - yet we tell ourselves that it is
biologically and ecologically sustainable.
The Bush plan to screen whole US population for mental illness clearly
indicates that mental illness starts at the top.
Rev Dr Michael Ellner
From ptrei at rsasecurity.com Tue Jan 4 12:24:56 2005
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Tue, 4 Jan 2005 15:24:56 -0500
Subject: Banks Test ID Device for Online Security
Message-ID: <017630AA6DF2DF4EBC1DD4454F8EE29704776BE6@rsana-ex-hq1.NA.RSA.NET>
R.A. Hettinga wrote:
> Okay. So AOL and Banks are *selling* RSA keys???
> Could someone explain this to me?
> No. Really. I'm serious...
>
> Cheers,
> RAH
> --------
The slashdot article title is really, really misleading.
In both cases, this is SecurID.
Peter
From rah at shipwright.com Tue Jan 4 12:36:07 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 4 Jan 2005 15:36:07 -0500
Subject: Conspiracy Theory O' The Day
Message-ID:
--- begin forwarded text
From jsd at av8n.com Tue Jan 4 12:41:12 2005
From: jsd at av8n.com (John Denker)
Date: Tue, 04 Jan 2005 15:41:12 -0500
Subject: No subject
Message-ID:
Gecko/20041007 Debian/1.7.3-5
To: Udhay Shankar N
Cc: cryptography at metzdowd.com
Subject: Re: Conspiracy Theory O' The Day
Sender: owner-cryptography at metzdowd.com
Udhay Shankar N wrote:
> I just got a batch of spam: perfectly justified blocks of random-looking
> characters. Makes me wonder if somebody is trying to train Bayesian
> filters to reject PGP messages.
Another hypothesis: Cover traffic, to defeat traffic analysis.
The procedure: send N copies. N-M of them are spam, sent to uninterested
parties. The other M parties are the intended recipients. Provided N>>M,
and other mild restrictions, they achieve plausible deniability.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
--- end forwarded text
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From adam at homeport.org Tue Jan 4 13:31:15 2005
From: adam at homeport.org (Adam Shostack)
Date: Tue, 4 Jan 2005 16:31:15 -0500
Subject: AOL Help : About =?iso-8859-1?Q?AOL?= =?iso-8859-1?Q?=AE?=
PassCode
In-Reply-To: <41DB001B.2060308@systemics.com>
References:
<41DB001B.2060308@systemics.com>
Message-ID: <20050104213114.GB48806@lightship.internal.homeport.org>
On Tue, Jan 04, 2005 at 08:44:11PM +0000, Ian G wrote:
| R.A. Hettinga wrote:
|
| >
| >Have questions? Search AOL Help articles and tutorials:
| >.....
| >If you no longer want to use AOL PassCode, you must release your screen
| >name from your AOL PassCode so that you will no longer need to enter a
| >six-digit code when you sign on to any AOL service.
| >
| >To release your screen name from your AOL PassCode
| > 1. Sign on to the AOL service with the screen name you want to
| > release from your AOL PassCode.
| >
|
| OK. So all I have to do is craft a good reason to
| get people to reset their PassCode, craft it into
| a phishing mail and send it out?
Nope! All you have to do is exploit your attack and steal money in
realtime. A securid has no way to authenticate its server, and what's
really needed to stop phishing is server auth.
Adam
From rah at shipwright.com Tue Jan 4 13:33:31 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 4 Jan 2005 16:33:31 -0500
Subject: Conspiracy Theory O' The Day
Message-ID:
--- begin forwarded text
From rah at shipwright.com Tue Jan 4 14:04:22 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 4 Jan 2005 17:04:22 -0500
Subject: E-mails can have 'explosive' impact in court cases
Message-ID:
Posted on Fri, Dec. 10, 2004
E-mails can have 'explosive' impact in court cases
By TRICIA BISHOP
The Baltimore Sun
Brian L. Moffet said he saw the writing on the wall about three years ago.
The attorney was arguing a national class-action suit with 50,000 pieces of
paper entered into evidence when the judge asked, ''Where are the e-mails?''
That sent Moffet into scramble mode.
''It was the first time I realized it was something that was going to have
to be addressed,'' he said.
More than 90 percent of all new information is created and stored in
electronic form, according to the University of California at Berkeley. And
more than two-thirds of that is never printed. Not since the adoption of
the Xerox machine 45 years ago has the centuries-old legal profession been
so affected by new technology.
A handful of law firms, including Moffet's -- Gordon, Feinblatt, Rothman,
Hoffberger & Hollander LLC -- have created units specifically to mine for
electronic information and help clients manage it. But experts say many
lawyers aren't yet comfortable with hunting for electronic data and may be
setting themselves up for claims of malpractice because of it.
''Think about it,'' said Ken Withers, an attorney at the Federal Judicial
Center, the Washington-based research and education arm of the national
court system. ''If 92 percent of the information is in electronic form,
then they're only asking for 8 percent of the information. Obviously,
they're not getting a full picture of what's going on.''
Recent court decisions have put attorneys and companies on notice by posing
hefty fines against businesses and public institutions that don't properly
handle -- or hand over -- electronic records.
In July, Phillip Morris USA Inc. was sanctioned $2.75 million for failing
to keep and produce such data in a case that claimed the company marketed
cigarettes to minors. That same month, a New York court instructed a jury
to infer that the absence of electronic records could be considered
intentional and damaging to the defendants. And a year ago, Baltimore City
defendants in a housing discrimination case produced 80,000 e-mails too
late, causing U.S. District Court Judge Paul W. Grimm to refuse their
admittance into evidence and preclude some witnesses from testifying.
Electronic evidence ''is absolutely explosive in terms of the impact,''
Grimm said in a recent telephone interview. ''At first it was somewhat
unusual. But in the late '90s and early 2000, we started seeing a drumbeat
of cases'' submitting e-mail evidence in particular, which is often more
salacious because of its casual nature.
''Discovery'' -- the technical term for the lawyer's process of collecting
evidence and information to try a case -- once meant pawing through file
cabinets in search of a paper trail. But the explosion of e-mail and other
electronic data has turned the procedure on its head, making it more costly
and cumbersome, but also critical. E-mail and data can be found on laptops,
network servers, disks, hard drives, backup tapes, cell phones, and
portable digital assistants -- making them all fair game when mining for
dirt that could make or break a case.
''Now, we not only have to sweep files for relevant information. We have to
sweep the computers that are relevant, too,'' said Thomas P. Vartanian, a
Washington attorney and a member of the American Bar Association's
technology committee. Without in-house electronic discovery teams, lawyers
and companies typically turned to outside businesses for help. The first
such companies began on the West Coast in the late 1980s. But it wasn't
until a decade later that the new market began taking off, said George J.
Socha, Jr., an attorney, market analyst and consultant in St. Paul, Minn.
Today, about 160 companies concentrate on electronic discovery, whose total
revenues grew to $430 million in 2003 from $40 million in 1999.
Cases involving records mismanagement and accounting fraud -- such as those
of Arthur Andersen LLP and Enron Corp. -- have heightened mistrust of
corporations by juries, said Lori Ann Wagner, a partner at Faegre & Benson
LLC in Minneapolis. Her firm, whose electronic discovery task force in 1999
is considered one of the pioneers among law firms, helps clients put
policies in order to avoid the appearance of misconduct. But many companies
still don't have well-defined or well-reasoned processes.
Recently, a California software company filed a motion in U.S. District
Court in Baltimore that claimed Microsoft Corp. purposely created policies
to destroy evidence. The plaintiffs, Burst.Com Inc., contend Microsoft
stole its intellectual property and destroyed the e-mails that would prove
it. They've requested that the judge issue an ''adverse inference''
instruction to the jury, which permits members to infer that the destroyed
evidence was harmful to Microsoft.
Dealing with data is not easy for companies or their attorneys. The
information is enormous in scope and costly to maintain and search. Word
documents have multiple versions, e-mails have replaced telephone calls and
they are sent to multiple recipients, embedded data are attached to files,
and deleted data are not truly gone until it's overwritten, which could
take years. All of it is discoverable, meaning millions of pieces of
information might come into play.
And right now, there are no universal rules governing the electronic
discovery process, though various groups have offered guidelines. Some
states -- Delaware, Wyoming, New Jersey, Kansas and Arkansas -- have
implemented their own rules, but some experts complain of a lack of
uniformity.
''The volume of electronic information is much higher than anything we ever
imagined in the paper world,'' said Withers of the Federal Judicial Center.
''Computers generate far more than humans are capable of comprehending.''
The Judicial Conference of the United States -- the policy-making body for
the country's court system -- has proposed amendments to the federal Rules
of Civil Procedure that specifically address electronic discovery. The
proposals have been presented for comment, which ends in February, and
would not take effect until December 2006 at the earliest.
The current proposals would require attorneys to lay ground rules for
electronic discovery early on, help decide who pays for what, add options
to pull back privileged communication mistakenly handed over, and ease the
burden of production on some defendants by only asking for easily
accessible documents. Among the possible changes is a new definition of
what a ''document'' is: It could include an entire computer and everything
on it.
Law schools are trying to train the next generation of lawyers to think in
such terms. But while most students are already familiar with the Internet
and tech toys, ''trying to harness all of that recreational knowledge and
turn it into professional expertise is a challenge for all law schools,''
said Theresa K. LaMaster, assistant dean for technology affairs at the
University of Maryland School of Law.
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From dave at farber.net Tue Jan 4 14:10:04 2005
From: dave at farber.net (David Farber)
Date: Tue, 04 Jan 2005 17:10:04 -0500
Subject: [IP] Jasper Green Lasers: useful tool or
terrorist weapon?
Message-ID:
------ Forwarded Message
From: "Richard M. Smith"
Date: Tue, 04 Jan 2005 16:46:02 -0500
To:
Subject: Jasper Green Lasers: useful tool or terrorist weapon?
Yikes! High-powered laser pointers do seem to present a problem to pilots.
Richard
http://www.bigha.com/blog/archives/000058.php?0
>From Saturday, January 1, 2005
Jasper Green Lasers: useful tool or terrorist weapon?
posted by Noah , at 2:52 PM
I'm sure we've all read stories like this one
or this
one or this one
in the past week
or so. The theme is consistent: some dorkus is shining a green laser into
moving aircraft and temporarily blinding pilots. Not cool, obviously.
On Thursday I was contacted by the FBI. They were investigating a new
incident even scarier than the ones we've read about. The good news is they
are coming up with ways to track and catch the culprits. The bad news is, we
have reason to believe at least one of the culprits is using a Jasper. Wow.
The theory is this: the dorkuses possibly modified their lasers (this is
easy to do) to increase the power. and accessorizing it with a tripod and a
scope to track and aim at aircraft. Even the unmodified Jasper is plainly
visible at 10,000 feet. At 25,000 feet it is still visible, but it becomes
fainter and obviously much more difficult to aim from the ground. Since
there are so many reflective surfaces in the cockpit, it only takes the beam
landing on one of the cockpit windows for 2-3 seconds before it bounces all
around, and temporarily blinds the pilots.
We have been asked if there are any suspicious persons have purchased from
us, especially in areas like Colorado, New Jersey, Ohio and southern Oregon
where instances have been reported. We are trying to cooperate with the
authorities while at the same time respecting the privacy of our customers.
If you own or are about to purchase a Jasper, please do not point it towards
people or moving objects. It is dangerous. Please do not modify it to
increase the power output. It will void your warranty, harm your laser and
render it largely unuseful for serious pointing.
And if you are amongst the one or two losers amongst thousands of
responsible Jasper users, please be aware that you will soon be caught. The
next time you point your Jasper towards a plane, you will see a police
helicoptor or military aircraft flying around your area. They will see your
beam, which points right back to you. Then they will come to arrest you, and
hopefully put you in jail. Your Jasper will be confiscated, and you will not
be issued a refund.
Commenting is Closed
For questions email us or to
order by phone call (888) 258-8440.
------ End of Forwarded Message
-------------------------------------
You are subscribed as eugen at leitl.org
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/
----- End forwarded message -----
--
Eugen* Leitl leitl
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
From eugen at leitl.org Tue Jan 4 09:00:07 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 4 Jan 2005 18:00:07 +0100
Subject: Budget Issues Force Spy Satellites Into The Open
Message-ID: <20050104170005.GD9221@leitl.org>
Link: http://slashdot.org/article.pl?sid=05/01/03/2343210
Posted by: timothy, on 2005-01-03 23:52:00
from the pretty-soon-we're-talking-real-money dept.
Korsair25 points out this article about a [1]U.S. spy satellite
program. "Quote: 'Over the decades, spying from space has always
earned super-secret status. They are the black projects, fulfilling
dark tasks and often bankrolled by blank check.' It also talks about
some of the technology used to disguise or camouflage some of the
operational satellites."
[2]Click Here
References
1.
http://story.news.yahoo.com/news?tmpl=story&u=/space/20050103/sc_space/anatom
yofaspysatellite&e=1
2.
http://ads.osdn.com/?ad_id=5671&alloc_id=12342&site_id=1&request_id=3463626&o
p=click&page=%2farticle%2epl
----- End forwarded message -----
--
Eugen* Leitl leitl
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
From rah at shipwright.com Tue Jan 4 15:39:23 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 4 Jan 2005 18:39:23 -0500
Subject: New computerized passport raises safety concerns
Message-ID:
Posted on Mon, Jan. 03, 2005
New computerized passport raises safety concerns
By Kristi Heim
Seattle Times
When traveling abroad these days, most Americans probably wouldn't want the
contents of their passports to be secretly read by strangers.
But when a new high-tech passport system goes into effect as early as next
spring, that's exactly what critics say could happen.
Before the end of the year, the first U.S. biometric passport will be
issued with a tiny computer chip and antenna embedded inside it. The chip
will contain a digital image of the person's face, along with other
information such as name, birth date and birthplace. The data on the chip
can be picked up wirelessly using a radio signal.
When the traveler enters the United States, border-control officials will
snap a digital photo of the person, scan the data from the passport and run
a facial-recognition software program to compare the two images.
The system is designed to prevent forged passports by making sure the
original passport holder and the person standing at the immigration counter
are one and the same.
The problem, security and privacy experts say, is that the technical
standard chosen for the system leaves passport data unprotected.
The technology allows data on the chip to be read remotely using radio
frequency identification or RFID.
That means the passport does not have to be opened or even come in contact
with a scanning device. Its contents can be read remotely -- some estimates
claim as far away as 30 feet -- without the passport holder knowing
anything about it.
Privacy advocates and the American Civil Liberties Union have sharply
criticized the proposed system, saying it effectively creates `a global
infrastructure of surveillance.`
`The U.S.-backed standard means that all the information on American
passports can be read by anyone with an RFID reader, whether they are an
identity thief, a terrorist trying to spot the Americans in a room or a
government agent looking to vacuum up the identities of everyone at a
political rally, gun show or mosque,` said Laura Murphy, director of the
ACLU's Washington, D.C., legislative office.
The ACLU also questioned the use of facial-recognition technology, which
can be used to track people but is not foolproof when it comes to matching
identity.
The U.S. government is already requiring 27 foreign countries to include
biometrics in their passports in order for their citizens to continue to
travel to the United States without a visa. The mandate was passed in 2002
as part of an effort to tighten border security after the Sept. 11, 2001,
attacks.
Most of those countries, including the United Kingdom, have had trouble
implementing the system and requested the deadline be postponed. Congress
voted during the summer to extend the deadline one year to October 2005.
Now the State Department plans to expand that program to include U.S.
passports, which were not part of the original legislation.
But it may only be a matter of time before countries required by the United
States to issue biometric passports demand the same kind of passports from
American visitors.
By the end of 2005, according to the plan, all American passports produced
domestically will be biometric passports.
The new technology is set to go into diplomatic and official passports
first, and move to all new and renewed regular passports around the middle
of next year, said Kelly Shannon, spokeswoman in the State Department's
Bureau of Consular Affairs.
The standard being used for U.S. passports was developed by the
International Civil Aviation Organization, a United Nations-affiliated
group based in Montreal.
As the standard was being decided this year, privacy and security experts
argued it should include features to protect the data, such as encryption
or the addition of a printed bar code inside the passport to `unlock` the
data.
Such features would let passport holders know who was reading their data
and when. But the State Department so far has rejected proposals for
encryption and other security measures.
Department officials said encryption would hinder interoperability of the
system among the different countries using it and slow down already tedious
border crossings.
It should function like RFID technology that monitors the flow of cars from
a distance through automatic toll roads, for example.
Security expert Bruce Schneier, founder and chief technical officer of
Counterpane Internet Security, said encryption would not solve security
problems for the passport system.
Instead, he recommends a system that requires direct contact with the chip.
`The owner of the passport has to acquiesce to give the data to somebody,`
Schneier said.
If the passport has to touch the reader or be opened before it can be read,
there is less chance for secret `skimming` of personal data. That is a
growing concern as RFID technology becomes more widespread around the
world, and readers can be produced inexpensively in devices as small as a
mobile phone.
`The question comes down to why the government is fixating on this
technology,` Schneier said. `I cannot figure out a motive, unless they want
to read it surreptitiously themselves.`
Adding a computer chip to passports does not provide a means to track U.S.
citizens, said State Department spokesman Kurtis Cooper. The information
stored on the chip is the same as on the printed passport and will be used
only to verify identity at ports of entry, he said.
As the system is further tested and developed, Cooper said, the department
is looking for ways to `reduce further any risk that would compromise the
privacy of the data as citizens use their passport.`
Meanwhile, the Department of Homeland Security has started a pilot program
to test biometric technology for foreign visitors at a dozen airports
around the country.
The department awarded a multibillion-dollar contract in June to a
consortium called the Smart Border Alliance to design and build the U.S.
Visitor and Immigration Status Indicator Technology (US-VISIT) program,
which makes use of biometrics.
The Smart Border Alliance, led by Accenture, includes Bellevue, Wash.-based
Saflink. Saflink provides software that replaces passwords with biometric
identification such as fingerprints, voices or facial characteristics. It
takes the unique points of a fingerprint or a face and transforms them into
a series of ones and zeros -- a biometric `signature,` allowing the
signature stored in a chip or database to be compared with the one
presented live.
`You're never going to have a perfect match between today and tomorrow,`
said Saflink marketing director Thomas Doggett. But false identifications
can be reduced to a manageable level.
`With the paper-based system from the old world, it's too easy for
intruders to manipulate documents,` he said.
Smart-card identification technology has broader applications as a
container to store information such as health records and access
privileges, which Saflink is helping supply to the U.S. military.
In the future, the government may decide to add new biometrics or
different, expanded technologies to U.S. passports.
The State Department requires the new passports to carry a 64-kilobyte
chip, more capacity than is needed to hold current passport data.
Other technology could be added, such as a second digital photo, a digital
fingerprint or an iris scan, to improve the accuracy of matches.
Travel guidebook author Edward Hasbrouck isn't waiting around for that.
He's getting his passport renewed before the new system is in place and
urging others to do the same. Passports are valid for 10 years.
Without better security, the new passports `couldn't be better suited to
facilitate both surveillance and identity theft if they were designed for
the purpose,` he said.
Hasbrouck believes the new passports will enable `undetectable tracking and
the identification of travelers, as well as secret, remote collection of
all the data needed to create perfect passport forgeries.`
One simple but effective solution may deter unwanted snoops, says Schneier:
Cover the passport with aluminum foil. Radio frequencies have a hard time
penetrating metal.
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From bill.stewart at pobox.com Tue Jan 4 19:18:54 2005
From: bill.stewart at pobox.com (Bill Stewart)
Date: Tue, 04 Jan 2005 19:18:54 -0800
Subject: Banks Test ID Device for Online Security
In-Reply-To: <017630AA6DF2DF4EBC1DD4454F8EE29704776BE6@rsana-ex-hq1.NA.R
SA.NET>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776BE6@rsana-ex-hq1.NA.RSA.NET>
Message-ID: <200501050331.j053VWf5022468@positron.jfet.org>
>R.A. Hettinga wrote:
> > Okay. So AOL and Banks are *selling* RSA keys???
> > Could someone explain this to me?
At 12:24 PM 1/4/2005, Trei, Peter wrote:
>The slashdot article title is really, really misleading.
>In both cases, this is SecurID.
Yup. It's the little keychain frob that gives you a string of numbers,
updated every 30 seconds or so, which stays roughly in sync with a server,
so you can use them as one-time passwords
instead of storing a password that's good for a long term.
So if the phisher cons you into handing over your information,
they've got to rip you off in nearly-real-time with a MITM game
instead of getting a password they can reuse, sell, etc.
That's still a serious risk for a bank,
since the scammer can use it to log in to the web site
and then do a bunch of transactions quickly;
it's less vulnerable if the bank insists on a new SecurID hit for
every dangerous transaction, but that's too annoying for most customers.
----
Bill Stewart bill.stewart at pobox.com
From bill.stewart at pobox.com Tue Jan 4 19:18:54 2005
From: bill.stewart at pobox.com (Bill Stewart)
Date: Tue, 04 Jan 2005 19:18:54 -0800
Subject: Banks Test ID Device for Online Security
In-Reply-To: <017630AA6DF2DF4EBC1DD4454F8EE29704776BE6@rsana-ex-hq1.NA.R
SA.NET>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776BE6@rsana-ex-hq1.NA.RSA.NET>
Message-ID: <20050105032142.7E8D4F2CB@red.metdow.com>
>R.A. Hettinga wrote:
> > Okay. So AOL and Banks are *selling* RSA keys???
> > Could someone explain this to me?
At 12:24 PM 1/4/2005, Trei, Peter wrote:
>The slashdot article title is really, really misleading.
>In both cases, this is SecurID.
Yup. It's the little keychain frob that gives you a string of numbers,
updated every 30 seconds or so, which stays roughly in sync with a server,
so you can use them as one-time passwords
instead of storing a password that's good for a long term.
So if the phisher cons you into handing over your information,
they've got to rip you off in nearly-real-time with a MITM game
instead of getting a password they can reuse, sell, etc.
That's still a serious risk for a bank,
since the scammer can use it to log in to the web site
and then do a bunch of transactions quickly;
it's less vulnerable if the bank insists on a new SecurID hit for
every dangerous transaction, but that's too annoying for most customers.
----
Bill Stewart bill.stewart at pobox.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
From iang at systemics.com Tue Jan 4 12:44:11 2005
From: iang at systemics.com (Ian G)
Date: Tue, 04 Jan 2005 20:44:11 +0000
Subject: AOL Help : About =?ISO-8859-1?Q?AOL=AE_PassCode?=
In-Reply-To:
References:
Message-ID: <41DB001B.2060308@systemics.com>
R.A. Hettinga wrote:
>
>Have questions? Search AOL Help articles and tutorials:
>.....
>If you no longer want to use AOL PassCode, you must release your screen
>name from your AOL PassCode so that you will no longer need to enter a
>six-digit code when you sign on to any AOL service.
>
>To release your screen name from your AOL PassCode
> 1. Sign on to the AOL service with the screen name you want to release from your AOL PassCode.
>
OK. So all I have to do is craft a good reason to
get people to reset their PassCode, craft it into
a phishing mail and send it out?
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
From eugen at leitl.org Tue Jan 4 13:27:58 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 4 Jan 2005 22:27:58 +0100
Subject: [i2p] weekly status notes [jan 4] (fwd from jrandom@i2p.net)
Message-ID: <20050104212758.GK9221@leitl.org>
----- Forwarded message from jrandom -----
From fw at deneb.enyo.de Tue Jan 4 14:19:30 2005
From: fw at deneb.enyo.de (Florian Weimer)
Date: Tue, 04 Jan 2005 23:19:30 +0100
Subject: AOL Help : About =?iso-8859-1?Q?AOL=AE?= PassCode
In-Reply-To: <41DB001B.2060308@systemics.com> (Ian G.'s message of "Tue,
04 Jan 2005 20:44:11 +0000")
References:
<41DB001B.2060308@systemics.com>
Message-ID: <87pt0k6dn1.fsf@deneb.enyo.de>
* Ian G.:
> R.A. Hettinga wrote:
>
>>
>>Have questions? Search AOL Help articles and tutorials:
>>.....
>>If you no longer want to use AOL PassCode, you must release your screen
>>name from your AOL PassCode so that you will no longer need to enter a
>>six-digit code when you sign on to any AOL service.
>>
>>To release your screen name from your AOL PassCode
>> 1. Sign on to the AOL service with the screen name you want to release
from your AOL PassCode.
>>
>
> OK. So all I have to do is craft a good reason to
> get people to reset their PassCode, craft it into
> a phishing mail and send it out?
I think you can forward the PassCode to AOL once the victim has
entered it on a phishing site. Tokens ` la SecurID can only help if
the phishing schemes *require* delayed exploitation of obtained
credentials, and I don't think we should make this assumption. Online
MITM attacks are not prevented.
(Traditional IPsec XAUTHis problematic for the very same reason, even
with a SecurID token lookalike.)
From eugen at leitl.org Tue Jan 4 14:46:41 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 4 Jan 2005 23:46:41 +0100
Subject: [IP] Jasper Green Lasers: useful tool or terrorist weapon? (fwd
from dave@farber.net)
Message-ID: <20050104224641.GM9221@leitl.org>
----- Forwarded message from David Farber -----
From rah at shipwright.com Tue Jan 4 20:57:08 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 4 Jan 2005 23:57:08 -0500
Subject: Why HDTV Hasn't Arrived In Many Homes
Message-ID:
The Wall Street Journal
January 5, 2005
TELECOMMUNICATIONS
Why HDTV
Hasn't Arrived
In Many Homes
By SARAH MCBRIDE, PHRED DVORAK and DON CLARK
Staff Reporters of THE WALL STREET JOURNAL
January 5, 2005
Eric Olander has a new love, his Sony high-definition TV. But something is
coming between them: High-definition television programming.
Mr. Olander adores the picture quality on the high-definition channels he
gets from EchoStar Satellite LLC, but there are at best only nine available
to him. Whenever he switches back to a regular channel, "everything seems
substandard," he says.
Adding insult to injury, his TiVo doesn't record high-definition programs
in high definition: When he plays them back, they look like ordinary TV.
And some of the programs are simply conventional movies converted into a
digital form, so they don't have the crisp quality he's grown addicted to.
"It's just not enough," says Mr. Olander, a 34-year-old manager at a Los
Angeles television station and a gadget freak.
Gripes from demanding customers like Mr. Olander help explain why so many
cool technologies -- from high-definition TV to home networking to
interactive TV -- just aren't catching on yet. Besides shortcomings in
existing products, battles over technical standards and fear of video
piracy are slowing manufacturers' ability to deploy new stuff. Many
potential customers, disappointed and confused, are walking out of stores
empty-handed.
The good news: Manufacturers are well aware of the problem. Progress in
speeding the delivery of digital content and technology will be a major
theme among industry giants converging at the Consumer Electronics Show in
Las Vegas, which formally opens tonight.
For example, Hewlett-Packard Co. and Matsushita Electric Industrial Co.,
better known as Panasonic, today are announcing a peace agreement in a
long-running format war over recordable DVDs. Each company plans to adopt
the other's formats, known by confusing acronyms that include +R and RAM.
As a result, users will be able to more easily edit video on a
Hewlett-Packard PC that was recorded on a Panasonic DVD recorder. "Seamless
is a key word," says Naoto Noguchi, vice president of Panasonic's
audio-visual business unit. (See related story1.)
Now for the bad news. Despite some advances, companies are still moving
pretty slowly, not least because they tend to delay progress that can help
rivals.
Take, for example, the issue of content compatibility. Imagine that a movie
purchased from a Best Buy store could only be played on a DVD player that
also was bought at Best Buy -- and not on a player from Circuit City or
Radio Shack. That is, in essence, what is happening in online music, the
first big digital-content battleground.
The only major paid download service that works with Apple Computer Inc.'s
iPod device is Apple's own iTunes, because of the copyright protection used
by the computer maker. In July, a rival online music service, RealNetworks
Inc., cracked the Apple system with a technology called Harmony so that
customers who bought songs from RealNetworks could play them on an iPod.
Apple has taken steps to modify its offerings to prevent iPods from working
with Harmony.
Such infighting is very common with emerging technology, where design
incompatibilities "are a huge impediment to adoption," says Paul Kocher,
president of Cryptography Research Inc., a digital security consultancy.
Historically, consumer-electronics makers had little need to cooperate with
rivals, because their TVs, stereos and other audio-visual gear were
standalone products. Attempts at cooperation on common standards often
erupted into format wars, such as the famous battle in the 1970s between
Betamax videocassettes, backed by Sony Corp., and VHS, backed by Japan
Victor Corp., or JVC.
Today, getting high-definition TV is already something of a struggle.
Viewers who don't receive a special set-top box from a cable or satellite
provider must purchase a separate tuner to be able to see high-definition
pictures. And people who use the words "digital" and "high def"
interchangeably could be in for a nasty surprise when they get their TV
home: Not all digital TVs show high-definition programming.
Other battles are slowing high-definition content's arrival in homes. A
high-capacity successor to the DVD, for example, is needed before consumers
can buy or rent high-definition movies. Already two competing technologies,
dubbed Blu-ray and HD DVD, have divided the nascent market into warring
camps.
Determined to make sure the new disks aren't copied as easily as today's
CDs and DVDs, movie studios, electronics companies and others are pondering
an array of content-protection technologies. Because movies are more
difficult to transfer than songs, video piracy hasn't hurt the major
studios as badly as music piracy has hurt major record groups. But it has
contributed to delays.
"The threat is still vaguely theoretical," says Talal Shamoon, chief
executive officer of InterTrust Technologies Corp., Sunnyvale, Calif., a
pioneer in copyright-protection technology. "The good news is there is
still time; the bad news is there is still time."
In home networking, electronics makers' tendency to go their own way has
led to a muddle of competing standards that could mean a "networked" Sony
TV, for instance, wouldn't talk to a PC from Toshiba Corp. Some Sony TVs
came with software that let you access video or audio files on your PC --
as long as it was a Sony Vaio PC.
Industry giants are slowly working out some of these challenges. One
standard-setting group, the Digital Living Network Alliance, is working on
standard specifications for connecting consumer-electronic devices and
moving files between them.
In content protection, industry giants such as IntelCorp. and Microsoft
Corp. are backing a technology consortium known as AACS LA, for Advanced
Access Content System Licensing Administrator. Another group, the Coral
Consortium, favored by H-P, Philips NV and others, is trying to develop
ways for different copyright-protection technologies to work together.
"I think we are to the point where the forces are converging," says Steve
Canepa, a vice president at International Business Machines Corp., which
endorses the AACS LA effort.
The sheer size of digital media files is another problem for consumers.
Wireless networks haven't been fast and reliable enough to dependably move
high-definition video around the house.
A Silicon Valley start-up, Video54 Technologies Inc., is set to unveil a
new antenna technology at the consumer-electronics show that can help steer
wireless signals around obstacles in the home and deliver smooth video
images. "We are ready to roll into production" with the technology, says
Patrick Lo, chief executive officer of Netgear Inc., which makes wireless
access devices.
Interactive TV has faced similar obstacles. Television studios are working
on prototypes of shows allowing fans to play games integrated into
programming. But each satellite and cable operator has proprietary
technology, based on remote controls or other devices users would use to
interact with programs. So the studios must select one system to work with,
or go through a laborious process of adapting their content for more than
one.
Cable companies are working on a single standard for interactive TV known
as Open Cable Applications Platform. It would bring the five major cable
companies onto the same page, but satellite systems still may develop their
own programming, for competitive reasons.
"This will be used as a very big corporate advantage among the operators, "
says Scott Higgins, EchoStar's director of interactive programming. If
proprietary interactive content is strong enough, "you will be stealing
viewers from the competition."
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From rah at shipwright.com Wed Jan 5 07:41:48 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 5 Jan 2005 10:41:48 -0500
Subject: Globalization and 'Contract Culture'
Message-ID:
Tech Central Station
Globalization and 'Contract Culture'
By Christopher Lingle
Published
01/05/2005
It is obvious that the process of globalization inspires great disagreement
concerning its nature and impact. Despite acts of terrorism and labor
disputes that have marked this public discussion, one point of agreement is
that this process is seemingly irresistible.
A sober assessment of the merits of the arguments in this debate requires
identifying some essential elements behind this momentum. One place to
start is to discard an important misinterpretation.
Globalization should not be confused with Westernization or Americanization
of economies and cultures. Perhaps this muddled thinking arises from an
observed sense of convergence towards certain norms or rules that are
associated with Western cultures, especially concerning commercial
considerations. Promoting this misconception adds to an unwelcome
divisiveness. It also implicitly assigns a sense of domination or
superiority of American or Western culture over others, itself a patently
foolish assertion.
The view offered here is that this convergence is a natural and
evolutionary procedure. In this sense, global convergence arises from
voluntary choices by citizens and their governments to engage in worldwide
markets to achieve some individual and collective goals, including shared
prosperity. Indeed, the overpowering nature that some observers find so
troubling is actually the outcome of choices made by most other members of
their own communities. In the end, the movement is towards the
establishment of and guidance by the legal bounds that govern contracts. As
will be argued, exposure to contracts has important impacts on cultures
since it imposes greater accountability on businesses as well as
governments.
As such, globalization should not be viewed as the outcome of anonymous,
outside and mysterious forces. Instead, an important source of globalizing
influences in a local economy arises from choices made by most of ones'
compatriots who prefer better or cheaper products that are imports rather
than shoddy or higher priced ones produced locally. In this narrow
interpretation, globalization can be seen as a universal application of
democracy. Opposition to these results is tantamount to an elitist loathing
of thy neighbor, or at least their choices.
In all events, the spreading of the benefits of globalization depends upon
how well markets function, because competitive markets are a force that
empowers consumers and humbles producers. And well-functioning markets
require and inspire a certain attitude towards agreements that can be
identified as a "contract culture".
A contract culture exists when all parties in an agreement are predictably
treated as equals whenever there is a legal dispute or a need for
interpretation of the conditions behind the pact. Markets both depend upon
and set the stage for the emergence of a contract culture as well as
providing an impetus for the emergence of a commercial morality and a wider
application of trust. In turn, institutional frameworks evolve to
reinforce and reward or punish actions in reference to the agreements and
the legal institutions that support them. This convergence is inspired by
globalization.
While most may think that the discussion only involves private contracts
concerning commercial transactions, it also covers social contracts like
constitutions that specify duties and obligations of citizens and rulers.
Markets inspire the development of a contract culture where the spirit of
compromise becomes part of human interaction. In such a setting, equals are
treated as equals just as unequals must also be treated as equals before
the law. Governments or large corporations should not receive special
treatment in the courts over individual citizens while domestic interests
should not override those of foreign claimants. At the same time,
interactions within a community where contracts are widely negotiated can
bring about a greater appreciation for compromise and humility that might
undermine future claims for authoritarian leadership.
Viewed from this vantage point, capitalism and free markets are seen to
provide a necessary underpinning for democracy's success rather than merely
a sufficient one. It is through individualist-based institutions associated
with and arising from markets that people exercise true self-ownership to
pursue their own chosen goals.
The importance of establishing a contract culture cuts deep. It is an
intangible element in the measurement of growth factors, but it is
certainly an essential element of the institutional framework for an active
player in the global economy. Apart from promoting political stability due
to greater fairness, the contract culture is also associated with
"middle-class values" like the importance of education, thrift and moral
values that promote hard work and honesty in contract fulfilment.
Globalization can reduce some of the economic vagaries by eliminating some
of the sources of recurrent crises. During periods of rapid economic
growth, massive cash flows can compensate for some of the inconveniences
arising from a weak adherence to contractual obligations. Once an economy
reaches a certain level of maturity or begins to lose its comparative
advantages, the importance of legal protections becomes clearer. It is the
absence of such safety measures that induce investors to undertake
reassessments that can lead to the sort of mass exoduses of capital like
the one associated with the Asian crises that began in 1997.
In many Asian countries, the dominance of autocratic rule led to an
entrenchment of hierarchical power relations that retard the development of
a local contract culture. Outside of some former British colonies, few
Asian countries have an independent and competent judiciary that issue
ruling based upon strict interpretations of a body of law concerning
fulfilment of contracts that includes predictable bankruptcy proceedings.
Yet the exposure to and pressures from the international marketplace will
eventually pressure governments to adhere to the rule of law.
Some opponents to globalization express legitimate concerns. Perhaps the
most compelling objection is the fear of the dilution of local culture.
Nonetheless, opening a community to global influences is most likely to
reveal the strengths of those elements that are worth keeping and
undercover weak points that might be given up. (It is worth noting that the
Dutch have been deeply engaged in the globalization process for many
centuries without losing their unique cultural identity.)
An assessment of globalization should begin with the fact that it
introduces a contract culture in association with the rule of law as the
basis of a modern market-based economy. Although there will always be
transition costs of such monumental changes, there are solid reasons to
believe these will be exceeded by the benefits. Above all other benefits is
the increased commercial and political accountability that offers greater
protections to citizens and consumers.
Christopher Lingle is Global Strategist for eConoLytics.
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From alex at bofh.net.pl Wed Jan 5 03:23:26 2005
From: alex at bofh.net.pl (Janusz A. Urbanowicz)
Date: Wed, 5 Jan 2005 12:23:26 +0100
Subject: Banks Test ID Device for Online Security
In-Reply-To: <017630AA6DF2DF4EBC1DD4454F8EE29704776BE6@rsana-ex-hq1.NA.RSA.NET>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776BE6@rsana-ex-hq1.NA.RSA.NET>
Message-ID: <20050105112326.GI25156@syjon.fantastyka.net>
On Tue, Jan 04, 2005 at 03:24:56PM -0500, Trei, Peter wrote:
> R.A. Hettinga wrote:
>
> > Okay. So AOL and Banks are *selling* RSA keys???
> > Could someone explain this to me?
> > No. Really. I'm serious...
> >
> > Cheers,
> > RAH
> > --------
>
> The slashdot article title is really, really misleading.
> In both cases, this is SecurID.
In some cases this also may be VASCO DigiPass, which is system very similar
to SecurID, only cheaper. This technology seems to be quite popular in
Europe as couple banks in Poland routinely issue tokens, both VASCO and
SecurID to their customers for online authorization, and the tokens are used
both in password generation (as described in article) and challenge-response
modes.
Alex
--
mors ab alto
0x46399138
From perry at piermont.com Wed Jan 5 15:08:31 2005
From: perry at piermont.com (Perry E. Metzger)
Date: Wed, 05 Jan 2005 18:08:31 -0500
Subject: FreeBSD's urandom versus random
Message-ID:
Ian G writes:
> While we're on the subject of /dev/[u]random, has anyone
> looked at the new FreeBSD 5.3 version?
Not the 5.3 version but I have looked a bit at earlier versions. I was
pretty scared, frankly.
The author gave a talk at a BSDCon where he displayed both a profound
set of misunderstandings about what the papers he had read meant and
an extremely strong amount of arrogance. Among other things, he
claimed that Schneier and Co. had proven the security of Yarrow (which
of course they never had claimed), and that his changes to Yarrow made
it better (very dubious). He also obviously didn't understand crypto
very well. I wouldn't have minded so much if he hadn't been extremely
belligerent about defending his beliefs.
Anyway, after the talk I took a look at the code, and I didn't feel
very comfortable with it. It has been too many years now for me to
remember specifics, and it may have been changed a lot in the interim
-- in any case, you may want to examine it if you are contemplating
using it in something where it would be dangerous not to have very
solid random numbers available.
FreeBSD has some other crypto toys that I'm dubious about. It now has
a crypto file system widget that uses a bunch of odd ad hoc modes
invented by the author. Some quick analysis shows that most of the
complexity they add does not add actual cryptographic strength and
does add possible attack vectors, which is worrisome. I'm always
against attempting to be clever under such circumstances, but a lot of
people don't seem to have the same fear of innovating in cryptography
without very careful analysis that I do. It also doesn't protect very
well against brute forcing of the file system passphrase, which is (in
most cases) the likely way people will break such a thing. (Actually
the author claims that you would have to do tremendous disk i/o to
break the passphrase, but you can do a time/space tradeoff with RAM
that bypasses his hack.)
None of this should say that I'm entirely comfortable with the
security of, say, NetBSD's /dev/random. Even though I should have,
I've never properly audited the whole thing, which is more than mildly
embarrassing. Shades of the shoemaker's children and such. For all I
know, we've got big flaws, too.
Perry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
--- end forwarded text
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From rah at shipwright.com Wed Jan 5 15:16:51 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 5 Jan 2005 18:16:51 -0500
Subject: FreeBSD's urandom versus random
Message-ID:
--- begin forwarded text
From lynn at garlic.com Wed Jan 5 22:46:32 2005
From: lynn at garlic.com (Anne & Lynn Wheeler)
Date: Wed, 05 Jan 2005 23:46:32 -0700
Subject: Banks Test ID Device for Online Security
In-Reply-To: <20050105032142.7E8D4F2CB@red.metdow.com>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776BE6@rsana-ex-hq1.NA.RSA.NET>
<20050105032142.7E8D4F2CB@red.metdow.com>
Message-ID: <41DCDEC8.4000902@garlic.com>
Bill Stewart wrote:
> Yup. It's the little keychain frob that gives you a string of numbers,
> updated every 30 seconds or so, which stays roughly in sync with a server,
> so you can use them as one-time passwords
> instead of storing a password that's good for a long term.
>
> So if the phisher cons you into handing over your information,
> they've got to rip you off in nearly-real-time with a MITM game
> instead of getting a password they can reuse, sell, etc.
>
> That's still a serious risk for a bank,
> since the scammer can use it to log in to the web site
> and then do a bunch of transactions quickly;
> it's less vulnerable if the bank insists on a new SecurID hit for
> every dangerous transaction, but that's too annoying for most customers.
in general, it is "something you have" authentication as opposed to the
common shared-secret "something you know" authentication.
while a window of vulnerability does exist (supposedly something that
prooves you are in possession of "something you have"), it is orders of
magnitude smaller than the shared-secret "something you know"
authentication.
there are two scenarios for shared-secret "something you know"
authentication
1) a single shared-secret used across all security domains ... a
compromise of the shared-secret has a very wide window of vulnerability
plus a potentially very large scope of vulnerability
2) a unique shaerd-secret for each security domain ... which helps limit
the scope of a shared-secret compromise. this potentially worked with
one or two security domains ... but with the proliferation of the
electronic world ... it is possible to have scores of security domains,
resulting in scores of unique shared-secrets. scores of unique
shared-secrets typically results exceeded human memory capacity with the
result that all shared-secrets are recorded someplace; which in turn
becomes a new exploit/vulnerability point.
various financial shared-secret exploits are attactive because with
modest effort it may be possible to harvest tens of thousands of
shared-secrets.
In one-at-a-time, real-time social engineering, may take compareable
effort ... but only yields a single piece of authentication material
with a very narrow time-window and the fraud ROI might be several orders
of magnitude less. It may appear to still be large risk to individuals
... but for a financial institution, it may be relatively small risk to
cover the situation ... compared to criminal being able to compromise
50,000 accounts with compareable effort.
In some presentation there was the comment made that the only thing that
they really needed to do is make it more attactive for the criminals to
attack somebody else.
It would be preferabale to have a "something you have" authentication
resulting in a unique value ... every time the device was used. Then no
amount of social engineering could result in getting the victim to give
up information that results in compromise. However, even with relatively
narrow window of vulnerability ... it still could reduce risk/fraud to
financial institutions by several orders of magnitude (compared to
existing prevalent shared-secret "something you know" authentication
paradigms).
old standby posting about security proportional to risk
http://www.garlic.com/~lynn/2001h.html#61
From mv at cdc.gov Thu Jan 6 06:45:22 2005
From: mv at cdc.gov (Major Variola (ret))
Date: Thu, 06 Jan 2005 06:45:22 -0800
Subject: California Bans a Large-Caliber Gun, and the Battle Is On
Message-ID: <41DD4F02.4E22D74@cdc.gov>
At 09:53 AM 1/4/05 -0500, R.A. Hettinga wrote:
>Terri Carbaugh, a spokeswoman for the governor, said Mr.
Schwarzenegger, a
>Republican, had made his position clear during his campaign.
>
> "It's a military-type weapon," Ms. Carbaugh said of the .50 BMG, "and
he
>believes the gun presents a clear and present danger to the general
public."
Ms C has earned herself a few hundred footpounds, or a few meters of
rope
and tree-rental. The Constitution explicitly protects our right to bear
military (not animal-hunting) arms.
------
An RPG a day keeps the occupiers away.
From mv at cdc.gov Thu Jan 6 07:02:21 2005
From: mv at cdc.gov (Major Variola (ret))
Date: Thu, 06 Jan 2005 07:02:21 -0800
Subject: Technology vs social solutions
Message-ID: <41DD52FD.97C702E2@cdc.gov>
At 12:06 PM 1/4/05 -0500, John Kelsey wrote:
>>From: "Major Variola (ret)"
>>3. Homebrew warning systems will face the same problems as eg pro
>>volcano warning systems: too many false alarms and no one cares.
>
>The best defense would seem to be a population with a lot of TVs and
radios. At least after the first tsunami hit, the news would quickly
spread, and there were several hours between when the waves arrived at
different shores. (And a 9.0 earthquake on the seafloor, or even a 7.0
earthquake on the seafloor, is a rare enough event that it's not crazy
to at least issue a "stay off the beach" kind of warning.)
Actually, people should know this as *background* in the same way that
you know
not to stand in open fields during lightening, play with downed
powerlines, or
walk into tail rotors. I think some places have signs pointing
to higher elevations, with wave-glyphs. I know that FLA has signs like
that for
hurricane storm-surges, and there are tornado signs in the midwest.
The rational explanation, I suppose, is that tsunami are so rare that
the knowledge is not
maintained. (How many 'Merkins would know how to construct a nukebomb
shelter
these days? How many SoCal'ians know how to drive on icy roads?)
Of course, broadcast media are used to tell people the obvious, eg don't
play in
channellized rivers during storms, and the evolution of the species
suffers slightly
but not entirely from the caveats.
From mv at cdc.gov Thu Jan 6 07:12:13 2005
From: mv at cdc.gov (Major Variola (ret))
Date: Thu, 06 Jan 2005 07:12:13 -0800
Subject: sitting ducks
Message-ID: <41DD554C.31B05332@cdc.gov>
At 12:16 PM 1/4/05 -0500, John Kelsey wrote:
>Interesting questions: How hard is it for someone to actually hit an
airplane with a rifle bullet? How often do airplane maintenance people
notice bulletholes?
>
>My understanding is that a single bullethole in a plane is not likely
to do anything serious to its operation--the hole isn't big enough to
depressurize the cabin of a big plane, and unless it hits some critical
bits of the plane, it's not going to cause mechanical problems.
FWIW Recall that a few 'copters have been taken down with AK fire,
though the birds/round
is likely low. And copters are more delicate than a multi-engined fixed
wing.
Hitting the cabin would be pretty effective though. And certain parts
of big planes
are vital, perhaps moreso on fly by wire Airbus planes.
A homemade mortar through the roof of your van (IRA style) onto a
stationary, taxiing plane would be
pretty spectacular, sitting ducks... lots of cameras... easy getaway or
repeat fire..
Of course the BMG crap is all about eroding rights, not reality.
From jrandom at i2p.net Thu Jan 6 08:45:23 2005
From: jrandom at i2p.net (jrandom)
Date: Thu, 6 Jan 2005 08:45:23 -0800
Subject: [i2p] 0.4.2.6 is available
Message-ID:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi y'all, time for a new update
The 0.4.2.6 release has a whole slew of bug fixes, reliability
improvements, and bundles Ragnarok's addressbook as a client
application. The release is backwards compatible and should not
be too disruptive, so upgrade when you get the chance.
As mentioned in the weekly status notes [1], the addressbook
essentially just automates the anonymous fetching and merging of
hosts.txt files from locations of your choosing (defaults being
http://duck.i2p/hosts.txt and http://dev.i2p/i2p/hosts.txt). More
details can be found on Ragnarok's site [2], and the source is in
cvs [3].
If you don't have the addressbook installed already, you have no
additional work to do. However, if you previously installed the
addressbook and manually wired it to run in your router (through
the lines in clients.config and a reference to the .jar file in
wrapper.config), you will need to remove those. Existing
addressbook configuration and data files will be honored if they
are located in the default addressbook/ directory.
[1] http://dev.i2p.net/pipermail/i2p/2005-January/000541.html
[2] http://ragnarok.i2p/
[3] http://dev.i2p.net/cgi-bin/cvsweb.cgi/i2p/apps/addressbook/
Anyway, thats that. The full list of updates in the release can
be found in the usual place [4], and upgrading uses the same process
as before [5].
[4] http://dev.i2p.net/cgi-bin/cvsweb.cgi/i2p/history.txt?rev=HEAD
[5] http://www.i2p.net/download
=jr
jrandom at iggy:~/dev/i2p_0_4_2_6_dist$ openssl sha1 *
SHA1(i2p-0.4.2.6.tar.bz2)= 2e66927bbcff6fbbedcd58d3a3382f20b98e8f79
SHA1(i2p.tar.bz2)= ddb2c45f2c52b266d6794d7e1ae7b4648e697ce7
SHA1(i2pupdate.zip)= 7a4547d391166d0886a3cee502889e568cf77677
SHA1(i2pinstall.jar)= a71dc5c64fb5a990d1893b8ae5dfd48ba2c9a3b6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB3WoCGnFL2th344YRAmK9AJ0TumNsfz1llb2Te8nMNuvSdXShvACg996G
KWe+IxvsPxG2zfVZcTxZTvQ=
=GXbq
-----END PGP SIGNATURE-----
_______________________________________________
i2p mailing list
i2p at i2p.net
http://i2p.dnsalias.net/mailman/listinfo/i2p
----- End forwarded message -----
--
Eugen* Leitl leitl
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
From lindac at dimacs.rutgers.edu Thu Jan 6 08:11:50 2005
From: lindac at dimacs.rutgers.edu (Linda Casals)
Date: Thu, 6 Jan 2005 11:11:50 -0500 (EST)
Subject: DIMACS Workshop on Information Markets, NJ Feb 2-4 2005
Message-ID:
Announcement and Call For Participation
*********************************************************************
DIMACS Workshop on Information Markets
February 2-4, 2005
DIMACS Center, Rutgers University, Piscataway, NJ
http://dimacs.rutgers.edu/Workshops/Markets/
Organizers:
Robin Hanson, George Mason University, rhanson -AA at TT- gmu.edu
John Ledyard, California Institute of Technology, jledyard -AA at TT-
hss.caltech.edu
David Pennock, Yahoo! Research Labs, pennockd -AA at TT- yahoo-inc.com
Presented under the auspices of the Special Focus on Computation and
the Socio-Economic Sciences
*********************************************************************
A market designed for information gathering and forecasting is called
an information market. Information markets can be used to elicit a
collective estimate of the expected value or probability of a random
variable, reflecting information dispersed across a population of
traders. The degree to which market forecasts approach optimality in
practice, or at least surpass other known methods of forecasting, is
remarkable. Supporting evidence can be found in empirical studies of
options markets, commodity futures markets, political stock markets,
sports betting markets, horse racing markets, market games, laboratory
investigations of experimental markets, and field tests. In nearly all
these cases, market prices reveal a reliable forecast about the likely
unfolding of future events, often beating expert opinions or polls.
Despite a growing theoretical and experimental literature, many
questions remain regarding how best to design, deploy, analyze, and
understand information markets, including both technical challenges
and social challenges.
This workshop will include talks on information markets by a number of
distinguished invited speakers. Speakers will cover a range of topics
including mechanism design, experiments, analysis, policy, and
industry experience. Speakers will include representatives from
academia, industry, and government. The workshop will feature research
talks, opinions, reports of industry experience, and discussion of
government policy from the perspective of a number of fields,
including economics, business, finance, computer science,
gambling/gaming, and policy. See the workshop program for more
details: http://dimacs.rutgers.edu/Workshops/Markets/program.html
The workshop will feature a tutorial session on Wednesday afternoon
(Feb. 2, 2005) to help those new to the field get up to speed. The
workshop will include a panel discussion on the Policy Analysis Market
(a.k.a., "Terror Futures") and a "rump" session where anyone who
requests time can have the floor for five minutes to speak on any
relevant topic. To participate in the rump session, please email David
Pennock: pennockd --AA at TT- yahoo-inc.com.
*********************************************************************
Registration Fees:
(Pre-registration deadline: January 26, 2005)
Please see website for additional registration information.
*********************************************************************
Information on participation, registration, accomodations, and travel
can be found at:
http://dimacs.rutgers.edu/Workshops/Markets/
**PLEASE BE SURE TO PRE-REGISTER EARLY**
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
--- end forwarded text
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From js at joergschneider.com Thu Jan 6 02:44:02 2005
From: js at joergschneider.com (Joerg Schneider)
Date: Thu, 06 Jan 2005 11:44:02 +0100
Subject: AOL Help : About =?ISO-8859-1?Q?AOL=AE_PassCode?=
In-Reply-To: <87pt0k6dn1.fsf@deneb.enyo.de>
References:
<41DB001B.2060308@systemics.com> <87pt0k6dn1.fsf@deneb.enyo.de>
Message-ID: <41DD1672.2070207@joergschneider.com>
Florian Weimer wrote:
> I think you can forward the PassCode to AOL once the victim has
> entered it on a phishing site. Tokens ` la SecurID can only help if
Indeed.
> the phishing schemes *require* delayed exploitation of obtained
> credentials, and I don't think we should make this assumption. Online
> MITM attacks are not prevented.
So, PassCode and similar forms of authentication help against the
current crop of phishing attacks, but that is likely to change if
PassCode gets used more widely and/or protects something of interest to
phishers.
Actually I have been waiting for phishing with MITM to appear for some
time (I haven't any yet - if somebody has, I'd be interested to hear
about), because it has some advantages for the attacker:
* he doesn't have to bother to (partially) copy the target web site
* easy to implement - plug an off-the-shelf mod_perl module for reverse
proxy into your apache and add 10 minutes for configuration. You'll find
the passwords in the log file. Add some simple filters to attack PassCode.
* more stealthy, because users see exactly, what they are used to, e.g.
for online banking they see account balance etc. To attack money
transfers protected by PassCode, the attacker could substitute account
and amount and manipulate the server response to show what was entered
by user.
Assuming that MITM phishing will begin to show up and agreeing that
PassCode over SSL is not the solution - what can be done to counter
those attacks?
Mutual authentication + establishment of a secure channel should do the
trick. SSL with client authentication comes to my mind...
From rah at shipwright.com Thu Jan 6 08:47:57 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 6 Jan 2005 11:47:57 -0500
Subject: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
Message-ID:
Ah... Book-entry to the trigger.
The ganglia, as the man said, twitch.
Whole new meaning to digital "rights" management.
Cheers,
RAH
-------
The New York Times
January 6, 2005
WHAT'S NEXT
Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
By ANNE EISENBERG
HE computer circuits that control hand-held music players, cellphones and
organizers may soon be in a new location: inside electronically controlled
guns.
Researchers at the New Jersey Institute of Technology in Newark are
building a handgun designed to fire only when its circuitry and software
recognize the grip of an authorized shooter.
Sensors in the handle measure the pressure the hand exerts as it squeezes
the trigger. Then algorithms check the shooter's grip with stored,
authorized patterns to give the go-ahead.
"We can build a brain inside the gun," said Timothy N. Chang, a professor
of electrical engineering at the New Jersey Institute of Technology who
devised the hardware for the grip-recognition system. "The technology is
becoming so cheap that we can have not just a computer in every home, but a
computer in every gun."
The main function of the system is to distinguish a legitimate shooter
from, for example, a child who comes upon a handgun in a drawer.
Electronics within the gun could one day include Global Positioning System
receivers, accelerometers and other devices that could record the time and
direction of gunfire and help reconstruct events in a crime investigation.
For a decade, researchers at many labs have been working on so-called smart
or personalized handguns designed to prevent accidents. These use
fingerprint scanners to recognize authorized shooters, or require the
shooter to wear a small token on the hand that wirelessly transmits an
unlocking code to the weapon.
At the New Jersey Institute of Technology, Michael L. Recce, an associate
professor in the department of information systems, decided instead to
concentrate on the shooter's characteristic grip. Dr. Recce created the
software that does the pattern recognition for the gun.
Typically, it takes one-tenth of a second to pull a trigger, Dr. Recce
said. While that is a short period, it is long enough for a computer to
match the patterns and process the authorization.
To bring Dr. Recce's recognition software to life, Dr. Chang created
several generations of circuits using off-the-shelf electronic components.
He equipped the grips of real and fake handguns with sensors that could
generate a charge proportional to the pressure put on them.
The pressure on the grip and trigger are read during the beginning of the
trigger pull. The signals are sent to an analog-to-digital converter so
that they can be handled by the digital signal processor. Patterns of
different users can be stored, and the gun programmed to allow one or more
shooters.
At first the group worked mainly with a simulated shooting range designed
for police training. "You can't have guns in a university lab," Dr. Recce
said.
The computer analysis of hand-pressure patterns showed that one person's
grip could be distinguished from another's. "A person grasps a tennis
racket or a pen or golf club in an individual, consistent way," he said.
"That's what we're counting on."
During the past year, the team has moved from simulators to tests with live
ammunition and real semiautomatic handguns fitted with pressure sensors in
the grip. For five months, five officers from the institute's campus police
force have been trying out the weaponry at a Bayonne firing range. "We've
been going once a month since June," said Mark J. Cyr, a sergeant in the
campus police. "I use a regular 9-millimeter Beretta weapon that fires like
any other weapon; it doesn't feel any different."
For now, a computer cord tethers the gun to a laptop that houses the
circuitry and pattern-recognition software. In the next three months,
though, Dr. Chang said, the circuits would move from the laptop into the
magazine of the gun. "All the digital signal processing will be built right
in," he said.
Michael Tocci, a captain in the Bayonne Police Department, recently saw a
demonstration of the technology. One shooter was authorized, Captain Tocci
said. When this person pulled the trigger, a green light flashed. "But when
other officers picked up the gun to fire, the computer flashed red to
register that they weren't authorized," he said.
The system had a 90 percent recognition rate, said Donald H. Sebastian,
senior vice president for research and development at the institute.
"That's better fidelity than we expected with 16 sensors in the grip," Dr.
Sebastian said. "But we'll be adding more sensors, and that rate will
improve."
Dr. Chang said the grip for the wireless system would have 32 pressure
sensors. "Now, in the worst case, the system fails in one out of 10 cases,"
he said. "But we've already seen that with the new sensor array, the
recognition is much higher."
Dr. Sebastian said the team was considering adding palm recognition as a
backup.
To develop a future weapon, the university is working with a ballistics
research and development company, Metal Storm, of Arlington, Va. "We'll
use our recognition system on their weapons platform," Dr. Sebastian said.
The Metal Storm gun has plenty of room for the pattern-recognition
circuitry. Rounds are kept in the gun's barrel, not in a magazine in the
grip. There is a small amount of the gun's own electronic circuitry in the
handle to control the firing, said Arthur Schatz, senior vice president for
operations at the company. "Otherwise it's pretty much empty, allowing the
grip system to be housed within the handle," he said.
Captain Tocci of the Bayonne Police Department said the pattern-recognition
technology was promising, particularly because accidental deaths occur when
guns are not safely stored. "If a child picks up a gun that is not secured,
this way it can't be fired," he said. Guns taken from a home during a
robbery would be rendered useless, too.
"The premise the gun is based on has credibility," he said. When people see
a live demonstration of the pattern-recognition system working, he said,
"you think, yes, this is possible."
E-mail: Eisenberg at nytimes.com
Copyrigh
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From bill.stewart at pobox.com Thu Jan 6 11:53:06 2005
From: bill.stewart at pobox.com (Bill Stewart)
Date: Thu, 06 Jan 2005 11:53:06 -0800
Subject: Spaf's mailing list on information assurance/security,
cybercrime
Message-ID: <6.0.3.0.0.20050106115204.03b4ea70@pop.idiom.com>
------ Forwarded Message
From: Gene Spafford
Date: Wed, 05 Jan 2005 15:06:18 -0500
To:
Subject: mailing list announcement for IP
I have created the mailing list "ias-opportunities at cerias.purdue.edu"
for distributing announcements of funding opportunities, conference
and journal calls, and similar solicitations specifically about
issues of information assurance, information security, and
cybercrime-related issues. This is not limited to academics -- these
announcements should be of interest as well to people in government
and industry.
Members of the list can send announcements such as the above to the
list. Non-members can send announcements to
"ias-opportunities-submit at cerias.purdue.edu" for posting.
If you are interested in subscribing to the list, send email to
"ias-opportunities-request at cerias.purdue.edu" with the message
subscribe
If you want to subscribe an address other than the one from which you
send the email, use the message
subscribe
This list is for announcements only -- not discussions, and should be
low-volume.
A WWW-archive of posts is available at
.
Cheers,
--spaf
------ End of Forwarded Message
From eugen at leitl.org Thu Jan 6 03:03:56 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 6 Jan 2005 12:03:56 +0100
Subject: Banks Test ID Device for Online Security
In-Reply-To: <41DC2724.809@opencs.com.br>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776BE6@rsana-ex-hq1.NA.RSA.NET>
<20050105032142.7E8D4F2CB@red.metdow.com> <41DC2724.809@opencs.com.br>
Message-ID: <20050106110356.GN9221@leitl.org>
On Wed, Jan 05, 2005 at 02:43:00PM -0300, Mads Rasmussen wrote:
> Here in Brazil it's common to ask for a new pin for every transaction
Ditto in Germany, when PIN/TAN method is used. There's also HBCI-based
banking, which
either uses keys living in filesystems, or smartcards -- this one doesn't
need TANs.
Gnucash and aqmoney/aqmoney2 can do HBCI, even with some smartcards.
--
Eugen* Leitl leitl
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
From camera_lumina at hotmail.com Thu Jan 6 09:06:40 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Thu, 06 Jan 2005 12:06:40 -0500
Subject: California Bans a Large-Caliber Gun, and the Battle Is On
In-Reply-To: <41DD4F02.4E22D74@cdc.gov>
Message-ID:
Well, I used to be pro gun-control prior to the Patriot Act. Guess the
Patriot Act made me something of a Patriot.
And come to think of it, "Bowling for Columbine" has the accidental affect
of making it clear that Guns themselves are not the problem in the US.
-TD
>From: "Major Variola (ret)"
>To: "cypherpunks at al-qaeda.net"
>Subject: Re: California Bans a Large-Caliber Gun, and the Battle Is On
>Date: Thu, 06 Jan 2005 06:45:22 -0800
>
>At 09:53 AM 1/4/05 -0500, R.A. Hettinga wrote:
> >Terri Carbaugh, a spokeswoman for the governor, said Mr.
>Schwarzenegger, a
> >Republican, had made his position clear during his campaign.
> >
> > "It's a military-type weapon," Ms. Carbaugh said of the .50 BMG, "and
>he
> >believes the gun presents a clear and present danger to the general
>public."
>
>Ms C has earned herself a few hundred footpounds, or a few meters of
>rope
>and tree-rental. The Constitution explicitly protects our right to bear
>
>military (not animal-hunting) arms.
>
>------
>An RPG a day keeps the occupiers away.
From roy at rant-central.com Thu Jan 6 09:30:04 2005
From: roy at rant-central.com (Roy M. Silvernail)
Date: Thu, 06 Jan 2005 12:30:04 -0500
Subject: California Bans a Large-Caliber Gun, and the Battle Is On
In-Reply-To:
References:
Message-ID: <41DD759C.6070301@rant-central.com>
Tyler Durden wrote:
> And come to think of it, "Bowling for Columbine" has the accidental
> affect of making it clear that Guns themselves are not the problem in
> the US.
What leads you to believe that was accidental?
--
Roy M. Silvernail is roy at rant-central.com, and you're not
"It's just this little chromium switch, here." - TFT
SpamAssassin->procmail->/dev/null->bliss
http://www.rant-central.com
From iang at systemics.com Thu Jan 6 05:10:31 2005
From: iang at systemics.com (Ian G)
Date: Thu, 06 Jan 2005 13:10:31 +0000
Subject: AOL Help : About =?ISO-8859-1?Q?AOL=AE_PassCode?=
In-Reply-To: <41DD1672.2070207@joergschneider.com>
References:
<41DB001B.2060308@systemics.com> <87pt0k6dn1.fsf@deneb.enyo.de>
<41DD1672.2070207@joergschneider.com>
Message-ID: <41DD38C7.7070505@systemics.com>
Joerg Schneider wrote:
> So, PassCode and similar forms of authentication help against the
> current crop of phishing attacks, but that is likely to change if
> PassCode gets used more widely and/or protects something of interest
> to phishers.
>
> Actually I have been waiting for phishing with MITM to appear for some
> time (I haven't any yet ...
By this you mean a dynamic, immediate MITM where
the attacker proxies through to the website in real
time?
Just as a point of terms clarification, I would say that
if the attacker collects all the information by using
a copy of the site, and then logs in later at leisure
to the real site, that's an MITM.
(If he were to use that information elsewhere, so for
example creating a new credit arrangement at another
bank, then that technically wouldn't be an MITM.)
Perhaps we need a name for this: real time MITM
versus delayed time MITM? Batch time MITM?
> Assuming that MITM phishing will begin to show up and agreeing that
> PassCode over SSL is not the solution - what can be done to counter
> those attacks?
The user+client has to authenticate the server. Everything
that I've seen over the last two years seems to fall into
that one bucket.
> Mutual authentication + establishment of a secure channel should do
> the trick. SSL with client authentication comes to my mind...
Maybe. But that only addresses the MITM, not the
theft of user information.
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
From ptrei at rsasecurity.com Thu Jan 6 11:20:53 2005
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Thu, 6 Jan 2005 14:20:53 -0500
Subject: sitting ducks
Message-ID: <017630AA6DF2DF4EBC1DD4454F8EE29704776BF3@rsana-ex-hq1.NA.RSA.NET>
Major Variola (ret) wrote:
>
> At 12:16 PM 1/4/05 -0500, John Kelsey wrote:
> >Interesting questions: How hard is it for someone to actually
> hit an airplane with a rifle bullet? How often do airplane
> maintenance people notice bulletholes?
> >
> >My understanding is that a single bullethole in a plane
> is not likely to do anything serious to its operation--the
> hole isn't big enough to depressurize the cabin of a big
> plane, and unless it hits some critical bits of the plane,
> it's not going to cause mechanical problems.
> FWIW Recall that a few 'copters have been taken down with
> AK fire, though the birds/round is likely low. And copters
> are more delicate than a multi-engined fixed wing.
It appears that the Iraqi resistance fighters figured out that
of several of them simultaneously fire full-auto AK's in front
of a chopper flying overhead, sometimes they'll get lucky. Of
course, these are low, slow targets.
We're discussing a terrorist trying to take out a commercial
jet with a 50 BMG, right? Even at takeoff, a passenger
jet is moving at 150-200 mph, a *lot* faster than a clay
pigeon, or the choppers the Iraqis hit.
> Hitting the cabin would be pretty effective though. And
> certain parts of big planes are vital, perhaps moreso
> on fly by wire Airbus planes.
I understand that there is redundancy in the critical
components. Hitting the pilot AND copilot at takeoff
would probably be effective, but you've got one (1)
shot before its out of range, and its moving fast.
A tracer into a fuel tank may also be effective.
> A homemade mortar through the roof of your van
> (IRA style) onto a stationary, taxiing plane
> would be pretty spectacular, sitting ducks...
> lots of cameras... easy getaway or
> repeat fire..
But that's not the 50 BMG scenario. The most effective
way to use the 50 BMG would probably be to hit an
engine intake rotor while the jet is still on the
ground, starting its takeoff roll. This probably
won't kill anyone, but would have a big economic
impact as people decided not to fly.
...but that's still a damn difficult shot. The
target is moving, the bullet has non-trivial
flight time (well over a second at long range).
Getting a first shot hit is highly improbable.
All in all, the 50 BMG vs jet scenario is just
plain bogus.
> Of course the BMG crap is all about eroding
> rights, not reality.
I honestly don't think that many politicians
wake up in the morning and think to themselves
'What rights can I erode today?'. I think it's
more 'what can I do that will make me *look*
good?' . It doesn't matter if their action is
actually effective, it matters that it makes
them appear to be 'doing something' and makes
for a good 5 second sound bite.
50 BMG rifles are used, very rarely, for
hunting. For an example, see:
http://www.fcsa.org/articles/1994-1/elk_hunt.html
More people are into very long
range (1000 yard and up) target shooting.
Those are the only 'legitimate' civilian
reasons to use a 50 BMG. It's like owning a
McLaren F1 - you can't use it much, but its
very, very, cool.
As a result, it's difficult for most people
to come up with a justification to own
one beyond 'because it's very, very cool'.
[I'm deliberately leaving aside the 2A
rights issue (which in a better world would
be then end of the argument) since it
doesn't seem to get much traction with
most politicians or sheeple any more].
50BMG rifles look very, very, tactical.
I've never seen one with a walnut stock.
They are the canonical 'scary looking gun'.
So, the politician sees a type of gun:
* Which theoreticly could be used to do Very
Bad Things.
* Owned by a group of people too
small to be significant voting block.
* For which its difficult to come up with
a practical use.
* Which looks very photogenicly scary.
...and he or she thinks 'Wow, a lot of
people will feel safer it I ban these,
and I can make them think I'm protecting
them. Also, getting on TV with one of
these is a great visual.'
Actual reality doesnt enter it.
Peter Trei
From rsw at jfet.org Thu Jan 6 13:16:57 2005
From: rsw at jfet.org (Riad S. Wahby)
Date: Thu, 6 Jan 2005 15:16:57 -0600
Subject: California Bans a Large-Caliber Gun, and the Battle Is On
In-Reply-To: <41DD759C.6070301@rant-central.com>
References: <41DD759C.6070301@rant-central.com>
Message-ID: <20050106211657.GA18325@positron.jfet.org>
"Roy M. Silvernail" wrote:
> What leads you to believe that was accidental?
Most likely the fact that Michael Moore is pro-gun control. It shows a
certain level of cognitive dissonance to say "guns aren't the problem!
Ban guns!"
Of course, in Michael Moore's case, that level of dissonance was long
ago demonstrated (and surpassed).
--
Riad S. Wahby
rsw at jfet.org
From meltsner at gmail.com Thu Jan 6 14:32:36 2005
From: meltsner at gmail.com (Ken Meltsner)
Date: Thu, 6 Jan 2005 16:32:36 -0600
Subject: [FoRK] Hamachi "mediated" peer-to-peer sounds interesting
Message-ID:
Basically, a way to get around NAT and other router issues for a
peer-to-peer system, mostly seamlessly integrated as a special network
driver. Systems connect to a back end server which relays traffic
between peers on named private networks. Sort of P2P meets VPN -- if
they added HTTPS tunneling, it would run through nearly any corporate
firewall/proxy server.
No magic, as far as I can tell, but apparently a decent piece of work.
I like the named private network capability in principle.
Ken Meltsner
Excerpt from http://www.hamachi.cc/security showing a sound approach
(I think) to security, including public key exchange:
The Framework
A Hamachi system is comprised of backend servers and end-node peer
clients. Server nodes track client's locations and provide mediation
services required for establishing direct peer-to-peer tunnels between
client nodes.
When the client is activated, it establishes TCP connection to one of
the mediation servers and starts speaking Hamachi protocol to log
itself in and synchronize with other clients.
The rest of the document deals with security provisions of this
protocol, which ensure both privacy and authentication of
client-server and client-client communications.
Client Identity
A Hamachi client is identified by its Hamachi network addresses. The
address is assigned the first time the client connects to the
mediation servers and it stays the same for as long as client's
account exists in the system.
The client also generates an RSA key pair, which is used for
authentication purposes during login sequence. The public key is
passed to the server once - during the first connection when creating
new account.
To perform regular login, the client submits its identity and uses
private key to sign server's challange as described below. The server
verifies the signature and this authenticates the client.
Server Identity
Each Hamachi server owns an RSA keypair. The public key is distributed
with client's installation package and thus it is known to the client
prior to the first contact.
When the client connects to the server, it announces which identity he
expects the server to have. If the server has requested identity, the
login sequence commences. In the last message of this sequence the
server sends a signature of client's data and this confirms server's
identity to the client.
Message Security
The first thing that happens after the client connects to the server
is a key exchange. This exchange produces keying material used for
encrypting and authenticating all other protocol messages.
Messages are encrypted with symmetric cipher algorithm and
authenticated with MAC. Every message is also uniquely numbered to
prevent replay attacks.
Crypto Suite
Crypto suite specifies exact algorithms and their parameters used for
performing key exchange, key derivation and message encryption.
Default crypto suite is defined as follows -
DH group - 2048-bit MODP group from RFC 3526
Message encryption - AES-256-CBC using ESP-style padding
Message authentication - 96-bit version of HMAC-SHA1
Protocol Details
HELO
Client connects to the server and sends HELO message:
HELO CryptoSuite ServerKfp Ni Gi
CryptoSuite is 1 for default crypto suite, ServerKfp is OpenSSH-style
fingerprint of expected server public key, Ni and Gi are client's
1024-bit nonce and public DH exponent.
If the server has a public key that matches ServerKfp, it replies with:
HELO OK Nr Gr
where Nr and Gr are server's nonce and public DH exponent.
KEYMAT
At this point both server and client can compute shared DH secret and
generate keying material as follows -
KEYMAT = T1 | T2 | T3 | ...
T1 = prf (K, Ni | Nr | 0x01)
T2 = prf (K, T1 | Ni | Nr | 0x02)
T3 = prf (K, T2 | Ni | Nr | 0x03)
...
where K is a shared DH secret, and prf is HMAC-SHA1.
All subsequent protocol messages are encrypted with the Ke key and
authenticated using the Ka key. Ke and Ka are taken from KEYMAT. In
case of default crypto suite Ke uses first 256 bits of KEYMAT, and Ka
- next 160 bits.
Message Protection
Prior to encrypting protocol message the sender pads it to the size of
cipher block (16 bytes with default crypto suite) using ESP padding.
The message is then encrypted and prepended with a message ID, which
is a monotonically increasing 32 bit number. As the last step HMAC is
generated over the whole message (ID and encrypted data), appended at
the end and the message is sent out.
Above message protection scheme is consistent with those employed by
TLS, IKE/IPsec.
AUTH
The client logs into the system by sending AUTH message:
AUTH Identity Signature(Ni | Nr | Gi | Gr, Kp_cli)
where Identity is client's 32-bit Hamachi address and Signature is a
concatenation of nonces and public DH exponents encrypted with
client's private key.
The server uses Id to locate client's account, obtains its public key
and verifies the signature. If the signature is correct, the server
replies with:
AUTH OK Signature(Nr | Ni | Gr | Gi, Kp_srv)
where Signature is created using server's private key that matches
ServerKfp from HELO message.
Peer to peer traffic
When two Hamachi clients start talking to each other, they employ the
same message protection as when talking to the server.
Currently clients do not perform the key exchange of their own, they
use keying material provided by the server instead. This keying
mechanism is used on temporary basis and will only be available during
beta testing.
The production release will have clients obtaining KEYMAT through
their own key exchange using each other's RSA keys for authentication.
_______________________________________________
FoRK mailing list
http://xent.com/mailman/listinfo/fork
----- End forwarded message -----
--
Eugen* Leitl leitl
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
From rah at shipwright.com Thu Jan 6 16:55:53 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 6 Jan 2005 19:55:53 -0500
Subject: DIMACS Workshop on Information Markets, NJ Feb 2-4 2005
Message-ID:
--- begin forwarded text
From rah at shipwright.com Thu Jan 6 18:07:55 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 6 Jan 2005 21:07:55 -0500
Subject: Clean Money, Dirty Conscience: Are some Americans guilty of
banking while Muslim?
Message-ID:
Reason magazine
December 28, 2004
Clean Money, Dirty Conscience
Are some Americans guilty of banking while Muslim?
Jeff Taylor
The headline grabbing quirkiness of Yasser Arafat's investment in the
American bowling industry demonstrates that true global connectedness
remains a scary thing. Such financial scorekeeping-whose money, what money,
where-is a pointless exercise in an age when funds can circle the Earth in
a second and mutate several times along the trip.
The clean money, dirty money, blood money obsession would be quaint were
it not for the tremendous burden the pursuit of money laundering places on
innocent people just trying to enjoy the immense benefits of a modern
financial system. The PATRIOT Act's veil of secrecy is beginning to bite in
this regard without any evidence that the United States is made safer in
the bargain.
Some Middle Eastern-surnamed individuals in the U.S. now report an
unwillingness on the part of some banks to do business with them based on
government money laundering/anti-terror regulations. In fact, while other
parts of the PATRIOT Act initially drew fire, Section 314 glided by,
largely overlooked by everyone except the bankers. As it turns out,
Section 314 is a ticking time-bomb for anyone a buttoned-down banker might
consider suspicious.
This section requires banks and other federal regulated financial
institutions to comply with government requests for information on
customers. As with other parts of PATRIOT, Section 314 built upon other
long-standing federal bank regs, allowing PATRIOT boosters to use their
tired Officer Barbrady "this is nothing out of the unusual" defense of the
provision.
But Section 314 anticipated and sanctioned a much larger number of
information requests in a much shorter period of time, increasing the cost
of compliance to banks. Indeed, the initial crush of information requests
from the government in September 2002 was so great that the banks won a
temporary suspension of the requests. Banks thought they had a much firmer
grasp of what to do with Section 314 requests when they resumed in
February 2003.
However, the catch remained that banks are supposed to comply with Section
314 requests quickly and accurately, divulging no information to anyone
about them, and then promptly forget all about the requests. In particular,
if an information request for a Joe Terror comes in, and Podunk Bank has no
records of a Joe Terror as a customer, the law directs Podunk Bank to do
nothing.
This practice does avoid flooding the reporting system with replies that
say, "yes, we have no Joe Terror," but leaves Podunk Bank with the queasy
feeling that it responded to federal regulators by doing nothing. This is
not in the nature of bankers. If the feds dropped in, particularly a suit
from the criminal section of the Treasury Department, and suggested a
change in the color of the balloons in the lobby, there would not be a
whole lot of discussion as to why. Banks comply; that is why they are banks.
So rather than risk the wrath of regulators, banks very quickly hit upon
the idea of keeping names submitted on Section 314 requests on their
do-not-do-business-with lists. All banks have them and the lists are
perfectly legal. After all, some customers-bad credit risks, chronic check
bouncers-may just be more trouble than they are worth. Putting
314-requested names on the list would at least create a paper trail should
the feds someday request one and remove a troublesome class of customer
from bank rolls to boot.
This brings us to the question of the day: Has Section 314 made all
Muslim-surnamed customers, or even more broadly, those of Middle Eastern
descent in general, more trouble than they are worth to American banks?
The American Civil Liberties Union says it has dozens of complaints
involving financial institutions denying services to Muslims. A recent case
involves a Mississippi man who was suddenly told by his bank that his
account had been closed. No explanation was given for the action.
Interestingly, however, the bank, AmSouth, recently was fined $40 million
by the Treasury for failure to comply with reporting regulations involving
money laundering.
It is certainly true that the more Middle Eastern names a bank has on
record, the more likely it is to be forced to complete Section 314
information requests. The more requests you get, the more likely you are to
screw one up and get walloped with a fine. Why not lighten that load and
reduce that risk by cutting back on "trigger" names? The logic is
undeniable.
The banks, of course, would never admit to such a practice, and regulators
point to official directions not to use Section 314 requests as a guidepost
to a customer's desirability as a client. But this language simply ignores
reality, and the reality is that the law has set up a powerful incentive to
keep Muslims outside the mainstream financial services sector.
Maybe that outcome does not trouble the 44 percent of Americans who say
in a poll that they favor restrictions on the civil liberties of Muslims in
the U.S. However, it guarantees that some law-abiding Muslims will face
frustrating hurdles to living their lives as everyday Americans. And that
is troubling to anyone who values freedom and real, lasting security.
Jeff Taylor writes the weekly Reason Express.
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From eugen at leitl.org Thu Jan 6 13:13:58 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 6 Jan 2005 22:13:58 +0100
Subject: [i2p] 0.4.2.6 is available (fwd from jrandom@i2p.net)
Message-ID: <20050106211358.GZ9221@leitl.org>
----- Forwarded message from jrandom -----
From isn at c4i.org Fri Jan 7 04:41:49 2005
From: isn at c4i.org (InfoSec News)
Date: Fri, 7 Jan 2005 06:41:49 -0600 (CST)
Subject: [ISN] SSL VPNs Will Grow 54% A Year,
Become Defacto Access Standard: Report
Message-ID:
http://www.informationweek.com/story/showArticle.jhtml;jsessionid=NIOHIDQYVVDQSQSNDBESKHA?articleID=56900844
By Matthew Friedman
Networking Pipeline
Jan. 5, 2005
Spending on Secure Sockets Layer Virtual Private Networks (SSL VPN)
will grow at a 53% compound annual growth rate, and SSL VPNs will
surpass traditional IPsec VPNs as the de-facto remote access security
standard by 2008, according to a new report from Forrester Research.
In "SSL VPNs Poised for Significant Growth," Forrester associate
analyst Robert Whiteley says companies are attracted by the
technology's application-level simplicity. Unlike IPsec VPNs, which
require special client software to access the network, SSL VPN
supports a wide range of devices, from desktop computers to PDAs, and
applications, while offering network administrators greater
granularity of user information and providing better endpoint
security.
According to the report, some 44% of American businesses have deployed
SSL VPNs, spending $97 million on the technology last year alone.
Despite the impressive adoption rate for a technology that has been in
the business mainstream for less than a year, Forrester expects SSL
VPN deployments to continue to take off, with the market growing at a
53% compound annual growth rate to $1.2 billion in 2004.
SSL VPNs are already well-entrenched in the financial and business
services industries and in the public sector. Driven by the need to
ensure endpoint security for online services, the financial services
industry can boast a 56% penetration rate, with business services just
behind at 51%. In both cases, Whiteley predicts a compound annual
growth of 34% to 2010 which, though impressive, pales beside the
expected SSL VPN growth in late-adopting industries.
Indeed, Whiteley writes that retail and manufacturing are poised to
leap into SSL VPN with gusto over the next few years. "Retail and
wholesale allocates 7.8% of its IT spend to security � more than even
financial services," he notes. "This vertical shows the most SSL VPN
potential because of its eye toward security, relatively little
penetration to date, and the need for large, distributed deployments �
resulting in 82% annual market growth through 2010."
Though only 29% of manufacturers are currently invested in SSL VPNs,
Whitely expects that to change dramatically through 2010, predicting a
phenomenal 94% compound annual growth rate. IPSec was a poor fit for
this vertical's needs, Whiteley observes, but the application-layer
flexibility of SSL VPNs should spur rapid adoption. "Manufacturing
companies typically don't provide employees with corporate-managed
laptops," he writes. "Thus, SSL VPNs allows a 'bring-your-own
computer' model where manufacturing companies still control security
and user policy but don't have to incur the cost of unnecessary IT
infrastructure."
_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable -
http://www.osvdb.org/
--- end forwarded text
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From rah at shipwright.com Fri Jan 7 07:14:46 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 7 Jan 2005 10:14:46 -0500
Subject: [ISN] SSL VPNs Will Grow 54% A Year, Become Defacto Access
Standard: Report
Message-ID:
--- begin forwarded text
From eugen at leitl.org Fri Jan 7 01:17:48 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 7 Jan 2005 10:17:48 +0100
Subject: [FoRK] Hamachi "mediated" peer-to-peer sounds interesting (fwd
from meltsner@gmail.com)
Message-ID: <20050107091748.GI9221@leitl.org>
----- Forwarded message from Ken Meltsner -----
From rah at shipwright.com Fri Jan 7 08:49:10 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 7 Jan 2005 11:49:10 -0500
Subject: [fc-announce] FC05 registration to open next week
Message-ID:
--- begin forwarded text
User-Agent: Microsoft-Entourage/11.1.0.040913
From: "Stuart E. Schechter"
To:
Subject: [fc-announce] FC05 registration to open next week
Sender: fc-announce-admin at ifca.ai
Date: Fri, 07 Jan 2005 11:00:54 -0500
Registration for Financial Cryptography and Data Security 2005 will open
early next week. My apologies for the delays and thanks for your patience.
In the meantime, please do make sure that you've made all your other
travel arrangements (flight/hotel/car rental). For more information, see
http://fc05.ifca.ai/travel.html
Please don't hesitate to get in touch if there's any further information
that I can provide you.
Best regards
Stuart Schechter
General Chair
Financial Cryptography and Data Security 2005
_______________________________________________
fc-announce mailing list
fc-announce at ifca.ai
http://mail.ifca.ai/mailman/listinfo/fc-announce
--- end forwarded text
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From rah at shipwright.com Fri Jan 7 10:44:32 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 7 Jan 2005 13:44:32 -0500
Subject: [osint] All Charges Are Dismissed in Spy Case Tied to FBI
Message-ID:
A little spy-porn...
Cheers,
RAH
--- begin forwarded text
To: "Bruce Tefft"
Thread-Index: AcT0t++lIBQbqlCJT0mOlbNcWsJnqgACh7RA
From: "Bruce Tefft"
Mailing-List: list osint at yahoogroups.com; contact osint-owner at yahoogroups.com
Delivered-To: mailing list osint at yahoogroups.com
Date: Fri, 7 Jan 2005 09:06:41 -0500
Subject: [osint] All Charges Are Dismissed in Spy Case Tied to FBI
Reply-To: osint at yahoogroups.com
All Charges Are Dismissed in Spy Case Tied to FBI
By JOHN M. BRODER and NICK MADIGAN
New York Times
January 07, 2005
LLOS ANGELES, Jan. 6 - A federal judge on Thursday dismissed all charges
against a Chinese-American woman accused of using a long-running sexual
relationship with a senior F.B.I. agent here to obtain national security
documents.
The woman, Katrina Leung, a wealthy socialite from San Marino, a suburb of
Los Angeles, had faced five criminal counts of unauthorized possession and
copying of classified materials. The prosecutors said she removed the files
from the briefcase of James J. Smith, a senior F.B.I. agent with whom Ms.
Leung had an affair for 20 years.
The prosecutors said they stopped short of charging her with espionage
because they could not prove that she had passed the documents to China.
But on Thursday, Judge Florence-Marie Cooper of Federal District Court
dismissed the charges because of what she called prosecutorial misconduct.
Judge Cooper agreed with Ms. Leung's lawyers that a plea agreement that
prosecutors reached with Mr. Smith last spring unfairly prevented Ms.
Leung's lawyers from having access to Mr. Smith, a critical witness.
Mr. Smith pleaded guilty to lying to his superiors about the affair. Four
other felony charges were dropped, letting him avoid prison time. In
exchange, he promised to cooperate in prosecuting Ms. Leung. But the terms
of the deal barred contact with the defense team.
She had faced 14 years in prison if convicted.
The couple were arrested in April 2003, a time of heightened sensitivity
about security because of the Sept. 11, 2001, attacks and years of
accusations, some unproven, of Chinese espionage in the United States.
"Katrina Leung's nightmare is over," the defense lawyers, Janet I. Levine
and John D. Vandevelde, said in a statement. "Today, United States District
Judge Florence-Marie Cooper granted our motion to dismiss all charges
against Katrina because the prosecutors engaged in misconduct, gagging the
chief witness against her and then trying to cover it up. You can't do that
in America."
The United States attorney in the case, Debra W. Yang, said she disagreed
with the decision and was considering an appeal. Ms. Yang denied any
misconduct on the part of her office and said the accord with Mr. Smith did
not prohibit him from talking to Ms. Leung or her lawyers.
"I stand behind the work of the prosecutors of this case, and I know that
they have conducted themselves ethically," she said.
Mr. Smith recruited Ms. Leung as an informer in the early 80's. For 20
years, she was paid $1.7 million to provide information on China. For almost
all that time, she and Mr. Smith had an affair.
The authorities had at first said Mr. Smith had let her gain access to
secret material that she passed to the Chinese. Justice Department officials
said they believed that Ms. Leung was a double agent when the F.B.I. was
paying her.
The initial grand jury indictment against Ms. Leung charged her with
stealing sensitive national security documents from her lover, but stopped
short of charging that she actually engaged in espionage by passing secrets
to China. The authorities said that although they believed they had ample
evidence that Ms. Leung had unauthorized access to security material, it
would be harder for them to track contacts in China. The difficulty of
introducing classified evidence in open court could also complicate the
case, officials acknowledged.
Judge Cooper admonished the government not only for denying Ms. Leung access
to Mr. Smith, but also for trying to conceal the terms of the deal.
"In this case," the judge wrote, "the government decided to make sure that
Leung and her lawyers would not have access to Smith. When confronted with
what they had done, they engaged in a pattern of stone-walling entirely
unbecoming to a prosecuting agency."
Ms. Leung was a prominent businesswoman and political fund-raiser among
Chinese-Americans in Southern California. The authorities said they believed
that Ms. Leung would "surreptitiously" take secret documents from Mr.
Smith's briefcase on his many visits to her.
She was indicted a day after Mr. Smith was indicted on six counts of wire
fraud and gross negligence for what the authorities said was letting Ms.
Leung take the papers and for lying to his supervisor about their affair and
her reliability.
[Non-text portions of this message have been removed]
------------------------ Yahoo! Groups Sponsor --------------------~-->
Give underprivileged students the materials they need to learn.
Bring education to life by funding a specific classroom project.
http://us.click.yahoo.com/FHLuJD/_WnJAA/cUmLAA/TySplB/TM
--------------------------------------------------------------------~->
--------------------------
Want to discuss this topic? Head on over to our discussion list,
discuss-osint at yahoogroups.com.
--------------------------
Brooks Isoldi, editor
bisoldi at intellnet.org
http://www.intellnet.org
Post message: osint at yahoogroups.com
Subscribe: osint-subscribe at yahoogroups.com
Unsubscribe: osint-unsubscribe at yahoogroups.com
*** FAIR USE NOTICE. This message contains copyrighted material whose use
has not been specifically authorized by the copyright owner. OSINT, as a
part of The Intelligence Network, is making it available without profit to
OSINT YahooGroups members who have expressed a prior interest in receiving
the included information in their efforts to advance the understanding of
intelligence and law enforcement organizations, their activities, methods,
techniques, human rights, civil liberties, social justice and other
intelligence related issues, for non-profit research and educational
purposes only. We believe that this constitutes a 'fair use' of the
copyrighted material as provided for in section 107 of the U.S. Copyright
Law. If you wish to use this copyrighted material for purposes of your own
that go beyond 'fair use,' you must obtain permission from the copyright
owner.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/osint/
<*> To unsubscribe from this group, send an email to:
osint-unsubscribe at yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
--- end forwarded text
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From rah at shipwright.com Fri Jan 7 11:36:09 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 7 Jan 2005 14:36:09 -0500
Subject: Atom demo fixes quantum errors
Message-ID:
Always On
Atom demo fixes quantum errors
TRN
NewsTeam | TRN [] | POSTED: 01.07.05 @09:47
Although quantum computers promise fantastic speed for certain types of
very large problems, the logical components of quantum computers -- quantum
bits -- are quite fragile, which makes for a large number of errors that
must be corrected.
Researchers from the National Institute of Standards and Technology have
demonstrated a way to correct errors in qubits of beryllium ions held in an
electromagnetic trap. The ions represent a 1 or 0 of computer information
in their spin, which can be pictured as the counterclockwise or clockwise
spin of a top.
One way to carry out quantum computing is to take advantage of a weird
trait of quantum particles -- they can become entangled, or linked, so that
properties like spin remain in lockstep.
The researchers' prototype uses lasers to control the qubits' states and
electrodes to move them together, which allows them to be entangled. The
researchers set a primary qubit to a particular state and entangled it with
two other qubits. They deliberately induced an error and then disentangled
the qubits by separating them.
They measured the other two qubits to determine how the primary qubit
needed to be corrected.
Quantum error correction schemes have been well explored theoretically,
but the researchers' experiment was the first demonstration of a repeatable
error-correction procedure and the first using trapped ions, which are a
promising candidate for practical quantum computers.
Practical quantum computing is a decade or more away. The method could be
used in quantum communications applications like quantum cryptography
within a few years, according to the researchers. The work appeared in the
December 2, 2004 issue of Nature.
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From adam at cypherspace.org Fri Jan 7 12:34:32 2005
From: adam at cypherspace.org (Adam Back)
Date: Fri, 7 Jan 2005 15:34:32 -0500
Subject: Hamachi "mediated" peer-to-peer sounds interesting (fwd
from meltsner@gmail.com)
In-Reply-To: <20050107091748.GI9221@leitl.org>
References: <20050107091748.GI9221@leitl.org>
Message-ID: <20050107203432.GA14959@bitchcake.off.net>
Ken Meltsner wrote:
> Basically, a way to get around NAT and other router issues for a
> peer-to-peer system, mostly seamlessly integrated as a special network
> driver. Systems connect to a back end server which relays traffic
> between peers on named private networks. Sort of P2P meets VPN -- if
> they added HTTPS tunneling, it would run through nearly any corporate
> firewall/proxy server.
Well if they really relayed traffic between peers on their back end
server their pipe would be saturated. (Think kazaa or bit-torrent
over hamachi).
I hope they actually use the server just for mediation, and send the
traffic direct between peers.
Unfortunately the documentation is rather light so it's difficult to
tell what it does in this regard.
I've cc'd Alex Pankratov who is the author (I presume).
However maybe this beta version is not complete in that regard. Some
other things such as the server mediated key exchange are obviously
not shipable grade (server knows all symmetric keys!)
Adam
From ap at hamachi.cc Fri Jan 7 20:00:49 2005
From: ap at hamachi.cc (Alex Pankratov)
Date: Fri, 07 Jan 2005 20:00:49 -0800
Subject: Hamachi "mediated" peer-to-peer sounds interesting (fwd
from meltsner@gmail.com)
In-Reply-To: <20050107203432.GA14959@bitchcake.off.net>
References: <20050107091748.GI9221@leitl.org>
<20050107203432.GA14959@bitchcake.off.net>
Message-ID: <41DF5AF1.6050806@hamachi.cc>
Hi guys,
I look at the thread and I'd like to comment on this -
>I wonder why they didn't use IPSec.
I know IPsec/IKE reasonably well, and I just don't like IKE.
It's too generic, it's under-specified and it fairly big pain
in the ass to implement (I wrote libike a couple of years ago).
Except from being extensively peer-reviewed, the main benefit
of using IKE is a (supposed) interoperability with various vendors.
Since H doesn't need that I decided to go with a custom protocol,
which is nevertheless closely modeled after JFK and ESP.
Adam Back wrote:
> Ken Meltsner wrote:
>
>>Basically, a way to get around NAT and other router issues for a
>>peer-to-peer system, mostly seamlessly integrated as a special network
>>driver. Systems connect to a back end server which relays traffic
>>between peers on named private networks. Sort of P2P meets VPN -- if
>>they added HTTPS tunneling, it would run through nearly any corporate
>>firewall/proxy server.
>
>
> Well if they really relayed traffic between peers on their back end
> server their pipe would be saturated. (Think kazaa or bit-torrent
> over hamachi).
Apparently there's a demand for this kind of service. I'm getting
at least couple of questions a day regarding proxy/socks support.
I very much doubt though that anyone in near future will be offering
a _free_ service of this kind.
>
> I hope they actually use the server just for mediation, and send the
> traffic direct between peers.
Yes, that's exactly what we do. Server provides three core services -
* peer location
* tunnel mediation
* network management (ie peer grouping and group-level access control)
>
> Unfortunately the documentation is rather light so it's difficult to
> tell what it does in this regard.
I'm severely lacking time for updating the website. I do try to answer
all technical questions via email though.
>
> I've cc'd Alex Pankratov who is the author (I presume).
The presumption is correct.
> However maybe this beta version is not complete in that regard. Some
> other things such as the server mediated key exchange are obviously
> not shipable grade (server knows all symmetric keys!)
That's obvious to paranoids like you and me :), but not to an average
consumer who just needs to play CS or AoE over a VPN.
From eugen at leitl.org Fri Jan 7 13:04:16 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 7 Jan 2005 22:04:16 +0100
Subject: DRM Tinkering with Intel's PXA270?
Message-ID: <20050107210416.GO9221@leitl.org>
Link: http://slashdot.org/article.pl?sid=05/01/07/1137224
Posted by: Cliff, on 2005-01-07 20:10:00
from the don't-refuse-me dept.
putko asks: "Intel has a new line of chips with DRM built in. This
appears to be the [1]very first DRM-enabled chip to hit the streets.
This microprocessor is unlike others available, because the user
doesn't have complete control over the thing, and [2]your computer can
(theoretically) betray you. For a while now, there have been computers
(IBM ThinkPad) that won't boot unless you give the password, but you
could always rip out the hard drive and read it, right? With this
chip, the keys and RAM are on the chip, and the flash is encrypted, so
this really looks locked up tight. Has anyone worked with this chip,
and is possible to build your own device that uses the Intel Trusted
Wireless Platform to protect your secrets (like your software,
perhaps)?"
[3]Click Here
"I'm reminded of this due to Slashdot's recent story on the [4]iPAQ,
which uses the chip (and has some neat security features too).
Somewhat surprisingly, nobody brought up the Doomsday scenarios,
there. It should also be mentioned that there are companies [5]selling
incredibly tiny boards for it. Maybe you can run Linux on them?
Wouldn't it suck if the chip had the capabilities and you couldn't use
them in your own projects -- e.g. if that was just reserved to big
companies like Microsoft? On the other hand, if you can use the
features, you might see some neat applications. Assuming you can
program the DRM stuff, how do you avoid locking yourself out of the
chip while developing? What extra pitfalls may developers run into
using it?"
References
1. http://www.intel.com/design/pca/prodbref/253820.htm
2. http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html
3.
http://ads.osdn.com/?ad_id=5717&alloc_id=12468&site_id=1&request_id=7795214&o
p=click&page=%2farticle%2epl
4. http://slashdot.org/article.pl?sid=05/01/05/2043247&tid=100
5.
http://www.strategic-test.com/pxa270_pxa255_sbc/triton-270_pxa270-cpu_sbc.htm
l
----- End forwarded message -----
--
Eugen* Leitl leitl
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
From rah at shipwright.com Fri Jan 7 19:27:44 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 7 Jan 2005 22:27:44 -0500
Subject: TSA: Tests going well for Secure Flight
Message-ID:
CNN
TSA: Tests going well for Secure Flight
Friday, January 7, 2005 Posted: 11:21 AM EST (1621 GMT)
WASHINGTON (AP) -- The government has begun testing a computerized
screening system that compares airline passengers' names with those on
terrorist watch lists, a Transportation Security Administration official
said Thursday.
Called "Secure Flight," it's meant to replace a plan that never got to the
testing stage because of criticism that it gave the government access to
too much personal information.
Testing of Secure Flight began November 30. No announcement was made; TSA
spokesman Justin Oberman disclosed its status when asked by The Associated
Press.
The testing has not turned up any suspected terrorists. Oberman said the
agency expects to wrap up the first phase of testing in a month.
"The technology is working, doing exactly what we wanted it to do," he said.
The TSA is testing data on passengers who flew domestic flights on U.S.
airlines in June. The airlines, concerned about upsetting passengers, had
refused to turn over the information, but the TSA issued a security
directive ordering them to do so.
About 1.9 million passengers travel by air daily, and part of the test will
see if the government's system can handle that much information.
The government has sought to improve its process for making sure terrorists
don't get on planes since the September 11 hijackers exposed holes in the
system. Airlines now simply match passenger names against government watch
lists of people considered threats.
Federal authorities don't disclose criteria for placing people on the
lists, how many names are listed or any identities. In a number of
well-publicized incidents, people with names similar to those on the lists
were stopped from boarding planes. Among them was Sen. Edward M. Kennedy,
D-Massachusetts.
Marcia Hofmann, attorney for the Electronic Privacy Information Center, a
Washington-based advocacy group, said many problems remain with the Secure
Flight program.
"The redress process is still a question mark," Hofmann said. "The ability
of individuals to access and correct information that is being used to make
determinations about them is still at issue."
Oberman said the agency is working on a way for passengers to appeal if
they think they've been wrongly identified as terrorists.
Under Secure Flight, the airlines would electronically transmit to the
government passenger names as well as other identifying information. The
government would then match that information with the terrorist watch
lists; names on those lists are supposed to include biographical
information.
The passenger information that's being tested is known as passenger name
records, or PNR. It can include credit card numbers, travel itineraries,
addresses, telephone numbers and meal requests.
Oberman said further testing will show whether the system can handle a
surge of information during busy air travel periods. Name-matching software
will also be fine-tuned, he said.
The TSA says Secure Flight differs from the previous plan because it does
not compare personal data with commercial databases. Privacy advocates were
concerned that doing so would allow the government to accumulate vast
amounts of sensitive information about people who weren't suspected of
breaking the law.
The agency said, however, it will test the passenger information "on a very
limited basis" against commercial data to see if that could reduce the
number of people who are confused with names on watch lists.
Before that happens, though, the Government Accountability Office must
report to Congress on the TSA's plan to test the commercial data. That's
expected by the end of March.
Oberman said he expects testing will be completed by then. However, it's
unclear when Secure Flight will be implemented.
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From camera_lumina at hotmail.com Sat Jan 8 09:54:25 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Sat, 08 Jan 2005 12:54:25 -0500
Subject: California Bans a Large-Caliber Gun, and the Battle Is On
In-Reply-To: <20050108161524.GA5699@arion.soze.net>
Message-ID:
>What else would the PATRIOT act do? That's a particularly malicious
>psychological trick on the part of the miserable bastards who named it.
>It doesn't so much matter that it's obvious.
Somehow, I don't think the bastards were hoping for the kind of "Patriotism"
I have in mind: Large caliber guns to protect our constitutional freedoms,
or at least to make it damn costly for individuals to carry out orders
trying to take them away.
-TD
From jya at pipeline.com Sat Jan 8 13:20:08 2005
From: jya at pipeline.com (John Young)
Date: Sat, 08 Jan 2005 13:20:08 -0800
Subject: Tasers for Cops Not You
Message-ID:
NY Times reports today that SEC is investigating Taser
for possible financial irregularity: as last day of business
for 2004 racked up a $700,000 sale to an AZ gun shop
which brags it sells to civilians, but only a few so far.
And that the AZ AG is informally looking at sale of the stun
guns to civilians, with cops protesting civilian access to
the neatest cop joy toy.
However, Taser claims the civilian version is effective
only to 15 feet while the LE version will explose a heart
at 20 feet. And, Taser says "accidental deaths caused
by the shock would have happened to those sick persons
anyway."
Well, yes, homicidal cops say the perps were begging for it,
learning such talk from the president and up to the one who
has fun with joy toy tsunamis.
Exculpation, says the king, is divine, and my Taser shocks
shit further than yours.
Here are photos of the Taser in manufacture, sale, training,
promo, and accidental misfire:
http://cryptome.org/taser-eyeball.htm
From skquinn at speakeasy.net Sat Jan 8 13:55:33 2005
From: skquinn at speakeasy.net (Shawn K. Quinn)
Date: Sat, 08 Jan 2005 15:55:33 -0600
Subject: Tasers for Cops Not You
In-Reply-To:
References:
Message-ID: <1105221334.4608.0.camel@xevious>
On Sat, 2005-01-08 at 13:20 -0800, John Young wrote:
> Here are photos of the Taser in manufacture, sale, training,
> promo, and accidental misfire:
>
>
> http://cryptome.org/taser-eyeball.htm
This came up 404 as of a few minutes ago.
--
Shawn K. Quinn
From justin-cypherpunks at soze.net Sat Jan 8 08:15:24 2005
From: justin-cypherpunks at soze.net (Justin)
Date: Sat, 8 Jan 2005 16:15:24 +0000
Subject: California Bans a Large-Caliber Gun, and the Battle Is On
In-Reply-To:
References: <41DD4F02.4E22D74@cdc.gov>
Message-ID: <20050108161524.GA5699@arion.soze.net>
On 2005-01-06T12:06:40-0500, Tyler Durden wrote:
>
> Well, I used to be pro gun-control prior to the Patriot Act. Guess the
> Patriot Act made me something of a Patriot.
What else would the PATRIOT act do? That's a particularly malicious
psychological trick on the part of the miserable bastards who named it.
It doesn't so much matter that it's obvious.
I should like to take this opportunity to remind that it's an acronym,
and therefore is properly written in all caps. The taboo against
YELLING should carry over to the acronym, making people subconsciously
dislike it.
--
"War is the father and king of all, and some he shows as gods, others as men; some he makes slaves, others free." -Heraclitus 53
From bill.stewart at pobox.com Sat Jan 8 23:14:31 2005
From: bill.stewart at pobox.com (Bill Stewart)
Date: Sat, 08 Jan 2005 23:14:31 -0800
Subject: "The Reader of Gentlemen's Mail", by David Kahn
Message-ID: <6.0.3.0.0.20050108230829.03c33ed8@pop.idiom.com>
My wife was channel-surfing and ran across David Kahn talking about his
recent book
"The Reader of Gentlemen's Mail: Herbert O. Yardley and the Birth of
American Codebreaking".
ISBN 0300098464 , Yale University Press, March 2004
Amazon's page has a couple of good detailed reviews
http://www.amazon.com/exec/obidos/ASIN/0300098464/qid=1105254301/sr=2-1/ref=pd_ka_b_2_1/102-1630364-0272149
----
Bill Stewart bill.stewart at pobox.com
From justin-cypherpunks at soze.net Sat Jan 8 18:46:56 2005
From: justin-cypherpunks at soze.net (Justin)
Date: Sun, 9 Jan 2005 02:46:56 +0000
Subject: California Bans a Large-Caliber Gun, and the Battle Is On
In-Reply-To:
References: <20050108161524.GA5699@arion.soze.net>
Message-ID: <20050109024656.GA29091@arion.soze.net>
On 2005-01-08T12:54:25-0500, Tyler Durden wrote:
> >What else would the PATRIOT act do? That's a particularly malicious
That was scarcasm.
> >psychological trick on the part of the miserable bastards who named it.
> >It doesn't so much matter that it's obvious.
>
> Somehow, I don't think the bastards were hoping for the kind of
> "Patriotism" I have in mind: Large caliber guns to protect our
> constitutional freedoms, or at least to make it damn costly for individuals
> to carry out orders trying to take them away.
It's the socially conservative public at large who have fallen prey to
the association between the PATRIOT act and patriotism. I did not
intend to suggest that you or most other cypherpunks members have.
--
"War is the father and king of all, and some he shows as gods, others as men; some he makes slaves, others free." -Heraclitus 53
From shmoocon-news at lists.shmoo.com Sun Jan 9 07:38:03 2005
From: shmoocon-news at lists.shmoo.com (shmoocon-news at lists.shmoo.com)
Date: Sun, 9 Jan 2005 10:38:03 -0500
Subject: [ShmooCon-News] Saturday night's con
Message-ID:
Saturday night's fun has basically been finalized, so it's time to
clue attendees in. ShmooCon 2005 attendees are invited to boogie at
FUR, a rather hip dance club in D.C., Saturday night, February 5th,
from 10 to whenever. Check out FUR's website here:
http://www.furnightclub.com
FUR is letting all ShmooCon 2005 attendees, 21 and over, in for FREE.
The private speaker party with open bar in the Mafia lounge at FUR
runs from 10 to midnight, and features spinning by everyone's favorite
West-coast, DefCon & ToorCon-infamous DJ, Keith! w00t!
Anyone who reserved a room at the conference hotel under the ShmooCon
group rate will get a pass to the speaker party once they check-in at
the hotel.
If you didn't reserve a room at the conference hotel, or you aren't a
speaker, then you'd better practice on your social engineering skills
to score a pass to the speaker party. Rumor has it, speakers will
have extra passes to distribute as they see fit. ;)
And one more note: FUR, not the Shmoo Group, controls the dress
code--read the FUR FAQ here:
http://www.furnightclub.com/Content/FAQ.html
So no whining about having to look (and smell) nice. Got it? See you
at FUR on Saturday night of the con!
Sincerely,
Beetle
The Shmoo Group
_______________________________________________
Shmoocon-News mailing list
Shmoocon-News at lists.shmoo.com
https://lists.shmoo.com/mailman/listinfo/shmoocon-news
--- end forwarded text
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From rah at shipwright.com Sun Jan 9 07:44:25 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 9 Jan 2005 10:44:25 -0500
Subject: Police seek missing trucker, nickels
Message-ID:
The Chicago Tribune
Police seek missing trucker, nickels
Advertisement Items compiled from Tribune news services
January 9, 2005
MIAMI, FLORIDA -- A truck driver has disappeared with the 3.6 million
nickels he was hauling to the Federal Reserve Bank in New Orleans, police
said Friday.
Angel Ricardo Mendoza, 43, picked up the coins, worth $180,000, Dec. 17
from the Federal Reserve in New Jersey and was supposed to haul the
cargo--weighing 45,000 pounds--to New Orleans for a trucking company
subcontracted by the Federal Reserve, police said.
On Dec. 21, Mendoza's empty truck and trailer turned up at a truck stop in
Ft. Pierce, Fla.
Miami-Dade police, the FBI and the Federal Reserve police are investigating.
"We are concerned for his safety because he's missing," Miami-Dade
Detective Randy Rossman said.
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From eugen at leitl.org Sun Jan 9 02:32:15 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Sun, 9 Jan 2005 11:32:15 +0100
Subject: Tasers for Cops Not You
In-Reply-To: <1105221334.4608.0.camel@xevious>
References:
<1105221334.4608.0.camel@xevious>
Message-ID: <20050109103215.GN9221@leitl.org>
On Sat, Jan 08, 2005 at 03:55:33PM -0600, Shawn K. Quinn wrote:
> On Sat, 2005-01-08 at 13:20 -0800, John Young wrote:
> > Here are photos of the Taser in manufacture, sale, training,
> > promo, and accidental misfire:
> >
> >
> > http://cryptome.org/taser-eyeball.htm
>
> This came up 404 as of a few minutes ago.
The correct URL is http://cryptome.org/taser/taser-eyeball.htm
>
> --
> Shawn K. Quinn
--
Eugen* Leitl leitl
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
From rsw at jfet.org Sun Jan 9 12:20:16 2005
From: rsw at jfet.org (Riad S. Wahby)
Date: Sun, 9 Jan 2005 14:20:16 -0600
Subject: Google Exposes Web Surveillance Cams
In-Reply-To: <20050109192412.GR9221@leitl.org>
References: <20050109192412.GR9221@leitl.org>
Message-ID: <20050109202016.GA22497@positron.jfet.org>
Eugen Leitl wrote:
> with the discovery that a pair of simple Google searches permits
I love how all of the coverage leaves out the actual search strings, as
if it's hard to discover what they are at this point.
http://www.google.com/search?q=inurl%3A%22ViewerFrame%3FMode%3D%22
http://www.google.com/search?q=inurl%3A%22MultiCameraFrame%3FMode%3D%22
Perhaps there are others as well; this is what 10 seconds of googling
revealed. (There's something strangely meta about using google to
discover a google search string.)
--
Riad S. Wahby
rsw at jfet.org
From bill.stewart at pobox.com Sun Jan 9 15:05:15 2005
From: bill.stewart at pobox.com (Bill Stewart)
Date: Sun, 09 Jan 2005 15:05:15 -0800
Subject: Police seek missing trucker, nickels
In-Reply-To:
References:
Message-ID: <6.0.3.0.0.20050109150455.03c64a60@pop.idiom.com>
At 01:36 PM 1/9/2005, Tyler Durden wrote:
>OK...most of the time I understanding the relevance of the emanations from
>RAH, but this one I don't get. What's the relevance? Choate nostalgia?
Micropayments, of course :-)
From jya at pipeline.com Sun Jan 9 15:16:36 2005
From: jya at pipeline.com (John Young)
Date: Sun, 09 Jan 2005 15:16:36 -0800
Subject: "The Reader of Gentlemen's Mail", by David Kahn
In-Reply-To: <6.0.3.0.0.20050108230829.03c33ed8@pop.idiom.com>
Message-ID:
Kahn's is a quite interesting and entertaining book. Among other
tales about Yardley and his admirable battles with the USG, Kahn
tells how through hilarious Gonzales-grade legal shenanigans
the only time a US law has been by enacted against revealing
cryptological information, in 1933, to prevent Yardley from
publishing a book, and the one-man-law it is still in effect.
Chapter 15 A Law Aimed at Yardley, pp. 158-72:
The law:
An Act For the Protection of Government records
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled, That
whoever, by virtue of his employment by the United States, shall
obtain from another or shall have custody of or acess to, or shall
have had custody of or access to, any official diplomatic code or any
matter prepared in such code, or which purports to have been
prepared in any such code, and shall willfully, without authorization
or competent authority, publish or furnish to another any such
code or matter, or any matter which was obtained while in the
process of transmission between any foreign government and
its diplomatic mission in the United States, shall be fined not more
than $10,000 or imprisoned not more than ten years, or both.
Approved June 10, 1933 Franklin D. Roosevelt
See: USC Title 18 Section 952
http://assembler.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00000952--
--000-.html
Note the orignal $10,000 amount for the fine has been removed.
From camera_lumina at hotmail.com Sun Jan 9 13:36:25 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Sun, 09 Jan 2005 16:36:25 -0500
Subject: Police seek missing trucker, nickels
In-Reply-To:
Message-ID:
OK...most of the time I understanding the relevance of the emanations from
RAH, but this one I don't get. What's the relevance? Choate nostalgia?
-TD
>From: "R.A. Hettinga"
>To: cypherpunks at al-qaeda.net
>Subject: Police seek missing trucker, nickels
>Date: Sun, 9 Jan 2005 10:44:25 -0500
>
>
>
>The Chicago Tribune
>
>Police seek missing trucker, nickels
>Advertisement Items compiled from Tribune news services
>
> January 9, 2005
>
> MIAMI, FLORIDA -- A truck driver has disappeared with the 3.6 million
>nickels he was hauling to the Federal Reserve Bank in New Orleans, police
>said Friday.
>
> Angel Ricardo Mendoza, 43, picked up the coins, worth $180,000, Dec. 17
>from the Federal Reserve in New Jersey and was supposed to haul the
>cargo--weighing 45,000 pounds--to New Orleans for a trucking company
>subcontracted by the Federal Reserve, police said.
>
> On Dec. 21, Mendoza's empty truck and trailer turned up at a truck stop
>in
>Ft. Pierce, Fla.
>
> Miami-Dade police, the FBI and the Federal Reserve police are
>investigating.
>
> "We are concerned for his safety because he's missing," Miami-Dade
>Detective Randy Rossman said.
>
>--
>-----------------
>R. A. Hettinga
>The Internet Bearer Underwriting Corporation
>44 Farquhar Street, Boston, MA 02131 USA
>"... however it may deserve respect for its usefulness and antiquity,
>[predicting the end of the world] has not been found agreeable to
>experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From pcapelli at gmail.com Sun Jan 9 14:10:09 2005
From: pcapelli at gmail.com (Pete Capelli)
Date: Sun, 9 Jan 2005 17:10:09 -0500
Subject: Police seek missing trucker, nickels
In-Reply-To:
References:
Message-ID:
Millions of micropayments lost?
On Sun, 09 Jan 2005 16:36:25 -0500, Tyler Durden
wrote:
>
> OK...most of the time I understanding the relevance of the emanations from
> RAH, but this one I don't get. What's the relevance? Choate nostalgia?
>
> -TD
>
> >From: "R.A. Hettinga"
> >To: cypherpunks at al-qaeda.net
> >Subject: Police seek missing trucker, nickels
> >Date: Sun, 9 Jan 2005 10:44:25 -0500
> >
> >
> >
> >The Chicago Tribune
> >
> >Police seek missing trucker, nickels
> >Advertisement Items compiled from Tribune news services
> >
> > January 9, 2005
> >
> > MIAMI, FLORIDA -- A truck driver has disappeared with the 3.6 million
> >nickels he was hauling to the Federal Reserve Bank in New Orleans, police
> >said Friday.
> >
> > Angel Ricardo Mendoza, 43, picked up the coins, worth $180,000, Dec. 17
> >from the Federal Reserve in New Jersey and was supposed to haul the
> >cargo--weighing 45,000 pounds--to New Orleans for a trucking company
> >subcontracted by the Federal Reserve, police said.
> >
> > On Dec. 21, Mendoza's empty truck and trailer turned up at a truck stop
> >in
> >Ft. Pierce, Fla.
> >
> > Miami-Dade police, the FBI and the Federal Reserve police are
> >investigating.
> >
> > "We are concerned for his safety because he's missing," Miami-Dade
> >Detective Randy Rossman said.
> >
> >--
> >-----------------
> >R. A. Hettinga
> >The Internet Bearer Underwriting Corporation
> >44 Farquhar Street, Boston, MA 02131 USA
> >"... however it may deserve respect for its usefulness and antiquity,
> >[predicting the end of the world] has not been found agreeable to
> >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
>
>
--
Pete Capelli pcapelli at ieee.org
http://www.capelli.org PGP Key ID:0x829263B6
"Those who would give up essential liberty for temporary safety deserve neither
liberty nor safety" - Benjamin Franklin, 1759
From eugen at leitl.org Sun Jan 9 11:24:12 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Sun, 9 Jan 2005 20:24:12 +0100
Subject: Google Exposes Web Surveillance Cams
Message-ID: <20050109192412.GR9221@leitl.org>
Link: http://slashdot.org/article.pl?sid=05/01/09/1411242
Posted by: CmdrTaco, on 2005-01-09 15:00:00
from the pick-a-password-people dept.
An anonymous reader writes "Blogs and message forums buzzed this week
with the discovery that a pair of simple Google searches permits
[1]access to well over 1,000 unprotected surveillance cameras around
the world - apparently without their owners' knowledge." Apparently
many of the cams are even aimable. Oops!
[2]Click Here
References
1.
http://www.theregister.co.uk/2005/01/08/web_surveillance_cams_open_to_all/
2.
http://ads.osdn.com/?ad_id=5717&alloc_id=12468&site_id=1&request_id=231150&op
=click&page=%2farticle%2epl
----- End forwarded message -----
--
Eugen* Leitl leitl
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
From cypherpunks at einstein.ssz.com Sun Jan 9 20:25:28 2005
From: cypherpunks at einstein.ssz.com (cypherpunks at einstein.ssz.com)
Date: Sun, 9 Jan 2005 20:25:28
Subject: Devine Lips for you!
Message-ID: <20020110012239.666353C325@server10.safepages.com>
****************************************************************************************
This email message is sent in compliance with the 106th Congress E-Mail
User Protection Act (H.R. 1910) and the Unsolicited Commercial Electronic
Mail Act of 2000 (H.R. 3113). We provide a valid vehicle for you to be
removed from our email list. To be removed from our mailing list, simply
send an email to remove.faces at eudoramail.com with the subject "remove".
****************************************************************************************
The NON-detectable KISS has arrived!!!
This is AMAZING product is for the PERFECT
non-detectable kiss!
These fantastic new lip products are waterproof
will not smear off, kiss off, or rub off.
Lip-gloss products will not come off until you
TAKE them Off. Look like a movie star all day long.
For more information on this and other new products
send a blank email to:
mailto:making.faces at eudoramail.com
============================
For faster service send your
Name:
Phone number:
Best time to call:
============================
To be removed send an email to:
mailto:remove.faces at eudoramail.com
From rah at shipwright.com Sun Jan 9 18:17:55 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 9 Jan 2005 21:17:55 -0500
Subject: [ShmooCon-News] Saturday night's con
Message-ID:
--- begin forwarded text
From rah at shipwright.com Sun Jan 9 18:30:06 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 9 Jan 2005 21:30:06 -0500
Subject: Police seek missing trucker, nickels
In-Reply-To:
References:
Message-ID:
At 5:10 PM -0500 1/9/05, Pete Capelli wrote:
>Millions of micropayments lost?
Billions. Billions.
:-).
Cheers,
RAH
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From rah at shipwright.com Sun Jan 9 18:40:53 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 9 Jan 2005 21:40:53 -0500
Subject: E-purse and e-gate facility at airport soon
Message-ID:
Times of Oman - Local News
(Monday, January 10, 2005)
E-purse and e-gate facility at airport soon
By Adarsh Madhavan
MUSCAT - Oman will be introducing a host of applications on the smart card,
or the national identity card, soon. A top application, which will be
introduced this year, will enable the national ID card users to utilise the
e-gate (*) (electronic gates) 'fast track' facility at the Seeb
International Airport. But even when this facility is launched, it will be
only for Omanis and expatriate (nationals and residents) businessmen/women
as an initial arrangement.
This was unveiled by Colonel (Dr) Sulaiman bin Mohammed Al Harthy,
director-general of civil status at the Royal Oman Police (ROP), yesterday.
Colonel Sulaiman Al Harthy told newsmen on the sidelines of a seminar,
conducted by the Directorate-General of Civil Status and the Bahwan IT, the
information technology division of the Suhail Bahwan Group, and Gemplus,
their technology partners, which was held at Grand Hyatt Muscat yesterday
that the e-gate facility will be only for the private sector
businessmen/women. It will be available only to them when it is introduced.
Colonel Al Harthy also added that they "would rather wait and evaluate the
situation for a while (before implementing it for others). At the moment,
it will be only for the businessmen/women in the private sector who are
holding the resident cards".
Another top facility, which is on the cards and a major priority for the
Sultanate, is the e-purse, Colonel Al Harthy added. The e-purse (or the
electronic purse) would be like a debit card, which has currency or cash
loaded on to the card as an electronic value.
It can be used at kiosks, gas stations, vending machines etc and even over
the Internet.
"For the customer, it offers a very high level of security (unlike the
credit card numbers which we give over the Net, here digital keys are
exchanged and encryption levels and standards followed are to the highest,
so that the customer can rest assured with a high level of security),"
Ramakrishna Sathyagopal, principal consultant of Data Capture Solutions,
Bahwan IT (formerly SSB Computer Division), a division of Bahwan Trading
Co. LLC, explained, adding that it also offers a great deal of convenience
to the user who would not have to carry any cash with him/her.
Meanwhile, Oman is the first country in the AGCC and the entire Middle East
to issue smart cards as a national ID card.
The United Arab Emirates (UAE) and Qatar have now followed suit.
Colonel Al Harthy was on the upbeat when queried on their expectations
after the launch of this card. "It is really up to our expectations and the
response of the pubic was great. We really appreciate that," he said.
Although the message about the new cards were loud and clear, they would
try to emphasise or renew the message whenever they would be introducing
new applications, he added.
Colonel Al Harthy, was the first speaker at the seminar highlighted details
of the card.
He was followed by Hisham Surakhi, business development manager, Gemplus,
Middle East and Emmanuel Quedreux, project manager, Gemplus, France. Also
present was M. K. Janaki Raman, general manager of Bahwan IT and Pierre
Servetazz, director of Gemplus, Middle East.
The audience comprised of government officials, businessmen, those in the
IT segment, and other dignitaries.
Also present were Amal Bahwan, director of Bahwan IT; Aqeed Abdullah bin
Jameel bin Saif Al Quraini, head of ITS at the Ministry of Defence.
The civil status project in Oman is an execution of the Royal Decree No.
(66/99), which ordained that the Civil Status Law be issued, and whose
article (2) decreed that a new directorate be established and added to the
existing group of general directorates of the ROP to execute the Civil
Status Law.
So far, a total 200,000 cards have been issued. Of this, a total of 150,000
cards have been issued to Omanis and the remaining 50,000, expatriates.
According to the plan, as specified by Colonel Al Harthy, all expatriates
(starting from children who have reached 15) would be issued their cards by
the end of 2006.
By the end of 2007, beginning of 2008, all Omanis would be holding their cards.
The Directorate General of Civil Status, ROP is the owner of this card.
Their long-term vision is to promote this card as the ubiquitous form of
mass media, which can be used for identification and authentication,
officials from Bahwan IT said.
Information such as the civil number of the bearer, a record of marriage,
birth and other personal details are already loaded into the card, enabling
automated electronic reading of the card possible.
Being a smart card, applications on this can be anything from a driver's
licence or a health card to digital signatures to a bank card, the
officials said.
The card includes the carrier's demographic data along with a digital
photograph and an electronic fingerprint template making identification,
verification and authentication possible by manual and machine readable
forms.
A person can thus prove who he claims to be at multiple locations, with a
single card.
With its PKI (public key infrastructure) application readiness,
applications like utility/bill payments are envisaged, making e-commerce a
reality in the near future.
The card itself is a leveller as everyone above the age of 15 would possess
one and the DGCS has provided ample user space on the card for it to
accommodate many different programs, so multiple applications can easily be
added on.
All of this will enable bearers of the card better service by simplifying
procedures, saving time and effort, thereby commanding wider user
acceptance.
The DGCS has recognised and acknowledged Bahwan ITs capabilities to take
this forward by giving permission to work along with them and Gemplus,
Bahwan IT officials said.
"We, at the Bahwan IT, the systems integrator for the card applications,
with our expertise in this technology, our skills with software development
and project management aim to make the Sultanate a closer place, redefining
convergence in its true sense by facilitating multiple applications on the
card," the officials said.
"It is a privilege for Bahwan IT to be working along with the DGCS, ROP on
the national ID cards and their applications and with Gemplus being the
global leader in Smart Card technology, Bahwan IT honours their invaluable
support," they added.
New cards with renewed visas
MUSCAT - The new national identity cards will be issued to resident
expatriates when their visa expires and not when their labour card expires,
Colonel (Dr) Sulaiman bin Mohammed Al Harthy, director-general of civil
status, ROP, clarified to a query yesterday.
"The resident expatriate needs to get his/her national ID card only when
their visa expires," Colonel Harthy said.
"For those expatriates (in the private sector) who have a visa, which is
valid for more than a year, would need to renew their labour card for a
year and then wait until the visa expires and then get the new national ID
card," he explained.
"But, they have to be careful, for sometimes, there can be an overlap
between the visa and the labour card, so if they (the expatriates) exceed
the allowed time for the Ministry of Manpower, they would have to pay a
fine."
Family members and children (above 15) should also apply for their national
ID card when their visa expires. The labour card becomes obsolete once this
national ID card is issued."
Colonel Al Harthy noted that the visa would be "embedded in the national ID
card. Therefore, an ID card holder (expatriate) will have two visas. One,
which will be the stamp in the passport and the other on the ID card
itself."
To a query, Colonel Harthy said: "Only the ROP will be having access to the
information on the ID card.
"But, then if you go to a bank and want to open an account, then they would
be having the facility to access the information. However, there will be
information, which is public, and which they can access and the other
private/confidential information, others will not be able to access."
Colonel Al Harthy also noted that offences would not be registered on the
ID card.
Boon for businessmen
By A Staff Reporter
MUSCAT -The fast-track e-gate facility (*) at the airport will prove to be
quite a boon for the private sector businessmen and women, who are
constantly on the move.
"This will enable the user to avoid long queues, which may prove to be time
consuming," Ramakrishna Sathyagopal, principal consultant of Data Capture
Solutions, Bahwan IT (formerly SSB Computer Division), a division of Bahwan
Trading Co. LLC, told the Times of Oman yesterday.
"The smart card will have a biometric template loaded on it. And when the
passenger arrives at the airport, he/she will be having the card and will
also be directly present there.
"So, it enables the user to immediately prove their status. As reports
note, it would provide a 'one-to-one' match or authentication. And so when
the smart card is put into the e-gate facility it authenticates the
person's fingerprint (from the fingerprint scanner) with the fingerprint
present on the card.
"Basically, this would mean that users can avoid queuing up and the
checking process would be done very quickly.
Because it checks both the fingerprint as well as the card, it will prove
to be an absolutely foolproof method," Ramakrishna said.
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From rah at shipwright.com Sun Jan 9 18:45:14 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 9 Jan 2005 21:45:14 -0500
Subject: Schneier to Speak to Boston CPCU (Chartered Property Casualty
Underwriter) Society
Message-ID:
LicataandKelleherHome
137 South Street, Suite 3
Boston, MA 02111-2838
617-451-2140 x312
FLicata at LicataKelleher.com
Security Consultant Bruce Schneier to Speak in Boston on January 20, 2005
Bruce Schneier, Founder and Chief Technical Officer of Counterpane Internet
Security of Mountain View, CA will speak to the Boston Chapter of the CPCU
(Chartered Property Casualty Underwriter) Society.
Counterpane provides Managed Security Services to organizations worldwide.
Schneier is an internationally renowned security technologist who was
described by The Economist as a "security guru." He is the author of eight
books.
His book on computer and network security, Secrets and Lies, was called by
Fortune "a jewel box of little surprises you can actually use." His current
book, Beyond Fear, tackles the problems of security from the small to the
large, from computer security to physical security, and security on the
whole.
His address will be on the subjects of privacy and security, with emphasis
on computer and network security.
Date:
Thursday, January 20, 2005
Time:
7:30 - 8:00 AM
Registration
8:00 - 8:30
Breakfast
8:30 - 9:30
Speaker Presentation
Place:
Newton Marriott
2345 Commonwealth Ave., Newton, MA (at Rte 128 and Mass Pike)
Tel 617-969-1000
Topic:
Security, With Particular Emphasis on Network and Computer Security
Cost:
$35.00 per person
For more information, contact Frank Licata, CPCU Program Chair, at
xFLicata at LicataKelleher.com
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From smb at cs.columbia.edu Sun Jan 9 18:55:44 2005
From: smb at cs.columbia.edu (Steven M. Bellovin)
Date: Sun, 09 Jan 2005 21:55:44 -0500
Subject: "The Reader of Gentlemen's Mail", by David Kahn
In-Reply-To: Your message of "Sat, 08 Jan 2005 23:14:31 PST."
<6.0.3.0.0.20050108230829.03c33ed8@pop.idiom.com>
Message-ID: <20050110025545.733C23C0104@berkshire.machshav.com>
In message <6.0.3.0.0.20050108230829.03c33ed8 at pop.idiom.com>, Bill Stewart writ
es:
>My wife was channel-surfing and ran across David Kahn talking about his
>recent book
>"The Reader of Gentlemen's Mail: Herbert O. Yardley and the Birth of
>American Codebreaking".
>
>ISBN 0300098464 , Yale University Press, March 2004
>
>Amazon's page has a couple of good detailed reviews
>http://www.amazon.com/exec/obidos/ASIN/0300098464/qid=1105254301/sr=2-1/ref=pd
>_ka_b_2_1/102-1630364-0272149
>
I have the book. For the student of the history of cryptography, it's
worth reading. For the less dedicated, it's less worthwhile. It's not
"The Codebreakers"; it's not "The Code Book"; other than the title
quote (and I assume most readers of this list know the story behind
it), there are no major historical insights.
The most important insight, other than Yardley's personality, is what
he was and wasn't as a cryptanalyst. The capsule summary is that he
was *not* a cryptanalytic superstar. In that, he was in no way a peer
of or a competitor to Friedman. His primary ability was as a manager
and entrepreneur -- he could sell the notion of a Black Chamber (with
the notorious exception of his failure with Stimson), and he could
recruit good (but not always great) people. But he never adapted
technically. His forte was codes -- he know how to create them and how
to crack them. But the world's cryptanalytic services were also
learning how to crack them with great regularity; that, as much as
greater ease of use, was behind the widespread adoption of machine
cryptography (Enigma, M-209, Typex, Purple, etc.) during the interwar
period. Yardley never adapted and hence he (and his organizations)
became technologically obsolete.
One of the reviews on Amazon.com noted skeptically Kahn's claim that
Friedman was jealous of Yardley's success with women. I have no idea
if that's true, though moralistic revulsion may be closer. But I
wonder if the root of the personal antagonism may be more that of the
technocrat for the manager...
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
From rah at shipwright.com Sun Jan 9 18:59:08 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 9 Jan 2005 21:59:08 -0500
Subject: Police seek missing trucker, nickels
In-Reply-To: <6.0.3.0.0.20050109150455.03c64a60@pop.idiom.com>
References:
<6.0.3.0.0.20050109150455.03c64a60@pop.idiom.com>
Message-ID:
At 3:05 PM -0800 1/9/05, Bill Stewart wrote:
>Micropayments, of course :-)
*Bearer* micropayments...
:-)
Cheers,
RAH
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From cypherpunks at toad.com Sun Jan 9 22:10:11 2005
From: cypherpunks at toad.com (cypherpunks at toad.com)
Date: Sun, 9 Jan 2005 22:10:11
Subject: Phone service 1.4 cents a minute
Message-ID: <20020110030707.5C3853C4DD@server10.safepages.com>
****************************************************************************************
This email message is sent in compliance with the 106th Congress E-Mail
User Protection Act (H.R. 1910) and the Unsolicited Commercial Electronic
Mail Act of 2000 (H.R. 3113). We provide a valid vehicle for you to be
removed from our email list. To be removed from our mailing list, simply
send an email to remove.faces at eudoramail.com with the subject "remove".
****************************************************************************************
Finally!
A flat rate long distance service at 1.4 cents per minute for
a real phone company! Includes all 50 states, (in-state toll calls as
well), 3-way calling and conference calling.
No need to change long distance carriers.
This price is a limited offer so act now!
DISTRIBUTORS NEEDED!
Our people are already making over $10,000.00/month
working from home. No fee to become a distributor.
email me at: mailto:phoneservice at email.com
email me at: mailto:phoneservice at email.com
Include your nameand phone number to hear
our clear serivce.
To be removed send a blank email to:
mailto:undo21 at yahoo.com
From rah at shipwright.com Mon Jan 10 05:52:28 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 10 Jan 2005 08:52:28 -0500
Subject: Momentum Is Gaining for Cellphones as Credit Cards
Message-ID:
The New York Times
January 10, 2005
Momentum Is Gaining for Cellphones as Credit Cards
By MATT RICHTEL
eople already use their cellphones to read e-mail messages, take pictures
and play video games. Before long, they may use them in place of their
wallets.
By embedding in the cellphone a computer chip or other type of memory
device, a phone can double as a credit card. The chip performs the same
function as the magnetic strip on the back of a credit card, storing
account information and other data necessary to make a purchase.
In Asia, phone makers are already selling phones that users can swipe
against credit or debit card readers, in much the same way they would swipe
plastic MasterCard or Visa cards. Trials are now under way to bring the
technology to America, industry executives said.
Ron Brown, executive director of the Infrared Data Association, a trade
group representing companies pushing the technology for cellphone credit
cards, said that the new handsets could become "a major form of payment,
because cellphones are the most ubiquitous device in the world." He added,
though, that "cash will never go away."
Advocates say that consumers will readily embrace the technology as a way
to pay for even small purchases, because it is less bother than taking a
credit card out of a purse or parting with cash.
The impending changes to the cellphone happen to coincide with major shifts
taking place in the banking industry. Since credit cards are still
considered somewhat inconvenient, particularly for quick, small purchases,
major credit card companies have developed "contactless payment"
technologies for checkout counters that allow customers to wave their cards
near an electronic reader without having to swipe the card or sign their
name.
MasterCard, for example, has introduced a system called PayPass that lets
cardholders wave a card in front of a reader to initiate a payment, much as
motorists use E-ZPass and similar systems to pay tolls and ExxonMobil
customers use SpeedPass to buy gas. Several major credit card companies
issue PayPass cards; McDonald's has agreed to accept them at some
restaurants.
And American Express announced late last year that it would have its
system, ExpressPay, in more than 5,000 CVS drugstores by the middle of
this year. Judy Tenzer, a spokeswoman for American Express, said the
technology made it more likely that customers would use credit cards to pay
for small items.
Cellphone makers are hoping these new payment systems will also make it
easier to market handsets with credit card functions, although they could
just as easily represent competition for the practice of paying by
cellphone.
The marriage of cellphone and charge card poses some significant
challenges, including security problems. To reduce fraud from stolen
phones, consumers may be required to punch an authorization code into their
phone each time a charge is made.
For more than a year, phone makers, software companies and computer chip
manufacturers have been working to develop secure and reliable payment
technology for cellphones. After the phone's chip is recognized by the
electronic reader, the credit card account number will be verified, as it
is now, and the price of the purchase will be added to the consumer's
credit card bill.
The new phones may also be capable of being programmed for a prepaid sum
from which payments could be deducted.
But there have been some glitches in the product trials, according to Jorge
Fernandes, chief executive of Vivotech, a cellphone software company based
in Santa Clara, Calif.
In two trials, one at a corporation in the Midwest and the other at Santa
Clara University, Vivotech used infrared technology for communications
between the phone and the card reader. Participants had to aim the
cellphone at the reader in a certain way for the infrared beam to be picked
up.
"People got very upset," Mr. Fernandes said. "Pointing your cellphone at a
target is very difficult."
Mr. Fernandes said the company believed it might have solved that problem
by switching to a technology that uses low-level radio signals. Last month,
Vivotech began testing the technology, which allows users to wave the phone
within a couple of inches of a reader, at a sports arena in the Atlanta
area.
Cellphones are becoming mainstream payment devices in Korea and Japan. In
Japan, NTT DoCoMo, the mobile phone operator, said that it had already
sold more than a million phones equipped with chips that include the
payment function.
More than 13,000 Japanese shops have electronic readers capable of
communicating with the phones. For now, the phones are used mostly to debit
a prepaid amount, which is deposited by plugging the phone into a machine
similar to an A.T.M. that takes cash and credits the handset.
In South Korea, people are already using cellphones as credit cards, said
Sue Gordon-Lathrop, vice president for the consumer products platform for
Visa International. She said American consumers would eventually embrace
these new functions, but acceptance could be slower than in Japan and
Korea, where people are more comfortable with using phones for many
purposes.
Also, she said, there are more cellphone operators in America, making it
harder to set standard technology and business practices. "The phones are
exciting, but it's going to be a long time" before a widespread base of
merchants and consumers in America are equipped to use them, she said.
For now, some of the major American cellphone companies are monitoring the
technology without committing to it. Jim Ryan, senior vice president of
product development for Cingular Wireless, the country's largest cellphone
provider, said the company was "closely watching" the progress in this
field.
Copyrigh
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From dave at farber.net Mon Jan 10 08:27:15 2005
From: dave at farber.net (David Farber)
Date: Mon, 10 Jan 2005 11:27:15 -0500
Subject: [IP] The DNA round-up on Cape Cod
Message-ID:
------ Forwarded Message
From: "Richard M. Smith"
Date: Mon, 10 Jan 2005 11:18:42 -0500
To:
Subject: The DNA round-up on Cape Cod
Hi,
I live in the town of Truro on Cape Cod about 4 or 5 months out of the year.
This past week, the Truro has been on the national news because the local
police are attempting to obtain DNA samples of all men of the town in order
to solve a three-year old murder case. Here are a couple of the articles
that give the details of what is going on in this DNA round-up:
To Try to Net Killer, Police Ask a Small Town's Men for DNA
http://www.nytimes.com/2005/01/10/national/10cape.html
Truro abuzz over 'swab' DNA testing
http://www.capecodonline.com/cctimes/truroabuzz7.htm
I am headed back to my Truro house later this week. If I am approached by
the police to provide a DNA sample for their round-up of Truro males, I am
planning to refuse. However, I just realized that I already gave a DNA
sample to the Town of Truro recently. I paid my property tax bill to the
Truro tax collectors office two weeks ago. My DNA is on the tax payment
envelope that I licked.
Envelopes are apparently a good source of DNA material according to this
article:
DNA on Envelope Reopens Decades-old Murder Case
http://abclocal.go.com/wabc/news/wabc_052103_dnaarrest.html
Richard M. Smith
http://www.ComputerBytesMan.com
------ End of Forwarded Message
-------------------------------------
You are subscribed as eugen at leitl.org
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/
----- End forwarded message -----
--
Eugen* Leitl leitl
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
From rah at shipwright.com Mon Jan 10 09:31:51 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 10 Jan 2005 12:31:51 -0500
Subject: A new license fee for every smart card?
Message-ID:
: CR80 News
A new license fee for every smart card?
Monday, January 10 2005
Cyptography Research asks chip or card manufacturers to pay for use of its
patented security measures
In the late 1990s, a scare tore through the smart card community when the
media began running articles attacking the security of the cards and
calling into question the vulnerability of chip card-enabled systems. The
threat had a very serious sounding name, differential power analysis (DPA),
and the concern spread quickly.
The Australian Financial Review broke the story on June 6, 1998 leading
with the ominous statement, "A ruinous security problem has jeopardized the
viability of millions of smartcards in GSM mobile phones as well as the
recently introduced Telstra Phonecard." A series of doom and gloom articles
followed in technology publications and major newspapers and periodicals.
According to the accounts, a group of young cryptographers in San Francisco
had discovered a way to extract the encryption keys protecting data in a
chip, thus opening its contents for unintended use. The ramifications for
the burgeoning GSM market and highly touted stored value programs such as
Mondex, Proton, and VisaCash seemed significant.
The smart card industry attempted to brush off the significance of the
threat pointing to the fact that the attack was confined to laboratory
environments and that no actual issued cards had been compromised. But the
damage was done
it was another public relations hit to an industry trying
to define itself in the eyes of the average consumer.
Thankfully, the average consumer is fickle. Within months, DPA was
forgotten about by all but the most security-focused in the chip and
related industries. The media was on to the next story and the crisis
disappeared as quickly as it had materialized.
Fast forward to November 2004
San Francisco-based Cryptography Research, which specializes in developing
and licensing technology to solve complex data security problems,
officially announced that it had established a licensing program for its
patented DPA countermeasures
and, according to Kit Rodgers, VP of
Licensing for Cryptography Research, virtually every chip card issued in
the market uses the patented countermeasures. But wait a minute. To the
casual observer of the smart card industry, it seemed that DPA's "15
minutes of fame" had passed before the millennium. What happened?
It turns out that DPA really was a credible threat to chip security, and it
turns out that Paul Kocher, one of the young cryptographers that discovered
DPA, is the founder of Cryptography Research. At first blush, this might
seem odd - the same guy that discovered the threat is selling
countermeasures to defend against it.
In reality, this is not uncommon in data security circles. It stands to
reason that the people discovering the weakness are often in the best
position to fix it. If the threat is deemed real following scrutiny by the
industry, the protection against the threat is necessary and has inherent
value to the industry. That is exactly what happened in this case, says to
Mr. Rodgers.
So what happened during the 6-plus years that passed between the Australian
Financial Review article and the announcement of the licensing program?
It turns out that Mr. Kocher and Cryptography Research had shown the
vulnerabilities they discovered to Mondex, Visa, and others prior to the
1998 media storm. These card issuers then brought the silicon and card
suppliers to see the DPA demonstration. According to Mr. Rodgers, "Under
NDA we showed them how to mask and minimize the vulnerabilities. We told
them we would be coming back for licensing once the patents were issued."
In April 2004, the company announced that it had been granted a series of
patents broadly covering countermeasures to DPA attacks. These include:
* U.S. Patent #6,654,884: Hardware-level mitigation and DPA
countermeasures for cryptographic devices;
* U.S. Patent #6,539,092: Leak-resistant cryptographic indexed key
update;
* U.S. Patent #6,510,518: Balanced cryptographic computational
method and apparatus for leak minimization in smartcards and other
cryptosystems;
* U.S. Patent #6,381,699: Leak-resistant cryptographic method and
apparatus;
* U.S. Patent #6,327,661: Using unpredictable information to
minimize leakage from smartcards and other cryptosystems;
* U.S. Patent #6,304,658: Leak-resistant cryptographic method and
apparatus;
* U.S. Patent #6,298,442: Secure modular exponentiation with leak
minimization for smartcards and other cryptosystems; and
* U.S. Patent #6,278,783: DES and other cryptographic, processes
with leak minimization for smartcards and other cryptosystems.
So, it seemed, the time had come for Cryptography Research to go back to
the manufacturers with a licensing program. "We began talking to the chip
and card suppliers in the spring (2004)," said Mr. Rodgers. "They all knew
us so we were not coming from out of the blue."
Their message is clear. "You need a secure smart card and for a smart card
to be secure it needs to be secure against DPA attacks," says Mr. Rodgers.
"We want to be viewed as helping the industry against a major
vulnerability."
What does the licensing program really mean?
Cryptography Research expects companies utilizing the patented
countermeasures in their products to pay for its use. But with card
products, this could include several companies in the supply chain. The
chip manufacturer can employ the countermeasures, the card manufacturer as
well, and the card issuer certainly benefits as the end supplier of the
finished product. So who pays?
According to Mr. Rodgers, "we want (the licensing) to be cost appropriate
so only one party in the chain will pay. We don't care which phase (pays
the license) so it could be silicon or card manufacturers."
In reality, a large smart card manufacturer would likely want the
flexibility to choose from a variety of silicon manufacturers-both large
and small. Such a manufacturer says Mr. Rodgers, "may want to lock in the
price at a great rate. If they get it from a licensed silicon manufacturer,
they wouldn't pay again." In short, both chip and card suppliers may be
licensed but if a card manufacturer bought chips that had already been
licensed, they would not pay a second fee for the cards created with those
chips.
While it might seem difficult to manage such a process, the pool of
potential licensees is not large. According to Mr. Rodgers, "six
manufacturers account for about 96% of the chips and five smart card
manufacturers supply most of the cards."
The question of price
How much will the license fees cost? The company is being purposefully
vague as they are currently in the discussion phases with industry. Hinting
at the cost, Mr. Rodgers says, "we are trying to price this in a way that
gives us the appropriate amount of money for the value the technology
provides. We think smart cards are an excellent solution for certain
security applications and want to succeed along with the market."
He mentions that early adopters will receive favorable pricing to give them
a competitive advantage. As well, he suggested that they have discussed
amnesty for past cards issued without license fees, suggesting the
potential that they might seek reparations for products issued in the past.
Mr. Rodgers mentions that the company has "allocated $20 million to launch
and sustain the licensing program." As with any such program, some portion
of those dollars is certain to be earmarked for legal pursuits, either
reactive or proactive.
In summary, he says, "pricing terms will be appropriate for their (chip
and card manufacturers) business. We don't want this to have a negative
impact on the industry as that will ultimately hurt our business over the
long term."
About Cryptography Research:
According to Kit Rodgers, Cryptography Research develops and licenses
technology solutions, provides services, and conducts applied research to
solve some of the world's most complex data security problems. Founded in
1995, they help evaluate and design secure products in the financial
security sector and other industries, and are currently focused on helping
movie studios secure the forthcoming HD DVD and Blu-ray formats. The
company licenses technology in three main areas: DPA countermeasures,
CryptoFirewall� for set-top pay TV, and content protection mechanisms for
next-generation HD discs. To learn more visit them on the web at
www.cryptography.com.
Additional Resources:
To read an article on the DPA threat that appeared on CNET on June 10,
1998, click here.
To access a primer on Differential Power Analysis produced by Cryptography
Research, click here.
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From bill.stewart at pobox.com Mon Jan 10 12:41:45 2005
From: bill.stewart at pobox.com (Bill Stewart)
Date: Mon, 10 Jan 2005 12:41:45 -0800
Subject: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
In-Reply-To: <017630AA6DF2DF4EBC1DD4454F8EE29704776BFE@rsana-ex-hq1.NA.R
SA.NET>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776BFE@rsana-ex-hq1.NA.RSA.NET>
Message-ID: <6.0.3.0.0.20050110123254.03c44380@pop.idiom.com>
At 12:04 PM 1/10/2005, Trei, Peter wrote:
>For a gun to work, it is just as important that
>it fires when it should, as that it does not
>fire when it shouldn't. A safety system
>which delays firing by even half a second,
>or which introduces a significant false
>rejection rate (and 1% is way over the line),
>is a positive hazard.
I'd rather not have to rely on a gun that's
acting like typical Artificial Intelligence software
- "Out of Virtual Memory - Garbage-Collecting - Back in a minute"
- "Tea? You mean Leaves, boiled in water? That's a tough one!"
- "Low on Entropy - please wave the gun around and pull the trigger a few
times"
Police have enough problems with situations where guns are too slow,
such as a guy with a knife ten feet away,
and ostensibly smart guns that aren't reliable are really bad.
And slowly-responding guns just encourage cops to pull them out early
and start shooting early just in case,
which is the kind of thing most gun-grabbing liberals want to avoid.
----
Bill Stewart bill.stewart at pobox.com
From kelsey.j at ix.netcom.com Mon Jan 10 10:42:04 2005
From: kelsey.j at ix.netcom.com (John Kelsey)
Date: Mon, 10 Jan 2005 13:42:04 -0500 (GMT-05:00)
Subject: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
Message-ID: <30964839.1105382525691.JavaMail.root@bigbird.psp.pas.earthlink.net>
>From: "R.A. Hettinga"
>Sent: Jan 6, 2005 11:47 AM
>To: cryptography at metzdowd.com, cypherpunks at al-qaeda.net
>Subject: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
...
>Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
> By ANNE EISENBERG
I just wonder what the false negative rates are. Seem like a gun that has a 1% chance of refusing to fire when you *really need it* might not be worth all that much. Similarly, one that you can't get to work if you've got a band-aid on your finger, or a cut on your hand, or whatever, loses a lot of its value. On the other hand, a gun that can't be made to go off by your toddler is a pretty huge win, assuming you're willing to trust the technology, but a 90% accuracy level sounds to me like 10% of the time, your three year old can, in fact, cause the thing to go off. That's not worth much, but maybe they'll get it better. And the "suspect struggles with cop, gets gun, and shoots cop" problem would definitely be helped by a guy that wouldn't go off for 90% of attackers.
--John
From ptrei at rsasecurity.com Mon Jan 10 12:04:21 2005
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Mon, 10 Jan 2005 15:04:21 -0500
Subject: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
Message-ID: <017630AA6DF2DF4EBC1DD4454F8EE29704776BFE@rsana-ex-hq1.NA.RSA.NET>
John Kelsey
> >Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
> > By ANNE EISENBERG
>
> I just wonder what the false negative rates are. Seem like a
> gun that has a 1% chance of refusing to fire when you *really
> need it* might not be worth all that much. Similarly, one
> that you can't get to work if you've got a band-aid on your
> finger, or a cut on your hand, or whatever, loses a lot of
> its value. On the other hand, a gun that can't be made to go
> off by your toddler is a pretty huge win, assuming you're
> willing to trust the technology, but a 90% accuracy level
> sounds to me like 10% of the time, your three year old can,
> in fact, cause the thing to go off. That's not worth much,
> but maybe they'll get it better. And the "suspect struggles
> with cop, gets gun, and shoots cop" problem would definitely
> be helped by a guy that wouldn't go off for 90% of attackers.
>
> --John
A remarkable number of police deaths are 'own gun'
incidents, so the police do have a strong motivation
to use 'smart guns' if they are reliable.
In New Jersey, there is some kind of legislation
in place to restrict sales to 'smart guns', once
they exist. Other types would be banned. (Actually,
getting a carry permit in NJ is already almost
impossible, unless you're politically connected.)
This particular model seems to rely on pressure
sensors on the grip. This bothers me - under the
stress of a gunfight, you're likely to have a
somewhat different pattern than during the
enrollment process.
Many 'smart guns' also have big problems with
issues which arise in real life gun fights -
shooting from awkward positions behind cover,
one-handed vs two-handed, weak hand (righthander
using left hand, and vice versa, which can happen
if dictated by cover or injury), point vs
sighted shooting, and passing a gun to a disarmed
partner.
There are other systems which have been proposed;
magnetic or RFID rings, fingerprint sensors, etc.
The one thing that seems to be common to all of
the 'smart gun' designs is that they are
conceived by people with little experience in
how guns are actually used.
To look at a particularly ludicrous example, try
http://www.wmsa.net/other/thumb_gun.htm
For a gun to work, it is just as important that
it fires when it should, as that it does not
fire when it shouldn't. A safety system
which delays firing by even half a second,
or which introduces a significant false
rejection rate (and 1% is way over the line),
is a positive hazard.
When the police switch to smart guns, and
have used them successfully for some time
(say, a year at least) without problems,
I'll beleive them ready for prime time.
Peter Trei
From camera_lumina at hotmail.com Mon Jan 10 12:42:47 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Mon, 10 Jan 2005 15:42:47 -0500
Subject: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
In-Reply-To: <017630AA6DF2DF4EBC1DD4454F8EE29704776BFE@rsana-ex-hq1.NA.RSA.NET>
Message-ID:
And we'll probably have many years of non-Smart-Gun type accidents...eg,
Drunk guy at party put gun to his head and blew his own brains out, assuming
it was a smart gun, or, trailer park momma gives gun to toddler assuming its
a "safe" smart gun.
-TD
>From: "Trei, Peter"
>To: "John Kelsey" , "R.A. Hettinga"
>, ,
>
>Subject: RE: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
>Date: Mon, 10 Jan 2005 15:04:21 -0500
>
>John Kelsey
>
> > >Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
> > > By ANNE EISENBERG
> >
> > I just wonder what the false negative rates are. Seem like a
> > gun that has a 1% chance of refusing to fire when you *really
> > need it* might not be worth all that much. Similarly, one
> > that you can't get to work if you've got a band-aid on your
> > finger, or a cut on your hand, or whatever, loses a lot of
> > its value. On the other hand, a gun that can't be made to go
> > off by your toddler is a pretty huge win, assuming you're
> > willing to trust the technology, but a 90% accuracy level
> > sounds to me like 10% of the time, your three year old can,
> > in fact, cause the thing to go off. That's not worth much,
> > but maybe they'll get it better. And the "suspect struggles
> > with cop, gets gun, and shoots cop" problem would definitely
> > be helped by a guy that wouldn't go off for 90% of attackers.
> >
> > --John
>
>A remarkable number of police deaths are 'own gun'
>incidents, so the police do have a strong motivation
>to use 'smart guns' if they are reliable.
>
>In New Jersey, there is some kind of legislation
>in place to restrict sales to 'smart guns', once
>they exist. Other types would be banned. (Actually,
>getting a carry permit in NJ is already almost
>impossible, unless you're politically connected.)
>
>This particular model seems to rely on pressure
>sensors on the grip. This bothers me - under the
>stress of a gunfight, you're likely to have a
>somewhat different pattern than during the
>enrollment process.
>
>Many 'smart guns' also have big problems with
>issues which arise in real life gun fights -
>shooting from awkward positions behind cover,
>one-handed vs two-handed, weak hand (righthander
>using left hand, and vice versa, which can happen
>if dictated by cover or injury), point vs
>sighted shooting, and passing a gun to a disarmed
>partner.
>
>There are other systems which have been proposed;
>magnetic or RFID rings, fingerprint sensors, etc.
>
>The one thing that seems to be common to all of
>the 'smart gun' designs is that they are
>conceived by people with little experience in
>how guns are actually used.
>
>To look at a particularly ludicrous example, try
>http://www.wmsa.net/other/thumb_gun.htm
>
>For a gun to work, it is just as important that
>it fires when it should, as that it does not
>fire when it shouldn't. A safety system
>which delays firing by even half a second,
>or which introduces a significant false
>rejection rate (and 1% is way over the line),
>is a positive hazard.
>
>When the police switch to smart guns, and
>have used them successfully for some time
>(say, a year at least) without problems,
>I'll beleive them ready for prime time.
>
>Peter Trei
From ptrei at rsasecurity.com Mon Jan 10 14:23:33 2005
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Mon, 10 Jan 2005 17:23:33 -0500
Subject: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
Message-ID: <017630AA6DF2DF4EBC1DD4454F8EE29704776BFF@rsana-ex-hq1.NA.RSA.NET>
Justin wrote:
>
> On 2005-01-10T15:04:21-0500, Trei, Peter wrote:
> >
> > John Kelsey
> >
> > > >Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
> > > > By ANNE EISENBERG
> > >
> > > I just wonder what the false negative rates are. Seem like a
> >
> > A remarkable number of police deaths are 'own gun'
> > incidents, so the police do have a strong motivation
> > to use 'smart guns' if they are reliable.
>
> The NJ law specifically exempts the police from the smart gun
> requirement (which for civilians goes into effect in 2007 or 2008).
> Regardless, the legislature doesn't need to get involved for law
> enforcement to change their weapons policy and require "smart guns."
Cynically, I'm not the slightest bit suprised that the police
are exempted: 'safety for the government, not for the people'.
> False positives may also present a problem. If the only way to get an
> acceptable identification rate (99%, for instance) is to create a 50%
> false positive rate for unauthorized users, that's reduces utilitarian
> benefit by half.
A 1% false negative rate is too high. A 50% false positive rate is
*much* too high.
> "Smart guns" are a ploy to raise the cost of guns, make them require
> more maintenance, annoy owners, and as a result decrease gun
> ownership.
If it's combined with a rule to ban the transfer and/or
ownership of 'dumb' (ie, reliable) guns, then it's also
a backdoor gun confiscation policy.
I'm afraid that they may get away with it. Here in MA, the
only handguns which can legally be bought new are those on a
fairly short list compiled by the State Attorney General which
meet his arbitrary 'safety standards'. If I wanted, say, a
Pardini (a very expensive special purpose .22short target
pistol) I'm SOL. In fact, it's almost impossible for MA
residents to participate in some of the shooting sports
competitively, due to the AG's list.
Peter Trei
From eugen at leitl.org Mon Jan 10 09:02:21 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 10 Jan 2005 18:02:21 +0100
Subject: [IP] The DNA round-up on Cape Cod (fwd from dave@farber.net)
Message-ID: <20050110170221.GK9221@leitl.org>
----- Forwarded message from David Farber -----
From rah at shipwright.com Mon Jan 10 15:18:15 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 10 Jan 2005 18:18:15 -0500
Subject: Should Anarchists Take State Money?
Message-ID:
Mises Economics Blog
January 10, 2005
Should Anarchists Take State Money?
by Robert Murphy
A discussion on a private email list brought up a familiar topic: When is
it permissible for self-described anarchists (let's restrict ourselves here
to anarcho-capitalists) to take government money? This is a tricky
question, and I have yet to see someone offer a satisfactory list of
necessary and sufficient conditions. Usually when an-caps argue about this,
they end up shooting more and more refined analogies back and forth.
For example, to me it's not enough to say that any money spent in the
private sector is legitimate (vis-a-vis one's anarchism). I personally
would not feel justified in working for a Halliburton. However, what about
the guy who opens a Dunkin Donuts near a police station? Is he accepting
"government money"? Does it matter if he's in a podunk town with a sheriff
and a deputy, versus if he lives in LA and knows for a fact that several of
his customers beat the #$#)($* out of suspects?
A big problem in this area is education: Can anarcho-capitalist economists
take teaching posts at State schools? After all, the State intervenes
heavily in education, which is a perfectly laudable market institution. But
surely there are more teaching posts because of the State than there
otherwise would be. Does the an-cap professor have to estimate whether his
or her post would actually exist in the absence of State intervention, or
is that irrelevant?
Personally, I have decided that I will never work for an official State
school. If I really mean it when I refer (in LRC articles, for example) to
the State as "a gang of killers and thieves," then how can I possibly
associate with such people? Yes yes, there are millions of analogies and
counterarguments, but for me there is a definite line to be drawn at
actually being on the payroll. (I also wouldn't take welfare, for example,
even though in previous years I have put in a lot to the tax system.)
Before closing, I should say that in no way am I taking a holier than thou
stance. For example, I applied for the Stafford (unsubsidized!) loan in
grad school, even though the State technically coerced those lending
institutions into offering me such low rates. And I know a guy who is so
hard core about starving the beast, that he felt like a sellout when he
took a job on the books and had some of his paycheck withheld. (I.e. when
he worked under the table, then at least his money wasn't funding the
State's wars etc.)
But as far as State schools, I think there are a few other things that
people often leave out of the discussion. First, why would I want to throw
my talents into a State school? I would much rather work on the side of the
underdog, and every time I publish a paper or give a talk, I want a private
school to get the credit. (This also applies to whatever influence I have
on students; I don't want to enhance a State school's reputation by
churning out better-than-otherwise students, so long as I could do the same
at a private school.)
A second issue is a bit more subtle: When moderate Americans hear of an-cap
professors berating the existence of the State, while they work for the
State, I think two things happen. (A) They think, "What a hypocrite! These
ivory tower academics need to get in the real world before redesigning
society!" And (B), they think, "Our government is so open and tolerant! It
even employs academics who call for its abolition! I'm so glad I live here
and not under the Taliban."
(Again, this is not meant as a criticism of those who choose to work at
State schools. I'm just explaining my position.)
Posted by Murphy at January 10, 2005 08:08 AM
Comments
You're very lucky that you have private colleges where you live. Many have
no such choice. Then all one can do is firmly bite the hand that feeds.
Posted by: Sudha Shenoy at January 10, 2005 08:40 AM
Ayn Rand had an article that was instructive on this issue. She was asked
whether it was moral for someone to take a government-backed student loan.
She said it was, because the person receiving the loan had no moral duty to
abstain from receiving a benefit the government was giving to others. Rand
distinguished between such benefits and those who choose to work in the
government at jobs that had no function other than to violate individual
rights (I believe she cited the Federal Trade Commission as an example.)
The difference was between using a service that *should* be provided by the
public sector (i.e. the Postal Service) and those that could never exist in
a free market (i.e. monopoly regulators).
Of course, Rand was only addressing the ethical dilema; whether taking
state money is practical towards advancing one's particular interests or
ideology is a separate question.
Posted by: Skip Oliva at January 10, 2005 08:43 AM
Hans-Hoppe teaches at the University of Las Vegas, Nevada and Murray
Rothbard taught there before him. I do not see this as being hypocritical.
The main reason why is that if the government taxes and spends on
universities, it inevitably pushes private institutions out of the market
by charging artificially low tuition. Therefore, the number of available
positions at private universities is diminished, reducing opportunities for
non-public university professorships.
The bottom line is that the state has created a system in which there is
crime all around us. If we worried about "taking advantage" of this crime
all the time we probably wouldn't even step outside our front doors in the
morning, and we certainly wouldn't be driving on public roads.
On the other hand, there would definately be something wrong with say
becoming an IRS agent while claiming to be an anarcho-capitalist at the
same time.
Posted by: Steven Kane at January 10, 2005 08:44 AM
Actually I thought Rand's best contribution was this: "There is, of course,
a limitation on the moral right to take a government job: one must not
accept any job that demands ideological services, i.e., any job that
requires the use of one's mind to compose propaganda material in support of
welfare statism -- or any job in a regulatory administrative agency
enforcing improper, non-objective laws." (Objectivist, June 1966, sent by
Roderick Long)
Now, this is interesting. Many people think it might be a bad thing, for
example, for a libertarian to work for the INS or the IRS or some such, but
would be happy to take a job as a presidential speech writer. Somehow it is
usually assumed to be ok to do intellectual work but not ok to actually rob
and kill for the state. Rand seems to be saying that it is as bad or worse
to offer one's intellectual talents for propaganda reasons.
Posted by: Jeffrey at January 10, 2005 08:52 AM
I recently struggled with this problem. Here in Detroit the automotive
industry (most of the city) shuts down between Christmas and New Years
(because of the UAW contracts). For most this is a paid vacation but I am
currently a contract employee (The big three hire all new employees as
contractors first to avoid all the messy federal laws restricting their
right to fire people for being incompetent), so it was forced time off for
me. The problem is so common though that every contract employee is given a
small packet of information on how to solve the problem of losing wages
over the vacation: apply for unemployment.
I struggled for days, being an anarcho-capitalist, on whether or not it was
ethical to accept the state's welfare money. Sure, I think welfare is
robbery and wrong to the core but I am forced to pay in to it whether I
like it or not - so why not reclaim some of that money?
Ultimately I decided that it was ethical but I simply couldn't bring myself
to do it. Ethical maybe, but it still felt immoral to me. Having just
graduated from college and moved to a new place I could have really used
the money - but I just felt dirty about taking it.
Posted by: Adam H at January 10, 2005 10:15 AM
Here is Rothbard's point of view on this question: "The ground on which we
must stand, to be moral and rational in a state-run world is to: (1) work
and agi-tate as best we can, in behalf of liberty; (2) while working in the
matrix of our given world, to refuse to add to its sta-tism; and (3) to
refuse absolutely to participate in State activities that are immoral and
criminal per se."
Posted by: Jeffrey at January 10, 2005 10:26 AM
I worked for a small private startup at my last job. Even though we were
"private", most of our money came from government agencies/projects. I
think the public/private distinction can be misleading. What matters is
what interests you are serving. Are you serving people's voluntary wants
and needs or demand created by government regulation and taxes? I don't
think there's a clear cut answer in most situations.
Posted by: Danny Taggart at January 10, 2005 10:42 AM
Sam Bostaph wrote, on the list: "Murphy raises several questions--and gives
no answers to them. Then, he asserts personal preferences--with loose or no
reasoning to support them. He might as well be discussing choices from
menu."
I agree with Sam. And as I wrote on the list: "Bottom line: the
overwrought, over-agonized, over-thought attempts to justify one's way of
living in this imperfect world are simply pointless.
"First, libertarian employees of state universities might try to come up
with any number of justifications for why their chosen career is
"justified". But in the end, how many of them would quit if their little
libertarian calculus came out the wrong way? I think it's clear the answer
is near-zero. Clearly this is just make-weight argument; rationalization.
Strunk and White say, if you don't know how to pronounce a word, say it
loud! "Why compound ignorance with inaudibility?" Likewise, if you are
going to enter the game of life--in this mixed-state world, where some
careers one would choose in the free market are largely monopolized by the
state; where one must participate in state-decreed institutions and rules
in order to flourise, prosper, succeed, and survive--don't pussyfoot around
about it. Don't be embarrassed by it. Don't, for God's sake, *apologize*
for it. Remember Galt had the face without pain or fear or guilt. Those who
opppose the current malicious order are not to blame for it. They are -- we
are -- already victims. To insist that we victims -- *because* we are
victims (those who respect rights) -- have to suffer even further damage,
to restrict ourselves from career and business and life opportunities that,
ironically, our fellow men who do not agonize over the morality of their
choices, ... frankly, to my mind, it is ridiculous and obscene.
"Libertarianism at its essence distinguishes between victim and aggressor.
To whine and hand-wring about what one libertarianly can or cannot do in
this world -- when our non-libertarian enemies, yes enemies, do not give a
damn about it -- is, in my view, to equate victim with aggressor; to blame
the victim for trying to make it in the the nonlibertarian world he has
been thrust into; a world that is nonlibertarain specifically because of
the beliefs and actions of his fellow non-libertarian citizens. To say he
should have a higher standard of behavior than them is to add injury to
injury."
Murphy writes, "I personally would not feel justified in working for a
Halliburton." I suppose there are a few die-hard types out there whose
personal preferences would lead them to ever and ever greater personal
sacrifices so they feel they are living by some kind of moral principles or
something. But I find the entire notion that you *need*, in general, to
"justify" where you work is just a bit silly. I agree w/ Bostaph that
Murphy supplies no reasons for his assertions; why it's okay to set up a
donut shop selling to police, but not to "be on the payroll". Surely
Austrians are aware there is nothing economically special about the
"employee" relationship; just as political borders are just political and
not economically objective.
I believe it is not hypocritical to live in the real world, as a general
matter. What is hypocritical, in my view, is the pretense of some
libertarians that they work at their present state-related jobs *only*
because they have found a way to justify it. I would be a lot of money that
99% of these people would not quit their jobs, even if you could show them
their little pet proofs "justifying" the morality of their position is
flawed. So it's just a makeweight argument trotted out in a vain attempt to
show that one's chosen career is "justified"; but the only reason to do
this is the false notion that one's career *needs* justifying.
Posted by: Stephan Kinsella at January 10, 2005 11:21 AM
Jeffrey's quote from Rothbard (in particular, "(2) while working in the
matrix of our given world, to refuse to add to its sta-tism"), I believe,
answers the titular question perfectly.
Even if it is the case that, by starting from scratch, a better system
could be constructed, if our aim is the construction of that system, we
must recognize that we do not have the luxury of erasing the influences of
Marx, FDR, et al. Those who would change the system must necessarily work
within it, and if that means using U.S. Mint-coined money, so be it.
Posted by: Lowell at January 10, 2005 11:26 AM
Stephan,
Interesting points, although showing that something is moral or immoral,
legal or illegal, does not in any way show that one would stop doing it.
Everyone acts immorally numerous times each day. The fact that they know
they're acting such doesn't stop them from doing such. Good people try to
strive to be the best they can, presumeably.
Ultimately, everyone has to live with what they do, and with how other
people perceive what they do.
A good person is someone who tries to do what he thinks is moral. Such
people generally are engaged in careers they think moral. It will take a
lot of argument to convince them otherwise. However, if they can be
convinced of the immorality of their career, they will quit it (or cease
being good people).
An "evil" person is someone who does not bother to try doing what he
thinks is moral. That is, the person who knows what is moral, yet does not
abide by it. I would characterize Alan Greenspan as such a person.
Posted by: David Heinrich at January 10, 2005 11:36 AM
In an earlier post on this blog, I noted the example of Todd Zywicki, a law
professor who recently finished a stint as planning director at the FTC. In
his professorial role (at a state school, George Mason), Zywicki has
portrayed himself as a free-market champion. Yet during his FTC service, he
stood by and said nothing while the agency committed all sorts of
individual rights violations. This is the type of person who needs to be
condemned as evil--the man who poses as an ally of free markets, yet when
put in a position of authority does nothing to advance the cause.
Posted by: Skip Oliva at January 10, 2005 12:05 PM
I wonder what Ayn Rand would have thought of the fact that one of her
closest associates is now the person who is responsible for carrying out
the biggest inflationist institution in the world-and also propagates for
the usefullness of that institution.
Posted by: Stefan Karlsson at January 10, 2005 01:49 PM
Libertarians who work as speechwriters for the State do great damage. They
enable the interventionists to disguise their destructiveness with
positive-sounding rhetoric.
Posted by: JS Henderson at January 10, 2005 01:49 PM
Unless something great happens, the government is going to be stealing my
money and violating my rights until the day I die. I have no problem
getting some of that money back through subsidized loans and government
scholarships. Although I do believe it is disrespectful for the government
to sponsor a scholarship in Barry Goldwater's name, I am proud to be
nominated for it.
Posted by: Horatio at January 10, 2005 02:02 PM
As the for the private/state school arguments, private schools subsidized
by the state also. Kids complete the fafsa and receive pell grants, and
loans to go the both schools. We support the state in so many ways because
we enhance society and its members. I think you're justified if you work is
agaisnt the government, but not against the people.
Posted by: Andy D at January 10, 2005 03:50 PM
Stephan,
I agree w/ Bostaph that Murphy supplies no reasons for his assertions; why
it's okay to set up a donut shop selling to police, but not to "be on the
payroll".
Just to clarify, I didn't say it was OK to set up a donut shop. I asked if
it were (for those who think one can't work for Halliburton in good
conscience). My point here is not to lay out the definitive answer, but
rather to say that I think I could come up with particular examples that
would cast doubt upon any hard-and-fast rule people on either side give.
E.g. if an an-cap thinks there's no problem working for Halliburton, then
we can ask about a military company that exclusively supplies stuff to the
gov't.
I agree with Bostaph that I didn't give any answers; that's my point. (But
this implies of course that I didn't agree with the official positions both
of you took. As I recall, Bostaph said something like, "They aren't fair
with me, so I'm not going to worry about playing nice with them." That's
not the issue; no one is saying you shouldn't work for the State because it
might violate the rights of the tax man. Am I allowed to mug a guy walking
down the street because the IRS took my money?)
I didn't bring this up on the List because I thought this topic was getting
beaten to a pulp, but since you posted your response from there, let me
address something that concerned me:
To insist that we victims -- *because* we are victims (those who respect
rights) -- have to suffer even further damage, to restrict ourselves from
career and business and life opportunities that, ironically, our fellow men
who do not agonize over the morality of their choices, ... frankly, to my
mind, it is ridiculous and obscene.
Here you're just begging the question. Are you an innocent victim "(those
who respect rights)" if you work for the government? No one is arguing that
the victims of gov't abuse should hurt themselves even more so; the claim
is that victims of government abuse aren't thereby given a green light to
abuse third parties as compensation.
And finally, I don't see why you're disgusted that "our side" is worried
about choosing justified means. Isn't that what makes us libertarians, that
we worry about violating side constraints?
Posted by: RPM at January 10, 2005 04:04 PM
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From bill.stewart at pobox.com Mon Jan 10 18:27:50 2005
From: bill.stewart at pobox.com (Bill Stewart)
Date: Mon, 10 Jan 2005 18:27:50 -0800
Subject: Adware for Windows Media Player spreading by P2P
Message-ID: <6.0.3.0.0.20050110181748.03c8afe8@pop.idiom.com>
http://www.theregister.com/2004/12/31/p2p_adware_threat/
According to an article in The Register, Overpeer is spreading
adware-infected Windows Media Audio and Windows Media Video files via P2P.
PC World Magazine did some research, ran Etherpeek, and found that
the adware was going to Overpeer, which is owned by Loudeye,
who strongly defend the practice, saying music pirates deserve what they get.
Of course, what the article isn't mentioning is that
this means that the WMA and WMV file formats have features
that can be used with the Windows Media Player to support adware,
so a good chunk of the blame belongs back in Redmond.
(Remind me again why closed-source DRMware is a good idea?)
Now, it wouldn't bother me if the Windows Media Player's
silly trippy visuals that you get when playing audio
that doesn't have a video track were replaced by
some advertising video, as long as it's all self-contained
and doesn't phone home to tell advertisers what I'm listening to.
But this one seems to be pretty chatty.
----
Bill Stewart bill.stewart at pobox.com
From justin-cypherpunks at soze.net Mon Jan 10 13:51:06 2005
From: justin-cypherpunks at soze.net (Justin)
Date: Mon, 10 Jan 2005 21:51:06 +0000
Subject: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
In-Reply-To: <017630AA6DF2DF4EBC1DD4454F8EE29704776BFE@rsana-ex-hq1.NA.RSA.NET>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776BFE@rsana-ex-hq1.NA.RSA.NET>
Message-ID: <20050110215106.GA2630@arion.soze.net>
On 2005-01-10T15:04:21-0500, Trei, Peter wrote:
>
> John Kelsey
>
> > >Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
> > > By ANNE EISENBERG
> >
> > I just wonder what the false negative rates are. Seem like a
>
> A remarkable number of police deaths are 'own gun'
> incidents, so the police do have a strong motivation
> to use 'smart guns' if they are reliable.
The NJ law specifically exempts the police from the smart gun
requirement (which for civilians goes into effect in 2007 or 2008).
Regardless, the legislature doesn't need to get involved for law
enforcement to change their weapons policy and require "smart guns."
False positives may also present a problem. If the only way to get an
acceptable identification rate (99%, for instance) is to create a 50%
false positive rate for unauthorized users, that's reduces utilitarian
benefit by half.
Batteries go dead. Solder joints break. Transistors and capacitors go
bad. Pressure sensors jam. This is not the kind of technology I want
in something that absolutely, positively has to go boom if I want it to.
For handguns, I'll stick with pure mechanical mechanisms, thanks.
"Smart guns" are a ploy to raise the cost of guns, make them require
more maintenance, annoy owners, and as a result decrease gun ownership.
--
"War is the father and king of all, and some he shows as gods, others as men; some he makes slaves, others free." -Heraclitus 53
From justin-cypherpunks at soze.net Mon Jan 10 16:35:28 2005
From: justin-cypherpunks at soze.net (Justin)
Date: Tue, 11 Jan 2005 00:35:28 +0000
Subject: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
In-Reply-To:
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776BFE@rsana-ex-hq1.NA.RSA.NET>
Message-ID: <20050111003528.GA5192@arion.soze.net>
On 2005-01-10T15:42:47-0500, Tyler Durden wrote:
>
> And we'll probably have many years of non-Smart-Gun type accidents...eg,
> Drunk guy at party put gun to his head and blew his own brains out,
> assuming it was a smart gun, or, trailer park momma gives gun to toddler
> assuming its a "safe" smart gun.
Some gun "accidents" are suicides reported as such to avoid
embarrassment to the family. Similarly, I think a few of the gun
"accidents" involving real "children", which are extremely rare to begin
with, go like this...
"Son, why don't you take this gun and pretend to go shoot daddy? It's
not loaded." Or, "Son, why don't you take the gun, put it to your head,
and pull the trigger? It's not loaded."
I don't believe the article when it says that smart guns are useless if
stolen. What do they have, a tamper-proof memory chip storing a 128-bit
reprogramming authorization key that must be input via computer before
allowing a new person to be authorized? And what's to stop a criminal
from ripping out all the circuitry and the safety it engages?
--
"War is the father and king of all, and some he shows as gods, others as men;
some he makes slaves, others free." -Heraclitus 53
From ptrei at rsasecurity.com Tue Jan 11 07:07:22 2005
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Tue, 11 Jan 2005 10:07:22 -0500
Subject: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
Message-ID: <017630AA6DF2DF4EBC1DD4454F8EE29704776C01@rsana-ex-hq1.NA.RSA.NET>
Justin wrote:
>
> I don't believe the article when it says that smart guns are
> useless if
> stolen. What do they have, a tamper-proof memory chip
> storing a 128-bit
> reprogramming authorization key that must be input via computer before
> allowing a new person to be authorized? And what's to stop a criminal
> from ripping out all the circuitry and the safety it engages?
The 'stolen gun' problems most of the so-called 'smart gun' proposals
are trying to address are the situation when a cop's own gun is
taken from him and immediately used against him, or a kid finding
one in a drawer. A determined and resourceful person can, given
time, defeat them all. After all, a 'determined and resourceful
person can build a gun from scratch with a small machine shop,
and many do (its not automatically illegal).
I link below to an absolutely bizarre proposal - apparently real
and claimed to be existing in prototype - by an South African
inventor to make an unstealable gun. Amongst other weirdness,
it fires the specially manufactured cartridges by firing a
laser into the glass-backed primer. As a result removing
the electronics would make it unusable. You'd have to
hack it instead.
http://www.wmsa.net/other/thumb_gun.htm
This is a typical example of what I meant when I said that
'smart gun' proposals all come from people with zero
knowledge of how guns are used.
I strongly suspect that the gun in the picture is
a non-working prop.
Peter Trei
From camera_lumina at hotmail.com Tue Jan 11 07:11:34 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Tue, 11 Jan 2005 10:11:34 -0500
Subject: Should Anarchists Take State Money?
In-Reply-To:
Message-ID:
Hey! I just created a small replica of Rodan's "The Thinker" by sculpting it
out of my poop!
-TD
>From: "R.A. Hettinga"
>To: cypherpunks at al-qaeda.net
>Subject: Should Anarchists Take State Money?
>Date: Mon, 10 Jan 2005 18:18:15 -0500
>
>
>
>
>Mises Economics Blog
>
>
>January 10, 2005
>
>
>
>Should Anarchists Take State Money?
>
>by Robert Murphy
>
>A discussion on a private email list brought up a familiar topic: When is
>it permissible for self-described anarchists (let's restrict ourselves here
>to anarcho-capitalists) to take government money? This is a tricky
>question, and I have yet to see someone offer a satisfactory list of
>necessary and sufficient conditions. Usually when an-caps argue about this,
>they end up shooting more and more refined analogies back and forth.
>
>For example, to me it's not enough to say that any money spent in the
>private sector is legitimate (vis-a-vis one's anarchism). I personally
>would not feel justified in working for a Halliburton. However, what about
>the guy who opens a Dunkin Donuts near a police station? Is he accepting
>"government money"? Does it matter if he's in a podunk town with a sheriff
>and a deputy, versus if he lives in LA and knows for a fact that several of
>his customers beat the #$#)($* out of suspects?
>
>A big problem in this area is education: Can anarcho-capitalist economists
>take teaching posts at State schools? After all, the State intervenes
>heavily in education, which is a perfectly laudable market institution. But
>surely there are more teaching posts because of the State than there
>otherwise would be. Does the an-cap professor have to estimate whether his
>or her post would actually exist in the absence of State intervention, or
>is that irrelevant?
>
>Personally, I have decided that I will never work for an official State
>school. If I really mean it when I refer (in LRC articles, for example) to
>the State as "a gang of killers and thieves," then how can I possibly
>associate with such people? Yes yes, there are millions of analogies and
>counterarguments, but for me there is a definite line to be drawn at
>actually being on the payroll. (I also wouldn't take welfare, for example,
>even though in previous years I have put in a lot to the tax system.)
>
>Before closing, I should say that in no way am I taking a holier than thou
>stance. For example, I applied for the Stafford (unsubsidized!) loan in
>grad school, even though the State technically coerced those lending
>institutions into offering me such low rates. And I know a guy who is so
>hard core about starving the beast, that he felt like a sellout when he
>took a job on the books and had some of his paycheck withheld. (I.e. when
>he worked under the table, then at least his money wasn't funding the
>State's wars etc.)
>
>But as far as State schools, I think there are a few other things that
>people often leave out of the discussion. First, why would I want to throw
>my talents into a State school? I would much rather work on the side of the
>underdog, and every time I publish a paper or give a talk, I want a private
>school to get the credit. (This also applies to whatever influence I have
>on students; I don't want to enhance a State school's reputation by
>churning out better-than-otherwise students, so long as I could do the same
>at a private school.)
>
>A second issue is a bit more subtle: When moderate Americans hear of an-cap
>professors berating the existence of the State, while they work for the
>State, I think two things happen. (A) They think, "What a hypocrite! These
>ivory tower academics need to get in the real world before redesigning
>society!" And (B), they think, "Our government is so open and tolerant! It
>even employs academics who call for its abolition! I'm so glad I live here
>and not under the Taliban."
>
>(Again, this is not meant as a criticism of those who choose to work at
>State schools. I'm just explaining my position.)
>
>Posted by Murphy at January 10, 2005 08:08 AM
>
>Comments
>
>
>You're very lucky that you have private colleges where you live. Many have
>no such choice. Then all one can do is firmly bite the hand that feeds.
>
>Posted by: Sudha Shenoy at January 10, 2005 08:40 AM
>
>Ayn Rand had an article that was instructive on this issue. She was asked
>whether it was moral for someone to take a government-backed student loan.
>She said it was, because the person receiving the loan had no moral duty to
>abstain from receiving a benefit the government was giving to others. Rand
>distinguished between such benefits and those who choose to work in the
>government at jobs that had no function other than to violate individual
>rights (I believe she cited the Federal Trade Commission as an example.)
>The difference was between using a service that *should* be provided by the
>public sector (i.e. the Postal Service) and those that could never exist in
>a free market (i.e. monopoly regulators).
>
> Of course, Rand was only addressing the ethical dilema; whether taking
>state money is practical towards advancing one's particular interests or
>ideology is a separate question.
>
>Posted by: Skip Oliva at January 10, 2005 08:43 AM
>
>Hans-Hoppe teaches at the University of Las Vegas, Nevada and Murray
>Rothbard taught there before him. I do not see this as being hypocritical.
>The main reason why is that if the government taxes and spends on
>universities, it inevitably pushes private institutions out of the market
>by charging artificially low tuition. Therefore, the number of available
>positions at private universities is diminished, reducing opportunities for
>non-public university professorships.
>
>The bottom line is that the state has created a system in which there is
>crime all around us. If we worried about "taking advantage" of this crime
>all the time we probably wouldn't even step outside our front doors in the
>morning, and we certainly wouldn't be driving on public roads.
>
>On the other hand, there would definately be something wrong with say
>becoming an IRS agent while claiming to be an anarcho-capitalist at the
>same time.
>
>Posted by: Steven Kane at January 10, 2005 08:44 AM
>
>Actually I thought Rand's best contribution was this: "There is, of course,
>a limitation on the moral right to take a government job: one must not
>accept any job that demands ideological services, i.e., any job that
>requires the use of one's mind to compose propaganda material in support of
>welfare statism -- or any job in a regulatory administrative agency
>enforcing improper, non-objective laws." (Objectivist, June 1966, sent by
>Roderick Long)
>
>Now, this is interesting. Many people think it might be a bad thing, for
>example, for a libertarian to work for the INS or the IRS or some such, but
>would be happy to take a job as a presidential speech writer. Somehow it is
>usually assumed to be ok to do intellectual work but not ok to actually rob
>and kill for the state. Rand seems to be saying that it is as bad or worse
>to offer one's intellectual talents for propaganda reasons.
>
> Posted by: Jeffrey at January 10, 2005 08:52 AM
>
>I recently struggled with this problem. Here in Detroit the automotive
>industry (most of the city) shuts down between Christmas and New Years
>(because of the UAW contracts). For most this is a paid vacation but I am
>currently a contract employee (The big three hire all new employees as
>contractors first to avoid all the messy federal laws restricting their
>right to fire people for being incompetent), so it was forced time off for
>me. The problem is so common though that every contract employee is given a
>small packet of information on how to solve the problem of losing wages
>over the vacation: apply for unemployment.
>
>I struggled for days, being an anarcho-capitalist, on whether or not it was
>ethical to accept the state's welfare money. Sure, I think welfare is
>robbery and wrong to the core but I am forced to pay in to it whether I
>like it or not - so why not reclaim some of that money?
>
>Ultimately I decided that it was ethical but I simply couldn't bring myself
>to do it. Ethical maybe, but it still felt immoral to me. Having just
>graduated from college and moved to a new place I could have really used
>the money - but I just felt dirty about taking it.
>
>Posted by: Adam H at January 10, 2005 10:15 AM
>
>
> Here is Rothbard's point of view on this question: "The ground on which
>we
>must stand, to be moral and rational in a state-run world is to: (1) work
>and agi-tate as best we can, in behalf of liberty; (2) while working in the
>matrix of our given world, to refuse to add to its sta-tism; and (3) to
>refuse absolutely to participate in State activities that are immoral and
>criminal per se."
>
>Posted by: Jeffrey at January 10, 2005 10:26 AM
>
>I worked for a small private startup at my last job. Even though we were
>"private", most of our money came from government agencies/projects. I
>think the public/private distinction can be misleading. What matters is
>what interests you are serving. Are you serving people's voluntary wants
>and needs or demand created by government regulation and taxes? I don't
>think there's a clear cut answer in most situations.
>
>Posted by: Danny Taggart at January 10, 2005 10:42 AM
>
>Sam Bostaph wrote, on the list: "Murphy raises several questions--and gives
>no answers to them. Then, he asserts personal preferences--with loose or no
>reasoning to support them. He might as well be discussing choices from
>menu."
>
>I agree with Sam. And as I wrote on the list: "Bottom line: the
>overwrought, over-agonized, over-thought attempts to justify one's way of
>living in this imperfect world are simply pointless.
>
>"First, libertarian employees of state universities might try to come up
>with any number of justifications for why their chosen career is
>"justified". But in the end, how many of them would quit if their little
>libertarian calculus came out the wrong way? I think it's clear the answer
>is near-zero. Clearly this is just make-weight argument; rationalization.
>Strunk and White say, if you don't know how to pronounce a word, say it
>loud! "Why compound ignorance with inaudibility?" Likewise, if you are
>going to enter the game of life--in this mixed-state world, where some
>careers one would choose in the free market are largely monopolized by the
>state; where one must participate in state-decreed institutions and rules
>in order to flourise, prosper, succeed, and survive--don't pussyfoot around
>about it. Don't be embarrassed by it. Don't, for God's sake, *apologize*
>for it. Remember Galt had the face without pain or fear or guilt. Those who
>opppose the current malicious order are not to blame for it. They are -- we
>are -- already victims. To insist that we victims -- *because* we are
>victims (those who respect rights) -- have to suffer even further damage,
>to restrict ourselves from career and business and life opportunities that,
>ironically, our fellow men who do not agonize over the morality of their
>choices, ... frankly, to my mind, it is ridiculous and obscene.
>
> "Libertarianism at its essence distinguishes between victim and
>aggressor.
>To whine and hand-wring about what one libertarianly can or cannot do in
>this world -- when our non-libertarian enemies, yes enemies, do not give a
>damn about it -- is, in my view, to equate victim with aggressor; to blame
>the victim for trying to make it in the the nonlibertarian world he has
>been thrust into; a world that is nonlibertarain specifically because of
>the beliefs and actions of his fellow non-libertarian citizens. To say he
>should have a higher standard of behavior than them is to add injury to
>injury."
>
>Murphy writes, "I personally would not feel justified in working for a
>Halliburton." I suppose there are a few die-hard types out there whose
>personal preferences would lead them to ever and ever greater personal
>sacrifices so they feel they are living by some kind of moral principles or
>something. But I find the entire notion that you *need*, in general, to
>"justify" where you work is just a bit silly. I agree w/ Bostaph that
>Murphy supplies no reasons for his assertions; why it's okay to set up a
>donut shop selling to police, but not to "be on the payroll". Surely
>Austrians are aware there is nothing economically special about the
>"employee" relationship; just as political borders are just political and
>not economically objective.
>
>I believe it is not hypocritical to live in the real world, as a general
>matter. What is hypocritical, in my view, is the pretense of some
>libertarians that they work at their present state-related jobs *only*
>because they have found a way to justify it. I would be a lot of money that
>99% of these people would not quit their jobs, even if you could show them
>their little pet proofs "justifying" the morality of their position is
>flawed. So it's just a makeweight argument trotted out in a vain attempt to
>show that one's chosen career is "justified"; but the only reason to do
>this is the false notion that one's career *needs* justifying.
>
>Posted by: Stephan Kinsella at January 10, 2005 11:21 AM
>
>Jeffrey's quote from Rothbard (in particular, "(2) while working in the
>matrix of our given world, to refuse to add to its sta-tism"), I believe,
>answers the titular question perfectly.
>
>Even if it is the case that, by starting from scratch, a better system
>could be constructed, if our aim is the construction of that system, we
>must recognize that we do not have the luxury of erasing the influences of
>Marx, FDR, et al. Those who would change the system must necessarily work
>within it, and if that means using U.S. Mint-coined money, so be it.
>
>Posted by: Lowell at January 10, 2005 11:26 AM
>
>Stephan,
>
>Interesting points, although showing that something is moral or immoral,
>legal or illegal, does not in any way show that one would stop doing it.
>Everyone acts immorally numerous times each day. The fact that they know
>they're acting such doesn't stop them from doing such. Good people try to
>strive to be the best they can, presumeably.
>
>Ultimately, everyone has to live with what they do, and with how other
>people perceive what they do.
>
> A good person is someone who tries to do what he thinks is moral. Such
>people generally are engaged in careers they think moral. It will take a
>lot of argument to convince them otherwise. However, if they can be
>convinced of the immorality of their career, they will quit it (or cease
>being good people).
>
> An "evil" person is someone who does not bother to try doing what he
>thinks is moral. That is, the person who knows what is moral, yet does not
>abide by it. I would characterize Alan Greenspan as such a person.
>
> Posted by: David Heinrich at January 10, 2005 11:36 AM
>
>In an earlier post on this blog, I noted the example of Todd Zywicki, a law
>professor who recently finished a stint as planning director at the FTC. In
>his professorial role (at a state school, George Mason), Zywicki has
>portrayed himself as a free-market champion. Yet during his FTC service, he
>stood by and said nothing while the agency committed all sorts of
>individual rights violations. This is the type of person who needs to be
>condemned as evil--the man who poses as an ally of free markets, yet when
>put in a position of authority does nothing to advance the cause.
>
> Posted by: Skip Oliva at January 10, 2005 12:05 PM
>
>I wonder what Ayn Rand would have thought of the fact that one of her
>closest associates is now the person who is responsible for carrying out
>the biggest inflationist institution in the world-and also propagates for
>the usefullness of that institution.
>
>Posted by: Stefan Karlsson at January 10, 2005 01:49 PM
>
>Libertarians who work as speechwriters for the State do great damage. They
>enable the interventionists to disguise their destructiveness with
>positive-sounding rhetoric.
>
>Posted by: JS Henderson at January 10, 2005 01:49 PM
>
>Unless something great happens, the government is going to be stealing my
>money and violating my rights until the day I die. I have no problem
>getting some of that money back through subsidized loans and government
>scholarships. Although I do believe it is disrespectful for the government
>to sponsor a scholarship in Barry Goldwater's name, I am proud to be
>nominated for it.
>
>Posted by: Horatio at January 10, 2005 02:02 PM
>
>As the for the private/state school arguments, private schools subsidized
>by the state also. Kids complete the fafsa and receive pell grants, and
>loans to go the both schools. We support the state in so many ways because
>we enhance society and its members. I think you're justified if you work is
>agaisnt the government, but not against the people.
>
>Posted by: Andy D at January 10, 2005 03:50 PM
>
>Stephan,
>
>I agree w/ Bostaph that Murphy supplies no reasons for his assertions; why
>it's okay to set up a donut shop selling to police, but not to "be on the
>payroll".
>
>Just to clarify, I didn't say it was OK to set up a donut shop. I asked if
>it were (for those who think one can't work for Halliburton in good
>conscience). My point here is not to lay out the definitive answer, but
>rather to say that I think I could come up with particular examples that
>would cast doubt upon any hard-and-fast rule people on either side give.
>E.g. if an an-cap thinks there's no problem working for Halliburton, then
>we can ask about a military company that exclusively supplies stuff to the
>gov't.
>
>I agree with Bostaph that I didn't give any answers; that's my point. (But
>this implies of course that I didn't agree with the official positions both
>of you took. As I recall, Bostaph said something like, "They aren't fair
>with me, so I'm not going to worry about playing nice with them." That's
>not the issue; no one is saying you shouldn't work for the State because it
>might violate the rights of the tax man. Am I allowed to mug a guy walking
>down the street because the IRS took my money?)
>
>I didn't bring this up on the List because I thought this topic was getting
>beaten to a pulp, but since you posted your response from there, let me
>address something that concerned me:
>
>To insist that we victims -- *because* we are victims (those who respect
>rights) -- have to suffer even further damage, to restrict ourselves from
>career and business and life opportunities that, ironically, our fellow men
>who do not agonize over the morality of their choices, ... frankly, to my
>mind, it is ridiculous and obscene.
>
> Here you're just begging the question. Are you an innocent victim
>"(those
>who respect rights)" if you work for the government? No one is arguing that
>the victims of gov't abuse should hurt themselves even more so; the claim
>is that victims of government abuse aren't thereby given a green light to
>abuse third parties as compensation.
>
>And finally, I don't see why you're disgusted that "our side" is worried
>about choosing justified means. Isn't that what makes us libertarians, that
>we worry about violating side constraints?
>
>
>
>Posted by: RPM at January 10, 2005 04:04 PM
>
>
>--
>-----------------
>R. A. Hettinga
>The Internet Bearer Underwriting Corporation
>44 Farquhar Street, Boston, MA 02131 USA
>"... however it may deserve respect for its usefulness and antiquity,
>[predicting the end of the world] has not been found agreeable to
>experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From adam at homeport.org Tue Jan 11 07:48:12 2005
From: adam at homeport.org (Adam Shostack)
Date: Tue, 11 Jan 2005 10:48:12 -0500
Subject: Simson Garfinkel analyses Skype - Open Society Institute
Message-ID:
>From owner-cryptography+eugen=leitl.org at metzdowd.com Thu Jan 27 01:04:39
2005
User-Agent: Mutt/1.4.2i
On Mon, Jan 10, 2005 at 08:33:41PM -0800, David Wagner wrote:
| In article <41E07994.5060004 at systemics.com> you write:
| >Voice Over Internet Protocol and Skype Security
| >Simson L. Garfinkel
|
>http://www.soros.org/initiatives/information/articles_publications/articles/
security_20050107/OSI_Skype5.pdf
|
| >Is Skype secure?
|
| The answer appears to be, "no one knows". The report accurately reports
| that because the security mechanisms in Skype are secret, it is impossible
| to analyze meaningfully its security. Most of the discussion of the
| potential risks and questions seems quite good to me.
|
| But in one or two places the report says things like "A conversation on
| Skype is vastly more private than a traditional analog or ISDN telephone"
| and "Skype is more secure than today's VoIP systems". I don't see any
| basis for statements like this. Unfortunately, I guess these sorts of
| statements have to be viewed as blind guesswork. Those claims probably
| should have been omitted from the report, in my opinion -- there is
| really no evidence either way. Fortunately, these statements are the
| exception and only appear in one or two places in the report.
The basis for these statements is what the other systems don't do. My
Vonage VOIP phone has exactly zero security. It uses the SIP-TLS
port, without encryption. It doesn't encrypt anything. So, its easy
to be more secure than that. So, while it may be bad cryptography, it
is still better than the alternatives. Unfortunately.
Adam
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
----- Forwarded message from Peter Gutmann -----
From socket0 at gmail.com Tue Jan 11 02:56:48 2005
From: socket0 at gmail.com (Anton Raath)
Date: Tue, 11 Jan 2005 11:56:48 +0100
Subject: Google Exposes Web Surveillance Cams
In-Reply-To: <20050109202016.GA22497@positron.jfet.org>
References: <20050109192412.GR9221@leitl.org>
<20050109202016.GA22497@positron.jfet.org>
Message-ID: <6c63fcce05011102564e01f38a@mail.gmail.com>
Riad S. Wahby wrote:
> I love how all of the coverage leaves out the actual search strings, as
> if it's hard to discover what they are at this point.
A fairly comprehensive list of search strings per camera/manufacturer
can be found here:
http://www.i-hacked.com/Computer-Components/Software-Internet/Finding-Online-Webcams!.html
A!
--
==================================================
anton l. raath http://raath.org/
==================================================
Do not go gentle into that good night,
Old age should burn and rave at close of day;
Rage, rage against the dying of the light.
-- Dylan Thomas
==================================================
From ptrei at rsasecurity.com Tue Jan 11 09:05:15 2005
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Tue, 11 Jan 2005 12:05:15 -0500
Subject: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
Message-ID: <017630AA6DF2DF4EBC1DD4454F8EE29704776C03@rsana-ex-hq1.NA.RSA.NET>
Justin wrote:
> On 2005-01-11T10:07:22-0500, Trei, Peter wrote:
>> Justin wrote:
>>>
>>> I don't believe the article when it says that smart guns
>>> are useless if stolen. What do they have, a tamper-proof
>>> memory chip storing a 128-bit reprogramming authorization
>>> key that must be input via computer before allowing a new
>>> person to be authorized? And what's to stop a criminal from
>>> ripping out all the circuitry and the safety it engages?
>>
>> The 'stolen gun' problems most of the so-called 'smart gun'
>> proposals are trying to address are the situation when a
>> cop's own gun is taken from him and immediately used against
>> him, or a kid finding one in a drawer. A determined and
>> resourceful person can, given time, defeat them all.
>
> from the article:
> "Guns taken from a home during a robbery would be rendered
> useless, too."
That statement, in the OA, is not a quote - it's either
something the author dreamed up, or (in context) BS fed
her by a NJ cop
So, we've established that a NYT journalist, writing on
a subject she probably knows nothing about, will regurgitate
any naively plausible bullshit she's fed. What else is new?
My statement that there are a significant number of cops
killed by their own guns, and a small but tragic number
of people killed accidentally playing with improperly stored
guns they find, remains true. These 'smart guns' could
reduce that problem, but making them mandatory is a
threat to freedom.
>>> The South African Smart gun...
>> http://www.wmsa.net/other/thumb_gun.htm
> Totally useless. Failure modes and various other complaints:
I laughed when I saw this (my first thought was "How
could anyone practice enough to maintain proficiency?")
I was later appalled when I found a colleague using
it as an example in a presentation on biometrics.
I also strongly expect that Mr. van Zyl does not
have a functioning device - this is vaporware of
some kind.
Peter Trei
From rah at shipwright.com Tue Jan 11 09:32:49 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 11 Jan 2005 12:32:49 -0500
Subject: Simple snoop-proof email launched
Message-ID:
New Scientist
Simple snoop-proof email launched
16:04 11 January 2005
NewScientist.com news service
Will Knight
Software that aims to make encrypted email communications simple enough
for even computer novices to use was released on Tuesday.
Encryption is the science of securing communications against eavesdropping
by converting the content of a message into a code, or cipher, which can
only be unlocked using a secret "key". But modern cryptography often
involves using complex mathematical algorithms and convoluted key exchanges
to protect messages against skilled code-crackers.
Ciphire, developed by Ciphire Labs in Munich, Germany, uses a technique
called "public key cryptography" to sign and encrypt email messages. Once
loaded on to a computer hard drive the software performs all of the complex
tasks involved behind the scenes. Ciphire also works with almost any email
software client - like Microsoft Outlook, for example - without requiring
prior configuration.
"The real benefit is the ease of use," says Laird Brown, chief strategist
at Ciphire. "Everything is automated, so it's much like a virus scanner. It
just sits quietly in the background."
Brown told New Scientist the security of the system has also undergone
rigorous testing. "From a security perspective, we've taken it as far as we
can," he says. The program is being offered free for non-commercial use and
can be used by companies for a licence fee.
Virtual invisibility
Once installed on a PC, Ciphire runs in the background in conjunction with
an email client program. It intercepts email after the "send" button is
pressed but before the email leaves the computer, and intercepts incoming
email before it is formally received by the email program, making it
virtually invisible to the user.
The program automatically manages the creation of a set of public and
private cryptographic keys, simply prompting the user for a password from
which the keys are generated. The public key is sent to Ciphire's servers
and the private one is stored safely on the user's machine.
The two keys are mathematically linked in such a way that two independent
parties can communicate securely without first exchanging secret keys. A
private key can be combined with another person's public key to create an
encrypted message that can be deciphered using the corresponding public and
private pair.
Each time a message is sent Ciphire checks with its servers to see if the
recipient already has their own public key. If they do, the program uses
this to encrypt the message. At the other end of the exchange, the
recipient's version of the program should automatically retrieve the
sender's public key and perform the necessary decryption.
If the recipient does not have a key pair the program simply "signs" a
message - this key allows the recipient to confirm an email's authenticity
but does not protect it from eavesdroppers.
Unique signatures
The keys kept on Ciphire's servers are also utilised to generate coded
signatures unique to the content of each email message sent using the
system. If the content of a message is intercepted and altered somewhere
between being sent and received - this signature will not be the same,
alerting users to the tampering. Brown says this makes it virtually
impossible for anyone - including Ciphire itself - to change keys without
users becoming aware.
Ciphire had several independent cryptography experts audit the software and
made modifications based on their recommendations. Russ Housley, of US
company Vigil Security, who performed a study of the software, says that it
stood up to scrutiny.
"The security provided by Ciphire is very robust," he told New Scientist.
"In every situation, the designers have chosen the strongest possible
cryptographic algorithms and the longest possible key sizes."
Housley notes that Ciphire combines several encryption algorithms. This
means messages should remain secure even if a fundamental flaw should
emerge in one of the algorithms.
"This is like holding your pants up with both a belt and suspenders," he
says. "If one fails, your pants still stay up."
But Housley adds that the main advantage of the software is its simplicity.
"If it is difficult to use, then it will not be used," he says.
"Transparency is vital for acceptance by users."
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From rah at shipwright.com Tue Jan 11 09:34:16 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 11 Jan 2005 12:34:16 -0500
Subject: The Secret Lives of Just About Everybody
Message-ID:
The New York Times
January 11, 2005
The Secret Lives of Just About Everybody
By BENEDICT CAREY
One mislaid credit card bill or a single dangling e-mail message on the
home computer would have ended everything: the marriage, the big-time
career, the reputation for decency he had built over a lifetime.
So for more than 10 years, he ruthlessly kept his two identities apart: one
lived in a Westchester hamlet and worked in a New York office, and the
other operated mainly in clubs, airport bars and brothels. One warmly
greeted clients and waved to neighbors, sometimes only hours after the
other had stumbled back from a "work" meeting with prostitutes or cocaine
dealers.
In the end, it was a harmless computer pop-up advertisement for security
software, claiming that his online life was being "continually monitored,"
that sent this New York real estate developer into a panic and to a
therapist.
The man's double life is an extreme example of how mental anguish can
cleave an identity into pieces, said his psychiatrist, Dr. Jay S. Kwawer,
director of clinical education at the William Alanson White Institute in
New York, who discussed the case at a recent conference.
But psychologists say that most normal adults are well equipped to start a
secret life, if not to sustain it. The ability to hold a secret is
fundamental to healthy social development, they say, and the desire to
sample other identities - to reinvent oneself, to pretend - can last well
into adulthood. And in recent years researchers have found that some of the
same psychological skills that help many people avoid mental distress can
also put them at heightened risk for prolonging covert activities.
"In a very deep sense, you don't have a self unless you have a secret, and
we all have moments throughout our lives when we feel we're losing
ourselves in our social group, or work or marriage, and it feels good to
grab for a secret, or some subterfuge, to reassert our identity as somebody
apart," said Dr. Daniel M. Wegner, a professor of psychology at Harvard. He
added, "And we are now learning that some people are better at doing this
than others."
Although the best-known covert lives are the most spectacular - the
architect Louis Kahn had three lives; Charles Lindbergh reportedly had two
- these are exaggerated examples of a far more common and various behavior,
psychologists say. Some people gamble on the sly, or sample drugs. Others
try music lessons. Still others join a religious group. They keep mum for
different reasons.
And there are thousands of people - gay men and women who stay in
heterosexual marriages, for example - whose shame over or denial of their
elemental needs has set them up for secretive excursions into other worlds.
Whether a secret life is ultimately destructive, experts find, depends both
on the nature of the secret and on the psychological makeup of the
individual.
Psychologists have long considered the ability to keep secrets as central
to healthy development. Children as young as 6 or 7 learn to stay quiet
about their mother's birthday present. In adolescence and adulthood, a
fluency with small social lies is associated with good mental health. And
researchers have confirmed that secrecy can enhance attraction, or as Oscar
Wilde put it, "The commonest thing is delightful if only one hides it."
In one study, men and women living in Texas reported that the past
relationships they continued to think about were most often secret ones. In
another, psychologists at Harvard found that they could increase the
attraction between male and female strangers simply by encouraging them to
play footsie as part of a lab experiment.
The urge to act out an entirely different persona is widely shared across
cultures as well, social scientists say, and may be motivated by curiosity,
mischief or earnest soul-searching. Certainly, it is a familiar tug in the
breast of almost anyone who has stepped out of his or her daily life for a
time, whether for vacation, for business or to live in another country.
"It used to be you'd go away for the summer and be someone else, go away
to camp and be someone else, or maybe to Europe and be someone else" in a
spirit of healthy experimentation, said Dr. Sherry Turkle, a sociologist at
the Massachusetts Institute of Technology. Now, she said, people regularly
assume several aliases on the Internet, without ever leaving their
armchair: the clerk next door might sign on as bill at aol.com but also cruise
chat rooms as Armaniguy, Cool Breeze and Thunderboy.
Most recently, Dr. Turkle has studied the use of online interactive games
like Sims Online, where people set up families and communities. She has
conducted detailed interviews with some 200 regular or occasional players,
and says many people use the games as a way to set up families they wish
they had, or at least play out alternative versions of their own lives.
One 16-year-old girl who lives with an abusive father has simulated her
relationship to him in Sims Online by changing herself, variously, into a
16-year-old boy, a bigger, stronger girl and a more assertive personality,
among other identities. It was as a more forceful daughter, Dr. Turkle
said, that the girl discovered she could forgive her father, if not change
him.
"I think what people are doing on the Internet now," she said, "has deep
psychological meaning in terms of how they're using identities to express
problems and potentially solve them in what is a relatively
consequence-free zone."
Yet out in the world, a consequence-rich zone, studies find that most
people find it mentally exhausting to hold onto inflammatory secrets - much
less lives - for long. The very act of trying to suppress the information
creates a kind of rebound effect, causing thoughts of an affair, late-night
excursions or an undisclosed debt to flood the consciousness, especially
when a person who would be harmed by disclosure of the secret is nearby.
Like a television set in a crowded bar, the concealed episode seems to play
on in the mind, attracting attention despite conscious efforts to turn
away. The suppressed thoughts even recur in dreams, according to a study
published last summer.
The strength of this effect undoubtedly varies from person to person,
psychiatrists say. In rare cases, when people are pathologically
remorseless, they do not care about or even perceive the potential impact
of a secret on others, and therefore do not feel the tension of keeping it.
And those who are paid to live secret lives, like intelligence agents, at
least know what they have signed up for and have clear guidelines to tell
them how much they can reveal to whom.
But in a series of experiments over the past decade, psychologists have
identified a larger group they call repressors, an estimated 10 to 15
percent of the population, who are adept at ignoring or suppressing
information that is embarrassing to them and thus well equipped to keep
secrets, some psychologists say.
Repressors score low on questionnaires that measure anxiety and
defensiveness - reporting, for example, that they are rarely resentful,
worried about money, or troubled by nightmares and headaches. They think
well of themselves and don't sweat the small stuff.
Although little is known about the mental development of such people, some
psychologists believe they have learned to block distressing thoughts by
distracting themselves with good memories. Over time - with practice, in
effect - this may become habitual, blunting their access to potentially
humiliating or threatening memories and secrets.
"This talent is likely to serve them well in the daily struggle to avoid
unwanted thoughts of all kinds, including unwanted thoughts that arise from
attempts to suppress secrets in the presence of others," Dr. Wegner, of
Harvard, said in an e-mail message.
The easier it is to silence those thoughts and the longer the covert
activity can go on, the harder it may be to confess later on.
In some cases, far stronger forces are at work in shaping secret lives.
Many gay men and some lesbians marry heterosexual partners before working
out their sexual identity, or in defiance of it. The aim is to please
parents, to cover their own shame or to become more acceptable to
themselves and society at large, said Dr. Richard A. Isay, a psychiatrist
at Cornell University who has provided therapy to many closeted gay men.
Very often, he said, these men struggle not to act on their desires, and
they begin secret lives in desperation. This eventually forces agonizing
decisions about how to live with, or separate from, families they love.
"I know that I did not pursue the orientation that I have, and know that I
have always been as I am now," one man wrote in a letter published in Dr.
Isay's book "Becoming Gay." "I know that it becomes more difficult to live
in the lonely shell that I do now, but can see no way out of it."
When exposure of a secret life will destroy or forever poison the public
one, people must either come clean and choose, or risk mental breakdown,
many therapists say.
Dr. Seth M. Aronson, an assistant professor of psychiatry at Mount Sinai
School of Medicine, has treated a pediatrician with a small child and a
wife at home who was sneaking off at night to bars, visiting prostitutes
and even fighting with some of the women's pimps.
At one session, the man was so drunk he passed out; at another, he brought
a prostitute with him. "It was one of those classic splits, where the wife
was perfect and wonderful but he was demeaning these other women," and the
two lives could not coexist for long, Dr. Aronson said.
In a famous paper on the subject of double lives, published in 1960, the
English analyst Dr. Donald W. Winnicott argued that a false self emerged in
particular households where children are raised to be so exquisitely tuned
to the expectations of others that they become deaf to their own longings
and needs.
"In effect, they bury a part of themselves alive," said Dr. Kwawer of the
White Institute.
The pediatrician treated by Dr. Aronson, for example, grew up in a
fundamentalist Christian household in which his mother frequently and
disapprovingly compared him to his uncle, who was a rogue and a drinker.
Dr. Kwawer's patient, the real estate developer, had parents who frowned on
almost any expression of appetite, and imprinted their son with a strong
sense of upholding the family image. He married young, in part to please
his parents.
Both men are still getting psychotherapy but now live one life apiece,
their therapists say. The pediatrician has curtailed his extracurricular
activities, returned home mentally and confessed some of his troubles to
his wife. The real estate developer has separated from his wife, but lives
close by and helps with the children. The break caused a period of
depression for everyone involved, Dr. Kwawer said, but the man now has
renewed energy at work, and has reconnected with friends and his children.
The secret trysts have stopped, as has the drug use, and he feels he has
his life back.
"Contrary to what many people assume," Dr. Kwawer said, "quite often a
secret life can bring a more lively, more intimate, more energized part of
themselves out of the dark."
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From jrandom at i2p.net Tue Jan 11 13:03:10 2005
From: jrandom at i2p.net (jrandom)
Date: Tue, 11 Jan 2005 13:03:10 -0800
Subject: [i2p] weekly status notes [jan 11]
Message-ID:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi y'all, time for the weekly update
* Index
1) Net status
2) 0.5 progress
3) 0.6 status
4) azneti2p
5) fbsd
6) hosts.txt as WoT
7) ???
* 1) Net status
Overall the net is handling itself well, though we had some problems
with one of the irc servers being offline and my outproxy acting up.
However, the other irc server was (and still is) around (though at
the moment doesn't have CTCP disabled - see [1]), so we were able to
satiate our need for irc :)
[1] http://ugha.i2p/HowTo/IrcAnonymityGuide
* 2) 0.5 progress
There's progress, ever onwards! Ok, I suppose I should get into a
little more detail than that. I've finally got the new tunnel
routing crypto implemented and tested (yay!), but during some
discussions we found a place where there could be one level of
anonymity leak, so its being revised (the first hop would have
known they were the first hop, which is Bad. but really really
easy to fix). Anyway, I hope to get the docs and code on that
updated and posted soon, and docs on the rest of the 0.5 tunnel
operation / pooling / etc posted later. More news when there's
more news.
* 3) 0.6 status
(what!?)
Mule has begun investigations into the UDP transport, and we've
been mining zab for his experiences with limewire's UDP code.
Its all very promising, but much work to be done (and still
several months out on the roadmap [2]). Got some inspiration or
suggestions? Get involved and help focus it towards what needs to
be done!
[2] http://www.i2p.net/roadmap#0.6
* 4) azneti2p
I almost wet my pants when I got the info, but it looks like the
folks at azureus have written up an I2P plugin, allowing both
anonymous tracker usage and anonymous data comm! Multiple
torrents work within a single I2P destination too, and it uses
the I2PSocket directly, allowing tight integration with the
streaming lib. The azneti2p plugin is still in the early stages
with this 0.1 release, and there are lots of optimizations and ease
of use improvements coming down the pipe, but if you're up for
getting your hands dirty, swing by i2p-bt on the i2p irc networks
and get in on the fun :)
For the adventurus types, get the latest azureus [3], check their
i2p howto [4], and snag the plugin [5].
[3] http://azureus.sourceforge.net/index_CVS.php
[4] http://azureus.sourceforge.net/doc/AnonBT/i2p/I2P_howto.htm
[5] http://azureus.sourceforge.net/plugin_details.php?plugin=azneti2p
duck has been taking heroic measures to keep compatability with
i2p-bt, and there is frantic hacking in #i2p-bt as I type this, so
keep an eye out for a new i2p-bt release Real Soon Now.
* 5) fbsd
Thanks to the work of lioux, there's now a freebsd ports entry for
i2p [6]. While we aren't really looking to have lots of
distro-specific installs out there, he promises to keep it updated
when we give sufficient notice for new release. This should be
helpful for fbsd-current folks - thanks lioux!
[6] http://www.freshports.org/net/i2p/
* 6) hosts.txt as WoT
Now that the 0.4.2.6 release has bundled in Ragnarok's addressbook,
the process of keeping your hosts.txt populated with new entries is
in every user's control. Not only that, but you can view the
addressbook subscriptions as a poor-man's web of trust - you import
new entries from a site you trust to introduce you to new
destinations (defaults being dev.i2p and duck.i2p).
With this capacity comes a whole new dimension - the ability for
people to choose what sites to essentially link to in their
hosts.txt and which ones not to. While there is a place for the
public free-for-all that has occurred in the past, now that the
naming system is not just in theory but in practice fully
distributed, people will need to figure out their own policies on
publishing other people's destinations.
The important part behind the scenes here is that this is a learning
opportunity for the I2P community. Before, both gott and I were
trying to help push the naming issue by publishing gott's site as
jrandom.i2p (he asked for that site first - I did not, and have no
control whatsoever as to the contents of that URL). Now we may
begin to explore how we are going to deal with sites not listed in
the http://dev.i2p.net/i2p/hosts.txt or on forum.i2p. Not being
posted on those locations doesn't prevent in any way a site from
operating - your hosts.txt is just your local address book.
Anyway, enough babbling, I just wanted to put people on notice so
we can all see what is to be done.
* 7) ???
Yowza, thats a lot of stuff. Busy week, and I don't forsee things
slowing down anytime soon. So, swing on by the meeting in a few
minutes and we can talk about stuff.
=jr
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB5D2EGnFL2th344YRAoMnAJsHxgRyB3eydlqKiCy54CYzRCEbsQCfRWV0
ItUMfG4sTnmRKk5m2u9Yxjg=
=cJJx
-----END PGP SIGNATURE-----
_______________________________________________
i2p mailing list
i2p at i2p.net
http://i2p.dnsalias.net/mailman/listinfo/i2p
----- End forwarded message -----
--
Eugen* Leitl leitl
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
From justin-cypherpunks at soze.net Tue Jan 11 08:02:05 2005
From: justin-cypherpunks at soze.net (Justin)
Date: Tue, 11 Jan 2005 16:02:05 +0000
Subject: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
In-Reply-To: <017630AA6DF2DF4EBC1DD4454F8EE29704776C01@rsana-ex-hq1.NA.RSA.NET>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776C01@rsana-ex-hq1.NA.RSA.NET>
Message-ID: <20050111160205.GA3676@arion.soze.net>
On 2005-01-11T10:07:22-0500, Trei, Peter wrote:
> Justin wrote:
> >
> > I don't believe the article when it says that smart guns are useless
> > if stolen. What do they have, a tamper-proof memory chip storing a
> > 128-bit reprogramming authorization key that must be input via
> > computer before allowing a new person to be authorized? And what's
> > to stop a criminal from ripping out all the circuitry and the safety
> > it engages?
>
> The 'stolen gun' problems most of the so-called 'smart gun' proposals
> are trying to address are the situation when a cop's own gun is taken
> from him and immediately used against him, or a kid finding one in a
> drawer. A determined and resourceful person can, given time, defeat
> them all.
from the article:
"Guns taken from a home during a robbery would be rendered useless, too."
The South African Smart gun...
> http://www.wmsa.net/other/thumb_gun.htm
Totally useless. Failure modes and various other complaints:
-cannot connect to cellular network
-cannot receive GPS signal
-out of batteries
-laser diode craps out
-fingerprint scanner takes more than 0 time to use.
-ammunition is more expensive
-"window" in ammunition can be dirty or fogged, causing failure
-any sort of case failure will probably destroy the electronics
-will never be as small as subcompact firearms
-if smartcard is stolen, gun won't fire (other "smart guns" use rings)
-all the electronic tracing capability requires gun/ammo registration
I'd almost rather have a taser.
What assurance do I have that the circuitry won't malfunction and fire
when I don't want it to? What if a HERF gun can not only render the gun
useless, but make it fire as well?
--
"War is the father and king of all, and some he shows as gods, others as men;
some he makes slaves, others free." -Heraclitus 53
From eugen at leitl.org Tue Jan 11 13:09:59 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 11 Jan 2005 22:09:59 +0100
Subject: [i2p] weekly status notes [jan 11] (fwd from jrandom@i2p.net)
Message-ID: <20050111210958.GX9221@leitl.org>
----- Forwarded message from jrandom -----
From pgut001 at cs.auckland.ac.nz Tue Jan 11 08:00:29 2005
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Wed, 12 Jan 2005 05:00:29 +1300
Subject: Simson Garfinkel analyses Skype - Open Society Institute
Message-ID:
David Wagner writes:
>>Is Skype secure?
>
>The answer appears to be, "no one knows".
There have been other posts about this in the past, even though they use
known
algorithms the way they use them is completely homebrew and horribly
insecure:
Raw, unpadded RSA, no message authentication, no key verification, no replay
protection, etc etc etc. It's pretty much a textbook example of the problems
covered in the writeup I did on security issues in homebrew VPNs last year.
(Having said that, the P2P portion of Skype is quite nice, it's just the
security area that's lacking. Since the developers are P2P people, that's
somewhat understandable).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
----- End forwarded message -----
--
Eugen* Leitl leitl
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
From bill.stewart at pobox.com Wed Jan 12 13:59:53 2005
From: bill.stewart at pobox.com (Bill Stewart)
Date: Wed, 12 Jan 2005 13:59:53 -0800
Subject: [IP] No expectation of privacy in public? In a pig's eye!
(fwd from dave@farber.net)
In-Reply-To: <41E58903.9050906@rant-central.com>
References: <20050112200116.GA9221@leitl.org>
<41E58903.9050906@rant-central.com>
Message-ID: <6.0.3.0.0.20050112124900.03a2d990@pop.idiom.com>
At 12:30 PM 1/12/2005, Roy M. Silvernail wrote:
>Just out of curiosity, if the man doesn't need a warrent
>to place a surveilance device, shouldn't it be within your rights
>to tamper with, disable or remove such a device if you discover one?
Do you mean that if you discover an unsolicited gift of
consumer electronics attached to your car,
do you have the right to play with it just as you would if
it came in the mail? I would certainly expect so...
On the other hand, if it appears to be a lost item,
you could be a good public citizen and take it to the police
to see if anybody claims it...
"GPS tracker" is an ambiguous description, though.
GPS devices detect where they are, but what next?
A device could record where it was, for later collection,
or it could transmit its position to a listener.
Tampering with existing recordings might have legal
implications, but putting a transmitter-based system
in your nearest garbage can or accidentally leaving it in a taxi
or mailing it to Medellin all seem like reasonable activities.
----
Bill Stewart bill.stewart at pobox.com
From dave at farber.net Wed Jan 12 11:46:47 2005
From: dave at farber.net (David Farber)
Date: Wed, 12 Jan 2005 14:46:47 -0500
Subject: [IP] No expectation of privacy in public? In a
pig's eye!
Message-ID:
Orwell was an amateur djf
------ Forwarded Message
From: Lauren Weinstein
Date: Wed, 12 Jan 2005 11:38:28 -0800
To:
Cc:
Subject: No expectation of privacy in public? In a pig's eye!
Dave,
It's time to blow the lid off this "no expectation of privacy in
public places" argument that judges and law enforcement now spout out
like demented parrots in so many situations.
Technology has rendered that argument meaningless -- unless we
intend to permit a pervasive surveillance slave society to become
our future -- which apparently is the goal among some parties.
It is incredibly disingenuous to claim that cameras (increasingly
tied to face recognition software) and GPS tracking devices (which
could end up being standard in new vehicles as part of their
instrumentation black boxes), etc. are no different than cops
following suspects.
Technology will effectively allow everyone to be followed all of the
time. Unless society agrees that everything you do outside the
confines of your home and office should be available to authorities
on demand -- even retrospectively via archived images and data -- we
are going down an incredibly dangerous hole.
I use the "slimy guy in the raincoat" analogy. Let's say the
government arranged for everyone to be followed at all times in
public by slimy guys in raincoats. Each has a camera and clipboard,
and wherever you go in public, they are your shadow. They keep
snapping photos of where you go and where you look. They're
constantly jotting down the details of your movements. When you go
into your home, they wait outside, ready to start shadowing you
again as soon as you step off your property. Every day, they report
everything they've learned about you to a government database.
Needless to say, most people would presumably feel incredibly
violated by such a scenario, even though it's all taking place in
that public space where we're told that we have no expectation of
privacy.
Technology is creating the largely invisible equivalent of that guy
in the raincoat, ready to tail us all in perpetuity. If we don't
control him, he will most assuredly control us.
--Lauren--
Lauren Weinstein
lauren at pfir.org or lauren at vortex.com or lauren at privacyforum.org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org
Co-Founder, Fact Squad - http://www.factsquad.org
Co-Founder, URIICA - Union for Representative International Internet
Cooperation and Analysis - http://www.uriica.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
- - -
>
> ------ Forwarded Message
> From: Gregory Hicks
> Reply-To: Gregory Hicks
> Date: Wed, 12 Jan 2005 09:42:03 -0800 (PST)
> To:
> Cc:
> Subject: Ruling gives cops leeway with GPS
>
> Dave:
>
> For IP if you wish...
>
> http://timesunion.com/AspStories/storyprint.asp?StoryID=322152
>
> Ruling gives cops leeway with GPS
> Decision allows use of vehicle tracking device without a warrant
>
> By BRENDAN LYONS, Staff writer
> First published: Tuesday, January 11, 2005
>
> In a decision that could dramatically affect criminal investigations
> nationwide, a federal judge has ruled police didn't need a warrant when
> they attached a satellite tracking device to the underbelly of a car
> being driven by a suspected Hells Angels operative.
>
> [...snip...]
>
> All Times Union materials copyright 1996-2005, Capital Newspapers
> Division of The Hearst Corporation, Albany, N.Y.
>
>
------ End of Forwarded Message
-------------------------------------
You are subscribed as eugen at leitl.org
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/
----- End forwarded message -----
--
Eugen* Leitl leitl
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
From roy at rant-central.com Wed Jan 12 12:30:59 2005
From: roy at rant-central.com (Roy M. Silvernail)
Date: Wed, 12 Jan 2005 15:30:59 -0500
Subject: [IP] No expectation of privacy in public? In a pig's eye!
(fwd from dave@farber.net)
In-Reply-To: <20050112200116.GA9221@leitl.org>
References: <20050112200116.GA9221@leitl.org>
Message-ID: <41E58903.9050906@rant-central.com>
Re: the embedded item:
>>http://timesunion.com/AspStories/storyprint.asp?StoryID=322152
>>
>>Ruling gives cops leeway with GPS
>>Decision allows use of vehicle tracking device without a warrant
>>
>>By BRENDAN LYONS, Staff writer
>>First published: Tuesday, January 11, 2005
>>
>>In a decision that could dramatically affect criminal investigations
>>nationwide, a federal judge has ruled police didn't need a warrant when
>>they attached a satellite tracking device to the underbelly of a car
>>being driven by a suspected Hells Angels operative.
Just out of curiosity, if the man doesn't need a warrent to place a
surveilance device, shouldn't it be within your rights to tamper with,
disable or remove such a device if you discover one? By extension, is
there a business opportunity for bug-sweeping? Either a storefront or a
properly equipped pickup truck with bright signage. (oh, yeah... I'm
sure *that* would go over well with the Powers That Be)
--
Roy M. Silvernail is roy at rant-central.com, and you're not
"It's just this little chromium switch, here." - TFT
SpamAssassin->procmail->/dev/null->bliss
http://www.rant-central.com
From rah at shipwright.com Wed Jan 12 13:39:56 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 12 Jan 2005 16:39:56 -0500
Subject: Effort to Speed Airport Security Is Going Private
Message-ID:
The Wall Street Journal
January 12, 2005
Effort to Speed
Airport Security
Is Going Private
Move Aims to Expand Program
That Preregisters People
Who Travel Frequently
By AMY SCHATZ
Staff Reporter of THE WALL STREET JOURNAL
January 12, 2005; Page D1
The Homeland Security Department, under pressure to jump-start a program
allowing select preregistered travelers to speed through airport security,
is turning to the private sector for help.
The Registered Traveler program gives frequent air passengers access to
special security lines, provided they first voluntarily undergo criminal
and terrorist background checks. In exchange, they get a biometric
identification card -- containing a fingerprint and other personal data --
and access to the shorter lines. The program has generally received
favorable reviews from volunteers and the three-month trial has been
extended indefinitely.
There is just one problem: The pilot program, currently administered by the
department's Transportation Security Administration, is offered at only
five airports for just 10,000 volunteers. This means that Registered
Travelers can use their cards only at their home airports and nowhere else.
TSA's pace at expanding the test into a national program has, so far, been
the biggest complaint.
The slow introduction has prompted interest from some businesses, who
believe that travelers would be willing to pay to participate in the
program. Interested entrepreneurs include Steven Brill, who started
American Lawyer magazine and Court TV and, after writing a book on Sept.
11, decided to get into the homeland-security business.
In a plan set to be unveiled in coming weeks, TSA officials will lay out
some details of a privately operated Registered Traveler pilot program at
Orlando International Airport. The success of the pilot, expected to begin
by the end of March, could determine the future of the Registered Traveler
program and be a model for expanding it nationally.
Mr. Brill and others have been pushing for TSA to privatize the program,
saying that businesses are better equipped than the government to market
and expand it, especially because some travelers have indicated that they
would pay annual fees -- as much as $100 -- for faster screening.
TSA officials agree, believing that passengers, not taxpayers, should fund
Registered Traveler, because it is likely to be used by business people
rather than leisure travelers. Homeland Security officials are eager to see
it move forward. TSA has had some false starts in other initiatives, and it
has taken knocks for long lines and intrusive pat-down searches.
But privacy advocates, who have already voiced concern about the
government-run pilot programs, are even more worried now that TSA is
turning to the private sector.
EXPRESS LINE How expedited security works in five pilot programs:
Who's eligible: 10,000 frequent- flier club members; enrollment closed
What they provide: Fingerprint, iris scan, personal data
What they get: Biometric ID card
What they have to do at airport: Open laptop, remove keys, coins.
What they don't have to do: Join leisure travelers for random screening.
They complain that Homeland Security officials routinely publish privacy
guidelines too vague to give the public a real understanding of how
personal data are handled. A privatized system could exacerbate the
problem, says Marcia Hoffman, staff counsel of the Electronic Privacy
Information Center, a Washington nonprofit organization.
TSA sees private-sector involvement as a route to faster growth. "We're
trying to encourage as much private sector participation as possible," says
Justin Oberman, a TSA official in charge of both Registered Traveler and
its more controversial sister-project, Secure Flight, a computerized
prescreening system that will replace a system currently run by the
airlines.
Plans to run the privatized pilot in Orlando were publicly disclosed in
October, when AirTran Airways, a unit of Orlando-based AirTran Holdings
Inc., said it would participate in the program. But efforts between TSA and
the airport to reach terms on the pilot have dragged on.
One reason: TSA officials haven't decided whether to compile a master list
of Registered Travelers, which could be used to check passengers at all
participating airports, or allow private companies to maintain passenger
data in a universal format easily accessed by competitors.
The Orlando airport hasn't yet chosen a vendor to run its test, although
airport officials say they are in talks with Mr. Brill's New York-based
company, Verified Identity Pass Inc. Verified Identity would essentially
assume marketing responsibilities while its partners -- possibly including
Lockheed Martin Corp. -- would install scanners, process applications and
manufacture ID cards. TSA screeners, who are government employees, would
continue to staff the security lines.
Orlando officials say their program will be open to all passengers,
although they will likely first market it through airline frequent-flier
programs. But unlike the current test, which is free to volunteers
recruited through frequent-flier programs, the Orlando program will
eventually charge a fee. Some estimates put the cost to passengers at $50
to $100 annually.
"This is something people will voluntarily pay for at the right price,"
says Mr. Brill, who estimates the startup cost at between $500,000 and $1
million per airport.
Initially, one Registered Traveler lane would be installed at the airport's
east terminal, which serves Delta Air Lines Inc. and AirTran. Airport
officials would later add a lane in Orlando's other terminal and likely
open it to travelers on any airline.
Registered travelers are required to undergo the same security screening as
other passengers, but usually in separate lines. They have to do the same
basic things, such as empty their pockets of keys and other metal items or
take a laptop out of its case. But they aren't randomly chosen for extra
screening and must undergo secondary screening only if they set off a metal
detector.
At Minneapolis-St. Paul International Airport, where 2,500 frequent
Northwest Airlines fliers are enrolled, from 130 to 180 registered
travelers use the special security lane daily, says Tim Anderson, deputy
executive director for airport operations. They can move through security
in as little as a few minutes.
There are other concerns about private sector involvement. Passengers could
grow so tired of being harassed at airport security checkpoints that they
will feel compelled to join the program, says Ms. Hoffman, of the
Electronic Privacy Information Center. "You worry that we'll get to a point
where Registered Traveler isn't so much voluntarily as necessary to get
through security with a minimum of hassle," she says.
On the privacy issue, TSA officials argue that they have written stringent
protections for private data and that the program is voluntary. "We'd have
less information about you than American Express or the airlines," Mr.
Brill says.
As long as the program is voluntary, and offers separate lines and shorter
wait times, many will be willing to sacrifice on personal privacy, predicts
Bill Connors, executive director of the National Business Travel
Association and a registered traveler participant. "There are a lot of
people who'd be up for it," he says.
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From mv at cdc.gov Wed Jan 12 19:02:14 2005
From: mv at cdc.gov (Major Variola (ret))
Date: Wed, 12 Jan 2005 19:02:14 -0800
Subject: To Tyler Durden
Message-ID: <41E5E4B6.9DFA3A76@cdc.gov>
TD,
I just watched _Fight Club_ so I finally get your nym. (Here in
low-earth geosynchronous orbit, content is delayed). Cool.
I had thought it was your real name.
Maj. Variola (ret)
From mv at cdc.gov Wed Jan 12 19:26:14 2005
From: mv at cdc.gov (Major Variola (ret))
Date: Wed, 12 Jan 2005 19:26:14 -0800
Subject: Tasers for Cops Not You
Message-ID: <41E5EA56.73D2022E@cdc.gov>
At 01:20 PM 1/8/05 -0800, John Young wrote:
>However, Taser claims the civilian version is effective
>only to 15 feet while the LE version will explose a heart
>at 20 feet. And, Taser says "accidental deaths caused
>by the shock would have happened to those sick persons
>anyway."
>
>Well, yes, homicidal cops say the perps were begging for it,
>learning such talk from the president and up to the one who
>has fun with joy toy tsunamis.
John: A taser is > 50 KV and microamps. Not fun but it
doesn't cause fibrillation. (Incoherent cardiac muscle
contraction -> no pulse.) I now work for a company that
makes defibrillators. It takes a few 10s of Joules through
the heart to fibrillate, typically 100-200 J for an adult,
during a certain critical window during the sinus rhythm.
Our gizmos discharge ~200 uF at up to 2 KV to defibrillate
a fibrillating heart, which will also fibrillate if administered to a
healthy heart
at the wrong time, as I said. That's up to 40 amps. (Through the pads
a chest is 20-200 ohms, typically 50.) Without
a defibrillator the person is dead, CPR or not.
That's the science. As far as pigs wanting slaves/peasants/citizens
to be unarmed, well, agree. As far as choke holds on negroes,
excessive force on cocaine-stimulated citizens, etc goes, I have
nothing to bear on this. As far as banning lethal and nonlethal
weapons for use by all but state minions, we agree.
When tasers, mace, body armor, .50 cal or lesser rifles are outlawed,
well, you know
the rest. (Of course mace is best applied with q-tips to the eyes of
sitting protesters. And the mercenaries in Iraq do fine with
pillowcases and
12V batteries.)
Though heavens fall, let justice be done.
From mv at cdc.gov Wed Jan 12 19:28:15 2005
From: mv at cdc.gov (Major Variola (ret))
Date: Wed, 12 Jan 2005 19:28:15 -0800
Subject: Google Exposes Web Surveillance Cams
Message-ID: <41E5EACF.9C0B4995@cdc.gov>
At 02:20 PM 1/9/05 -0600, Riad S. Wahby wrote:
>I love how all of the coverage leaves out the actual search strings, as
>if it's hard to discover what they are at this point.
I'm similarly annoyed that articles omit the URLs of "terrorist web
sites",
being forced to check ogrish.com, even if I couldn't read the language.
But government and its presses know best.
From mv at cdc.gov Wed Jan 12 19:31:36 2005
From: mv at cdc.gov (Major Variola (ret))
Date: Wed, 12 Jan 2005 19:31:36 -0800
Subject: [IP] The DNA round-up on Cape Cod (fwd from dave@farber.net
Message-ID: <41E5EB98.952E13D6@cdc.gov>
The Beast doesn't know who licked the stamp. A fiducial sample is what
they want.
In Calif, they could merely arrest you for a bogus charge to have the
"right"
to sample your families DNA as carried by you.
Schwarzenegger is not Austrian accidentally.
GATTACA was optimistic.
At 06:02 PM 1/10/05 +0100, Eugen Leitl wrote:
>I live in the town of Truro on Cape Cod about 4 or 5 months out of the
year.
>This past week, the Truro has been on the national news because the
local
>police are attempting to obtain DNA samples of all men of the town in
order
>to solve a three-year old murder case. Here are a couple of the
articles
>that give the details of what is going on in this DNA round-up:
>
> To Try to Net Killer, Police Ask a Small Town's Men for DNA
> http://www.nytimes.com/2005/01/10/national/10cape.html
>
> Truro abuzz over 'swab' DNA testing
> http://www.capecodonline.com/cctimes/truroabuzz7.htm
>
>I am headed back to my Truro house later this week. If I am approached
by
>the police to provide a DNA sample for their round-up of Truro males, I
am
>planning to refuse. However, I just realized that I already gave a DNA
>sample to the Town of Truro recently. I paid my property tax bill to
the
>Truro tax collectors office two weeks ago. My DNA is on the tax
payment
>envelope that I licked.
>
>Envelopes are apparently a good source of DNA material according to
this
>article:
>
> DNA on Envelope Reopens Decades-old Murder Case
> http://abclocal.go.com/wabc/news/wabc_052103_dnaarrest.html
>
>Richard M. Smith
>http://www.ComputerBytesMan.com
>
>
>
>------ End of Forwarded Message
>
>
>-------------------------------------
>You are subscribed as eugen at leitl.org
>To manage your subscription, go to
> http://v2.listbox.com/member/?listname=ip
>
>Archives at:
http://www.interesting-people.org/archives/interesting-people/
>
>----- End forwarded message -----
>--
>Eugen* Leitl leitl
>______________________________________________________________
>ICBM: 48.07078, 11.61144 http://www.leitl.org
>8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
>http://moleculardevices.org http://nanomachines.net
>
>[demime 1.01d removed an attachment of type application/pgp-signature]
From mv at cdc.gov Wed Jan 12 19:38:54 2005
From: mv at cdc.gov (Major Variola (ret))
Date: Wed, 12 Jan 2005 19:38:54 -0800
Subject: expectation of privacy
Message-ID: <41E5ED4E.CE7C426F@cdc.gov>
At 09:01 PM 1/12/05 +0100, Eugen Leitl wrote:
>
>It's time to blow the lid off this "no expectation of privacy in
>public places" argument that judges and law enforcement now spout out
>like demented parrots in so many situations.
A court refused to hear the case of a man accused of owning unlicensed
pharmaceuticals when a pig entered a locked loo. The loo was part
of a gas station; the attendant called the pigs. A prostitute was
in there too, with him, and the area rife with folks of that profession,
FWIW,
which is nothing. But the court held reduced expectation of privacy in
a public loo.
One imagines much fun with anonymous calls when state employees
are in such places, but this does not temper our disgust, or desire for
karma
with extreme prejudice.
From eugen at leitl.org Wed Jan 12 12:01:16 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 12 Jan 2005 21:01:16 +0100
Subject: [IP] No expectation of privacy in public? In a pig's eye! (fwd
from dave@farber.net)
Message-ID: <20050112200116.GA9221@leitl.org>
----- Forwarded message from David Farber -----
From tkaitchuck at comcast.net Wed Jan 12 22:51:51 2005
From: tkaitchuck at comcast.net (Tom Kaitchuck)
Date: Thu, 13 Jan 2005 00:51:51 -0600
Subject: [i2p] Distributed Search Engine
Message-ID:
For those of you that do not know, I am currently working on building a
distributed search engine for I2P. While it is still in an alpha state, it is
approaching the point where it could use some wider testing. It is now in cvs
under the module khksearch. I was planning to hold off on releasing it until
I fixed a bug preventing servers from joining in mid operation, but it has
proved elusive enough, that I think more eyeballs may help.
One thing that some of you may be interested in even if you don't care about
the search engine itself, is that to make it work with I2P I took the
streaming library for Java and put it into a wrapper class that imitates
java.net so all one has to do is take the wrapper code put it in the class
path and in your java program replace "import java.net.*" with "Import
search.connection.*" and your app is instantly ported to I2P. (Assuming it is
fairly simplistic and only has one socket server per Jvm instance. But this
could easily be improved upon if anyone is interested. )
There is still lots to do, not all of which requires huge technical skill.
(Code cleanup, Better instructions, Startup scripts for windows and other
JVMs) Also the existing awt interface needs to be converted into an applet or
so that it can run within a webpage. The biggest thing that remains
to be done is implementing the ranking code, I plan to do this next.
As far as the license goes, it will we a free software license that permits
modification and public access to the source. (probably lgpl or similar)
However all of the scripts and all of the code for the wrapper, were written
by me, and are public domain.
So if you are interested in helping out, or would just like to play with it,
check it out.
_______________________________________________
i2p mailing list
i2p at i2p.net
http://i2p.dnsalias.net/mailman/listinfo/i2p
----- End forwarded message -----
--
Eugen* Leitl leitl
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
From rah at shipwright.com Thu Jan 13 06:58:02 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 13 Jan 2005 09:58:02 -0500
Subject: Ridge Wants Fingerprints in Passports
Message-ID:
The New York Times
January 13, 2005
Ridge Wants Fingerprints in Passports
By MATTHEW L. WALD
WASHINGTON, Jan. 12 - The United States should issue passports that include
a full set of the bearer's fingerprints, Tom Ridge, the departing secretary
of homeland security, said Wednesday. Mr. Ridge said the change would
induce foreign governments to do the same on the passports they issue.
Privacy advocates promised to fight the Ridge suggestion, in part because
it would deliver the prints of American travelers to foreign governments,
and the State Department has been cool to it as well.
Mr. Ridge, speaking at the Center for Strategic and International Studies,
a research group here, cast his comments as advice to Michael Chertoff,
chosen by President Bush on Tuesday to succeed him.
"Be aggressive, go after 10 fingerprints on the passports," Mr. Ridge said,
adding that it was "a lot easier to negotiate with your allies if you've
already done what you're asking them to do."
Applicants for visas to visit the United States must already submit to
finger scans of both index fingers. Experts call them scans, not prints,
because the images are taken on a scanner screen, without ink.
Later this year, a 2002 law will require people whose nationality allows
them to enter this country without a visa to present machine-readable
passports that incorporate a digital photograph as biometric data.
A spokeswoman for the State Department, Kelly Shannon, said that the
machine-readable passports the United States issues would have a computer
chip with 64 kilobytes of memory, far more than is needed for the
traveler's name, date and place of birth, passport number and a single
photo. The chip could be used for other biometric data in the future,
including an additional photo, Ms. Shannon said, adding that "the globally
interoperable, chosen biometric for travel documents" was photos.
At the Electronic Privacy Information Center, a nonprofit group here, Marc
Rotenberg, the president, said that providing foreign governments with the
fingerprints of each American visitor would "make it easier for those
foreign governments to conduct their own investigations of U.S. citizens in
that foreign country."
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From camera_lumina at hotmail.com Thu Jan 13 08:06:56 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Thu, 13 Jan 2005 11:06:56 -0500
Subject: To Tyler Durden
In-Reply-To: <41E5E4B6.9DFA3A76@cdc.gov>
Message-ID:
WHAT THE FUCK ARE YOU TALKING ABOUT! THIS IS MY REAL NAME GODDAMMIT!!!
Wait, I'm getting sleepy...gotta take a nap...
-TD
>From: "Major Variola (ret)"
>To: "cypherpunks at al-qaeda.net"
>Subject: To Tyler Durden
>Date: Wed, 12 Jan 2005 19:02:14 -0800
>
>TD,
>I just watched _Fight Club_ so I finally get your nym. (Here in
>low-earth geosynchronous orbit, content is delayed). Cool.
>I had thought it was your real name.
>
>Maj. Variola (ret)
From eugen at leitl.org Thu Jan 13 02:48:53 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 13 Jan 2005 11:48:53 +0100
Subject: [i2p] Distributed Search Engine (fwd from
tkaitchuck@comcast.net)
Message-ID: <20050113104853.GN9221@leitl.org>
----- Forwarded message from Tom Kaitchuck -----
From kelsey.j at ix.netcom.com Thu Jan 13 11:26:11 2005
From: kelsey.j at ix.netcom.com (John Kelsey)
Date: Thu, 13 Jan 2005 14:26:11 -0500 (GMT-05:00)
Subject: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
Message-ID: <21660260.1105644373821.JavaMail.root@grover.psp.pas.earthlink.net>
>From: Justin
>Sent: Jan 10, 2005 7:35 PM
>To: cypherpunks at al-qaeda.net
>Subject: Re: Ready, Aim, ID Check: In Wrong Hands, Gun Won't Fire
...
>Some gun "accidents" are suicides reported as such to avoid
>embarrassment to the family.
I've heard this from other people, too--some in reasonably good positions to know how such things were reported. And there's surely some ambiguity between fatal accidents caused by doing something really stupid and intentional suicides.
...
--John
From rah at shipwright.com Thu Jan 13 13:39:39 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 13 Jan 2005 16:39:39 -0500
Subject: Blue Iraq: Local Experts in Global Communications
Message-ID:
I expect a few cypherpunks will know the founder of blueiraq...
Cheers,
RAH
(who wonders who's running rediraq.com... ;-))
------
Blue Iraq
Local Experts in Global Communications
about Blue Iraq | Products and Services | Technology and Networks | Iraq
FAQ | Support | Contact Us
Iraq FAQ
FAQs
Technology and Internet in Iraq:
Frequently Asked Questions
We have found that there are a few common questions about Internet access
and general IT in Iraq. By answering these questions here, we can try to
improve understanding inside and outside Iraq of the unique environment
which exists here.
What kind of Internet connection does Iraq have?
Iraq does not have "one main Internet connection". As of 2003, Iraq has had
no landline or microwave relay connections to the outside world. All
international communications, and most domestic communications, have been
via satellite. Domestic wireline or wireless networks rely on satellite
access for international connectivity. Many businesses use small satellite
terminals (VSATs) to communicate directly with the outside world.
Who uses Internet service in Iraq?
The US Department of Defense, DoD and Redevelopment Contractors, Western
expatriates, and the Iraqi Government are major users of Internet and
international communications services in Iraq. Additionally, many NGOs,
universities, and Iraqi businesses are establishing internet connectivity.
One of the major purchasers of Internet service in the domestic Iraqi
market is for small, entrepreneurial Internet Cafes.
Why is service in Iraq more expensive than in other parts of the world?
Satellite capacity is usually more expensive than terrestrial connectivity,
due to the high costs of satellites and limited RF capacity available on a
given transponder. However, satellites also have very high reliability, and
are the only practical means of deploying communications rapidly over a
large territory without building extensive (and vulnerable) fixed
infrastructure. Modern shared IP-optimized Ku-band VSAT systems can be very
affordably priced compared to older satellite communications systems.
Communications companies operating in Iraq also face higher operating
costs than similar communications companies operating elsewhere in the
world, due to security concerns and lack of infrastructure.
Can I use Voice over IP (VoIP) over satellite?
Generally VoIP will require special settings to work reliably over
satellite. We currently only support our iDirect network and dedicated
satellite capacity for VoIP applications, and all supported VoIP
communications must go through our VoIP gateway to ensure traffic
prioritization and quality of service.
Your competitors offer some systems which are cheaper, and can use Iraqis
to do the installation. Why should I use Blue Iraq?
Our prices are actually lower than most other satellite systems, based on
service capacity and performance -- unlike a lot of companies, we specify
our systems based on observed performance in Iraq, not a fanciful design
specification.
Due to the security situation, it is very difficult for Iraqis to get onto
US bases to do installations. We do use trained Iraqis for off-base
installs in some cases. However, in many cases, we have found that having
US engineers do the world results in the most effective solution with the
highest overall quality. An inexpensive system which does not work reliably
is no bargain.
Why should I purchase a system from an Iraq-focused network operating
company, vs. one of the satellite owners or major networks?
One word: presence. Blue Iraq has trained personnel on the ground in Iraq
who are familiar with the environment. Many other vendors have never set
foot in Iraq, and rely on local contract installation companies to do
installations. Non-Iraq based companies also do not have personnel in Iraq
do provide after-sale support if anything goes wrong. In a place like Iraq,
many things can go wrong.
Isn't it too dangerous to operate a business in Iraq? The news shows
bombings and kidnappings every day?
Iraq can be a very dangerous place. However, we take all reasonable
precautions to minimize this risk. Our personnel travel with appropriate
levels of security, and will refuse to go to sites which are not adequately
secured. We primarily operate in conjunction with the US military, and rely
on US military helicopter transport between secure bases. All personnel
have appropriate protective gear and training.
Why does the military use commercial internet services? Doesn't it have
enough satellite capacity of its own?
The US military makes extensive use of commercial products and systems for
a wide variey of non-tactical purposes, as commercial systems often provide
the cheapest, best, and most cost-effective solution to a given problem.
Commercial satellite networks are extensively used for Morale, Welfare, and
Recreation (MWR) purposes, administrative and support systems, and more.
Do you do business in the Iraqi economy, or only on DOD bases?
Our primary customers are located on DOD bases: the DOD, its personnel, and
contractors. However, we do business with the local Iraqi economy via Iraqi
resellers and installers.
How can I get Internet service as an individual in Iraq?
Please evaluate our products and services. Due to capital costs of our VSAT
systems, our mobile Inmarsart R-BGAN system may be desirable for low-volume
individual users. Alternately, you could try finding others with whom to
share a VSAT system and split the cost.
How can I get Internet service for my unit or company?
Please evaluate our products and services, with particular attention to our
VSAT systems. Please contact us with any additional questions.
Can you set up service outside Iraq?
We can interface with corporate or military networks anywhere in the world.
We can also provide satellite communications or other IT systems outside
Iraq, but our focus is on the DOD, Iraq and its neighbors, Afghanistan, and
the Islamic world in general.
How do I register an Iraq Domain Name (.iq)?
At present, .iq domain names are unavailable. We suggest using name-iq.com,
name-iraq.com, nameiraq.com, or other similar names.
When do you think the occupation/insurgency/etc. will end?
We can't predict the future. However, even if Iraq became a peaceful nation
today, it would be many years before infrastructure had been rebuilt to the
level required for a fully functional economy.
Can I invest in Blue Iraq? What is your stock ticker symbol? What is the
minimum investment?
Blue Iraq is not currently a publicly traded company, nor is it listed on
any stock exchange. We are currently raising our first round of funds from
angel investors within the technology industry, and those familiar with
Iraq. If you are an SEC-qualified investor interested in investing at least
USD 100 000, please contact our investor relations department at
ir at blueiraq.com.
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From rah at shipwright.com Thu Jan 13 14:19:12 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 13 Jan 2005 17:19:12 -0500
Subject: Altnet trying to 'mug' companies
Message-ID:
p2pnet.net - the original daily p2p and digital media news site
Altnet trying to 'mug' companies
Jay Flemma
p2pnet.net News:- Entertainment lawyer Jay Flemma doesn't believe Altnet's
circular email campaign to p2p companies in a bid to get them to license
the TrueNames 'hash' patent will work.
In fact, "As I understand the lay of the land in this case, I believe they
are grossly over-reaching in attempting to turn the world of IP into the
wild, wild west and effectively mug these companies by trying to make them
pay for something for which they do not have the rights to defend or
prosecute," he told p2pnet.
Flemma, who specialises in music, film, tv and book law with particular
emphasis on the confluence of the media with the Net, is consulting with
companies who've received the Altnet patent letter.
"We're having discussions as to whether or not Altnet really has a leg to
stand on," says Flemma, an expert in the legalities of Net distribution
media.
But, "I think their attorney's claims in the Washington Post that a jury
found that their patent was valid is woefully inaccurate because it is not
a jury question - or what's called a question of fact, whether or not a
patent is valid," he says. "That is a question of law,"
"I can tell you this: juries do not rule on the question of whether or not
a patent is valid."
The EFF (Electronic Frontier Foundation) is taking an interest in events,
we understand.
As p2pnet was the first to report on Monday, Altnet has fired off a round
of identical letters to companies it believes use hashes (think 'links')
for a digital file.
How2Share Technologies, a small Canadian company based in Victoria on
Vancouver Island, British Columbia, and which markets PiXPO software for a
picture sharing network, is one of the more recent victims.
"I don't think the Patent has any legs," managing director Jim Wallace
told p2pnet.
Without saying it in so many words, the Altnet letters imply that if firms
it approaches don't license the patent, they'll be sued.
In the meanwhile, in case you're wondering what all the fuss is about, "A
Hash as unique identifier was the whole idea behind hashing algorithms,"
says Exo in a p2pnet comment.
Read on >>>>>>>>>>>>>>>>>>>>>>>>
Earliest example I can recall was the Hash sorting technique. In essence
IBM's punch card sorting machines (pre WWII) are an early example of hash
sorting. In the punch card machine the hash was simply a nibble from a
specific character column that is used to steer the card to a specific bin.
This hash is only perfect in the since that all cards having the same
character in the selected column will be steered to the same bin. To sort
on a wider field, you simply start with the least significant column of the
sort field; run the cards, re-stack first bin on top of second bin, and so
on, repeating for each column in the field.
In data communications the CRC is a hash guaranteed to be unique over a
specific number of bits. A CRC-16 is unique for files up to 2^16 bits in
length, CRC-32 for up to 2^32 bits. Different CRC algorithms use different
bits to generate the feedback used to digest the data into a hash. (early
1970's?) CRC's were first used to detect data errors over serial data
links. Early example: IBM mainframe to terminal equipment communications
using SNA and SDLC protocols. TCP/IP protocol uses a CRC-32 to detect
packet errors. (Mid 19080's)
The field of cryptography, specifically public key cryptography, needed
secure hashing algorithms. (Only secure in the sense that the estimated
length of time to brute force content that will generate a specific hash
value will take a very long time on the order of many CPU years. RSA
patented various Message Digest functions (in the 1970's, several RSA
patents recently expired and are now public domain).
Most of us are familiar with the MD5 algorithm in which several P2P
applications use to generate file Hash values. The whole Idea of using a
Message Digest function in cryptography was to generate a hash on a plain
text document (file) such that it could be used to detect if that document
changes in any way. If any character in the document (file) is different
then the hash will be different. These hashes are used when digitally
signing a document, to verify that a document is the exact same (uniquely
identified) document you viewed before signing. To prevent someone from
changing the hash, it is encrypted using your private key so that others
can verify using your public key. The results of processing the document
using the MD function should exactly match the hash decoded using your
public key.
Databases have used such hashing algorithms to generate unique keys for
locating data in a database. Software has a good example in the C++
language standard template library in the implementation of the std map
object. The map object stores a key, the key can be plain text, but is
usually a hash to minimize the number of characters that need to be
compared when dealing with long strings. The key is used in a binary search
to locate the mapped data. This technique was introduced in the STL library
in the mid 1980's when C++ first appeared, but the general technique in
software originates in Data structure text books well before that.
Earliest reference I can cite from the top of my head is in Donald Knuth's
"the art of computer programming" from the early 1970's.
===================
Stay tuned.
===================
See:-
first to report - Altnet tries TrueNames on p2p ops, p2pnet, January 10, 2005
(Thursday 13th January 2005)
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
From bill.stewart at pobox.com Thu Jan 13 17:46:39 2005
From: bill.stewart at pobox.com (Bill Stewart)
Date: Thu, 13 Jan 2005 17:46:39 -0800
Subject: Ridge Wants Fingerprints in Passports
Message-ID: <6.0.3.0.0.20050113174453.039efa58@pop.idiom.com>
He's smearing his sticky fingerprints all over everything else,
and now he wants them in our passports?
Oughtta learn to keep his hands to himself.
----
Bill Stewart bill.stewart at pobox.com
From emc at artifact.psychedelic.net Thu Jan 13 17:48:13 2005
From: emc at artifact.psychedelic.net (Eric Cordian)
Date: Thu, 13 Jan 2005 17:48:13 -0800 (PST)
Subject: Florida man faces bioweapon charge
In-Reply-To:
Message-ID: <200501140148.j0E1mDnB013892@artifact.psychedelic.net>
RAH pastes:
...
> Steven Michael Ekberg, 22, had at least 83 castor beans and other
> byproducts consistent with the manufacture of ricin in his possession, the
> FBI said.
...
> They said they also found, in a cardboard box in Ekberg's room, glass vials
> containing white granules suspected of being husk-less, chopped castor
> beans, a byproduct of the manufacture of ricin.
I'm confused here. Is possession of castor beans possession of ricin?
Is possession of chopped castor beans possession of ricin?
> He then picked up another container and stated words to the effect, "This
> would make you really sick," the source allegedly told authorities.
I could pick up a container of Drano, and make the same commment. Big
deal.
> The source told police that Ekberg had two books containing information on
> how to make poisons from household chemicals and plants, according to the
> affidavit.
Still legal to own, as far as I know.
> His mother, Theresa Ekberg, told the FBI that he has been treated for
> depression, according to the affidavit.
> His mother also told authorities that in the past her son had possessed
> some "chemicals."
> She said that on at least one occasion he showed her something he had
> purchased via the Internet and expressed concern that if their cat
> inadvertently ate enough of it, the cat would die, according to the
> affidavit.
Obviously this news story is the grand prize winner in an innuendo
contest.
> The FBI is still investigating who sent two letters that contained ricin in
> 2003 through the U.S. postal system. Those letters contained threats and
> complaints about labor regulations in the trucking industry.
> In 1978, Georgi Markov, a Bulgarian writer and journalist in London, died
> after a man attacked him with an umbrella that had been rigged to inject a
> ricin pellet under his skin.
And WTF does this have to do with the guy with the castor beans?
Looks like "Ricin Theatre" has joined "Anthrax Theatre" in the armory of
Weapons of Mass Deception.
--
Eric Michael Cordian 0+
O:.T:.O:. Mathematical Munitions Division
"Do What Thou Wilt Shall Be The Whole Of The Law"
From rah at shipwright.com Thu Jan 13 17:24:51 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 13 Jan 2005 20:24:51 -0500
Subject: Florida man faces bioweapon charge
Message-ID: