Mixmaster?

coderman coderman at gmail.com
Sun Nov 26 22:37:06 PST 2006


On 11/26/06, Ulex Europae <europus at gmail.com> wrote:
> On 11/26/06, R.A. Hettinga <rah at shipwright.com> wrote:
> > ...
> > It's hard to remember, but cypherpunks write code. Well, most of us do. :-)
> >
> > Their own code.
> >
> > You want code, you write it.
>
> Yes, you've advanced that notion before. That sort of penurious antipathy is
> why encrypted communications as a matter of course will never catch on.

nah, that only means the masses won't be coding their own anonymity
and privacy systems, which is a good thing (the masses would fuck it
up with impressive ROT13  style).

this also means that the developers who can scratch this itch (a
usable, secure, and windows application) are going to be fewer and far
between.  don't fret, it only takes one to code it and then all your
seething masses can steep themselves in the hedonistic pleasures of
anonymity and privacy in their familiar environments.

and last but not least, regarding RAH's virtuous invitation to sling a
little logic yourself:

bitching on a mailing list about the platform specific deficiencies of
anonymity/privacy software is not likely to conjure up one of these
"usable, secure, windows capable" developers anxious to pleasure your
impatient expectations of convenience.  teaching yourself how to build
secure privacy systems [0][1] so you can meet these wants with your
own effort is more likely to result in the outcome you seek.

with that colorful retort out of the way, you are absolutely correct
about the usability and integration aspects of a given system
affecting penetration in target user base and the actual security
provided [2].

as was mentioned earlier, a virtual machine to host a well tested,
robust installation of unix'y network intensive applications on
windows is a compromise that often keeps both parties happy.  there
really is no good answer if you have to rely on the windows TCP stack
under load, especially for non server flavors of windows (that is,
even overlapped i/o will run into problems: about ~4,000 sockets last
time i tested on xp pro).

we used this virtual machine approach in janusvm [3], and tried to
focus on good usability via two methods:
a.) trimming the install process down as simple as possible (could be
better. vmware requested we cease distribution of the combined
janusvm+player+one-click-installer due to their licensing terms on the
player distribution)
b.) performing all of the anonymous Tor proxy of traffic transparently
at the network level using a default PPTP VPN route through the
virtual machine.

the user feedback has been positive, since this obviates the need for
error prone and tedious application specific configuration to use Tor,
and avoids leaking information when a plug-in or scripting facility
has the ability to bypass application proxy settings or is not
resolving addresses via SOCKSv4a / MapAddr.  (not to mention that some
applications which don't even support SOCKS or HTTP proxies can now
use Tor)

"encrypted communications as a matter of course" is not yet dead.
it's just taking a little longer than anyone expected back when the
battle was raging over cipher implementations and encrypted network
protocols with nary a thought to end user experience.

best regards,


0. "Secure Programming for Linux and Unix HOWTO -- Creating Secure Software"
  http://www.dwheeler.com/secure-programs/

1. "Anonymity bibliography"
  http://freehaven.net/anonbib/

2. "Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 (1999)"
  http://citeseer.ist.psu.edu/whitten99why.html

3. JanusVM
  http://janusvm.peertech.org/
  [yes, this dc14 release is old, but it's held up well and we will
have a new version in january. (and yes, it made it through dc14 open
wireless use without a scratch. we should have clued in the sheeps on
the wall... ;) ]





More information about the cypherpunks-legacy mailing list