Fwd: [gsc] Fwd: managing and protecting nyms...

[R.A. Hettinga]

Begin forwarded message:

> From: Jim <jim at indomitus.net>
> Date: November 8, 2009 4:10:07 PM GMT-04:00
> To: gold-silver-crypto at rayservers.com
> Subject: Re: [gsc] Fwd: managing and protecting nyms...
>
> R.A. Hettinga wrote:
>
>>> From: John Young <jya at pipeline.com>
>>> Date: November 8, 2009 1:31:05 PM GMT-04:00
>>> To: cypherpunks at al-qaeda.net
>>> Subject: Re: managing and protecting nyms...
>>>
>>> Peer review is necessary to assure blunders are not overlooked.
>>> However, there has been no demonstration that peer review is all
>>> that is needed for the superior protection.
>
> I have never seen anyone make this argument.  So, burn down
> the straw man, John.
>
>>> This is not an argument
>>> for obscurity, only a caution that peer review is not necessary
>>> sufficient.
>
> Not necessary or sufficient?  Not necessarily sufficient?
>
> Peer review is very useful.  I've never seen anyone argue that
> it is sufficient for total information security.  To my
> knowledge, there is no total information security, no perfect
> system.
>
> Open source operates on the assumption that everyone is
> fallible.  Other assumptions to demolish John's arguments,
> below, in line.
>
>>> Peers miss stuff too, as amply demonstrated by holes
>>> and bad implementation later discovered.
>
> Of course.  But, look, John, dummy, you can't discover these
> holes and bad implementations without open source crypto. If
> you keep your secret codes secret, then when the codes and
> ciphers are broken, you won't know it.
>
>>> Betting you life on peer review, or open disclosure is probably
>>> not very smart.
>
> Who isn't betting their life every day?  The scum who have
> gotten Republican politicians to waste three trillion dollars
> on military contracts in order to slaughter millions of people
> in Southwest Asia are quite willing to slaughter as many people
> as it takes to maintain power and keep the gravy train coming.
>
> Is it more clever to bet your life on a super duper secret
> code that no one can review?  No, that would be asinine.
>
> John, don't be an ass.
>
>>> Instead, expect some shrewd peer(s) to see
>>> something that will serve a private purpose by keeping quiet.
>>> Competiton, betrayal, disinfo, venality, play a role as well
>>> as search for truth through open discourse.
>
> Competition, for those who can spell it, is a good thing. The
> whole point of open source crypto is that different persons would
> each have different purposes, different motivations.  Some will
> be genuinely motivated by math, just doing the math, just seeing
> the equations work, just understanding it all.  Some will be
> motivated by private purposes, but these will vary widely. So
> the more people who actually sift the source code and review
> the math and do the peer review, the better.
>
> Yes, there will be betrayals and venality, but the advantage of
> open source is that there will be different people with very
> differing agendas.  You don't get nearly as many minds looking
> for holes in your crypto without open source.
>
>>> Comsec is a swamp, quicksand, punji trap,
>
> Which is it?  A swamp is not all quicksand, and neither a
> swamp nor quicksand is a punji trap.
>
> Communications security and data security are ill served by
> mixed metaphors and endless abbreviations.
>
>>> and comsec
>>> experts are never trustworthy about each other or about
>>> systems.
>
> Nobody is trustworthy.  The whole point of someone like, say,
> Tim May, saying that something is a "trust me" level of
> security is to deride and ridicule trusting anyone with your
> security.  (Was that Tim who said that about Safe-mail.net or
> was that someone else quoting Tim on another topic?  Not
> that it matters.)
>
> There is no royal road to geometry.  There is no substitute
> for actually doing the math.  There is no one but you that
> you can really trust.  Which is okay.
>
> Really, it is, John.  It'll be okay.  Calm down.  Don't
> get all fussy.  Finding market clearing prices is an
> intensely cooperative activity.  People are very motivated
> to find these prices and clear markets.  So, in part because
> of the fact that no one can trust anyone else, people find
> ways to cooperate actively to create, price, and clear markets.
>
>>> The open source methodology, call it snakeoil,
>
> Why call it snake oil?  This metaphor isn't any better than
> the punji trap in quicksand in a swamp metaphor.
>
> If you don't like open source crypto or open source software,
> why not propose some other methodology?
>
> There is no other methodology that provides similar levels of
> scrutiny of code and math.  The preceding methodology, of
> making a secret code and keeping it ultra-mega-top-letter-
> clearance-secret-word-clearance-burn-before-reading classified
> has been completely discredited.  When you have a highly
> secure code, you will never know when it has been broken.
>
>>> works well
>>> for the inexpert to gain a limited education,
>
> Who would that inexpert be, John?  Would he be the guy who
> stares out of your mirror when you shave? lol
>
>>> but behind that stage the usual shit goes on.
>
> Shit goes on all the time.  LBJ and his cronies spent on
> the order of $2 trillion in today's dollars on the war in
> Southeast Asia, slaughtering about 7.9 million in dead and
> wounded, military and civilians, across all countries.  So,
> for about a quarter million dollars in corruptly allocated
> profits, one person was horribly mutilated or killed to
> make the CIA and military death merchants happy.
>
> If there is any good news about this shit that goes on, it
> is that somewhat closer to two million have been killed in
> Southwest Asia for about $3 trillion in today's dollars. So
> more like $1.5 million in death merchant profits and campaign
> contributions for GOP villains (and since 2006, Democrat
> villains, too) per horribly mutilated or killed victim.
>
> Ain't efficiency grand?
>
> Of course, the tricky part is the casualty figures.  No
> body counts these days.  It could be tens of millions of
> dead people, and we won't know until the empire falls and
> the archives are opened.
>
>>> Keeping quiet about crypto cracks, holes, trojans, backdoors,
>>> is extremely rewarding.
>
> For everyone?  So, John Young works for the feral gummint on
> ways to keep secrets and slaughter young children in foreign
> countries, as well as babies in the USA.  How rewarding is it,
> John?
>
>>> Concealing deep faults with shallow ones is SOP.
>
> Standard for whom?  Operating procedures assume some sort of
> goal or outcome for operations.  Different people have very
> different plans, goals, skills, and ethics.
>
> I mean, clearly, you are the sort who would have no problem having
> the IRS come into a home, kill the family pets, rape the young
> children, put the adults in cages, seize all the records, and
> confiscate every asset.  You want the IRS to do so for the
> benefit of your lofty goals of having trillions of dollars for
> corruptly allocated government contracts so that the CIA and
> the military can rape, torture, kill, and mutilate foreigners
> in an endless war.
>
>>> Note that wide crypto use has become a stimulus to intercept,
>>> store forever (NSA policy), crack when possible and to continue
>>> trying to crack indefinitely (NSA policy), with successful deep
>>> cracks seldom revealed. "NSA policy" is that of deeply embedded
>>> contractors and researchers as well.
>
> Yes, that's all terribly sweet.  Build up your Library of
> Alexandria of data of every comment ever written by anyone ever.
> Build (with corruptly allocated contracts and dead taxpayer
> confiscated funds) your huge quantum computing apparatus to
> sift through all this data.  Enjoy trying to figure out which
> e-mail address goes with which person.
>
> At some stage you still have to have a human being apply it.
> Or manufacture it wholesale and assign it to someone innocent
> and insist that it has been in your database for years.
>
> It is just like your archive of finger prints and DNA samples.
> You can now fabricate "evidence" that anyone was anywhere, with
> "irrefutable" evidence from your laboratories, cooked up before
> the crime and analysed after the crime, to frame anyone.
>
> So what?  Who cares?
>
> What are you doing with all these abilities, all these technologies,
> all the money that you steal, all the lives you ruin?
>
> Nothing much.  Slaughtering a whole bunch of children to not
> much purpose.
>
> Going to the stars, John?  No, you aren't.  Exploring the planets,
> John?  Nope.
>
> Spying on your neighbors, sure.  Raping their children, sure.
> You and your government do a whole lot of that.
>
> Bringing the resources of the Solar System to bear on the
> problems here on Earth?  Nah, that would be a waste of your
> very important time.  Arbeit macht frei, motherfucker.
>
>>> Publicly-availalbe encryption and other currently usable comsec
>>> protection are satisfactory for ordinary communications
>
> Anyone who isn't using them for ordinary communication is a
> fool.  Anyone who is communicating about actual criminal
> activity and thinks encryption is sufficient "cover" is a fool.
>
>>> but not
>>> for more than that if you are up to extraordinary renditions, say,
>>> making a bundle peddling natsec-grade counter-threat
>>> assurances.
>
> Well, gosh, Johnny, are you torturing people to death?  Does
> that make your opinions about open source methodology more
> interesting, or less interesting, to ethical persons?
>
>>> Yep, natsec-grade is what the telecoms and like
>>> critical infrastructure dealers claim they are providing. Nothing
>>> pays better.
>
> And we all know that if it paid well enough, you would rape and
> torture your grandmother in front of your siblings, and then
> rape and torture and murder them all.
>
> Thanks, John, for a trip inside the mind of a maniac.