From flyingkiwiguy at gmail.com Mon Oct 1 08:39:17 2012 From: flyingkiwiguy at gmail.com (Gary Mulder) Date: Mon, 1 Oct 2012 16:39:17 +0100 Subject: [ZS] Bitcoin - A Means for Redistribution of Wealth Message-ID: I sent this to the resident Pirate Party UK economist: Hi Harry, > - why would the average person like me (who does not suffer restricted > access to the regular payment systems, as you suggest could be the case for > someone in Vietnam) want to use bitcoin other than a) to transfer money > abroad at low / no cost or b) to avoid official restrictions on payments to > (e.g.) Wikileaks through the mainstream bank network? > > You are right. You and your probable mortgage-owning neighbours have no foreseeable need to ever use Bitcoins. Given that there are no charge-backs and therefore absolutely no financial protection (caveat emptor), it is unlikely it will be adopted by the mainstream for the majority of transactions any time soon. For obvious reasons even I *currently *trust my debit card more than my Bitcoin wallet. Of course the same could have been said about making secure purchases online in the 90's. > - at the moment bitcoin seems to have no role as a store of value (as > opposed to medium of exchange), though perhaps this could change if its > market value could somehow be linked to precious metals (gold / silver) > rather than increasingly unstable / manipulated fiat currencies - see > youtube clip of Max Keiser in the following: > http://www.scoop.it/t/peer2politics?page=3 . Any comment? > > The backing for Bitcoin is through the not insignificant capital and electricity costs expended to "mine" Bitcoins. The secure Bitcoin transaction system is designed around a form of decentralised digital signing of Bitcoin transactions through this Bitcoin mining operation. The payment for mining is currently 50BTC per block of transactions successfully signed. This Bitcoin inflation will half in about a month to 25BTC per block, and continue to reduce in the rate of inflation until 21M Bitcoins are mined in 2020, or so. After all Bitcoins have been mined the financial reward for mining will be very small per transaction fees, but potentially still significant per block. Due to this distributed digital backing there is no way to link issued Bitcoins to a commodity such as gold, which would require some form of centralised repository like GoldMoney.com. Another way to think of it is that everyone who mines Bitcoins is part of the "decentral bank of Bitcoin". I understand that most Austrian economists don't like Bitcoin, as Austrian definitions of money require it to originate as a commodity. In my not so humble opinion this is a philosophical economic question, as there are things you can conveniently buy with Bitcoins that you can not buy with gold, cash, or credit cards. However, for now the primary driver of Bitcoin adoption is the black market and speculation. > - the point in the Forbes article you sent on bitcoin about it being a > threat to official monetary control (exchange control as well as tax > evasion, laundering) seems quite valid and is a major ultimate objection - > unless one comes from an anarchistic / extreme libertarian position, which > I definitely am not (nor the Pirates, I hope). > > http://falkvinge.net/2011/05/29/why-im-putting-all-my-savings-into-bitcoin/ Many Bitcoin enthusiasts currently range in attitudes from garden variety nerds (like myself) to crypto-anarchists and anarcho-capitalists. This group likely includes Assange, the various members of Anonymous, and quite possibly the guy who fixed the problem that caused NatWest customers unable to access their bank accounts for a week. Plenty of them are Pirates too as both Bittorrent and Bitcoin have much in common both philosophically and technically. The majority of enthusiasts are however very naive about economics and the realities of politics. > In summary Bitcoin only seems attractive for a limited function during the > present global monetary chaos in which currency values are manipulated and > legitimate financial transfers interfered with by authorities that are > essentially dominated by one or more criminal syndicates. Rather than try > and join these guys in the Wild West our aim should be to restore order and > accountability to the system. > I guess history will decide whether it will be evolution or revolution of the current system. I read enough contrarian commentary on the state of the world economy to wonder when the current experiment with fiat currencies will end, and I don't expect the end to be evolutionary. The UK was quite graceful in its relinquishment of empire. The USA is unlikely to follow: http://en.wikipedia.org/wiki/Executive_Order_6102 http://en.wikipedia.org/wiki/Habeas_corpus_in_the_United_States http://news.yahoo.com/jullian-assange-enemy-state-023345613.html > > -- -- Zero State mailing list: http://groups.google.com/group/DoctrineZero ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Mon Oct 1 08:43:08 2012 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 1 Oct 2012 17:43:08 +0200 Subject: [ZS] Bitcoin - A Means for Redistribution of Wealth Message-ID: <20121001154308.GO9750@leitl.org> ----- Forwarded message from Gary Mulder ----- From brandeisuniversity at brandeis-info.org Mon Oct 1 04:31:51 2012 From: brandeisuniversity at brandeis-info.org (=?koi8-r?B?IvDSz8XL1M7PLdPNxdTOwdEgxM/L1c3FztTBw8nRIDIwMTIi?=) Date: Mon, 1 Oct 2012 18:31:51 +0700 Subject: =?koi8-r?B?79LHwc7J2sHDydEg0NLPxcvUzs8t083F1M7PyiDEz8vVzcXO1MHDyQ==?= =?koi8-r?B?yQ==?= Message-ID: <01cda003$0605c580$baa50675@brandeisuniversity> Уважаемые коллеги! Приглашаем Вас на курс повышения квалификации: Государственная экспертиза проектно-сметной документации в 2012 году. Строительный надзор.. Дата и место проведения: с 15 по 16 октября 2012 года, г. Санкт-Петербург. В программе курса повышения квалификации: Изменения в законодательстве РФ по вопросам проведения государственной экспертизы проектной документации.Экспертиза проектно-сметной документации объектов капитального строительства и результатов инженерных изысканий. Требования к организации и порядку проведения инженерных изысканий для обоснования предпроектной документации. Разделение полномочий между федеральным центром и экспертизами субъектов Федерации.Стоимость и сроки проведения государственной строительной экспертизы.Техническое регулирование в строительной отрасли.Реорганизация системы превентивного экологического контроля. По окончании курса выдается удостоверение государственного образца По вопросам участия в курсе обращайтесь по телефону: (8I2) 6Ч2-92-8Ч -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2365 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Type: image/jpeg Size: 9186 bytes Desc: not available URL: From billing at calzadosyolanda.com Mon Oct 1 10:50:49 2012 From: billing at calzadosyolanda.com (=?koi8-r?B?IvDSz8XL1M7PLdPNxdTOwdEgxM/L1c3FztTBw8nRIDIwMTIi?=) Date: Mon, 1 Oct 2012 18:50:49 +0100 Subject: =?koi8-r?B?78LP087P18HOycUg0NLFxNDSz8XL1M7PyiDEz8vVzcXO1MHDyck=?= Message-ID: <01cda005$ac52ca80$31b802bc@billing> Уважаемые коллеги! Приглашаем Вас на курс повышения квалификации: Государственная экспертиза проектно-сметной документации в 2012 году. Строительный надзор.. Дата и место проведения: с 15 по 16 октября 2012 года, г. Санкт-Петербург. В программе курса повышения квалификации: Изменения в законодательстве РФ по вопросам проведения государственной экспертизы проектной документации.Экспертиза проектно-сметной документации объектов капитального строительства и результатов инженерных изысканий. Требования к организации и порядку проведения инженерных изысканий для обоснования предпроектной документации. Разделение полномочий между федеральным центром и экспертизами субъектов Федерации.Стоимость и сроки проведения государственной строительной экспертизы.Техническое регулирование в строительной отрасли.Реорганизация системы превентивного экологического контроля. По окончании курса выдается удостоверение государственного образца По вопросам участия в курсе обращайтесь по телефону: (8I2) 6Ч2-92-8Ч -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2366 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Type: image/jpeg Size: 9186 bytes Desc: not available URL: From brandee at michaelgodard.com Mon Oct 1 08:02:04 2012 From: brandee at michaelgodard.com (=?koi8-r?B?IvDSz8XL1M7PLdPNxdTOwdEgxM/L1c3FztTBw8nRIDIwMTIi?=) Date: Mon, 1 Oct 2012 22:02:04 +0700 Subject: =?koi8-r?B?/MvT0MXS1MnawSDQ0s/Fy9TOzy3TzcXUzs/KIMTPy9XNxc7UwcPJyQ==?= Message-ID: <01cda020$63f4d600$e5a23501@brandee> Уважаемые коллеги! Приглашаем Вас на курс повышения квалификации: Государственная экспертиза проектно-сметной документации в 2012 году. Строительный надзор.. Дата и место проведения: с 15 по 16 октября 2012 года, г. Санкт-Петербург. В программе курса повышения квалификации: Изменения в законодательстве РФ по вопросам проведения государственной экспертизы проектной документации.Экспертиза проектно-сметной документации объектов капитального строительства и результатов инженерных изысканий. Требования к организации и порядку проведения инженерных изысканий для обоснования предпроектной документации. Разделение полномочий между федеральным центром и экспертизами субъектов Федерации.Стоимость и сроки проведения государственной строительной экспертизы.Техническое регулирование в строительной отрасли.Реорганизация системы превентивного экологического контроля. По окончании курса выдается удостоверение государственного образца По вопросам участия в курсе обращайтесь по телефону: (8I2) 6Ч2-92-8Ч -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2365 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Type: image/jpeg Size: 9186 bytes Desc: not available URL: From zooko at leastauthority.com Tue Oct 2 10:18:07 2012 From: zooko at leastauthority.com (Zooko Wilcox-OHearn) Date: Tue, 2 Oct 2012 11:18:07 -0600 Subject: [tahoe-dev] Tahoe-LAFS Weekly Dev Chat, 2012-10-02 Message-ID: Tahoe-LAFS Weely Dev Chat, 2012-10-02 in attendance: Zooko (scribe), David-Sarah, Andrew CAVEAT LECTOR; Some of this was added by Zooko after the chat ended. Andrew Miller has found three bugs in #1240: 1. There's a bug. 2. A different code path partially compensates for it sometimes (David-Sarah calls this "a masking bug"). 3. The tests aren't smart enough to realize that that the task has been done wrong and masked rather than done right. Unclear if Andrew will fix #1240 before David-Sarah stops accepting patches into Tahoe-LAFS v1.10. Andrew: "Dynamic Merkle Tree" -- a Red-Black Merkle Tree deterministic balancing, good asymptotic cost even in the worst case, good small constant Any data structure can be Merklized by replacing the links with hashes. Take MDMF and replace the Merkle Tree with a Red-Black Merkle Tree. Now you have an LDMF! (Except the backend needs to be able to store, find, and insert data blocks efficiently. Fortunately LeastAuthority.com's new Cloud Backend can do that! Well actually maybe it can't because it currently identifies the blocks by their *block number*. But it is a lot closer than the current disk backend, which stores the each block under its offset in a single share file.) Andrew is trying to work out how to do the physical storage and addressing, apart from the logical -- Merkle-Tree-authenticated integrity-checking. He's looking at B trees or B+ trees. Zooko thinks this may be closely related to tickets #1543, #1687. Zooko is excited because of the history here. Brian and he thoughtof the design of LDMF, then thought it was too hard and thought of the design of MDMF, then thought that was too hard and invented SDMF, which was stupid enough that they could implement it. Much later, Kevan came along and, not realizing how hard MDMF was, decided to do it for a summer project (Google Summer of Code) and worked really hard and well on it for about two years, which is why we now have MDMF. So why is Zooko excited? Because hopefully Andrew doesn't realize how hard LDMF is! Zooko recommended N. Askitis's dissertation on cache-oriented data structures. Andrew has at least two other ideas, and is talking about putting all three of them into his dissertation. Zooko thinks that's three dissertations. Maybe Andrew should get three PhD's. If you add access control at the sub-file level of granularity, so that you can grant access to only *part* of an LDMF, then what's the difference between a directory structure and an LDMF? You could store a deep directory structure in an LDMF. The question is how do you identify sub-parts of an LDMF in order to talk about them with someone else and grant someone else access to them. You don't want to grant them access to a byte span! Like, here's read access to bytes 1000 through 3000 of this file, because then you could no longer safely insert and delete things in that file. Brian once suggested packing the share data of multiple files and directories together for more efficient download and storage -- a "Virtual CD" -- #204, #1029. Once we finish the next RAIC Milestone, David-Sarah will focus on Tahoe-LAFS v1.10 release. Zooko may not be able to focus on that much due to ongoing LeastAuthority.com work. LeastAuthority.com is bidding for another contract. https://tahoe-lafs.org/trac/tahoe-lafs/ticket/204# "virtual CDs" https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1029# download a subtree as an archive https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1240# remove ResponseCache in favour of MDMFSlotReadProxy's cache https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1543# rearrange share format to make downloads faster https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1687# store copy of block-hash-chain with each block Regards, Zooko Wilcox-O'Hearn Founder, CEO, and Customer Support Rep https://LeastAuthority.com _______________________________________________ tahoe-dev mailing list tahoe-dev at tahoe-lafs.org https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Tue Oct 2 11:45:41 2012 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 2 Oct 2012 20:45:41 +0200 Subject: [tahoe-dev] Tahoe-LAFS Weekly Dev Chat, 2012-10-02 Message-ID: <20121002184541.GA9750@leitl.org> ----- Forwarded message from Zooko Wilcox-OHearn ----- From bmcleod at chiofaro.com Tue Oct 2 08:03:11 2012 From: bmcleod at chiofaro.com (=?koi8-r?B?IvziIg==?=) Date: Tue, 2 Oct 2012 22:03:11 +0700 Subject: =?koi8-r?B?88/axMHOycUg3MvPzs/Nyd7F08vPyiDCxdrP0MHTzs/T1Mkgy8/N0A==?= =?koi8-r?B?wc7JyS4=?= Message-ID: <01cda0e9$b64df980$b9b3ba3a@bmcleod> Уважаемые коллеги! Приглашаем Вас на конференцию, посвященную созданию и внедрению служб безопасности на предприятии: Организация службы экономической безопасности на предприятии. Оценка и предупреждение потенциальных угроз. Внеплановые проверки бизнеса.. Дата и место проведения: с 15 по 17 октября 2012 года, г. Санкт-Петербург. В программе конференции: Служба экономической безопасности предприятия.Системы экономической безопасности компании. Направления деятельности службы экономической безопасности предприятия.Предотвращение недружественных поглощений. Практика противостояния захватчикам на различных уровнях и стадиях противоборства.Бизнес-разведка. Конкурентная разведка и промышленный шпионаж.Современные системы охраны объектов.Информационная безопасность предприятия.Основы организации и обеспечения защиты информации от утечки по техническим каналам на объектах управления. Демонстрация технических средств. По вопросам участия обращайтесь по телефону: (8I2) 6Ч2-О5-96 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2229 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Type: image/jpeg Size: 8546 bytes Desc: not available URL: From brian at ipsi.net Tue Oct 2 08:44:56 2012 From: brian at ipsi.net (=?koi8-r?B?IuvPzsbF0sXOw8nRINDPINzLz87PzcnexdPLz8ogwsXaz9DB087P0w==?= =?koi8-r?B?1Mki?=) Date: Wed, 3 Oct 2012 00:44:56 +0900 Subject: =?koi8-r?B?6c7Gz9LNwcPJz87OwdEgwsXaz9DB087P09TYINDSxcTQ0snR1MnR?= Message-ID: <01cda100$4eef7400$076385dd@brian> Уважаемые коллеги! Приглашаем Вас на конференцию, посвященную созданию и внедрению служб безопасности на предприятии: Организация службы экономической безопасности на предприятии. Оценка и предупреждение потенциальных угроз. Внеплановые проверки бизнеса.. Дата и место проведения: с 15 по 17 октября 2012 года, г. Санкт-Петербург. В программе конференции: Служба экономической безопасности предприятия.Системы экономической безопасности компании. Направления деятельности службы экономической безопасности предприятия.Предотвращение недружественных поглощений. Практика противостояния захватчикам на различных уровнях и стадиях противоборства.Бизнес-разведка. Конкурентная разведка и промышленный шпионаж.Современные системы охраны объектов.Информационная безопасность предприятия.Основы организации и обеспечения защиты информации от утечки по техническим каналам на объектах управления. Демонстрация технических средств. По вопросам участия обращайтесь по телефону: (8I2) 6Ч2-О5-96 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2230 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Type: image/jpeg Size: 8546 bytes Desc: not available URL: From branca at eagles.nfl.com Tue Oct 2 11:33:12 2012 From: branca at eagles.nfl.com (=?koi8-r?B?IuvPzsbF0sXOw8nRICL3zsXQzMHOz9fZxSDQ0s/XxdLLySDCydrOxQ==?= =?koi8-r?B?08EiIg==?=) Date: Wed, 3 Oct 2012 01:33:12 +0700 Subject: =?koi8-r?B?9yDTzNXWwtUgwsXaz9DB087P09TJ?= Message-ID: <01cda107$0d15fc00$511e8976@branca> Уважаемые коллеги! Приглашаем Вас на конференцию, посвященную созданию и внедрению служб безопасности на предприятии: Организация службы экономической безопасности на предприятии. Оценка и предупреждение потенциальных угроз. Внеплановые проверки бизнеса.. Дата и место проведения: с 15 по 17 октября 2012 года, г. Санкт-Петербург. В программе конференции: Служба экономической безопасности предприятия.Системы экономической безопасности компании. Направления деятельности службы экономической безопасности предприятия.Предотвращение недружественных поглощений. Практика противостояния захватчикам на различных уровнях и стадиях противоборства.Бизнес-разведка. Конкурентная разведка и промышленный шпионаж.Современные системы охраны объектов.Информационная безопасность предприятия.Основы организации и обеспечения защиты информации от утечки по техническим каналам на объектах управления. Демонстрация технических средств. По вопросам участия обращайтесь по телефону: (8I2) 6Ч2-О5-96 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2231 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Type: image/jpeg Size: 8546 bytes Desc: not available URL: From mk at dee.su Tue Oct 2 20:41:03 2012 From: mk at dee.su (Maxim Kammerer) Date: Wed, 3 Oct 2012 05:41:03 +0200 Subject: [liberationtech] Security / reliability of cryptoheaven ? Message-ID: On Wed, Oct 3, 2012 at 3:52 AM, Brian Conley wrote: > I am immediately suspicious of any service advertising simple easy encrypted > email Why? The notion that easy encrypted email is hard is a myth, perhaps resulting from people being trapped inside the concept of using PGP and its non-scalable bweb of trustb. LibertC) Linux implements cables communication [1], which provides just that b easy encrypted email. The catch is that there is no interoperability with SMTP, and there are no easy-to-remember usernames. > but perhaps someone here can offer a coherent reply based on their > privacy policy or other info as to why this should not be trusted? >From going over the security summary [2], I don't see why CryptoHeaven's servers can't trivially MITM retrieval of recipient's public key: bThe public portion of the key is then sent to the server where it can be picked up by others connecting to the system.b >From Security FAQ [3]: bCryptoHeaven manages public keys automatically and securely. User simply allows others to communicate with him through the use of "Contacts" within the CryptoHeaven system. The system takes care of the exchange of the public keys automatically.b The underlying problem is that the username (apparently) does not include a hash of the public key. It is possible that user ID mentioned in bHow can I verify that I am sending messages to whom I think I am?b entry in the FAQ is such a hash, but it is not clear from the brief description. It is also not clear whether the server can decide to make a message disappear b i.e., are there mandatory authenticated receipts? And of course, due to the centralized nature of the system, CryptoHeaven can perform traffic analysis, building social networks of correspondents, etc. I am also not sure why they mention bnon-repudiation and anonymityb in the FAQ. Non-repudiation is seen as problematic in encrypted communications nowadays (together with lack of perfect forward secrecy, which seems to be an attribute of the protocol as well), and is differentiated from communication authenticity per se (e.g., see OTR [4]). The claim of anonymity looks like an overstatement. All of the above is written based on high-level descriptions on CryptoHeaven website b I didn't look at the code (which is available [5]), so some points could be incorrect. [1] http://dee.su/cables [2] http://www.cryptoheaven.com/Security/security-encrypted-email.htm [3] http://www.cryptoheaven.com/Security/SecurityFAQ.htm [4] http://www.cypherpunks.ca/otr/ [5] http://www.cryptoheaven.com/Download/Files/CryptoHeaven-SourceCode.jar -- Maxim Kammerer LibertC) Linux: http://dee.su/liberte -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From webmaster at felononline.info Wed Oct 3 06:50:02 2012 From: webmaster at felononline.info (Webmaster) Date: Wed, 03 Oct 2012 09:50:02 -0400 Subject: [tor-talk] clockskewer attack Message-ID: Found some interesting news on reddit. I dont know the tech behind it, but is sounds like playing with Clock allows you to get the IP address of the hidden service http://www.reddit.com/r/onions/comments/10usgv/clock_skewing_a_clever_unconventional_means_of/ http://pastebin.com/PfXUm3VQ Is this something to be worried about? _______________________________________________ tor-talk mailing list tor-talk at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From tedks at riseup.net Wed Oct 3 07:02:04 2012 From: tedks at riseup.net (Ted Smith) Date: Wed, 03 Oct 2012 10:02:04 -0400 Subject: [liberationtech] Security / reliability of cryptoheaven ? In-Reply-To: <20121003105929.GT9750@leitl.org> References: <20121003105929.GT9750@leitl.org> Message-ID: <1349272924.10549.0.camel@anglachel> On Wed, 2012-10-03 at 12:59 +0200, Eugen Leitl wrote: > Why? The notion that easy encrypted email is hard is a myth,... > LibertC) Linux implements cables > communication [1], which provides just that b easy encrypted email. > The catch is that there is no interoperability with SMTP, and there > are no easy-to-remember usernames. So... not email. -- Sent from Ubuntu [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From tedks at riseup.net Wed Oct 3 08:09:00 2012 From: tedks at riseup.net (Ted Smith) Date: Wed, 03 Oct 2012 11:09:00 -0400 Subject: [tor-talk] clockskewer attack In-Reply-To: <20121003145222.GL9750@leitl.org> References: <20121003145222.GL9750@leitl.org> Message-ID: <1349276940.10549.1.camel@anglachel> The "attack" assumes that the targeted hidden service is running a Tor relay. On Wed, 2012-10-03 at 16:52 +0200, Eugen Leitl wrote: > ----- Forwarded message from Webmaster ----- > > From: Webmaster > Date: Wed, 03 Oct 2012 09:50:02 -0400 > To: tor-talk at lists.torproject.org, tor-relays-request at lists.torproject.org > Subject: [tor-talk] clockskewer attack > User-Agent: Mozilla/5.0 (X11; Linux x86_64; > rv:15.0) Gecko/20120912 Thunderbird/15.0.1 > Reply-To: tor-talk at lists.torproject.org > > Found some interesting news on reddit. I dont know the tech behind it, > but is sounds like playing with Clock allows you to get the IP address of > the hidden service > > http://www.reddit.com/r/onions/comments/10usgv/clock_skewing_a_clever_unconve ntional_means_of/ > > http://pastebin.com/PfXUm3VQ > > > Is this something to be worried about? > _______________________________________________ > tor-talk mailing list > tor-talk at lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > ----- End forwarded message ----- -- Sent from Ubuntu [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From annalist at riseup.net Wed Oct 3 03:51:19 2012 From: annalist at riseup.net (Anne Roth) Date: Wed, 03 Oct 2012 12:51:19 +0200 Subject: [liberationtech] German police monitors Skype, GoogleMail and Facebook chat Message-ID: The German government a while ago answered questions about expenditures by the federal ministry of home affairs for private service providers b hardly noticed by the English speaking world. The parlamentary enquiry (bMinor interpellationb) no. 17/10077 by Jan Korte, MP of The Left party, has now been translated into English. The answers were far more detailed than one would expect. Therebs 43 pages (this includes questions), 20 of which are tables that list who was contracted, how much money was paid, what for and how each paid item was used. The German ministry for home affairs and thus the German police clearly state that they are monitoring Skype, Google Mail, MSN Hotmail, Yahoo Mail and Facebook chat if deemed necessary. Money is spent on trojan viruses and we can be quite certain which company produces the IMSI catchers used by German police. We know how much money was spent by the Federal Police on border control biometrics, on passenger information systems and telecommunications surveillance. Digitask, a company whose reputation was clearly damaged after its trojan virus was found and analysed by the Chaos Computer Club in 2011, seems to still be a regular contractor of German authorities. Altogether more than a billion Euro was spent on private services by German police and other public authorities in the realm of the ministry of home affairs in the years 2002 b 2012. A slightly longer version of this plus the pdf can be found here: http://annalist.noblogs.org/post/2012/10/03/german-police-monitors-skype-googlemail-and-facebook-chat/ Best, Anne -- http://about.me/annalist http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x7689407F942951E2 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Wed Oct 3 03:59:29 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 3 Oct 2012 12:59:29 +0200 Subject: [liberationtech] Security / reliability of cryptoheaven ? Message-ID: <20121003105929.GT9750@leitl.org> ----- Forwarded message from Maxim Kammerer ----- From eugen at leitl.org Wed Oct 3 04:09:13 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 3 Oct 2012 13:09:13 +0200 Subject: [liberationtech] German police monitors Skype, GoogleMail and Facebook chat Message-ID: <20121003110913.GC9750@leitl.org> ----- Forwarded message from Anne Roth ----- From tedks at riseup.net Wed Oct 3 10:21:19 2012 From: tedks at riseup.net (Ted Smith) Date: Wed, 03 Oct 2012 13:21:19 -0400 Subject: [tor-relays] [tor-talk] clockskewer attack In-Reply-To: <20121003153944.GN9750@leitl.org> References: <20121003153944.GN9750@leitl.org> Message-ID: <1349284879.10549.3.camel@anglachel> >From the script (pastebin link): > #!/usr/bin/env python2.7 > # > # clockskewer.py -- skewers http servers in onionland to an ip address > # > # This script takes advantage of the fact that no one > # in onionland configures their http server correctly > # by having it send datetime stamps in every response > # > # calculates the clockskew and then finds a corrilating > # tor relay with an open http server with the same skew > So it actually assumes that the targeted hidden service is running a Tor relay _and_ an open HTTP server. (I've cc'd cypherpunks on this so that you don't have to keep forwarding things around, Eugen.) On Wed, 2012-10-03 at 17:39 +0200, Eugen Leitl wrote: > ----- Forwarded message from Ted Smith ----- > > From: Ted Smith > Date: Wed, 03 Oct 2012 11:09:00 -0400 > To: Eugen Leitl > Cc: cypherpunks at al-qaeda.net > Subject: Re: [tor-talk] clockskewer attack > > The "attack" assumes that the targeted hidden service is running a Tor > relay. > > On Wed, 2012-10-03 at 16:52 +0200, Eugen Leitl wrote: > > ----- Forwarded message from Webmaster ----- > > > > From: Webmaster > > Date: Wed, 03 Oct 2012 09:50:02 -0400 > > To: tor-talk at lists.torproject.org, tor-relays-request at lists.torproject.org > > Subject: [tor-talk] clockskewer attack > > User-Agent: Mozilla/5.0 (X11; Linux x86_64; > > rv:15.0) Gecko/20120912 Thunderbird/15.0.1 > > Reply-To: tor-talk at lists.torproject.org > > > > Found some interesting news on reddit. I dont know the tech behind it, > > but is sounds like playing with Clock allows you to get the IP address of > > the hidden service > > > > http://www.reddit.com/r/onions/comments/10usgv/clock_skewing_a_clever_unconve ntional_means_of/ > > > > http://pastebin.com/PfXUm3VQ > > > > > > Is this something to be worried about? > > _______________________________________________ > > tor-talk mailing list > > tor-talk at lists.torproject.org > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > > > ----- End forwarded message ----- > > > -- > Sent from Ubuntu > > > > ----- End forwarded message ----- -- Sent from Ubuntu [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Wed Oct 3 07:52:22 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 3 Oct 2012 16:52:22 +0200 Subject: [tor-talk] clockskewer attack Message-ID: <20121003145222.GL9750@leitl.org> ----- Forwarded message from Webmaster ----- From tedks at riseup.net Wed Oct 3 19:24:36 2012 From: tedks at riseup.net (Ted Smith) Date: Wed, 03 Oct 2012 22:24:36 -0400 Subject: [tor-relays] [tor-talk] clockskewer attack In-Reply-To: References: <20121003153944.GN9750@leitl.org> <1349284879.10549.3.camel@anglachel> Message-ID: <1349317476.21430.10.camel@anglachel> On Thu, 2012-10-04 at 05:07 +0300, Sampo Syreeni wrote: > On 2012-10-03, Ted Smith wrote: > > > So it actually assumes that the targeted hidden service is running a > > Tor relay _and_ an open HTTP server. > > The basic attack pattern is extensible to a relay and any service which > can be correlated with each other, through any sufficiently selective > metadata divulged by both services. It ain't a new one, either; I seem > to remember this sort of stuff being done from at least 2008, which > prolly makes the idea older since I'm not exactly a pro in the field. > > The general statistical attack pattern is correlate, accumulate and > intersect. The research behind Tor talks about this stuff already, and > notes it cannot be stopped if we presume the relay operator leaks such > correlated information. So yes, you ought to be worried -- as the > operator of a hidden service. This particular script that is currently being hyped up on Reddit as "de-anonymizing most Tor hidden servers" simply makes too many assumptions to be feasible. Yes, this sort of attack is feasible in principle, and this script will probably work if you find a hidden service that is also a relay and is also a publicly reachable HTTP server, but saying it can be carried out against most hidden services is simply false as a matter of fact. Hidden services don't need to be reachable from the Internet. They don't need to have accurate clocks. And as a result, a lot of them aren't vulnerable to a program on the Internet that is being marketed as reliably de-anonymizing hidden services. To summarize: * This is not a novel attack * This particular variant of the attack ("clockskewer") is not effective against many if not most hidden services * The people claiming it does on Reddit are scare-mongering Tor for karma, and that irritates me as someone who likes Tor and wants people who need more-secure systems to research Tor and see the stable, well-tested tool that it is, rather than hype from Reddit. -- Sent from Ubuntu [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From decoy at iki.fi Wed Oct 3 19:07:57 2012 From: decoy at iki.fi (Sampo Syreeni) Date: Thu, 4 Oct 2012 05:07:57 +0300 (EEST) Subject: [tor-relays] [tor-talk] clockskewer attack In-Reply-To: <1349284879.10549.3.camel@anglachel> References: <20121003153944.GN9750@leitl.org> <1349284879.10549.3.camel@anglachel> Message-ID: On 2012-10-03, Ted Smith wrote: > So it actually assumes that the targeted hidden service is running a > Tor relay _and_ an open HTTP server. The basic attack pattern is extensible to a relay and any service which can be correlated with each other, through any sufficiently selective metadata divulged by both services. It ain't a new one, either; I seem to remember this sort of stuff being done from at least 2008, which prolly makes the idea older since I'm not exactly a pro in the field. The general statistical attack pattern is correlate, accumulate and intersect. The research behind Tor talks about this stuff already, and notes it cannot be stopped if we presume the relay operator leaks such correlated information. So yes, you ought to be worried -- as the operator of a hidden service. -- Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front +358-50-5756111, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 From anus at euterpe.ca Thu Oct 4 10:04:16 2012 From: anus at euterpe.ca (=?koi8-r?B?Iuvw6yAi8NLJzcXOxc7JxSDXz8TOz8fPIMvPxMXL08EiIg==?=) Date: Thu, 4 Oct 2012 09:04:16 -0800 Subject: =?koi8-r?B?8NLJzcXOxc7JxSDXz8TOz8fPIMvPxMXL08E=?= Message-ID: <01cda20f$3ae66800$4748626d@anus> Маскаев Денис Олегович - инженер по охране окружающей среды: Специфическая особенность права водопользования, виды водных объектов и нормы регулирования водных отношений. Содержание, виды и сроки водопользования. Нормативы вредных воздействий на водные ресурсы. Актуальные темы: 1.Углубление знаний водопользователей в сфере российского водного законодательства. 2.Новации и противоречия водного законодательства, механизмы водопользования. 3.Водные объекты и водные ресурсы РФ. 4.Комментарии и разъяснения ФЗ N 416-ФЗ от 07.12.2011 "О ВОДОСНАБЖЕНИИ И ВОДООТВЕДЕНИИ". 5.Права собственности на водные объекты. 6.Основы управления водными объектами, предусмотренные Водным кодексом РФ. 7.Правила использования и охраны водных объектов. 8.Понятия и составные части водного объекта. 9.Разграничение собственности на водные объекты между РФ, субъектами РФ, муниципальными образованиями, физическими и юридическими лицами. Эти и другие вопросы будут рассматриваться в рамках курса повышения квалификации: В О Д Н Ы Й К О Д Е К С. Применение водного законодательства в 2012 году. ФЗ N 416-ФЗ от 07.12.2011 "О ВОДОСНАБЖЕНИИ И ВОДООТВЕДЕНИИ" Дата проведения мероприятия: 06 - 07 ноября 2012 г. Место проведения: г. Санкт - Петербург ********************************** По окончании курса выдается удостоверение государственного образца о повышении квалификации ********************************** Узнать больше информации вы можете по телефону: (8I2) 6Ч2__ОЧ ЗЧ Бунина Светлана Ивановна менеджер информационного отдела From bonny at oostende.be Thu Oct 4 08:15:22 2012 From: bonny at oostende.be (=?koi8-r?B?IuvV0tMgIvfPxM7ZyiDLz8TFy9Mg8uYiIg==?=) Date: Thu, 4 Oct 2012 16:15:22 +0100 Subject: =?koi8-r?B?8NLJzcXOxc7JxSDXz8TOz8fPIMvPxMXL08E=?= Message-ID: <01cda24b$743cc900$6f374559@bonny> Маскаев Денис Олегович - инженер по охране окружающей среды: Специфическая особенность права водопользования, виды водных объектов и нормы регулирования водных отношений. Содержание, виды и сроки водопользования. Нормативы вредных воздействий на водные ресурсы. Актуальные темы: 1.Углубление знаний водопользователей в сфере российского водного законодательства. 2.Новации и противоречия водного законодательства, механизмы водопользования. 3.Водные объекты и водные ресурсы РФ. 4.Комментарии и разъяснения ФЗ N 416-ФЗ от 07.12.2011 "О ВОДОСНАБЖЕНИИ И ВОДООТВЕДЕНИИ". 5.Права собственности на водные объекты. 6.Основы управления водными объектами, предусмотренные Водным кодексом РФ. 7.Правила использования и охраны водных объектов. 8.Понятия и составные части водного объекта. 9.Разграничение собственности на водные объекты между РФ, субъектами РФ, муниципальными образованиями, физическими и юридическими лицами. Эти и другие вопросы будут рассматриваться в рамках курса повышения квалификации: В О Д Н Ы Й К О Д Е К С. Применение водного законодательства в 2012 году. ФЗ N 416-ФЗ от 07.12.2011 "О ВОДОСНАБЖЕНИИ И ВОДООТВЕДЕНИИ" Дата проведения мероприятия: 06 - 07 ноября 2012 г. Место проведения: г. Санкт - Петербург *************************************************************************************************** По окончании курса выдается удостоверение государственного образца о повышении квалификации *************************************************************************************************** Узнать больше информации вы можете по телефону: (8I2) 6Ч2.ОЧ_ЗЧ Бунина Светлана Ивановна менеджер информационного отдела From schoen at eff.org Thu Oct 4 17:06:27 2012 From: schoen at eff.org (Seth David Schoen) Date: Thu, 4 Oct 2012 17:06:27 -0700 Subject: [liberationtech] CryptoParty Handbook Message-ID: Andrew Mallis writes: > FYI > > This 392 page, Creative Commons licensed handbook is designed to help > those with no prior experience to protect their basic human right > to Privacy in networked, digital domains. By covering a broad array > of topics and use contexts it is written to help anyone wishing to > understand and then quickly mitigate many kinds of vulnerability using > free, open-source tools. Most importantly however this handbook is > intended as a reference for use during Crypto Parties. > > > PDF available for download and more info: > > https://cryptoparty.org/wiki/CryptoPartyHandbook I'm grateful to people for doing this (and happy that it built upon some prior sprints that I was part of!) but I'm a bit worried about errors. Starting from the end of the book I fairly quickly came upon two things that concerned me: "Quantum cryptography is the term used to describe the type of cryptography that is now necessary to deal with the speed at which we now process information and the related security measures that are necessary. Essentially it deals with how we use quantum communication to securely exchange a key and its associated distribution. As the machines we use become faster the possible combinations of public-key encryptions and digital signatures becomes easier to break and quantum cryptography deals with the types of algorithms that are necessary to keep pace with more advanced networks." I think the first and third sentences of this paragraph are completely mistaken. (The second sentence is right to assert that quantum cryptography deals with key-exchange mechanisms.) First, quantum cryptography for key exchange is unrelated to "the speed at which we now process information". In fact, conventional encryption has scaled well and more than kept pace with increases in communications data rates, particularly since our CPUs have gotten faster much faster than our communications links have. That's one reason that it's now much more feasible to use HTTPS routinely for web services -- current CPUs can handle the ciphers involved efficiently, and some CPUs even have hardware acceleration for AES. It's also not clear that using quantum cryptography is "necessary" for anyone today. QKD still requires strong authentication https://en.wikipedia.org/wiki/Quantum_key_distribution#Man-in-the-middle_attack so although it could reduce the need to make assumptions about the difficulty of solving math problems that are used in other forms of key distribution, it does _not_ make the authentication problem go away. The authentication problem is the logistically difficult thing about using all distributed cryptosystems, so when you use QKD you still encounter these logistical difficulties, in addition to (in most existing implementations) the extra major logistical difficulty of needing a physically directly connected fiber optic cable (!) between the parties who are trying to establish a key. Yikes! The book's suggestion that "[a]s the machines we use become faster the combinations of public-key encryptions and digital signatures becomes easier to break" is also not an argument for using quantum cryptography, just appropriate key lengths. See http://www.keylength.com/ NIST and others have thought about what appropriate cryptographic key lengths are to respond to the phenomenon of computers getting faster. That's why current NIST recommendations call for using 2048-bit RSA instead of 1024-bit RSA -- not a quantum cryptosystem, just a stronger key length. I was also concerned by the "Securely Destroying Data" section. Although it acknowledges some situations under which erased data (or even overwritten data) could be recovered, it seems to treat these situations as exceptional and multiple-overwrite tools generally reliable. It doesn't mention that these tools are potentially quite untrustworthy on current filesystems even under normal conditions, because of data journaling. (I first learned about this problem from John Gilmore.) In fact, even the man page for shred gives a warning about this: CAUTION: Note that shred relies on a very important assumption: that the file system overwrites data in place. This is the traditional way to do things, but many modern file system designs do not satisfy this assumption. The following are examples of file systems on which shred is not effective, or is not guaranteed to be effective in all file sysb tem modes: * log-structured or journaled file systems, such as those supplied with AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.) * file systems that write redundant data and carry on even if some writes fail, such as RAID-based file systems * file systems that make snapshots, such as Network Appliance's NFS server * file systems that cache in temporary locations, such as NFS version 3 clients * compressed file systems In the case of ext3 file systems, the above disclaimer applies (and shred is thus of limited effectiveness) only in data=journal mode, which journals file data in addition to just metadata. In both the data=ordered (default) and data=writeback modes, shred works as usual. Ext3 journaling modes can be changed by adding the data=something option to the mount options for a particular file system in the /etc/fstab file, as documented in the mount man page (man mount). The wipe man page says Journaling filesystems (such as Ext3 or ReiserFS) are now being used by default by most Linux distributions. No secure deletion program that does filesystem-level calls can sanitize files on such filesystems, because sensitive data and metadata can be written to the journal, which cannot be readily accessed. Per-file secure deletion is better implemented in the operating system. Some people see this concern as hypothetical, but it's pretty easy to test with loopback mounting. I just made a 100 MB file, initialized it with zeroes, created an ext4 filesystem in it, and loopback mounted the filesystem. Then I created several very large text files with repeating, easy-to-recognize contents, and then deleted the files with shred -u. It was still possible to find a small number of copies of the text file contents in the underlying storage file afterward -- probably because of data journaling in ext4. The book spends several pages describing how to make GUI interfaces for wipe and shred under GNOME, remarks that wipe is "a little more secure" than shred, and doesn't mention that (according to their own official documentation) neither program can be assumed to work properly on a modern system! :-( Things like this make me worry that this book needs some more work. -- Seth Schoen Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From arma at mit.edu Thu Oct 4 14:21:23 2012 From: arma at mit.edu (Roger Dingledine) Date: Thu, 4 Oct 2012 17:21:23 -0400 Subject: [liberationtech] The Tor Project is looking for a Project Coordinator Message-ID: We have funding for a full-time person. Please spread the word! A project coordinator is the person who brings order to chaos. You will coordinate and help track deliverables, progress, and metrics of current projects. You will also help plan future projects through proposals. Your impact will involve: * Deriving deliverables, deadlines, and milestones for each active contract. * Developing timelines and schedules for completion of milestones and deliverables for each active, and occasionally proposed, contract. * Collecting ideas and potential deliverables for the future. * Raising concerns, timeline slips, and probability of missed deadlines to management. * Helping with managing people's schedules, work load, and keeping various people or teams in communication with one another. * Tracking deliverable completion. * Developing and maintaining metrics about project completion rate and other measures as based on evidence-based project management or something similar. * Helping contractors develop their contract deliverables for six month periods based on expected workload. * Maintaining project status pages on trac (or whatever system we have) with deliverables, tickets, and monthly summaries of progress. * Helping to write the monthly progress reports required for contracts. See the job posting for information on how to apply and what you need to send in with your application: https://www.torproject.org/about/jobs-projectcoordinator.html.en Thanks, --Roger -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From steveweis at gmail.com Thu Oct 4 18:54:14 2012 From: steveweis at gmail.com (Steve Weis) Date: Thu, 4 Oct 2012 18:54:14 -0700 Subject: [liberationtech] CryptoParty Handbook Message-ID: For what it's worth regarding multiple passes to sanitize data: http://www.infosecisland.com/blogview/16130-The-Urban-Legend-of-Multipass-Hard-Disk-Overwrite.html http://cs.harvard.edu/malan/publications/pet06.pdf On Thu, Oct 4, 2012 at 5:06 PM, Seth David Schoen wrote: > > I was also concerned by the "Securely Destroying Data" section. Although > it > acknowledges some situations under which erased data (or even overwritten > data) could be recovered, it seems to treat these situations as exceptional > and multiple-overwrite tools generally reliable. It doesn't mention that > these tools are potentially quite untrustworthy on current filesystems even > under normal conditions, because of data journaling. (I first learned > about > this problem from John Gilmore.) In fact, even the man page for shred > gives > a warning about this: > > -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From bowman at riedyphoto.com Thu Oct 4 07:47:36 2012 From: bowman at riedyphoto.com (=?koi8-r?B?IvDSz8XL1M7PLcna2dPLwdTFzNjO2cUg0sHCz9TZIg==?=) Date: Thu, 4 Oct 2012 21:47:36 +0700 Subject: =?koi8-r?B?98/Ezs/FINrBy8/Oz8TB1MXM2NPU188=?= Message-ID: <01cda279$ddd3cc00$f33f1a7b@bowman> Маскаев Денис Олегович - инженер по охране окружающей среды: Специфическая особенность права водопользования, виды водных объектов и нормы регулирования водных отношений. Содержание, виды и сроки водопользования. Нормативы вредных воздействий на водные ресурсы. Актуальные темы: 1.Углубление знаний водопользователей в сфере российского водного законодательства. 2.Новации и противоречия водного законодательства, механизмы водопользования. 3.Водные объекты и водные ресурсы РФ. 4.Комментарии и разъяснения ФЗ N 416-ФЗ от 07.12.2011 "О ВОДОСНАБЖЕНИИ И ВОДООТВЕДЕНИИ". 5.Права собственности на водные объекты. 6.Основы управления водными объектами, предусмотренные Водным кодексом РФ. 7.Правила использования и охраны водных объектов. 8.Понятия и составные части водного объекта. 9.Разграничение собственности на водные объекты между РФ, субъектами РФ, муниципальными образованиями, физическими и юридическими лицами. Эти и другие вопросы будут рассматриваться в рамках курса повышения квалификации: В О Д Н Ы Й К О Д Е К С. Применение водного законодательства в 2012 году. ФЗ N 416-ФЗ от 07.12.2011 "О ВОДОСНАБЖЕНИИ И ВОДООТВЕДЕНИИ" Дата проведения мероприятия: 06 - 07 ноября 2012 г. Место проведения: г. Санкт - Петербург ---------------------------------------------------------------------- По окончании курса выдается удостоверение государственного образца о повышении квалификации ---------------------------------------------------------------------- Узнать больше информации вы можете по телефону: (8I2) 6Ч2_ОЧ.ЗЧ Бунина Светлана Ивановна менеджер информационного отдела From armin.dormehl at mvl.ca Thu Oct 4 06:43:55 2012 From: armin.dormehl at mvl.ca (=?koi8-r?B?IuvV0tMgIvfPxM7ZyiDLz8TFy9Mg8uYiIg==?=) Date: Thu, 4 Oct 2012 22:43:55 +0900 Subject: =?koi8-r?B?98/Ezs/FINrBy8/Oz8TB1MXM2NPU188=?= Message-ID: <01cda281$bbde4780$11002d7a@armin.dormehl> Маскаев Денис Олегович - инженер по охране окружающей среды: Специфическая особенность права водопользования, виды водных объектов и нормы регулирования водных отношений. Содержание, виды и сроки водопользования. Нормативы вредных воздействий на водные ресурсы. Актуальные темы: 1.Углубление знаний водопользователей в сфере российского водного законодательства. 2.Новации и противоречия водного законодательства, механизмы водопользования. 3.Водные объекты и водные ресурсы РФ. 4.Комментарии и разъяснения ФЗ N 416-ФЗ от 07.12.2011 "О ВОДОСНАБЖЕНИИ И ВОДООТВЕДЕНИИ". 5.Права собственности на водные объекты. 6.Основы управления водными объектами, предусмотренные Водным кодексом РФ. 7.Правила использования и охраны водных объектов. 8.Понятия и составные части водного объекта. 9.Разграничение собственности на водные объекты между РФ, субъектами РФ, муниципальными образованиями, физическими и юридическими лицами. Эти и другие вопросы будут рассматриваться в рамках курса повышения квалификации: В О Д Н Ы Й К О Д Е К С. Применение водного законодательства в 2012 году. ФЗ N 416-ФЗ от 07.12.2011 "О ВОДОСНАБЖЕНИИ И ВОДООТВЕДЕНИИ" Дата проведения мероприятия: 06 - 07 ноября 2012 г. Место проведения: г. Санкт - Петербург ***************************************** По окончании курса выдается удостоверение государственного образца о повышении квалификации ***************************************** Узнать больше информации вы можете по телефону: (8I2) 6Ч2 ОЧ ЗЧ Бунина Светлана Ивановна менеджер информационного отдела From eugen at leitl.org Thu Oct 4 23:17:35 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 5 Oct 2012 08:17:35 +0200 Subject: [liberationtech] The Tor Project is looking for a Project Coordinator Message-ID: <20121005061735.GB9750@leitl.org> ----- Forwarded message from Roger Dingledine ----- From eugen at leitl.org Thu Oct 4 23:21:50 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 5 Oct 2012 08:21:50 +0200 Subject: [liberationtech] CryptoParty Handbook Message-ID: <20121005062150.GE9750@leitl.org> ----- Forwarded message from Seth David Schoen ----- From eugen at leitl.org Thu Oct 4 23:27:12 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 5 Oct 2012 08:27:12 +0200 Subject: [liberationtech] CryptoParty Handbook Message-ID: <20121005062712.GH9750@leitl.org> ----- Forwarded message from Steve Weis ----- From jya at pipeline.com Fri Oct 5 06:29:45 2012 From: jya at pipeline.com (John Young) Date: Fri, 05 Oct 2012 09:29:45 -0400 Subject: Cryptoanarchy Fear-rousing In-Reply-To: <20120927093040.GZ9750@leitl.org> References: <20120927093040.GZ9750@leitl.org> Message-ID: Fear-rousing by Andy Greenberg on cypherpunks and cryptoanarchy as origin of WikiLeaks and kind. Fingers Tim May as the mastermind. http://www.c-spanvideo.org/program/308445-4 Not much about the public benefits of cryptoanarchy, mostly a capitalist smear on behalf of governments with the mantra "governments need some secrets." From gfoster at entersection.org Sat Oct 6 08:30:07 2012 From: gfoster at entersection.org (Gregory Foster) Date: Sat, 06 Oct 2012 10:30:07 -0500 Subject: [drone-list] IDF shoots down drone in Israeli airspace Message-ID: Jerusalem Post (Oct 6) - "IDF: Unmanned aerial vehicle shot down in northern Negev": http://www.jpost.com/Defense/Article.aspx?id=286845 IDF is being cagey about or doesn't know the source of the drone: http://twitter.com/AvitalLeibovich/status/254573007052357633 gf -- Gregory Foster || gfoster at entersection.org @gregoryfoster <> http://entersection.com/ _______________________________________________ drone-list mailing list drone-list at lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/drone-list If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. Should you need immediate assistance, please contact the list moderator. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Sat Oct 6 10:29:49 2012 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 6 Oct 2012 19:29:49 +0200 Subject: [drone-list] IDF shoots down drone in Israeli airspace Message-ID: <20121006172949.GP9750@leitl.org> ----- Forwarded message from Gregory Foster ----- From moritz at torservers.net Sat Oct 6 10:57:31 2012 From: moritz at torservers.net (Moritz Bartl) Date: Sat, 06 Oct 2012 19:57:31 +0200 Subject: [liberationtech] secure text collaboration platforms Message-ID: Apart from the ones already mentioned, there is https://pad.riseup.net/ (Etherpad Lite) https://pads.ccc.de/ (Etherpad) Riseup Pads are also available as Tor hidden service: https://ttbmov2dezfs2fln.onion/ -- Moritz Bartl https://www.torservers.net/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Sat Oct 6 12:47:53 2012 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 6 Oct 2012 21:47:53 +0200 Subject: [liberationtech] secure text collaboration platforms Message-ID: <20121006194753.GQ9750@leitl.org> ----- Forwarded message from Moritz Bartl ----- From alexrosela at gmail.com Sun Oct 7 17:01:26 2012 From: alexrosela at gmail.com (Alex Rose) Date: Sun, 7 Oct 2012 17:01:26 -0700 Subject: [drone-list] drone-list Digest, Vol 33, Issue 3 Message-ID: This editorial in Pakistan's Daily Times may be of interest... Living Under Drones: the Psychological, Social, and Economic Impact of Drones in FATA. http://www.dailytimes.com.pk/default.asp?page=2012\05\10\story_10-5-2012_pg3_5 _______________________________________________ drone-list mailing list drone-list at lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/drone-list If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. Should you need immediate assistance, please contact the list moderator. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Sun Oct 7 23:18:36 2012 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 8 Oct 2012 08:18:36 +0200 Subject: [drone-list] drone-list Digest, Vol 33, Issue 3 Message-ID: <20121008061836.GY9750@leitl.org> ----- Forwarded message from Alex Rose ----- From gfoster at entersection.org Mon Oct 8 11:51:36 2012 From: gfoster at entersection.org (Gregory Foster) Date: Mon, 08 Oct 2012 13:51:36 -0500 Subject: [drone-list] #PTIPeaceMarch Message-ID: There was a very large peace march and rally in Pakistan over the weekend focusing on the issue of drone strikes in the FATA. The march was organized by Pakistan Tehreek-e-Insaf (PTI), which appears to be a budding political party emerging from roots as a peace and justice organization. http://www.insaf.pk/ https://twitter.com/PTIofficial The march was scheduled to travel from Islamabad to Waziristan, but was apparently impeded by Pakistani security forces which alleged the march was under threat. The march stopped in Tank for a rally led by PTI head Imran Khan [ @ImranKhanPTI ]. http://www.thenews.com.pk/Todays-News-13-17997-Forces-head-off-PTI-rally Reprieve UK was prominent in helping organize the event, represented by Clive Smith [ @CliveSSmith ]: http://www.reprieve.org.uk/blog/2012_10_08_drones_peace_march_clive_storify/ A delegation of 33 Americans participated, including former US diplomat Ann Wright and CodePink: http://en.wikipedia.org/wiki/Ann_Wright http://blip.tv/ptiofficialvideos/why-ex-us-diplomat-marie-ann-wright-is-joining-pti-peace-march-oct-3-2012-6383871 http://www.codepink4peace.org/article.php?id=6248 Here's a roundup of media coverage from around the world: http://redwishdotcom.wordpress.com/2012/10/08/peace-march-media-coverage/ Twitter tag was #PTIPeaceMarch: https://twitter.com/i/#!/search/%23PTIPeaceMarch?q=%23PTIPeaceMarch gf -- Gregory Foster || gfoster at entersection.org @gregoryfoster <> http://entersection.com/ _______________________________________________ drone-list mailing list drone-list at lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/drone-list If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. Should you need immediate assistance, please contact the list moderator. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Mon Oct 8 06:40:15 2012 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 8 Oct 2012 15:40:15 +0200 Subject: Monetarists Anonymous Message-ID: <20121008134015.GL9750@leitl.org> http://www.economist.com/node/21563752?fsrc=scn/fb/wl/pe/monetaristsanonymous Monetarists Anonymous After a spectacular crash, an online currency makes a surprising comeback Sep 29th 2012 | from the print edition bGIVE me control of a nationbs money supply, and I care not who makes its laws.b So said Mayer Amschel Rothschild, founder of the Rothschild banking dynasty. What would he make of Bitcoin, an online currency with no issuing authority whatsoever? Despite being written off following a speculative bubble and crash last year, the online cryptocurrency is still going strong, not least thanks to its ability to circumnavigate the law. Bitcoin was devised in 2009 by a mysterious figure known as Satoshi Nakomoto. It is the worldbs first, and so far only, decentralised online currency. Instead of a central bank, Bitcoins can be issued by anyone with a powerful personal computer: it mints them by solving extremely difficult mathematical problems. The problems are automatically made harder to ensure that the overall supply of Bitcoins cannot grow too fast. They are traded online, with transactions cryptographically authenticated. These curious capabilities make Bitcoins a combination of a commodity and a fiat currency (creating the coins is referred to as bminingb and they have value only because people accept them). But boosters inflated a Bitcoin bubble. Shortly after the currency launched, articles spread around the internet arguing that Bitcoins would protect wealth from hyperinflation and that early adopters would make a fortune. The dollar price of a Bitcoin currency unit climbed from a few cents in 2010 to a peak of nearly $30 in June 2011 (see chart), according to data compiled by Mt Gox, a popular online Bitcoin exchange. Inevitably, the currency then crashed back down, bottoming out at $2 in November 2011. But in the nine months since, Bitcoin has recovered. One unit now costs $12, and the volume of transactions is increasing. Though the price still fluctuates against the dollar, it is less volatile than it was, which makes it a better store of value. Its use as a means of exchange is also getting easier: an increasing number of online retailers take the currency, and new smartphone apps make Bitcoins almost as easy to use as cash. A proliferation of exchanges means that it is relatively easy to swap Bitcoins for conventional currencies. Tony Gallippi, the boss of Bitpay, which processes Bitcoin payments for retailers, says that his client list has increased from around 100 in March to 1,100 now. These are mostly e-commerce businesses, selling things like domain names and web hosting. But the list also includes a taxi-driver in Chicago and a dentist in Finland. bCredit cards werenbt designed for the internet,b he says. Bitcoin transactions cost less and cannot be reversed in the way credit-card transactions can be. This is important for firms selling to customers in countries known for credit-card fraud, such as Russia or Belarus. But another big reason for the currencybs success is its role in dodgy online markets. Although tracing Bitcoin transactions to real people is not impossible, the currencybs relative anonymity and ease of use makes it a natural conduit for criminal funds. On the website Silk Road, a sort of eBay for drugs hidden in a dark corner of the web known as Tor, Bitcoins are the only means of transaction. Buyers transfer their Bitcoins into an escrow account where they sit until receipt of the goods is confirmed. Bitcoin transactions on Silk Road are now worth $1.9m per month, estimates Nicolas Christin, a researcher at Carnegie Mellon University. This may explain why users put up with a big drawback. Bitcoins tend not to be very secure, says Richard Booth, a consultant at RSA, a cyber-security firm. As some users have found to their cost, hackers can sometimes steal Bitcoins from usersb online vaults. In the latest raid, on September 5th, hackers stole $250,000 in Bitcoins from Bitfloor, a large American exchange, causing it to shut down its operation. But although the raid caused a dip in the price of Bitcoins, it soon recovered. It turns out that a currency can thrive even when no one is making laws for it. From jd.cypherpunks at gmail.com Mon Oct 8 08:11:38 2012 From: jd.cypherpunks at gmail.com (jd.cypherpunks) Date: Mon, 8 Oct 2012 17:11:38 +0200 Subject: 3 Years in, Bitcoin Digital Money Gains Momentum Message-ID: Permanent Address: http://www.scientificamerican.com/article.cfm?id=3-years-in-bitcoin-digital-m oney-gains-momentum 3 Years in, Bitcoin Digital Money Gains Momentum The digital currency exchange network now includes more than 1,000 merchants and at least tens of thousands of unaffiliated users, as it tries to solve barriers to participation By Morgen Peck | Monday, October 8, 2012 | Nowadays Bitcoin adopters are providing some clues about the benefits of a decentralized, anonymous, digital currency. For instance, independent merchants use it to receive online payments directly from customers, WikiLeaks uses it to dodge financial barricades, and drug users use Bitcoin to shop anonymously on the Internet's black market. But not everything works smoothly. The system lacks a quick way for people to trade in their physical cash for Bitcoins. Foreign currency exchanges don't deal in Bitcoins, and finding someone to sell them in person remains a huge challenge. A few of the online exchanges that do exist have lost huge amounts of their customers' Bitcoins to hackersba combined sum now worth over one million dollarsbwhereas the more stable ones require users to self-identify in a way that undermines the network's anonymity. And although the number of merchants using Bitcoin is growing, one still can't find very many places to spend them. At a conference this month in London, Bitcoin's core developers and many of those who are building applications to make it more user-friendly confronted the currency's setbacks of the past year and planned a course forward intended to elevate it from a niche technophile currency into one that competes with physical money on all levels. "'It's a challenging project, but it's one that's going to change the world. So that's why we're all here,"' said Jeff Garzik, one of Bitcoin's lead developers. How it works Imagine sending money over the Internet as easily as sending an e-mailbany amount, any time, to anywhere in the worldbjust as though you're standing next to a person and handing them cash. This was never possible before Bitcoin. The name, Bitcoin, is slightly misleading as there are no real coins involved. In fact, it's a publicly shared ledger that keeps track of transactions among different accounts. The task of updating the ledger falls to whichever computers (referred to as nodes) happen to be running the Bitcoin software at any given timeba role that is completely voluntary. Anyone can participate at this level once they've downloaded the Bitcoin software and purchased "coins"busually from an online exchange. The price they pay for them depends entirely on how the market values them from one day to the next. When Bitcoin users want to transfer their money to another account, they send an encrypted request to the network, identifying the involved parties by random strings of letters and numbers rather than by name. In order to verify the transaction and update the ledger, one of the nodes must come up with the solution to a difficult mathematical problem called a "'hash function,"' which takes the raw data from the transaction request and reduces it into a new string of data with a shorter, fixed length. A computer can only settle on the solution by trial and error, making multiple random guesses until it works. Once completed, this work is prohibitively difficult to reproduce and, in effect, time stamps the transactions as they come in so that no one can work backward on the chain. The first node to solve the puzzle broadcasts its solution to all of the other nodes, which then agree on the new version of the ledger. In this way, control over the ledger is spread over the entire Bitcoin network. To the network, all of this looks like a long chain of transactions, reassigning ownership of an arbitrary unit called a Bitcoin. What users see depends on which applications they run to access the Bitcoin network. In general, the interface allows users to open any number of new anonymous accounts and then receive and send Bitcoins to and from any other account. A person who owns Bitcoins really just owns a cryptographic key used to access a specific account. The computers that maintain Bitcoin guzzle electricity, enough so that many people admit to running them at work instead of at home to shift the cost (many people rely on specialized GPUs and multiple units to run the software, such that power bills can noticeably increase). They are driven by an incentive. Every time a computer seals a block of transactions with a hash function, Bitcoin software creates 50 new coins and assigns them to the ownerbs account. This is how new currency is issued in the first place. Given that Bitcoin transactions occur in public, it's easy to measure the level of participation. According to Garzik, Bitcoin is expanding faster than it ever has since its birth three years ago. More than 60 trillion Bitcoins bounced between accounts since the beginning of this year, constituting nearly five million transactions, which is more than twice the number of transactions processed in 2011. Ever so slowly, merchants seem to be warming up to Bitcoin, according to Tony Gallippi, whose company, Bitpay, provides mobile checkout services to companies that want to accept Bitcoins. "I went to the Prague conference in November 2011 and we had about 100 merchants," he says. "We have about 1,100 now." Very few merchants deal only in Bitcoin. Mostbfor example, a massage therapist in Vancouver, a guitar shop in New Hampshire and 18craftsmen in the Etsy marketplaceblist Bitcoin alongside the standard payment options. When they finalize a deal in Bitcoin, they do so knowing that the transaction can never be reversed. The Bitcoin network doesn't edit its ledger. As such, merchants no longer have to worry whether they are charging a stolen credit card. "'The fraud mitigation is big for Internet merchants, because they are all handling card-not-present transactions. And the business has to eat the loss if the payment is reversed later on,"' Gallippi says. "'Using Bitcoin, a business can receive a payment from any country on the planet, instantly, with no risk of fraud."' Underworld and legitimate uses For others, Bitcoin has become a lifeline. In December 2010, soon after WikiLeaks uploaded 251,287 leaked U.S. embassy cables to its site, VISA, MasterCard, PayPal, Bank of America and Western Union united to embargo the group, refusing to carry out its transactions. According to WikiLeaks, the blockade, which continues today, choked off 95 percent of its donation stream. The activist group has been able to restore donations, in part, by accepting Bitcoin. As of September 30 WikiLeaks was holding the equivalent of $12,000 in its public Bitcoin address. "'It's important to them. At least they have one way of getting donations,"' says Birgitta JC3nsdC3ttir, a member of the Icelandic parliament and a co-producer of the WikiLeaks's Collateral Murder video (which chronicles two 2007 U.S. Army helicopter air strikes in Baghdad that killed two Reuters war correspondents and several probably unarmed men), who spoke in favor of Bitcoin at the conference. It would seem that Bitcoin has a little something for everyone: You can send money overseas to your kid in college without paying wire fees. You can anonymously fund activist institutions. You can buy drugs (legal and illegal pharmaceuticals as well as recreational ones). But first you have to have some to spend. And right now, getting a hold of Bitcoins is much harder than the people who advocate the currency would like it to be. Many of the smaller online exchanges where customers purchase their account value have fallen prey to hackers who broke in and stole the Bitcoins users were storing on the site. This summer Bitcoinica lost over $400,000 in Bitcoins to hackers, and early this month another exchange called Bitfloor closed down as it sought to rebound from $200,000 in stolen funds. The large exchanges that remain have responded to the crises by collecting personal details from their clients as a defense, a practice that many in the community say undermines the whole point of having an anonymous currency. Frank Braun, an IT security consultant and self-described privacy extremist, confronted the problem by urging people at the conference to open new over-the-counter exchanges. But it may also be possible to build an exchange that is as anonymous and decentralized as the Bitcoin network itself. In his talk in London, Mike Hearn, another core Bitcoin developer, proposed a peer-to-peer currency exchange that would link trusted buyers and sellers online and then leave them to sort out payment details amongst themselves. The system would require no central repository of money, eliminating the target for hackers. Nor would the system collect private details about the users, working from the same string of letters and numbers as the Bitcoin protocol. But perhaps most consequential for the future of Bitcoinbin order to shut down a peer-to-peer currency exchange, one would have to terminate every node on the network. The few lawyers who have studied Bitcoin all agree that the currency inhabits a legal gray area. No one really knows how governments would react if it gains traction, but many consider the exchanges to be the easiest target for people who want to regulate Bitcoin. Decentralizing the exchanges would make that job nearly impossible. Bitcoin developers are quickly proving that they can design decentralized alternatives to even the most sophisticated financial institutions. But some are building applications that use money in ways that had never before been possible in the digital world. Chris Raggio, a programmer in Mississippi, is working on a digital alternative for the common tip jar. The collection "vessel" would be a wall poster embedded with an NFC (near-field communication) chip, which could be programmed to accept Bitcoin donations. Unlike similar payments with PayPal or credit cards, one could make small donations without a fee, right on the spot, just like throwing a quarter in a jar. "'We hear all this talk that we're going to a cashless society," Raggio says. "Maybe we are and maybe we aren't. But if we are, we're going to need something like this to protect that money jar."' Similar applications are being built to facilitate micro-payments on the Internet and, if successful, they could reduce the extent to which content providers now depend on advertising revenue. Such applications could aid in inviting new users to participate in the Bitcoin economy. None of them have arrived yet, but many people are writing them, often quitting steady jobs to do so. At the end of his speech, Garzik rallied for the currency and asked for patience over the long haul. "'How long did it take to create the euro, implement the euro, widely distribute the currency, widely distribute the cash registers, point-of-sales systemsball of that stuff,"' he asked. "'It took years and years. And so one cannot reasonably expect Bitcoin to be an immediate success in two years."' --Michael From eugen at leitl.org Mon Oct 8 12:06:33 2012 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 8 Oct 2012 21:06:33 +0200 Subject: [drone-list] #PTIPeaceMarch Message-ID: <20121008190633.GB9750@leitl.org> ----- Forwarded message from Gregory Foster ----- From bbrewer at littledystopia.net Mon Oct 8 19:11:21 2012 From: bbrewer at littledystopia.net (b. brewer) Date: Mon, 08 Oct 2012 22:11:21 -0400 Subject: Gaga + wiki? Message-ID: <507387C9.5070408@littledystopia.net> http://littlemonsters.com/image/507362d04f5cf1bc4e00037f Bring in the Calvary? From berater at pkv-netz.com Mon Oct 8 11:13:32 2012 From: berater at pkv-netz.com (=?koi8-r?B?IvDP08zFxM7JxSDJ2s3FzsXOydEg1yDQ0sHXz9fPzSDNxcjBzsnazQ==?= =?koi8-r?B?xSDHz9PawcvB2iI=?=) Date: Tue, 9 Oct 2012 00:13:32 +0600 Subject: =?koi8-r?B?68/O1NLPzNgg0sHazcXdxc7J0SDHz9PVxMHS09TXxc7Oz8fPINrByw==?= =?koi8-r?B?wdrB?= Message-ID: <01cda5b2$ea765e00$c03f395f@berater> Евдокимов Руслан Ефимович - главный инженер проектов Частью внутренней политики РФ является проведение конкурсов на осуществление государственных заказов. Именно госзаказ способен обеспечить потребности заказчика в лице государства, как в работах, так и в различного рода товарах, которые обеспечивают полноценное осуществление госзаказчиками своих полномочий. Актуальные темы: _______________ 1.Основные направления реформирования государственного заказа. 2.Федеральная контрактная система. 3.Прогнозирование и планирование государственных и муниципальных нужд. 4.Особенности государственного (муниципального) контракта, как вида договора. 5.Развитие законодательства о размещении заказа. 6.Уполномоченные органы и механизмы государственного контроля в сфере размещения заказа. 7.Практика государственного контроля электронных торгов. 8.Защита интересов заказчиков в рамках процедур размещения заказа. 9.Наиболее распространенные нарушения антимонопольного законодательства, допускаемые заказчиками и поставщиками при размещении государственного заказа. Эти и другие вопросы будут рассматриваться в рамках курса повышения квалификации: ================================================================== ГОСУДАРСТВЕННЫЙ ЗАКАЗ. Основные направления реформирования торгов. Переход на Федеральную контрактную систему. Контроль размещения государственного заказа ФАС (Курс для заказчиков и поставщиков). ================================================================== Дата проведения: 22 - 23 октября 2012 Место проведения: г. Санкт - Петербург _________________________________________________ По окончании курса выдается удостоверение государственного образца о повышении квалификации _________________________________________________ Узнать больше информации вы можете по телефону: (812) 642-02-93 Ждановa Галина Борисовна менеджер информационного отдела From brais at rais.ca Mon Oct 8 08:46:43 2012 From: brais at rais.ca (=?koi8-r?B?IufP09XEwdLT1NfFzs7ZxSDawcvV0MvJIg==?=) Date: Tue, 9 Oct 2012 00:46:43 +0900 Subject: =?koi8-r?B?58/T1cTB0tPU18XOztnKINrBy8Ha?= Message-ID: <01cda5b7$8d30db80$4901edcb@brais> Евдокимов Руслан Ефимович - главный инженер проектов Частью внутренней политики РФ является проведение конкурсов на осуществление государственных заказов. Именно госзаказ способен обеспечить потребности заказчика в лице государства, как в работах, так и в различного рода товарах, которые обеспечивают полноценное осуществление госзаказчиками своих полномочий. Актуальные темы: _______________ 1.Основные направления реформирования государственного заказа. 2.Федеральная контрактная система. 3.Прогнозирование и планирование государственных и муниципальных нужд. 4.Особенности государственного (муниципального) контракта, как вида договора. 5.Развитие законодательства о размещении заказа. 6.Уполномоченные органы и механизмы государственного контроля в сфере размещения заказа. 7.Практика государственного контроля электронных торгов. 8.Защита интересов заказчиков в рамках процедур размещения заказа. 9.Наиболее распространенные нарушения антимонопольного законодательства, допускаемые заказчиками и поставщиками при размещении государственного заказа. Эти и другие вопросы будут рассматриваться в рамках курса повышения квалификации: ================================================================== ГОСУДАРСТВЕННЫЙ ЗАКАЗ. Основные направления реформирования торгов. Переход на Федеральную контрактную систему. Контроль размещения государственного заказа ФАС (Курс для заказчиков и поставщиков). ================================================================== Дата проведения: 22 - 23 октября 2012 Место проведения: г. Санкт - Петербург _________________________________________________ По окончании курса выдается удостоверение государственного образца о повышении квалификации _________________________________________________ Узнать больше информации вы можете по телефону: (812) 642-02-93 Ждановa Галина Борисовна менеджер информационного отдела From borisb at dqcsoftware.com Mon Oct 8 10:00:15 2012 From: borisb at dqcsoftware.com (=?koi8-r?B?IufP09XEwdLT1NfFzs7ZxSDawcvV0MvJIg==?=) Date: Tue, 9 Oct 2012 02:00:15 +0900 Subject: =?koi8-r?B?58/T1cTB0tPU18XOztnKINrBy8Ha?= Message-ID: <01cda5c1$d2f2a180$4810a079@borisb> Евдокимов Руслан Ефимович - главный инженер проектов Частью внутренней политики РФ является проведение конкурсов на осуществление государственных заказов. Именно госзаказ способен обеспечить потребности заказчика в лице государства, как в работах, так и в различного рода товарах, которые обеспечивают полноценное осуществление госзаказчиками своих полномочий. Актуальные темы: _______________ 1.Основные направления реформирования государственного заказа. 2.Федеральная контрактная система. 3.Прогнозирование и планирование государственных и муниципальных нужд. 4.Особенности государственного (муниципального) контракта, как вида договора. 5.Развитие законодательства о размещении заказа. 6.Уполномоченные органы и механизмы государственного контроля в сфере размещения заказа. 7.Практика государственного контроля электронных торгов. 8.Защита интересов заказчиков в рамках процедур размещения заказа. 9.Наиболее распространенные нарушения антимонопольного законодательства, допускаемые заказчиками и поставщиками при размещении государственного заказа. Эти и другие вопросы будут рассматриваться в рамках курса повышения квалификации: ================================================================== ГОСУДАРСТВЕННЫЙ ЗАКАЗ. Основные направления реформирования торгов. Переход на Федеральную контрактную систему. Контроль размещения государственного заказа ФАС (Курс для заказчиков и поставщиков). ================================================================== Дата проведения: 22 - 23 октября 2012 Место проведения: г. Санкт - Петербург _________________________________________________ По окончании курса выдается удостоверение государственного образца о повышении квалификации _________________________________________________ Узнать больше информации вы можете по телефону: (812) 642-02-93 Ждановa Галина Борисовна менеджер информационного отдела From katycarvt at gmail.com Tue Oct 9 09:23:58 2012 From: katycarvt at gmail.com (Katy P) Date: Tue, 9 Oct 2012 09:23:58 -0700 Subject: [liberationtech] best practices - roundup Message-ID: Best practices for traveling to an internet-hostile regime. There is a lot of variance - obviously the regime's capabilities as well as one's own visibility come into play. And, if it isn't obvious, I'm not a security expert. This is not official, legal advice. Everyone needs to research this on their own and make good decisions for themselves. If you're really not tech-savvy, it might be worthwhile to hook up with a tech-savvy friend (or IT professional) to do some of these steps. Regardless, here are some hints from the community: BEFORE YOUR TRIP - your laptop and mobile device should be ones that are fresh - factory reset to the original operating system and best case would be "burners" -- devices that you can factory reset upon return home (some suggested also using a bootable Linux install) - do not link your Dropbox, GDrive, or other file service at any time - do not be logged into GMail, social media sites, etc. - be careful with what photos you have on your phone (before leaving the country especially) - have a virus scanner installed - make sure that all software is up-to-date (Windows Updates, virus scanner) - any sensitive data/documents should be on a USB drive, not kept in an obvious place (like throw it in with your toiletries or something) with an encrypted volume - change all of your passwords to something very secure before your trip - install TOR - consider a mobile security app (Here's a review of some Android ones: http://www.digitaltrends.com/mobile/top-android-security-apps/) - encryption may be illegal and may cause more concern AT THE AIRPORT: - don't be logged into anything - be polite - don't be nervous DURING YOUR TRIP - when on WiFi, DNSCrypt http://www.opendns.com/technology/dnscrypt/ - set up a VPN connection - never leave your devices anywhere (even hotel safe) - assume phone conversations are monitored - turn off GPS - turn on encryption for your social media sites (Facebook encryption http://www.facebook.com/help/?faq=215897678434749 Twitter http://blog.twitter.com/2011/03/making-twitter-more-secure-https.html) - some suggest having a different "burner" social media account - be careful posting pictures and updates during trip LEAVING THE COUNTRY - if possible, it might be a good idea to do a factory reset on devices before going to the airport (??) - upon return, do factory resets of all devices - change passwords upon return Thanks to everyone that made suggestions. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From zooko at zooko.com Tue Oct 9 11:07:46 2012 From: zooko at zooko.com (Zooko Wilcox-O'Hearn) Date: Tue, 9 Oct 2012 12:07:46 -0600 Subject: [tahoe-dev] Tahoe-LAFS Weekly Dev Chat, 2012-10-09 (was: Tahoe-LAFS Weekly Dev Chat, 2012-10-02) Message-ID: I forgot to take notes during, so this is ex post facto. Other participants, please feel free to reply and add your recollections! In attendance: Zooko, CodesInChaos, Andrew, Brian, Ali who popped in briefly because the hangout was posted as a public chat on G+, David-Sarah The topic was mostly dynamic Merkle Trees and LDMFs again. (For those following along at home, Dynamic Merkle Trees are this idea of using something like a Red-Black Tree instead of a static Binary Tree as the structure for your secure-hash-function based "authenticated data structure". Andrew Miller claims that this is a unifying abstraction that describes both git and Bitcoin, as well as any future Tahoe-LAFS Large Distributed Mutable File. See previous week's notes 9.) I said that I had been looking at using Tahoe-LAFS as the backend for other systems, to give them decentralization, fault-tolerance, integrity-checking, access control, and encryption. Those systems that I've looked at a little bit include Ward Cunningham's Smallest Federated Wiki, Dan Whaley's Hypothesis, and Jeff Garzik's gleam-in-the-eye of a fault-tolerant form to make the Bitcoin forums DoS-resistant. In each of these cases as well as in others, I have the feeling that programmers want some sort of search or query language, and when they find that LAFS doesn't natively offer that, they give up on using it. Brian replied that what you have to do is maintain your own index. He called it "voluntary search", which is a turn of phrase that I like. MK_FG's recent attempt to make a Skydrive plugin for the Cloud backend is another example where voluntary search is needed. Andrew asked for a specific use case for LDMF. How and why anyone would use LDMFs even if we had them? After all, there's no way to use the features of an LDMF, such as efficiently inserting bytes into the middle of a file, through the standard POSIX file API. I groped around for a while trying to answer that. There are a few half-formed ideas about things that LDMFs *might* turn out to be useful for, such as "filesystem in a file", which is basically what the authors of virtual machines are doing to store their virtual machine images in POSIX filesystems. Other half-formed ideas are to use LDMFs as the backend storage for git. But I finally got a hold of a use case that seems clear enough: scalable directories. Directories ought to be able to hold arbitrarily many entries, support efficiently adding or removing children, ought to be able to maintain a sort order on the children, and support range queries on the children. That *is* something that you can express through the POSIX filesystem API, it seems clear that it could be useful, and very importantly for the purposes of Andrew's research, it is easy to evaluate how well your solution satisfies it. Such directories might make a good building block for search. I remember thinking when I unsuccessfully pitched LAFS as a possible backend for Singly/LockerProject that if only directories had been scalable, sorted, and range-queriable then LAFS might have sufficed for their needs. Along the way I pointed people at the performance.rst file: https://tahoe-lafs.org/trac/tahoe-lafs/browser/git/docs/performance.rst Only to see that it appears to be describing the performance of old SDMFs, not of MDMFs! For example it says: """ Downloading B bytes of an A-byte mutable file cpu: ~A network: A memory footprint: A notes: As currently implemented, mutable files must be downloaded in their entirety before any part of them can be read. We are exploring fixes for this; see ticket #393 for more information. """ Which is very stale information. We've closed #393 and made it so that you only need to download about B bytes to read B bytes of an A-byte mutable file. I thought we had updated performance.rst to reflect that. What gives? Do I misremember or did we somehow regress performance.rst? There are a few tickets about updating performance.rst to reflect the existence of MDMF: #1497, #1772. Andrew mentioned that since last week he implemented a new Red-Black Merkle Tree in C++, and it is 400X faster than the first Python-based prototype. I questioned why the language would make that much difference and suggested he try PyPy. Regards, Zooko https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1497# update docs/performance.rst to explain the performance of MDMFs https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1772# update docs to include MDMF 9 https://tahoe-lafs.org/pipermail/tahoe-dev/2012-October/007750.html _______________________________________________ tahoe-dev mailing list tahoe-dev at tahoe-lafs.org https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From djcapelis at cs.ucsc.edu Tue Oct 9 13:01:43 2012 From: djcapelis at cs.ucsc.edu (D J Capelis) Date: Tue, 9 Oct 2012 13:01:43 -0700 Subject: [liberationtech] Security / reliability of cryptoheaven ? Message-ID: On Tue, Oct 9, 2012 at 5:01 AM, Maxim Kammerer wrote: > On Wed, Oct 3, 2012 at 2:41 PM, D J Capelis wrote: > > I like the part where you say the problem is easy and then point to a > > solution with issues that make it anything but easy, tenable or > > workable. > > Why? The solution (if you refer to cables in LibertC)) is easy to use, > is robust, and it works. Until it works with gmail and other commonly used communications systems and/or works across multiple common devices and allows a user to extend their identity and ability to communicate securely using it across *all* of their devices we're not there yet. I know that's frustrating, but I think it's true. I realize that many of these systems are great tradeoffs that work in *some* niches, but pretending the problem of secure communications is simple and solved when most users do not have access to a usable solution goes too far IMO. I'm not saying the technology we have is bad, or that anything that's been developed isn't good, I'm just saying that calling the problem easy or solved erases the huge amount of space for work and progress that still remains. > There is apparently no solution to this > tradeoff b see Zooko's triangle in [2]. Yes. The fact that some levels of usability is *impossible* under some designs constraints contributes to the fact that writing this problem off as easy or solved is probably unwise. > [2] http://www.skyhunter.com/marcs/petnames/IntroPetNames.html For what it's worth, I think the PetNames are the right approach if you focus on Zooko's triangle as your solution space. (As Jake noted, it may be possible the square the triangle in some cases.) I think we often fail when it comes to good interfaces to make PetNames work in both a secure and usable way. (It should be so simple, but people have a tendency to mess it up.) But I'll note I haven't reviewed the interfaces for some of the systems discussed in this thread thoroughly. > That's why you need self-authenticating addresses, or another way of > non-optional recipient authentication. No disagreement from me. > > And that's not even getting into platform inter-op issues that > > drive so many people to want to do their crypto in a web interface or on > > some other person's server. > > You can't provide interoperability between secure and insecure systems > while leaving the security intact. That's why the military uses > compartmentalization and air gaps. That's certainly one approach, but are you *certain* it's the only one? It's a hard problem, but there are sometimes ways to bootstrap certain types of things on certain types of legacy systems. It gets really specific to the type of application in each case and exactly what parts of the system you want to try calling legacy and unchangeable vs. parts you want to say you can change. (Have you thought about the types of systems you could build with a bit of software and a bit hardware attached to a USB key? The possibilities there have been interesting. I like designing systems using sandwich stacks, where you control things under and over an otherwise insecure legacy system.) It is true that you usually can't get everything, but sometimes you can what you need. > > Pretending it's an easy problem because technologies exist that aren't > > usable ignore the real technology issues we haven't solved yet. > > Only if you want to use technologies that weren't developed with > security in mind. I like talking to people using technologies they already use. When and if I can do that securely, I'm happy. When and if I cannot, I'm aware that there is a lot more progress left to be made on problems that aren't easy, aren't solved and often aren't tech issues. My objection wasn't about the technology, it was about declaring problems as solved and easy when they aren't solved yet. Which isn't to say we haven't made progress and shouldn't celebrate that progress, but I think we can and should do that in a way that keeps a sharp focus on the challenges which remain. ~DJ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From bbrewer at littledystopia.net Tue Oct 9 13:43:25 2012 From: bbrewer at littledystopia.net (b. brewer) Date: Tue, 09 Oct 2012 16:43:25 -0400 Subject: Gaga + wiki? In-Reply-To: <67FF56DE-8DDF-459F-A8F5-C82B7CDA1AAB@datavibe.net> References: <507387C9.5070408@littledystopia.net> <67FF56DE-8DDF-459F-A8F5-C82B7CDA1AAB@datavibe.net> Message-ID: <50748C6D.5050605@littledystopia.net> Depending on ones viewpoint of the people involved, the 3rd definition could hold true... "CalB7vaB7ryb b[kal-vuh-ree] Show IPA noun, plural CalB7vaB7ries for 2, 3. 1. Golgotha, the place where Jesus was crucified. Luke 23:33. 2. ( often lowercase ) a sculptured representation of the Crucifixion, usually erected in the open air. 3. ( lowercase ) an experience or occasion of extreme suffering, especially mental suffering." (http://dictionary.reference.com/browse/Calvary?s=t) But yes, you are correct in my incorrect word usage. On that note, how do you think this will impact the opinions of others on either character? I'm trying to figure out if it will 'help' Assange or if it will 'harm' gaga. (Yes, I'm trying to quantify something that is hard / silly to quantify). On 10/8/2012 10:28 PM, Jeffrey Paul wrote: > I think you mean cavalry. > > -jp From bin at bluenile.com Tue Oct 9 08:14:04 2012 From: bin at bluenile.com (=?koi8-r?B?IuvPzsbF0sXOw8nRICL8y8/Mz8fJ3sXTy8HRINzL09DF0tTJ2sEiIg==?= =?koi8-r?B?A===?=) Date: Tue, 9 Oct 2012 17:14:04 +0200 Subject: =?koi8-r?B?/MvPzM/Hyd7F08vB0SDcy9PQxdLUydrBINDSz8XL1M/XINcg09TSzw==?= =?koi8-r?B?ydTFzNjT1NfFLg==?= Message-ID: <01cda641$7b941600$1f3c7eb2@bin> Ведущему инженеру экологу В последнее время во всем цивилизованном мире все больше внимания уделяется вопросам эффективности экологического контроля и управления, где важное место занимает соблюдение природоохранных норм и правил на всех стадиях реализации того или иного проекта. Приглашаем Вас на КОНФЕРЕНЦИЮ, рассматривающую последние изменения в законодательстве РФ в области экологического права в строительстве ЭКОЛОГИЧЕСКАЯ ЭКСПЕРТИЗА ПРОЕКТОВ В СТРОИТЕЛЬСТВЕ. -------------------------------------------------- Дата проведения: 22 - 23 октября 2012 г. Место проведения: г. Санкт - Петербург Центр обучения: (812) 642-02-93 Краткий план конференции: 1. Нормативно-правовые акты, регламентирующие проведение экологической экспертизы. 2. Требования к материалам, предоставляемым на государственную экологическую экспертизу. 3. Оценка воздействия на окружающую среду (ОВОС) на стадии обосновании инвестиций в строительство. 4. Экологическая экспертиза проектов по организации особоохраняемых территорий. 5. Требования санитарно-эпидемиологического и экологического законодательства, предъявляемые к проектной документации. 6. Правовые основы охраны окружающей среды при осуществлении градостроительной деятельности. 7. Ответственность за нарушение законодательства РФ об экологической экспертизе. Более подробную информацию вы сможете узнать по телефону: (812) 642-02-93 С уважением, Ягодкинa Надежда Леонидовна менеджер информационного отдела From eugen at leitl.org Tue Oct 9 09:32:30 2012 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 9 Oct 2012 18:32:30 +0200 Subject: [liberationtech] best practices - roundup Message-ID: <20121009163230.GA9750@leitl.org> ----- Forwarded message from Katy P ----- From 47cecbbf.5070603 at greystone.com Tue Oct 9 10:54:22 2012 From: 47cecbbf.5070603 at greystone.com (=?koi8-r?B?IvDSwdfP18HRIM/Tzs/XwSDcy8/Mz8fJ3sXTy8/KINzL09DF0tTJ2g==?= =?koi8-r?B?2S4i?=) Date: Tue, 9 Oct 2012 18:54:22 +0100 Subject: =?koi8-r?B?/MvPzM/Hyd7F08vPxSDQ0sHXzyDXINPU0s/J1MXM2NPU18U=?= Message-ID: <01cda64f$7e960300$2964deb2@47cecbbf.5070603> Ведущему инженеру экологу В последнее время во всем цивилизованном мире все больше внимания уделяется вопросам эффективности экологического контроля и управления, где важное место занимает соблюдение природоохранных норм и правил на всех стадиях реализации того или иного проекта. Приглашаем Вас на КОНФЕРЕНЦИЮ, рассматривающую последние изменения в законодательстве РФ в области экологического права в строительстве ЭКОЛОГИЧЕСКАЯ ЭКСПЕРТИЗА ПРОЕКТОВ В СТРОИТЕЛЬСТВЕ. -------------------------------------------------- Дата проведения: 22 - 23 октября 2012 г. Место проведения: г. Санкт - Петербург Центр обучения: (812) 642-02-93 Краткий план конференции: 1. Нормативно-правовые акты, регламентирующие проведение экологической экспертизы. 2. Требования к материалам, предоставляемым на государственную экологическую экспертизу. 3. Оценка воздействия на окружающую среду (ОВОС) на стадии обосновании инвестиций в строительство. 4. Экологическая экспертиза проектов по организации особоохраняемых территорий. 5. Требования санитарно-эпидемиологического и экологического законодательства, предъявляемые к проектной документации. 6. Правовые основы охраны окружающей среды при осуществлении градостроительной деятельности. 7. Ответственность за нарушение законодательства РФ об экологической экспертизе. Более подробную информацию вы сможете узнать по телефону: (812) 642-02-93 С уважением, Ягодкинa Надежда Леонидовна менеджер информационного отдела From eugen at leitl.org Tue Oct 9 11:25:44 2012 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 9 Oct 2012 20:25:44 +0200 Subject: [tahoe-dev] Tahoe-LAFS Weekly Dev Chat, 2012-10-09 (was: Tahoe-LAFS Weekly Dev Chat, 2012-10-02) Message-ID: <20121009182544.GF9750@leitl.org> ----- Forwarded message from Zooko Wilcox-O'Hearn ----- From bluemoon at amigo.net Tue Oct 9 07:16:41 2012 From: bluemoon at amigo.net (=?koi8-r?B?IuvPzsbF0sXOw8nRICL8y8/Mz8fJ3sXTy8HRINzL09DF0tTJ2sEiIg==?= =?koi8-r?B?A===?=) Date: Tue, 9 Oct 2012 23:16:41 +0900 Subject: =?koi8-r?B?/MvPzM/Hyd7F08vPxSDQ0sHXzyDXINPU0s/J1MXM2NPU18U=?= Message-ID: <01cda674$23c2d280$3b4a5ddc@bluemoon> Ведущему инженеру экологу В последнее время во всем цивилизованном мире все больше внимания уделяется вопросам эффективности экологического контроля и управления, где важное место занимает соблюдение природоохранных норм и правил на всех стадиях реализации того или иного проекта. Приглашаем Вас на КОНФЕРЕНЦИЮ, рассматривающую последние изменения в законодательстве РФ в области экологического права в строительстве ЭКОЛОГИЧЕСКАЯ ЭКСПЕРТИЗА ПРОЕКТОВ В СТРОИТЕЛЬСТВЕ. -------------------------------------------------- Дата проведения: 22 - 23 октября 2012 г. Место проведения: г. Санкт - Петербург Центр обучения: (812) 642-02-93 Краткий план конференции: 1. Нормативно-правовые акты, регламентирующие проведение экологической экспертизы. 2. Требования к материалам, предоставляемым на государственную экологическую экспертизу. 3. Оценка воздействия на окружающую среду (ОВОС) на стадии обосновании инвестиций в строительство. 4. Экологическая экспертиза проектов по организации особоохраняемых территорий. 5. Требования санитарно-эпидемиологического и экологического законодательства, предъявляемые к проектной документации. 6. Правовые основы охраны окружающей среды при осуществлении градостроительной деятельности. 7. Ответственность за нарушение законодательства РФ об экологической экспертизе. Более подробную информацию вы сможете узнать по телефону: (812) 642-02-93 С уважением, Ягодкинa Надежда Леонидовна менеджер информационного отдела From mk at dee.su Tue Oct 9 14:53:46 2012 From: mk at dee.su (Maxim Kammerer) Date: Tue, 9 Oct 2012 23:53:46 +0200 Subject: [liberationtech] best practices - roundup Message-ID: On Tue, Oct 9, 2012 at 9:03 PM, Lindsay Beck wrote: > Disclosure: TAILS relies on BIOS for operability, and thus can have > challenges functioning on newer computers that utilize UEFI without legacy > support for BIOS. For anyone interested: Liberti Linux already has full UEFI support for all installation types (USB, CD, OVF), and is also the first Linux distribution to use Secure Boot as a trusted boot chain mechanism. -- Maxim Kammerer Liberti Linux: http://dee.su/liberte -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From mk at dee.su Tue Oct 9 15:55:06 2012 From: mk at dee.su (Maxim Kammerer) Date: Wed, 10 Oct 2012 00:55:06 +0200 Subject: [liberationtech] best practices - roundup Message-ID: On Wed, Oct 10, 2012 at 12:16 AM, Jacob Appelbaum wrote: > Exciting and congratulations. Thanks, getting it to work was a real pain. PAX / grsecurity kernel patches had UEFI-related bugs, and the most suitable UEFI signing tool (sbsigntool) lacked support for 32-bit EFI binaries. All of this is now fixed / integrated upstream (sbsigntool is used in Ubuntu, by the way). > What is your plan for Secure Boot related signatures? It seems like a > real pain for a lot of distros and a real pain for users to setup, > especially those without an understanding of cryptography at a high level. LibertC) ships its own Secure Boot certificate, which signs the GRUB bootloader, and the trusted chain continues from there. After experimenting with Secure Boot in OVMF builds, I think that enrolling such a certificate is not difficult b it is not more difficult than changing the order of boot devices in BIOS, for instance (back then before a menu could be invoked by pressing a key). Most controversy about Secure Boot support in Linux one finds online is about making the process completely transparent for users, which requires either using Microsoft-signed binaries (Fedora) / intermediate certificate, or embedding one's keys in firmware (Ubuntu). If you forgo the requirement of complete boot transparency, which I think is reasonable for a special-purpose live distribution, using an own certificate is an obvious choice. -- Maxim Kammerer LibertC) Linux: http://dee.su/liberte -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From brian.umstead at nahi.com Tue Oct 9 09:34:30 2012 From: brian.umstead at nahi.com (=?koi8-r?B?IvfFxNXdycogyc7Wxc7F0iDcy8/Mz8ci?=) Date: Wed, 10 Oct 2012 01:34:30 +0900 Subject: =?koi8-r?B?/MvPzM/Hyd7F08vPxSDQ0sHXzyDXINPU0s/J1MXM2NPU18U=?= Message-ID: <01cda687$64781700$96339a79@brian.umstead> Ведущему инженеру экологу В последнее время во всем цивилизованном мире все больше внимания уделяется вопросам эффективности экологического контроля и управления, где важное место занимает соблюдение природоохранных норм и правил на всех стадиях реализации того или иного проекта. Приглашаем Вас на КОНФЕРЕНЦИЮ, рассматривающую последние изменения в законодательстве РФ в области экологического права в строительстве ЭКОЛОГИЧЕСКАЯ ЭКСПЕРТИЗА ПРОЕКТОВ В СТРОИТЕЛЬСТВЕ. -------------------------------------------------- Дата проведения: 22 - 23 октября 2012 г. Место проведения: г. Санкт - Петербург Центр обучения: (812) 642-02-93 Краткий план конференции: 1. Нормативно-правовые акты, регламентирующие проведение экологической экспертизы. 2. Требования к материалам, предоставляемым на государственную экологическую экспертизу. 3. Оценка воздействия на окружающую среду (ОВОС) на стадии обосновании инвестиций в строительство. 4. Экологическая экспертиза проектов по организации особоохраняемых территорий. 5. Требования санитарно-эпидемиологического и экологического законодательства, предъявляемые к проектной документации. 6. Правовые основы охраны окружающей среды при осуществлении градостроительной деятельности. 7. Ответственность за нарушение законодательства РФ об экологической экспертизе. Более подробную информацию вы сможете узнать по телефону: (812) 642-02-93 С уважением, Ягодкинa Надежда Леонидовна менеджер информационного отдела From r.deibert at utoronto.ca Wed Oct 10 04:05:28 2012 From: r.deibert at utoronto.ca (Ronald Deibert) Date: Wed, 10 Oct 2012 07:05:28 -0400 Subject: [liberationtech] Backdoors are Forever: hacking team and the targeting of dissent Message-ID: Dear Lib Tech Citizen Lab is publishing a new report this morning, "Backdoors are Forever: Hacking Team and the Targeting of Dissent?" In this report, Citizen Lab Security Researcher Morgan Marquis-Boire describes analysis performed on malicious software used to compromise a high profile dissident residing in the United Arab Emirates. The findings indicate that the software is a commercial surveillance backdoor distributed by an Italian company known as Hacking Team. The report also describes the potential involvement of vulnerabilities sold by the French company, VUPEN. Our report is here: https://citizenlab.org/2012/10/backdoors-are-forever-hacking-team-and-the-targeting-of-dissent/ Bloomberg has a detailed news article about the findings and context here: http://www.bloomberg.com/news/2012-10-10/spyware-leaves-trail-to-beaten-activist-through-microsoft-flaw.html Regards Ron Ronald Deibert Director, the Citizen Lab and the Canada Centre for Global Security Studies Munk School of Global Affairs University of Toronto (416) 946-8916 PGP: http://deibert.citizenlab.org/pubkey.txt http://deibert.citizenlab.org/ twitter.com/citizenlab r.deibert at utoronto.ca -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Tue Oct 9 23:29:23 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 10 Oct 2012 08:29:23 +0200 Subject: [liberationtech] Security / reliability of cryptoheaven ? Message-ID: <20121010062923.GJ9750@leitl.org> ----- Forwarded message from D J Capelis ----- From eugen at leitl.org Tue Oct 9 23:40:14 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 10 Oct 2012 08:40:14 +0200 Subject: [liberationtech] best practices - roundup Message-ID: <20121010064014.GP9750@leitl.org> ----- Forwarded message from Maxim Kammerer ----- From eugen at leitl.org Tue Oct 9 23:59:10 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 10 Oct 2012 08:59:10 +0200 Subject: [liberationtech] best practices - roundup Message-ID: <20121010065910.GR9750@leitl.org> ----- Forwarded message from Maxim Kammerer ----- From eugen at leitl.org Wed Oct 10 02:55:51 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 10 Oct 2012 11:55:51 +0200 Subject: hey, anyone from Telecomix here? Message-ID: <20121010095551.GZ9750@leitl.org> Please contact me privately. 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Wed Oct 10 04:15:21 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 10 Oct 2012 13:15:21 +0200 Subject: [liberationtech] Backdoors are Forever: hacking team and the targeting of dissent Message-ID: <20121010111521.GD9750@leitl.org> ----- Forwarded message from Ronald Deibert ----- From hearn at google.com Wed Oct 10 04:47:14 2012 From: hearn at google.com (Mike Hearn) Date: Wed, 10 Oct 2012 13:47:14 +0200 Subject: [tor-talk] TorBirdy doesn't work with Gmail? Message-ID: Hello, I work for Google as TL of the account security system that is blocking your access. Access to Google accounts via Tor (or any anonymizing proxy service) is not allowed unless you have established a track record of using those services beforehand. You have several ways to do that: 1) With Tor active, log in via the web and answer a security quiz, if any is presented. You may need to receive a code on your phone. If you don't have a phone number on the account the access may be denied. 2) Log in via the web without Tor, then activate Tor and log in again WITHOUT clearing cookies. The GAPS cookie on your browser is a large random number that acts as a second factor and will whitelist your access. Once we see that your account has a track record of being successfully accessed via Tor the security checks are relaxed and you should be able to use TorBirdy. Hope that helps, Mike Hearn Google account security team On Thu, Sep 27, 2012 at 5:03 PM, A. Kong wrote: > Hello, > > I lost track of TorBirdy, but today I realised it was complete and > available, although it isn't even mentioned on the main Tor site. > > Gmail works fine when I disable TorBirdy. Which free email > providers > currently allow the use of TorBirdy? > > Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20120827 Thunderbird/15.0 > ID:20120827103323 > _______________________________________________ > tor-talk mailing list > tor-talk at lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > _______________________________________________ tor-talk mailing list tor-talk at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From hearn at google.com Wed Oct 10 06:40:53 2012 From: hearn at google.com (Mike Hearn) Date: Wed, 10 Oct 2012 15:40:53 +0200 Subject: [tor-talk] TorBirdy doesn't work with Gmail? Message-ID: > Your phone messages presumably have a > fixed format and can be logged by the network; drawing attention to Tor > usage is not the goal and I can see that being a serious problem. I think you can also opt to receive a phone call that says something like "Your verification code is 12345". It doesn't mention Google and certainly doesn't mention Tor. But it's been a while since I went through this myself so I don't remember exactly. I should note that this is the worst case scenario. For most users you do NOT have to receive a verification code. We were considering requiring that for all anonymizing proxy users in the past, but did not do so. It's an option we reserve for the future though. For now, answering a security quiz is good enough. Note that you can add a fake phone number to your account (we don't presently verify them) and this acts as a second password, more or less, so as long as it's a number you can remember you can get through ID verification without receiving any phone codes. > I see a cookie called GAPS under accounts.google.com - is this > the only one which needs to persist for authentication to work? Yes, we know that saying "don't clear cookies" rather goes against the advice and design of tools like the browser bundle. Potentially TBB could have some specific hack for Google. The GAPS cookie is the only one that's needed for a login to be recognized as good. It's part of how we propagate goodness around between second factors. Simple example: you log in from an IP address that is nearby to one you previously used (in physical or internet space), and don't have a GAPS cookie. We issued you a new one when you visited the login page. The act of logging in from a good IP whitelists that GAPS cookie. Now you travel and log in from a new country. The IP is unknown but the GAPS cookie you have was seen before. We let you in without hassle because we know that device is legit. Your new IP geo is now whitelisted too. > I believe it would be very much appreciated if your team could provide a > support page with a walk-through for Tor users explaining how to gain > access by the second method I agree. There was actually some work done on this around the time we were considering requiring phone verification for all logins, but I can't find it on our support site now. I think I need to chase that up again. _______________________________________________ tor-talk mailing list tor-talk at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Wed Oct 10 06:41:30 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 10 Oct 2012 15:41:30 +0200 Subject: [tor-talk] TorBirdy doesn't work with Gmail? Message-ID: <20121010134130.GE9750@leitl.org> ----- Forwarded message from Mike Hearn ----- From eugen at leitl.org Wed Oct 10 07:26:59 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 10 Oct 2012 16:26:59 +0200 Subject: [tor-talk] TorBirdy doesn't work with Gmail? Message-ID: <20121010142659.GG9750@leitl.org> ----- Forwarded message from Mike Hearn ----- From ball at sekure.net Wed Oct 10 06:03:08 2012 From: ball at sekure.net (=?koi8-r?B?IuPFztTSINDPxMfP1M/Xy8kg09DFw8nBzMnT1M/XIg==?=) Date: Wed, 10 Oct 2012 18:33:08 +0530 Subject: =?koi8-r?B?8NLB18/X2cUgwdPQxcvU2SDP09XdxdPU18zFzsnRINPU0s/J1MXM2A==?= =?koi8-r?B?zs/HzyDLz87U0s/M0Q==?= Message-ID: <01cda715$b1a2ca00$0adb600e@ball> В отдел кадров Уважаемые коллеги! Приглашаем Вас на курс повышения квалификации, посвященную последним изменениям в области градостроительного законодательства: >ГРАДОСТРОИТЕЛЬНЫЙ КОДЕКС в 2012 году. Экспертиза проектной документации. Строительный контроль. Дата проведения: 29 октября - 01 ноября 2012 года Место проведения: г. Санкт - Петербург Краткая программа конференции: ********************************************************************************************* 1.Основы градостроительного законодательства. 2.Ответственность за нарушения требований законодательства о градостроительной деятельности 3.Правовые аспекты осуществления строительного контроля в строительстве. 4.Общие принципы организации подрядчиком строительного контроля. 5.Содержание строительного контроля подрядчика. 6.Особенности строительного контроля застройщика и осуществления авторского надзора за строительством. 7.Изменившийся правовой статус застройщика и заказчика строительства в условиях нового градостроительного законодательства. 8.Нормативная база деятельности застройщика, технического заказчика. 9.Ввод объекта в эксплуатацию. ****************************************************************** По окончании курса выдается удостоверение государственного образца о повышении квалификации! Более подробную информацию вы сможете узнать по телефону: (8I2) 6Ч2-О2-9З С уважением, Авдеевa Мария Станиславовна менеджер информационного отдела тел.: (8I2) 6Ч2--О2 9З From lacertilian at gmail.com Wed Oct 10 19:22:31 2012 From: lacertilian at gmail.com (Spencer Campbell) Date: Wed, 10 Oct 2012 19:22:31 -0700 (PDT) Subject: [ZS] Re: looking into cjdns Message-ID: On Wednesday, October 10, 2012 8:18:06 AM UTC-7, The Doctor [412/724/301/703] wrote: > It has an implementation of routing (several, actually) but ultimately > it sets up a separate wireless network from the ones we're used to. > My impression is that Byzantium's ad-hoc mesh network would look a whole lot *like *the networks we're used to, though. If it grew big enough. Am I mistaken? Maybe Byzantium doesn't scale the way I've assumed it does, and you'd end up with a sort of "clumpy" situation, where you have less of a global Internet and more of a smattering of smaller imperfectly-connected internets. I guess that's implied by the emphasis on wireless connections -- hard to get WiFi across continents. It seems clear that cjdns is intended to scale to arbitrary sizes. So, the infrastructure goes down and you rely on Byzantium until the new infrastructure (based, perhaps, on cjdns) comes online? Is that the idea? Seems like it'd be more efficient to just give the emergency system the ability to "grow up" into a new status quo. Then I wouldn't have to install a new distro when the post-post-apocalypse rolls around. You have to be practically there already, given that Byzantium interfaces with the contemporary Internet without complaints, yeah? (Thanks for humoring me. I hope my profession of ignorance is less painful for you than it is for me.) -- -- Zero State mailing list: http://groups.google.com/group/DoctrineZero ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From amoody at lighthousegroup.net Wed Oct 10 14:08:46 2012 From: amoody at lighthousegroup.net (=?koi8-r?B?IvLByMnNwSDnydLFxdfBIg==?=) Date: Wed, 10 Oct 2012 22:08:46 +0100 Subject: =?koi8-r?B?7MXHxc7EwdLO2cogzdXa2cvBzNjO2cog09DFy9TBy8zY?= Message-ID: <01cda733$d148eb00$e4755c6d@amoody> САМОЕ ЯРКОЕ СОБЫТИЕ ОСЕННИХ КАНИКУЛ Легендарный музыкальный спектакль "ТРИ МУШКЕТЕРА" Светлана СВЕТИКОВА в роли Констанции Бонасье Эдуард ШУЛЬЖЕВСКИЙ в роли д'Артаньяна Сергей ШУСТИЦКИЙ в роли кардинала Ришелье Авторы мюзикла, Максим ДУНАЕВСКИЙ, Марк РОЗОВСКИЙ и Юрий РЯШЕНЦЕВ благословили возрождение на театральной сцене своего легендарного произведения, полюбившегося в свое время миллионам советских телезрителей. Зрелище получилось очень ярким, легким, динамичным. В спектакле, в котором от первой до последней секунды звучит оригинальный музыкальный материал, приняли участие звезды российских мюзиклов Светлана СВЕТИКОВА, Эдуард ШУЛЬЖЕСКИЙ, Александр МАРАКУЛИН, Антон АРЦЕВ, Петр МАРКИН, Александр ПОСТОЛЕНКО, Мохаммед АБДЕЛЬ ФАТТАХ, Павел МАКСИМОВ, Каринэ АСИРЯН, Роман КАЛЬКАЕВ, а также специально приглашенные актеры: Сергей ШУСТИЦКИЙ, Евгений ВОСКРЕСЕНСКИЙ и Татьяна АБРАМОВА. Великолепное живое исполнение этих легендарных песен, искрометный юмор, драма, любовь, отточенные поединки на шпагах, акробатические трюки, незабываемые танцевальные номера, яркие костюмы и декорации заставят рукоплескать и восхищаться зрителей любого возраста, и поэтому мюзикл ╚Три мушкетера╩ - это настоящий ПРАЗДНИК для всей семьи. Представление мюзикла "ТРИ МУШКЕТЕРА" состоится 4 ноября в Театре Киноактера (Адрес зала - ул. Поварская, д. 33. Проезд - ст. м. "Смоленская", "Краснопресненская", "Баррикадная") Начало в 19.00 Справки, заказ и доставка билетов: (499) 340-71_51 Внимание АКЦИЯ: Билеты этот спектакль в кассах города с 30%-ной скидкой!!! Спрашивайте в кассах МДТЗК! From a.fofo at abc-systemes.com Wed Oct 10 06:38:29 2012 From: a.fofo at abc-systemes.com (=?koi8-r?B?IunM2NEi?=) Date: Wed, 10 Oct 2012 22:38:29 +0900 Subject: =?koi8-r?B?8NLJx8zB28HFzSDXINTFwdTS?= Message-ID: <01cda737$f8092080$08ff897d@a.fofo> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 313 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Type: image/jpeg Size: 80911 bytes Desc: not available URL: From nickm at torproject.org Wed Oct 10 20:46:19 2012 From: nickm at torproject.org (Nick Mathewson) Date: Wed, 10 Oct 2012 23:46:19 -0400 Subject: [tor-dev] Proposal 206: Preconfigured directory sources for bootstrapping Message-ID: Filename: 206-directory-sources.txt Title: Preconfigured directory sources for bootstrapping Author: Nick Mathewson Created: 10-Oct-2012 Status: Open Target: 0.2.4.x Motivation and History: We've long wanted a way for clients to do their initial bootstrapping not from the directory authorities, but from some other set of nodes expected to probably be up when future clients are starting. We tried to solve this a while ago by adding a feature where we could ship a 'fallback' networkstatus file -- one that would get parsed when we had no current networkstatus file, and which we would use to learn about possible directory sources. But we couldn't actually use it, since it turns out that a randomly chosen list of directory caches from 4-5 months ago is a terrible place to go when bootstrapping. Then for a while we considered an "Extra-Stable" flag so that clients could use only nodes with a long history of existence from these fallback networkstatus files. We never built it, though. Instead, we can do this so much more simply. If we want to ship Tor with a list of initial locations to go for directory information, why not just do so? Proposal: In the same way that Tor currently ships with a list of directory authorities, Tor should also ship with a list of directory sources -- places to go for an initial consensus if you don't have a somewhat recent one. These need to include an address for the cache's ORPort, and its identity key. Additionally, they should include a selection weight. They can be configured with a torrc option, just like directory authorities are now. Whenever Tor is starting without a consensus, if it would currently ask a directory authority for a consensus, it should instead ask one of these preconfigured directory sources. I have code for this (see git branch fallback_dirsource_v2) in my public repository. When we deploy this, we can (and should) rip out the Fallback Networkstatus File logic. How to find nodes to make into directory sources: We could take any of three approaches for selecting these initial directory sources. First, we could try to vet them a little, with a light variant of the process we use for authorities. We'd want to look for nodes where we knew the operators, verify that they were okay with keeping the same IP for a very long time, and so forth. Second, we could try to pick nodes for listing with each Tor release based entirely on how long those nodes have been up. Anything that's been a high-reliability directory for a long time on the same IP (like, say, a year) could be a good choice. Third, we could blend the approach and start by looking for up-for-a-long-time nodes, and then also ask the operators whether their nodes are likely to stay running for a long time. I think the third model is best. Some notes on security: Directory source nodes have an opportunity to learn about new users connecting to the network for the first time. Once we have directory guards, that's going to be a fairly uncommon ability. We should be careful in any directory guard design to make sure that we don't fall back to the directory sources any more than we need to. See proposal 207. _______________________________________________ tor-dev mailing list tor-dev at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From nickm at torproject.org Wed Oct 10 20:46:51 2012 From: nickm at torproject.org (Nick Mathewson) Date: Wed, 10 Oct 2012 23:46:51 -0400 Subject: [tor-dev] Proposal 207: Directory guards Message-ID: Filename: 207-directory-guards.txt Title: Directory guards Author: Nick Mathewson Created: 10-Oct-2012 Status: Open Target: 0.2.4.x Motivation: When we added guard nodes to resist profiling attacks, we made it so that clients won't build general-purpose circuits through just any node. But clients don't use their guard nodes when downloading general-purpose directory information from the Tor network. This allows a directory cache, over time, to learn a large number of IPs for non-bridge-using users of the Tor network. Proposal: In the same way as they currently pick guard nodes as needed, adding more guards as those nodes are down, clients should also pick a small-ish set of directory guard nodes, to persist in Tor's state file. Clients should not pick their own guards as directory guards, or pick their directory guards as regular guards. When downloading a regular directory object (that is, not a hidden service descriptor), clients should prefer their directory guards first. Then they should try more directories from a recent consensus (if they have one) and pick one of those as a new guard if the existing guards are down and a new one is up. Failing that, they should fall back to a directory authority (or a directory source, if those get implemented-- see proposal 206). If a client has only one directory guard running, they should add new guards and try them, and then use their directory guards to fetch multiple descriptors in parallel. Discussion: The rule that the set of guards and the set of directory guards need to be disjoint, and the rule that multiple directory guards need to be providing descriptors, are both attempts to make it harder for a single node to capture a route. Open questions and notes: What properties does a node need to be a suitable directory guard? If we require that it have the Guard flag, we'll lose some nodes: only 74% of the directory caches have it (weighted by bandwidth). We may want to tune the algorithm used to update guards. For future-proofing, we may want to have the DirCache flag from 185 be the one that nodes must have in order to be directory guards. For now, we could have authorities set it to Guard && DirPort!=0, with a better algorithm to follow. Authorities should never get the DirCache flag. _______________________________________________ tor-dev mailing list tor-dev at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From nickm at torproject.org Wed Oct 10 20:47:37 2012 From: nickm at torproject.org (Nick Mathewson) Date: Wed, 10 Oct 2012 23:47:37 -0400 Subject: [tor-dev] Proposal 208: IPv6 Exits Redux Message-ID: Filename: 208-ipv6-exits-redux.txt Title: IPv6 Exits Redux Author: Nick Mathewson Created: 10-Oct-2012 Status: Open Target: 0.2.4.x 1. Obligatory Motivation Section [Insert motivations for IPv6 here. Mention IPv4 address exhaustion. Insert official timeline for official IPv6 adoption here. Insert general desirability of being able to connect to whatever address there is here. Insert profession of firm conviction that eventually there will be something somebody wants to connect to which requires the ability to connect to an IPv6 address.] 2. Proposal Proposal 117 has been there since coderman wrote it in 2007, and it's still mostly right. Rather than replicate it in full, I'll describe this proposal as a patch to it. 2.1. Exit policies Rather than specify IPv6 policies in full, we should move (as we have been moving with IPv4 addresses) to summaries of which IPv6 ports are generally permitted. So let's allow server descriptors to include a list of accepted IPv6 ports, using the same format as the "p" line in microdescriptors, using the "ipv6-policy" keyword. "ipv6-policy" SP ("accept" / "reject") SP PortList NL Exits should still, of course, be able to configure more complex policies, but they should no longer need to tell the whole world about them. After this ipv6-policy line is validated, it should get copied into a "p6" line in microdescriptors. This change breaks the existing exit enclave idea for IPv6, but the exiting exit enclave implementation never worked right in the first place. If we can come up with a good way to support it, we can add that back in. 2.2. Which addresses should we connect to? One issue that's tripped us up a few times is how to decide whether we can use IPv6 addresses. You can't use them with SOCKS4 or SOCKS4a, IIUC. With SOCKS5, there's no way to indicate that you prefer IPv4 or IPv6. It's possible that some SOCKS5 users won't understand IPv6 addresses. With this in mind, I'm going to suggest that with SOCKS4 or SOCKS4a, clients should always require IPv4. With SOCKS5, clients should accept IPv6. If it proves necessary, we can also add per-SOCKSPort configuration flags to override the above default behavior. See also partitioning discussion in Security Notes below. 2.3. Extending BEGIN cells. Prop117 (and the section above) says that clients should prefer one address or another, but doesn't give them a means to tell the exit to do so. Here's one. We define an extension to the BEGIN cell as follows. After the ADDRESS | ':' | PORT | [00] portion, the cell currently contains all [00] bytes. We add a 32-bit flags field, stored as an unsigned 32 bit value, after the [00]. All these flags default to 0, obviously. We define the following flags: bit 1 -- IPv6 okay. We support learning about IPv6 addresses and connecting to IPv6 addresses. 2 -- IPv4 not okay. We don't want to learn about IPv4 addresses or connect to them. 3 -- IPv6 preferred. If there are both IPv4 and IPv6 addresses, we want to connect to the IPv6 one. (By default, we connect to the IPv4 address.) 4..32 -- Reserved. As with so much else, clients should look at the platform version of the exit they're using to see if it supports these flags before sending them. 2.4. Minor changes to proposal 117 GETINFO commands that return an address, and which should return two, should not in fact begin returning two addresses separated by CRLF. They should retain their current behavior, and there should be a new "all my addresses" GETINFO target. 3. Security notes: Letting clients signal that they want or will accept IPv6 addresses creates two partitioning issues that didn't exist before. One is the version partitioning issue: anybody who supports IPv6 addresses is obviously running the new software. Another is option partitioning: anybody who is using a SOCKS4a application will look different from somebody who is using a SOCKS5 application. We can't do much about version partitioning, I think. If we felt especially clever, we could have a flag day. Is that necessary? For option partitioning, are there many applications whose behavior is indistinguishable except that they are sometimes configured to use SOCKS4a and sometimes to use SOCKS5? If so, the answer may well be to persuade as many users as possible to switch those to SOCKS5, so that they get IPv6 support and have a large anonymity set. IPv6 addresses are plentiful, which makes caching them dangerous if you're hoping to avoid tracking over time. (With IPv4 addresses, it's harder to give every user a different IPv4 address for a target hostname with a long TTL, and then accept connections to those IPv4 addresses from different exits over time. With IPv6, it's easy.) This makes proposal 205 especially necessary here. _______________________________________________ tor-dev mailing list tor-dev at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From brian at jibegroup.com Wed Oct 10 08:17:45 2012 From: brian at jibegroup.com (=?koi8-r?B?IvPU0s/J1MXM2M7ZyiDLz87U0s/M2CI=?=) Date: Thu, 11 Oct 2012 00:17:45 +0900 Subject: =?koi8-r?B?8NLB18/X2cUgwdPQxcvU2SDP09XdxdPU18zFzsnRINPU0s/J1MXM2A==?= =?koi8-r?B?zs/HzyDLz87U0s/M0Q==?= Message-ID: <01cda745$d6169a80$241bc377@brian> В отдел кадров Уважаемые коллеги! Приглашаем Вас на курс повышения квалификации, посвященную последним изменениям в области градостроительного законодательства: >ГРАДОСТРОИТЕЛЬНЫЙ КОДЕКС в 2012 году. Экспертиза проектной документации. Строительный контроль. Дата проведения: 29 октября - 01 ноября 2012 года Место проведения: г. Санкт - Петербург Краткая программа конференции: ------------------------------------------------------------------------------------------------ 1.Основы градостроительного законодательства. 2.Ответственность за нарушения требований законодательства о градостроительной деятельности 3.Правовые аспекты осуществления строительного контроля в строительстве. 4.Общие принципы организации подрядчиком строительного контроля. 5.Содержание строительного контроля подрядчика. 6.Особенности строительного контроля застройщика и осуществления авторского надзора за строительством. 7.Изменившийся правовой статус застройщика и заказчика строительства в условиях нового градостроительного законодательства. 8.Нормативная база деятельности застройщика, технического заказчика. 9.Ввод объекта в эксплуатацию. ***************** По окончании курса выдается удостоверение государственного образца о повышении квалификации! Более подробную информацию вы сможете узнать по телефону: (8I2) 6Ч2-О2-9З С уважением, Авдеевa Мария Станиславовна менеджер информационного отдела тел.: (8I2) 6Ч2_О2..9З From aonasch at grlaw.com Wed Oct 10 09:19:42 2012 From: aonasch at grlaw.com (=?koi8-r?B?IuvV0tMgIufSwcTP09TSz8nUxczYztnKIMvPxMXL0yIi?=) Date: Thu, 11 Oct 2012 01:19:42 +0900 Subject: =?koi8-r?B?59LBxM/T1NLPydTFzNjO2cogy8/ExcvT?= Message-ID: <01cda74e$7d97cb00$6ab230d3@aonasch> В отдел кадров Уважаемые коллеги! Приглашаем Вас на курс повышения квалификации, посвященную последним изменениям в области градостроительного законодательства: >ГРАДОСТРОИТЕЛЬНЫЙ КОДЕКС в 2012 году. Экспертиза проектной документации. Строительный контроль. Дата проведения: 29 октября - 01 ноября 2012 года Место проведения: г. Санкт - Петербург Краткая программа конференции: ********************************************************************** 1.Основы градостроительного законодательства. 2.Ответственность за нарушения требований законодательства о градостроительной деятельности 3.Правовые аспекты осуществления строительного контроля в строительстве. 4.Общие принципы организации подрядчиком строительного контроля. 5.Содержание строительного контроля подрядчика. 6.Особенности строительного контроля застройщика и осуществления авторского надзора за строительством. 7.Изменившийся правовой статус застройщика и заказчика строительства в условиях нового градостроительного законодательства. 8.Нормативная база деятельности застройщика, технического заказчика. 9.Ввод объекта в эксплуатацию. --------------------------------------------------------- По окончании курса выдается удостоверение государственного образца о повышении квалификации! Более подробную информацию вы сможете узнать по телефону: (8I2) 6Ч2-О2-9З С уважением, Авдеевa Мария Станиславовна менеджер информационного отдела тел.: (8I2) 6Ч2__О2...9З From mikeperry at torproject.org Thu Oct 11 02:20:57 2012 From: mikeperry at torproject.org (Mike Perry) Date: Thu, 11 Oct 2012 02:20:57 -0700 Subject: [tor-dev] Proposal: Tuning the Parameters for the Path Bias Defense Message-ID: Also exists at https://gitweb.torproject.org/user/mikeperry/torspec.git/blob/path-bias-tuning:/proposals/xxx-path-bias-tuning.txt -------------------------------------------------------------------- Title: Tuning the Parameters for the Path Bias Defense Author: Mike Perry Created: 01-10-2012 Status: Open Target: 0.2.4.x+ Overview This proposal describes how we can use the results of simulations in combination with network scans to set reasonable limits for the Path Bias defense, which causes clients to be informed about and ideally rotate away from Guards that provide extremely low circuit success rates. Motivation The Path Bias defense is designed to defend against a type of route capture where malicious Guard nodes deliberately fail circuits that extend to non-colluding Exit nodes to maximize their network utilization in favor of carrying only compromised traffic. This attack was explored in the academic literature in [1], and a variant involving cryptographic tagging was posted to tor-dev[2] in March. In the extreme, the attack allows an adversary that carries c/n of the network capacity to deanonymize c/n of the network connections, breaking the O((c/n)^2) property of Tor's original threat model. Design Description The Path Bias defense is a client-side accounting mechanism in Tor that tracks the circuit failure rate for each of the client's guards. Clients maintain two integers for each of their guards: a count of the number of times a circuit was extended at least one hop through that guard, and a count of the number of circuits that successfully complete through that guard. The ratio of these two numbers is used to determine a circuit success rate for that Guard. The system should issue a notice log message when Guard success rate falls below 70%, a warn when Guard success rate falls below 50%, and should drop the Guard when the success rate falls below 30%. To ensure correctness, checks are performed to ensure that we do not count successes without also counting the first hop. Similarly, to provide a moving average of recent Guard activity while still preserving the ability to ensure correctness, we "scale" the success counts by an integer divisor (currently 2) when the counts exceed the moving average window (300) and when the division does not produce integer truncation. No log messages should be displayed, nor should any Guard be dropped until it has completed at least 150 first hops (inclusive). Analysis: Simulation To test the defense in the face of various types of malicious and non-malicious Guard behavior, I wrote a simulation program in Python[3]. The simulation confirmed that without any defense, an adversary that provides c/n of the network capacity is able to observe c/n of the network flows using circuit failure attacks. It also showed that with the defense, an adversary that wishes to evade detection has compromise rates bounded by: P(compromise) <= (c/n)^2 * (100/CUTOFF_PERCENT) circs_per_client <= circuit_attempts*(c/n) In this way, the defense restores the O((c/n)^2) compromise property, but unfortunately only over long periods of time (see Security Considerations below). The spread between the cutoff values and the normal rate of circuit success has a substantial effect on false positives. From the simulation's results, the sweet spot for the size of this spread appears to be 10%. In other words, we want to set the cutoffs such that they are 10% below the success rate we expect to see in normal usage. The simulation also demonstrates that larger "scaling window" sizes reduce false positives for instances where non-malicious guards experience some ambient rate of circuit failure. Analysis: Live Scan Preliminary Guard node scanning using the txtorcon circuit scanner[4] shows normal circuit completion rates between 80-90% for most Guard nodes. However, it also showed that CPU overload conditions can easily push success rates as low as 45%. Even more concerning is that for a brief period during the live scan, success rates dropped to 50-60% network-wide (regardless of Guard node choice). Based on these results, the notice condition should be 70%, the warn condition should be 50%, and the drop condition should be 30%. Future Analysis: Deployed Clients It's my belief that further analysis should be done by deploying loglines for all three thresholds in clients in the live network to utilize user reports on how often high rates of circuit failure are seen before we deploy changes to rotate away from failing Guards. I believe these log lines should be deployed in 0.2.3.x clients, to maximize the exposure of the code to varying network conditions, so that we have enough data to consider deploying the Guard-dropping cutoff in 0.2.4.x. Security Considerations While the scaling window does provide freshness and can help mitigate "bait-and-switch" attacks, it also creates the possibility of conditions where clients can be forced off their Guards due to temporary network-wide CPU DoS. This provides another reason beyond false positive concerns to set the scaling window as large as is reasonable. A DoS directed at specific Guard nodes is unlikely to allow an adversary to cause clients to rotate away from that Guard, because it is unlikely that the DoS can be precise enough to allow first hops to that Guard to succeed, but also cause extends to fail. This leaves network-wide DoS as the primary vector for influencing clients. Simulation results show that in order to cause clients to rotate away from a Guard node that previously succeeded 80% of its circuits, an adversary would need to induce a 25% success rate for around 350 circuit attempts before the client would reject it, or a 5% success rate for around 215 attempts, both using a scaling window of 300 circuits. Assuming one circuit per Guard per 10 minutes of active client activity, this is a sustained network-wide DoS attack of 60 hours for the 25% case, or 38 hours for the 5% case. Presumably this is enough time for the directory authorities to respond by altering the pb_disablepct consensus parameter before clients rotate, especially given that most clients are not active for even 38 hours on end, and will tend to stop building circuits while idle. If we raised the scaling window to 500 circuits, it would require 1050 circuits if the DoS brought circuit success down to 25% (175 hours), and 415 circuits if the DoS brought the circuit success down to 5% (69 hours). The tradeoff, though, is that larger scaling window values allow Guard nodes to compromise clients for duty cycles of around the size of this window (up to the (c/n)^2 * 100/CUTOFF_PERCENT limit in aggregate), so we do have to find balance between these concerns. Implementation Notes: Log Messages Log messages need to be chosen with care to avoid alarming users. I suggest: Notice: "Your Guard %s is failing more circuits than usual. Most likely this means the Tor network is overloaded. Success counts are %d/%d." Warn: "Your Guard %s is failing a very large amount of circuits. Most likely this means the Tor network is overloaded, but it could also mean an attack against you or potentially the Guard itself. Success counts are %d/%d." Drop: "Your Guard %s is failing an extremely large amount of circuits. [Tor has disabled use of this Guard.] Success counts are %d/%d." The second piece of the Drop message would not be present in 0.2.3.x, since the Guard won't actually be dropped. Implementation Notes: Consensus Parameters The following consensus parameters reflect the constants listed in the proposal. These parameters should also be available for override in torrc. pb_mincircs=150 The minimum number of first hops before we log or drop Guards. pb_noticepct=70 The threshold of circuit success below which we display a notice. pb_warnpct=50 The threshold of circuit success below which we display a warn. pb_disablepct=30 The threshold of circuit success below which we disable the guard. pb_scalecircs=300 The number of first hops at which we scale the counts down. pb_scalefactor=2 The integer divisor by which we scale. 1. http://freehaven.net/anonbib/cache/ccs07-doa.pdf 2. https://lists.torproject.org/pipermail/tor-dev/2012-March/003347.html 3. https://gitweb.torproject.org/torflow.git/tree/HEAD:/CircuitAnalysis/PathBias 4. https://github.com/meejah/txtorcon/blob/exit_scanner/apps/exit_scanner/failure-rate-scanner.py -- Mike Perry _______________________________________________ tor-dev mailing list tor-dev at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From mikeperry at torproject.org Thu Oct 11 02:32:14 2012 From: mikeperry at torproject.org (Mike Perry) Date: Thu, 11 Oct 2012 02:32:14 -0700 Subject: [tor-dev] Proposal: Faster Headless Consensus Bootstrapping Message-ID: Also at: https://gitweb.torproject.org/user/mikeperry/torspec.git/blob/consensus-bootstrap:/proposals/xxx-faster-headless-consensus-bootstrap.txt ------------------------------------------------------------------------- Title: Faster Headless Consensus Bootstrapping Author: Mike Perry Created: 01-10-2012 Status: Open Target: 0.2.4.x+ Overview and Motiviation This proposal describes a way for clients to fetch the initial consensus more quickly in situations where some or all of the directory authorities are unreachable. This proposal is meant to describe a solution for bug #4483. Design: Bootstrap Process Changes The core idea is to attempt to establish bootstrap connections in parallel during the bootstrap process, and download the consensus from the first connection that completes. Connection attempts will be done in batches of three. Only one connection will be performed to one of the canonical directory authorities. Two connections will be performed to randomly chosen hard coded directory mirrors. If no connections complete within 5 seconds, another batch of three connections will be launched. Otherwise, the first connection to complete will be used to download the consensus document and the others will be closed, after which bootstrapping will proceed as normal. If at any time, the total outstanding bootstrap connection attempts exceeds 15, no new connection attempts are to be launched until existing connection attempts experience full timeout. Design: Fallback Dir Mirror Selection The set of hard coded directory mirrors from #572 shall be chosen using the 100 Guard nodes with the longest uptime. The fallback weights will be set using each mirror's fraction of consensus bandwidth out of the total of all 100 mirrors. This list of fallback dir mirrors should be updated with every major Tor release. In future releases, the number of dir mirrors should be set at 20% of the current Guard nodes, rather than fixed at 100. Performance: Additional Load with Current Parameter Choices This design and the connection count parameters were chosen such that no additional bandwidth load would be placed on the directory authorities. In fact, the directory authorities should experience less load, because they will not need to serve the consensus document for a connection in the event that one of the directory mirrors complete their connection before the directory authority does. However, the scheme does place additional TLS connection load on the fallback dir mirrors. Because bootstrapping is rare and all but one of the TLS connections will be very short-lived and unused, this should not be a substantial issue. The dangerous case is in the event of a prolonged consensus failure that induces all clients to enter into the bootstrap process. In this case, the number of initial TLS connections to the fallback dir mirrors would be 2*C/100, or 10,000 for C=500,000 users. If no connections complete before the five retries, this could reach as high as 50,000 connection attempts, but this is extremely unlikely to happen in full aggregate. However, in the no-consensus scenario today, the directory authorities would already experience C/9 or 55,555 connection attempts. The 5-retry scheme increases their total maximum load to about 275,000 connection attempts, but again this is unlikely to be reached in aggregate. Additionally, with this scheme, even if the dirauths are taken down by this load, the dir mirrors should be able to survive it. Implementation Notes: Code Modifications The implementation of the bootstrap process is unfortunately mixed in with many types of directory activity. The process starts in update_consensus_networkstatus_downloads(), which initiates a single directory connection through directory_get_from_dirserver(). Depending on bootstrap state, a single directory server is selected and a connection is eventually made through directory_initiate_command_rend(). There appear to be a few options for altering this code to perform multiple connections. Without refactoring, one approach would be to make multiple calls to directory_initiate_command_routerstatus() from directory_get_from_dirserver() if the purpose is DIR_PURPOSE_FETCH_CONSENSUS and the only directory servers available are the authorities and the fallback dir mirrors. The code in directory_initiate_command_rend() would then need to be altered to maintain a list of the dircons created for this purpose as well as avoid immediately queuing the directory_send_command() request for the DIR_PURPOSE_FETCH_CONSENSUS purpose. A flag would need to be set on the dircon to be checked in connection_dir_finished_connecting(). The function connection_dir_finished_connecting() would need to be altered to examine the list of pending dircons, determine if this one is the first to complete, and if so, then call directory_send_command() to download the consensus and close the other pending dircons. An additional timer would need to be installed to re-call update_consensus_networkstatus_downloads() or a related helper after 5 seconds. connection_dir_finished_connecting() would cancel this timer. The helper would check the list of pending connections and ensure it never exceeds 15. -- Mike Perry _______________________________________________ tor-dev mailing list tor-dev at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From mikeperry at torproject.org Thu Oct 11 02:38:44 2012 From: mikeperry at torproject.org (Mike Perry) Date: Thu, 11 Oct 2012 02:38:44 -0700 Subject: [tor-dev] Proposal: Internal Mapaddress for Tor Configuration Testing Message-ID: Also at: https://gitweb.torproject.org/user/mikeperry/torspec.git/blob/mapaddress-check:/proposals/xxx-mapaddress-tor-status.txt --------------------------------------------------------------- Title: Internal Mapaddress for Tor Configuration Testing Author: Mike Perry Created: 08-10-2012 Status: Open Target: 0.2.4.x+ Overview This proposal describes a method by which we can replace the https://check.torproject.org/ testing service with an internal XML document provided by the Tor client. Motivation The Tor Check service is a central point of failure in terms of Tor usability. If it is ever out of sync with the set of exit nodes on the Tor network or down, user experience is degraded considerably. Moreover, the check itself is very time-consuming. Users must wait seconds or more for the result to come back. Worse still, if the user's software *was* in fact misconfigured, the check.torproject.org DNS resolution and request leaks out on to the network. Design Overview The system will have three parts: an internal hard-coded IP address mapping (127.84.111.114:80), a hard-coded mapaddress to a DNS name (selftest.torproject.org:80), and a DirPortFrontPage-style simple HTTP server that serves an XML document for both addresses. Upon receipt of a request to the IP address mapping, the system will create a new 128 bit randomly generated nonce and provide it in the XML document. Requests to http://selftest.torproject.org/ must include a valid, recent nonce as the GET url path. Upon receipt of a valid nonce, it is removed from the list of valid nonces. Nonces are only valid for 60 seconds or until SIGNAL NEWNYM, which ever comes first. The list of pending nonces should not be allowed to grow beyond 10 entries. The timeout period and nonce limit should be configurable in torrc. Design: XML document format for http://127.84.111.114 To avoid the need to localize the message in Tor, Tor will only provide a XML object with connectivity information. Here is an example form: 100 true 4977eb4842c7c59fa5b830ac4da896d9 The tor-bootstrap-percent field represents the results of the Tor client bootstrap status as integer percentages from bootstrap_status_t. The tor-version-current field represents the results of the Tor client consensus version check. If the bootstrap process has not yet downloaded a consensus document, this field will have the value null. The dns-nonce field contains a 128-bit secret, encoded in base16. This field is only present for requests that list the Host: header as 127.84.111.114. Design: XML document format for http://selftest.torproject.org/nonce 100 true true The first two fields are the same as for the IP address version. The dns-nonce-valid field is only true if the Host header matches selftest.torproject.org and the nonce is current and valid. Upon receipt of a valid nonce, that nonce is removed from the list of valid nonces. Design: Request Servicing Care must be taken with the dns-nonce generation and usage, to prevent users from being tracked through leakage of nonce value to application content. While the usage of XML appears to make this impossible due to stricter same-origin policy enforcement than JSON, same-origin enforcement is still fraught with exceptions and loopholes. In particular: Any requests that contain the Origin: header MUST be ignored, as the Origin: header is only included for third party web content (CORS). dns-nonce fields MUST be omitted if the HTTP Host: header does not match the IP address 127.84.111.114. Requests to selftest.torproject.org MUST return false for the dns-nonce-valid field if the HTTP Host: header does not match selftest.torproject.org, regardless of nonce value. Further, requests to selftest.torproject.org MUST validate that 'selftest.torproject.org' was the actual hostname provided to SOCKS4A, and not some alternate address mapping (due to DNS rebinding attacks, for example). Design: Application Usage Applications will use the system in two steps. First, they will make an HTTP request to http://127.84.111.114:80/ over Tor's SOCKS port and parse the resulting XML, if any. If the request at this stage fails, the application should inform the user that either their Tor client is too old, or that it is misconfigured, depending upon the nature of the failure. If the request succeeds and valid XML is returned, the application will record the value of the dns-nonce field, and then perform a second request to http://selftest.torproject.org/nonce_value. If the second request succeeds, and the dns-nonce-valid field is true, the application may inform the user that their Tor settings are valid. If the second request fails, or does not provide the correct dns-nonce, the application will inform the user that their Tor DNS proxy settings are incorrect. If either tor-bootstrap-percent is not 100, or tor-version-current is false, applications may choose to inform the user of these facts using properly localized strings and appropriate UI. Security Considerations XML was chosen over JSON due to the risks of the identifier leaking in a way that could enable websites to track the user[1]. Because there are many exceptions and circumvention techniques to the same-origin policy, we have also opted for strict controls on dns-nonce lifetimes and usage, as well as validation of the Host header and SOCKS4A request hostnames. 1. http://www.hpenterprisesecurity.com/vulncat/en/vulncat/dotnet/javascript_hijacking_vulnerable_framework.html -- Mike Perry _______________________________________________ tor-dev mailing list tor-dev at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From virtualadept at gmail.com Thu Oct 11 07:27:05 2012 From: virtualadept at gmail.com (Bryce Lynch) Date: Thu, 11 Oct 2012 10:27:05 -0400 Subject: [ZS] Re: looking into cjdns Message-ID: On Wed, Oct 10, 2012 at 10:22 PM, Spencer Campbell wrote: > My impression is that Byzantium's ad-hoc mesh network would look a whole lot > like the networks we're used to, though. If it grew big enough. Am I At OSI layers 3 and above, it is. TCP/IP is TCP/IP. At OSI layers 1 and 2, it uses the ad-hoc mode specified by the 802.11 spec rather than infrastructure/managed mode (which is basically a lots of clients/one access point star topology). > mistaken? Maybe Byzantium doesn't scale the way I've assumed it does, and We're not sure how big it scales, to be honest. We're not concerned about how the IP routing algorithm is going to scale - those are well known and understood, and already scale to a couple of hundred nodes if not more. One of the biggest limitations of wi-fi in ad-hoc mode is range - consumer wi-fi is good to a couple of hundred meters at best. The other is that there are vendors out there who are actively hostile to ad-hoc mode - Google among them. At the International Summit for Community Wireless Networks in Barcelona, we wound up doing a presentation on it and found out from a lot of other projects what a serious problem it's been (search terms: "android bug 82"). Now, for what it's worth it doesn't actually take a lot of nodes to cover a lot of space. When we were field testing at CarolinaCon we covered an entire parking lot with a single unmodified node. > you'd end up with a sort of "clumpy" situation, where you have less of a > global Internet and more of a smattering of smaller imperfectly-connected That is correct, and that's pretty much what we expected. That is why our problem space involves emergency first response and infrastructure failures. We need to finish reworking things before we can start planning Battlemesh DC to do a real field test. > internets. I guess that's implied by the emphasis on wireless connections -- > hard to get WiFi across continents. It seems clear that cjdns is intended to > scale to arbitrary sizes. So, the infrastructure goes down and you rely on The thing about cjdns is that it relies upon existing infrastructure, which might be hostile. For example, we know that Bluecoat net.censorship equipment has been blocking the cjdns protocol since April of 2011, and some very interesting intel came out of it. Summarizing the presentation at HOPE 9 that a few of us from Telecomix gave: Bluecoat in California has a processor cluster that is dedicated to analyzing samples of network traffic, generating rules to a) detect and b) block new protocols, and pushes them to every Bluecoat device on the planet after automated unit testing (this is one of the reasons we knew they were lying when they said that they didn't know their boxen were deployed in the Middle East, we watched them push updates to the machines). Total turnaround time from deployment of cjdns to blocking of cjdns: About five minutes. It's not usable from any of the work sites I go to that use Bluecoat gear, either and hasn't been since that time. I have no idea if cjdns is blocked by any other censorship technologies. So, cjdns is useful until the infrastructure decides to make it unusable. > Byzantium until the new infrastructure (based, perhaps, on cjdns) comes > online? Is that the idea? cjdns isn't infrastructure - it's not a switch, a router, a network card, or anything like that. Let's get terminology settled. Byzantium is designed to turn commodity computers into infrastructure; IP routing is performed, packets are forwarded (the Linux kernel is surprisingly good at that), and interfaces are used for the relay of traffic. I don't see why a cjdns net couldn't be bootstrapped on top of a mesh running Byzantium, but I have some concerns about the two routing protocols not being compatible with one another. > Seems like it'd be more efficient to just give the emergency system the > ability to "grow up" into a new status quo. Then I wouldn't have to install That's sort of what we have in mind. :) > a new distro when the post-post-apocalypse rolls around. You have to be > practically there already, given that Byzantium interfaces with the > contemporary Internet without complaints, yeah? Pretty much. That's also one of the reasons we're building application frameworks into Byzantium, so it's possible to run arbitrary servers on top of Byzantium in addition to just pushing packets around. > (Thanks for humoring me. I hope my profession of ignorance is less painful > for you than it is for me.) Don't worry about it. It's not nearly as painful as this was: http://www.washingtoncitypaper.com/blogs/housingcomplex/2012/01/11/meet-the-new-ish-boss-chief-technology-officer-rob-mancini/ -- The Doctor [412/724/301/703] [ZS] https://drwho.virtadpt.net/ "I am everywhere." -- -- Zero State mailing list: http://groups.google.com/group/DoctrineZero ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Thu Oct 11 02:03:36 2012 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 11 Oct 2012 11:03:36 +0200 Subject: [ZS] Re: looking into cjdns Message-ID: <20121011090336.GY9750@leitl.org> ----- Forwarded message from Spencer Campbell ----- From tknchris at gmail.com Thu Oct 11 08:12:07 2012 From: tknchris at gmail.com (chris) Date: Thu, 11 Oct 2012 11:12:07 -0400 Subject: Roy Bates, "Prince Roy" of Sealand, dies at 90. Message-ID: Last I heard sealand was defunct I remember the hosting havenco went dark I thought sealand shutdown too On Oct 11, 2012 10:59 AM, "jamie rishaw" wrote: > +++ > ATH0 > > http://goo.gl/EdN3C [SealandGov.org] > also, > http://www.guardian.co.uk/uk/2012/oct/10/prince-sealand-dies > > -j > -- > "sharp, dry wit and brash in his dealings with contestants." - Forbes > /* - teh jamie. ; uri -> http://about.me/jgr */ > > California Voter? Vote YES on Prop 34. http://YesOn34.org/ > ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Thu Oct 11 02:44:30 2012 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 11 Oct 2012 11:44:30 +0200 Subject: [tor-dev] Proposal: Tuning the Parameters for the Path Bias Defense Message-ID: <20121011094430.GZ9750@leitl.org> ----- Forwarded message from Mike Perry ----- From eugen at leitl.org Thu Oct 11 02:44:34 2012 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 11 Oct 2012 11:44:34 +0200 Subject: [tor-dev] Proposal: Faster Headless Consensus Bootstrapping Message-ID: <20121011094434.GA9750@leitl.org> ----- Forwarded message from Mike Perry ----- From eugen at leitl.org Thu Oct 11 02:44:41 2012 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 11 Oct 2012 11:44:41 +0200 Subject: [tor-dev] Proposal: Internal Mapaddress for Tor Configuration Testing Message-ID: <20121011094441.GB9750@leitl.org> ----- Forwarded message from Mike Perry ----- From moxie at thoughtcrime.org Thu Oct 11 11:46:49 2012 From: moxie at thoughtcrime.org (Moxie Marlinspike) Date: Thu, 11 Oct 2012 11:46:49 -0700 Subject: [liberationtech] Silent Circle Dangerous to Cryptography Software Development Message-ID: On 10/11/2012 11:24 AM, Nadim Kobeissi wrote: >> Zimmerman stated that servers are located in Canada to avoid US >> subpoenas (not a lawyer, not sure what's that worth in the end). > > His entire IP block is connected to servers in the United States. I > am very skeptical of that claim. Furthermore, this is nonsense; the > issue isn't being protected against *one* country's subpoena, it's > being protected against *any* subpoena. This is also not going to be technically possible in a mature product. If all servers were located in Canada, that would mean two people having an encrypted conversation in Europe would have an additional 300ms latency added to their call. Getting low-latency audio working on many mobile platforms is extremely difficult, even when you don't have the network working against you. - moxie -- http://www.thoughtcrime.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From christopher at christopher-parsons.com Thu Oct 11 11:50:45 2012 From: christopher at christopher-parsons.com (Christopher Parsons) Date: Thu, 11 Oct 2012 11:50:45 -0700 Subject: [liberationtech] Silent Circle Dangerous to Cryptography Software Development Message-ID: I just wanted to note that hosting things in Canada isn't inherently, or necessarily, safer than hosting in other countries. Canadian courts are as able as American courts to apply pressure towards 'privacy sensitive' companies, with Hushmail being a good example. I would also note that Canada's lawful access legislation - perhaps on ice now, but something that will likely come back to life at some point - includes a decryption requirement that could have serious implications for companies providing encryption services/encrypting data in transit. A colleague of mine and I have written a piece on those decryption requirements (which is available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2148060) as they would affect cloud services, and it might be of interest to people on this list. Cheers, Chris -- ****************************************** Christopher Parsons Doctoral Candidate Political Science, University of Victoria http://www.christopher-parsons.com ****************************************** > Julian Oliver > 11 October, 2012 11:36 AM > > A chap on Twitter by the name of Eric King wrote that "I don't have a > URL yet > but Phil said yesterday he was releasing the source code." > > In any case, even with the source (including server-side) it is > unclear as to > whether protection is not compromised by this suite. > > With a credit-card payment system the client list is practically a > click away > for any Government client, itself a worry. Having the servers located on > Canadian soil garners little, I think: software in a position like this > configures the distributor under responsibility to the juristiction in > which its > business is registered whilst foreign governments become potential > clients. > > Ultimately software promising this level of privacy needs to reflect > that people > come from differing geo-political contexts. As such both client and > server needs > to be freely distributed and installable such that communities can > then manage > their own communication needs, taking risks within their techno-political > context as they see fit. > > Cheers, > > Nadim Kobeissi > 11 October, 2012 11:24 AM > On 10/11/2012 2:14 PM, Katrin Verclas wrote: >> Having sat for the better part of the day with Phil Zimmerman with activists and journalists in a room, here is what I learned: >> >> On Oct 11, 2012, at 12:15 PM, Nadim Kobeissi wrote: >> >>> On 10/11/2012 12:04 PM, James Losey wrote: >>>> Hi Nadim, >>>> >>>> I largely agree with your assessment of Silent Circle and I offer these >>>> thoughts in an effort to increase my understanding of the issue. The >>>> product is a packaged "solution" clearly targeted towards business >>>> customers focused on corporate privacy. And while the company offeres >>>> regular transparency statements on government requests and strives to >>> Unless hit by a search warrant and a gag order at the same time, or a >>> federal subpoena. >> Zimmerman stated that servers are located in Canada to avoid US subpoenas (not a lawyer, not sure what's that worth in the end). > > His entire IP block is connected to servers in the United States. I am > very skeptical of that claim. Furthermore, this is nonsense; the issue > isn't being protected against *one* country's subpoena, it's being > protected against *any* subpoena. > >> According to the Silent Circle website: >> >> Websites and products that donbt list the people behind the technology or where their servers are located, how the encryption keys are held or even how you can verify that your data is actually encrypted, are typical of the industry and provide only pseudo-security based on a lot of unverifiable trust. >> >> Our secure communications products use bDevice to Device Encryptionb b putting the keys to your security in the palm of your hand (except for Silent Mail, which is configured for PGP Universal and utilizes server side key encryption). We DO NOT have the ability to decrypt your communications across our network and nor will anyone else - ever. > > The closed-source nature of the software makes pushing > government-mandated backdoors incredibly easy and extremely difficult to > detect if done right. This is a tall claim not backed by evidence or the > possibility of review. > >> Silent Phone, Silent Text and Silent Eyes all use peer-to-peer technology and erase the session keys from your device once the call or text is finished. Our servers donbt hold the keysb&you do. Our secure encryption keeps unauthorized people from understanding your transmissions. It keeps criminals, governments, business rivals, neighbors and identity thieves from stealing your data and from destroying your personal or corporate privacy. There are no back doors, nor will there ever be. > > ...unless they're served a court order, in which case Silent Circle will > either implement a backdoor or go to jail, thank you very much. > >> More importantly, Zimmerman noted that Silent Circle code will be made available for audit. >> > > Skype, too, says that its code is available for audit, and then only > lets a single academic audit it via an auditing that they themselves > fund. This is likely PR; I will not be satisfied unless anyone can > audited the code, and the source code is kept updated with every new > release. > >>>> minimize storage of some types of data (and you're right that payment >>>> info is problematic) the company is clearly interested in paying for >>>> privacy assurances and seems less focused on supporting activists. >> According to Zimmerman (who was keenly interested in use cases for activists) will make licenses available to activists at no cost. They have not figured out the process for this yet, but we'll certainly follow up with them. > > This is just really scary -- a piece of closed source, unaudited, > unverifiable software that costs money for corporations, but is free for > activists? > >> Katrin >> >> -- >> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech >> > > NK > -- > Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech > Katrin Verclas > 11 October, 2012 11:14 AM > Having sat for the better part of the day with Phil Zimmerman with activists and journalists in a room, here is what I learned: > > On Oct 11, 2012, at 12:15 PM, Nadim Kobeissi wrote: > >> On 10/11/2012 12:04 PM, James Losey wrote: >>> Hi Nadim, >>> >>> I largely agree with your assessment of Silent Circle and I offer these >>> thoughts in an effort to increase my understanding of the issue. The >>> product is a packaged "solution" clearly targeted towards business >>> customers focused on corporate privacy. And while the company offeres >>> regular transparency statements on government requests and strives to >> Unless hit by a search warrant and a gag order at the same time, or a >> federal subpoena. > > Zimmerman stated that servers are located in Canada to avoid US subpoenas (not a lawyer, not sure what's that worth in the end). > > According to the Silent Circle website: > > Websites and products that donbt list the people behind the technology or where their servers are located, how the encryption keys are held or even how you can verify that your data is actually encrypted, are typical of the industry and provide only pseudo-security based on a lot of unverifiable trust. > > Our secure communications products use bDevice to Device Encryptionb b putting the keys to your security in the palm of your hand (except for Silent Mail, which is configured for PGP Universal and utilizes server side key encryption). We DO NOT have the ability to decrypt your communications across our network and nor will anyone else - ever. Silent Phone, Silent Text and Silent Eyes all use peer-to-peer technology and erase the session keys from your device once the call or text is finished. Our servers donbt hold the keysb&you do. Our secure encryption keeps unauthorized people from understanding your transmissions. It keeps criminals, governments, business rivals, neighbors and identity thieves from stealing your data and from destroying your personal or corporate privacy. There are no back doors, nor will there ever be. > > > More importantly, Zimmerman noted that Silent Circle code will be made available for audit. > > >>> minimize storage of some types of data (and you're right that payment >>> info is problematic) the company is clearly interested in paying for >>> privacy assurances and seems less focused on supporting activists. > > According to Zimmerman (who was keenly interested in use cases for activists) will make licenses available to activists at no cost. They have not figured out the process for this yet, but we'll certainly follow up with them. > > > Katrin > > -- > Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Thu Oct 11 02:50:49 2012 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 11 Oct 2012 11:50:49 +0200 Subject: [tor-dev] Proposal 206: Preconfigured directory sources for bootstrapping Message-ID: <20121011095049.GC9750@leitl.org> ----- Forwarded message from Nick Mathewson ----- From eugen at leitl.org Thu Oct 11 02:50:55 2012 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 11 Oct 2012 11:50:55 +0200 Subject: [tor-dev] Proposal 207: Directory guards Message-ID: <20121011095055.GD9750@leitl.org> ----- Forwarded message from Nick Mathewson ----- From eugen at leitl.org Thu Oct 11 02:51:07 2012 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 11 Oct 2012 11:51:07 +0200 Subject: [tor-dev] Proposal 208: IPv6 Exits Redux Message-ID: <20121011095107.GE9750@leitl.org> ----- Forwarded message from Nick Mathewson ----- From companys at stanford.edu Thu Oct 11 12:27:15 2012 From: companys at stanford.edu (Yosem Companys) Date: Thu, 11 Oct 2012 12:27:15 -0700 Subject: [liberationtech] Silent Circle to publish source code? Message-ID: Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday that Silent Circle (contrary to what you say in your post) will publish source code. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From katrin at mobileactive.org Thu Oct 11 11:14:11 2012 From: katrin at mobileactive.org (Katrin Verclas) Date: Thu, 11 Oct 2012 14:14:11 -0400 Subject: [liberationtech] Silent Circle Dangerous to Cryptography Software Development Message-ID: Having sat for the better part of the day with Phil Zimmerman with activists and journalists in a room, here is what I learned: On Oct 11, 2012, at 12:15 PM, Nadim Kobeissi wrote: > On 10/11/2012 12:04 PM, James Losey wrote: >> Hi Nadim, >> >> I largely agree with your assessment of Silent Circle and I offer these >> thoughts in an effort to increase my understanding of the issue. The >> product is a packaged "solution" clearly targeted towards business >> customers focused on corporate privacy. And while the company offeres >> regular transparency statements on government requests and strives to > > Unless hit by a search warrant and a gag order at the same time, or a > federal subpoena. Zimmerman stated that servers are located in Canada to avoid US subpoenas (not a lawyer, not sure what's that worth in the end). According to the Silent Circle website: Websites and products that donbt list the people behind the technology or where their servers are located, how the encryption keys are held or even how you can verify that your data is actually encrypted, are typical of the industry and provide only pseudo-security based on a lot of unverifiable trust. Our secure communications products use bDevice to Device Encryptionb b putting the keys to your security in the palm of your hand (except for Silent Mail, which is configured for PGP Universal and utilizes server side key encryption). We DO NOT have the ability to decrypt your communications across our network and nor will anyone else - ever. Silent Phone, Silent Text and Silent Eyes all use peer-to-peer technology and erase the session keys from your device once the call or text is finished. Our servers donbt hold the keysb&you do. Our secure encryption keeps unauthorized people from understanding your transmissions. It keeps criminals, governments, business rivals, neighbors and identity thieves from stealing your data and from destroying your personal or corporate privacy. There are no back doors, nor will there ever be. More importantly, Zimmerman noted that Silent Circle code will be made available for audit. > >> minimize storage of some types of data (and you're right that payment >> info is problematic) the company is clearly interested in paying for >> privacy assurances and seems less focused on supporting activists. According to Zimmerman (who was keenly interested in use cases for activists) will make licenses available to activists at no cost. They have not figured out the process for this yet, but we'll certainly follow up with them. Katrin -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From nadim at nadim.cc Thu Oct 11 11:24:54 2012 From: nadim at nadim.cc (Nadim Kobeissi) Date: Thu, 11 Oct 2012 14:24:54 -0400 Subject: [liberationtech] Silent Circle Dangerous to Cryptography Software Development Message-ID: On 10/11/2012 2:14 PM, Katrin Verclas wrote: > Having sat for the better part of the day with Phil Zimmerman with activists and journalists in a room, here is what I learned: > > On Oct 11, 2012, at 12:15 PM, Nadim Kobeissi wrote: > >> On 10/11/2012 12:04 PM, James Losey wrote: >>> Hi Nadim, >>> >>> I largely agree with your assessment of Silent Circle and I offer these >>> thoughts in an effort to increase my understanding of the issue. The >>> product is a packaged "solution" clearly targeted towards business >>> customers focused on corporate privacy. And while the company offeres >>> regular transparency statements on government requests and strives to >> >> Unless hit by a search warrant and a gag order at the same time, or a >> federal subpoena. > > Zimmerman stated that servers are located in Canada to avoid US subpoenas (not a lawyer, not sure what's that worth in the end). His entire IP block is connected to servers in the United States. I am very skeptical of that claim. Furthermore, this is nonsense; the issue isn't being protected against *one* country's subpoena, it's being protected against *any* subpoena. > > According to the Silent Circle website: > > Websites and products that donbt list the people behind the technology or where their servers are located, how the encryption keys are held or even how you can verify that your data is actually encrypted, are typical of the industry and provide only pseudo-security based on a lot of unverifiable trust. > > Our secure communications products use bDevice to Device Encryptionb b putting the keys to your security in the palm of your hand (except for Silent Mail, which is configured for PGP Universal and utilizes server side key encryption). We DO NOT have the ability to decrypt your communications across our network and nor will anyone else - ever. The closed-source nature of the software makes pushing government-mandated backdoors incredibly easy and extremely difficult to detect if done right. This is a tall claim not backed by evidence or the possibility of review. > Silent Phone, Silent Text and Silent Eyes all use peer-to-peer technology and erase the session keys from your device once the call or text is finished. Our servers donbt hold the keysb&you do. Our secure encryption keeps unauthorized people from understanding your transmissions. It keeps criminals, governments, business rivals, neighbors and identity thieves from stealing your data and from destroying your personal or corporate privacy. There are no back doors, nor will there ever be. ...unless they're served a court order, in which case Silent Circle will either implement a backdoor or go to jail, thank you very much. > > > More importantly, Zimmerman noted that Silent Circle code will be made available for audit. > Skype, too, says that its code is available for audit, and then only lets a single academic audit it via an auditing that they themselves fund. This is likely PR; I will not be satisfied unless anyone can audited the code, and the source code is kept updated with every new release. > >> >>> minimize storage of some types of data (and you're right that payment >>> info is problematic) the company is clearly interested in paying for >>> privacy assurances and seems less focused on supporting activists. > > According to Zimmerman (who was keenly interested in use cases for activists) will make licenses available to activists at no cost. They have not figured out the process for this yet, but we'll certainly follow up with them. This is just really scary -- a piece of closed source, unaudited, unverifiable software that costs money for corporations, but is free for activists? > > > Katrin > > -- > Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech > NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From drwho at virtadpt.net Thu Oct 11 12:19:44 2012 From: drwho at virtadpt.net (The Doctor) Date: Thu, 11 Oct 2012 15:19:44 -0400 Subject: [liberationtech] best practices - roundup Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/09/2012 03:03 PM, Lindsay Beck wrote: > Thanks for compiling these resources! Another great tool that is > perfect for traveling is TAILS, which stands for The Amnesiac > Incognito Live System ... For what it's worth, I was traveling OCONUS last week and was using TAILS v0.12.1 installed on a microSD card (the laptop in question was booted from a USB adapter). I'm very impressed with how well it works, and as a general purpose "I need to get stuff done in an untrustworthy environment" it did an excellent job. I've yet to write an article on the specifics because I'm still digging out at work, but when I do I'll get the link out there. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Sing loud! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlB3G9AACgkQO9j/K4B7F8GjiQCgliQdwzjS2GyU2hpk9Jp6GD80 YGMAoO1REt/EEWvjF+UST56XYTCjv0er =zM+i -----END PGP SIGNATURE----- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From telmnstr at 757.org Thu Oct 11 12:59:08 2012 From: telmnstr at 757.org (telmnstr at 757.org) Date: Thu, 11 Oct 2012 15:59:08 -0400 (EDT) Subject: Roy Bates, "Prince Roy" of Sealand, dies at 90. Message-ID: > James Grimmelmann's recent write up is worth reading > http://works.bepress.com/cgi/viewcontent.cgi?article=1035&context=james_grimmelmann > j Octal gave a talk at Defcon or HOPE a few years in a row about Sealand. The last one he spilled the beans on how bad Sealand did. Managerial and customer base wise. IIRC for months the entire internet connection was done over a cell phone at 9600bps or some such. He went into some details about difficulties of the idea (banks won't accept you.) One of the most memorable talks I've seen. - Ethan O'Toole ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Thu Oct 11 07:40:00 2012 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 11 Oct 2012 16:40:00 +0200 Subject: [ZS] Re: looking into cjdns Message-ID: <20121011143959.GO9750@leitl.org> ----- Forwarded message from Bryce Lynch ----- From baileys at ktis.net Thu Oct 11 09:47:40 2012 From: baileys at ktis.net (=?koi8-r?B?IlBh2nBl22XOdWUgzmEgy2HQddRhzNjOb2UgY9Rwb3XUZczYY9TXbw==?= =?koi8-r?B?Ig==?=) Date: Thu, 11 Oct 2012 17:47:40 +0100 Subject: =?koi8-r?B?Q9Rwb3XUZczYY9TXbyBvwt9ly9Rv1yDLYdB11GHM2M5vx28gY9Rwbw==?= =?koi8-r?B?ddRlzNhj1Ndh?= Message-ID: <01cda7d8$8208c600$ae715c6d@baileys> Центp поgготовкu спецuaлuстов по Сaнкт-Петеpбypгy u Ленuнгpagской облaстu ------------------------------------------- B отgел стpоuтельствa u пpоектupовaнuя Bеgyщемy uнженеpy Kaпuтaльное стpоuтельство √ вaжнейшaя отpaсль нapоgного хозяйствa. С нuм непосpеgственно связaны все экономuческuе u соцuaльные пpеобpaзовaнuя в любой стpaне: yлyчшенuе жuлuщных yсловuй, совеpшенствовaнuе технологuu u оpгaнuзaцuu пpоuзвоgствa, обеспечuвaющего объектaмu кyльтypного u коммyнaльного нaзнaченuя. Пpuглaшaем Baс нa KОHФЕPЕHЦИЮ посвященнyю послеgнuм uзмененuям в гpagостpоuтельном коgексе: ================================================================= СTPОИTЕЛЬСTBО И PЕKОHСTPУKЦИЯ ОБЪЕKTОB KAПИTAЛЬHОГО СTPОИTЕЛЬСTBA. Экспеpтuзa пpоектной gокyментaцuu. Стpоuтельный нagзоp. Bвоg объектов в эксплyaтaцuю. Дaтa пpовеgенuя: 06 - 07 ноябpя 2012 г. Место пpовеgенuя: г. Сaнкт - Петеpбypг Центp обyченuя: (8I2) 6Ч2-0Ч-З7 ================================================================= Kpaткaя пpогpaммa конфеpенцuu: 1. Инженеpные uзыскaнuя gля поgготовкu пpоектной gокyментaцuu кaпuтaльного стpоuтельствa. 2. Apхuтектypно-стpоuтельное пpоектupовaнuе. 3. Paзpешенuе нa стpоuтельство. 4. Kagaстpовaя gеятельность по фоpмupовaнuю земельных yчaстков. 5. Стpоuтельный контpоль в пpоцессе стpоuтельствa, кaпuтaльного pемонтa объектов кaпuтaльного стpоuтельствa. 6. Госygapственный стpоuтельный нagзоp. 7. Сaмоpегyлupyющuеся оpгaнuзaцuu в стpоuтельстве. 8. Paзpешенuе нa ввоg объектa в эксплyaтaцuю. 9. Ответственность зa нapyшенuе зaконоgaтельствa о гpagостpоuтельной gеятельностu. -- По вопpосaм yчaстuя обpaщaйтесь по телефонy: (8I2) 6Ч2-0Ч-З7 --- С yвaженuем, Юpковa Светлaнa Степaновнa менеgжеp uнфоpмaцuонного отgелa тел.: (8I2) 6Ч2-0Ч-З7 From eugen at leitl.org Thu Oct 11 09:34:12 2012 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 11 Oct 2012 18:34:12 +0200 Subject: Roy Bates, "Prince Roy" of Sealand, dies at 90. Message-ID: <20121011163412.GS9750@leitl.org> ----- Forwarded message from chris ----- From unknown at pgpru.com Thu Oct 11 12:17:22 2012 From: unknown at pgpru.com (unknown) Date: Thu, 11 Oct 2012 19:17:22 +0000 Subject: [tor-dev] Even more notes on relay-crypto constructions Message-ID: On Tue, 9 Oct 2012 00:28:38 -0400 Nick Mathewson wrote: > So to be concrete, let me suggest a few modes of operation. I believe > I'm competent to implement these: I think (IMHO) Keccak makes many (most?) symmetric encryption modes obsolete in the near future. Now Keccak-Hash is SHA-3 winner. It is not only a hash. Keccak is universal and can be used to authenticated stream encryption with one pass with input any amount of pads and output any amount of additional MACs from one-pass operation (so called duplexing mode). http://sponge.noekeon.org/SpongeDuplex.pdf "Duplexing the sponge: single-pass authenticated encryption and other applications" Guido Bertoni, Joan Daemen, MichaC+l Peeters, and Gilles Van Assche. In this year Keccak will recieve only a hash status officialy. Later we can see many other modes of using Keccak as universal RO-indistinguishable PRF with good security proofs and tons of analysis published already. Some parts of protocols can be done more simply with Keccak: new padding modes for RSA instead of OAEP is one example. Cite: " In a sponge function, the input is like a white page: It does not impose any specio,c structure to it. Additional optional inputs (e.g., key, nonce, personalization data) can be appended or prepended to the input message according to a well-deo,ned convention, possibly under the hood of diversio,cation as proposed in [6, Section bDomain separationb]. K supports all the possible applications of sponge functions and duplex objects described in [6, Chapters bSponge applicationsb and bDuplex applicationsb]. These include hash function, randomized hash function, hash function instance dio,erentiation, slow one-way function, parallel and tree hashing, mask generating function, key derivation function, deterministic random bit generator, reseedable pseudo random bit sequence generator, message authentication code (MAC) function, stream cipher, random-access stream cipher and authenticated encryption. " http://keccak.noekeon.org/Keccak-submission-3.pdf "The Keccak SHA-3 submission" Guido Bertoni, Joan Daemen, Michael Peeters, Gilles Van Asshe Keccak is hardware fast and can be realased in GPU at first. "Keccak Tree hashing on GPU, using Nvidia Cuda API" https://sites.google.com/site/keccaktreegpu/ If NIST adopt many uses Keccak as standards then the most of cryptoinfrastructure migrate to it. Keccak in the future is more then AES today and makes many uses of AES (and any other blockciphers) unnecessary (excluding PRP-modes for disk encryption, but PRF-PRP transformation modes is potentially possible too). _______________________________________________ tor-dev mailing list tor-dev at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From bram.lebo at canadianproject.ca Thu Oct 11 13:23:35 2012 From: bram.lebo at canadianproject.ca (=?koi8-r?B?IvzLY9BlcNR12mEg0HBvZcvUzm/KIGdvy3nNZc7UYcN1dSI=?=) Date: Thu, 11 Oct 2012 21:23:35 +0100 Subject: =?koi8-r?B?Q9Rwb3XUZczYY9TXbyBvwt9ly9Rv1yDLYdB11GHM2M5vx28gY9Rwbw==?= =?koi8-r?B?ddRlzNhj1Ndh?= Message-ID: <01cda7f6$abd0e580$5316714d@bram.lebo> Центp поgготовкu спецuaлuстов по Сaнкт-Петеpбypгy u Ленuнгpagской облaстu ------------------------------------------- B отgел стpоuтельствa u пpоектupовaнuя Bеgyщемy uнженеpy Kaпuтaльное стpоuтельство √ вaжнейшaя отpaсль нapоgного хозяйствa. С нuм непосpеgственно связaны все экономuческuе u соцuaльные пpеобpaзовaнuя в любой стpaне: yлyчшенuе жuлuщных yсловuй, совеpшенствовaнuе технологuu u оpгaнuзaцuu пpоuзвоgствa, обеспечuвaющего объектaмu кyльтypного u коммyнaльного нaзнaченuя. Пpuглaшaем Baс нa KОHФЕPЕHЦИЮ посвященнyю послеgнuм uзмененuям в гpagостpоuтельном коgексе: ================================================================= СTPОИTЕЛЬСTBО И PЕKОHСTPУKЦИЯ ОБЪЕKTОB KAПИTAЛЬHОГО СTPОИTЕЛЬСTBA. Экспеpтuзa пpоектной gокyментaцuu. Стpоuтельный нagзоp. Bвоg объектов в эксплyaтaцuю. Дaтa пpовеgенuя: 06 - 07 ноябpя 2012 г. Место пpовеgенuя: г. Сaнкт - Петеpбypг Центp обyченuя: (8I2) 6Ч2-0Ч-З7 ================================================================= Kpaткaя пpогpaммa конфеpенцuu: 1. Инженеpные uзыскaнuя gля поgготовкu пpоектной gокyментaцuu кaпuтaльного стpоuтельствa. 2. Apхuтектypно-стpоuтельное пpоектupовaнuе. 3. Paзpешенuе нa стpоuтельство. 4. Kagaстpовaя gеятельность по фоpмupовaнuю земельных yчaстков. 5. Стpоuтельный контpоль в пpоцессе стpоuтельствa, кaпuтaльного pемонтa объектов кaпuтaльного стpоuтельствa. 6. Госygapственный стpоuтельный нagзоp. 7. Сaмоpегyлupyющuеся оpгaнuзaцuu в стpоuтельстве. 8. Paзpешенuе нa ввоg объектa в эксплyaтaцuю. 9. Ответственность зa нapyшенuе зaконоgaтельствa о гpagостpоuтельной gеятельностu. -- По вопpосaм yчaстuя обpaщaйтесь по телефонy: (8I2) 6Ч2-0Ч-З7 --- С yвaженuем, Юpковa Светлaнa Степaновнa менеgжеp uнфоpмaцuонного отgелa тел.: (8I2) 6Ч2-0Ч-З7 From SNaslund at medline.com Thu Oct 11 21:27:56 2012 From: SNaslund at medline.com (Naslund, Steve) Date: Thu, 11 Oct 2012 23:27:56 -0500 Subject: best way to create entropy? Message-ID: I know that a popular method for generating random bit streams is to take radio (stellar) noise and convert it into a digital bit stream. Very popular among crypto geeks. Steven Naslund -----Original Message----- From: Dan White [mailto:dwhite at olp.net] Sent: Thursday, October 11, 2012 10:55 PM To: Jonathan Lassoff Cc: North American Network Operators Group Subject: Re: best way to create entropy? On 10/11/12 17:08 -0700, Jonathan Lassoff wrote: >On Thu, Oct 11, 2012 at 5:01 PM, shawn wilson wrote: >> in the past, i've done many different things to create entropy - >> encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a >> kernel. but, what is best? just whatever gets your cpu to peak or are >> some tasks better than others? > >Personally, I've used and recommend this USB stick: >http://www.entropykey.co.uk/ > >Internally, it uses diodes that are reverse-biased just ever so close >to the breakdown voltage such that they randomly flip state back and >forth. +1. -- Dan White ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From annalist at riseup.net Thu Oct 11 15:49:49 2012 From: annalist at riseup.net (Anne Roth) Date: Fri, 12 Oct 2012 00:49:49 +0200 Subject: [liberationtech] One year later: German police unable to develop bstate trojanb Message-ID: http://annalist.noblogs.org/post/2012/10/12/one-year-later-german-police-unable-to-develop-state-trojan/ One year after the Chaos Computer Club found and analysed an illegal trojan virus used by German police, the so-called bstate trojanb, and one year after the German Federal Minister of Justice, Sabine Leutheusser-Schnarrenberger had promised btotal transparency and clarificationb German police still donbt have an alternative to relying on software by private companies for the infiltration of computers. Recent answers of the interior ministry to questions by Jan Korte, MP Left party, clearly state that the ministry one year later is still lacking the capacity to do as promised: to develop a software for lawful interception that complies with a decision by Germanybs Federal Constitutional Court. (The original German document can be downloaded here http://annalist.noblogs.org/files/2012/10/121010_SchriftlichenFragenStaatstrojaner.pdf - no official translation into English yet) The original bstate trojanb by Digitask did far more than what is allowed by German law: "The Chaos Computer Club (CCC) has recently received a newer version of the bStaatstrojanerb, a government spyware. The comparison with the older version, already analyzed by the CCC with the actual Sniffer-code from December 2010, revealed new evidence. Despite the claims of the responsible parties, the Trojan can still be remote-controlled, loaded with any code and also the allegedly brevision-proof loggingb can be manipulated. (CCC, 26 Oct 2011)" Also see "Several German states admit to use of controversial spy software" http://www.dw.de/dw/article/0,,15449054,00.html (Deutsche Welle). The German minister of the Interior, Hans-Peter Friedrich, then promised that the software was going to be produced in-house. The new replies by the ministry prove him wrong: "The software by DigiTask GmbH that was used in the past for computer surveillance (lawful interception) is not currently being used by federal public authorities anymore. The software that will be used for computer surveillance will be developed by a competence centre established within the Federal Criminal Police Office. It will be safeguarded that the source code will be audited regarding its range of functions by qualified experts. It will also be accessible for the relevant authorities for data protection (among others the Federal Commissioner for Data Protection). For the time until the afore mentioned in-house development is completed the Federal Criminal Police Office is preparing a commercial interim solution. The source code of that software has to undergo extensive audits with respect to the demands by the Federal Constitutional Court. (my translation, A.R.)" In a reply to the second question by MP Korte the ministry states that it doesnbt know whether software by DigiTask or other commercial developers designed for lawful interception is being used by state police forces in Germany. Further details are classified and only accessible to MP Korte. The spokesman on domestic policy of Angela Merkels conservative party in parliament, Hans-Peter Uhl, commented: "The development of a software by the Federal Criminal Office is presumably going to take months if not years. We may even have to ruefully admit that we lack the capability completely." -- http://about.me/annalist http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x7689407F942951E2 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From frihetnull at tormail.org Thu Oct 11 18:14:04 2012 From: frihetnull at tormail.org (frihetnull) Date: Fri, 12 Oct 2012 01:14:04 +0000 Subject: [tor-talk] Letter to A at cryptome.org Message-ID: Dearest A, How are you this morning, my dear? With great interest I read your question to dear John Young of Cryptome dated 8 October 2012, published here, http://cryptome.org/2012/10/tor-bradley-mannings.htm. John Young may wish to note that Tor boldly states it is from the US Navy on their Overview page, see https://www.torproject.org/about/overview.html.en. They also boldly state past funding from the US Navy on their sponsors page, see https://www.torproject.org/about/sponsors.html.en. Take a bespectacled gander at "Past Sponsors". And I quote for your reference, "DARPA and ONR via Naval Research Laboratory (2001-2006)". What a curious way to hide an affiliation. Perhaps A should call up "tor management" and ask direct questions. Contact info can be found at https://www.torproject.org/about/contact.html.en. They even list an old-fashioned telephone for direct voice to voice communications. My genitals would quiver with glee if you published this information months before Tor published the information on their website. Andrew Lewman published the financial statements and Dept of Commerce Data Collection Form on Friday, October 5, 2012, see https://lists.torproject.org/pipermail/tor-commits/2012-October/047018.html. Having recovered from a powerful conspriacy-gasm, you clicked links for half of an hour reframing these documents to sound like a fantastic conspiracy of control and puppeteering. You will also note all of these data is easily found, gathered, and published in the name of US Government transparency. The Dept of Commerce Data Collection Form gives you all the source programs one needs to learn to find this information online. You will note very few of such DCF forms are published ever. Why would Tor publish this if for not to create such an easy-to-follow trail? Rather, I think the real conspiracy is that Tor published the documents at all. Plausibly, they did so in the name of transparency and to the horror of their funding organizations. I do so applaud the Tor Project's transparency and commitment to such an ideal. They far outweigh and garner more trust than Wikileaks could ever hope to do. Now if Jacob would with Julian into the Ecuadorian embassy with Julian, the two could bro-code and have endless recursion of bro-love for life. Sadly, my genitals are left wanting for your publishing of such documents means you did not do the faintest bit of work, rather Tor did it all for you. Investigation, my dear, takes time, effort, and disclosure of something the world doesn't already know. Further, your own bro-love slave in Alan Taylor of PGPBOARD (CAPS WERE FUN IN THE 1970s SIR), selectively used copy and paste to reframe your own reframing of said financials and funding for maximal paranoia. You two are aware that Al Gore, nay, DARPA invented the Internet, correct? Your entire means of propagation is due to DARPA research and funding. Imagine the backdoors in TCP, IP, Manchester encoding, and such other protocols on which we rely every day. If you want to recover some higher probability of quivering genitals, publish Tor's 2011 990 before they do. As a former American taxpayer, I do so wish I could direct my taxes towards more projects like Tor. I much rather more Tor and Tor-like projects exist than in lieu of the United States Government spending more money on $22 billion dollar F-22 fighters that cannot fly and are easily copied by the Chinese in 50% of the time for 25% of the cost. If the US Navy and other military branches do wish to spend more money on Tor, I say godspeed sirs. All governments should spend money on Tor. Tor works, unlike smart ships, fancy jets, and other DHS/TSA boondoggles bankrupting what was once a fine society. Freedom sir, is a dish best served to all equally. Thankfully, elements within governments are funding such projects rather than simply funding more fantasies they copied from Metropolis, 1984, Brave New World, Farenheit 451, and Kallocain. I cross posted this letter to tor-talk because I know the Tor Project will publish it unredacted. Unlike sirs John and Alan who selectively edit for maximal conspiracy value. Cheers bretheren, the fight for freedom continues aghast at your apathy and ignorance. Frihet Null _______________________________________________ tor-talk mailing list tor-talk at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From nathan at freitas.net Thu Oct 11 13:31:39 2012 From: nathan at freitas.net (Nathan) Date: Fri, 12 Oct 2012 02:01:39 +0530 Subject: [liberationtech] Silent Circle to publish source code? Message-ID: Here's my prediction: Silent Circle will not fundamentally change anything. It will have no where near the impact that Phil's work on open cryptography standards has. It may be a great niche product for businesses, professional journalist groups and large NGOs looking for a turnkey solution. It will not be relevant for the majority people on the ground in high risk places with state based surveillance. It will not satisfy the most privacy concerned users in "free" countries either. Ultimately it is a *commercial product* aiming to package up complex capabilities into a promise of a tidy easy to use solutions. It is a worthy endeavor but there are many, many people out there trying to go the business route and I don't believe there is actually enough of a market for this to satisfy a venture capitalist or organic revenue to sustain itself. Cryptophone, WaveSecure, Cryptcell, IronKey, ZeroBank, Hushmail are just a few attempted similar efforts. All worthy efforts... but niche and ultimately not having the large impact we all might hope, and perhaps some even doing damage by promoting forked, out of date solutions. I fundamentally believe you can't design a product both for CEOs and revolutionaries. The threat models are entirely different. You can't be all things to all people especially if you are charging 20 USD per user per month, on top of a users existing 3g data plan. +n8fr8 Nadim Kobeissi wrote: >It would have been much nicer to create this thread based on real source >code, instead of a tweet based on word of mouth. We'll see. > >NK > >On 10/11/2012 3:27 PM, Yosem Companys wrote: >> Dan Gillmor @dangillmor: @kaepora Phil Zimmerman told me yesterday >> that Silent Circle (contrary to what you say in your post) will >> publish source code. >> -- >> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech >> >-- >Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From 3cwiel.verber at omroepvenlo.nl Thu Oct 11 10:19:55 2012 From: 3cwiel.verber at omroepvenlo.nl (=?koi8-r?B?IlBh2nBl22XOdWUgzmEgy2HQddRhzNjOb2UgY9Rwb3XUZczYY9TXbw==?= =?koi8-r?B?Ig==?=) Date: Fri, 12 Oct 2012 02:19:55 +0900 Subject: =?koi8-r?B?529jeWdhcGPU12XOztnKIGPUcG911GXM2M7ZyiDOYWfab3A=?= Message-ID: <01cda820$11859780$9b9aa979@3cwiel.verber> Центp поgготовкu спецuaлuстов по Сaнкт-Петеpбypгy u Ленuнгpagской облaстu ------------------------------------------- B отgел стpоuтельствa u пpоектupовaнuя Bеgyщемy uнженеpy Kaпuтaльное стpоuтельство √ вaжнейшaя отpaсль нapоgного хозяйствa. С нuм непосpеgственно связaны все экономuческuе u соцuaльные пpеобpaзовaнuя в любой стpaне: yлyчшенuе жuлuщных yсловuй, совеpшенствовaнuе технологuu u оpгaнuзaцuu пpоuзвоgствa, обеспечuвaющего объектaмu кyльтypного u коммyнaльного нaзнaченuя. Пpuглaшaем Baс нa KОHФЕPЕHЦИЮ посвященнyю послеgнuм uзмененuям в гpagостpоuтельном коgексе: ================================================================= СTPОИTЕЛЬСTBО И PЕKОHСTPУKЦИЯ ОБЪЕKTОB KAПИTAЛЬHОГО СTPОИTЕЛЬСTBA. Экспеpтuзa пpоектной gокyментaцuu. Стpоuтельный нagзоp. Bвоg объектов в эксплyaтaцuю. Дaтa пpовеgенuя: 06 - 07 ноябpя 2012 г. Место пpовеgенuя: г. Сaнкт - Петеpбypг Центp обyченuя: (8I2) 6Ч2-0Ч-З7 ================================================================= Kpaткaя пpогpaммa конфеpенцuu: 1. Инженеpные uзыскaнuя gля поgготовкu пpоектной gокyментaцuu кaпuтaльного стpоuтельствa. 2. Apхuтектypно-стpоuтельное пpоектupовaнuе. 3. Paзpешенuе нa стpоuтельство. 4. Kagaстpовaя gеятельность по фоpмupовaнuю земельных yчaстков. 5. Стpоuтельный контpоль в пpоцессе стpоuтельствa, кaпuтaльного pемонтa объектов кaпuтaльного стpоuтельствa. 6. Госygapственный стpоuтельный нagзоp. 7. Сaмоpегyлupyющuеся оpгaнuзaцuu в стpоuтельстве. 8. Paзpешенuе нa ввоg объектa в эксплyaтaцuю. 9. Ответственность зa нapyшенuе зaконоgaтельствa о гpagостpоuтельной gеятельностu. -- По вопpосaм yчaстuя обpaщaйтесь по телефонy: (8I2) 6Ч2-0Ч-З7 --- С yвaженuем, Юpковa Светлaнa Степaновнa менеgжеp uнфоpмaцuонного отgелa тел.: (8I2) 6Ч2-0Ч-З7 From lists at infosecurity.ch Fri Oct 12 00:07:50 2012 From: lists at infosecurity.ch (Fabio Pietrosanti (naif)) Date: Fri, 12 Oct 2012 09:07:50 +0200 Subject: [liberationtech] Silent Circle Dangerous to Cryptography Software Development Message-ID: On 10/12/12 1:55 AM, Christopher Soghoian wrote: > If conversations are taking place over ZRTP, and, assuming that the > crypto works, and that there isn't a backdoor, then the only data that > silent circle should have access to is conversation metadata and data > about the subscribers (IP addresses, an email address, and whatever > info is required for credit card billing, such as a name/address). I run that kind of mobile voice crypto business since 2006, had worked with Phil on our Board of Advisor, but i basically have not much trust in the "SAAS" business model for that kind of stuff, given my own personal experience. When i meet customers (mostly Enterprises and Governments, ONG get it for free), the big obstacle is not the technology but is the "trust". SilentCircle have worked a lot on the concept of "Trust" by having trustful people on-board, however i do think that who really need communication encryption support, normally doesn't have the skills to evaluate and understand how a technology or security mechanism works. As written on http://www.mail-archive.com/liberationtech at lists.stanford.edu/msg00446.html, i tried in past to run and market a service for mobile voice encryption, but there was always one question from customers: "So, all my phone calls goes trough your systems?" After that question, from a commercial point of view, for Enterprise & Government customers, represented a dead-end. So now, like CryptoPhone and other companies doing voice crypto, i had to provide that stuff only with in-house server for customers. Still i would be very happy if SilentCircle realize a marketing model where they can have customers interested to use their service! We need more innovation that field, we need opensource and free products, commercial products, software as a service products: At the end we it's just important that what you get from a community, you provide it back to the community! [...] > > I'm not even sure what specific legal method would be used to compel > such a backdoor in the US, since CALEA specifically addresses (and > largely shields) communications service providers that provide > encrypted communications but do not have access to the key. > See: http://paranoia.dubfire.net/2010/09/calea-and-encryption.html Yeah, when i spoke with Nicolas from Calyx he showed me the same US law. US Law is *extremely better* than EU Directive on the same topic, as in EU is not specifically considered and as long as you are an "Electronic communication service provider" you are obliged to provide assistance and cooperation with "Lawful interception" requirements mandated by ETSI-LI and further. If you do provide the encryption tools along with the "electronic communication service", it's your clear intention and goals to put yourself in a condition that will not let you respect the lawful interception legal requirements. So your basically violating the law. The only way is to work on the concept of what is an "electronic communication service", as we did (at privatewave). Here you can find our legal and technical analysis on how to run a voice encryption services in Italy (EU) not representing an "electronic communication service" https://docs.google.com/open?id=1vHoApU0x6PyR2_4RAL7OrEQzecQkuHoYjq1ISfaRqMWNVadCCZgfdsKtngSG . > > However, on the compelled backdoor front, if this is a threat you are > worried about, I would be equally (if not far more) worried about the > government compelling Google or Apple to covertly push a malware > update to your phone. I don't think that this could practically happen, basically due to the liability and trust risks that Google or Apple would incur. Given their stock market capitalization, their CFO would never permit something like that, and for that reason i consider Apple or Google store the most secure software delivery method even, there are too many interests to get this backdoored :-) Fabio -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Fri Oct 12 01:23:42 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 12 Oct 2012 10:23:42 +0200 Subject: [liberationtech] Silent Circle Dangerous to Cryptography Software Development Message-ID: <20121012082342.GA9750@leitl.org> ----- Forwarded message from "Fabio Pietrosanti (naif)" ----- From eugen at leitl.org Fri Oct 12 01:27:27 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 12 Oct 2012 10:27:27 +0200 Subject: best way to create entropy? Message-ID: <20121012082727.GB9750@leitl.org> ----- Forwarded message from "Naslund, Steve" ----- From eugen at leitl.org Fri Oct 12 01:50:00 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 12 Oct 2012 10:50:00 +0200 Subject: [tor-talk] Letter to A at cryptome.org Message-ID: <20121012085000.GD9750@leitl.org> For your amusement. ----- Forwarded message from frihetnull ----- From eugen at leitl.org Fri Oct 12 01:54:55 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 12 Oct 2012 10:54:55 +0200 Subject: [liberationtech] Silent Circle Dangerous to Cryptography Software Development Message-ID: <20121012085455.GF9750@leitl.org> ----- Forwarded message from Katrin Verclas ----- From eugen at leitl.org Fri Oct 12 01:55:08 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 12 Oct 2012 10:55:08 +0200 Subject: [liberationtech] Silent Circle Dangerous to Cryptography Software Development Message-ID: <20121012085508.GG9750@leitl.org> ----- Forwarded message from Nadim Kobeissi ----- From eugen at leitl.org Fri Oct 12 01:56:24 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 12 Oct 2012 10:56:24 +0200 Subject: [liberationtech] Silent Circle Dangerous to Cryptography Software Development Message-ID: <20121012085624.GH9750@leitl.org> ----- Forwarded message from Moxie Marlinspike ----- From eugen at leitl.org Fri Oct 12 01:57:07 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 12 Oct 2012 10:57:07 +0200 Subject: [liberationtech] Silent Circle Dangerous to Cryptography Software Development Message-ID: <20121012085707.GI9750@leitl.org> ----- Forwarded message from Christopher Parsons ----- From eugen at leitl.org Fri Oct 12 02:11:28 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 12 Oct 2012 11:11:28 +0200 Subject: [liberationtech] best practices - roundup Message-ID: <20121012091128.GL9750@leitl.org> ----- Forwarded message from The Doctor ----- From eugen at leitl.org Fri Oct 12 02:12:17 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 12 Oct 2012 11:12:17 +0200 Subject: [tor-dev] Even more notes on relay-crypto constructions Message-ID: <20121012091217.GM9750@leitl.org> ----- Forwarded message from unknown ----- From eugen at leitl.org Fri Oct 12 02:13:41 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 12 Oct 2012 11:13:41 +0200 Subject: [liberationtech] Silent Circle to publish source code? Message-ID: <20121012091341.GN9750@leitl.org> ----- Forwarded message from Yosem Companys ----- From eugen at leitl.org Fri Oct 12 02:14:47 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 12 Oct 2012 11:14:47 +0200 Subject: Roy Bates, "Prince Roy" of Sealand, dies at 90. Message-ID: <20121012091447.GO9750@leitl.org> ----- Forwarded message from telmnstr at 757.org ----- From eugen at leitl.org Fri Oct 12 02:15:29 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 12 Oct 2012 11:15:29 +0200 Subject: [liberationtech] Silent Circle to publish source code? Message-ID: <20121012091529.GP9750@leitl.org> ----- Forwarded message from Nathan ----- From eugen at leitl.org Fri Oct 12 02:28:30 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 12 Oct 2012 11:28:30 +0200 Subject: [liberationtech] One year =?utf-8?Q?later?= =?utf-8?Q?=3A_German_police_unable_to_develop_=E2=80=98state_trojan?= =?utf-8?B?4oCZ?= Message-ID: <20121012092830.GR9750@leitl.org> ----- Forwarded message from Anne Roth ----- From eugen at leitl.org Fri Oct 12 04:02:08 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 12 Oct 2012 13:02:08 +0200 Subject: If I Fly a UAV Over My Neighbor's House, Is It Trespassing? Message-ID: <20121012110208.GY9750@leitl.org> http://www.theatlantic.com/technology/archive/2012/10/if-i-fly-a-uav-over-my-neighbors-house-is-it-trespassing/263431/ If I Fly a UAV Over My Neighbor's House, Is It Trespassing? By Alexis C. Madrigal Tweet Oct 10 2012, 2:00 PM ET Even a toy drone with an HD camera scrambles our sense of property and privacy rights. dronefence.jpg The AR.Drone.2.0 in action in my backyard. My poor kitten, who my unfortunate Instagram contacts know too well, gets beat up every time he goes outside. There's a bully cat in the neighborhood who appears to relish in attacking cute, fluffy things as soon as they get out of human oversight. So, naturally, I bought a Parrot AR.Drone.2.0, a remote-controlled quadcopter with an HD camera attached, to see if I could spot where the punk bully cat hangs out. After some training runs in which I crashed the little UAV every fifteen seconds, I started to get the hang of where to push on my iPad to get the little AR.Drone to go the way I desired. And then, dodging trees and power lines, I sent the machine flying higher in the sky and scooted towards the fence, popped over it, and -- terrified of crashing in territory I didn't control -- sped back across to the safety of my own backyard, and engaged the automatic landing sequence. Technically, I'd gone over the fence line, and if I'd done so on foot, intentionally, I would have nominally been guilty of trespassing. But if I were flying in a helicopter, a few hundred feet up, I would *not* have been guilty of trespassing. So, what about the air in between? There aren't many specific laws or cases on the books to address my specific situation, but we do know that the idea of airspace has changed in the decades since humans started flying around. "Once upon a time, you had the rights to your property under the soil and to the sky. It went by the colorful, Latin label "ad coelum et ad inferos"---to the heavens and hell," Ryan Calo, a University of Washington law professor and former research director of Stanford's Center for Internet and Society, told me. "But subsequent case law recognized the limits imposed by commercial aviation and other realities of the modern world. Now you own the air and soil rights you might reasonably use and enjoy." That original dictum -- ad coelum et ad inferos -- was never part of legislation, but rather passed to us from British common law. The process by which this notion of property was limited really began in the early twentieth century, when we began to regularly reach into the heavens and nominally closer to hell. Timothy Ravich is an aviation lawyer who contributed an article to the North Dakota Law Review (UND is a major hub of civilian aerospace training) on "the integration of unmanned aerial vehicles into the national airspace." I figured if anyone knew the legal status of my neighborhood flights, it would be him. "If you were to take your Parrot drone over my house, I suppose at one level, it is a trespass," he said. "You were not invited there and could potentially have disrupted my quiet enjoyment of my home. I suppose I could sue." Whoops, I thought. But it's not really that simple. Regardless of whether someone technically had the right to stop me from flying my little UAV over a house, "It's quite another thing to exercise those rights in a court of law," Ravitch said. "If someone does take a Parrot and fly it over your house every day for a year. Are you injured? What are the actual damages?" In other words: what are you gonna do about it? "What [property] rights you have beyond what you can physically touch has always been difficult for the law to grapple with," Ravich told me. "Good fences make good neighbors," Ravitch said. "But we don't build fences in the air." droneview.jpg The drone's eye view, sadly no Bully Cat in sight. There are two fascinating analogous cases to look at. The first reaches all the way back to the early 1800s, when balloonists (!) were first making their uncertain journeys skyward. In 1822, the Supreme Court of New York heard the case of Guille vs. Swan. Guille was a balloonist. Swan had a vegetable garden. Guille launched himself in a balloon near Swan's patch and as he descended, hilarity/mayhem ensued. Here's the court's description of the situation: The facts were that Guille ascended in a balloon in the vicinity of Swan's garden and descended into his garden. When he descended his body was hanging out of the car of the balloon in a very perilous situation and he called to a person at work in Swan's field to help him in a voice audible to the pursuing crowd. After the balloon descended it dragged along over potatoes and radishes about thirty feet when Guille was taken out. The balloon was carried to a barn at the further end of the premises. When the balloon descended more than two hundred persons broke into Swan's garden through the fences and came on his premises beating down his vegetables and flowers. Guille was found liable both for the damage his own balloon caused and the damage perpetrated by the crowd following him. But in that case, the problem was not the flight over Swan's veggies, but its descent back down where property rights make more sense. The real touch point for UAV law in civilian air space, though, is the case of United States v. Causby, which the Supreme Court heard in 1946. It demolished, "ad coelum et ad inferos." The Thomas and Tinie Causby owned a few acres of land near Greensboro, North Carolina on which they farmed chickens. It happened to be underneath one of the glide paths to a municipal airport, so planes passed roughly 83 feet above his property. The planes -- old-school bombers and fighters in many cases -- scared the wits out of his chickens. They literally killed themselves flying off the walls in fright. "As many as six to ten of their chickens were killed in one day by flying into the walls from fright. The total chickens lost in that manner was about 150," the Court noted. Production also fell off. The result was the destruction of the use of the property as a commercial chicken farm." What resulted from this set of circumstances, though, was a triumph for aviators. The Court affirmed that "the air above the minimum safe altitude of flight... is a public highway and part of the public domain." Poor Causby and his chickens were out of luck. [The] doctrine [of cujus est solum ejus est usque ad coelum] has no place in the modern world. The air is a public highway, as Congress has declared. Were that not true, every transcontinental flight would subject the operator to countless trespass suits. Common sense revolts at the idea. To recognize such private claims to the airspace would clog these highways, seriously interfere with their control and development in the public interest, and transfer into private ownership that to which only the public has a just claim. The question remains: what do private citizens and the public have just claims to? The reasoning of the court in these old decisions is one that I like: the air should be a space for everyone, not whoever can purchase the most square acreage on the ground. But the wide availability of UAV technology (combined with HD video) scrambles my sense of what is right. Specifically, it points out how much of our sense of privacy is intimately connected up with our expectations of our property rights. Drones -- as flying, seeing objects -- scramble our 2D sense of property boundaries, and along the way, make privacy much more complicated. "This idea of a reasonable expectation of privacy has always been accepted as the standard and the interface of that privacy right and emerging UAV technology is fascinating," Ravitch said. "There is not an answer. The best we can do is arrive at laws and practices of the then-existing sensibilities of the population." Because while my hunt for the neighborhood's bully cat is a lighthearted endeavor, the real difficult decisions in this domain will come when local police have as many unmanned aerial systems as they do trained dogs. From bodil.glad at tamu.dk Fri Oct 12 15:11:53 2012 From: bodil.glad at tamu.dk (=?koi8-r?B?IuPFztTSINDP19nbxc7J0SDL18HMycbJy8HDycki?=) Date: Fri, 12 Oct 2012 19:11:53 -0300 Subject: =?koi8-r?B?/MvPzM/Hyd7F08vJyiDLz87U0s/M2CDOwSDQ0sXE0NLJ0dTJyS4=?= Message-ID: <01cda8ad$70452280$0ffb4ac9@bodil.glad> ------=== К О Н Ф Е Р Е Н Ц И Я п о О Т Х О Д А М ===------- ------------------------------------------------ ОБРАЩЕНИЕ С ОТХОДАМИ ПРОИЗВОДСТВА И ПОТРЕБЛЕНИЯ. Экологический надзор. 1 2 - 1 3 ноября 20I2 г. С.-Петербург (8I2) 6Ч2 - ОЧ - 69 ------------------------------------------------ Программа конференции: + Законодательство РФ в сфере обращения с отходами. + Учет и контроль движения отходов различных классов опасности. + Определение класса опасности отхода, порядок разработки и утверждения паспорта опасного отхода. + Нормирование образования отходов производства и потребления. + Государственный контроль за деятельностью в области обращения с отходами. + Экономический механизм природопользования и охраны окружающей среды. + Ответственность за нарушения требований природоохранного законодательства в области обращения с отходами. -- Полный список вопросов вышлем Вам по запросу: (8I2) 6Ч2-ОЧ-69 С уважением, Егорова Наталия Дмитриевна менеджер информационного отдела тел.: (812) 6Ч2_ОЧ_69 From bogrim at hashomerhatzair.ch Fri Oct 12 09:40:50 2012 From: bogrim at hashomerhatzair.ch (=?koi8-r?B?IvfFxNXdycogyc7Wxc7F0iDcy8/Mz8ci?=) Date: Fri, 12 Oct 2012 23:40:50 +0700 Subject: =?koi8-r?B?8M/S0cTPyyDPwtLB3cXOydEg0yDP1MjPxMHNySDQ0s/J2tfPxNPU1w==?= =?koi8-r?B?wS4=?= Message-ID: <01cda8d3$02abed00$efb3ba3a@bogrim> ------=== К О Н Ф Е Р Е Н Ц И Я п о О Т Х О Д А М ===------- ------------------------------------------------ ОБРАЩЕНИЕ С ОТХОДАМИ ПРОИЗВОДСТВА И ПОТРЕБЛЕНИЯ. Экологический надзор. 1 2 - 1 3 ноября 20I2 г. С.-Петербург (8I2) 6Ч2 - ОЧ - 69 ------------------------------------------------ Программа конференции: + Законодательство РФ в сфере обращения с отходами. + Учет и контроль движения отходов различных классов опасности. + Определение класса опасности отхода, порядок разработки и утверждения паспорта опасного отхода. + Нормирование образования отходов производства и потребления. + Государственный контроль за деятельностью в области обращения с отходами. + Экономический механизм природопользования и охраны окружающей среды. + Ответственность за нарушения требований природоохранного законодательства в области обращения с отходами. -- Полный список вопросов вышлем Вам по запросу: (8I2) 6Ч2-ОЧ-69 С уважением, Егорова Наталия Дмитриевна менеджер информационного отдела тел.: (812) 6Ч2_ОЧ_69 From bradshaw at suth.com Fri Oct 12 08:30:05 2012 From: bradshaw at suth.com (=?koi8-r?B?IuPFztTSINDP19nbxc7J0SDL18HMycbJy8HDycki?=) Date: Sat, 13 Oct 2012 00:30:05 +0900 Subject: =?koi8-r?B?8M/S0cTPyyDPwtLB3cXOydEg0yDP1MjPxMHNySDQ0s/J2tfPxNPU1w==?= =?koi8-r?B?wS4=?= Message-ID: <01cda8d9$e3fd2480$6237ac70@bradshaw> ------=== К О Н Ф Е Р Е Н Ц И Я п о О Т Х О Д А М ===------- ------------------------------------------------ ОБРАЩЕНИЕ С ОТХОДАМИ ПРОИЗВОДСТВА И ПОТРЕБЛЕНИЯ. Экологический надзор. 1 2 - 1 3 ноября 20I2 г. С.-Петербург (8I2) 6Ч2 - ОЧ - 69 ------------------------------------------------ Программа конференции: + Законодательство РФ в сфере обращения с отходами. + Учет и контроль движения отходов различных классов опасности. + Определение класса опасности отхода, порядок разработки и утверждения паспорта опасного отхода. + Нормирование образования отходов производства и потребления. + Государственный контроль за деятельностью в области обращения с отходами. + Экономический механизм природопользования и охраны окружающей среды. + Ответственность за нарушения требований природоохранного законодательства в области обращения с отходами. -- Полный список вопросов вышлем Вам по запросу: (8I2) 6Ч2-ОЧ-69 С уважением, Егорова Наталия Дмитриевна менеджер информационного отдела тел.: (812) 6Ч2_ОЧ_69 From grarpamp at gmail.com Sun Oct 14 10:44:36 2012 From: grarpamp at gmail.com (grarpamp) Date: Sun, 14 Oct 2012 13:44:36 -0400 Subject: [tor-talk] Scallion, GPU based onion hash generator Message-ID: > I'd like to announce Scallion, an OpenCL vanity .onion address generator. > It gets around 600MH/s on an AMD Radeon HD6870 (similar on a 5770), > allowing it to generate an address with a chosen 8-character prefix in just > 15 minutes on average. It's written in C# and runs in both Linux (on Mono) > and Windows. Pretty awesome! Would you be kind enough to ensure this compiles and runs on FreeBSD as well? Thanks! http://www.freebsd.org/ ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/9.1/ _______________________________________________ tor-talk mailing list tor-talk at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Sun Oct 14 11:41:15 2012 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 14 Oct 2012 20:41:15 +0200 Subject: [tor-talk] Scallion, GPU based onion hash generator Message-ID: <20121014184115.GD9750@leitl.org> ----- Forwarded message from grarpamp ----- From saftergood at fas.org Mon Oct 15 07:01:11 2012 From: saftergood at fas.org (Steven Aftergood) Date: Mon, 15 Oct 2012 07:01:11 -0700 Subject: Secrecy News -- 10/15/12 Message-ID: Format Note: If you cannot easily read the text below, or you prefer to receive Secrecy News in another format, please reply to this email to let us know. SECRECY NEWS from the FAS Project on Government Secrecy Volume 2012, Issue No. 106 October 15, 2012 Secrecy News Blog: http://www.fas.org/blog/secrecy/ ** KIRIAKOU NOT ALLOWED TO ARGUE LACK OF INTENT TO HARM U.S. ** SECRECY CONFERENCE AT FORDHAM LAW SCHOOL KIRIAKOU NOT ALLOWED TO ARGUE LACK OF INTENT TO HARM U.S. A court ruled this month that former CIA officer John Kiriakou, who is charged with unauthorized disclosures of classified information to the media, will not be permitted to argue at trial that he intended no harm to the United States, or that his entire career testifies to a deep commitment to national security. Instead, the central question at trial will be whether Kiriakou "had reason to believe" that the information he allegedly released would cause injury to the United States. The court ruling, which favors the prosecution's conception of the case, was issued during a sealed hearing on October 1. The hearing transcript has not been released, but the ruling was disclosed in two footnotes in an October 3 defense pleading that was unsealed last week. http://www.fas.org/sgp/jud/kiriakou/100312-reply98.pdf The defense said it would have demonstrated at trial "that Mr. Kiriakou had no intent to harm the United States, and that he had no motive to do so had the Court not ruled such arguments inadmissible" (footnote 7). Similarly, the defense indicated that "this Court's October 1, 2012 ruling precludes arguments regarding Mr. Kiriakou's intent to harm the United States or a defense resting on Mr. Kiriakou's lack of bad faith" (footnote 4). The defense said it would continue to "note where information would be relevant to such arguments in order to preserve its ability to appeal the issue should that become necessary." Meanwhile, two reporters who were subpoenaed by the Kiriakou defense filed motions to quash the subpoenas. Attorneys for Matthew Cole, designated "Journalist A" in the Kiriakou indictment, said that the information sought by the Kiriakou defense was protected by a reporter's First Amendment privilege and that there was no basis to overrule the privilege. Not only that, but Cole attorneys George Doumar and Mark Zaid added that Mr. Cole would assert a Fifth Amendment right to refuse to testify to avoid self-incrimination. They said that the government's past move to prosecute unauthorized receipt and transmission of classified information in the AIPAC case (US v. Rosen) raises the possibility that Cole's testimony "could subject him to a subsequent federal criminal proceeding. Therefore, he will invoke his Fifth Amendment right to remain silent." http://www.fas.org/sgp/jud/kiriakou/101112-Aquash.pdf Washington Post researcher Julie Tate also moved to quash a subpoena for her testimony. She was identified as the "Researcher 1" sought by the defense in an article by Josh Gerstein of Politico last week. Ms. Tate possesses exceptional news gathering skills. But she has nothing to do with the charges against Mr. Kiriakou, her attorneys said in their October 11 motion to quash. "The testimony defendant seeks from Ms. Tate has no conceivable relevance to this case. Defendant has been charged with unlawfully disclosing classified information to Journalist A and Journalist B--not to Ms. Tate. Ms. Tate is not mentioned in the Indictment, and there is no evidence in the record that Ms. Tate has ever met or communicated with Mr. Kiriakou.... The law places the burden on the defendant to establish that he has a need for Ms. Tate's testimony that is so compelling that it outweighs the First Amendment interests at stake. That burden has not been met." http://www.fas.org/sgp/jud/kiriakou/101112-tate-quash.pdf Scott Shane of the New York Times, who is "Journalist B" in the Kiriakou indictment, is also believed to have been subpoenaed. But that subpoena is said to have been withdrawn for reasons that are unclear. In any case, Mr. Shane and the New York Times did not file a motion to quash. The pending motions to quash the subpoenas will be argued before Judge Leonie M. Brinkema at an October 18 hearing. SECRECY CONFERENCE AT FORDHAM LAW SCHOOL A day-long conference on national security secrecy will be held tomorrow, October 16, at Fordham Law School in New York City. The conference brings together a promising mix of former government officials, journalists, litigators, academics and others, including myself. For more information on the conference, which is open to the public, see here: http://www.fas.org/sgp/news/2012/10/fordham.pdf _______________________________________________ Secrecy News is written by Steven Aftergood and published by the Federation of American Scientists. The Secrecy News Blog is at: http://www.fas.org/blog/secrecy/ To SUBSCRIBE to Secrecy News, go to: http://www.fas.org/sgp/news/secrecy/subscribe.html To UNSUBSCRIBE, go to http://www.fas.org/sgp/news/secrecy/unsubscribe.html OR email your request to saftergood at fas.org Secrecy News is archived at: http://www.fas.org/sgp/news/secrecy/index.html Support the FAS Project on Government Secrecy with a donation: http://www.fas.org/member/donate_today.html _______________________ Steven Aftergood Project on Government Secrecy Federation of American Scientists web: www.fas.org/sgp/index.html email: saftergood at fas.org voice: (202) 454-4691 twitter: @saftergood ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From ultraconservativeyrh87 at multiform.at Mon Oct 15 05:16:35 2012 From: ultraconservativeyrh87 at multiform.at (=?koi8-r?B?7sHDLiDQzMHUxdbOwdEg08nT1MXNwQ==?=) Date: Mon, 15 Oct 2012 13:16:35 +0100 Subject: =?koi8-r?B?98HMwNTOz8Ug0sXH1czJ0s/Xwc7JxQ==?= Message-ID: <01cdaad7$4d1f2630$68707e0a@trickinessvp83> ВНИМАНИЮ БАНКОВ, ФИНАНСОВЫХ, СТРАХОВЫХ КОМПАНИЙ - НОВЫЕ ИЗМЕНЕНИЯ ВСТУПИЛИ В СИЛУ ВНИМАНИЕ! - Изменения валютного законодательства! с 1 октября 2012 года вступает в силу Инструкция Банка России от 04.06.2012г. _ 138-И "О порядке представления резидентами и нерезидентами уполномоченным банкам документов и информации, связанных с проведением валютных операций, порядке оформления паспортов сделок, а также порядке учета уполномоченными банками валютных операций и контроля за их проведением." Валютное регулирование (ЦБ РФ) код: (четыре девять пять) 7Ч2.9I98 **** код (495) - 7-42-9I\98 26 октября 2012г. Новое в системе валютного регулирования и валютного контроля Лектор: начальник управления Департамента финансового Мониторинга и валютного контроля Банка России. 1. Инструкция Банка России от 04.06.12г. ╧ 138-И "О порядке представления резидентами и нерезидентами уполномоченным банкам документов и информации, связанных с проведением валютных операций, порядке оформления паспортов сделок, а также порядке учета уполномоченными банками валютных операций и контроля за их проведением". Концепция, структура, основные положения. Изменения в порядке представления и оформления документов (в том числе Справок и Паспортов сделок) и осуществления валютного контроля, установленные Инструкцией ╧ 138-И. 2.Система валютного регулирования и валютного контроля в Российской Федерации и валютный контроль уполномоченных банков. Федеральный закон "О валютном регулировании и валютном контроле" ╧ 173-ФЗ (с изменениями и дополнениями, в том числе внесенными Федеральным законом от 27 июня 2011 г. N 162-ФЗ "О внесении изменений в отдельные законодательные акты Российской Федерации в связи с принятием ФЗ "О национальной платежной системе"), императивные нормы. Регулирование порядка поведения валютных операций резидентами и нерезидентами, открытия и ведения резидентами счетов в банках, расположенных за пределами Российской Федерации. Режим счета, открытого за рубежом Действие валютного законодательства в связи с принятием Федерального закона от 27 июня 2011 г. N 161-ФЗ "О национальной платежной системе") и Федерального закона от 27 июня 2011 г. N 162-ФЗ "О внесении изменений в отдельные законодательные акты Российской Федерации в связи с принятием Федерального закона "О национальной платежной системе" Порядок открытия и ведения счетов резидентов за пределами территории РФ. Правила осуществления резидентами валютных операций. 3. Порядок проведения валютных операций, порядок и сроки представления документов валютного контроля (Справки, Паспорта сделок) и порядок осуществления уполномоченными банками валютного контроля, в свете новых нормативных актов Банка России:- Инструкции Банка России от 04.06.12г. ╧ 138-И "О порядке представления резидентами и нерезидентами уполномоченным банкам документов и информации, связанных с проведением валютных операций, порядке оформления паспортов сделок, а также порядке учета уполномоченными банками валютных операций и контроля за их проведением".- Положении Банка России от 29.12.2010 ╧ 364-П ⌠О порядке передачи уполномоченными банками и территориальными учреждениями Банка России в таможенные органы для выполнения ими функций агентов валютного контроля информации по паспортам сделок по внешнеторговым договорам (контрактам) в электронном виде■. 4. Регулирование порядка представления информации о нарушениях валютного законодательства. Направление информации о правонарушениях и Положение ЦБ РФ от 20.07.2007 N 308-П. Возможные правонарушения в связи с принятием Инструкции Банка России ╧ 138-И. Практика применения Положения ЦБ РФ от 20.07.2007 N 308-П на примере конкретных нарушений. 5. Валютное регулирование операций физических лиц. Операции физических лиц и валютный контроль уполномоченных банков. Федеральный закон╧ 173-ФЗ (в том числе заработная плата и командировочные расходы). Порядок осуществления переводов денежных средств физическими лицами из РФ и по территории РФ "Близкородственные" переводы. 6 Ответственность за нарушение валютного законодательства. Федеральный Закон ╧ 174-ФЗ. Стоимость участия в семинаре 9970 рублей Вся информация по тел: +7 499 - 4Ч5/ЧО/95 <<>> 8 (Ч95) 792*2I22 Валютное регулирование и валютный контроль на современном этапе Валютное регулирование (ЦБ РФ) +7 499 445*ЧО*95 и 8 (495) 792\2I/22 26 октября 2012г. и 23 октября 2012г. Лектор: начальник управления Департамента финансового Мониторинга и валютного контроля Банка России. 1. Инструкция Банка России от 04.06.12г. ╧ 138-И "О порядке представления резидентами и нерезидентами уполномоченным банкам документов и информации, связанных с проведением валютных операций, порядке оформления паспортов сделок, а также порядке учета уполномоченными банками валютных операций и контроля за их проведением". Концепция, структура, основные положения. Изменения в порядке представления и оформления документов (в том числе Справок и Паспортов сделок) и осуществления валютного контроля, установленные Инструкцией ╧ 138-И. 2.Система валютного регулирования и валютного контроля в Российской Федерации и валютный контроль уполномоченных банков. Федеральный закон "О валютном регулировании и валютном контроле" ╧ 173-ФЗ (с изменениями и дополнениями, в том числе внесенными Федеральным законом от 27 июня 2011 г. N 162-ФЗ "О внесении изменений в отдельные законодательные акты Российской Федерации в связи с принятием ФЗ "О национальной платежной системе"), императивные нормы. Регулирование порядка поведения валютных операций резидентами и нерезидентами, открытия и ведения резидентами счетов в банках, расположенных за пределами Российской Федерации. Режим счета, открытого за рубежом Действие валютного законодательства в связи с принятием Федерального закона от 27 июня 2011 г. N 161-ФЗ "О национальной платежной системе") и Федерального закона от 27 июня 2011 г. N 162-ФЗ "О внесении изменений в отдельные законодательные акты Российской Федерации в связи с принятием Федерального закона "О национальной платежной системе" Порядок открытия и ведения счетов резидентов за пределами территории РФ. Правила осуществления резидентами валютных операций. 3. Порядок проведения валютных операций, порядок и сроки представления документов валютного контроля (Справки, Паспорта сделок) и порядок осуществления уполномоченными банками валютного контроля, в свете новых нормативных актов Банка России:- Инструкции Банка России от 04.06.12г. ╧ 138-И "О порядке представления резидентами и нерезидентами уполномоченным банкам документов и информации, связанных с проведением валютных операций, порядке оформления паспортов сделок, а также порядке учета уполномоченными банками валютных операций и контроля за их проведением".- Положении Банка России от 29.12.2010 ╧ 364-П ⌠О порядке передачи уполномоченными банками и территориальными учреждениями Банка России в таможенные органы для выполнения ими функций агентов валютного контроля информации по паспортам сделок по внешнеторговым договорам (контрактам) в электронном виде■. 4. Регулирование порядка представления информации о нарушениях валютного законодательства. Направление информации о правонарушениях и Положение ЦБ РФ от 20.07.2007 N 308-П. Возможные правонарушения в связи с принятием Инструкции Банка России ╧ 138-И. Практика применения Положения ЦБ РФ от 20.07.2007 N 308-П на примере конкретных нарушений. 5. Валютное регулирование операций физических лиц. Операции физических лиц и валютный контроль уполномоченных банков. Федеральный закон╧ 173-ФЗ (в том числе заработная плата и командировочные расходы). Порядок осуществления переводов денежных средств физическими лицами из РФ и по территории РФ "Близкородственные" переводы. 6 Ответственность за нарушение валютного законодательства. Федеральный Закон ╧ 174-ФЗ. Стоимость участия в семинаре 9970 рублей Вся информация по тел: +7 499 4454_095 или код (495) - 7\Ч2/91*98 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5701 bytes Desc: not available URL: From eugen at leitl.org Mon Oct 15 07:44:45 2012 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 15 Oct 2012 16:44:45 +0200 Subject: Secrecy News -- 10/15/12 Message-ID: <20121015144445.GP9750@leitl.org> ----- Forwarded message from Steven Aftergood ----- From tedks at riseup.net Tue Oct 16 08:11:01 2012 From: tedks at riseup.net (Ted Smith) Date: Tue, 16 Oct 2012 11:11:01 -0400 Subject: [tor-talk] registration for youtube, gmail over Tor - fake voicemail / sms anyone? In-Reply-To: <20121016142503.GR9750@leitl.org> References: <20121016142503.GR9750@leitl.org> Message-ID: <1350400261.19250.17.camel@anglachel> On Tue, 2012-10-16 at 16:25 +0200, Eugen Leitl wrote: > ----- Forwarded message from Mike Hearn ----- > > From: Mike Hearn > Date: Tue, 16 Oct 2012 14:36:43 +0200 > To: tor-talk at lists.torproject.org > Subject: Re: [tor-talk] registration for youtube, > gmail over Tor - fake voicemail / sms anyone? > Reply-To: tor-talk at lists.torproject.org > So I'm afraid we don't have a good solution for people who want to > sign up to Google anonymously today beyond buying accounts and getting > unlinkability that way, but as I said, that's against our terms of > service and can easily be confused with abuse so it's somewhat > dangerous. > > thanks > -mike This implies a pretty easy business model: * rent botnet proxies at some cost * make google accounts over botnets, farming the captchas out at some other cost * sell google accounts for bitcoins at cost + other cost + profit margin over a tor hidden service * profit You could probably do the account creation on-demand so you had no inventory buildup, even. If you started getting lots of demand, you could start pre-registering accounts. This one's a freebie for anyone on this list with more time than me. Since I have a Google account, I'd like to say that I will never do this, as it would be against Google's ToS and as such, criminally illegal (see ). Also, nobody else should do this. That would be illegal and therefore wrong. /fingerwag -- Sent from Ubuntu [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From oneingray at gmail.com Mon Oct 15 22:25:08 2012 From: oneingray at gmail.com (Ivan Shmakov) Date: Tue, 16 Oct 2012 12:25:08 +0700 Subject: [p2p-hackers] "generic & secure" DHT table implementation? Message-ID: Abstract There're (several?) BitTorrent-specific DHT's, and the P2P anonymity protocols (such as GNUnet) seem to (effectively) implement their own DHT's. But is there any kind of a buniversalb (i. e., transport protocol-independent) DHT? And if not, why? Searching by content-derived identifiers There're currently a number of P2P-friendly content-derived resource identifiers, such as the BitTorrent binfohashb values (which can be embedded within magnet: schema URI's, like [1]), as well as the URI's used in GNUnet and Freenet frameworks (like [2]), both non-standard (and the GNUnet ones are, as it seems, interpreting the base URI specification in somewhat an odd way.) What seems to be missing, however, is a bgenericb DHT network that could be used to search both the relevant metadata (such as .torrent or Metalink files), and the peers participating in a particular data exchange (and the respective protocols they support), using one or more of an extensible set of identifiers (including BitTorrent infohashes, GNUnet URI's, and the plain SHA-1, SHA-2, or SHA-3 values.) How's it useful? With such a DHT, Alice, having only a bandwidth-limited Internet connection, could compute a SHA-256 of a large file on her host, and send the former to Bob, which, in turn, would use any downloading software (implementing the support for the aforementioned bgenericb DHT) to discover the possible sources for the file in question and retrieve it. Security issues As for the security, the brecordsb in such a table could be digitally signed, with the set of the btrustedb public keys being comprised of those keys explicitly approved by the user, the public keys of the peers with which a successful data exchange has occurred before, and the public keys trusted by the peers already trusted, up to a certain depth. (There could then be different levels of trust, just like, e. g., in GnuPG, and perhaps other OpenPGP software.) The purpose of such a facility is exactly to allow for the use of (non-piecewise) digest to metadata records, which otherwise could easily be spoofed, and used to force the downloader to spend its resources to download an otherwise irrelevant data. The question The question is: are there any designs, either implemented, or described in detail, allowing for operation as described above, or are there specific reasons for which the outline above is not feasible to implement? TIA. [1] magnet:?xt=urn:btih:fb5c0d7946469ba48121607458e360cb31336e55 [2] gnunet://ecrs/chk/9E4MDN4VULE8KJG6U1C8FKH5HA8C5CHSJTILRTTPGK8MJ6VHORERHE68JU8Q0FDTOH1DGLUJ3NLE99N0ML0N9PIBAGKG7MNPBTT6UKG.1I823C58O3LKS24LLI9KB384LH82LGF9GUQRJHACCUINSCQH36SI4NF88CMAET3T3BHI93D4S0M5CC6MVDL1K8GFKVBN69Q6T307U6O.17992 -- FSF associate member #7257 _______________________________________________ p2p-hackers mailing list p2p-hackers at lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From hearn at google.com Tue Oct 16 05:36:43 2012 From: hearn at google.com (Mike Hearn) Date: Tue, 16 Oct 2012 14:36:43 +0200 Subject: [tor-talk] registration for youtube, gmail over Tor - fake voicemail / sms anyone? Message-ID: > Although it's not an ideal situation, a few days ago a Google employee > posted regarding access via Tor: > > https://lists.torproject.org/pipermail/tor-talk/2012-October/025923.html Hi, I'm that employee. That post is specifically about login to existing accounts that were created outside of Tor. We have a policy of phone verifying every signup via anonymizing proxies. If you signed up via Tor and didn't get asked to phone verify it means the list of exit nodes we're using isn't up to date, or there was a sync issue. Or you used an exit node that isn't in the list for some reason. We use this one: http://exitlist.torproject.org/exit-addresses We appreciate the offer to solve 1000 CAPTCHAs. Unfortunately the cost of 1000 CAPTCHAs is only about $1 on the open market, not exactly a high bar. The need for phone verification is unfortunate but real. If we had a better way to throttle abuse we'd use it. Unfortunately we don't. In the past I've researched and suggested using deposits of Bitcoin so we could set the price of an account in a more nuanced way, see here for a description of how it'd work: https://en.bitcoin.it/wiki/Contracts#Example_1:_Providing_a_deposit (bitcoin is my 20% project) For a variety of practical reasons I don't think that'll happen for Google accounts anytime soon, even assuming the software for it existed, which it doesn't yet. But I think it'd be great if people who are interested in making Tor usable with abusable services worked on the Bitcoin approach. I'd start by integrating with MediaWiki, blogging platforms etc, forum software etc, so if people want to run wikis/forums/blogs as hidden services or otherwise they have a way to make spam expensive without using the proxy of identity. Of course it does move the problem to be "how can I acquire Bitcoin?" but you get unlinkability. Even if the Bitcoin seller you used knows your identity, the recipient of the coins does not. So I'm afraid we don't have a good solution for people who want to sign up to Google anonymously today beyond buying accounts and getting unlinkability that way, but as I said, that's against our terms of service and can easily be confused with abuse so it's somewhat dangerous. thanks -mike _______________________________________________ tor-talk mailing list tor-talk at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From bmontgomery at upei.ca Tue Oct 16 04:43:04 2012 From: bmontgomery at upei.ca (=?koi8-r?B?Iu/UINPM1dbC2SDcy8/Mz8fJ3sXTy8/HzyDOwcTaz9LBIg==?=) Date: Tue, 16 Oct 2012 14:43:04 +0300 Subject: =?koi8-r?B?6c7Wxc7F0tUg0M8g0NLPzcLF2s/QwdPOz9PUyQ==?= Message-ID: <01cdabac$8c4a0c00$852c31bc@bmontgomery> -----------------===КОНТРОЛЬ ПРОМБЕЗОПАСНОСТИ===------------------------- --------К У Р С П О В Ы Ш Е Н И Я К В А Л И Ф И К А Ц И И-------------- В отдел ОТ и ПБ Ведущему инженеру ЭКСПЕРТИЗА ПРОМЫШЛЕННОЙ БЕЗОПАСНОСТИ. Разработка документации. *************************************************** 29 - 30 октября 2012, в г. Санкт-Петербург тел.: (812) 6Ч2...ОЧ.89 Краткая программа курса: 1. Экспертиза промышленной безопасности и правила её проведения. 2. Экспертиза проектной документации на консервацию и ликвидацию опасных производственных объектов. 3. Экспертиза технических устройств, применяемых на опасных производственных объектах. 4. Экспертиза зданий и сооружений на опасных производственных объектах. 5. Разработка документации для получения лицензий Ростехнадзора 6. Разработка документации для получения лицензий на осуществление работ по монтажу, ремонту и обслуживанию средств обеспечения пожарной безопасности зданий и сооружений 7. Регистрация опасных производственных объектов в реестр ***************************** По окончании курса выдается удостоверение государственного образца о повышении квалификации! ********************************************************************** По поводу участия в курсе обращайтесь по телефону: (812) 6Ч2_ОЧ 89 С уважением, Некрасова Евгения Федоровна специалист отдела обучения тел.: /812/ 6Ч2 ОЧ-89 From marlowe at antagonism.org Tue Oct 16 13:03:06 2012 From: marlowe at antagonism.org (Patrick R McDonald) Date: Tue, 16 Oct 2012 15:03:06 -0500 Subject: [tahoe-lafs-weekly-news] TWN 39 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ======================================================== Tahoe-LAFS Weekly News, issue number 39, October 16 2012 ======================================================== Welcome to the Tahoe-LAFS Weekly News (TWN). Tahoe-LAFS_ is a secure, distributed storage system. `View TWN on the web`_ *or* `subscribe to TWN`_. If you would like to view the "new and improved" TWN, complete with pictures; please take a `look`_. .. _Tahoe-LAFS: https://tahoe-lafs.org .. _View TWN on the web: https://tahoe-lafs.org/trac/tahoe-lafs/wiki/TahoeLAFSWeeklyNews .. _subscribe to TWN: https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-lafs-weekly-news .. _look: https://tahoe-lafs.org/~marlowe/TWN38.html Announcement and News ===================== Thank You - - --------- We interrupt your regularly scheduled TWN to bring you this special announcement. Well maybe not regularly scheduled, how about we interrupt this interruption to bring you this special announcement? Zooko |zooko| posted on the tahoe-dev mailing list, `this message`_ regarding the extended absence of TWN. In it, he expressed his appreciation of my effort in writing TWN and encouraged you, if you felt the same, to contact me as well. You amazed me with the number of emails which filled my inbox stating how much you appreciated TWN. The emails did not stop with just praise. There were offers of assistance, ideas for new stories. This show of support from this community left me utterly speechless. However, I needed to find a way to express my gratitude and respect. Lacking documentation is a common theme in many open source projects. I don't think this is a result of lack of good documentation writers nor due to concepts which are too difficult to document. Rather I believe that those of us who write are amazed by the community's ability to create. Reporting on the doing, doesn't seem to hold the same thrill as the actual doing. Or at the very least, this is my feeling. This community amazes me in its ability to create and not just with Tahoe-LAFS. This community has spawned companies, amazing spinoff projects and inspired numerous others. The cryptography and security discussions force me to stretch the bounds of my knowledge and imagination. This community makes me better person simply through observation and thank you for it. Unfortunately, being an observer, occasionally makes me feel as if I am not an essential cog in the machine. You start to wonder if your contribution really provides any value add. After all it isn't a patch which provides a new feature or corrects some long standing bug. Instead it is merely a discourse on your observations. Who is really interested in hearing that? Apparently from your resounding response, you are. I will be sending personal thank you to each of you who sent me emails over the last several days. I would like to take this opportunity send some special thank yous. First, to Zooko. Thank you for giving me the opportunity to do TWN. This has become one of my favorite activities and your constant support and encouragement has allowed it to become so. You are always willing to provide a hand with ideas and a kind word of support. Thank you. Next to Brian Warner |warner|. Brian thanks for your kind words of encouragement. Every time we chat, you have always thanked me for TWN. I highly value our friendship both inside and outside of Tahoe-LAFS. Lastly, thanks to Peter |peter|. I read through your interview and was once again inspired. You remind me that I don't need to be a genius programmer to make a meaningful contribution. You showed me that every contribution is important in its own right. I would do well to remember that. So this Saturday TWN will return with talk of IPv6, birthday parties and the like. Thank you for allowing me the time to express my thanks and for taking the time to express yours. .. _`this message`: https://tahoe-lafs.org/pipermail/tahoe-dev/2012-October/007757.html - - ---- *The Tahoe-LAFS Weekly News is published once a week by The Tahoe-LAFS* *Software Foundation, President and Treasurer: Peter Secor* *. Scribes: Patrick "marlowe" McDonald* |marlowe| *, Zooko Wilcox-O'Hearn* *, Editor Emeritus: Zooko.* `View TWN on the web`_ *or* `subscribe to TWN`_ *. Send your news stories to* `marlowe at antagonism.org`_ *b submission deadline: Friday night.* .. _marlowe at antagonism.org: mailto:marlowe at antagonism.org .. |peter| image:: psecor.jpg :height: 35 :alt: peter :target: http://tahoe-lafs.org/trac/tahoe-lafs/wiki/AboutUs .. |marlowe| image:: marlowe-x75-bw.jpg :height: 35 :alt: marlowe :target: http://tahoe-lafs.org/trac/tahoe-lafs/wiki/AboutUs .. |zooko| image:: zooko.png :height: 35 :alt: zooko :target: http://tahoe-lafs.org/trac/tahoe-lafs/wiki/AboutUs .. |warner| image:: warner.png :height: 35 :alt: Brian Warner :target: http://tahoe-lafs.org/trac/tahoe-lafs/wiki/AboutUs - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQfb1kAAoJEAT4nRyi0elyUEwQAN7yF1CXC4G2WJYFo3aE9gic dlAMqJtYFUp5ux0VG5f9Dt1BnASH8UFgUMtfQog35e9UtE8nGHaLPuNg3Q6VDV+P kutWaB8HHtDJKbtm2kUclDX0ei9n8rUdDI4X0T1WRGZJAisNteCa493d6bGCf/Gp fn/9Xc+Xn0EQZWqD7F4GbUyqxQ8b/0j89HdyqSbxCvpLIPc7frm7qPgx/MoxI7A0 ZC4afEtjUzkUgLAxFlRymIDGWkb7npsiKoAn8Onhycilj+8WJ9oCqsKx0dI/5oBx HX7Tu3ih2SL/6KsWy5jwT5zkXBzx18+4HY52ZaE3WeJqu7gh07VF6mRjxtscYhbw 9aEqKNwIrXmfte3v39v+TDApl1NHjmuE8zMNWpIRiqOg1jVK/3OJlq31QhQIDcCc qDlkhuc3IYdhxh6GExsopYd31IbFPJrMyGPWBLXp988UQYpEiZsYvaqGKoEck7Qh j8MpYg6xbKQxKxXuO1Dcy7qh69XhRbY4jgz0amKBykGJjrVvRwWtqMjdBRl2PFmp atVZeFdNUSAK07Yv1pL8cIIfKu1SRqezwG7DX/cdGaDrqDz2KJsvxY6QLyKwsr9I VbcvFJsPNyW+mYOASAf5Kruk5MpNa3Yegnz3yRrxVL8ch7IxydgDgz7BU1Na0lIA X8ykj86aSiHJ/oaEH2vw =iapz - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQfb11AAoJEAT4nRyi0elymsoQAMnuXh1Wdwgs7sWVbrJdQxys gEygiV7xxHE/WAUYTW38wPMJoklp89dNSz9Afk/9tgT3NsOTu+DXbA8ZEMRvb+MU WRLp92zCH44MdYUbbX8xRmpDeiZIjgnW9m7B0nSojBwfJPEavCuSFckR4iWffEZP tVg5qLKh6syVduLHfDr3fB/DymKFgArRbNel8xLOZhxhDCotRcDJ02CnKVWvnfgx dqjUwEQ99oAg1fVHCfCCjRMtd9dKLnR/BOHLvkcdeVUaX78dJrRrkHoZmgvcLyEu f3qERKDLptBVzdi6fZooXveOWnBjgePDgjpl7cD/zCrjsAUs2t74J4IiyJd8vHUH TskOT0XZDZ4ZxUeecMpJsv3LcU+IV/2xBwyMd+utLQTZM9B6JOcFEEHxg+fng6+i ZhiTk5NtN72Y/xtxuLsu/7O4WQOdQWKPXSLEgWE4BGS1XlAMPdYPcTKUrXe2WN7/ h2LvlpHYolpiHFYN93eldmzX4OcYzdsie9VANikkhgv/NRosEv328OIMD9CEQj+L ZsUnKkoRuz0bL/0Rp4RA8sNOZEZ2a5tVMB3DIyKldi+O0kNy4DzQnFEoYf02BamX 0EWMybwrHag0VdaMNW994Fqh7Dhh5iQCkL8shZzMZmBpx8k53ebNIn35mRny1mGP jtyHN675J8szPUasn3w9 =9i6N -----END PGP SIGNATURE----- _______________________________________________ tahoe-lafs-weekly-news mailing list tahoe-lafs-weekly-news at tahoe-lafs.org http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-lafs-weekly-news ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Tue Oct 16 07:25:03 2012 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 16 Oct 2012 16:25:03 +0200 Subject: [tor-talk] registration for youtube, gmail over Tor - fake voicemail / sms anyone? Message-ID: <20121016142503.GR9750@leitl.org> ----- Forwarded message from Mike Hearn ----- From bancuri- at federal.ro Tue Oct 16 13:11:50 2012 From: bancuri- at federal.ro (=?koi8-r?B?IunO1sXOxdIt3MvPzM/HIg==?=) Date: Tue, 16 Oct 2012 17:11:50 -0300 Subject: =?koi8-r?B?/MvT0MXS1MnawSDQ0s/N2dvMxc7Oz8ogwsXaz9DB087P09TJLg==?= Message-ID: <01cdabc1$54998f00$ea4c4cc9@bancuri-> -----------------===КОНТРОЛЬ ПРОМБЕЗОПАСНОСТИ===------------------------- --------К У Р С П О В Ы Ш Е Н И Я К В А Л И Ф И К А Ц И И-------------- В отдел ОТ и ПБ Ведущему инженеру ЭКСПЕРТИЗА ПРОМЫШЛЕННОЙ БЕЗОПАСНОСТИ. Разработка документации. -------------------------------------------------------------------------- 29 - 30 октября 2012, в г. Санкт-Петербург тел.: (812) 6Ч2 ОЧ...89 Краткая программа курса: 1. Экспертиза промышленной безопасности и правила её проведения. 2. Экспертиза проектной документации на консервацию и ликвидацию опасных производственных объектов. 3. Экспертиза технических устройств, применяемых на опасных производственных объектах. 4. Экспертиза зданий и сооружений на опасных производственных объектах. 5. Разработка документации для получения лицензий Ростехнадзора 6. Разработка документации для получения лицензий на осуществление работ по монтажу, ремонту и обслуживанию средств обеспечения пожарной безопасности зданий и сооружений 7. Регистрация опасных производственных объектов в реестр *********************************** По окончании курса выдается удостоверение государственного образца о повышении квалификации! ************************************************************************ По поводу участия в курсе обращайтесь по телефону: (812) 6Ч2..ОЧ__89 С уважением, Некрасова Евгения Федоровна специалист отдела обучения тел.: /812/ 6Ч2__ОЧ_89 From companys at stanford.edu Tue Oct 16 19:33:25 2012 From: companys at stanford.edu (Yosem Companys) Date: Tue, 16 Oct 2012 19:33:25 -0700 Subject: [liberationtech] Pakistan drone report talk in Baltimore/D.C.? Message-ID: From: Max Obuszewski I imagine you have heard about the report on drone strikes in Pakistan put together by a team of law professors and students from NYU and Standford (http://livingunderdrones.org/report/). We invited a professor from NYU to talk at Hopkins about the report; she passed our invitation along to folks at Stanford. The leader of the investigation, Professor James Cavallaro, the Director of the International Human Rights and Conflict Resolution Clinic at Stanford, and a law student, Omar Shakir, who was on the team, are interested in coming. I'm wondering if there might be interest in organizing a talk in Washington at the same time, both to share the cost of bringing them and to make the trip more worth their while. Do you know anyone at Georgetown or elsewhere who might be interested? Take care, Joel -- Joel Andreas Associate Professor Department of Sociology Director East Asian Studies Program Johns Hopkins University 3400 N. Charles Street Baltimore, MD 21218 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Tue Oct 16 12:48:59 2012 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 16 Oct 2012 21:48:59 +0200 Subject: [p2p-hackers] "generic & secure" DHT table implementation? Message-ID: <20121016194859.GY9750@leitl.org> ----- Forwarded message from Ivan Shmakov ----- From 42ilayaraja at equestconsulting.com Tue Oct 16 06:28:56 2012 From: 42ilayaraja at equestconsulting.com (=?koi8-r?B?IuHOwdPUwdPJ0SD109TJzs/XwSI=?=) Date: Tue, 16 Oct 2012 22:28:56 +0900 Subject: =?koi8-r?B?8M8g18/Q0s/Twc0gy8/NLiDw0sXEzM/Wxc7J0Q==?= Message-ID: <01cdabed$a0fac400$a8cf2174@42ilayaraja> Рассмотрите, пожалуйста, коммерческое предложение. Компания "Vogue Car Service" предлагает заказ Мерседеса с водителем бизнес и VIP-класса на основе почасовой оплаты. На автомобилях нет рекламных логотипов. Никто не догадается, что это арендованный автомобиль, не Ваш личный с водителем. Парк автомобилей: - Mercedes-Benz E-class; - Mercedes-Benz S-class Long; - Mercedes-Benz Viano; В автопарке только собственные автомобили компании и штатные водители. Даём Вам гарантию, что автомобиль приедет точно в назначенное время. Специальное предложение для корпоративных клиентов. При необходимости отправим Вам фотографии автомобилей и водителей. С уважением, Виктор Маклачевский, компания "Vogue Car Service" (495) 508...25...54 vipcarservice at mail.ru Москва, Пресненская наб., д.10 БЦ "Башня на Набережной" (Блок С) From brackettjn at troup.org Tue Oct 16 10:05:55 2012 From: brackettjn at troup.org (=?koi8-r?B?Iu/UINPM1dbC2SDcy8/Mz8fJ3sXTy8/HzyDOwcTaz9LBIg==?=) Date: Tue, 16 Oct 2012 22:35:55 +0530 Subject: =?koi8-r?B?6c7Wxc7F0tUg0M8g0NLPzcLF2s/QwdPOz9PUyQ==?= Message-ID: <01cdabee$9ab91780$2571c075@brackettjn> -----------------===КОНТРОЛЬ ПРОМБЕЗОПАСНОСТИ===------------------------- --------К У Р С П О В Ы Ш Е Н И Я К В А Л И Ф И К А Ц И И-------------- В отдел ОТ и ПБ Ведущему инженеру ЭКСПЕРТИЗА ПРОМЫШЛЕННОЙ БЕЗОПАСНОСТИ. Разработка документации. -------------------------------------------------------- 29 - 30 октября 2012, в г. Санкт-Петербург тел.: (812) 6Ч2.ОЧ--89 Краткая программа курса: 1. Экспертиза промышленной безопасности и правила её проведения. 2. Экспертиза проектной документации на консервацию и ликвидацию опасных производственных объектов. 3. Экспертиза технических устройств, применяемых на опасных производственных объектах. 4. Экспертиза зданий и сооружений на опасных производственных объектах. 5. Разработка документации для получения лицензий Ростехнадзора 6. Разработка документации для получения лицензий на осуществление работ по монтажу, ремонту и обслуживанию средств обеспечения пожарной безопасности зданий и сооружений 7. Регистрация опасных производственных объектов в реестр ************************* По окончании курса выдается удостоверение государственного образца о повышении квалификации! ********************************************************* По поводу участия в курсе обращайтесь по телефону: (812) 6Ч2_ОЧ-89 С уважением, Некрасова Евгения Федоровна специалист отдела обучения тел.: /812/ 6Ч2_ОЧ..89 From 8 at infocontrol.com Tue Oct 16 08:31:00 2012 From: 8 at infocontrol.com (=?koi8-r?B?IvzE1cHSxCDhzsTSxcXXyd4i?=) Date: Wed, 17 Oct 2012 00:31:00 +0900 Subject: =?koi8-r?B?4dLFzsTBIO3F0tPFxMXTIFM1MDAgxMzRIMTJ0sXL1M/SwQ==?= Message-ID: <01cdabfe$ae6c7a00$976cb979@8> Рассмотрите, пожалуйста, коммерческое предложение. Компания "Vogue Car Service" предлагает заказ Мерседеса с водителем бизнес и VIP-класса на основе почасовой оплаты. На автомобилях нет рекламных логотипов. Никто не догадается, что это арендованный автомобиль, не Ваш личный с водителем. Парк автомобилей: - Mercedes-Benz E-class; - Mercedes-Benz S-class Long; - Mercedes-Benz Viano; В автопарке только собственные автомобили компании и штатные водители. Даём Вам гарантию, что автомобиль приедет точно в назначенное время. Специальное предложение для корпоративных клиентов. При необходимости отправим Вам фотографии автомобилей и водителей. С уважением, Виктор Маклачевский, компания "Vogue Car Service" (495) 508..25..54 vipcarservice at mail.ru Москва, Пресненская наб., д.10 БЦ "Башня на Набережной" (Блок С) From aire at canadiantire.ca Tue Oct 16 14:34:30 2012 From: aire at canadiantire.ca (=?koi8-r?B?IvLJzsHUIPLVwsXOz9fJ3iI=?=) Date: Wed, 17 Oct 2012 03:34:30 +0600 Subject: [SPAM] =?koi8-r?B?7cHbyc7BIMTM0SDS1cvP18/EydTFzNE=?= Message-ID: <01cdac18$50e52700$1d56e77b@aire> The attached message from =?koi8-r?B?IvLJzsHUIPLVwsXOz9fJ3iI=?= () was determined by the Spam Blocker to be spam based on a score of 14.8 where anything above 4.3 is spam. -------------- next part -------------- An embedded message was scrubbed... From: unknown sender Subject: no subject Date: no date Size: 38 URL: From aire at canadiantire.ca Tue Oct 16 14:34:30 2012 From: aire at canadiantire.ca (=?koi8-r?B?IvLJzsHUIPLVwsXOz9fJ3iI=?=) Date: Wed, 17 Oct 2012 03:34:30 +0600 Subject: =?koi8-r?B?7cHbyc7BIMTM0SDS1cvP18/EydTFzNE=?= Message-ID: <01cdac18$50e52700$1d56e77b@aire> Рассмотрите, пожалуйста, коммерческое предложение. Компания "Vogue Car Service" предлагает заказ Мерседеса с водителем бизнес и VIP-класса на основе почасовой оплаты. На автомобилях нет рекламных логотипов. Никто не догадается, что это арендованный автомобиль, не Ваш личный с водителем. Парк автомобилей: - Mercedes-Benz E-class; - Mercedes-Benz S-class Long; - Mercedes-Benz Viano; В автопарке только собственные автомобили компании и штатные водители. Даём Вам гарантию, что автомобиль приедет точно в назначенное время. Специальное предложение для корпоративных клиентов. При необходимости отправим Вам фотографии автомобилей и водителей. С уважением, Виктор Маклачевский, компания "Vogue Car Service" (495) 508..25..54 vipcarservice at mail.ru Москва, Пресненская наб., д.10 БЦ "Башня на Набережной" (Блок С) ------9593249_060105_1350393078297-- From eugen at leitl.org Tue Oct 16 23:48:02 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 17 Oct 2012 08:48:02 +0200 Subject: [tahoe-lafs-weekly-news] TWN 39 Message-ID: <20121017064802.GC9750@leitl.org> ----- Forwarded message from Patrick R McDonald ----- From lavettetandy at wmdesign.net Wed Oct 17 10:36:08 2012 From: lavettetandy at wmdesign.net (Chantay Lera) Date: Wed, 17 Oct 2012 11:36:08 -0600 Subject: Get Firmer, Longer Lasting Erection, Increased Sexual Stamina. Then You Will Be Able To Give Women What They Want! Try It RISK FREE For 67 Days. Money Back Guarantee! szmkiz2cp4 Message-ID: <507eec88.4b43e1fc@wmdesign.net> Vmax Pills Official Site Order Vmax Today & Save up to $339.45! 100% Guaranteed to Work or Your Money Back. Click Here! http://odard.ru From eugen at leitl.org Wed Oct 17 03:13:31 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 17 Oct 2012 12:13:31 +0200 Subject: nice BitCoin paper from big-gun names Message-ID: <20121017101331.GH9750@leitl.org> http://eprint.iacr.org/2012/584.pdf From eugen at leitl.org Wed Oct 17 03:25:23 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 17 Oct 2012 12:25:23 +0200 Subject: [liberationtech] Pakistan drone report talk in Baltimore/D.C.? Message-ID: <20121017102523.GI9750@leitl.org> ----- Forwarded message from Yosem Companys ----- From eugen at leitl.org Wed Oct 17 07:51:46 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 17 Oct 2012 16:51:46 +0200 Subject: 78 percent of Bitcoin currency stashed under digital mattress, study finds Message-ID: <20121017145146.GZ9750@leitl.org> http://arstechnica.com/tech-policy/2012/10/78-percent-of-bitcoin-currency-stashed-under-digital-mattress-study-finds/ 78 percent of Bitcoin currency stashed under digital mattress, study finds Significantly fewer digital coins are in circulation than previously presumed. by Dan Goodin - Oct 17, 2012 12:00 pm UTC Enlarge / A long chain of Bitcoin transactions, showing each address putting aside a small number of digital coins, helps illustrate a finding that 78 percent of them remain dormant in "savings accounts." Dorit Ron, Adi Shamir More than three-quarters of the digital coins in the Bitcoin digital currency scheme aren't circulating because they remain dormant in user accounts that have never participated in outgoing transactions, a recently published study has found. The figure translates to more than 7.019 million BTCs, the term used to denote a single coin under the digital currency, which uses strong cryptography and peer-to-peer networking to enable anonymous payments among parties who don't necessarily know or trust each other. Based on exchange rates listed on Mt.Goxbthe most widely used Bitcoin exchangebthe coins have a value of more than $82.87 million. On May 13, the date the researchers analyzed their data, there were slightly more than 9 million BTCs in existence. Mathematician Dorit Ron and Adi Shamir (the "S" in the widely used RSA cryptography scheme) arrived at that finding by downloading the entire Bitcoin history and following the trail of some 180,000 transactions. They found there were about 3.12 million accounts, which are known as "addresses" in Bitcoin parlance. They belonged to about 1.5 different owners, on average, since there's no limit on how many addresses a single individual may possess. More than 609,000 of those addresses had received a significant portion of the outstanding BTCs without once making a payment. "However, if we sum up the amounts accumulated at the 609,270 addresses which only receive and never send BTCs, we see that their owners have actually put aside in some kind of 'saving accounts' 7,019,100 BTCs, which are almost 78 percent of all existing BTCs," the researchers wrote. Almost 60 percent of those coins were "old," meaning they were received more than three months prior to the May 13 cut-off date for the project. "This means that there are much fewer BTCs in circulation than previously presumed," the researchers continued. "Yet, the total number of Bitcoins participating in all the transactions since the establishment of the system (except for the actual minting operations) is 423,287,950 BTCs. This implies that each coin which is in circulation had to be moved a much larger than expected number of times." The report, titled Quantitative Analysis of the Full Bitcoin Transaction Graph, isn't the first time researchers have analyzed the full available history of Bitcoin transactions. A paper presented earlier this year by Fergal Reid and Martin Harrigan, demonstrated how it's possible to identify some Bitcoin users despite some of the scheme's anonymity features. Research presented at last year's Chaos Computer Club conference also showed how to defeat Bitcoin anonymity. Ron and Shamir's research, by contrast, analyzes transaction history to answer questions about how typical account holders use the Bitcoin system and how they acquire and spend the digital coin. In addition to discovering that the vast majority of BTCs don't circulate, the new paper also found that almost all large Bitcoin transactions stem from a single payment made almost two years ago. They made that finding despite apparent attempts by the account holders involved to obfuscate their actions. The researchers started by mining the history for data that identified when two or more addresses belonged to the same owner. They then isolated transactions involving 50,000 BTCs or more and analyzed when the amounts were accumulated and spent. "We discovered that almost all these large transactions were the descendants of a single large transaction involving 90,000 Bitcoins which took place on November 8th 2010, and that the subgraph of these transactions contains many strange looking chains and fork-merge structures, in which a large balance is either transferred within a few hours through hundreds of temporary intermediate accounts, or split into many small amounts which are sent to different accounts only in order to be recombined shortly afterwards into essentially the same amount in a new account. The discovery that so little of the currency is actually in circulation could have implications for the future of the Bitcoin system. It's unclear what might happen if large amounts of those reserves were to begin trading suddenly. It wouldn't be surprising to see such an influx cause a decline in the value of each coin, similar to a 90-percent decline experienced last year. From bart.vanbreemenn at knwv.nl Wed Oct 17 10:38:41 2012 From: bart.vanbreemenn at knwv.nl (=?koi8-r?B?Iu7B3sHM2M7JyyDV0NLB18zFzsnRIM3Jx9LBw8nPzs7PyiDTzNXWwg==?= =?koi8-r?B?2SI=?=) Date: Wed, 17 Oct 2012 19:38:41 +0200 Subject: =?koi8-r?B?8M/S0cTPyyDU0tXEz9XT1NLPytPU18Egyc7P09TSwc7O2cggx9LB1g==?= =?koi8-r?B?xMHO?= Message-ID: <01cdac9f$02c73680$d727555c@bart.vanbreemenn> > ТРУДОУСТРОЙСТВО ИНОСТРАНЦЕВ. > ОПС иностранных работников. > М И Г Р А Ц И О Н Н Ы Й У Ч Е Т 29 октября 2012 года в Санкт-Петербурге *7\8I2\ 6Ч2 * 86 * 95 --------------------------------------------------- Программа конференции: - Правовое положение иностранных работников: пребывание и проживание. - Регистрация иностранных работников. - Миграционный учет иностранных работников и лиц без гражданства в РФ. - Трудоустройство иностранных граждан. - Миграционный учет высококвалифицированных специалистов. - Обязательное пенсионное страхование иностранных работников. - Обязанности иностранного работника перед работодателем в области миграционного учета, фиксируемые в трудовом договоре. - Миграционный учет при направлении иностранца в командировку или служебную поездку. По вопросам участия и регистрации обращайтесь по телефону: + 7[8I2] 6.4.2_8.6_9.5 --- С уважением, Жданова Диана Викторовна Менеджер отдела обучения тел.: +7 /8I2/ 6Ч2=86=95 From brittlouise.ericsson.lt at vll.ca Wed Oct 17 09:20:17 2012 From: brittlouise.ericsson.lt at vll.ca (=?koi8-r?B?IuvPzsbF0sXOw8nRICL00tXEz9XT1NLPytPU188gyc7P09TSwc7O2Q==?= =?koi8-r?B?yCDH0sHWxMHOIiI=?=) Date: Wed, 17 Oct 2012 21:50:17 +0530 Subject: =?koi8-r?B?7cnH0sHDyc/OztnKINXexdQgyc7P09TSwc7O2cggx9LB1sTBzg==?= Message-ID: <01cdacb1$65293280$0c17ae7a@brittlouise.ericsson.lt> > ТРУДОУСТРОЙСТВО ИНОСТРАНЦЕВ. > ОПС иностранных работников. > М И Г Р А Ц И О Н Н Ы Й У Ч Е Т 29 октября 2012 года в Санкт-Петербурге *7\8I2\ 6Ч2 * 86 * 95 --------------------------------------------------- Программа конференции: - Правовое положение иностранных работников: пребывание и проживание. - Регистрация иностранных работников. - Миграционный учет иностранных работников и лиц без гражданства в РФ. - Трудоустройство иностранных граждан. - Миграционный учет высококвалифицированных специалистов. - Обязательное пенсионное страхование иностранных работников. - Обязанности иностранного работника перед работодателем в области миграционного учета, фиксируемые в трудовом договоре. - Миграционный учет при направлении иностранца в командировку или служебную поездку. По вопросам участия и регистрации обращайтесь по телефону: + 7[8I2] 6.4.2_8.6_9.5 --- С уважением, Жданова Диана Викторовна Менеджер отдела обучения тел.: +7 /8I2/ 6Ч2=86=95 From bobby.nolan at hilldickinson.com Wed Oct 17 15:02:45 2012 From: bobby.nolan at hilldickinson.com (=?koi8-r?B?Iu3Jx9LBw8nPzs7B0SDTzNXWwsEi?=) Date: Wed, 17 Oct 2012 23:02:45 +0100 Subject: =?koi8-r?B?78LR2sHOzs/T1Mkg0sHCz9TPxMHUxczRINDPIM3Jx9LBw8nPzs7PzQ==?= =?koi8-r?B?1SDV3sXU1Q==?= Message-ID: <01cdacbb$84c55880$ae563655@bobby.nolan> > ТРУДОУСТРОЙСТВО ИНОСТРАНЦЕВ. > ОПС иностранных работников. > М И Г Р А Ц И О Н Н Ы Й У Ч Е Т 29 октября 2012 года в Санкт-Петербурге *7\8I2\ 6Ч2 * 86 * 95 --------------------------------------------------- Программа конференции: - Правовое положение иностранных работников: пребывание и проживание. - Регистрация иностранных работников. - Миграционный учет иностранных работников и лиц без гражданства в РФ. - Трудоустройство иностранных граждан. - Миграционный учет высококвалифицированных специалистов. - Обязательное пенсионное страхование иностранных работников. - Обязанности иностранного работника перед работодателем в области миграционного учета, фиксируемые в трудовом договоре. - Миграционный учет при направлении иностранца в командировку или служебную поездку. По вопросам участия и регистрации обращайтесь по телефону: + 7[8I2] 6.4.2_8.6_9.5 --- С уважением, Жданова Диана Викторовна Менеджер отдела обучения тел.: +7 /8I2/ 6Ч2=86=95 From drwho at virtadpt.net Thu Oct 18 12:47:49 2012 From: drwho at virtadpt.net (The Doctor) Date: Thu, 18 Oct 2012 15:47:49 -0400 Subject: [HacDC:Byzantium] October development sprint. Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I know this list has been quiet since we got back from IS4CWM. We're still alive but swamped in our day jobs. The question is, will there be a Byzantium development sprint in October. The answer is, I don't know. Speaking only for myself, I'm exhausted, physically and emotionally. My day job has been running me flat out since I got back to the States and if I don't get some downtime I'm going to fall over. Everyone else is likely in a different position right now. One of the things we're looking at is UCI (http://wiki.openwrt.org/doc/techref/uci), a framework for system configuration that is meant to be used under the hood of other things (for example, the control panel application LuCI). Haxwithaxe, as I recall, is working on a Python API for it that would make it easier to work with. We might be able to leverage it to do the actual work of configuring stuff for us (like starting and stopping services and configuring the network interfaces) so we won't have to write code to do that ourselves. We got it to compile outside of a firmware environment on our laptops, so we know it's doable. One of the things that we were debating while in Spain was the direction the UI should go in. There is a rewrite of the 'panel in the works but it isn't done yet. There is also a matter of the sustainability of the control panel as a whole, which was brought to light after talking shop with the Freifunk, Guifi, and Commotion Wireless folks. They're not having any trouble using LuCI to do what they need to do, and I'm all for having one less piece of code to maintain so energy can be spent on other aspects of Byzantium Linux. We also discussed the possibility of migraing to LuCI (https://luci.subsignal.org/trac) so we don't have to maintain a control panel, it's done for us. We know that we can get it to compile on non- firmware, we've done it. The question is, is it worth migrating to it? Can we migrate to it without having to rewrite a lot of it? Can we write the modules we need easily? Could LuCI do the job of automagically configuring a node when it starts up? Another possibility is a Python module called sh (https://github.com/amoffat/sh), which exposes any and all shell commands to Python code. that stands to make things a lot easier. So does the Python module Wifi (http://pythonwifi.wikispot.org/) for that matter, though in more specialized fashion. The Python sh module is already in the Git repo and the wifi module can be added, so building packages and making use of them shouldn't be hard. Something else we're kicking around is splitting some code off into a daemon that runs in the background and configures everything on bootup. When the node first comes online it detects network interfaces and configures them appropriately to set up a Byzantium mesh node, and then when the control panel is actually accesses, it will have a configuration all ready to display and possibly alter, but by and large it'll be online and routing traffic. We've also been doing some experimenting with different applications for the messaging framework. During the last sprint we set up ejabberd nodes on our laptops and they worked as expected, but one of the things we're uncertain of is whether or not a MUC (multi-user chat) XMPP channel can be automatically distributed across all nodes without their being clustered ahead of time (which is fairly tricky with ejabberd, but might not be with, say, python-xmpp-server (https://github.com/thisismedium/python-xmpp-server)). If anyone knows for sure, please reply to this, we'd love to know if we should persue this avenue or not. We also did some experimenting with Litter (https://github.com/ptony82/litter), which is a truly distributed workalike for Twitter designed for non-NATted networks that is stupidly, brilliantly simple and good at what it does. Every Litter instance is a single instance, and IP multicast is used to broadcast JSON messages to every other instance on the same multicast group that it can reach (IP multicast address 239.192.1.100). It listens on port 8080 so it's accessed with a web browser (the UI is entirely in JQuery). It uses SQLite for a back end, and all it does is listen for new posts, see if they're in the local database, and if not drop them into the right place in the timeline with a gap filling algorithm. We could use it (or more likely, something working along the same lines) for the microblog/realtime chat application for the Byzantium mesh. We also did some playing with Tahoe-LAFS but got mixed results. I couldn't get it going on any of my machines, but Haxwithaxe and Sitwon did. I'd like to give it another try to see what happens. Anyone else? Status reports? New ideas? Suggestions? We really need to have a sprint this month? - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "What does it do? How well does it do it?" --Sean Kennedy -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlCAXOUACgkQO9j/K4B7F8FYQQCeNPRr6wnydIAFsPIlEvE9rliN D9EAn3xoelfBjUR6e/O/Zj5EUgGSeiyl =VZm4 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Project Byzantium (Emergency Mesh Networking)" group. To post to this group, send email to Byzantium at hacdc.org. To unsubscribe from this group, send email to Byzantium+unsubscribe at hacdc.org. For more options, visit this group at http://groups.google.com/a/hacdc.org/group/Byzantium/?hl=en. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From steveweis at gmail.com Thu Oct 18 15:48:29 2012 From: steveweis at gmail.com (Steve Weis) Date: Thu, 18 Oct 2012 15:48:29 -0700 Subject: [liberationtech] Privacy & activism talks at Hackmeet 3.0 Message-ID: Hackmeet 3.0 (https://hackmeet.org/wiki/2012-session-schedule) is happening this Saturday (10/20/12) at Noisebridge in San Francisco. There are a few sessions which may be of interest to libtech: "Mo' Dissidents, Mo' Malware, Mo' Problems" by Morgan Marquis-Boire (@headhntr) from the Google Security Team: http://hackmeet.org/wiki/mo-dissidents-mo-malware-mo-problems "Privacy Tricks for Activist Web Developers" by Micah Lee (@micahflee) from the EFF: http://hackmeet.org/wiki/privacy-tricks-for-activist-web-developers "Introduction to TOR": https://hackmeet.org/wiki/introduction-to-tor "An OTR Overview": http://hackmeet.org/wiki/an-otr-overview -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Thu Oct 18 13:01:41 2012 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 18 Oct 2012 22:01:41 +0200 Subject: [HacDC:Byzantium] October development sprint. Message-ID: <20121018200141.GX9750@leitl.org> ----- Forwarded message from The Doctor ----- From gfoster at entersection.org Thu Oct 18 22:19:41 2012 From: gfoster at entersection.org (Gregory Foster) Date: Fri, 19 Oct 2012 00:19:41 -0500 Subject: [drone-list] CIA wants moar drones Message-ID: WaPo (Oct 18) - "CIA seeks to expand drone fleet, officials say": http://www.washingtonpost.com/world/national-security/cia-seeks-to-expand-drone-fleet-officials-say/2012/10/18/01149a8c-1949-11e2-bd10-5ff056538b7c_story.html gf -- Gregory Foster || gfoster at entersection.org @gregoryfoster <> http://entersection.com/ _______________________________________________ drone-list mailing list drone-list at lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/drone-list If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. Should you need immediate assistance, please contact the list moderator. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From gfoster at entersection.org Thu Oct 18 23:08:30 2012 From: gfoster at entersection.org (Gregory Foster) Date: Fri, 19 Oct 2012 01:08:30 -0500 Subject: [drone-list] NASA's Unmanned Aircraft Systems Airspace Operations Challenge Message-ID: Network World Layer 8 (Oct 17) - "NASA exploring $1.5 million unmanned aircraft competition": http://www.networkworld.com/community/blog/nasa-exploring-15-million-unmanned-aircraft-competition A little surprising to see NASA pulled into this by the FAA and Air Force Research Lab. Looks like they're trying to get competitors to figure out how to integrate drones in the NAS. Doesn't really give me warm fuzzies, crowdsourcing the Next Generation Air Transportation System... Also, the competition is not a done deal, this RFI is just a trial balloon... gf -- Gregory Foster || gfoster at entersection.org @gregoryfoster <> http://entersection.com/ _______________________________________________ drone-list mailing list drone-list at lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/drone-list If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. Should you need immediate assistance, please contact the list moderator. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From muebau at gmail.com Fri Oct 19 05:48:15 2012 From: muebau at gmail.com (muebau) Date: Fri, 19 Oct 2012 05:48:15 -0700 (PDT) Subject: [serval-project-dev] Rhizome in detail Message-ID: Hi, is there any deeper documentation about Rhizome? I would like to understand the details of the protocol. The further goal is to implement a few nodes based on OpenWRT and B.A.T.M.A.N.-adv. Is just to play around a bit and try to build a distributed mesh storage network based on DHT and Rhizome. muebau -- You received this message because you are subscribed to the Google Groups "Serval Project Developers" group. To view this discussion on the web visit https://groups.google.com/d/msg/serval-project-developers/-/FfSUuNhee_MJ. To post to this group, send email to serval-project-developers at googlegroups.com. To unsubscribe from this group, send email to serval-project-developers+unsubscribe at googlegroups.com. For more options, visit this group at http://groups.google.com/group/serval-project-developers?hl=en. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From luisetonda at accused.com Fri Oct 19 04:52:48 2012 From: luisetonda at accused.com (Melvin) Date: Fri, 19 Oct 2012 06:52:48 -0500 Subject: Be Able To Give Women What They Want! tbikbi39 Message-ID: <71q82w53z32-88344502-637t5a26@qhxybxz> Penis Pill That WORKS! Get Firmer, Longer Lasting Erection, Increased Sexual Stamina. Then You Will Be Able To Give Women What They Want! Try It RISK FREE For 67 Days. Money Back Guarantee! http://doonx.ru From my.green.lantern at googlemail.com Fri Oct 19 03:25:34 2012 From: my.green.lantern at googlemail.com (Anon Mus) Date: Fri, 19 Oct 2012 11:25:34 +0100 Subject: [tor-talk] Is this a practical vulnerability? Message-ID: On 19/10/2012 04:12, Lee Whitney wrote: > I was reading a paper on discovering hidden service locations, and couldn't find any reason it shouldn't work in principle. > > However being that I'm a Tor novice, I wanted ask here. > > In a nutshell they propose throwing some modified Tor nodes out there that modify the protocol enough to track down the location. It does take some time, but it doesn't seem like years. > My experience is that there s already an easy method of identifying Tor hidden service nodes and this takes little time to do. Let me explain why I come to that opinion. Having a static IP net connection, I set up a test web site as a Tor service on a Tor middleman server. That server had been a middleman server for about a year, no problems, no attempts to hack it in all that time. Within 24hrs of making that Tor hidden service live I could see, in my firewall logs, hundreds of repeated attempts trying to hack my server, directly from the internet, not via my hidden Tot service. All were attempting to access various types of services/permissions which were mainly focused on attempting to gain control of a "web page server". All attacks were from US based places of higher education (colleges and universities), most from establishments where Tor servers were situated but not from Tor servers themselves. Now bearing in mind that I had only EVER requested 1 web page (a blank test page - requested about 4 times) from my own Torrified web browser (out and back so to speak), and no OTHER (external) page requests were EVER received via the Tor hidden service, as shown by its log. Then someone must have been able to immediately see the service enter and track its source, who then attempted to hack the web server itself and it appeared to be a group of about 3 or 4 persons, each trying different attack strategy over a 12 hour period. Hundreds of commands were sent, many in quick succession as if they were in some sort of script file, but some were live, at one point I even watched them live as they were coming in as I countered their hack attempts. As a result of this I did some serious thinking about Tor and came to the conclusion that someone out there and I believe it is THE global adversary (USA mil/sec) is able see with perfect transparency all Tor traffic. Consider.: Most Tor users see the Tor connections as merely a set of 3 or 4 connected nodes over which their traffic is routed, e.g. Tor1 - US, Tor 2 - Germany, Tor 3 France - EXIT. But in reality then internet is not like that, this is only the UPPER structure level. At the lower level the packets are routed over many dozens of sub-nodes, these nodes are invisible to the Tor map of your traffic. You can find out this info yourself if you wish to test out a single ROUTE to another IP address just by doing a traceroute url (tracert url for windows) command from a command line prompt window. As you will see this is about a dozen hops to the average local url. But this is not the end of the problem, as some hops are hidden and they report only a virtual hop back to you. e.g. lets say a node is in a server in an IBM/US telecoms company based in France, then that server will almost certainly be routing ALL its traffic through the USA and back to itself (or another node in the same company) before sending it on to the next external node. This diversion is NEVER reported as ONLY a single "virtual node ip" is quoted. The only way you can ever tell its been done is by looking at the time delay, however this is also often difficult/impossible to spot because these routes are often the fastest on the internet. OK - I know this goes on for certain because there are internal tools used within these companies to trace the TRUE route and I have seen such servers send their traffic in this manner 24/7 - 365. Having discussed this as "wasted effort" with a network engineer I was told there is a "payment" made somewhere to compensate. At the same time all of this is camouflaged in apparently nice and legitimate reasons for it being that way, but when you pull it apart you see the lie, but you can't PROVE it. As about 70% of Europe's internet traffic passes through an IBM/US telco's servers then it almost certain that in any one of these Tor node to Tor node connections there is at least one sub-nodes that passes the traffic through the USA, who is the global adversary using Total Traffic Timing Tracking. You should be able to work the rest out for yourself. > Any comment appreciated, here's a link to the paper: > > http://www.cs.uml.edu/~xinwenfu/paper/HiddenServer.pdf > > _______________________________________________ > tor-talk mailing list > tor-talk at lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > _______________________________________________ tor-talk mailing list tor-talk at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From mary at lovegadget.com Fri Oct 19 11:35:27 2012 From: mary at lovegadget.com (mary lovegadget) Date: Fri, 19 Oct 2012 11:35:27 -0700 Subject: [drone-list] Stopping Surveillance Drones over Oakland & Berkeley Message-ID: Hello, Drone List: You may have heard that the Alameda County Sheriff plans to buy surveillance drones: Bay Area Law Enforcement Agencies Test Drones http://www.nbcbayarea.com/news/local/Bay-Area-Law-Enforcement-Agencies-Test-Drones-173415551.html A group of privacy advocates and anti-drone activists held a press conference yesterday: http://occupiedoaktrib.org/2012/10/17/say-no-to-drones-in-alameda-county/ And here is the a roundup of the press so far: Alameda County Sheriff plans to buy a surveillance drone - Oakland Tribune http://www.insidebayarea.com/oakland-tribune/ci_21803888/alameda-county-sheriff-plans-buy-surveillance-drone Alameda Sheriff Seeks Drone - KQED http://www.kqed.org/news/story/2012/10/18/109720/alameda_sheriff_seeks_drone?category=bay+area Police use of drones concerns activists - San Francisco Chronicle http://www.sfgate.com/crime/article/Police-use-of-drones-concerns-activists-3962638.php Alameda County Sheriff seeks drone for thermal imaging, surveillance; UAV would be shared among several public safety agencies - MuckRock https://www.muckrock.com/news/archives/2012/oct/19/alameda-county-sheriff-seeks-drone-thermal-imaging/ ACLU challenges Bay Area police drone plans; Alameda County will experiment with drones. Activists and residents demand details - Salon http://www.salon.com/2012/10/18/aclu_challenge_bay_area_police_drone_plans/ Alameda County sheriffbs office considers purchasing drones Civilians, civil rights groups raise concerns about aerial surveillance drones - The Daily Californian http://www.dailycal.org/2012/10/18/civilians-and-civil-rights-groups-speak-out-against-potential-drone-use-in-alameda-county/ California Sheriffbs Dept Wants Surveillance Drone To bTrack Suspects With Gunsb Civil rights Activists, Attorneys, fight back - InfoWars http://www.infowars.com/california-sheriffs-dept-wants-surveillance-drone-to-track-suspects-with-guns/ Easily Abused, Domestic Drones Raise Enormous Privacy Concerns - ACLU Blog of Rights http://www.aclu.org/blog/technology-and-liberty-national-security/easily-abused-domestic-drones-raise-enormous-privacy Davey D Covers the possibility of Drones in Oakland - KPFA Hard Knock Radio http://www.kpfa.org/archive/id/85323 Warnings of Domestic Spying as Oakland Police Seek Drones; Local activists worry about abuse, push for updated safeguards - Common Dreams http://www.commondreams.org/headline/2012/10/19-5 Enjoy. Mary Madden Oakland, CA _______________________________________________ drone-list mailing list drone-list at lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/drone-list If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. Should you need immediate assistance, please contact the list moderator. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From paolaglady at jobs-in-europe.net Thu Oct 18 23:08:31 2012 From: paolaglady at jobs-in-europe.net (Monnie) Date: Fri, 19 Oct 2012 12:08:31 +0600 Subject: Penis Pill That WORKS! Get Firmer, Longer Lasting Erection, Increased Sexual Stamina. nfgwe72 Message-ID: <201210190807.D50BAD91CEA1C38CC3A81@ahnx8lv> Penis Pill That WORKS! Get Firmer, Longer Lasting Erection, Increased Sexual Stamina. Then You Will Be Able To Give Women What They Want! Try It RISK FREE For 67 Days. Money Back Guarantee! http://doonx.ru From dante.monson at gmail.com Fri Oct 19 04:49:06 2012 From: dante.monson at gmail.com (Dante-Gabryell Monson) Date: Fri, 19 Oct 2012 13:49:06 +0200 Subject: ( shared ) vision for "distributed database using semantic linked-data structure", and current tool development Message-ID: I feel like cross posting , making a connection between those two lists http://groups.google.com/group/global-survival http://groups.google.com/group/building-a-distributed-decentralized-internet sharing Poor Richard's post as context : https://groups.google.com/d/topic/building-a-distributed-decentralized-internet/0VkN7ETmuIc/discussion including comments on https://www.facebook.com/groups/145538675490320/ and recent updates in relation to Netention prototypes : http://blog.automenta.com/2012/10/combining-netention-and-gss-into.html http://blog.automenta.com/2012/10/netention-semantic-editor-design-options.html ---------- Forwarded message ---------- From: Dante-Gabryell Monson Date: Fri, Oct 19, 2012 at 11:44 AM Subject: Introducing Poor Richard to the list, and his vision for "distributed database using semantic linked-data structure" To: Poor Richard , global-survival at googlegroups.com Hi Poor Richard, I wish to introduce you to people on the global survival list , so that they can perhaps react and complete the approach currently taken. You can find more on http://automenta.com , including http://automenta.com/netention ( netention - did Seth coin it ? - stands for a combination of "Network" and "Attention" - code in development , released in a open / libre approach by Seth and other coders on this list , with some various Prototypes shared on http://blog.automenta.com/ ) And I wish to share with the list your following Facebook post and comments : * * *Poor Richard [image: posted to]P2P * *I hope no one will mind if I indulge in a little visioneering here. I am imagining an information system of P2P practice and research. The P2P collaborative economy, free culture, and new commons movements are creating a lot of digital content. Most is in discursive and narrative form that is time consuming to read. Among this volume of content are case studies in a variety of formats (many very informal), business plans, proposals, and presumably many legal documents (charters, agreements, etc.). I am imagining a semantic ontology according to which the key ideas and data of this content could be parsed and tagged to form a distributed database using semantic linked-data structures. This would help transition the collective knowledge base of the research, activist, and social entrepreneurial communities into a machine-readable, semantically linked, searchable form. The P2P Foundation Wiki is an excellent searchable resource, and perhaps the semantic wiki extensions for the wiki engine could eventually be applied. "A semantic wiki is a wiki that has an underlying model of the knowledge described in its pages. Regular, or syntactic, wikis have structured text and untyped hyperlinks. Semantic wikis, on the other hand, provide the ability to capture or identify information about the data within pages, and the relationships between pages, in ways that can be queried or exported like a database."http://en.wikipedia.org/wiki/ Semantic_wiki A fringe benefit of creating such data structures for existing content would be to provide common templates for future content creation and data collection.* *Semantic wiki - Wikipedia, the free encyclopedia* en.wikipedia.org Asemantic wikiis awikithat has an underlyingmodel of the knowledgedescribed in its pages. Regular, or syntactic, wikis have structured text and untypedhyperlinks. "You should be able to easily select a view where all that information is included." "farther towards creating open linked-data structures" "I am focused on the ontology design first, but perhaps there are tools that cover both bases that I'm not aware of yet." "Poor Richard Another part of the "research information system" I am visioneering is pattern detection and recognition. An ontology gives us set of semantically charged patterns. Then what we need is a pattern language with which to parse existing content and match it with our ontology. I am thinking of something like the "regular expressions" used in the old unix text editors or in the Pearl and Awk programming languages I once used. http://encyclopedia.tfd.com/Regular+expressions " to which I replied : this is a vision we share. Programming work has been on its way. I invite you to have a look athttp://automenta.com/netention, and to join this list https://groups.google.com/group/global-survival I wish to share the following A phrase from Seth I wish to share in this context : *"I've explained to people that Netention is not just a product - but that it refers to the evolution of human language into new semantic and syntactical domains of higher expressiveness and effectiveness in programming reality itself, not just software. so anything that can help this goal ought to be part of the project, as long as it doesn't complexify it."* * * ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Fri Oct 19 05:54:30 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 19 Oct 2012 14:54:30 +0200 Subject: [liberationtech] Privacy & activism talks at Hackmeet 3.0 Message-ID: <20121019125430.GA9750@leitl.org> ----- Forwarded message from Steve Weis ----- From eugen at leitl.org Fri Oct 19 07:17:33 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 19 Oct 2012 16:17:33 +0200 Subject: [drone-list] CIA wants moar drones Message-ID: <20121019141733.GJ9750@leitl.org> ----- Forwarded message from Gregory Foster ----- From eugen at leitl.org Fri Oct 19 07:18:04 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 19 Oct 2012 16:18:04 +0200 Subject: [drone-list] NASA's Unmanned Aircraft Systems Airspace Operations Challenge Message-ID: <20121019141804.GK9750@leitl.org> ----- Forwarded message from Gregory Foster ----- From eugen at leitl.org Fri Oct 19 08:11:27 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 19 Oct 2012 17:11:27 +0200 Subject: [tor-talk] Is this a practical vulnerability? Message-ID: <20121019151127.GM9750@leitl.org> ----- Forwarded message from Anon Mus ----- From eugen at leitl.org Fri Oct 19 08:26:11 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 19 Oct 2012 17:26:11 +0200 Subject: ( shared ) vision for "distributed database using semantic linked-data structure", and current tool development Message-ID: <20121019152611.GS9750@leitl.org> ----- Forwarded message from Dante-Gabryell Monson ----- From eugen at leitl.org Fri Oct 19 08:39:16 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 19 Oct 2012 17:39:16 +0200 Subject: [serval-project-dev] Rhizome in detail Message-ID: <20121019153916.GU9750@leitl.org> ----- Forwarded message from muebau ----- From eugen at leitl.org Fri Oct 19 11:47:19 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 19 Oct 2012 20:47:19 +0200 Subject: [drone-list] Stopping Surveillance Drones over Oakland & Berkeley Message-ID: <20121019184719.GK9750@leitl.org> ----- Forwarded message from mary lovegadget ----- From tedks at riseup.net Fri Oct 19 19:30:20 2012 From: tedks at riseup.net (Ted Smith) Date: Fri, 19 Oct 2012 22:30:20 -0400 Subject: [tor-talk] Is this a practical vulnerability? In-Reply-To: <20121019151127.GM9750@leitl.org> References: <20121019151127.GM9750@leitl.org> Message-ID: <1350700220.3104.12.camel@anglachel> On Fri, 2012-10-19 at 17:11 +0200, Eugen Leitl wrote: > ----- Forwarded message from Anon Mus ----- > > From: Anon Mus > Date: Fri, 19 Oct 2012 11:25:34 +0100 > To: tor-talk at lists.torproject.org > Subject: Re: [tor-talk] Is this a practical vulnerability? > Reply-To: tor-talk at lists.torproject.org > > On 19/10/2012 04:12, Lee Whitney wrote: > > I was reading a paper on discovering hidden service locations, and couldn't find any reason it shouldn't work in principle. > > > > However being that I'm a Tor novice, I wanted ask here. > > > > In a nutshell they propose throwing some modified Tor nodes out there that modify the protocol enough to track down the location. It does take some time, but it doesn't seem like years. > > > My experience is that there s already an easy method of identifying Tor > hidden service nodes and this takes little time to do. > > Let me explain why I come to that opinion. > > Having a static IP net connection, I set up a test web site as a Tor > service on a Tor middleman server. That server had been a middleman server > for about a year, no problems, no attempts to hack it in all that time. > > Within 24hrs of making that Tor hidden service live I could see, in my > firewall logs, hundreds of repeated attempts trying to hack my server, > directly from the internet, not via my hidden Tot service. All were > attempting to access various types of services/permissions which were > mainly focused on attempting to gain control of a "web page server". All > attacks were from US based places of higher education (colleges and > universities), most from establishments where Tor servers were situated > but not from Tor servers themselves. > > Now bearing in mind that I had only EVER requested 1 web page (a blank > test page - requested about 4 times) from my own Torrified web browser > (out and back so to speak), and no OTHER (external) page requests were > EVER received via the Tor hidden service, as shown by its log. Then > someone must have been able to immediately see the service enter and track > its source, who then attempted to hack the web server itself and it > appeared to be a group of about 3 or 4 persons, each trying different > attack strategy over a 12 hour period. Hundreds of commands were sent, > many in quick succession as if they were in some sort of script file, but > some were live, at one point I even watched them live as they were coming > in as I countered their hack attempts. This sounds pretty delusional ('as I countered their hack attempts' -- is this guy a TV writer?). I've had numerous hidden services hosting various different services, including ssh, http, xmpp, irc, and I've never seen anything like this. -- Sent from Ubuntu [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From nidabillie at furnituremedic.com Sat Oct 20 08:03:08 2012 From: nidabillie at furnituremedic.com (ADALINEANGELENA) Date: Sat, 20 Oct 2012 11:03:08 -0400 Subject: The low prices and highest quality pills. Buy Viagra, Cialis, Levitra & Kamagra - Fast Worldwide Delivery. kfagnj2h Message-ID: <201210201303.B4C680B4106B58AFEB9E3@2i58g1k91> Viagra at Half Price Pharmacy For Visa owners only! Free Shipping, Free Consultation! Up to 40% Loyalty Bonus. Safe Generic medications from non US Licensed(!) pharmacy. 100% Satisfaction Guaranteed (no Mastercard!) http://pnez.ru From zooko at zooko.com Sat Oct 20 11:39:41 2012 From: zooko at zooko.com (Zooko Wilcox-O'Hearn) Date: Sat, 20 Oct 2012 12:39:41 -0600 Subject: [tahoe-dev] Tahoe-LAFS Sixth Birthday Party! Sat. Oct 27 Message-ID: Folks: Details will follow as I work them out, but this is just to remind you that yes, there *will* be a Tahoe-LAFS Sixth Birthday Celebration next Saturday, October 27, 2012, in Boulder, Colorado and possibly elsewhere. I'm going to ask the Boulder Hackerspace if we can use their space. It is apparently populated with 3-D printers and computer-controlled machining tools, which is awesome. b: Shawn suggested using Google Hangouts to connect party locations. I think that is a great idea! Everyone get Google Hangouts working before Saturday. I also strongly recommend the use of projectors to make the screen real-estate be shared state among all the participants (who are physically in one room). In contrast, laptop screens are not good for physical sharing, and parties with laptop screens tend to result in people reading their private email and stuff, where parties with projector screens tend to result in people doing things that are more interesting to everyone else present. So, I really want to borrow at least two projectors for the Boulder location. Anybody in Boulder have projectors we can use? I am thinking of having LeastAuthority.com pay to make t-shirts that say Tahoe-LAFS on them, and maybe "6th Birthday Party, Oct 27, 2012" in small print somewhere. Want one? I'll pay the cost to manufacture and deliver such a t-shirt to the first few [*] people who ask for one! To get one: 1. sign up for https://LeastAuthority.com service (which actually costs you *only* for the space you use, so it isn't a big commitment), and 2. agree to show up at a Physical Tahoe-LAFS Birthday Party Location to receive your t-shirt. Regards, Zooko Wilcox-O'Hearn Founder, CEO, and Customer Support Rep https://LeastAuthority.com [*] "The first few" = until I run out of t-shirts. I haven't yet decided how many to make. _______________________________________________ tahoe-dev mailing list tahoe-dev at tahoe-lafs.org https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Sat Oct 20 12:17:16 2012 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 20 Oct 2012 21:17:16 +0200 Subject: [tahoe-dev] Tahoe-LAFS Sixth Birthday Party! Sat. Oct 27 Message-ID: <20121020191716.GA9750@leitl.org> ----- Forwarded message from Zooko Wilcox-O'Hearn ----- From noloader at gmail.com Sat Oct 20 18:41:42 2012 From: noloader at gmail.com (Jeffrey Walton) Date: Sat, 20 Oct 2012 21:41:42 -0400 Subject: [cryptography] OT: Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security Message-ID: Hot off the presses (but its not limited to Android): "Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security", http://www2.dcsec.uni-hannover.de/files/android/p50-fahl.pdf. Or should it be "The Case for Public Key Pinning"? "...The most common approach to protect data during communication on the Android platform is to use the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols. To evaluate the state of SSL use in Android apps, we downloaded 13,500 popular free apps from Googlebs Play Market and studied their properties with respect to the usage of SSL. In particular, we analyzed the appsb vulnerabilities against Man-in-the-Middle (MITM) attacks due to the inadequate or incorrect use of SSL. For this purpose, we created MalloDroid, an Androguard extension that performs static code analysis to a) analyze the networking API calls and extract valid HTTP(S) URLs from the decompiled apps; b) check the validity of the SSL certificates of all extracted HTTPS hosts; and c) identify apps that contain API calls that differ from Androidbs default SSL usage, e.g., contain non-default trust managers, SSL socket factories or hostname verifiers with permissive verification strategies. Based on the results of the static code analysis, we selected 100 apps for manual audit to investigate various forms of SSL use and misuse: accepting all SSL certificates, allowing all hostnames regardless of the certificatebs Common Name (CN), neglecting precautions against SSL stripping, trusting all available Certificate Authorities (CAs), not using SSL pinning, and misinforming users about SSL usage." _______________________________________________ cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From companys at stanford.edu Sun Oct 21 01:46:20 2012 From: companys at stanford.edu (Yosem Companys) Date: Sun, 21 Oct 2012 01:46:20 -0700 Subject: [liberationtech] Code for America Open Data Hackathon Message-ID: Code for America's Data Deathmatch! Nov. 2rd/3rd, Fight Political Corruption and Help Schools Work Smarter! Are you a hacker, designer, or civic nerd who wants to fight political corruption or thinks that our schools should work smarter? Choose your focus, work with our government allies, and join Code for America for a hackathon to improve the cities we live in. Webve opened datasets, now available through well documented APIs, and have lined up a blockbuster group of open data advocates standing ready to help you build apps that will revolutionize the way citizens interact with government. Data DeathMatch! Nov 2nd, 2012: 6:30PM - 8PM (mixer, kickoff), Nov. 3rd 9AM - 7PM (hackathon) Code for America HQ: 155 9th St, San Francisco, CA. Sign-up: http://datadeathmatch.eventbrite.com Guest Speakers: Ann Ravel, Chair of Californiabs Fair Political Practices Commission James Sanders, Innovation Manager for KIPP Bay Area Schools Phil Trounstine, co-editor and publisher of Calbuzz Kuang Chen, CEO of Captricity Franklin Chien, CEO of LearnSprout Alex Tran, Code for America Accelerator How are we different than other hackathons? Webre bringing the experts to YOU, to work on shiny, newly accessible data. If youbve ever wanted to build a civic or education app with a real understanding of the context behind the data, this is your chance. What are we working with? Government data: The Fair Political Practices Commission (FPPC) of California (our statebs official watchdog that holds public officials accountable) has recently taken the bold step to make the 2011 economic interest filings of some California officials available as structured data, not just PDFs on a website. Stocks and houses and gifts, oh my! You have the chance to raise the bar for all transparency initiatives by creating new value out of this data. Education Data: For developers looking to jump into the growing educational technology market, LearnSprout offers a unique opportunity to turbo charge your idea. The company has built the first-ever API that allows you to tap into live data from a school or districtbs Student Information System (SIS). This opens the door to countless possibilities that before, would be impossible without access to live data. Bonus: Prizes: $1000! Beer, breakfast, lunch, and dinner in the amazing Code for America offices! Also, board games, ping pong and air hockey! -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From lists at infosecurity.ch Sun Oct 21 00:48:14 2012 From: lists at infosecurity.ch (Fabio Pietrosanti (naif)) Date: Sun, 21 Oct 2012 09:48:14 +0200 Subject: [tor-talk] Porn make the world more free: Tor Porn Bundle? Message-ID: Hi, i've been at internet governance forum (in italy) yesterday and starteddiscussing a topic with several internet freedom/policy activists: "porn make the world more free" It seems a joke, but it maybe an important consideration. A teenager (12-18 yo) in 2012 use internet porn websites for masturbation. That's a real facts, i expect, almost everywhere. In places like Saudi, a 14th years old young have a strong need of masturbate like in any other place in the world. But he don't have access to internet porn with his broadband internet access. In the Saudi example there are already now people providing paid (and risky) access to porn for masturbation's needs: http://arabnews.com/jailed-facilitating-porn-site-access This as an example of a real need that stimulate people in finding circumvention methods. So, when a teenager in Saudi need to masturbate he have to find out a censorship circumvention tool. >From a marketing perspective this is a clearly definable "need" . Ok, how can we think to make out of it (masturbation and porn) something good for freedom of speech? Imho we may think to create something like "Tor Porn Bundle": A version of TBB specifically designed to provide easy access to Porn. Then promote it trough custom targeted campaigns across all Arab World (and language/countries where internet porn is censored). Which would be the main result in mid-term? That most teenagers (and also non teenagers, but probably in minor part) in that closed-society will learn, understand and start using censorship circumvention tool for an important, basic need: Masturbate! We should not underestimate the relevance of this need because it fit along with the "Basic" human needs, like eating. So the effort and perceived rewards that a person have working on the path to satisfy that need is very high. In that hypothetical Torn Porn Bundle, we may deliver a pre-populated in-language list of porn websites. But also some "free" "in language" media website and other free / non censored information sources and social networking tools. That way, after masturbation, the user will be able to have a clear and simple path to start accessing the web in a free way. As a side node i would like to remind that the "porn industry" is valued billion of USD. If porn industry would became partners of freedom of speech players, it could means a lot of money for investment in campaigning and technology development, because it would means opening new markets to them. Opening a new market means having new consumer that means they would be able to calculate the economic ROI of an investment. * Porn supported the development of internet backbone * Porn developed early internet multimedia streaming technologies * Porn may make the world more free -naif _______________________________________________ tor-talk mailing list tor-talk at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From gurstein at gmail.com Sat Oct 20 21:38:22 2012 From: gurstein at gmail.com (michael gurstein) Date: Sun, 21 Oct 2012 10:38:22 +0600 Subject: World's First Flying File-Sharing Drones in Action Message-ID: World 's First Flying File-Sharing Drones in Action http://torrentfreak.com/worlds-first-flying-file-sharing-drones-in-action-12 0320/ A few days ago The Pirate Bay announced that in future parts of its site could be hosted on GPS controlled drones. To many this may have sounded like a joke, but in fact these pirate drones already exist. Project "Electronic Countermeasures" has built a swarm of five fully operational drones which prove that an "aerial Napster" or an "airborne Pirate Bay" is not as futuristic as it sounds. picture of a drone In an ever-continuing effort to thwart censorship, The Pirate Bay plans to turn flying drones into mobile hosting locations . "Everyone knows WHAT TPB is. Now they're going to have to think about WHERE TPB is," The Pirate Bay team told TorrentFreak last Sunday, announcing their drone project. Liam Young, co-founder of Tomorrow 's Thoughts Today, was amazed to read the announcement, not so much because of the technology, because his group has already built a swarm of file-sharing drones. "I thought hold on, we are already doing that," Young told TorrentFreak. Their starting point for project "Electronic Countermeasures" was to create something akin to an 'aerial Napster' or 'airborne Pirate Bay', but it became much more than that. "Part nomadic infrastructure and part robotic swarm, we have rebuilt and programmed the drones to broadcast their own local Wi-Fi network as a form of aerial Napster. They swarm into formation, broadcasting their pirate network, and then disperse, escaping detection, only to reform elsewhere," says the group describing their creation. File-Sharing Drone in Action (photo by Claus Langer ) picture of a sharing drone In short the system allows the public to share data with the help of flying drones. Much like the Pirate Box , but one that flies autonomously over the city. "The public can upload files, photos and share data with one another as the drones float above the significant public spaces of the city. The swarm becomes a pirate broadcast network, a mobile infrastructure that passers-by can interact with," the creators explain. One major difference compared to more traditional file-sharing hubs is that it requires a hefty investment. Each of the drones costs 1500 euros to build. Not a big surprise, considering the hardware that's needed to keep these pirate hubs in the air. "Each one is powered by 2x 2200mAh LiPo batteries. The lift is provided by 4x Roxxy Brushless Motors that run off a GPS flight control board. Also on deck are altitude sensors and gyros that keep the flight stable. They all talk to a master control system through XBee wireless modules," Young told TorrentFreak. "These all sit on a 10mm x 10mm aluminum frame and are wrapped in a vacuum formed aerodynamic cowling. The network is broadcast using various different hardware setups ranging from Linux gumstick modules, wireless routers and USB sticks for file storage." For Young and his crew this is just the beginning. With proper financial support they hope to build more drones and increase the range they can cover. "We are planning on scaling up the system by increasing broadcast range and building more drones for the flock. We are also building in other systems like autonomous battery change bases. We are looking for funding and backers to assist us in scaling up the system," he told us. Those who see the drones in action (video below) will notice that they're not just practical. The creative and artistic background of the group shines through, with the choreography performed by the drones perhaps even more stunning than the sharing component. "When the audience interacts with the drones they glow with vibrant colors, they break formation, they are called over and their flight pattern becomes more dramatic and expressive," the group explains. Besides the artistic value, the drones can also have other use cases than being a "pirate hub." For example, they can serve as peer-to-peer communications support for protesters and activists in regions where Internet access is censored. Either way, whether it's Hollywood or a dictator, there will always be groups that have a reason to shoot the machines down. But let's be honest, who would dare to destroy such a beautiful piece of art? # distributed via : no commercial use without permission # is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: http://mx.kein.org/mailman/listinfo/nettime-l # archive: http://www.nettime.org contact: nettime at kein.org ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From marlowe at antagonism.org Sun Oct 21 17:58:09 2012 From: marlowe at antagonism.org (Patrick R McDonald) Date: Sun, 21 Oct 2012 19:58:09 -0500 Subject: [tahoe-lafs-weekly-news] TWN 40 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ======================================================== Tahoe-LAFS Weekly News, issue number 40, October 21 2012 ======================================================== Welcome to the Tahoe-LAFS Weekly News (TWN). Tahoe-LAFS_ is a secure, distributed storage system. `View TWN on the web`_ *or* `subscribe to TWN`_. If you would like to view the "new and improved" TWN, complete with pictures; please take a `look`_. .. _Tahoe-LAFS: https://tahoe-lafs.org .. _View TWN on the web: https://tahoe-lafs.org/trac/tahoe-lafs/wiki/TahoeLAFSWeeklyNews .. _subscribe to TWN: https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-lafs-weekly-news .. _look: https://tahoe-lafs.org/~marlowe/TWN40.html Announcement and News ===================== Tahoe-LAFS Turning Six - ---------------------- Zooko |zooko| `announced Boulder, CO`_ will host a Tahoe-LAFS sixth birthday this Saturday. We will use Google Hangouts to connect parties in other locations. If you are using a Google Hangout, please ensure the Hangout works prior to Saturday. Zooko and Least Authority Enterprise |LAE| offered to supply party shirts. All you need to do is sign up for `Least Authority Enterprise`_ and show up at a physical party location. I won't be able to celebrate this year as I will be celebrating my good friend's wedding, the same day. I would love to see pictures and thoughts regarding the various parties. .. _`announced Boulder, CO`: https://tahoe-lafs.org/pipermail/tahoe-dev/2012-October/007783.html .. |LAE| image:: LAE.png :height: 35 :alt: Least Authority Enterprises :target: http://leastauthority.com .. _`Least Authority Enterprise`: https://LeastAuthority.com IPv6 Support - ------------ Eugen Leitl `inquired on IPv6 support`_ in Tahoe-LAFS. Particularly he wanted to try and run it over `cjdns`_. Currently, Tahoe-LAFS does not support IPv6 yet. `#867`_ covers implementing IPv6 on Tahoe-LAFS. Foolscap ticket `#155`_ blocks the previous ticket. Twisted ticket, `#3014`_ blocks the Foolscap ticket. .. _`inquired on IPv6 support`: https://tahoe-lafs.org/pipermail/tahoe-dev/2012-October/007762.html .. _`cjdns`: http://cjdns.info .. _`#867`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/867 .. _`#155`: http;//foolscap.lothar.com/trac/ticket/155 .. _`#3014`: http://twistedmatrix.com/trac/ticket/3014 - From the tahoe-dev Mailing List =============================== lafs-backup-tool, an alternative to "tahoe backup" - -------------------------------------------------- Mike Kazantsev `announced lafs-backup-tool`_. From the `README`_, lafs-backup-tool's "Intended use-case is to push most important (chosen by human) parts of already existing and static backups (stored as file trees) to lafs cloud backends." Lafs-backup-tool includes the following features which are not included in tahoe_backup.py: compression, metadata, symlinks, include and exc lude regex lists, more verbose logging and rate limiting. .. _`announced lafs-backup-tool`: https://tahoe-lafs.org/pipermail/tahoe-dev/2012-October/007773.html .. _`README`: https://github.com/mk-fg/lafs-backup-tool Thoughts from the Scribe ======================== This week I had a fantastic discussion with `Drew Perttula`_. Drew and I discussed the performance metrics of `PogoPlugs running Tahoe-LAFS`_. I am interested in building a Tahoe-LAFS storage grid on embedded devices as a means of cutting costs and power. Drew is exploring `Raspberry Pi`_ as an alternative. On a shopping trip to Costco, I discovered Western Digital MyBook Live which runs Debian Linux. I plan on purchasing on of these this Christmas to be one of Tahoe-LAFS nodes. I am interested if anyone else is running Tahoe-LAFS on a similar device. Please let us know. Drew, thanks for taking the time to chat with me on this. I look forward to sharing my results with you and reading yours. In addition, Drew provides `one of the best illustrations`_ of Tahoe-LAFS, I have experienced the pleasure to witness. I would love to see this incorporated into the Tahoe-LAFS web site. .. _`Drew Perttula`: http://bigasterisk.com .. _`PogoPlugs running Tahoe-LAFS`: https://tahoe-lafs.org/trac/tahoe-lafs/wiki/FAQ .. _`Raspberry Pi`: http://www.raspberrypi.org/ .. _`one of the best illustrations`: http://bigasterisk.com/tahoe-playground/ Glowing Quotes ============== Happy to see that @zooko's request to show the TWN author some love had the desired effect - Dirk Loss Tahoe-LAFS on Twitter ===================== @KimDotcom Why not use Tahoe-LAFS? Use my disk space, give me premium credit in return? Distributed secure and UNRAIDIBLE ;) [`0`_] Had enough of this, I'm setting up a #tahoe-lafs grid, who's with me? Or have done it yourselves? [`1`_] @tahoelafs have you ever considered doing GSoC? [`2`_] The second-ever blog (after mine) which is a web app served from secure, fault-tolerant storage: http://identi.ca/url/73958251 [`3`_] .. _`0`: https://twitter.com/Alxjll/status/258958005947744256 .. _`1`: https://twitter.com/unclecj/status/259257611906605056 .. _`2`: https://twitter.com/bascule/status/259733406210994176 .. _`3`: https://twitter.com/zooko/status/260007079253798913 Patches Needing Review of the Week ================================== There are four (4) ticket still needing review for 1.10.0: * `#1539`_: stop putting pkg_resources.require() into .tac files * `#166`_: command line order is problematic * `#937`_: 'tahoe run' doesn't work for an introducer node * `#1159`_: stop using .tac files: make it possible to change appname, Python package-directory name, perhaps other names There are three (3) tickets still needing review of 1.11.0: * `#1807`_: cleanup: HUMAN_RE regexes in uri.py are never used * `#1265`_: New Visualizer is insufficiently labelled/documented (plus layout problem) * `#1382`_: immutable peer selection refactoring and enhancements .. _`#1539`: http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1539 .. _`#166`: http://tahoe-lafs.org/trac/tahoe-lafs/ticket/166 .. _`#937`: http://tahoe-lafs.org/trac/tahoe-lafs/ticket/937 .. _`#1159`: http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1159 .. _`#1807`: http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1807 .. _`#1265`: http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1265 .. _`#1382`: http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1382 - ---- *The Tahoe-LAFS Weekly News is published once a week by The Tahoe-LAFS* *Software Foundation, President and Treasurer: Peter Secor* |peter| *. Scribes: Patrick "marlowe" McDonald* |marlowe| *, Zooko Wilcox-O'Hearn* *, Editor Emeritus: Zooko.* `View TWN on the web`_ *or* `subscribe to TWN`_ *. Send your news stories to* `marlowe at antagonism.org`_ *b submission deadline: Friday night.* .. _marlowe at antagonism.org: mailto:marlowe at antagonism.org .. |peter| image:: psecor.jpg :height: 35 :alt: peter :target: http://tahoe-lafs.org/trac/tahoe-lafs/wiki/AboutUs .. |marlowe| image:: marlowe-x75-bw.jpg :height: 35 :alt: marlowe :target: http://tahoe-lafs.org/trac/tahoe-lafs/wiki/AboutUs .. |zooko| image:: zooko.png :height: 35 :alt: zooko :target: http://tahoe-lafs.org/trac/tahoe-lafs/wiki/AboutUs -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQhJocAAoJEAT4nRyi0elyPFAQAPYh7vHBtHrnDcHIt58U9kTg ekhUZaPss9dOe/GzLWmJc5OAVp6iUax5c5UnbMQtS/4/CI3fZcYrDhf6CRFLab1M n1iBjgjCkUaV9G0XByQbTSeBw4fCAB0xBKZTfjWuGejcH9S1ea5d+i5eMiLpikvm sQnq846fnHAdH/ktTJCFDFNBYWWesZMh1FwY3XII/iOJtAXnNv73VqYAPwKkGwRB tHSWw6KSP95r/xpAs1aJUVRXUm1D5Lr2+XW9lovlRwvqEbPiSI2hnVwDQm9SoFO/ HwA/1p5LvOaHVgosIPBvFDAn4cJk7N3Dpi25u9id500221v0LUxO0CnOp+MKNAFP XZwLax7hJ288rSBCtulw6F6vKmk548PCzhRDMMIXly60Mxxl/pK61950RIldpL1H zucQ7R4A+1KKUILz/TKbhNxJEpmfLln8r0C0QXPohZwSmxODLdtJXc9mf4W/PhlB d7CmXjghhwPIN086s2qGwyaKq1B50Iq53FF092S0Raz0ZrNMrdC1PrlqR5G1feQg FuyvmPUHIoVSwH0elpvhsTSzVTWYvvBhCYHtNQXBZTel630x0Rlqd/OTlbtWvfxw jqsxQLn+KMqxHGN6uhkx7DjwxUy+kk3nXpRUOCTbbZOUTDhBr14gsK473x6kJeLr 5jBRlzq/EmpERsc23ehZ =FDYy -----END PGP SIGNATURE----- _______________________________________________ tahoe-lafs-weekly-news mailing list tahoe-lafs-weekly-news at tahoe-lafs.org http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-lafs-weekly-news ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From torop20 at hushmail.com Sun Oct 21 13:26:00 2012 From: torop20 at hushmail.com (torop20 at hushmail.com) Date: Sun, 21 Oct 2012 22:26:00 +0200 Subject: [tor-talk] Child pornography, anonymity and free speech Message-ID: Child pornography is illegal because the production itself involves actual victims. The laws date back to a time when it wasn't possible to produce CP without actual children. It therefore made sense that sale, distribution and possession of actual child pornography was made illegal, but the slippery slope started when the governments around the world began to outlaw child pornography without actual victims. The first prohibition does not violate free speech, because the material featuring actual children is integral to criminal conduct, but the second prohibition on computer generated images and cartoons is a regulation of thought. And Julian and others are really missing the point if they assume that the realistic nature of the depictions is the borderline between permissible and impermissible speech. The Supreme Court of the United States ruled in one of its more speech friendly cases that regulation of virtual child pornography on the assumption that such will incite viewers thoughts is impermissible regulation of thought. You can't be an anarchist and defend thought crime legislation. Child pornography without actual participants is victimless speech and is no more abuse than crime comics, or ordinary adult pornography some want to ban. And yes, true untraceable anonymous communication can't coexist in a society with thought crime legislation. Rick Falkvinge has succinctly argued why child pornography laws in their current sweeping form pose a risk to privacy and free speech. The question is very simple: If the price for enforcing anti-child pornography laws is banning truly untraceable communication, enforcing EU style data retention on all data packets flowing over the network, is the price too high? It isn't a price I am willing to pay, not even for the children. _______________________________________________ tor-talk mailing list tor-talk at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From torop20 at hushmail.com Sun Oct 21 14:00:22 2012 From: torop20 at hushmail.com (torop20 at hushmail.com) Date: Sun, 21 Oct 2012 23:00:22 +0200 Subject: [tor-talk] Child pornography, anonymity and free speech Message-ID: Julian wrote: "* It's possible to wank without porn. We can reach places in our imagination that no amount of brealityb can take us. In my experience an orgasm that starts in the mind is *much* more fulfilling than one involving porn. It's also possible to reach orgasm without wanking (i.e. by having sex). " But the anti-child pornography laws proceed on the assumption that even non-commercial possession of computer generated images must be banned because inducing the stimulation or wanking is a legitimate societal interest to be regulated. It's classic thought crime control. Sure everyone can wank and have their thoughts, but only until the state manages a way to control what people think. If someone wrote a decentralized truly realistic fantasy Virtual Reality simulation in which everyone could get their desire without killing, maiming or molestating another, do you think the government would allow such a program to exist? I bet not. "Getting into bed with the porn producers risks alienating the feminist movement who would otherwise be naturally aligned with Tor's goals." You must be kidding. Google for Catharine Mackinnon and Andrea Dworkin and the Indianapolis pornography ordinance. The feminist movement has changed since the 1960s. These two leading feminists have called for the prohibition on hate speech and pornography. And only thanks to the ACLU did they not succeed in Indianapolis. The question is not whether someone likes pornography, but whether he/she believes the state should control it. If you believe that the state should regulate which material I view in my own home you can't in the long run be a friend of Tor's goals. Enforcement of the neo-feminist movement's censorship goals is no more friendly to Tor's goals than those of the Christian conservative movement. Aside from the failed war on drugs, there are three policy goals which often beget more censorship: Protect the children, national security and enforce copyright. I don't want censor happy feminists on my side. They are as toxic to free speech, privacy and anonymity as the RIAA. Fortunately, both the protection of hate speech and virtual child pornography is a settled constitutional question in the US, so the worst which can happen is that other nations f-ck up their own laws. _______________________________________________ tor-talk mailing list tor-talk at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From pimentosx1 at realresultstraining.com Mon Oct 22 08:24:57 2012 From: pimentosx1 at realresultstraining.com (=?koi8-r?B?Iv7B09ktIMTM0SDiydrOxdPBIMkg89TJzNEhIg==?=) Date: Mon, 22 Oct 2012 07:24:57 -0800 Subject: =?koi8-r?B?78fSz83O2cog19nCz9IgzsHS1d7O2cgg/uHz7/cg88vJxMvJIDIwJQ==?= Message-ID: <000d01cdb061$02e5bfe0$6400a8c0@pimentosx1> Огромный выбор наручных ЧАСОВ Только Швейцарские механизмы!!! Сегодня СКИДКИ 20 % Все наши часы прошли независимую часовую экспертизу! Это 100% РЕПЛИКА - значит цена в десятки раз ниже оригинал, но: -Полное внешнее совпадение с оригиналом -Только Швейцарские механизмы -Износоустойчивые сплавы, сапфировое стекло, натуральная кожа, полированная нержавеющая сталь, натуральные камни(цирконы и фианиты)! Ионное напыление золота Цены от 9 825 рублей! Каталог часов на нашем сайте http://док-юр.рф From kleenexb at royaloakslife.com Mon Oct 22 00:19:31 2012 From: kleenexb at royaloakslife.com (=?koi8-r?B?Ik/GydPZINcgzc/Ty9fFISI=?=) Date: Mon, 22 Oct 2012 12:19:31 +0500 Subject: =?koi8-r?B?4dLFzsTBIM/GydPP1yDP1CDTz8LT1NfFzs7Jy8EhIOLF2iDLz83J09PJ?= =?koi8-r?B?ySE=?= Message-ID: <000d01cdb025$94683bf0$6400a8c0@kleenexb> Предлагаем офисы в аренду! А так же помещение под фотостудию! НЕДОРОГО, без комиссии, от собственника Охраняемая территория Подъезд с Б. _Черкизовской ул. и Окружного проезда Тел:495 728-00-два 0 Звоните From extinctsw7 at royalaudio.com Sun Oct 21 23:59:17 2012 From: extinctsw7 at royalaudio.com (=?koi8-r?B?Iu3P08vXwS0g68nF18vBISI=?=) Date: Mon, 22 Oct 2012 12:29:17 +0530 Subject: =?koi8-r?B?7sXEz9LPx88g0NLEwc0g1d7B09TPyyEg4sXaINDP09LFxM7Jy8/XLCDP?= =?koi8-r?B?1CDTz8LT1NfFzs7Jy8EuIA==?= Message-ID: <000d01cdb022$c0cc17f0$6400a8c0@extinctsw7> Продаются 60 соток без посредников, от собственника. Киевское шоссе, категория земли ИЖС, электричество, газ. Коттеджный поселок, охрана, асфальтированный подъезд, Чистый воздух, вокруг лес, чудесный вид, 8 9 0 3 1 9 3 0 6 2 3 From cornstalk7 at rael-letson.com Mon Oct 22 00:41:59 2012 From: cornstalk7 at rael-letson.com (=?koi8-r?B?Iu3B09Mt7cXEycEhIg==?=) Date: Mon, 22 Oct 2012 12:41:59 +0500 Subject: =?koi8-r?B?7sXEz9LPx88g8uH67/vs5e0g9+H79SDy5evs4e31IPDvIO3v8+v35SE=?= Message-ID: <000d01cdb028$b82f4b20$6400a8c0@cornstalk7> Разошлем Вашу рекламу по электронным адресам Москвы (юр+физ лица) Акция 3 рассылки - 5000 рублей! Качественно! Звоните + +7 -495 -5.8.5 4.8 57 From merchantslpr042 at romemovies.com Sun Oct 21 23:53:43 2012 From: merchantslpr042 at romemovies.com (=?koi8-r?B?Iu3B09Mt7cXEycEhIg==?=) Date: Mon, 22 Oct 2012 13:53:43 +0700 Subject: =?koi8-r?B?7sXEz9LPx88g8uH67/vs5e0g9+H79SDy5evs4e31IPDvIO3v8+v35SE=?= Message-ID: <000d01cdb021$f9d927a0$6400a8c0@merchantslpr042> Разошлем Вашу рекламу по электронным адресам Москвы (юр+физ лица) Акция 3 рассылки - 5000 рублей! Качественно! Звоните + +7 -495 -5.8.5 4.8 57 From superveningw45 at rkcenters.com Mon Oct 22 00:09:23 2012 From: superveningw45 at rkcenters.com (=?koi8-r?B?IiDh2snRLfP04fIi?=) Date: Mon, 22 Oct 2012 15:09:23 +0800 Subject: =?koi8-r?B?7+vh+vn34eXtIPXz7PXn6SD04e3v9uXu7u/n7yDv5u/y7ezl7unxLCDs?= =?koi8-r?B?7+fp8/Tp6+ku?= Message-ID: <000d01cdb024$2a0515e0$6400a8c0@superveningw45> Уважаемые Клиенты! Мы предлагаем Вашему вниманию сотрудничество в области таможенного оформления. Наша компания - Азия-Стар оказывает весь спектр услуг ТАМОЖЕННОГО ОФОРМЛЕНИЯ, ЛОГИСТИКИ. Таможенную очистку производим через таможенные пункты г.Владивостока, а именно Торговый и Рыбный порты. ООО "Азия-СТАР" хорошо зарекомендовала себя на рынке таможенного оформления и сейчас мы в силах провести Ваш груз по ценам НИЖЕ РИСКОВОЙ СТОИМОСТИ установленной таможенными органами. Звоните и присылайте Ваши запросы и Вы увидите Свою экономию. При долговременном сотрудничестве разрабатывается система скидок. Расчет за услуги возможен в Москве. В запросе указывайте: Наименование груза, его описание, страну изготовления. вес нетто. Декларант ООО Азия-СТАР Роганова Ольга телефон : 89502962329 skype: milana5555555555 From dissociatesrb021 at rdsacuflow.com Mon Oct 22 07:41:56 2012 From: dissociatesrb021 at rdsacuflow.com (=?koi8-r?B?IvrFzcXM2M7ZyiDV3sHT1M/LIM/UINPPwtPU18XOzsnLwS4i?=) Date: Mon, 22 Oct 2012 20:41:56 +0600 Subject: =?koi8-r?B?89LP3s7PINDSz8TBwCDV3sHT1M/LINcg0M8g68HbydLTy8/N1SDbLg==?= Message-ID: <000d01cdb063$62b607c0$6400a8c0@dissociatesrb021> Продаю земельный участок в обжитой деревне Ледово 20 соток. По Каширскому шоссе. Рядом лес и большое озеро. ЖД ст. от Павелецкого вокзала всего 2.5 км, ходит автобус. Очень красиво, много новых домов. Срочно. Дешево. Приглашаю Вас на просмотр - 8 - 916-162-ОЗ-О8 Никита. From dodsonzjve7 at roxiware.com Mon Oct 22 08:43:34 2012 From: dodsonzjve7 at roxiware.com (=?koi8-r?B?Ik/GydPZINcgzc/Ty9fFISI=?=) Date: Mon, 22 Oct 2012 22:43:34 +0700 Subject: =?koi8-r?B?4dLFzsTBIM/GydPP1yDP1CDTz8LT1NfFzs7Jy8EhIOLF2iDLz83J09PJ?= =?koi8-r?B?ySE=?= Message-ID: <000d01cdb06b$feee1ee0$6400a8c0@dodsonzjve7> Предлагаем офисы в аренду! А так же помещение под фотостудию! НЕДОРОГО, без комиссии, от собственника Охраняемая территория Подъезд с Б. _Черкизовской ул. и Окружного проезда Тел:495 728-00-20 From dump63 at resistemas.com Tue Oct 23 06:34:25 2012 From: dump63 at resistemas.com (=?koi8-r?B?Iu3P08vXwSAg68nF19PLz8Ug2yAhIg==?=) Date: Tue, 23 Oct 2012 05:34:25 -0800 Subject: =?koi8-r?B?7sXEz9LPx88g0NLEwc0g1d7B09TPyyEg4sXaINDP09LFxM7Jy8/XLCDP?= =?koi8-r?B?1CDTz8LT1NfFzs7Jy8EuIA==?= Message-ID: <000d01cdb11a$bcb53270$6400a8c0@dump63> Продаются 60 соток без посредников, от собственника. Есть еще и другие участки! Спрашивайте Киевское шоссе, категория земли ИЖС, электричество, газ. Коттеджный поселок, охрана, асфальтированный подъезд, Чистый воздух, вокруг лес, чудесный вид, 8 9 0 3- 1 9 3- 0 6 2 3 From utilitariansq1 at rko-cpas.com Tue Oct 23 00:53:12 2012 From: utilitariansq1 at rko-cpas.com (=?koi8-r?B?IvDSz8TBwCDQ0s/NwsHa1SI=?=) Date: Tue, 23 Oct 2012 09:53:12 +0200 Subject: =?koi8-r?B?8NLPxMHAINDSz8na18/E09TXxc7O1cAgwsHa1SwgNCDLzSDP1CDt6+Hk?= Message-ID: <55C36D38103E4C1DBBE0C0DD3E3C1484@gigadb06ad3f13> Продаем производственно-складскую базу рядом с Москвой 4 км от МКАД, около г.Долгопрудный, заезд с Лихачевского шоссе. Территория 1,5 га огорожена, 4850 кв.м капитальных зданий – складские, производственные и административные помещения, общежитие для рабочих. Свой трансформатор, котельная, центральные вода и канализация, газ рядом. Подробности по тел: (915) ЗЧO-99-16 From izvestia28 at rennerotto.com Tue Oct 23 12:49:19 2012 From: izvestia28 at rennerotto.com (=?koi8-r?B?Iu3P08vXwSAg68nF19PLz8Ug2yAhIg==?=) Date: Tue, 23 Oct 2012 11:49:19 -0800 Subject: =?koi8-r?B?7sXEz9LPx88g0NLEwc0g1d7B09TPyyEg4sXaINDP09LFxM7Jy8/XLCDP?= =?koi8-r?B?1CDTz8LT1NfFzs7Jy8EuIA==?= Message-ID: <074671101.36385997525557@rennerotto.com> Продаются 60 соток без посредников, от собственника. Есть еще и другие участки! Спрашивайте Киевское шоссе, категория земли ИЖС, электричество, газ. Коттеджный поселок, охрана, асфальтированный подъезд, Чистый воздух, вокруг лес, чудесный вид, 8 9 0 3- 1 9 3- 0 6 2 3 From eugen at leitl.org Tue Oct 23 03:39:03 2012 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 23 Oct 2012 12:39:03 +0200 Subject: [cryptography] OT: Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security Message-ID: <20121023103903.GK9750@leitl.org> ----- Forwarded message from Jeffrey Walton ----- From handiworkrx64 at reuvenenterprises.com Tue Oct 23 03:38:34 2012 From: handiworkrx64 at reuvenenterprises.com (=?koi8-r?B?IvDSz8TB1sEgydog0MXS19nIINLVyyDXIOvwLi4uIg==?=) Date: Tue, 23 Oct 2012 14:08:34 +0330 Subject: =?koi8-r?B?8NLPxMHAINDSz9PUz9LO2cog1d7B09TPyyDVINfPxNkgySDMxdPBLiDr?= =?koi8-r?B?ycXX08vPxSDbz9PTxS4=?= Message-ID: <522B0795FE1C4AECBB0FC25F19E58F6F@str> Предлагаю Вам участок 88 соток ИЖС в очень живописном месте в два уровня, с ландшафтным дизайном, собственным пляжем и вековыми деревьями. Центральные коммуникации и дорога асфальт на 5+. КП Оборенское поместье. Звоните, участок достоин Вас и Ваших близких: (495)_643-_27_77 Александр. From eugen at leitl.org Tue Oct 23 05:11:46 2012 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 23 Oct 2012 14:11:46 +0200 Subject: [tor-talk] Porn make the world more free: Tor Porn Bundle? Message-ID: <20121023121146.GP9750@leitl.org> ----- Forwarded message from "Fabio Pietrosanti (naif)" ----- From eugen at leitl.org Tue Oct 23 05:13:00 2012 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 23 Oct 2012 14:13:00 +0200 Subject: [liberationtech] Code for America Open Data Hackathon Message-ID: <20121023121300.GQ9750@leitl.org> ----- Forwarded message from Yosem Companys ----- From syllabifiedwq551 at rebyata.com Tue Oct 23 00:43:02 2012 From: syllabifiedwq551 at rebyata.com (=?koi8-r?B?IvTp8O/n8uHm6fEg8PLl5Ozh5+Hl9CI=?=) Date: Tue, 23 Oct 2012 14:43:02 +0700 Subject: =?koi8-r?B?7uUg5O/y7+fh8SDvxtPF1M7B0SDw5f7h9Pg=?= Message-ID: <2EC7457135904804AB11D88BBD4D2020@MOBIDE044F23E7> ТИПОГРАФИЯ ПРЕДЛАГАЕТ НЕ ДОРОГАЯ Офсетная ПЕЧАТЬ – Быстро, Качественно и в Максимально короткий срок.   ЖУРНАЛЫ, КАТАЛОГИ, БРОШЮРЫ, БУКЛЕТЫ, ЛИСТОВКИ ФЛАЕРЫ, ПАПКИ, КАЛЕНДАРИ КВАРТАЛЬНЫЕ, КАРМАННЫЕ и ДОМИКИ, ПОСТЕРЫ, ПЛАКАТЫ и АФИШЫ, ФИРМЕННЫЕ КОНВЕРТЫ, ПАКЕТЫ, ПЛАСТИКОВЫЕ КАРТЫ, ВИЗИТКИ на ДИЗАЙНЕРСКИХ БУМАГАХ, БАНЕРЫ, ШТЕНДЕРЫ и т. д.   тел.: (495) 500-98-93 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2964 bytes Desc: not available URL: From currencyd18 at roie.com Mon Oct 22 23:56:41 2012 From: currencyd18 at roie.com (=?koi8-r?B?IvTJ0M/H0sHGydEi?=) Date: Tue, 23 Oct 2012 14:56:41 +0800 Subject: =?koi8-r?B?LSDw0s/T3sXUIPfB28XHzyDC1cvMxdTB?= Message-ID: <44A5C48CF9DD450E9BEFB8987852AAAA@MsHoa> Областная типография ГАРАНТИРУЕТ СУПЕРЦЕНЫ И СУПЕРСРОКИ на календари, буклеты, каталоги плакаты и др. - весь спектр полиграфии (кашированые изделия, плакаты, листовки, каталоги, брошюры...) - доставка бесплатно! - Доставка до заказчика! - Машины А1, А2, весь спектр постпечатной обработки! - сервис на 5+ - внимательное отношению к заказчикам - шоу-рум с образцами - м. Курская Просчитайте Ваши заказы в нашей Типографии! тел.+7495-9407322 /495-5897612 Почта: www.логотип-л.рф/ From fingerboardaod663 at redi.com Tue Oct 23 02:19:15 2012 From: fingerboardaod663 at redi.com (=?koi8-r?B?IuUt0sXLzMHNwSI=?=) Date: Tue, 23 Oct 2012 17:19:15 +0800 Subject: =?koi8-r?B?OCDSwdPT2czPyyDawSAyMCAwMDAgLSA0NCDSwdPT2czLySAyMCAwMDA=?= Message-ID: Интернет реклама 2 рассылки - 5 000 8 рассылок- 10 000 22 рассылки + повтор в день выхода - 20 000 + Хостинг в подарок и домен РФ Тел: (495) 585 79 04 ICQ: 286-926-971 Написать нам : www.письмо-онлайн.рф ОТПИСАТЬСЯ: www.отписаться-тут.рф -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 31026 bytes Desc: not available URL: From rightness372 at rhl-int.com Tue Oct 23 03:19:45 2012 From: rightness372 at rhl-int.com (=?koi8-r?B?IuUt7cHSy8XUyc7HIg==?=) Date: Tue, 23 Oct 2012 18:19:45 +0800 Subject: =?koi8-r?B?OCDSwdPT2czPyyDawSAxMCAwMDAg0tXCzMXKICvIz9PUyc7HIM7BIM3F?= =?koi8-r?B?09HDINcg8O/k4fLv6w==?= Message-ID: <38FAFA72C40E440796DD996D5D969CB0@LENOVO201210151234> 2 рассылки - 5 000 8 рассылок - 10 000 + Хостинг в подарок и домен РФ 22 рассылки + повтор в день выхода - 20 000 + Хостинг в подарок и домен РФ База Россия 23 млн Мы советуем делать не 1 рассылку и даже не 2. И по возможности в этих рассылках не менять текст и вид письма хотя бы в двух рассылках. Реклама, даже такая, все равно реклама, и она строится на основах психологии. Вы замечали, что вся реклама идет "Валом". По телевизору часто можно увидеть, что рекламный ролик идет дважды. Существует психологическая схема восприятия товара. Вот смотрите: Вы получили письмо первый раз, и почти наверняка его удалите даже не рассматривая. Елси вам оно пришло еще раз, вы посмотрите и удалите. На третий раз, оно вас разозлит и вы его прочтете. А потом уже, получив его, подсознательно задумаетесь: "а может оно мне нужно...". Реклама идет по принципу детской игры "Купи слона", под конец все говорят "хорошо куплю"! Тел: (495) 585-79-04 ICQ: 286 926 971 Написать нам : www.письмо-онлайн.рф ОТПИСАТЬСЯ: www.отписаться-тут.рф From buckskinsebr06 at robertmacomber.com Tue Oct 23 04:36:29 2012 From: buckskinsebr06 at robertmacomber.com (=?koi8-r?B?Ik/GydPZINcgzc/Ty9fFISI=?=) Date: Tue, 23 Oct 2012 18:36:29 +0700 Subject: =?koi8-r?B?4dLFzsTBIM/GydPP1yDP1CDTz8LT1NfFzs7Jy8EhIOLF2iDLz83J09PJ?= =?koi8-r?B?ySE=?= Message-ID: <000d01cdb112$a4aecfe0$6400a8c0@buckskinsebr06> Предлагаем офисы в аренду! А так же помещение под фотостудию! НЕДОРОГО, без комиссии, от собственника Охраняемая территория Подъезд с Б. _Черкизовской ул. и Окружного проезда Тел:495 728_00=20 From glitterya8 at reavey-ni.com Tue Oct 23 06:36:42 2012 From: glitterya8 at reavey-ni.com (=?koi8-r?B?IvDF3sHUwcrUxSDX2cfPxM7PINcg7c/Ty9fFISI=?=) Date: Tue, 23 Oct 2012 19:06:42 +0530 Subject: =?koi8-r?B?8/Xw5fIg4+Xu+SDu4SDj6eby7/f14CDw5f7h9PggKDQ5NSk2MTctMDkt?= =?koi8-r?B?MjQ=?= Message-ID: <000d01cdb123$702e0bd0$6400a8c0@glitterya8> СУПЕР ЦЕНЫ НА ЦИФРОВУЮ ПЕЧАТЬ 617-09-24 ВИЗИТКИ, БУКЛЕТЫ, ЛИСТОВКИ, КОНВЕРТЫ, КАЛЕНДАРИ, КНИГИ в мягком переплете, БЛАНКИ, ПРИГЛАШЕНИЯ, ОТКРЫТКИ, ПРАЙС-ЛИСТЫ, ЛАМИНИРОВАНИЕ, БРОШЮРЫ Доставка в пределах МКАД*- Бесплатно Доставка от 15 000 р Визитки за 1 час при наличии готового макета ТЕЛ: (495) 617//09//24 From veniceif39 at robinsonbrog.com Tue Oct 23 10:16:00 2012 From: veniceif39 at robinsonbrog.com (=?koi8-r?B?Ik/GydPZINcgzc/Ty9fFISI=?=) Date: Tue, 23 Oct 2012 19:16:00 +0200 Subject: =?koi8-r?B?4dLFzsTBIM/GydPP1yDP1CDTz8LT1NfFzs7Jy8EhIOLF2iDLz83J09PJ?= =?koi8-r?B?ySE=?= Message-ID: Предлагаем офисы в аренду! А так же помещение под фотостудию! НЕДОРОГО, без комиссии, от собственника Охраняемая территория Подъезд с Б. _Черкизовской ул. и Окружного проезда Тел:495 728_00=20 From frank at journalistsecurity.net Tue Oct 23 21:38:16 2012 From: frank at journalistsecurity.net (frank at journalistsecurity.net) Date: Tue, 23 Oct 2012 21:38:16 -0700 Subject: [liberationtech] Federal interception of CIA emails to journalists, and journalists emails to legal team Message-ID: This case seems to be of value to the list. Ex-CIA Officer John Kiriakou on Tuesday pleaded guilty to disclosing the name of a CIA figure to former ABC News journalist Matthew Cole. The indictment against Kiraiakou released in April indicated that Federal authorities had obtained emails between Kiriakou and three journalists including Cole and another ABC News journalist along with Scott Shane of The New York Times. The indictment also indicates that authorities intercepted a subsequent email by Cole (with information from Kiriakou) to a defense investigator with attorneys for terror suspects being held in Guantanamo. http://www.nytimes.com/2012/10/24/us/former-cia-officer-pleads-guilty-in-leak-case.html?_r=0 http://www.politico.com/blogs/under-the-radar/2012/04/more-journalists-linked-to-case-charging-excia-officer-120047.html No case better underscores the need for U.S. journalists covering national security to start practicing digital security. More information may or may not become available. I'd welcome any thoughts here. Thank you. Frank Frank SmythExecutive DirectorGlobal Journalist Securityfrank at journalistsecurity.netTel. + 1 202 244 0717Cell + 1 202 352 1736Twitter: @JournoSecurityWebsite: www.journalistsecurity.netPGP Public KeyPlease consider our Earth before printing this email. Confidentiality Notice: This email and any files transmitted with it are confidential. If you have received this email in error, please notify the sender and delete this message and any copies. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From gfoster at entersection.org Tue Oct 23 21:16:41 2012 From: gfoster at entersection.org (Gregory Foster) Date: Tue, 23 Oct 2012 23:16:41 -0500 Subject: [drone-list] The Disposition Matrix Message-ID: WaPo (Oc 23) - "Plan for hunting terrorists signals U.S. intends to keep adding names to kill lists" by Greg Miller: http://www.washingtonpost.com/world/national-security/plan-for-hunting-terrorists-signals-us-intends-to-keep-adding-names-to-kill-lists/2012/10/23/4789b2ae-18b3-11e2-a55c-39408fbe6a4b_story.html First of three articles. /bThe problem with the drone is itbs like your lawn mower,b said Bruce Riedel, a former CIA analyst and Obama counterterrorism adviser. bYoubve got to mow the lawn all the time. The minute you stop mowing, the grass is going to grow back.b// / gf -- Gregory Foster || gfoster at entersection.org @gregoryfoster <> http://entersection.com/ _______________________________________________ drone-list mailing list drone-list at lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/drone-list If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. Should you need immediate assistance, please contact the list moderator. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From syntactical62 at royalschouten.com Wed Oct 24 04:15:39 2012 From: syntactical62 at royalschouten.com (=?koi8-r?B?IvTp8O/n8uHm6fEg8PLl5Ozh5+Hl9CI=?=) Date: Wed, 24 Oct 2012 03:15:39 -0800 Subject: =?koi8-r?B?7uUg5O/y7+fh8SDvxtPF1M7B0SDw5f7h9Pg=?= Message-ID: <373A5A0BB58049FFA99D710F40C1D7F0@hondaf5e9eccc6> ТИПОГРАФИЯ ПРЕДЛАГАЕТ НЕ ДОРОГАЯ Офсетная ПЕЧАТЬ – Быстро, Качественно и в Максимально короткий срок.   ЖУРНАЛЫ, КАТАЛОГИ, БРОШЮРЫ, БУКЛЕТЫ, ЛИСТОВКИ ФЛАЕРЫ, ПАПКИ, КАЛЕНДАРИ КВАРТАЛЬНЫЕ, КАРМАННЫЕ и ДОМИКИ, ПОСТЕРЫ, ПЛАКАТЫ и АФИШЫ, ФИРМЕННЫЕ КОНВЕРТЫ, ПАКЕТЫ, ПЛАСТИКОВЫЕ КАРТЫ, ВИЗИТКИ на ДИЗАЙНЕРСКИХ БУМАГАХ, БАНЕРЫ, ШТЕНДЕРЫ и т. д.   тел.: (495) 500-98-93 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2964 bytes Desc: not available URL: From traileringam983 at rovedine.com Tue Oct 23 15:26:59 2012 From: traileringam983 at rovedine.com (=?koi8-r?B?IvDSz8TB1sEgydog0MXS19nIINLVyyDXIOvwLi4uIg==?=) Date: Wed, 24 Oct 2012 03:56:59 +0530 Subject: =?koi8-r?B?8NLPxMHAINDSz9PUz9LO2cog1d7B09TPyyDVINfPxNkgySDMxdPBLiDr?= =?koi8-r?B?ycXX08vPxSDbz9PTxS4=?= Message-ID: <000d01cdb16d$847a6da0$6400a8c0@traileringam983> Предлагаю Вам участок 88 соток ИЖС в очень живописном месте в два уровня, с ландшафтным дизайном, собственным пляжем и вековыми деревьями. Центральные коммуникации и дорога асфальт на 5+. КП Оборенское поместье. Звоните, участок достоин Вас и Ваших близких: (495)_643-_27_77 Александр. From jya at pipeline.com Wed Oct 24 04:20:44 2012 From: jya at pipeline.com (John Young) Date: Wed, 24 Oct 2012 07:20:44 -0400 Subject: [liberationtech] Federal interception of CIA emails to journalists, and journalists emails to legal team In-Reply-To: <20121024080943.GK9750@leitl.org> References: <20121024080943.GK9750@leitl.org> Message-ID: Journalists lack of comsec has always been the weakest link of unauthorized disclosures. Worse is the more pervasive comsec lack by the lazy overly privileged and coddled publishing industry: publishers, attorneys, permanent and temporary staff, janitors, visitorsm, messengers, wives and husbands, children and friends asked to guide parents with computers, housekeepers, ISPs, cellphone providers and those pesky pests, insiders and black-baggers working the industry since it was created and sustained to be all too trustworthy by spies and sources. The miscreants deserve Scarlet Letters, since they seldom risk punishment, not for publishing courage but for comsec negligence and a persistent flood of leaks for which they put others at risk with callous indifference bred by arrogance and constitutional protection. Assange made four comsec mistakes: trusting new staff and fair weather friends, believing best friends in the press would protect him, believing confidential lawyers, then believing national leaders -- all of them major leakers, social engineers and targets of spies. What Lamo social engineered out of Manning is kid stuff by comparison for the industries that thrive and get rich on siphoning and leaking information. Never communicate with a member of the media, legal and political gangs who will sacrifice you and avidly exploit your cowering in a bolt hole or molderng at Leavenworth and eagerly expect lengthy trials for more gush and actionable intelligence on supporters, protestors, bloggers, journos, and us blathering here and where else but Tor, the biggest honey trap since religion. At 04:09 AM 10/24/2012, Eugen Leitl wrote: >----- Forwarded message from frank at journalistsecurity.net ----- > >From: frank at journalistsecurity.net >Date: Tue, 23 Oct 2012 21:38:16 -0700 >To: liberationtech >Subject: [liberationtech] Federal interception of CIA emails to journalists, > and journalists emails to legal team >User-Agent: Workspace Webmail 5.6.26 >Reply-To: liberationtech > >This case seems to be of value to the list. Ex-CIA Officer John Kiriakou >on Tuesday pleaded guilty to disclosing the name of a CIA figure to >former ABC News journalist Matthew Cole. The indictment against >Kiraiakou released in April indicated that Federal authorities had >obtained emails between Kiriakou and three journalists including Cole >and another ABC News journalist along with Scott Shane of The New York >Times. The indictment also indicates that authorities intercepted a >subsequent email by Cole (with information from Kiriakou) to a defense >investigator with attorneys for terror suspects being held in >Guantanamo. > >http://www.nytimes.com/2012/10/24/us/former-cia-officer-pleads-guilty-in-leak-case.html?_r=0 >http://www.politico.com/blogs/under-the-radar/2012/04/more-journalists-linked-to-case-charging-excia-officer-120047.html > >No case better underscores the need for U.S. journalists covering >national security to start practicing digital security. More information >may or may not become available. I'd welcome any thoughts here. Thank >you. Frank > > >Frank SmythExecutive DirectorGlobal Journalist >Securityfrank at journalistsecurity.netTel. + 1 202 244 0717Cell + 1 202 >352 1736Twitter: @JournoSecurityWebsite: www.journalistsecurity.netPGP >Public KeyPlease consider our Earth before printing this email. >Confidentiality Notice: This email and any files transmitted with it are >confidential. If you have received this email in error, please notify >the sender and delete this message and any copies. If you are not the >intended recipient, you are notified that disclosing, copying, >distributing or taking any action in reliance on the contents of this >information is strictly prohibited. > >-- >Unsubscribe, change to digest, or change password at: >https://mailman.stanford.edu/mailman/listinfo/liberationtech > >----- End forwarded message ----- >-- >Eugen* Leitl leitl http://leitl.org >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From alderman at renoortho.com Tue Oct 23 17:28:58 2012 From: alderman at renoortho.com (=?koi8-r?B?Ik/GydPZINcgzc/Ty9fFISI=?=) Date: Wed, 24 Oct 2012 07:28:58 +0700 Subject: =?koi8-r?B?4dLFzsTBIM/GydPP1yDP1CDTz8LT1NfFzs7Jy8EhIOLF2iDLz83J09PJ?= =?koi8-r?B?ySE=?= Message-ID: <11010C669BC047A798D330E26AE39566@456b9f7a65434d> Предлагаем офисы в аренду! А так же помещение под фотостудию! НЕДОРОГО, без комиссии, от собственника Охраняемая территория Подъезд с Б. _Черкизовской ул. и Окружного проезда Тел:495 728_00=20 From womb5590 at rocketmail.com Tue Oct 23 18:24:52 2012 From: womb5590 at rocketmail.com (=?koi8-r?B?Iu3P08vXwSAg68nF19PLz8Ug2yAhIg==?=) Date: Wed, 24 Oct 2012 08:24:52 +0700 Subject: =?koi8-r?B?7sXEz9LPx88g0NLEwc0g1d7B09TPyyEg4sXaINDP09LFxM7Jy8/XLCDP?= =?koi8-r?B?1CDTz8LT1NfFzs7Jy8EuIA==?= Message-ID: <3ED7CBF4116C4A3D825BCC5C3317D4E8@VIETTEL1AE2521> Продаются 60 соток без посредников, от собственника. Есть еще и другие участки! Спрашивайте Киевское шоссе, категория земли ИЖС, электричество, газ. Коттеджный поселок, охрана, асфальтированный подъезд, Чистый воздух, вокруг лес, чудесный вид, 8 9 0 3- 1 9 3- 0 6 2 3 From eugen at leitl.org Wed Oct 24 01:09:31 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 24 Oct 2012 10:09:31 +0200 Subject: [drone-list] The Disposition Matrix Message-ID: <20121024080931.GJ9750@leitl.org> ----- Forwarded message from Gregory Foster ----- From eugen at leitl.org Wed Oct 24 01:09:43 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 24 Oct 2012 10:09:43 +0200 Subject: [liberationtech] Federal interception of CIA emails to journalists, and journalists emails to legal team Message-ID: <20121024080943.GK9750@leitl.org> ----- Forwarded message from frank at journalistsecurity.net ----- From crosswaysdiv18 at rolandosent.com Tue Oct 23 23:10:01 2012 From: crosswaysdiv18 at rolandosent.com (=?koi8-r?B?IvTJ0M/H0sHGydEi?=) Date: Wed, 24 Oct 2012 11:40:01 +0530 Subject: =?koi8-r?B?LSDs1d7bwdEgw8XOwSDOwSDQxd7B1Ngg98HbxcfPIMvB1MHMz8fB?= Message-ID: <792FEF0BBA71495F81D95B47AFD3F19E@acf4048a13caa4> Областная типография ГАРАНТИРУЕТ СУПЕРЦЕНЫ И СУПЕРСРОКИ на календари, буклеты, каталоги плакаты и др. - весь спектр полиграфии (кашированые изделия, плакаты, листовки, каталоги, брошюры...) - доставка бесплатно! - Доставка до заказчика! - Машины А1, А2, весь спектр постпечатной обработки! - сервис на 5+ - внимательное отношению к заказчикам - шоу-рум с образцами - м. Курская Просчитайте Ваши заказы в нашей Типографии! тел.84955897612 (с 9 до 19.00), 89260055496 (с 9 до 20.00) Почта: www.логотип-л.рф From karsten at torproject.org Wed Oct 24 08:58:39 2012 From: karsten at torproject.org (Karsten Loesing) Date: Wed, 24 Oct 2012 11:58:39 -0400 Subject: [tor-dev] New tech report: Counting daily bridge users Message-ID: Hi everyone, I just finished a new tech report titled "Counting daily bridge users": https://research.torproject.org/techreports/counting-daily-bridge-users-2012-10-24.pdf >From the abstract: "As part of the Tor Metrics Project, we want to learn how many people use the Tor network on a daily basis. Counting users in an anonymity network is, obviously, a difficult task for which we cannot collect too sensitive usage data. We came up with a privacy-preserving approach for estimating directly connecting user numbers by counting requests to the directory mirrors and deriving approximate user numbers from there. In this report we describe a modified approach for estimating the number of users connecting via bridges by evaluating directory requests made to bridges. We compare this new approach to our current approach that estimates bridge user numbers from total unique IP addresses seen at bridges. We think that results from the new approach are closer to reality, even though that means there are significantly fewer daily bridge users than originally expected." Feedback is much appreciated and could influence our implementation of user number estimates in the future (#7154). Thanks, Karsten _______________________________________________ tor-dev mailing list tor-dev at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Wed Oct 24 04:51:21 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 24 Oct 2012 13:51:21 +0200 Subject: [tor-talk] Child pornography, anonymity and free speech Message-ID: <20121024115121.GX9750@leitl.org> ----- Forwarded message from torop20 at hushmail.com ----- From zips at royalskandia.com Wed Oct 24 02:01:10 2012 From: zips at royalskandia.com (=?koi8-r?B?IvTp8O/n8uHm6fEg8PLl5Ozh5+Hl9CI=?=) Date: Wed, 24 Oct 2012 14:01:10 +0500 Subject: =?koi8-r?B?7uUg5O/y7+fh8SDvxtPF1M7B0SDw5f7h9Pg=?= Message-ID: ТИПОГРАФИЯ ПРЕДЛАГАЕТ НЕ ДОРОГАЯ Офсетная ПЕЧАТЬ – Быстро, Качественно и в Максимально короткий срок.   ЖУРНАЛЫ, КАТАЛОГИ, БРОШЮРЫ, БУКЛЕТЫ, ЛИСТОВКИ ФЛАЕРЫ, ПАПКИ, КАЛЕНДАРИ КВАРТАЛЬНЫЕ, КАРМАННЫЕ и ДОМИКИ, ПОСТЕРЫ, ПЛАКАТЫ и АФИШЫ, ФИРМЕННЫЕ КОНВЕРТЫ, ПАКЕТЫ, ПЛАСТИКОВЫЕ КАРТЫ, ВИЗИТКИ на ДИЗАЙНЕРСКИХ БУМАГАХ, БАНЕРЫ, ШТЕНДЕРЫ и т. д.   тел.: (495) 500-98-93 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2964 bytes Desc: not available URL: From enslavingd1 at rebala.com Wed Oct 24 05:16:31 2012 From: enslavingd1 at rebala.com (=?koi8-r?B?IvPU0s/JzSDEz83BIC0gzsXEz9LPx88hISEi?=) Date: Wed, 24 Oct 2012 14:16:31 +0200 Subject: =?koi8-r?B?89TSz8nNINrBx8/Sz8TO2cUgxM/NwSEg88XK3sHTIOHr4+nxIO/Txc7Y?= =?koi8-r?B?wCDkxdvF18zFIQ==?= Message-ID: Строительство загородных домов из ячеистого бетона и пород северного леса. Любые проекты. Отделка и ремонт. Дизайн. Специальные цены. АКЦИЯ!!! УЗнате подробнее Телефон (495) 589-6 2-99. From minutiado221 at recruitonline.com Wed Oct 24 02:22:26 2012 From: minutiado221 at recruitonline.com (=?koi8-r?B?Iu/GydPZIM/UINPPwtPU18XOzsnLwSI=?=) Date: Wed, 24 Oct 2012 14:22:26 +0500 Subject: =?koi8-r?B?88TBwCDvxsnT2SDXIO3P08vXxSDCxdogzsHDxc7LySEg88/C09TXxc7O?= =?koi8-r?B?ycs=?= Message-ID: <000d01cdb1c9$15692e90$6400a8c0@minutiado221> Без посредников и наценки сдаем свои офисы в Москве Подробнее по тел +7(495)7.28.-00.20 From ascriptionfm6 at rowecord.com Wed Oct 24 03:29:07 2012 From: ascriptionfm6 at rowecord.com (=?koi8-r?B?IvTp8O/n8uHm6fEg8PLl5Ozh5+Hl9CI=?=) Date: Wed, 24 Oct 2012 15:29:07 +0500 Subject: =?koi8-r?B?7uUg5O/y7+fh8SDvxtPF1M7B0SDw5f7h9Pg=?= Message-ID: ТИПОГРАФИЯ ПРЕДЛАГАЕТ НЕ ДОРОГАЯ Офсетная ПЕЧАТЬ – Быстро, Качественно и в Максимально короткий срок.   ЖУРНАЛЫ, КАТАЛОГИ, БРОШЮРЫ, БУКЛЕТЫ, ЛИСТОВКИ ФЛАЕРЫ, ПАПКИ, КАЛЕНДАРИ КВАРТАЛЬНЫЕ, КАРМАННЫЕ и ДОМИКИ, ПОСТЕРЫ, ПЛАКАТЫ и АФИШЫ, ФИРМЕННЫЕ КОНВЕРТЫ, ПАКЕТЫ, ПЛАСТИКОВЫЕ КАРТЫ, ВИЗИТКИ на ДИЗАЙНЕРСКИХ БУМАГАХ, БАНЕРЫ, ШТЕНДЕРЫ и т. д.   тел.: (495) 500-98-93 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2964 bytes Desc: not available URL: From eugen at leitl.org Wed Oct 24 06:38:02 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 24 Oct 2012 15:38:02 +0200 Subject: [tor-talk] Child pornography, anonymity and free speech Message-ID: <20121024133802.GA9750@leitl.org> ----- Forwarded message from torop20 at hushmail.com ----- From eugen at leitl.org Wed Oct 24 07:38:14 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 24 Oct 2012 16:38:14 +0200 Subject: [tahoe-lafs-weekly-news] TWN 40 Message-ID: <20121024143814.GH9750@leitl.org> See the PogoPlug mention below. ----- Forwarded message from Patrick R McDonald ----- From eugen at leitl.org Wed Oct 24 07:53:13 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 24 Oct 2012 16:53:13 +0200 Subject: World's First Flying File-Sharing Drones in Action Message-ID: <20121024145313.GL9750@leitl.org> ----- Forwarded message from michael gurstein ----- From jd.cypherpunks at gmail.com Wed Oct 24 08:17:16 2012 From: jd.cypherpunks at gmail.com (jd.cypherpunks) Date: Wed, 24 Oct 2012 17:17:16 +0200 Subject: [liberationtech] Federal interception of CIA emails to journalists, and journalists emails to legal team In-Reply-To: References: <20121024080943.GK9750@leitl.org> Message-ID: John, I agree to everything you said. Regarding my experiences I think that commercial VPN providers and anonymizer - and yes, this includes Tor also - are one big honey trap. In this enviroment it's impossible to protect whistleblower and I advice everybody to avoid submissions via the net. --Michael 24.10.2012, 13:20 John Young : > Journalists lack of comsec has always been the weakest link of > unauthorized disclosures. > > Worse is the more pervasive comsec lack by the lazy > overly privileged and coddled publishing industry: publishers, attorneys, > permanent and temporary staff, janitors, visitorsm, messengers, wives > and husbands, children and friends asked to guide parents with > computers, housekeepers, ISPs, cellphone providers and those > pesky pests, insiders and black-baggers working the industry since > it was created and sustained to be all too trustworthy by spies and > sources. > > The miscreants deserve Scarlet Letters, since they seldom risk > punishment, not for publishing courage but for comsec negligence > and a persistent flood of leaks for which they put others at > risk with callous indifference bred by arrogance and constitutional > protection. > > Assange made four comsec mistakes: trusting new staff and > fair weather friends, believing best friends in the press would > protect him, believing confidential lawyers, then believing > national leaders -- all of them major leakers, social engineers > and targets of spies. What Lamo social engineered out of Manning > is kid stuff by comparison for the industries that thrive and > get rich on siphoning and leaking information. > > Never communicate with a member of the media, legal and > political gangs who will sacrifice you and avidly exploit your > cowering in a bolt hole or molderng at Leavenworth and > eagerly expect lengthy trials for more gush and actionable > intelligence on supporters, protestors, bloggers, journos, > and us blathering here and where else but Tor, the biggest > honey trap since religion. > > > > At 04:09 AM 10/24/2012, Eugen Leitl wrote: >> ----- Forwarded message from frank at journalistsecurity.net ----- >> >> From: frank at journalistsecurity.net >> Date: Tue, 23 Oct 2012 21:38:16 -0700 >> To: liberationtech >> Subject: [liberationtech] Federal interception of CIA emails to journalists, >> and journalists emails to legal team >> User-Agent: Workspace Webmail 5.6.26 >> Reply-To: liberationtech >> >> This case seems to be of value to the list. Ex-CIA Officer John Kiriakou >> on Tuesday pleaded guilty to disclosing the name of a CIA figure to >> former ABC News journalist Matthew Cole. The indictment against >> Kiraiakou released in April indicated that Federal authorities had >> obtained emails between Kiriakou and three journalists including Cole >> and another ABC News journalist along with Scott Shane of The New York >> Times. The indictment also indicates that authorities intercepted a >> subsequent email by Cole (with information from Kiriakou) to a defense >> investigator with attorneys for terror suspects being held in >> Guantanamo. >> >> http://www.nytimes.com/2012/10/24/us/former-cia-officer-pleads-guilty-in-leak -case.html?_r=0 >> http://www.politico.com/blogs/under-the-radar/2012/04/more-journalists-linked -to-case-charging-excia-officer-120047.html >> >> No case better underscores the need for U.S. journalists covering >> national security to start practicing digital security. More information >> may or may not become available. I'd welcome any thoughts here. Thank >> you. Frank >> >> >> Frank SmythExecutive DirectorGlobal Journalist >> Securityfrank at journalistsecurity.netTel. + 1 202 244 0717Cell + 1 202 >> 352 1736Twitter: @JournoSecurityWebsite: www.journalistsecurity.netPGP >> Public KeyPlease consider our Earth before printing this email. >> Confidentiality Notice: This email and any files transmitted with it are >> confidential. If you have received this email in error, please notify >> the sender and delete this message and any copies. If you are not the >> intended recipient, you are notified that disclosing, copying, >> distributing or taking any action in reliance on the contents of this >> information is strictly prohibited. >> >> -- >> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech >> >> ----- End forwarded message ----- >> -- >> Eugen* Leitl leitl http://leitl.org >> ______________________________________________________________ >> ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org >> 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From shamblesy848 at redbull.com Wed Oct 24 04:46:27 2012 From: shamblesy848 at redbull.com (=?koi8-r?B?IvTJ0M/H0sHGydEi?=) Date: Wed, 24 Oct 2012 18:46:27 +0700 Subject: =?koi8-r?B?LSDs1d7bwdEgw8XOwSDOwSDQxd7B1Ngg98HbxcfPIMvB1MHMz8fB?= Message-ID: <724E8C31E55A4BC48CBFC1F62A8AF4B0@PC2012042614GZD> Областная типография ГАРАНТИРУЕТ СУПЕРЦЕНЫ И СУПЕРСРОКИ на календари, буклеты, каталоги плакаты и др. - весь спектр полиграфии (кашированые изделия, плакаты, листовки, каталоги, брошюры...) - доставка бесплатно! - Доставка до заказчика! - Машины А1, А2, весь спектр постпечатной обработки! - сервис на 5+ - внимательное отношению к заказчикам - шоу-рум с образцами - м. Курская Просчитайте Ваши заказы в нашей Типографии! тел.84955897612 (с 9 до 19.00), 89260055496 (с 9 до 20.00) Почта: www.логотип-л.рф From eugen at leitl.org Wed Oct 24 10:30:46 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 24 Oct 2012 19:30:46 +0200 Subject: [tor-dev] New tech report: Counting daily bridge users Message-ID: <20121024173046.GR9750@leitl.org> ----- Forwarded message from Karsten Loesing ----- From edrigram at edri.org Wed Oct 24 10:05:46 2012 From: edrigram at edri.org (EDRi-gram) Date: Wed, 24 Oct 2012 20:05:46 +0300 Subject: EDRi-gram newsletter - Number 10.20, 24 October 2012 Message-ID: ====================================================================== EDRi-gram biweekly newsletter about digital civil rights in Europe Number 10.20, 24 October 2012 ======================================================================= Contents ======================================================================= 1. A week with EDRi Brussels 2. Google needs to improve its privacy practices 3. EDRi responds to umteenth public Net Neutrality consultation 4. Turkey: Internet Report on digital rights 2012 5. Google threatens to exclude the French online press from its search 6. Dutch proposal to search and destroy foreign computers 7. Details on German State Trojan programme 8. Recommended Action 9. Recommended Reading 10. Agenda 11. About ======================================================================= 1. A week with EDRi Brussels ======================================================================= Now that EDRi has taken up home in its new office in Brussels, we thought that it might be interesting to share a brief insight into what a typical week looks like for us. The truth is that there is no typical week, they are all wonderfully diverse. But just to give you a small taste of what it can be like, here is how EDRi's office agenda looked like last week:: Monday: Following some feverish work over the weekend, the final touches were put to our response to the consultation on net neutrality from the European Commission. We also continued our work on our position paper on the Directive on Collective Rights Management, which is at the start of the legislative process in the European Parliament. Tuesday: At lunchtime, our Executive Director took part in a lively debate organised by the European Telecommunications Networks Operators association (ETNO) and the GSM Association on the lack of consistency between the proposed General Data Protection Regulation and the existing E-Privacy Directive. The event was chaired by the MEP in charge of the dossier in the Internal Market and Consumer Protection Committee of the European Parliament (Italian EPP Member, Laura Comi). Other panellists were the European Data Protection Supervisor, Peter Hustinx, Lars Kindervater from Deutsche Telekom, Giuseppe Abbamonte from the European Commission and Cristina Vela from ETNO. On Tuesday evening, we also took part in an event at the Google office on activism. Wednesday: After months of cooperation with EDRi's members, our bprotectmydata.eub website dedicated to the review of the European Data Protection framework was launched. The website is the product of months of deliberation with members and observers, with a lot of the hard work being done by our current and former interns, particularly Elena Cantello and Owe Langfeldt. Our attention then turned to providing a comprehensive analysis of Laura Comi's draft Data Protection Opinion, which was communicated to the European Parliament and uploaded to our website today. Despite the number of concerns we have with the draft, we have already had very positive and constructive feedback from Ms Comi. On Wednesday afternoon, we took part in a hearing organised by Bulgarian Socialist MEP Ivalo Kalfin on the World Conference on International Telecommunications (WCIT). The other participants were Amelia Andersdotter (Sweden, Greens/EFA, Pirate Party), Eddy Hertog (European Commission) and Luigi Gambardella (ETNO). Thursday: In the morning, EDRi was one of the speakers at an event organised by the Progressive Group of Socialists and Democrats in the European Parliament entitled bCopyright: What is broken, how to mend it.b The meeting was opened by Group President Hannes Swoboda and Vice-President Sylvie Guillaume. Other speakers included the Institute for Information Law from the University of Amsterdam, the Association of European Performers' Organisations, the European Digital Media Association, Google, Deezer and the European Consumers' Bureau. On Thursday afternoon, we welcomed a delegation from the Dutch Police Academy. This is the second year where EDRi has participated in the European module of the further education programme of the academy. This year, we discussed the review of the European data protection framework. Friday: We participated in the European Commission's (DG Connect) half-day meeting on bcybersecurity from a societal perspectiveb. The event brought together a small group of cyber-security experts from around Europe to discuss European Commission funding under the Horizon2020 research programme in the security field. Through the week, we continued to receive applications for the post of bsenior office managerb. This is a post we need to fill in order to allow our policy staff to focus on policy and to ensure that we can build on our recent growth to defend citizens' rights online even more effectively. EDRi's new office contacts http://www.edri.org/newoffice EDRi website with comments on draft EU data protection legislation http://protectmydata.eu Net neutrality consultation response http://edri.org/files/15102012-EDRi_response_NN_915674309211628912.pdf Video of WCIT meeting http://webcasts.barouhandpartners.com/wcit2012/another_regulatory_threat_to_the_internet Presentation to the copyright event http://edri.org/files/copyright_presentation_20121018.pdf EDRi job vacancy - Office Manager Deadline - 6 November 2012 http://jobs.euractiv.com/node/84224 (Contribution by Joe McNamee - EDRi) ======================================================================= 2. Google needs to improve its privacy practices ======================================================================= On 16 October 2012, a letter signed by the 27 European Data Protection Authorities (DPAs) was sent to Google, asking for better privacy practices of the company, accusing Google of illegality and putting into question the viability of the companybs operations within the European legal environment. Following Googlebs decision to update its privacy policy starting with 1 March 2012 by combining about 60 different policies for its online services (search, Gmail, YouTube, Google+, and others ) into a single user privacy agreement, Article 29 Working Party mandated the French DPA (Commission Nationale de lbInformatique - CNIL) to lead an investigation into the new Google privacy policy. CNIL sent two questionnaires to Google but the company's answers were considered incomplete and approximate, especially on key issues such as the description of its personal data processing operations or the precise list of the product-specific privacy policies merged in the new policy. Based on CNIL findings, Data Protection authorities have drawn their common conclusions and made a series of recommendations. One of the major point of criticism is that "....Googlebs answers have not demonstrated that your company endorses the key data protection principles of purpose limitation, data quality, data minimization, proportionality and right to object. Indeed, the Privacy policy suggests the absence of any limit concerning the scope of the collection and the potential uses of the personal data." The EU DPAs ask Google to publicly commit to these principles. They also recommend that the company provides more clear information to its users on the data collected and purposes of its personal data processing operations, gives a better control over the combination of data across its numerous services and modifies its tools so as to avoid excessive data collection. One example given in CNILbs findings is related to credit card information: "Confidentiality rules do not make difference in treatment between a trivial content search and the number of credit card or telephone user. All these data can be used interchangeably for all the purposes mentioned in rules." The DPAs recommend that Google reinforces the users' consent to the combination of data for the purposes of service improvements, development of new services, advertising and analytics, by letting users choose when their data are combined. Google should have a legal basis to perform data combination of these purposes and data collection must also remain proportionate to the purposes pursued. For the present, for some of these purposes, the processing is not based on consent, Google's legitimate interests, or on the performance of a contract. Moreover, Google refused to provide retention periods for the personal data it processes. Google was given three to four months to comply with the recommendations or face sanctions. Letter from 27 European DPAs to Google (16.10.2012) http://www.cnil.fr/fileadmin/documents/en/20121016-letter_google-article_29-FINAL.pdf Appendix - Google Privacy Policy - Main Findings and Recommendations (16.10.2012) http://www.cnil.fr/fileadmin/documents/en/GOOGLE_PRIVACY_POLICY-_RECOMMENDATIONS-FINAL-EN.pdf Google's new privacy policy: incomplete information and uncontrolled combination of data across services (16.10.2012) http://www.cnil.fr/english/news-and-events/news/article/googles-new-privacy-policy-incomplete-information-and-uncontrolled-combination-of-data-across-ser/ European Data Regulators Slam Google Over Privacy Policy: bToo Largeb And Users Need More Control (But Not Illegal) (16.10.2012) http://techcrunch.com/2012/10/16/eu-data-regulators-slam-google-over-privacy-policy-its-too-large-and-users-need-more-control/ Europe to Google: respect our laws or face the consequences (16.10.2012) http://www.privacysurgeon.org/blog/incision/europe-to-google-respect-our-laws-or-face-the-consequences/ ======================================================================= 3. EDRi responds to umteenth public Net Neutrality consultation ======================================================================= This might sound like a running gag, but on 15 October 2012 EDRi submitted its umteenth response to the European Commission's umteenth consultation on net neutrality, traffic management, transparency and switching. As explained in the previous EDRi-gram, this is now the sixth consultation since Commissioner Neelie Kroes took office as the European Commissioner for the digital agenda. This new consultation elegantly ignores the European Parliament's resolution from last year in which it asked the Commission to present, within six months of the publication of BEREC's findings (29 May 2012), its views on "whether further regulatory measures are needed in order to ensure freedom of expression, freedom of access to information, freedom of choice for consumers, and media pluralism, to achieve effective competition and innovation." Since then, Commissioner Kroes not only received evidence from BEREC that network operators are indeed implementing blocking, degrading and the throttling of services, applications and content everywhere in Europe, she also managed to ignore the evidence gathered by the respectmynet.eu platform and displayed on netneutralitymap.org. It was therefore no surprise that answering the Commission's questionnaire was quite a challenge: Some of the questions made us worry that the Commission had somehow forgotten how the internet works, while some others clearly suggested that the Commission has since long given up on its initial commitment to net neutrality. For instance, the questionnaire started with a brief introduction to traffic management in which the Commission stated that btraffic managementb is ba wide range of technical practicesb and concluded that they can all be treated as if they were just one phenomenon, which is bab legitimate tool. In our view however, if the Commission believes that anti-competitive traffic management is, from a policy perspective identical to undertaking an urgent security measure then its competence to be running the consultation needs to be called into question. In addition, it was rather shocking to learn that the Commission is apparently not familiar with the European Data Protection Supervisor's opinion on net neutrality, traffic management and the protection of privacy in which he clearly warns that deep packet inspection (DPI) techniques have serious implications in terms of privacy and data protection. Lack of awareness of the EDPS opinion is the only explanation we can imagine for question number 10 of the consultation: "Are there any privacy risks arising from the use of DPI for traffic management purposes?" We cannot find any charitable explanation for the question "Are there alternative techniques for traffic management that do not involve deep packet inspection?". As we already explained in our response to a previous consultation on net neutrality and transparency, it is false and dangerous to assume that transparency and switching are major tools to achieve the regulatory objective of maintaining an open and competitive Internet. We have demonstrated that transparency policies do not provide all the necessary guarantees for a neutral and competitive Internet - which implies the necessity to support immediate regulation and to promote net neutrality as an objective for regulatory authorities. In view of the evidence the Commission's reaction of obfuscation, delay and distraction is simply incomprehensible. EDRi's response to the net neutrality questionnaire (15.10.2012) http://edri.org/files/15102012-EDRi_response_NN_915674309211628912.pdf European Parliament resolution on Net neutrality (17.11.2011) http://www.europarl.europa.eu/sides/getDoc.do?type=TA&reference=P7-TA-2011-0511&language=EN&ring=B7-2011-0572 European Data Protection Supervisor's opinion on net neutrality, traffic management and the protection of privacy (7.11.2011) http://ec.europa.eu/bepa/european-group-ethics/docs/activities/peter_hustinx_presentation_%281%29_15_rt_2011.pdf (Contribution by Kirsten Fiedler - EDRi) ======================================================================= 4. Turkey: Internet Report on digital rights 2012 ======================================================================= On 28 September 2012, the Turkish Internet Report 2012 was issued by EDRi observer Alternative Informatics Association showing a worrying tendency of Internet censorship and control from Turkish authorities. According to the report, more and more case have been filed against citizens for sharing "illegal content" on social networks. Such sharing on social networks started to be taken as bevidenceb for criminal charges such as membership of a terrorist organization and insults to bvalues and beliefsb. Astronomic penalties are demanded for very young detainees on the grounds that they make propaganda on social networks. While some States call bhacktivistb groups like Anonymous and LulzSec a bcyber threatb in a pre-cautious manner, Red Hack, which is a group of the same kind, is declared to be a bterroristb organization in a legally disputable way. Moreover, according to some news, a prosecution is likely to be started against several people following Red Hack on Twitter for they are said to be the bsympathizers of a terrorist organizationb. Social media sharing is turned into an offence by the new university discipline legislation; people are being arrested for the things they have posted or shared on social networks. On 8 September 2012, turk.internet.com declared that the Ministry of Health blacklisted about 200 websites because they misinform the public on some health problems such as losing weight, heart diseases and diabetics. The Ministry of Health established cooperation with the High Council for Telecommunication (TIB) for filtering throughout this process. Following this, it was announced on 14 September 2012 that the websites in question that cover some news portals, announcements, promotion campaigns and various digital equipment had been filtered as their content was harmful. However, this process, which poses a threat to the circulation of information and the freedom of expression, also proves that the public is unaware of the technical difference between blocking and filtering a website. TTNET, which owns the Internet backbone in Turkey and is the biggest Internet Service Provider (ISP) of the country, signed a business agreement in 2012 with the company called PHORM. After the experience of UK market, Phorm built an interface in which the userbs permission is asked. However, the system and the interface are still tricky. When the browser is closed without declining, the system opts-in the user as a lame website trick. Right after the beginning of the online campaign on Enphormasyon.org, Phormbs staff in Turkey began PR activities. On the other hand, TTNET that is responsible to its subscribers for providing continuous connection to the Internet and having been redirecting the users to the Phormbs site, has remained silent since 18 September 2012. Alternative Informatics Association has called the Information and Communications Technologies Authority (ICTA) for inspecting the system of Phorm and made an official complaint to the prosecution office on 17 October 2012. Some recent cases in Turkey have also proven that such events accelerate the production and circulation of hate speech online. The control on the social networks through the instant access denial is justified with sharing on social media. Particularly the Prime Ministerbs statement that bThere must be regulations against Islam-phobia in Muslim countriesb ignores the hate speech in different areas (political hate speech, hate speech against women, foreigners, immigrants, sexual identity, belief and sect- oriented hate speech). Given that even the existing laws are not completely and properly applied, is very difficult if not impossible to prevent hate speech through laws. From this perspective, Internet users must be very well informed about hate speech as well as the limits of democracy and freedom of expression. There is also a need to carry out educational activities in this field. bSafe Internetb, which is a filtering application, was carried into effect on 22 November 2011 by ICTA. This filtering is composed of family&child filtering and standard user options and the filtering words designated by ICTA are sent to all ISPs. Therefore, the words and websites to which access is prohibited/denied are determined by the State itself. Moreover, the application is not transparent at all. It narrows the freedom of expression and imposes one single family/child projection on the citizens. Protection of children and family cannot be a justification for the Statebs censorship. The filters in question can absolutely not offer a solution to safety issues. Safe Internet use can be ensured not with filters but through digital literacy. Among the OSCE countries, the only country that allows central filtering is, unfortunately, Turkey. Based on Engelliweb.com information, currently access to 20 792 websites is blocked in Turkey. What has happened on the Internet in Turkey in 2012? bProgress Report"(28.09.2012) https://yenimedya.wordpress.com/2012/10/05/what-has-happened-on-the-internet-in-turkey-in-2012-progress-report/ 200 websites blocked by the Ministry of Health (only in Turkish, 21.09.2012) http://www.turk.internet.com/portal/yazigoster.php?yaziid=38850, To the attention of all internet users and citizens!...(on PHORM in Turkey) http://www.enphormasyon.org/english.html Complaint against Phorm (only in Turkish) http://www.alternatifbilisim.org/wiki/Phorm_su%C3%A7_duyurusu Using Social Media for Hate Speech is not Freedom of Expression! (31.01.2012) https://yenimedya.wordpress.com/2012/01/31/using-social-media-for-hate-speech-is-not-freedom-of-expression/ Disabled web: Number of blocked websites in Turkey by category (only in Turkish) http://engelliweb.com/kategoriler EDRi-gram: Turkish plans to use IDs for accessing the Internet (10.10.2012) http://edri.org/edrigram/number10.19/turkey-ids-internet-usage (Contribution by TuDrul Comu - EDRi observer Alternative Informatics Association - Turkey) ======================================================================= 5. Google threatens to exclude the French online press from its search ======================================================================= GESTE, a French group of online editors, has been trying for a few years now to get part of Googlebs revenues generated by its news service with indexed titles. "Google has developed on our contentb said Corinne Denis, President of GESTE who also stated for C dition MultimC)di@: bWe have been discussing with them for years on this topic. And if they have kept their promise to never sell advertising on Google News, by including the news on their search engine, they have cleverly avoided the obstacleb. Therefore GESTE supports a new draft law, so-called blex Googleb (already presented in the last EDRi-gram), that may introduce a fee on hypertext links. A bfair remunerationb would be introduced through a fee applied on hypertext links. The draft law also introduces a three-year prison and a 300 000 Euro fine for reproducing or making available ball or part ofb press contents, without authorisation. Facing the perspective of a fee imposed on hyperlinks, Google threatens with excluding the French online press from its searching index. The company believes it has already done enough by bringing traffic to the sites it references. Google stated that what the draft law was meant for, was actually to interdict unpaid referencing. bAccording to the draft text that has been circulated since September, a new related right is to be created for a 5-year exclusive period, that would make mandatory the previous authorisation of press bodies for bany reproduction, making available for the public for sale, the exchange or communication to the public, online included, of all or a part of the press contents edited under their responsibilityb.b Last year, Google already excluded several Belgium newspapers from its index following a court decision taken a few months before. The situation was however resolved after a off-court settlement between the parties involved. Google threatens to ban the French press from its searching engine (only in French, 18.10.2012) http://www.numerama.com/magazine/24050-google-menace-de-bannir-la-presse-francaise-de-son-moteur-de-recherche.html For GESTE, Google is not a milk cow but it still has to pay (only in French, 13.10.2012) http://www.numerama.com/magazine/24015-pour-le-geste-google-n-est-pas-une-vache-a-lait-mais-doit-payer-quand-meme.html The facts about our position on |French copyright proposals (18.10.2012) http://googlepolicyeurope.blogspot.com/2012/10/the-facts-about-our-position-on-french.html The damaging effects of a draft law meant to interdict unpaid references of press articles in France (only in French, 10.1012) https://docs.google.com/viewer?srcid=0B92admnS83NKc3pULU5DZkdzQnM&pid=explorer&efh=false&a=v&chrome=false&embedded=true EDRi-gram: Ancillary copyright madness in Germany and France (26.09.2012) http://edri.org/edrigram/number10.18/ancillary-copyright-proposal-madness ======================================================================= 6. Dutch proposal to search and destroy foreign computers ======================================================================= On 15 October 2012, the Dutch Ministry of Justice and Security proposed powers for the police to break into computers, install spyware, search computers and destroy data. These powers would extend to computers located outside the Netherlands. EDRi member Bits of Freedom warns for the unacceptable risks to cybersecurity and calls on other countries to strongly oppose the proposal. The proposal would grant powers to the Dutch police to break into computers, as well as mobile phones, via the internet in order to: - install spyware, allowing the police to overtake the computer; - search data on the computer, including data on computers located in other countries; and - destroy data on the computer, including data on computers located in other countries. If the location of the computer cannot be determined, for example in the case of Tor-hidden services, the police is not required to submit a request for legal assistance to another country before breaking in. Under the current text, it is uncertain whether a legal assistance request would be legally required, or merely preferred, if the location of the computer is known. The exercise of these powers requires a warrant from a Dutch court. This proposal poses unacceptable risks. If the Dutch government gets the power to break into foreign computers, this gives other governments the basis to break into Dutch computers which infringe the laws of their country. The end result could be less security for all computer users, instead of more. This is even more true with regard to the power to destroy data on foreign computers; it is likely that other governments would be very interested in using such a power against Dutch interests. Furthermore, providing the government the power to break into computers provides a perverse incentive to keep information security weak. Millions of computers could remain badly secured because the government does not have an incentive to publish vulnerabilities quickly because it needs to exploit these vulnerabilities for enforcement purposes. In addition, spyware is difficult to control. Research from the EDRi member Chaos Computer Club demonstrates that, even though spyware from the German police was intended to be used to intercept only Skype calls, it could in practice be extended to take over the entire computer. In addition, the spyware itself could be remotely hacked by criminals as well, allowing them to take over the computer of a suspect. The risks above do not even touch on the privacy-issues yet. Breaking into a computer infringes the privacy not only of the suspect, but of all non-suspects whose data is also on the computer. And, somewhat related to this, the value of evidence gathered via these methods is at the least less obvious and will be harder to assess in court. The digital nature of the investigation makes it harder to prove that evidence was not fabricated or perhaps destroyed by the police. A legislative text implementing the highly controversial proposal will be introduced to the Parliament in the coming months. The law does not only concern the Netherlands: it concerns all countries whose IT-infrastructure may be affected. Bits of Freedom therefore calls on other countries to oppose the proposal. Laws like these make the internet a more dangerous place. Dutch Proposal (only in Dutch, 15.10.2012) http://www.rijksoverheid.nl/bestanden/documenten-en-publicaties/kamerstukken/2012/10/15/wetgeving-bestrijding-cybercrime/wetgeving-bestrijding-cybercrime-1.pdf CCC research on German police spyware (only in German, 26.10.2011) http://www.ccc.de/en/updates/2011/analysiert-aktueller-staatstrojaner EDRi-gram: German police accused of using a Trojan backdoor for interceptions (19.10.2011) http://www.edri.org/edrigram/number9.20/german-trojan-backdoor (Contribution by Ot van Daalen - EDRi member Bits of Freedom - Netherlands) ======================================================================= 7. Details on German State Trojan programme ======================================================================= Some documents spotted by the Annalist blog that were issued by the German Government in July 2012, within a parliamentary enquiry about expenditures by the German Federal Ministry of the Interior, clearly show more details about what was revealed a year ago by EDRi member CCC (Chaos Computer Club) - that the German police has been spying and monitoring Skype, Google Mail, MSN Hotmail, Yahoo Mail and Facebook communications. The tool used by the police is a Trojan programme created by Digitask company, the so-called bStaatstrojanerb. The German law allows the police to use data interception tools on computers for eavesdropping, but the Constitutional Court has introduced certain limitations interdicting the use of such tools to access private data or take control of a suspectbs computer. In 2011, the Ministry of Justice promised to give up the initial Trojan virus and have new software created internally: bThe software by DigiTask GmbH that was used in the past for computer surveillance (lawful interception) is not currently being used by federal public authorities any more. The software that will be used for computer surveillance will be developed by a competence centre established within the Federal Criminal Police Office. It will be safeguarded that the source code will be audited regarding its range of functions by qualified experts. It will also be accessible for the relevant authorities for data protection (among others the Federal Commissioner for Data Protection).b But the recent governmental expenditure documents show also that the German Government is far from being able to produce software for lawful interception that complies with the decision of the Federal Constitutional Court. bThe development of software by the Federal Criminal Office is presumably going to take months if not years. We may even have to ruefully admit that we lack the capability completely,b stated the spokesman on domestic policy of the Conservative Party. In France as well, since Loppsi2 legislation has come into force in 2011, the police is allowed to place spyware on the computers of people suspected by various crimes. This surveillance is however carried out under the authority of a judge who needs to explain why its usage was needed in that respective case. Hacker News Puzzle (17.10.2012) http://annalist.noblogs.org/post/2012/10/17/hacker-news-puzzle/ One year later:German police unable to develop bstate trojanb (12.10.2012) http://annalist.noblogs.org/post/2012/10/12/one-year-later-german-police-unable-to-develop-state-trojan/ German police monitors Skype, GoogleMail and Facebook chats (3.10.2012) http://annalist.noblogs.org/post/2012/10/03/german-police-monitors-skype-googlemail-and-facebook-chat/ German Gov't Inadvertently Reveals Police Monitor Gmail, Skype, Facebook & Use Snooping Malware (10.10.2012) https://www.techdirt.com/articles/20121009/08281520662/german-govt-inadvertently-reveals-police-monitor-gmail-skype-facebook-use-snooping-malware.shtml German police spyware is also targeting Skype, Gmail, Facebook...(only in French, 10.10.2012) http://www.numerama.com/magazine/23989-le-mouchard-de-la-police-allemande-vise-aussi-skype-gmail-facebook.html ======================================================================= 8. Recommended Action ======================================================================= Islands of Resilience Comparative Model for Energy, Connectivity and Jurisdiction Realizing European ICT possibilities through a case study of Iceland Request for comments will remain open until 1 November 2012 http://www.islandsofresilience.eu ======================================================================= 9. Recommended Reading ======================================================================= EuroISPA reacts on the controversial CleanIT Project (23.10.2012) http://www.euroispa.org/component/content/article?id=76 Article 29 Working Party - Opinion 08/2012 providing further input on the data protection reform discussions (5.10.2012) http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp199_en.pdf Neelie Kroes Vice-President of the European Commission responsible for the Digital Agenda Online privacy and online business: An update on Do Not Track The Centre for European Policy Studies (CEPS)/Brussels (11.10.2012) http://europa.eu/rapid/press-release_SPEECH-12-716_en.htm Slovakia Adopts FOI Act Amendments on Re-use (22.10.2012) http://epsiplatform.eu/content/slovakia-adopts-foi-act-amendments-re-use ======================================================================= 10. Agenda ======================================================================= 25-28 October 2012, Barcelona, Spain Free Culture Forum 2012 http://fcforum.net/ 3-4 November 2012, Baku, Azerbaijan Best Bits b a strategic gathering of NGOs around Internet governance and Internet principles http://igf-online.net/bestbits.pdf 6-9 November 2012, Baku, Azerbaijan Seventh Annual IGF Meeting: "Internet Governance for Sustainable Human, Economic and Social Development" http://www.intgovforum.org/cms/ 9-11 November 2012, Fulda, Germany Digitalisierte Gesellschaft - Wege und Irrwege FIfF Annual Conference in cooperation with Fuldaer Informatik Kollquium http://www.fiff.de/2012 29-30 November 2012, Brussels, Belgium For Your Eyes Only: Privacy, Empowerment and Technology in the context of Social Networks http://www.foryoureyesonly.be 4 December 2012, Brussels, Belgium 3rd Annual European Data Protection and Privacy Conference http://www.eu-ems.com/summary.asp?event_id=123&page_id=983 27-30 December 2012, Hamburg, Germany 29C3 - Chaos Communication Congress http://events.ccc.de/category/29c3/ 23-25 January 2013, Brussels, Belgium CPDP 2013 Conference - Reloading data protection CfP by 2 November 2012 http://www.cpdpconferences.org/callforpapers.html 21-22 March 2013, Malta Online Privacy: Consenting to your Future CfP by 3 December 2012 http://www.onlineprivacyconference.eu/ 6-8 May 2013, Berlin, Germany re:publica 2013 http://re-publica.de/12/2012/08/28/der-termin-steht-vom-06-08-mai-2013-geht-die-republica-in-die-siebte-runde/ 31 July b 4 August 2013, Geestmerambacht, Netherlands Observe. Hack. Make. - OHM2013 https://ohm2013.org/ ============================================================ 11. About ============================================================ EDRi-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRi has 32 members based or with offices in 20 different countries in Europe. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRi-gram. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and are visible on the EDRi website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 3.0 License. See the full text at http://creativecommons.org/licenses/by/3.0/ Newsletter editor: Bogdan Manolea Information about EDRI and its members: http://www.edri.org/ European Digital Rights needs your help in upholding digital rights in the EU. If you wish to help us promote digital rights, please consider making a private donation. http://www.edri.org/about/sponsoring http://flattr.com/thing/417077/edri-on-Flattr - EDRI-gram subscription information subscribe by e-mail To: edri-news-request at edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. Unsubscribe by e-mail To: edri-news-request at edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/mk/vesti/edri - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided by Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Wed Oct 24 12:03:00 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 24 Oct 2012 21:03:00 +0200 Subject: EDRi-gram newsletter - Number 10.20, 24 October 2012 Message-ID: <20121024190300.GV9750@leitl.org> ----- Forwarded message from EDRi-gram ----- From simon at bitcartel.com Wed Oct 24 21:43:03 2012 From: simon at bitcartel.com (Bitcartel Software) Date: Wed, 24 Oct 2012 21:43:03 -0700 Subject: [tahoe-dev] Blog post: Introducing BRIC (Bunch of Redundant Independent Clouds) Message-ID: Hi, I experimented with Tahoe-LAFS to cobble together a cheap (free) cloud from online storage providers. https://bitcartel.wordpress.com/2012/10/21/rbic-redundant-bunch-of-independent-clouds/ Lots of room for improvement, so feedback is most welcome. Cheers, Simon _______________________________________________ tahoe-dev mailing list tahoe-dev at tahoe-lafs.org https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Wed Oct 24 23:35:49 2012 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 25 Oct 2012 08:35:49 +0200 Subject: [cryptography] DKIM: Who cares? Message-ID: <20121025063549.GH9750@leitl.org> ----- Forwarded message from Peter Gutmann ----- From eugen at leitl.org Wed Oct 24 23:45:38 2012 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 25 Oct 2012 08:45:38 +0200 Subject: [tahoe-dev] Blog post: Introducing BRIC (Bunch of Redundant Independent Clouds) Message-ID: <20121025064538.GJ9750@leitl.org> ----- Forwarded message from Bitcartel Software ----- From jya at pipeline.com Thu Oct 25 08:24:36 2012 From: jya at pipeline.com (John Young) Date: Thu, 25 Oct 2012 11:24:36 -0400 Subject: "we can't possibly kill everyone who wants to harm us" but trying is "a necessary part of what we do" In-Reply-To: <20121025141324.GY9750@leitl.org> References: <20121025141324.GY9750@leitl.org> Message-ID: Greenwald's over-heated rhetoric reminds of Assange rushing from a staff meeting about his disdain of practicality while claiming melodramatically he has "two wars to fight." Greenwald has zero comprehension of the machinery, tactics, logistics, manpower, funding of large-scale warmaking. And only a bit of the "laws of war." Instead, he maneuvers media quotations in battle array, tabletop war gaming like think tank epicenes -- like litigators facilely fuming for the jury. Drones have become the new encryption fad wherein coders, bloggers and journalists believe themselves empowered to engage in global political struggles with mastery of coding combat and rhetorical war fighting about toy aircraft while the mass killing devices are ignored hovering over the little planes, protecting their airspace. Recall the delirium when it was bruited that encryption was a munitons right up there with ICBMs, aircraft carriers, B52s and Abrams tanks. Recall Tor as a valiant tool to liberate communications for freedom fighter though meticulously surveilled and protected by full spectrum dominance of US military might. Drones are being treated like the toys of Bob the Builder, simulacra of horrific slaughtering machines, but at a scale an armchair warrior can believe in just like the arm-chaired drone operators, and, coders breaking Big Balls a the desktop, or more recently, Anonymous and Lulzsec panicking the giant corporations -- or so the rhetoricians exult. Fine, let them playact being adults "fighting wars" while killing and maiming by means beyond their control continue to expand their mass targetings and consume even greater portions of the world's economy. Corresponding to the rise in militarism is the avid participation in futile opposition by those with no direct experience in brutal warfare but rely upon quoting each other's baseless rhetoric of opposition to seduce readers and fans just like them who play war games in media, on consoles, in code and in complicit cowardice to take no physical action against warmakers amply protected by freedom of expression. Lawful they always remain caged by ineffective taunts and rhetorical braggardy. Formulaic for writers, algorithmic for security coders. Hands always out for the king's coin. From eugen at leitl.org Thu Oct 25 02:43:01 2012 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 25 Oct 2012 11:43:01 +0200 Subject: Bitcoin, Dollars and Pot-Banging Protests in Argentina. Message-ID: <20121025094301.GQ9750@leitl.org> https://thebluemarket.wordpress.com/2012/10/18/bitcoin-dollars-and-pot-banging-protests-in-argentina/ Bitcoin, Dollars and Pot-Banging Protests in Argentina. This post is a peep into the underground exchange markets for dollars and bitcoins in Argentina. For the last couple of weeks, I have experienced the informal exchange of bitcoin and dollars on first hand in Buenos Aires. Furthermore, I have realized how both locals and expats may reap significant gains by using bitcoins as a medium of exchange. Inflation and Monetary Restrictions Before we dive into the details of the underground markets in Argentina, let me try to paint the picture of the current economic situation in Argentina. For several years the Argentine inflation rate has been bumping around 25-30% per annum, according to figures published by independent institutions. The Argentine government doesnbt recognize the independent estimates and has allied with INDEC, the National Statistics Institute, to calculate inflation figures 2-3 times lower than the independent figures. The interesting fact is that the pesobs fixed exchange rate with the dollar is only taking into account INDECbs inflation rate of 8-12%, causing overvaluation of the peso by not incorporating the true higher inflation rate. INDEC is indeed a neat implementation of an Orwellian bMinistry of Truthb, and the magic calculations have raised concerns with IMF who is threatening to expel Argentina from the organization. Naturally the high inflation rate has caused capital flight out of Argentina, and every Argentine with a bit of savings is looking to exchange their pesos into something more secure. In order to stop the capital flight and fortify the central bankbs reserves, the government has implemented strict measures to prevent Argentines from obtaining foreign currencies. For example, only if you are travelling abroad are you allowed to exchange pesos for dollars legally, but there is a limit of 100$ per day abroad. Recently the government also imposed a 15% tax on all foreign credit card purchases, and a 50% custom duty on any goods which Argentines purchased abroad. Aside from the outrageous taxes, this legislation completely flashes your personal banking details to government officials, who can then snoop on your shopping list. Estimated 200.000 people in the Plaza de Mayo demonstrating against government policies. The complex regulatory environment has caused Paypal to suspend all domestic transactions in Argentina. Ebay and Amazon has followed suit with similar restrictions. The Blue Dollar In Argentina the dollar you care about is blue. The reason is that the difficulty for locals to acquire dollars through traditional means has fueled a secondary dollar exchange market. The unofficial exchange rate, known as the bblue dollar rateb, is approximately 25% higher than the official rate. For expats, itbs a no-brainer that you are being ripped-off by withdrawing cash at ATMs from established banks, where the withdrawal is conducted at the official exchange rate currently around $ARS 4.70 pesos per dollar. In comparison, if you exchange USD on the bblue marketb you get around $ARS 6.20 pesos per dollar. Luckily before travelling to Argentina, my girlfriend and I were tipped off to this news and carried along dollars in cash when entering the country. One can exchange dollars at the blue market rate simply by heading to Bs. Aires main shopping street, Calle Florida. Here lots of street vendors are drifting around advertising their business to anyone who looks like a potential customer. The street vendors here are known as arbolitos by locals. Arbolitos means blittle treesb, a reference to the street vendors are full of bgreen leavesb. If you are looking to exchange dollars the street vendors will quickly approach you and provide a quote. If you accept the quote, you just head to a nearby jewelry or electronics shop and complete the transaction. Above approach is generally safe but I wasnbt too keen on exchanging dollars with street vendors. Instead I posted a small note on an online forum and got in contact with a couple living in Buenos Aires, who were eager to exchange dollars for pesos at the blue market rate. The snapshot below is the result of this exchange b and what an underground dollar market looks like. The Bitcoin Hero The dollars we brought into Argentina are soon running out, and we have been looking for alternatives to increase our dollar reserves. One approach is to cross the border to Uruguay b but you have the hassle of ATM withdrawal limits and the risk of travelling with lots of cash. There is also a service called Xoom, which allows you to transfer money from abroad to various pick-up locations in Bs. Aires. The magic of Xoom is that they somehow manage to provide the blue dollar exchange rate. Unfortunately they also require a US bank account to use its services. Another possibility is Bitcoin, a new electronic currency, which has been flourishing online for the last couple of years. In our situation Bitcoin has turned out to be a great vehicle to transfer money into Argentina and achieve the blue dollar exchange rate. I completed my first bitcoin to pesos transaction last week and gained 25% in comparison to the official exchange rate. The way it works is that you simply buy some bitcoins online through one of the many bitcoin exchanges. Mt.Gox is by far the largest but there are local alternatives as well, such as Bitcoin Nordic. Once you have your bitcoins you identify an Argentine who is on the market for bitcoins at the blue dollar rate. Given the economic situation there are lots of Argentines who are looking to get rid of pesos in exchange for other more secure assets. In my case I circulated a note to Eudemocraciabs bitcoin mailing list announcing that I was interested in selling bitcoins. The price I offered was the Mt.Gox USD price converted to pesos at the blue USD exchange rate. Based on the number of replies this was an attractive offer, and after some email correspondence, I agreed to meet up with one contact and conduct the transaction. After getting the agreed pesos in cash I made a one-click transfer of bitcoins to his online bitcoin wallet. A bitcoin transfer is instant and non reversible, and the picture below shows how we could confirm completion of the transaction on the spot. Because of the dollar restrictions and the escalating inflation the demand for bitcoins in Argentina is greater than our personal need for pesos. Therefore, if you are an expat or just travelling through I encourage you to explore bitcoin as an alternative to finance your stay. Not only will you get a 25% higher exchange rate but you will also help locals protect their savings from being hollowed by inflation. I believe the bitcoin adventure is just kicking off in Argentina. Also Ibm keen to see how the 200.000 Argentines demonstrating for libertad in the Plaza de Mayo might use bitcoin to fight the monetary restrictions themselves. Maybe itbs an even better approach than banging a pot? From selleruv2 at radware.com Wed Oct 24 21:54:28 2012 From: selleruv2 at radware.com (=?koi8-r?B?IuUt7cHSy8XUyc7HIg==?=) Date: Thu, 25 Oct 2012 11:54:28 +0700 Subject: =?koi8-r?B?OCDSwdPT2czPyyDawSAxMCAwMDAg0tXCzMXKICvIz9PUyc7HIM7BIM3F?= =?koi8-r?B?09HDINcg8O/k4fLv6w==?= Message-ID: <85093788CDA648D0A68C4C9956CE350B@thong> 2 рассылки - 5 000 8 рассылок - 10 000 + Хостинг в подарок и домен РФ 22 рассылки + повтор в день выхода - 20 000 + Хостинг в подарок и домен РФ База Россия 23 млн Мы советуем делать не 1 рассылку и даже не 2. И по возможности в этих рассылках не менять текст и вид письма хотя бы в двух рассылках. Реклама, даже такая, все равно реклама, и она строится на основах психологии. Вы замечали, что вся реклама идет "Валом". По телевизору часто можно увидеть, что рекламный ролик идет дважды. Существует психологическая схема восприятия товара. Вот смотрите: Вы получили письмо первый раз, и почти наверняка его удалите даже не рассматривая. Елси вам оно пришло еще раз, вы посмотрите и удалите. На третий раз, оно вас разозлит и вы его прочтете. А потом уже, получив его, подсознательно задумаетесь: "а может оно мне нужно...". Реклама идет по принципу детской игры "Купи слона", под конец все говорят "хорошо куплю"! Тел: (495) 585-79-04 ICQ: 286 926 971 Написать нам : www.письмо-онлайн.рф ОТПИСАТЬСЯ: www.отписаться-тут.рф From pgut001 at cs.auckland.ac.nz Wed Oct 24 16:21:56 2012 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Thu, 25 Oct 2012 12:21:56 +1300 Subject: [cryptography] DKIM: Who cares? Message-ID: Steven Bellovin recently forwarded the following link to another list: http://www.wired.com/threatlevel/2012/10/dkim-vulnerability-widespread/all/ In summary, it turns out that what seems like half the world's DKIM users are using toy keys as short as 384 bits. This isn't just Joe's Pizza and Panelbeating, it's a worldwide who's-who of big-site DKIM users all using weak keys. Does anyone know why they all do this? Since it's so widespread, my guess is that the organisations involved don't really care about it and are just going through the motions, "we're doing this for form's sake and because not doing so would look bad, not because we believe it adds anything worthwhile". Peter. _______________________________________________ cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From centeredm883 at rmpg.com Wed Oct 24 23:14:51 2012 From: centeredm883 at rmpg.com (=?koi8-r?B?IvPl8vTp5unr4fQi?=) Date: Thu, 25 Oct 2012 13:14:51 +0700 Subject: =?koi8-r?B?79DMwdTBINDP08zFINDPzNXexc7J0SDz5fL06ebp6+H04Q==?= Message-ID: <6E8ED24832B0452B90529119BBD6046A@DONGTAY1020GRH> Все виды сертификации АКЦИЯ Оплата после получения СЕРТИФИКАТА Только у нас СЕРТИФИКАТ СООТВЕТСТВИЯ (ГОСТ Р) ЗА 1 ДЕНЬ!!! +7 495 727 59 66 www.сертификация-быстро.рф From gfoster at entersection.org Thu Oct 25 11:38:49 2012 From: gfoster at entersection.org (Gregory Foster) Date: Thu, 25 Oct 2012 13:38:49 -0500 Subject: [drone-list] @HumanRightsNYU schools UN rapporteur on lethal autonomy Message-ID: NYU Center for Human Rights and Global Justice (Oct 19) - "Global Justice Clinic Hosts Expert Consultation on Lethal Autonomous Weapons Systems (Oct 21)" [1]http://chrgj.org/global-justice-clinic-hosts-expert-consultation-on- lethal-autonomous-weapons-systems/ via [2]@SarahKnuckey, who organized the event, and whom I hope will give us an update on how it went. gf -- Gregory Foster || [3]gfoster at entersection.org @gregoryfoster <> [4]http://entersection.com/ References 1. http://chrgj.org/global-justice-clinic-hosts-expert-consultation-on-lethal-autonomous-weapons-systems/ 2. http://twitter.com/SarahKnuckey 3. mailto:gfoster at entersection.org 4. http://entersection.com/ _______________________________________________ drone-list mailing list drone-list at lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/drone-list If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. Should you need immediate assistance, please contact the list moderator. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From secretariatsh7 at retela.co.jp Wed Oct 24 23:53:21 2012 From: secretariatsh7 at retela.co.jp (=?koi8-r?B?887J2tggzsHMz8fJ?=) Date: Thu, 25 Oct 2012 13:53:21 +0700 Subject: =?koi8-r?B?68HLINrB3cnUydTYIMkg08vS2dTYINfMwcTFzNjDwSDPxsbbz9LBPw==?= =?koi8-r?B?IA==?= Message-ID: <01cdb2b8$1861c680$0a65a8c0@untwistingyjcq9> К письму прилагается приложение -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 568 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 91140.gif Type: image/gif Size: 28113 bytes Desc: not available URL: From aaron at digitalinfinity.net Thu Oct 25 14:49:23 2012 From: aaron at digitalinfinity.net (Aaron Grattafiori) Date: Thu, 25 Oct 2012 14:49:23 -0700 Subject: [cryptography] anyone got a "how not to use OpenSSL" list? Message-ID: While more "proper" uses of OpenSSL vs improper, participates of the discussion might enjoy the following whitepaper and tool release by iSEC Partners and an Academic look at popular non-browser SSL failures (bottom): https://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html "Everything Youbve Always Wanted to Know About Certificate Validation With OpenSSL": https://www.isecpartners.com/storage/files/everything-you-wanted-to-know-about-openssl.pdf "TLSPretense is a tool for testing certificate and hostname validation as part of an TLS/SSL connection" https://github.com/iSECPartners/tlspretense This was released in tandem with Dan Boneh, M. Georgiev, S. Iyengar, S. Jana, R. Anubhai's SSL paper: "The most dangerous code in the world: validating SSL certificates in non-browser software": https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html -Aaron On Wed, Oct 24, 2012 at 8:41 PM, Jeffrey Walton wrote: > On Wed, Oct 10, 2012 at 1:34 PM, > wrote: >> I want to find common improper usages of OpenSSL library for SSL/TLS. >> >> Can be reverse-engineered from a "how to properly use OpenSSL" FAQ, >> probably, but would prefer information to the first point rather than >> its complement. >> -- >> http://www.subspacefield.org/~travis/ > Calling RAND_pseudo_bytes instead of RAND_bytes. To make matters > worst, they return slightly different values - 0 means failure for > RAND_bytes; while 0 means "non-cryptographic bytes have been returned" > for RAND_pseudo_bytes. > _______________________________________________ > cryptography mailing list > cryptography at randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography _______________________________________________ cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From picnics006 at rostad.com Thu Oct 25 01:00:08 2012 From: picnics006 at rostad.com (=?koi8-r?B?IuHMxcvTIg==?=) Date: Thu, 25 Oct 2012 15:00:08 +0700 Subject: =?koi8-r?B?89LP3s7PIPDSz8TBwC0g8sHCz97JxSDTwcrU2SDQzyDSxc3PztTVICYg?= =?koi8-r?B?wsnazsXTIPDMwdPUycvP19nFIMvB0tTZ?= Message-ID: <154F26E46BF04009BBF4245188BF207B@ATOHC01> К названию сайтам добавить точку и RU вконце! remontkvartirmsk 40тр remontkvartirmoskva 20тр remontliftov - 1 место в яндексе (ремонт лифтов), отличный бренд, 30 тр golden-card 30тр Пластиковые карты К названию сайтам добавить точку и RU вконце! Сайтам более 2х лет – приносят заказы. Продаются вместе с красивыми доменными именами! Вам остается только поменять на сайте контакты на свои - телефон, разместить Ваши цены и начинать работать. Продается по номиналу, без торгов. Алекс 8-9-2-6 2-2-3 три пять ноль шесть скайп fastdolg From paralyticsh4 at rotarylift.com Thu Oct 25 00:10:02 2012 From: paralyticsh4 at rotarylift.com (=?koi8-r?B?IvTJ0M/H0sHGydEi?=) Date: Thu, 25 Oct 2012 15:10:02 +0800 Subject: =?koi8-r?B?8NLP097F1CD3wdvFx88gwtXLzMXUwQ==?= Message-ID: Акция 25 октября: при заказе полиграфии на сумму от 15 000 руб и выше - 300 визиток или дизайн открытки в подарок! ОБЛАСТНАЯ ТИПОГРАФИЯ ГАРАНТИРУЕТ ЛУЧШИЕ ЦЕНЫ В РОССИИ на печать календарей, буклетов, каталогов, плакатов и др. тел.84955897612 (с 9 до 19.00) 84959407322 (с 9 до 20.00) - ВСЯ ПОЛИГРАФИЯ (кашированые изделия, плакаты, листовки, каталоги, брошюры...) - Доставка до заказчика бесплатно! - Печатаем форматом А1, А2, 4 - 5 красок, КБС, ВШРА, выборочный лак - полный спектр постпечатной обработки! - шоу-рум с образцами - Курская Просчитайте Ваши заказы в нашей Типографии! Почта: www.логотип-л.рф From eugen at leitl.org Thu Oct 25 07:13:24 2012 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 25 Oct 2012 16:13:24 +0200 Subject: "we can't possibly kill everyone who wants to harm us" but trying is "a necessary part of what we do" Message-ID: <20121025141324.GY9750@leitl.org> (I still can't understand how Pol Pot, Stalin and Hitler were never nominated for a Nobel Peace Price). http://www.guardian.co.uk/commentisfree/2012/oct/24/obama-terrorism-kill-list?smash Obama moves to make the War on Terror permanent Complete with a newly coined, creepy Orwellian euphemism b 'disposition matrix' b the administration institutionalizes the most extremist powers a government can claim Glenn Greenwald guardian.co.uk, Wednesday 24 October 2012 13.17 BST National Counterterrorism Center FBI The National Counterterrorism Center, the site of a new bureaucracy to institutionalize the 'kill list'. Photograph: FBI (updated below - Update II - Update III) A primary reason for opposing the acquisition of abusive powers and civil liberties erosions is that they virtually always become permanent, vested not only in current leaders one may love and trust but also future officials who seem more menacing and less benign. The Washington Post has a crucial and disturbing story this morning by Greg Miller about the concerted efforts by the Obama administration to fully institutionalize b to make officially permanent b the most extremist powers it has exercised in the name of the war on terror. Based on interviews with "current and former officials from the White House and the Pentagon, as well as intelligence and counterterrorism agencies", Miller reports that as "the United States' conventional wars are winding down", the Obama administration "expects to continue adding names to kill or capture lists for years" (the "capture" part of that list is little more than symbolic, as the US focus is overwhelmingly on the "kill" part). Specifically, "among senior Obama administration officials, there is broad consensus that such operations are likely to be extended at least another decade." As Miller puts it: "That timeline suggests that the United States has reached only the midpoint of what was once known as the global war on terrorism." In pursuit of this goal, "White House counterterrorism adviser John O Brennan is seeking to codify the administration's approach to generating capture/kill lists, part of a broader effort to guide future administrations through the counterterrorism processes that Obama has embraced." All of this, writes Miller, demonstrates "the extent to which Obama has institutionalized the highly classified practice of targeted killing, transforming ad-hoc elements into a counterterrorism infrastructure capable of sustaining a seemingly permanent war." The Post article cites numerous recent developments reflecting this Obama effort, including the fact that "CIA Director David H Petraeus is pushing for an expansion of the agency's fleet of armed drones", which "reflects the agency's transformation into a paramilitary force, and makes clear that it does not intend to dismantle its drone program and return to its pre-September 11 focus on gathering intelligence." The article also describes rapid expansion of commando operations by the US Joint Special Operations Command (JSOC) and, perhaps most disturbingly, the creation of a permanent bureaucratic infrastructure to allow the president to assassinate at will: "JSOC also has established a secret targeting center across the Potomac River from Washington, current and former U.S. officials said. The elite command's targeting cells have traditionally been located near the front lines of its missions, including in Iraq and Afghanistan. But JSOC created a 'national capital region' task force that is a 15-minute commute from the White House so it could be more directly involved in deliberations about al-Qaeda lists." The creepiest aspect of this development is the christening of a new Orwellian euphemism for due-process-free presidential assassinations: "disposition matrix". Writes Miller: "Over the past two years, the Obama administration has been secretly developing a new blueprint for pursuing terrorists, a next-generation targeting list called the 'disposition matrix'. "The matrix contains the names of terrorism suspects arrayed against an accounting of the resources being marshaled to track them down, including sealed indictments and clandestine operations. US officials said the database is designed to go beyond existing kill lists, mapping plans for the 'disposition' of suspects beyond the reach of American drones." The "disposition matrix" has been developed and will be overseen by the National Counterterrorism Center (NCTC). One of its purposes is "to augment" the "separate but overlapping kill lists" maintained by the CIA and the Pentagon: to serve, in other words, as the centralized clearinghouse for determining who will be executed without due process based upon how one fits into the executive branch's "matrix". As Miller describes it, it is "a single, continually evolving database" which includes "biographies, locations, known associates and affiliated organizations" as well as "strategies for taking targets down, including extradition requests, capture operations and drone patrols". This analytical system that determines people's "disposition" will undoubtedly be kept completely secret; Marcy Wheeler sardonically said that she was "looking forward to the government's arguments explaining why it won't release the disposition matrix to ACLU under FOIA". This was all motivated by Obama's refusal to arrest or detain terrorist suspects, and his resulting commitment simply to killing them at will (his will). Miller quotes "a former US counterterrorism official involved in developing the matrix" as explaining the impetus behind the program this way: "We had a disposition problem." The central role played by the NCTC in determining who should be killed b "It is the keeper of the criteria," says one official to the Post b is, by itself, rather odious. As Kade Crockford of the ACLU of Massachusetts noted in response to this story, the ACLU has long warned that the real purpose of the NCTC b despite its nominal focus on terrorism - is the "massive, secretive data collection and mining of trillions of points of data about most people in the United States". In particular, the NCTC operates a gigantic data-mining operation, in which all sorts of information about innocent Americans is systematically monitored, stored, and analyzed. This includes "records from law enforcement investigations, health information, employment history, travel and student records" b "literally anything the government collects would be fair game". In other words, the NCTC - now vested with the power to determine the proper "disposition" of terrorist suspects - is the same agency that is at the center of the ubiquitous, unaccountable surveillance state aimed at American citizens. Worse still, as the ACLU's legislative counsel Chris Calabrese documented back in July in a must-read analysis, Obama officials very recently abolished safeguards on how this information can be used. Whereas the agency, during the Bush years, was barred from storing non-terrorist-related information about innocent Americans for more than 180 days b a limit which "meant that NCTC was dissuaded from collecting large databases filled with information on innocent Americans" b it is now free to do so. Obama officials eliminated this constraint by authorizing the NCTC "to collect and 'continually assess' information on innocent Americans for up to five years". And, as usual, this agency engages in these incredibly powerful and invasive processes with virtually no democratic accountability: "All of this is happening with very little oversight. Controls over the NCTC are mostly internal to the DNI's office, and important oversight bodies such as Congress and the President's Intelligence Oversight Board aren't notified even of 'significant' failures to comply with the Guidelines. Fundamental legal protections are being sidestepped. For example, under the new guidelines, Privacy Act notices (legal requirements to describe how databases are used) must be completed by the agency that collected the information. This is in spite of the fact that those agencies have no idea what NCTC is actually doing with the information once it collects it. "All of this amounts to a reboot of the Total Information Awareness Program that Americans rejected so vigorously right after 9/11." It doesn't require any conspiracy theorizing to see what's happening here. Indeed, it takes extreme naivetC), or wilful blindness, not to see it. What has been created here - permanently institutionalized - is a highly secretive executive branch agency that simultaneously engages in two functions: (1) it collects and analyzes massive amounts of surveillance data about all Americans without any judicial review let alone search warrants, and (2) creates and implements a "matrix" that determines the "disposition" of suspects, up to and including execution, without a whiff of due process or oversight. It is simultaneously a surveillance state and a secretive, unaccountable judicial body that analyzes who you are and then decrees what should be done with you, how you should be "disposed" of, beyond the reach of any minimal accountability or transparency. The Post's Miller recognizes the watershed moment this represents: "The creation of the matrix and the institutionalization of kill/capture lists reflect a shift that is as psychological as it is strategic." As he explains, extra-judicial assassination was once deemed so extremist that very extensive deliberations were required before Bill Clinton could target even Osama bin Laden for death by lobbing cruise missiles in East Africa. But: Targeted killing is now so routine that the Obama administration has spent much of the past year codifying and streamlining the processes that sustain it. To understand the Obama legacy, please re-read that sentence. As Murtaza Hussain put it when reacting to the Post story: "The US agonized over the targeted killing Bin Laden at Tarnak Farms in 1998; now it kills people it barely suspects of anything on a regular basis." The pragmatic inanity of the mentality driving this is self-evident: as I discussed yesterday (and many other times), continuous killing does not eliminate violence aimed at the US but rather guarantees its permanent expansion. As a result, wrote Miller, "officials said no clear end is in sight" when it comes to the war against "terrorists" because, said one official, "we can't possibly kill everyone who wants to harm us" but trying is "a necessary part of what we do". Of course, the more the US kills and kills and kills, the more people there are who "want to harm us". That's the logic that has resulted in a permanent war on terror. But even more significant is the truly radical vision of government in which this is all grounded. The core guarantee of western justice since the Magna Carta was codified in the US by the fifth amendment to the constitution: "No person shall . . . be deprived of life, liberty, or property, without due process of law." You simply cannot have a free society, a worthwhile political system, without that guarantee, that constraint on the ultimate abusive state power, being honored. And yet what the Post is describing, what we have had for years, is a system of government that b without hyperbole b is the very antithesis of that liberty. It is literally impossible to imagine a more violent repudiation of the basic blueprint of the republic than the development of a secretive, totally unaccountable executive branch agency that simultaneously collects information about all citizens and then applies a "disposition matrix" to determine what punishment should be meted out. This is classic political dystopia brought to reality (despite how compelled such a conclusion is by these indisputable facts, many Americans will view such a claim as an exaggeration, paranoia, or worse because of this psychological dynamic I described here which leads many good passive westerners to believe that true oppression, by definition, is something that happens only elsewhere). In response to the Post story, Chris Hayes asked: "If you have a 'kill list', but the list keeps growing, are you succeeding?" The answer all depends upon what the objective is. As the Founders all recognized, nothing vests elites with power b and profit b more than a state of war. That is why there were supposed to be substantial barriers to having them start and continue - the need for a Congressional declaration, the constitutional bar on funding the military for more than two years at a time, the prohibition on standing armies, etc. Here is how John Jay put it in Federalist No 4: "It is too true, however disgraceful it may be to human nature, that nations in general will make war whenever they have a prospect of getting anything by it; nay, absolute monarchs will often make war when their nations are to get nothing by it, but for the purposes and objects merely personal, such as thirst for military glory, revenge for personal affronts, ambition, or private compacts to aggrandize or support their particular families or partisans. These and a variety of other motives, which affect only the mind of the sovereign, often lead him to engage in wars not sanctified by justice or the voice and interests of his people." In sum, there are factions in many governments that crave a state of endless war because that is when power is least constrained and profit most abundant. What the Post is reporting is yet another significant step toward that state, and it is undoubtedly driven, at least on the part of some, by a self-interested desire to ensure the continuation of endless war and the powers and benefits it vests. So to answer Hayes' question: the endless expansion of a kill list and the unaccountable, always-expanding powers needed to implement it does indeed represent a great success for many. Read what John Jay wrote in the above passage to see why that is, and why few, if any, political developments should be regarded as more pernicious. Detention policies Assuming the Post's estimates are correct b that "among senior Obama administration officials, there is broad consensus that such operations are likely to be extended at least another decade" b this means that the war on terror will last for more than 20 years, far longer than any other American war. This is what has always made the rationale for indefinite detention b that it is permissible to detain people without due process until the "end of hostilities" b so warped in this context. Those who are advocating that are endorsing nothing less than life imprisonment - permanent incarceration b without any charges or opportunities to contest the accusations. That people are now dying at Guantanamo after almost a decade in a cage with no charges highlights just how repressive that power is. Extend that mentality to secret, due-process-free assassinations b something the US government clearly intends to convert into a permanent fixture of American political life b and it is not difficult to see just how truly extremist and anti-democratic "war on terror" proponents in both political parties have become. UPDATE As I noted yesterday, Afghan officials reported that three Afghan children were killed on Saturday by NATO operations. Today, reports CNN, "missiles blew up part of a compound Wednesday in northwest Pakistan, killing three people - including one woman" and added: "the latest suspected U.S. drone strike also injured two children." Meanwhile, former Obama press secretary and current campaign adviser Robert Gibbs this week justified the US killing of 16-year-old American Abdulrahaman Awlaki, killed by a US drone in Yemen two weeks after his father was, on the ground that he "should have a far more responsible father". Also yesterday, CNN profiled Abu Sufyan Said al-Shihri, alleged to be a top al-Qaida official in Yemen. He pointed out "that U.S. drone strikes are helping al-Qaida in Yemen because of the number of civilian deaths they cause." Ample evidence supports his observation. To summarize all this: the US does not interfere in the Muslim world and maintain an endless war on terror because of the terrorist threat. It has a terrorist threat because of its interference in the Muslim world and its endless war on terror. UPDATE II The Council on Foreign Relations' Micah Zenko, writing today about the Post article, reports: "Recently, I spoke to a military official with extensive and wide-ranging experience in the special operations world, and who has had direct exposure to the targeted killing program. To emphasize how easy targeted killings by special operations forces or drones has become, this official flicked his hand back over and over, stating: 'It really is like swatting flies. We can do it forever easily and you feel nothing. But how often do you really think about killing a fly?'" That is disturbingly consistent with prior reports that the military's term for drone victims is "bug splat". This - this warped power and the accompanying dehumanizing mindset - is what is being institutionalized as a permanent fixture in American political life by the current president. UPDATE III At Wired, Spencer Ackerman reacts to the Post article with an analysis entitled "President Romney Can Thank Obama for His Permanent Robotic Death List". Here is his concluding paragraph: "Obama did not run for president to preside over the codification of a global war fought in secret. But that's his legacy. . . . Micah Zenko at the Council on Foreign Relations writes that Obama's predecessors in the Bush administration 'were actually much more conscious and thoughtful about the long-term implications of targeted killings', because they feared the political consequences that might come when the U.S. embraces something at least superficially similar to assassination. Whoever follows Obama in the Oval Office can thank him for proving those consequences don't meaningfully exist b as he or she reviews the backlog of names on the Disposition Matrix." It's worth devoting a moment to letting that sink in. From eugen at leitl.org Thu Oct 25 08:08:17 2012 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 25 Oct 2012 17:08:17 +0200 Subject: The Old Radical: How Bitcoin Is Being Destroyed Message-ID: <20121025150817.GE9750@leitl.org> http://www.dgcmagazine.com/the-old-radical-how-bitcoin-is-being-destroyed/ The Old Radical: How Bitcoin Is Being Destroyed Posted on October 24, 2012 by Julia This piece was recently sent to me by ban old radical.b The message is perhaps a bit harsh, but I have to admit, all I can do is grimace and nod in agreement to this thesisb& bBitcoin and state banking systems are born enemies: only one can survive. If you are imagining that they can peacefully coexist, you are fooling yourself.b I was a radical before most of you Bitcoin users were born. That doesnbt make me any better than you (hopefully I did a few things to make you better than myself), but it does give me a better perspective; time just works that way. Ibve been watching the recent developments in the Bitcoin markets, and having seen this drama before (too many times), I thought Ibd pass along a lesson. This will strike its target in some of you, but others of you are also likely to reject it, because it doesnbt match what you want to be true. Herebs the lesson: Trying to go blegitb will destroy the Bitcoin market. For those of you who havenbt turned away, Ibll explain: Therebs nothing really wrong with Bitcoin itself. The developers are doing a nice job of addressing its problems and a heartening number of people have jumped up to create new tools and new services. No problem here. The problem is that too many people in the Bitcoin market are thinking the old way. Understand this: Bitcoin is a new thing b it is not compatible with the old financial system. Bitcoin and state banking systems are born enemies: only one can survive. If you are imagining that they can peacefully coexist, you are fooling yourself. Bitcoin exposes the fraud that is state banking. If you think that politicians and bankers will calmly allow it to take over a significant percentage of world financial flows, youbre in denial. States will come after Bitcoin, and hard. They have no choice. Their money can only exist if there are no competitors. Alan Greenspan may have done a lot of bad things, but he is not stupid. And before his adventures at the Fed, he wrote this: (Under a fiat system), there is no way to protect savings from confiscation through inflationb& If there were, the government would have to make its holding illegal, as was done in the case of gold. What gold was then, Bitcoin is nowb& times five. So, let me try this again: Going legit gives the state a handle to grab you with. bLegitb means registered and regulated, doesnbt it? You have to tell them your name, where you live, and where you put your money, right? It means that they can control you whenever they want to. There are two big reasons why Bitcoin people are tempted to go blegitb: They want to get mega-rich fast, like Mark Zuckerberg. They have been trained to be obedient and canbt unlearn it. They are compelled to believe that the government is basically good. It must just be one bad politician or one bad law. #2 is what destroyed e-gold, and it looks like #1 is what killed GLBSE. Because of GLBSE, Bitcoin is now being regarded as a currency and states will start to regulate it as one. That means that theybll attack the public exchangers and force everyone possible to comply with their rules. Sob& itbs time to man-up, or to crumble. (Interestingly, there is often a larger percentage of women that bman-upb than men.) Will you have the guts to do the right thing when the pressure is on? If yes, I applaud and honor you. If not, here are a few cheap excuses to use (after all, who wants to admit conditioning or cowardice): Without the rule of law, everything would fall apart. Without regulation, criminals would destroy everything. Yes, regulation is coercive, but along with it comes a certain amount of public benefit! I got ripped off, and someone has to fix it! If I canbt sue someone, they can get away with ripping me off! We canbt get people to use Bitcoin unless itbs authorized. We need approval or we will forever remain a tiny market. A significant number of Bitcoin people will say these things (and others), but the real truth will be that they are scared, or are still hoping to get mega-rich, or just canbt rip the bgovernment is our friendb meme out of their heads. But mostly it will be fear. We all feel fear of course, but some of us are determined enough to do the right thing, even when webre afraid. So, herebs a final tip: If you run into someone who can feel the fear and still do the right thing, donbt let go of them. O.R. From stolessqn9 at rotaerota.com Thu Oct 25 02:22:48 2012 From: stolessqn9 at rotaerota.com (=?koi8-r?B?IvTp8O/n8uHm6fEg8PLl5Ozh5+Hl9CI=?=) Date: Thu, 25 Oct 2012 17:22:48 +0800 Subject: =?koi8-r?B?7uUg5O/y7+fh8SDvxtPF1M7B0SDw5f7h9Pg=?= Message-ID: ТИПОГРАФИЯ ПРЕДЛАГАЕТ НЕ ДОРОГАЯ Офсетная ПЕЧАТЬ – Быстро, Качественно и в Максимально короткий срок.   ЖУРНАЛЫ, КАТАЛОГИ, БРОШЮРЫ, БУКЛЕТЫ, ЛИСТОВКИ ФЛАЕРЫ, ПАПКИ, КАЛЕНДАРИ КВАРТАЛЬНЫЕ, КАРМАННЫЕ и ДОМИКИ, ПОСТЕРЫ, ПЛАКАТЫ и АФИШЫ, ФИРМЕННЫЕ КОНВЕРТЫ, ПАКЕТЫ, ПЛАСТИКОВЫЕ КАРТЫ, ВИЗИТКИ на ДИЗАЙНЕРСКИХ БУМАГАХ, БАНЕРЫ, ШТЕНДЕРЫ и т. д.   тел.: (495) 500-98-93 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2964 bytes Desc: not available URL: From rebellingx897 at rotomech.com Thu Oct 25 21:41:50 2012 From: rebellingx897 at rotomech.com (=?koi8-r?B?IvvXxcrDwdLTy8nFIN7B09ksIMTM0SDN1dbeyc4gySDWxc7dyc4i?=) Date: Thu, 25 Oct 2012 20:41:50 -0800 Subject: =?koi8-r?B?/sHT2SAg1yDFxMnO09TXxc7PzSDcy9rFzdDM0dLFISDrwdLUyc7LwSAg?= =?koi8-r?B?187V1NLJ?= Message-ID: <224673604.98208877101343@rotomech.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 301 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: clock Type: image/jpeg Size: 51436 bytes Desc: not available URL: From trottersxh9 at rdko.nestle.com Thu Oct 25 10:52:29 2012 From: trottersxh9 at rdko.nestle.com (=?koi8-r?B?IvDSydLV3snUxSDX0sXN0SI=?=) Date: Fri, 26 Oct 2012 00:52:29 +0700 Subject: =?koi8-r?B?8NLJ18XULiD1IM7B0yDTxcfPxM7RICDTy8nEy8EgMjUlIM7BIM3V1tPL?= =?koi8-r?B?ycUg3sHT2Q==?= Message-ID: <384067680.22438560140172@rdko.nestle.com> 25 % НА ВСЕ МУЖСКИЕ ЧАСЫ! 100% ref У нас только Швейцарские механизмы!!! Все часы производятся в ЕВРОПЕ! Полезное видео про наши часы на youtube по запросу - Приручите время Смотрите и Не покупайте дешевые копии! Наш красивый сайт http://часы-тут.рф From eugen at leitl.org Thu Oct 25 23:32:43 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 26 Oct 2012 08:32:43 +0200 Subject: [drone-list] @HumanRightsNYU schools UN rapporteur on lethal autonomy Message-ID: <20121026063243.GU9750@leitl.org> ----- Forwarded message from Gregory Foster ----- From emacsvel226 at ras.com Thu Oct 25 18:39:26 2012 From: emacsvel226 at ras.com (=?koi8-r?B?IvfZ09TB18vBINcg7c/Ty9fFISAi?=) Date: Fri, 26 Oct 2012 08:39:26 +0700 Subject: =?koi8-r?B?8NLJx8zB28XOycUgzsEg19nT1MHXy9Ugy8/TzcXUycvJICDp7vTl8vvh?= =?koi8-r?B?7SEgMjQtMjcg7+v08eLy8SA=?= Message-ID: <703296194.41440719479627@ras.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 462 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: inter Type: image/jpeg Size: 63905 bytes Desc: not available URL: From eugen at leitl.org Thu Oct 25 23:46:32 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 26 Oct 2012 08:46:32 +0200 Subject: [cryptography] anyone got a "how not to use OpenSSL" list? Message-ID: <20121026064632.GV9750@leitl.org> ----- Forwarded message from Aaron Grattafiori ----- From harmsujfe43 at restonicjc.com Thu Oct 25 21:55:35 2012 From: harmsujfe43 at restonicjc.com (=?koi8-r?B?IvTp8O/n8uHm6fEg8PLl5Ozh5+Hl9CI=?=) Date: Fri, 26 Oct 2012 10:25:35 +0530 Subject: =?koi8-r?B?7uUg5O/y7+fh8SDvxtPF1M7B0SDw5f7h9Pg=?= Message-ID: <0E36E994251C468496D4418FAEC3B0A4@shree28ea68564> ТИПОГРАФИЯ ПРЕДЛАГАЕТ НЕ ДОРОГАЯ Офсетная ПЕЧАТЬ – Быстро, Качественно и в Максимально короткий срок.   ЖУРНАЛЫ, КАТАЛОГИ, БРОШЮРЫ, БУКЛЕТЫ, ЛИСТОВКИ ФЛАЕРЫ, ПАПКИ, КАЛЕНДАРИ КВАРТАЛЬНЫЕ, КАРМАННЫЕ и ДОМИКИ, ПОСТЕРЫ, ПЛАКАТЫ и АФИШЫ, ФИРМЕННЫЕ КОНВЕРТЫ, ПАКЕТЫ, ПЛАСТИКОВЫЕ КАРТЫ, ВИЗИТКИ на ДИЗАЙНЕРСКИХ БУМАГАХ, БАНЕРЫ, ШТЕНДЕРЫ и т. д.   тел.: (495) 500-98-93 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2964 bytes Desc: not available URL: From quadrennial4 at raptimusa.com Thu Oct 25 20:38:44 2012 From: quadrennial4 at raptimusa.com (=?koi8-r?B?IvvXxcrDwdLTy8nFIN7B09ksIMTM0SDN1dbeyc4gySDWxc7dyc4i?=) Date: Fri, 26 Oct 2012 11:38:44 +0800 Subject: =?koi8-r?B?/sHT2SAg1yDFxMnO09TXxc7PzSDcy9rFzdDM0dLFISDrwdLUyc7LwSAg?= =?koi8-r?B?187V1NLJ?= Message-ID: <849222781.80252756983262@raptimusa.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 301 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: clock Type: image/jpeg Size: 51436 bytes Desc: not available URL: From ecuadoriansqc786 at reach.com Thu Oct 25 23:51:56 2012 From: ecuadoriansqc786 at reach.com (=?koi8-r?B?Iu/Sx8HOydrBw8nRIg==?=) Date: Fri, 26 Oct 2012 13:51:56 +0700 Subject: =?koi8-r?B?79LHwc7J2sHDydEgwdLFzsTVxdQgz9TB0MzJ18HFzdnKINPLzMHEIA==?= Message-ID: <7C48D42799814E7E9B4262882D4FE335@May26> Организация арендует отапливаемый склад в долгосрочную аренду для хранения фармацевтических товаров. Площадь от 2000 кв.м. на Востоке, Юго-Востоке, не более 20 км от МКАДа. tetras2011 at mail.ru 8-967-112-40-00 From speakskg57 at rowa-messer.com Fri Oct 26 00:00:42 2012 From: speakskg57 at rowa-messer.com (=?koi8-r?B?IvvXxcrDwdLTy8nFIN7B09ksIMTM0SDN1dbeyc4gySDWxc7dyc4i?=) Date: Fri, 26 Oct 2012 14:00:42 +0700 Subject: =?koi8-r?B?/sHT2SAg1yDFxMnO09TXxc7PzSDcy9rFzdDM0dLFISDrwdLUyc7LwSAg?= =?koi8-r?B?187V1NLJ?= Message-ID: <670424506.90479467728005@rowa-messer.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 301 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: clock Type: image/jpeg Size: 51436 bytes Desc: not available URL: From overusingkj6 at roviraequipos.com Fri Oct 26 01:36:37 2012 From: overusingkj6 at roviraequipos.com (=?koi8-r?B?IvTJ0M/H0sHGydEi?=) Date: Fri, 26 Oct 2012 15:36:37 +0700 Subject: =?koi8-r?B?Ivf68vn3IiDj5e4g0M8g0M/MycfSwcbJySAtIMvB1MHMz8fJLMLSz9vA?= =?koi8-r?B?0tkgySDQ0s/excU=?= Message-ID: <6C68794AAA144488912AE77C55BB4ABB@ChiNguyet> Акция 25 октября: при заказе полиграфии на сумму от 15 000 руб и выше - 300 визиток или дизайн открытки в подарок! ОБЛАСТНАЯ ТИПОГРАФИЯ ГАРАНТИРУЕТ ЛУЧШИЕ ЦЕНЫ В РОССИИ на печать календарей, буклетов, каталогов, плакатов и др. тел. (495)5897612 (с 9 до 19.00) тел. (495)9407322 (с 9 до 20.00) - ВСЯ ПОЛИГРАФИЯ (кашированые изделия, плакаты, листовки, каталоги, брошюры...) - Доставка до заказчика бесплатно! - Печатаем форматом А1, А2, 4 - 5 красок, КБС, ВШРА, выборочный лак - полный спектр постпечатной обработки! - шоу-рум с образцами - Курская Просчитайте Ваши заказы в нашей Типографии! From gibbsfvr839 at rentboardwalk.com Fri Oct 26 05:58:40 2012 From: gibbsfvr839 at rentboardwalk.com (=?koi8-r?B?IvTJ0M/H0sHGydEi?=) Date: Fri, 26 Oct 2012 15:58:40 +0300 Subject: =?koi8-r?B?7c/Ty8/X08vJyiDS2c7PyyDCxdPTyczFziDQz8QgzsHUydPLz80gw8XO?= =?koi8-r?B?IM/CzMHT1M7ZyCDUydDPx9LBxsnK?= Message-ID: <6A364AC2E90543BAB6337737263F18EF@Onyi> Акция 25 октября: при заказе полиграфии на сумму от 15 000 руб и выше - 300 визиток или дизайн открытки в подарок! ОБЛАСТНАЯ ТИПОГРАФИЯ ГАРАНТИРУЕТ ЛУЧШИЕ ЦЕНЫ В РОССИИ на печать календарей, буклетов, каталогов, плакатов и др. тел. (495)5897612 (с 9 до 19.00) тел. (495)9407322 (с 9 до 20.00) - ВСЯ ПОЛИГРАФИЯ (кашированые изделия, плакаты, листовки, каталоги, брошюры...) - Доставка до заказчика бесплатно! - Печатаем форматом А1, А2, 4 - 5 красок, КБС, ВШРА, выборочный лак - полный спектр постпечатной обработки! - шоу-рум с образцами - Курская Просчитайте Ваши заказы в нашей Типографии! From keith at thememorybank.co.uk Fri Oct 26 08:12:43 2012 From: keith at thememorybank.co.uk (Keith Hart) Date: Fri, 26 Oct 2012 17:12:43 +0200 Subject: The Monetary Future: How Bitcoin Is Being Destroyed Message-ID: I wish I could write like that guy. The article exaggerates the threat posed by Bitcoin and the will/ability of the custodians of state money to shut it down. But the argument prompts a question that has bugged me for a while now. How does it come about that one, but only one online exception to the old regime is allowed to flourish in each sector: Amazon, E-bay, Facebook, Paypal? Is it the logic of winner takes all or because a licence is granted to one exception that can be made to toe the line? I recall once an official of the Fed said they were in two minds whether to classify Paypal as a bank which would of course shut it down since it couldn't afford the overheads imposed as a result. But they didn't.I am sure there is a big fight coming up, but I don't think it will pit the new network economy against old bureaucratic power. We will not build a better worldindependently of the institutions that have organized humanity's leap in 200 years from living off the land to the threshold of global society: states, cities, capitalist markets, corporations, organized science and technology. It is more likely that successful developments will build on selective partnerships between large-scale bureaucracies and self-organized movements. In Latin America from the 90s the idea of "popular economy" sustained a new kind of alliance pushing for social democracy and linking small farmers, urban informal workers, industrial unions and branches of the state. Brazil's government under Lula organized a system of community banks which combined local currencies and microfinance with devolved decision-making. Some governments do play an indispensable role in support of bottom-up initiatives (think Jaures' associationisme). Just as the shipping firms of Bordeaux and Nantes played a major role in the French revolution and the industrialists of Milan and Turin in the Risorgimento, some capitalist firms today may also play a progressive part in bringing about greater economic democracy. Safaricom's sponsorship of mobile banking in Kenya (M-Pesa) is a striking example. So 'old radical' may not have much to offer the young after all, a perspective that reproduces the tired polarities of twentieth century revolutionary discourse. Keith On Fri, Oct 26, 2012 at 1:40 PM, Nick wrote: > Interesting read. > > States, and traditional financial authorities, seem to be a pretty > good job of ensuring peoples use of bitcoin is outside their remit, > by closing down the practical use of bitcoin exchanges which > consider themselves 'legitimate,' c.f. the closure of intersango & > mtgox's UK bank accounts. # distributed via : no commercial use without permission # is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: http://mx.kein.org/mailman/listinfo/nettime-l # archive: http://www.nettime.org contact: nettime at kein.org ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From case at SDF.ORG Fri Oct 26 11:29:47 2012 From: case at SDF.ORG (John Case) Date: Fri, 26 Oct 2012 18:29:47 +0000 (UTC) Subject: [cryptography] Just how bad is OpenSSL ? Message-ID: I was recently reading "the most dangerous code in the world" article at stanford: https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html and found the hackernews discussion: http://news.ycombinator.com/item?id=4695350 (interesting discussion and argument about curl library and how often it is badly deployed) And the hackernews discussion led me to "OpenSSL is written by monkeys": http://www.peereboom.us/assl/assl/html/openssl.html So, given what is in the stanford report and then reading this rant about openssl, I am wondering just how bad openssl is ? I've never had to implement it or code with it, so I really have no idea. How long has it been "understood" that it's a mess (if it is indeed a mess) ? How dangerous is it ? It looks like the rant was published in 2009 .... _______________________________________________ cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From wynonaivy at galatiyachts.com Fri Oct 26 07:05:08 2012 From: wynonaivy at galatiyachts.com (LeoraSherril) Date: Fri, 26 Oct 2012 21:05:08 +0700 Subject: Buy Cheap Generic Viagra from $1.12. Easy and Safely, Visa and Mastercard Accepted. 9rvm5 Message-ID: <93m95r65i67-12305936-610y8n34@bouzzuxrdc> Find Cheap Viagra Overnight Delivery? Buy Cheap Generic Viagra from $1.12. Easy and Safely, Visa and Mastercard Accepted. http://gmviagra.pl From eugen at leitl.org Fri Oct 26 13:36:33 2012 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 26 Oct 2012 22:36:33 +0200 Subject: [cryptography] Just how bad is OpenSSL ? Message-ID: <20121026203633.GY9750@leitl.org> ----- Forwarded message from John Case ----- From zooko at zooko.com Sat Oct 27 07:08:49 2012 From: zooko at zooko.com (Zooko Wilcox-O'Hearn) Date: Sat, 27 Oct 2012 08:08:49 -0600 Subject: [tahoe-dev] where is meta data store in tahoe? Message-ID: On Thu, Oct 25, 2012 at 10:50 PM, hi wrote: > where is meta data store in tahoe, is it stored on the tahoe client server? Hi. In typical Distributed File Systems like gluster, the contents of the files are distributed across many storage servers, and the "metadata" is managed by a single metadata server or a small cluster of metadata servers. By "metadata", Distributed File Systems folks mean the directory structure -- what files are under what paths -- and ownership and permission bits and timestamps, and also maybe some information about which storage servers are holding which files. In Tahoe-LAFS, the directory structure part of that is encrypted by the storage client and then uploaded to the same storage servers that hold the file data. Those storage servers can't tell whether a given block of ciphertext that they've been asked to hold contains encrypted file data or encrypted directory data. In Tahoe-LAFS, the "which storage server holds which file" question is answered by the client *searching* the servers for the file when it wants to read or write it. This means no metadata anywhere needs to be updated when storage servers come and go, but it does mean more network operations are needed to begin uploading or downloading a file. We use a consistent hashing scheme, with a "tweakable" extension invented by Brian Warner, to make it so that the client usually looks in the right place to find the file with its first guess. Regards, Zooko _______________________________________________ tahoe-dev mailing list tahoe-dev at tahoe-lafs.org https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Sat Oct 27 01:51:20 2012 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 27 Oct 2012 10:51:20 +0200 Subject: The Monetary Future: How Bitcoin Is Being Destroyed Message-ID: <20121027085120.GE9750@leitl.org> ----- Forwarded message from Keith Hart ----- From eugen at leitl.org Sat Oct 27 01:58:59 2012 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 27 Oct 2012 10:58:59 +0200 Subject: The Monetary Future: How Bitcoin Is Being Destroyed Message-ID: On Fri, Oct 26, 2012 at 07:22:15PM +0200, John Haltiwanger wrote: > On Fri, Oct 26, 2012 at 1:40 PM, Nick wrote: > > > Interesting read. That said, I would love to read more about the > > interplay of traditional capitalist power structures and bitcoin. > > Bitcoin is fundamentally flawed as an emancipatory currency due to it's > reliance on processing cycles. When I first heard about it, I eagerly It doesn't rely on processing cycles for maintaining the log of transactions. It needs some processing for the distributed mint, but adaptively so (difficulty goes down if mining rate goes down) and processing cycles are fundamentally egalitarian. > downloaded the client to begin mining. With my (relatively, at the time) > powerful desktop, it was something like 2 years until I had my first coin. You were late to the party, and by that time you probably needed GPU clients (which will be soon useless, since ASIC miner rigs are ante portas) participation in a mining pool. > There are also a limited total number of bitcoins, which from my point of > view can only lead to the exact same zero-sum situation we have with > state-coerced currencies: if I am going to be rich, it is at the expense of > others having the same opportunity. This is a currency based on scarcity, just like gold or cowry shells. If you intended to become rich by mining, you should have been a year or two sooner to the party. The value of bitcoin is ability to do P2P transactions in real time without requiring a third party, using a naturally deflationary monetary system which however is highly frangible. That by itself is of obvious enough utility. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From kathrynetessie at abcpolymers.com Sat Oct 27 03:41:18 2012 From: kathrynetessie at abcpolymers.com (LUCILLAMAZIE) Date: Sat, 27 Oct 2012 11:41:18 +0100 Subject: Shipping: EMS/USPS, Airmail. Viagra 100mg x 120 pills $152 !!! xjnebt20l Message-ID: <38v32o43e59-58199970-735g6a25@vewrpxk> Buy Viagra 150mg x 100 tablet for only $135.95! No Prescription required. Viagra Dosages: 150, 100, 25mg. Fast Worldwide Delivery. Confidentiality is assured. + Free ED Trial Pack+ Free Bonus Trip + Free EMS shipping! http://blai.ru From eugen at leitl.org Sat Oct 27 06:14:14 2012 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 27 Oct 2012 15:14:14 +0200 Subject: The Monetary Future: How Bitcoin Is Being Destroyed Message-ID: On Sat, Oct 27, 2012 at 11:46:36AM +0200, John Haltiwanger wrote: > > It doesn't rely on processing cycles for maintaining the log of > > transactions. It needs some processing for the distributed mint, > > but adaptively so (difficulty goes down if mining rate goes down) > > and processing cycles are fundamentally egalitarian. > > > > How can something that inherently favors those with pre-existing capital to > invest in computing architecture be "fundamentally egalitarian" ? You need a cheap online computer to transfer BTC. You will need a bigger online computer to make BTC. You don't need to be a central bank to issue BTC. You don't even need a banking license, and a connection to SWIFT in order to transfer. All you need in a lousy smartphone. I think that levels the playing field quite a bit. > Those with the money to invest in the most hardware get the most bitcoins. > Hardly seems like an equal opportunity cost to me. I'm pretty sure that if you're trying to find a hair in the soup hard enough, eventually you will. However, I find this dish palatable enough as is. Your mileage might vary. > > You were late to the party, and by that time you probably needed > > GPU clients (which will be soon useless, since ASIC miner rigs > > are ante portas) participation in a mining pool. > > > > I should have clarified that the mining client speculated that it would > take two years. I immediately shut it down in disgust. When I'm trying to form an opinion about something, I try to research it first. In general I did not care about minting other than a means to obtain play money to test transactions. I find this curious that so many are focusing on the most irrelevant aspect of a P2P monetary system, the distributed mint, and expect a personal, handsome profit from seigniorage. There's a reason that difficulty is adaptive. The system is supposed to homeostate so that the rate of production is limited. This is by design. > > This is a currency based on scarcity, just like gold or cowry shells. > > If you intended to become rich by mining, you should have been a year > > or two sooner to the party. > > > > I downloaded the client within months of the launch of Bitcoin. And what You obviously did something wrong, then. > you are saying proves my point about the stupidity of building a currency > on scarcity: it's not going to lead us to anywhere new I understand when inventors and patent holders of cryptocurrencies scoffed at the first cryptocurrency to succeed wildly, by solving the issue of double spending without resorting to centralism, and hence a single point of failure. A simple case of sour grapes. What is your track record, so far? > or 'revolutionary'. If you figure out a tamper-proof way of measuring underlying economy and a tamper-proof way of issuing a matching volume without any single point of failures, feel free to publish. It will make quite a splash, I assure you. > You have to 'get there first' and 'mine harder/smarter'. What stupid > advice, "oh you should have been there earlier". Look, I just pointed out the problem with where you focus and your approach. If you think that issuing P2P currency with the intent to make a personal profit is stupid, I agree. > > > > > The value of bitcoin is ability to do P2P transactions in real time without > > requiring a third party, using a naturally deflationary monetary system > > which however is highly frangible. > > > > That by itself is of obvious enough utility. > > > > That is about the only interesting thing about it, yes. But the ability to > engage in P2P transactions is hardly a result of the means of the Why are you so focused on production? > currency's production, nor is it a feature unique to bitcoin itself. As compared to which successful digicash system, exactly? > Also "naturally deflationary" in the scope of something that is more Deflationary in the sense is that the total amount is limited, and will be approached asymptotically. > hoarded than traded seems like a misnomer to me. Since there are a limited If you want the currency to be useful, you need to grow the underlying economy, so people are more incited to spend than to be unable to spend. So what kind of business that is accepting BTC are you running, personally? > number of bitcoins, there is a "natural" tendency to hold on to as many of > them as possible. That way when the pie is all spoken for, one's slices Nobody prevents you from designing a P2P cryptocurrency with built-in demurrage. You're hating on an experiment. As I understand the designer was unhappy with the rate of adoption, it would be indeed been much better if the minting craze didn't happen. I don't think that flaw needs to be fatal. > will increase in value as demand becomes satiable solely through trade. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Sat Oct 27 06:29:55 2012 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 27 Oct 2012 15:29:55 +0200 Subject: The Monetary Future: How Bitcoin Is Being Destroyed Message-ID: <20121027132955.GA25585@leitl.org> ----- Forwarded message from Eugen Leitl ----- From eugen at leitl.org Sat Oct 27 06:30:05 2012 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 27 Oct 2012 15:30:05 +0200 Subject: The Monetary Future: How Bitcoin Is Being Destroyed Message-ID: <20121027133005.GB25585@leitl.org> ----- Forwarded message from Eugen Leitl ----- From eugen at leitl.org Sat Oct 27 08:31:47 2012 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 27 Oct 2012 17:31:47 +0200 Subject: [tahoe-dev] where is meta data store in tahoe? Message-ID: <20121027153147.GQ9750@leitl.org> ----- Forwarded message from Zooko Wilcox-O'Hearn ----- From eugen at leitl.org Sun Oct 28 12:06:01 2012 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 28 Oct 2012 20:06:01 +0100 Subject: looking for cjdns peers Message-ID: <20121028190601.GY9750@leitl.org> Especially, if you're in Europe, or topologically close to DECIX, and have good upstream (>100 MBit/s). Contact me for details. From quatrainsgh0 at recordingeq.com Sun Oct 28 21:53:34 2012 From: quatrainsgh0 at recordingeq.com (=?koi8-r?B?IvTJ0M/H0sHGydEi?=) Date: Mon, 29 Oct 2012 10:23:34 +0530 Subject: =?koi8-r?B?6/L19PnlIOPl7vkg6SDz8u/r6SDu4SDw5f7h9Pgg6+Hs5e7k4fLl6izr?= =?koi8-r?B?4fTh7O/n7/cs8Ozh6+H07/csIOLy7/vg8iE=?= Message-ID: <0184344CF4824D4F86D1FCDD9FD8D831@ws48> ОБЛАСТНАЯ ТИПОГРАФИЯ ГАРАНТИРУЕТ ЛУЧШИЕ ЦЕНЫ В РОССИИ на печать календарей, буклетов, каталогов, плакатов и др. тел. (495) 589 76 12 (с 9 до 19.00) тел. (495) 940 73 22 (с 9 до 20.00) - ВСЯ ПОЛИГРАФИЯ (кашированые изделия, плакаты, листовки, каталоги, брошюры . . .) - Доставка до заказчика бесплатно! - Печатаем форматом А1, А2, 4 - 5 красок, КБС, ВШРА, выборочный лак - полный спектр постпечатной обработки! - шоу-рум с образцами - Курская Просчитайте Ваши заказы в нашей Типографии! Написать нам: www.логотип-л.рф From fatiguesw945 at ragan.com Mon Oct 29 01:02:32 2012 From: fatiguesw945 at ragan.com (=?koi8-r?B?IuvJ0snMzCI=?=) Date: Mon, 29 Oct 2012 16:02:32 +0800 Subject: =?koi8-r?B?8NLPxMHF1NPRIM3PxM7ZyiDEz80g1yA0MsvNIM/UIO3P08vX2Swg1SDH?= =?koi8-r?B?z9LOz8zZ1s7Px88gy9XSz9LUwQ==?= Message-ID: <1B54A7CD18EB45EB9CC0D1D426B3C7CB@201209121327> ����� ������ ����� ����� ����������� ��� ��������� �������, ������� ������� ����� � ������� � ��������� ����������� ����. ������, ��� ��������, ������. ������ ������� - 10% www.����-���-�����.�� -------------- next part -------------- A non-text attachment was scrubbed... Name: deryck.jpg Type: image/jpeg Size: 42756 bytes Desc: not available URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: grey.jpg URL: From cavalcadee8 at rcalaw.com Mon Oct 29 03:55:11 2012 From: cavalcadee8 at rcalaw.com (=?koi8-r?B?IuvB0tTJzsEi?=) Date: Mon, 29 Oct 2012 16:25:11 +0530 Subject: =?koi8-r?B?8M/EwdLLySDOwSDExc7YINLP1sTFzsnRIQ==?= Message-ID: <000d01cdb5c3$de36dcc0$6400a8c0@cavalcadee8> Лидер продаж среди подарков гарантирует вам завал комплиментов. Доставка. Скидка сегодня - 50% www.картина-тут.рф -------------- next part -------------- A non-text attachment was scrubbed... Name: kar.jpg Type: image/jpeg Size: 59935 bytes Desc: not available URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: URL: From w5svl at aol.com Mon Oct 29 21:20:13 2012 From: w5svl at aol.com (W5SVL) Date: Mon, 29 Oct 2012 21:20:13 -0700 (PDT) Subject: [serval-project-dev] Serval Mesh and ham radio Message-ID: Greetings from Texas. I am a ham radio operator and I have been experimenting with the Serval Mesh by using 2 inexpensive unactivated Android smartphones. I am attempting to use the Serval Mesh through an existing HSMM MESH network. HSMM MESH is an experimental ham radio mesh network that uses the first 6 wifi channels in the 2.4 Ghz band. The radios used are older versions of the WRT54G router that have been flashed with a new firmware. There are some awesome communication possibilities here, but I do not have the networking skills to do this. Maybe my idea is not possible, but hopefully someone will comment. Also as a ham, I can legally use much more power on the 2.4 Ghz band, and I have found the Serval Mesh to work very well through a bi directional RF amplifier installed between a router and an external antenna. There is no internet connection here. I am just using the router as a radio repeater. Has anyone else tried this? This would not be using the HSMM MESH as I mentioned above, since only one router would be used. This one router repeater could really be useful in emergencies. Please give me some comments on both of these experimental ideas. Perhaps I should consult with a ham operator who has more networking knowledge than I have. Any help will be appreciated. -- You received this message because you are subscribed to the Google Groups "Serval Project Developers" group. To view this discussion on the web visit https://groups.google.com/d/msg/serval-project-developers/-/QZOyRXnW8M0J. To post to this group, send email to serval-project-developers at googlegroups.com. To unsubscribe from this group, send email to serval-project-developers+unsubscribe at googlegroups.com. For more options, visit this group at http://groups.google.com/group/serval-project-developers?hl=en. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Mon Oct 29 14:08:05 2012 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 29 Oct 2012 22:08:05 +0100 Subject: Hacking the =?utf-8?B?UHJlc2lkZW504oCZ?= =?utf-8?Q?s?= DNA Message-ID: <20121029210805.GM9750@leitl.org> http://www.theatlantic.com/magazine/archive/2012/11/hacking-the-presidents-dna/309147/?single_page=true Hacking the Presidentbs DNA The U.S. government is surreptitiously collecting the DNA of world leaders, and is reportedly protecting that of Barack Obama. Decoded, these genetic blueprints could provide compromising information. In the not-too-distant future, they may provide something more as wellbthe basis for the creation of personalized bioweapons that could take down a president and leave no trace. By Andrew Hessel, Marc Goodman and Steven Kotler Miles Donovan This is how the future arrived. It began innocuously, in the early 2000s, when businesses started to realize that highly skilled jobs formerly performed in-house, by a single employee, could more efficiently be crowd-sourced to a larger group of people via the Internet. Initially, we crowd-sourced the design of Tbshirts (Threadless.com) and the writing of encyclopedias (Wikipedia.com), but before long the trend started making inroads into the harder sciences. Pretty soon, the hunt for extraterrestrial life, the development of self-driving cars, and the folding of enzymes into novel proteins were being done this way. With the fundamental tools of genetic manipulationbtools that had cost millions of dollars not 10 years earlierbdropping precipitously in price, the crowd-sourced design of biological agents was just the next logical step. In 2008, casual DNA-design competitions with small prizes arose; then in 2011, with the launch of GEbs $100 million breast-cancer challenge, the field moved on to serious contests. By early 2015, as personalized gene therapies for end-stage cancer became medicinebs cutting edge, virus-design Web sites began appearing, where people could upload information about their disease and virologists could post designs for a customized cure. Medically speaking, it all made perfect sense: Nature had done eons of excellent design work on viruses. With some retooling, they were ideal vehicles for gene delivery. Soon enough, these sites were flooded with requests that went far beyond cancer. Diagnostic agents, vaccines, antimicrobials, even designer psychoactive drugsball appeared on the menu. What people did with these bio-designs was anybodybs guess. No international body had yet been created to watch over them. So, in November of 2016, when a first-time visitor with the handle Capbn Capsid posted a challenge on the viral-design site 99Virions, no alarms sounded; his was just one of the 100 or so design requests submitted that day. Capbn Capsid might have been some consultant to the pharmaceutical industry, and his challenge just another attempt to understand the radically shifting R&D landscapebreally, he could have been anyonebbut the problem was interesting nonetheless. Plus, Capsid was offering $500 for the winning design, not a bad sum for a few hoursb work. Later, 99Virionsb log files would show that Capbn Capsidbs IP address originated in Panama, although this was likely a fake. The design specification itself raised no red flags. Written in SBOL, an open-source language popular with the synthetic-biology crowd, it seemed like a standard vaccine request. So people just got to work, as did the automated computer programs that had been written to bauto-evolveb new designs. These algorithms were getting quite good, now winning nearly a third of the challenges. Within 12 hours, 243 designs were submitted, most by these computerized expert systems. But this time the winner, GeneGenie27, was actually humanba 20-year-old Columbia University undergrad with a knack for virology. His design was quickly forwarded to a thriving Shanghai-based online bio-marketplace. Less than a minute later, an Icelandic synthesis startbup won the contract to turn the 5,984-base-pair blueprint into actual genetic material. Three days after that, a package of 10bmilligram, fast-dissolving microtablets was dropped in a FedEx envelope and handed to a courier. Two days later, Samantha, a sophomore majoring in government at Harvard University, received the package. Thinking it contained a new synthetic psychedelic she had ordered online, she slipped a tablet into her left nostril that evening, then walked over to her closet. By the time Samantha finished dressing, the tab had started to dissolve, and a few strands of foreign genetic material had entered the cells of her nasal mucosa. Some party drugball she got, it seemed, was the flu. Later that night, Samantha had a slight fever and was shedding billions of virus particles. These particles would spread around campus in an exponentially growing chain reaction that wasbother than the mild fever and some sneezingbabsolutely harmless. This would change when the virus crossed paths with cells containing a very specific DNA sequence, a sequence that would act as a molecular key to unlock secondary functions that were not so benign. This secondary sequence would trigger a fast-acting neuro-destructive disease that produced memory loss and, eventually, death. The only person in the world with this DNA sequence was the president of the United States, who was scheduled to speak at Harvardbs Kennedy School of Government later that week. Sure, thousands of people on campus would be sniffling, but the Secret Service probably wouldnbt think anything was amiss. It was December, after allbcold-and-flu season. The scenario webve just sketched may sound like nothing but science fictionband, indeed, it does contain a few futuristic leaps. Many members of the scientific community would say our time line is too fast. But consider that since the beginning of this century, rapidly accelerating technology has shown a distinct tendency to turn the impossible into the everyday in no time at all. Last year, IBMbs Watson, an artificial intelligence, understood natural language well enough to whip the human champion Ken Jennings on Jeopardy. As we write this, soldiers with bionic limbs are returning to active duty, and autonomous cars are driving down our streets. Yet most of these advances are small in comparison with the great leap forward currently under way in the biosciencesba leap with consequences webve only begun to imagine. Personalized bioweapons are a subtler and less catastrophic threat than accidental plagues or WMDs. Yet they will likely be unleashed much more readily. More to the point, consider that the DNA of world leaders is already a subject of intrigue. According to Ronald Kessler, the author of the 2009 book In the Presidentbs Secret Service, Navy stewards gather bedsheets, drinking glasses, and other objects the president has touchedbthey are later sanitized or destroyedbin an effort to keep wouldbbe malefactors from obtaining his genetic material. (The Secret Service would neither confirm nor deny this practice, nor would it comment on any other aspect of this article.) And according to a 2010 release of secret cables by WikiLeaks, Secretary of State Hillary Clinton directed our embassies to surreptitiously collect DNA samples from foreign heads of state and senior United Nations officials. Clearly, the U.S. sees strategic advantage in knowing the specific biology of world leaders; it would be surprising if other nations didnbt feel the same. While no use of an advanced, genetically targeted bio-weapon has been reported, the authors of this piecebincluding an expert in genetics and microbiology (Andrew Hessel) and one in global security and law enforcement (Marc Goodman)bare convinced we are drawing close to this possibility. Most of the enabling technologies are in place, already serving the needs of academic R&D groups and commercial biotech organizations. And these technologies are becoming exponentially more powerful, particularly those that allow for the easy manipulation of DNA. The evolution of cancer treatment provides one window into whatbs happening. Most cancer drugs kill cells. Todaybs chemotherapies are offshoots of chemical-warfare agents: webve turned weapons into cancer medicines, albeit crude onesband as with carpet bombing, collateral damage is a given. But now, thanks to advances in genetics, we know that each cancer is unique, and research is shifting to the development of personalized medicinesbdesigner therapies that can exterminate specific cancerous cells in a specific way, in a specific person; therapies focused like lasers. To be sure, around the turn of the millennium, significant fanfare surrounded personalized medicine, especially in the field of genetics. A lot of that is now gone. The prevailing wisdom is that the tech has not lived up to the talk, but this isnbt surprising. Gartner, an information-technology research-and-advisory firm, has coined the term hype cycle to describe exactly this sort of phenomenon: a new technology is introduced with enthusiasm, only to be followed by an emotional low when it fails to immediately deliver on its promise. But Gartner also discovered that the cycle doesnbt typically end in what the firm calls bthe trough of disillusionment.b Rising from those ashes is a bslope of enlightenmentbbmeaning that when viewed from a longer-term historical perspective, the majority of these much-hyped groundbreaking developments do, eventually, break plenty of new ground. As George Church, a geneticist at Harvard, explains, this is what is now happening in personalized medicine. bThe fields of gene therapies, viral delivery, and other personalized therapies are progressing rapidly,b Church says, bwith several clinical trials succeeding into Phase 2 and 3,b when the therapies are tried on progressively larger numbers of test subjects. bMany of these treatments target cells that differ in only onebrarebgenetic variation relative to surrounding cells or individuals.b The Finnish start-up Oncos Therapeutics has already treated close to 300 cancer patients using a scaled-down form of this kind of targeted technology. These developments are, for the most part, positivebpromising better treatment, new cures, and, eventually, longer life. But it wouldnbt take much to subvert such therapies and come full circle, turning personalized medicines into personalized bioweapons. bRight now,b says Jimmy Lin, a genomics researcher at Washington University in St. Louis and the founder of Rare Genomics, a nonprofit organization that designs treatments for rare childhood diseases based on individual genetic analysis, bwe have drugs that target specific cancer mutations. Examples include Gleevec, Zelboraf, and Xalkori. Vertex,b a pharmaceutical company based in Massachusetts, bhas famously made a drug for cystic-fibrosis patients with a particular mutation. The genetic targeting of individuals is a little farther out. But a state-sponsored program of the Stuxnet variety might be able to accomplish this in a few years. Of course, this work isnbt very well known, so if you tell most people about this, they say that the time frame sounds like science fiction. But when youbre familiar with the research, itbs really feasible that a well-funded group could pull this off.b We would do well to begin planning for that possibility sooner rather than later. If you really want to understand whatbs happening in the biosciences, then you need to understand the rate at which information technology is accelerating. In 1965, Gordon Moore famously realized that the number of integrated-circuit components on a computer chip had been doubling roughly every year since the invention of the integrated circuit in the late 1950s. Moore, who would go on to co-found Intel, predicted that the trend would continue bfor at least 10 years.b He was right. The trend did continue for 10 years, and 10 more after that. All told, his observation has remained accurate for five decades, becoming so durable that itbs now known as bMoorebs Lawb and used by the semi-conductor industry as a guide for future planning. Moorebs Law originally stated that every 12 months (it is now 24 months), the number of transistors on an integrated circuit will doubleban example of a pattern known as bexponential growth.b While linear growth is a slow, sequential proposition (1 becomes 2 becomes 3 becomes 4, etc.), exponential growth is an explosive doubling (1 becomes 2 becomes 4 becomes 8, etc.) with a transformational effect. In the 1970s, the most powerful supercomputer in the world was a Cray. It required a small room to hold it and cost roughly $8 million. Today, the iPhone in your pocket is more than 100 times faster and more than 12,000 times cheaper than a Cray. This is exponential growth at work. In the years since Moorebs observation, scientists have discovered that the pattern of exponential growth occurs in many other industries and technologies. The amount of Internet data traffic in a year, the number of bytes of computer data storage available per dollar, the number of digital-camera pixels per dollar, and the amount of data transferable over optical fiber are among the dozens of measures of technological progress that follow this pattern. In fact, so prevalent is exponential growth that researchers now suspect it is found in all information-based technologybthat is, any technology used to input, store, process, retrieve, or transmit digital information. Over the past few decades, scientists have also come to see that the four letters of the genetic alphabetbA (adenine), C (cytosine), G (guanine), and T (thymine)bcan be transformed into the ones and zeroes of binary code, allowing for the easy, electronic manipulation of genetic information. With this development, biology has turned a corner, morphing into an information-based science and advancing exponentially. As a result, the fundamental tools of genetic engineering, tools designed for the manipulation of lifebtools that could easily be co-opted for destructive purposesbare now radically falling in cost and rising in power. Today, anyone with a knack for science, a decent Internet connection, and enough cash to buy a used car has what it takes to try his hand at bio-hacking. These developments greatly increase several dangers. The most nightmarish involve bad actors creating weapons of mass destruction, or careless scientists unleashing accidental plaguesbvery real concerns that urgently need more attention. Personalized bioweapons, the focus of this story, are a subtler and less catastrophic threat, and perhaps for that reason, society has barely begun to consider them. Yet once available, they will, we believe, be put into use much more readily than bioweapons of mass destruction. For starters, while most criminals might think twice about mass slaughter, murder is downright commonplace. In the future, politicians, celebrities, leaders of industrybjust about anyone, reallybcould be vulnerable to attack-by-disease. Even if fatal, many such attacks could go undetected, mistaken for death by natural causes; many others would be difficult to pin on a suspect, especially given the passage of time between exposure and the appearance of symptoms. Moreoverbas webll explore in greater detailbthese same scientific developments will pave the way, eventually, for an entirely new kind of personal warfare. Imagine inducing extreme paranoia in the CEO of a large corporation so as to gain a business advantage, for example; orbfurther out in the futurebinfecting shoppers with the urge to impulse-buy. We have chosen to focus this investigation mostly on the presidentbs bio-security, because the presidentbs personal welfare is paramount to national securityband because a discussion of the challenges faced by those charged with his protection will illuminate just how difficult (and different) bsecurityb will be, as biotechnology continues to advance. A direct assault against the presidentbs genome requires first being able to decode genomes. Until recently, this was no simple matter. In 1990, when the U.S. Department of Energy and the National Institutes of Health announced their intention to sequence the 3 billion base pairs of the human genome over the next 15 years, it was considered the most ambitious life-sciences project ever undertaken. Despite a budget of $3 billion, progress did not come quickly. Even after years of hard work, many experts doubted that the time and money budgeted would be enough to complete the job. This started to change in 1998, when the entrepreneurial biologist J. Craig Venter and his company, Celera, got into the race. Taking advantage of the exponential growth in biotechnology, Venter relied on a new generation of gene sequencers and a novel, computer-intensive approach called shotgun sequencing to deliver a draft human genome (his own) in less than two years, for $300 million. Venterbs achievement was stunning; it was also just the beginning. By 2007, just seven years later, a human genome could be sequenced for less than $1 million. In 2008, some labs would do it for $60,000, and in 2009, $5,000. This year, the $1,000 barrier looks likely to fall. At the current rate of decline, within five years, the cost will be less than $100. In the history of the world, perhaps no other technology has dropped in price and increased in performance so dramatically. Still, it would take more than just a gene sequencer to build a personally targeted bioweapon. To begin with, prospective attackers would have to collect and grow live cells from the target (more on this later), so cell-culturing tools would be a necessity. Next, a molecular profile of the cells would need to be generated, involving gene sequencers, micro-array scanners, mass spectrometers, and more. Once a detailed genetic blueprint had been built, the attacker could begin to design, build, and test a pathogen, which starts with genetic databases and software and ends with virus and cell-culture work. Gathering the equipment required to do all of this isnbt trivial, and yet, as researchers have upgraded to new tools, as large companies have merged and consolidated operations, and as smaller shops have run out of money and failed, plenty of used lab equipment has been dumped onto the resale market. New, the requisite gear would cost well over $1 million. On eBay, it can be had for as little as $10,000. Strip out the analysis equipmentbsince those processes can now be outsourcedband a basic cell-culture rig can be cobbled together for less than $1,000. Chemicals and lab supplies have never been easier to buy; hundreds of Web resellers take credit cards and ship almost anywhere. Biological knowledge, too, is becoming increasingly democratized. Web sites like JoVE (Journal of Visualized Experiments) provide thousands of how-to videos on the techniques of bioscience. MIT offers online courses. Many journals are going open-access, making the latest research, complete with detailed sections on materials and methods, freely available. If you wanted a more hands-on approach to learning, you could just immerse yourself in any of the dozens of do-it-yourself-biology organizations, such as Genspace and BioCurious, that have lately sprung up to make genetic engineering into something of a hobbyistbs pursuit. Bill Gates, in a recent interview, told a reporter that if he were a kid today, forget about hacking computers: hebd be hacking biology. And for those with neither the lab nor the learning, dozens of Contract Research and Manufacturing Services (known as CRAMS) are willing to do much of the serious science for a fee. >From the invention of genetic engineering in 1972 until very recently, the high cost of equipment, and the high cost of education to use that equipment effectively, kept most people with ill intentions away from these technologies. Those barriers to entry are now almost gone. bUnfortunately,b Secretary Clinton said in a December 7, 2011, speech to the Biological and Toxin Weapons Convention Review Conference, bthe ability of terrorists and other non-state actors to develop and use these weapons is growing. And therefore, this must be a renewed focus of our efforts b& because there are warning signs, and they are too serious to ignore.b The radical expansion of biologybs frontier raises an uncomfortable question: How do you guard against threats that donbt yet exist? Genetic engineering sits at the edge of a new era. The old era belonged to DNA sequencing, which is simply the act of reading genetic codebidentifying and extracting meaning from the ordering of the four chemicals that make up DNA. But now webre learning how to write DNA, and this creates possibilities both grand and terrifying. Again, Craig Venter helped to usher in this shift. In the midb1990s, just before he began his work to read the human genome, he began wondering what it would take to write one. He wanted to know what the minimal genome required for life looked like. It was a good question. Back then, DNA-synthesis technology was too crude and expensive for anyone to consider writing a minimal genome for life or, more to our point, constructing a sophisticated bioweapon. And gene-splicing techniques, which involve the tricky work of using enzymes to cut up existing DNA from one or more organisms and stitch it back together, were too unwieldy for the task. Exponential advances in biotechnology have greatly diminished these problems. The latest technologybknown as synthetic biology, or bsynbiobbmoves the work from the molecular to the digital. Genetic code is manipulated using the equivalent of a word processor. With the press of a button, code representing DNA can be cut and pasted, effortlessly imported from one species into another. It can be reused and repurposed. DNA bases can be swapped in and out with precision. And once the code looks right? Simply hit Send. A dozen different DNA print shops can now turn these bits into biology. In May 2010, with the help of these new tools, Venter answered his own question by creating the worldbs first synthetic self-replicating chromosome. To pull this off, he used a computer to design a novel bacterial genome (of more than 1 million base pairs in total). Once the design was complete, the code was ebmailed to Blue Heron Biotechnology, a Seattle-area company that specializes in synthesizing DNA from digital blueprints. Blue Heron took Venterbs Abs, Tbs, Cbs, and Gbs and returned multiple vials filled with frozen plasmid DNA. Just as one might load an operating system into a computer, Venter then inserted the synthetic DNA into a host bacterial cell that had been emptied of its own DNA. The cell soon began generating proteins, or, to use the computer term popular with todaybs biologists, it bbooted upb: it started to metabolize, grow, and, most important, divide, based entirely on the code of the injected DNA. One cell became two, two became four, four became eight. And each new cell carried only Venterbs synthetic instructions. For all practical purposes, it was an altogether new life form, created virtually from scratch. Venter called it bthe first self-replicating species that webve had on the planet whose parent is a computer.b But Venter merely grazed the surface. Plummeting costs and increasing technical simplicity are allowing synthetic biologists to tinker with life in ways never before feasible. In 2006, for example, Jay D. Keasling, a biochemical engineer at the University of California at Berkeley, stitched together 10 synthetic genes made from the genetic blueprints of three different organisms to create a novel yeast that can manufacture the precursor to the antimalarial drug artemisinin, artemisinic acid, natural supplies of which fluctuate greatly. Meanwhile, Venterbs company Synthetic Genomics is working in partnership with ExxonMobil on a designer algae that consumes carbon dioxide and excretes biofuel; his spin-off company Synthetic Genomics Vaccines is trying to develop flu-fighting vaccines that can be made in hours or days instead of the six-plus months now required. Solazyme, a synbio company based in San Francisco, is making biodiesel with engineered micro-algae. Material scientists are also getting in on the action: DuPont and Tate & Lyle, for instance, have jointly designed a highly efficient and environmentally friendly organism that ingests corn sugar and excretes propanediol, a substance used in a wide range of consumer goods, from cosmetics to cleaning products. Bill Gates, in a recent interview, told a reporter that if he were a kid today, forget about hacking computers: hebd be hacking biology. Other synthetic biologists are playing with more-fundamental cellular mechanisms. The Florida-based Foundation for Applied Molecular Evolution has added two bases (Z and P) to DNAbs traditional four, augmenting the old genetic alphabet. At Harvard, George Church has supercharged evolution with his Multiplex Automated Genome Engineering process, which randomly swaps multiple genes at once. Instead of creating novel genomes one at a time, MAGE creates billions of variants in a matter of days. Finally, because synbio makes DNA design, synthesis, and assembly easier, webre already moving from the tweaking of existing genetic designs to the construction of new organismsbspecies that have never before been seen on Earth, species birthed entirely by our imagination. Since we can control the environments these organisms will live inbadjusting things like temperature, pressure, and food sources while eliminating competitors and other stressesbwe could soon be generating creatures capable of feats impossible in the bnaturalb world. Imagine organisms that can thrive on the surface of Mars, or enzymes able to change simple carbon into diamonds or nanotubes. The ultimate limits to synthetic biology are hard to discern. All of this means that our interactions with biology, already complicated, are about to get a lot more troublesome. Mixing together code from multiple species or creating novel organisms could have unintended consequences. And even in labs with high safety standards, accidents happen. If those accidents involve a containment breach, what is today a harmless laboratory bacterium could tomorrow become an ecological catastrophe. A 2010 synbio report by the Presidential Commission for the Study of Bioethical Issues said as much: bUnmanaged release could, in theory, lead to undesired cross-breeding with other organisms, uncontrolled proliferation, crowding out of existing species, and threats to biodiversity.b Just as worrisome as bio-error is the threat of bioterror. Although the bacterium Venter created is essentially harmless to humans, the same techniques could be used to construct a known pathogenic virus or bacterium or, worse, to engineer a much deadlier version of one. Viruses are particularly easy to synthetically engineer, a fact made apparent in 2002, when Eckard Wimmer, a Stony Brook University virologist, chemically synthesized the polio genome using mail-order DNA. At the time, the 7,500-nucleotide synthesis cost about $300,000 and took several years to complete. Today, a similar synthesis would take just weeks and cost a few thousand dollars. By 2020, if trends continue, it will take a few minutes and cost roughly $3. Governments the world over have spent billions trying to eradicate polio; imagine the damage terrorists could do with a $3 pathogen. During the 1990s, the Japanese cult Aum Shinrikyo, infamous for its deadly 1995 sarin-gas attack on the Tokyo subway system, maintained an active and extremely well-funded bioweapons program, which included anthrax in its arsenal. When police officers eventually raided its facilities, they found proof of a years-long research effort costing an estimated $30 millionbdemonstrating, among other things, that terrorists clearly see value in pursuing bioweaponry. Although Aum did manage to cause considerable harm, it failed in its attempts to unleash a bioweapon of mass destruction. In a 2001 article for Studies in Conflict & Terrorism, William Rosenau, a terrorism expert then at the Rand Corporation, explained: Aumbs failure suggests that it may, in fact, be far more difficult to carry out a deadly bioterrorism attack than has sometimes been portrayed by government officials and the press. Despite its significant financial resources, dedicated personnel, motivation, and freedom from the scrutiny of the Japanese authorities, Aum was unable to achieve its objectives. That was then; this is now. Today, two trends are changing the game. The first began in 2004, when the International Genetically Engineered Machine (iGEM) competition was launched at MIT. In this competition, teams of high-school and college students build simple biological systems from standardized, interchangeable parts. These standardized parts, now known as BioBricks, are chunks of DNA code, with clearly defined structures and functions, that can be easily linked together in new combinations, a little like a set of genetic Lego bricks. iGEM collects these designs in the Registry of Standard Biological Parts, an open-source database of downloadable BioBricks accessible to anyone. Viruses are particularly easy to synthetically engineer. In 2002, Eckard Wimmer synthesized the polio genome from mail-order DNA. Over the years, iGEM teams have pushed not only technical barriers but creative ones as well. By 2008, students were designing organisms with real-world applications; the contest that year was won by a team from Slovenia for its designer vaccine against Helicobacter pylori, the bacterium responsible for most ulcers. The 2011 grand-prize winner, a team from the University of Washington, completed three separate projects, each one rivaling the outputs of world-class academics and the biopharmaceutical industry. Teams have turned bacterial cells into everything from photographic film to hemoglobin-producing blood substitutes to miniature hard drives, complete with data encryption. As the sophistication of iGEM research has risen, so has the level of participation. In 2004, five teams submitted 50 potential BioBricks to the registry. Two years later, 32 teams submitted 724 parts. By 2010, iGEM had mushroomed to 130 teams submitting 1,863 partsband the registry database was more than 5,000 components strong. As The New York Times pointed out: iGEM has been grooming an entire generation of the worldbs brightest scientific minds to embrace synthetic biologybs visionbwithout anyone really noticing, before the public debates and regulations that typically place checks on such risky and ethically controversial new technologies have even started. (igem itself does require students to be mindful of any ethical or safety issues, and encourages public discourse on these questions.) The second trend to consider is the progress that terrorist and criminal organizations have made with just about every other information technology. Since the birth of the digital revolution, some early adopters have turned out to be rogue actors. Phone phreakers like John Draper (ab kb a bCaptain Crunchb) discovered back in the 1970s that AT&Tbs telephone network could be fooled into allowing free calls with the help of a plastic whistle given away in cereal boxes (thus Draperbs moniker). In the 1980s, early desktop computers were subverted by a sophisticated array of computer viruses for malicious funbthen, in the 1990s, for information theft and financial gain. The 2000s saw purportedly uncrackable credit-card cryptographic algorithms reverse-engineered and smartphones repeatedly infected with malware. On a larger scale, denial-of-service attacks have grown increasingly destructive, crippling everything from individual Web sites to massive financial networks. In 2000, bMafiaboy,b a Canadian high-school student acting alone, managed to freeze or slow down the Web sites of Yahoo, eBay, CNN, Amazon, and Dell. In 2007, Russian hackers swamped Estonian Web sites, disrupting financial institutions, broadcasting networks, government ministries, and the Estonian parliament. A year later, the nation of Georgia, before the Russian invasion, saw a massive cyberattack paralyze its banking system and disrupt cellphone networks. Iraqi insurgents subsequently repurposed SkyGrabberbcheap Russian software frequently used to steal satellite televisionbto intercept the video feeds of U.S. Predator drones in order to monitor and evade American military operations. Lately, organized crime has taken up crowd-sourcing parts of its illegal operationsbprinting up fake credit cards, money launderingbto people or groups with specialized skills. (In Japan, the yakuza has even begun to outsource murder, to Chinese gangs.) Given the anonymous nature of the online crowd, it is all but impossible for law enforcement to track these efforts. The historical trend is clear: Whenever novel technologies enter the market, illegitimate uses quickly follow legitimate ones. A black market soon appears. Thus, just as criminals and terrorists have exploited many other forms of technology, they will surely soon turn to synthetic biology, the latest digital frontier. In 2005, as part of its preparation for this threat, the FBI hired Edward You, a cancer researcher at Amgen and formerly a gene therapist at the University of Southern Californiabs Keck School of Medicine. You, now a supervisory special agent in the Weapons of Mass Destruction Directorate within the FBIbs Biological Countermeasures Unit, knew that biotechnology had been expanding too quickly for the bureau to keep pace, so he decided the only way to stay ahead of the curve was to develop partnerships with those at the leading edge. bWhen I got involved,b You says, bit was pretty clear the FBI wasnbt about to start playing Big Brother to the life sciences. Itbs not our mandate, and itbs not possible. All the expertise lies in the scientific community. Our job has to be outreach education. We need to create a culture of security in the synbio community, of responsible science, so the researchers themselves understand that they are the guardians of the future.b Toward that end, the FBI started hosting free bio-security conferences, stationed WMD outreach coordinators in 56 field offices to network with the synbio community (among other responsibilities), and became an iGEM partner. In 2006, after reporters at The Guardian successfully mail-ordered a crippled fragment of the genome for the smallpox virus, suppliers of genetic materials decided to develop self-policing guidelines. According to You, the FBI sees the organic emergence of these guidelines as proof that its community-based policing approach is working. However, we are not so sure these new rules do much besides guarantee that a pathogen isnbt sent to a P.O. box. In any case, much more is necessary. An October 2011 report by the WMD Center, a nonprofit organization led by former Senators Bob Graham (a Democrat) and Jim Talent (a Republican), said a terrorist-sponsored WMD strike somewhere in the world was probable by the end of 2013band that the weapon would most likely be biological. The report specifically highlighted the dangers of synthetic biology: As DNA synthesis technology continues to advance at a rapid pace, it will soon become feasible to synthesize nearly any virus whose DNA sequence has been decoded b& as well as artificial microbes that do not exist in nature. This growing ability to engineer life at the molecular level carries with it the risk of facilitating the development of new and more deadly biological weapons. Malevolent non-state actors are not the only danger to consider. Forty nations now host synbio research, China among them. The Beijing Genomics Institute, founded in 1999, is the largest genomic-research organization in the world, sequencing the equivalent of roughly 700,000 human genomes a year. (In a recent Science article, BGI claimed to have more sequencing capacity than all U.S. labs combined.) Last year, during a German E. coli outbreak, when concerns were raised that the disease was a new, particularly deadly strain, BGI sequenced the culprit in just three days. To put that in perspective, SARSbthe deadly pneumonia variant that panicked the world in 2003bwas sequenced in 31 days. And BGI appears poised to move beyond DNA sequencing and become one of the foremost DNA synthesizers as well. BGI hires thousands of bright young researchers each year. The training is great, but the wages are reportedly low. This means that many of its talented synthetic biologists may well be searching for better pay and greener pastures each year, too. Some of those jobs will undoubtedly appear in countries not yet on the synbio radar. Iran, North Korea, and Pakistan will almost certainly be hiring. In the run-up to Barack Obamabs inauguration, threats against the incoming president rose markedly. Each of those threats had to be thoroughly investigated. In his book on the Secret Service, Ronald Kessler writes that in January 2009, for example, when intelligence emerged that the Somalia-based Islamist group albShabaab might try to disrupt Obamabs inauguration, the Secret Servicebs mandate for that day became even harder. In total, Kessler reports, the Service coordinated some 40,000 agents and officers from 94 police, military, and security agencies. Bomb-sniffing dogs were deployed throughout the area, and counter-sniper teams were stationed along the parade route. This is a considerable response capability, but in the future, it wonbt be enough. A complete defense against the weapons that synbio could make possible has yet to be invented. The range of threats that the Secret Service has to guard against already extends far beyond firearms and explosive devices. Both chemical and radiological attacks have been launched against government officials in recent years. In 2004, the poisoning of the Ukrainian presidential candidate Viktor Yushchenko involved TCCD, an extremely toxic dioxin compound. Yushchenko survived, but was severely scarred by chemically induced lesions. In 2006, Alexander Litvinenko, a former officer of the Russian security service, was poisoned to death with the radioisotope polonium 210. And the use of bioweapons themselves is hardly unknown; the 2001 anthrax attacks in the United States nearly reached members of the Senate. The Kremlin, of course, has been suspected of poisoning its enemies for decades, and anthrax has been around for a while. But genetic technologies open the door for a new threat, in which a head of statebs own DNA could be used against him or her. This is particularly difficult to defend against. No amount of Secret Service vigilance can ever fully secure the presidentbs DNA, because an entire genetic blueprint can now be produced from the information within just a single cell. Each of us sheds millions and millions of cells every day. These can be collected from any number of sourcesba used tissue, a drinking glass, a toothbrush. Every time President Obama shakes hands with a constituent, Cabinet member, or foreign leader, hebs leaving an exploitable genetic trail. Whenever he gives away a pen at a bill-signing ceremony, he gives away a few cells too. These cells are dead, but the DNA is intact, allowing for the revelation of potentially compromising details of the presidentbs biology. To build a bioweapon, living cells would be the true target (although dead cells may suffice as soon as a decade from now). These are more difficult to recover. A strand of hair, for example, is dead, but if that hair contains a follicle, it also contains living cells. A sample gathered from fresh blood or saliva, or even a sneeze, caught in a discarded tissue, could suffice. Once recovered, these living cells can be cultured, providing a continuous supply of research material. Even if Secret Service agents were able to sweep up all the shed cells from the presidentbs current environs, they couldnbt stop the recovery of DNA from the presidentbs past. DNA is a very stable molecule, and can last for millennia. Genetic material remains present on old clothes, high-school papersbany of the myriad objects handled and discarded long before the announcement of a presidential candidacy. How much attention was dedicated to protecting Barack Obamabs DNA when he was a senator? A community organizer in Chicago? A student at Harvard Law? A kindergartner? And even if presidential DNA were somehow fully locked down, a good approximation of the code could be made from cells of the presidentbs children, parents, or siblings, living or not. Presidential DNA could be used in a variety of politically sensitive ways, perhaps to fabricate evidence of an affair, fuel speculation about birthplace and heritage, or identify genetic markers for diseases that could cast doubt on leadership ability and mental acuity. How much would it take to unseat a president? The first signs of Ronald Reaganbs Alzheimerbs may have emerged during his second term. Some doctors today feel the disease was then either latent or too mild to affect his ability to govern. But if information about his condition had been genetically confirmed and made public, would the American people have demanded his resignation? Could Congress have been forced to impeach him? For the Secret Service, these new vulnerabilities conjure attack scenarios worthy of a Hollywood thriller. Advances in stem-cell research make any living cell transformable into many other cell types, including neurons or heart cells or even in vitrobderived (IVD) bsperm.b Any live cells recovered from a dirty glass or a crumpled napkin could, in theory, be used to manufacture synthetic sperm cells. And so, out of the blue, a president could be confronted by a bformer loverb coming forward with DNA evidence of a sexual encounter, like a semen stain on a dress. Sophisticated testing could distinguish an IVD fake sperm from the real thingbthey would not be identicalbbut the results might never be convincing to the lay public. IVD sperm may also someday prove capable of fertilizing eggs, allowing for blove childrenb to be born using standard in vitro fertilization. In the hope of mounting the best defense, one option is radical transparency: release the presidentbs DNA. As mentioned, even modern cancer therapies could be harnessed for malicious ends. Personalized therapies designed to attack a specific patientbs cancer cells are already moving into clinical trials. Synthetic biology is poised to expand and accelerate this process by making individualized viral therapies inexpensive. Such bmagic bulletsb can target cancer cells with precision. But what if these bullets were trained to attack healthy cells instead? Trained against retinal cells, they would produce blindness. Against the hippocampus, a memory wipe may result. And the liver? Death would follow in months. The delivery of this sort of biological agent would be very difficult to detect. Viruses are tasteless and odorless and easily aerosolized. They could be hidden in a perfume bottle; a quick dab on the attackerbs wrist in the general proximity of the target is all an assassination attempt would require. If the pathogen were designed to zero in specifically on the presidentbs DNA, then nobody else would even fall ill. No one would suspect an attack until long after the infection. Pernicious agents could be crafted to do their damage months or even years after exposure, depending on the goals of the designer. Several viruses are already known to spark cancers. New ones could eventually be designed to infect the brain with, for instance, synthetic schizophrenia, bipolar disorder, or Alzheimerbs. Stranger possibilities exist as well. A disease engineered to amplify the production of cortisol and dopamine could induce extreme paranoia, turning, say, a peace-seeking dove into a warmongering hawk. Or a virus that boosts the production of oxytocin, the chemical likely responsible for feelings of trust, could play hell with a leaderbs negotiating abilities. Some of these ideas arenbt new. As far back as 1994, the U.S. Air Forcebs Wright Laboratory theorized about chemical-based pheromone bombs. Of course, heads of state would not be the only ones vulnerable to synbio threats. AlbQaeda flew planes into buildings to cripple Wall Street, but imagine the damage an attack targeting the CEOs of a number of Fortune 500 companies could do to the world economy. Forget kidnapping rich foreign nationals for ransom; kidnapping their DNA might one day be enough. Celebrities will face a new kind of stalker. As home-brew biology matures, these technologies could end up being used to bsettleb all sorts of disputes, even those of the domestic variety. Without question, we are near the dawn of a brave new world. How might we protect the president in the years ahead, as biotech continues to advance? Despite the acceleration of readily exploitable biotechnology, the Secret Service is not powerless. Steps can be taken to limit risks. The agency would not reveal what defenses are already in place, but establishing a crack scientific task force within the agency to monitor, forecast, and evaluate new biotechnological risks would be an obvious place to start. Deploying sensing technologies is another possibility. Already, bio-detectors have been built that can sense known pathogens in less than three minutes. These can get betterba lot betterbbut even so, they might be limited in their effectiveness. Because synbio opens the door to new, finely targeted pathogens, webd need to detect that which webve never seen before. In this, however, the Secret Service has a big advantage over the Centers for Disease Control and Prevention or the World Health Organization: its principal responsibility is the protection of one specific person. Bio-sensing technologies could be developed around the presidentbs actual genome. We could use his living cells to build an early-warning system with molecular accuracy. Cultures of live cells taken from the president could also be kept at the readybthe biological equivalent to data backups. The Secret Service reportedly already carries several pints of blood of the presidentbs type in his motorcade, in case an emergency transfusion becomes necessary. These biological backup systems could be expanded to include bclean DNAbbessentially, verified stem-cell libraries that would allow bone-marrow transplantation or the enhancement of antiviral or antimicrobial capabilities. As so-called tissue-printing technologies improve, the presidentbs cells could even be turned, one day, into ready-made standby replacement organs. Yet even if the Secret Service were to implement some or all of these measures, there is no guarantee that the presidential genome could be completely protected. Anyone truly determined to get the presidentbs DNA would probably succeed, no matter the defenses. And the Secret Service might have to accept that it canbt fully counter all bio-threats, any more than it can guarantee that the president will never catch a cold. In the hope of mounting the best defense against an attack, one possible solutionbnot without its drawbacksbis radical transparency: release the presidentbs DNA and other relevant biological data, either to a select group of security-cleared bioscience researchers or (the far more controversial step) to the public at large. These ideas may seem counterintuitive, but we have come to believe that open-sourcing this problemband actively engaging the American public in the challenge of protecting its leaderbmight turn out to be the best defense. One practical reason is cost. Any in-house protection effort would be exceptionally pricey. Certainly, considering whatbs at stake, the country would bear the expense, but is that the best solution? After all, over the past five years, DIY Drones, a nonprofit online community of autonomous aircraft hobbyists (working for free, in their spare time), produced a $300 unmanned aerial vehicle with 90 percent of the functionality of the militarybs $35,000 Raven. This kind of price reduction is typical of open-sourced projects. Moreover, conducting bio-security in-house means attracting and retaining a very high level of talent. This puts the Secret Service in competition with industryba fiscally untenable positionband with academia, which offers researchers the freedom to tackle a wider range of interesting problems. But by tapping the collective intelligence of the life-sciences community, the agency would enlist the help of the group best prepared to address this problem, at no cost. Open-sourcing the presidentbs genetic information to a select group of security-cleared researchers would bring other benefits as well. It would allow the life sciences to follow in the footsteps of the computer sciences, where bred-team exercises,b or bpenetration testing,b are extremely common practices. In these exercises, the red teambusually a group of faux-black-hat hackersbattempts to find weaknesses in an organizationbs defenses (the blue team). A similar testing environment could be developed for biological war games. One of the reasons this kind of practice has been so widely instituted in the computer world is that the speed of development far exceeds the ability of any individual security expert, working alone, to keep pace. Because the life sciences are now advancing faster than computing, little short of an internal Manhattan Projectbstyle effort could put the Secret Service ahead of this curve. The FBI has far greater resources at its disposal than the Secret Service; almost 36,000 people work there, for instance, compared with fewer than 7,000 at the Secret Service. Yet Edward You and the FBI reviewed this same problem and concluded that the only way the bureau could keep up with biological threats was by involving the whole of the life-sciences community. So why go further? Why take the radical step of releasing the presidentbs genome to the world instead of just to researchers with security clearances? For one thing, as the U.S. State Departmentbs DNA-gathering mandate makes clear, the surreptitious collection of world leadersb genetic material has already begun. It would not be surprising if the presidentbs DNA has already been collected and analyzed by Americabs adversaries. Nor is it unthinkable, given our increasingly nasty party politics, that the presidentbs domestic political opponents are in possession of his DNA. In the November 2008 issue of The New England Journal of Medicine, Robert C. Green and George J. Annas warned of this possibility, writing that by the 2012 election, badvances in genomics will make it more likely that DNA will be collected and analyzed to assess genetic risk information that could be used for or, more likely, against presidential candidates.b Itbs also not hard to imagine the rise of a biological analog to the computer-hacking group Anonymous, intent on providing a transparent picture of world leadersb genomes and medical histories. Sooner or later, even without open-sourcing, a presidentbs genome will end up in the public eye. So the question becomes: Is it more dangerous to play defense and hope for the best, or to go on offense and prepare for the worst? Neither choice is terrific, but even beyond the important issues of cost and talent attraction, open-sourcingbas Claire Fraser, the director of the Institute for Genome Sciences at the University of Maryland School of Medicine, points outbbwould level the playing field, removing the need for intelligence agencies to plan for every possible worst-case scenario.b It would also let the White House preempt the media storm that would occur if someone else leaked the presidentbs genome. In addition, constant scrutiny of the presidentbs genome would allow us to establish a baseline and track genetic changes over time, producing an exceptional level of early detection of cancers and other metabolic diseases. And if such diseases were found, an open-sourced genome could likewise accelerate the development of personalized therapies. The largest factor to consider is time. In 2008, some 14,000 people were working in U.S. labs with access to seriously pathogenic materials; we donbt know how many tens of thousands more are doing the same overseas. Outside those labs, the tools and techniques of genetic engineering are accessible to many other people. Back in 2003, a panel of life-sciences experts, convened by the National Academy of Sciences for the CIAbs Strategic Assessments Group, noted that because the processes and techniques needed for the development of advanced bio agents can be used for good or for ill, distinguishing legitimate research from research for the production of bioweapons will soon be extremely difficult. As a result, bmost panelists argued that a qualitatively different relationship between the government and life sciences communities might be needed to most effectively grapple with the future BW threat.b In our view, itbs no longer a question of bmight be.b Advances in biotechnology are radically changing the scientific landscape. We are entering a world where imagination is the only brake on biology, where dedicated individuals can create new life from scratch. Today, when a difficult problem is mentioned, a commonly heard refrain is Therebs an app for that. Sooner than you might believe, an app will be replaced by an organism when we think about the solutions to many problems. In light of this coming synbio revolution, a wider-ranging relationship between scientists and security organizationsbone defined by open exchange, continual collaboration, and crowd-sourced defensesbmay prove the only way to protect the president. And, in the process, the rest of us. Andrew Hessel is a faculty member and a former co-chair of bioinformatics and biotechnology at Singularity University, and a fellow at the Institute for Science, Society, and Policy at the University of Ottawa. Marc Goodman investigates the impact of advancing technologies on global security, advising Interpol and the U.S. government. He is the founder of the Future Crimes Institute and Chair for Policy, Law & Ethics at Silicon Valley's Singularity University. Steven Kotler is a New York Timesbbest-selling author and an award-winning journalist. From dazingv164 at cochamber.com Mon Oct 29 15:48:19 2012 From: dazingv164 at cochamber.com (=?koi8-r?B?4sDE1sXUydLP18HOycU=?=) Date: Tue, 30 Oct 2012 01:48:19 +0300 Subject: =?koi8-r?B?79Qg1d7Fws7Px88gw8XO1NLBINDPIPfB28XN1SDawdDSz9PV?= Message-ID: <01cdb640$a32e5fe0$55386f0a@routinizess81> Этот обучающий курс уже посетили 4000 специалистов, можем подтвердить документально. Спецподготовка за 5 дней чистой практики 26-30 ноября 2012г. ТЕМА: Техника бюджетирования - основа в системе_планирования предприятия: бюджетный контроль и анализ исполнения бюджета. * Впервые и только участники данной группы получают дополнительный бесплатный квалификационный день занятий, который будет согласован с группой и назначен во время занятий. * Все участники получают купон на бесплатное обновление следующей версии программного комплекса. * И еще сюрприз! Подготовка участников практического семинара будет основана на программном Комплексе с использованием новых технологий плановой деятельности, подробное изложение и понимания различных методов которые необходимо применять и внедрять на предприятии. При помощи телефонного запроса - можно получить более расширенную информацию о мероприятии и заказать дополнительные файлы: * Описание учебного курса (подробное); * Заявку участника. Занятия проводятся в компьютерном классе (из расчета: один участник - одно рабочее место). Учебный курс ориентирован на: руководителей организаций, руководителей планово-экономических служб, специалистов по управлению финансами, собственников, инвесторов, специалистов кредитных организаций и органов государственного управления. Специалистов, осуществляющих подготовку и принятие решений, связанных с долгосрочным и краткосрочным кредитованием предприятия, инвестированием, поиском партнеров, подготовкой внутренней и внешней финансовой документации, ежедневным планированием деятельности собственного предприятия. Каждому участнику семинара: бесплатно предоставляются следующие методические материалы и программы для дальнейшей успешной работы и внедрения методики планирования и текущего бюджетного учета на предприятии: 1. Программа для профессиональной разработки документации! Программный продукт способен не только разрабатывать финансовую документацию на профессиональном уровне, в новой версии реализованы значительные возможности для планирования текущего бюджета предприятий. 2. Программа для объединения, сравнения проектов, холдинг, консолидированная отчетность. 3. Программа для построения, развития и управления экономической моделью предприятия. Управления инвестиционными проектами, сравнение план/факт, мониторинг бюджета предприятия в реальном времени. Возможность написания собственных формул, сценария диагностики проекта, перепрограммирование и настройка программы. 4. Программа для построения собственных отчетов, позволяет простыми визуальными средствами решить одну из трудоемких и важных задач - составление отчетности по финансовым проектам. Блок позволяет перенаправить данные, введенные в программном комплексе, в собственный шаблон, подготовленный средствами MS Excel. 5. Программа для профессиональной разработки текстовой части деловой документации (бизнес планов, ТЭО, инвестиционных проектов и прочих финансовых проектов.). 6. Программа для быстрого динамического построения бизнес планов. (Назначение программы - профессиональная, быстрая, качественная, подготовка финансовых проектов и документации для представления в различные структуры.). 7. Методический печатный материал (разработанный нашей компанией) для самостоятельной разработки внутреннего бизнес плана. 8. Электронную версию (на CD) методического материала для самостоятельной разработки финансовых проектов. 9. Технологии в виде исполнительных программных модулей для воспроизводства документации и формирования отчетов и презентаций. Стоимость программных продуктов включена в стоимость семинара. Для слушателей будет организован дополнительный бесплатный день обучения не входящий в состав расписания. Каждому участнику семинара Выдается квалификационный с е р т и ф и к а т Компании о прохождении курса обучения по методике "Бюджетирование" и классу семинаров "Бюджетное управление инвестиционными проектами". Список сертифицированных специалистов публикуются на сайте Компании и будут подтверждаться по любому запросу в течение квалификационного периода. Вся информация по тел: 8 (499) ЧЧ5\4О-95 : 8 Моск. код: 792*2I22 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6862 bytes Desc: not available URL: From inconceivablec8 at rinker.com Mon Oct 29 22:04:34 2012 From: inconceivablec8 at rinker.com (=?koi8-r?B?IuvB0tTJzsEi?=) Date: Tue, 30 Oct 2012 08:04:34 +0300 Subject: =?koi8-r?B?8M/EwdLLySDOwSDExc7YINLP1sTFzsnRIQ==?= Message-ID: <000d01cdb65c$0d6e20a0$6400a8c0@inconceivablec8> Подарки на день рождения и свадьбу. Лидер продаж среди подарков гарантирует вам завал комплиментов. Доставка. Скидка сегодня - 50% www.картина-тут.рф -------------- next part -------------- A non-text attachment was scrubbed... Name: kar.jpg Type: image/jpeg Size: 59935 bytes Desc: not available URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: URL: From jya at pipeline.com Tue Oct 30 05:36:19 2012 From: jya at pipeline.com (John Young) Date: Tue, 30 Oct 2012 08:36:19 -0400 Subject: Finally the Computer-Internet Security Racket is Exposed Message-ID: http://www.nytimes.com/2012/10/30/science/rethinking-the-computer-at-80.html Peter Neumann proposes killing computers and the Internet to start over and build something far worse to meticulously track every nano-bite of digital communications with unrevocable, implanted encrypted ID in every device to authenticate ID of users. DARPA, who else, is funding the work to kill anonymity and privacy for, ta da, national security racketeering. The bountiful cyberwar mongerers are delirious with support for their job security of predicting evermore Pearl Harbors, amply protected by secrecy of "defensive" USG cyber aggression. Dr. Neumann is a great generation advocate to bless this takeover makeover. He was there at the beginning of the last one which never, quote, offered security, thus leading to a multi-billion dollar industry of snake oil. No, not national security oil, its bastard children of cyber oilers. None of those deliberately-deceptive-comsec creeps have ever been here, whew, only on RISKS. From eugen at leitl.org Tue Oct 30 00:50:20 2012 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 30 Oct 2012 08:50:20 +0100 Subject: [serval-project-dev] Serval Mesh and ham radio Message-ID: <20121030075020.GR9750@leitl.org> ----- Forwarded message from W5SVL ----- From eugen at leitl.org Tue Oct 30 00:51:21 2012 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 30 Oct 2012 08:51:21 +0100 Subject: [serval-project-dev] Serval Mesh and ham radio Message-ID: <20121030075121.GT9750@leitl.org> ----- Forwarded message from Jeremy Lakeman ----- From w5svl at aol.com Tue Oct 30 10:50:05 2012 From: w5svl at aol.com (W5SVL) Date: Tue, 30 Oct 2012 10:50:05 -0700 (PDT) Subject: [serval-project-dev] Serval Mesh and ham radio Message-ID: On Tuesday, October 30, 2012 12:56:12 AM UTC-5, Jeremy Lakeman wrote: > > On Tue, Oct 30, 2012 at 2:50 PM, W5SVL > > wrote: > > Greetings from Texas. I am a ham radio operator and I have been > > experimenting with the Serval Mesh by using 2 inexpensive unactivated > > Android smartphones. I am attempting to use the Serval Mesh through an > > existing HSMM MESH network. HSMM MESH is an experimental ham radio mesh > > network that uses the first 6 wifi channels in the 2.4 Ghz band. The > radios > > used are older versions of the WRT54G router that have been flashed with > a > > new firmware. There are some awesome communication possibilities here, > but > > I do not have the networking skills to do this. Maybe my idea is not > > possible, but hopefully someone will comment. > > So after a quick bit of research; > - HSMM is a custom radio protocol that exposes a standard IP network > interface > - olsr is being used to mesh these devices together > - other devices may use the network through the LAN interface > So you would have a second access point that the serval phone can > connect to for internet and mesh traffic? > This doesn't sound like a network that serval can transparently > co-exist on. Yet. > > Though we have done some initial work to support serval nodes > discovering each other over an olsr network, we haven't built any > protocol to exchange reach-ability information for other locally > connected serval phones. This is a reasonably large piece of work that > we don't have the time to build right now. > > You could build servald for the mesh routers and run it on every > device in the network. Though our routing protocol is not as mature as > olsr. > > > Also as a ham, I can legally use much more power on the 2.4 Ghz band, > and I > > have found the Serval Mesh to work very well through a bi directional RF > > amplifier installed between a router and an external antenna. There is > no > > internet connection here. I am just using the router as a radio > repeater. > > Has anyone else tried this? This would not be using the HSMM MESH as I > > mentioned above, since only one router would be used. This one router > > repeater could really be useful in emergencies. Please give me some > > comments on both of these experimental ideas. Perhaps I should consult > with > > a ham operator who has more networking knowledge than I have. Any help > will > > be appreciated. > > So this router is operating as a simple ethernet bridge? > > I configured an old Airlink router to broadcast my ham call as the SSID. The router was in the access point mode. I used wifi channel 1, which is in the ham bands. No encryption was used and I did not connect my DSL internet into the WAN port. This router had a removable antenna which I removed. I then connected the router to a 27 db gain bi directional amplifier whose output was sent to an external antenna amout 25 feet up. I used 25 feet of low loss microwave coax. The external antenna was omnidirectional and had a 15 db gain. I connected my 2 Android phones, that were configured to the Serval client mode, with the router. Now I was able to make Serval Mesh calls and send SMS messages over a large coverage area. This was all experimental, but it showed me that the Serval Mesh could cover a large area with only one wifi router. This trial was just to see how my wifi could be used on the ham bands and it had nothing to do with the HSMM MESH configuration. > > -- > > You received this message because you are subscribed to the Google > Groups > > "Serval Project Developers" group. > > To view this discussion on the web visit > > https://groups.google.com/d/msg/serval-project-developers/-/QZOyRXnW8M0J. > > > To post to this group, send email to > > serval-proje... at googlegroups.com . > > To unsubscribe from this group, send email to > > serval-project-developers+unsubscribe at googlegroups.com . > > For more options, visit this group at > > http://groups.google.com/group/serval-project-developers?hl=en. > -- You received this message because you are subscribed to the Google Groups "Serval Project Developers" group. To view this discussion on the web visit https://groups.google.com/d/msg/serval-project-developers/-/PbE4ZPLvn98J. To post to this group, send email to serval-project-developers at googlegroups.com. To unsubscribe from this group, send email to serval-project-developers+unsubscribe at googlegroups.com. For more options, visit this group at http://groups.google.com/group/serval-project-developers?hl=en. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From john.haltiwanger at gmail.com Tue Oct 30 04:09:27 2012 From: john.haltiwanger at gmail.com (John Haltiwanger) Date: Tue, 30 Oct 2012 12:09:27 +0100 Subject: The Monetary Future: How Bitcoin Is Being Destroyed Message-ID: On Sat, Oct 27, 2012 at 3:14 PM, Eugen Leitl wrote: <...> > When I'm trying to form an opinion about something, I try to research it > first. In general I did not care about minting other than a means to > obtain play money to test transactions. I find this curious that so many > are focusing on the most irrelevant aspect of a P2P monetary system, the > distributed mint, and expect a personal, handsome profit from > seigniorage. There's a reason that difficulty is adaptive. The system is > supposed to homeostate so that the rate of production is limited. This is > by design. Limiting the rate of production as an inverse to popularity is an interesting choice, and worth experimenting with. It increases the effects of existing vertical dynamics, however, as those that already have coins and/or mining facilities wield increasing power as those new to the game, eager to participate, have only these vertical actors as recourse to engage in the currency. > > > This is a currency based on scarcity, just like gold or cowry shells. > > > If you intended to become rich by mining, you should have been a year > > > or two sooner to the party. I would like to comment further on the cowry shell concept at a later time, but I want to point out that cowry shells are renewed along life cycles---as a currency it exhibits the notion that an absolute total number of 'credits' is not a healthy concept. That there is a maximum to the number of bitcoins is a major reason why I say that it is inherently flawed. > > you are saying proves my point about the stupidity of building a > > currency on scarcity: it's not going to lead us to anywhere new > > I understand when inventors and patent holders of cryptocurrencies > scoffed at the first cryptocurrency to succeed wildly, by solving the > issue of double spending without resorting to centralism, and hence a > single point of failure. A simple case of sour grapes. > > What is your track record, so far? > > or 'revolutionary'. > > If you figure out a tamper-proof way of measuring underlying economy and > a tamper-proof way of issuing a matching volume without any single point > of failures, feel free to publish. It will make quite a splash, I assure > you. It is interesting how you seem to conflate my right to make critical statements about BitCoin with the amount of success I have had in launching my own currency. > > You have to 'get there first' and 'mine harder/smarter'. What stupid > > advice, "oh you should have been there earlier". > > Look, I just pointed out the problem with where you focus and your > approach. If you think that issuing P2P currency with the intent to make > a personal profit is stupid, I agree. But isn't this exactly what BitCoin does when it gives those with the most capital to put into the system the ability to become (the most successful) mints? Wouldn't that be a significant reason that it has been so 'wildly' successful, namely that there are a finite number of bitcoins and if one approaches with a 'collect them all' attitude then PROFIT. A P2P currency should strive to limit the effects of capital-derived vertical dynamics. This means that joining "two years too late" does not put someone at a significant disadvantage. (And yes, in my opinion, having to purchase BitCoins from someone who 'got there first' in order to engage in the currency is a significant disadvantage). > > > The value of bitcoin is ability to do P2P transactions in real time > > > without requiring a third party, using a naturally deflationary > > > monetary system which however is highly frangible. > > > > > > That by itself is of obvious enough utility. > > > > That is about the only interesting thing about it, yes. But the ability > > to engage in P2P transactions is hardly a result of the means of the > > Why are you so focused on production? The flippant answer would by: why aren't you? I don't see the point in buying into a currency where the actual unit of value reinforces existing vertical dynamics: cash to make a mine, earliness of adoption, hoarding of resources. Let's say that you seem content with a currency that embodies libertarian ideals, and that I am not. > > currency's production, nor is it a feature unique to bitcoin itself. > > As compared to which successful digicash system, exactly? BitCoins successes outside of the Silk Road (a brilliant hack, FWIW) is highly debatable. My point is that P2P currencies in general have these aspects. As you can tell, I only really care about the first one. > > Also "naturally deflationary" in the scope of something that is more > > Deflationary in the sense is that the total amount is limited, and will > be approached asymptotically. > > > hoarded than traded seems like a misnomer to me. Since there are a > > limited > > If you want the currency to be useful, you need to grow the underlying > economy, so people are more incited to spend than to be unable to spend. > > So what kind of business that is accepting BTC are you running, > personally? First I tell you that I do not believe in the currency, and then you ask why I'm not building a business around it? > > number of bitcoins, there is a "natural" tendency to hold on to as many > > of them as possible. That way when the pie is all spoken for, one's > > slices > > Nobody prevents you from designing a P2P cryptocurrency with built-in > demurrage. > > You're hating on an experiment. As I understand the designer was unhappy > with the rate of adoption, it would be indeed been much better if the > minting craze didn't happen. I don't think that flaw needs to be fatal. Nowhere did I say anything about hate. The first respondant, Nick, said he was interested to "read more about the interplay of traditional capitalist power structures and bitcoin." My response is that bitcoin does very little to escape these traditional power structures, as is evidenced by the fact that only the privileged can play, and the more people that are playing the more privileged you have to be to engage. # distributed via : no commercial use without permission # is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: http://mx.kein.org/mailman/listinfo/nettime-l # archive: http://www.nettime.org contact: nettime at kein.org ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From w5svl at aol.com Tue Oct 30 15:03:29 2012 From: w5svl at aol.com (W5SVL) Date: Tue, 30 Oct 2012 15:03:29 -0700 (PDT) Subject: [serval-project-dev] Serval Mesh and ham radio Message-ID: A quick internet search shows the Australian Advanced and Standard ham licenses are very similar to the US licenses. There is no longer a requirement to learn morse code. The US hams are allowed use of the 902-928 Mhz frequencies, but I did not see these frequencies allocated to Australian hams. The Australian Standard license allows hams to use the 2.4-2.45 Ghz frequencies which would cover the first 6 wifi channels. Ham radio operations within these 6 wifi channels would allow experimentation with higher power levels. Ham radio is worldwide, so many of the operating practices are quite similar. My coverage with the 15 db vertical extends out about 5-6 miles, but it is not reliable at these distances because of local trees. I really should find a way to put my antenna up higher or try another location. You are correct with the +42 db gain, but I must have some unknown losses in the connectors or coax. Miccrowave frequencies easily lose power in coax transmission. I have experimented with horizontal polarization and this works better because you receive much less vertically polarized interference from conventional wifi. The 36 db commercial internet providers advertise coverage for about 9 miles, so you see what you could do with a taller antenna. And yes, your handheld phones can operate at long wifi distances because I have done that during a test of emergency operations. The US hams seem to be drawn to the HSMM MESH concept. I have tried to send Serval Mesh messages through HSMM by using 4 routers, but it does not work. There is very little experimenting being done with smartphones as I have done. Perhaps this may change if the Serval Mesh becomes known. Good luck with your program....... David, W5SVL On Tuesday, October 30, 2012 2:39:16 PM UTC-5, Paul Gardner-Stephen wrote: > Hello, > > This is really interesting. What range were you able to obtain > between the phones and your 15db omni? > > Also, to clarify my understanding of your link budget versus "normal" > WiFi, you had +27db from your amplifier, then +15db from your antenna, > for a total of +42db gain. 42/6.02 ~= 7, so we should expect 2^7 = > 128x range compared with WiFi, provided that there is no source of > interference to drown out the phone being heard by your amplifier on > the way back in (excuse my fairly crude understanding and > terminology). > > If all of that is correct, and you have a low noise floor so that your > amplifier can be fully effective, it sounds like the typical > ~100m-150m outdoor range of a wifi phone should become up to 12.8km - > 19.2km. Naturally I am very intrigued to find out just how far you > were able to get coverage. > > Meanwhile, what are the ham regulations like in the ISM band centred > around 915MHz? > Also, do you have any knowledge of how the ham regulations differ > between the USA and Australia? > > Paul. > > On Wed, Oct 31, 2012 at 4:20 AM, W5SVL > > wrote: > > > > On Tuesday, October 30, 2012 12:56:12 AM UTC-5, Jeremy Lakeman wrote: > >> > >> On Tue, Oct 30, 2012 at 2:50 PM, W5SVL wrote: > >> > Greetings from Texas. I am a ham radio operator and I have been > >> > experimenting with the Serval Mesh by using 2 inexpensive unactivated > >> > Android smartphones. I am attempting to use the Serval Mesh through > an > >> > existing HSMM MESH network. HSMM MESH is an experimental ham radio > mesh > >> > network that uses the first 6 wifi channels in the 2.4 Ghz band. The > >> > radios > >> > used are older versions of the WRT54G router that have been flashed > with > >> > a > >> > new firmware. There are some awesome communication possibilities > here, > >> > but > >> > I do not have the networking skills to do this. Maybe my idea is not > >> > possible, but hopefully someone will comment. > >> > >> So after a quick bit of research; > >> - HSMM is a custom radio protocol that exposes a standard IP network > >> interface > >> - olsr is being used to mesh these devices together > >> - other devices may use the network through the LAN interface > >> So you would have a second access point that the serval phone can > >> connect to for internet and mesh traffic? > >> This doesn't sound like a network that serval can transparently > >> co-exist on. Yet. > >> > >> Though we have done some initial work to support serval nodes > >> discovering each other over an olsr network, we haven't built any > >> protocol to exchange reach-ability information for other locally > >> connected serval phones. This is a reasonably large piece of work that > >> we don't have the time to build right now. > >> > >> You could build servald for the mesh routers and run it on every > >> device in the network. Though our routing protocol is not as mature as > >> olsr. > >> > >> > Also as a ham, I can legally use much more power on the 2.4 Ghz > band, > >> > and I > >> > have found the Serval Mesh to work very well through a bi directional > RF > >> > amplifier installed between a router and an external antenna. There > is > >> > no > >> > internet connection here. I am just using the router as a radio > >> > repeater. > >> > Has anyone else tried this? This would not be using the HSMM MESH as > I > >> > mentioned above, since only one router would be used. This one > router > >> > repeater could really be useful in emergencies. Please give me some > >> > comments on both of these experimental ideas. Perhaps I should > consult > >> > with > >> > a ham operator who has more networking knowledge than I have. Any > help > >> > will > >> > be appreciated. > >> > >> So this router is operating as a simple ethernet bridge? > >> > > I configured an old Airlink router to broadcast my ham call as the > SSID. > > The router was in the access point mode. I used wifi channel 1, which > is in > > the ham bands. No encryption was used and I did not connect my DSL > internet > > into the WAN port. This router had a removable antenna which I removed. > I > > then connected the router to a 27 db gain bi directional amplifier whose > > output was sent to an external antenna amout 25 feet up. I used 25 feet > of > > low loss microwave coax. The external antenna was omnidirectional and > had a > > 15 db gain. I connected my 2 Android phones, that were configured to > the > > Serval client mode, with the router. Now I was able to make Serval Mesh > > calls and send SMS messages over a large coverage area. This was all > > experimental, but it showed me that the Serval Mesh could cover a large > area > > with only one wifi router. This trial was just to see how my wifi could > be > > used on the ham bands and it had nothing to do with the HSMM MESH > > configuration. > >> > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "Serval Project Developers" group. > >> > To view this discussion on the web visit > >> > > >> > > https://groups.google.com/d/msg/serval-project-developers/-/QZOyRXnW8M0J. > >> > To post to this group, send email to > >> > serval-proje... at googlegroups.com. > >> > To unsubscribe from this group, send email to > >> > serval-project-developers+unsubscribe at googlegroups.com . > > >> > For more options, visit this group at > >> > http://groups.google.com/group/serval-project-developers?hl=en. > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Serval Project Developers" group. > > To view this discussion on the web visit > > https://groups.google.com/d/msg/serval-project-developers/-/PbE4ZPLvn98J. > > > > > To post to this group, send email to > > serval-proje... at googlegroups.com . > > To unsubscribe from this group, send email to > > serval-project-developers+unsubscribe at googlegroups.com . > > For more options, visit this group at > > http://groups.google.com/group/serval-project-developers?hl=en. > -- You received this message because you are subscribed to the Google Groups "Serval Project Developers" group. To view this discussion on the web visit https://groups.google.com/d/msg/serval-project-developers/-/JZLxQIyt2YIJ. To post to this group, send email to serval-project-developers at googlegroups.com. To unsubscribe from this group, send email to serval-project-developers+unsubscribe at googlegroups.com. For more options, visit this group at http://groups.google.com/group/serval-project-developers?hl=en. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From disheskr at roxspur.com Tue Oct 30 01:16:50 2012 From: disheskr at roxspur.com (=?koi8-r?B?IvTJ0M/H0sHGydEi?=) Date: Tue, 30 Oct 2012 15:16:50 +0700 Subject: =?koi8-r?B?8MXewdTBxc0g0M/MycfSwcbJwCDQzyDM1dvJzSDDxc7BzSDXIPLP09PJ?= =?koi8-r?B?ySAoy8HUwczPx8ksIMvBzMXOxMHSySzQzMHLwdTZIMkg1CDEKQ==?= Message-ID: <4D58FC976FAA4ECE97E7D92671179232@PC2012092616sgp> ОБЛАСТНАЯ ТИПОГРАФИЯ ГАРАНТИРУЕТ ЛУЧШИЕ ЦЕНЫ В РОССИИ на печать календарей, буклетов, каталогов, плакатов и др. тел. (495) 589 76 12 (с 9 до 19.00) тел. (495) 940 73 22 (с 9 до 20.00) - ВСЯ ПОЛИГРАФИЯ (кашированые изделия, плакаты, листовки, каталоги, брошюры . . .) - Доставка до заказчика бесплатно! - Печатаем форматом А1, А2, 4 - 5 красок, КБС, ВШРА, выборочный лак - полный спектр постпечатной обработки! - шоу-рум с образцами - Курская Просчитайте Ваши заказы в нашей Типографии! Написать нам: www.логотип-л.рф From me at haxwithaxe.net Tue Oct 30 13:09:52 2012 From: me at haxwithaxe.net (haxwithaxe) Date: Tue, 30 Oct 2012 16:09:52 -0400 Subject: [HacDC:Byzantium] October Sprint Content Message-ID: i've been talking with the HARC people about doing a HAM license exam at one of the sprints and figured if ever there were a time people would be motivated to try for their license right after we got the pants scared off us by a trio of nasty weather systems is likely one of them. it sounds like the real exam won't likely happen due to multiple issues but a dress rehearsal type practice exam might happen. i also wanted to compile a repository of last minute type natural disaster prep and publish it on the hacdc wiki. the wiki page would then be used to make more user friendly documentation for use on the MPCWN critical infrastructure nodes and any predisaster documentation packages we might use within our project. here is the beginning of the wiki page: http://wiki.hacdc.org/index.php/Emergency_Prep this stuff should probably be used as alternate tasks to the code rewrite though. -- You received this message because you are subscribed to the Google Groups "Project Byzantium (Emergency Mesh Networking)" group. To post to this group, send email to Byzantium at hacdc.org. To unsubscribe from this group, send email to Byzantium+unsubscribe at hacdc.org. For more options, visit this group at http://groups.google.com/a/hacdc.org/group/Byzantium/?hl=en. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From jeremy at servalproject.org Mon Oct 29 22:56:10 2012 From: jeremy at servalproject.org (Jeremy Lakeman) Date: Tue, 30 Oct 2012 16:26:10 +1030 Subject: [serval-project-dev] Serval Mesh and ham radio Message-ID: On Tue, Oct 30, 2012 at 2:50 PM, W5SVL wrote: > Greetings from Texas. I am a ham radio operator and I have been > experimenting with the Serval Mesh by using 2 inexpensive unactivated > Android smartphones. I am attempting to use the Serval Mesh through an > existing HSMM MESH network. HSMM MESH is an experimental ham radio mesh > network that uses the first 6 wifi channels in the 2.4 Ghz band. The radios > used are older versions of the WRT54G router that have been flashed with a > new firmware. There are some awesome communication possibilities here, but > I do not have the networking skills to do this. Maybe my idea is not > possible, but hopefully someone will comment. So after a quick bit of research; - HSMM is a custom radio protocol that exposes a standard IP network interface - olsr is being used to mesh these devices together - other devices may use the network through the LAN interface So you would have a second access point that the serval phone can connect to for internet and mesh traffic? This doesn't sound like a network that serval can transparently co-exist on. Yet. Though we have done some initial work to support serval nodes discovering each other over an olsr network, we haven't built any protocol to exchange reach-ability information for other locally connected serval phones. This is a reasonably large piece of work that we don't have the time to build right now. You could build servald for the mesh routers and run it on every device in the network. Though our routing protocol is not as mature as olsr. > Also as a ham, I can legally use much more power on the 2.4 Ghz band, and I > have found the Serval Mesh to work very well through a bi directional RF > amplifier installed between a router and an external antenna. There is no > internet connection here. I am just using the router as a radio repeater. > Has anyone else tried this? This would not be using the HSMM MESH as I > mentioned above, since only one router would be used. This one router > repeater could really be useful in emergencies. Please give me some > comments on both of these experimental ideas. Perhaps I should consult with > a ham operator who has more networking knowledge than I have. Any help will > be appreciated. So this router is operating as a simple ethernet bridge? > -- > You received this message because you are subscribed to the Google Groups > "Serval Project Developers" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/serval-project-developers/-/QZOyRXnW8M0J. > To post to this group, send email to > serval-project-developers at googlegroups.com. > To unsubscribe from this group, send email to > serval-project-developers+unsubscribe at googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/serval-project-developers?hl=en. -- You received this message because you are subscribed to the Google Groups "Serval Project Developers" group. To post to this group, send email to serval-project-developers at googlegroups.com. To unsubscribe from this group, send email to serval-project-developers+unsubscribe at googlegroups.com. For more options, visit this group at http://groups.google.com/group/serval-project-developers?hl=en. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From rebindssf6142 at robinsonpharma.com Tue Oct 30 01:39:08 2012 From: rebindssf6142 at robinsonpharma.com (=?koi8-r?B?IuvJ0snMzCI=?=) Date: Tue, 30 Oct 2012 16:39:08 +0800 Subject: =?koi8-r?B?8NLPxMHF1NPRIDQg58Eg0tHEz80g0yDtz9PL18/KINDPxCDT1NLPydTF?= =?koi8-r?B?zNjT1NfPIQ==?= Message-ID: <000d01cdb67a$06ff6a80$6400a8c0@rebindssf6142> Участок земли 4,16Га (416 соток) 70 км. от Москвы, недалеко от г. Дмитров. Возможно строительство 12 коттеджей без перевода в другую категорию земли! Участок идеально подходит для корпоративного поселка или частной усадьбы. Прямая продажа от собственника. Все документы готовы. Быстрая продажа. Цена 99.000 Евро Скидка сегодня - 10% Подробности здес www.купи-дом-здесь.рф -------------- next part -------------- A non-text attachment was scrubbed... Name: dom.jpg Type: image/jpeg Size: 42756 bytes Desc: not available URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: URL: From liberationtech at lewman.us Tue Oct 30 09:56:48 2012 From: liberationtech at lewman.us (liberationtech at lewman.us) Date: Tue, 30 Oct 2012 16:56:48 +0000 Subject: [liberationtech] Fwd: Finally the Computer-Internet Security Racket is Exposed Message-ID: On Tue, Oct 30, 2012 at 04:30:54PM +0100, jd.cypherpunks at gmail.com wrote 4.1K bytes in 93 lines about: : > Peter Neumann proposes killing computers and the Internet to start over : > and build something far worse to meticulously track every nano-bite of digital : > communications with unrevocable, implanted encrypted ID in every device to : > authenticate ID of users. Sounds like snakeoil to me. I'll just write malware that sits between the reader and the next layer into the OS. And I would attack the backend databases which have the tokens to verify everyone anyway. I've skipped the issues of surgery to swap implanted devices, cloning devices, database corruption, witness protection, identity theft, data leakage, etc. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Tue Oct 30 09:57:30 2012 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 30 Oct 2012 17:57:30 +0100 Subject: [liberationtech] Fwd: Finally the Computer-Internet Security Racket is Exposed Message-ID: <20121030165730.GD9750@leitl.org> ----- Forwarded message from liberationtech at lewman.us ----- From eugen at leitl.org Tue Oct 30 10:21:12 2012 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 30 Oct 2012 18:21:12 +0100 Subject: [liberationtech] Bitcoin and The Public Function of Money Message-ID: <20121030172112.GE9750@leitl.org> ----- Forwarded message from Dmytri Kleiner ----- From eugen at leitl.org Tue Oct 30 13:19:29 2012 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 30 Oct 2012 21:19:29 +0100 Subject: [serval-project-dev] Serval Mesh and ham radio Message-ID: <20121030201929.GG9750@leitl.org> ----- Forwarded message from W5SVL ----- From eugen at leitl.org Tue Oct 30 13:21:50 2012 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 30 Oct 2012 21:21:50 +0100 Subject: [HacDC:Byzantium] October Sprint Content Message-ID: <20121030202150.GK9750@leitl.org> ----- Forwarded message from haxwithaxe ----- From dk at telekommunisten.net Tue Oct 30 14:10:22 2012 From: dk at telekommunisten.net (Dmytri Kleiner) Date: Tue, 30 Oct 2012 22:10:22 +0100 Subject: [liberationtech] Bitcoin and The Public Function of Money Message-ID: I want to write a bit about the public function of money, especially as compared to the market function of money, in light of some of the recent discussion about Bitcoin. Bitcoin is already a very useful technology due to the fact that it allows transactions to take place without any central authority. This alone is significant. The technology behind it is also perhaps applicable in other areas, such as the Namecoin project to replace the centralized Domain Name system. Does Bitcoin have the potential to replace Government fiat money? No. It doesn't. It only has the potential to be one commodity form within the money economy. Countless books and papers have described money, money is a very complex thing which serves many functions. Keith Hart has written about the "Two Sides of the Coin," heads on one side, tails on the other. One way to interpret this might be to contrast between the public function and the market function of money. The origin of money is tribute. The source of money is the public, in whatever form, whether empire or democracy or something else, money is spent on public expenditure and demanded back as tribute. Whatever its commodity value, whether minted on gold, printed on paper or electrified as bits in a database, this sort of money has value because it can be used to fulfill tributary obligations, for example, it can be used to pay taxes. As the entire source of this money is government spending, the amount of this money is determined by the amount we want to provide on behalf of all as a society. This is the "Heads" side. Not all economic activity is done for money. Much of it takes, and has historically taken, gift and kin-communal forms, where work and wealth is shared without specific prices for specific commodities, but rather on a basis of social trust and reciprocation. Markets emerge as economic activity extends beyond communal and neighbourly forms, markets extends the social to beyond the kin-communal, and along with such social distance come more transient relationships that can not rest on trust and reciprocation, and thus must be encompassed by spot transactions, and as a result specific prices for specific commodities and specific price relationships between commodities. With these transient relationships comes money. But this sort of money is different. Commodities can also be traded directly, even if their relative worth is counted in "Heads" money, and trade can also be done on-account, by credit. The amount of which is not limited to the physical amount of "Heads" money in circulation. In the wider economy, money is endogenous, the amount of money circulating in the economy is not a function of any monetary base, but rather is a function of the amount of things we want to make and do for each other. More specifically, the amount we want to make and do for each other for money. This is the "Tails" side. This is vertical money and horizontal money. Vertical money is created and destroyed by the public, horizontal money expands and contracts as a result of the economic activity of private individuals and their incorporated forms. Money that has a commodity base, i.e. Gold, is not completely rooted in a particular public form, since it's value can cross international borders. This is where Bitcoin, a digital specie essentially, emerges as a new and rather unique form of money. It's built-in cryptographic limits on supply make it essentially a virtual commodity form of money, fixed and "hard", like Gold, yet digital and transferable electronically across global telecommunications networks. As such, it has attractive features as both means of exchange and store of value. Yet, while it certainly is useful on the "Tails" side of money, as one of the various kinds of assets circulating in the global market economy, it does not serve public function well. There is a reason that modern public forms of money are not commodities, why modern economies use "fiat" money, money that is not based in or guaranteed by conversion to any sort of commodity. If the public restricts itself to commodity-money for public expenditure, this means that what it spends must be limited to what it taxes plus what it borrows, since commodities have a fixed available supply. And though many ignorant or simply disingenuous commentators, such as promoters of austerity, present this to be the case even now, in a modern monetary economy based upon fiat money issued by the public for public purpose, this is factually not the case. The thing about public money is that we can have as much of it as we want to have. How much we spend relative to how much we tax is a public policy choice, and the right-wing dogma that the appropriate choice is for the budget to be balanced, for taxes to be equal to spending, is universally understood to be false, even among the most celebrated right-wing economists. In his 1948 article "A Monetary and Fiscal Framework for Economic Stability", "Chicago Boys" patriarch Milton Friedman proposed a counter-cyclical policy, where government spending would be increased beyond taxation during economic downturns, similar to Abba Lerner's "Functional Finance" which is often referred to as "Keynesian" economic policy. Whatever their ideological stripes, there is little disagreement among economists that to the degree that public budgets need to be balanced, they must be balanced relative to economic cycles and sectoral balances and not merely between annual public spending and taxation. The balance between spending and taxes is simply the balance of the public "Heads" side of the coin, always in counter-balance with the private "Tails" side of the coin, as expressed by the activity of private interests in the global market. It is no secret that the national State form is unsatisfactory. Not only is it burdened by its aristocratic roots, and not only is it corrupted by the fact that its modern form is largely captured by the international corporate elite, but the State is clearly unsatisfactory for modern publics as a result of the fact that static territorial forms are increasingly ineffective and inappropriate structures to serve global, distributed communities. The public form has to evolve from the state form to the networked form, but for that to happen, new, networked public forms will need to emerge that are able to take over the socially necessary public functions. Including the management of forms of public money. The critical feature required of public money is that we can socially determine how much of it there is, and how much of we want to apply to public purpose. We need ways to create and destroy public money so that we can can have a counter-balance to private activity, to manage cycles, to counter-balance economic sectors, and to socially pursue public objectives, such as health, education, and justice. Thus, Bitcoin's innovation in terms of creating a networked form of commodity money is not useful in creating networked forms of public money, and as a result it does not create a way for networked public forms to replace the current State forms. I'll be at Stammtisch this evening at 9pm, please come if you're in Berlin, if not, R15N continues at Mal au Pixel in Paris, you can join the network by calling +33 181 97 97 11 online version is here: http://www.dmytri.info/bitcoin-and-public-money/ -- Dmytri Kleiner Venture Communist -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From eugen at leitl.org Tue Oct 30 16:24:55 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 31 Oct 2012 00:24:55 +0100 Subject: [serval-project-dev] Serval Mesh and ham radio Message-ID: <20121030232455.GN9750@leitl.org> ----- Forwarded message from W5SVL ----- From liberationtech at lewman.us Tue Oct 30 18:13:15 2012 From: liberationtech at lewman.us (liberationtech at lewman.us) Date: Wed, 31 Oct 2012 01:13:15 +0000 Subject: [liberationtech] Bitcoin and The Public Function of Money Message-ID: On Tue, Oct 30, 2012 at 10:10:22PM +0100, dk at telekommunisten.net wrote 7.5K bytes in 143 lines about: : Does Bitcoin have the potential to replace Government fiat money? I assume you've seen http://www.ecb.europa.eu/pub/pdf/other/virtualcurrencyschemes201210en.pdf -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From aisledg at ragingrivers.com Tue Oct 30 22:23:40 2012 From: aisledg at ragingrivers.com (=?koi8-r?B?IuUt7cHSy8XUyc7HIg==?=) Date: Wed, 31 Oct 2012 10:53:40 +0530 Subject: =?koi8-r?B?OCDSwdPT2czPyyDawSAxMCAwMDAg0tXCzMXKICvIz9PUyc7HIM7BIM3F?= =?koi8-r?B?09HDINcg8O/k4fLv6w==?= Message-ID: <03A8F9A57FFE468484FD552BA898FB9C@vstsms> 2 рассылки - 5 000 8 рассылок - 10 000 + Хостинг в подарок и домен РФ 22 рассылки + повтор в день выхода - 20 000 + Хостинг в подарок и домен РФ База Россия 23 млн Мы советуем делать не 1 рассылку и даже не 2. И по возможности в этих рассылках не менять текст и вид письма хотя бы в двух рассылках. Реклама, даже такая, все равно реклама, и она строится на основах психологии. Вы замечали, что вся реклама идет "Валом". По телевизору часто можно увидеть, что рекламный ролик идет дважды. Существует психологическая схема восприятия товара. Вот смотрите: Вы получили письмо первый раз, и почти наверняка его удалите даже не рассматривая. Елси вам оно пришло еще раз, вы посмотрите и удалите. На третий раз, оно вас разозлит и вы его прочтете. А потом уже, получив его, подсознательно задумаетесь: "а может оно мне нужно...". Реклама идет по принципу детской игры "Купи слона", под конец все говорят "хорошо куплю"! Тел: (495) 585-79-04 ICQ: 286 926 971 Написать нам : www.письмо-онлайн.рф ОТПИСАТЬСЯ: www.отписаться-тут.рф From eugen at leitl.org Wed Oct 31 03:03:17 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 31 Oct 2012 11:03:17 +0100 Subject: The Monetary Future: How Bitcoin Is Being Destroyed Message-ID: <20121031100317.GQ9750@leitl.org> ----- Forwarded message from John Haltiwanger ----- From eugen at leitl.org Wed Oct 31 03:09:59 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 31 Oct 2012 11:09:59 +0100 Subject: [liberationtech] Bitcoin and The Public Function of Money Message-ID: <20121031100959.GU9750@leitl.org> ----- Forwarded message from liberationtech at lewman.us ----- From anwalam at yahoo.com Wed Oct 31 11:25:23 2012 From: anwalam at yahoo.com (andy lam) Date: Wed, 31 Oct 2012 11:25:23 -0700 (PDT) Subject: NSA and the exchanges Message-ID: Anyone knows if there's a way to find out how involved NSA monitors 151 front street at Toronto? NSA allegedly monitors data centres in the US, but does it have the same influence at a building sitting in its neighbor's soil? There's something on the web like www.ixmaps.ca that tries to piece it together. but not sure how helpful the information on there really is? feedback welcome. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From jna at retina.net Wed Oct 31 11:37:52 2012 From: jna at retina.net (John Adams) Date: Wed, 31 Oct 2012 11:37:52 -0700 Subject: NSA and the exchanges Message-ID: Allegedly? No, definately. https://www.eff.org/nsa-spying https://www.eff.org/files/filenode/att/presskit/ATT_onepager.pdf -j On Wed, Oct 31, 2012 at 11:25 AM, andy lam wrote: > Anyone knows if there's a way to find out how involved NSA monitors 151 > front street at Toronto? NSA allegedly monitors data centres in the US, > but does it have the same influence at a building sitting in its neighbor's > soil? > > There's something on the web like www.ixmaps.ca that tries to piece it > together. but not sure how helpful the information on there really is? > > > feedback welcome. > ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From patches6 at rogueapp.com Wed Oct 31 00:45:26 2012 From: patches6 at rogueapp.com (=?koi8-r?B?IvTJ0M/H0sHGydEi?=) Date: Wed, 31 Oct 2012 12:45:26 +0500 Subject: =?koi8-r?B?7c/Ty8/X08vJyiDS2c7PyyDCxdPTyczFziDQz8QgzsHUydPLz80gw8XO?= =?koi8-r?B?IM/CzMHT1M7ZyCDUydDPx9LBxsnK?= Message-ID: <8B39767598E9437F97107BA5F101DC9A@pcc701230b3f5c> Печатайте Ваши полиграфические заказы в областной типографии - Вас удивят наши цены и сроки! Внимание: до 10 ноября действует акция - 30% скидки на печать многостраничных полиграфических изделий (журналы, каталоги, брошюры и т д) Лучшие цены на все виды полиграфических изделий и прекрасное качество делают наше предложение САМЫМ ВЫГОДНЫМ В РОССИИ. 1. Лучшие цены, полный комплекс печатного и постпечатного оборудования, 2. Сервис, доставка до заказчика, 3. Представительство, склад и шоу-рум - м.Курская 4. Мы умеем все - каталоги, календари, пакеты, брошюры, плакаты, буклеты, кашированные конструкции Звоните и просчитывайте Ваши тиражи! тел +74955897612(многоканальный), 89260055496 (Технолог полиграфии) Написать нам: www.логотип-л.рф From deleskie at gmail.com Wed Oct 31 11:37:23 2012 From: deleskie at gmail.com (jim deleskie) Date: Wed, 31 Oct 2012 15:37:23 -0300 Subject: NSA and the exchanges Message-ID: If your talking "the NSA" I doubt anyone would tell you. That being said: it would mean the US gov't breaking Canadian law I suspect. Now in Canada it is quite possible that the Canadian Fed gov't monitors traffic but I would also say no one would tell you because telling you would also be in violation in wiretap laws. Best advice, assume they do and hope they don't. :) -jim On Wed, Oct 31, 2012 at 3:25 PM, andy lam wrote: > Anyone knows if there's a way to find out how involved NSA monitors 151 front street at Toronto? NSA allegedly monitors data centres in the US, but does it have the same influence at a building sitting in its neighbor's soil? > > There's something on the web like www.ixmaps.ca that tries to piece it together. but not sure how helpful the information on there really is? > > > feedback welcome. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From armandashakira at c2as.com Wed Oct 31 12:56:55 2012 From: armandashakira at c2as.com (Aurea Remona) Date: Wed, 31 Oct 2012 15:56:55 -0400 Subject: Get Firmer, Longer Lasting Erection, Increased Sexual Stamina. Then You Will Be Able To Give Women What They Want! Try It RISK FREE For 67 Days. Money Back Guarantee! hryqck2f Message-ID: <50918287.ec805bfa@c2as.com> Penis Pill That WORKS! Get Firmer, Longer Lasting Erection, Increased Sexual Stamina. Then You Will Be Able To Give Women What They Want! Try It RISK FREE For 67 Days. Money Back Guarantee! http://senea.ru From jya at pipeline.com Wed Oct 31 14:12:14 2012 From: jya at pipeline.com (John Young) Date: Wed, 31 Oct 2012 17:12:14 -0400 Subject: NSA and the exchanges In-Reply-To: <20121031195921.GJ9750@leitl.org> References: <20121031195921.GJ9750@leitl.org> Message-ID: Under the decades-old five-party surveillance agreement -- US, UK, CA, AU and NZ, also known as Echelon -- the nations share information and swap staff. They also spy on each other's citizens when barred from doing so directly. The tricky part is if an temporary NSA staff member in CA is sitting next to a CA member spying on US citizens (same for the roles swapped) is there a literal firewall between the two's computers as well as physically between the staff, or is that handled by lawyers waving magic wands, as do the CIA's lawyers finger a drone target. The other tricky part is what is called "de minimus" spying on citizens where if a signal of a banned target is "inadvertently" acquired how thoroughly is the signal quashed. One version says that the spying agency archives the signal, indefinitely, and does not distribute to customers (unless winked by lawyers), but is everready to retrieve the signal should circumstances and secret presidential orders demand as with the EFF/ATT/NSA affair. Utah Data Center is reportedly being built to store virtually unlimited amounts of data and signal in the expectation that everything may become useful at some point, with newly born algorithms sifting for overlooked needles. In this sense, it is reasonable to assume that Echelon has been superceded by secret laws allowing the spies to do whatever is needed to spy their citizens and anybody else -- leaving open-ended what "needed" means to avoid another Pearl Harbor, OMG! Perpetual war justifies this full-dominance pan-survellience, as recently reported in WaPo with respect to drones and the spying acquiring citizen targets, including those of the five-parties who foolishly question authority with the expectation that freedom of expression is inviolable. Nothing in this is new: nations have been doing this since nationhood was invented to delude citizens into believing royal secrecy and greed was over not insitutionalized in the world's spying machines, aka, telecommunications, Internet, Tor, encryption, anonymizers, WOT, human rights initiatives, cyber-freedom fighting. One way to de minimizing yourself is to work for the spies, so the recruiters promise, however, only later do you learn about how they spy on insiders -- for life, using the tried and true means and methods of ex-spies sent out to join the outsiders with tales of despicable spyng by methods intendd to deflect deeper inquiry. At 03:59 PM 10/31/2012, you wrote: >----- Forwarded message from John Adams ----- > >From: John Adams >Date: Wed, 31 Oct 2012 11:37:52 -0700 >To: andy lam >Cc: "nanog at nanog.org" >Subject: Re: NSA and the exchanges > >Allegedly? No, definately. > >https://www.eff.org/nsa-spying > >https://www.eff.org/files/filenode/att/presskit/ATT_onepager.pdf > > > >-j > >On Wed, Oct 31, 2012 at 11:25 AM, andy lam wrote: > > > Anyone knows if there's a way to find out how involved NSA monitors 151 > > front street at Toronto? NSA allegedly monitors data centres in the US, > > but does it have the same influence at a building sitting in its neighbor's > > soil? > > > > There's something on the web like www.ixmaps.ca that tries to piece it > > together. but not sure how helpful the information on there really is? > > > > > > feedback welcome. > > > >----- End forwarded message ----- >-- >Eugen* Leitl leitl http://leitl.org >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From noloader at gmail.com Wed Oct 31 15:23:57 2012 From: noloader at gmail.com (Jeffrey Walton) Date: Wed, 31 Oct 2012 18:23:57 -0400 Subject: [cryptography] Application Layer Encryption Protocols Tuned for Cellular? Message-ID: Hi All, Is anyone aware of of application layer encryption protocols with session management tuned for use on cellular networks? I need FIPS compliant ciphers, but that should be an implementation detail (I mention it because of setup and cipher text expansions). I have an application that performs classic Diffie-Hellman to key an channel using AES/CBC (or AES/CTR) with an HMAC, providing message level security. (it was written some time ago, before OpenSSL had Authenticated Encryption modes). The channel includes a counter for playbacks and insertions. So far, so good - its Crypto 101 stuff. The problem in practice is TCP/IP and later generation cellular networks (especially 4G and the "All IP" implementations). All appears OK when moving among cells if the IP address is forwarded and the device remains connected. All hell breaks loose when a device looses connectivity or gets a new IP. A device could get a new IP as users move between service providers. It appears the TCP/IP stack on both sides (device and server within the carriers network) will queue messages when device connectivity is lost. But the TCP/IP stack continues to operate as if all is succeeding. So neither the client nor server realize there are problems with underlying the socket. Its leading to a lot of session management problems, including excessive resource usage. In addition, I have an option to allow only one session per user (for paranoid folks). When the previous session does not die as expected, a new session cannot be started. Here, the device might realize the socket is really dead, but the server has not realized it yet because of the tricks that are being played in the TCP/IP stack on the server side. So the client tries to reconnect but the server refuses due to the "one session" rule. The problem is not isolated to my application. On the train from Washington to New York, it wreaks havoc on the VPN software I use. I often get my account suspended due to fraud triggers (reconnects and changing IPs). Ditto when using Acela's onboard WifFi and trying to maintain an SSL/TLS connection to GMail. TLDR: Is anyone aware of of application layer encryption protocols with session management tuned for use on cellular networks? Jeff _______________________________________________ cryptography mailing list cryptography at randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From journalists214 at resourcetraining.com Wed Oct 31 07:06:04 2012 From: journalists214 at resourcetraining.com (=?koi8-r?B?IvTJ0M/H0sHGydEi?=) Date: Wed, 31 Oct 2012 19:36:04 +0530 Subject: =?koi8-r?B?7c/Ty8/X08vJyiDS2c7PyyDCxdPTyczFziDQz8QgzsHUydPLz80gw8XO?= =?koi8-r?B?IM/CzMHT1M7ZyCDUydDPx9LBxsnK?= Message-ID: Печатайте Ваши полиграфические заказы в областной типографии - Вас удивят наши цены и сроки! Внимание: до 10 ноября действует акция - 30% скидки на печать многостраничных полиграфических изделий (журналы, каталоги, брошюры и т д) Лучшие цены на все виды полиграфических изделий и прекрасное качество делают наше предложение САМЫМ ВЫГОДНЫМ В РОССИИ. 1. Лучшие цены, полный комплекс печатного и постпечатного оборудования, 2. Сервис, доставка до заказчика, 3. Представительство, склад и шоу-рум - м.Курская 4. Мы умеем все - каталоги, календари, пакеты, брошюры, плакаты, буклеты, кашированные конструкции Звоните и просчитывайте Ваши тиражи! тел +74955897612(многоканальный), 89260055496 (Технолог полиграфии) Написать нам: www.логотип-л.рф From eugen at leitl.org Wed Oct 31 12:58:36 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 31 Oct 2012 20:58:36 +0100 Subject: NSA and the exchanges Message-ID: <20121031195836.GF9750@leitl.org> ----- Forwarded message from andy lam ----- From eugen at leitl.org Wed Oct 31 12:58:59 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 31 Oct 2012 20:58:59 +0100 Subject: NSA and the exchanges Message-ID: <20121031195859.GH9750@leitl.org> ----- Forwarded message from jim deleskie ----- From eugen at leitl.org Wed Oct 31 12:59:21 2012 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 31 Oct 2012 20:59:21 +0100 Subject: NSA and the exchanges Message-ID: <20121031195921.GJ9750@leitl.org> ----- Forwarded message from John Adams ----- From jd.cypherpunks at gmail.com Wed Oct 31 16:05:07 2012 From: jd.cypherpunks at gmail.com (jd.cypherpunks) Date: Thu, 1 Nov 2012 00:05:07 +0100 Subject: NSA and the exchanges In-Reply-To: References: <20121031195921.GJ9750@leitl.org> Message-ID: <99F0F864-0F28-4253-8200-F4E1913B1076@gmail.com> Perfect, just want to add that this isn't the US all alone, it happens worldwide. At the very end everyone is tricked, the white, gray and black hats as well as the creators, the maintenace staff and watchdogs of the security system. Only fools believe that not everthing is saved and stored for later use. Doctrine and Dogma like in religion. There're 3 ways to go: Don't care about it, educate yourself on possibilities to secure your privacy for a while (that's the reason for 'strong crypto') or avoid the net forever. --Michael 31.10.2012 22:12 John Young : > Under the decades-old five-party surveillance agreement -- > US, UK, CA, AU and NZ, also known as Echelon -- the nations > share information and swap staff. They also spy on each other's > citizens when barred from doing so directly. > > The tricky part is if an temporary NSA staff member in CA is sitting next to > a CA member spying on US citizens (same for the roles swapped) > is there a literal firewall between the two's computers as well as > physically between the staff, or is that handled by lawyers waving > magic wands, as do the CIA's lawyers finger a drone target. > > The other tricky part is what is called "de minimus" spying on > citizens where if a signal of a banned target is "inadvertently" > acquired how thoroughly is the signal quashed. One version > says that the spying agency archives the signal, indefinitely, > and does not distribute to customers (unless winked by > lawyers), but is everready to retrieve the signal should > circumstances and secret presidential orders demand > as with the EFF/ATT/NSA affair. > > Utah Data Center is reportedly being built to store virtually > unlimited amounts of data and signal in the expectation that > everything may become useful at some point, with newly > born algorithms sifting for overlooked needles. > > In this sense, it is reasonable to assume that Echelon has > been superceded by secret laws allowing the spies to do > whatever is needed to spy their citizens and anybody else -- > leaving open-ended what "needed" means to avoid another > Pearl Harbor, OMG! > > Perpetual war justifies this full-dominance pan-survellience, > as recently reported in WaPo with respect to drones and > the spying acquiring citizen targets, including those of > the five-parties who foolishly question authority with > the expectation that freedom of expression is inviolable. > > Nothing in this is new: nations have been doing this since > nationhood was invented to delude citizens into believing > royal secrecy and greed was over not insitutionalized > in the world's spying machines, aka, telecommunications, > Internet, Tor, encryption, anonymizers, WOT, human > rights initiatives, cyber-freedom fighting. > > One way to de minimizing yourself is to work for the > spies, so the recruiters promise, however, only later > do you learn about how they spy on insiders -- for life, > using the tried and true means and methods of > ex-spies sent out to join the outsiders with tales > of despicable spyng by methods intendd to deflect > deeper inquiry. > > > > At 03:59 PM 10/31/2012, you wrote: >> ----- Forwarded message from John Adams ----- >> >> From: John Adams >> Date: Wed, 31 Oct 2012 11:37:52 -0700 >> To: andy lam >> Cc: "nanog at nanog.org" >> Subject: Re: NSA and the exchanges >> >> Allegedly? No, definately. >> >> https://www.eff.org/nsa-spying >> >> https://www.eff.org/files/filenode/att/presskit/ATT_onepager.pdf >> >> >> >> -j >> >> On Wed, Oct 31, 2012 at 11:25 AM, andy lam wrote: >> >> > Anyone knows if there's a way to find out how involved NSA monitors 151 >> > front street at Toronto? NSA allegedly monitors data centres in the US, >> > but does it have the same influence at a building sitting in its neighbor's >> > soil? >> > >> > There's something on the web like www.ixmaps.ca that tries to piece it >> > together. but not sure how helpful the information on there really is? >> > >> > >> > feedback welcome. >> > >> >> ----- End forwarded message ----- >> -- >> Eugen* Leitl leitl http://leitl.org >> ______________________________________________________________ >> ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org >> 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From anteater6 at richsz.com Wed Oct 31 18:32:28 2012 From: anteater6 at richsz.com (=?koi8-r?B?IiAxMDAlIHJlZi4g+9fFysPB0tPLycUgIN7B09ki?=) Date: Thu, 1 Nov 2012 08:32:28 +0700 Subject: =?koi8-r?B?8M/TzMXEzsnKIMTFztgg08vJxM/LIM7BINfTxSAg7dXW08vJxSDewdPZ?= =?koi8-r?B?ISAtIDI1JQ==?= Message-ID: <000d01cdb7d0$c120b840$6400a8c0@anteater6> Последний день скидок на все Мужские часы - 25% Только Швейцарские механизмы! Произведены на Европейских заводах, имеют гарантию безупречного качества до 2х лет! Большой выбор самых стильных моделей для бизнеса спорта и повседневной жизни. Мужчинам и женщинам. Не покупайте подделки! Покупайти 100% ref Качество проверенное экспертами Подробнее на http://часы-тут.рф From wrestlesi62 at rotenone.com Wed Oct 31 21:56:20 2012 From: wrestlesi62 at rotenone.com (=?koi8-r?B?IvTJ0M/H0sHGydEi?=) Date: Thu, 1 Nov 2012 11:56:20 +0700 Subject: =?koi8-r?B?6/L19PnlIOPl7vkg6SDz8u/r6SDu4SDw5f7h9Pgg6+Hs5e7k4fLl6izr?= =?koi8-r?B?4fTh7O/n7/cs8Ozh6+H07/csIOLy7/vg8iE=?= Message-ID: Печатайте Ваши полиграфические заказы в областной типографии - Вас удивят наши цены и сроки! Внимание: до 10 ноября действует акция - 30% скидки на печать многостраничных полиграфических изделий (журналы, каталоги, брошюры и т д) Лучшие цены на все виды полиграфических изделий и прекрасное качество делают наше предложение САМЫМ ВЫГОДНЫМ В РОССИИ. 1. Лучшие цены, полный комплекс печатного и постпечатного оборудования, 2. Сервис, доставка до заказчика, 3. Представительство, склад и шоу-рум - м.Курская 4. Мы умеем все - каталоги, календари, пакеты, брошюры, плакаты, буклеты, кашированные конструкции Звоните и просчитывайте Ваши тиражи! тел +7 495 589 76 12 (многоканальный), +7 926 005 54 96 (Технолог полиграфии)